nixos/smokeping: use nginx instead of thttpd

Motivation:
fixes #265953

Changes:
- deprecate `services.smokeping.port` in favor of the niginx native option
- mention in release notes
This commit is contained in:
DavHau 2024-05-12 12:55:43 +02:00
parent 8949291221
commit 0b6c484848
3 changed files with 44 additions and 37 deletions

View File

@ -399,6 +399,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details.
- If `services.smokeping.webService` was enabled, smokeping is now served via nginx instead of thttpd. This change brings the following consequences:
- The default port for smokeping is now the nginx default port 80 instead of 8081.
- The option `services.smokeping.port` has been removed. To customize the port, use `services.nginx.virtualHosts.smokeping.listen.*.port`.
- The `wpaperd` package has a breaking change moving to 1.0.1, previous version 0.3.0 had 2 different configuration files, one for wpaperd and one for the wallpapers. Remove the former and move the latter (`wallpaper.toml`) to `config.toml`.
- Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version.

View File

@ -47,6 +47,13 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "services" "smokeping" "port" ] ''
The smokeping web service is now served by nginx.
In order to change the port, you need to change the nginx configuration under `services.nginx.virtualHosts.smokeping.listen.*.port`.
'')
];
options = {
services.smokeping = {
enable = mkEnableOption "smokeping service";
@ -71,8 +78,8 @@ in
};
cgiUrl = mkOption {
type = types.str;
default = "http://${cfg.hostName}:${toString cfg.port}/smokeping.cgi";
defaultText = literalExpression ''"http://''${hostName}:''${toString port}/smokeping.cgi"'';
default = "http://${cfg.hostName}/smokeping.cgi";
defaultText = literalExpression ''"http://''${hostName}/smokeping.cgi"'';
example = "https://somewhere.example.com/smokeping.cgi";
description = "URL to the smokeping cgi.";
};
@ -177,11 +184,6 @@ in
which makes it bind to all interfaces.
'';
};
port = mkOption {
type = types.port;
default = 8081;
description = "TCP port to use for the web server.";
};
presentationConfig = mkOption {
type = types.lines;
default = ''
@ -312,17 +314,8 @@ in
description = "smokeping daemon user";
home = smokepingHome;
createHome = true;
# When `cfg.webService` is enabled, `thttpd` makes SmokePing available
# under `${cfg.host}:${cfg.port}/smokeping.fcgi` as per the `ln -s` below.
# We also want that going to `${cfg.host}:${cfg.port}` without `smokeping.fcgi`
# makes it easy for the user to find SmokePing.
# However `thttpd` does not seem to support easy redirections from `/` to `smokeping.fcgi`
# and only allows directory listings or `/` -> `index.html` resolution if the directory
# has `chmod 755` (see https://acme.com/software/thttpd/thttpd_man.html#PERMISSIONS,
# " directories should be 755 if you want to allow indexing").
# Otherwise it shows `403 Forbidden` on `/`.
# Thus, we need to make `smokepingHome` (which is given to `thttpd -d` below) `755`.
homeMode = "755";
# When `cfg.webService` is enabled, `nginx` requires read permissions on the home directory.
homeMode = "711";
};
users.groups.${cfg.user} = { };
systemd.services.smokeping = {
@ -342,21 +335,25 @@ in
${cfg.package}/bin/smokeping --static --config=${configPath}
'';
};
systemd.services.thttpd = mkIf cfg.webService {
requiredBy = [ "multi-user.target" ];
requires = [ "smokeping.service" ];
path = with pkgs; [ bash rrdtool smokeping thttpd ];
serviceConfig = {
Restart = "always";
ExecStart = lib.concatStringsSep " " (lib.concatLists [
[ "${pkgs.thttpd}/bin/thttpd" ]
[ "-u ${cfg.user}" ]
[ ''-c "**.fcgi"'' ]
[ "-d ${smokepingHome}" ]
(lib.optional (cfg.host != null) "-h ${cfg.host}")
[ "-p ${builtins.toString cfg.port}" ]
[ "-D -nos" ]
]);
# use nginx to serve the smokeping web service
services.fcgiwrap.enable = mkIf cfg.webService true;
services.nginx = mkIf cfg.webService {
enable = true;
virtualHosts."smokeping" = {
serverName = mkDefault cfg.host;
locations."/" = {
root = smokepingHome;
index = "smokeping.fcgi";
};
locations."/smokeping.fcgi" = {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
fastcgi_param SCRIPT_FILENAME ${smokepingHome}/smokeping.fcgi;
fastcgi_param DOCUMENT_ROOT ${smokepingHome};
'';
};
};
};
};

View File

@ -11,7 +11,6 @@ import ./make-test-python.nix ({ pkgs, ...} : {
networking.domain = "example.com"; # FQDN: sm.example.com
services.smokeping = {
enable = true;
port = 8081;
mailHost = "127.0.0.2";
probeConfig = ''
+ FPing
@ -25,12 +24,19 @@ import ./make-test-python.nix ({ pkgs, ...} : {
testScript = ''
start_all()
sm.wait_for_unit("smokeping")
sm.wait_for_unit("thttpd")
sm.wait_for_unit("nginx")
sm.wait_for_file("/var/lib/smokeping/data/Local/LocalMachine.rrd")
sm.succeed("curl -s -f localhost:8081/smokeping.fcgi?target=Local")
sm.succeed("curl -s -f localhost/smokeping.fcgi?target=Local")
# Check that there's a helpful page without explicit path as well.
sm.succeed("curl -s -f localhost:8081")
sm.succeed("curl -s -f localhost")
sm.succeed("ls /var/lib/smokeping/cache/Local/LocalMachine_mini.png")
sm.succeed("ls /var/lib/smokeping/cache/index.html")
# stop and start the service like nixos-rebuild would do
# see https://github.com/NixOS/nixpkgs/issues/265953)
sm.succeed("systemctl stop smokeping")
sm.succeed("systemctl start smokeping")
# ensure all services restarted properly
sm.succeed("systemctl --failed | grep -q '0 loaded units listed'")
'';
})