You've already forked guix-tribes
Fix Tribes edge service startup
This commit is contained in:
@@ -1,14 +1,20 @@
|
||||
(define-module (tribes packages web)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages bash)
|
||||
#:use-module (gnu packages base)
|
||||
#:use-module (gnu packages curl)
|
||||
#:use-module (gnu packages jemalloc)
|
||||
#:use-module (gnu packages libevent)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages lsof)
|
||||
#:use-module (gnu packages ncurses)
|
||||
#:use-module (gnu packages pcre)
|
||||
#:use-module (gnu packages pkg-config)
|
||||
#:use-module (gnu packages python)
|
||||
#:use-module (gnu packages python-xyz)
|
||||
#:use-module (gnu packages readline)
|
||||
#:use-module (gnu packages sphinx)
|
||||
#:use-module (gnu packages tls)
|
||||
#:use-module ((gnu packages web) #:prefix upstream:)
|
||||
#:use-module ((guix licenses) #:prefix license:)
|
||||
#:use-module (guix base32)
|
||||
#:use-module (guix build-system gnu)
|
||||
@@ -112,10 +118,9 @@ multicore machines.")
|
||||
|
||||
(define-public vinyl
|
||||
(package
|
||||
(inherit upstream:varnish)
|
||||
(name "vinyl")
|
||||
(home-page "https://vinyl-cache.org/")
|
||||
(version "9.0.0")
|
||||
(home-page "https://vinyl-cache.org/")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
@@ -124,9 +129,23 @@ multicore machines.")
|
||||
".tgz"))
|
||||
(sha256
|
||||
(base32 "05xxhgs1r9zwanx5arafrd7hkjn3kmsnrbfh1zajfxm7q88c4h4p"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments upstream:varnish)
|
||||
((#:phases phases)
|
||||
(append
|
||||
(if (target-x86-32?)
|
||||
'(#:make-flags
|
||||
(list "CFLAGS+=-fexcess-precision=standard"))
|
||||
'())
|
||||
(list
|
||||
#:configure-flags
|
||||
#~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib")
|
||||
(string-append "CC=" #$(cc-for-target))
|
||||
;; Use absolute path of GCC so it's found at runtime.
|
||||
(string-append "PTHREAD_CC="
|
||||
(search-input-file %build-inputs
|
||||
"/bin/gcc"))
|
||||
"--localstatedir=/var")
|
||||
#:phases
|
||||
#~(modify-phases %standard-phases
|
||||
(add-after 'unpack 'use-absolute-file-names
|
||||
(lambda _
|
||||
@@ -153,6 +172,7 @@ multicore machines.")
|
||||
(add-before 'install 'patch-Makefile
|
||||
(lambda _
|
||||
(substitute* "Makefile"
|
||||
;; Do not create /var/varnish during install.
|
||||
(("^install-data-am: install-data-local")
|
||||
"install-data-am: "))))
|
||||
(add-after 'install 'wrap-vinyld
|
||||
@@ -164,12 +184,25 @@ multicore machines.")
|
||||
`("LIBRARY_PATH" ":" prefix
|
||||
(,(dirname
|
||||
(search-input-file inputs "lib/libc.so")))))))))))
|
||||
(native-inputs
|
||||
(list pkg-config
|
||||
python-sphinx
|
||||
python-docutils))
|
||||
(inputs
|
||||
(list bash-minimal
|
||||
coreutils-minimal
|
||||
jemalloc
|
||||
ncurses
|
||||
pcre2
|
||||
python-minimal
|
||||
readline))
|
||||
(synopsis "Web application accelerator")
|
||||
(description
|
||||
"Vinyl Cache is a high-performance HTTP accelerator. It acts as a
|
||||
caching reverse proxy and load balancer. You install it in front of any
|
||||
server that speaks HTTP and configure it to cache content through an
|
||||
extensive configuration language.")
|
||||
(license license:bsd-2)
|
||||
(properties
|
||||
'((release-monitoring-url . "https://vinyl-cache.org/releases/")))))
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
lego-certificate-configuration-webroot
|
||||
lego-certificate-configuration-key-type
|
||||
lego-certificate-configuration-renew-days
|
||||
lego-certificate-configuration-requirement
|
||||
lego-certificate-configuration-reload-services
|
||||
lego-certificate-directory
|
||||
lego-certificate-full-pem
|
||||
@@ -51,6 +52,8 @@
|
||||
(default "ec256"))
|
||||
(renew-days lego-certificate-configuration-renew-days
|
||||
(default #f))
|
||||
(requirement lego-certificate-configuration-requirement
|
||||
(default '()))
|
||||
(reload-services lego-certificate-configuration-reload-services
|
||||
(default '())))
|
||||
|
||||
@@ -263,7 +266,9 @@
|
||||
(provision
|
||||
(list (lego-certificate-service-symbol "lego-renewal"
|
||||
certificate)))
|
||||
(requirement '(user-processes networking))
|
||||
(requirement
|
||||
(append '(user-processes networking)
|
||||
(lego-certificate-configuration-requirement certificate)))
|
||||
(modules '((shepherd service timer)))
|
||||
(start
|
||||
#~(let ((minutes '#$(lego-configuration-renew-minutes config))
|
||||
@@ -286,7 +291,9 @@
|
||||
(provision
|
||||
(list (lego-certificate-service-symbol "lego-bootstrap"
|
||||
certificate)))
|
||||
(requirement '(user-processes networking))
|
||||
(requirement
|
||||
(append '(user-processes networking)
|
||||
(lego-certificate-configuration-requirement certificate)))
|
||||
(one-shot? #t)
|
||||
(start #~(lambda _
|
||||
(zero? (system* #$program))))
|
||||
|
||||
@@ -36,6 +36,9 @@
|
||||
tribes-configuration-database-host
|
||||
tribes-configuration-secret-key-base-file
|
||||
tribes-configuration-token-signing-secret-file
|
||||
tribes-configuration-release-cookie-file
|
||||
tribes-configuration-release-distribution
|
||||
tribes-configuration-release-node
|
||||
tribes-configuration-dns-cluster-query
|
||||
tribes-configuration-extra-environment-variables
|
||||
tribes-configuration-log-file
|
||||
@@ -84,6 +87,12 @@
|
||||
(default "/var/lib/tribes/secrets/secret_key_base"))
|
||||
(token-signing-secret-file tribes-configuration-token-signing-secret-file
|
||||
(default "/var/lib/tribes/secrets/token_signing_secret"))
|
||||
(release-cookie-file tribes-configuration-release-cookie-file
|
||||
(default "/var/lib/tribes/secrets/release_cookie"))
|
||||
(release-distribution tribes-configuration-release-distribution
|
||||
(default "none"))
|
||||
(release-node tribes-configuration-release-node
|
||||
(default #f))
|
||||
(dns-cluster-query tribes-configuration-dns-cluster-query
|
||||
(default #f))
|
||||
(extra-environment-variables tribes-configuration-extra-environment-variables
|
||||
@@ -135,9 +144,15 @@
|
||||
"/"
|
||||
database-name))))
|
||||
|
||||
(define (tribes-release-node config)
|
||||
(or (tribes-configuration-release-node config)
|
||||
(string-append "tribes@" (tribes-configuration-host config))))
|
||||
|
||||
(define (tribes-launcher config command args)
|
||||
(define package
|
||||
(tribes-configuration-package config))
|
||||
(define distribution
|
||||
(tribes-configuration-release-distribution config))
|
||||
(define env-setters
|
||||
(append
|
||||
(list
|
||||
@@ -163,8 +178,12 @@
|
||||
#$(string-join
|
||||
(tribes-configuration-admin-pubkeys config)
|
||||
","))
|
||||
#~(setenv "RELEASE_DISTRIBUTION" #$distribution)
|
||||
#~(setenv "SSL_CERT_DIR" "/etc/ssl/certs")
|
||||
#~(setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt"))
|
||||
(if (string=? distribution "none")
|
||||
'()
|
||||
(list #~(setenv "RELEASE_NODE" #$(tribes-release-node config))))
|
||||
(if (tribes-configuration-listen-address config)
|
||||
(list #~(setenv "BIND_ADDRESS"
|
||||
#$(tribes-configuration-listen-address config)))
|
||||
@@ -197,6 +216,8 @@
|
||||
#$(tribes-configuration-secret-key-base-file config))
|
||||
(define token-file
|
||||
#$(tribes-configuration-token-signing-secret-file config))
|
||||
(define release-cookie-file
|
||||
#$(tribes-configuration-release-cookie-file config))
|
||||
|
||||
(unless (file-exists? secret-key-file)
|
||||
(format (current-error-port)
|
||||
@@ -212,6 +233,13 @@
|
||||
|
||||
(setenv "SECRET_KEY_BASE" (read-secret secret-key-file))
|
||||
(setenv "TOKEN_SIGNING_SECRET" (read-secret token-file))
|
||||
(unless (string=? #$distribution "none")
|
||||
(unless (file-exists? release-cookie-file)
|
||||
(format (current-error-port)
|
||||
"missing Tribes release cookie file: ~a~%"
|
||||
release-cookie-file)
|
||||
(exit 1))
|
||||
(setenv "RELEASE_COOKIE" (read-secret release-cookie-file)))
|
||||
#$@env-setters
|
||||
(apply execl
|
||||
#$(file-append package "/bin/tribes")
|
||||
@@ -230,6 +258,7 @@
|
||||
#$(tribes-configuration-plugin-directory config)
|
||||
(dirname #$(tribes-configuration-log-file config))
|
||||
(dirname #$(tribes-configuration-secret-key-base-file config))
|
||||
(dirname #$(tribes-configuration-release-cookie-file config))
|
||||
(dirname #$(tribes-configuration-token-signing-secret-file config)))))
|
||||
(for-each
|
||||
(lambda (dir)
|
||||
|
||||
@@ -75,7 +75,8 @@
|
||||
(match config
|
||||
(($ <vinyl-configuration> package name backend vcl listen storage
|
||||
parameters extra-options)
|
||||
(let ((pid-file (string-append (vinyl-state-directory name) "/_.pid")))
|
||||
(let ((state-dir (vinyl-state-directory name))
|
||||
(pid-file (string-append (vinyl-state-directory name) "/_.pid")))
|
||||
(list
|
||||
(shepherd-service
|
||||
(documentation (string-append "Run the Vinyl cache service (" name ")."))
|
||||
@@ -84,7 +85,9 @@
|
||||
(start
|
||||
#~(make-forkexec-constructor
|
||||
(list #$(file-append package "/sbin/vinyld")
|
||||
"-n" #$name
|
||||
"-n" #$state-dir
|
||||
"-i" #$name
|
||||
"-P" #$pid-file
|
||||
#$@(if vcl
|
||||
#~("-f" #$vcl)
|
||||
#~("-b" #$backend))
|
||||
@@ -101,8 +104,6 @@
|
||||
(cdr parameter))))
|
||||
parameters)
|
||||
#$@extra-options)
|
||||
;; Vinyl drops privileges on its own after binding the listeners,
|
||||
;; so keep the Shepherd service itself unprivileged here.
|
||||
#:pid-file #$pid-file))
|
||||
(stop #~(make-kill-destructor))))))))
|
||||
configs))
|
||||
|
||||
@@ -98,6 +98,7 @@
|
||||
(tribes-edge-configuration-challenge-address edge)
|
||||
(tribes-edge-configuration-challenge-port edge)))
|
||||
(renew-days (tribes-edge-configuration-renew-days edge))
|
||||
(requirement '(vinyl-tribes-http))
|
||||
(reload-services '(hitch)))))
|
||||
|
||||
(define (edge-http-vcl edge)
|
||||
|
||||
Reference in New Issue
Block a user