diff options
| author | Devaev Maxim <[email protected]> | 2019-02-17 05:38:15 +0300 |
|---|---|---|
| committer | Devaev Maxim <[email protected]> | 2019-02-17 05:38:15 +0300 |
| commit | cca04b10e0a827be356e7e795b38eea1dd627bd4 (patch) | |
| tree | f8802ac17951c102144484fad13e5b22d8c22ac2 | |
| parent | 9841988dcde869783b4095cda9d35e8f7d6f29dc (diff) | |
package fixes
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | PKGBUILD | 38 | ||||
| -rw-r--r-- | configs/nginx/nginx.conf | 32 | ||||
| -rw-r--r-- | configs/nginx/ssl.conf | 4 | ||||
| -rw-r--r-- | configs/os/systemd/kvmd-nginx.service | 4 | ||||
| -rw-r--r-- | kvmd.install | 11 | ||||
| -rw-r--r-- | testenv/Dockerfile | 3 |
7 files changed, 63 insertions, 33 deletions
@@ -82,11 +82,11 @@ _run: _testenv --publish 8082:8082/tcp \ -it $(TESTENV_IMAGE) /bin/bash -c " \ (socat PTY,link=$(TESTENV_HID) PTY,link=/dev/ttyS11 &) \ - && cp -r /usr/share/kvmd/configs.default/nginx/* /etc/nginx \ + && cp -r /usr/share/kvmd/configs.default/nginx/* /etc/kvmd/nginx \ && cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \ && cp /usr/share/kvmd/configs.default/kvmd/htpasswd /etc/kvmd \ && cp /testenv/main.yaml /etc/kvmd \ - && nginx -c /etc/nginx/nginx.conf \ + && nginx -c /etc/kvmd/nginx/nginx.conf \ && ln -s $(TESTENV_VIDEO) /dev/kvmd-video \ && (losetup -d /dev/kvmd-msd || true) \ && losetup /dev/kvmd-msd /root/loop.img \ @@ -33,7 +33,8 @@ depends=( python-dbus python-pygments v4l-utils - nginx + nginx-mainline + openssl ) makedepends=(python-setuptools) source=("$url/archive/v$pkgver.tar.gz") @@ -57,11 +58,13 @@ package_kvmd() { mkdir -p "$pkgdir/usr/lib/systemd/system" cp configs/os/systemd/*.service "$pkgdir/usr/lib/systemd/system" - _cfgdir="$pkgdir/usr/share/kvmd/configs.default" mkdir -p "$pkgdir/usr/share/kvmd" cp -r web "$pkgdir/usr/share/kvmd" cp -r extras "$pkgdir/usr/share/kvmd" - cp -r configs "$_cfgdir" + + _cfgdir="$pkgdir/usr/share/kvmd/configs.default" + mkdir -p "$_cfgdir" + cp -r configs/* "$_cfgdir" rm -rf "$_cfgdir/os/systemd" find "$pkgdir" -name ".gitignore" -delete @@ -69,8 +72,15 @@ package_kvmd() { find "$_cfgdir" -type f -exec chmod 444 '{}' \; chmod 440 "$_cfgdir/kvmd/htpasswd" - mkdir -p "$pkgdir/etc/kvmd/nginx" - for path in "$_cfgdir/nginx/*.conf"; do + mkdir -p "$pkgdir/etc/kvmd/nginx/ssl" + chmod 750 "$pkgdir/etc/kvmd/nginx/ssl" + for path in "$_cfgdir/kvmd"/*.yaml; do + ln -sf "/usr/share/kvmd/configs.default/kvmd/`basename $path`" "$pkgdir/etc/kvmd" + done + rm "$pkgdir/etc/kvmd/meta.yaml" + cp "$_cfgdir/kvmd/meta.yaml" "$pkgdir/etc/kvmd" + cp -a "$_cfgdir/kvmd/htpasswd" "$pkgdir/etc/kvmd" + for path in "$_cfgdir/nginx"/*.conf; do ln -sf "/usr/share/kvmd/configs.default/nginx/`basename $path`" "$pkgdir/etc/kvmd/nginx" done } @@ -79,11 +89,21 @@ export pkgdir for _platform in $_PLATFORMS; do for _board in $_BOARDS; do eval "package_kvmd-platform-$_platform-$_board() { + pkgdesc=\"Pi-KVM platform configs - $_platform for $_board\" + mkdir -p \"$pkgdir/etc/\"{sysctl.d,udev/rules.d,modules-load.d} - _osdir=\"/usr/share/kvmd/configs.default/os\" - ln -sf \"$_osdir/sysctl.conf\" \"$pkgdir/etc/sysctl.d/99-pikvm.conf\" - ln -sf \"$_osdir/udev/$_platform-$_board.rules\" \"$pkgdir/etc/udev/rules.d/99-pikvm.rules\" - ln -sf \"$_osdir/modules-load/$_platform.conf\" \"$pkgdir/etc/modules-load.d/pikvm.conf\" + + _cfgdir=\"/usr/share/kvmd/configs.default/os\" + + ln -sf \"$_cfgdir/os/sysctl.conf\" \"$pkgdir/etc/sysctl.d/99-pikvm.conf\" + ln -sf \"$_cfgdir/os/udev/$_platform-$_board.rules\" \"$pkgdir/etc/udev/rules.d/99-pikvm.rules\" + ln -sf \"$_cfgdir/os/modules-load/$_platform.conf\" \"$pkgdir/etc/modules-load.d/pikvm.conf\" + + ln -sf \"$_cfgdir/kvmd/main/$_platform.yaml\" \"$pkgdir/etc/kvmd/main.yaml\" + if [ $_platform == v1-hdmi ]; then + depends+=(dkms tc358743-dkms) + ln -sf \"$_cfgdir/kvmd/tc358743-edid.hex\" \"$pkgdir/etc/kvmd/tc358743-edid.hex\" + fi }" done done diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index abc8c256..8cfde430 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -1,7 +1,7 @@ user http; worker_processes 4; -# error_log /tmp/nginx.error.log; +# error_log /tmp/kvmd-nginx.error.log; error_log stderr; include /usr/share/kvmd/extras/*/nginx.ctx-main.conf; @@ -15,7 +15,7 @@ events { http { access_log off; - include /etc/nginx/mime-types.conf; + include /etc/kvmd/nginx/mime-types.conf; default_type application/octet-stream; charset utf-8; @@ -28,11 +28,11 @@ http { keepalive_timeout 10; client_max_body_size 4k; - client_body_temp_path /tmp/nginx.client_body_temp; - fastcgi_temp_path /tmp/nginx.fastcgi_temp; - proxy_temp_path /tmp/nginx.proxy_temp; - scgi_temp_path /tmp/nginx.scgi_temp; - uwsgi_temp_path /tmp/nginx.uwsgi_temp; + client_body_temp_path /tmp/kvmd-nginx.client_body_temp; + fastcgi_temp_path /tmp/kvmd-nginx.fastcgi_temp; + proxy_temp_path /tmp/kvmd-nginx.proxy_temp; + scgi_temp_path /tmp/kvmd-nginx.scgi_temp; + uwsgi_temp_path /tmp/kvmd-nginx.uwsgi_temp; upstream kvmd { server 127.0.0.1:8081 fail_timeout=0s max_fails=0; @@ -53,7 +53,7 @@ http { server { #PROD listen 443 ssl http2; server_name localhost; -#PROD include /etc/nginx/ssl.conf; +#PROD include /etc/kvmd/nginx/ssl.conf; auth_request /auth; @@ -67,8 +67,8 @@ http { location / { root /usr/share/kvmd/web; - include /etc/nginx/loc-login.conf; - include /etc/nginx/loc-nocache.conf; + include /etc/kvmd/nginx/loc-login.conf; + include /etc/kvmd/nginx/loc-nocache.conf; } location @login { @@ -99,8 +99,8 @@ http { rewrite ^/kvmd/ws$ /ws break; rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break; proxy_pass http://kvmd; - include /etc/nginx/loc-proxy.conf; - include /etc/nginx/loc-websocket.conf; + include /etc/kvmd/nginx/loc-proxy.conf; + include /etc/kvmd/nginx/loc-websocket.conf; auth_request off; } @@ -108,7 +108,7 @@ http { rewrite ^/kvmd/msd/write$ /msd/write break; rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break; proxy_pass http://kvmd; - include /etc/nginx/loc-proxy.conf; + include /etc/kvmd/nginx/loc-proxy.conf; limit_rate 6250k; limit_rate_after 50k; client_max_body_size 0; @@ -120,7 +120,7 @@ http { rewrite ^/kvmd/log$ /log break; rewrite ^/kvmd/log\?(.*)$ /log?$1 break; proxy_pass http://kvmd; - include /etc/nginx/loc-proxy.conf; + include /etc/kvmd/nginx/loc-proxy.conf; proxy_read_timeout 7d; postpone_output 0; proxy_buffering off; @@ -132,7 +132,7 @@ http { rewrite ^/kvmd$ / break; rewrite ^/kvmd/(.*)$ /$1 break; proxy_pass http://kvmd; - include /etc/nginx/loc-proxy.conf; + include /etc/kvmd/nginx/loc-proxy.conf; auth_request off; } @@ -141,7 +141,7 @@ http { rewrite ^/streamer\?(.*)$ ?$1 break; rewrite ^/streamer/(.*)$ /$1 break; proxy_pass http://ustreamer; - include /etc/nginx/loc-proxy.conf; + include /etc/kvmd/nginx/loc-proxy.conf; postpone_output 0; proxy_buffering off; proxy_ignore_headers X-Accel-Buffering; diff --git a/configs/nginx/ssl.conf b/configs/nginx/ssl.conf index 3b24ade1..9bcb7d0d 100644 --- a/configs/nginx/ssl.conf +++ b/configs/nginx/ssl.conf @@ -1,5 +1,5 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; -ssl_certificate /etc/nginx/ssl/server.crt; -ssl_certificate_key /etc/nginx/ssl/server.key; +ssl_certificate /etc/kvmd/nginx/ssl/server.crt; +ssl_certificate_key /etc/kvmd/nginx/ssl/server.key; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; diff --git a/configs/os/systemd/kvmd-nginx.service b/configs/os/systemd/kvmd-nginx.service index ab223488..6b318598 100644 --- a/configs/os/systemd/kvmd-nginx.service +++ b/configs/os/systemd/kvmd-nginx.service @@ -8,8 +8,8 @@ PIDFile=/run/kvmd-nginx.pid PrivateDevices=yes SyslogLevel=err -ExecStart=/usr/bin/nginx -g 'pid /run/kvmd-nginx.pid; error_log stderr;' -ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx +ExecStart=/usr/bin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd-nginx.pid; error_log stderr;' +ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf KillSignal=SIGQUIT KillMode=mixed diff --git a/kvmd.install b/kvmd.install index b77e1248..2f10284d 100644 --- a/kvmd.install +++ b/kvmd.install @@ -1,5 +1,16 @@ post_install() { id kvmd &>/dev/null || useradd -r -c "The main Pi-KVM daemon" -s /sbin/nologin kvmd + + chown root:kvmd \ + /usr/share/kvmd/configs.default/kvmd/htpasswd \ + /etc/kvmd/htpasswd + + cd /etc/kvmd/nginx/ssl + openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 \ + -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" + chown -R root:http /etc/kvmd/nginx/ssl + chmod 400 server.key + chmod 444 server.crt } post_remove() { diff --git a/testenv/Dockerfile b/testenv/Dockerfile index 4fe453e8..39cc3815 100644 --- a/testenv/Dockerfile +++ b/testenv/Dockerfile @@ -50,7 +50,6 @@ RUN pacman -Syy \ COPY testenv/requirements.txt requirements.txt RUN pip install -r requirements.txt -RUN rm -rf /etc/nginx/* \ - && mkdir /etc/kvmd +RUN mkdir -p /etc/kvmd/nginx CMD /bin/bash |