7 files changed, 63 insertions, 33 deletions

diff --git a/Makefile b/Makefile
index 5de3c377..8f493b56 100644
--- a/Makefile
+++ b/Makefile
@@ -82,11 +82,11 @@ _run: _testenv
 			--publish 8082:8082/tcp \
 		-it $(TESTENV_IMAGE) /bin/bash -c " \
 			(socat PTY,link=$(TESTENV_HID) PTY,link=/dev/ttyS11 &) \
-			&& cp -r /usr/share/kvmd/configs.default/nginx/* /etc/nginx \
+			&& cp -r /usr/share/kvmd/configs.default/nginx/* /etc/kvmd/nginx \
 			&& cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \
 			&& cp /usr/share/kvmd/configs.default/kvmd/htpasswd /etc/kvmd \
 			&& cp /testenv/main.yaml /etc/kvmd \
-			&& nginx -c /etc/nginx/nginx.conf \
+			&& nginx -c /etc/kvmd/nginx/nginx.conf \
 			&& ln -s $(TESTENV_VIDEO) /dev/kvmd-video \
 			&& (losetup -d /dev/kvmd-msd || true) \
 			&& losetup /dev/kvmd-msd /root/loop.img \
diff --git a/PKGBUILD b/PKGBUILD
index 8d103835..f3e66549 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -33,7 +33,8 @@ depends=(
 	python-dbus
 	python-pygments
 	v4l-utils
-	nginx
+	nginx-mainline
+	openssl
 )
 makedepends=(python-setuptools)
 source=("$url/archive/v$pkgver.tar.gz")
@@ -57,11 +58,13 @@ package_kvmd() {
 	mkdir -p "$pkgdir/usr/lib/systemd/system"
 	cp configs/os/systemd/*.service "$pkgdir/usr/lib/systemd/system"
 
-	_cfgdir="$pkgdir/usr/share/kvmd/configs.default"
 	mkdir -p "$pkgdir/usr/share/kvmd"
 	cp -r web "$pkgdir/usr/share/kvmd"
 	cp -r extras "$pkgdir/usr/share/kvmd"
-	cp -r configs "$_cfgdir"
+
+	_cfgdir="$pkgdir/usr/share/kvmd/configs.default"
+	mkdir -p "$_cfgdir"
+	cp -r configs/* "$_cfgdir"
 
 	rm -rf "$_cfgdir/os/systemd"
 	find "$pkgdir" -name ".gitignore" -delete
@@ -69,8 +72,15 @@ package_kvmd() {
 	find "$_cfgdir" -type f -exec chmod 444 '{}' \;
 	chmod 440 "$_cfgdir/kvmd/htpasswd"
 
-	mkdir -p "$pkgdir/etc/kvmd/nginx"
-	for path in "$_cfgdir/nginx/*.conf"; do
+	mkdir -p "$pkgdir/etc/kvmd/nginx/ssl"
+	chmod 750 "$pkgdir/etc/kvmd/nginx/ssl"
+	for path in "$_cfgdir/kvmd"/*.yaml; do
+		ln -sf "/usr/share/kvmd/configs.default/kvmd/`basename $path`" "$pkgdir/etc/kvmd"
+	done
+	rm "$pkgdir/etc/kvmd/meta.yaml"
+	cp "$_cfgdir/kvmd/meta.yaml" "$pkgdir/etc/kvmd"
+	cp -a "$_cfgdir/kvmd/htpasswd" "$pkgdir/etc/kvmd"
+	for path in "$_cfgdir/nginx"/*.conf; do
 		ln -sf "/usr/share/kvmd/configs.default/nginx/`basename $path`" "$pkgdir/etc/kvmd/nginx"
 	done
 }
@@ -79,11 +89,21 @@ export pkgdir
 for _platform in $_PLATFORMS; do
 	for _board in $_BOARDS; do
 		eval "package_kvmd-platform-$_platform-$_board() {
+			pkgdesc=\"Pi-KVM platform configs - $_platform for $_board\"
+
 			mkdir -p \"$pkgdir/etc/\"{sysctl.d,udev/rules.d,modules-load.d}
-			_osdir=\"/usr/share/kvmd/configs.default/os\"
-			ln -sf \"$_osdir/sysctl.conf\" \"$pkgdir/etc/sysctl.d/99-pikvm.conf\"
-			ln -sf \"$_osdir/udev/$_platform-$_board.rules\" \"$pkgdir/etc/udev/rules.d/99-pikvm.rules\"
-			ln -sf \"$_osdir/modules-load/$_platform.conf\" \"$pkgdir/etc/modules-load.d/pikvm.conf\"
+
+			_cfgdir=\"/usr/share/kvmd/configs.default/os\"
+
+			ln -sf \"$_cfgdir/os/sysctl.conf\" \"$pkgdir/etc/sysctl.d/99-pikvm.conf\"
+			ln -sf \"$_cfgdir/os/udev/$_platform-$_board.rules\" \"$pkgdir/etc/udev/rules.d/99-pikvm.rules\"
+			ln -sf \"$_cfgdir/os/modules-load/$_platform.conf\" \"$pkgdir/etc/modules-load.d/pikvm.conf\"
+
+			ln -sf \"$_cfgdir/kvmd/main/$_platform.yaml\" \"$pkgdir/etc/kvmd/main.yaml\"
+			if [ $_platform == v1-hdmi ]; then
+				depends+=(dkms tc358743-dkms)
+				ln -sf \"$_cfgdir/kvmd/tc358743-edid.hex\" \"$pkgdir/etc/kvmd/tc358743-edid.hex\"
+			fi
 		}"
 	done
 done
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf
index abc8c256..8cfde430 100644
--- a/configs/nginx/nginx.conf
+++ b/configs/nginx/nginx.conf
@@ -1,7 +1,7 @@
 user http;
 worker_processes 4;
 
-# error_log /tmp/nginx.error.log;
+# error_log /tmp/kvmd-nginx.error.log;
 error_log stderr;
 
 include /usr/share/kvmd/extras/*/nginx.ctx-main.conf;
@@ -15,7 +15,7 @@ events {
 http {
 	access_log off;
 
-	include /etc/nginx/mime-types.conf;
+	include /etc/kvmd/nginx/mime-types.conf;
 	default_type application/octet-stream;
 	charset utf-8;
 
@@ -28,11 +28,11 @@ http {
 	keepalive_timeout 10;
 	client_max_body_size 4k;
 
-	client_body_temp_path	/tmp/nginx.client_body_temp;
-	fastcgi_temp_path		/tmp/nginx.fastcgi_temp;
-	proxy_temp_path			/tmp/nginx.proxy_temp;
-	scgi_temp_path			/tmp/nginx.scgi_temp;
-	uwsgi_temp_path			/tmp/nginx.uwsgi_temp;
+	client_body_temp_path	/tmp/kvmd-nginx.client_body_temp;
+	fastcgi_temp_path		/tmp/kvmd-nginx.fastcgi_temp;
+	proxy_temp_path			/tmp/kvmd-nginx.proxy_temp;
+	scgi_temp_path			/tmp/kvmd-nginx.scgi_temp;
+	uwsgi_temp_path			/tmp/kvmd-nginx.uwsgi_temp;
 
 	upstream kvmd {
 		server 127.0.0.1:8081 fail_timeout=0s max_fails=0;
@@ -53,7 +53,7 @@ http {
 	server {
 #PROD		listen 443 ssl http2;
 		server_name localhost;
-#PROD		include /etc/nginx/ssl.conf;
+#PROD		include /etc/kvmd/nginx/ssl.conf;
 
 		auth_request /auth;
 
@@ -67,8 +67,8 @@ http {
 
 		location / {
 			root /usr/share/kvmd/web;
-			include /etc/nginx/loc-login.conf;
-			include /etc/nginx/loc-nocache.conf;
+			include /etc/kvmd/nginx/loc-login.conf;
+			include /etc/kvmd/nginx/loc-nocache.conf;
 		}
 
 		location @login {
@@ -99,8 +99,8 @@ http {
 			rewrite ^/kvmd/ws$ /ws break;
 			rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/loc-proxy.conf;
-			include /etc/nginx/loc-websocket.conf;
+			include /etc/kvmd/nginx/loc-proxy.conf;
+			include /etc/kvmd/nginx/loc-websocket.conf;
 			auth_request off;
 		}
 
@@ -108,7 +108,7 @@ http {
 			rewrite ^/kvmd/msd/write$ /msd/write break;
 			rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/loc-proxy.conf;
+			include /etc/kvmd/nginx/loc-proxy.conf;
 			limit_rate 6250k;
 			limit_rate_after 50k;
 			client_max_body_size 0;
@@ -120,7 +120,7 @@ http {
 			rewrite ^/kvmd/log$ /log break;
 			rewrite ^/kvmd/log\?(.*)$ /log?$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/loc-proxy.conf;
+			include /etc/kvmd/nginx/loc-proxy.conf;
 			proxy_read_timeout 7d;
 			postpone_output 0;
 			proxy_buffering off;
@@ -132,7 +132,7 @@ http {
 			rewrite ^/kvmd$ / break;
 			rewrite ^/kvmd/(.*)$ /$1 break;
 			proxy_pass http://kvmd;
-			include /etc/nginx/loc-proxy.conf;
+			include /etc/kvmd/nginx/loc-proxy.conf;
 			auth_request off;
 		}
 
@@ -141,7 +141,7 @@ http {
 			rewrite ^/streamer\?(.*)$ ?$1 break;
 			rewrite ^/streamer/(.*)$ /$1 break;
 			proxy_pass http://ustreamer;
-			include /etc/nginx/loc-proxy.conf;
+			include /etc/kvmd/nginx/loc-proxy.conf;
 			postpone_output 0;
 			proxy_buffering off;
 			proxy_ignore_headers X-Accel-Buffering;
diff --git a/configs/nginx/ssl.conf b/configs/nginx/ssl.conf
index 3b24ade1..9bcb7d0d 100644
--- a/configs/nginx/ssl.conf
+++ b/configs/nginx/ssl.conf
@@ -1,5 +1,5 @@
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-ssl_certificate /etc/nginx/ssl/server.crt;
-ssl_certificate_key /etc/nginx/ssl/server.key;
+ssl_certificate /etc/kvmd/nginx/ssl/server.crt;
+ssl_certificate_key /etc/kvmd/nginx/ssl/server.key;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
diff --git a/configs/os/systemd/kvmd-nginx.service b/configs/os/systemd/kvmd-nginx.service
index ab223488..6b318598 100644
--- a/configs/os/systemd/kvmd-nginx.service
+++ b/configs/os/systemd/kvmd-nginx.service
@@ -8,8 +8,8 @@ PIDFile=/run/kvmd-nginx.pid
 PrivateDevices=yes
 SyslogLevel=err
 
-ExecStart=/usr/bin/nginx -g 'pid /run/kvmd-nginx.pid; error_log stderr;'
-ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx
+ExecStart=/usr/bin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd-nginx.pid; error_log stderr;'
+ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf
 KillSignal=SIGQUIT
 KillMode=mixed
 
diff --git a/kvmd.install b/kvmd.install
index b77e1248..2f10284d 100644
--- a/kvmd.install
+++ b/kvmd.install
@@ -1,5 +1,16 @@
 post_install() {
 	id kvmd &>/dev/null || useradd -r -c "The main Pi-KVM daemon" -s /sbin/nologin kvmd
+
+	chown root:kvmd \
+		/usr/share/kvmd/configs.default/kvmd/htpasswd \
+		/etc/kvmd/htpasswd
+
+	cd /etc/kvmd/nginx/ssl
+	openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 \
+		-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
+	chown -R root:http /etc/kvmd/nginx/ssl
+	chmod 400 server.key
+	chmod 444 server.crt
 }
 
 post_remove() {
diff --git a/testenv/Dockerfile b/testenv/Dockerfile
index 4fe453e8..39cc3815 100644
--- a/testenv/Dockerfile
+++ b/testenv/Dockerfile
@@ -50,7 +50,6 @@ RUN pacman -Syy \
 COPY testenv/requirements.txt requirements.txt
 RUN pip install -r requirements.txt
 
-RUN rm -rf /etc/nginx/* \
-	&& mkdir /etc/kvmd
+RUN mkdir -p /etc/kvmd/nginx
 
 CMD /bin/bash