From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id WSpTHG+IU2R+5gAASxT56A (envelope-from ) for ; Thu, 04 May 2023 12:26:55 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id KF/RGm+IU2R0mgAA9RJhRA (envelope-from ) for ; Thu, 04 May 2023 12:26:55 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id F22B02D310 for ; Thu, 4 May 2023 12:26:54 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1puWAO-0001pH-Vi; Thu, 04 May 2023 06:26:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1puWAL-0001o8-N9 for guix-devel@gnu.org; Thu, 04 May 2023 06:26:26 -0400 Received: from relay5-d.mail.gandi.net ([2001:4b98:dc4:8::225]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1puWAH-0000r8-DB; Thu, 04 May 2023 06:26:23 -0400 Received: (Authenticated sender: andrew@trop.in) by mail.gandi.net (Postfix) with ESMTPSA id 512231C0004; Thu, 4 May 2023 10:26:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1; t=1683195974; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=uD4ws3JbeCKNQxvmx2dmialiniv2tihZGnpEuXexS7Q=; b=lZLpvRAPqCBAXJUFDPdNR4qcfERb0hiMsijL9CKjWHBtw6ELcwHVUiOAVaUrLRDcT626A+ qBswqt3x5eopiT8GjwcreMjNAqtDGatgm/aUMP9go1MgL5j7E5B3ElFjPkGfyIVCvAx2v6 onTuF30RxEnUWVqO91oj2aMEQtyqBo4VCp08TDJHMDBMAUUiWdQJkcw6QQJmRUhpUziYch 18Ix3BC3E/8v5CviM9JCt8FVPfQPLFAxb37Q0BrDRM5sG6IbwGCROZQf4pq3o0aWDM6vK4 m0nJ7qcrcJmoZMqal49furF9KcsCKLMUFdWf/AnpCTTt0SI9kJoWcreX0/8vtw== From: Andrew Tropin To: guix-devel@gnu.org Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , Miguel Moreno Subject: Free Style Nginx Service Type Date: Thu, 04 May 2023 14:25:58 +0400 Message-ID: <87ild88kax.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2001:4b98:dc4:8::225; envelope-from=andrew@trop.in; helo=relay5-d.mail.gandi.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, WEIRD_PORT=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1683196015; a=rsa-sha256; cv=none; b=MTpTv5GAkAwMvm69EJJmKIK/9oIAQ6x3kXXr6dgtUEpvznML1s7yAaVu1EB02UVdTWUSPk s76L6SeVbWrmmTo+q5asFOuz1+RBQ7XUWCLM/bqkdALNfTkmBXh4qeHkZe+x3cPpY8YBwH bj7R+WvG3Pv2gwfSuOnxSdFTpSK4cp3BBqjeYth6nQ6r5SaNseKdbL8GAx9Q93XL3d+Br9 EvsXLLinHmxPdqQUL1eeJIQqyyu4x+4YUvIxiNR0VZxU/wsz+tkU3z/+bLUNhb6AoNAvFt NKeNHo3Vl2H8foCR6bzuLtPBleSuI2u1EcoEi76/Jm74XOT1oUHOYEftm+WpBg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=trop.in header.s=gm1 header.b=lZLpvRAP; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1683196015; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=uD4ws3JbeCKNQxvmx2dmialiniv2tihZGnpEuXexS7Q=; b=in3lhGZo2u1bOoQrFl/urlTAgrOtUGAEzbZ8YnRC+rJpRa2TFPtVGks0g4ZdARX7gdCOl7 JQJWylarDBscg2Nt+Ewbst6w7zJEylOTQeOLFa8cYVWWMcsbGiH3svdXUkj1AQVFM9Glwl p4qJXlSuUYlzzuVN4mSofzX8aa6B42+KfYVokvNIiKNtRbpXEE6Ib9m1k34rQY6KO2HHHB jAfxsUZSFFtioIGNUYyiJTgWaNvFcX8/DV8f5Tt2NODHB7ORVkxOYuJAPdsRp5EjQrxc3A 2GoIKkea2YwUPr/kkCMjmyrTY/JxjA17pUk7/ofwgEoiavu9Y83FauK99nyZNA== X-Migadu-Spam-Score: -9.50 X-Spam-Score: -9.50 X-Migadu-Queue-Id: F22B02D310 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=trop.in header.s=gm1 header.b=lZLpvRAP; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-TUID: Ayw054dHRDBC --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable There was a few flaws in the current implementation of nginx guix service type, for example the one described here: https://issues.guix.gnu.org/37388 There are other things, for example it's really hard or even impossible to implement some cases in a sane way: adding rtmp context and later extending it from other guix services and probably much more. In the report above created by Ludo, he mentioned an idea of using s-expressions for representing nginx configuration, like sxml for xml. I prototyped such implementation and even migrated my personal nginx instance to it. It works quite well and implementation of service type became really simple: https://git.sr.ht/~abcdw/rde/tree/e5bcfc0654/src/rde/system/services/web.sc= m#L43 It allows to generate configuration in much more programmatic way and have much less boilerplate. My real-world nginx configuration itself: https://git.sr.ht/~abcdw/trop.in/tree/4eb2e07d38/src/tropin/machines.scm#L24 which expands to: =2D-8<---------------cut here---------------start------------->8--- user nginx nginx; pid /var/run/nginx/pid; load_module /gnu/store/19apmplkgpmnvn963cfydgjhhnvpf9fs-nginx-rtmp-module-1= .2.2/etc/nginx/modules/ngx_rtmp_module.so; events { } http { server_tokens off; proxy_temp_path /var/run/nginx/proxy_temp; include /gnu/store/lavf43rgvvmi9a6hqi8f2lmmavipq0vd-nginx-1.23.3/share/ng= inx/conf/mime.types; server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /srv/nginx/ssl/hundredrps.pem; ssl_certificate_key /srv/nginx/ssl/hundredrps.key; ssl_protocols TLSv1.2; server_name guix.trop.in guix.ygg.trop.in; location / { proxy_pass https://guix.gnu.org; proxy_set_header HOST guix.gnu.org; } } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /srv/nginx/ssl/hundredrps.pem; ssl_certificate_key /srv/nginx/ssl/hundredrps.key; ssl_protocols TLSv1.2; server_name ci.guix.trop.in ci.guix.ygg.trop.in; location / { proxy_pass https://ci.guix.gnu.org; proxy_set_header HOST ci.guix.gnu.org; } } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /srv/nginx/ssl/hundredrps.pem; ssl_certificate_key /srv/nginx/ssl/hundredrps.key; ssl_protocols TLSv1.2; server_name issues.guix.trop.in issues.guix.ygg.trop.in; location / { proxy_pass https://issues.guix.gnu.org; proxy_set_header HOST issues.guix.gnu.org; } } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/trop.in/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem; ssl_protocols TLSv1.2; server_name trop.in *.trop.in; location /rde/meetups { return 302 https://meet.jit.si/rde-meetup; } location / { root /srv/nginx/trop.in; if ($request_uri ~ ^/(.*)\.html(\?|$)) { return 302 /$1; } try_files $uri $uri.html $uri/ =3D404; } } server { listen 80; listen [::]:80; server_name files.trop.in files.ygg.trop.in; root /srv/nginx/public; autoindex on; } } rtmp { server { listen 1935; chunk_size 4096; application live { live on; push rtmp://a.rtmp.youtube.com/live2/key1; push rtmp://diode.zone:1935/live/key2; record off; } } } =2D-8<---------------cut here---------------end--------------->8--- The configuration structure and merge logic is visible in tests: https://git.sr.ht/~abcdw/rde/tree/e5bcfc0654/tests/rde/serializers/nginx-te= st.scm#L159 https://git.sr.ht/~abcdw/rde/tree/e5bcfc0654/src/rde/serializers/nginx.scm#= L20 The merge logic have a few problems rn, which I highlighted in those xtests: https://git.sr.ht/~abcdw/rde/commit/e5bcfc0654 LMKWYT! =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmRTiDYACgkQIgjSCVjB 3rBXWg/9FMq/NjQCANSNGd+SQ2T/VvGMuGDctlSvykKAWp2GLnr5T5VSIGbY2YIH SkKPXvTgoM7MecMLNdrfRMBOo3gJORp06AGrldAgJXJqK5NSuKUSaGLW5n2zEkO4 KE5djzdcT/b63NxW5xOY6mq5HHktobGuu+/+nzPsKo2khHlRqfQKQ7NaW3KMubUN HG/7GlntBG1UNj1MCaVVZFAyYQHX8/4E/TdryLUuf5AK1dwWHCbn1qMizkd12XxV PtrvEQGj5lVIKe7qnJPgIaY0QMrBnqyJdJ3c6+ProkC9rhzZCF3svK9eSeuKAKek NGRy54ocSA6AnOv0HSoXukdnvcB9nu/Ft+i2MT9UMgyBi4wXw7qvhaBOEB+xb9Ld /EPI8X1zlZ9ADKsDiyhWr+aH3pHO5rSGEc5USCMQuQuWdeyJmdA09icRo/x5J6bz o+ul2k4a5X79ITuM120HzsmUOX3Fz/P7gVCyMycWgPxWoEK9hIjPohxSVxuIzzak DCJ+ULLsW74nSaMwSBKU8cGP5IXuCDTaMMFWmlmd0Csq5LK1AjQ+3Lzb/6pHCB7W L0o/K3q6X6YvFHxiS6ppOARdoiI5FZGtMfUCLk+f6mv8MQyetSVPaS6GvkBc6EoS UkS4hrDwrJ4+e/ejL5IsF+346JnyTAJm23WviQFHnQYUg45lONo= =uGVu -----END PGP SIGNATURE----- --=-=-=--