1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
|
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.lighttpd.inginious;
inginious = pkgs.inginious;
execName = "inginious-${if cfg.useLTI then "lti" else "webapp"}";
inginiousConfigFile = if cfg.configFile != null then cfg.configFile else pkgs.writeText "inginious.yaml" ''
# Backend; can be:
# - "local" (run containers on the same machine)
# - "remote" (connect to distant docker daemon and auto start agents) (choose this if you use boot2docker)
# - "remote_manual" (connect to distant and manually installed agents)
backend: "${cfg.backendType}"
## TODO (maybe): Add an option for the "remote" backend in this NixOS module.
# List of remote docker daemon to which the backend will try
# to connect (backend: remote only)
#docker_daemons:
# - # Host of the docker daemon *from the webapp*
# remote_host: "some.remote.server"
# # Port of the distant docker daemon *from the webapp*
# remote_docker_port: "2375"
# # A mandatory port used by the backend and the agent that will be automatically started.
# # Needs to be available on the remote host, and to be open in the firewall.
# remote_agent_port: "63456"
# # Does the remote docker requires tls? Defaults to false.
# # Parameter can be set to true or path to the certificates
# #use_tls: false
# # Link to the docker daemon *from the host that runs the docker daemon*. Defaults to:
# #local_location: "unix:///var/run/docker.sock"
# # Path to the cgroups "mount" *from the host that runs the docker daemon*. Defaults to:
# #cgroups_location: "/sys/fs/cgroup"
# # Name that will be used to reference the agent
# #"agent_name": "inginious-agent"
# List of remote agents to which the backend will try
# to connect (backend: remote_manual only)
# Example:
#agents:
# - host: "192.168.59.103"
# port: 5001
agents:
${lib.concatMapStrings (agent:
" - host: \"${agent.host}\"\n" +
" port: ${agent.port}\n"
) cfg.remoteAgents}
# Location of the task directory
tasks_directory: "${cfg.tasksDirectory}"
# Super admins: list of user names that can do everything in the backend
superadmins:
${lib.concatMapStrings (x: " - \"${x}\"\n") cfg.superadmins}
# Aliases for containers
# Only containers listed here can be used by tasks
containers:
${lib.concatStrings (lib.mapAttrsToList (name: fullname:
" ${name}: \"${fullname}\"\n"
) cfg.containers)}
# Use single minified javascript file (production) or multiple files (dev) ?
use_minified_js: true
## TODO (maybe): Add NixOS options for these parameters.
# MongoDB options
#mongo_opt:
# host: localhost
# database: INGInious
# Disable INGInious?
#maintenance: false
#smtp:
# sendername: 'INGInious <no-reply@inginious.org>'
# host: 'smtp.gmail.com'
# port: 587
# username: 'configme@gmail.com'
# password: 'secret'
# starttls: True
## NixOS extra config
${cfg.extraConfig}
'';
in
{
options.services.lighttpd.inginious = {
enable = mkEnableOption "INGInious, an automated code testing and grading system.";
configFile = mkOption {
type = types.nullOr types.path;
default = null;
example = literalExample ''pkgs.writeText "configuration.yaml" "# custom config options ...";'';
description = ''The path to an INGInious configuration file.'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
# Load the dummy auth plugin.
plugins:
- plugin_module: inginious.frontend.webapp.plugins.auth.demo_auth
users:
# register the user "test" with the password "someverycomplexpassword"
test: someverycomplexpassword
'';
description = ''Extra option in YaML format, to be appended to the config file.'';
};
tasksDirectory = mkOption {
type = types.path;
example = "/var/lib/INGInious/tasks";
description = ''
Path to the tasks folder.
Defaults to the provided test tasks folder (readonly).
'';
};
useLTI = mkOption {
type = types.bool;
default = false;
description = ''Whether to start the LTI frontend in place of the webapp.'';
};
superadmins = mkOption {
type = types.uniq (types.listOf types.str);
default = [ "admin" ];
example = [ "john" "pepe" "emilia" ];
description = ''List of user logins allowed to administrate the whole server.'';
};
containers = mkOption {
type = types.attrsOf types.str;
default = {
default = "ingi/inginious-c-default";
};
example = {
default = "ingi/inginious-c-default";
sekexe = "ingi/inginious-c-sekexe";
java = "ingi/inginious-c-java";
oz = "ingi/inginious-c-oz";
pythia1compat = "ingi/inginious-c-pythia1compat";
};
description = ''
An attrset describing the required containers
These containers will be available in INGInious using their short name (key)
and will be automatically downloaded before INGInious starts.
'';
};
hostPattern = mkOption {
type = types.str;
default = "^inginious.";
example = "^inginious.mydomain.xyz$";
description = ''
The domain that serves INGInious.
INGInious uses absolute paths which makes it difficult to relocate in its own subdir.
The default configuration will serve INGInious when the server is accessed with a hostname starting with "inginious.".
If left blank, INGInious will take the precedence over all the other lighttpd sites, which is probably not what you want.
'';
};
backendType = mkOption {
type = types.enum [ "local" "remote_manual" ]; # TODO: support backend "remote"
default = "local";
description = ''
Select how INGINious accesses to grading containers.
The default "local" option ensures that Docker is started and provisioned.
Fore more information, see http://inginious.readthedocs.io/en/latest/install_doc/config_reference.html
Not all backends are supported. Use services.inginious.configFile for full flexibility.
'';
};
remoteAgents = mkOption {
type = types.listOf (types.attrsOf types.str);
default = [];
example = [ { host = "192.0.2.25"; port = "1345"; } ];
description = ''A list of remote agents, used only when services.inginious.backendType is "remote_manual".'';
};
};
config = mkIf cfg.enable (
mkMerge [
# For a local install, we need docker.
(mkIf (cfg.backendType == "local") {
virtualisation.docker = {
enable = true;
# We need docker to listen on port 2375.
listenOptions = ["127.0.0.1:2375" "/var/run/docker.sock"];
storageDriver = mkDefault "overlay";
};
users.users."lighttpd".extraGroups = [ "docker" ];
# Ensure that docker has pulled the required images.
systemd.services.inginious-prefetch = {
script = let
images = lib.unique (
[ "centos" "ingi/inginious-agent" ]
++ lib.mapAttrsToList (_: image: image) cfg.containers
);
in lib.concatMapStrings (image: ''
${pkgs.docker}/bin/docker pull ${image}
'') images;
serviceConfig.Type = "oneshot";
wants = [ "docker.service" ];
after = [ "docker.service" ];
wantedBy = [ "lighttpd.service" ];
before = [ "lighttpd.service" ];
};
})
# Common
{
services.lighttpd.inginious.tasksDirectory = mkDefault "${inginious}/lib/python2.7/site-packages/inginious/tasks";
# To access inginous tools (like inginious-test-task)
environment.systemPackages = [ inginious ];
services.mongodb.enable = true;
services.lighttpd.enable = true;
services.lighttpd.enableModules = [ "mod_access" "mod_alias" "mod_fastcgi" "mod_redirect" "mod_rewrite" ];
services.lighttpd.extraConfig = ''
$HTTP["host"] =~ "${cfg.hostPattern}" {
fastcgi.server = ( "/${execName}" =>
((
"socket" => "/run/lighttpd/inginious-fastcgi.socket",
"bin-path" => "${inginious}/bin/${execName} --config=${inginiousConfigFile}",
"max-procs" => 1,
"bin-environment" => ( "REAL_SCRIPT_NAME" => "" ),
"check-local" => "disable"
))
)
url.rewrite-once = (
"^/.well-known/.*" => "$0",
"^/static/.*" => "$0",
"^/.*$" => "/${execName}$0",
"^/favicon.ico$" => "/static/common/favicon.ico",
)
alias.url += (
"/static/webapp/" => "${inginious}/lib/python2.7/site-packages/inginious/frontend/webapp/static/",
"/static/common/" => "${inginious}/lib/python2.7/site-packages/inginious/frontend/common/static/"
)
}
'';
systemd.services.lighttpd.preStart = ''
mkdir -p /run/lighttpd
chown lighttpd.lighttpd /run/lighttpd
'';
systemd.services.lighttpd.wants = [ "mongodb.service" "docker.service" ];
systemd.services.lighttpd.after = [ "mongodb.service" "docker.service" ];
}
]);
}
|