From e8b2f9fc5cd431925f259a95554482cd3300d243 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Sun, 10 Oct 2021 22:52:25 +0200 Subject: [PATCH 1/5] Move to new LE cert --- src/builder.rs | 4 +-- src/locator.rs | 2 +- static_files/lets_encrypt_r3.pem | 30 +++++++++++++++++++ static_files/lets_encrypt_r3_cross_signed.pem | 26 ---------------- 4 files changed, 33 insertions(+), 29 deletions(-) create mode 100644 static_files/lets_encrypt_r3.pem delete mode 100644 static_files/lets_encrypt_r3_cross_signed.pem diff --git a/src/builder.rs b/src/builder.rs index 3c80f3a..d238fe2 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -6,7 +6,7 @@ use crate::resources::{ Resource, ServeCustom, ServePhp, ServeRedir, ServeService, ServeStatic, StoredDirectory, SystemdSocketService, User, UserForDomain, WordpressPlugin, WordpressTranslation, }; -use crate::static_files::LETS_ENCRYPT_R3_CROSS_SIGNED; +use crate::static_files::LETS_ENCRYPT_R3; use crate::storage::SimpleStorage; use crate::storage::Storage; use crate::symbols::acme::Cert as CertSymbol; @@ -676,7 +676,7 @@ impl ImplementationBuilder for DefaultBuilder { target: &::Artifact, (): ::Artifact, ) -> Self::Implementation { - FileSymbol::new(target.clone().into(), LETS_ENCRYPT_R3_CROSS_SIGNED) + FileSymbol::new(target.clone().into(), LETS_ENCRYPT_R3) } } diff --git a/src/locator.rs b/src/locator.rs index 31e8aea..9b70ae4 100644 --- a/src/locator.rs +++ b/src/locator.rs @@ -243,7 +243,7 @@ impl ResourceLocator for DefaultLocator

{ let acme_user = P::acme_user(); let home = P::user_home(acme_user); ( - PathArtifact::from(home.join("lets_encrypt_r3_cross_signed.pem")), + PathArtifact::from(home.join("lets_encrypt_r3.pem")), Dir(home), ) } diff --git a/static_files/lets_encrypt_r3.pem b/static_files/lets_encrypt_r3.pem new file mode 100644 index 0000000..43b222a --- /dev/null +++ b/static_files/lets_encrypt_r3.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP +R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx +sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm +NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg +Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG +/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W +PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl +ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz +CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm +lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 +avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 +yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O +yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids +hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ +HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv +MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX +nLRbwHOoq7hHwg== +-----END CERTIFICATE----- diff --git a/static_files/lets_encrypt_r3_cross_signed.pem b/static_files/lets_encrypt_r3_cross_signed.pem deleted file mode 100644 index 1d82449..0000000 --- a/static_files/lets_encrypt_r3_cross_signed.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow -MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT -AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs -jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp -Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB -U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7 -gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel -/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R -oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E -BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p -ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE -p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE -AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0 -LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf -r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH -ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8 -S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL -qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p -O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw -UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg== ------END CERTIFICATE----- From 21018bd6f6d70867c5fb12788fc97c89540880e5 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Fri, 17 Dec 2021 10:36:15 +0100 Subject: [PATCH 2/5] More flexible PHP FPM pool config --- src/builder.rs | 14 +++++++------- src/locator.rs | 6 +++--- src/resources/mod.rs | 21 +++++++++++++++++---- src/templates/php.rs | 37 ++++++++++++++++++++++++++++++++++--- 4 files changed, 61 insertions(+), 17 deletions(-) diff --git a/src/builder.rs b/src/builder.rs index d238fe2..8cfa7e7 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -33,7 +33,7 @@ use crate::symbols::wordpress::{ Plugin as WordpressPluginSymbol, Translation as WordpressTranslationSymbol, }; use crate::templates::nginx; -use crate::templates::php::fpm_pool_config as php_fpm_pool_config; +use crate::templates::php::{fpm_pool_config as php_fpm_pool_config, FpmPoolConfig as PhpFpmPoolConfig}; use crate::templates::systemd::{ nodejs_service as systemd_nodejs_service, socket_service as systemd_socket_service, }; @@ -250,16 +250,16 @@ impl + Clone + Display> ImplementationBuilder> for } } -impl> ImplementationBuilder> for DefaultBuilder { +impl, C: Clone + Into> ImplementationBuilder> for DefaultBuilder { type Prerequisites = ( PhpFpmPool, CertChain, Key, AcmeChallengesNginxSnippet, ); - fn prerequisites(resource: &ServePhp) -> Self::Prerequisites { + fn prerequisites(resource: &ServePhp) -> Self::Prerequisites { ( - PhpFpmPool(resource.0.clone(), 10), + PhpFpmPool(resource.0.clone(), resource.4.clone().into()), CertChain(resource.0.clone()), Key(resource.0.clone()), AcmeChallengesNginxSnippet, @@ -271,8 +271,8 @@ impl> ImplementationBuilder> f ReloadServiceSymbol, ); fn create( - resource: &ServePhp, - target: & as Resource>::Artifact, + resource: &ServePhp, + target: & as Resource>::Artifact, (pool, cert, key, challenges_snippet_path): ::Artifact, ) -> Self::Implementation { ( @@ -428,7 +428,7 @@ impl ImplementationBuilder> for DefaultBuilder { ( FileSymbol::new( conf_path.clone().into(), - php_fpm_pool_config(&user_name.0, &socket_path, resource.1), + php_fpm_pool_config(&user_name.0, &socket_path, &resource.1), ), ReloadServiceSymbol::new(StdCommandRunner, service_name.0.clone()), ) diff --git a/src/locator.rs b/src/locator.rs index 9b70ae4..6633d4e 100644 --- a/src/locator.rs +++ b/src/locator.rs @@ -298,11 +298,11 @@ impl, POLICY> ResourceLocator> for DefaultLocator< } } -impl, P, POLICY> ResourceLocator> for DefaultLocator { +impl, P, C, POLICY> ResourceLocator> for DefaultLocator { type Prerequisites = (); fn locate( - resource: &ServePhp, - ) -> ( as Resource>::Artifact, Self::Prerequisites) { + resource: &ServePhp, + ) -> ( as Resource>::Artifact, Self::Prerequisites) { ( PathArtifact::from(Path::new("/etc/nginx/sites-enabled/").join(&resource.0)), (), diff --git a/src/resources/mod.rs b/src/resources/mod.rs index 75f6d3e..d8837f5 100644 --- a/src/resources/mod.rs +++ b/src/resources/mod.rs @@ -2,6 +2,7 @@ use crate::artifacts::{ DatabaseName as DatabaseNameArtifact, Path as PathArtifact, ServiceName as ServiceNameArtifact, UserName as UserNameArtifact, }; +use crate::templates::php::FpmPoolConfig; use std::hash::Hash; use std::path::PathBuf; @@ -146,8 +147,14 @@ impl Resource for ServeCustom { } #[derive(Debug, Hash, PartialEq, Eq)] -pub struct ServePhp(pub D, pub P, pub &'static str, pub String, pub usize); -impl Resource for ServePhp { +pub struct ServePhp( + pub D, + pub P, + pub &'static str, + pub String, + pub C, +); +impl Resource for ServePhp { type Artifact = PathArtifact; } @@ -177,7 +184,7 @@ impl Resource for DefaultServer { } #[derive(Debug, Hash, PartialEq, Eq)] -pub struct PhpFpmPool(pub D, pub usize); +pub struct PhpFpmPool(pub D, pub FpmPoolConfig); impl Resource for PhpFpmPool { type Artifact = ( PathArtifact, @@ -275,6 +282,7 @@ macro_rules! default_resources { } } +// Only one enum entry per resource type, otherwise the equality checks fail default_resources!( AcmeAccountKey: AcmeAccountKey, AcmeChallengesDir: AcmeChallengesDir, @@ -301,7 +309,7 @@ default_resources!( PhpFpmPool: PhpFpmPool, ServeCustom: ServeCustom, ServeService: ServeService, - ServePhp: ServePhp, + ServePhp: ServePhp, ServeRedir: ServeRedir, ServeStatic: ServeStatic, StoredDirectory: StoredDirectory, @@ -310,3 +318,8 @@ default_resources!( WordpressPlugin: WordpressPlugin, WordpressTranslation: WordpressTranslation, ); + +pub fn serve_php, C: Into>(domain: D, path: P, root_filename: &'static str, nginx_config: impl Into, pool_config: C) -> ServePhp { + ServePhp( + domain, path.into(), root_filename, nginx_config.into(), pool_config.into()) +} diff --git a/src/templates/php.rs b/src/templates/php.rs index 87fc6bf..d131fe2 100644 --- a/src/templates/php.rs +++ b/src/templates/php.rs @@ -1,9 +1,40 @@ +use std::fmt::{Display, Error, Formatter}; use std::path::Path; +#[derive(Clone, Debug, PartialEq, Hash, Eq)] +pub struct FpmPoolConfig { + max_children: usize, + custom: Option, +} + +impl Display for FpmPoolConfig { + fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error> { + match &self.custom { + None => write!(f, "pm.max_children = {}", self.max_children), + Some(custom) => write!(f, "pm.max_children = {}\n{}", self.max_children, custom), + } + } +} + +impl From for FpmPoolConfig { + fn from(max_children: usize) -> Self { + Self { + max_children, + custom: None, + } + } +} + +impl FpmPoolConfig { + pub fn new(max_children: usize, custom: impl Into) -> Self { + Self { max_children, custom: Some(custom.into()) } + } +} + pub fn fpm_pool_config, S: AsRef>( user_name: U, socket_path: S, - max_children: usize, + config: &FpmPoolConfig, ) -> String { format!( "[{0}] @@ -13,12 +44,12 @@ group = www-data listen = {1} listen.owner = www-data pm = ondemand -pm.max_children = {2} catch_workers_output = yes env[PATH] = /usr/local/bin:/usr/bin:/bin +{2} ", user_name.as_ref(), socket_path.as_ref().to_str().unwrap(), - max_children, + config ) } From 1df56447ded2e86e6f490d00a9080e2acb905174 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Fri, 17 Dec 2021 18:00:22 +0100 Subject: [PATCH 3/5] Bump rust edition --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index ec1f674..4861700 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ name = "schematics" version = "0.1.0" authors = ["Adrian Heine "] -edition = "2018" +edition = "2021" build = "src/build.rs" [dependencies] From bdfec3e127c72d6459248004477ceb91a1909ff5 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Fri, 17 Dec 2021 18:04:23 +0100 Subject: [PATCH 4/5] Clippy --- src/build.rs | 2 +- src/command_runner.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/build.rs b/src/build.rs index 180cce0..accc8de 100644 --- a/src/build.rs +++ b/src/build.rs @@ -46,7 +46,7 @@ pub fn create_static_output_files(source_dir: &str) { Err(err) => { if err.kind() == NotFound { } else { - Err(err).unwrap() + Err(err).unwrap(); } } } diff --git a/src/command_runner.rs b/src/command_runner.rs index b672a4c..5f37ca1 100644 --- a/src/command_runner.rs +++ b/src/command_runner.rs @@ -181,7 +181,7 @@ where { async fn run(&self, program: &str, args: &[&OsStr], input: &str) -> IoResult { let raw_new_args = [self.user_name, "-s", "/usr/bin/env", "--", program]; - let mut new_args: Vec<&OsStr> = raw_new_args.iter().map(|s| s.as_ref()).collect(); + let mut new_args: Vec<&OsStr> = raw_new_args.iter().map(AsRef::as_ref).collect(); new_args.extend_from_slice(args); self.command_runner.run("su", &new_args, input).await } From 59461f38f6c2045cfdedfef020de603c6bb7cb28 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Fri, 17 Dec 2021 19:30:02 +0100 Subject: [PATCH 5/5] Fix mariadb dump logic on unchanged database --- src/symbols/mariadb/dump.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/symbols/mariadb/dump.rs b/src/symbols/mariadb/dump.rs index 1b503fa..11accac 100644 --- a/src/symbols/mariadb/dump.rs +++ b/src/symbols/mariadb/dump.rs @@ -36,7 +36,7 @@ impl, C: CommandRunner, S: Storage> Symbol for Dump<'_, N, C, S> { let dump_date = self.storage.recent_date()?; let output = self.run_sql(&format!("select UNIX_TIMESTAMP(MAX(UPDATE_TIME)) from information_schema.tables WHERE table_schema = '{}'", self.db_name.as_ref())).await?; let modified_date = output.trim_end(); - Ok(modified_date != "NULL" && u64::from_str(modified_date)? <= dump_date) + Ok(modified_date == "NULL" || u64::from_str(modified_date)? <= dump_date) } async fn execute(&self) -> Result<(), Box> {