nixos/doc/manual/from_md/configuration/subversion.chapter.xml at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / doc / manual / from_md / configuration / subversion.chapter.xml
at 23.05-pre 4.6 kB view raw
  1<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-subversion">
  2  <title>Subversion</title>
  3  <para>
  4    <link xlink:href="https://subversion.apache.org/">Subversion</link>
  5    is a centralized version-control system. It can use a
  6    <link xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing">variety
  7    of protocols</link> for communication between client and server.
  8  </para>
  9  <section xml:id="module-services-subversion-apache-httpd">
 10    <title>Subversion inside Apache HTTP</title>
 11    <para>
 12      This section focuses on configuring a web-based server on top of
 13      the Apache HTTP server, which uses
 14      <link xlink:href="http://www.webdav.org/">WebDAV</link>/<link xlink:href="http://www.webdav.org/deltav/WWW10/deltav-intro.htm">DeltaV</link>
 15      for communication.
 16    </para>
 17    <para>
 18      For more information on the general setup, please refer to the
 19      <link xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd">the
 20      appropriate section of the Subversion book</link>.
 21    </para>
 22    <para>
 23      To configure, include in
 24      <literal>/etc/nixos/configuration.nix</literal> code to activate
 25      Apache HTTP, setting
 26      <xref linkend="opt-services.httpd.adminAddr" /> appropriately:
 27    </para>
 28    <programlisting language="bash">
 29services.httpd.enable = true;
 30services.httpd.adminAddr = ...;
 31networking.firewall.allowedTCPPorts = [ 80 443 ];
 32</programlisting>
 33    <para>
 34      For a simple Subversion server with basic authentication,
 35      configure the Subversion module for Apache as follows, setting
 36      <literal>hostName</literal> and <literal>documentRoot</literal>
 37      appropriately, and <literal>SVNParentPath</literal> to the parent
 38      directory of the repositories,
 39      <literal>AuthzSVNAccessFile</literal> to the location of the
 40      <literal>.authz</literal> file describing access permission, and
 41      <literal>AuthUserFile</literal> to the password file.
 42    </para>
 43    <programlisting language="bash">
 44services.httpd.extraModules = [
 45    # note that order is *super* important here
 46    { name = &quot;dav_svn&quot;; path = &quot;${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so&quot;; }
 47    { name = &quot;authz_svn&quot;; path = &quot;${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so&quot;; }
 48  ];
 49  services.httpd.virtualHosts = {
 50    &quot;svn&quot; = {
 51       hostName = HOSTNAME;
 52       documentRoot = DOCUMENTROOT;
 53       locations.&quot;/svn&quot;.extraConfig = ''
 54           DAV svn
 55           SVNParentPath REPO_PARENT
 56           AuthzSVNAccessFile ACCESS_FILE
 57           AuthName &quot;SVN Repositories&quot;
 58           AuthType Basic
 59           AuthUserFile PASSWORD_FILE
 60           Require valid-user
 61      '';
 62    }
 63</programlisting>
 64    <para>
 65      The key <literal>&quot;svn&quot;</literal> is just a symbolic name
 66      identifying the virtual host. The
 67      <literal>&quot;/svn&quot;</literal> in
 68      <literal>locations.&quot;/svn&quot;.extraConfig</literal> is the
 69      path underneath which the repositories will be served.
 70    </para>
 71    <para>
 72      <link xlink:href="https://wiki.archlinux.org/index.php/Subversion">This
 73      page</link> explains how to set up the Subversion configuration
 74      itself. This boils down to the following:
 75    </para>
 76    <para>
 77      Underneath <literal>REPO_PARENT</literal> repositories can be set
 78      up as follows:
 79    </para>
 80    <programlisting>
 81$ svn create REPO_NAME
 82</programlisting>
 83    <para>
 84      Repository files need to be accessible by
 85      <literal>wwwrun</literal>:
 86    </para>
 87    <programlisting>
 88$ chown -R wwwrun:wwwrun REPO_PARENT
 89</programlisting>
 90    <para>
 91      The password file <literal>PASSWORD_FILE</literal> can be created
 92      as follows:
 93    </para>
 94    <programlisting>
 95$ htpasswd -cs PASSWORD_FILE USER_NAME
 96</programlisting>
 97    <para>
 98      Additional users can be set up similarly, omitting the
 99      <literal>c</literal> flag:
100    </para>
101    <programlisting>
102$ htpasswd -s PASSWORD_FILE USER_NAME
103</programlisting>
104    <para>
105      The file describing access permissions
106      <literal>ACCESS_FILE</literal> will look something like the
107      following:
108    </para>
109    <programlisting language="bash">
110[/]
111* = r
112
113[REPO_NAME:/]
114USER_NAME = rw
115</programlisting>
116    <para>
117      The Subversion repositories will be accessible as
118      <literal>http://HOSTNAME/svn/REPO_NAME</literal>.
119    </para>
120  </section>
121</chapter>