depot/third_party/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md

3.1 KiB

Subversion

Subversion is a centralized version-control system. It can use a variety of protocols for communication between client and server.

Subversion inside Apache HTTP

This section focuses on configuring a web-based server on top of the Apache HTTP server, which uses WebDAV/DeltaV for communication.

For more information on the general setup, please refer to the the appropriate section of the Subversion book.

To configure, include in /etc/nixos/configuration.nix code to activate Apache HTTP, setting appropriately:

{
  services.httpd.enable = true;
  services.httpd.adminAddr = "...";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
}

For a simple Subversion server with basic authentication, configure the Subversion module for Apache as follows, setting hostName and documentRoot appropriately, and SVNParentPath to the parent directory of the repositories, AuthzSVNAccessFile to the location of the .authz file describing access permission, and AuthUserFile to the password file.

{
  services.httpd.extraModules = [
      # note that order is *super* important here
      { name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; }
      { name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; }
    ];
    services.httpd.virtualHosts = {
      "svn" = {
         hostName = HOSTNAME;
         documentRoot = DOCUMENTROOT;
         locations."/svn".extraConfig = ''
             DAV svn
             SVNParentPath REPO_PARENT
             AuthzSVNAccessFile ACCESS_FILE
             AuthName "SVN Repositories"
             AuthType Basic
             AuthUserFile PASSWORD_FILE
             Require valid-user
        '';
      };
    };
}

The key "svn" is just a symbolic name identifying the virtual host. The "/svn" in locations."/svn".extraConfig is the path underneath which the repositories will be served.

This page explains how to set up the Subversion configuration itself. This boils down to the following:

Underneath REPO_PARENT repositories can be set up as follows:

$ svn create REPO_NAME

Repository files need to be accessible by wwwrun:

$ chown -R wwwrun:wwwrun REPO_PARENT

The password file PASSWORD_FILE can be created as follows:

$ htpasswd -cs PASSWORD_FILE USER_NAME

Additional users can be set up similarly, omitting the c flag:

$ htpasswd -s PASSWORD_FILE USER_NAME

The file describing access permissions ACCESS_FILE will look something like the following:

[/]
* = r

[REPO_NAME:/]
USER_NAME = rw

The Subversion repositories will be accessible as http://HOSTNAME/svn/REPO_NAME.