commit 41ff90fcd4c2e5cc13a6c40770b827151073adf2 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2511.section.md

···

       125
       125
        
       - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask).

     

       126
       126
        
         This allows for fine-grained control over the GPU's performance and maybe required by overclocking softwares like Corectrl and Lact. These new options replace old options such as {option}`programs.corectrl.gpuOverclock.enable` and {option}`programs.tuxclocker.enableAMD`.

     

       127
       127
        
       

     

       128
       128
       +
       - `services.varnish.http_address` has been superseeded by `services.varnish.listen` which is now

     

       129
       129
       +
         structured config for all of varnish's `-a` variations.

     

       130
       130
       +
       

     

       128
       131
        
       - [](#opt-services.gnome.gnome-keyring.enable) does not ship with an SSH agent anymore, as this is now handled by the `gcr_4` package instead of `gnome-keyring`. A new module has been added to support this, under [](#opt-services.gnome.gcr-ssh-agent.enable) (its default value has been set to [](#opt-services.gnome.gnome-keyring.enable) to ensure a smooth transition). See the [relevant upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67) for more details.

     

       129
       132
        
       

     

       130
       133
        
       - The `nettools` package (ifconfig, arp, mii-tool, netstat, route) is not installed by default anymore. The suite is unmaintained and users should migrate to `iproute2` and `ethtool` instead.

+123 -3

nixos/modules/services/web-servers/varnish/default.nix

···

       6
       6
        
       }:

     

       7
       7
        
       

     

       8
       8
        
       let

     

       9
       9
       +
         inherit (lib)

     

       10
       10
       +
           types

     

       11
       11
       +
           mkOption

     

       12
       12
       +
           hasPrefix

     

       13
       13
       +
           concatMapStringsSep

     

       14
       14
       +
           optionalString

     

       15
       15
       +
           concatMap

     

       16
       16
       +
           ;

     

       17
       17
       +
         inherit (builtins) isNull;

     

       18
       18
       +
       

     

       9
       19
        
         cfg = config.services.varnish;

     

       10
       20
        
       

     

       11
       21
        
         # Varnish has very strong opinions and very complicated code around handling

     
···

       26
       36
        
           else

     

       27
       37
        
             "/var/run/varnishd";

     

       28
       38
        
       

     

       39
       39
       +
         # from --help:

     

       40
       40
       +
         #   -a [<name>=]address[:port][,proto] # HTTP listen address and port

     

       41
       41
       +
         #      [,user=<u>][,group=<g>]   # Can be specified multiple times.

     

       42
       42
       +
         #      [,mode=<m>]               #   default: ":80,HTTP"

     

       43
       43
       +
         #                                # Proto can be "PROXY" or "HTTP" (default)

     

       44
       44
       +
         #                                # user, group and mode set permissions for

     

       45
       45
       +
         #                                #   a Unix domain socket.

     

       46
       46
       +
         commandLineAddresses =

     

       47
       47
       +
           (concatMapStringsSep " " (

     

       48
       48
       +
             a:

     

       49
       49
       +
             "-a "

     

       50
       50
       +
             + optionalString (!isNull a.name) "${a.name}="

     

       51
       51
       +
             + a.address

     

       52
       52
       +
             + optionalString (!isNull a.port) ":${toString a.port}"

     

       53
       53
       +
             + optionalString (!isNull a.proto) ",${a.proto}"

     

       54
       54
       +
             + optionalString (!isNull a.user) ",user=${a.user}"

     

       55
       55
       +
             + optionalString (!isNull a.group) ",group=${a.group}"

     

       56
       56
       +
             + optionalString (!isNull a.mode) ",mode=${a.mode}"

     

       57
       57
       +
           ) cfg.listen)

     

       58
       58
       +
           + lib.optionalString (!isNull cfg.http_address) " -a ${cfg.http_address}";

     

       59
       59
       +
         addressSubmodule = types.submodule {

     

       60
       60
       +
           options = {

     

       61
       61
       +
             name = mkOption {

     

       62
       62
       +
               description = "Name is referenced in logs. If name is not specified, 'a0', 'a1', etc. is used.";

     

       63
       63
       +
               default = null;

     

       64
       64
       +
               type = with types; nullOr str;

     

       65
       65
       +
             };

     

       66
       66
       +
             address = mkOption {

     

       67
       67
       +
               description = ''

     

       68
       68
       +
                 If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad

     

       69
       69
       +
                 ("127.0.0.1") or an IPv6  address enclosed in square brackets ("[::1]").

     

       70
       70
       +
       

     

       71
       71
       +
                 (VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"

     

       72
       72
       +
                 followed by the name of an abstract socket ("@myvarnishd") accept connections

     

       73
       73
       +
                 on a Unix domain socket.

     

       74
       74
       +
       

     

       75
       75
       +
                 The user, group and mode sub-arguments may be used to specify the permissions

     

       76
       76
       +
                 of the socket file. These sub-arguments do not apply to  abstract sockets.

     

       77
       77
       +
               '';

     

       78
       78
       +
               type = types.str;

     

       79
       79
       +
             };

     

       80
       80
       +
             port = mkOption {

     

       81
       81
       +
               description = "The port to use for IP sockets. If port is not specified, port 80 (http) is used.";

     

       82
       82
       +
               default = null;

     

       83
       83
       +
               type = with types; nullOr int;

     

       84
       84
       +
             };

     

       85
       85
       +
             proto = mkOption {

     

       86
       86
       +
               description = "PROTO can be 'HTTP' (the default) or 'PROXY'.  Both version 1 and 2 of the proxy protocol can be used.";

     

       87
       87
       +
               type = types.enum [

     

       88
       88
       +
                 "HTTP"

     

       89
       89
       +
                 "PROXY"

     

       90
       90
       +
               ];

     

       91
       91
       +
               default = "HTTP";

     

       92
       92
       +
             };

     

       93
       93
       +
             user = mkOption {

     

       94
       94
       +
               description = "User name who owns the socket file.";

     

       95
       95
       +
               default = null;

     

       96
       96
       +
               type = with lib.types; nullOr str;

     

       97
       97
       +
             };

     

       98
       98
       +
             group = mkOption {

     

       99
       99
       +
               description = "Group name who owns the socket file.";

     

       100
       100
       +
               default = null;

     

       101
       101
       +
               type = with lib.types; nullOr str;

     

       102
       102
       +
             };

     

       103
       103
       +
             mode = mkOption {

     

       104
       104
       +
               description = "Permission of the socket file (3-digit octal value).";

     

       105
       105
       +
               default = null;

     

       106
       106
       +
               type = with types; nullOr str;

     

       107
       107
       +
             };

     

       108
       108
       +
           };

     

       109
       109
       +
         };

     

       110
       110
       +
         checkedAddressModule = types.addCheck addressSubmodule (

     

       111
       111
       +
           m:

     

       112
       112
       +
           (

     

       113
       113
       +
             if ((hasPrefix "@" m.address) || (hasPrefix "/" m.address)) then

     

       114
       114
       +
               # this is a unix socket

     

       115
       115
       +
               (m.port != null)

     

       116
       116
       +
             else

     

       117
       117
       +
             # this is not a path-based unix socket

     

       118
       118
       +
             if !(hasPrefix "/" m.address) && (m.group != null) || (m.user != null) || (m.mode != null) then

     

       119
       119
       +
               false

     

       120
       120
       +
             else

     

       121
       121
       +
               true

     

       122
       122
       +
           )

     

       123
       123
       +
         );

     

       29
       124
        
         commandLine =

     

       30
       125
        
           "-f ${pkgs.writeText "default.vcl" cfg.config}"

     

       31
       126
        
           +

     
···

       54
       149
        
             package = lib.mkPackageOption pkgs "varnish" { };

     

       55
       150
        
       

     

       56
       151
        
             http_address = lib.mkOption {

     

       57
       57
       -
               type = lib.types.str;

     

       58
       58
       -
               default = "*:6081";

     

       152
       152
       +
               type = with lib.types; nullOr str;

     

       153
       153
       +
               default = null;

     

       59
       154
        
               description = ''

     

       60
       155
        
                 HTTP listen address and port.

     

       61
       156
        
               '';

     

       157
       157
       +
             };

     

       158
       158
       +
       

     

       159
       159
       +
             listen = lib.mkOption {

     

       160
       160
       +
               description = "Accept for client requests on the specified listen addresses.";

     

       161
       161
       +
               type = lib.types.listOf checkedAddressModule;

     

       162
       162
       +
               defaultText = lib.literalExpression ''[ { address="*"; port=6081; } ]'';

     

       163
       163
       +
               default = lib.optional (isNull cfg.http_address) {

     

       164
       164
       +
                 address = "*";

     

       165
       165
       +
                 port = 6081;

     

       166
       166
       +
               };

     

       62
       167
        
             };

     

       63
       168
        
       

     

       64
       169
        
             config = lib.mkOption {

     
···

       97
       202
        
             serviceConfig = {

     

       98
       203
        
               Type = "simple";

     

       99
       204
        
               PermissionsStartOnly = true;

     

       100
       100
       -
               ExecStart = "${cfg.package}/sbin/varnishd -a ${cfg.http_address} -n ${stateDir} -F ${cfg.extraCommandLine} ${commandLine}";

     

       205
       205
       +
               ExecStart = "${cfg.package}/sbin/varnishd ${commandLineAddresses} -n ${stateDir} -F ${cfg.extraCommandLine} ${commandLine}";

     

       101
       206
        
               Restart = "always";

     

       102
       207
        
               RestartSec = "5s";

     

       103
       208
        
               User = "varnish";

     
···

       117
       222
        
               ${cfg.package}/bin/varnishd -C ${commandLine} 2> $out || (cat $out; exit 1)

     

       118
       223
        
             '')

     

       119
       224
        
           ];

     

       225
       225
       +
       

     

       226
       226
       +
           assertions = concatMap (m: [

     

       227
       227
       +
             {

     

       228
       228
       +
               assertion = (hasPrefix "/" m.address) || (hasPrefix "@" m.address) -> m.port == null;

     

       229
       229
       +
               message = "Listen ports must not be specified with UNIX sockets: ${builtins.toJSON m}";

     

       230
       230
       +
             }

     

       231
       231
       +
             {

     

       232
       232
       +
               assertion = !(hasPrefix "/" m.address) -> m.user == null && m.group == null && m.mode == null;

     

       233
       233
       +
               message = "Abstract UNIX sockets or IP sockets can not be used with user, group, and mode settings: ${builtins.toJSON m}";

     

       234
       234
       +
             }

     

       235
       235
       +
           ]) cfg.listen;

     

       236
       236
       +
       

     

       237
       237
       +
           warnings =

     

       238
       238
       +
             lib.optional (!isNull cfg.http_address)

     

       239
       239
       +
               "The option `services.varnish.http_address` is deprecated. Use `services.varnish.listen` instead.";

     

       120
       240
        
       

     

       121
       241
        
           users.users.varnish = {

     

       122
       242
        
             group = "varnish";

+49 -3

nixos/tests/varnish.nix

···

       10
       10
        
       

     

       11
       11
        
         nodes = {

     

       12
       12
        
           varnish =

     

       13
       13
       -
             { config, pkgs, ... }:

     

       13
       13
       +
             {

     

       14
       14
       +
               config,

     

       15
       15
       +
               pkgs,

     

       16
       16
       +
               lib,

     

       17
       17
       +
               ...

     

       18
       18
       +
             }:

     

       14
       19
        
             {

     

       15
       20
        
               services.nix-serve = {

     

       16
       21
        
                 enable = true;

     
···

       19
       24
        
               services.varnish = {

     

       20
       25
        
                 inherit package;

     

       21
       26
        
                 enable = true;

     

       22
       22
       -
                 http_address = "0.0.0.0:80";

     

       27
       27
       +
                 http_address = "0.0.0.0:81";

     

       28
       28
       +
                 listen = [

     

       29
       29
       +
                   {

     

       30
       30
       +
                     address = "0.0.0.0";

     

       31
       31
       +
                     port = 80;

     

       32
       32
       +
                     proto = "HTTP";

     

       33
       33
       +
                   }

     

       34
       34
       +
                   {

     

       35
       35
       +
                     name = "proxyport";

     

       36
       36
       +
                     address = "0.0.0.0";

     

       37
       37
       +
                     port = 8080;

     

       38
       38
       +
                     proto = "PROXY";

     

       39
       39
       +
                   }

     

       40
       40
       +
                   { address = "@asdf"; }

     

       41
       41
       +
                   {

     

       42
       42
       +
                     address = "/run/varnishd/client.http.sock";

     

       43
       43
       +
                     user = "varnish";

     

       44
       44
       +
                     group = "varnish";

     

       45
       45
       +
                     mode = "660";

     

       46
       46
       +
                   }

     

       47
       47
       +
                 ];

     

       23
       48
        
                 config = ''

     

       24
       24
       -
                   vcl 4.0;

     

       49
       49
       +
                   vcl 4.1;

     

       25
       50
        
       

     

       26
       51
        
                   backend nix-serve {

     

       27
       52
        
                     .host = "127.0.0.1";

     
···

       32
       57
        
       

     

       33
       58
        
               networking.firewall.allowedTCPPorts = [ 80 ];

     

       34
       59
        
               system.extraDependencies = [ testPath ];

     

       60
       60
       +
       

     

       61
       61
       +
               assertions =

     

       62
       62
       +
                 map

     

       63
       63
       +
                   (

     

       64
       64
       +
                     pattern:

     

       65
       65
       +
                     let

     

       66
       66
       +
                       cmdline = config.systemd.services.varnish.serviceConfig.ExecStart;

     

       67
       67
       +
                     in

     

       68
       68
       +
                     {

     

       69
       69
       +
                       assertion = lib.hasInfix pattern cmdline;

     

       70
       70
       +
                       message = "Address argument `${pattern}` missing in commandline `${cmdline}`.";

     

       71
       71
       +
                     }

     

       72
       72
       +
                   )

     

       73
       73
       +
                   [

     

       74
       74
       +
                     " -a 0.0.0.0:80,HTTP "

     

       75
       75
       +
                     " -a proxyport=0.0.0.0:8080,PROXY "

     

       76
       76
       +
                     " -a @asdf,HTTP "

     

       77
       77
       +
                     " -a /run/varnishd/client.http.sock,HTTP,user=varnish,group=varnish,mode=660 "

     

       78
       78
       +
                     " -a 0.0.0.0:81 "

     

       79
       79
       +
                   ];

     

       35
       80
        
             };

     

       36
       81
        
       

     

       37
       82
        
           client =

     
···

       47
       92
        
         testScript = ''

     

       48
       93
        
           start_all()

     

       49
       94
        
           varnish.wait_for_open_port(80)

     

       95
       95
       +
       

     

       50
       96
        
       

     

       51
       97
        
           client.wait_until_succeeds("curl -f http://varnish/nix-cache-info");

     

       52
       98