commit abca224ce4866b0a9ee881ef1289fc99a94f6c37 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2311.section.md

···

       113
       113
        
       

     

       114
       114
        
       - [virt-manager](https://virt-manager.org/), an UI for managing virtual machines in libvirt, is now available as `programs.virt-manager`.

     

       115
       115
        
       

     

       116
       116
       +
       - [Soft Serve](https://github.com/charmbracelet/soft-serve), a tasty, self-hostable Git server for the command line. Available as [services.soft-serve](#opt-services.soft-serve.enable).

     

       117
       117
       +
       

     

       116
       118
        
       ## Backward Incompatibilities {#sec-release-23.11-incompatibilities}

     

       117
       119
        
       

     

       118
       120
        
       - `network-online.target` has been fixed to no longer time out for systems with `networking.useDHCP = true` and `networking.useNetworkd = true`.

nixos/modules/module-list.nix

···

       730
       730
        
         ./services/misc/signald.nix

     

       731
       731
        
         ./services/misc/siproxd.nix

     

       732
       732
        
         ./services/misc/snapper.nix

     

       733
       733
       +
         ./services/misc/soft-serve.nix

     

       733
       734
        
         ./services/misc/sonarr.nix

     

       734
       735
        
         ./services/misc/sourcehut

     

       735
       736
        
         ./services/misc/spice-vdagentd.nix

+99

nixos/modules/services/misc/soft-serve.nix

···

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         cfg = config.services.soft-serve;

     

       7
       7
       +
         configFile = format.generate "config.yaml" cfg.settings;

     

       8
       8
       +
         format = pkgs.formats.yaml { };

     

       9
       9
       +
         docUrl = "https://charm.sh/blog/self-hosted-soft-serve/";

     

       10
       10
       +
         stateDir = "/var/lib/soft-serve";

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       13
       13
       +
         options = {

     

       14
       14
       +
           services.soft-serve = {

     

       15
       15
       +
             enable = mkEnableOption "Enable soft-serve service";

     

       16
       16
       +
       

     

       17
       17
       +
             package = mkPackageOption pkgs "soft-serve" { };

     

       18
       18
       +
       

     

       19
       19
       +
             settings = mkOption {

     

       20
       20
       +
               type = format.type;

     

       21
       21
       +
               default = { };

     

       22
       22
       +
               description = mdDoc ''

     

       23
       23
       +
                 The contents of the configuration file.

     

       24
       24
       +
       

     

       25
       25
       +
                 See <${docUrl}>.

     

       26
       26
       +
               '';

     

       27
       27
       +
               example = literalExpression ''

     

       28
       28
       +
                 {

     

       29
       29
       +
                   name = "dadada's repos";

     

       30
       30
       +
                   log_format = "text";

     

       31
       31
       +
                   ssh = {

     

       32
       32
       +
                     listen_addr = ":23231";

     

       33
       33
       +
                     public_url = "ssh://localhost:23231";

     

       34
       34
       +
                     max_timeout = 30;

     

       35
       35
       +
                     idle_timeout = 120;

     

       36
       36
       +
                   };

     

       37
       37
       +
                   stats.listen_addr = ":23233";

     

       38
       38
       +
                 }

     

       39
       39
       +
               '';

     

       40
       40
       +
             };

     

       41
       41
       +
           };

     

       42
       42
       +
         };

     

       43
       43
       +
       

     

       44
       44
       +
         config = mkIf cfg.enable {

     

       45
       45
       +
       

     

       46
       46
       +
           systemd.tmpfiles.rules = [

     

       47
       47
       +
             # The config file has to be inside the state dir

     

       48
       48
       +
             "L+ ${stateDir}/config.yaml - - - - ${configFile}"

     

       49
       49
       +
           ];

     

       50
       50
       +
       

     

       51
       51
       +
           systemd.services.soft-serve = {

     

       52
       52
       +
             description = "Soft Serve git server";

     

       53
       53
       +
             documentation = [ docUrl ];

     

       54
       54
       +
             requires = [ "network-online.target" ];

     

       55
       55
       +
             after = [ "network-online.target" ];

     

       56
       56
       +
             wantedBy = [ "multi-user.target" ];

     

       57
       57
       +
       

     

       58
       58
       +
             environment.SOFT_SERVE_DATA_PATH = stateDir;

     

       59
       59
       +
       

     

       60
       60
       +
             serviceConfig = {

     

       61
       61
       +
               Type = "simple";

     

       62
       62
       +
               DynamicUser = true;

     

       63
       63
       +
               Restart = "always";

     

       64
       64
       +
               ExecStart = "${getExe cfg.package} serve";

     

       65
       65
       +
               StateDirectory = "soft-serve";

     

       66
       66
       +
               WorkingDirectory = stateDir;

     

       67
       67
       +
               RuntimeDirectory = "soft-serve";

     

       68
       68
       +
               RuntimeDirectoryMode = "0750";

     

       69
       69
       +
               ProcSubset = "pid";

     

       70
       70
       +
               ProtectProc = "invisible";

     

       71
       71
       +
               UMask = "0027";

     

       72
       72
       +
               CapabilityBoundingSet = "";

     

       73
       73
       +
               ProtectHome = true;

     

       74
       74
       +
               PrivateDevices = true;

     

       75
       75
       +
               PrivateUsers = true;

     

       76
       76
       +
               ProtectHostname = true;

     

       77
       77
       +
               ProtectClock = true;

     

       78
       78
       +
               ProtectKernelTunables = true;

     

       79
       79
       +
               ProtectKernelModules = true;

     

       80
       80
       +
               ProtectKernelLogs = true;

     

       81
       81
       +
               ProtectControlGroups = true;

     

       82
       82
       +
               RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];

     

       83
       83
       +
               RestrictNamespaces = true;

     

       84
       84
       +
               LockPersonality = true;

     

       85
       85
       +
               MemoryDenyWriteExecute = true;

     

       86
       86
       +
               RestrictRealtime = true;

     

       87
       87
       +
               RemoveIPC = true;

     

       88
       88
       +
               PrivateMounts = true;

     

       89
       89
       +
               SystemCallArchitectures = "native";

     

       90
       90
       +
               SystemCallFilter = [

     

       91
       91
       +
                 "@system-service"

     

       92
       92
       +
                 "~@cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap"

     

       93
       93
       +
               ];

     

       94
       94
       +
             };

     

       95
       95
       +
           };

     

       96
       96
       +
         };

     

       97
       97
       +
       

     

       98
       98
       +
         meta.maintainers = [ maintainers.dadada ];

     

       99
       99
       +
       }

nixos/tests/all-tests.nix

···

       733
       733
        
         snapper = handleTest ./snapper.nix {};

     

       734
       734
        
         snipe-it = runTest ./web-apps/snipe-it.nix;

     

       735
       735
        
         soapui = handleTest ./soapui.nix {};

     

       736
       736
       +
         soft-serve = handleTest ./soft-serve.nix {};

     

       736
       737
        
         sogo = handleTest ./sogo.nix {};

     

       737
       738
        
         solanum = handleTest ./solanum.nix {};

     

       738
       739
        
         sonarr = handleTest ./sonarr.nix {};

+102

nixos/tests/soft-serve.nix

···

       1
       1
       +
       import ./make-test-python.nix ({ pkgs, lib, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;

     

       4
       4
       +
         sshPort = 8231;

     

       5
       5
       +
         httpPort = 8232;

     

       6
       6
       +
         statsPort = 8233;

     

       7
       7
       +
         gitPort = 8418;

     

       8
       8
       +
       in

     

       9
       9
       +
       {

     

       10
       10
       +
         name = "soft-serve";

     

       11
       11
       +
         meta.maintainers = with lib.maintainers; [ dadada ];

     

       12
       12
       +
         nodes = {

     

       13
       13
       +
           client = { pkgs, ... }: {

     

       14
       14
       +
             environment.systemPackages = with pkgs; [

     

       15
       15
       +
               curl

     

       16
       16
       +
               git

     

       17
       17
       +
               openssh

     

       18
       18
       +
             ];

     

       19
       19
       +
             environment.etc.sshKey = {

     

       20
       20
       +
               source = snakeOilPrivateKey;

     

       21
       21
       +
               mode = "0600";

     

       22
       22
       +
             };

     

       23
       23
       +
           };

     

       24
       24
       +
       

     

       25
       25
       +
           server =

     

       26
       26
       +
             { config, ... }:

     

       27
       27
       +
             {

     

       28
       28
       +
               services.soft-serve = {

     

       29
       29
       +
                 enable = true;

     

       30
       30
       +
                 settings = {

     

       31
       31
       +
                   name = "TestServer";

     

       32
       32
       +
                   ssh.listen_addr = ":${toString sshPort}";

     

       33
       33
       +
                   git.listen_addr = ":${toString gitPort}";

     

       34
       34
       +
                   http.listen_addr = ":${toString httpPort}";

     

       35
       35
       +
                   stats.listen_addr = ":${toString statsPort}";

     

       36
       36
       +
                   initial_admin_keys = [ snakeOilPublicKey ];

     

       37
       37
       +
                 };

     

       38
       38
       +
               };

     

       39
       39
       +
               networking.firewall.allowedTCPPorts = [ sshPort httpPort statsPort ];

     

       40
       40
       +
             };

     

       41
       41
       +
         };

     

       42
       42
       +
       

     

       43
       43
       +
         testScript =

     

       44
       44
       +
           { ... }:

     

       45
       45
       +
           ''

     

       46
       46
       +
             SSH_PORT = ${toString sshPort}

     

       47
       47
       +
             HTTP_PORT = ${toString httpPort}

     

       48
       48
       +
             STATS_PORT = ${toString statsPort}

     

       49
       49
       +
             KEY = "${snakeOilPublicKey}"

     

       50
       50
       +
             SSH_KEY = "/etc/sshKey"

     

       51
       51
       +
             SSH_COMMAND = f"ssh -p {SSH_PORT} -i {SSH_KEY} -o StrictHostKeyChecking=no"

     

       52
       52
       +
             TEST_DIR = "/tmp/test"

     

       53
       53
       +
             GIT = f"git -C {TEST_DIR}"

     

       54
       54
       +
       

     

       55
       55
       +
             for machine in client, server:

     

       56
       56
       +
                 machine.wait_for_unit("network.target")

     

       57
       57
       +
       

     

       58
       58
       +
             server.wait_for_unit("soft-serve.service")

     

       59
       59
       +
             server.wait_for_open_port(SSH_PORT)

     

       60
       60
       +
       

     

       61
       61
       +
             with subtest("Get info"):

     

       62
       62
       +
                 status, test = client.execute(f"{SSH_COMMAND} server info")

     

       63
       63
       +
                 if status != 0:

     

       64
       64
       +
                     raise Exception("Failed to get SSH info")

     

       65
       65
       +
                 key = " ".join(KEY.split(" ")[0:2])

     

       66
       66
       +
                 if not key in test:

     

       67
       67
       +
                     raise Exception("Admin key must be configured correctly")

     

       68
       68
       +
       

     

       69
       69
       +
             with subtest("Create user"):

     

       70
       70
       +
                 client.succeed(f"{SSH_COMMAND} server user create beatrice")

     

       71
       71
       +
                 client.succeed(f"{SSH_COMMAND} server user info beatrice")

     

       72
       72
       +
       

     

       73
       73
       +
             with subtest("Create repo"):

     

       74
       74
       +
                 client.succeed(f"git init {TEST_DIR}")

     

       75
       75
       +
                 client.succeed(f"{GIT} config --global user.email you@example.com")

     

       76
       76
       +
                 client.succeed(f"touch {TEST_DIR}/foo")

     

       77
       77
       +
                 client.succeed(f"{GIT} add foo")

     

       78
       78
       +
                 client.succeed(f"{GIT} commit --allow-empty -m test")

     

       79
       79
       +
                 client.succeed(f"{GIT} remote add origin git@server:test")

     

       80
       80
       +
                 client.succeed(f"GIT_SSH_COMMAND='{SSH_COMMAND}' {GIT} push -u origin master")

     

       81
       81
       +
                 client.execute("rm -r /tmp/test")

     

       82
       82
       +
       

     

       83
       83
       +
             server.wait_for_open_port(HTTP_PORT)

     

       84
       84
       +
       

     

       85
       85
       +
             with subtest("Clone over HTTP"):

     

       86
       86
       +
                 client.succeed(f"curl --connect-timeout 10 http://server:{HTTP_PORT}/")

     

       87
       87
       +
                 client.succeed(f"git clone http://server:{HTTP_PORT}/test /tmp/test")

     

       88
       88
       +
                 client.execute("rm -r /tmp/test")

     

       89
       89
       +
       

     

       90
       90
       +
             with subtest("Clone over SSH"):

     

       91
       91
       +
                 client.succeed(f"GIT_SSH_COMMAND='{SSH_COMMAND}' git clone git@server:test /tmp/test")

     

       92
       92
       +
                 client.execute("rm -r /tmp/test")

     

       93
       93
       +
       

     

       94
       94
       +
             with subtest("Get stats over HTTP"):

     

       95
       95
       +
                 server.wait_for_open_port(STATS_PORT)

     

       96
       96
       +
                 status, test = client.execute(f"curl --connect-timeout 10 http://server:{STATS_PORT}/metrics")

     

       97
       97
       +
                 if status != 0:

     

       98
       98
       +
                     raise Exception("Failed to get metrics from status port")

     

       99
       99
       +
                 if not "go_gc_duration_seconds_count" in test:

     

       100
       100
       +
                     raise Exception("Metrics did not contain key 'go_gc_duration_seconds_count'")

     

       101
       101
       +
           '';

     

       102
       102
       +
       })

+6 -2

pkgs/servers/soft-serve/default.nix

···

       1
       1
       -
       { lib, buildGoModule, fetchFromGitHub, makeWrapper, git }:

     

       1
       1
       +
       { lib, buildGoModule, fetchFromGitHub, makeWrapper, nixosTests, git, bash }:

     

       2
       2
        
       

     

       3
       3
        
       buildGoModule rec {

     

       4
       4
        
         pname = "soft-serve";

     
···

       20
       20
        
         nativeBuildInputs = [ makeWrapper ];

     

       21
       21
        
       

     

       22
       22
        
         postInstall = ''

     

       23
       23
       +
           # Soft-serve generates git-hooks at run-time.

     

       24
       24
       +
           # The scripts require git and bash inside the path.

     

       23
       25
        
           wrapProgram $out/bin/soft \

     

       24
       24
       -
             --prefix PATH : "${lib.makeBinPath [ git ]}"

     

       26
       26
       +
             --prefix PATH : "${lib.makeBinPath [ git bash ]}"

     

       25
       27
        
         '';

     

       28
       28
       +
       

     

       29
       29
       +
         passthru.tests = nixosTests.soft-serve;

     

       26
       30
        
       

     

       27
       31
        
         meta = with lib; {

     

       28
       32
        
           description = "A tasty, self-hosted Git server for the command line";