pyrox.dev / nixpkgs
lol
fork atom

nixos: add services.rsyncd.socketActivated option

Define systemd-socket activation using the upstream configuration
files as a reference. The "rsyncd" systemd unit has been renamed
to "rsync" for consistency with upstream.

Emery Hemingway f32d7e4e 750510ee

options
unified split
Changed files
+80 -19
nixos
modules
services
network-filesystems
rsyncd.nix
tests
rsyncd.nix
+55 -5
nixos/modules/services/network-filesystems/rsyncd.nix 
···

       
46

       
46

       
 

       
        '';


     

       
47

       
47

       
 

       
      };


     

       
48

       
48

       
 

       



     

       

       
49

       
+

       
      socketActivated = mkOption {


     

       

       
50

       
+

       
        default = false;


     

       

       
51

       
+

       
        type = types.bool;


     

       

       
52

       
+

       
        description =


     

       

       
53

       
+

       
          "If enabled Rsync will be socket-activated rather than run persistently.";


     

       

       
54

       
+

       
      };


     

       

       
55

       
+

       



     

       
49

       
56

       
 

       
    };


     

       
50

       
57

       
 

       
  };


     

       
51

       
58

       
 

       



     
···

       
63

       
70

       
 

       



     

       
64

       
71

       
 

       
    services.rsyncd.settings.global.port = toString cfg.port;


     

       
65

       
72

       
 

       



     

       
66

       

       
-

       
    systemd.services.rsyncd = {


     

       
67

       

       
-

       
      description = "Rsync daemon";


     

       
68

       

       
-

       
      wantedBy = [ "multi-user.target" ];


     

       
69

       

       
-

       
      serviceConfig.ExecStart =


     

       
70

       

       
-

       
        "${pkgs.rsync}/bin/rsync --daemon --no-detach --config=${configFile}";


     

       

       
73

       
+

       
    systemd = let


     

       

       
74

       
+

       
      serviceConfigSecurity = {


     

       

       
75

       
+

       
        ProtectSystem = "full";


     

       

       
76

       
+

       
        PrivateDevices = "on";


     

       

       
77

       
+

       
        NoNewPrivileges = "on";


     

       

       
78

       
+

       
      };


     

       

       
79

       
+

       
    in {


     

       

       
80

       
+

       
      services.rsync = {


     

       

       
81

       
+

       
        enable = !cfg.socketActivated;


     

       

       
82

       
+

       
        aliases = [ "rsyncd" ];


     

       

       
83

       
+

       



     

       

       
84

       
+

       
        description = "fast remote file copy program daemon";


     

       

       
85

       
+

       
        after = [ "network.target" ];


     

       

       
86

       
+

       
        documentation = [ "man:rsync(1)" "man:rsyncd.conf(5)" ];


     

       

       
87

       
+

       



     

       

       
88

       
+

       
        serviceConfig = serviceConfigSecurity // {


     

       

       
89

       
+

       
          ExecStart =


     

       

       
90

       
+

       
            "${pkgs.rsync}/bin/rsync --daemon --no-detach --config=${configFile}";


     

       

       
91

       
+

       
          RestartSec = 1;


     

       

       
92

       
+

       
        };


     

       

       
93

       
+

       



     

       

       
94

       
+

       
        wantedBy = [ "multi-user.target" ];


     

       

       
95

       
+

       
      };


     

       

       
96

       
+

       



     

       

       
97

       
+

       
      services."rsync@" = {


     

       

       
98

       
+

       
        description = "fast remote file copy program daemon";


     

       

       
99

       
+

       
        after = [ "network.target" ];


     

       

       
100

       
+

       



     

       

       
101

       
+

       
        serviceConfig = serviceConfigSecurity // {


     

       

       
102

       
+

       
          ExecStart = "${pkgs.rsync}/bin/rsync --daemon --config=${configFile}";


     

       

       
103

       
+

       
          StandardInput = "socket";


     

       

       
104

       
+

       
          StandardOutput = "inherit";


     

       

       
105

       
+

       
          StandardError = "journal";


     

       

       
106

       
+

       
        };


     

       

       
107

       
+

       
      };


     

       

       
108

       
+

       



     

       

       
109

       
+

       
      sockets.rsync = {


     

       

       
110

       
+

       
        enable = cfg.socketActivated;


     

       

       
111

       
+

       



     

       

       
112

       
+

       
        description = "socket for fast remote file copy program daemon";


     

       

       
113

       
+

       
        conflicts = [ "rsync.service" ];


     

       

       
114

       
+

       



     

       

       
115

       
+

       
        listenStreams = [ (toString cfg.port) ];


     

       

       
116

       
+

       
        socketConfig.Accept = true;


     

       

       
117

       
+

       



     

       

       
118

       
+

       
        wantedBy = [ "sockets.target" ];


     

       

       
119

       
+

       
      };


     

       
71

       
120

       
 

       
    };


     

       

       
121

       
+

       



     

       
72

       
122

       
 

       
  };


     

       
73

       
123

       
 

       



     

       
74

       
124

       
 

       
  meta.maintainers = with lib.maintainers; [ ehmry ];
+25 -14
nixos/tests/rsyncd.nix 
···

       
2

       
2

       
 

       
  name = "rsyncd";


     

       
3

       
3

       
 

       
  meta.maintainers = with pkgs.lib.maintainers; [ ehmry ];


     

       
4

       
4

       
 

       



     

       
5

       

       
-

       
  nodes.machine.services.rsyncd = {


     

       
6

       

       
-

       
    enable = true;


     

       
7

       

       
-

       
    settings = {


     

       
8

       

       
-

       
      global = {


     

       
9

       

       
-

       
        "reverse lookup" = false;


     

       
10

       

       
-

       
        "forward lookup" = false;


     

       

       
5

       
+

       
  nodes = let


     

       

       
6

       
+

       
    mkNode = socketActivated:


     

       

       
7

       
+

       
      { config, ... }: {


     

       

       
8

       
+

       
        networking.firewall.allowedTCPPorts = [ config.services.rsyncd.port ];


     

       

       
9

       
+

       
        services.rsyncd = {


     

       

       
10

       
+

       
          enable = true;


     

       

       
11

       
+

       
          inherit socketActivated;


     

       

       
12

       
+

       
          settings = {


     

       

       
13

       
+

       
            global = {


     

       

       
14

       
+

       
              "reverse lookup" = false;


     

       

       
15

       
+

       
              "forward lookup" = false;


     

       

       
16

       
+

       
            };


     

       

       
17

       
+

       
            tmp = {


     

       

       
18

       
+

       
              path = "/nix/store";


     

       

       
19

       
+

       
              comment = "test module";


     

       

       
20

       
+

       
            };


     

       

       
21

       
+

       
          };


     

       

       
22

       
+

       
        };


     

       
11

       
23

       
 

       
      };


     

       
12

       

       
-

       
      tmp = {


     

       
13

       

       
-

       
        path = "/nix/store";


     

       
14

       

       
-

       
        comment = "test module";


     

       
15

       

       
-

       
      };


     

       
16

       

       
-

       



     

       
17

       

       
-

       
    };


     

       

       
24

       
+

       
  in {


     

       

       
25

       
+

       
    a = mkNode false;


     

       

       
26

       
+

       
    b = mkNode true;


     

       
18

       
27

       
 

       
  };


     

       
19

       
28

       
 

       



     

       
20

       
29

       
 

       
  testScript = ''


     

       
21

       
30

       
 

       
    start_all()


     

       
22

       

       
-

       
    machine.wait_for_unit("rsyncd")


     

       
23

       

       
-

       
    machine.succeed("rsync localhost::")


     

       

       
31

       
+

       
    a.wait_for_unit("rsync")


     

       

       
32

       
+

       
    b.wait_for_unit("sockets.target")


     

       

       
33

       
+

       
    b.succeed("rsync a::")


     

       

       
34

       
+

       
    a.succeed("rsync b::")


     

       
24

       
35

       
 

       
  '';


     

       
25

       
36

       
 

       
})