commit 24cefb01b34a6dd6ff37be3d383782b3e245addd

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #284419 from ocfox/realm

authored by

Sandro and committed by

GitHub 2 years ago 24cefb01 2ee9ed70

+135

6 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-2411.section.md

modules

module-list.nix

services

networking

realm.nix

tests

all-tests.nix

realm.nix

pkgs

by-name

realm

package.nix

nixos/doc/manual/release-notes/rl-2411.section.md

··· 30 30 31 31 - [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable). 32 32 33 + - [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable). 34 + 33 35 - [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld). 34 36 35 37 - [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance).

nixos/modules/module-list.nix

··· 1151 1151 ./services/networking/radicale.nix 1152 1152 ./services/networking/radvd.nix 1153 1153 ./services/networking/rdnssd.nix 1154 + ./services/networking/realm.nix 1154 1155 ./services/networking/redsocks.nix 1155 1156 ./services/networking/resilio.nix 1156 1157 ./services/networking/robustirc-bridge.nix

+50

nixos/modules/services/networking/realm.nix

··· 1 + { config 2 + , lib 3 + , pkgs 4 + , ... 5 + }: 6 + let 7 + cfg = config.services.realm; 8 + configFormat = pkgs.formats.json { }; 9 + configFile = configFormat.generate "config.json" cfg.config; 10 + inherit (lib) 11 + mkEnableOption mkPackageOption mkOption mkIf types getExe; 12 + in 13 + { 14 + 15 + meta.maintainers = with lib.maintainers; [ ocfox ]; 16 + 17 + options = { 18 + services.realm = { 19 + enable = mkEnableOption "A simple, high performance relay server written in rust"; 20 + package = mkPackageOption pkgs "realm" { }; 21 + config = mkOption { 22 + type = types.submodule { 23 + freeformType = configFormat.type; 24 + }; 25 + default = { }; 26 + description = '' 27 + The realm configuration, see <https://github.com/zhboner/realm#overview> for documentation. 28 + ''; 29 + }; 30 + }; 31 + }; 32 + 33 + config = mkIf cfg.enable { 34 + systemd.services.realm = { 35 + serviceConfig = { 36 + DynamicUser = true; 37 + MemoryDenyWriteExecute = true; 38 + PrivateDevices = true; 39 + ProtectClock = true; 40 + ProtectKernelLogs = true; 41 + ProtectKernelModules = true; 42 + ProtectProc = "invisible"; 43 + ProtectKernelTunables = true; 44 + ExecStart = "${getExe cfg.package} --config ${configFile}"; 45 + AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; 46 + }; 47 + wantedBy = [ "multi-user.target" ]; 48 + }; 49 + }; 50 + }

nixos/tests/all-tests.nix

··· 811 811 ragnarwm = handleTest ./ragnarwm.nix {}; 812 812 rasdaemon = handleTest ./rasdaemon.nix {}; 813 813 readarr = handleTest ./readarr.nix {}; 814 + realm = handleTest ./realm.nix {}; 814 815 redis = handleTest ./redis.nix {}; 815 816 redlib = handleTest ./redlib.nix {}; 816 817 redmine = handleTest ./redmine.nix {};

+39

nixos/tests/realm.nix

··· 1 + import ./make-test-python.nix ({ lib, pkgs, ... }: { 2 + name = "realm"; 3 + 4 + meta = { 5 + maintainers = with lib.maintainers; [ ocfox ]; 6 + }; 7 + 8 + nodes.machine = { pkgs, ... }: { 9 + services.nginx = { 10 + enable = true; 11 + statusPage = true; 12 + }; 13 + # realm need DNS resolv server to run or use config.dns.nameserver 14 + services.resolved.enable = true; 15 + 16 + services.realm = { 17 + enable = true; 18 + config = { 19 + endpoints = [ 20 + { 21 + listen = "0.0.0.0:1000"; 22 + remote = "127.0.0.1:80"; 23 + } 24 + ]; 25 + }; 26 + }; 27 + }; 28 + 29 + testScript = '' 30 + machine.wait_for_unit("nginx.service") 31 + machine.wait_for_unit("realm.service") 32 + 33 + machine.wait_for_open_port(80) 34 + machine.wait_for_open_port(1000) 35 + 36 + machine.succeed("curl --fail http://localhost:1000/") 37 + ''; 38 + 39 + })

+42

pkgs/by-name/re/realm/package.nix

··· 1 + { lib 2 + , rustPlatform 3 + , fetchFromGitHub 4 + , stdenv 5 + , darwin 6 + , nix-update-script 7 + , nixosTests 8 + }: 9 + 10 + rustPlatform.buildRustPackage rec { 11 + pname = "realm"; 12 + version = "2.6.0"; 13 + 14 + src = fetchFromGitHub { 15 + owner = "zhboner"; 16 + repo = "realm"; 17 + rev = "v${version}"; 18 + hash = "sha256-G3scFSOxbmR3Q2fkRdg115WN/GCYpys/8Y4JC4YMGdY="; 19 + }; 20 + 21 + cargoHash = "sha256-EvXafTujqTdQwfK4NXgT7lGKGnrpyP9ouplD6DmJUKU="; 22 + 23 + buildInputs = lib.optionals stdenv.isDarwin [ 24 + darwin.apple_sdk.frameworks.Security 25 + ]; 26 + 27 + env.RUSTC_BOOTSTRAP = 1; 28 + 29 + passthru = { 30 + updateScript = nix-update-script { }; 31 + tests = { inherit (nixosTests) realm; }; 32 + }; 33 + 34 + 35 + meta = with lib; { 36 + description = "A simple, high performance relay server written in rust"; 37 + homepage = "https://github.com/zhboner/realm"; 38 + mainProgram = "realm"; 39 + license = licenses.mit; 40 + maintainers = with maintainers; [ ocfox ]; 41 + }; 42 + }