nixos/devpi-server: init · pyrox.dev/nixpkgs@52e0ad7

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/devpi-server: init

Signed-off-by: Christina Sørensen <christina@cafkafk.com>

Christina Sørensen 2 years ago 52e0ad74 cbd5dc67

+171 -2

5 changed files

expand all

unified split

nixos

modules

module-list.nix

services

misc

devpi-server.nix

tests

all-tests.nix

devpi-server.nix

pkgs

development

tools

devpi-server

default.nix

nixos/modules/module-list.nix

··· 694 694 ./services/misc/cpuminer-cryptonight.nix 695 695 ./services/misc/db-rest.nix 696 696 ./services/misc/devmon.nix 697 + ./services/misc/devpi-server.nix 697 698 ./services/misc/dictd.nix 698 699 ./services/misc/disnix.nix 699 700 ./services/misc/docker-registry.nix

+128

nixos/modules/services/misc/devpi-server.nix

··· 1 + { 2 + pkgs, 3 + lib, 4 + config, 5 + ... 6 + }: 7 + with lib; 8 + let 9 + cfg = config.services.devpi-server; 10 + 11 + secretsFileName = "devpi-secret-file"; 12 + 13 + stateDirName = "devpi"; 14 + 15 + runtimeDir = "/run/${stateDirName}"; 16 + serverDir = "/var/lib/${stateDirName}"; 17 + in 18 + { 19 + options.services.devpi-server = { 20 + enable = mkEnableOption "Devpi Server"; 21 + 22 + package = mkPackageOption pkgs "devpi-server" { }; 23 + 24 + primaryUrl = mkOption { 25 + type = types.str; 26 + description = "Url for the primary node. Required option for replica nodes."; 27 + }; 28 + 29 + replica = mkOption { 30 + type = types.bool; 31 + default = false; 32 + description = '' 33 + Run node as a replica. 34 + Requires the secretFile option and the primaryUrl to be enabled. 35 + ''; 36 + }; 37 + 38 + secretFile = mkOption { 39 + type = types.nullOr types.path; 40 + default = null; 41 + description = '' 42 + Path to a shared secret file used for synchronization, 43 + Required for all nodes in a replica/primary setup. 44 + ''; 45 + }; 46 + 47 + host = mkOption { 48 + type = types.str; 49 + default = "localhost"; 50 + description = '' 51 + domain/ip address to listen on 52 + ''; 53 + }; 54 + 55 + port = mkOption { 56 + type = types.port; 57 + default = 3141; 58 + description = "The port on which Devpi Server will listen."; 59 + }; 60 + 61 + openFirewall = mkEnableOption "opening the default ports in the firewall for Devpi Server"; 62 + }; 63 + 64 + config = mkIf cfg.enable { 65 + 66 + systemd.services.devpi-server = { 67 + enable = true; 68 + description = "devpi PyPI-compatible server"; 69 + documentation = [ "https://devpi.net/docs/devpi/devpi/stable/+d/index.html" ]; 70 + wants = [ "network-online.target" ]; 71 + wantedBy = [ "multi-user.target" ]; 72 + after = [ "network-online.target" ]; 73 + # Since at least devpi-server 6.10.0, devpi requires the secrets file to 74 + # have 0600 permissions. 75 + preStart = 76 + '' 77 + cp ${cfg.secretFile} ${runtimeDir}/${secretsFileName} 78 + chmod 0600 ${runtimeDir}/*${secretsFileName} 79 + 80 + if [ -f ${serverDir}/.nodeinfo ]; then 81 + # already initialized the package index, exit gracefully 82 + exit 0 83 + fi 84 + ${cfg.package}/bin/devpi-init --serverdir ${serverDir} '' 85 + + strings.optionalString cfg.replica "--role=replica --master-url=${cfg.primaryUrl}"; 86 + 87 + serviceConfig = { 88 + Restart = "always"; 89 + ExecStart = 90 + let 91 + args = 92 + [ 93 + "--request-timeout=5" 94 + "--serverdir=${serverDir}" 95 + "--host=${cfg.host}" 96 + "--port=${builtins.toString cfg.port}" 97 + ] 98 + ++ lib.optionals (! isNull cfg.secretFile) [ 99 + "--secretfile=${runtimeDir}/${secretsFileName}" 100 + ] 101 + ++ ( 102 + if cfg.replica then 103 + [ 104 + "--role=replica" 105 + "--master-url=${cfg.primaryUrl}" 106 + ] 107 + else 108 + [ "--role=master" ] 109 + ); 110 + in 111 + "${cfg.package}/bin/devpi-server ${concatStringsSep " " args}"; 112 + DynamicUser = true; 113 + StateDirectory = stateDirName; 114 + RuntimeDirectory = stateDirName; 115 + PrivateDevices = true; 116 + PrivateTmp = true; 117 + ProtectHome = true; 118 + ProtectSystem = "strict"; 119 + }; 120 + }; 121 + 122 + networking.firewall = mkIf cfg.openFirewall { 123 + allowedTCPPorts = [ cfg.port ]; 124 + }; 125 + 126 + meta.maintainers = [ cafkafk ]; 127 + }; 128 + }

nixos/tests/all-tests.nix

··· 242 242 deepin = handleTest ./deepin.nix {}; 243 243 deluge = handleTest ./deluge.nix {}; 244 244 dendrite = handleTest ./matrix/dendrite.nix {}; 245 + devpi-server = handleTest ./devpi-server.nix {}; 245 246 dex-oidc = handleTest ./dex-oidc.nix {}; 246 247 dhparams = handleTest ./dhparams.nix {}; 247 248 disable-installer-tools = handleTest ./disable-installer-tools.nix {};

+35

nixos/tests/devpi-server.nix

··· 1 + import ./make-test-python.nix ({pkgs, ...}: let 2 + server-port = 3141; 3 + in { 4 + name = "devpi-server"; 5 + meta = with pkgs.lib.maintainers; { 6 + maintainers = [cafkafk]; 7 + }; 8 + 9 + nodes = { 10 + devpi = {...}: { 11 + services.devpi-server = { 12 + enable = true; 13 + host = "0.0.0.0"; 14 + port = server-port; 15 + openFirewall = true; 16 + secretFile = pkgs.writeText "devpi-secret" "v263P+V3YGDYUyfYL/RBURw+tCPMDw94R/iCuBNJrDhaYrZYjpA6XPFVDDH8ViN20j77y2PHoMM/U0opNkVQ2g=="; 17 + }; 18 + }; 19 + 20 + client1 = {...}: { 21 + environment.systemPackages = with pkgs; [ 22 + devpi-client 23 + jq 24 + ]; 25 + }; 26 + }; 27 + 28 + testScript = '' 29 + start_all() 30 + devpi.wait_for_unit("devpi-server.service") 31 + devpi.wait_for_open_port(${builtins.toString server-port}) 32 + 33 + client1.succeed("devpi getjson http://devpi:${builtins.toString server-port}") 34 + ''; 35 + })

+6 -2

pkgs/development/tools/devpi-server/default.nix

··· 23 23 , webtest 24 24 , testers 25 25 , devpi-server 26 + , nixosTests 26 27 }: 27 28 28 29 ··· 108 109 "devpi_server" 109 110 ]; 110 111 111 - passthru.tests.version = testers.testVersion { 112 - package = devpi-server; 112 + passthru.tests = { 113 + devpi-server = nixosTests.devpi-server; 114 + version = testers.testVersion { 115 + package = devpi-server; 116 + }; 113 117 }; 114 118 115 119 meta = with lib;{