pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #253918 from tie/centrifugo

centrifugo: init at 5.1.1

authored by

Nick Cao and committed by
GitHub 90ef10b5 d5eddab5

+265
unified split
+1
nixos/modules/module-list.nix
··· 881 881 ./services/networking/bitlbee.nix 882 882 ./services/networking/blockbook-frontend.nix 883 883 ./services/networking/blocky.nix 884 + ./services/networking/centrifugo.nix 884 885 ./services/networking/cgit.nix 885 886 ./services/networking/charybdis.nix 886 887 ./services/networking/chisel-server.nix
+123
nixos/modules/services/networking/centrifugo.nix
··· 1 + { config, lib, pkgs, ... }: 2 + let 3 + cfg = config.services.centrifugo; 4 + 5 + settingsFormat = pkgs.formats.json { }; 6 + 7 + configFile = settingsFormat.generate "centrifugo.json" cfg.settings; 8 + in 9 + { 10 + options.services.centrifugo = { 11 + enable = lib.mkEnableOption (lib.mdDoc "Centrifugo messaging server"); 12 + 13 + package = lib.mkPackageOptionMD pkgs "centrifugo" { }; 14 + 15 + settings = lib.mkOption { 16 + type = settingsFormat.type; 17 + default = { }; 18 + description = lib.mdDoc '' 19 + Declarative Centrifugo configuration. See the [Centrifugo 20 + documentation] for a list of options. 21 + 22 + [Centrifugo documentation]: https://centrifugal.dev/docs/server/configuration 23 + ''; 24 + }; 25 + 26 + credentials = lib.mkOption { 27 + type = lib.types.attrsOf lib.types.path; 28 + default = { }; 29 + example = { 30 + CENTRIFUGO_UNI_GRPC_TLS_KEY = "/run/keys/centrifugo-uni-grpc-tls.key"; 31 + }; 32 + description = lib.mdDoc '' 33 + Environment variables with absolute paths to credentials files to load 34 + on service startup. 35 + ''; 36 + }; 37 + 38 + environmentFiles = lib.mkOption { 39 + type = lib.types.listOf lib.types.path; 40 + default = [ ]; 41 + description = lib.mdDoc '' 42 + Files to load environment variables from. Options set via environment 43 + variables take precedence over {option}`settings`. 44 + 45 + See the [Centrifugo documentation] for the environment variable name 46 + format. 47 + 48 + [Centrifugo documentation]: https://centrifugal.dev/docs/server/configuration#os-environment-variables 49 + ''; 50 + }; 51 + 52 + extraGroups = lib.mkOption { 53 + type = lib.types.listOf lib.types.str; 54 + default = [ ]; 55 + example = [ "redis-centrifugo" ]; 56 + description = lib.mdDoc '' 57 + Additional groups for the systemd service. 58 + ''; 59 + }; 60 + }; 61 + 62 + config = lib.mkIf cfg.enable { 63 + systemd.services.centrifugo = { 64 + description = "Centrifugo messaging server"; 65 + wantedBy = [ "multi-user.target" ]; 66 + after = [ "network.target" ]; 67 + 68 + serviceConfig = { 69 + Type = "exec"; 70 + 71 + ExecStartPre = "${lib.getExe cfg.package} checkconfig --config ${configFile}"; 72 + ExecStart = "${lib.getExe cfg.package} --config ${configFile}"; 73 + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 74 + 75 + Restart = "always"; 76 + RestartSec = "1s"; 77 + 78 + # Copy files to the credentials directory with file name being the 79 + # environment variable name. Note that "%d" specifier expands to the 80 + # path of the credentials directory. 81 + LoadCredential = lib.mapAttrsToList (name: value: "${name}:${value}") cfg.credentials; 82 + Environment = lib.mapAttrsToList (name: _: "${name}=%d/${name}") cfg.credentials; 83 + 84 + EnvironmentFile = cfg.environmentFiles; 85 + 86 + SupplementaryGroups = cfg.extraGroups; 87 + 88 + DynamicUser = true; 89 + UMask = "0077"; 90 + 91 + ProtectHome = true; 92 + ProtectProc = "invisible"; 93 + ProcSubset = "pid"; 94 + ProtectClock = true; 95 + ProtectHostname = true; 96 + ProtectControlGroups = true; 97 + ProtectKernelLogs = true; 98 + ProtectKernelModules = true; 99 + ProtectKernelTunables = true; 100 + PrivateUsers = true; 101 + PrivateDevices = true; 102 + RestrictRealtime = true; 103 + RestrictNamespaces = true; 104 + RestrictAddressFamilies = [ 105 + "AF_INET" 106 + "AF_INET6" 107 + "AF_UNIX" 108 + ]; 109 + DeviceAllow = [ "" ]; 110 + DevicePolicy = "closed"; 111 + CapabilityBoundingSet = [ "" ]; 112 + MemoryDenyWriteExecute = true; 113 + LockPersonality = true; 114 + SystemCallArchitectures = "native"; 115 + SystemCallErrorNumber = "EPERM"; 116 + SystemCallFilter = [ 117 + "@system-service" 118 + "~@privileged" 119 + ]; 120 + }; 121 + }; 122 + }; 123 + }
+1
nixos/tests/all-tests.nix
··· 174 174 cassandra_3_0 = handleTest ./cassandra.nix { testPackage = pkgs.cassandra_3_0; }; 175 175 cassandra_3_11 = handleTest ./cassandra.nix { testPackage = pkgs.cassandra_3_11; }; 176 176 cassandra_4 = handleTest ./cassandra.nix { testPackage = pkgs.cassandra_4; }; 177 + centrifugo = runTest ./centrifugo.nix; 177 178 ceph-multi-node = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./ceph-multi-node.nix {}; 178 179 ceph-single-node = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./ceph-single-node.nix {}; 179 180 ceph-single-node-bluestore = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./ceph-single-node-bluestore.nix {};
+80
nixos/tests/centrifugo.nix
··· 1 + let 2 + redisPort = 6379; 3 + centrifugoPort = 8080; 4 + nodes = [ 5 + "centrifugo1" 6 + "centrifugo2" 7 + "centrifugo3" 8 + ]; 9 + in 10 + { lib, ... }: { 11 + name = "centrifugo"; 12 + meta.maintainers = [ lib.maintainers.tie ]; 13 + 14 + nodes = lib.listToAttrs (lib.imap0 15 + (index: name: { 16 + inherit name; 17 + value = { config, ... }: { 18 + services.centrifugo = { 19 + enable = true; 20 + settings = { 21 + inherit name; 22 + port = centrifugoPort; 23 + # See https://centrifugal.dev/docs/server/engines#redis-sharding 24 + engine = "redis"; 25 + # Connect to local Redis shard via Unix socket. 26 + redis_address = 27 + let 28 + otherNodes = lib.take index nodes ++ lib.drop (index + 1) nodes; 29 + in 30 + map (name: "${name}:${toString redisPort}") otherNodes ++ [ 31 + "unix://${config.services.redis.servers.centrifugo.unixSocket}" 32 + ]; 33 + usage_stats_disable = true; 34 + api_insecure = true; 35 + }; 36 + extraGroups = [ 37 + config.services.redis.servers.centrifugo.user 38 + ]; 39 + }; 40 + services.redis.servers.centrifugo = { 41 + enable = true; 42 + bind = null; # all interfaces 43 + port = redisPort; 44 + openFirewall = true; 45 + settings.protected-mode = false; 46 + }; 47 + }; 48 + }) 49 + nodes); 50 + 51 + testScript = '' 52 + import json 53 + 54 + redisPort = ${toString redisPort} 55 + centrifugoPort = ${toString centrifugoPort} 56 + 57 + start_all() 58 + 59 + for machine in machines: 60 + machine.wait_for_unit("redis-centrifugo.service") 61 + machine.wait_for_open_port(redisPort) 62 + 63 + for machine in machines: 64 + machine.wait_for_unit("centrifugo.service") 65 + machine.wait_for_open_port(centrifugoPort) 66 + 67 + # See https://centrifugal.dev/docs/server/server_api#info 68 + def list_nodes(machine): 69 + curl = "curl --fail-with-body --silent" 70 + body = "{}" 71 + resp = json.loads(machine.succeed(f"{curl} -d '{body}' http://localhost:{centrifugoPort}/api/info")) 72 + return resp["result"]["nodes"] 73 + machineNames = {m.name for m in machines} 74 + for machine in machines: 75 + nodes = list_nodes(machine) 76 + assert len(nodes) == len(machines) 77 + nodeNames = {n['name'] for n in nodes} 78 + assert machineNames == nodeNames 79 + ''; 80 + }
+60
pkgs/by-name/ce/centrifugo/package.nix
··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + , nix-update-script 5 + , nixosTests 6 + , testers 7 + , centrifugo 8 + }: 9 + let 10 + # Inspect build flags with `go version -m centrifugo`. 11 + statsEndpoint = "https://graphite-prod-01-eu-west-0.grafana.net/graphite/metrics,https://stats.centrifugal.dev/usage"; 12 + statsToken = "425599:eyJrIjoi" + 13 + "OWJhMTcyZGNjN2FkYjEzM2E1OTQwZjIyMTU3MTBjMjUyYzAyZWE2MSIsIm4iOiJVc2FnZSBTdGF0cyIsImlkIjo2NDUzOTN9"; 14 + in 15 + buildGoModule rec { 16 + pname = "centrifugo"; 17 + version = "5.1.1"; 18 + 19 + src = fetchFromGitHub { 20 + owner = "centrifugal"; 21 + repo = "centrifugo"; 22 + rev = "v${version}"; 23 + hash = "sha256-g496cXjgliDi2XLkdE+dERrUl5hBGLICJx5JundeOfo="; 24 + }; 25 + 26 + vendorHash = "sha256-VuxnP9Dryo0L7sGvtvAIicYGkHoQ2iGVBtAdkmiqL7E="; 27 + 28 + ldflags = [ 29 + "-s" 30 + "-w" 31 + "-X=github.com/centrifugal/centrifugo/v5/internal/build.Version=${version}" 32 + "-X=github.com/centrifugal/centrifugo/v5/internal/build.UsageStatsEndpoint=${statsEndpoint}" 33 + "-X=github.com/centrifugal/centrifugo/v5/internal/build.UsageStatsToken=${statsToken}" 34 + ]; 35 + 36 + excludedPackages = [ 37 + "./internal/gen/api" 38 + ]; 39 + 40 + passthru = { 41 + updateScript = nix-update-script { }; 42 + tests = { 43 + inherit (nixosTests) centrifugo; 44 + version = testers.testVersion { 45 + package = centrifugo; 46 + command = "${pname} version"; 47 + version = "v${version}"; 48 + }; 49 + }; 50 + }; 51 + 52 + meta = { 53 + description = "Scalable real-time messaging server"; 54 + homepage = "https://centrifugal.dev"; 55 + changelog = "https://github.com/centrifugal/centrifugo/releases/tag/v${version}"; 56 + license = lib.licenses.asl20; 57 + maintainers = [ lib.maintainers.tie ]; 58 + mainProgram = "centrifugo"; 59 + }; 60 + }