nixos/anubis: Fix defaultOptions not applying user-defined settings (#398790)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by isabelroses.com and committed by

GitHub 10 months ago 92d64400 e30007f5

+68 -23

2 changed files

expand all

nixos

modules

services

networking

anubis.nix

tests

anubis.nix

+27 -7

nixos/modules/services/networking/anubis.nix

··· 122 122 example = "tcp"; 123 123 type = types.str; 124 124 }; 125 - SOCKET_MODE = mkDefaultOption "settings.SOCKET_MODE" { 126 - default = "0770"; 127 - description = "The permissions on the Unix domain sockets created."; 128 - example = "0700"; 129 - type = types.str; 130 - }; 131 125 DIFFICULTY = mkDefaultOption "settings.DIFFICULTY" { 132 126 default = 4; 133 127 description = '' ··· 146 140 ''; 147 141 type = types.bool; 148 142 }; 143 + OG_PASSTHROUGH = mkDefaultOption "settings.OG_PASSTHROUGH" { 144 + default = false; 145 + description = '' 146 + Whether to enable Open Graph tag passthrough. 147 + 148 + This enables social previews of resources protected by 149 + Anubis without having to exempt each scraper individually. 150 + ''; 151 + type = types.bool; 152 + }; 153 + WEBMASTER_EMAIL = mkDefaultOption "settings.WEBMASTER_EMAIL" { 154 + default = null; 155 + description = '' 156 + If set, shows a contact email address when rendering error pages. 157 + 158 + This email address will be how users can get in contact with administrators. 159 + ''; 160 + example = "alice@example.com"; 161 + type = types.nullOr types.str; 162 + }; 149 163 150 164 # generated by default 151 165 POLICY_FNAME = mkDefaultOption "settings.POLICY_FNAME" { ··· 224 238 and socket paths. 225 239 ''; 226 240 type = types.attrsOf (types.submodule (commonSubmodule false)); 241 + 242 + # Merge defaultOptions into each instance 243 + apply = lib.mapAttrs (_: lib.recursiveUpdate cfg.defaultOptions); 227 244 }; 228 245 }; 229 246 ··· 309 326 ) enabledInstances; 310 327 }; 311 328 312 - meta.maintainers = with lib.maintainers; [ soopyc ]; 329 + meta.maintainers = with lib.maintainers; [ 330 + soopyc 331 + nullcube 332 + ]; 313 333 meta.doc = ./anubis.md; 314 334 }

+41 -16

nixos/tests/anubis.nix

··· 1 1 { lib, ... }: 2 2 { 3 3 name = "anubis"; 4 - meta.maintainers = [ lib.maintainers.soopyc ]; 4 + meta.maintainers = with lib.maintainers; [ 5 + soopyc 6 + nullcube 7 + ]; 5 8 6 9 nodes.machine = 7 10 { ··· 10 13 ... 11 14 }: 12 15 { 13 - services.anubis.instances = { 14 - "".settings.TARGET = "http://localhost:8080"; 16 + services.anubis = { 17 + defaultOptions.settings = { 18 + DIFFICULTY = 3; 19 + USER_DEFINED_DEFAULT = true; 20 + }; 21 + instances = { 22 + "".settings = { 23 + TARGET = "http://localhost:8080"; 24 + DIFFICULTY = 5; 25 + USER_DEFINED_INSTANCE = true; 26 + }; 15 27 16 - "tcp" = { 17 - user = "anubis-tcp"; 18 - group = "anubis-tcp"; 19 - settings = { 20 - TARGET = "http://localhost:8080"; 21 - BIND = ":9000"; 22 - BIND_NETWORK = "tcp"; 23 - METRICS_BIND = ":9001"; 24 - METRICS_BIND_NETWORK = "tcp"; 28 + "tcp" = { 29 + user = "anubis-tcp"; 30 + group = "anubis-tcp"; 31 + settings = { 32 + TARGET = "http://localhost:8080"; 33 + BIND = ":9000"; 34 + BIND_NETWORK = "tcp"; 35 + METRICS_BIND = ":9001"; 36 + METRICS_BIND_NETWORK = "tcp"; 37 + }; 25 38 }; 26 - }; 27 39 28 - "unix-upstream" = { 29 - group = "nginx"; 30 - settings.TARGET = "unix:///run/nginx/nginx.sock"; 40 + "unix-upstream" = { 41 + group = "nginx"; 42 + settings.TARGET = "unix:///run/nginx/nginx.sock"; 43 + }; 31 44 }; 32 45 }; 33 46 ··· 94 107 95 108 # Upstream is a unix socket mode 96 109 machine.succeed('curl -f http://unix.localhost/index.html | grep "it works"') 110 + 111 + # Default user-defined environment variables 112 + machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "USER_DEFINED_DEFAULT"') 113 + machine.succeed('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "USER_DEFINED_DEFAULT"') 114 + 115 + # Instance-specific user-specified environment variables 116 + machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "USER_DEFINED_INSTANCE"') 117 + machine.fail('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "USER_DEFINED_INSTANCE"') 118 + 119 + # Make sure defaults don't overwrite themselves 120 + machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "DIFFICULTY=5"') 121 + machine.succeed('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "DIFFICULTY=3"') 97 122 ''; 98 123 }