commit a8eea70935e20e1bfcfba27eb0a884ac8fd1bdb2

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #231113 from Kranzes/harmonia

nixos/harmonia: adjust module and test to upstream, harmonia: 0.6.3 -> 0.6.4

authored by

Ilan Joselevich and committed by

GitHub 2 years ago a8eea709 57445260

+23 -25

4 changed files

expand all

unified split

nixos

modules

services

networking

harmonia.nix

tests

all-tests.nix

harmonia.nix

pkgs

tools

package-management

harmonia

default.nix

+7 -11

nixos/modules/services/networking/harmonia.nix

··· 1 1 { config, pkgs, lib, ... }: 2 2 let 3 3 cfg = config.services.harmonia; 4 - 5 4 format = pkgs.formats.toml { }; 6 5 in 7 6 { ··· 12 11 signKeyPath = lib.mkOption { 13 12 type = lib.types.nullOr lib.types.path; 14 13 default = null; 15 - description = lib.mdDoc "Path to the signing key to use for signing the cache"; 14 + description = lib.mdDoc "Path to the signing key that will be used for signing the cache"; 16 15 }; 17 16 18 17 package = lib.mkPackageOptionMD pkgs "harmonia" { }; 19 18 20 19 settings = lib.mkOption { 21 20 inherit (format) type; 22 - description = lib.mdDoc "Settings to merge with the default configuration"; 21 + default = { }; 22 + description = lib.mdDoc '' 23 + Settings to merge with the default configuration. 24 + For the list of the default configuration, see <https://github.com/nix-community/harmonia/tree/master#configuration>. 25 + ''; 23 26 }; 24 27 }; 25 28 }; 26 29 27 30 config = lib.mkIf cfg.enable { 28 - services.harmonia.settings.bind = lib.mkDefault "[::]:5000"; 29 - 30 31 systemd.services.harmonia = { 31 32 description = "harmonia binary cache service"; 32 33 ··· 45 46 46 47 serviceConfig = { 47 48 ExecStart = lib.getExe cfg.package; 48 - 49 49 User = "harmonia"; 50 50 Group = "harmonia"; 51 51 DynamicUser = true; 52 52 PrivateUsers = true; 53 53 DeviceAllow = [ "" ]; 54 54 UMask = "0066"; 55 - 56 55 RuntimeDirectory = "harmonia"; 57 - LoadCredential = lib.optional (cfg.signKeyPath != null) "sign-key:${cfg.signKeyPath}"; 58 - 56 + LoadCredential = lib.mkIf (cfg.signKeyPath != null) [ "sign-key:${cfg.signKeyPath}" ]; 59 57 SystemCallFilter = [ 60 58 "@system-service" 61 59 "~@privileged" ··· 74 72 ProtectProc = "invisible"; 75 73 RestrictNamespaces = true; 76 74 SystemCallArchitectures = "native"; 77 - 78 75 PrivateNetwork = false; 79 76 PrivateTmp = true; 80 77 PrivateDevices = true; ··· 84 81 ProtectHome = true; 85 82 LockPersonality = true; 86 83 RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; 87 - 88 84 LimitNOFILE = 65536; 89 85 }; 90 86 };

+1 -1

nixos/tests/all-tests.nix

··· 297 297 haste-server = handleTest ./haste-server.nix {}; 298 298 haproxy = handleTest ./haproxy.nix {}; 299 299 hardened = handleTest ./hardened.nix {}; 300 - harmonia = handleTest ./harmonia.nix {}; 300 + harmonia = runTest ./harmonia.nix; 301 301 headscale = handleTest ./headscale.nix {}; 302 302 healthchecks = handleTest ./web-apps/healthchecks.nix {}; 303 303 hbase2 = handleTest ./hbase.nix { package=pkgs.hbase2; };

+12 -10

nixos/tests/harmonia.nix

··· 1 - import ./make-test-python.nix ({ pkgs, ... }: 1 + { pkgs, lib, ... }: 2 + 2 3 { 3 4 name = "harmonia"; 5 + 4 6 nodes = { 5 7 harmonia = { 6 8 services.harmonia = { 7 9 enable = true; 8 - signKeyPath = pkgs.writeText "cache-key" 9 - "cache.example.com-1:9FhO0w+7HjZrhvmzT1VlAZw4OSAlFGTgC24Seg3tmPl4gZBdwZClzTTHr9cVzJpwsRSYLTu7hEAQe3ljy92CWg=="; 10 + signKeyPath = pkgs.writeText "cache-key" "cache.example.com-1:9FhO0w+7HjZrhvmzT1VlAZw4OSAlFGTgC24Seg3tmPl4gZBdwZClzTTHr9cVzJpwsRSYLTu7hEAQe3ljy92CWg=="; 10 11 }; 11 12 12 13 networking.firewall.allowedTCPPorts = [ 5000 ]; 13 - system.extraDependencies = [ pkgs.hello ]; 14 + system.extraDependencies = [ pkgs.emptyFile ]; 14 15 }; 15 16 16 - client01 = { lib, ... }: { 17 + client01 = { 17 18 nix.settings = { 18 19 substituters = lib.mkForce [ "http://harmonia:5000" ]; 19 20 trusted-public-keys = lib.mkForce [ "cache.example.com-1:eIGQXcGQpc00x6/XFcyacLEUmC07u4RAEHt5Y8vdglo=" ]; ··· 21 22 }; 22 23 }; 23 24 24 - testScript = '' 25 + testScript = { nodes, ... }: '' 25 26 start_all() 26 27 27 - client01.wait_until_succeeds("curl -f http://harmonia:5000/version") 28 - client01.succeed("curl -f http://harmonia:5000/nix-cache-info") 28 + harmonia.wait_for_unit("harmonia.service") 29 + client01.wait_until_succeeds("curl -f http://harmonia:5000/nix-cache-info") 30 + client01.succeed("curl -f http://harmonia:5000/version | grep '${nodes.harmonia.services.harmonia.package.version}' >&2") 29 31 30 32 client01.succeed("cat /etc/nix/nix.conf >&2") 31 - client01.wait_until_succeeds("nix-store --realise ${pkgs.hello} --store /root/other-store") 33 + client01.succeed("nix-store --realise ${pkgs.emptyFile} --store /root/other-store") 32 34 ''; 33 - }) 35 + }

+3 -3

pkgs/tools/package-management/harmonia/default.nix

··· 11 11 12 12 rustPlatform.buildRustPackage rec { 13 13 pname = "harmonia"; 14 - version = "0.6.3"; 14 + version = "0.6.4"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "nix-community"; 18 18 repo = pname; 19 19 rev = "refs/tags/${pname}-v${version}"; 20 - hash = "sha256-erBmPXMyIYxRLbYG35vH67MypJoXomUEFOVu6IhmEWs="; 20 + hash = "sha256-JH0tdUCadvovAJclpx7Fn1oD+POFpBFHdullRTcFaVQ="; 21 21 }; 22 22 23 - cargoHash = "sha256-Gq7U+Uy3psuPVY0wGM90KA5u5Wc2s4hVJma7B11Ag5g="; 23 + cargoHash = "sha256-Wa+7Vo5VWmx47Uf6YtlzHReoWY44SxdOnscSFu74OSM="; 24 24 25 25 nativeBuildInputs = [ 26 26 pkg-config nix