Update from update-inputs-2024-09-30-04-20
This commit is contained in:
commit
35c69a23d6
5 changed files with 155 additions and 147 deletions
|
@ -1,7 +1,8 @@
|
|||
{ pkgs, ... }: {
|
||||
{ ... }: {
|
||||
services.librespeed = {
|
||||
enable = true;
|
||||
package = pkgs.librespeed-go;
|
||||
openFirewall = true;
|
||||
domain = "speed.kyouma.net";
|
||||
frontend.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
18
flake.lock
18
flake.lock
|
@ -743,11 +743,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1727540359,
|
||||
"narHash": "sha256-U+225h1kJZpWb23+RaX1sBkqC4fA7aa7eBbgiQ5HcO4=",
|
||||
"lastModified": 1727613673,
|
||||
"narHash": "sha256-qqIffTQfxMYo3MKQ9BoY2s2mdKZNnUiksdnxv81js9U=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "fb08bde00c20252b892a3e57fb094eb62b65ba61",
|
||||
"rev": "f5c239fa9acb27f0a5326ba2949c00fada89ca9f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -905,11 +905,11 @@
|
|||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727557953,
|
||||
"narHash": "sha256-xe8JQaNOPTyzWsSlLu2yC6qw4SjOMHrXk4Iq+pIgLhM=",
|
||||
"lastModified": 1727645871,
|
||||
"narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "2c4e4681db658deeceb2f781136d7ba1d0009521",
|
||||
"rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1019,11 +1019,11 @@
|
|||
"tinted-tmux": "tinted-tmux"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727545964,
|
||||
"narHash": "sha256-x9871msLvyZbMNWmVgJWPC2yiSdwZ1K5+UZrQgrdMFM=",
|
||||
"lastModified": 1727635018,
|
||||
"narHash": "sha256-WSc/MF4dUeB2UPMznXYv4LeKK/ulD4xsufdN/L5PoL4=",
|
||||
"owner": "danth",
|
||||
"repo": "stylix",
|
||||
"rev": "1e9ec16a3739f275ec771434c2ad8cff9a54c42e",
|
||||
"rev": "0eea8bcb0f9c3c7638e7ee64f98ed9b4ec716830",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
./deployment
|
||||
./graphical
|
||||
./librespeed
|
||||
./machine-type
|
||||
./nginx
|
||||
./ooklaserver
|
||||
./update-nixfiles
|
||||
];
|
||||
{ lib, ... }: let
|
||||
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
|
||||
in {
|
||||
imports = builtins.map (dir: ./${dir}) mapModules;
|
||||
}
|
||||
|
|
|
@ -7,37 +7,29 @@ in {
|
|||
in {
|
||||
enable = lib.mkEnableOption "LibreSpeed server";
|
||||
package = lib.mkPackageOption pkgs "librespeed-rust" {};
|
||||
configureNginx = mkOption {
|
||||
description = "Configure nginx as a reverse proxy for LibreSpeed.";
|
||||
default = if (cfg.domain != null) then true else false;
|
||||
type = types.bool;
|
||||
};
|
||||
contactEmail = mkOption {
|
||||
description = "Email address listed in the privacy policy.";
|
||||
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||
type = types.str;
|
||||
};
|
||||
domain = mkOption {
|
||||
description = ''
|
||||
If not `null`, this will add an entry to `services.librespeed.servers` and
|
||||
configure an nginx reverse proxy at the specified FQDN, unless explicitly disabled.
|
||||
configure librespeed to use TLS.
|
||||
'';
|
||||
default = null;
|
||||
type = with types; nullOr nonEmptyStr;
|
||||
};
|
||||
downloadIPDB = mkOption {
|
||||
description = ''
|
||||
Whether to download the IP info database before starting librespeed.
|
||||
Disable this if you want to use the Go implementation.
|
||||
'';
|
||||
default = (!cfg.secrets ? "ipinfo_api_key");
|
||||
type = types.bool;
|
||||
};
|
||||
openFirewall = mkOption {
|
||||
description = ''
|
||||
Whether to open the firewall for the specified port.
|
||||
This is only necessary if no reverse proxy is used.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
pageTitle = mkOption {
|
||||
description = "Title of the webpage.";
|
||||
default = "LibreSpeed";
|
||||
type = types.str;
|
||||
};
|
||||
secrets = mkOption {
|
||||
description = ''
|
||||
Attribute set of filesystem paths.
|
||||
|
@ -46,6 +38,45 @@ in {
|
|||
default = {};
|
||||
type = with types; nullOr (attrsOf path);
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
LibreSpeed configuration written as Nix expression.
|
||||
All values set to `null` will be excluded from the evaluated config.
|
||||
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||
|
||||
See [github.com/librespeed][librespeed] for configuration help.
|
||||
|
||||
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||
'';
|
||||
default = {};
|
||||
type = with types; nullOr (attrsOf (oneOf [
|
||||
(nullOr bool)
|
||||
int
|
||||
str
|
||||
package
|
||||
]));
|
||||
};
|
||||
frontend = {
|
||||
enable = lib.mkEnableOption "LibreSpeed frontend.";
|
||||
contactEmail = mkOption {
|
||||
description = "Email address listed in the privacy policy.";
|
||||
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||
type = types.str;
|
||||
};
|
||||
pageTitle = mkOption {
|
||||
description = "Title of the webpage.";
|
||||
default = "LibreSpeed";
|
||||
type = types.str;
|
||||
};
|
||||
useNginx = mkOption {
|
||||
description = ''
|
||||
Configure nginx for the LibreSpeed frontend.
|
||||
This will only create a virtual host for the frontend and won't proxy all requests,
|
||||
because the reported upload and download speeds are inaccurate if proxied.
|
||||
'';
|
||||
default = cfg.domain != null;
|
||||
type = types.bool;
|
||||
};
|
||||
servers = mkOption {
|
||||
description = "LibreSpeed servers that should apper in the server list.";
|
||||
type = types.listOf (types.submodule {
|
||||
|
@ -95,75 +126,15 @@ in {
|
|||
};
|
||||
});
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
LibreSpeed configuration written as Nix expression.
|
||||
All values set to `null` will be excluded from the evaluated config.
|
||||
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||
|
||||
See [github.com/librespeed][librespeed] for configuration help.
|
||||
|
||||
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||
'';
|
||||
default = {};
|
||||
type = with types; nullOr (attrsOf (oneOf [
|
||||
(nullOr bool)
|
||||
int
|
||||
str
|
||||
package
|
||||
]));
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.configureNginx -> cfg.domain != null;
|
||||
message = ''
|
||||
`services.librespeed.configureNginx` requires `services.librespeed.domain` to be set.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall = lib.mkIf (cfg.openFirewall) {
|
||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||
};
|
||||
services.nginx.virtualHosts = lib.mkIf cfg.configureNginx {
|
||||
${cfg.domain} = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:${toString cfg.settings.listen_port}";
|
||||
recommendedProxySettings = true;
|
||||
extraConfig = ''
|
||||
proxy_cache off;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
'';
|
||||
};
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
gzip off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf cfg.configureNginx {
|
||||
${cfg.domain} = {};
|
||||
};
|
||||
|
||||
services.librespeed.servers = lib.mkIf (cfg.domain != null) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}${lib.optionalString (!cfg.configureNginx) ":${toString cfg.settings.listen_port}"}";
|
||||
}
|
||||
];
|
||||
services.librespeed.settings = let
|
||||
inherit (lib) mkDefault mkIf;
|
||||
|
||||
assets = pkgs.runCommand "librespeed-assets" {
|
||||
config = lib.mkIf cfg.enable (let
|
||||
librespeedAssets = pkgs.runCommand "librespeed-assets" {
|
||||
preferLocal = true;
|
||||
|
||||
serversList = ''
|
||||
function get_servers() {
|
||||
return ${builtins.toJSON cfg.servers}
|
||||
return ${builtins.toJSON cfg.frontend.servers}
|
||||
}
|
||||
'';
|
||||
} ''
|
||||
|
@ -171,33 +142,70 @@ in {
|
|||
chmod 666 $out/servers_list.js
|
||||
cat >$out/servers_list.js <<<"$serversList"
|
||||
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.pageTitle)} \
|
||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)} \
|
||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)}
|
||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
|
||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
|
||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
|
||||
'';
|
||||
in {
|
||||
#speed_test_dir = assets;
|
||||
assets_path = assets;
|
||||
bind_address = mkDefault (if cfg.configureNginx then "::1" else "::");
|
||||
listen_port = mkDefault 8989;
|
||||
#base_url = mkDefault "backend";
|
||||
#worker_threads = mkDefault "auto";
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.frontend.useNginx -> cfg.domain != null;
|
||||
message = ''
|
||||
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
server_lat = 0;
|
||||
server_lng = 0;
|
||||
proxyprotocol_port = 0;
|
||||
redact_ip_addresses = false;
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||
};
|
||||
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||
${cfg.domain} = {
|
||||
locations."/".root = librespeedAssets;
|
||||
locations."/backend/".extraConfig = "return 301 https://$host:${toString cfg.settings.listen_port}$request_uri;";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||
${cfg.domain} = {
|
||||
reloadServices = [ "librespeed.service" ];
|
||||
webroot = "/var/lib/acme/acme-challange";
|
||||
};
|
||||
};
|
||||
|
||||
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||
}
|
||||
];
|
||||
services.librespeed.settings = let
|
||||
inherit (lib) mkDefault mkIf;
|
||||
in {
|
||||
assets_path = if (cfg.frontend.enable && !cfg.frontend.useNginx) then librespeedAssets
|
||||
else pkgs.writeTextDir "index.html" ''
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
</html>
|
||||
'';
|
||||
|
||||
bind_address = mkDefault "::";
|
||||
listen_port = mkDefault 8989;
|
||||
base_url = mkDefault "backend";
|
||||
worker_threads = mkDefault "auto";
|
||||
|
||||
database_type = mkDefault "none";
|
||||
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
|
||||
|
||||
#librespeed-rust will fail to start if the following config parameters are omitted.
|
||||
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||
#tls_key_file = mkDefault "";
|
||||
#tls_cet_file = mkDefault "";
|
||||
tls_cert_file = if (cfg.domain != null) then (mkDefault "/run/credentials/librespeed.service/cert.pem") else (mkDefault "");
|
||||
tls_key_file = if (cfg.domain != null) then (mkDefault "/run/credentials/librespeed.service/key.pem") else (mkDefault "");
|
||||
|
||||
enable_tls = mkDefault (cfg.domain != null);
|
||||
|
||||
enable_tls = mkDefault false;
|
||||
} // rec {
|
||||
database_type = mkDefault "none";
|
||||
database_file = mkIf (database_type == "sqlite") (mkDefault "/var/lib/librespeed/speedtest.sqlite");
|
||||
};
|
||||
|
||||
systemd.services = let
|
||||
|
@ -255,7 +263,12 @@ in {
|
|||
|
||||
DynamicUser = true;
|
||||
|
||||
#ExecStartPre = lib.mkIf (!cfg.secrets ? "ipinfo_api_key") "${lib.getExe cfg.package} --update-ipdb";
|
||||
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||
];
|
||||
|
||||
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
|
||||
ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}";
|
||||
WorkingDirectory = "/var/cache/librespeed";
|
||||
RuntimeDirectory = "librespeed";
|
||||
|
@ -287,7 +300,7 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ snaki ];
|
||||
}
|
||||
|
|
|
@ -4,12 +4,12 @@
|
|||
rustPlatform,
|
||||
}:
|
||||
let
|
||||
version = "1.3.2";
|
||||
version = "unstable-2024-09-28";
|
||||
src = fetchFromGitHub {
|
||||
owner = "librespeed";
|
||||
repo = "speedtest-rust";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-z3lORjjJ89o+Du4mvKGydwxHU6Ra2jU5ue5Zsl/oIfY=";
|
||||
rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
|
||||
hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
|
||||
};
|
||||
in
|
||||
rustPlatform.buildRustPackage {
|
||||
|
|
Loading…
Reference in a new issue