emily/nixfiles
emily/nixfiles
1
0
Fork 1
Code Issues Pull requests Activity

Update from update-inputs-2024-09-25-04-20

Browse source
This commit is contained in:
Update Bot 2024-09-25 04:20:29 +02:00
commit 680ba20a69
No known key found for this signature in database
7 changed files with 383 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/hosts/seras/configuration.nix
View file

@ -8,6 +8,7 @@
../../services/nginx.nix ../../services/nginx.nix
../../services/hydra ../../services/hydra
../../services/update-nixfiles.nix ../../services/update-nixfiles.nix
../../services/librespeed.nix
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

6
config/services/librespeed.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }: {
services.librespeed = {
enable = true;
domain = "speed.kyouma.net";
};
}

122
flake.lock
View file

@ -58,22 +58,6 @@
"type": "github" "type": "github"
} }
}, },
"base16-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "base16-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-foot",
"type": "github"
}
},
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -90,38 +74,6 @@
"type": "github" "type": "github"
} }
}, },
"base16-kitty": {
"flake": false,
"locked": {
"lastModified": 1665001328,
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
"owner": "kdrag0n",
"repo": "base16-kitty",
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
"type": "github"
},
"original": {
"owner": "kdrag0n",
"repo": "base16-kitty",
"type": "github"
}
},
"base16-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "base16-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-tmux",
"type": "github"
}
},
"base16-vim": { "base16-vim": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -203,11 +155,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727097838, "lastModified": 1727196810,
"narHash": "sha256-URruiiuIyKzao6QcGXQXFaX3RRvlNFHHm19uOGmB0Dw=", "narHash": "sha256-xQzgXRlczZoFfrUdA4nD5qojCQVqpiIk82aYINQZd+U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "b1d6bed240abef5f5373e88fc7909f493013e557", "rev": "6d42596a35d34918a905e8539a44d3fc91f42b5b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -953,11 +905,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1727143082, "lastModified": 1727186381,
"narHash": "sha256-ZY+h5jmsbnEjYOPdw9xgprwCUiwt2MLU9NU4CXCErkc=", "narHash": "sha256-T6vSJAvbYSBsaUkwh2adbIt7liE2xpcRhmlosMNZnDo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "a75c2235d920dfd443d52c134bb51aa458f26814", "rev": "8f991cc8bc417ddbd1d5c7732268255557c13f4a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1050,10 +1002,7 @@
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
"base16-fish": "base16-fish", "base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_4",
@ -1064,14 +1013,17 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_4" "systems": "systems_4",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-tmux": "tinted-tmux"
}, },
"locked": { "locked": {
"lastModified": 1727093531, "lastModified": 1727218376,
"narHash": "sha256-hsb1bcUvpMecFHOP5F3LEyOnXiZ+5MikR92irJ8o7iE=", "narHash": "sha256-vRYd45uOqzXDaSt8M50hLcsBqIWbEMsflfHk/a1nYA8=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "eccb9f2d63f4582b1c1ffe97d806156147aeee5f", "rev": "cf8b6e2d4e8aca8ef14b839a906ab5eb98b08561",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1140,6 +1092,54 @@
"type": "github" "type": "github"
} }
}, },
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1665001328,
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

1
modules/default.nix
View file

@ -2,6 +2,7 @@
imports = [ imports = [
./deployment ./deployment
./graphical ./graphical
./librespeed
./machine-type ./machine-type
./nginx ./nginx
./ooklaserver ./ooklaserver

277
modules/librespeed/default.nix Normal file
View file

@ -0,0 +1,277 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.librespeed;
in {
options.services.librespeed = let
inherit (lib) mkOption types;
in {
enable = lib.mkEnableOption "LibreSpeed server";
package = lib.mkPackageOption pkgs "librespeed-rust" {};
configureNginx = mkOption {
description = "Configure nginx as a reverse proxy for LibreSpeed.";
default = if (cfg.domain != null) then true else false;
type = types.bool;
};
contactEmail = mkOption {
description = "Email address listed in the privacy policy.";
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
type = types.str;
};
domain = mkOption {
description = ''
If not `null`, this will add an entry to `services.librespeed.servers` and
configure an nginx reverse proxy at the specified FQDN, unless explicitly disabled.
'';
default = null;
type = with types; nullOr nonEmptyStr;
};
openFirewall = mkOption {
description = ''
Whether to open the firewall for the specified port.
This is only necessary if no reverse proxy is used.
'';
default = false;
type = types.bool;
};
pageTitle = mkOption {
description = "Title of the webpage.";
default = "LibreSpeed";
type = types.str;
};
secrets = mkOption {
description = ''
Attribute set of filesystem paths.
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
'';
default = {};
type = with types; nullOr (attrsOf path);
};
servers = mkOption {
description = "LibreSpeed servers that should apper in the server list.";
type = types.listOf (types.submodule {
options = let
inherit (types) nonEmptyStr;
in {
name = mkOption {
description = "Name shown in the server list.";
type = nonEmptyStr;
};
server = mkOption {
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
type = nonEmptyStr;
};
dlURL = mkOption {
description = ''
URL path to download test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/garbage";
type = nonEmptyStr;
};
ulURL = mkOption {
description = ''
URL path to upload test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
pingURL = mkOption {
description = ''
URL path to latency/jitter test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
getIpURL = mkOption {
description = ''
URL path to IP lookup on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/getIP";
type = nonEmptyStr;
};
};
});
};
settings = mkOption {
description = ''
LibreSpeed configuration written as Nix expression.
All values set to `null` will be excluded from the evaluated config.
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
See [github.com/librespeed][librespeed] for configuration help.
[librespeed]: https://github.com/librespeed/speedtest-rust
'';
default = {};
type = with types; nullOr (attrsOf (oneOf [
bool
int
str
null
]));
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.configureNginx -> cfg.domain != null;
message = ''
`services.librespeed.configureNginx` requires `services.librespeed.domain` to be set.
'';
}
];
networking.firewall = lib.mkIf (cfg.openFirewall) {
allowedTCPPorts = [ cfg.settings.listen_port ];
};
services.nginx.virtualHosts = lib.mkIf cfg.configureNginx {
${cfg.domain} = {
locations."/" = {
proxyPass = "http://${cfg.settings.bind_address}:${toString cfg.settings.listen_port}";
recommendedProxySettings = true;
};
enableACME = true;
forceSSL = true;
};
};
security.acme.certs = lib.mkIf cfg.configureNginx {
${cfg.domain} = {};
};
services.librespeed.servers = lib.mkIf (cfg.domain != null) [
{
name = cfg.domain;
server = "https://${cfg.domain}";
}
];
services.librespeed.settings = let
inherit (lib) mkDefault mkIf;
assets = pkgs.runCommand "librespeed-assets" {
preferLocal = true;
serverList = ''
function get_servers() {
return ${builtins.toJSON cfg.servers}
}
'';
} ''
cp -r ${pkgs.librespeed-rust}/assets $out
cat >$out/server_list.js <<<"$serverList"
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.pageTitle)} \
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)} \
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)}
'';
in {
speed_test_dir = assets;
bind_address = mkDefault (if cfg.configureNginx then "127.0.0.1" else "0.0.0.0");
listen_port = mkDefault 8989;
base_url = mkDefault "backend";
worker_threads = mkDefault "auto";
database_type = mkDefault "none";
database_file = mkIf (cfg.settings.database_type == "sqlite") mkDefault "/var/lib/librespeed/speedtest.sqlite";
#librespeed-rust will fail to start if the following config parameters are omitted.
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
tls_key_file = mkDefault "";
tls_cet_file = mkDefault "";
enable_tls = mkDefault false;
};
systemd.services = let
configFile = let
anyToString = arg: if (lib.isBool arg) then
lib.boolToString arg
else if (lib.isInt arg) then
toString arg
else "\"${lib.escape [ "\"" ] (toString arg)}\"";
in
with lib; pipe cfg.settings [
(filterAttrs (_: val: val != null))
(mapAttrs (name: val: "${path}=${anyToString val}"))
(concatLines attrValues)
(pkgs.writeText "${cfg.package.name}-config.toml")
];
in {
librespeed-secrets = lib.mkIf (cfg.secrets != {}) {
description = "LibreSpeed secret helper";
ExecStart = let
script = pkgs.writeShellApplication {
name = "librespeed-secrets";
runtimeInputs = [ pkgs.coreutils ];
text = ''
cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
'' + lib.pipe cfg.secrets [
(lib.mapAttrs (name: file: ''
cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
${name}="$(<${lib.escapeShellArg file})"
EOF
''))
(lib.concatLines lib.attrValues)
];
};
in lib.getExe script;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
RuntimeDirectory = "librespeed";
UMask = "u=rw";
};
};
librespeed = {
description = "LibreSpeed server daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
requires = lib.optionals (cfg.secrets != {}) [ "librespeed-secrets.service" ];
serviceConfig = {
Type = "simple";
Restart = "always";
DynamicUser = true;
ExecStartPre = lib.mkIf (!cfg.secrets ? "ipinfo_api_key") "${lib.getExe cfg.package} --update-ipdb";
ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}";
WorkingDirectory = "/var/cache/librespeed";
RuntimeDirectory = "librespeed";
RuntimeDirectoryPreserve = true;
StateDirectory = "librespeed";
CacheDirectory = "librespeed";
SyslogIdentifier = "librespeed";
ReadOnlyPaths = [ cfg.package ];
RestrictSUIDSGID = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectProc = "invisible";
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
SystemCallErrorNumber = "EPERM";
LockPersonality = true;
NoNewPrivileges = true;
};
};
};
};
meta.maintainers = with lib.maintainers; [ snaki ];
}

36
pkgs/librespeed-rust/default.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
fetchFromGitHub,
rustPlatform,
}:
let
version = "1.3.2";
src = fetchFromGitHub {
owner = "librespeed";
repo = "speedtest-rust";
rev = "refs/tags/v${version}";
hash = "sha256-z3lORjjJ89o+Du4mvKGydwxHU6Ra2jU5ue5Zsl/oIfY=";
};
in
rustPlatform.buildRustPackage {
pname = "librespeed-rust";
inherit version src;
cargoLock.lockFile = "${src}/Cargo.lock";
# error: linker `aarch64-linux-gnu-gcc` not found
postPatch = ''
rm .cargo/config.toml
'';
postInstall = ''
cp -r assets $out/
'';
meta = {
description = "A very lightweight speed test implementation in Rust.";
homepage = "https://github.com/librespeed/speedtest-rust";
license = lib.licenses.lgpl3Plus;
maintainers = with lib.maintainers; [ snaki ];
};
}

1
pkgs/overlay.nix
View file

@ -3,4 +3,5 @@ final: prev: {
upgrade-system = final.callPackage ./upgrade-system/default.nix {}; upgrade-system = final.callPackage ./upgrade-system/default.nix {};
update-nixfiles = final.callPackage ./update-nixfiles/default.nix {}; update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
build-worker-oci = final.callPackage ./build-worker-oci/default.nix {}; build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
} }