Compare commits

...

2 commits

Author SHA1 Message Date
Update Bot
2d87dc9c69
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/67dc29be3036cc888f0b9d4f0a788ee0f6768700' (2024-09-26)
  → 'github:nix-community/disko/b709e1cc33fcde71c7db43850a55ebe6449d0959' (2024-09-28)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/d830ad47cc992b4a46b342bbc79694cbd0e980b2' (2024-09-27)
  → 'github:nixos/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30)
• Updated input 'nixvim':
    'github:nix-community/nixvim/b5c19b6abb0fb0156b1cb76793b363e430e2cb47' (2024-09-27)
  → 'github:nix-community/nixvim/5f4a4b47597d3b9ac26c41ff4e8da28fa662f200' (2024-09-29)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/4e743a6920eab45e8ba0fbe49dc459f1423a4b74' (2024-09-19)
  → 'github:cachix/git-hooks.nix/85f7a7177c678de68224af3402ab8ee1bcee25c8' (2024-09-28)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d' (2024-09-22)
  → 'github:lnl7/nix-darwin/f2e1c4aa29fc211947c3a7113cba1dd707433b70' (2024-09-28)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/3b7dd61b365ca45380707453758a45f2e9977be3' (2024-09-22)
  → 'github:NuschtOS/search/9f7426e532ef8dfc839c4a3fcc567b13a20a70d3' (2024-09-27)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3' (2024-09-25)
  → 'github:numtide/treefmt-nix/879b29ae9a0378904fbbefe0dadaed43c8905754' (2024-09-27)
• Updated input 'stylix':
    'github:danth/stylix/e3eb7fdf8d129ff3676dfbc84ee1262322ca6fb4' (2024-09-26)
  → 'github:danth/stylix/0eea8bcb0f9c3c7638e7ee64f98ed9b4ec716830' (2024-09-29)
2024-09-30 14:12:03 +02:00
7042efb4cb
librespeed: Fixes 2024-09-30 13:23:17 +02:00
5 changed files with 213 additions and 174 deletions

View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { { ... }: {
services.librespeed = { services.librespeed = {
enable = true; enable = true;
package = pkgs.librespeed-go; openFirewall = true;
domain = "speed.kyouma.net"; domain = "speed.kyouma.net";
frontend.enable = true;
}; };
} }

View file

@ -155,11 +155,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727359191, "lastModified": 1727531434,
"narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=", "narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700", "rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -462,11 +462,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726745158, "lastModified": 1727514110,
"narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -662,11 +662,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727003835, "lastModified": 1727507295,
"narHash": "sha256-Cfllbt/ADfO8oxbT984MhPHR6FJBaglsr1SxtDGbpec=", "narHash": "sha256-I/FrX1peu4URoj5T5odfuKR2rm4GjYJJpCGF9c0/lDA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d", "rev": "f2e1c4aa29fc211947c3a7113cba1dd707433b70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -743,11 +743,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1727437159, "lastModified": 1727665282,
"narHash": "sha256-v4qLwEw5OmprgQZTT7KZMNU7JjXJzRypw8+Cw6++fWk=", "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "d830ad47cc992b4a46b342bbc79694cbd0e980b2", "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -905,11 +905,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1727471696, "lastModified": 1727645871,
"narHash": "sha256-3r/VNQp5aJK9Gj8hKdfSYqeXcc0kqpfFYhEg8ioWttE=", "narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "b5c19b6abb0fb0156b1cb76793b363e430e2cb47", "rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -927,11 +927,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726995581, "lastModified": 1727452028,
"narHash": "sha256-lgsE/CTkZk9OIiFGEIrxXZQ7Feiv41dqlN7pEfTdgew=", "narHash": "sha256-ehl/A4HQFRyqj1Fk7cl+dgSf/2Fb1jLwWJtZaMU6RfU=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "3b7dd61b365ca45380707453758a45f2e9977be3", "rev": "9f7426e532ef8dfc839c4a3fcc567b13a20a70d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1019,11 +1019,11 @@
"tinted-tmux": "tinted-tmux" "tinted-tmux": "tinted-tmux"
}, },
"locked": { "locked": {
"lastModified": 1727362643, "lastModified": 1727635018,
"narHash": "sha256-Ceiq/aYjRlRBU677lBaemn8ZU2Jpr08Iso6UlBc9nFc=", "narHash": "sha256-WSc/MF4dUeB2UPMznXYv4LeKK/ulD4xsufdN/L5PoL4=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "e3eb7fdf8d129ff3676dfbc84ee1262322ca6fb4", "rev": "0eea8bcb0f9c3c7638e7ee64f98ed9b4ec716830",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1170,11 +1170,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727252110, "lastModified": 1727431250,
"narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,11 +1,5 @@
{ ... }: { { lib, ... }: let
imports = [ mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
./deployment in {
./graphical imports = builtins.map (dir: ./${dir}) mapModules;
./librespeed
./machine-type
./nginx
./ooklaserver
./update-nixfiles
];
} }

View file

@ -7,37 +7,29 @@ in {
in { in {
enable = lib.mkEnableOption "LibreSpeed server"; enable = lib.mkEnableOption "LibreSpeed server";
package = lib.mkPackageOption pkgs "librespeed-rust" {}; package = lib.mkPackageOption pkgs "librespeed-rust" {};
configureNginx = mkOption {
description = "Configure nginx as a reverse proxy for LibreSpeed.";
default = if (cfg.domain != null) then true else false;
type = types.bool;
};
contactEmail = mkOption {
description = "Email address listed in the privacy policy.";
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
type = types.str;
};
domain = mkOption { domain = mkOption {
description = '' description = ''
If not `null`, this will add an entry to `services.librespeed.servers` and If not `null`, this will add an entry to `services.librespeed.servers` and
configure an nginx reverse proxy at the specified FQDN, unless explicitly disabled. configure librespeed to use TLS.
''; '';
default = null; default = null;
type = with types; nullOr nonEmptyStr; type = with types; nullOr nonEmptyStr;
}; };
downloadIPDB = mkOption {
description = ''
Whether to download the IP info database before starting librespeed.
Disable this if you want to use the Go implementation.
'';
default = (!cfg.secrets ? "ipinfo_api_key");
type = types.bool;
};
openFirewall = mkOption { openFirewall = mkOption {
description = '' description = ''
Whether to open the firewall for the specified port. Whether to open the firewall for the specified port.
This is only necessary if no reverse proxy is used.
''; '';
default = false; default = false;
type = types.bool; type = types.bool;
}; };
pageTitle = mkOption {
description = "Title of the webpage.";
default = "LibreSpeed";
type = types.str;
};
secrets = mkOption { secrets = mkOption {
description = '' description = ''
Attribute set of filesystem paths. Attribute set of filesystem paths.
@ -46,55 +38,6 @@ in {
default = {}; default = {};
type = with types; nullOr (attrsOf path); type = with types; nullOr (attrsOf path);
}; };
servers = mkOption {
description = "LibreSpeed servers that should apper in the server list.";
type = types.listOf (types.submodule {
options = let
inherit (types) nonEmptyStr;
in {
name = mkOption {
description = "Name shown in the server list.";
type = nonEmptyStr;
};
server = mkOption {
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
type = nonEmptyStr;
};
dlURL = mkOption {
description = ''
URL path to download test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/garbage";
type = nonEmptyStr;
};
ulURL = mkOption {
description = ''
URL path to upload test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
pingURL = mkOption {
description = ''
URL path to latency/jitter test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
getIpURL = mkOption {
description = ''
URL path to IP lookup on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/getIP";
type = nonEmptyStr;
};
};
});
};
settings = mkOption { settings = mkOption {
description = '' description = ''
LibreSpeed configuration written as Nix expression. LibreSpeed configuration written as Nix expression.
@ -113,91 +56,187 @@ in {
package package
])); ]));
}; };
}; frontend = {
config = lib.mkIf cfg.enable { enable = lib.mkEnableOption "LibreSpeed frontend.";
assertions = [ contactEmail = mkOption {
{ description = "Email address listed in the privacy policy.";
assertion = cfg.configureNginx -> cfg.domain != null; default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
message = '' type = types.str;
`services.librespeed.configureNginx` requires `services.librespeed.domain` to be set. };
pageTitle = mkOption {
description = "Title of the webpage.";
default = "LibreSpeed";
type = types.str;
};
useNginx = mkOption {
description = ''
Configure nginx for the LibreSpeed frontend.
This will only create a virtual host for the frontend and won't proxy all requests because,
the reported upload and download speeds are inaccurate if proxied.
''; '';
} default = cfg.domain != null;
]; type = types.bool;
};
settings = mkOption {
description = ''
Override default test parameters.
See [speedtest_worker.js][link] for a list of possible values.
networking.firewall = lib.mkIf (cfg.openFirewall) { [link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
allowedTCPPorts = [ cfg.settings.listen_port ];
};
services.nginx.virtualHosts = lib.mkIf cfg.configureNginx {
${cfg.domain} = {
locations."/" = {
proxyPass = "http://[::1]:${toString cfg.settings.listen_port}";
recommendedProxySettings = true;
extraConfig = ''
proxy_cache off;
proxy_buffering off;
proxy_request_buffering off;
'';
};
enableACME = true;
forceSSL = true;
extraConfig = ''
gzip off;
''; '';
default = {};
type = with types; nullOr (attrsOf (oneOf [
bool
int
str
float
]));
};
servers = mkOption {
description = "LibreSpeed servers that should apper in the server list.";
type = types.listOf (types.submodule {
options = let
inherit (types) nonEmptyStr;
in {
name = mkOption {
description = "Name shown in the server list.";
type = nonEmptyStr;
};
server = mkOption {
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
type = nonEmptyStr;
};
dlURL = mkOption {
description = ''
URL path to download test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/garbage";
type = nonEmptyStr;
};
ulURL = mkOption {
description = ''
URL path to upload test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
pingURL = mkOption {
description = ''
URL path to latency/jitter test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
getIpURL = mkOption {
description = ''
URL path to IP lookup on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/getIP";
type = nonEmptyStr;
};
};
});
}; };
}; };
security.acme.certs = lib.mkIf cfg.configureNginx { };
${cfg.domain} = {}; config = lib.mkIf cfg.enable (let
}; librespeedAssets = pkgs.runCommand "librespeed-assets" (let
mapValue = arg: if (lib.isBool arg) then
lib.boolToString arg
else if ((lib.isInt arg) || (lib.isFloat arg)) then
toString arg
else
"\"${lib.escape [ "\"" ] (toString arg)}\"";
services.librespeed.servers = lib.mkIf (cfg.domain != null) [ mapSettings = lib.pipe cfg.frontend.settings [
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
(lib.attrValues)
(lib.concatLines)
];
in {
preferLocal = true;
serversList = ''
function get_servers() {
return ${builtins.toJSON cfg.frontend.servers}
}
function override_settings () {
${mapSettings}
}
'';
}) ''
cp -r ${pkgs.librespeed-rust}/assets $out
chmod 666 $out/servers_list.js
cat >$out/servers_list.js <<<"$serversList"
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
'';
in {
assertions = [
{ {
name = cfg.domain; assertion = cfg.frontend.useNginx -> cfg.domain != null;
server = "//${cfg.domain}${lib.optionalString (!cfg.configureNginx) ":${toString cfg.settings.listen_port}"}"; message = ''
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
'';
} }
]; ];
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.settings.listen_port ];
};
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
${cfg.domain} = {
locations."/".root = librespeedAssets;
locations."/backend/".extraConfig = "return 301 https://$host:${toString cfg.settings.listen_port}$request_uri;";
enableACME = true;
forceSSL = true;
};
};
security.acme.certs = lib.mkIf (cfg.domain != null) {
${cfg.domain} = {
reloadServices = [ "librespeed.service" ];
webroot = "/var/lib/acme/acme-challange";
};
};
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
{
name = cfg.domain;
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
}
];
services.librespeed.frontend.settings = lib.mkIf cfg.frontend.enable {
telemetry_level = lib.mkDefault "basic";
};
services.librespeed.settings = let services.librespeed.settings = let
inherit (lib) mkDefault mkIf; inherit (lib) mkDefault mkIf;
assets = pkgs.runCommand "librespeed-assets" {
preferLocal = true;
serversList = ''
function get_servers() {
return ${builtins.toJSON cfg.servers}
}
'';
} ''
cp -r ${pkgs.librespeed-rust}/assets $out
chmod 666 $out/servers_list.js
cat >$out/servers_list.js <<<"$serversList"
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.pageTitle)} \
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)} \
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)}
'';
in { in {
#speed_test_dir = assets; assets_path = if (cfg.frontend.enable && !cfg.frontend.useNginx) then librespeedAssets
assets_path = assets; else pkgs.writeTextDir "index.html" "";
bind_address = mkDefault (if cfg.configureNginx then "::1" else "::");
listen_port = mkDefault 8989;
#base_url = mkDefault "backend";
#worker_threads = mkDefault "auto";
server_lat = 0; bind_address = mkDefault "::";
server_lng = 0; listen_port = mkDefault 8989;
proxyprotocol_port = 0; base_url = mkDefault "backend";
redact_ip_addresses = false; worker_threads = mkDefault "auto";
database_type = mkDefault "none";
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
#librespeed-rust will fail to start if the following config parameters are omitted. #librespeed-rust will fail to start if the following config parameters are omitted.
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") ""; ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
stats_password = mkIf (!cfg.secrets ? "stats_password") ""; stats_password = mkIf (!cfg.secrets ? "stats_password") "";
#tls_key_file = mkDefault ""; tls_cert_file = if (cfg.domain != null) then (mkDefault "/run/credentials/librespeed.service/cert.pem") else (mkDefault "");
#tls_cet_file = mkDefault ""; tls_key_file = if (cfg.domain != null) then (mkDefault "/run/credentials/librespeed.service/key.pem") else (mkDefault "");
enable_tls = mkDefault false; enable_tls = mkDefault (cfg.domain != null);
} // rec {
database_type = mkDefault "none";
database_file = mkIf (database_type == "sqlite") (mkDefault "/var/lib/librespeed/speedtest.sqlite");
}; };
systemd.services = let systemd.services = let
@ -255,7 +294,12 @@ in {
DynamicUser = true; DynamicUser = true;
#ExecStartPre = lib.mkIf (!cfg.secrets ? "ipinfo_api_key") "${lib.getExe cfg.package} --update-ipdb"; LoadCredential = lib.mkIf (cfg.domain != null) [
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
];
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}"; ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}";
WorkingDirectory = "/var/cache/librespeed"; WorkingDirectory = "/var/cache/librespeed";
RuntimeDirectory = "librespeed"; RuntimeDirectory = "librespeed";
@ -287,7 +331,7 @@ in {
}; };
}; };
}; };
}; });
meta.maintainers = with lib.maintainers; [ snaki ]; meta.maintainers = with lib.maintainers; [ snaki ];
} }

View file

@ -4,12 +4,12 @@
rustPlatform, rustPlatform,
}: }:
let let
version = "1.3.2"; version = "unstable-2024-09-28";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "librespeed"; owner = "librespeed";
repo = "speedtest-rust"; repo = "speedtest-rust";
rev = "refs/tags/v${version}"; rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
hash = "sha256-z3lORjjJ89o+Du4mvKGydwxHU6Ra2jU5ue5Zsl/oIfY="; hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
}; };
in in
rustPlatform.buildRustPackage { rustPlatform.buildRustPackage {