Compare commits
2 commits
main
...
update-inp
Author | SHA1 | Date | |
---|---|---|---|
|
6651a8bbf9 | ||
7042efb4cb |
5 changed files with 219 additions and 180 deletions
|
@ -1,7 +1,8 @@
|
||||||
{ pkgs, ... }: {
|
{ ... }: {
|
||||||
services.librespeed = {
|
services.librespeed = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.librespeed-go;
|
openFirewall = true;
|
||||||
domain = "speed.kyouma.net";
|
domain = "speed.kyouma.net";
|
||||||
|
frontend.enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
60
flake.lock
60
flake.lock
|
@ -155,11 +155,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727359191,
|
"lastModified": 1727531434,
|
||||||
"narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=",
|
"narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700",
|
"rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -462,11 +462,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726745158,
|
"lastModified": 1727514110,
|
||||||
"narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
|
"narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
|
"rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -662,11 +662,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727003835,
|
"lastModified": 1727507295,
|
||||||
"narHash": "sha256-Cfllbt/ADfO8oxbT984MhPHR6FJBaglsr1SxtDGbpec=",
|
"narHash": "sha256-I/FrX1peu4URoj5T5odfuKR2rm4GjYJJpCGF9c0/lDA=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d",
|
"rev": "f2e1c4aa29fc211947c3a7113cba1dd707433b70",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -743,11 +743,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727437159,
|
"lastModified": 1727665282,
|
||||||
"narHash": "sha256-v4qLwEw5OmprgQZTT7KZMNU7JjXJzRypw8+Cw6++fWk=",
|
"narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "d830ad47cc992b4a46b342bbc79694cbd0e980b2",
|
"rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -874,11 +874,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727348695,
|
"lastModified": 1727634051,
|
||||||
"narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
|
"narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
|
"rev": "06cf0e1da4208d3766d898b7fdab6513366d45b9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -905,11 +905,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_2"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727471696,
|
"lastModified": 1727645871,
|
||||||
"narHash": "sha256-3r/VNQp5aJK9Gj8hKdfSYqeXcc0kqpfFYhEg8ioWttE=",
|
"narHash": "sha256-Os3PAThU5XliKkKa+SHsFyV/EsCHogHcYONmpzb6500=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "b5c19b6abb0fb0156b1cb76793b363e430e2cb47",
|
"rev": "5f4a4b47597d3b9ac26c41ff4e8da28fa662f200",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -927,11 +927,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726995581,
|
"lastModified": 1727452028,
|
||||||
"narHash": "sha256-lgsE/CTkZk9OIiFGEIrxXZQ7Feiv41dqlN7pEfTdgew=",
|
"narHash": "sha256-ehl/A4HQFRyqj1Fk7cl+dgSf/2Fb1jLwWJtZaMU6RfU=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "search",
|
"repo": "search",
|
||||||
"rev": "3b7dd61b365ca45380707453758a45f2e9977be3",
|
"rev": "9f7426e532ef8dfc839c4a3fcc567b13a20a70d3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -985,11 +985,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727423009,
|
"lastModified": 1727734513,
|
||||||
"narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=",
|
"narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "127a96f49ddc377be6ba76964411bab11ae27803",
|
"rev": "3198a242e547939c5e659353551b0668ec150268",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1019,11 +1019,11 @@
|
||||||
"tinted-tmux": "tinted-tmux"
|
"tinted-tmux": "tinted-tmux"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727362643,
|
"lastModified": 1727723275,
|
||||||
"narHash": "sha256-Ceiq/aYjRlRBU677lBaemn8ZU2Jpr08Iso6UlBc9nFc=",
|
"narHash": "sha256-k4HrG8TJQ0RqDS1tlDz71kvWFBNQ7qZI9T5Z0qLR85Y=",
|
||||||
"owner": "danth",
|
"owner": "danth",
|
||||||
"repo": "stylix",
|
"repo": "stylix",
|
||||||
"rev": "e3eb7fdf8d129ff3676dfbc84ee1262322ca6fb4",
|
"rev": "e7e97059776da7e34b739415a7bc8f80f606b803",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1170,11 +1170,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727252110,
|
"lastModified": 1727431250,
|
||||||
"narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=",
|
"narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3",
|
"rev": "879b29ae9a0378904fbbefe0dadaed43c8905754",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,11 +1,5 @@
|
||||||
{ ... }: {
|
{ lib, ... }: let
|
||||||
imports = [
|
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
|
||||||
./deployment
|
in {
|
||||||
./graphical
|
imports = builtins.map (dir: ./${dir}) mapModules;
|
||||||
./librespeed
|
|
||||||
./machine-type
|
|
||||||
./nginx
|
|
||||||
./ooklaserver
|
|
||||||
./update-nixfiles
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,37 +7,29 @@ in {
|
||||||
in {
|
in {
|
||||||
enable = lib.mkEnableOption "LibreSpeed server";
|
enable = lib.mkEnableOption "LibreSpeed server";
|
||||||
package = lib.mkPackageOption pkgs "librespeed-rust" {};
|
package = lib.mkPackageOption pkgs "librespeed-rust" {};
|
||||||
configureNginx = mkOption {
|
|
||||||
description = "Configure nginx as a reverse proxy for LibreSpeed.";
|
|
||||||
default = if (cfg.domain != null) then true else false;
|
|
||||||
type = types.bool;
|
|
||||||
};
|
|
||||||
contactEmail = mkOption {
|
|
||||||
description = "Email address listed in the privacy policy.";
|
|
||||||
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
domain = mkOption {
|
domain = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
If not `null`, this will add an entry to `services.librespeed.servers` and
|
If not `null`, this will add an entry to `services.librespeed.servers` and
|
||||||
configure an nginx reverse proxy at the specified FQDN, unless explicitly disabled.
|
configure librespeed to use TLS.
|
||||||
'';
|
'';
|
||||||
default = null;
|
default = null;
|
||||||
type = with types; nullOr nonEmptyStr;
|
type = with types; nullOr nonEmptyStr;
|
||||||
};
|
};
|
||||||
|
downloadIPDB = mkOption {
|
||||||
|
description = ''
|
||||||
|
Whether to download the IP info database before starting librespeed.
|
||||||
|
Disable this if you want to use the Go implementation.
|
||||||
|
'';
|
||||||
|
default = (!cfg.secrets ? "ipinfo_api_key");
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether to open the firewall for the specified port.
|
Whether to open the firewall for the specified port.
|
||||||
This is only necessary if no reverse proxy is used.
|
|
||||||
'';
|
'';
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
};
|
};
|
||||||
pageTitle = mkOption {
|
|
||||||
description = "Title of the webpage.";
|
|
||||||
default = "LibreSpeed";
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
secrets = mkOption {
|
secrets = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Attribute set of filesystem paths.
|
Attribute set of filesystem paths.
|
||||||
|
@ -46,55 +38,6 @@ in {
|
||||||
default = {};
|
default = {};
|
||||||
type = with types; nullOr (attrsOf path);
|
type = with types; nullOr (attrsOf path);
|
||||||
};
|
};
|
||||||
servers = mkOption {
|
|
||||||
description = "LibreSpeed servers that should apper in the server list.";
|
|
||||||
type = types.listOf (types.submodule {
|
|
||||||
options = let
|
|
||||||
inherit (types) nonEmptyStr;
|
|
||||||
in {
|
|
||||||
name = mkOption {
|
|
||||||
description = "Name shown in the server list.";
|
|
||||||
type = nonEmptyStr;
|
|
||||||
};
|
|
||||||
server = mkOption {
|
|
||||||
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
|
|
||||||
type = nonEmptyStr;
|
|
||||||
};
|
|
||||||
dlURL = mkOption {
|
|
||||||
description = ''
|
|
||||||
URL path to download test on this server.
|
|
||||||
Append `.php` to the default value if the server uses the php implementation.
|
|
||||||
'';
|
|
||||||
default = "backend/garbage";
|
|
||||||
type = nonEmptyStr;
|
|
||||||
};
|
|
||||||
ulURL = mkOption {
|
|
||||||
description = ''
|
|
||||||
URL path to upload test on this server.
|
|
||||||
Append `.php` to the default value if the server uses the php implementation.
|
|
||||||
'';
|
|
||||||
default = "backend/empty";
|
|
||||||
type = nonEmptyStr;
|
|
||||||
};
|
|
||||||
pingURL = mkOption {
|
|
||||||
description = ''
|
|
||||||
URL path to latency/jitter test on this server.
|
|
||||||
Append `.php` to the default value if the server uses the php implementation.
|
|
||||||
'';
|
|
||||||
default = "backend/empty";
|
|
||||||
type = nonEmptyStr;
|
|
||||||
};
|
|
||||||
getIpURL = mkOption {
|
|
||||||
description = ''
|
|
||||||
URL path to IP lookup on this server.
|
|
||||||
Append `.php` to the default value if the server uses the php implementation.
|
|
||||||
'';
|
|
||||||
default = "backend/getIP";
|
|
||||||
type = nonEmptyStr;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
};
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
LibreSpeed configuration written as Nix expression.
|
LibreSpeed configuration written as Nix expression.
|
||||||
|
@ -113,91 +56,187 @@ in {
|
||||||
package
|
package
|
||||||
]));
|
]));
|
||||||
};
|
};
|
||||||
};
|
frontend = {
|
||||||
config = lib.mkIf cfg.enable {
|
enable = lib.mkEnableOption "LibreSpeed frontend.";
|
||||||
assertions = [
|
contactEmail = mkOption {
|
||||||
{
|
description = "Email address listed in the privacy policy.";
|
||||||
assertion = cfg.configureNginx -> cfg.domain != null;
|
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||||
message = ''
|
type = types.str;
|
||||||
`services.librespeed.configureNginx` requires `services.librespeed.domain` to be set.
|
};
|
||||||
|
pageTitle = mkOption {
|
||||||
|
description = "Title of the webpage.";
|
||||||
|
default = "LibreSpeed";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
useNginx = mkOption {
|
||||||
|
description = ''
|
||||||
|
Configure nginx for the LibreSpeed frontend.
|
||||||
|
This will only create a virtual host for the frontend and won't proxy all requests because,
|
||||||
|
the reported upload and download speeds are inaccurate if proxied.
|
||||||
'';
|
'';
|
||||||
}
|
default = cfg.domain != null;
|
||||||
];
|
type = types.bool;
|
||||||
|
};
|
||||||
|
settings = mkOption {
|
||||||
|
description = ''
|
||||||
|
Override default test parameters.
|
||||||
|
See [speedtest_worker.js][link] for a list of possible values.
|
||||||
|
|
||||||
networking.firewall = lib.mkIf (cfg.openFirewall) {
|
[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
|
||||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts = lib.mkIf cfg.configureNginx {
|
|
||||||
${cfg.domain} = {
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://[::1]:${toString cfg.settings.listen_port}";
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_cache off;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
extraConfig = ''
|
|
||||||
gzip off;
|
|
||||||
'';
|
'';
|
||||||
|
default = {};
|
||||||
|
type = with types; nullOr (attrsOf (oneOf [
|
||||||
|
bool
|
||||||
|
int
|
||||||
|
str
|
||||||
|
float
|
||||||
|
]));
|
||||||
|
};
|
||||||
|
servers = mkOption {
|
||||||
|
description = "LibreSpeed servers that should apper in the server list.";
|
||||||
|
type = types.listOf (types.submodule {
|
||||||
|
options = let
|
||||||
|
inherit (types) nonEmptyStr;
|
||||||
|
in {
|
||||||
|
name = mkOption {
|
||||||
|
description = "Name shown in the server list.";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
server = mkOption {
|
||||||
|
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
dlURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to download test on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/garbage";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
ulURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to upload test on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/empty";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
pingURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to latency/jitter test on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/empty";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
getIpURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to IP lookup on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/getIP";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
security.acme.certs = lib.mkIf cfg.configureNginx {
|
};
|
||||||
${cfg.domain} = {};
|
config = lib.mkIf cfg.enable (let
|
||||||
};
|
librespeedAssets = pkgs.runCommand "librespeed-assets" (let
|
||||||
|
mapValue = arg: if (lib.isBool arg) then
|
||||||
|
lib.boolToString arg
|
||||||
|
else if ((lib.isInt arg) || (lib.isFloat arg)) then
|
||||||
|
toString arg
|
||||||
|
else
|
||||||
|
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||||
|
|
||||||
services.librespeed.servers = lib.mkIf (cfg.domain != null) [
|
mapSettings = lib.pipe cfg.frontend.settings [
|
||||||
|
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
|
||||||
|
(lib.attrValues)
|
||||||
|
(lib.concatLines)
|
||||||
|
];
|
||||||
|
in {
|
||||||
|
preferLocal = true;
|
||||||
|
|
||||||
|
serversList = ''
|
||||||
|
function get_servers() {
|
||||||
|
return ${builtins.toJSON cfg.frontend.servers}
|
||||||
|
}
|
||||||
|
function override_settings () {
|
||||||
|
${mapSettings}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
}) ''
|
||||||
|
cp -r ${pkgs.librespeed-rust}/assets $out
|
||||||
|
chmod 666 $out/servers_list.js
|
||||||
|
cat >$out/servers_list.js <<<"$serversList"
|
||||||
|
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
||||||
|
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
|
||||||
|
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
|
||||||
|
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
|
||||||
|
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
assertions = [
|
||||||
{
|
{
|
||||||
name = cfg.domain;
|
assertion = cfg.frontend.useNginx -> cfg.domain != null;
|
||||||
server = "//${cfg.domain}${lib.optionalString (!cfg.configureNginx) ":${toString cfg.settings.listen_port}"}";
|
message = ''
|
||||||
|
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||||
|
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||||
|
${cfg.domain} = {
|
||||||
|
locations."/".root = librespeedAssets;
|
||||||
|
locations."/backend/".extraConfig = "return 301 https://$host:${toString cfg.settings.listen_port}$request_uri;";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||||
|
${cfg.domain} = {
|
||||||
|
reloadServices = [ "librespeed.service" ];
|
||||||
|
webroot = "/var/lib/acme/acme-challange";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||||
|
{
|
||||||
|
name = cfg.domain;
|
||||||
|
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
services.librespeed.frontend.settings = lib.mkIf cfg.frontend.enable {
|
||||||
|
telemetry_level = lib.mkDefault "basic";
|
||||||
|
};
|
||||||
|
|
||||||
services.librespeed.settings = let
|
services.librespeed.settings = let
|
||||||
inherit (lib) mkDefault mkIf;
|
inherit (lib) mkDefault mkIf;
|
||||||
|
|
||||||
assets = pkgs.runCommand "librespeed-assets" {
|
|
||||||
preferLocal = true;
|
|
||||||
|
|
||||||
serversList = ''
|
|
||||||
function get_servers() {
|
|
||||||
return ${builtins.toJSON cfg.servers}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
} ''
|
|
||||||
cp -r ${pkgs.librespeed-rust}/assets $out
|
|
||||||
chmod 666 $out/servers_list.js
|
|
||||||
cat >$out/servers_list.js <<<"$serversList"
|
|
||||||
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
|
||||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.pageTitle)} \
|
|
||||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)} \
|
|
||||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)}
|
|
||||||
'';
|
|
||||||
in {
|
in {
|
||||||
#speed_test_dir = assets;
|
assets_path = if (cfg.frontend.enable && !cfg.frontend.useNginx) then librespeedAssets
|
||||||
assets_path = assets;
|
else pkgs.writeTextDir "index.html" "";
|
||||||
bind_address = mkDefault (if cfg.configureNginx then "::1" else "::");
|
|
||||||
listen_port = mkDefault 8989;
|
|
||||||
#base_url = mkDefault "backend";
|
|
||||||
#worker_threads = mkDefault "auto";
|
|
||||||
|
|
||||||
server_lat = 0;
|
bind_address = mkDefault "::";
|
||||||
server_lng = 0;
|
listen_port = mkDefault 8989;
|
||||||
proxyprotocol_port = 0;
|
base_url = mkDefault "backend";
|
||||||
redact_ip_addresses = false;
|
worker_threads = mkDefault "auto";
|
||||||
|
|
||||||
|
database_type = mkDefault "none";
|
||||||
|
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
|
||||||
|
|
||||||
#librespeed-rust will fail to start if the following config parameters are omitted.
|
#librespeed-rust will fail to start if the following config parameters are omitted.
|
||||||
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||||
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||||
#tls_key_file = mkDefault "";
|
tls_cert_file = if (cfg.domain != null) then (mkDefault "/run/credentials/librespeed.service/cert.pem") else (mkDefault "");
|
||||||
#tls_cet_file = mkDefault "";
|
tls_key_file = if (cfg.domain != null) then (mkDefault "/run/credentials/librespeed.service/key.pem") else (mkDefault "");
|
||||||
|
|
||||||
enable_tls = mkDefault false;
|
enable_tls = mkDefault (cfg.domain != null);
|
||||||
} // rec {
|
|
||||||
database_type = mkDefault "none";
|
|
||||||
database_file = mkIf (database_type == "sqlite") (mkDefault "/var/lib/librespeed/speedtest.sqlite");
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = let
|
systemd.services = let
|
||||||
|
@ -255,7 +294,12 @@ in {
|
||||||
|
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
|
|
||||||
#ExecStartPre = lib.mkIf (!cfg.secrets ? "ipinfo_api_key") "${lib.getExe cfg.package} --update-ipdb";
|
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||||
|
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||||
|
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||||
|
];
|
||||||
|
|
||||||
|
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
|
||||||
ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}";
|
ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}";
|
||||||
WorkingDirectory = "/var/cache/librespeed";
|
WorkingDirectory = "/var/cache/librespeed";
|
||||||
RuntimeDirectory = "librespeed";
|
RuntimeDirectory = "librespeed";
|
||||||
|
@ -287,7 +331,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
});
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ snaki ];
|
meta.maintainers = with lib.maintainers; [ snaki ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,12 +4,12 @@
|
||||||
rustPlatform,
|
rustPlatform,
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
version = "1.3.2";
|
version = "unstable-2024-09-28";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "librespeed";
|
owner = "librespeed";
|
||||||
repo = "speedtest-rust";
|
repo = "speedtest-rust";
|
||||||
rev = "refs/tags/v${version}";
|
rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
|
||||||
hash = "sha256-z3lORjjJ89o+Du4mvKGydwxHU6Ra2jU5ue5Zsl/oIfY=";
|
hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
rustPlatform.buildRustPackage {
|
rustPlatform.buildRustPackage {
|
||||||
|
|
Loading…
Reference in a new issue