From a595aba420694434566424c09d581ad7045283e9 Mon Sep 17 00:00:00 2001 From: ocfox Date: Sun, 28 Jan 2024 12:54:35 +0800 Subject: [PATCH 1/4] realm: init at 2.6.0 Co-authored-by: Nick Cao --- pkgs/by-name/re/realm/package.nix | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 pkgs/by-name/re/realm/package.nix diff --git a/pkgs/by-name/re/realm/package.nix b/pkgs/by-name/re/realm/package.nix new file mode 100644 index 000000000000..06356034682d --- /dev/null +++ b/pkgs/by-name/re/realm/package.nix @@ -0,0 +1,34 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, stdenv +, darwin +}: + +rustPlatform.buildRustPackage rec { + pname = "realm"; + version = "2.6.0"; + + src = fetchFromGitHub { + owner = "zhboner"; + repo = "realm"; + rev = "v${version}"; + hash = "sha256-G3scFSOxbmR3Q2fkRdg115WN/GCYpys/8Y4JC4YMGdY="; + }; + + cargoHash = "sha256-EvXafTujqTdQwfK4NXgT7lGKGnrpyP9ouplD6DmJUKU="; + + buildInputs = lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.Security + ]; + + env.RUSTC_BOOTSTRAP = 1; + + meta = with lib; { + description = "A simple, high performance relay server written in rust"; + homepage = "https://github.com/zhboner/realm"; + mainProgram = "realm"; + license = licenses.mit; + maintainers = with maintainers; [ ocfox ]; + }; +} From 86ce0733d2cabad56958ffb68b4e1006d4b71248 Mon Sep 17 00:00:00 2001 From: ocfox Date: Sun, 28 Jan 2024 12:55:05 +0800 Subject: [PATCH 2/4] nixos/realm: init Co-authored-by: Nick Cao Co-authored-by: oluceps --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/realm.nix | 50 +++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 nixos/modules/services/networking/realm.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5b8be7a969ba..338507d61e41 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1150,6 +1150,7 @@ ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix + ./services/networking/realm.nix ./services/networking/redsocks.nix ./services/networking/resilio.nix ./services/networking/robustirc-bridge.nix diff --git a/nixos/modules/services/networking/realm.nix b/nixos/modules/services/networking/realm.nix new file mode 100644 index 000000000000..5b0c34ac825f --- /dev/null +++ b/nixos/modules/services/networking/realm.nix @@ -0,0 +1,50 @@ +{ config +, lib +, pkgs +, ... +}: +let + cfg = config.services.realm; + configFormat = pkgs.formats.json { }; + configFile = configFormat.generate "config.json" cfg.config; + inherit (lib) + mkEnableOption mkPackageOption mkOption mkIf types getExe; +in +{ + + meta.maintainers = with lib.maintainers; [ ocfox ]; + + options = { + services.realm = { + enable = mkEnableOption "A simple, high performance relay server written in rust"; + package = mkPackageOption pkgs "realm" { }; + config = mkOption { + type = types.submodule { + freeformType = configFormat.type; + }; + default = { }; + description = '' + The realm configuration, see for documentation. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.realm = { + serviceConfig = { + DynamicUser = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + ProtectClock = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectProc = "invisible"; + ProtectKernelTunables = true; + ExecStart = "${getExe cfg.package} --config ${configFile}"; + AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; +} From 76b5481df72d2d8bdcef0565aff64f847f5c38da Mon Sep 17 00:00:00 2001 From: ocfox Date: Sun, 28 Jan 2024 12:56:32 +0800 Subject: [PATCH 3/4] nixosTests.realm: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/realm.nix | 39 +++++++++++++++++++++++++++++++ pkgs/by-name/re/realm/package.nix | 8 +++++++ 3 files changed, 48 insertions(+) create mode 100644 nixos/tests/realm.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 8d67843a81ef..e6b4a4b66567 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -811,6 +811,7 @@ in { ragnarwm = handleTest ./ragnarwm.nix {}; rasdaemon = handleTest ./rasdaemon.nix {}; readarr = handleTest ./readarr.nix {}; + realm = handleTest ./realm.nix {}; redis = handleTest ./redis.nix {}; redlib = handleTest ./redlib.nix {}; redmine = handleTest ./redmine.nix {}; diff --git a/nixos/tests/realm.nix b/nixos/tests/realm.nix new file mode 100644 index 000000000000..b39b0e0a161c --- /dev/null +++ b/nixos/tests/realm.nix @@ -0,0 +1,39 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "realm"; + + meta = { + maintainers = with lib.maintainers; [ ocfox ]; + }; + + nodes.machine = { pkgs, ... }: { + services.nginx = { + enable = true; + statusPage = true; + }; + # realm need DNS resolv server to run or use config.dns.nameserver + services.resolved.enable = true; + + services.realm = { + enable = true; + config = { + endpoints = [ + { + listen = "0.0.0.0:1000"; + remote = "127.0.0.1:80"; + } + ]; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("nginx.service") + machine.wait_for_unit("realm.service") + + machine.wait_for_open_port(80) + machine.wait_for_open_port(1000) + + machine.succeed("curl --fail http://localhost:1000/") + ''; + +}) diff --git a/pkgs/by-name/re/realm/package.nix b/pkgs/by-name/re/realm/package.nix index 06356034682d..e76189e1ac8d 100644 --- a/pkgs/by-name/re/realm/package.nix +++ b/pkgs/by-name/re/realm/package.nix @@ -3,6 +3,8 @@ , fetchFromGitHub , stdenv , darwin +, nix-update-script +, nixosTests }: rustPlatform.buildRustPackage rec { @@ -24,6 +26,12 @@ rustPlatform.buildRustPackage rec { env.RUSTC_BOOTSTRAP = 1; + passthru = { + updateScript = nix-update-script { }; + tests = { inherit (nixosTests) realm; }; + }; + + meta = with lib; { description = "A simple, high performance relay server written in rust"; homepage = "https://github.com/zhboner/realm"; From f0e2e1d83e822517507f502f95147b57839a4f51 Mon Sep 17 00:00:00 2001 From: ocfox Date: Mon, 3 Jun 2024 08:40:16 +0800 Subject: [PATCH 4/4] nixos/realm: add release note --- nixos/doc/manual/release-notes/rl-2411.section.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 14f371d1c145..91b07ef1de18 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -30,6 +30,8 @@ - [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable). +- [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable). + - [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld). - [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance).