gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/anubis: warn about legacy runtime directory when necessary

Browse Source
This commit is contained in:
José-Paul D.
2025-10-31 18:36:13 +01:00
parent f1620bbe51
commit 5dce07242b
1 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
nixos/modules/services/networking/anubis.nix
View File

@@ -25,14 +25,14 @@ let
instanceUsesDedicatedRuntimeDirectory = instanceUsesDedicatedRuntimeDirectory =
name: instance: name: instance:
lib.any (lib.hasPrefix (runtimeDirectoryPrefix name)) (unixSocketAddrs instance.settings); lib.any (lib.hasPrefix (runtimeDirectoryPrefix name)) (unixSocketAddrs instance.settings);
useDedicatedRuntimeDirectory = useLegacyRuntimeDirectory =
# Set when: # Set when:
# - Multiple instances are configured to use unix sockets. # - Only one instance is configured with unix sockets.
# - At least one instance uses the new runtime directory prefix: /run/anubis/anubis-<instance name>. # - No instance uses the new runtime directory prefix: /run/anubis/anubis-<name>.
lib.count instanceUsesUnixSockets (lib.attrValues enabledInstances) > 1 lib.count instanceUsesUnixSockets (lib.attrValues enabledInstances) == 1
|| lib.any (attrs: instanceUsesDedicatedRuntimeDirectory attrs.name attrs.value) ( && !(lib.any (attrs: instanceUsesDedicatedRuntimeDirectory attrs.name attrs.value) (
lib.attrsToList enabledInstances lib.attrsToList enabledInstances
); ));
commonSubmodule = commonSubmodule =
isDefault: isDefault:
@@ -207,7 +207,7 @@ let
default = "/run/anubis/${instanceName name}.sock"; default = "/run/anubis/${instanceName name}.sock";
description = '' description = ''
The address that Anubis listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for syntax. The address that Anubis listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for syntax.
Use the prefix ${runtimeDirectoryPrefix "<instance name>"} when configuring multiple instances. Use the prefix "${runtimeDirectoryPrefix "<name>"}". The prefix "/run/anubis" is deprecated.
Defaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `BIND_NETWORK` to `"tcp"`. Defaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `BIND_NETWORK` to `"tcp"`.
''; '';
@@ -219,7 +219,7 @@ let
description = '' description = ''
The address Anubis' metrics server listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for The address Anubis' metrics server listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for
syntax. syntax.
Use the prefix ${runtimeDirectoryPrefix "<instance name>"} when configuring multiple instances. Use the prefix "${runtimeDirectoryPrefix "<name>"}". The prefix "/run/anubis" is deprecated.
The metrics server is enabled by default and may be disabled. However, due to implementation details, this is The metrics server is enabled by default and may be disabled. However, due to implementation details, this is
only possible by setting a command line flag. See {option}`services.anubis.defaultOptions.extraFlags` for an only possible by setting a command line flag. See {option}`services.anubis.defaultOptions.extraFlags` for an
@@ -269,9 +269,7 @@ in
}; };
config = lib.mkIf (enabledInstances != { }) { config = lib.mkIf (enabledInstances != { }) {
warnings = [ warnings = lib.optional useLegacyRuntimeDirectory ''Anubis service: runtime directory is going to be migrated from "anubis" to "anubis/anubis-<name>". Update services.anubis.instances.<name>.BIND to "${runtimeDirectoryPrefix "<name>"}anubis.sock" and services.anubis.instances.<name>.METRICS_BIND to "${runtimeDirectoryPrefix "<name>"}anubis-metrics.sock". Note: if <name> is "", use the prefix "/run/anubis/anubis".'';
"RuntimeDirectory is going to be migrated from `anubis` to `anubis/anubis-<instance name>`, update BIND and METRICS_BIND to ${runtimeDirectoryPrefix "<instance name>"} if using unix sockets"
];
assertions = assertions =
let let
@@ -282,9 +280,9 @@ in
[ [
{ {
assertion = assertion =
!useDedicatedRuntimeDirectory useLegacyRuntimeDirectory
|| lib.all validInstanceUnixSocketAddrs (lib.attrsToList enabledInstances); || lib.all validInstanceUnixSocketAddrs (lib.attrsToList enabledInstances);
message = "use the prefix ${runtimeDirectoryPrefix "<instance name>"} in BIND and METRICS_BIND when configuring multiple instances"; message = ''use the prefix "${runtimeDirectoryPrefix "<name>"}" in services.anubis.instances.<name>.BIND and services.anubis.instances.<name>.METRICS_BIND'';
} }
]; ];
@@ -331,12 +329,11 @@ in
(lib.singleton (lib.getExe cfg.package)) ++ instance.extraFlags (lib.singleton (lib.getExe cfg.package)) ++ instance.extraFlags
); );
RuntimeDirectory = RuntimeDirectory =
if useDedicatedRuntimeDirectory then if useLegacyRuntimeDirectory && instanceUsesUnixSockets instance then
"anubis/${instanceName name}"
else if instanceUsesUnixSockets instance then
# `dedicatedRuntimeDirectory = false`: /run/anubis may still be used.
# Warning: `anubis` will be deprecated eventually. # Warning: `anubis` will be deprecated eventually.
"anubis" "anubis"
else if instanceUsesUnixSockets instance then
"anubis/${instanceName name}"
else else
null; null;
# hardening # hardening