nixseparatedebuginfod: remove

in favor of nixseparatedebuginfod2

Reuse the same port so that rebuilding to the new module does not need a
reboot to update the env var.

nixos/modules/module-list.nix

@@ -598,7 +598,6 @@
   ./services/development/livebook.nix
   ./services/development/lorri.nix
   ./services/development/nixseparatedebuginfod2.nix
-  ./services/development/nixseparatedebuginfod.nix
   ./services/development/rstudio-server/default.nix
   ./services/development/vsmartcard-vpcd.nix
   ./services/development/zammad.nix

nixos/modules/rename.nix

@@ -228,6 +228,9 @@ in
       "services.morty has been removed from NixOS. As the morty package was unmaintained and removed and searxng, its main consumer, dropped support for it."
     )
     (mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
+    (mkRemovedOptionModule [ "services" "nixseparatedebuginfod" ]
+      "Use `services.nixseparatedebuginfod2.enable = true;` instead. If you only use the official binary cache, no additional configuration should be needed."
+    )
     (mkRemovedOptionModule [ "services" "pantheon" "files" ] ''
       This module was removed, please add pkgs.pantheon.elementary-files to environment.systemPackages directly.
     '')

nixos/modules/services/development/nixseparatedebuginfod.nix

@@ -1,106 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  cfg = config.services.nixseparatedebuginfod;
-  url = "127.0.0.1:${toString cfg.port}";
-in
-{
-  options = {
-    services.nixseparatedebuginfod = {
-      enable = lib.mkEnableOption "separatedebuginfod, a debuginfod server providing source and debuginfo for nix packages";
-      port = lib.mkOption {
-        description = "port to listen";
-        default = 1949;
-        type = lib.types.port;
-      };
-      nixPackage = lib.mkOption {
-        type = lib.types.package;
-        default = pkgs.nix;
-        defaultText = lib.literalExpression "pkgs.nix";
-        description = ''
-          The version of nix that nixseparatedebuginfod should use as client for the nix daemon. It is strongly advised to use nix version >= 2.18, otherwise some debug info may go missing.
-        '';
-      };
-      allowOldNix = lib.mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = ''
-          Do not fail evaluation when {option}`services.nixseparatedebuginfod.nixPackage` is older than nix 2.18.
-        '';
-      };
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = cfg.allowOldNix || (lib.versionAtLeast cfg.nixPackage.version "2.18");
-        message = "nixseparatedebuginfod works better when `services.nixseparatedebuginfod.nixPackage` is set to nix >= 2.18 (instead of ${cfg.nixPackage.name}). Set `services.nixseparatedebuginfod.allowOldNix` to bypass.";
-      }
-    ];
-
-    systemd.services.nixseparatedebuginfod = {
-      wantedBy = [ "multi-user.target" ];
-      wants = [ "nix-daemon.service" ];
-      after = [ "nix-daemon.service" ];
-      path = [ cfg.nixPackage ];
-      serviceConfig = {
-        ExecStart = [ "${pkgs.nixseparatedebuginfod}/bin/nixseparatedebuginfod -l ${url}" ];
-        Restart = "on-failure";
-        CacheDirectory = "nixseparatedebuginfod";
-        # nix does not like DynamicUsers in allowed-users
-        User = "nixseparatedebuginfod";
-        Group = "nixseparatedebuginfod";
-
-        # hardening
-        # Filesystem stuff
-        ProtectSystem = "strict"; # Prevent writing to most of /
-        ProtectHome = true; # Prevent accessing /home and /root
-        PrivateTmp = true; # Give an own directory under /tmp
-        PrivateDevices = true; # Deny access to most of /dev
-        ProtectKernelTunables = true; # Protect some parts of /sys
-        ProtectControlGroups = true; # Remount cgroups read-only
-        RestrictSUIDSGID = true; # Prevent creating SETUID/SETGID files
-        PrivateMounts = true; # Give an own mount namespace
-        RemoveIPC = true;
-        UMask = "0077";
-
-        # Capabilities
-        CapabilityBoundingSet = ""; # Allow no capabilities at all
-        NoNewPrivileges = true; # Disallow getting more capabilities. This is also implied by other options.
-
-        # Kernel stuff
-        ProtectKernelModules = true; # Prevent loading of kernel modules
-        SystemCallArchitectures = "native"; # Usually no need to disable this
-        ProtectKernelLogs = true; # Prevent access to kernel logs
-        ProtectClock = true; # Prevent setting the RTC
-
-        # Networking
-        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
-
-        # Misc
-        LockPersonality = true; # Prevent change of the personality
-        ProtectHostname = true; # Give an own UTS namespace
-        RestrictRealtime = true; # Prevent switching to RT scheduling
-        MemoryDenyWriteExecute = true; # Maybe disable this for interpreters like python
-        RestrictNamespaces = true;
-      };
-    };
-
-    users.users.nixseparatedebuginfod = {
-      isSystemUser = true;
-      group = "nixseparatedebuginfod";
-    };
-
-    users.groups.nixseparatedebuginfod = { };
-
-    nix.settings = lib.optionalAttrs (lib.versionAtLeast config.nix.package.version "2.4") {
-      extra-allowed-users = [ "nixseparatedebuginfod" ];
-    };
-
-    environment.debuginfodServers = [ "http://${url}" ];
-  };
-}

nixos/modules/services/development/nixseparatedebuginfod2.nix

@@ -20,7 +20,7 @@ in
       enable = lib.mkEnableOption "nixseparatedebuginfod2, a debuginfod server providing source and debuginfo for nix packages";
       port = lib.mkOption {
         description = "port to listen";
-        default = 1950;
+        default = 1949;
         type = lib.types.port;
       };
       package = lib.mkPackageOption pkgs "nixseparatedebuginfod2" { };

nixos/tests/nixseparatedebuginfod.nix

@@ -1,83 +0,0 @@
-{ pkgs, lib, ... }:
-let
-  secret-key = "key-name:/COlMSRbehSh6YSruJWjL+R0JXQUKuPEn96fIb+pLokEJUjcK/2Gv8Ai96D7JGay5gDeUTx5wdpPgNvum9YtwA==";
-  public-key = "key-name:BCVI3Cv9hr/AIveg+yRmsuYA3lE8ecHaT4Db7pvWLcA=";
-in
-{
-  name = "nixseparatedebuginfod";
-  # A binary cache with debug info and source for gnumake
-  nodes.cache =
-    { pkgs, ... }:
-    {
-      services.nix-serve = {
-        enable = true;
-        secretKeyFile = builtins.toFile "secret-key" secret-key;
-        openFirewall = true;
-      };
-      system.extraDependencies = [
-        pkgs.gnumake.debug
-        pkgs.gnumake.src
-        pkgs.sl
-      ];
-    };
-  # the machine where we need the debuginfo
-  nodes.machine = {
-    imports = [
-      ../modules/installer/cd-dvd/channel.nix
-    ];
-    services.nixseparatedebuginfod.enable = true;
-    nix.settings = {
-      substituters = lib.mkForce [ "http://cache:5000" ];
-      trusted-public-keys = [ public-key ];
-    };
-    environment.systemPackages = [
-      pkgs.valgrind
-      pkgs.gdb
-      pkgs.gnumake
-      (pkgs.writeShellScriptBin "wait_for_indexation" ''
-        set -x
-        while debuginfod-find debuginfo /run/current-system/sw/bin/make |& grep 'File too large'; do
-          sleep 1;
-        done
-      '')
-    ];
-  };
-  testScript = ''
-    start_all()
-    cache.wait_for_unit("nix-serve.service")
-    cache.wait_for_open_port(5000)
-    machine.wait_for_unit("nixseparatedebuginfod.service")
-    machine.wait_for_open_port(1949)
-
-    with subtest("show the config to debug the test"):
-      machine.succeed("nix --extra-experimental-features nix-command show-config |& logger")
-      machine.succeed("cat /etc/nix/nix.conf |& logger")
-    with subtest("check that the binary cache works"):
-      machine.succeed("nix-store -r ${pkgs.sl}")
-
-    # nixseparatedebuginfod needs .drv to associate executable -> source
-    # on regular systems this would be provided by nixos-rebuild
-    machine.succeed("nix-instantiate '<nixpkgs>' -A gnumake")
-
-    machine.succeed("timeout 600 wait_for_indexation")
-
-    # test debuginfod-find
-    machine.succeed("debuginfod-find debuginfo /run/current-system/sw/bin/make")
-
-    # test that gdb can fetch source
-    out = machine.succeed("gdb /run/current-system/sw/bin/make --batch -x ${builtins.toFile "commands" ''
-      start
-      l
-    ''}")
-    print(out)
-    assert 'main (int argc, char **argv, char **envp)' in out
-
-    # test that valgrind can display location information
-    # this relies on the fact that valgrind complains about gnumake
-    # because we also ask valgrind to show leak kinds
-    # which are usually false positives.
-    out = machine.succeed("valgrind --leak-check=full --show-leak-kinds=all make --version 2>&1")
-    print(out)
-    assert 'main.c' in out
-  '';
-}

nixos/tests/nixseparatedebuginfod2.nix

@@ -45,7 +45,7 @@
     cache.wait_for_unit("nginx.service")
     cache.wait_for_open_port(80)
     machine.wait_for_unit("nixseparatedebuginfod2.service")
-    machine.wait_for_open_port(1950)
+    machine.wait_for_open_port(1949)
 
     with subtest("check that the binary cache works"):
       machine.succeed("nix-store --extra-substituters http://cache --option require-sigs false -r ${pkgs.sl}")

pkgs/by-name/ni/nixseparatedebuginfod/package.nix

@@ -1,52 +0,0 @@
-{
-  lib,
-  fetchFromGitHub,
-  rustPlatform,
-  libarchive,
-  openssl,
-  rust-jemalloc-sys,
-  sqlite,
-  pkg-config,
-  nixosTests,
-}:
-
-rustPlatform.buildRustPackage rec {
-  pname = "nixseparatedebuginfod";
-  version = "0.4.0";
-
-  src = fetchFromGitHub {
-    owner = "symphorien";
-    repo = "nixseparatedebuginfod";
-    rev = "v${version}";
-    hash = "sha256-sVQ6UgQvSTEIxXPxISeTI9tqAdJlxQpLxq1h4I31r6k=";
-  };
-
-  cargoHash = "sha256-vaCmRr1hXF0BSg/dl3LYyd7c1MdPKIv6KgDgGEzqqJQ=";
-
-  # tests need a working nix install with access to the internet
-  doCheck = false;
-
-  buildInputs = [
-    libarchive
-    openssl
-    rust-jemalloc-sys
-    sqlite
-  ];
-
-  nativeBuildInputs = [ pkg-config ];
-
-  passthru = {
-    tests = {
-      inherit (nixosTests) nixseparatedebuginfod;
-    };
-  };
-
-  meta = with lib; {
-    description = "Downloads and provides debug symbols and source code for nix derivations to gdb and other debuginfod-capable debuggers as needed";
-    homepage = "https://github.com/symphorien/nixseparatedebuginfod";
-    license = licenses.gpl3Only;
-    maintainers = [ maintainers.symphorien ];
-    platforms = platforms.linux;
-    mainProgram = "nixseparatedebuginfod";
-  };
-}