movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 13:15:30 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #284419 from ocfox/realm

Browse source
This commit is contained in:
Sandro 2024-07-11 10:46:47 +02:00 committed by GitHub
commit 24cefb01b3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 135 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2411.section.md
View file

@ -30,6 +30,8 @@
- [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable). - [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable).
- [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable).
- [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld). - [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld).
- [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance). - [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance).

1
nixos/modules/module-list.nix
View file

@ -1151,6 +1151,7 @@
./services/networking/radicale.nix ./services/networking/radicale.nix
./services/networking/radvd.nix ./services/networking/radvd.nix
./services/networking/rdnssd.nix ./services/networking/rdnssd.nix
./services/networking/realm.nix
./services/networking/redsocks.nix ./services/networking/redsocks.nix
./services/networking/resilio.nix ./services/networking/resilio.nix
./services/networking/robustirc-bridge.nix ./services/networking/robustirc-bridge.nix

50
nixos/modules/services/networking/realm.nix Normal file
View file

@ -0,0 +1,50 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.services.realm;
configFormat = pkgs.formats.json { };
configFile = configFormat.generate "config.json" cfg.config;
inherit (lib)
mkEnableOption mkPackageOption mkOption mkIf types getExe;
in
{
meta.maintainers = with lib.maintainers; [ ocfox ];
options = {
services.realm = {
enable = mkEnableOption "A simple, high performance relay server written in rust";
package = mkPackageOption pkgs "realm" { };
config = mkOption {
type = types.submodule {
freeformType = configFormat.type;
};
default = { };
description = ''
The realm configuration, see <https://github.com/zhboner/realm#overview> for documentation.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.realm = {
serviceConfig = {
DynamicUser = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectProc = "invisible";
ProtectKernelTunables = true;
ExecStart = "${getExe cfg.package} --config ${configFile}";
AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ];
};
wantedBy = [ "multi-user.target" ];
};
};
}

1
nixos/tests/all-tests.nix
View file

@ -811,6 +811,7 @@ in {
ragnarwm = handleTest ./ragnarwm.nix {}; ragnarwm = handleTest ./ragnarwm.nix {};
rasdaemon = handleTest ./rasdaemon.nix {}; rasdaemon = handleTest ./rasdaemon.nix {};
readarr = handleTest ./readarr.nix {}; readarr = handleTest ./readarr.nix {};
realm = handleTest ./realm.nix {};
redis = handleTest ./redis.nix {}; redis = handleTest ./redis.nix {};
redlib = handleTest ./redlib.nix {}; redlib = handleTest ./redlib.nix {};
redmine = handleTest ./redmine.nix {}; redmine = handleTest ./redmine.nix {};

39
nixos/tests/realm.nix Normal file
View file

@ -0,0 +1,39 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "realm";
meta = {
maintainers = with lib.maintainers; [ ocfox ];
};
nodes.machine = { pkgs, ... }: {
services.nginx = {
enable = true;
statusPage = true;
};
# realm need DNS resolv server to run or use config.dns.nameserver
services.resolved.enable = true;
services.realm = {
enable = true;
config = {
endpoints = [
{
listen = "0.0.0.0:1000";
remote = "127.0.0.1:80";
}
];
};
};
};
testScript = ''
machine.wait_for_unit("nginx.service")
machine.wait_for_unit("realm.service")
machine.wait_for_open_port(80)
machine.wait_for_open_port(1000)
machine.succeed("curl --fail http://localhost:1000/")
'';
})

42
pkgs/by-name/re/realm/package.nix Normal file
View file

@ -0,0 +1,42 @@
{ lib
, rustPlatform
, fetchFromGitHub
, stdenv
, darwin
, nix-update-script
, nixosTests
}:
rustPlatform.buildRustPackage rec {
pname = "realm";
version = "2.6.0";
src = fetchFromGitHub {
owner = "zhboner";
repo = "realm";
rev = "v${version}";
hash = "sha256-G3scFSOxbmR3Q2fkRdg115WN/GCYpys/8Y4JC4YMGdY=";
};
cargoHash = "sha256-EvXafTujqTdQwfK4NXgT7lGKGnrpyP9ouplD6DmJUKU=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
];
env.RUSTC_BOOTSTRAP = 1;
passthru = {
updateScript = nix-update-script { };
tests = { inherit (nixosTests) realm; };
};
meta = with lib; {
description = "A simple, high performance relay server written in rust";
homepage = "https://github.com/zhboner/realm";
mainProgram = "realm";
license = licenses.mit;
maintainers = with maintainers; [ ocfox ];
};
}