mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 19:21:04 +00:00
Code Issues Wiki Activity

nixos/devpi-server: init

Browse source 
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
This commit is contained in:
Christina Sørensen 2024-04-19 13:26:38 +02:00
parent cbd5dc6763
commit 52e0ad744d
No known key found for this signature in database
GPG key ID: 26C542FD97F965CE
5 changed files with 171 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/module-list.nix
View file

@ -694,6 +694,7 @@
./services/misc/cpuminer-cryptonight.nix ./services/misc/cpuminer-cryptonight.nix
./services/misc/db-rest.nix ./services/misc/db-rest.nix
./services/misc/devmon.nix ./services/misc/devmon.nix
./services/misc/devpi-server.nix
./services/misc/dictd.nix ./services/misc/dictd.nix
./services/misc/disnix.nix ./services/misc/disnix.nix
./services/misc/docker-registry.nix ./services/misc/docker-registry.nix

128
nixos/modules/services/misc/devpi-server.nix Normal file
View file

@ -0,0 +1,128 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.services.devpi-server;
secretsFileName = "devpi-secret-file";
stateDirName = "devpi";
runtimeDir = "/run/${stateDirName}";
serverDir = "/var/lib/${stateDirName}";
in
{
options.services.devpi-server = {
enable = mkEnableOption "Devpi Server";
package = mkPackageOption pkgs "devpi-server" { };
primaryUrl = mkOption {
type = types.str;
description = "Url for the primary node. Required option for replica nodes.";
};
replica = mkOption {
type = types.bool;
default = false;
description = ''
Run node as a replica.
Requires the secretFile option and the primaryUrl to be enabled.
'';
};
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a shared secret file used for synchronization,
Required for all nodes in a replica/primary setup.
'';
};
host = mkOption {
type = types.str;
default = "localhost";
description = ''
domain/ip address to listen on
'';
};
port = mkOption {
type = types.port;
default = 3141;
description = "The port on which Devpi Server will listen.";
};
openFirewall = mkEnableOption "opening the default ports in the firewall for Devpi Server";
};
config = mkIf cfg.enable {
systemd.services.devpi-server = {
enable = true;
description = "devpi PyPI-compatible server";
documentation = [ "https://devpi.net/docs/devpi/devpi/stable/+d/index.html" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
# Since at least devpi-server 6.10.0, devpi requires the secrets file to
# have 0600 permissions.
preStart =
''
cp ${cfg.secretFile} ${runtimeDir}/${secretsFileName}
chmod 0600 ${runtimeDir}/*${secretsFileName}
if [ -f ${serverDir}/.nodeinfo ]; then
# already initialized the package index, exit gracefully
exit 0
fi
${cfg.package}/bin/devpi-init --serverdir ${serverDir} ''
+ strings.optionalString cfg.replica "--role=replica --master-url=${cfg.primaryUrl}";
serviceConfig = {
Restart = "always";
ExecStart =
let
args =
[
"--request-timeout=5"
"--serverdir=${serverDir}"
"--host=${cfg.host}"
"--port=${builtins.toString cfg.port}"
]
++ lib.optionals (! isNull cfg.secretFile) [
"--secretfile=${runtimeDir}/${secretsFileName}"
]
++ (
if cfg.replica then
[
"--role=replica"
"--master-url=${cfg.primaryUrl}"
]
else
[ "--role=master" ]
);
in
"${cfg.package}/bin/devpi-server ${concatStringsSep " " args}";
DynamicUser = true;
StateDirectory = stateDirName;
RuntimeDirectory = stateDirName;
PrivateDevices = true;
PrivateTmp = true;
ProtectHome = true;
ProtectSystem = "strict";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
meta.maintainers = [ cafkafk ];
};
}

1
nixos/tests/all-tests.nix
View file

@ -242,6 +242,7 @@ in {
deepin = handleTest ./deepin.nix {}; deepin = handleTest ./deepin.nix {};
deluge = handleTest ./deluge.nix {}; deluge = handleTest ./deluge.nix {};
dendrite = handleTest ./matrix/dendrite.nix {}; dendrite = handleTest ./matrix/dendrite.nix {};
devpi-server = handleTest ./devpi-server.nix {};
dex-oidc = handleTest ./dex-oidc.nix {}; dex-oidc = handleTest ./dex-oidc.nix {};
dhparams = handleTest ./dhparams.nix {}; dhparams = handleTest ./dhparams.nix {};
disable-installer-tools = handleTest ./disable-installer-tools.nix {}; disable-installer-tools = handleTest ./disable-installer-tools.nix {};

35
nixos/tests/devpi-server.nix Normal file
View file

@ -0,0 +1,35 @@
import ./make-test-python.nix ({pkgs, ...}: let
server-port = 3141;
in {
name = "devpi-server";
meta = with pkgs.lib.maintainers; {
maintainers = [cafkafk];
};
nodes = {
devpi = {...}: {
services.devpi-server = {
enable = true;
host = "0.0.0.0";
port = server-port;
openFirewall = true;
secretFile = pkgs.writeText "devpi-secret" "v263P+V3YGDYUyfYL/RBURw+tCPMDw94R/iCuBNJrDhaYrZYjpA6XPFVDDH8ViN20j77y2PHoMM/U0opNkVQ2g==";
};
};
client1 = {...}: {
environment.systemPackages = with pkgs; [
devpi-client
jq
];
};
};
testScript = ''
start_all()
devpi.wait_for_unit("devpi-server.service")
devpi.wait_for_open_port(${builtins.toString server-port})
client1.succeed("devpi getjson http://devpi:${builtins.toString server-port}")
'';
})

8
pkgs/development/tools/devpi-server/default.nix
View file

@ -23,6 +23,7 @@
, webtest , webtest
, testers , testers
, devpi-server , devpi-server
, nixosTests
}: }:
@ -108,8 +109,11 @@ buildPythonApplication rec {
"devpi_server" "devpi_server"
]; ];
passthru.tests.version = testers.testVersion { passthru.tests = {
package = devpi-server; devpi-server = nixosTests.devpi-server;
version = testers.testVersion {
package = devpi-server;
};
}; };
meta = with lib;{ meta = with lib;{