From 4959d7bcd8f41d05a29fed8cb86a0456a1cf557f Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Sun, 7 Apr 2024 13:43:35 -0700 Subject: [PATCH 1/4] nixos/soju: add package option --- nixos/modules/services/networking/soju.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/soju.nix b/nixos/modules/services/networking/soju.nix index d69ec08ca13a0c..34798d15194d3f 100644 --- a/nixos/modules/services/networking/soju.nix +++ b/nixos/modules/services/networking/soju.nix @@ -29,6 +29,8 @@ in options.services.soju = { enable = mkEnableOption (lib.mdDoc "soju"); + package = mkPackageOption pkgs "soju" { }; + listen = mkOption { type = types.listOf types.str; default = [ ":6697" ]; @@ -115,7 +117,7 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; - ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}"; + ExecStart = "${cfg.package}/bin/soju -config ${configFile}"; StateDirectory = "soju"; }; }; From 5207bb723ab36f402a5705f43d97eb49d342540a Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Sun, 1 Oct 2023 17:35:27 -0700 Subject: [PATCH 2/4] nixos/soju: add adminSocket.enable option --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ nixos/modules/services/networking/soju.nix | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 858f1d2a61382b..b42acbfebaa2d8 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -485,6 +485,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. +- `services.soju` now has the option `adminSocket.enable`. This option defaults to `true`, and creates a unix admin socket at `/run/soju/admin`. + - Gitea 1.21 upgrade has several breaking changes, including: - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command. diff --git a/nixos/modules/services/networking/soju.nix b/nixos/modules/services/networking/soju.nix index 34798d15194d3f..f3a7dc1eea019e 100644 --- a/nixos/modules/services/networking/soju.nix +++ b/nixos/modules/services/networking/soju.nix @@ -5,7 +5,10 @@ with lib; let cfg = config.services.soju; stateDir = "/var/lib/soju"; - listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen; + runtimeDir = "/run/soju"; + listen = cfg.listen + ++ optional cfg.adminSocket.enable "unix+admin://${runtimeDir}/admin"; + listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") listen; tlsCfg = optionalString (cfg.tlsCertificate != null) "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}"; logCfg = optionalString cfg.enableMessageLogging @@ -68,6 +71,14 @@ in description = lib.mdDoc "Whether to enable message logging."; }; + adminSocket.enable = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Listen for admin connections from sojuctl at /run/soju/admin. + ''; + }; + httpOrigins = mkOption { type = types.listOf types.str; default = []; @@ -119,6 +130,7 @@ in Restart = "always"; ExecStart = "${cfg.package}/bin/soju -config ${configFile}"; StateDirectory = "soju"; + RuntimeDirectory = "soju"; }; }; }; From d772ac182f949c6290b95b7ac6cd24265598d961 Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Sun, 1 Oct 2023 17:36:26 -0700 Subject: [PATCH 3/4] nixos/soju: add sojuctl wrapper with config path The config is a in an arbitrary nix store path, and is necessary to invoke sojuctl. Without the wrapper, you have to read the systemd unit or use a similar trick to find it. --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 +- nixos/modules/services/networking/soju.nix | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index b42acbfebaa2d8..6038bf997d8bf1 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -485,7 +485,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. -- `services.soju` now has the option `adminSocket.enable`. This option defaults to `true`, and creates a unix admin socket at `/run/soju/admin`. +- `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`. - Gitea 1.21 upgrade has several breaking changes, including: - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` diff --git a/nixos/modules/services/networking/soju.nix b/nixos/modules/services/networking/soju.nix index f3a7dc1eea019e..810957be65f576 100644 --- a/nixos/modules/services/networking/soju.nix +++ b/nixos/modules/services/networking/soju.nix @@ -25,6 +25,10 @@ let ${cfg.extraConfig} ''; + + sojuctl = pkgs.writeShellScriptBin "sojuctl" '' + exec ${cfg.package}/bin/sojuctl --config ${configFile} "$@" + ''; in { ###### interface @@ -120,6 +124,8 @@ in } ]; + environment.systemPackages = [ sojuctl ]; + systemd.services.soju = { description = "soju IRC bouncer"; wantedBy = [ "multi-user.target" ]; From e9fed4bcad77e0d04a77a42886d51282f96c2163 Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Sun, 1 Oct 2023 17:56:37 -0700 Subject: [PATCH 4/4] nixos/soju: add tests For now, just try creating a user with sojuctl. Actually connecting an irc client is pretty annoying. --- nixos/tests/all-tests.nix | 1 + nixos/tests/soju.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 nixos/tests/soju.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index cc8f5959f006d5..816fa3b8cd84a2 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -821,6 +821,7 @@ in { soapui = handleTest ./soapui.nix {}; soft-serve = handleTest ./soft-serve.nix {}; sogo = handleTest ./sogo.nix {}; + soju = handleTest ./soju.nix {}; solanum = handleTest ./solanum.nix {}; sonarr = handleTest ./sonarr.nix {}; sonic-server = handleTest ./sonic-server.nix {}; diff --git a/nixos/tests/soju.nix b/nixos/tests/soju.nix new file mode 100644 index 00000000000000..23da36f7b3aba0 --- /dev/null +++ b/nixos/tests/soju.nix @@ -0,0 +1,31 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +let + certs = import ./common/acme/server/snakeoil-certs.nix; + domain = certs.domain; + + user = "testuser"; + pass = "hunter2"; +in +{ + name = "soju"; + meta.maintainers = with lib.maintainers; [ Benjamin-L ]; + + nodes.machine = { ... }: { + services.soju = { + enable = true; + adminSocket.enable = true; + hostName = domain; + tlsCertificate = certs.${domain}.cert; + tlsCertificateKey = certs.${domain}.key; + }; + }; + + testScript = '' + start_all() + + machine.wait_for_unit("soju") + machine.wait_for_file("/run/soju/admin") + + machine.succeed("sojuctl user create -username ${user} -password ${pass}") + ''; +})