Merge pull request #130528 from etu/init-hockeypuck
hockeypuck: init at 2.1.0
This commit is contained in:
commit
bfef28861d
10 changed files with 247 additions and 0 deletions
|
@ -92,6 +92,13 @@
|
|||
<link linkend="opt-snapraid.enable">snapraid</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/hockeypuck/hockeypuck">Hockeypuck</link>,
|
||||
a OpenPGP Key Server. Available as
|
||||
<link linkend="opt-services.hockeypuck.enable">services.hockeypuck</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-incompatibilities">
|
||||
|
|
|
@ -28,6 +28,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
- [snapraid](https://www.snapraid.it/), a backup program for disk arrays.
|
||||
Available as [snapraid](#opt-snapraid.enable).
|
||||
|
||||
- [Hockeypuck](https://github.com/hockeypuck/hockeypuck), a OpenPGP Key Server. Available as [services.hockeypuck](#opt-services.hockeypuck.enable).
|
||||
|
||||
|
||||
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
|
||||
|
||||
|
|
|
@ -886,6 +886,7 @@
|
|||
./services/security/fprot.nix
|
||||
./services/security/haka.nix
|
||||
./services/security/haveged.nix
|
||||
./services/security/hockeypuck.nix
|
||||
./services/security/hologram-server.nix
|
||||
./services/security/hologram-agent.nix
|
||||
./services/security/munge.nix
|
||||
|
|
104
nixos/modules/services/security/hockeypuck.nix
Normal file
104
nixos/modules/services/security/hockeypuck.nix
Normal file
|
@ -0,0 +1,104 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.hockeypuck;
|
||||
settingsFormat = pkgs.formats.toml { };
|
||||
in {
|
||||
meta.maintainers = with lib.maintainers; [ etu ];
|
||||
|
||||
options.services.hockeypuck = {
|
||||
enable = lib.mkEnableOption "Hockeypuck OpenPGP Key Server";
|
||||
|
||||
port = lib.mkOption {
|
||||
default = 11371;
|
||||
type = lib.types.port;
|
||||
description = "HKP port to listen on.";
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
type = settingsFormat.type;
|
||||
default = { };
|
||||
example = lib.literalExample ''
|
||||
{
|
||||
hockeypuck = {
|
||||
loglevel = "INFO";
|
||||
logfile = "/var/log/hockeypuck/hockeypuck.log";
|
||||
indexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
|
||||
vindexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
|
||||
statsTemplate = "''${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
|
||||
webroot = "''${pkgs.hockeypuck-web}/share/webroot";
|
||||
|
||||
hkp.bind = ":''${toString cfg.port}";
|
||||
|
||||
openpgp.db = {
|
||||
driver = "postgres-jsonb";
|
||||
dsn = "database=hockeypuck host=/var/run/postgresql sslmode=disable";
|
||||
};
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Configuration file for hockeypuck, here you can override
|
||||
certain settings (<literal>loglevel</literal> and
|
||||
<literal>openpgp.db.dsn</literal>) by just setting those values.
|
||||
|
||||
For other settings you need to use lib.mkForce to override them.
|
||||
|
||||
This service doesn't provision or enable postgres on your
|
||||
system, it rather assumes that you enable postgres and create
|
||||
the database yourself.
|
||||
|
||||
Example:
|
||||
<literal>
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "hockeypuck" ];
|
||||
ensureUsers = [{
|
||||
name = "hockeypuck";
|
||||
ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES";
|
||||
}];
|
||||
};
|
||||
</literal>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.hockeypuck.settings.hockeypuck = {
|
||||
loglevel = lib.mkDefault "INFO";
|
||||
logfile = "/var/log/hockeypuck/hockeypuck.log";
|
||||
indexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
|
||||
vindexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
|
||||
statsTemplate = "${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
|
||||
webroot = "${pkgs.hockeypuck-web}/share/webroot";
|
||||
|
||||
hkp.bind = ":${toString cfg.port}";
|
||||
|
||||
openpgp.db = {
|
||||
driver = "postgres-jsonb";
|
||||
dsn = lib.mkDefault "database=hockeypuck host=/var/run/postgresql sslmode=disable";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.hockeypuck = {
|
||||
isSystemUser = true;
|
||||
description = "Hockeypuck user";
|
||||
};
|
||||
|
||||
systemd.services.hockeypuck = {
|
||||
description = "Hockeypuck OpenPGP Key Server";
|
||||
after = [ "network.target" "postgresql.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/lib/hockeypuck";
|
||||
User = "hockeypuck";
|
||||
ExecStart = "${pkgs.hockeypuck}/bin/hockeypuck -config ${settingsFormat.generate "config.toml" cfg.settings}";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
LogsDirectory = "hockeypuck";
|
||||
LogsDirectoryMode = "0755";
|
||||
StateDirectory = "hockeypuck";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -174,6 +174,7 @@ in
|
|||
hitch = handleTest ./hitch {};
|
||||
hledger-web = handleTest ./hledger-web.nix {};
|
||||
hocker-fetchdocker = handleTest ./hocker-fetchdocker {};
|
||||
hockeypuck = handleTest ./hockeypuck.nix { };
|
||||
home-assistant = handleTest ./home-assistant.nix {};
|
||||
hostname = handleTest ./hostname.nix {};
|
||||
hound = handleTest ./hound.nix {};
|
||||
|
|
63
nixos/tests/hockeypuck.nix
Normal file
63
nixos/tests/hockeypuck.nix
Normal file
|
@ -0,0 +1,63 @@
|
|||
import ./make-test-python.nix ({ lib, pkgs, ... }:
|
||||
let
|
||||
gpgKeyring = (pkgs.runCommandNoCC "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
|
||||
mkdir -p $out
|
||||
export GNUPGHOME=$out
|
||||
cat > foo <<EOF
|
||||
%echo Generating a basic OpenPGP key
|
||||
%no-protection
|
||||
Key-Type: DSA
|
||||
Key-Length: 1024
|
||||
Subkey-Type: ELG-E
|
||||
Subkey-Length: 1024
|
||||
Name-Real: Foo Example
|
||||
Name-Email: foo@example.org
|
||||
Expire-Date: 0
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
gpg --batch --generate-key foo
|
||||
rm $out/S.gpg-agent $out/S.gpg-agent.*
|
||||
'');
|
||||
in {
|
||||
name = "hockeypuck";
|
||||
meta.maintainers = with lib.maintainers; [ etu ];
|
||||
|
||||
machine = { ... }: {
|
||||
# Used for test
|
||||
environment.systemPackages = [ pkgs.gnupg ];
|
||||
|
||||
services.hockeypuck.enable = true;
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "hockeypuck" ];
|
||||
ensureUsers = [{
|
||||
name = "hockeypuck";
|
||||
ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES";
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("hockeypuck.service")
|
||||
machine.wait_for_open_port(11371)
|
||||
|
||||
response = machine.succeed("curl -vvv -s http://127.0.0.1:11371/")
|
||||
|
||||
assert "<title>OpenPGP Keyserver</title>" in response, "HTML title not found"
|
||||
|
||||
# Copy the keyring
|
||||
machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME")
|
||||
|
||||
# Extract our GPG key id
|
||||
keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip()
|
||||
|
||||
# Send the key to our local keyserver
|
||||
machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId)
|
||||
|
||||
# Recieve the key from our local keyserver to a separate directory
|
||||
machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId)
|
||||
'';
|
||||
})
|
21
pkgs/servers/hockeypuck/server.nix
Normal file
21
pkgs/servers/hockeypuck/server.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
|
||||
|
||||
let
|
||||
sources = (import ./sources.nix) { inherit fetchFromGitHub; };
|
||||
in
|
||||
buildGoModule {
|
||||
inherit (sources) pname version src;
|
||||
|
||||
modRoot = "src/hockeypuck/";
|
||||
vendorSha256 = null;
|
||||
doCheck = false; # Uses networking for tests
|
||||
|
||||
passthru.tests = nixosTests.hockeypuck;
|
||||
|
||||
meta = with lib; {
|
||||
description = "OpenPGP Key Server";
|
||||
homepage = "https://github.com/hockeypuck/hockeypuck";
|
||||
license = licenses.agpl3Plus;
|
||||
maintainers = [ maintainers.etu ];
|
||||
};
|
||||
}
|
16
pkgs/servers/hockeypuck/sources.nix
Normal file
16
pkgs/servers/hockeypuck/sources.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ fetchFromGitHub }:
|
||||
|
||||
let
|
||||
pname = "hockeypuck";
|
||||
version = "2.1.0";
|
||||
in
|
||||
{
|
||||
inherit version pname;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "0da3ffbqck0dr7d89gy2yillp7g9a4ziyjlvrm8vgkkg2fs8dlb1";
|
||||
};
|
||||
}
|
28
pkgs/servers/hockeypuck/web.nix
Normal file
28
pkgs/servers/hockeypuck/web.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ stdenv, lib, fetchFromGitHub, nixosTests }:
|
||||
|
||||
let
|
||||
sources = (import ./sources.nix) { inherit fetchFromGitHub; };
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
pname = "${sources.pname}-web";
|
||||
|
||||
inherit (sources) version src;
|
||||
|
||||
dontBuild = true; # We should just copy the web templates
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/
|
||||
|
||||
cp -vr contrib/webroot $out/share/
|
||||
cp -vr contrib/templates $out/share/
|
||||
'';
|
||||
|
||||
passthru.tests = nixosTests.hockeypuck;
|
||||
|
||||
meta = with lib; {
|
||||
description = "OpenPGP Key Server web resources";
|
||||
homepage = "https://github.com/hockeypuck/hockeypuck";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = [ maintainers.etu ];
|
||||
};
|
||||
}
|
|
@ -5827,6 +5827,10 @@ in
|
|||
lua = lua5;
|
||||
});
|
||||
|
||||
hockeypuck = callPackage ../servers/hockeypuck/server.nix { };
|
||||
|
||||
hockeypuck-web = callPackage ../servers/hockeypuck/web.nix { };
|
||||
|
||||
holochain-go = callPackage ../servers/holochain-go { };
|
||||
|
||||
homesick = callPackage ../tools/misc/homesick { };
|
||||
|
|
Loading…
Reference in a new issue