dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

rfmakecloud: 0.0.18 -> 0.0.21 (#356963)

Browse Source
This commit is contained in:
tomberek 2024-11-22 00:35:19 -05:00 committed by GitHub
commit a42bdea0a7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 123 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nixos/modules/services/misc/rmfakecloud.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
@ -6,18 +11,13 @@ let
cfg = config.services.rmfakecloud; cfg = config.services.rmfakecloud;
serviceDataDir = "/var/lib/rmfakecloud"; serviceDataDir = "/var/lib/rmfakecloud";
in { in
{
options = { options = {
services.rmfakecloud = { services.rmfakecloud = {
enable = mkEnableOption "rmfakecloud remarkable self-hosted cloud"; enable = mkEnableOption "rmfakecloud remarkable self-hosted cloud";
package = mkPackageOption pkgs "rmfakecloud" { package = mkPackageOption pkgs "rmfakecloud" { };
extraDescription = ''
::: {.note}
The default does not include the web user interface.
:::
'';
};
storageUrl = mkOption { storageUrl = mkOption {
type = types.str; type = types.str;
@ -36,7 +36,12 @@ in {
}; };
logLevel = mkOption { logLevel = mkOption {
type = types.enum [ "info" "debug" "warn" "error" ]; type = types.enum [
"info"
"debug"
"warn"
"error"
];
default = "info"; default = "info";
description = '' description = ''
Logging level. Logging level.
@ -46,7 +51,9 @@ in {
extraSettings = mkOption { extraSettings = mkOption {
type = with types; attrsOf str; type = with types; attrsOf str;
default = { }; default = { };
example = { DATADIR = "/custom/path/for/rmfakecloud/data"; }; example = {
DATADIR = "/custom/path/for/rmfakecloud/data";
};
description = '' description = ''
Extra settings in the form of a set of key-value pairs. Extra settings in the form of a set of key-value pairs.
For tokens and secrets, use `environmentFile` instead. For tokens and secrets, use `environmentFile` instead.
@ -106,11 +113,9 @@ in {
Type = "simple"; Type = "simple";
Restart = "always"; Restart = "always";
EnvironmentFile = EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
mkIf (cfg.environmentFile != null) cfg.environmentFile;
AmbientCapabilities = AmbientCapabilities = mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
DynamicUser = true; DynamicUser = true;
PrivateDevices = true; PrivateDevices = true;
@ -128,7 +133,10 @@ in {
ProtectProc = "invisible"; ProtectProc = "invisible";
ProcSubset = "pid"; ProcSubset = "pid";
RemoveIPC = true; RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;

1
nixos/tests/all-tests.nix
View File

@ -876,6 +876,7 @@ in {
retroarch = handleTest ./retroarch.nix {}; retroarch = handleTest ./retroarch.nix {};
rke2 = handleTestOn ["aarch64-linux" "x86_64-linux"] ./rke2 {}; rke2 = handleTestOn ["aarch64-linux" "x86_64-linux"] ./rke2 {};
rkvm = handleTest ./rkvm {}; rkvm = handleTest ./rkvm {};
rmfakecloud = runTest ./rmfakecloud.nix;
robustirc-bridge = handleTest ./robustirc-bridge.nix {}; robustirc-bridge = handleTest ./robustirc-bridge.nix {};
roundcube = handleTest ./roundcube.nix {}; roundcube = handleTest ./roundcube.nix {};
rosenpass = handleTest ./rosenpass.nix {}; rosenpass = handleTest ./rosenpass.nix {};

67
nixos/tests/rmfakecloud.nix Normal file
View File

@ -0,0 +1,67 @@
{ pkgs, ... }:
{
name = "rmfakecloud";
meta = with pkgs.lib.maintainers; {
maintainers = [ martinetd ];
};
nodes.machine = {
services.rmfakecloud = {
enable = true;
storageUrl = "https://local.appspot.com";
};
};
testScript = ''
machine.wait_for_unit("rmfakecloud.service")
machine.wait_for_open_port(3000)
# first login creates user
login_token = machine.succeed("""
curl -sSf -b cookie -c cookie -H "Content-Type: application/json" \
-d'{"email":"test","password":"test"}' -X POST \
http://localhost:3000/ui/api/login
""")
# subsequent different pass or mail should fail, but same login works
machine.fail("""
curl -sSf -H "Content-Type: application/json" \
-d'{"email":"test","password":"test2"}' -X POST \
http://localhost:3000/ui/api/login
""")
machine.fail("""
curl -sSf -H "Content-Type: application/json" \
-d'{"email":"test2","password":"test"}' -X POST
http://localhost:3000/ui/api/login
""")
machine.succeed("""
curl -sSf -H "Content-Type: application/json" \
-d'{"email":"test","password":"test"}' -X POST \
http://localhost:3000/ui/api/login
""")
# can get code from cookie or bearer
machine.succeed("""
curl -sSf -b cookie -c cookie http://localhost:3000/ui/api/newcode
""")
newcode = machine.succeed(f"""
curl -sSf -H "Authorization: Bearer {login_token}" \
http://localhost:3000/ui/api/newcode
""").strip('"')
# ... but not junk
machine.fail(f"""
curl -sSf -H "Authorization: Bearer abc{login_token}" \
http://localhost:3000/ui/api/newcode
""")
# can connect "device" with said code
machine.succeed(f"""
curl -sSf -d '{{"code":"{newcode}", "deviceDesc": "desc", "deviceID":"rm100-123"}}' \
http://localhost:3000/token/json/2/device/new
""")
# for future improvements
machine.log(machine.execute("systemd-analyze security rmfakecloud.service")[1])
'';
}

42
pkgs/by-name/rm/rmfakecloud/package.nix
View File

@ -1,36 +1,54 @@
{ lib, fetchFromGitHub, buildGoModule, callPackage, enableWebui ? true }: {
lib,
fetchFromGitHub,
buildGoModule,
callPackage,
enableWebui ? true,
nixosTests,
}:
buildGoModule rec { buildGoModule rec {
pname = "rmfakecloud"; pname = "rmfakecloud";
version = "0.0.18"; version = "0.0.21";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ddvk"; owner = "ddvk";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
hash = "sha256-J8oB5C5FYZTVq9zopHoL6WYpfTyiiyrQ4YSGu+2eaKw="; hash = "sha256-Opx39FUo4Kzezi96D9iraA8gkqCPVfMf4LhxtVpsuNQ=";
}; };
vendorHash = "sha256-S43qNDAlDWhrkfSffCooveemR1Z7KXS18t97UoolgBM="; vendorHash = "sha256-9tfxE03brUvCYusmewiqNpCkKyIS9qePqylrzDWrJLY=";
ui = callPackage ./webui.nix { inherit version src; }; ui = callPackage ./webui.nix { inherit version src; };
postPatch = if enableWebui then '' postPatch =
mkdir -p ui/build if enableWebui then
cp -r ${ui}/* ui/build ''
'' else '' mkdir -p ui/build
sed -i '/go:/d' ui/assets.go cp -r ${ui}/* ui/build
''; ''
else
''
sed -i '/go:/d' ui/assets.go
'';
ldflags = [ ldflags = [
"-s" "-w" "-X main.version=v${version}" "-s"
"-w"
"-X main.version=v${version}"
]; ];
passthru.tests.rmfakecloud = nixosTests.rmfakecloud;
meta = with lib; { meta = with lib; {
description = "Host your own cloud for the Remarkable"; description = "Host your own cloud for the Remarkable";
homepage = "https://ddvk.github.io/rmfakecloud/"; homepage = "https://ddvk.github.io/rmfakecloud/";
license = licenses.agpl3Only; license = licenses.agpl3Only;
maintainers = with maintainers; [ pacien martinetd ]; maintainers = with maintainers; [
pacien
martinetd
];
mainProgram = "rmfakecloud"; mainProgram = "rmfakecloud";
}; };
} }

2
pkgs/by-name/rm/rmfakecloud/webui.nix
View File

@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
yarnOfflineCache = fetchYarnDeps { yarnOfflineCache = fetchYarnDeps {
yarnLock = "${src}/ui/yarn.lock"; yarnLock = "${src}/ui/yarn.lock";
hash = "sha256-JLCrpzytMKejmW+WlM6yybsoIZiimiJdPG5dSIn1L14="; hash = "sha256-9//uQ4ZLLTf2N1WSwsOwFjBuDmThuMtMXU4SzMljAMM=";
}; };
nativeBuildInputs = [ fixup-yarn-lock yarn nodejs ]; nativeBuildInputs = [ fixup-yarn-lock yarn nodejs ];