feat: Add nginx module

This commit is contained in:
sinavir 2024-07-19 10:51:57 +02:00
parent e2f7711bbb
commit fa45ea4779
7 changed files with 138 additions and 129 deletions

View file

@ -24,6 +24,7 @@ let
};
in
{
imports = [ ./nginx.nix ];
options = {
services.tvix-binary-cache = {
enable = lib.mkEnableOption "BinaryCache using tvix ca-store";

37
modules/nginx.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib, config, ... }:
{
options = {
services.tvix-binary-cache = {
enableNginx = lib.mkEnableOption "nginx reverse proxy for each binary cache";
nginx = {
clientMaxBodySize = lib.mkOption {
type = lib.types.str;
default = "10m";
example = "50G";
};
host = lib.mkOption {
type = lib.types.str;
example = "cache.example.com";
};
};
};
};
config = {
services.nginx = lib.mkIf config.services.tvix-binary-cache.enableNginx {
enable = true;
recommendedProxySettings = true;
virtualHosts.${config.services.tvix-binary-cache.nginx.host} = {
default = true;
locations = lib.mkMerge (
lib.mapAttrsToList (name: cfg: {
"/${name}".return = "302 /${name}/";
"/${name}/" = {
proxyPass = "http://localhost:${toString cfg.port}/";
};
}) config.services.tvix-binary-cache.caches
);
};
inherit (config.services.tvix-binary-cache.nginx) clientMaxBodySize;
};
};
}

View file

@ -1,65 +0,0 @@
{ pkgs }:
let
inherit (pkgs) hello;
in
pkgs.testers.runNixOSTest (_: {
name = "cache smoke test";
nodes.machine =
{ config, ... }:
{
imports = [
./common
../modules
];
system.extraDependencies = [ hello ];
services.tvix-binary-cache = {
enable = true;
caches = {
one.port = 8000;
two.port = 8001;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts.cache = {
default = true;
locations = {
"/one".return = "302 /one/";
"/one/" = {
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.one.port}/";
};
"/two".return = "302 /two/";
"/two/" = {
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.two.port}/";
};
};
extraConfig = "client_max_body_size 1G;";
};
};
};
testScript = ''
import sys
import time
start_all()
machine.wait_for_unit("nginx.service")
machine.wait_for_unit("nar-bridge-one.service")
machine.wait_for_unit("nar-bridge-two.service")
time.sleep(1)
with subtest("Nar bridge home"):
out = machine.succeed("curl -L http://127.0.0.1/one")
if out != "nar-bridge":
sys.exit(1)
with subtest("Nar upload"):
machine.succeed("nix copy --to 'http://127.0.0.1/one/?compression=none' ${hello}")
with subtest("narinfo retrieve"):
narHash = "${hello}"[11:11+32]
machine.succeed(f"curl -f 'http://127.0.0.1/one/{narHash}.narinfo'")
machine.fail(f"curl -f 'http://127.0.0.1/two/{narHash}.narinfo'")
'';
})

View file

@ -4,7 +4,7 @@
pkgs ? import nixpkgs { overlays = [ (import ../pkgs/overlay.nix) ]; },
}:
{
basic = pkgs.callPackage ./basic.nix { };
multi-cache = pkgs.callPackage ./multi-cache.nix { };
ingest = pkgs.callPackage ./ingest.nix { };
signature = pkgs.callPackage ./signature.nix { };
substitution = pkgs.callPackage ./substitution.nix { };
}

View file

@ -11,43 +11,31 @@ in
pkgs.testers.runNixOSTest (_: {
name = "cache signature upload test";
nodes = {
cache =
{ config, ... }:
{
imports = [
./common
../modules
];
cache = {
imports = [
./common
../modules
];
system.extraDependencies = [
hello
references
];
system.extraDependencies = [
hello
references
];
services.tvix-binary-cache = {
enable = true;
caches = {
cache.port = 8000;
};
services.tvix-binary-cache = {
enable = true;
enableNginx = true;
nginx = {
clientMaxBodySize = "50G";
host = "cache";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts.cache = {
default = true;
locations = {
"/cache".return = "302 /cache/";
"/cache/" = {
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/";
};
};
extraConfig = "client_max_body_size 1G;";
};
caches = {
cache.port = 8000;
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
testScript = ''
import time

57
tests/multi-cache.nix Normal file
View file

@ -0,0 +1,57 @@
{ pkgs }:
let
inherit (pkgs) hello;
in
pkgs.testers.runNixOSTest (_: {
name = "cache multi-cache smoke test";
nodes.machine = {
imports = [
./common
../modules
];
system.extraDependencies = [ hello ];
services.tvix-binary-cache = {
enable = true;
enableNginx = true;
nginx = {
clientMaxBodySize = "50G";
host = "cache";
};
caches = {
one.port = 8000;
two.port = 8001;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts.cache = {
default = true;
};
};
};
testScript = ''
import sys
import time
start_all()
machine.wait_for_unit("nginx.service")
machine.wait_for_unit("nar-bridge-one.service")
machine.wait_for_unit("nar-bridge-two.service")
time.sleep(1)
with subtest("Nar bridge home"):
out = machine.succeed("curl -L http://127.0.0.1/one")
if out != "nar-bridge":
sys.exit(1)
with subtest("Nar upload"):
machine.succeed("nix copy --to 'http://127.0.0.1/one/?compression=none' ${hello}")
with subtest("narinfo retrieve"):
narHash = "${hello}"[11:11+32]
machine.succeed(f"curl -f 'http://127.0.0.1/one/{narHash}.narinfo'")
machine.fail(f"curl -f 'http://127.0.0.1/two/{narHash}.narinfo'")
'';
})

View file

@ -4,42 +4,33 @@ let
inherit (pkgs) hello;
in
pkgs.testers.runNixOSTest (_: {
name = "cache signature upload test";
name = "cache substitution test";
nodes = {
cache =
{ config, ... }:
{
imports = [
./common
../modules
];
cache = {
imports = [
./common
../modules
];
system.extraDependencies = [ hello ];
system.extraDependencies = [ hello ];
services.tvix-binary-cache = {
enable = true;
caches = {
cache.port = 8000;
};
services.tvix-binary-cache = {
enable = true;
enableNginx = true;
nginx = {
clientMaxBodySize = "50G";
host = "cache";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts.cache = {
default = true;
locations = {
"/cache".return = "302 /cache/";
"/cache/" = {
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/";
};
};
extraConfig = "client_max_body_size 1G;";
};
caches = {
cache.port = 8000;
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
services.nginx.virtualHosts.cache = {
default = true;
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
client =
{ lib, ... }:
{