diff --git a/modules/default.nix b/modules/default.nix index 1024d6f..6404c59 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -24,6 +24,7 @@ let }; in { + imports = [ ./nginx.nix ]; options = { services.tvix-binary-cache = { enable = lib.mkEnableOption "BinaryCache using tvix ca-store"; diff --git a/modules/nginx.nix b/modules/nginx.nix new file mode 100644 index 0000000..49c4dc8 --- /dev/null +++ b/modules/nginx.nix @@ -0,0 +1,37 @@ +{ lib, config, ... }: +{ + options = { + services.tvix-binary-cache = { + enableNginx = lib.mkEnableOption "nginx reverse proxy for each binary cache"; + nginx = { + clientMaxBodySize = lib.mkOption { + type = lib.types.str; + default = "10m"; + example = "50G"; + }; + host = lib.mkOption { + type = lib.types.str; + example = "cache.example.com"; + }; + }; + }; + }; + config = { + services.nginx = lib.mkIf config.services.tvix-binary-cache.enableNginx { + enable = true; + recommendedProxySettings = true; + virtualHosts.${config.services.tvix-binary-cache.nginx.host} = { + default = true; + locations = lib.mkMerge ( + lib.mapAttrsToList (name: cfg: { + "/${name}".return = "302 /${name}/"; + "/${name}/" = { + proxyPass = "http://localhost:${toString cfg.port}/"; + }; + }) config.services.tvix-binary-cache.caches + ); + }; + inherit (config.services.tvix-binary-cache.nginx) clientMaxBodySize; + }; + }; +} diff --git a/tests/basic.nix b/tests/basic.nix deleted file mode 100644 index d89c81b..0000000 --- a/tests/basic.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs }: -let - inherit (pkgs) hello; -in -pkgs.testers.runNixOSTest (_: { - name = "cache smoke test"; - nodes.machine = - { config, ... }: - { - imports = [ - ./common - ../modules - ]; - - system.extraDependencies = [ hello ]; - - services.tvix-binary-cache = { - enable = true; - caches = { - one.port = 8000; - two.port = 8001; - }; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts.cache = { - default = true; - locations = { - "/one".return = "302 /one/"; - "/one/" = { - proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.one.port}/"; - }; - "/two".return = "302 /two/"; - "/two/" = { - proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.two.port}/"; - }; - }; - extraConfig = "client_max_body_size 1G;"; - - }; - }; - }; - testScript = '' - import sys - import time - start_all() - machine.wait_for_unit("nginx.service") - machine.wait_for_unit("nar-bridge-one.service") - machine.wait_for_unit("nar-bridge-two.service") - time.sleep(1) - with subtest("Nar bridge home"): - out = machine.succeed("curl -L http://127.0.0.1/one") - if out != "nar-bridge": - sys.exit(1) - with subtest("Nar upload"): - machine.succeed("nix copy --to 'http://127.0.0.1/one/?compression=none' ${hello}") - with subtest("narinfo retrieve"): - narHash = "${hello}"[11:11+32] - machine.succeed(f"curl -f 'http://127.0.0.1/one/{narHash}.narinfo'") - machine.fail(f"curl -f 'http://127.0.0.1/two/{narHash}.narinfo'") - - ''; -}) diff --git a/tests/default.nix b/tests/default.nix index 7a712b5..54f18a0 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -4,7 +4,7 @@ pkgs ? import nixpkgs { overlays = [ (import ../pkgs/overlay.nix) ]; }, }: { - basic = pkgs.callPackage ./basic.nix { }; + multi-cache = pkgs.callPackage ./multi-cache.nix { }; ingest = pkgs.callPackage ./ingest.nix { }; - signature = pkgs.callPackage ./signature.nix { }; + substitution = pkgs.callPackage ./substitution.nix { }; } diff --git a/tests/ingest.nix b/tests/ingest.nix index ad281b3..53286db 100644 --- a/tests/ingest.nix +++ b/tests/ingest.nix @@ -11,43 +11,31 @@ in pkgs.testers.runNixOSTest (_: { name = "cache signature upload test"; nodes = { - cache = - { config, ... }: - { - imports = [ - ./common - ../modules - ]; + cache = { + imports = [ + ./common + ../modules + ]; - system.extraDependencies = [ - hello - references - ]; + system.extraDependencies = [ + hello + references + ]; - services.tvix-binary-cache = { - enable = true; - caches = { - cache.port = 8000; - }; + services.tvix-binary-cache = { + enable = true; + enableNginx = true; + nginx = { + clientMaxBodySize = "50G"; + host = "cache"; }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts.cache = { - default = true; - locations = { - "/cache".return = "302 /cache/"; - "/cache/" = { - proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/"; - }; - }; - extraConfig = "client_max_body_size 1G;"; - - }; + caches = { + cache.port = 8000; }; - networking.firewall.allowedTCPPorts = [ 80 ]; }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; }; testScript = '' import time diff --git a/tests/multi-cache.nix b/tests/multi-cache.nix new file mode 100644 index 0000000..90b632d --- /dev/null +++ b/tests/multi-cache.nix @@ -0,0 +1,57 @@ +{ pkgs }: +let + inherit (pkgs) hello; +in +pkgs.testers.runNixOSTest (_: { + name = "cache multi-cache smoke test"; + nodes.machine = { + imports = [ + ./common + ../modules + ]; + + system.extraDependencies = [ hello ]; + + services.tvix-binary-cache = { + enable = true; + enableNginx = true; + nginx = { + clientMaxBodySize = "50G"; + host = "cache"; + }; + + caches = { + one.port = 8000; + two.port = 8001; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts.cache = { + default = true; + }; + }; + }; + testScript = '' + import sys + import time + start_all() + machine.wait_for_unit("nginx.service") + machine.wait_for_unit("nar-bridge-one.service") + machine.wait_for_unit("nar-bridge-two.service") + time.sleep(1) + with subtest("Nar bridge home"): + out = machine.succeed("curl -L http://127.0.0.1/one") + if out != "nar-bridge": + sys.exit(1) + with subtest("Nar upload"): + machine.succeed("nix copy --to 'http://127.0.0.1/one/?compression=none' ${hello}") + with subtest("narinfo retrieve"): + narHash = "${hello}"[11:11+32] + machine.succeed(f"curl -f 'http://127.0.0.1/one/{narHash}.narinfo'") + machine.fail(f"curl -f 'http://127.0.0.1/two/{narHash}.narinfo'") + + ''; +}) diff --git a/tests/signature.nix b/tests/substitution.nix similarity index 59% rename from tests/signature.nix rename to tests/substitution.nix index 5043f80..dd3b8ff 100644 --- a/tests/signature.nix +++ b/tests/substitution.nix @@ -4,42 +4,33 @@ let inherit (pkgs) hello; in pkgs.testers.runNixOSTest (_: { - name = "cache signature upload test"; + name = "cache substitution test"; nodes = { - cache = - { config, ... }: - { - imports = [ - ./common - ../modules - ]; + cache = { + imports = [ + ./common + ../modules + ]; - system.extraDependencies = [ hello ]; + system.extraDependencies = [ hello ]; - services.tvix-binary-cache = { - enable = true; - caches = { - cache.port = 8000; - }; + services.tvix-binary-cache = { + enable = true; + enableNginx = true; + nginx = { + clientMaxBodySize = "50G"; + host = "cache"; }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts.cache = { - default = true; - locations = { - "/cache".return = "302 /cache/"; - "/cache/" = { - proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/"; - }; - }; - extraConfig = "client_max_body_size 1G;"; - - }; + caches = { + cache.port = 8000; }; - networking.firewall.allowedTCPPorts = [ 80 ]; }; + + services.nginx.virtualHosts.cache = { + default = true; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; + }; client = { lib, ... }: {