Loading maintainers/team-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -451,6 +451,7 @@ with lib.maintainers; { # Verify additions to this team with at least one already existing member of the team. members = [ das_j conni2461 ]; scope = "Group registration for packages maintained by Helsinki Systems"; shortName = "Helsinki Systems employees"; Loading nixos/modules/services/databases/redis.nix +3 −2 Original line number Diff line number Diff line Loading @@ -338,7 +338,7 @@ in { after = [ "network.target" ]; serviceConfig = { ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let redisConfVar = "/var/lib/${redisName name}/redis.conf"; redisConfRun = "/run/${redisName name}/nixos.conf"; Loading Loading @@ -391,7 +391,8 @@ in { RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; LockPersonality = true; MemoryDenyWriteExecute = true; # we need to disable MemoryDenyWriteExecute for keydb MemoryDenyWriteExecute = cfg.package.pname != "keydb"; RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; Loading nixos/tests/redis.nix +80 −37 Original line number Diff line number Diff line import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "redis"; meta.maintainers = with lib.maintainers; [ flokli ]; system ? builtins.currentSystem, config ? { }, pkgs ? import ../../.. { inherit system config; }, lib ? pkgs.lib, }: let makeTest = import ./make-test-python.nix; mkTestName = pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; redisPackages = { inherit (pkgs) redis keydb; }; makeRedisTest = { package, name ? mkTestName package, }: makeTest { inherit name; meta.maintainers = [ lib.maintainers.flokli lib.teams.helsinki-systems.members ]; nodes = { machine = { pkgs, lib, ... }: { lib, ... }: { services.redis.servers."".enable = true; services.redis.servers."test".enable = true; services = { redis = { inherit package; servers."".enable = true; servers."test".enable = true; }; }; users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" { users.users = lib.listToAttrs ( map ( suffix: lib.nameValuePair "member${suffix}" { createHome = false; description = "A member of the redis${suffix} group"; isNormalUser = true; extraGroups = [ "redis${suffix}" ]; }) ["" "-test"]); } ) [ "" "-test" ] ); }; }; testScript = { nodes, ... }: let inherit (nodes.machine.config.services) redis; in '' testScript = { nodes, ... }: let inherit (nodes.machine.services) redis; in '' start_all() machine.wait_for_unit("redis") machine.wait_for_unit("redis-test") Loading @@ -34,11 +73,15 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: machine.wait_for_file("${redis.servers."test".unixSocket}") # The unix socket is accessible to the redis group machine.succeed('su member -c "redis-cli ping | grep PONG"') machine.succeed('su member-test -c "redis-cli ping | grep PONG"') machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') machine.succeed("redis-cli ping | grep PONG") machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG") machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG") machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") machine.succeed("${pkgs.redis}/bin/redis-cli -s ${ redis.servers."test".unixSocket } ping | grep PONG") ''; }) }; in lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages pkgs/by-name/ke/keydb/package.nix 0 → 100644 +106 −0 Original line number Diff line number Diff line { stdenv, lib, fetchFromGitHub, libuuid, curl, pkg-config, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd, tlsSupport ? !stdenv.hostPlatform.isStatic, openssl, jemalloc, which, tcl, tcltls, ps, getconf, nixosTests, }: stdenv.mkDerivation rec { pname = "keydb"; version = "6.3.4"; src = fetchFromGitHub { owner = "snapchat"; repo = "keydb"; rev = "v${version}"; hash = "sha256-j6qgK6P3Fv+b6k9jwKQ5zW7XLkKbXXcmHKBCQYvwEIU="; }; postPatch = '' substituteInPlace deps/lua/src/Makefile \ --replace-fail "ar rcu" "${stdenv.cc.targetPrefix}ar rcu" substituteInPlace src/Makefile \ --replace-fail "as --64 -g" "${stdenv.cc.targetPrefix}as --64 -g" ''; nativeBuildInputs = [ pkg-config ]; buildInputs = [ jemalloc curl libuuid ] ++ lib.optionals tlsSupport [ openssl ] ++ lib.optionals withSystemd [ systemd ]; makeFlags = [ "PREFIX=${placeholder "out"}" "AR=${stdenv.cc.targetPrefix}ar" "RANLIB=${stdenv.cc.targetPrefix}ranlib" "USEASM=${if stdenv.isx86_64 then "true" else "false"}" ] ++ lib.optionals (!tlsSupport) [ "BUILD_TLS=no" ] ++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ] ++ lib.optionals (!stdenv.isx86_64) [ "MALLOC=libc" ]; enableParallelBuilding = true; hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ]; # darwin currently lacks a pure `pgrep` which is extensively used here doCheck = !stdenv.isDarwin; nativeCheckInputs = [ which tcl ps ] ++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ] ++ lib.optionals tlsSupport [ tcltls ]; checkPhase = '' runHook preCheck # disable test "Connect multiple replicas at the same time": even # upstream find this test too timing-sensitive substituteInPlace tests/integration/replication.tcl \ --replace-fail 'foreach mdl {no yes}' 'foreach mdl {}' substituteInPlace tests/support/server.tcl \ --replace-fail 'exec /usr/bin/env' 'exec env' sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \ tests/support/util.tcl patchShebangs ./utils/gen-test-certs.sh ${if tlsSupport then "./utils/gen-test-certs.sh" else ""} ./runtest \ --no-latency \ --timeout 2000 \ --clients $NIX_BUILD_CORES \ --tags -leaks ${if tlsSupport then "--tls" else ""} runHook postCheck ''; passthru.tests.redis = nixosTests.redis; passthru.serverBin = "keydb-server"; meta = with lib; { homepage = "https://keydb.dev"; description = "A Multithreaded Fork of Redis"; license = licenses.bsd3; platforms = platforms.all; changelog = "https://github.com/Snapchat/KeyDB/raw/v${version}/00-RELEASENOTES"; maintainers = teams.helsinki-systems.members; mainProgram = "keydb-cli"; }; } pkgs/servers/nosql/redis/default.nix +1 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,7 @@ stdenv.mkDerivation (finalAttrs: { ''; passthru.tests.redis = nixosTests.redis; passthru.serverBin = "redis-server"; meta = with lib; { homepage = "https://redis.io"; Loading Loading
maintainers/team-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -451,6 +451,7 @@ with lib.maintainers; { # Verify additions to this team with at least one already existing member of the team. members = [ das_j conni2461 ]; scope = "Group registration for packages maintained by Helsinki Systems"; shortName = "Helsinki Systems employees"; Loading
nixos/modules/services/databases/redis.nix +3 −2 Original line number Diff line number Diff line Loading @@ -338,7 +338,7 @@ in { after = [ "network.target" ]; serviceConfig = { ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let redisConfVar = "/var/lib/${redisName name}/redis.conf"; redisConfRun = "/run/${redisName name}/nixos.conf"; Loading Loading @@ -391,7 +391,8 @@ in { RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; LockPersonality = true; MemoryDenyWriteExecute = true; # we need to disable MemoryDenyWriteExecute for keydb MemoryDenyWriteExecute = cfg.package.pname != "keydb"; RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; Loading
nixos/tests/redis.nix +80 −37 Original line number Diff line number Diff line import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "redis"; meta.maintainers = with lib.maintainers; [ flokli ]; system ? builtins.currentSystem, config ? { }, pkgs ? import ../../.. { inherit system config; }, lib ? pkgs.lib, }: let makeTest = import ./make-test-python.nix; mkTestName = pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; redisPackages = { inherit (pkgs) redis keydb; }; makeRedisTest = { package, name ? mkTestName package, }: makeTest { inherit name; meta.maintainers = [ lib.maintainers.flokli lib.teams.helsinki-systems.members ]; nodes = { machine = { pkgs, lib, ... }: { lib, ... }: { services.redis.servers."".enable = true; services.redis.servers."test".enable = true; services = { redis = { inherit package; servers."".enable = true; servers."test".enable = true; }; }; users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" { users.users = lib.listToAttrs ( map ( suffix: lib.nameValuePair "member${suffix}" { createHome = false; description = "A member of the redis${suffix} group"; isNormalUser = true; extraGroups = [ "redis${suffix}" ]; }) ["" "-test"]); } ) [ "" "-test" ] ); }; }; testScript = { nodes, ... }: let inherit (nodes.machine.config.services) redis; in '' testScript = { nodes, ... }: let inherit (nodes.machine.services) redis; in '' start_all() machine.wait_for_unit("redis") machine.wait_for_unit("redis-test") Loading @@ -34,11 +73,15 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: machine.wait_for_file("${redis.servers."test".unixSocket}") # The unix socket is accessible to the redis group machine.succeed('su member -c "redis-cli ping | grep PONG"') machine.succeed('su member-test -c "redis-cli ping | grep PONG"') machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') machine.succeed("redis-cli ping | grep PONG") machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG") machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG") machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") machine.succeed("${pkgs.redis}/bin/redis-cli -s ${ redis.servers."test".unixSocket } ping | grep PONG") ''; }) }; in lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages
pkgs/by-name/ke/keydb/package.nix 0 → 100644 +106 −0 Original line number Diff line number Diff line { stdenv, lib, fetchFromGitHub, libuuid, curl, pkg-config, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd, tlsSupport ? !stdenv.hostPlatform.isStatic, openssl, jemalloc, which, tcl, tcltls, ps, getconf, nixosTests, }: stdenv.mkDerivation rec { pname = "keydb"; version = "6.3.4"; src = fetchFromGitHub { owner = "snapchat"; repo = "keydb"; rev = "v${version}"; hash = "sha256-j6qgK6P3Fv+b6k9jwKQ5zW7XLkKbXXcmHKBCQYvwEIU="; }; postPatch = '' substituteInPlace deps/lua/src/Makefile \ --replace-fail "ar rcu" "${stdenv.cc.targetPrefix}ar rcu" substituteInPlace src/Makefile \ --replace-fail "as --64 -g" "${stdenv.cc.targetPrefix}as --64 -g" ''; nativeBuildInputs = [ pkg-config ]; buildInputs = [ jemalloc curl libuuid ] ++ lib.optionals tlsSupport [ openssl ] ++ lib.optionals withSystemd [ systemd ]; makeFlags = [ "PREFIX=${placeholder "out"}" "AR=${stdenv.cc.targetPrefix}ar" "RANLIB=${stdenv.cc.targetPrefix}ranlib" "USEASM=${if stdenv.isx86_64 then "true" else "false"}" ] ++ lib.optionals (!tlsSupport) [ "BUILD_TLS=no" ] ++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ] ++ lib.optionals (!stdenv.isx86_64) [ "MALLOC=libc" ]; enableParallelBuilding = true; hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ]; # darwin currently lacks a pure `pgrep` which is extensively used here doCheck = !stdenv.isDarwin; nativeCheckInputs = [ which tcl ps ] ++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ] ++ lib.optionals tlsSupport [ tcltls ]; checkPhase = '' runHook preCheck # disable test "Connect multiple replicas at the same time": even # upstream find this test too timing-sensitive substituteInPlace tests/integration/replication.tcl \ --replace-fail 'foreach mdl {no yes}' 'foreach mdl {}' substituteInPlace tests/support/server.tcl \ --replace-fail 'exec /usr/bin/env' 'exec env' sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \ tests/support/util.tcl patchShebangs ./utils/gen-test-certs.sh ${if tlsSupport then "./utils/gen-test-certs.sh" else ""} ./runtest \ --no-latency \ --timeout 2000 \ --clients $NIX_BUILD_CORES \ --tags -leaks ${if tlsSupport then "--tls" else ""} runHook postCheck ''; passthru.tests.redis = nixosTests.redis; passthru.serverBin = "keydb-server"; meta = with lib; { homepage = "https://keydb.dev"; description = "A Multithreaded Fork of Redis"; license = licenses.bsd3; platforms = platforms.all; changelog = "https://github.com/Snapchat/KeyDB/raw/v${version}/00-RELEASENOTES"; maintainers = teams.helsinki-systems.members; mainProgram = "keydb-cli"; }; }
pkgs/servers/nosql/redis/default.nix +1 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,7 @@ stdenv.mkDerivation (finalAttrs: { ''; passthru.tests.redis = nixosTests.redis; passthru.serverBin = "redis-server"; meta = with lib; { homepage = "https://redis.io"; Loading
