Unverified Commit 781856bc authored by Sandro Jäckel's avatar Sandro Jäckel Committed by GitHub
Browse files

go-httpbin: init at 2.18.3, nixos/go-httpbin: init module (#427717)

parents 37455cf5 e1b8c6c4

nixos/doc/manual/release-notes/rl-2511.section.md

+2 −0
Original line number Diff line number Diff line
@@ -40,6 +40,8 @@ 


- [Chhoto URL](https://github.com/SinTan1729/chhoto-url), a simple, blazingly fast, selfhosted URL shortener with no unnecessary features, written in Rust. Available as [services.chhoto-url](#opt-services.chhoto-url.enable).



- [go-httpbin](https://github.com/mccutchen/go-httpbin), a reasonably complete and well-tested golang port of httpbin, with zero dependencies outside the go stdlib. Available as [services.go-httpbin](#opt-services.go-httpbin.enable).



- [tuwunel](https://matrix-construct.github.io/tuwunel/), a federated chat server implementing the Matrix protocol, forked from Conduwuit. Available as [services.matrix-tuwunel](#opt-services.matrix-tuwunel.enable).



- [Broadcast Box](https://github.com/Glimesh/broadcast-box), a WebRTC broadcast server. Available as [services.broadcast-box](options.html#opt-services.broadcast-box.enable).

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -1575,6 +1575,7 @@ 
  ./services/web-apps/gerrit.nix

  ./services/web-apps/glance.nix

  ./services/web-apps/glitchtip.nix

  ./services/web-apps/go-httpbin.nix

  ./services/web-apps/goatcounter.nix

  ./services/web-apps/gotify-server.nix

  ./services/web-apps/gotosocial.nix

nixos/modules/services/web-apps/go-httpbin.nix

0 → 100644
+111 −0
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  ...

}:



let

  cfg = config.services.go-httpbin;



  environment = lib.mapAttrs (

    _: value: if lib.isBool value then lib.boolToString value else toString value

  ) cfg.settings;

in



{

  meta.maintainers = with lib.maintainers; [ defelo ];



  options.services.go-httpbin = {

    enable = lib.mkEnableOption "go-httpbin";



    package = lib.mkPackageOption pkgs "go-httpbin" { };



    settings = lib.mkOption {

      description = ''

        Configuration of go-httpbin.

        See <https://github.com/mccutchen/go-httpbin#configuration> for a list of options.

      '';

      example = {

        HOST = "0.0.0.0";

        PORT = 8080;

      };



      type = lib.types.submodule {

        freeformType =

          with lib.types;

          attrsOf (oneOf [

            str

            int

            bool

          ]);



        options = {

          HOST = lib.mkOption {

            type = lib.types.str;

            description = "The host to listen on.";

            default = "127.0.0.1";

            example = "0.0.0.0";

          };



          PORT = lib.mkOption {

            type = lib.types.port;

            description = "The port to listen on.";

            example = 8080;

          };

        };

      };

    };

  };



  config = lib.mkIf cfg.enable {

    systemd.services.go-httpbin = {

      wantedBy = [ "multi-user.target" ];



      inherit environment;



      serviceConfig = {

        User = "go-httpbin";

        Group = "go-httpbin";

        DynamicUser = true;



        ExecStart = lib.getExe cfg.package;



        # hardening

        AmbientCapabilities = "";

        CapabilityBoundingSet = [ "" ];

        DevicePolicy = "closed";

        LockPersonality = true;

        MemoryDenyWriteExecute = true;

        NoNewPrivileges = true;

        PrivateDevices = true;

        PrivateTmp = true;

        PrivateUsers = true;

        ProcSubset = "pid";

        ProtectClock = true;

        ProtectControlGroups = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        ProtectSystem = "strict";

        RemoveIPC = true;

        RestrictAddressFamilies = [ "AF_INET AF_INET6" ];

        RestrictNamespaces = true;

        RestrictRealtime = true;

        RestrictSUIDSGID = true;

        SocketBindAllow = "tcp:${toString cfg.settings.PORT}";

        SocketBindDeny = "any";

        SystemCallArchitectures = "native";

        SystemCallFilter = [

          "@system-service"

          "~@privileged"

          "~@resources"

        ];

        UMask = "0077";

      };

    };

  };

}

nixos/tests/all-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -618,6 +618,7 @@ in 
  gnupg = runTest ./gnupg.nix;

  goatcounter = runTest ./goatcounter.nix;

  go-camo = runTest ./go-camo.nix;

  go-httpbin = runTest ./go-httpbin.nix;

  go-neb = runTest ./go-neb.nix;

  gobgpd = runTest ./gobgpd.nix;

  gocd-agent = runTest ./gocd-agent.nix;

nixos/tests/go-httpbin.nix

0 → 100644
+38 −0
Original line number Diff line number Diff line 
{ lib, ... }:



{

  name = "go-httpbin";

  meta.maintainers = with lib.maintainers; [ defelo ];



  nodes.machine = {

    services.go-httpbin = {

      enable = true;

      settings.PORT = 8000;

    };

  };



  interactive.nodes.machine = {

    services.go-httpbin.settings.HOST = "0.0.0.0";

    networking.firewall.allowedTCPPorts = [ 8000 ];

    virtualisation.forwardPorts = [

      {

        from = "host";

        host.port = 8000;

        guest.port = 8000;

      }

    ];

  };



  testScript = ''

    import json



    machine.wait_for_unit("go-httpbin.service")

    machine.wait_for_open_port(8000)



    resp = json.loads(machine.succeed("curl localhost:8000/get?foo=bar"))

    assert resp["args"]["foo"] == ["bar"]

    assert resp["method"] == "GET"

    assert resp["origin"] == "127.0.0.1"

    assert resp["url"] == "http://localhost:8000/get?foo=bar"

  '';

}