nixos/imaginary: init #215222
nixos/imaginary: init #215222
Conversation
dotlambda
force-pushed
the
nixos-imaginary-init
branch
2 times, most recently
from
7588230
to
468d34f
Compare
| ]); | ||
|
|
||
| options = { | ||
| a = mkOption { |
There was a problem hiding this comment.
are these option names that good? we'd much prefer giving the descriptive names and amending the description with something like Corresponds to the `-a` parameter.. this wouldn't stop anyone using the original names, but it'd make module instances more readable.
(note: we're only taking issue with a and p, but return-size is totally good as is)
There was a problem hiding this comment.
I'm also not super happy with it but I think this would be against the spirit of NixOS/rfcs#42.
However we could file a PR upstream that introduces e.g. -address as an alias for -a.
There was a problem hiding this comment.
I guess we could just add these options outside of settings.
There was a problem hiding this comment.
both sound reasonable, but adding them outside of settings is probably better. that more clearly communicates that there could be special handling going on.
dotlambda
force-pushed
the
nixos-imaginary-init
branch
from
468d34f
to
bd062c7
Compare
|
I can't get ports < 1024 to work: Does someone have an idea? |
PrivateUsers= causes the unit to be executed with no capabilities in the hosting namespace, so your capability sets do nothing. should work if you drop it. |
dotlambda
force-pushed
the
nixos-imaginary-init
branch
from
bd062c7
to
a8b4e7d
Compare
|
I added |
dotlambda
force-pushed
the
nixos-imaginary-init
branch
2 times, most recently
from
9e2235d
to
fbd5bec
Compare
Apply h2non/imaginary#382 as patch. The -return-size flag is recommended by Nextcloud: https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#previews
dotlambda
force-pushed
the
nixos-imaginary-init
branch
from
fbd5bec
to
efee1b5
Compare
|
|
||
| address = mkOption { | ||
| type = types.str; | ||
| default = ""; |
There was a problem hiding this comment.
Does emptry string equal to localhost? If I understand the nextcloud doc correct it sounds like you want to run imaginary always bound on localhost.
There was a problem hiding this comment.
Yes, it does mean that according to https://pkg.go.dev/net#Dial. I went with upstream's default: https://github.com/h2non/imaginary/blob/master/imaginary.go#L20
There was a problem hiding this comment.
Never mind, it means any address. That's also what it says in https://github.com/h2non/imaginary#command-line-usage.
There was a problem hiding this comment.
I guess it should be changed to localhost by default. See #100192. But the problem is that localhost means 127.0.0.1 and doesn't include ::1.
There was a problem hiding this comment.
oh, gotta love it. golang/go#9334
There was a problem hiding this comment.
Should we set address = "localhost" by default anyway?
There was a problem hiding this comment.
if it's primarily not meant to be accessed from other hosts, probably? don't know enough about the service to be sure. but then again, if it makes for such interesting complications it might just be better to rely on the firewall existing and a note that by default all addresses are bound? 😕
There was a problem hiding this comment.
For the nextcloud use case it is only accessed through localhost.
Tested using
Description of changes
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes