Implement Binding to Unix Domain Sockets

Also fix use of `systemd.sockets.<name>.requiredBy` Co-authored-by: Jörg Thalheim <[email protected]>
nix-community · Nov 2, 2024 · d0e8355 · d0e8355
1 parent db2fa3c
commit d0e8355
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/flake.nix b/flake.nix
@@ -42,6 +42,7 @@
               t02-varnish = import ./tests/t02-varnish.nix testArgs;
               t03-chroot = import ./tests/t03-chroot.nix testArgs;
               t04-tls = import ./tests/t04-tls.nix testArgs;
+              t03-varnish-uds = import ./tests/t03-varnish-uds.nix testArgs;
             }
             // {
               clippy = config.packages.harmonia.override { enableClippy = true; };
@@ -54,7 +55,6 @@
 
             programs.rustfmt.enable = true;
             programs.nixfmt.enable = true;
-            programs.nixfmt.package = pkgs.nixfmt-rfc-style;
             programs.deadnix.enable = true;
             programs.clang-format.enable = true;
           };

diff --git a/harmonia/Cargo.toml b/harmonia/Cargo.toml
@@ -30,6 +30,7 @@ askama_escape = "0.10.3"
 percent-encoding = "2.3.1"
 anyhow = "1.0.91"
 tempfile = "3.10.1"
+url = "2.4.1"
 
 
 libnixstore = { path = "../libnixstore" }
diff --git a/harmonia/src/main.rs b/harmonia/src/main.rs
@@ -1,6 +1,9 @@
 #![warn(clippy::dbg_macro)]
 
+use std::path::Path;
 use std::{fmt::Display, time::Duration};
+use url::Url;
+use std::path::Path;
 
 use actix_web::{http, web, App, HttpResponse, HttpServer};
 use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
@@ -145,6 +148,7 @@ async fn main() -> std::io::Result<()> {
     .client_request_timeout(Duration::from_secs(30))
     .workers(c.workers)
     .max_connection_rate(c.max_connection_rate);
+
     if c.tls_cert_path.is_some() || c.tls_key_path.is_some() {
         let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
         builder.set_private_key_file(c.tls_key_path.clone().unwrap(), SslFiletype::PEM)?;
@@ -153,5 +157,34 @@ async fn main() -> std::io::Result<()> {
     } else {
         server = server.bind(c.bind.clone())?;
     }
+
+    let try_url = Url::parse(&c.bind);
+    let (bind, uds) = {
+        if try_url.is_ok() {
+            let url = try_url.as_ref().unwrap();
+            if url.scheme() != "unix" {
+                (c.bind.as_str(), false)
+            } else if url.host().is_none() {
+                (url.path(), true)
+            } else {
+                log::error!("Can only bind to file URLs without host portion.");
+                std::process::exit(1)
+            }
+        } else {
+            (c.bind.as_str(), false)
+        }
+    };
+
+    server = if uds {
+        if !cfg!(unix) {
+            log::error!("Binding to Unix domain sockets is only supported on Unix.");
+            std::process::exit(1);
+        } else {
+            server.bind_uds(Path::new(bind))?
+        }
+    } else {
+        server.bind(bind)?
+    };
+
     server.run().await
 }
diff --git a/tests/t03-varnish-uds.nix b/tests/t03-varnish-uds.nix
@@ -0,0 +1,65 @@
+(import ./lib.nix) (
+  { pkgs, ... }:
+  {
+    name = "t03-varnish";
+
+    nodes =
+      let
+        sock = "/run/harmonia/socket";
+      in
+      {
+        harmonia =
+          { pkgs, ... }:
+          {
+            imports = [ ../module.nix ];
+
+            services.harmonia-dev = {
+              enable = true;
+              settings.bind = "unix:${sock}";
+            };
+
+            services.varnish = {
+              enable = true;
+              http_address = "0.0.0.0:80";
+              config = ''
+                vcl 4.1;
+                backend harmonia {
+                  .path = "${sock}";
+                }
+              '';
+            };
+
+            networking.firewall.allowedTCPPorts = [ 80 ];
+            environment.systemPackages = [ pkgs.hello ];
+
+            systemd.sockets.harmonia-dev = {
+              listenStreams = [ sock ];
+              requiredBy = [ "harmonia-dev.service" ];
+              socketConfig = {
+                SocketGroup = "varnish";
+              };
+            };
+          };
+
+        client01 =
+          { lib, ... }:
+          {
+            nix.settings.require-sigs = false;
+            nix.settings.substituters = lib.mkForce [ "http://harmonia" ];
+            nix.extraOptions = ''
+              experimental-features = nix-command
+            '';
+          };
+      };
+
+    testScript = ''
+      start_all()
+
+      client01.wait_until_succeeds("curl -f http://harmonia/version")
+      client01.succeed("curl -f http://harmonia/nix-cache-info")
+
+      client01.wait_until_succeeds("nix copy --from http://harmonia/ ${pkgs.hello}")
+      client01.succeed("${pkgs.hello}/bin/hello")
+    '';
+  }
+)