From 15c45598e232e37cc140fa3381bd3412a266e918 Mon Sep 17 00:00:00 2001 From: wxt <3264117476@qq.com> Date: Wed, 11 Sep 2024 10:51:36 +0800 Subject: [PATCH 1/2] turn-rs: init at 3.1.0 --- pkgs/by-name/tu/turn-rs/package.nix | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 pkgs/by-name/tu/turn-rs/package.nix diff --git a/pkgs/by-name/tu/turn-rs/package.nix b/pkgs/by-name/tu/turn-rs/package.nix new file mode 100644 index 0000000000000..f8718aeefd730 --- /dev/null +++ b/pkgs/by-name/tu/turn-rs/package.nix @@ -0,0 +1,32 @@ +{ + rustPlatform, + lib, + fetchFromGitHub, + nix-update-script, +}: + +rustPlatform.buildRustPackage rec { + pname = "turn-rs"; + version = "3.1.0"; + + src = fetchFromGitHub { + owner = "mycrl"; + repo = "turn-rs"; + rev = "refs/tags/v${version}"; + hash = "sha256-uXMRDgSHrwT6+kejWRSE1WjXO8LaOR+fnffIXcL3A4I="; + }; + + cargoHash = "sha256-gO2vuOQMvl6KYp529k3CYDyma5ECzOr/lcSvP4OpUUo="; + + passthru.updateScript = nix-update-script { }; + + meta = { + description = "Pure rust implemented turn server"; + homepage = "https://github.com/mycrl/turn-rs"; + changelog = "https://github.com/mycrl/turn-rs/releases/tag/v${version}"; + license = lib.licenses.gpl3Only; + mainProgram = "turn-server"; + maintainers = with lib.maintainers; [ bot-wxt1221 ]; + platforms = lib.platforms.linux; + }; +} From 1a742a9f80225738c26ffabd9a1cbbb2c02232dc Mon Sep 17 00:00:00 2001 From: wxt <3264117476@qq.com> Date: Wed, 11 Sep 2024 10:51:45 +0800 Subject: [PATCH 2/2] nixos/turn-rs: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/turn-rs.nix | 86 +++++++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/turn-rs.nix | 65 +++++++++++++++++++ pkgs/by-name/tu/turn-rs/package.nix | 6 +- 5 files changed, 158 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/services/misc/turn-rs.nix create mode 100644 nixos/tests/turn-rs.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 006cdeedcaf65..34168ade79563 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -856,6 +856,7 @@ ./services/misc/tautulli.nix ./services/misc/tiddlywiki.nix ./services/misc/tp-auto-kbbl.nix + ./services/misc/turn-rs.nix ./services/misc/tuxclocker.nix ./services/misc/transfer-sh.nix ./services/misc/tzupdate.nix diff --git a/nixos/modules/services/misc/turn-rs.nix b/nixos/modules/services/misc/turn-rs.nix new file mode 100644 index 0000000000000..b591205417fb8 --- /dev/null +++ b/nixos/modules/services/misc/turn-rs.nix @@ -0,0 +1,86 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + cfg = config.services.turn-rs; + format = pkgs.formats.toml { }; +in +{ + options.services.turn-rs = { + enable = lib.mkEnableOption "turn-rs server"; + package = lib.mkPackageOption pkgs "turn-rs" { }; + + secretFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + example = "/run/keys/turn-rs.env"; + description = '' + Environment variables from this file will be interpolated into the + final config file using envsubst with this syntax: `$ENVIRONMENT` or + `''${VARIABLE}`. + The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`. + This is useful to avoid putting secrets into the nix store. + ''; + }; + + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = format.type; + }; + description = "Turn-rs server config file"; + default = { }; + example = { + turn = { + realm = "localhost"; + interfaces = [ + { + transport = "udp"; + bind = "127.0.0.1:3478"; + external = "127.0.0.1:3478"; + } + { + transport = "tcp"; + bind = "127.0.0.1:3478"; + external = "127.0.0.1:3478"; + } + ]; + }; + + auth.static_credentials = { + user1 = "test"; + user2 = "test"; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + services.turn-rs.settings = { + api.bind = lib.mkDefault "127.0.0.1:3000"; + log.level = lib.mkDefault "info"; + }; + + systemd.services.turn-rs = { + enable = true; + wantedBy = [ "multi-user.target" ]; + description = "Turn-rs Server Daemon"; + preStart = + let + configFile = format.generate "turn-rs-config.toml" cfg.settings; + in + '' + ${lib.getExe pkgs.envsubst} -i "${configFile}" -o /run/turn-rs/config.toml + ''; + serviceConfig = { + RuntimeDirectory = "turn-rs"; + EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile; + ExecStart = "${lib.getExe cfg.package} --config=/run/turn-rs/config.toml"; + DynamicUser = true; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 22bedb8d8269e..f84c03d87e311 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1045,6 +1045,7 @@ in { txredisapi = handleTest ./txredisapi.nix {}; tuptime = handleTest ./tuptime.nix {}; turbovnc-headless-server = handleTest ./turbovnc-headless-server.nix {}; + turn-rs = handleTest ./turn-rs.nix {}; tuxguitar = handleTest ./tuxguitar.nix {}; twingate = runTest ./twingate.nix; typesense = handleTest ./typesense.nix {}; diff --git a/nixos/tests/turn-rs.nix b/nixos/tests/turn-rs.nix new file mode 100644 index 0000000000000..750a141c224a3 --- /dev/null +++ b/nixos/tests/turn-rs.nix @@ -0,0 +1,65 @@ +import ./make-test-python.nix ( + { pkgs, ... }: + { + name = "turn-rs"; + + nodes = { + server = { + virtualisation.vlans = [ 1 ]; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + }; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.1/24"; + }; + + services.turn-rs = { + enable = true; + secretFile = pkgs.writeText "secret" '' + USER_1_CREDS="foobar" + ''; + settings = { + turn = { + realm = "localhost"; + interfaces = [ + { + transport = "udp"; + bind = "127.0.0.1:3478"; + external = "127.0.0.1:3478"; + } + { + transport = "tcp"; + bind = "127.0.0.1:3478"; + external = "127.0.0.1:3478"; + } + ]; + }; + + auth.static_credentials.user1 = "$USER_1_CREDS"; + }; + }; + }; + }; + + testScript = # python + '' + import json + + start_all() + server.wait_for_unit('turn-rs.service') + server.wait_for_open_port(3000, "127.0.0.1") + + info = server.succeed('curl http://localhost:3000/info') + jsonInfo = json.loads(info) + assert len(jsonInfo['interfaces']) == 2, f'Interfaces doesn\'t contain two entries:\n{json.dumps(jsonInfo, indent=2)}' + + config = server.succeed('cat /run/turn-rs/config.toml') + assert 'foobar' in config, f'Secrets are not properly injected:\n{config}' + ''; + } +) diff --git a/pkgs/by-name/tu/turn-rs/package.nix b/pkgs/by-name/tu/turn-rs/package.nix index f8718aeefd730..f2f5d863c6886 100644 --- a/pkgs/by-name/tu/turn-rs/package.nix +++ b/pkgs/by-name/tu/turn-rs/package.nix @@ -3,6 +3,7 @@ lib, fetchFromGitHub, nix-update-script, + nixosTests, }: rustPlatform.buildRustPackage rec { @@ -18,7 +19,10 @@ rustPlatform.buildRustPackage rec { cargoHash = "sha256-gO2vuOQMvl6KYp529k3CYDyma5ECzOr/lcSvP4OpUUo="; - passthru.updateScript = nix-update-script { }; + passthru = { + updateScript = nix-update-script { }; + tests.nixos = nixosTests.turn-rs; + }; meta = { description = "Pure rust implemented turn server";