From dd308539ea3eb75469560f131ba8ccd32363f694 Mon Sep 17 00:00:00 2001 From: Patrick Hilhorst Date: Tue, 30 Apr 2024 07:29:18 +0000 Subject: [PATCH 1/2] phoebus-scan-server: nixos module Closes #74 --- nixos/module-list.nix | 1 + nixos/modules/phoebus/scan-server.nix | 85 +++++++++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/phoebus/scan-server.nix | 29 +++++++++ 4 files changed, 116 insertions(+) create mode 100644 nixos/modules/phoebus/scan-server.nix create mode 100644 nixos/tests/phoebus/scan-server.nix diff --git a/nixos/module-list.nix b/nixos/module-list.nix index 52cb3bae..5157496c 100644 --- a/nixos/module-list.nix +++ b/nixos/module-list.nix @@ -3,6 +3,7 @@ ./modules/ca-gateway.nix ./modules/phoebus/alarm-logger.nix ./modules/phoebus/alarm-server.nix + ./modules/phoebus/scan-server.nix ./modules/phoebus/olog.nix ./modules/phoebus/save-and-restore.nix ] diff --git a/nixos/modules/phoebus/scan-server.nix b/nixos/modules/phoebus/scan-server.nix new file mode 100644 index 00000000..d65bdbb9 --- /dev/null +++ b/nixos/modules/phoebus/scan-server.nix @@ -0,0 +1,85 @@ +{ + config, + epnixLib, + lib, + pkgs, + ... +}: let + cfg = config.services.phoebus-scan-server; + buildConfig = settings: with lib; concatLines (mapAttrsToList (k: v: "<${k}>${builtins.toString v}") settings); + mainConfig = buildConfig cfg.settings; + pvConfig = with lib; concatLines (map (pv: "${buildConfig pv}") cfg.pvs); + + rawConfigFile = pkgs.writeText "scan_config_raw.xml" '' + + + + + + ${mainConfig} + + + ${pvConfig} + + ''; + + configFile = pkgs.runCommand "scan_config.xml" {nativeBuildInputs = [pkgs.libxml2];} '' + xmllint --format ${rawConfigFile} > $out + ''; +in { + options.services.phoebus-scan-server = { + enable = lib.mkEnableOption "the Phoebus scan server"; + + settings = lib.mkOption { + description = '' + Configuration for Phoebus scan server + + Will be converted to an XML file + + PVs are not specified here but in services.phoebus-scan-server.pvs + ''; + + default = {}; + type = lib.types.submodule { + freeformType = with lib.types; attrsOf (oneOf [str int]); + + options.port = lib.mkOption { + type = lib.types.port; + + default = 4810; + }; + }; + }; + + pvs = lib.mkOption { + default = []; + type = lib.types.listOf (lib.types.submodule { + freeformType = with lib.types; attrsOf str; + }); + }; + + openFirewall = lib.mkOption { + description = '' + Open the firewall for the Phoebus Scan Server. + + Warning: this opens the firewall on all network interfaces. + ''; + type = lib.types.bool; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.phoebus-scan-server = { + description = "Phoebus Scan Server"; + + wantedBy = ["multi-user.target"]; + + serviceConfig = { + ExecStart = "${lib.getExe pkgs.epnix.phoebus-scan-server} -config ${configFile} -noshell"; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.port]; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 01289bc3..020c22f8 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -20,4 +20,5 @@ in { phoebus-alarm = handleTest ./phoebus/alarm.nix {}; phoebus-olog = handleTest ./phoebus/olog.nix {}; phoebus-save-and-restore = handleTest ./phoebus/save-and-restore.nix {}; + phoebus-scan-server = handleTest ./phoebus/scan-server.nix {}; } diff --git a/nixos/tests/phoebus/scan-server.nix b/nixos/tests/phoebus/scan-server.nix new file mode 100644 index 00000000..abc6fe0c --- /dev/null +++ b/nixos/tests/phoebus/scan-server.nix @@ -0,0 +1,29 @@ +{ + lib, + epnixLib, + ... +}: { + name = "phoebus-scan-server-simple-check"; + meta.maintainers = with epnixLib.maintainers; [synthetica]; + + nodes = { + server = { + services.phoebus-scan-server = { + enable = true; + openFirewall = true; + }; + }; + + client = {}; + }; + + testScript = '' + start_all() + server.wait_for_unit('phoebus-scan-server.service') + print(server.succeed('systemctl status phoebus-scan-server')) + server.wait_for_open_port(4810) + info = client.succeed('curl http://server:4810/server/info') + print('Server claims following info:') + print(info) + ''; +} From 057c3d758d682128a9766e4204891d14c25a2830 Mon Sep 17 00:00:00 2001 From: Patrick Hilhorst Date: Fri, 3 May 2024 13:34:26 +0000 Subject: [PATCH 2/2] phoebus-scan-server: add validation --- nixos/modules/phoebus/scan-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/phoebus/scan-server.nix b/nixos/modules/phoebus/scan-server.nix index d65bdbb9..99572492 100644 --- a/nixos/modules/phoebus/scan-server.nix +++ b/nixos/modules/phoebus/scan-server.nix @@ -23,8 +23,9 @@ ''; + schema = "${pkgs.epnix.phoebus-scan-server.src}/services/scan-server/src/main/resources/config/scan_config.xsd"; configFile = pkgs.runCommand "scan_config.xml" {nativeBuildInputs = [pkgs.libxml2];} '' - xmllint --format ${rawConfigFile} > $out + xmllint --schema ${schema} --format ${rawConfigFile} > $out ''; in { options.services.phoebus-scan-server = {