Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 750510ee7cf5
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: f32d7e4e032e
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Jan 28, 2021

  1. nixos: add services.rsyncd.socketActivated option 

    Define systemd-socket activation using the upstream configuration
files as a reference. The "rsyncd" systemd unit has been renamed
to "rsync" for consistency with upstream.
    @ehmry
    ehmry committed Jan 28, 2021
    Copy the full SHA
    f32d7e4 View commit details
Showing with 80 additions and 19 deletions.
  1. +55 −5 nixos/modules/services/network-filesystems/rsyncd.nix
  2. +25 −14 nixos/tests/rsyncd.nix
60 changes: 55 additions & 5 deletions nixos/modules/services/network-filesystems/rsyncd.nix
View file
Original file line number Diff line number Diff line change
@@ -46,6 +46,13 @@ in {
'';
};

socketActivated = mkOption {
default = false;
type = types.bool;
description =
"If enabled Rsync will be socket-activated rather than run persistently.";
};

};
};

@@ -63,12 +70,55 @@ in {

services.rsyncd.settings.global.port = toString cfg.port;

systemd.services.rsyncd = {
description = "Rsync daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart =
"${pkgs.rsync}/bin/rsync --daemon --no-detach --config=${configFile}";
systemd = let
serviceConfigSecurity = {
ProtectSystem = "full";
PrivateDevices = "on";
NoNewPrivileges = "on";
};
in {
services.rsync = {
enable = !cfg.socketActivated;
aliases = [ "rsyncd" ];

description = "fast remote file copy program daemon";
after = [ "network.target" ];
documentation = [ "man:rsync(1)" "man:rsyncd.conf(5)" ];

serviceConfig = serviceConfigSecurity // {
ExecStart =
"${pkgs.rsync}/bin/rsync --daemon --no-detach --config=${configFile}";
RestartSec = 1;
};

wantedBy = [ "multi-user.target" ];
};

services."rsync@" = {
description = "fast remote file copy program daemon";
after = [ "network.target" ];

serviceConfig = serviceConfigSecurity // {
ExecStart = "${pkgs.rsync}/bin/rsync --daemon --config=${configFile}";
StandardInput = "socket";
StandardOutput = "inherit";
StandardError = "journal";
};
};

sockets.rsync = {
enable = cfg.socketActivated;

description = "socket for fast remote file copy program daemon";
conflicts = [ "rsync.service" ];

listenStreams = [ (toString cfg.port) ];
socketConfig.Accept = true;

wantedBy = [ "sockets.target" ];
};
};

};

meta.maintainers = with lib.maintainers; [ ehmry ];
39 changes: 25 additions & 14 deletions nixos/tests/rsyncd.nix
View file
Original file line number Diff line number Diff line change
@@ -2,24 +2,35 @@ import ./make-test-python.nix ({ pkgs, ... }: {
name = "rsyncd";
meta.maintainers = with pkgs.lib.maintainers; [ ehmry ];

nodes.machine.services.rsyncd = {
enable = true;
settings = {
global = {
"reverse lookup" = false;
"forward lookup" = false;
nodes = let
mkNode = socketActivated:
{ config, ... }: {
networking.firewall.allowedTCPPorts = [ config.services.rsyncd.port ];
services.rsyncd = {
enable = true;
inherit socketActivated;
settings = {
global = {
"reverse lookup" = false;
"forward lookup" = false;
};
tmp = {
path = "/nix/store";
comment = "test module";
};
};
};
};
tmp = {
path = "/nix/store";
comment = "test module";
};

};
in {
a = mkNode false;
b = mkNode true;
};

testScript = ''
start_all()
machine.wait_for_unit("rsyncd")
machine.succeed("rsync localhost::")
a.wait_for_unit("rsync")
b.wait_for_unit("sockets.target")
b.succeed("rsync a::")
a.succeed("rsync b::")
'';
})