Merge branch 'rippled' of git://github.com/ehmry/nixpkgs

rippled: initial pkg and module expressions Had to change the rippled uid. Conflicts: nixos/modules/misc/ids.nix
2014-04-05 14:23:29 -04:00 · 2014-04-05 14:23:29 -04:00 · ea9c8d6a13
commit ea9c8d6a13
parent 413ebfb246 def448f127
7 changed files with 397 additions and 0 deletions
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@ -28,6 +28,7 @@
  coroa = "Jonas Hörsch <jonas@chaoflow.net>";
  edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
  eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
  emery = "Emery Hemingawy <emery@vfemail.net>";
  ertes = "Ertugrul Söylemez <es@ertes.de>";
  falsifian = "James Cook <james.cook@utoronto.ca>";
  garbas = "Rok Garbas <rok@garbas.si>";
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -124,6 +124,7 @@
      btsync = 113;
      minecraft = 114;
      monetdb = 115;
      rippled = 116;
      # When adding a uid, make sure it doesn't match an existing gid.
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -133,6 +133,7 @@
  ./services/misc/nix-gc.nix
  ./services/misc/nix-ssh-serve.nix
  ./services/misc/nixos-manual.nix
  ./services/misc/rippled.nix
  ./services/misc/rogue.nix
  ./services/misc/svnserve.nix
  ./services/misc/synergy.nix
--- a/nixos/modules/services/misc/rippled.nix
+++ b/nixos/modules/services/misc/rippled.nix
@ -0,0 +1,314 @@
 # configuration building is commented out until better tested.
 { config, pkgs, ... }:
 with pkgs.lib;
 let
  cfg = config.services.rippled;
  rippledStateCfgFile = "/var/lib/rippled/rippled.cfg";
  rippledCfg = ''
    [node_db]
    type=HyperLevelDB
    path=/var/lib/rippled/db/hyperldb
    [debug_logfile]
    /var/log/rippled/debug.log
  ''
  + optionalString (cfg.peerIp != null) ''
    [peer_ip]
    ${cfg.peerIp}
    [peer_port]
    ${toString cfg.peerPort}
  ''
  + cfg.extraConfig;
  rippledCfgFile = pkgs.writeText "rippled.cfg" rippledCfg;
 in
 {
  ###### interface
  options = {
    services.rippled = {
      enable = mkOption {
        default = false;
 	description = "Whether to enable rippled";
      };
      #
      # Rippled has a simple configuration file layout that is easy to 
      # build with nix. Many of the options are defined here but are 
      # commented out until the code to append them to the config above
      # is written and they are tested.
      #
      # If you find a yourself implementing more options, please submit a 
      # pull request.
      #
      /*
      ips = mkOption {
        default = [ "r.ripple.com 51235" ];
 	example = [ "192.168.0.1" "192.168.0.1 3939" "r.ripple.com 51235" ];
 	description = ''
 	  List of hostnames or ips where the Ripple protocol is served.
 	  For a starter list, you can either copy entries from: 
 	  https://ripple.com/ripple.txt or if you prefer you can let it
 	   default to r.ripple.com 51235
 	  A port may optionally be specified after adding a space to the 
 	  address. By convention, if known, IPs are listed in from most 
 	  to least trusted.
 	'';
      };
      ipsFixed = mkOption {
        default = null;
 	example = [ "192.168.0.1" "192.168.0.1 3939" "r.ripple.com 51235" ];
 	description = ''
 	  List of IP addresses or hostnames to which rippled should always 
 	  attempt to maintain peer connections with. This is useful for 
 	  manually forming private networks, for example to configure a 
 	  validation server that connects to the Ripple network through a 
 	  public-facing server, or for building a set of cluster peers.
 	  A port may optionally be specified after adding a space to the address
 	'';
      };
      */
      peerIp = mkOption {
        default = null;
 	example = "0.0.0.0";
 	description = ''
 	  IP address or domain to bind to allow external connections from peers.
 	  Defaults to not binding, which disallows external connections from peers.
        '';
      };
      peerPort = mkOption {
 	default = 51235;
 	description = ''
 	  If peerIp is supplied, corresponding port to bind to for peer connections.
 	'';
      };
      /*
      peerPortProxy = mkOption {
        type = types.int;
 	example = 51236;
 	description = ''
 	  An optional, additional listening port number for peers. Incoming
 	  connections on this port will be required to provide a PROXY Protocol
 	  handshake, described in this document (external link):
 	    http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
 	  The PROXY Protocol is a popular method used by elastic load balancing
 	  service providers such as Amazon, to identify the true IP address and
 	  port number of external incoming connections.
 	  In addition to enabling this setting, it will also be required to
 	  use your provider-specific control panel or administrative web page
 	  to configure your server instance to receive PROXY Protocol handshakes,
 	  and also to restrict access to your instance to the Elastic Load Balancer.
 	'';
      };
      peerPrivate = mkOption {
        default = null;
 	example = 0;
 	description = ''
 	 0: Request peers to broadcast your address. Normal outbound peer connections [default]
 	 1: Request peers not broadcast your address. Only connect to configured peers.
       '';
     };
     peerSslCipherList = mkOption {
       default = null;
       example = "ALL:!LOW:!EXP:!MD5:@STRENGTH";
       description = ''
         A colon delimited string with the allowed SSL cipher modes for peer. The
 	 choices for for ciphers are defined by the OpenSSL API function
 	 SSL_CTX_set_cipher_list, documented here (external link):
 	  http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html
 	The default setting of "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows
 	non-authenticated peer connections (they are, however, secure).
      '';
    };
    nodeSeed = mkOption {
      default = null;
      example = "RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE";
      description = ''
        This is used for clustering. To force a particular node seed or key, the
 	key can be set here.  The format is the same as the validation_seed field.
 	To obtain a validation seed, use the rippled validation_create command.
      '';
    };
    clusterNodes = mkOption {
      default = null;
      example = [ "n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5" ];
      description = ''
        To extend full trust to other nodes, place their node public keys here.
 	Generally, you should only do this for nodes under common administration.
 	Node public keys start with an 'n'. To give a node a name for identification
 	place a space after the public key and then the name.
      '';
    };
    sntpServers = mkOption {
      default = null;
      example = [ "time.nist.gov" "pool.ntp.org" ];
      description = ''
        IP address or domain of NTP servers to use for time synchronization.
      '';
    };
    # TODO: websocket options
    rpcAllowRemote = mkOption {
      default = false;
      description = ''
        false: Allow RPC connections only from 127.0.0.1. [default]
 	true:  Allow RPC connections from any IP.
      '';
    };
    rpcAdminAllow = mkOption {
      example = [ "10.0.0.4" ];
      description = ''
        List of IP addresses allowed to have admin access.
      '';
    };
    rpcAdminUser = mkOption {
      type = types.str;
      description = ''
        As a server, require this as the admin user to be specified.  Also, require
 	rpc_admin_user and rpc_admin_password to be checked for RPC admin functions.
 	The request must specify these as the admin_user and admin_password in the
 	request object.
      '';
    };
    rpcAdminPassword = mkOption {
      type = types.str;
      description = ''
        As a server, require this as the admin pasword to be specified.  Also,
 	require rpc_admin_user and rpc_admin_password to be checked for RPC admin
 	functions.  The request must specify these as the admin_user and
 	admin_password in the request object.
      '';
    };
      rpcIp = mkOption {
        type = types.str;
 	description = ''
 	  IP address or domain to bind to allow insecure RPC connections.
 	  Defaults to not binding, which disallows RPC connections.
 	'';
      };
      rpcPort = mkOption {
        type = types.int;
        description = ''
          If rpcIp is supplied, corresponding port to bind to for peer connections.
        '';
      };
      rpcUser = mkOption {
        type = types.str;
 	description = ''
 	  Require a this user to specified and require rpcPassword to
 	  be checked for RPC access via the rpcIp and rpcPort. The user and password
 	  must be specified via HTTP's basic authentication method.
 	  As a client, supply this to the server via HTTP's basic authentication
 	  method.
 	'';
      };
      rpcPassword = mkOption {
        type = types.str;
 	description = ''
 	  Require a this password to specified and require rpc_user to
 	  be checked for RPC access via the rpcIp and rpcPort. The user and password
 	  must be specified via HTTP's basic authentication method.
 	  As a client, supply this to the server via HTTP's basic authentication
 	  method.
 	'';
      };
      rpcStartup = mkOption {
        example = [ ''"command" : "log_level"'' ''"partition" : "ripplecalc"'' ''"severity" : "trace"'' ];
 	description = "List of RPC commands to run at startup.";
      };
      rpcSecure = mkOption {
        default = false;
 	description = ''
 	  false: Server certificates are not provided for RPC clients using SSL [default]
 	  true:  Client RPC connections wil be provided with SSL certificates.
 	  Note that if rpc_secure is enabled, it will also be necessasry to configure the
 	  certificate file settings located in rpcSslCert, rpcSslChain, and rpcSslKey
 	'';
      };
      */
      extraConfig = mkOption {
        default = "";
 	description = ''
 	  Extra lines to be added verbatim to the rippled.cfg configuration file.
 	'';
      };
    };
  };
  ###### implementation
  config = mkIf cfg.enable {
    users.extraUsers = singleton
      { name = "rippled";
        description = "Ripple server user";
        uid = config.ids.uids.rippled;
 	home = "/var/lib/rippled";
      };
    systemd.services.rippled = {
      path = [ pkgs.rippled ];
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = "${pkgs.rippled}/bin/rippled --fg -q --conf ${rippledStateCfgFile}";
 	WorkingDirectory = "/var/lib/rippled";
      };
    };
    networking.firewall.allowedTCPPorts = mkIf (cfg.peerIp != null) [ cfg.peerPort ];
    system.activationScripts.rippled = ''
      mkdir -p /var/{lib,log}/rippled
      chown -R rippled /var/{lib,log}/rippled
      ln -sf ${rippledCfgFile} ${rippledStateCfgFile}
    '';
  };
 }
--- a/pkgs/servers/rippled/default.nix
+++ b/pkgs/servers/rippled/default.nix
@ -0,0 +1,32 @@
 { stdenv, fetchurl, scons, pkgconfig, openssl, protobuf, boost155, zlib}:
 stdenv.mkDerivation rec {
  name = "rippled-${version}";
  version = "0.23.0";
  src = fetchurl {
    url = "https://github.com/ripple/rippled/archive/${version}.tar.gz";
    sha256 = "0js734sk11jn19fyp403mk6p62azlc6s9kyhr5jfg466fiak537p";
  };
  patches = [ ./scons-env.patch ];
  buildInputs = [ scons pkgconfig openssl protobuf boost155 zlib ];
  RIPPLED_BOOST_HOME = boost155.out;
  RIPPLED_ZLIB_HOME = zlib.out;
  buildPhase = "scons build/rippled";
  installPhase = ''
    mkdir -p $out/bin    
    cp build/rippled $out/bin/
  '';
  meta = {
    description = "Ripple P2P payment network reference server";
    homepage = "https://ripple.com";
    maintainers = stdenv.lib.maintainers.emery;
    license = stdenv.lib.licenses.isc;
    platforms = stdenv.lib.platforms.linux;
  };
 }
--- a/pkgs/servers/rippled/scons-env.patch
+++ b/pkgs/servers/rippled/scons-env.patch
@ -0,0 +1,46 @@
 diff --git a/SConstruct b/SConstruct
 index 8ba8bbd..95eab3b 100644
 --- a/SConstruct
 +++ b/SConstruct
@@ -24,6 +24,8 @@ USING_CLANG = OSX or os.environ.get('CC', None) == 'clang'
 #
 BOOST_HOME = os.environ.get("RIPPLED_BOOST_HOME", None)
 +ZLIB_HOME = os.environ.get("RIPPLED_ZLIB_HOME", None)
 +
 if OSX or Ubuntu or Debian or Archlinux:
     CTAGS = 'ctags'
@@ -36,7 +38,7 @@ else:
 # scons tools
 #
 -HONOR_ENVS = ['CC', 'CXX', 'PATH']
 +HONOR_ENVS = ['CC', 'CXX', 'PATH', 'PKG_CONFIG_PATH']
 env = Environment(
     tools = ['default', 'protoc'],
@@ -156,8 +158,8 @@ INCLUDE_PATHS = [
     'build/proto'
     ]
 -# if BOOST_HOME:
 -#     INCLUDE_PATHS.append(BOOST_HOME)
 +if BOOST_HOME:
 +    INCLUDE_PATHS.append("%s/include" % BOOST_HOME)
 #-------------------------------------------------------------------------------
 #
@@ -261,7 +263,11 @@ env.Append(
 # such, as installed into `/usr/lib/`
 if BOOST_HOME is not None:
     env.Prepend(
 -        LIBPATH = ["%s/stage/lib" % BOOST_HOME])
 +        LIBPATH = ["%s/lib" % BOOST_HOME])
 +
 +if ZLIB_HOME is not None:
 +    env.Prepend(
 +        LIBPATH = ["%s/lib" % ZLIB_HOME])
 if not OSX:
     env.Append(LINKFLAGS = [
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -6547,6 +6547,8 @@ let
  rethinkdb = callPackage ../servers/nosql/rethinkdb { };
  rippled = callPackage ../servers/rippled { };
  spamassassin = callPackage ../servers/mail/spamassassin {
    inherit (perlPackages) HTMLParser NetDNS NetAddrIP DBFile
      HTTPDate MailDKIM LWP IOSocketSSL;