Add basic unit test that evlauates the module

flake.lock

@@ -16,6 +16,21 @@
         "type": "github"
       }
     },
+    "my-flake": {
+      "locked": {
+        "lastModified": 1670879933,
+        "narHash": "sha256-V45PH0cnFLilx66x4td5qQnWNn/V/6/6b7FQDIHvdyI=",
+        "owner": "Jaculabilis",
+        "repo": "my-flake",
+        "rev": "2b2cd07a6d971b15fc5f65d6d963d0da551a5892",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Jaculabilis",
+        "repo": "my-flake",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1669833724,
@@ -35,6 +50,7 @@
     "root": {
       "inputs": {
         "flake-compat": "flake-compat",
+        "my-flake": "my-flake",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -1,5 +1,6 @@
 {
   inputs = {
+    my-flake.url = "github:Jaculabilis/my-flake";
     nixpkgs.url = "github:NixOS/nixpkgs?ref=refs/tags/22.11";
     flake-compat = {
       url = "github:edolstra/flake-compat";
@@ -7,21 +8,68 @@
     };
   };
 
-  outputs = { self, nixpkgs, flake-compat }:
+  outputs = { self, my-flake, nixpkgs, flake-compat }:
   let
-    system = "x86_64-linux";
+    systems = [ "aarch64-linux" "x86_64-linux" ];
-    pkgs = nixpkgs.legacyPackages.${system};
+    each = system:
-  in
+    let
-  {
+      pkgs = (import nixpkgs {
-    packages.${system}.default =
+        inherit system;
-      (pkgs.poetry2nix.mkPoetryApplication {
+        overlays = [ self.overlays.default ];
-        projectDir = ./.;
+      });
-      }).dependencyEnv;
+    in {
+      packages.${system} = {
+        default = self.packages.${system}.inquisitor;
+        inquisitor = pkgs.inquisitor;
+        env = pkgs.inquisitor.dependencyEnv;
+      };
 
-    defaultPackage.${system} = self.packages.${system}.default;
+      devShells.${system} = {
+        default = self.devShells.${system}.inquisitor;
+        inquisitor = pkgs.mkShell {
+          buildInputs = [ (pkgs.python3.withPackages (p: [p.poetry])) ];
+          shellHook = ''
+            PS1="(inquisitor) $PS1"
+          '';
+        };
+        sources = pkgs.mkShell {
+          buildInputs = [ self.packages.${system}.env ];
+          shellHook = ''
+            PS1="(sources) $PS1"
+          '';
+        };
+      };
 
-    devShell.${system} = pkgs.mkShell {
+      checks.${system}.test-module = let
-      buildInputs = [ (pkgs.python3.withPackages (p: [p.poetry])) ];
+        test-lib = import "${nixpkgs}/nixos/lib/testing-python.nix" {
+          inherit system;
+        };
+      in
+        test-lib.makeTest {
+          name = "inquisitor-test-module";
+          nodes = {
+            host = { ... }: {
+              imports = [ self.nixosModules.default ];
+              services.inquisitor.enable = true;
+            };
+          };
+          testScript = ''
+            start_all()
+            host.wait_for_unit("multi-user.target")
+            # Check that the setup script ran
+            host.succeed("[ -e /var/lib/inquisitor ]")
+            # Check that the service came up
+            host.succeed("systemctl is-enabled inquisitor")
+            host.succeed("systemctl is-active inquisitor")
+          '';
+        };
     };
+  in (my-flake.outputs-for each systems) // {
+    overlays.default = final: prev: {
+      inquisitor = final.poetry2nix.mkPoetryApplication {
+        projectDir = ./.;
+      };
+    };
+    nixosModules.default = import ./module.nix self;
   };
 }

inquisitor/cli.py

@@ -236,6 +236,11 @@ def command_help(args):
 	return 0
 
 
+def nocommand(args):
+	print("command required")
+	return 0
+
+
 def main():
 	"""CLI entry point"""
 	# Enable piping
@@ -283,8 +288,11 @@ def main():
 	add_logging_handler(verbose=args.verbose, log_filename=None)
 
 	# Execute command
-	if args.command:
+	try:
-		sys.exit(commands[args.command](args.args))
+		command = commands.get(args.command, nocommand)
-	else:
+		sys.exit(command(args.args))
-		print("command required")
+	except BrokenPipeError:
-		sys.exit(0)
+		# See https://docs.python.org/3.10/library/signal.html#note-on-sigpipe
+		devnull = os.open(os.devnull, os.O_WRONLY)
+		os.dup2(devnull, sys.stdout.fileno())
+		sys.exit(1)

inquisitor/configs/resolver.py

@@ -42,7 +42,8 @@ def read_config_file(config_path):
 	"""
 	# Parse the config file into key-value pairs
 	if not os.path.isfile(config_path):
-		raise FileNotFoundError(f'No config file found at {config_path}')
+
+		raise FileNotFoundError(f'No config file found at {config_path}, try setting {CONFIG_ENVVAR}')
 	accumulated_configs = {}
 	current_key = None
 	with open(config_path, 'r', encoding='utf8') as cfg:

module.nix

@@ -0,0 +1,154 @@
+flake: { config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkOption types;
+
+  cfg = config.services.inquisitor;
+in
+{
+  options = {
+    services.inquisitor = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable the Inquisitor aggregator.";
+      };
+
+      listen.addr = mkOption {
+        type = types.str;
+        default = "0.0.0.0";
+        description = "Listen address passed to nginx.";
+      };
+
+      listen.port = mkOption {
+        type = types.port;
+        default = 80;
+        description = "Listen port passed to nginx.";
+      };
+    };
+  };
+
+  config =
+  let
+    # Get the inquisitor package from the flake.
+    inquisitor = flake.packages.${pkgs.stdenv.hostPlatform.system}.env;
+
+    # Define the inquisitor state directory.
+    stateDir = "/var/lib/inquisitor";
+
+    # Define an scp helper for item callbacks to use.
+    scp-helper = pkgs.writeShellScriptBin "scp-helper" ''
+      ${pkgs.openssh}/bin/scp -i ${stateDir}/.ssh/inquisitor.key -oStrictHostKeyChecking=no "$@"
+    '';
+
+    # Define the inquisitor service user.
+    svcUser = {
+      name = "inquisitor";
+      group = "inquisitor";
+      description = "Inquisitor service user";
+      isSystemUser = true;
+      shell = pkgs.bashInteractive;
+      packages = [ inquisitor pkgs.cron ];
+    };
+
+    # Create a config file pointing to the state directory.
+    inqConfig = pkgs.writeTextFile {
+      name = "inquisitor.conf";
+      text = ''
+        DataPath = ${stateDir}/data/
+        SourcePath = ${stateDir}/sources/
+        CachePath = ${stateDir}/cache/
+        Verbose = false
+        LogFile = ${stateDir}/inquisitor.log
+      '';
+    };
+
+    # Create a setup script to ensure the service directory state.
+    inqSetup = pkgs.writeShellScript "inquisitor-setup.sh" ''
+      # Ensure the required directories exist.
+      ${pkgs.coreutils}/bin/mkdir -p ${stateDir}/data/inquisitor/
+      ${pkgs.coreutils}/bin/mkdir -p ${stateDir}/sources/
+      ${pkgs.coreutils}/bin/mkdir -p ${stateDir}/cache/
+      if [ ! -f ${stateDir}/data/inquisitor/state ]; then
+        ${pkgs.coreutils}/bin/echo "{}" > ${stateDir}/data/inquisitor/state
+      fi
+
+      # Ensure the service owns the folders.
+      ${pkgs.coreutils}/bin/chown -R ${svcUser.name} ${stateDir}
+
+      # Ensure the scp helper is present
+      if [ -f ${stateDir}/scp-helper ]; then
+        ${pkgs.coreutils}/bin/rm ${stateDir}/scp-helper
+      fi
+      ln -s -t ${stateDir} ${scp-helper}/bin/scp-helper
+    '';
+
+    # Create a run script for the service.
+    inqRun = pkgs.writeShellScript "inquisitor-run.sh" ''
+      cd ${stateDir}
+      ${inquisitor}/bin/gunicorn \
+        --bind=localhost:24133 \
+        --workers=4 \
+        --timeout 120 \
+        --log-level debug \
+        "inquisitor.app:wsgi()"
+    '';
+
+    # Create a wrapper to execute the cli as the service user.
+    # (needed to avoid creating files in the state dir the service can't read)
+    inqWrapper = pkgs.writeShellScriptBin "inq" ''
+      sudo --user=${svcUser.name} ${inquisitor}/bin/inquisitor "$@"
+    '';
+  in mkIf cfg.enable
+  {
+    users.users.inquisitor = svcUser;
+    users.groups.inquisitor = {};
+
+    # Link the config in /etc to avoid envvar shenanigans
+    environment.etc."inquisitor.conf".source = inqConfig;
+
+    # Give all users the wrapper program.
+    environment.systemPackages = [ inqWrapper ];
+    # Allow the sudo in the cli wrapper without password.
+    security.sudo.extraRules = [{
+      commands = [{
+        command = "${inquisitor}/bin/inquisitor";
+        options = [ "NOPASSWD" ];
+      }];
+      runAs = svcUser.name;
+      groups = [ "users" ];
+    }];
+
+    # Run the setup script on activation.
+    system.activationScripts.inquisitorSetup = "${inqSetup}";
+
+    # Set up the inquisitor service.
+    systemd.services.inquisitor = {
+      description = "Inquisitor server";
+      script = "${inqRun}";
+      serviceConfig = {
+        User = svcUser.name;
+        Type = "simple";
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      enable = true;
+    };
+
+    # Set up the nginx reverse proxy to the server.
+    services.nginx.enable = true;
+    services.nginx.virtualHosts.inquisitorHost = {
+      listen = [ cfg.listen ];
+      locations."/".extraConfig = ''
+        access_log /var/log/nginx/access.inquisitor.log;
+        proxy_buffering off;
+        proxy_pass http://localhost:24133/;
+      '';
+    };
+    networking.firewall.allowedTCPPorts = [ cfg.listen.port ];
+
+    # Enable cron so the service can use it to schedule fetches.
+    services.cron.enable = true;
+  };
+}
+