moq-relay: init at v0.6.2

[therishidesai]

Description of changes

Create nixos module for moq-relay. moq-relay package comes from #342588

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[s0me1newithhand7s]

pls, try to not ping 3500+ ppls this time. 💀

[hraban]

pls, try to not ping 3500+ ppls this time. 💀

🤷 as one of the people getting pinged, at what point do we take responsibility for the fragility of this system? do we truly expect nobody to ever make the mistake of merging off staging and accidentally creating a PR into the default base branch offered by GH (master)? 😛 I know I've been there.

thanks for the contribution @therishidesai :)

[purrpurrn]

Perfect for gorgeous looks, can push asap @‌NixOS/‌nix‌pkgs‌-com‌mitters @‌Nix‌OS/nixpkgs-maintainers @‌Nix‌OS/n‌ixpkgs-v‌et‌

[therishidesai]

pls, try to not ping 3500+ ppls this time. 💀

Sorry about that

[nyabinary]

Can't you just have one PR and init the package in one commit and init the module in the other 2 commits?

[nyabinary]

IIRC this isn't required for packages in by-name.

[dotlambda]

Commit message should be moq-relay: init at 0.6.0.
Please add some hardening to the service.

[therishidesai]

Can't you just have one PR and init the package in one commit and init the module in the other 2 commits?

Was just basing this off of other packages where the package was added in an init PR and the nixos module was in another PR

[therishidesai]

Commit message should be moq-relay: init at 0.6.0. Please add some hardening to the service.

I had a separate PR to just add the moq-relay package. Is it fine that this PR has 2 commits? In the past I remember maintainers asking for single atomic commits in the PR

[therishidesai]

Please add some hardening to the service.

I'm not too familiar with the systemd hardening. Are there any services I should look at for hardening examples? What specifically makes sense for this server?

[dotlambda]

Are there any services I should look at for hardening examples?

Just grep for "hardening" in nixos/. Also see https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html.

[therishidesai]

Are there any services I should look at for hardening examples?

Just grep for "hardening" in nixos/. Also see https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html.

Added some new hardening and cleaned up users/groups similar to other server modules in nixos.