feat: Support and test lair keystore in proc

Author: ThetaSinner

flake.lock

@@ -258,14 +258,26 @@
             inherit self system;
             holonix = holonix-0_3;
           });
+          holochain-0_3-with-in-proc-lair = pkgs.testers.runNixOSTest (import ./tests/holochain-0_3-with-in-proc-lair.nix {
+            inherit self system;
+            holonix = holonix-0_3;
+          });
           holochain-0_4-with-lair = pkgs.testers.runNixOSTest (import ./tests/holochain-0_4-with-lair.nix {
             inherit self system;
             holonix = holonix-0_4;
           });
+          holochain-0_4-with-in-proc-lair = pkgs.testers.runNixOSTest (import ./tests/holochain-0_4-with-in-proc-lair.nix {
+            inherit self system;
+            holonix = holonix-0_4;
+          });
           holochain-0_5-with-lair = pkgs.testers.runNixOSTest (import ./tests/holochain-0_5-with-lair.nix {
             inherit self system;
             holonix = holonix-0_5;
           });
+          holochain-0_5-with-in-proc-lair = pkgs.testers.runNixOSTest (import ./tests/holochain-0_5-with-in-proc-lair.nix {
+            inherit self system;
+            holonix = holonix-0_5;
+          });
           holochain-and-lair-side-by-side = pkgs.testers.runNixOSTest (import ./tests/holochain-and-lair-side-by-side.nix {
             inherit self system;
             holonix-0_3 = holonix-0_3;

flake.nix

@@ -7,6 +7,8 @@
 with lib; let
   # The input config for this service
   cfg = config.services.conductor-0_3;
+
+  keystore_type = (cfg.config.keystore or {}).type or "lair_server";
 in {
   options.services.conductor-0_3 = {
     enable = mkEnableOption "Holochain conductor";
@@ -40,11 +42,26 @@ in {
   config = mkIf cfg.enable {
     systemd.services.conductor-0_3 = {
       wantedBy = ["multi-user.target"]; # Start on boot
-      after = [
-        "network.target"
-        "lair-keystore-for-0_3.service"
-      ]; # Waits for network and lair started
-      bindsTo = ["lair-keystore-for-0_3.service"]; # Requires Lair, stop if Lair stops
+      after =
+        [
+          # Wait for the network to be ready before starting this service
+          "network.target"
+        ]
+        ++ (
+          if keystore_type == "lair_server"
+          then [
+            # When Lair is running as a separate service, wait for it to start
+            "lair-keystore-for-0_3.service"
+          ]
+          else []
+        );
+      bindsTo =
+        if keystore_type == "lair_server"
+        then [
+          # When Lair us running as a separate service, require Lair to be running, stop if Lair stops
+          "lair-keystore-for-0_3.service"
+        ]
+        else [];
       description = "Holochain conductor: ${cfg.id}";
       path = [cfg.package pkgs.yq];
       restartIfChanged = true;
@@ -56,10 +73,15 @@ in {
       };
 
       # TODO should be able to pass this to Holochain as an arg rather than needing to modify the file
-      preStart = ''
-        lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
-        yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
-      '';
+      preStart =
+        if keystore_type == "lair_server"
+        then ''
+          lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
+          yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
+        ''
+        else ''
+          cp /etc/holochain-${cfg.id}/conductor.yaml /var/lib/conductor-${cfg.id}/conductor.yaml
+        '';
 
       script = ''
         echo -n "${cfg.keystorePassphrase}" | holochain -c /var/lib/conductor-${cfg.id}/conductor.yaml --piped
@@ -100,10 +122,18 @@ in {
           ];
           tuning_params = {gossip_strategy = "sharded-gossip";};
         };
+        keystore =
+          {
+            type = keystore_type;
+          }
+          // (
+            if keystore_type == "lair_server_in_proc"
+            then {
+              lair_root = "/var/lib/conductor-${cfg.id}/keystore/";
+            }
+            else {}
+          );
       }
-      // cfg.config
-      // {
-        keystore.type = "lair_server";
-      });
+      // cfg.config);
   };
 }

modules/conductor-0_3.nix

@@ -7,6 +7,8 @@
 with lib; let
   # The input config for this service
   cfg = config.services.conductor-0_4;
+
+  keystore_type = (cfg.config.keystore or {}).type or "lair_server";
 in {
   options.services.conductor-0_4 = {
     enable = mkEnableOption "Holochain conductor";
@@ -40,11 +42,26 @@ in {
   config = mkIf cfg.enable {
     systemd.services.conductor-0_4 = {
       wantedBy = ["multi-user.target"]; # Start on boot
-      after = [
-        "network.target"
-        "lair-keystore-for-0_4.service"
-      ]; # Waits for network and lair started
-      bindsTo = ["lair-keystore-for-0_4.service"]; # Requires Lair, stop if Lair stops
+      after =
+        [
+          # Wait for the network to be ready before starting this service
+          "network.target"
+        ]
+        ++ (
+          if keystore_type == "lair_server"
+          then [
+            # When Lair is running as a separate service, wait for it to start
+            "lair-keystore-for-0_4.service"
+          ]
+          else []
+        );
+      bindsTo =
+        if keystore_type == "lair_server"
+        then [
+          # When Lair us running as a separate service, require Lair to be running, stop if Lair stops
+          "lair-keystore-for-0_4.service"
+        ]
+        else [];
       description = "Holochain conductor";
       path = [cfg.package pkgs.yq];
       restartIfChanged = true;
@@ -56,10 +73,15 @@ in {
       };
 
       # TODO should be able to pass this to Holochain as an arg rather than needing to modify the file
-      preStart = ''
-        lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
-        yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
-      '';
+      preStart =
+        if keystore_type == "lair_server"
+        then ''
+          lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
+          yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
+        ''
+        else ''
+          cp /etc/holochain-${cfg.id}/conductor.yaml /var/lib/conductor-${cfg.id}/conductor.yaml
+        '';
 
       script = ''
         echo -n "${cfg.keystorePassphrase}" | holochain -c /var/lib/conductor-${cfg.id}/conductor.yaml --piped
@@ -107,10 +129,18 @@ in {
           no_dpki = true;
           network_seed = "deepkey-main";
         };
+        keystore =
+          {
+            type = keystore_type;
+          }
+          // (
+            if keystore_type == "lair_server_in_proc"
+            then {
+              lair_root = "/var/lib/conductor-${cfg.id}/keystore/";
+            }
+            else {}
+          );
       }
-      // cfg.config
-      // {
-        keystore.type = "lair_server";
-      });
+      // cfg.config);
   };
 }

modules/conductor-0_4.nix

@@ -7,6 +7,8 @@
 with lib; let
   # The input config for this service
   cfg = config.services.conductor-0_5;
+
+  keystore_type = (cfg.config.keystore or {}).type or "lair_server";
 in {
   options.services.conductor-0_5 = {
     enable = mkEnableOption "Holochain conductor";
@@ -40,11 +42,26 @@ in {
   config = mkIf cfg.enable {
     systemd.services.conductor-0_5 = {
       wantedBy = ["multi-user.target"]; # Start on boot
-      after = [
-        "network.target"
-        "lair-keystore-for-0_5.service"
-      ]; # Waits for network and lair started
-      bindsTo = ["lair-keystore-for-0_5.service"]; # Requires Lair, stop if Lair stops
+      after =
+        [
+          # Wait for the network to be ready before starting this service
+          "network.target"
+        ]
+        ++ (
+          if keystore_type == "lair_server"
+          then [
+            # When Lair is running as a separate service, wait for it to start
+            "lair-keystore-for-0_5.service"
+          ]
+          else []
+        );
+      bindsTo =
+        if keystore_type == "lair_server"
+        then [
+          # When Lair us running as a separate service, require Lair to be running, stop if Lair stops
+          "lair-keystore-for-0_5.service"
+        ]
+        else [];
       description = "Holochain conductor";
       path = [cfg.package pkgs.yq];
       restartIfChanged = true;
@@ -56,10 +73,15 @@ in {
       };
 
       # TODO should be able to pass this to Holochain as an arg rather than needing to modify the file
-      preStart = ''
-        lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
-        yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
-      '';
+      preStart =
+        if keystore_type == "lair_server"
+        then ''
+          lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
+          yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
+        ''
+        else ''
+          cp /etc/holochain-${cfg.id}/conductor.yaml /var/lib/conductor-${cfg.id}/conductor.yaml
+        '';
 
       script = ''
         echo -n "${cfg.keystorePassphrase}" | holochain -c /var/lib/conductor-${cfg.id}/conductor.yaml --piped
@@ -107,10 +129,18 @@ in {
           no_dpki = true;
           network_seed = "deepkey-main";
         };
+        keystore =
+          {
+            type = keystore_type;
+          }
+          // (
+            if keystore_type == "lair_server_in_proc"
+            then {
+              lair_root = "/var/lib/conductor-${cfg.id}/keystore/";
+            }
+            else {}
+          );
       }
-      // cfg.config
-      // {
-        keystore.type = "lair_server";
-      });
+      // cfg.config);
   };
 }

modules/conductor-0_5.nix

@@ -0,0 +1,35 @@
+{
+  self,
+  system,
+  holonix,
+  ...
+}: {
+  name = "Holochain 0.3 With In Process Lair";
+
+  nodes = {
+    machine = {pkgs, ...}: {
+      imports = [
+        self.outputs.nixosModules.hcCommon
+        self.outputs.nixosModules.conductor-0_3
+      ];
+
+      services.conductor-0_3 = {
+        enable = true;
+        id = "test";
+        lairId = "test";
+        package = holonix.packages.${system}.holochain;
+        keystorePassphrase = "password";
+        config = {
+          keystore = {
+            type = "lair_server_in_proc";
+          };
+        };
+      };
+
+      system.stateVersion = "24.11";
+    };
+  };
+
+  # https://nixos.org/manual/nixos/stable/index.html#ssec-machine-objects
+  testScript = builtins.readFile ./holochain-0_3-with-in-proc-lair.py;
+}

tests/holochain-0_3-with-in-proc-lair.nix

@@ -0,0 +1,2 @@
+machine.wait_for_unit("default.target")
+machine.wait_for_unit("conductor-0_3.service")

tests/holochain-0_3-with-in-proc-lair.py

@@ -0,0 +1,36 @@
+{
+  self,
+  system,
+  holonix,
+  ...
+}: {
+  name = "Holochain 0.4 With Lair";
+
+  nodes = {
+    machine = {pkgs, ...}: {
+      imports = [
+        self.outputs.nixosModules.hcCommon
+        self.outputs.nixosModules.lair-keystore-for-0_4
+        self.outputs.nixosModules.conductor-0_4
+      ];
+
+      services.conductor-0_4 = {
+        enable = true;
+        id = "test";
+        lairId = "test";
+        package = holonix.packages.${system}.holochain;
+        keystorePassphrase = "password";
+        config = {
+          keystore = {
+            type = "lair_server_in_proc";
+          };
+        };
+      };
+
+      system.stateVersion = "24.11";
+    };
+  };
+
+  # https://nixos.org/manual/nixos/stable/index.html#ssec-machine-objects
+  testScript = builtins.readFile ./holochain-0_4-with-in-proc-lair.py;
+}

tests/holochain-0_4-with-in-proc-lair.nix

@@ -0,0 +1,2 @@
+machine.wait_for_unit("default.target")
+machine.wait_for_unit("conductor-0_4.service")

tests/holochain-0_4-with-in-proc-lair.py

@@ -0,0 +1,36 @@
+{
+  self,
+  system,
+  holonix,
+  ...
+}: {
+  name = "Holochain 0.5 With Lair";
+
+  nodes = {
+    machine = {pkgs, ...}: {
+      imports = [
+        self.outputs.nixosModules.hcCommon
+        self.outputs.nixosModules.lair-keystore-for-0_5
+        self.outputs.nixosModules.conductor-0_5
+      ];
+
+      services.conductor-0_5 = {
+        enable = true;
+        id = "test";
+        lairId = "test";
+        package = holonix.packages.${system}.holochain;
+        keystorePassphrase = "password";
+        config = {
+          keystore = {
+            type = "lair_server_in_proc";
+          };
+        };
+      };
+
+      system.stateVersion = "24.11";
+    };
+  };
+
+  # https://nixos.org/manual/nixos/stable/index.html#ssec-machine-objects
+  testScript = builtins.readFile ./holochain-0_5-with-in-proc-lair.py;
+}

tests/holochain-0_5-with-in-proc-lair.nix

@@ -0,0 +1,2 @@
+machine.wait_for_unit("default.target")
+machine.wait_for_unit("conductor-0_5.service")