JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into staging

Browse Source
This commit is contained in:
Vladimír Čunát 2016-01-15 13:43:57 +01:00
commit 2d0893088f
769 changed files with 57706 additions and 23625 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

336
doc/functions.xml
View File

@ -291,4 +291,340 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
</para>
</section>
<section xml:id="sec-pkgs-dockerTools">
<title>pkgs.dockerTools</title>
<para>
<varname>pkgs.dockerTools</varname> is a set of functions for creating and
manipulating Docker images according to the
<link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#docker-image-specification-v100">
Docker Image Specification v1.0.0
</link>. Docker itself is not used to perform any of the operations done by these
functions.
</para>
<warning>
<para>
The <varname>dockerTools</varname> API is unstable and may be subject to
backwards-incompatible changes in the future.
</para>
</warning>
<section xml:id="ssec-pkgs-dockerTools-buildImage">
<title>buildImage</title>
<para>
This function is analogous to the <command>docker build</command> command,
in that can used to build a Docker-compatible repository tarball containing
a single image with one or multiple layers. As such, the result
is suitable for being loaded in Docker with <command>docker load</command>.
</para>
<para>
The parameters of <varname>buildImage</varname> with relative example values are
described below:
</para>
<example xml:id='ex-dockerTools-buildImage'><title>Docker build</title>
<programlisting>
buildImage {
name = "redis"; <co xml:id='ex-dockerTools-buildImage-1' />
tag = "latest"; <co xml:id='ex-dockerTools-buildImage-2' />
fromImage = someBaseImage; <co xml:id='ex-dockerTools-buildImage-3' />
fromImageName = null; <co xml:id='ex-dockerTools-buildImage-4' />
fromImageTag = "latest"; <co xml:id='ex-dockerTools-buildImage-5' />
contents = pkgs.redis; <co xml:id='ex-dockerTools-buildImage-6' />
runAsRoot = '' <co xml:id='ex-dockerTools-buildImage-runAsRoot' />
#!${stdenv.shell}
mkdir -p /data
'';
config = { <co xml:id='ex-dockerTools-buildImage-8' />
Cmd = [ "/bin/redis-server" ];
WorkingDir = "/data";
Volumes = {
"/data" = {};
};
};
}
</programlisting>
</example>
<para>The above example will build a Docker image <literal>redis/latest</literal>
from the given base image. Loading and running this image in Docker results in
<literal>redis-server</literal> being started automatically.
</para>
<calloutlist>
<callout arearefs='ex-dockerTools-buildImage-1'>
<para>
<varname>name</varname> specifies the name of the resulting image.
This is the only required argument for <varname>buildImage</varname>.
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-2'>
<para>
<varname>tag</varname> specifies the tag of the resulting image.
By default it's <literal>latest</literal>.
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-3'>
<para>
<varname>fromImage</varname> is the repository tarball containing the base image.
It must be a valid Docker image, such as exported by <command>docker save</command>.
By default it's <literal>null</literal>, which can be seen as equivalent
to <literal>FROM scratch</literal> of a <filename>Dockerfile</filename>.
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-4'>
<para>
<varname>fromImageName</varname> can be used to further specify
the base image within the repository, in case it contains multiple images.
By default it's <literal>null</literal>, in which case
<varname>buildImage</varname> will peek the first image available
in the repository.
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-5'>
<para>
<varname>fromImageTag</varname> can be used to further specify the tag
of the base image within the repository, in case an image contains multiple tags.
By default it's <literal>null</literal>, in which case
<varname>buildImage</varname> will peek the first tag available for the base image.
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-6'>
<para>
<varname>contents</varname> is a derivation that will be copied in the new
layer of the resulting image. This can be similarly seen as
<command>ADD contents/ /</command> in a <filename>Dockerfile</filename>.
By default it's <literal>null</literal>.
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-runAsRoot'>
<para>
<varname>runAsRoot</varname> is a bash script that will run as root
in an environment that overlays the existing layers of the base image with
the new resulting layer, including the previously copied
<varname>contents</varname> derivation.
This can be similarly seen as
<command>RUN ...</command> in a <filename>Dockerfile</filename>.
<note>
<para>
Using this parameter requires the <literal>kvm</literal>
device to be available.
</para>
</note>
</para>
</callout>
<callout arearefs='ex-dockerTools-buildImage-8'>
<para>
<varname>config</varname> is used to specify the configuration of the
containers that will be started off the built image in Docker.
The available options are listed in the
<link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#container-runconfig-field-descriptions">
Docker Image Specification v1.0.0
</link>.
</para>
</callout>
</calloutlist>
<para>
After the new layer has been created, its closure
(to which <varname>contents</varname>, <varname>config</varname> and
<varname>runAsRoot</varname> contribute) will be copied in the layer itself.
Only new dependencies that are not already in the existing layers will be copied.
</para>
<para>
At the end of the process, only one new single layer will be produced and
added to the resulting image.
</para>
<para>
The resulting repository will only list the single image
<varname>image/tag</varname>. In the case of <xref linkend='ex-dockerTools-buildImage'/>
it would be <varname>redis/latest</varname>.
</para>
<para>
It is possible to inspect the arguments with which an image was built
using its <varname>buildArgs</varname> attribute.
</para>
</section>
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">
<title>pullImage</title>
<para>
This function is analogous to the <command>docker pull</command> command,
in that can be used to fetch a Docker image from a Docker registry.
Currently only registry <literal>v1</literal> is supported.
By default <link xlink:href="https://hub.docker.com/">Docker Hub</link>
is used to pull images.
</para>
<para>
Its parameters are described in the example below:
</para>
<example xml:id='ex-dockerTools-pullImage'><title>Docker pull</title>
<programlisting>
pullImage {
imageName = "debian"; <co xml:id='ex-dockerTools-pullImage-1' />
imageTag = "jessie"; <co xml:id='ex-dockerTools-pullImage-2' />
imageId = null; <co xml:id='ex-dockerTools-pullImage-3' />
sha256 = "1bhw5hkz6chrnrih0ymjbmn69hyfriza2lr550xyvpdrnbzr4gk2"; <co xml:id='ex-dockerTools-pullImage-4' />
indexUrl = "https://index.docker.io"; <co xml:id='ex-dockerTools-pullImage-5' />
registryUrl = "https://registry-1.docker.io";
registryVersion = "v1";
}
</programlisting>
</example>
<calloutlist>
<callout arearefs='ex-dockerTools-pullImage-1'>
<para>
<varname>imageName</varname> specifies the name of the image to be downloaded,
which can also include the registry namespace (e.g. <literal>library/debian</literal>).
This argument is required.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-2'>
<para>
<varname>imageTag</varname> specifies the tag of the image to be downloaded.
By default it's <literal>latest</literal>.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-3'>
<para>
<varname>imageId</varname>, if specified this exact image will be fetched, instead
of <varname>imageName/imageTag</varname>. However, the resulting repository
will still be named <varname>imageName/imageTag</varname>.
By default it's <literal>null</literal>.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-4'>
<para>
<varname>sha256</varname> is the checksum of the whole fetched image.
This argument is required.
</para>
<note>
<para>The checksum is computed on the unpacked directory, not on the final tarball.</para>
</note>
</callout>
<callout arearefs='ex-dockerTools-pullImage-5'>
<para>
In the above example the default values are shown for the variables <varname>indexUrl</varname>,
<varname>registryUrl</varname> and <varname>registryVersion</varname>.
Hence by default the Docker.io registry is used to pull the images.
</para>
</callout>
</calloutlist>
</section>
<section xml:id="ssec-pkgs-dockerTools-exportImage">
<title>exportImage</title>
<para>
This function is analogous to the <command>docker export</command> command,
in that can used to flatten a Docker image that contains multiple layers.
It is in fact the result of the merge of all the layers of the image.
As such, the result is suitable for being imported in Docker
with <command>docker import</command>.
</para>
<note>
<para>
Using this function requires the <literal>kvm</literal>
device to be available.
</para>
</note>
<para>
The parameters of <varname>exportImage</varname> are the following:
</para>
<example xml:id='ex-dockerTools-exportImage'><title>Docker export</title>
<programlisting>
exportImage {
fromImage = someLayeredImage;
fromImageName = null;
fromImageTag = null;
name = someLayeredImage.name;
}
</programlisting>
</example>
<para>
The parameters relative to the base image have the same synopsis as
described in <xref linkend='ssec-pkgs-dockerTools-buildImage'/>, except that
<varname>fromImage</varname> is the only required argument in this case.
</para>
<para>
The <varname>name</varname> argument is the name of the derivation output,
which defaults to <varname>fromImage.name</varname>.
</para>
</section>
<section xml:id="ssec-pkgs-dockerTools-shadowSetup">
<title>shadowSetup</title>
<para>
This constant string is a helper for setting up the base files for managing
users and groups, only if such files don't exist already.
It is suitable for being used in a
<varname>runAsRoot</varname> <xref linkend='ex-dockerTools-buildImage-runAsRoot'/> script for cases like
in the example below:
</para>
<example xml:id='ex-dockerTools-shadowSetup'><title>Shadow base files</title>
<programlisting>
buildImage {
name = "shadow-basic";
runAsRoot = ''
#!${stdenv.shell}
${shadowSetup}
groupadd -r redis
useradd -r -g redis redis
mkdir /data
chown redis:redis /data
'';
}
</programlisting>
</example>
<para>
Creating base files like <literal>/etc/passwd</literal> or
<literal>/etc/login.defs</literal> are necessary for shadow-utils to
manipulate users and groups.
</para>
</section>
</section>
</chapter>

5
doc/meta.xml
View File

@ -112,11 +112,6 @@ meta-attributes</title>
package.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>version</varname></term>
<listitem><para>Package version.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>branch</varname></term>
<listitem><para>Release branch. Used to specify that a package is not

2
doc/package-notes.xml
View File

@ -125,7 +125,7 @@ $ make menuconfig ARCH=<replaceable>arch</replaceable></screen>
<listitem>
<para>It may be that the new kernel requires updating the external
kernel modules and kernel-dependent packages listed in the
<varname>kernelPackagesFor</varname> function in
<varname>linuxPackagesFor</varname> function in
<filename>all-packages.nix</filename> (such as the NVIDIA drivers,
AUFS, etc.). If the updated packages arent backwards compatible
with older kernels, you may need to keep the older versions

2
lib/maintainers.nix
View File

@ -38,6 +38,7 @@
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>";
balajisivaraman = "Balaji Sivaraman<sivaraman.balaji@gmail.com>";
Baughn = "Svein Ove Aas <sveina@gmail.com>";
bbenoist = "Baptist BENOIST <return_0@live.com>";
bcarrell = "Brandon Carrell <brandoncarrell@gmail.com>";
bcdarwin = "Ben Darwin <bcdarwin@gmail.com>";
@ -264,7 +265,6 @@
robbinch = "Robbin C. <robbinch33@gmail.com>";
robgssp = "Rob Glossop <robgssp@gmail.com>";
roconnor = "Russell O'Connor <roconnor@theorem.ca>";
roelof = "Roelof Wobben <rwobben@hotmail.com>";
romildo = "José Romildo Malaquias <malaquias@gmail.com>";
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";

10
lib/strings.nix
View File

@ -189,9 +189,13 @@ rec {
versionAtLeast = v1: v2: !versionOlder v1 v2;
# Get the version of the specified derivation, as specified in its
# name attribute.
getVersion = drv: (builtins.parseDrvName drv.name).version;
# This function takes an argument that's either a derivation or a
# derivation's "name" attribute and extracts the version part from that
# argument. For example:
#
# lib.getVersion "youtube-dl-2016.01.01" ==> "2016.01.01"
# lib.getVersion pkgs.youtube-dl ==> "2016.01.01"
getVersion = x: (builtins.parseDrvName (x.name or x)).version;
# Extract name with version from URL. Ask for separator which is

16
nixos/doc/manual/configuration/wireless.xml
View File

@ -18,8 +18,20 @@ NixOS will start wpa_supplicant for you if you enable this setting:
networking.wireless.enable = true;
</programlisting>
NixOS currently does not generate wpa_supplicant's
configuration file, <literal>/etc/wpa_supplicant.conf</literal>. You should edit this file
NixOS lets you specify networks for wpa_supplicant declaratively:
<programlisting>
networking.wireless.networks = {
echelon = {
psk = "abcdefgh";
};
"free.wifi" = {};
}
</programlisting>
Be aware that keys will be written to the nix store in plaintext!
When no networks are set, it will default to using a configuration file at
<literal>/etc/wpa_supplicant.conf</literal>. You should edit this file
yourself to define wireless networks, WPA keys and so on (see
wpa_supplicant.conf(5)).
</para>

30
nixos/doc/manual/release-notes/rl-unstable.xml
View File

@ -24,6 +24,17 @@ nixos.path = ./nixpkgs-unstable-2015-12-06/nixos;
<xref linkend="module-misc-nixos" /></para>
</listitem>
<listitem>
<para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
The package and attribute names are plain <literal>firefox</literal>
or <literal>midori</literal>, etc. Backward-compatibility attributes were set up,
but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update
your current <literal>firefox-with-plugins</literal>;
you have to uninstall it and install <literal>firefox</literal> instead.
More discussion is <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12299">
on the PR</link>. </para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:
@ -47,6 +58,12 @@ following incompatible changes:</para>
</para>
</listitem>
<listitem>
<para><literal>jobs</literal> NixOS option has been removed. It served as
compatibility layer between Upstart jobs and SystemD services. All services
have been rewritten to use <literal>systemd.services</literal></para>
</listitem>
<listitem>
<para><command>wmiimenu</command> is removed, as it has been
removed by the developers upstream. Use <command>wimenu</command>
@ -130,4 +147,17 @@ nginx.override {
</listitem>
</itemizedlist>
<para>Other notable improvements:
<itemizedlist>
<listitem>
<para>The <command>command-not-found</command> hook was extended.
Apart from <literal>$NIX_AUTO_INSTALL</literal> variable,
it newly also checks for <literal>$NIX_AUTO_RUN</literal>
which causes it to directly run the missing commands via
<command>nix-shell</command> (without installing anything). </para>
</listitem>
</itemizedlist></para>
</section>

5
nixos/modules/config/swap.nix
View File

@ -128,6 +128,7 @@ in
wantedBy = [ "${realDevice'}.swap" ];
before = [ "${realDevice'}.swap" ];
path = [ pkgs.utillinux ] ++ optional sw.randomEncryption pkgs.cryptsetup;
script =
''
${optionalString (sw.size != null) ''
@ -145,11 +146,13 @@ in
mkswap ${sw.realDevice}
''}
'';
unitConfig.RequiresMountsFor = [ "${dirOf sw.device}" ];
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = sw.randomEncryption;
serviceConfig.ExecStop = optionalString sw.randomEncryption "cryptsetup luksClose ${sw.deviceName}";
serviceConfig.ExecStop = optionalString sw.randomEncryption "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}";
restartIfChanged = false;
};
in listToAttrs (map createSwapDevice (filter (sw: sw.size != null || sw.randomEncryption) config.swapDevices));

15
nixos/modules/hardware/video/encoder/wis-go7007.nix
View File

@ -1,15 +0,0 @@
{pkgs, config, ...}:
let
wis_go7007 = config.boot.kernelPackages.wis_go7007;
in
{
boot.extraModulePackages = [ wis_go7007 ];
environment.systemPackages = [ wis_go7007 ];
hardware.firmware = [ wis_go7007 ];
services.udev.packages = [ wis_go7007 ];
}

2
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -16,7 +16,7 @@ with lib;
];
# ISO naming.
isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixosVersion}-${pkgs.stdenv.system}.iso";
isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixosLabel}-${pkgs.stdenv.system}.iso";
isoImage.volumeID = substring 0 11 "NIXOS_ISO";

2
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -39,7 +39,7 @@ let
DEFAULT boot
LABEL boot
MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel}
MENU LABEL NixOS ${config.system.nixosLabel}${config.isoImage.appendToMenuLabel}
LINUX /boot/bzImage
APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
INITRD /boot/initrd

3
nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -149,8 +149,7 @@ in
# not be started by default on the installation CD because the
# default root password is empty.
services.openssh.enable = true;
jobs.openssh.startOn = lib.mkOverride 50 "";
systemd.services.openssh.wantedBy = lib.mkOverride 50 [];
boot.loader.grub.enable = false;
boot.loader.generationsDir.enable = false;

2
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -164,7 +164,7 @@ in
# not be started by default on the installation CD because the
# default root password is empty.
services.openssh.enable = true;
jobs.openssh.startOn = lib.mkOverride 50 "";
systemd.services.openssh.wantedBy = lib.mkOverride 50 [];
# cpufrequtils fails to build on non-pc
powerManagement.enable = false;

187
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -19,8 +19,6 @@ rollback=
upgrade=
repair=
profile=/nix/var/nix/profiles/system
buildHost=
targetHost=
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
@ -75,14 +73,6 @@ while [ "$#" -gt 0 ]; do
fi
shift 1
;;
--build-host|h)
buildHost="$1"
shift 1
;;
--target-host|t)
targetHost="$1"
shift 1
;;
*)
echo "$0: unknown option \`$i'"
exit 1
@ -90,90 +80,6 @@ while [ "$#" -gt 0 ]; do
esac
done
if [ -z "$buildHost" -a -n "$targetHost" ]; then
buildHost="$targetHost"
fi
if [ "$targetHost" = localhost ]; then
targetHost=
fi
if [ "$buildHost" = localhost ]; then
buildHost=
fi
buildHostCmd() {
if [ -z "$buildHost" ]; then
"$@"
elif [ -n "$remoteNix" ]; then
ssh $SSHOPTS "$buildHost" PATH="$remoteNix:$PATH" "$@"
else
ssh $SSHOPTS "$buildHost" "$@"
fi
}
targetHostCmd() {
if [ -z "$targetHost" ]; then
"$@"
else
ssh $SSHOPTS "$targetHost" "$@"
fi
}
copyToTarget() {
if ! [ "$targetHost" = "$buildHost" ]; then
if [ -z "$targetHost" ]; then
NIX_SSHOPTS=$SSH_OPTS nix-copy-closure --from "$buildHost" "$1"
elif [ -z "$buildHost" ]; then
NIX_SSHOPTS=$SSH_OPTS nix-copy-closure --to "$targetHost" "$1"
else
buildHostCmd nix-copy-closure --to "$targetHost" "$1"
fi
fi
}
nixBuild() {
if [ -z "$buildHost" ]; then
nix-build "$@"
else
local instArgs=()
local buildArgs=()
while [ "$#" -gt 0 ]; do
local i="$1"; shift 1
case "$i" in
-o)
local out="$1"; shift 1
buildArgs+=("--add-root" "$out" "--indirect")
;;
-A)
local j="$1"; shift 1
instArgs+=("$i" "$j")
;;
-I)
# We don't want this in buildArgs
shift 1
;;
"<"*) # nix paths
instArgs+=("$i")
;;
*)
buildArgs+=("$i")
;;
esac
done
local drv="$(nix-instantiate "${instArgs[@]}" "${extraBuildFlags[@]}")"
if [ -a "$drv" ]; then
NIX_SSHOPTS=$SSH_OPTS nix-copy-closure --to "$buildHost" "$drv"
buildHostCmd nix-store -r "$drv" "${buildArgs[@]}"
else
echo "nix-instantiate failed"
exit 1
fi
fi
}
if [ -z "$action" ]; then showSyntax; fi
# Only run shell scripts from the Nixpkgs tree if the action is
@ -222,16 +128,7 @@ fi
tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX)
SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60"
cleanup() {
for ctrl in "$tmpDir"/ssh-*; do
ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true
done
rm -rf "$tmpDir"
}
trap cleanup EXIT
trap 'rm -rf "$tmpDir"' EXIT
# If the Nix daemon is running, then use it. This allows us to use
@ -253,56 +150,30 @@ if [ -n "$rollback" -o "$action" = dry-build ]; then
buildNix=
fi
prebuiltNix() {
machine="$1"
if [ "$machine" = x86_64 ]; then
return /nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
elif [[ "$machine" =~ i.86 ]]; then
return /nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
else
echo "$0: unsupported platform"
exit 1
fi
}
remotePATH=
if [ -n "$buildNix" ]; then
echo "building Nix..." >&2
nixDrv=
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nixdrv --indirect -A config.nix.package "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nixdrv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nixdrv --indirect -A nix "${extraBuildFlags[@]}")"; then
nixStorePath="$(prebuiltNix "$(uname -m)")"
if ! nix-build '<nixpkgs/nixos>' -A config.nix.package -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
if ! nix-build '<nixpkgs/nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
machine="$(uname -m)"
if [ "$machine" = x86_64 ]; then
nixStorePath=/nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
elif [[ "$machine" =~ i.86 ]]; then
nixStorePath=/nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
else
echo "$0: unsupported platform"
exit 1
fi
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
--option extra-binary-caches https://cache.nixos.org/; then
echo "warning: don't know how to get latest Nix" >&2
fi
# Older version of nix-store -r don't support --add-root.
[ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix
if [ -n "$buildHost" ]; then
remoteNixStorePath="$(prebuiltNix "$(buildHostCmd uname -m)")"
remoteNix="$remoteNixStorePath/bin"
if ! buildHostCmd nix-store -r $remoteNixStorePath \
--option extra-binary-caches https://cache.nixos.org/ >/dev/null; then
remoteNix=
echo "warning: don't know how to get latest Nix" >&2
fi
fi
fi
fi
fi
if [ -a "$nixDrv" ]; then
nix-store -r "$nixDrv" --add-root $tmpDir/nix --indirect >/dev/null
if [ -n "$buildHost" ]; then
nix-copy-closure --to "$buildHost" "$nixDrv"
# The nix build produces multiple outputs, we add them all to the remote path
for p in $(buildHostCmd nix-store -r "$(readlink "$nixDrv")" "${buildArgs[@]}"); do
remoteNix="$remoteNix${remoteNix:+:}$p/bin"
done
fi
fi
PATH="$tmpDir/nix/bin:$PATH"
PATH=$tmpDir/nix/bin:$PATH
fi
@ -329,35 +200,31 @@ fi
if [ -z "$rollback" ]; then
echo "building the system configuration..." >&2
if [ "$action" = switch -o "$action" = boot ]; then
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A system "${extraBuildFlags[@]}")"
copyToTarget "$pathToConfig"
targetHostCmd nix-env -p "$profile" --set "$pathToConfig"
nix-env "${extraBuildFlags[@]}" -p "$profile" -f '<nixpkgs/nixos>' --set -A system
pathToConfig="$profile"
elif [ "$action" = test -o "$action" = build -o "$action" = dry-build -o "$action" = dry-activate ]; then
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A system -k "${extraBuildFlags[@]}")"
nix-build '<nixpkgs/nixos>' -A system -k "${extraBuildFlags[@]}" > /dev/null
pathToConfig=./result
elif [ "$action" = build-vm ]; then
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A vm -k "${extraBuildFlags[@]}")"
nix-build '<nixpkgs/nixos>' -A vm -k "${extraBuildFlags[@]}" > /dev/null
pathToConfig=./result
elif [ "$action" = build-vm-with-bootloader ]; then
pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A vmWithBootLoader -k "${extraBuildFlags[@]}")"
nix-build '<nixpkgs/nixos>' -A vmWithBootLoader -k "${extraBuildFlags[@]}" > /dev/null
pathToConfig=./result
else
showSyntax
fi
# Copy build to target host if we haven't already done it
if ! [ "$action" = switch -o "$action" = boot ]; then
copyToTarget "$pathToConfig"
fi
else # [ -n "$rollback" ]
if [ "$action" = switch -o "$action" = boot ]; then
targetHostCmd nix-env --rollback -p "$profile"
nix-env --rollback -p "$profile"
pathToConfig="$profile"
elif [ "$action" = test -o "$action" = build ]; then
systemNumber=$(
targetHostCmd nix-env -p "$profile" --list-generations |
nix-env -p "$profile" --list-generations |
sed -n '/current/ {g; p;}; s/ *\([0-9]*\).*/\1/; h'
)
pathToConfig="$profile"-${systemNumber}-link
if [ -z "$targetHost" ]; then
ln -sT "$pathToConfig" ./result
fi
ln -sT "$profile"-${systemNumber}-link ./result
pathToConfig=./result
else
showSyntax
fi
@ -367,7 +234,7 @@ fi
# If we're not just building, then make the new configuration the boot
# default and/or activate it now.
if [ "$action" = switch -o "$action" = boot -o "$action" = test -o "$action" = dry-activate ]; then
if ! targetHostCmd $pathToConfig/bin/switch-to-configuration "$action"; then
if ! $pathToConfig/bin/switch-to-configuration "$action"; then
echo "warning: error(s) occurred while switching to the new configuration" >&2
exit 1
fi

14
nixos/modules/misc/ids.nix
View File

@ -136,7 +136,7 @@
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
notbit = 111;
#notbit = 111; # unused
ngircd = 112;
btsync = 113;
minecraft = 114;
@ -240,6 +240,11 @@
pumpio = 216;
nm-openvpn = 217;
mathics = 218;
ejabberd = 219;
postsrsd = 220;
opendkim = 221;
dspam = 222;
gale = 223;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -356,7 +361,7 @@
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
notbit = 111;
#notbit = 111; # unused
#ngircd = 112; # unused
btsync = 113;
#minecraft = 114; # unused
@ -457,6 +462,11 @@
pumpio = 216;
nm-openvpn = 217;
mathics = 218;
ejabberd = 219;
postsrsd = 220;
opendkim = 221;
dspam = 222;
gale = 223;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

72
nixos/modules/misc/version.nix
View File

@ -2,13 +2,21 @@
with lib;
let
cfg = config.system;
releaseFile = "${toString pkgs.path}/.version";
suffixFile = "${toString pkgs.path}/.version-suffix";
revisionFile = "${toString pkgs.path}/.git-revision";
in
{
options = {
options.system = {
system.stateVersion = mkOption {
stateVersion = mkOption {
type = types.str;
default = config.system.nixosRelease;
default = cfg.nixosRelease;
description = ''
Every once in a while, a new NixOS release may change
configuration defaults in a way incompatible with stateful
@ -22,38 +30,63 @@ with lib;
'';
};
system.nixosVersion = mkOption {
nixosLabel = mkOption {
type = types.str;
description = ''
NixOS version name to be used in the names of generated
outputs and boot labels.
If you ever wanted to influence the labels in your GRUB menu,
this is option is for you.
Can be set directly or with <envar>NIXOS_LABEL</envar>
environment variable for <command>nixos-rebuild</command>,
e.g.:
<screen>
#!/bin/sh
today=`date +%Y%m%d`
branch=`(cd nixpkgs ; git branch 2>/dev/null | sed -n '/^\* / { s|^\* ||; p; }')`
revision=`(cd nixpkgs ; git rev-parse HEAD)`
export NIXOS_LABEL="$today.$branch-''${revision:0:7}"
nixos-rebuild switch</screen>
'';
};
nixosVersion = mkOption {
internal = true;
type = types.str;
description = "NixOS version.";
};
system.nixosRelease = mkOption {
nixosRelease = mkOption {
readOnly = true;
type = types.str;
default = readFile "${toString pkgs.path}/.version";
default = readFile releaseFile;
description = "NixOS release.";
};
system.nixosVersionSuffix = mkOption {
nixosVersionSuffix = mkOption {
internal = true;
type = types.str;
default = if pathExists suffixFile then readFile suffixFile else "pre-git";
description = "NixOS version suffix.";
};
system.nixosRevision = mkOption {
nixosRevision = mkOption {
internal = true;
type = types.str;
default = if pathExists revisionFile then readFile revisionFile else "master";
description = "NixOS Git revision hash.";
};
system.nixosCodeName = mkOption {
nixosCodeName = mkOption {
readOnly = true;
type = types.str;
description = "NixOS release code name.";
};
system.defaultChannel = mkOption {
defaultChannel = mkOption {
internal = true;
type = types.str;
default = https://nixos.org/channels/nixos-unstable;
@ -64,18 +97,15 @@ with lib;
config = {
system.nixosVersion = mkDefault (config.system.nixosRelease + config.system.nixosVersionSuffix);
system = {
# These defaults are set here rather than up there so that
# changing them would not rebuild the manual
nixosLabel = mkDefault (maybeEnv "NIXOS_LABEL" cfg.nixosVersion);
nixosVersion = mkDefault (maybeEnv "NIXOS_VERSION" (cfg.nixosRelease + cfg.nixosVersionSuffix));
system.nixosVersionSuffix =
let suffixFile = "${toString pkgs.path}/.version-suffix"; in
mkDefault (if pathExists suffixFile then readFile suffixFile else "pre-git");
system.nixosRevision =
let fn = "${toString pkgs.path}/.git-revision"; in
mkDefault (if pathExists fn then readFile fn else "master");
# Note: code names must only increase in alphabetical order.
system.nixosCodeName = "Emu";
# Note: code names must only increase in alphabetical order.
nixosCodeName = "Emu";
};
# Generate /etc/os-release. See
# http://0pointer.de/public/systemd-man/os-release.html for the

12
nixos/modules/module-list.nix
View File

@ -64,6 +64,7 @@
./programs/dconf.nix
./programs/environment.nix
./programs/freetds.nix
./programs/fish.nix
./programs/ibus.nix
./programs/kbdlight.nix
./programs/light.nix
@ -83,6 +84,7 @@
./security/acme.nix
./security/apparmor.nix
./security/apparmor-suid.nix
./security/audit.nix
./security/ca.nix
./security/duosec.nix
./security/grsecurity.nix
@ -98,8 +100,6 @@
./services/amqp/activemq/default.nix
./services/amqp/rabbitmq.nix
./services/audio/alsa.nix
# Disabled as fuppes no longer builds.
# ./services/audio/fuppes.nix
./services/audio/icecast.nix
./services/audio/liquidsoap.nix
./services/audio/mpd.nix
@ -162,6 +162,7 @@
./services/hardware/bluetooth.nix
./services/hardware/brltty.nix
./services/hardware/freefall.nix
./services/hardware/irqbalance.nix
./services/hardware/nvidia-optimus.nix
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
@ -182,12 +183,15 @@
./services/logging/syslogd.nix
./services/logging/syslog-ng.nix
./services/mail/dovecot.nix
./services/mail/dspam.nix
./services/mail/exim.nix
./services/mail/freepops.nix
./services/mail/mail.nix
./services/mail/mlmmj.nix
./services/mail/opendkim.nix
./services/mail/opensmtpd.nix
./services/mail/postfix.nix
./services/mail/postsrsd.nix
./services/mail/spamassassin.nix
./services/misc/apache-kafka.nix
./services/misc/autofs.nix
@ -297,6 +301,7 @@
./services/networking/firewall.nix
./services/networking/flashpolicyd.nix
./services/networking/freenet.nix
./services/networking/gale.nix
./services/networking/gateone.nix
./services/networking/git-daemon.nix
./services/networking/gnunet.nix
@ -322,7 +327,6 @@
./services/networking/networkmanager.nix
./services/networking/ngircd.nix
./services/networking/nix-serve.nix
./services/networking/notbit.nix
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
@ -331,6 +335,7 @@
./services/networking/openfire.nix
./services/networking/openntpd.nix
./services/networking/openvpn.nix
./services/networking/ostinato.nix
./services/networking/polipo.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
@ -475,7 +480,6 @@
./system/boot/timesyncd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/upstart/upstart.nix
./tasks/bcache.nix
./tasks/cpu-freq.nix
./tasks/encrypted-devices.nix

2
nixos/modules/profiles/installation-device.nix
View File

@ -51,7 +51,7 @@ with lib;
# Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = mkDefault true;
jobs.wpa_supplicant.startOn = mkOverride 50 "";
systemd.services.wpa_supplicant.wantedBy = mkOverride 50 [];
# Tell the Nix evaluator to garbage collect more aggressively.
# This is desirable in memory-constrained environments that don't

2
nixos/modules/programs/cdemu.nix
View File

@ -38,7 +38,7 @@ in {
config = mkIf cfg.enable {
boot = {
extraModulePackages = [ pkgs.linuxPackages.vhba ];
extraModulePackages = [ config.boot.kernelPackages.vhba ];
kernelModules = [ "vhba" ];
};

114
nixos/modules/programs/fish.nix Normal file
View File

@ -0,0 +1,114 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfge = config.environment;
cfg = config.programs.fish;
fishAliases = concatStringsSep "\n" (
mapAttrsFlatten (k: v: "alias ${k} '${v}'") cfg.shellAliases
);
in
{
options = {
programs.fish = {
enable = mkOption {
default = false;
description = ''
Whether to configure fish as an interactive shell.
'';
type = types.bool;
};
shellAliases = mkOption {
default = config.environment.shellAliases;
description = ''
Set of aliases for fish shell. See <option>environment.shellAliases</option>
for an option format description.
'';
type = types.attrs;
};
shellInit = mkOption {
default = "";
description = ''
Shell script code called during fish shell initialisation.
'';
type = types.lines;
};
loginShellInit = mkOption {
default = "";
description = ''
Shell script code called during fish login shell initialisation.
'';
type = types.lines;
};
interactiveShellInit = mkOption {
default = "";
description = ''
Shell script code called during interactive fish shell initialisation.
'';
type = types.lines;
};
promptInit = mkOption {
default = "";
description = ''
Shell script code used to initialise fish prompt.
'';
type = types.lines;
};
};
};
config = mkIf cfg.enable {
environment.etc."fish/foreign-env/shellInit".text = cfge.shellInit;
environment.etc."fish/foreign-env/loginShellInit".text = cfge.loginShellInit;
environment.etc."fish/foreign-env/interactiveShellInit".text = cfge.interactiveShellInit;
environment.etc."fish/config.fish".text = ''
# /etc/fish/config.fish: DO NOT EDIT -- this file has been generated automatically.
set fish_function_path $fish_function_path ${pkgs.fish-foreign-env}/share/fish-foreign-env/functions
fenv source ${config.system.build.setEnvironment} 1> /dev/null
fenv source /etc/fish/foreign-env/shellInit 1> /dev/null
${cfg.shellInit}
if builtin status --is-login
fenv source /etc/fish/foreign-env/loginShellInit 1> /dev/null
${cfg.loginShellInit}
end
if builtin status --is-interactive
${fishAliases}
fenv source /etc/fish/foreign-env/interactiveShellInit 1> /dev/null
${cfg.interactiveShellInit}
end
'';
environment.systemPackages = [ pkgs.fish ];
environment.shells = [
"/run/current-system/sw/bin/fish"
"/var/run/current-system/sw/bin/fish"
"${pkgs.fish}/bin/fish"
];
};
}

14
nixos/modules/rename.nix
View File

@ -14,6 +14,20 @@ with lib;
(mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ])
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ])
(mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
(mkRenamedOptionModule [ "services" "dockerRegistry" "host" ] [ "services" "dockerRegistry" "listenAddress" ])
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
(mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])
(mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ])
(mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ])
(mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ])
(mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])

12
nixos/modules/security/acme.nix
View File

@ -37,6 +37,12 @@ let
description = "Group running the ACME client.";
};
allowKeysForGroup = mkOption {
type = types.bool;
default = false;
description = "Give read permissions to the specified group to read SSL private certificates.";
};
postRun = mkOption {
type = types.lines;
default = "";
@ -137,6 +143,7 @@ in
systemd.services = flip mapAttrs' cfg.certs (cert: data:
let
cpath = "${cfg.directory}/${cert}";
rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins
@ -159,9 +166,10 @@ in
preStart = ''
mkdir -p '${cfg.directory}'
if [ ! -d '${cpath}' ]; then
mkdir -m 700 '${cpath}'
chown '${data.user}:${data.group}' '${cpath}'
mkdir '${cpath}'
fi
chmod ${rights} '${cpath}'
chown -R '${data.user}:${data.group}' '${cpath}'
'';
script = ''
cd '${cpath}'

109
nixos/modules/security/audit.nix Normal file
View File

@ -0,0 +1,109 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.security.audit;
failureModes = {
silent = 0;
printk = 1;
panic = 2;
};
# TODO: it seems like people like their rules to be somewhat secret, yet they will not be if
# put in the store like this. At the same time, it doesn't feel like a huge deal and working
# around that is a pain so I'm leaving it like this for now.
startScript = pkgs.writeScript "audit-start" ''
#!${pkgs.stdenv.shell} -eu
# Clear out any rules we may start with
auditctl -D
# Put the rules in a temporary file owned and only readable by root
rulesfile="$(mktemp)"
${concatMapStrings (x: "echo '${x}' >> $rulesfile\n") cfg.rules}
# Apply the requested rules
auditctl -R "$rulesfile"
# Enable and configure auditing
auditctl \
-e ${if cfg.enable == "lock" then "2" else "1"} \
-b ${toString cfg.backlogLimit} \
-f ${toString failureModes.${cfg.failureMode}} \
-r ${toString cfg.rateLimit}
'';
stopScript = pkgs.writeScript "audit-stop" ''
#!${pkgs.stdenv.shell} -eu
# Clear the rules
auditctl -D
# Disable auditing
auditctl -e 0
'';
in {
options = {
security.audit = {
enable = mkOption {
type = types.enum [ false true "lock" ];
default = true; # The kernel seems to enable it by default with no rules anyway
description = ''
Whether to enable the Linux audit system. The special `lock' value can be used to
enable auditing and prevent disabling it until a restart. Be careful about locking
this, as it will prevent you from changing your audit configuration until you
restart. If possible, test your configuration using build-vm beforehand.
'';
};
failureMode = mkOption {
type = types.enum [ "silent" "printk" "panic" ];
default = "printk";
description = "How to handle critical errors in the auditing system";
};
backlogLimit = mkOption {
type = types.int;
default = 64; # Apparently the kernel default
description = ''
The maximum number of outstanding audit buffers allowed; exceeding this is
considered a failure and handled in a manner specified by failureMode.
'';
};
rateLimit = mkOption {
type = types.int;
default = 0;
description = ''
The maximum messages per second permitted before triggering a failure as
specified by failureMode. Setting it to zero disables the limit.
'';
};
rules = mkOption {
type = types.listOf types.str; # (types.either types.str (types.submodule rule));
default = [];
example = [ "-a exit,always -F arch=b64 -S execve" ];
description = ''
The ordered audit rules, with each string appearing as one line of the audit.rules file.
'';
};
};
};
config = mkIf (cfg.enable == "lock" || cfg.enable) {
systemd.services.audit = {
description = "pseudo-service representing the kernel audit state";
wantedBy = [ "basic.target" ];
path = [ pkgs.audit ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "@${startScript} audit-start";
ExecStop = "@${stopScript} audit-stop";
};
};
};
}

115
nixos/modules/services/audio/fuppes.nix
View File

@ -1,115 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.fuppesd;
in
with lib;
{
options = {
services.fuppesd = {
enable = mkOption {
default = false;
type = with types; bool;
description = ''
Enables Fuppes (UPnP A/V Media Server). Can be used to watch
photos, video and listen to music from a phone/tv connected to the
local network.
'';
};
name = mkOption {
example = "Media Center";
type = types.str;
description = ''
Enables Fuppes (UPnP A/V Media Server). Can be used to watch
photos, video and listen to music from a phone/tv connected to the
local network.
'';
};
log = {
level = mkOption {
default = 0;
example = 3;
type = with types; uniq int;
description = ''
Logging level of fuppes, An integer between 0 and 3.
'';
};
file = mkOption {
default = "/var/log/fuppes.log";
type = types.str;
description = ''
File which will contains the log produced by the daemon.
'';
};
};
config = mkOption {
example = "/etc/fuppes/fuppes.cfg";
type = types.str;
description = ''
Mutable configuration file which can be edited with the web
interface. Due to possible modification, double quote the full
path of the filename stored in your filesystem to avoid attempts
to modify the content of the nix store.
'';
};
vfolder = mkOption {
example = literalExample "/etc/fuppes/vfolder.cfg";
description = ''
XML file describing the layout of virtual folder visible by the
client.
'';
};
database = mkOption {
default = "/var/lib/fuppes/fuppes.db";
type = types.str;
description = ''
Database file which index all shared files.
'';
};
## At the moment, no plugins are packaged.
/*
plugins = mkOption {
type = with types; listOf package;
description = ''
List of Fuppes plugins.
'';
};
*/
user = mkOption {
default = "root"; # The default is not secure.
example = "fuppes";
type = types.str;
description = ''
Name of the user which own the configuration files and under which
the fuppes daemon will be executed.
'';
};
};
};
config = mkIf cfg.enable {
jobs.fuppesd = {
description = "UPnP A/V Media Server. (${cfg.name})";
startOn = "ip-up";
daemonType = "fork";
exec = ''/var/setuid-wrappers/sudo -u ${cfg.user} -- ${pkgs.fuppes}/bin/fuppesd --friendly-name ${cfg.name} --log-level ${toString cfg.log.level} --log-file ${cfg.log.file} --config-file ${cfg.config} --vfolder-config-file ${cfg.vfolder} --database-file ${cfg.database}'';
};
services.fuppesd.name = mkDefault config.networking.hostName;
services.fuppesd.vfolder = mkDefault ./fuppes/vfolder.cfg;
security.sudo.enable = true;
};
}

155
nixos/modules/services/audio/fuppes/vfolder.cfg
View File

@ -1,155 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<fuppes_vfolder_config version="0.2">
<vfolder_layout device="default" enabled="false">
<vfolder name="Genre">
<vfolders property="genre">
<items type="audioItem" />
</vfolders>
</vfolder>
<vfolder name="Genre/Artists">
<vfolders property="genre">
<vfolders property="artist">
<items type="audioItem" />
</vfolders>
</vfolders>
</vfolder>
<vfolder name="Artists/Albums">
<vfolders property="artist">
<vfolders property="album">
<items type="audioItem" />
</vfolders>
</vfolders>
</vfolder>
<vfolder name="ABC/Artists/Albums">
<vfolders split="ABC">
<vfolders property="artist">
<vfolders property="album">
<items type="audioItem" />
</vfolders>
</vfolders>
</vfolders>
</vfolder>
<vfolder name="Photos">
<vfolder name="All">
<items type="imageItem" />
</vfolder>
<vfolder name="Folders">
<folders filter="contains(imageItem)" />
</vfolder>
</vfolder>
<vfolder name="Videos">
<vfolder name="All">
<items type="videoItem" />
</vfolder>
<vfolder name="Folders">
<folders filter="contains(videoItem)" />
</vfolder>
</vfolder>
<vfolder name="shared dirs">
<shared_dirs full_extend="true" />
</vfolder>
</vfolder_layout>
<vfolder_layout device="Xbox 360" enabled="false">
<vfolder name="Music" id="1">
<vfolder name="Album" id="7">
<vfolders property="album">
<items type="audioItem" />
</vfolders>
</vfolder>
<vfolder name="All Music" id="4">
<items type="audioItem" />
</vfolder>
<vfolder name="Artist" id="6">
<vfolders property="artist">
<items type="audioItem" />
</vfolders>
</vfolder>
<vfolder name="Folders" id="20">
<folders filter="contains(audioItem)" />
</vfolder>
<vfolder name="Genre" id="5">
<vfolders property="genre">
<items type="audioItem" />
</vfolders>
</vfolder>
<vfolder name="Playlist" id="15" />
</vfolder>
<vfolder name="Pictures" id="3">
<vfolder name="Album" id="13" />
<vfolder name="All Pictures" id="11">
<items type="imageItem" />
</vfolder>
<vfolder name="Date Taken" id="12" />
<vfolder name="Folders" id="22">
<folders filter="contains(imageItem)" />
</vfolder>
</vfolder>
<vfolder name="Playlists" id="18">
<vfolder name="All Playlists" id="19" />
<vfolder name="Folders" id="23" />
</vfolder>
<vfolder name="Video" id="2">
<vfolder name="Actor" id="10" />
<vfolder name="Album" id="14" />
<vfolder name="All Video" id="8">
<items type="videoItem" />
</vfolder>
<vfolder name="Folders" id="21">
<folders filter="contains(videoItem)" />
</vfolder>
<vfolder name="Genre" id="9" />
</vfolder>
</vfolder_layout>
<vfolder_layout device="Yamaha" enabled="false" create_references="true" >
<vfolder name="Playlists" />
<vfolder name="Artists">
<vfolders property="artist">
<items type="audioItem" />
</vfolders>
</vfolder>
<vfolder name="Albums">
<vfolders property="album">
<items type="audioItem" />
</vfolders>
</vfolder>
<vfolder name="Songs">
<items type="audioItem" />
</vfolder>
<vfolder name="Genres">
<vfolders property="genre">
<items type="audioItem" />
</vfolders>
</vfolder>
</vfolder_layout>
</fuppes_vfolder_config>

4
nixos/modules/services/audio/mpd.nix
View File

@ -18,7 +18,7 @@ let
user "${cfg.user}"
group "${cfg.group}"
${optionalString (cfg.network.host != "any") ''bind_to_address "${cfg.network.host}"''}
${optionalString (cfg.network.listenAddress != "any") ''bind_to_address "${cfg.network.listenAddress}"''}
${optionalString (cfg.network.port != 6600) ''port "${toString cfg.network.port}"''}
${cfg.extraConfig}
@ -75,7 +75,7 @@ in {
network = {
host = mkOption {
listenAddress = mkOption {
default = "any";
description = ''
This setting sets the address for the daemon to listen on. Careful attention

15
nixos/modules/services/backup/tarsnap.nix
View File

@ -242,9 +242,16 @@ in
systemd.services."tarsnap@" = {
description = "Tarsnap archive '%i'";
requires = [ "network.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [ pkgs.tarsnap pkgs.coreutils ];
path = [ pkgs.iputils pkgs.tarsnap pkgs.coreutils ];
# In order for the persistent tarsnap timer to work reliably, we have to
# make sure that the tarsnap server is reachable after systemd starts up
# the service - therefore we sleep in a loop until we can ping the
# endpoint.
preStart = "while ! ping -q -c 1 betatest-server.tarsnap.com &> /dev/null; do sleep 3; done";
scriptArgs = "%i";
script = ''
mkdir -p -m 0755 ${dirOf cfg.cachedir}
@ -259,11 +266,15 @@ in
IOSchedulingClass = "idle";
NoNewPrivileges = "true";
CapabilityBoundingSet = "CAP_DAC_READ_SEARCH";
PermissionsStartOnly = "true";
};
};
# Note: the timer must be Persistent=true, so that systemd will start it even
# if e.g. your laptop was asleep while the latest interval occurred.
systemd.timers = mapAttrs' (name: cfg: nameValuePair "tarsnap@${name}"
{ timerConfig.OnCalendar = cfg.period;
timerConfig.Persistent = "true";
wantedBy = [ "timers.target" ];
}) cfg.archives;

8
nixos/modules/services/databases/4store-endpoint.nix
View File

@ -60,11 +60,9 @@ with lib;
services.avahi.enable = true;
jobs.fourStoreEndpoint = {
name = "4store-endpoint";
startOn = "ip-up";
exec = ''
systemd.services."4store-endpoint" = {
wantedBy = [ "ip-up.target" ];
script = ''
${run} '${pkgs.rdf4store}/bin/4s-httpd -D ${cfg.options} ${if cfg.listenAddress!=null then "-H ${cfg.listenAddress}" else "" } -p ${toString cfg.port} ${cfg.database}'
'';
};

9
nixos/modules/services/databases/4store.nix
View File

@ -52,9 +52,8 @@ with lib;
services.avahi.enable = true;
jobs.fourStore = {
name = "4store";
startOn = "ip-up";
systemd.services."4store" = {
wantedBy = [ "ip-up.target" ];
preStart = ''
mkdir -p ${stateDir}/
@ -64,11 +63,9 @@ with lib;
fi
'';
exec = ''
script = ''
${run} -c '${pkgs.rdf4store}/bin/4s-backend -D ${cfg.options} ${cfg.database}'
'';
};
};
}

4
nixos/modules/services/databases/neo4j.nix
View File

@ -7,7 +7,7 @@ let
serverConfig = pkgs.writeText "neo4j-server.properties" ''
org.neo4j.server.database.location=${cfg.dataDir}/data/graph.db
org.neo4j.server.webserver.address=${cfg.host}
org.neo4j.server.webserver.address=${cfg.listenAddress}
org.neo4j.server.webserver.port=${toString cfg.port}
${optionalString cfg.enableHttps ''
org.neo4j.server.webserver.https.enabled=true
@ -52,7 +52,7 @@ in {
type = types.package;
};
host = mkOption {
listenAddress = mkOption {
description = "Neo4j listen address.";
default = "127.0.0.1";
type = types.str;

4
nixos/modules/services/databases/postgresql.nix
View File

@ -122,8 +122,8 @@ in
example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }).v_2_1_4 ]";
description = ''
When this list contains elements a new store path is created.
PostgreSQL and the elments are symlinked into it. Then pg_config,
postgres and pc_ctl are copied to make them use the new
PostgreSQL and the elements are symlinked into it. Then pg_config,
postgres and pg_ctl are copied to make them use the new
$out/lib directory as pkglibdir. This makes it possible to use postgis
without patching the .sql files which reference $libdir/postgis-1.5.
'';

25
nixos/modules/services/databases/virtuoso.nix
View File

@ -29,20 +29,20 @@ with lib;
};
listenAddress = mkOption {
default = "1111";
example = "myserver:1323";
default = "1111";
example = "myserver:1323";
description = "ip:port or port to listen on.";
};
httpListenAddress = mkOption {
default = null;
example = "myserver:8080";
default = null;
example = "myserver:8080";
description = "ip:port or port for Virtuoso HTTP server to listen on.";
};
dirsAllowed = mkOption {
default = null;
example = "/www, /home/";
default = null;
example = "/www, /home/";
description = "A list of directories Virtuoso is allowed to access";
};
};
@ -61,18 +61,17 @@ with lib;
home = stateDir;
};
jobs.virtuoso = {
name = "virtuoso";
startOn = "ip-up";
systemd.services.virtuoso = {
wantedBy = [ "ip-up.target" ];
preStart = ''
mkdir -p ${stateDir}
chown ${virtuosoUser} ${stateDir}
mkdir -p ${stateDir}
chown ${virtuosoUser} ${stateDir}
'';
script = ''
cd ${stateDir}
${pkgs.virtuoso}/bin/virtuoso-t +foreground +configfile ${pkgs.writeText "virtuoso.ini" cfg.config}
cd ${stateDir}
${pkgs.virtuoso}/bin/virtuoso-t +foreground +configfile ${pkgs.writeText "virtuoso.ini" cfg.config}
'';
};

4
nixos/modules/services/games/ghost-one.nix
View File

@ -78,8 +78,8 @@ in
bot_replaypath = replays
'';
jobs.ghostOne = {
name = "ghost-one";
systemd.services."ghost-one" = {
wantedBy = [ "multi-user.target" ];
script = ''
mkdir -p ${stateDir}
cd ${stateDir}

26
nixos/modules/services/hardware/acpid.nix
View File

@ -98,22 +98,26 @@ in
config = mkIf config.services.acpid.enable {
jobs.acpid =
{ description = "ACPI Daemon";
systemd.services.acpid = {
description = "ACPI Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
path = [ pkgs.acpid ];
path = [ pkgs.acpid ];
daemonType = "fork";
exec = "acpid --confdir ${acpiConfDir}";
unitConfig.ConditionVirtualization = "!systemd-nspawn";
unitConfig.ConditionPathExists = [ "/proc/acpi" ];
serviceConfig = {
Type = "forking";
};
unitConfig = {
ConditionVirtualization = "!systemd-nspawn";
ConditionPathExists = [ "/proc/acpi" ];
};
script = "acpid --confdir ${acpiConfDir}";
};
};
}

30
nixos/modules/services/hardware/irqbalance.nix Normal file
View File

@ -0,0 +1,30 @@
#
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.irqbalance;
in
{
options.services.irqbalance.enable = mkEnableOption "irqbalance daemon";
config = mkIf cfg.enable {
systemd.services = {
irqbalance = {
description = "irqbalance daemon";
path = [ pkgs.irqbalance ];
serviceConfig =
{ ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground"; };
wantedBy = [ "multi-user.target" ];
};
};
environment.systemPackages = [ pkgs.irqbalance ];
};
}

15
nixos/modules/services/hardware/pommed.nix
View File

@ -35,18 +35,13 @@ with lib;
services.dbus.packages = [ pkgs.pommed ];
jobs.pommed = { name = "pommed";
systemd.services.pommed = {
description = "Pommed hotkey management";
startOn = "started dbus";
wantedBy = [ "multi-user.target" ];
after = [ "dbus.service" ];
postStop = "rm -f /var/run/pommed.pid";
exec = "${pkgs.pommed}/bin/pommed";
daemonType = "fork";
script = "${pkgs.pommed}/bin/pommed";
serviceConfig.Type = "forking";
path = [ pkgs.eject ];
};
};

25
nixos/modules/services/logging/klogd.nix
View File

@ -24,21 +24,14 @@ with lib;
###### implementation
config = mkIf config.services.klogd.enable {
jobs.klogd =
{ description = "Kernel Log Daemon";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.sysklogd ];
unitConfig.ConditionVirtualization = "!systemd-nspawn";
exec =
"klogd -c 1 -2 -n " +
"-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";
};
systemd.services.klogd = {
description = "Kernel Log Daemon";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.sysklogd ];
unitConfig.ConditionVirtualization = "!systemd-nspawn";
script =
"klogd -c 1 -2 -n " +
"-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";
};
};
}

147
nixos/modules/services/mail/dspam.nix Normal file
View File

@ -0,0 +1,147 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.dspam;
dspam = pkgs.dspam;
defaultSock = "/run/dspam/dspam.sock";
cfgfile = pkgs.writeText "dspam.conf" ''
Home /var/lib/dspam
StorageDriver ${dspam}/lib/dspam/lib${cfg.storageDriver}_drv.so
Trust root
Trust ${cfg.user}
SystemLog on
UserLog on
${optionalString (cfg.domainSocket != null) ''ServerDomainSocketPath "${cfg.domainSocket}"''}
${cfg.extraConfig}
'';
in {
###### interface
options = {
services.dspam = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the dspam spam filter.";
};
user = mkOption {
type = types.str;
default = "dspam";
description = "User for the dspam daemon.";
};
group = mkOption {
type = types.str;
default = "dspam";
description = "Group for the dspam daemon.";
};
storageDriver = mkOption {
type = types.str;
default = "hash";
description = "Storage driver backend to use for dspam.";
};
domainSocket = mkOption {
type = types.nullOr types.path;
default = defaultSock;
description = "Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Additional dspam configuration.";
};
maintenanceInterval = mkOption {
type = types.nullOr types.str;
default = null;
description = "If set, maintenance script will be run at specified (in systemd.timer format) interval";
};
};
};
###### implementation
config = mkIf cfg.enable (mkMerge [
{
users.extraUsers = optionalAttrs (cfg.user == "dspam") (singleton
{ name = "dspam";
group = cfg.group;
uid = config.ids.uids.dspam;
});
users.extraGroups = optionalAttrs (cfg.group == "dspam") (singleton
{ name = "dspam";
gid = config.ids.gids.dspam;
});
environment.systemPackages = [ dspam ];
environment.etc."dspam/dspam.conf".source = cfgfile;
systemd.services.dspam = {
description = "dspam spam filtering daemon";
wantedBy = [ "multi-user.target" ];
restartTriggers = [ cfgfile ];
serviceConfig = {
ExecStart = "${dspam}/bin/dspam --daemon --nofork";
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = optional (cfg.domainSocket == defaultSock) "dspam";
PermissionsStartOnly = true;
};
preStart = ''
mkdir -m750 -p /var/lib/dspam
chown -R "${cfg.user}:${cfg.group}" /var/lib/dspam
mkdir -m750 -p /var/log/dspam
chown -R "${cfg.user}:${cfg.group}" /var/log/dspam
'';
};
}
(mkIf (cfg.maintenanceInterval != null) {
systemd.timers.dspam-maintenance = {
description = "Timer for dspam maintenance script";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.maintenanceInterval;
Unit = "dspam-maintenance.service";
};
};
systemd.services.dspam-maintenance = {
description = "dspam maintenance script";
restartTriggers = [ cfgfile ];
serviceConfig = {
ExecStart = "${dspam}/bin/dspam_maintenance";
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
};
})
]);
}

17
nixos/modules/services/mail/freepops.nix
View File

@ -72,15 +72,16 @@ in
};
config = mkIf cfg.enable {
jobs.freepopsd = {
systemd.services.freepopsd = {
description = "Freepopsd (webmail over POP3)";
startOn = "ip-up";
exec = ''${pkgs.freepops}/bin/freepopsd \
-p ${toString cfg.port} \
-t ${toString cfg.threads} \
-b ${cfg.bind} \
-vv -l ${cfg.logFile} \
-s ${cfg.suid.user}.${cfg.suid.group}
wantedBy = [ "ip-up.target" ];
script = ''
${pkgs.freepops}/bin/freepopsd \
-p ${toString cfg.port} \
-t ${toString cfg.threads} \
-b ${cfg.bind} \
-vv -l ${cfg.logFile} \
-s ${cfg.suid.user}.${cfg.suid.group}
'';
};
};

109
nixos/modules/services/mail/opendkim.nix Normal file
View File

@ -0,0 +1,109 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.opendkim;
defaultSock = "local:/run/opendkim/opendkim.sock";
args = [ "-f" "-l"
"-p" cfg.socket
"-d" cfg.domains
"-k" cfg.keyFile
"-s" cfg.selector
] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ];
in {
###### interface
options = {
services.opendkim = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the OpenDKIM sender authentication system.";
};
socket = mkOption {
type = types.str;
default = defaultSock;
description = "Socket which is used for communication with OpenDKIM.";
};
user = mkOption {
type = types.str;
default = "opendkim";
description = "User for the daemon.";
};
group = mkOption {
type = types.str;
default = "opendkim";
description = "Group for the daemon.";
};
domains = mkOption {
type = types.str;
description = "Local domains set; messages from them are signed, not verified.";
};
keyFile = mkOption {
type = types.path;
description = "Secret key file used for signing messages.";
};
selector = mkOption {
type = types.str;
description = "Selector to use when signing.";
};
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = "Additional opendkim configuration.";
};
};
};
###### implementation
config = mkIf cfg.enable {
services.opendkim.domains = mkDefault "csl:${config.networking.hostName}";
users.extraUsers = optionalAttrs (cfg.user == "opendkim") (singleton
{ name = "opendkim";
group = cfg.group;
uid = config.ids.uids.opendkim;
});
users.extraGroups = optionalAttrs (cfg.group == "opendkim") (singleton
{ name = "opendkim";
gid = config.ids.gids.opendkim;
});
environment.systemPackages = [ pkgs.opendkim ];
systemd.services.opendkim = {
description = "OpenDKIM signing and verification daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.opendkim}/bin/opendkim ${concatMapStringsSep " " escapeShellArg args}";
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
};
};
};
}

221
nixos/modules/services/mail/postfix.nix
View File

@ -9,14 +9,14 @@ let
group = cfg.group;
setgidGroup = cfg.setgidGroup;
haveAliases = cfg.postmasterAlias != "" || cfg.rootAlias != "" || cfg.extraAliases != "";
haveTransport = cfg.transport != "";
haveVirtual = cfg.virtual != "";
mainCf =
''
compatibility_level = 2
queue_directory = /var/postfix/queue
command_directory = ${pkgs.postfix}/sbin
daemon_directory = ${pkgs.postfix}/libexec/postfix
mail_owner = ${user}
default_privs = nobody
@ -57,8 +57,6 @@ let
else
"[" + cfg.relayHost + "]"}
alias_maps = hash:/var/postfix/conf/aliases
mail_spool_directory = /var/spool/mail/
setgid_group = ${setgidGroup}
@ -80,7 +78,13 @@ let
+ optionalString (cfg.recipientDelimiter != "") ''
recipient_delimiter = ${cfg.recipientDelimiter}
''
+ optionalString (cfg.virtual != "") ''
+ optionalString haveAliases ''
alias_maps = hash:/etc/postfix/aliases
''
+ optionalString haveTransport ''
transport_maps = hash:/etc/postfix/transport
''
+ optionalString haveVirtual ''
virtual_alias_maps = hash:/etc/postfix/virtual
''
+ cfg.extraConfig;
@ -108,10 +112,14 @@ let
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
''
+ optionalString cfg.enableSmtp ''
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
''
+ ''
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
@ -138,6 +146,7 @@ let
virtualFile = pkgs.writeText "postfix-virtual" cfg.virtual;
mainCfFile = pkgs.writeText "postfix-main.cf" mainCf;
masterCfFile = pkgs.writeText "postfix-master.cf" masterCf;
transportFile = pkgs.writeText "postfix-transport" cfg.transport;
in
@ -150,26 +159,36 @@ in
services.postfix = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to run the Postfix mail server.";
};
enableSmtp = mkOption {
default = true;
description = "Whether to enable smtp in master.cf.";
};
setSendmail = mkOption {
type = types.bool;
default = true;
description = "Whether to set the system sendmail to postfix's.";
};
user = mkOption {
type = types.str;
default = "postfix";
description = "What to call the Postfix user (must be used only for postfix).";
};
group = mkOption {
type = types.str;
default = "postfix";
description = "What to call the Postfix group (must be used only for postfix).";
};
setgidGroup = mkOption {
type = types.str;
default = "postdrop";
description = "
How to call postfix setgid group (for postdrop). Should
@ -178,6 +197,7 @@ in
};
networks = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
example = ["192.168.0.1/24"];
description = "
@ -188,6 +208,7 @@ in
};
networksStyle = mkOption {
type = types.str;
default = "";
description = "
Name of standard way of trusted network specification to use,
@ -197,6 +218,7 @@ in
};
hostname = mkOption {
type = types.str;
default = "";
description ="
Hostname to use. Leave blank to use just the hostname of machine.
@ -205,6 +227,7 @@ in
};
domain = mkOption {
type = types.str;
default = "";
description ="
Domain to use. Leave blank to use hostname minus first component.
@ -212,6 +235,7 @@ in
};
origin = mkOption {
type = types.str;
default = "";
description ="
Origin to use in outgoing e-mail. Leave blank to use hostname.
@ -219,6 +243,7 @@ in
};
destination = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
example = ["localhost"];
description = "
@ -228,6 +253,7 @@ in
};
relayDomains = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
example = ["localdomain"];
description = "
@ -236,6 +262,7 @@ in
};
relayHost = mkOption {
type = types.str;
default = "";
description = "
Mail relay for outbound mail.
@ -243,6 +270,7 @@ in
};
lookupMX = mkOption {
type = types.bool;
default = false;
description = "
Whether relay specified is just domain whose MX must be used.
@ -250,11 +278,13 @@ in
};
postmasterAlias = mkOption {
type = types.str;
default = "root";
description = "Who should receive postmaster e-mail.";
};
rootAlias = mkOption {
type = types.str;
default = "";
description = "
Who should receive root e-mail. Blank for no redirection.
@ -262,6 +292,7 @@ in
};
extraAliases = mkOption {
type = types.lines;
default = "";
description = "
Additional entries to put verbatim into aliases file, cf. man-page aliases(8).
@ -269,6 +300,7 @@ in
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "
Extra lines to be added verbatim to the main.cf configuration file.
@ -276,21 +308,25 @@ in
};
sslCert = mkOption {
type = types.str;
default = "";
description = "SSL certificate to use.";
};
sslCACert = mkOption {
type = types.str;
default = "";
description = "SSL certificate of CA.";
};
sslKey = mkOption {
type = types.str;
default = "";
description = "SSL key to use.";
};
recipientDelimiter = mkOption {
type = types.str;
default = "";
example = "+";
description = "
@ -299,18 +335,39 @@ in
};
virtual = mkOption {
type = types.lines;
default = "";
description = "
Entries for the virtual alias map, cf. man-page virtual(8).
";
};
transport = mkOption {
default = "";
description = "
Entries for the transport map, cf. man-page transport(8).
";
};
extraMasterConf = mkOption {
type = types.lines;
default = "";
example = "submission inet n - n - - smtpd";
description = "Extra lines to append to the generated master.cf file.";
};
aliasFiles = mkOption {
type = types.attrsOf types.path;
default = {};
description = "Aliases' tables to be compiled and placed into /var/lib/postfix/conf.";
};
mapFiles = mkOption {
type = types.attrsOf types.path;
default = {};
description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
};
};
};
@ -318,90 +375,104 @@ in
###### implementation
config = mkIf config.services.postfix.enable {
config = mkIf config.services.postfix.enable (mkMerge [
{
environment = {
etc = singleton
{ source = "/var/postfix/conf";
target = "postfix";
};
environment = {
etc = singleton
{ source = "/var/lib/postfix/conf";
target = "postfix";
};
# This makes comfortable for root to run 'postqueue' for example.
systemPackages = [ pkgs.postfix ];
};
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail";
owner = "nobody";
group = "postdrop";
setuid = false;
setgid = true;
};
users.extraUsers = singleton
{ name = user;
description = "Postfix mail server user";
uid = config.ids.uids.postfix;
group = group;
# This makes comfortable for root to run 'postqueue' for example.
systemPackages = [ pkgs.postfix ];
};
users.extraGroups =
[ { name = group;
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail";
group = setgidGroup;
setuid = false;
setgid = true;
};
users.extraUsers = optional (user == "postfix")
{ name = "postfix";
description = "Postfix mail server user";
uid = config.ids.uids.postfix;
group = group;
};
users.extraGroups =
optional (group == "postfix")
{ name = group;
gid = config.ids.gids.postfix;
}
++ optional (setgidGroup == "postdrop")
{ name = setgidGroup;
gid = config.ids.gids.postdrop;
}
];
systemd.services.postfix =
{ description = "Postfix mail server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/postfix/queue/pid/master.pid";
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
systemd.services.postfix =
{ description = "Postfix mail server";
${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix
${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue
${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
${pkgs.coreutils}/bin/chown root:root /var/spool/mail
${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [ pkgs.postfix ];
ln -sf ${pkgs.postfix}/etc/postfix/postfix-files /var/postfix/conf
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/lib/postfix/queue/pid/master.pid";
ExecStart = "${pkgs.postfix}/bin/postfix start";
ExecStop = "${pkgs.postfix}/bin/postfix stop";
ExecReload = "${pkgs.postfix}/bin/postfix reload";
};
ln -sf ${aliasesFile} /var/postfix/conf/aliases
ln -sf ${virtualFile} /var/postfix/conf/virtual
ln -sf ${mainCfFile} /var/postfix/conf/main.cf
ln -sf ${masterCfFile} /var/postfix/conf/master.cf
preStart = ''
# Backwards compatibility
if [ ! -d /var/lib/postfix ] && [ -d /var/postfix ]; then
mkdir -p /var/lib
mv /var/postfix /var/lib/postfix
fi
mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop}
${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases
${pkgs.postfix}/sbin/postmap -c /var/postfix/conf /var/postfix/conf/virtual
'';
chown -R ${user}:${group} /var/lib/postfix
chown root /var/lib/postfix/queue
chown root /var/lib/postfix/queue/pid
chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop}
chmod 770 /var/lib/postfix/queue/{public,maildrop}
script = ''
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start
'';
rm -rf /var/lib/postfix/conf
mkdir -p /var/lib/postfix/conf
ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf
ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf
${concatStringsSep "\n" (mapAttrsToList (to: from: ''
ln -sf ${from} /var/lib/postfix/conf/${to}
postalias /var/lib/postfix/conf/${to}
'') cfg.aliasFiles)}
${concatStringsSep "\n" (mapAttrsToList (to: from: ''
ln -sf ${from} /var/lib/postfix/conf/${to}
postmap /var/lib/postfix/conf/${to}
'') cfg.mapFiles)}
reload = ''
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf reload
'';
mkdir -p /var/spool/mail
chown root:root /var/spool/mail
chmod a+rwxt /var/spool/mail
ln -sf /var/spool/mail /var/
'';
};
}
preStop = ''
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf stop
'';
};
};
(mkIf haveAliases {
services.postfix.aliasFiles."aliases" = aliasesFile;
})
(mkIf haveTransport {
services.postfix.mapFiles."transport" = transportFile;
})
(mkIf haveVirtual {
services.postfix.mapFiles."virtual" = virtualFile;
})
]);
}

107
nixos/modules/services/mail/postsrsd.nix Normal file
View File

@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.postsrsd;
in {
###### interface
options = {
services.postsrsd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the postsrsd SRS server for Postfix.";
};
domain = mkOption {
type = types.str;
description = "Domain name for rewrite";
};
secretsFile = mkOption {
type = types.path;
default = "/var/lib/postsrsd/postsrsd.secret";
description = "Secret keys used for signing and verification";
};
forwardPort = mkOption {
type = types.int;
default = 10001;
description = "Port for the forward SRS lookup";
};
reversePort = mkOption {
type = types.int;
default = 10002;
description = "Port for the reverse SRS lookup";
};
user = mkOption {
type = types.str;
default = "postsrsd";
description = "User for the daemon";
};
group = mkOption {
type = types.str;
default = "postsrsd";
description = "Group for the daemon";
};
};
};
###### implementation
config = mkIf cfg.enable {
services.postsrsd.domain = mkDefault config.networking.hostName;
users.extraUsers = optionalAttrs (cfg.user == "postsrsd") (singleton
{ name = "postsrsd";
group = cfg.group;
uid = config.ids.uids.postsrsd;
});
users.extraGroups = optionalAttrs (cfg.group == "postsrsd") (singleton
{ name = "postsrsd";
gid = config.ids.gids.postsrsd;
});
systemd.services.postsrsd = {
description = "PostSRSd SRS rewriting server";
after = [ "network.target" ];
before = [ "postfix.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.coreutils ];
serviceConfig = {
ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -f${toString cfg.forwardPort} -r${toString cfg.reversePort}'';
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
};
preStart = ''
if [ ! -e "${cfg.secretsFile}" ]; then
echo "WARNING: secrets file not found, autogenerating!"
mkdir -p -m750 "$(dirname "${cfg.secretsFile}")"
dd if=/dev/random bs=18 count=1 | base64 > "${cfg.secretsFile}"
chmod 600 "${cfg.secretsFile}"
fi
chown "${cfg.user}:${cfg.group}" "${cfg.secretsFile}"
'';
};
};
}

6
nixos/modules/services/mail/spamassassin.nix
View File

@ -50,15 +50,13 @@ in
gid = config.ids.gids.spamd;
};
jobs.spamd = {
systemd.services.spamd = {
description = "Spam Assassin Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --nouser-config --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid";
script = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --nouser-config --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid";
};
};
}

15
nixos/modules/services/misc/dictd.nix
View File

@ -51,13 +51,12 @@ with lib;
gid = config.ids.gids.dictd;
};
jobs.dictd =
{ description = "DICT.org Dictionary Server";
startOn = "startup";
environment = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; };
daemonType = "fork";
exec = "${pkgs.dict}/sbin/dictd -s -c ${dictdb}/share/dictd/dictd.conf --locale en_US.UTF-8";
};
systemd.services.dictd = {
description = "DICT.org Dictionary Server";
wantedBy = [ "multi-user.target" ];
environment = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; };
serviceConfig.Type = "forking";
script = "${pkgs.dict}/sbin/dictd -s -c ${dictdb}/share/dictd/dictd.conf --locale en_US.UTF-8";
};
};
}

104
nixos/modules/services/misc/disnix.nix
View File

@ -91,7 +91,7 @@ in
( { hostname = config.networking.hostName;
#targetHost = config.deployment.targetHost;
system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system;
supportedTypes = (import "${pkgs.stdenv.mkDerivation {
name = "supportedtypes";
buildCommand = ''
@ -117,63 +117,61 @@ in
services.disnix.publishInfrastructure.enable = cfg.publishAvahi;
jobs = {
disnix =
{ description = "Disnix server";
wants = [ "dysnomia.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "dbus.service" ]
++ optional config.services.httpd.enable "httpd.service"
++ optional config.services.mysql.enable "mysql.service"
++ optional config.services.postgresql.enable "postgresql.service"
++ optional config.services.tomcat.enable "tomcat.service"
++ optional config.services.svnserve.enable "svnserve.service"
++ optional config.services.mongodb.enable "mongodb.service";
systemd.services = {
disnix = {
description = "Disnix server";
wants = [ "dysnomia.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "dbus.service" ]
++ optional config.services.httpd.enable "httpd.service"
++ optional config.services.mysql.enable "mysql.service"
++ optional config.services.postgresql.enable "postgresql.service"
++ optional config.services.tomcat.enable "tomcat.service"
++ optional config.services.svnserve.enable "svnserve.service"
++ optional config.services.mongodb.enable "mongodb.service";
restartIfChanged = false;
path = [ pkgs.nix pkgs.disnix dysnomia "/run/current-system/sw" ];
environment = {
HOME = "/root";
};
preStart = ''
mkdir -p /etc/systemd-mutable/system
if [ ! -f /etc/systemd-mutable/system/dysnomia.target ]
then
( echo "[Unit]"
echo "Description=Services that are activated and deactivated by Dysnomia"
echo "After=final.target"
) > /etc/systemd-mutable/system/dysnomia.target
fi
'';
restartIfChanged = false;
exec = "disnix-service";
path = [ pkgs.nix pkgs.disnix dysnomia "/run/current-system/sw" ];
environment = {
HOME = "/root";
};
preStart = ''
mkdir -p /etc/systemd-mutable/system
if [ ! -f /etc/systemd-mutable/system/dysnomia.target ]
then
( echo "[Unit]"
echo "Description=Services that are activated and deactivated by Dysnomia"
echo "After=final.target"
) > /etc/systemd-mutable/system/dysnomia.target
fi
'';
script = "disnix-service";
};
} // optionalAttrs cfg.publishAvahi {
disnixAvahi =
{ description = "Disnix Avahi publisher";
disnixAvahi = {
description = "Disnix Avahi publisher";
wants = [ "avahi-daemon.service" ];
wantedBy = [ "multi-user.target" ];
startOn = "started avahi-daemon";
exec =
''
${pkgs.avahi}/bin/avahi-publish-service disnix-${config.networking.hostName} _disnix._tcp 22 \
"mem=$(grep 'MemTotal:' /proc/meminfo | sed -e 's/kB//' -e 's/MemTotal://' -e 's/ //g')" \
${concatMapStrings (infrastructureAttrName:
let infrastructureAttrValue = getAttr infrastructureAttrName (cfg.infrastructure);
in
if isInt infrastructureAttrValue then
''${infrastructureAttrName}=${toString infrastructureAttrValue} \
''
else
''${infrastructureAttrName}=\"${infrastructureAttrValue}\" \
''
) (attrNames (cfg.infrastructure))}
'';
};
script = ''
${pkgs.avahi}/bin/avahi-publish-service disnix-${config.networking.hostName} _disnix._tcp 22 \
"mem=$(grep 'MemTotal:' /proc/meminfo | sed -e 's/kB//' -e 's/MemTotal://' -e 's/ //g')" \
${concatMapStrings (infrastructureAttrName:
let infrastructureAttrValue = getAttr infrastructureAttrName (cfg.infrastructure);
in
if isInt infrastructureAttrValue then
''${infrastructureAttrName}=${toString infrastructureAttrValue} \
''
else
''${infrastructureAttrName}=\"${infrastructureAttrValue}\" \
''
) (attrNames (cfg.infrastructure))}
'';
};
};
};
}

6
nixos/modules/services/misc/docker-registry.nix
View File

@ -15,7 +15,7 @@ in {
type = types.bool;
};
host = mkOption {
listenAddress = mkOption {
description = "Docker registry host or ip to bind to.";
default = "127.0.0.1";
type = types.str;
@ -50,7 +50,7 @@ in {
after = [ "network.target" ];
environment = {
REGISTRY_HOST = cfg.host;
REGISTRY_HOST = cfg.listenAddress;
REGISTRY_PORT = toString cfg.port;
GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy
STORAGE_PATH = cfg.storagePath;
@ -65,7 +65,7 @@ in {
};
postStart = ''
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do
sleep 1;
done
'';

83
nixos/modules/services/misc/felix.nix
View File

@ -57,54 +57,51 @@ in
home = "/homeless-shelter";
};
jobs.felix =
{ description = "Felix server";
systemd.services.felix = {
description = "Felix server";
wantedBy = [ "multi-user.target" ];
preStart =
''
# Initialise felix instance on first startup
if [ ! -d /var/felix ]
then
# Symlink system files
preStart = ''
# Initialise felix instance on first startup
if [ ! -d /var/felix ]
then
# Symlink system files
mkdir -p /var/felix
chown ${cfg.user}:${cfg.group} /var/felix
mkdir -p /var/felix
chown ${cfg.user}:${cfg.group} /var/felix
for i in ${pkgs.felix}/*
do
if [ "$i" != "${pkgs.felix}/bundle" ]
then
ln -sfn $i /var/felix/$(basename $i)
fi
done
for i in ${pkgs.felix}/*
do
if [ "$i" != "${pkgs.felix}/bundle" ]
then
ln -sfn $i /var/felix/$(basename $i)
fi
done
# Symlink bundles
mkdir -p /var/felix/bundle
chown ${cfg.user}:${cfg.group} /var/felix/bundle
# Symlink bundles
mkdir -p /var/felix/bundle
chown ${cfg.user}:${cfg.group} /var/felix/bundle
for i in ${pkgs.felix}/bundle/* ${toString cfg.bundles}
do
if [ -f $i ]
then
ln -sfn $i /var/felix/bundle/$(basename $i)
elif [ -d $i ]
then
for j in $i/bundle/*
do
ln -sfn $j /var/felix/bundle/$(basename $j)
done
fi
done
fi
'';
script =
''
cd /var/felix
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c '${pkgs.jre}/bin/java -jar bin/felix.jar'
'';
};
for i in ${pkgs.felix}/bundle/* ${toString cfg.bundles}
do
if [ -f $i ]
then
ln -sfn $i /var/felix/bundle/$(basename $i)
elif [ -d $i ]
then
for j in $i/bundle/*
do
ln -sfn $j /var/felix/bundle/$(basename $j)
done
fi
done
fi
'';
script = ''
cd /var/felix
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c '${pkgs.jre}/bin/java -jar bin/felix.jar'
'';
};
};
}

32
nixos/modules/services/misc/folding-at-home.nix
View File

@ -49,26 +49,20 @@ in {
home = stateDir;
};
jobs.foldingAtHome =
{ name = "foldingathome";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
preStart =
''
mkdir -m 0755 -p ${stateDir}
chown ${fahUser} ${stateDir}
cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg
'';
exec = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'";
};
services.foldingAtHome.config = ''
[settings]
username=${cfg.nickname}
systemd.services.foldingathome = {
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${fahUser} ${stateDir}
cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg
'';
script = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'";
};
services.foldingAtHome.config = ''
[settings]
username=${cfg.nickname}
'';
};
}

4
nixos/modules/services/misc/subsonic.nix
View File

@ -21,7 +21,7 @@ in
'';
};
host = mkOption {
listenAddress = mkOption {
type = types.string;
default = "0.0.0.0";
description = ''
@ -115,7 +115,7 @@ in
ExecStart = ''
${pkgs.jre}/bin/java -Xmx${toString cfg.maxMemory}m \
-Dsubsonic.home=${cfg.home} \
-Dsubsonic.host=${cfg.host} \
-Dsubsonic.host=${cfg.listenAddress} \
-Dsubsonic.port=${toString cfg.port} \
-Dsubsonic.httpsPort=${toString cfg.httpsPort} \
-Dsubsonic.contextPath=${cfg.contextPath} \

10
nixos/modules/services/misc/svnserve.nix
View File

@ -34,13 +34,11 @@ in
###### implementation
config = mkIf cfg.enable {
jobs.svnserve = {
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
systemd.services.svnserve = {
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p ${cfg.svnBaseDir}";
exec = "${pkgs.subversion}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid";
script = "${pkgs.subversion}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid";
};
};
}

6
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -14,7 +14,7 @@ in {
description = "Whether to enable cadvisor service.";
};
host = mkOption {
listenAddress = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Cadvisor listening host";
@ -71,7 +71,7 @@ in {
after = [ "network.target" "docker.service" "influxdb.service" ];
postStart = mkBefore ''
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/containers/'; do
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
sleep 1;
done
'';
@ -79,7 +79,7 @@ in {
serviceConfig = {
ExecStart = ''${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip=${cfg.host} \
-listen_ip=${cfg.listenAddress} \
-port=${toString cfg.port} \
${optionalString (cfg.storageDriver != null) ''
-storage_driver ${cfg.storageDriver} \

12
nixos/modules/services/monitoring/graphite.nix
View File

@ -77,7 +77,7 @@ in {
type = types.bool;
};
host = mkOption {
listenAddress = mkOption {
description = "Graphite web frontend listen address.";
default = "127.0.0.1";
type = types.str;
@ -121,7 +121,7 @@ in {
type = types.listOf types.str;
};
host = mkOption {
listenAddress = mkOption {
description = "Graphite web service listen address.";
default = "127.0.0.1";
type = types.str;
@ -292,7 +292,7 @@ in {
};
graphiteUrl = mkOption {
default = "http://${cfg.web.host}:${toString cfg.web.port}";
default = "http://${cfg.web.listenAddress}:${toString cfg.web.port}";
description = "Host where graphite service runs.";
type = types.str;
};
@ -337,7 +337,7 @@ in {
graphiteUrl = mkOption {
description = "URL to your graphite service.";
default = "http://${cfg.web.host}:${toString cfg.web.port}";
default = "http://${cfg.web.listenAddress}:${toString cfg.web.port}";
type = types.str;
};
@ -452,7 +452,7 @@ in {
serviceConfig = {
ExecStart = ''
${pkgs.python27Packages.waitress}/bin/waitress-serve \
--host=${cfg.web.host} --port=${toString cfg.web.port} \
--host=${cfg.web.listenAddress} --port=${toString cfg.web.port} \
--call django.core.handlers.wsgi:WSGIHandler'';
User = "graphite";
Group = "graphite";
@ -494,7 +494,7 @@ in {
serviceConfig = {
ExecStart = ''
${pkgs.python27Packages.waitress}/bin/waitress-serve \
--host=${cfg.api.host} --port=${toString cfg.api.port} \
--host=${cfg.api.listenAddress} --port=${toString cfg.api.port} \
graphite_api.app:app
'';
User = "graphite";

16
nixos/modules/services/monitoring/monit.nix
View File

@ -19,10 +19,6 @@ in
default = "";
description = "monit.conf content";
};
startOn = mkOption {
default = "started network-interfaces";
description = "What Monit supposes to be already present";
};
};
};
@ -39,14 +35,12 @@ in
}
];
jobs.monit = {
systemd.services.monit = {
description = "Monit system watcher";
startOn = config.services.monit.startOn;
exec = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
respawn = true;
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
serviceConfig.Restart = "always";
};
};
}

4
nixos/modules/services/monitoring/statsd.nix
View File

@ -11,7 +11,7 @@ let
configFile = pkgs.writeText "statsd.conf" ''
{
address: "${cfg.host}",
address: "${cfg.listenAddress}",
port: "${toString cfg.port}",
mgmt_address: "${cfg.mgmt_address}",
mgmt_port: "${toString cfg.mgmt_port}",
@ -48,7 +48,7 @@ in
type = types.bool;
};
host = mkOption {
listenAddress = mkOption {
description = "Address that statsd listens on over UDP";
default = "127.0.0.1";
type = types.str;

29
nixos/modules/services/monitoring/ups.nix
View File

@ -180,31 +180,36 @@ in
environment.systemPackages = [ pkgs.nut ];
jobs.upsmon = {
systemd.services.upsmon = {
description = "Uninterruptible Power Supplies (Monitor)";
startOn = "ip-up";
daemonType = "fork";
exec = ''${pkgs.nut}/sbin/upsmon'';
wantedBy = [ "ip-up.target" ];
serviceConfig.Type = "forking";
script = "${pkgs.nut}/sbin/upsmon";
environment.NUT_CONFPATH = "/etc/nut/";
environment.NUT_STATEPATH = "/var/lib/nut/";
};
jobs.upsd = {
systemd.services.upsd = {
description = "Uninterruptible Power Supplies (Daemon)";
startOn = "started network-interfaces and started upsmon";
daemonType = "fork";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "upsmon.service" ];
serviceConfig.Type = "forking";
# TODO: replace 'root' by another username.
exec = ''${pkgs.nut}/sbin/upsd -u root'';
script = "${pkgs.nut}/sbin/upsd -u root";
environment.NUT_CONFPATH = "/etc/nut/";
environment.NUT_STATEPATH = "/var/lib/nut/";
};
jobs.upsdrv = {
systemd.services.upsdrv = {
description = "Uninterruptible Power Supplies (Register all UPS)";
startOn = "started upsd";
wantedBy = [ "multi-user.target" ];
after = [ "upsd.service" ];
# TODO: replace 'root' by another username.
exec = ''${pkgs.nut}/bin/upsdrvctl -u root start'';
task = true;
script = ''${pkgs.nut}/bin/upsdrvctl -u root start'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
environment.NUT_CONFPATH = "/etc/nut/";
environment.NUT_STATEPATH = "/var/lib/nut/";
};

38
nixos/modules/services/network-filesystems/drbd.nix
View File

@ -31,13 +31,13 @@ let cfg = config.services.drbd; in
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.drbd ];
services.udev.packages = [ pkgs.drbd ];
boot.kernelModules = [ "drbd" ];
@ -52,26 +52,16 @@ let cfg = config.services.drbd; in
target = "drbd.conf";
};
jobs.drbd_up =
{ name = "drbd-up";
startOn = "stopped udevtrigger or ip-up";
task = true;
script =
''
${pkgs.drbd}/sbin/drbdadm up all
'';
};
jobs.drbd_down =
{ name = "drbd-down";
startOn = "starting shutdown";
task = true;
script =
''
${pkgs.drbd}/sbin/drbdadm down all
'';
};
systemd.services.drbd = {
after = [ "systemd-udev.settle.service" ];
wants = [ "systemd-udev.settle.service" ];
wantedBy = [ "ip-up.target" ];
script = ''
${pkgs.drbd}/sbin/drbdadm up all
'';
serviceConfig.ExecStop = ''
${pkgs.drbd}/sbin/drbdadm down all
'';
};
};
}

48
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -72,34 +72,28 @@ in
}
];
jobs.openafsClient =
{ name = "afsd";
systemd.services.afsd = {
description = "AFS client";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
description = "AFS client";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
preStart = ''
mkdir -p -m 0755 /afs
mkdir -m 0700 -p ${cfg.cacheDirectory}
${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb
${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
'';
# Doing this in preStop, because after these commands AFS is basically
# stopped, so systemd has nothing to do, just noticing it. If done in
# postStop, then we get a hang + kernel oops, because AFS can't be
# stopped simply by sending signals to processes.
preStop = ''
${pkgs.utillinux}/bin/umount /afs
${openafsPkgs}/sbin/afsd -shutdown
${pkgs.module_init_tools}/sbin/rmmod libafs
'';
};
preStart = ''
mkdir -p -m 0755 /afs
mkdir -m 0700 -p ${cfg.cacheDirectory}
${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb
${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
'';
# Doing this in preStop, because after these commands AFS is basically
# stopped, so systemd has nothing to do, just noticing it. If done in
# postStop, then we get a hang + kernel oops, because AFS can't be
# stopped simply by sending signals to processes.
preStop = ''
${pkgs.utillinux}/bin/umount /afs
${openafsPkgs}/sbin/afsd -shutdown
${pkgs.module_init_tools}/sbin/rmmod libafs
'';
};
};
}

27
nixos/modules/services/networking/amuled.nix
View File

@ -57,22 +57,19 @@ in
gid = config.ids.gids.amule;
} ];
jobs.amuled =
{ description = "AMule daemon";
systemd.services.amuled = {
description = "AMule daemon";
wantedBy = [ "ip-up.target" ];
startOn = "ip-up";
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${user} ${cfg.dataDir}
'';
exec = ''
${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
-c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled'
'';
};
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${user} ${cfg.dataDir}
'';
script = ''
${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
-c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled'
'';
};
};
}

23
nixos/modules/services/networking/bind.nix
View File

@ -142,20 +142,17 @@ in
description = "BIND daemon user";
};
jobs.bind =
{ description = "BIND name server job";
systemd.services.bind = {
description = "BIND name server job";
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
startOn = "started network-interfaces";
preStart =
''
${pkgs.coreutils}/bin/mkdir -p /var/run/named
chown ${bindUser} /var/run/named
'';
exec = "${pkgs.bind}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p /var/run/named
chown ${bindUser} /var/run/named
'';
script = "${pkgs.bind}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
};
};
}

39
nixos/modules/services/networking/btsync.nix
View File

@ -16,9 +16,10 @@ let
''
"webui":
{
${optionalEmptyStr cfg.httpLogin "\"login\": \"${cfg.httpLogin}\","}
${optionalEmptyStr cfg.httpPass "\"password\": \"${cfg.httpPass}\","}
${optionalEmptyStr cfg.apiKey "\"api_key\": \"${cfg.apiKey}\","}
${optionalEmptyStr cfg.httpLogin "\"login\": \"${cfg.httpLogin}\","}
${optionalEmptyStr cfg.httpPass "\"password\": \"${cfg.httpPass}\","}
${optionalEmptyStr cfg.apiKey "\"api_key\": \"${cfg.apiKey}\","}
${optionalEmptyStr cfg.directoryRoot "\"directory_root\": \"${cfg.directoryRoot}\","}
"listen": "${listenAddr}"
}
'';
@ -82,15 +83,13 @@ in
type = types.bool;
default = false;
description = ''
If enabled, start the Bittorrent Sync daemon. Once enabled,
you can interact with the service through the Web UI, or
configure it in your NixOS configuration. Enabling the
<literal>btsync</literal> service also installs a
multi-instance systemd unit which can be used to start
user-specific copies of the daemon. Once installed, you can
use <literal>systemctl start btsync@user</literal> to start
the daemon only for user <literal>user</literal>, using the
configuration file located at
If enabled, start the Bittorrent Sync daemon. Once enabled, you can
interact with the service through the Web UI, or configure it in your
NixOS configuration. Enabling the <literal>btsync</literal> service
also installs a systemd user unit which can be used to start
user-specific copies of the daemon. Once installed, you can use
<literal>systemctl --user start btsync</literal> as your user to start
the daemon using the configuration file located at
<literal>$HOME/.config/btsync.conf</literal>.
'';
};
@ -211,7 +210,9 @@ in
default = "/var/lib/btsync/";
example = "/var/lib/btsync/";
description = ''
Where to store the bittorrent sync files.
Where BitTorrent Sync will store it's database files (containing
things like username info and licenses). Generally, you should not
need to ever change this.
'';
};
@ -221,6 +222,13 @@ in
description = "API key, which enables the developer API.";
};
directoryRoot = mkOption {
type = types.str;
default = "";
example = "/media";
description = "Default directory to add folders in the web UI.";
};
sharedFolders = mkOption {
default = [];
example =
@ -303,12 +311,11 @@ in
};
};
systemd.services."btsync@" = with pkgs; {
description = "Bittorrent Sync Service for %i";
systemd.user.services.btsync = with pkgs; {
description = "Bittorrent Sync user service";
after = [ "network.target" "local-fs.target" ];
serviceConfig = {
Restart = "on-abort";
User = "%i";
ExecStart =
"${bittorrentSync}/bin/btsync --nodaemon --config %h/.config/btsync.conf";
};

21
nixos/modules/services/networking/consul.nix
View File

@ -7,7 +7,7 @@ let
cfg = config.services.consul;
configOptions = { data_dir = dataDir; } //
(if cfg.webUi then { ui_dir = "${pkgs.consul.ui}"; } else { }) //
(if cfg.webUi then { ui_dir = "${cfg.package.ui}"; } else { }) //
cfg.extraConfig;
configFiles = [ "/etc/consul.json" "/etc/consul-addrs.json" ]
@ -30,6 +30,15 @@ in
'';
};
package = mkOption {
type = types.package;
default = pkgs.consul;
description = ''
The package used for the Consul agent and CLI.
'';
};
webUi = mkOption {
type = types.bool;
default = false;
@ -155,7 +164,7 @@ in
etc."consul.json".text = builtins.toJSON configOptions;
# We need consul.d to exist for consul to start
etc."consul.d/dummy.json".text = "{ }";
systemPackages = with pkgs; [ consul ];
systemPackages = [ cfg.package ];
};
systemd.services.consul = {
@ -167,14 +176,14 @@ in
(filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc);
serviceConfig = {
ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d"
ExecStart = "@${cfg.package}/bin/consul consul agent -config-dir /etc/consul.d"
+ concatMapStrings (n: " -config-file ${n}") configFiles;
ExecReload = "${pkgs.consul}/bin/consul reload";
ExecReload = "${cfg.package}/bin/consul reload";
PermissionsStartOnly = true;
User = if cfg.dropPrivileges then "consul" else null;
TimeoutStartSec = "0";
} // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${pkgs.consul}/bin/consul leave";
ExecStop = "${cfg.package}/bin/consul leave";
});
path = with pkgs; [ iproute gnugrep gawk consul ];
@ -221,7 +230,7 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "consul.service" ];
path = [ pkgs.consul ];
path = [ cfg.package ];
serviceConfig = {
ExecStart = ''

184
nixos/modules/services/networking/ejabberd.nix
View File

@ -6,9 +6,16 @@ let
cfg = config.services.ejabberd;
in
ctlcfg = pkgs.writeText "ejabberdctl.cfg" ''
ERL_EPMD_ADDRESS=127.0.0.1
${cfg.ctlConfig}
'';
{
ectl = ''${cfg.package}/bin/ejabberdctl ${if cfg.configFile == null then "" else "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"'';
dumps = lib.concatMapStringsSep " " lib.escapeShellArg cfg.loadDumps;
in {
###### interface
@ -17,33 +24,57 @@ in
services.ejabberd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable ejabberd server";
};
package = mkOption {
type = types.package;
default = pkgs.ejabberd;
description = "ejabberd server package to use";
};
user = mkOption {
type = types.str;
default = "ejabberd";
description = "User under which ejabberd is ran";
};
group = mkOption {
type = types.str;
default = "ejabberd";
description = "Group under which ejabberd is ran";
};
spoolDir = mkOption {
type = types.path;
default = "/var/lib/ejabberd";
description = "Location of the spooldir of ejabberd";
};
logsDir = mkOption {
type = types.path;
default = "/var/log/ejabberd";
description = "Location of the logfile directory of ejabberd";
};
confDir = mkOption {
default = "/var/ejabberd";
description = "Location of the config directory of ejabberd";
configFile = mkOption {
type = types.nullOr types.path;
description = "Configuration file for ejabberd in YAML format";
default = null;
};
virtualHosts = mkOption {
default = "\"localhost\"";
description = "Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas";
ctlConfig = mkOption {
type = types.lines;
default = "";
description = "Configuration of ejabberdctl";
};
loadDumps = mkOption {
type = types.listOf types.path;
default = [];
description = "Configuration dump that should be loaded on the first startup";
description = "Configuration dumps that should be loaded on the first startup";
example = literalExample "[ ./myejabberd.dump ]";
};
};
@ -54,84 +85,75 @@ in
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.ejabberd ];
environment.systemPackages = [ cfg.package ];
jobs.ejabberd =
{ description = "EJabberd server";
users.extraUsers = optionalAttrs (cfg.user == "ejabberd") (singleton
{ name = "ejabberd";
group = cfg.group;
home = cfg.spoolDir;
createHome = true;
uid = config.ids.uids.ejabberd;
});
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
users.extraGroups = optionalAttrs (cfg.group == "ejabberd") (singleton
{ name = "ejabberd";
gid = config.ids.gids.ejabberd;
});
environment = {
PATH = "$PATH:${pkgs.ejabberd}/sbin:${pkgs.ejabberd}/bin:${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.gnused}/bin";
};
systemd.services.ejabberd = {
description = "ejabberd server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [ pkgs.findutils pkgs.coreutils ];
preStart =
''
PATH="$PATH:${pkgs.ejabberd}/sbin:${pkgs.ejabberd}/bin:${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.gnused}/bin";
# Initialise state data
mkdir -p ${cfg.logsDir}
if ! test -d ${cfg.spoolDir}
then
initialize=1
cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib
fi
if ! test -d ${cfg.confDir}
then
mkdir -p ${cfg.confDir}
cp ${pkgs.ejabberd}/etc/ejabberd/* ${cfg.confDir}
sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg
fi
ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} start
${if cfg.loadDumps == [] then "" else
''
if [ "$initialize" = "1" ]
then
# Wait until the ejabberd server is available for use
count=0
while ! ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} status
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "Ejabberd daemon not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
${concatMapStrings (dump:
''
echo "Importing dump: ${dump}"
if [ -f ${dump} ]
then
ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load ${dump}
elif [ -d ${dump} ]
then
for i in ${dump}/ejabberd-dump/*
do
ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load $i
done
fi
'') cfg.loadDumps}
fi
''}
'';
postStop =
''
ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} stop
'';
serviceConfig = {
Type = "forking";
# FIXME: runit is used for `chpst` -- can we get rid of this?
ExecStop = ''${pkgs.runit}/bin/chpst -u "${cfg.user}:${cfg.group}" ${ectl} stop'';
ExecReload = ''${pkgs.runit}/bin/chpst -u "${cfg.user}:${cfg.group}" ${ectl} reload_config'';
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
};
preStart = ''
mkdir -p -m750 "${cfg.logsDir}"
chown "${cfg.user}:${cfg.group}" "${cfg.logsDir}"
mkdir -p -m750 "/var/lock/ejabberdctl"
chown "${cfg.user}:${cfg.group}" "/var/lock/ejabberdctl"
mkdir -p -m750 "${cfg.spoolDir}"
chown -R "${cfg.user}:${cfg.group}" "${cfg.spoolDir}"
'';
script = ''
[ -z "$(ls -A '${cfg.spoolDir}')" ] && firstRun=1
${ectl} start
count=0
while ! ${ectl} status >/dev/null 2>&1; do
if [ $count -eq 30 ]; then
echo "ejabberd server hasn't started in 30 seconds, giving up"
exit 1
fi
count=$((count++))
sleep 1
done
if [ -n "$firstRun" ]; then
for src in ${dumps}; do
find "$src" -type f | while read dump; do
echo "Loading configuration dump at $dump"
${ectl} load "$dump"
done
done
fi
'';
};
security.pam.services.ejabberd = {};
};

182
nixos/modules/services/networking/gale.nix Normal file
View File

@ -0,0 +1,182 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gale;
# we convert the path to a string to avoid it being copied to the nix store,
# otherwise users could read the private key as all files in the store are
# world-readable
keyPath = toString cfg.keyPath;
# ...but we refer to the pubkey file using a path so that we can ensure the
# config gets rebuilt if the public key changes (we can assume the private key
# will never change without the public key having changed)
gpubFile = cfg.keyPath + "/${cfg.domain}.gpub";
home = "/var/lib/gale";
keysPrepared = cfg.keyPath != null && lib.pathExists cfg.keyPath;
in
{
options = {
services.gale = {
enable = mkEnableOption "the Gale messaging daemon";
user = mkOption {
default = "gale";
type = types.str;
description = "Username for the Gale daemon.";
};
group = mkOption {
default = "gale";
type = types.str;
description = "Group name for the Gale daemon.";
};
setuidWrapper = mkOption {
default = null;
description = "Configuration for the Gale gksign setuid wrapper.";
};
domain = mkOption {
default = "";
type = types.str;
description = "Domain name for the Gale system.";
};
keyPath = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
Directory containing the key pair for this Gale domain. The expected
filename will be taken from the domain option with ".gpri" and ".gpub"
appended.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Additional text to be added to <filename>/etc/gale/conf</filename>.
'';
};
};
};
config = mkMerge [
(mkIf cfg.enable {
assertions = [{
assertion = cfg.domain != "";
message = "A domain must be set for Gale.";
}];
warnings = mkIf (!keysPrepared) [
"You must run gale-install in order to generate a domain key."
];
system.activationScripts.gale = mkIf cfg.enable (
stringAfter [ "users" "groups" ] ''
chmod -R 755 ${home}
mkdir -m 0777 -p ${home}/auth/cache
mkdir -m 1777 -p ${home}/auth/local # GALE_DOMAIN.gpub
mkdir -m 0700 -p ${home}/auth/private # ROOT.gpub
mkdir -m 0755 -p ${home}/auth/trusted # ROOT
mkdir -m 0700 -p ${home}/.gale
mkdir -m 0700 -p ${home}/.gale/auth
mkdir -m 0700 -p ${home}/.gale/auth/private # GALE_DOMAIN.gpri
ln -sf ${pkgs.gale}/etc/gale/auth/trusted/ROOT "${home}/auth/trusted/ROOT"
chown -R ${cfg.user}:${cfg.group} ${home}
''
);
environment = {
etc = {
"gale/auth".source = home + "/auth"; # symlink /var/lib/gale/auth
"gale/conf".text = ''
GALE_USER ${cfg.user}
GALE_DOMAIN ${cfg.domain}
${cfg.extraConfig}
'';
};
systemPackages = [ pkgs.gale ];
};
users.extraUsers = [{
name = cfg.user;
description = "Gale daemon";
uid = config.ids.uids.gale;
group = cfg.group;
home = home;
createHome = true;
}];
users.extraGroups = [{
name = cfg.group;
gid = config.ids.gids.gale;
}];
})
(mkIf (cfg.enable && keysPrepared) {
assertions = [
{
assertion = cfg.keyPath != null
&& lib.pathExists (cfg.keyPath + "/${cfg.domain}.gpub");
message = "Couldn't find a Gale public key for ${cfg.domain}.";
}
{
assertion = cfg.keyPath != null
&& lib.pathExists (cfg.keyPath + "/${cfg.domain}.gpri");
message = "Couldn't find a Gale private key for ${cfg.domain}.";
}
];
services.gale.setuidWrapper = {
program = "gksign";
source = "${pkgs.gale}/bin/gksign";
owner = cfg.user;
group = cfg.group;
setuid = true;
setgid = false;
};
security.setuidOwners = [ cfg.setuidWrapper ];
systemd.services.gale-galed = {
description = "Gale messaging daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "gale-gdomain.service" ];
after = [ "network.target" ];
preStart = ''
install -m 0640 ${keyPath}/${cfg.domain}.gpri "${home}/.gale/auth/private/"
install -m 0644 ${gpubFile} "${home}/.gale/auth/private/${cfg.domain}.gpub"
install -m 0644 ${gpubFile} "${home}/auth/local/${cfg.domain}.gpub"
chown -R ${cfg.user}:${cfg.group} ${home}
'';
serviceConfig = {
Type = "forking";
ExecStart = "@${pkgs.gale}/bin/galed galed";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
};
};
systemd.services.gale-gdomain = {
description = "Gale AKD daemon";
wantedBy = [ "multi-user.target" ];
requires = [ "gale-galed.service" ];
after = [ "gale-galed.service" ];
serviceConfig = {
Type = "forking";
ExecStart = "@${pkgs.gale}/bin/gdomain gdomain";
User = cfg.user;
Group = cfg.group;
};
};
})
];
}

9
nixos/modules/services/networking/git-daemon.nix
View File

@ -16,7 +16,7 @@ in
type = types.bool;
default = false;
description = ''
Enable Git daemon, which allows public hosting of git repositories
Enable Git daemon, which allows public hosting of git repositories
without any access controls. This is mostly intended for read-only access.
You can allow write access by setting daemon.receivepack configuration
@ -115,10 +115,9 @@ in
gid = config.ids.gids.git;
};
jobs.gitDaemon = {
name = "git-daemon";
startOn = "ip-up";
exec = "${pkgs.git}/bin/git daemon --reuseaddr "
systemd.services."git-daemon" = {
wantedBy = [ "ip-up.target" ];
script = "${pkgs.git}/bin/git daemon --reuseaddr "
+ (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ")
+ (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ")
+ "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} "

32
nixos/modules/services/networking/gvpe.nix
View File

@ -37,13 +37,6 @@ let
'';
executable = true;
});
exec = "${pkgs.gvpe}/sbin/gvpe -c /var/gvpe -D ${cfg.nodename} "
+ " ${cfg.nodename}.pid-file=/var/gvpe/gvpe.pid"
+ " ${cfg.nodename}.if-up=if-up"
+ " &> /var/log/gvpe";
inherit (cfg) startOn stopOn;
in
{
@ -55,18 +48,6 @@ in
Whether to run gvpe
'';
};
startOn = mkOption {
default = "started network-interfaces";
description = ''
Condition to start GVPE
'';
};
stopOn = mkOption {
default = "stopping network-interfaces";
description = ''
Condition to stop GVPE
'';
};
nodename = mkOption {
default = null;
description =''
@ -122,10 +103,10 @@ in
};
};
config = mkIf cfg.enable {
jobs.gvpe = {
systemd.services.gvpe = {
description = "GNU Virtual Private Ethernet node";
inherit startOn stopOn;
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p /var/gvpe
@ -136,9 +117,12 @@ in
cp ${ifupScript} /var/gvpe/if-up
'';
inherit exec;
script = "${pkgs.gvpe}/sbin/gvpe -c /var/gvpe -D ${cfg.nodename} "
+ " ${cfg.nodename}.pid-file=/var/gvpe/gvpe.pid"
+ " ${cfg.nodename}.if-up=if-up"
+ " &> /var/log/gvpe";
respawn = true;
serviceConfig.Restart = "always";
};
};
}

26
nixos/modules/services/networking/ifplugd.nix
View File

@ -66,23 +66,17 @@ in
###### implementation
config = mkIf cfg.enable {
jobs.ifplugd =
{ description = "Network interface connectivity monitor";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
exec =
''
${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \
${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \
--run ${plugScript}
'';
};
systemd.services.ifplugd = {
description = "Network interface connectivity monitor";
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
script = ''
${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \
${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \
--run ${plugScript}
'';
};
environment.systemPackages = [ ifplugd ];
};
}

18
nixos/modules/services/networking/ircd-hybrid/default.nix
View File

@ -121,17 +121,11 @@ in
users.extraGroups.ircd.gid = config.ids.gids.ircd;
jobs.ircd_hybrid =
{ name = "ircd-hybrid";
description = "IRCD Hybrid server";
startOn = "started networking";
stopOn = "stopping networking";
exec = "${ircdService}/bin/control start";
};
systemd.services."ircd-hybrid" = {
description = "IRCD Hybrid server";
after = [ "started networking" ];
wantedBy = [ "multi-user.target" ];
script = "${ircdService}/bin/control start";
};
};
}

130
nixos/modules/services/networking/notbit.nix
View File

@ -1,130 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.notbit;
varDir = "/var/lib/notbit";
sendmail = pkgs.stdenv.mkDerivation {
name = "notbit-wrapper";
buildInputs = [ pkgs.makeWrapper ];
propagatedBuildInputs = [ pkgs.notbit ];
buildCommand = ''
mkdir -p $out/bin
makeWrapper ${pkgs.notbit}/bin/notbit-sendmail $out/bin/notbit-system-sendmail \
--set XDG_RUNTIME_DIR ${varDir}
'';
};
opts = "${optionalString cfg.allowPrivateAddresses "-L"} ${optionalString cfg.noBootstrap "-b"} ${optionalString cfg.specifiedPeersOnly "-e"}";
peers = concatStringsSep " " (map (str: "-P \"${str}\"") cfg.peers);
listen = if cfg.listenAddress == [] then "-p ${toString cfg.port}" else
concatStringsSep " " (map (addr: "-a \"${addr}:${toString cfg.port}\"") cfg.listenAddress);
in
with lib;
{
### configuration
options = {
services.notbit = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables the notbit daemon and provides a sendmail binary named `notbit-system-sendmail` for sending mail over the system instance of notbit. Users must be in the notbit group in order to send mail over the system notbit instance. Currently mail recipt is not supported.
'';
};
port = mkOption {
type = types.int;
default = 8444;
description = "The port which the daemon listens for other bitmessage clients";
};
nice = mkOption {
type = types.int;
default = 10;
description = "Set the nice level for the notbit daemon";
};
listenAddress = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "localhost" "myhostname" ];
description = "The addresses which notbit will use to listen for incoming connections. These addresses are advertised to connecting clients.";
};
peers = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "bitmessage.org:8877" ];
description = "The initial set of peers notbit will connect to.";
};
specifiedPeersOnly = mkOption {
type = types.bool;
default = false;
description = "If true, notbit will only connect to peers specified by the peers option.";
};
allowPrivateAddresses = mkOption {
type = types.bool;
default = false;
description = "If true, notbit will allow connections to to RFC 1918 addresses.";
};
noBootstrap = mkOption {
type = types.bool;
default = false;
description = "If true, notbit will not bootstrap an initial peerlist from bitmessage.org servers";
};
};
};
### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ sendmail ];
systemd.services.notbit = {
description = "Notbit daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.notbit ];
environment = { XDG_RUNTIME_DIR = varDir; };
postStart = ''
[ ! -f "${varDir}/addr" ] && notbit-keygen > ${varDir}/addr
chmod 0640 ${varDir}/{addr,notbit/notbit-ipc.lock}
chmod 0750 ${varDir}/notbit/{,notbit-ipc}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.notbit}/bin/notbit -d ${listen} ${peers} ${opts}";
User = "notbit";
Group = "notbit";
UMask = "0077";
WorkingDirectory = varDir;
Nice = cfg.nice;
};
};
users.extraUsers.notbit = {
group = "notbit";
description = "Notbit daemon user";
home = varDir;
createHome = true;
uid = config.ids.uids.notbit;
};
users.extraGroups.notbit.gid = config.ids.gids.notbit;
};
}

17
nixos/modules/services/networking/oidentd.nix
View File

@ -20,18 +20,17 @@ with lib;
};
###### implementation
config = mkIf config.services.oidentd.enable {
jobs.oidentd =
{ startOn = "started network-interfaces";
daemonType = "fork";
exec = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup" +
optionalString config.networking.enableIPv6 " -a ::"
;
};
systemd.services.oidentd = {
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "forking";
script = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup" +
optionalString config.networking.enableIPv6 " -a ::";
};
users.extraUsers.oidentd = {
description = "Ident Protocol daemon user";

48
nixos/modules/services/networking/openfire.nix
View File

@ -2,17 +2,7 @@
with lib;
let
inherit (pkgs) jre openfire coreutils which gnugrep gawk gnused;
extraStartDependency =
if config.services.openfire.usePostgreSQL then "and started postgresql" else "";
in
{
###### interface
options = {
@ -47,26 +37,24 @@ in
message = "OpenFire assertion failed.";
};
jobs.openfire =
{ description = "OpenFire XMPP server";
startOn = "started networking ${extraStartDependency}";
script =
''
export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin
export HOME=/tmp
mkdir /var/log/openfire || true
mkdir /etc/openfire || true
for i in ${openfire}/conf.inst/*; do
if ! test -f /etc/openfire/$(basename $i); then
cp $i /etc/openfire/
fi
done
openfire start
''; # */
};
systemd.services.openfire = {
description = "OpenFire XMPP server";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ] ++
optional config.services.openfire.usePostgreSQL "postgresql.service";
path = with pkgs; [ jre openfire coreutils which gnugrep gawk gnused ];
script = ''
export HOME=/tmp
mkdir /var/log/openfire || true
mkdir /etc/openfire || true
for i in ${openfire}/conf.inst/*; do
if ! test -f /etc/openfire/$(basename $i); then
cp $i /etc/openfire/
fi
done
openfire start
''; # */
};
};
}

104
nixos/modules/services/networking/ostinato.nix Normal file
View File

@ -0,0 +1,104 @@
{ config, lib, pkgs, ... }:
with lib;
let
pkg = pkgs.ostinato;
cfg = config.services.ostinato;
configFile = pkgs.writeText "drone.ini" ''
[General]
RateAccuracy=${cfg.rateAccuracy}
[RpcServer]
Address=${cfg.rpcServer.address}
[PortList]
Include=${concatStringsSep "," cfg.portList.include}
Exclude=${concatStringsSep "," cfg.portList.exclude}
'';
in
{
###### interface
options = {
services.ostinato = {
enable = mkEnableOption "Ostinato agent-controller (Drone)";
port = mkOption {
type = types.int;
default = 7878;
description = ''
Port to listen on.
'';
};
rateAccuracy = mkOption {
type = types.enum [ "High" "Low" ];
default = "High";
description = ''
To ensure that the actual transmit rate is as close as possible to
the configured transmit rate, Drone runs a busy-wait loop.
While this provides the maximum accuracy possible, the CPU
utilization is 100% while the transmit is on. You can however,
sacrifice the accuracy to reduce the CPU load.
'';
};
rpcServer = {
address = mkOption {
type = types.string;
default = "0.0.0.0";
description = ''
By default, the Drone RPC server will listen on all interfaces and
local IPv4 adresses for incoming connections from clients. Specify
a single IPv4 or IPv6 address if you want to restrict that.
To listen on any IPv6 address, use ::
'';
};
};
portList = {
include = mkOption {
type = types.listOf types.string;
default = [];
example = ''[ "eth*" "lo*" ]'';
description = ''
For a port to pass the filter and appear on the port list managed
by drone, it be allowed by this include list.
'';
};
exclude = mkOption {
type = types.listOf types.str;
default = [];
example = ''[ "usbmon*" "eth0" ]'';
description = ''
A list of ports does not appear on the port list managed by drone.
'';
};
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkg ];
systemd.services.drone = {
description = "Ostinato agent-controller";
wantedBy = [ "multi-user.target" ];
script = ''
${pkg}/bin/drone ${toString cfg.port} ${configFile}
'';
};
};
}

25
nixos/modules/services/networking/prayer.nix
View File

@ -83,21 +83,14 @@ in
gid = config.ids.gids.prayer;
};
jobs.prayer =
{ name = "prayer";
startOn = "startup";
preStart =
''
mkdir -m 0755 -p ${stateDir}
chown ${prayerUser}.${prayerGroup} ${stateDir}
'';
daemonType = "daemon";
exec = "${prayer}/sbin/prayer --config-file=${prayerCfg}";
};
systemd.services.prayer = {
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "forking";
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${prayerUser}.${prayerGroup} ${stateDir}
'';
script = "${prayer}/sbin/prayer --config-file=${prayerCfg}";
};
};
}

12
nixos/modules/services/networking/radicale.nix
View File

@ -33,16 +33,14 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.pythonPackages.radicale ];
jobs.radicale = {
systemd.services.radicale = {
description = "A Simple Calendar and Contact Server";
startOn = "started network-interfaces";
exec = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d";
daemonType = "fork";
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d";
serviceConfig.Type = "forking";
};
};
}

4
nixos/modules/services/networking/shout.nix
View File

@ -19,7 +19,7 @@ in {
'';
};
host = mkOption {
listenAddress = mkOption {
type = types.string;
default = "0.0.0.0";
description = "IP interface to listen on for http connections.";
@ -66,7 +66,7 @@ in {
"${pkgs.shout}/bin/shout"
(if cfg.private then "--private" else "--public")
"--port" (toString cfg.port)
"--host" (toString cfg.host)
"--host" (toString cfg.listenAddress)
"--home" shoutHome
];
serviceConfig = {

6
nixos/modules/services/networking/softether.nix
View File

@ -61,9 +61,10 @@ in
dataDir = cfg.dataDir;
}))
];
jobs.softether = {
systemd.services.softether = {
description = "SoftEther VPN services initial job";
startOn = "started network-interfaces";
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
for d in vpnserver vpnbridge vpnclient vpncmd; do
if ! test -e ${cfg.dataDir}/$d; then
@ -74,7 +75,6 @@ in
rm -rf ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${pkg}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
'';
exec = "true";
};
}

100
nixos/modules/services/networking/ssh/lshd.nix
View File

@ -117,62 +117,60 @@ in
services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
jobs.lshd =
{ description = "GNU lshd SSH2 daemon";
systemd.services.lshd = {
description = "GNU lshd SSH2 daemon";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
after = [ "network-interfaces.target" ];
environment =
{ LD_LIBRARY_PATH = config.system.nssModules.path; };
wantedBy = [ "multi-user.target" ];
preStart =
''
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
if ! test -f /var/spool/lsh/yarrow-seed-file
then
# XXX: It would be nice to provide feedback to the
# user when this fails, so that they can retry it
# manually.
${lsh}/bin/lsh-make-seed --sloppy \
-o /var/spool/lsh/yarrow-seed-file
fi
if ! test -f "${cfg.hostKey}"
then
${lsh}/bin/lsh-keygen --server | \
${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
fi
'';
exec = with cfg;
''
${lsh}/sbin/lshd --daemonic \
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \
-p ${toString portNumber} \
${if interfaces == [] then ""
else (concatStrings (map (i: "--interface=\"${i}\"")
interfaces))} \
-h "${hostKey}" \
${if !syslog then "--no-syslog" else ""} \
${if passwordAuthentication then "--password" else "--no-password" } \
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \
${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
--subsystems=${concatStringsSep ","
(map (pair: (head pair) + "=" +
(head (tail pair)))
subsystems)}
'';
environment = {
LD_LIBRARY_PATH = config.system.nssModules.path;
};
preStart = ''
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
if ! test -f /var/spool/lsh/yarrow-seed-file
then
# XXX: It would be nice to provide feedback to the
# user when this fails, so that they can retry it
# manually.
${lsh}/bin/lsh-make-seed --sloppy \
-o /var/spool/lsh/yarrow-seed-file
fi
if ! test -f "${cfg.hostKey}"
then
${lsh}/bin/lsh-keygen --server | \
${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
fi
'';
script = with cfg; ''
${lsh}/sbin/lshd --daemonic \
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \
-p ${toString portNumber} \
${if interfaces == [] then ""
else (concatStrings (map (i: "--interface=\"${i}\"")
interfaces))} \
-h "${hostKey}" \
${if !syslog then "--no-syslog" else ""} \
${if passwordAuthentication then "--password" else "--no-password" } \
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \
${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
--subsystems=${concatStringsSep ","
(map (pair: (head pair) + "=" +
(head (tail pair)))
subsystems)}
'';
};
security.pam.services.lshd = {};
};
}

4
nixos/modules/services/networking/sslh.nix
View File

@ -16,7 +16,7 @@ let
listen:
(
{ host: "${cfg.host}"; port: "${toString cfg.port}"; }
{ host: "${cfg.listenAddress}"; port: "${toString cfg.port}"; }
);
${cfg.appendConfig}
@ -56,7 +56,7 @@ in
description = "PID file path for sslh daemon.";
};
host = mkOption {
listenAddress = mkOption {
type = types.str;
default = config.networking.hostName;
description = "Listening hostname.";

8
nixos/modules/services/networking/tcpcrypt.nix
View File

@ -35,11 +35,11 @@ in
description = "tcpcrypt daemon user";
};
jobs.tcpcrypt = {
systemd.services.tcpcrypt = {
description = "tcpcrypt";
wantedBy = ["multi-user.target"];
after = ["network-interfaces.target"];
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
@ -58,7 +58,7 @@ in
iptables -t mangle -I POSTROUTING -j nixos-tcpcrypt
'';
exec = "tcpcryptd -x 0x10";
script = "tcpcryptd -x 0x10";
postStop = ''
if [ -f /run/pre-tcpcrypt-ecn-state ]; then

22
nixos/modules/services/networking/tinc.nix
View File

@ -43,6 +43,14 @@ in
'';
};
ed25519PrivateKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
Path of the private ed25519 keyfile.
'';
};
debugLevel = mkOption {
default = 0;
type = types.addCheck types.int (l: l >= 0 && l <= 5);
@ -70,6 +78,14 @@ in
'';
};
listenAddress = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The ip adress to bind to.
'';
};
package = mkOption {
default = pkgs.tinc_pre;
description = ''
@ -99,6 +115,8 @@ in
text = ''
Name = ${if data.name == null then "$HOST" else data.name}
DeviceType = ${data.interfaceType}
${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"}
${optionalString (data.listenAddress != null) "BindToAddress = ${data.listenAddress}"}
Device = /dev/net/tun
Interface = tinc.${network}
${data.extraConfig}
@ -134,10 +152,10 @@ in
# Determine how we should generate our keys
if type tinc >/dev/null 2>&1; then
# Tinc 1.1+ uses the tinc helper application for key generation
${if data.ed25519PrivateKeyFile != null then " # Keyfile managed by nix" else ''
# Prefer ED25519 keys (only in 1.1+)
[ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
''}
# Otherwise use RSA keys
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
else

14
nixos/modules/services/networking/wicd.nix
View File

@ -25,17 +25,13 @@ with lib;
environment.systemPackages = [pkgs.wicd];
jobs.wicd =
{ startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
script =
"${pkgs.wicd}/sbin/wicd -f";
};
systemd.services.wicd = {
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.wicd}/sbin/wicd -f";
};
services.dbus.enable = true;
services.dbus.packages = [pkgs.wicd];
};
}

163
nixos/modules/services/networking/wpa_supplicant.nix
View File

@ -3,51 +3,30 @@
with lib;
let
cfg = config.networking.wireless;
configFile = "/etc/wpa_supplicant.conf";
ifaces =
cfg.interfaces ++
optional (config.networking.WLANInterface != "") config.networking.WLANInterface;
in
{
###### interface
configFile = if cfg.networks != {} then pkgs.writeText "wpa_supplicant.conf" ''
${optionalString cfg.userControlled.enable ''
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group}
update_config=1''}
${concatStringsSep "\n" (mapAttrsToList (ssid: networkConfig: ''
network={
ssid="${ssid}"
${optionalString (networkConfig.psk != null) ''psk="${networkConfig.psk}"''}
${optionalString (networkConfig.psk == null) ''key_mgmt=NONE''}
}
'') cfg.networks)}
'' else "/etc/wpa_supplicant.conf";
in {
options = {
networking.WLANInterface = mkOption {
default = "";
description = "Obsolete. Use <option>networking.wireless.interfaces</option> instead.";
};
networking.wireless = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to start <command>wpa_supplicant</command> to scan for
and associate with wireless networks. Note: NixOS currently
does not manage <command>wpa_supplicant</command>'s
configuration file, <filename>${configFile}</filename>. You
should edit this file yourself to define wireless networks,
WPA keys and so on (see
<citerefentry><refentrytitle>wpa_supplicant.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>), or use
networking.wireless.userControlled.* to allow users to add entries
through <command>wpa_cli</command> and <command>wpa_gui</command>.
'';
};
enable = mkEnableOption "wpa_supplicant";
interfaces = mkOption {
type = types.listOf types.str;
default = [];
example = [ "wlan0" "wlan1" ];
description = ''
The interfaces <command>wpa_supplicant</command> will use. If empty, it will
The interfaces <command>wpa_supplicant</command> will use. If empty, it will
automatically use all wireless interfaces.
'';
};
@ -58,6 +37,37 @@ in
description = "Force a specific wpa_supplicant driver.";
};
networks = mkOption {
type = types.attrsOf (types.submodule {
options = {
psk = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that these will be written to the nix store
in plaintext!
'';
};
};
});
description = ''
The network definitions to automatically connect to when
<command>wpa_supplicant</command> is running. If this
parameter is left empty wpa_supplicant will use
/etc/wpa_supplicant.conf as the configuration file.
'';
default = {};
example = literalExample ''
echelon = {
psk = "abcdefgh";
};
"free.wifi" = {};
'';
};
userControlled = {
enable = mkOption {
type = types.bool;
@ -68,10 +78,8 @@ in
to depend on a large package such as NetworkManager just to pick nearby
access points.
When you want to use this, make sure ${configFile} doesn't exist.
It will be created for you.
Currently it is also necessary to explicitly specify networking.wireless.interfaces.
When using a declarative network specification you cannot persist any
settings via wpa_gui or wpa_cli.
'';
};
@ -85,64 +93,49 @@ in
};
};
config = mkMerge [
(mkIf cfg.enable {
environment.systemPackages = [ pkgs.wpa_supplicant ];
###### implementation
services.dbus.packages = [ pkgs.wpa_supplicant ];
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.wpa_supplicant ];
services.dbus.packages = [ pkgs.wpa_supplicant ];
# FIXME: start a separate wpa_supplicant instance per interface.
jobs.wpa_supplicant =
{ description = "WPA Supplicant";
# FIXME: start a separate wpa_supplicant instance per interface.
systemd.services.wpa_supplicant = let
ifaces = cfg.interfaces;
in {
description = "WPA Supplicant";
wantedBy = [ "network.target" ];
path = [ pkgs.wpa_supplicant ];
preStart = ''
touch -a ${configFile}
chmod 600 ${configFile}
'' + optionalString cfg.userControlled.enable ''
if [ ! -s ${configFile} ]; then
echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group}" >> ${configFile}
echo "update_config=1" >> ${configFile}
fi
script = ''
${if ifaces == [] then ''
for i in $(cd /sys/class/net && echo *); do
DEVTYPE=
source /sys/class/net/$i/uevent
if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then
ifaces="$ifaces''${ifaces:+ -N} -i$i"
fi
done
'' else ''
ifaces="${concatStringsSep " -N " (map (i: "-i${i}") ifaces)}"
''}
exec wpa_supplicant -s -u -D${cfg.driver} -c ${configFile} $ifaces
'';
script =
''
${if ifaces == [] then ''
for i in $(cd /sys/class/net && echo *); do
DEVTYPE=
source /sys/class/net/$i/uevent
if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then
ifaces="$ifaces''${ifaces:+ -N} -i$i"
fi
done
'' else ''
ifaces="${concatStringsSep " -N " (map (i: "-i${i}") ifaces)}"
''}
exec wpa_supplicant -s -u -D${cfg.driver} -c ${configFile} $ifaces
'';
};
powerManagement.resumeCommands =
''
powerManagement.resumeCommands = ''
${config.systemd.package}/bin/systemctl try-restart wpa_supplicant
'';
assertions = [{ assertion = !cfg.userControlled.enable || cfg.interfaces != [];
message = "user controlled wpa_supplicant needs explicit networking.wireless.interfaces";}];
# Restart wpa_supplicant when a wlan device appears or disappears.
services.udev.extraRules =
''
# Restart wpa_supplicant when a wlan device appears or disappears.
services.udev.extraRules = ''
ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service"
'';
};
})
{
meta.maintainers = with lib.maintainers; [ globin ];
}
];
}

22
nixos/modules/services/networking/xinetd.nix
View File

@ -6,8 +6,6 @@ let
cfg = config.services.xinetd;
inherit (pkgs) xinetd;
configFile = pkgs.writeText "xinetd.conf"
''
defaults
@ -141,18 +139,12 @@ in
###### implementation
config = mkIf cfg.enable {
jobs.xinetd =
{ description = "xinetd server";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
path = [ xinetd ];
exec = "xinetd -syslog daemon -dontfork -stayalive -f ${configFile}";
};
systemd.services.xinetd = {
description = "xinetd server";
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.xinetd ];
script = "xinetd -syslog daemon -dontfork -stayalive -f ${configFile}";
};
};
}

74
nixos/modules/services/scheduling/atd.nix
View File

@ -66,49 +66,47 @@ in
gid = config.ids.gids.atd;
};
jobs.atd =
{ description = "Job Execution Daemon (atd)";
systemd.services.atd = {
description = "Job Execution Daemon (atd)";
after = [ "systemd-udev-settle.service" ];
wants = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
startOn = "stopped udevtrigger";
path = [ at ];
path = [ at ];
preStart = ''
# Snippets taken and adapted from the original `install' rule of
# the makefile.
preStart =
''
# Snippets taken and adapted from the original `install' rule of
# the makefile.
# We assume these values are those actually used in Nixpkgs for
# `at'.
spooldir=/var/spool/atspool
jobdir=/var/spool/atjobs
etcdir=/etc/at
# We assume these values are those actually used in Nixpkgs for
# `at'.
spooldir=/var/spool/atspool
jobdir=/var/spool/atjobs
etcdir=/etc/at
for dir in "$spooldir" "$jobdir" "$etcdir"; do
if [ ! -d "$dir" ]; then
mkdir -p "$dir"
chown atd:atd "$dir"
fi
done
chmod 1770 "$spooldir" "$jobdir"
${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""}
if [ ! -f "$etcdir"/at.deny ]; then
touch "$etcdir"/at.deny
chown root:atd "$etcdir"/at.deny
chmod 640 "$etcdir"/at.deny
fi
if [ ! -f "$jobdir"/.SEQ ]; then
touch "$jobdir"/.SEQ
chown atd:atd "$jobdir"/.SEQ
chmod 600 "$jobdir"/.SEQ
fi
'';
for dir in "$spooldir" "$jobdir" "$etcdir"; do
if [ ! -d "$dir" ]; then
mkdir -p "$dir"
chown atd:atd "$dir"
fi
done
chmod 1770 "$spooldir" "$jobdir"
${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""}
if [ ! -f "$etcdir"/at.deny ]; then
touch "$etcdir"/at.deny
chown root:atd "$etcdir"/at.deny
chmod 640 "$etcdir"/at.deny
fi
if [ ! -f "$jobdir"/.SEQ ]; then
touch "$jobdir"/.SEQ
chown atd:atd "$jobdir"/.SEQ
chmod 600 "$jobdir"/.SEQ
fi
'';
exec = "atd";
daemonType = "fork";
};
script = "atd";
serviceConfig.Type = "forking";
};
};
}

38
nixos/modules/services/scheduling/fcron.nix
View File

@ -108,29 +108,25 @@ in
security.setuidPrograms = [ "fcrontab" ];
jobs.fcron =
{ description = "fcron daemon";
systemd.services.fcron = {
description = "fcron daemon";
after = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
startOn = "startup";
after = [ "local-fs.target" ];
environment =
{ PATH = "/run/current-system/sw/bin";
};
preStart =
''
${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/spool/fcron
# load system crontab file
${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
'';
daemonType = "fork";
exec = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
# FIXME use specific path
environment = {
PATH = "/run/current-system/sw/bin";
};
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/spool/fcron
# load system crontab file
${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
'';
serviceConfig.Type = "forking";
script = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
};
};
}

6
nixos/modules/services/search/elasticsearch.nix
View File

@ -6,7 +6,7 @@ let
cfg = config.services.elasticsearch;
esConfig = ''
network.host: ${cfg.host}
network.host: ${cfg.listenAddress}
network.port: ${toString cfg.port}
network.tcp.port: ${toString cfg.tcp_port}
cluster.name: ${cfg.cluster_name}
@ -43,7 +43,7 @@ in {
type = types.package;
};
host = mkOption {
listenAddress = mkOption {
description = "Elasticsearch listen address.";
default = "127.0.0.1";
type = types.str;
@ -142,7 +142,7 @@ in {
ln -s ${esPlugins}/plugins ${cfg.dataDir}/plugins
'';
postStart = mkBefore ''
until ${pkgs.curl}/bin/curl -s -o /dev/null ${cfg.host}:${toString cfg.port}; do
until ${pkgs.curl}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do
sleep 1
done
'';

4
nixos/modules/services/search/kibana.nix
View File

@ -8,7 +8,7 @@ let
cfgFile = pkgs.writeText "kibana.json" (builtins.toJSON (
(filterAttrsRecursive (n: v: v != null) ({
server = {
host = cfg.host;
host = cfg.listenAddress;
port = cfg.port;
ssl = {
cert = cfg.cert;
@ -44,7 +44,7 @@ in {
options.services.kibana = {
enable = mkEnableOption "enable kibana service";
host = mkOption {
listenAddress = mkOption {
description = "Kibana listening host";
default = "127.0.0.1";
type = types.str;

32
nixos/modules/services/security/fprot.nix
View File

@ -67,24 +67,22 @@ in {
services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
jobs = {
fprot_updater = {
name = "fprot-updater";
task = true;
# have to copy fpupdate executable because it insists on storing the virus database in the same dir
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${fprotUser}:${fprotGroup} ${stateDir}
cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
ln -sf ${cfg.updater.productData} ${stateDir}/product.data
'';
#setuid = fprotUser;
#setgid = fprotGroup;
exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
systemd.services."fprot-updater" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = false;
};
wantedBy = [ "multi-user.target" ];
# have to copy fpupdate executable because it insists on storing the virus database in the same dir
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${fprotUser}:${fprotGroup} ${stateDir}
cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
ln -sf ${cfg.updater.productData} ${stateDir}/product.data
'';
script = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
};
};
}

33
nixos/modules/services/system/kerberos.nix
View File

@ -45,27 +45,20 @@ in
serverArgs = "${pkgs.heimdal}/sbin/kadmind";
};
jobs.kdc =
{ description = "Kerberos Domain Controller daemon";
systemd.services.kdc = {
description = "Kerberos Domain Controller daemon";
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
'';
script = "${heimdal}/sbin/kdc";
};
startOn = "ip-up";
preStart =
''
mkdir -m 0755 -p ${stateDir}
'';
exec = "${heimdal}/sbin/kdc";
};
jobs.kpasswdd =
{ description = "Kerberos Domain Controller daemon";
startOn = "ip-up";
exec = "${heimdal}/sbin/kpasswdd";
};
systemd.services.kpasswdd = {
description = "Kerberos Domain Controller daemon";
wantedBy = [ "multi-user.target" ];
script = "${heimdal}/sbin/kpasswdd";
};
};
}

26
nixos/modules/services/system/uptimed.nix
View File

@ -45,23 +45,21 @@ in
home = stateDir;
};
jobs.uptimed =
{ description = "Uptimed daemon";
systemd.services.uptimed = {
description = "Uptimed daemon";
wantedBy = [ "multi-user.target" ];
startOn = "startup";
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${uptimedUser} ${stateDir}
preStart =
''
mkdir -m 0755 -p ${stateDir}
chown ${uptimedUser} ${stateDir}
if ! test -f ${stateDir}/bootid ; then
${uptimed}/sbin/uptimed -b
fi
'';
if ! test -f ${stateDir}/bootid ; then
${uptimed}/sbin/uptimed -b
fi
'';
exec = "${uptimed}/sbin/uptimed";
};
script = "${uptimed}/sbin/uptimed";
};
};

20
nixos/modules/services/ttys/agetty.nix
View File

@ -2,6 +2,13 @@
with lib;
let
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
gettyCmd = extraArgs: "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
in
{
###### interface
@ -21,9 +28,9 @@ with lib;
greetingLine = mkOption {
type = types.str;
default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \l >>>'';
description = ''
Welcome line printed by mingetty.
The default shows current NixOS version label, machine type and tty.
'';
};
@ -55,10 +62,11 @@ with lib;
###### implementation
config = let
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
gettyCmd = extraArgs: "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
in {
config = {
# Note: this is set here rather than up there so that changing
# nixosLabel would not rebuild manual pages
services.mingetty.greetingLine = mkDefault ''<<< Welcome to NixOS ${config.system.nixosLabel} (\m) - \l >>>'';
systemd.services."getty@" =
{ serviceConfig.ExecStart = gettyCmd "--noclear --keep-baud %I 115200,38400,9600 $TERM";
restartIfChanged = false;
@ -81,7 +89,7 @@ with lib;
{ serviceConfig.ExecStart = gettyCmd "--noclear --keep-baud console 115200,38400,9600 $TERM";
serviceConfig.Restart = "always";
restartIfChanged = false;
enable = mkDefault config.boot.isContainer;
enable = mkDefault config.boot.isContainer;
};
environment.etc = singleton

13
nixos/modules/services/web-servers/jboss/default.nix
View File

@ -71,13 +71,10 @@ in
###### implementation
config = mkIf config.services.jboss.enable {
jobs.jboss =
{ description = "JBoss server";
exec = "${jbossService}/bin/control start";
};
systemd.services.jboss = {
description = "JBoss server";
script = "${jbossService}/bin/control start";
wantedBy = [ "multi-user.target" ];
};
};
}

389
nixos/modules/services/web-servers/tomcat.nix
View File

@ -127,124 +127,206 @@ in
extraGroups = cfg.extraGroups;
};
jobs.tomcat =
{ description = "Apache Tomcat server";
systemd.services.tomcat = {
description = "Apache Tomcat server";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
preStart = ''
# Create the base directory
mkdir -p ${cfg.baseDir}
daemonType = "daemon";
# Create a symlink to the bin directory of the tomcat component
ln -sfn ${tomcat}/bin ${cfg.baseDir}/bin
# Create a conf/ directory
mkdir -p ${cfg.baseDir}/conf
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/conf
# Symlink the config files in the conf/ directory (except for catalina.properties and server.xml)
for i in $(ls ${tomcat}/conf | grep -v catalina.properties | grep -v server.xml)
do
ln -sfn ${tomcat}/conf/$i ${cfg.baseDir}/conf/`basename $i`
done
# Create subdirectory for virtual hosts
mkdir -p ${cfg.baseDir}/virtualhosts
# Create a modified catalina.properties file
# Change all references from CATALINA_HOME to CATALINA_BASE and add support for shared libraries
sed -e 's|''${catalina.home}|''${catalina.base}|g' \
-e 's|shared.loader=|shared.loader=''${catalina.base}/shared/lib/*.jar|' \
${tomcat}/conf/catalina.properties > ${cfg.baseDir}/conf/catalina.properties
# Create a modified server.xml which also includes all virtual hosts
sed -e "/<Engine name=\"Catalina\" defaultHost=\"localhost\">/a\ ${
toString (map (virtualHost: ''<Host name=\"${virtualHost.name}\" appBase=\"virtualhosts/${virtualHost.name}/webapps\" unpackWARs=\"true\" autoDeploy=\"true\" xmlValidation=\"false\" xmlNamespaceAware=\"false\" >${if cfg.logPerVirtualHost then ''<Valve className=\"org.apache.catalina.valves.AccessLogValve\" directory=\"logs/${virtualHost.name}\" prefix=\"${virtualHost.name}_access_log.\" pattern=\"combined\" resolveHosts=\"false\"/>'' else ""}</Host>'') cfg.virtualHosts)}" \
${tomcat}/conf/server.xml > ${cfg.baseDir}/conf/server.xml
# Create a logs/ directory
mkdir -p ${cfg.baseDir}/logs
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/logs
${if cfg.logPerVirtualHost then
toString (map (h: ''
mkdir -p ${cfg.baseDir}/logs/${h.name}
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/logs/${h.name}
'') cfg.virtualHosts) else ''''}
# Create a temp/ directory
mkdir -p ${cfg.baseDir}/temp
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/temp
# Create a lib/ directory
mkdir -p ${cfg.baseDir}/lib
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/lib
# Create a shared/lib directory
mkdir -p ${cfg.baseDir}/shared/lib
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/shared/lib
# Create a webapps/ directory
mkdir -p ${cfg.baseDir}/webapps
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/webapps
# Symlink all the given common libs files or paths into the lib/ directory
for i in ${tomcat} ${toString cfg.commonLibs}
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the common/lib/ directory
ln -sfn $i ${cfg.baseDir}/lib/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/lib/*
do
ln -sfn $j ${cfg.baseDir}/lib/`basename $j`
done
fi
done
# Symlink all the given shared libs files or paths into the shared/lib/ directory
for i in ${toString cfg.sharedLibs}
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the common/lib/ directory
ln -sfn $i ${cfg.baseDir}/shared/lib/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/shared/lib/*
do
ln -sfn $j ${cfg.baseDir}/shared/lib/`basename $j`
done
fi
done
# Symlink all the given web applications files or paths into the webapps/ directory
for i in ${toString cfg.webapps}
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the webapps/ directory
ln -sfn $i ${cfg.baseDir}/webapps/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/webapps/*
do
ln -sfn $j ${cfg.baseDir}/webapps/`basename $j`
done
# Also symlink the configuration files if they are included
if [ -d $i/conf/Catalina ]
then
for j in $i/conf/Catalina/*
do
mkdir -p ${cfg.baseDir}/conf/Catalina/localhost
ln -sfn $j ${cfg.baseDir}/conf/Catalina/localhost/`basename $j`
done
fi
fi
done
${toString (map (virtualHost: ''
# Create webapps directory for the virtual host
mkdir -p ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps
# Modify ownership
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps
# Symlink all the given web applications files or paths into the webapps/ directory
# of this virtual host
for i in "${if virtualHost ? webapps then toString virtualHost.webapps else ""}"
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the webapps/ directory
ln -sfn $i ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/webapps/*
do
ln -sfn $j ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps/`basename $j`
done
# Also symlink the configuration files if they are included
if [ -d $i/conf/Catalina ]
then
for j in $i/conf/Catalina/*
do
mkdir -p ${cfg.baseDir}/conf/Catalina/${virtualHost.name}
ln -sfn $j ${cfg.baseDir}/conf/Catalina/${virtualHost.name}/`basename $j`
done
fi
fi
done
preStart =
''
# Create the base directory
mkdir -p ${cfg.baseDir}
) cfg.virtualHosts) }
# Create a symlink to the bin directory of the tomcat component
ln -sfn ${tomcat}/bin ${cfg.baseDir}/bin
# Create a work/ directory
mkdir -p ${cfg.baseDir}/work
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/work
# Create a conf/ directory
mkdir -p ${cfg.baseDir}/conf
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/conf
${if cfg.axis2.enable then
''
# Copy the Axis2 web application
cp -av ${pkgs.axis2}/webapps/axis2 ${cfg.baseDir}/webapps
# Symlink the config files in the conf/ directory (except for catalina.properties and server.xml)
for i in $(ls ${tomcat}/conf | grep -v catalina.properties | grep -v server.xml)
do
ln -sfn ${tomcat}/conf/$i ${cfg.baseDir}/conf/`basename $i`
done
# Turn off addressing, which causes many errors
sed -i -e 's%<module ref="addressing"/>%<!-- <module ref="addressing"/> -->%' ${cfg.baseDir}/webapps/axis2/WEB-INF/conf/axis2.xml
# Create subdirectory for virtual hosts
mkdir -p ${cfg.baseDir}/virtualhosts
# Modify permissions on the Axis2 application
chown -R ${cfg.user}:${cfg.group} ${cfg.baseDir}/webapps/axis2
# Create a modified catalina.properties file
# Change all references from CATALINA_HOME to CATALINA_BASE and add support for shared libraries
sed -e 's|''${catalina.home}|''${catalina.base}|g' \
-e 's|shared.loader=|shared.loader=''${catalina.base}/shared/lib/*.jar|' \
${tomcat}/conf/catalina.properties > ${cfg.baseDir}/conf/catalina.properties
# Create a modified server.xml which also includes all virtual hosts
sed -e "/<Engine name=\"Catalina\" defaultHost=\"localhost\">/a\ ${
toString (map (virtualHost: ''<Host name=\"${virtualHost.name}\" appBase=\"virtualhosts/${virtualHost.name}/webapps\" unpackWARs=\"true\" autoDeploy=\"true\" xmlValidation=\"false\" xmlNamespaceAware=\"false\" >${if cfg.logPerVirtualHost then ''<Valve className=\"org.apache.catalina.valves.AccessLogValve\" directory=\"logs/${virtualHost.name}\" prefix=\"${virtualHost.name}_access_log.\" pattern=\"combined\" resolveHosts=\"false\"/>'' else ""}</Host>'') cfg.virtualHosts)}" \
${tomcat}/conf/server.xml > ${cfg.baseDir}/conf/server.xml
# Create a logs/ directory
mkdir -p ${cfg.baseDir}/logs
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/logs
${if cfg.logPerVirtualHost then
toString (map (h: ''
mkdir -p ${cfg.baseDir}/logs/${h.name}
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/logs/${h.name}
'') cfg.virtualHosts) else ''''}
# Create a temp/ directory
mkdir -p ${cfg.baseDir}/temp
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/temp
# Create a lib/ directory
mkdir -p ${cfg.baseDir}/lib
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/lib
# Create a shared/lib directory
mkdir -p ${cfg.baseDir}/shared/lib
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/shared/lib
# Create a webapps/ directory
mkdir -p ${cfg.baseDir}/webapps
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/webapps
# Symlink all the given common libs files or paths into the lib/ directory
for i in ${tomcat} ${toString cfg.commonLibs}
# Symlink all the given web service files or paths into the webapps/axis2/WEB-INF/services directory
for i in ${toString cfg.axis2.services}
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the common/lib/ directory
ln -sfn $i ${cfg.baseDir}/lib/`basename $i`
# If the given web service is a file, symlink it into the webapps/axis2/WEB-INF/services
ln -sfn $i ${cfg.baseDir}/webapps/axis2/WEB-INF/services/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/lib/*
for j in $i/webapps/axis2/WEB-INF/services/*
do
ln -sfn $j ${cfg.baseDir}/lib/`basename $j`
done
fi
done
# Symlink all the given shared libs files or paths into the shared/lib/ directory
for i in ${toString cfg.sharedLibs}
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the common/lib/ directory
ln -sfn $i ${cfg.baseDir}/shared/lib/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/shared/lib/*
do
ln -sfn $j ${cfg.baseDir}/shared/lib/`basename $j`
done
fi
done
# Symlink all the given web applications files or paths into the webapps/ directory
for i in ${toString cfg.webapps}
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the webapps/ directory
ln -sfn $i ${cfg.baseDir}/webapps/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/webapps/*
do
ln -sfn $j ${cfg.baseDir}/webapps/`basename $j`
ln -sfn $j ${cfg.baseDir}/webapps/axis2/WEB-INF/services/`basename $j`
done
# Also symlink the configuration files if they are included
@ -252,110 +334,25 @@ in
then
for j in $i/conf/Catalina/*
do
mkdir -p ${cfg.baseDir}/conf/Catalina/localhost
ln -sfn $j ${cfg.baseDir}/conf/Catalina/localhost/`basename $j`
done
fi
fi
done
''
else ""}
'';
${toString (map (virtualHost: ''
# Create webapps directory for the virtual host
mkdir -p ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps
script = ''
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
'';
# Modify ownership
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps
postStop = ''
echo "Stopping tomcat..."
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
'';
# Symlink all the given web applications files or paths into the webapps/ directory
# of this virtual host
for i in "${if virtualHost ? webapps then toString virtualHost.webapps else ""}"
do
if [ -f $i ]
then
# If the given web application is a file, symlink it into the webapps/ directory
ln -sfn $i ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/webapps/*
do
ln -sfn $j ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps/`basename $j`
done
# Also symlink the configuration files if they are included
if [ -d $i/conf/Catalina ]
then
for j in $i/conf/Catalina/*
do
mkdir -p ${cfg.baseDir}/conf/Catalina/${virtualHost.name}
ln -sfn $j ${cfg.baseDir}/conf/Catalina/${virtualHost.name}/`basename $j`
done
fi
fi
done
''
) cfg.virtualHosts) }
# Create a work/ directory
mkdir -p ${cfg.baseDir}/work
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/work
${if cfg.axis2.enable then
''
# Copy the Axis2 web application
cp -av ${pkgs.axis2}/webapps/axis2 ${cfg.baseDir}/webapps
# Turn off addressing, which causes many errors
sed -i -e 's%<module ref="addressing"/>%<!-- <module ref="addressing"/> -->%' ${cfg.baseDir}/webapps/axis2/WEB-INF/conf/axis2.xml
# Modify permissions on the Axis2 application
chown -R ${cfg.user}:${cfg.group} ${cfg.baseDir}/webapps/axis2
# Symlink all the given web service files or paths into the webapps/axis2/WEB-INF/services directory
for i in ${toString cfg.axis2.services}
do
if [ -f $i ]
then
# If the given web service is a file, symlink it into the webapps/axis2/WEB-INF/services
ln -sfn $i ${cfg.baseDir}/webapps/axis2/WEB-INF/services/`basename $i`
elif [ -d $i ]
then
# If the given web application is a directory, then iterate over the files
# in the special purpose directories and symlink them into the tomcat tree
for j in $i/webapps/axis2/WEB-INF/services/*
do
ln -sfn $j ${cfg.baseDir}/webapps/axis2/WEB-INF/services/`basename $j`
done
# Also symlink the configuration files if they are included
if [ -d $i/conf/Catalina ]
then
for j in $i/conf/Catalina/*
do
ln -sfn $j ${cfg.baseDir}/conf/Catalina/localhost/`basename $j`
done
fi
fi
done
''
else ""}
'';
script = ''
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
'';
postStop =
''
echo "Stopping tomcat..."
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
'';
};
};
};

2
nixos/modules/services/x11/desktop-managers/kde5.nix
View File

@ -102,6 +102,7 @@ in
kde5.gwenview
kde5.kate
kde5.kdegraphics-thumbnailers
kde5.kio-extras
kde5.konsole
kde5.okular
kde5.print-manager
@ -125,6 +126,7 @@ in
++ lib.optional config.networking.networkmanager.enable kde5.plasma-nm
++ lib.optional config.hardware.pulseaudio.enable kde5.plasma-pa
++ lib.optional config.powerManagement.enable kde5.powerdevil
++ lib.optionals config.services.samba.enable [ kde5.kdenetwork-filesharing pkgs.samba ]
++ lib.optionals cfg.phonon.gstreamer.enable
[

1
nixos/modules/services/x11/display-managers/kdm.nix
View File

@ -57,6 +57,7 @@ let
kdmrc = pkgs.stdenv.mkDerivation {
name = "kdmrc";
config = defaultConfig + cfg.extraConfig;
preferLocalBuild = true;
buildCommand =
''
echo "$config" > $out

17
nixos/modules/services/x11/xfs.nix
View File

@ -30,20 +30,17 @@ in
###### implementation
config = mkIf config.services.xfs.enable {
assertions = singleton
{ assertion = config.fonts.enableFontDir;
message = "Please enable fonts.enableFontDir to use the X Font Server.";
};
jobs.xfs =
{ description = "X Font Server";
startOn = "started networking";
exec = "${pkgs.xorg.xfs}/bin/xfs -config ${configFile}";
};
systemd.services.xfs = {
description = "X Font Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.xorg.xfs ];
script = "xfs -config ${configFile}";
};
};
}

3
nixos/modules/services/x11/xserver.nix
View File

@ -13,7 +13,6 @@ let
# Map video driver names to driver packages. FIXME: move into card-specific modules.
knownVideoDrivers = {
unichrome = { modules = [ pkgs.xorgVideoUnichrome ]; };
virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
ati = { modules = [ pkgs.xorg.xf86videoati pkgs.xorg.glamoregl ]; };
intel-testing = { modules = with pkgs.xorg; [ xf86videointel-testing glamoregl ]; driverName = "intel"; };
@ -503,7 +502,7 @@ in
systemd.services.display-manager =
{ description = "X11 Server";
after = [ "systemd-udev-settle.service" "local-fs.target" "acpid.service" ];
after = [ "systemd-udev-settle.service" "local-fs.target" "acpid.service" "systemd-logind.service" ];
restartIfChanged = false;

6
nixos/modules/system/activation/top-level.nix
View File

@ -67,7 +67,7 @@ let
echo -n "$configurationName" > $out/configuration-name
echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
echo -n "$nixosVersion" > $out/nixos-version
echo -n "$nixosLabel" > $out/nixos-version
echo -n "$system" > $out/system
mkdir $out/fine-tune
@ -101,7 +101,7 @@ let
if [] == failed then pkgs.stdenv.mkDerivation {
name = let hn = config.networking.hostName;
nn = if (hn != "") then hn else "unnamed";
in "nixos-system-${nn}-${config.system.nixosVersion}";
in "nixos-system-${nn}-${config.system.nixosLabel}";
preferLocalBuild = true;
allowSubstitutes = false;
buildCommand = systemBuilder;
@ -115,7 +115,7 @@ let
config.system.build.installBootLoader
or "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true";
activationScript = config.system.activationScripts.script;
nixosVersion = config.system.nixosVersion;
nixosLabel = config.system.nixosLabel;
configurationName = config.boot.loader.grub.configurationName;

3
nixos/modules/system/boot/kernel.nix
View File

@ -197,9 +197,6 @@ in
"hid_generic" "hid_lenovo"
"hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"
# Unix domain sockets (needed by udev).
"unix"
# Misc. stuff.
"pcips2" "atkbd"

4
nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh
View File

@ -83,7 +83,7 @@ addEntry() {
timestampEpoch=$(stat -L -c '%Z' $path)
timestamp=$(date "+%Y-%m-%d %H:%M" -d @$timestampEpoch)
nixosVersion="$(cat $path/nixos-version)"
nixosLabel="$(cat $path/nixos-version)"
extraParams="$(cat $path/kernel-params)"
echo
@ -91,7 +91,7 @@ addEntry() {
if [ "$tag" = "default" ]; then
echo " MENU LABEL NixOS - Default"
else
echo " MENU LABEL NixOS - Configuration $tag ($timestamp - $nixosVersion)"
echo " MENU LABEL NixOS - Configuration $tag ($timestamp - $nixosLabel)"
fi
echo " LINUX ../nixos/$(basename $kernel)"
echo " INITRD ../nixos/$(basename $initrd)"

5
nixos/modules/system/boot/systemd.nix
View File

@ -179,8 +179,9 @@ let
];
makeJobScript = name: text:
let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${shellEscape name}"; inherit text; };
in "${x}/bin/${shellEscape name}";
let mkScriptName = s: (replaceChars [ "\\" ] [ "-" ] (shellEscape s) );
x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${mkScriptName name}"; inherit text; };
in "${x}/bin/${mkScriptName name}";
unitConfig = { name, config, ... }: {
config = {

Some files were not shown because too many files have changed in this diff Show More