diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-04-10 11:17:52 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-04-10 11:17:52 +0200 |
commit | 30f14243c33f1b386273d08a4776aa679c42143d (patch) | |
tree | bd123d5c2ab4fef012ae7de6a225c092f8d611b8 /nixos/modules/services/networking | |
parent | 50fccad5828fb459760fd7578951bb961a18c0fc (diff) | |
parent | 2463e0917318581da94e7ba92703b63128c40424 (diff) | |
download | nixlib-30f14243c33f1b386273d08a4776aa679c42143d.tar nixlib-30f14243c33f1b386273d08a4776aa679c42143d.tar.gz nixlib-30f14243c33f1b386273d08a4776aa679c42143d.tar.bz2 nixlib-30f14243c33f1b386273d08a4776aa679c42143d.tar.lz nixlib-30f14243c33f1b386273d08a4776aa679c42143d.tar.xz nixlib-30f14243c33f1b386273d08a4776aa679c42143d.tar.zst nixlib-30f14243c33f1b386273d08a4776aa679c42143d.zip |
Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra: - 1255515 for nixos - 1255502 for nixpkgs
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/iodine.nix | 136 | ||||
-rw-r--r-- | nixos/modules/services/networking/iodined.nix | 86 | ||||
-rw-r--r-- | nixos/modules/services/networking/mfi.nix | 90 | ||||
-rw-r--r-- | nixos/modules/services/networking/minidlna.nix | 17 | ||||
-rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 33 |
5 files changed, 258 insertions, 104 deletions
diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix new file mode 100644 index 000000000000..1b0d2d9a517c --- /dev/null +++ b/nixos/modules/services/networking/iodine.nix @@ -0,0 +1,136 @@ +# NixOS module for iodine, ip over dns daemon + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.iodine; + + iodinedUser = "iodined"; + +in +{ + + ### configuration + + options = { + + services.iodine = { + clients = mkOption { + default = {}; + description = '' + Each attribute of this option defines a systemd service that + runs iodine. Many or none may be defined. + The name of each service is + <literal>iodine-<replaceable>name</replaceable></literal> + where <replaceable>name</replaceable> is the name of the + corresponding attribute name. + ''; + example = literalExample '' + { + foo = { + server = "tunnel.mdomain.com"; + relay = "8.8.8.8"; + extraConfig = "-P mysecurepassword"; + } + } + ''; + type = types.attrsOf (types.submodule ( + { + options = { + server = mkOption { + type = types.str; + default = ""; + description = "Domain or Subdomain of server running iodined"; + example = "tunnel.mydomain.com"; + }; + + relay = mkOption { + type = types.str; + default = ""; + description = "DNS server to use as a intermediate relay to the iodined server"; + example = "8.8.8.8"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + }; + }; + })); + }; + + server = { + enable = mkOption { + type = types.bool; + default = false; + description = "enable iodined server"; + }; + + ip = mkOption { + type = types.str; + default = ""; + description = "The assigned ip address or ip range"; + example = "172.16.10.1/24"; + }; + + domain = mkOption { + type = types.str; + default = ""; + description = "Domain or subdomain of which nameservers point to us"; + example = "tunnel.mydomain.com"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + }; + }; + + }; + }; + + ### implementation + + config = mkIf (cfg.server.enable || cfg.clients != {}) { + environment.systemPackages = [ pkgs.iodine ]; + boot.kernelModules = [ "tun" ]; + + systemd.services = + let + createIodineClientService = name: cfg: + { + description = "iodine client - ${name}"; + wantedBy = [ "ip-up.target" ]; + serviceConfig = { + RestartSec = "30s"; + Restart = "always"; + ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}"; + }; + }; + in + listToAttrs ( + mapAttrsToList + (name: value: nameValuePair "iodine-${name}" (createIodineClientService name value)) + cfg.clients + ) // { + iodined = mkIf (cfg.server.enable) { + description = "iodine, ip over dns server daemon"; + wantedBy = [ "ip-up.target" ]; + serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}"; + }; + }; + + users.extraUsers = singleton { + name = iodinedUser; + uid = config.ids.uids.iodined; + description = "Iodine daemon user"; + }; + users.extraGroups.iodined.gid = config.ids.gids.iodined; + }; +} diff --git a/nixos/modules/services/networking/iodined.nix b/nixos/modules/services/networking/iodined.nix deleted file mode 100644 index 20d371c4e2d1..000000000000 --- a/nixos/modules/services/networking/iodined.nix +++ /dev/null @@ -1,86 +0,0 @@ -# NixOS module for iodine, ip over dns daemon - -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.iodined; - - iodinedUser = "iodined"; - -in - -{ - - ### configuration - - options = { - - services.iodined = { - - enable = mkOption { - type = types.bool; - default = false; - description = "Enable iodine, ip over dns daemon"; - }; - - client = mkOption { - type = types.bool; - default = false; - description = "Start iodine in client mode"; - }; - - ip = mkOption { - type = types.str; - default = ""; - description = "Assigned ip address or ip range"; - example = "172.16.10.1/24"; - }; - - domain = mkOption { - type = types.str; - default = ""; - description = "Domain or subdomain of which nameservers point to us"; - example = "tunnel.mydomain.com"; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - description = "Additional command line parameters"; - example = "-P mysecurepassword -l 192.168.1.10 -p 23"; - }; - - }; - - }; - - ### implementation - - config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.iodine ]; - boot.kernelModules = [ "tun" ]; - - systemd.services.iodined = { - description = "iodine, ip over dns daemon"; - wantedBy = [ "ip-up.target" ]; - serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}"; - }; - - - users.extraUsers = singleton { - name = iodinedUser; - uid = config.ids.uids.iodined; - description = "Iodine daemon user"; - }; - users.extraGroups.iodined.gid = config.ids.gids.iodined; - - assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true; - message = "cannot start iodined without ip set";} - { assertion = cfg.domain != ""; - message = "cannot start iodined without domain name set";}]; - - }; - -} diff --git a/nixos/modules/services/networking/mfi.nix b/nixos/modules/services/networking/mfi.nix new file mode 100644 index 000000000000..5afb83ed022f --- /dev/null +++ b/nixos/modules/services/networking/mfi.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, utils, ... }: +with lib; +let + name = "Ubiquiti mFi Controller"; + cfg = config.services.mfi; + stateDir = "/var/lib/mfi"; + # XXX 2 runtime exceptions using jre8: JSPException on GET / ; can't initialize ./data/keystore on first run. + cmd = "@${pkgs.jre7}/bin/java java -jar ${stateDir}/lib/ace.jar"; + mountPoints = [ + { what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; } + { what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; } + { what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; } + ]; + systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; + ports = [ 6080 6880 6443 6843 ]; +in +{ + options = { + services.mfi = { + enable = mkEnableOption name; + openPorts = mkOption { + type = types.bool; + default = true; + description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services."; + }; + }; + }; + + config = mkIf cfg.enable { + + networking.firewall.allowedTCPPorts = mkIf config.services.mfi.openPorts ports; + + users.users.mfi = { + uid = config.ids.uids.mfi; + description = "mFi controller daemon user"; + home = "${stateDir}"; + }; + + # We must create the binary directories as bind mounts instead of symlinks + # This is because the controller resolves all symlinks to absolute paths + # to be used as the working directory. + systemd.mounts = map ({ what, where }: { + bindsTo = [ "mfi.service" ]; + partOf = [ "mfi.service" ]; + unitConfig.RequiresMountsFor = stateDir; + options = "bind"; + what = what; + where = where; + }) mountPoints; + + systemd.services.mfi = { + description = "mFi controller daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ] ++ systemdMountPoints; + partOf = systemdMountPoints; + bindsTo = systemdMountPoints; + unitConfig.RequiresMountsFor = stateDir; + + preStart = '' + # Clear ./webapps each run. + rm -rf "${stateDir}/webapps" + mkdir -p "${stateDir}/webapps" + ln -s "${pkgs.mfi}/webapps/ROOT.war" "${stateDir}/webapps" + + # Copy initial config only once. + test -e "${stateDir}/conf" || cp -ar "${pkgs.mfi}/conf" "${stateDir}/conf" + test -e "${stateDir}/data" || cp -ar "${pkgs.mfi}/data" "${stateDir}/data" + + # Fix Permissions. + # (Bind-mounts cause errors; ignore exit codes) + chown -fR mfi: "${stateDir}" || true + chmod -fR u=rwX,go= "${stateDir}" || true + ''; + + postStop = '' + rm -rf "${stateDir}/webapps" + ''; + + serviceConfig = { + Type = "simple"; + ExecStart = "${cmd} start"; + ExecStop = "${cmd} stop"; + User = "mfi"; + PermissionsStartOnly = true; + UMask = "0077"; + WorkingDirectory = "${stateDir}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix index aa28502a12c4..61d063dbfe0e 100644 --- a/nixos/modules/services/networking/minidlna.nix +++ b/nixos/modules/services/networking/minidlna.nix @@ -58,9 +58,9 @@ in services.minidlna.config = '' port=${toString port} - friendly_name=NixOS Media Server + friendly_name=${config.networking.hostName} MiniDLNA db_dir=/var/cache/minidlna - log_dir=/var/log/minidlna + log_level=warn inotify=yes ${concatMapStrings (dir: '' media_dir=${dir} @@ -83,21 +83,18 @@ in preStart = '' - mkdir -p /var/cache/minidlna /var/log/minidlna /run/minidlna - chown minidlna /var/cache/minidlna /var/log/minidlna /run/minidlna + mkdir -p /var/cache/minidlna + chown -R minidlna:minidlna /var/cache/minidlna ''; - # FIXME: log through the journal rather than - # /var/log/minidlna. The -d flag does that, but also raises - # the log level to debug... serviceConfig = { User = "minidlna"; - Group = "nogroup"; + Group = "minidlna"; PermissionsStartOnly = true; - Type = "forking"; + RuntimeDirectory = "minidlna"; PIDFile = "/run/minidlna/pid"; ExecStart = - "@${pkgs.minidlna}/sbin/minidlnad minidlnad -P /run/minidlna/pid" + + "${pkgs.minidlna}/sbin/minidlnad -S -P /run/minidlna/pid" + " -f ${pkgs.writeText "minidlna.conf" cfg.config}"; }; }; diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 67b90516b996..da9a270f30b6 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.syncthing; + defaultUser = "syncthing"; in @@ -17,6 +18,7 @@ in services.syncthing = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the Syncthing, self-hosted open-source alternative @@ -26,7 +28,8 @@ in }; user = mkOption { - default = "syncthing"; + type = types.string; + default = defaultUser; description = '' Syncthing will be run under this user (user must exist, this can be your user name). @@ -34,8 +37,8 @@ in }; all_proxy = mkOption { - type = types.string; - default = ""; + type = types.nullOr types.string; + default = null; example = "socks5://address.com:1234"; description = '' Overwrites all_proxy environment variable for the syncthing process to @@ -45,6 +48,7 @@ in }; dataDir = mkOption { + type = types.path; default = "/var/lib/syncthing"; description = '' Path where the settings and keys will exist. @@ -71,20 +75,33 @@ in config = mkIf cfg.enable { + users = mkIf (cfg.user == defaultUser) { + extraUsers."${defaultUser}" = + { group = defaultUser; + home = cfg.dataDir; + createHome = true; + uid = config.ids.uids.syncthing; + description = "Syncthing daemon user"; + }; + + extraGroups."${defaultUser}".gid = + config.ids.gids.syncthing; + }; + systemd.services.syncthing = { description = "Syncthing service"; - after = [ "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { STNORESTART = "yes"; # do not self-restart STNOUPGRADE = "yes"; - } // - (config.networking.proxy.envVars) // - (if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {}); + inherit (cfg) all_proxy; + } // config.networking.proxy.envVars; serviceConfig = { - User = "${cfg.user}"; + User = cfg.user; + Group = optionalString (cfg.user == defaultUser) defaultUser; PermissionsStartOnly = true; Restart = "on-failure"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; |