diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-05-22 15:57:36 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-05-22 15:57:36 +0200 |
commit | 09d06f5ffd867afc72d5ca6786f73aed2b80e207 (patch) | |
tree | 0b39699b6fae1ea7f5e6b40b2214c901eb9a578b /nixos/modules/services/networking | |
parent | f106125f77ba2b3588f95ef58667763042f808c9 (diff) | |
parent | a49afdf1743436ac07c9be9da1d27ea5461af571 (diff) | |
download | nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.gz nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.bz2 nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.lz nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.xz nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.zst nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.zip |
Merge remote-tracking branch 'origin/master' into systemd-219
Conflicts: pkgs/development/libraries/libseccomp/default.nix
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/bird.nix | 76 | ||||
-rw-r--r-- | nixos/modules/services/networking/consul.nix | 47 | ||||
-rw-r--r-- | nixos/modules/services/networking/nix-serve.nix | 56 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/tinc.nix | 1 |
5 files changed, 146 insertions, 38 deletions
diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix new file mode 100644 index 000000000000..e7e1db191529 --- /dev/null +++ b/nixos/modules/services/networking/bird.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) bird; + cfg = config.services.bird; + + configFile = pkgs.writeText "bird.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + services.bird = { + + enable = mkEnableOption "BIRD Internet Routing Daemon"; + + config = mkOption { + type = types.string; + description = '' + BIRD Internet Routing Daemon configuration file. + <link xlink:href='http://bird.network.cz/'/> + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + BIRD Internet Routing Daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + BIRD Internet Routing Daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.extraUsers = singleton { + name = cfg.user; + description = "BIRD Internet Routing Daemon user"; + uid = config.ids.uids.bird; + group = cfg.group; + }; + + users.extraGroups = singleton { + name = cfg.group; + gid = config.ids.gids.bird; + }; + + systemd.services.bird = { + description = "BIRD Internet Routing Daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${bird}/bin/bird -d -c ${configFile} -s /var/run/bird.ctl -u ${cfg.user} -g ${cfg.group}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index 5308fd995085..53a9f4626254 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -6,11 +6,9 @@ let dataDir = "/var/lib/consul"; cfg = config.services.consul; - configOptions = { - data_dir = dataDir; - } - // (if cfg.webUi then { ui_dir = "${pkgs.consul.ui}"; } else { }) - // cfg.extraConfig; + configOptions = { data_dir = dataDir; } // + (if cfg.webUi then { ui_dir = "${pkgs.consul.ui}"; } else { }) // + cfg.extraConfig; configFiles = [ "/etc/consul.json" "/etc/consul-addrs.json" ] ++ cfg.extraConfigFiles; @@ -52,23 +50,6 @@ in ''; }; - joinNodes = mkOption { - type = types.listOf types.str; - default = [ ]; - description = '' - A list of addresses of nodes which should be joined at startup if the - current node is in a left state. - ''; - }; - - joinRetries = mkOption { - type = types.int; - default = 10; - description = '' - The number of times to retry connecting to the join nodes. - ''; - }; - interface = { advertise = mkOption { @@ -159,10 +140,14 @@ in users.extraUsers."consul" = { description = "Consul agent daemon user"; uid = config.ids.uids.consul; + # The shell is needed for health checks + shell = "/run/current-system/sw/bin/bash"; }; environment = { etc."consul.json".text = builtins.toJSON configOptions; + # We need consul.d to exist for consul to start + etc."consul.d/dummy.json".text = "{ }"; systemPackages = with pkgs; [ consul ]; }; @@ -170,10 +155,12 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ] ++ systemdDevices; bindsTo = systemdDevices; - restartTriggers = [ config.environment.etc."consul.json".source ]; + restartTriggers = [ config.environment.etc."consul.json".source ] + ++ mapAttrsToList (_: d: d.source) + (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc); serviceConfig = { - ExecStart = "@${pkgs.consul}/bin/consul consul agent" + ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d" + concatMapStrings (n: " -config-file ${n}") configFiles; ExecReload = "${pkgs.consul}/bin/consul reload"; PermissionsStartOnly = true; @@ -219,18 +206,6 @@ in + '' echo "}" >> /etc/consul-addrs.json ''; - postStart = '' - # Issues joins to nodes which we statically connect to - ${flip concatMapStrings cfg.joinNodes (addr: '' - for i in {0..${toString cfg.joinRetries}}; do - # Try to join the other nodes ${toString cfg.joinRetries} times before failing - consul join "${addr}" && break - sleep 1 - done & - '')} - wait - exit 0 - ''; }; systemd.services.consul-alerts = mkIf (cfg.alerts.enable) { diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix new file mode 100644 index 000000000000..c2c579c3177e --- /dev/null +++ b/nixos/modules/services/networking/nix-serve.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.nix-serve; +in +{ + options = { + services.nix-serve = { + enable = mkEnableOption "nix-serve, the standalone Nix binary cache server"; + + port = mkOption { + type = types.int; + default = 5000; + description = '' + Port number where nix-serve will listen on. + ''; + }; + + bindAddress = mkOption { + type = types.string; + default = "0.0.0.0"; + description = '' + IP address where nix-serve will bind its listening socket. + ''; + }; + + extraParams = mkOption { + type = types.string; + default = ""; + description = '' + Extra command line parameters for nix-serve. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.nix-serve = { + description = "nix-serve binary cache server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ config.nix.package pkgs.bzip2 ]; + environment.NIX_REMOTE = "daemon"; + + serviceConfig = { + ExecStart = "${pkgs.nix-serve}/bin/nix-serve " + + "--port ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}"; + User = "nobody"; + Group = "nogroup"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index c25532511a07..6cc86b4e4b5a 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -282,8 +282,8 @@ in config = mkIf cfg.enable { users.extraUsers.sshd = - { description = "SSH privilege separation user"; - home = "/var/empty"; + { isSystemUser = true; + description = "SSH privilege separation user"; }; environment.etc = authKeysFiles ++ [ diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index f9ca796ea652..2d43c3d962dd 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -154,6 +154,7 @@ in users.extraUsers = flip mapAttrs' cfg.networks (network: _: nameValuePair ("tinc.${network}") ({ description = "Tinc daemon user for ${network}"; + isSystemUser = true; }) ); |