diff options
author | William A. Kennington III <william@wkennington.com> | 2015-10-15 10:22:28 -0700 |
---|---|---|
committer | William A. Kennington III <william@wkennington.com> | 2015-10-15 10:22:28 -0700 |
commit | 8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36 (patch) | |
tree | 90013bf1e284372e7de0ad6b3715dc5a0ea926d1 /nixos/modules/services | |
parent | 1283e3da5d0bc4657677d40fa3cb117b66489ee5 (diff) | |
parent | 62e676b9598d2638e846761160082f6fec392ffe (diff) | |
download | nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.tar nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.tar.gz nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.tar.bz2 nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.tar.lz nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.tar.xz nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.tar.zst nixlib-8a44a36ca496d2c61904b22f8ba6a77ec5aa0b36.zip |
Merge branch 'master.upstream' into staging.upstream
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/continuous-integration/jenkins/default.nix | 26 | ||||
-rw-r--r-- | nixos/modules/services/misc/synergy.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/grafana.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/copy-com.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/networking/supplicant.nix | 249 | ||||
-rw-r--r-- | nixos/modules/services/scheduling/cron.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/gnome3.nix | 1 |
7 files changed, 277 insertions, 8 deletions
diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index 95d2aecfac7d..7a118ac72071 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -65,11 +65,15 @@ in { }; environment = mkOption { - default = { NIX_REMOTE = "daemon"; }; + default = { }; type = with types; attrsOf str; description = '' Additional environment variables to be passed to the jenkins process. - The environment will always include JENKINS_HOME. + As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and + GIT_SSL_CAINFO from <option>environment.sessionVariables</option>, + NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to + the value of <option>services.jenkins.home</option>. This option has + precedence and can be used to override those mentioned variables. ''; }; @@ -106,9 +110,21 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment = { - JENKINS_HOME = cfg.home; - } // cfg.environment; + environment = + let + selectedSessionVars = + lib.filterAttrs (n: v: builtins.elem n + [ "NIX_PATH" + "SSL_CERT_FILE" + "GIT_SSL_CAINFO" + ]) + config.environment.sessionVariables; + in + selectedSessionVars // + { JENKINS_HOME = cfg.home; + NIX_REMOTE = "daemon"; + } // + cfg.environment; path = cfg.packages; diff --git a/nixos/modules/services/misc/synergy.nix b/nixos/modules/services/misc/synergy.nix index 054df965347d..7e8eadbe5f37 100644 --- a/nixos/modules/services/misc/synergy.nix +++ b/nixos/modules/services/misc/synergy.nix @@ -89,6 +89,7 @@ in wantedBy = optional cfgC.autoStart "multi-user.target"; path = [ pkgs.synergy ]; serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}''; + serviceConfig.Restart = "on-failure"; }; }) (mkIf cfgS.enable { @@ -98,6 +99,7 @@ in wantedBy = optional cfgS.autoStart "multi-user.target"; path = [ pkgs.synergy ]; serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }''; + serviceConfig.Restart = "on-failure"; }; }) ]; diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index fa653565a67f..5302728eae91 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -318,7 +318,7 @@ in { wantedBy = ["multi-user.target"]; after = ["networking.target"]; serviceConfig = { - ExecStart = "${cfg.package-backend}/bin/grafana --config ${cfgFile} web"; + ExecStart = "${cfg.package}/bin/grafana --config ${cfgFile} web"; WorkingDirectory = cfg.dataDir; User = "grafana"; }; diff --git a/nixos/modules/services/networking/copy-com.nix b/nixos/modules/services/networking/copy-com.nix index 69a41ab97963..ee0d043d471b 100644 --- a/nixos/modules/services/networking/copy-com.nix +++ b/nixos/modules/services/networking/copy-com.nix @@ -39,7 +39,8 @@ in systemd.services."copy-com-${cfg.user}" = { description = "Copy.com client"; - after = [ "network.target" "local-fs.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}"; diff --git a/nixos/modules/services/networking/supplicant.nix b/nixos/modules/services/networking/supplicant.nix new file mode 100644 index 000000000000..502a0468787f --- /dev/null +++ b/nixos/modules/services/networking/supplicant.nix @@ -0,0 +1,249 @@ +{ config, lib, utils, pkgs, ... }: + +with lib; + +let + + cfg = config.networking.supplicant; + + # We must escape interfaces due to the systemd interpretation + subsystemDevice = interface: + "sys-subsystem-net-devices-${utils.escapeSystemdPath interface}.device"; + + serviceName = iface: "supplicant-${if (iface=="WLAN") then "wlan@" else ( + if (iface=="LAN") then "lan@" else ( + if (iface=="DBUS") then "dbus" + else (replaceChars [" "] ["-"] iface)))}"; + + # TODO: Use proper privilege separation for wpa_supplicant + supplicantService = iface: suppl: + let + deps = (if (iface=="WLAN"||iface=="LAN") then ["sys-subsystem-net-devices-%i.device"] else ( + if (iface=="DBUS") then ["dbus.service"] + else (map subsystemDevice (splitString " " iface)))) + ++ optional (suppl.bridge!="") (subsystemDevice suppl.bridge); + + ifaceArg = concatStringsSep " -N " (map (i: "-i${i}") (splitString " " iface)); + driverArg = optionalString (suppl.driver != null) "-D${suppl.driver}"; + bridgeArg = optionalString (suppl.bridge!="") "-b${suppl.bridge}"; + confFileArg = optionalString (suppl.configFile.path!=null) "-c${suppl.configFile.path}"; + extraConfFile = pkgs.writeText "supplicant-extra-conf-${replaceChars [" "] ["-"] iface}" '' + ${optionalString suppl.userControlled.enable "ctrl_interface=DIR=${suppl.userControlled.socketDir} GROUP=${suppl.userControlled.group}"} + ${optionalString suppl.configFile.writable "update_config=1"} + ${suppl.extraConf} + ''; + in + { description = "Supplicant ${iface}${optionalString (iface=="WLAN"||iface=="LAN") " %I"}"; + wantedBy = [ "network.target" ]; + bindsTo = deps; + after = deps; + before = [ "network.target" ]; + # Receive restart event after resume + partOf = [ "post-resume.target" ]; + + path = [ pkgs.coreutils ]; + + preStart = '' + ${optionalString (suppl.configFile.path!=null) '' + touch -a ${suppl.configFile.path} + chmod 600 ${suppl.configFile.path} + ''} + ${optionalString suppl.userControlled.enable '' + if ! test -e ${suppl.userControlled.socketDir}; then + mkdir -m 0770 -p ${suppl.userControlled.socketDir} + chgrp ${suppl.userControlled.group} ${suppl.userControlled.socketDir} + fi + + if test "$(stat --printf '%G' ${suppl.userControlled.socketDir})" != "${suppl.userControlled.group}"; then + echo "ERROR: bad ownership on ${suppl.userControlled.socketDir}" >&2 + exit 1 + fi + ''} + ''; + + serviceConfig.ExecStart = "${pkgs.wpa_supplicant}/bin/wpa_supplicant -s ${driverArg} ${confFileArg} -I${extraConfFile} ${bridgeArg} ${suppl.extraCmdArgs} ${if (iface=="WLAN"||iface=="LAN") then "-i%I" else (if (iface=="DBUS") then "-u" else ifaceArg)}"; + + }; + + +in + +{ + + ###### interface + + options = { + + networking.supplicant = mkOption { + type = types.attrsOf types.optionSet; + + default = { }; + + example = { + "wlan0 wlan1" = { + configFile = "/etc/wpa_supplicant"; + userControlled.group = "network"; + extraConf = '' + ap_scan=1 + p2p_disabled=1 + ''; + extraCmdArgs = "-u -W"; + bridge = "br0"; + }; + }; + + description = '' + Interfaces for which to start <command>wpa_supplicant</command>. + The supplicant is used to scan for and associate with wireless networks, + or to authenticate with 802.1x capable network switches. + + The value of this option is an attribute set. Each attribute configures a + <command>wpa_supplicant</command> service, where the attribute name specifies + the name of the interface that <command>wpa_supplicant</command> operates on. + The attribute name can be a space separated list of interfaces. + The attribute names <literal>WLAN</literal>, <literal>LAN</literal> and <literal>DBUS</literal> + have a special meaning. <literal>WLAN</literal> and <literal>LAN</literal> are + configurations for universal <command>wpa_supplicant</command> service that is + started for each WLAN interface or for each LAN interface, respectively. + <literal>DBUS</literal> defines a device-unrelated <command>wpa_supplicant</command> + service that can be accessed through <literal>D-Bus</literal>. + ''; + + options = { + + configFile = { + + path = mkOption { + type = types.path; + example = "/etc/wpa_supplicant.conf"; + description = '' + External <literal>wpa_supplicant.conf</literal> configuration file. + The configuration options defined declaratively within <literal>networking.supplicant</literal> have + precedence over options defined in <literal>configFile</literal>. + ''; + }; + + writable = mkOption { + type = types.bool; + default = false; + description = '' + Whether the configuration file at <literal>configFile.path</literal> should be written to by + <literal>wpa_supplicant</literal>. + ''; + }; + + }; + + extraConf = mkOption { + type = types.lines; + default = ""; + example = '' + ap_scan=1 + device_name=My-NixOS-Device + device_type=1-0050F204-1 + driver_param=use_p2p_group_interface=1 + disable_scan_offload=1 + p2p_listen_reg_class=81 + p2p_listen_channel=1 + p2p_oper_reg_class=81 + p2p_oper_channel=1 + manufacturer=NixOS + model_name=NixOS_Unstable + model_number=2015 + ''; + description = '' + Configuration options for <literal>wpa_supplicant.conf</literal>. + Options defined here have precedence over options in <literal>configFile</literal>. + NOTE: Do not write sensitive data into <literal>extraConf</literal> as it will + be world-readable in the <literal>nix-store</literal>. For sensitive information + use the <literal>configFile</literal> instead. + ''; + }; + + extraCmdArgs = mkOption { + type = types.str; + default = ""; + example = "-e/var/run/wpa_supplicant/entropy.bin"; + description = + "Command line arguments to add when executing <literal>wpa_supplicant</literal>."; + }; + + driver = mkOption { + type = types.nullOr types.str; + default = "nl80211,wext"; + description = "Force a specific wpa_supplicant driver."; + }; + + bridge = mkOption { + type = types.str; + default = ""; + description = "Name of the bridge interface that wpa_supplicant should listen at."; + }; + + userControlled = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. + This is useful for laptop users that switch networks a lot and don't want + to depend on a large package such as NetworkManager just to pick nearby + access points. + ''; + }; + + socketDir = mkOption { + type = types.str; + default = "/var/run/wpa_supplicant"; + description = "Directory of sockets for controlling wpa_supplicant."; + }; + + group = mkOption { + type = types.str; + default = "wheel"; + example = "network"; + description = "Members of this group can control wpa_supplicant."; + }; + + }; + + }; + + }; + + }; + + + ###### implementation + + config = mkIf (cfg != {}) { + + environment.systemPackages = [ pkgs.wpa_supplicant ]; + + services.dbus.packages = [ pkgs.wpa_supplicant ]; + + systemd.services = mapAttrs' (n: v: nameValuePair (serviceName n) (supplicantService n v)) cfg; + + services.udev.packages = [ + (pkgs.writeTextFile { + name = "99-zzz-60-supplicant.rules"; + destination = "/etc/udev/rules.d/99-zzz-60-supplicant.rules"; + text = '' + ${flip (concatMapStringsSep "\n") (filter (n: n!="WLAN" && n!="LAN" && n!="DBUS") (attrNames cfg)) (iface: + flip (concatMapStringsSep "\n") (splitString " " iface) (i: '' + ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="${i}", TAG+="systemd", ENV{SYSTEMD_WANTS}+="supplicant-${replaceChars [" "] ["-"] iface}.service", TAG+="SUPPLICANT_ASSIGNED"''))} + + ${optionalString (hasAttr "WLAN" cfg) '' + ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", TAG!="SUPPLICANT_ASSIGNED", TAG+="systemd", PROGRAM="${pkgs.systemd}/bin/systemd-escape -p %E{INTERFACE}", ENV{SYSTEMD_WANTS}+="supplicant-wlan@$result.service" + ''} + ${optionalString (hasAttr "LAN" cfg) '' + ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="lan", TAG!="SUPPLICANT_ASSIGNED", TAG+="systemd", PROGRAM="${pkgs.systemd}/bin/systemd-escape -p %E{INTERFACE}", ENV{SYSTEMD_WANTS}+="supplicant-lan@$result.service" + ''} + ''; + })]; + + }; + +} + diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix index 02d80a77da50..1b5e83173e8f 100644 --- a/nixos/modules/services/scheduling/cron.nix +++ b/nixos/modules/services/scheduling/cron.nix @@ -100,7 +100,7 @@ in environment.systemPackages = [ cronNixosPkg ]; environment.etc.crontab = - { source = pkgs.runCommand "crontabs" { inherit allFiles; } + { source = pkgs.runCommand "crontabs" { inherit allFiles; preferLocalBuild = true; } '' touch $out for i in $allFiles; do diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index fdee5fbc6c5b..886a6c884013 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -104,6 +104,7 @@ in { services.xserver.desktopManager.session = singleton { name = "gnome3"; + bgSupport = true; start = '' # Set GTK_DATA_PREFIX so that GTK+ can find the themes export GTK_DATA_PREFIX=${config.system.path} |