diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-28 11:30:31 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-28 11:30:49 +0200 |
commit | f64d84698eb3f4d833e846336ff99a73331c31f7 (patch) | |
tree | 1120886b680851bc8b8f8d337af3503ecd4a3d71 /nixos/modules/services | |
parent | 3e4a382d6753a057256c7ef1e9f52ae9e07bd677 (diff) | |
parent | 30431e71608576baf880567b2894ad2a542f8d5e (diff) | |
download | nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.tar nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.tar.gz nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.tar.bz2 nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.tar.lz nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.tar.xz nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.tar.zst nixlib-f64d84698eb3f4d833e846336ff99a73331c31f7.zip |
Merge remote-tracking branch 'origin/master' into staging
Conflicts: pkgs/applications/audio/espeak/edit.nix pkgs/applications/audio/lmms/default.nix pkgs/desktops/e18/enlightenment.nix pkgs/games/exult/default.nix pkgs/os-specific/linux/alsa-plugins/default.nix
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/amqp/rabbitmq.nix | 41 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-ssh-serve.nix | 40 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/munin.nix | 15 | ||||
-rw-r--r-- | nixos/modules/services/networking/znc.nix | 30 | ||||
-rw-r--r-- | nixos/modules/services/search/elasticsearch.nix | 18 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/lighttpd/cgit.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/lighttpd/default.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/lighttpd/gitweb.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/e18.nix | 7 |
9 files changed, 112 insertions, 51 deletions
diff --git a/nixos/modules/services/amqp/rabbitmq.nix b/nixos/modules/services/amqp/rabbitmq.nix index bef15fb64b7f..a930098bfeec 100644 --- a/nixos/modules/services/amqp/rabbitmq.nix +++ b/nixos/modules/services/amqp/rabbitmq.nix @@ -4,6 +4,8 @@ with lib; let cfg = config.services.rabbitmq; + config_file = pkgs.writeText "rabbitmq.config" cfg.config; + config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file; in { ###### interface @@ -31,7 +33,6 @@ in { ''; }; - dataDir = mkOption { type = types.path; default = "/var/lib/rabbitmq"; @@ -40,6 +41,30 @@ in { ''; }; + cookie = mkOption { + default = ""; + type = types.str; + description = '' + Erlang cookie is a string of arbitrary length which must + be the same for several nodes to be allowed to communicate. + Leave empty to generate automatically. + ''; + }; + + config = mkOption { + default = ""; + type = types.str; + description = '' + Verbatim configuration file contents. + See http://www.rabbitmq.com/configure.htm + ''; + }; + + plugins = mkOption { + default = []; + type = types.listOf types.str; + description = "The names of plugins to enable"; + }; }; }; @@ -69,7 +94,10 @@ in { RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress; RABBITMQ_SERVER_START_ARGS = "-rabbit error_logger tty -rabbit sasl_error_logger false"; SYS_PREFIX = ""; - }; + RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" '' + [ ${concatStringsSep "," cfg.plugins} ]. + ''; + } // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; }; serviceConfig = { ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server"; @@ -81,6 +109,15 @@ in { preStart = '' mkdir -p ${cfg.dataDir} && chmod 0700 ${cfg.dataDir} if [ "$(id -u)" = 0 ]; then chown rabbitmq:rabbitmq ${cfg.dataDir}; fi + + ${optionalString (cfg.cookie != "") '' + echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie + chmod 400 ${cfg.dataDir}/.erlang.cookie + chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie + ''} + + mkdir -p /var/log/rabbitmq && chmod 0700 /var/log/rabbitmq + chown rabbitmq:rabbitmq /var/log/rabbitmq ''; }; diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 80e7961b1f82..d70bd855c7ff 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -1,32 +1,35 @@ { config, lib, pkgs, ... }: -let - serveOnly = pkgs.writeScript "nix-store-serve" '' - #!${pkgs.stdenv.shell} - if [ "$SSH_ORIGINAL_COMMAND" != "nix-store --serve" ]; then - echo 'Error: You are only allowed to run `nix-store --serve'\'''!' >&2 - exit 1 - fi - exec /run/current-system/sw/bin/nix-store --serve - ''; - - inherit (lib) mkIf mkOption types; -in { +with lib; + +{ options = { + nix.sshServe = { + enable = mkOption { - description = "Whether to enable serving the nix store over ssh."; - default = false; type = types.bool; + default = false; + description = "Whether to enable serving the Nix store as a binary cache via SSH."; + }; + + keys = mkOption { + type = types.listOf types.str; + default = []; + example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]; + description = "A list of SSH public keys allowed to access the binary cache via SSH."; }; + }; + }; config = mkIf config.nix.sshServe.enable { + users.extraUsers.nix-ssh = { - description = "User for running nix-store --serve."; + description = "Nix SSH substituter user"; uid = config.ids.uids.nix-ssh; - shell = pkgs.stdenv.shell; + useDefaultShell = true; }; services.openssh.enable = true; @@ -38,8 +41,11 @@ in { PermitTTY no PermitTunnel no X11Forwarding no - ForceCommand ${serveOnly} + ForceCommand ${config.nix.package}/bin/nix-store --serve Match All ''; + + users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys; + }; } diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index 966c2eca282a..21840bc67e8f 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -189,19 +189,18 @@ in wantedBy = [ "multi-user.target" ]; path = [ pkgs.munin ]; environment.MUNIN_PLUGSTATE = "/var/run/munin"; + preStart = '' + echo "updating munin plugins..." + + mkdir -p /etc/munin/plugins + rm -rf /etc/munin/plugins/* + PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash + ''; serviceConfig = { ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/"; }; }; - system.activationScripts.munin-node = '' - echo "updating munin plugins..." - - mkdir -p /etc/munin/plugins - rm -rf /etc/munin/plugins/* - PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash - ''; - }) (mkIf cronCfg.enable { services.cron.systemCronJobs = [ diff --git a/nixos/modules/services/networking/znc.nix b/nixos/modules/services/networking/znc.nix index a40fd924741b..56946f37aaf9 100644 --- a/nixos/modules/services/networking/znc.nix +++ b/nixos/modules/services/networking/znc.nix @@ -23,7 +23,7 @@ let confOptions = { ... }: { options = { modules = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "partyline" "webadmin" "adminlog" "log" ]; example = [ "partyline" "webadmin" "adminlog" "log" ]; description = '' @@ -34,7 +34,7 @@ let userName = mkOption { default = defaultUserName; example = "johntron"; - type = types.string; + type = types.str; description = '' The user name to use when generating the `znc.conf` file. This is the user name used by the user logging into the ZNC web admin. @@ -44,7 +44,7 @@ let nick = mkOption { default = "znc-user"; example = "john"; - type = types.string; + type = types.str; description = '' The IRC nick to use when generating the `znc.conf` file. ''; @@ -53,7 +53,7 @@ let passBlock = mkOption { default = defaultPassBlock; example = "Must be the block generated by the `znc --makepass` command."; - type = types.string; + type = types.str; description = '' The pass block to use when generating the `znc.conf` file. This is the password used by the user logging into the ZNC web admin. @@ -63,9 +63,9 @@ let }; port = mkOption { - default = "5000"; - example = "5000"; - type = types.string; + default = 5000; + example = 5000; + type = types.int; description = '' Specifies the port on which to listen. ''; @@ -104,7 +104,7 @@ let AllowWeb = true IPv4 = true IPv6 = false - Port = ${if confOpts.useSSL then "+" else ""}${confOpts.port} + Port = ${if confOpts.useSSL then "+" else ""}${toString confOpts.port} SSL = ${if confOpts.useSSL then "true" else "false"} </Listener> @@ -160,7 +160,7 @@ in user = mkOption { default = "znc"; example = "john"; - type = types.string; + type = types.str; description = '' The name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created to own the process. @@ -170,7 +170,7 @@ in dataDir = mkOption { default = "/home/${cfg.user}/.znc"; example = "/home/john/.znc"; - type = types.string; + type = types.path; description = '' The data directory. Used for configuration files and modules. ''; @@ -179,7 +179,7 @@ in zncConf = mkOption { default = ""; example = "See: http://wiki.znc.in/Configuration"; - type = types.string; + type = types.lines; description = '' The contents of the `znc.conf` file to use when creating it. If specified, `confOptions` will be ignored, and this value, as-is, will be used. @@ -218,9 +218,9 @@ in }; extraFlags = mkOption { - default = ""; - example = "--debug"; - type = types.string; + default = [ ]; + example = [ "--debug" ]; + type = types.listOf types.str; description = '' Extra flags to use when executing znc command. ''; @@ -272,7 +272,7 @@ in ${pkgs.znc}/bin/znc --makepem fi ''; - script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${cfg.extraFlags}"; + script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${toString cfg.extraFlags}"; }; users.extraUsers = optional (cfg.user == defaultUser) diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index eeae11dc4ff3..c99d1e229677 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -21,6 +21,11 @@ let ]; }; + esPlugins = pkgs.buildEnv { + name = "elasticsearch-plugins"; + paths = cfg.plugins; + }; + in { ###### interface @@ -101,6 +106,12 @@ in { example = [ "-Djava.net.preferIPv4Stack=true" ]; }; + plugins = mkOption { + description = "Extra elasticsearch plugins"; + default = []; + type = types.listOf types.package; + }; + }; ###### implementation @@ -111,14 +122,19 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" ]; environment = { ES_HOME = cfg.dataDir; }; + path = [ pkgs.elasticsearch ]; serviceConfig = { - ExecStart = "${pkgs.elasticsearch}/bin/elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}"; + ExecStart = "elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}"; User = "elasticsearch"; PermissionsStartOnly = true; }; preStart = '' mkdir -m 0700 -p ${cfg.dataDir} if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi + + # Install plugins + rm ${cfg.dataDir}/plugins || true + ln -s ${esPlugins}/plugins ${cfg.dataDir}/plugins ''; }; diff --git a/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixos/modules/services/web-servers/lighttpd/cgit.nix index dbff565bd8a3..d4663781fd84 100644 --- a/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -29,7 +29,7 @@ in cache-size=1000 scan-path=/srv/git ''; - type = types.string; + type = types.lines; description = '' Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index 3ba934c72bf8..f0f59a664026 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -102,7 +102,7 @@ in document-root = mkOption { default = "/srv/www"; - type = types.str; + type = types.path; description = '' Document-root of the web server. Must be readable by the "lighttpd" user. ''; @@ -128,7 +128,7 @@ in configText = mkOption { default = ""; - type = types.string; + type = types.lines; example = ''...verbatim config file contents...''; description = '' Overridable config file contents to use for lighttpd. By default, use @@ -138,7 +138,7 @@ in extraConfig = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual diff --git a/nixos/modules/services/web-servers/lighttpd/gitweb.nix b/nixos/modules/services/web-servers/lighttpd/gitweb.nix index d49278be09a8..c407a1d89778 100644 --- a/nixos/modules/services/web-servers/lighttpd/gitweb.nix +++ b/nixos/modules/services/web-servers/lighttpd/gitweb.nix @@ -25,7 +25,7 @@ in projectroot = mkOption { default = "/srv/git"; - type = types.str; + type = types.path; description = '' Path to git projects (bare repositories) that should be served by gitweb. Must not end with a slash. @@ -34,7 +34,7 @@ in extraConfig = mkOption { default = ""; - type = types.str; + type = types.lines; description = '' Verbatim configuration text appended to the generated gitweb.conf file. ''; diff --git a/nixos/modules/services/x11/desktop-managers/e18.nix b/nixos/modules/services/x11/desktop-managers/e18.nix index e59b7f426837..cb717eea909c 100644 --- a/nixos/modules/services/x11/desktop-managers/e18.nix +++ b/nixos/modules/services/x11/desktop-managers/e18.nix @@ -6,6 +6,7 @@ let xcfg = config.services.xserver; cfg = xcfg.desktopManager.e18; + e18_enlightenment = pkgs.e18.enlightenment.override { set_freqset_setuid = true; }; in @@ -23,18 +24,20 @@ in config = mkIf (xcfg.enable && cfg.enable) { environment.systemPackages = [ - pkgs.e18.efl pkgs.e18.evas pkgs.e18.emotion pkgs.e18.elementary pkgs.e18.enlightenment + pkgs.e18.efl pkgs.e18.evas pkgs.e18.emotion pkgs.e18.elementary e18_enlightenment pkgs.e18.terminology pkgs.e18.econnman ]; services.xserver.desktopManager.session = [ { name = "E18"; start = '' - ${pkgs.e18.enlightenment}/bin/enlightenment_start + ${e18_enlightenment}/bin/enlightenment_start waitPID=$! ''; }]; + security.setuidPrograms = [ "e18_freqset" ]; + }; } |