diff options
author | Reno Reckling <e-github@wthack.de> | 2024-01-19 01:31:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-19 01:31:50 +0100 |
commit | 9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb (patch) | |
tree | 29177b4967c1c6feef76d1ea30998871a2cfd3a5 /nixos/modules/services | |
parent | 1e4065d90a1594746c313965f77d2d464470e0c1 (diff) | |
parent | eb42a295eb59ed71727a4e144006d46628dc55b3 (diff) | |
download | nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.tar nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.tar.gz nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.tar.bz2 nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.tar.lz nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.tar.xz nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.tar.zst nixlib-9c5b8fe008290a3e1cd174b7d6e85cdaf590d0bb.zip |
Merge branch 'NixOS:master' into patch-1
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/hardware/acpid.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/hardware/pcscd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/snmp.nix | 47 | ||||
-rw-r--r-- | nixos/modules/services/networking/frp.nix | 22 | ||||
-rw-r--r-- | nixos/modules/services/networking/ntp/ntpd-rs.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/x11/xserver.nix | 4 |
7 files changed, 59 insertions, 27 deletions
diff --git a/nixos/modules/services/hardware/acpid.nix b/nixos/modules/services/hardware/acpid.nix index 821f4ef205fc..6021aad09f45 100644 --- a/nixos/modules/services/hardware/acpid.nix +++ b/nixos/modules/services/hardware/acpid.nix @@ -135,6 +135,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { + PrivateNetwork = true; ExecStart = escapeShellArgs ([ "${pkgs.acpid}/bin/acpid" "--foreground" diff --git a/nixos/modules/services/hardware/pcscd.nix b/nixos/modules/services/hardware/pcscd.nix index b0a493c23899..85accd8335f7 100644 --- a/nixos/modules/services/hardware/pcscd.nix +++ b/nixos/modules/services/hardware/pcscd.nix @@ -46,7 +46,7 @@ in config = mkIf config.services.pcscd.enable { environment.etc."reader.conf".source = cfgFile; - environment.systemPackages = [ package ]; + environment.systemPackages = [ package.out ]; systemd.packages = [ (getBin package) ]; services.pcscd.plugins = [ pkgs.ccid ]; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index edc6e4b5022a..840ce493ee81 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -4,6 +4,25 @@ with lib; let cfg = config.services.prometheus.exporters.snmp; + + # This ensures that we can deal with string paths, path types and + # store-path strings with context. + coerceConfigFile = file: + if (builtins.isPath file) || (lib.isStorePath file) then + file + else + (lib.warn '' + ${logPrefix}: configuration file "${file}" is being copied to the nix-store. + If you would like to avoid that, please set enableConfigCheck to false. + '' /. + file); + + checkConfig = file: + pkgs.runCommandLocal "checked-snmp-exporter-config.yml" { + nativeBuildInputs = [ pkgs.buildPackages.prometheus-snmp-exporter ]; + } '' + ln -s ${coerceConfigFile file} $out + snmp_exporter --dry-run --config.file $out + ''; in { port = 9116; @@ -24,15 +43,23 @@ in Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option. ''; example = { - "default" = { - "version" = 2; - "auth" = { - "community" = "public"; - }; + auths.public_v2 = { + community = "public"; + version = 2; }; }; }; + enableConfigCheck = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Whether to run a correctness check for the configuration file. This depends + on the configuration file residing in the nix-store. Paths passed as string will + be copied to the store. + ''; + }; + logFormat = mkOption { type = types.enum ["logfmt" "json"]; default = "logfmt"; @@ -50,9 +77,13 @@ in }; }; serviceOpts = let - configFile = if cfg.configurationPath != null - then cfg.configurationPath - else "${pkgs.writeText "snmp-exporter-conf.yml" (builtins.toJSON cfg.configuration)}"; + uncheckedConfigFile = if cfg.configurationPath != null + then cfg.configurationPath + else "${pkgs.writeText "snmp-exporter-conf.yml" (builtins.toJSON cfg.configuration)}"; + configFile = if cfg.enableConfigCheck then + checkConfig uncheckedConfigFile + else + uncheckedConfigFile; in { serviceConfig = { ExecStart = '' diff --git a/nixos/modules/services/networking/frp.nix b/nixos/modules/services/networking/frp.nix index 218d532c12da..eb022308bc29 100644 --- a/nixos/modules/services/networking/frp.nix +++ b/nixos/modules/services/networking/frp.nix @@ -4,8 +4,8 @@ with lib; let cfg = config.services.frp; - settingsFormat = pkgs.formats.ini { }; - configFile = settingsFormat.generate "frp.ini" cfg.settings; + settingsFormat = pkgs.formats.toml { }; + configFile = settingsFormat.generate "frp.toml" cfg.settings; isClient = (cfg.role == "client"); isServer = (cfg.role == "server"); in @@ -31,17 +31,13 @@ in default = { }; description = mdDoc '' Frp configuration, for configuration options - see the example of [client](https://github.com/fatedier/frp/blob/dev/conf/frpc_legacy_full.ini) - or [server](https://github.com/fatedier/frp/blob/dev/conf/frps_legacy_full.ini) on github. - ''; - example = literalExpression '' - { - common = { - server_addr = "x.x.x.x"; - server_port = 7000; - }; - } + see the example of [client](https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml) + or [server](https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml) on github. ''; + example = { + serverAddr = "x.x.x.x"; + serverPort = 7000; + }; }; }; }; @@ -62,7 +58,7 @@ in Type = "simple"; Restart = "on-failure"; RestartSec = 15; - ExecStart = "${cfg.package}/bin/${executableFile} -c ${configFile}"; + ExecStart = "${cfg.package}/bin/${executableFile} --strict_config -c ${configFile}"; StateDirectoryMode = optionalString isServer "0700"; DynamicUser = true; # Hardening diff --git a/nixos/modules/services/networking/ntp/ntpd-rs.nix b/nixos/modules/services/networking/ntp/ntpd-rs.nix index a10b570f30bc..4643ac146ddb 100644 --- a/nixos/modules/services/networking/ntp/ntpd-rs.nix +++ b/nixos/modules/services/networking/ntp/ntpd-rs.nix @@ -74,13 +74,13 @@ in }; }; - systemd.services.ntp-rs-metrics = lib.mkIf cfg.metrics.enable { + systemd.services.ntpd-rs-metrics = lib.mkIf cfg.metrics.enable { wantedBy = [ "multi-user.target" ]; serviceConfig = { User = ""; Group = ""; DynamicUser = true; - ExecStart = [ "" "${lib.makeBinPath [ cfg.package ]}/bin/ntp-metrics-exporter --config=${configFile}" ]; + ExecStart = [ "" "${lib.makeBinPath [ cfg.package ]}/ntp-metrics-exporter --config=${configFile}" ]; }; }; }; diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 39793922ab51..aca8343b7d59 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -600,7 +600,11 @@ in { description = "SSH Socket"; wantedBy = [ "sockets.target" ]; socketConfig.ListenStream = if cfg.listenAddresses != [] then - map (l: "${l.addr}:${toString (if l.port != null then l.port else 22)}") cfg.listenAddresses + concatMap + ({ addr, port }: + if port != null then [ "${addr}:${toString port}" ] + else map (p: "${addr}:${toString p}") cfg.ports) + cfg.listenAddresses else cfg.ports; socketConfig.Accept = true; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 4a8f2f61caaf..36f25d5547ca 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -804,14 +804,14 @@ in ]; system.checks = singleton (pkgs.runCommand "xkb-validated" { - inherit (cfg.xkb) model layout variant options; + inherit (cfg.xkb) dir model layout variant options; nativeBuildInputs = with pkgs.buildPackages; [ xkbvalidate ]; preferLocalBuild = true; } '' ${optionalString (config.environment.sessionVariables ? XKB_CONFIG_ROOT) "export XKB_CONFIG_ROOT=${config.environment.sessionVariables.XKB_CONFIG_ROOT}" } - xkbvalidate "$model" "$layout" "$variant" "$options" + XKB_CONFIG_ROOT="$dir" xkbvalidate "$model" "$layout" "$variant" "$options" touch "$out" ''); |