diff options
author | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2018-12-03 12:18:43 +0100 |
---|---|---|
committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2018-12-03 12:18:43 +0100 |
commit | a510aa2672dae525c1eb152f00fd0e6f8eb10f39 (patch) | |
tree | ee9b7efb3ca8049b84de1070e3cd2704c109f0f9 /nixos/modules | |
parent | 077b7e5880628c12fe6a9ae0b10db848deb85b50 (diff) | |
parent | e869896d00d9c7b1485b15e891d21213b4ff97f0 (diff) | |
download | nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.tar nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.tar.gz nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.tar.bz2 nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.tar.lz nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.tar.xz nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.tar.zst nixlib-a510aa2672dae525c1eb152f00fd0e6f8eb10f39.zip |
Merge master into staging-next
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/installer/cd-dvd/iso-image.nix | 4 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
-rw-r--r-- | nixos/modules/programs/nm-applet.nix | 14 | ||||
-rw-r--r-- | nixos/modules/programs/sway-beta.nix | 15 | ||||
-rw-r--r-- | nixos/modules/services/databases/cockroachdb.nix | 222 | ||||
-rw-r--r-- | nixos/modules/services/editors/emacs.xml | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/bees.nix | 123 | ||||
-rw-r--r-- | nixos/modules/services/networking/chrony.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/dhcpcd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/search/kibana.nix | 5 |
11 files changed, 389 insertions, 8 deletions
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index 96fdb997b2c0..aa8003fef2c9 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -339,7 +339,9 @@ let echo "Image size: $image_size" truncate --size=$image_size "$out" ${pkgs.libfaketime}/bin/faketime "2000-01-01 00:00:00" ${pkgs.dosfstools}/sbin/mkfs.vfat -i 12345678 -n EFIBOOT "$out" - mcopy -bpsvm -i "$out" ./* :: + mcopy -psvm -i "$out" ./* :: + # Verify the FAT partition. + ${pkgs.dosfstools}/sbin/fsck.vfat -vn "$out" ''; # */ targetArch = if pkgs.stdenv.isi686 then diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index c368cd911860..d9ba2efa0c8a 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -337,6 +337,7 @@ alerta = 310; minetest = 311; rss2email = 312; + cockroachdb = 313; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -634,6 +635,7 @@ alerta = 310; minetest = 311; rss2email = 312; + cockroachdb = 313; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e476efb79a3c..e3e097dca26f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -106,6 +106,7 @@ ./programs/mininet.nix ./programs/mtr.nix ./programs/nano.nix + ./programs/nm-applet.nix ./programs/npm.nix ./programs/oblogout.nix ./programs/plotinus.nix @@ -212,6 +213,7 @@ ./services/databases/aerospike.nix ./services/databases/cassandra.nix ./services/databases/clickhouse.nix + ./services/databases/cockroachdb.nix ./services/databases/couchdb.nix ./services/databases/firebird.nix ./services/databases/foundationdb.nix @@ -339,6 +341,7 @@ ./services/misc/apache-kafka.nix ./services/misc/autofs.nix ./services/misc/autorandr.nix + ./services/misc/bees.nix ./services/misc/bepasty.nix ./services/misc/canto-daemon.nix ./services/misc/calibre-server.nix diff --git a/nixos/modules/programs/nm-applet.nix b/nixos/modules/programs/nm-applet.nix new file mode 100644 index 000000000000..e42219e9638c --- /dev/null +++ b/nixos/modules/programs/nm-applet.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + options.programs.nm-applet.enable = lib.mkEnableOption "nm-applet"; + + config = lib.mkIf config.programs.nm-applet.enable { + systemd.user.services.nm-applet = { + description = "Network manager applet"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig.ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet"; + }; + }; +} diff --git a/nixos/modules/programs/sway-beta.nix b/nixos/modules/programs/sway-beta.nix index 8447f94ca254..7fc5979a38aa 100644 --- a/nixos/modules/programs/sway-beta.nix +++ b/nixos/modules/programs/sway-beta.nix @@ -7,8 +7,19 @@ let swayPackage = cfg.package; swayWrapped = pkgs.writeShellScriptBin "sway" '' - ${cfg.extraSessionCommands} - exec ${pkgs.dbus.dbus-launch} --exit-with-session ${swayPackage}/bin/sway "$@" + set -o errexit + + if [ ! "$_SWAY_WRAPPER_ALREADY_EXECUTED" ]; then + export _SWAY_WRAPPER_ALREADY_EXECUTED=1 + ${cfg.extraSessionCommands} + fi + + if [ "$DBUS_SESSION_BUS_ADDRESS" ]; then + export DBUS_SESSION_BUS_ADDRESS + exec ${swayPackage}/bin/sway "$@" + else + exec ${pkgs.dbus}/bin/dbus-run-session ${swayPackage}/bin/sway "$@" + fi ''; swayJoined = pkgs.symlinkJoin { name = "sway-joined"; diff --git a/nixos/modules/services/databases/cockroachdb.nix b/nixos/modules/services/databases/cockroachdb.nix new file mode 100644 index 000000000000..8de1e78633d5 --- /dev/null +++ b/nixos/modules/services/databases/cockroachdb.nix @@ -0,0 +1,222 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.cockroachdb; + crdb = cfg.package; + + escape = builtins.replaceStrings ["%"] ["%%"]; + ifNotNull = v: s: optionalString (!isNull v) s; + + startupCommand = lib.concatStringsSep " " + [ # Basic startup + "${crdb}/bin/cockroach start" + "--logtostderr" + "--store=${cfg.dataDir}" + (ifNotNull cfg.locality "--locality='${cfg.locality}'") + + # WebUI settings + "--http-addr='${cfg.http.address}:${toString cfg.http.port}'" + + # Cluster listen address + "--listen-addr='${cfg.listen.address}:${toString cfg.listen.port}'" + + # Cluster configuration + (ifNotNull cfg.join "--join=${cfg.join}") + + # Cache and memory settings. Must be escaped. + "--cache='${escape cfg.cache}'" + "--max-sql-memory='${escape cfg.maxSqlMemory}'" + + # Certificate/security settings. + (if cfg.insecure then "--insecure" else "--certs-dir=${cfg.certsDir}") + ]; + + addressOption = descr: defaultPort: { + address = mkOption { + type = types.str; + default = "localhost"; + description = "Address to bind to for ${descr}"; + }; + + port = mkOption { + type = types.int; + default = defaultPort; + description = "Port to bind to for ${descr}"; + }; + }; +in + +{ + options = { + services.cockroachdb = { + enable = mkEnableOption "CockroachDB Server"; + + listen = addressOption "intra-cluster communication" 26257; + + http = addressOption "http-based Admin UI" 8080; + + locality = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + An ordered, comma-separated list of key-value pairs that describe the + topography of the machine. Topography might include country, + datacenter or rack designations. Data is automatically replicated to + maximize diversities of each tier. The order of tiers is used to + determine the priority of the diversity, so the more inclusive + localities like country should come before less inclusive localities + like datacenter. The tiers and order must be the same on all nodes. + Including more tiers is better than including fewer. For example: + + country=us,region=us-west,datacenter=us-west-1b,rack=12 + country=ca,region=ca-east,datacenter=ca-east-2,rack=4 + + planet=earth,province=manitoba,colo=secondary,power=3 + ''; + }; + + join = mkOption { + type = types.nullOr types.str; + default = null; + description = "The addresses for connecting the node to a cluster."; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/cockroachdb"; + description = "Location where CockroachDB stores its table files"; + }; + + insecure = mkOption { + type = types.bool; + default = false; + description = "Run in insecure mode."; + }; + + certsDir = mkOption { + type = types.nullOr types.path; + default = null; + description = "The path to the certificate directory."; + }; + + user = mkOption { + type = types.str; + default = "cockroachdb"; + description = "User account under which CockroachDB runs"; + }; + + group = mkOption { + type = types.str; + default = "cockroachdb"; + description = "User account under which CockroachDB runs"; + }; + + openPorts = mkOption { + type = types.bool; + default = false; + description = "Open firewall ports for cluster communication by default"; + }; + + cache = mkOption { + type = types.str; + default = "25%"; + description = '' + The total size for caches. + + This can be a percentage, expressed with a fraction sign or as a + decimal-point number, or any bytes-based unit. For example, "25%", + "0.25" both represent 25% of the available system memory. The values + "1000000000" and "1GB" both represent 1 gigabyte of memory. + ''; + }; + + maxSqlMemory = mkOption { + type = types.str; + default = "25%"; + description = '' + The maximum in-memory storage capacity available to store temporary + data for SQL queries. + + This can be a percentage, expressed with a fraction sign or as a + decimal-point number, or any bytes-based unit. For example, "25%", + "0.25" both represent 25% of the available system memory. The values + "1000000000" and "1GB" both represent 1 gigabyte of memory. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.cockroachdb; + defaultText = "pkgs.cockroachdb"; + description = '' + The CockroachDB derivation to use for running the service. + + This would primarily be useful to enable Enterprise Edition features + in your own custom CockroachDB build (Nixpkgs CockroachDB binaries + only contain open source features and open source code). + ''; + }; + }; + }; + + config = mkIf config.services.cockroachdb.enable { + assertions = [ + { assertion = !cfg.insecure -> !(isNull cfg.certsDir); + message = "CockroachDB must have a set of SSL certificates (.certsDir), or run in Insecure Mode (.insecure = true)"; + } + ]; + + environment.systemPackages = [ crdb ]; + + users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton + { name = "cockroachdb"; + description = "CockroachDB Server User"; + uid = config.ids.uids.cockroachdb; + group = cfg.group; + }); + + users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton + { name = "cockroachdb"; + gid = config.ids.gids.cockroachdb; + }); + + networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts + [ cfg.http.port cfg.listen.port ]; + + systemd.services.cockroachdb = + { description = "CockroachDB Server"; + documentation = [ "man:cockroach(1)" "https://www.cockroachlabs.com" ]; + + after = [ "network.target" "time-sync.target" ]; + requires = [ "time-sync.target" ]; + wantedBy = [ "multi-user.target" ]; + + unitConfig.RequiresMountsFor = "${cfg.dataDir}"; + + preStart = '' + if ! test -e ${cfg.dataDir}; then + mkdir -m 0700 -p ${cfg.dataDir} + chown -R ${cfg.user} ${cfg.dataDir} + fi + ''; + + serviceConfig = + { ExecStart = startupCommand; + Type = "notify"; + User = cfg.user; + PermissionsStartOnly = true; + + Restart = "always"; + TimeoutStopSec="60"; + RestartSec="10"; + StandardOutput="syslog"; + StandardError="syslog"; + SyslogIdentifier="cockroach"; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ thoughtpolice ]; +} diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 6cf20cf4aa7e..1ac53c818a7f 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -11,7 +11,7 @@ Rodney Lorrimar @rvl --> <para> - <link xlink:href="http://www.gnu.org/software/emacs/">Emacs</link> is an + <link xlink:href="https://www.gnu.org/software/emacs/">Emacs</link> is an extensible, customizable, self-documenting real-time display editor — and more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. diff --git a/nixos/modules/services/misc/bees.nix b/nixos/modules/services/misc/bees.nix new file mode 100644 index 000000000000..b0ed2d5c2862 --- /dev/null +++ b/nixos/modules/services/misc/bees.nix @@ -0,0 +1,123 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.beesd; + + logLevels = { emerg = 0; alert = 1; crit = 2; err = 3; warning = 4; notice = 5; info = 6; debug = 7; }; + + fsOptions = with types; { + options.spec = mkOption { + type = str; + description = '' + Description of how to identify the filesystem to be duplicated by this + instance of bees. Note that deduplication crosses subvolumes; one must + not configure multiple instances for subvolumes of the same filesystem + (or block devices which are part of the same filesystem), but only for + completely independent btrfs filesystems. + </para> + <para> + This must be in a format usable by findmnt; that could be a key=value + pair, or a bare path to a mount point. + ''; + example = "LABEL=MyBulkDataDrive"; + }; + options.hashTableSizeMB = mkOption { + type = types.addCheck types.int (n: mod n 16 == 0); + default = 1024; # 1GB; default from upstream beesd script + description = '' + Hash table size in MB; must be a multiple of 16. + </para> + <para> + A larger ratio of index size to storage size means smaller blocks of + duplicate content are recognized. + </para> + <para> + If you have 1TB of data, a 4GB hash table (which is to say, a value of + 4096) will permit 4KB extents (the smallest possible size) to be + recognized, whereas a value of 1024 -- creating a 1GB hash table -- + will recognize only aligned duplicate blocks of 16KB. + ''; + }; + options.verbosity = mkOption { + type = types.enum (attrNames logLevels ++ attrValues logLevels); + apply = v: if isString v then logLevels.${v} else v; + default = "info"; + description = "Log verbosity (syslog keyword/level)."; + }; + options.workDir = mkOption { + type = str; + default = ".beeshome"; + description = '' + Name (relative to the root of the filesystem) of the subvolume where + the hash table will be stored. + ''; + }; + options.extraOptions = mkOption { + type = listOf str; + default = []; + description = '' + Extra command-line options passed to the daemon. See upstream bees documentation. + ''; + example = literalExample '' + [ "--thread-count" "4" ] + ''; + }; + }; + +in { + + options.services.beesd = { + filesystems = mkOption { + type = with types; attrsOf (submodule fsOptions); + description = "BTRFS filesystems to run block-level deduplication on."; + default = { }; + example = literalExample '' + { + root = { + spec = "LABEL=root"; + hashTableSizeMB = 2048; + verbosity = "crit"; + extraOptions = [ "--loadavg-target" "5.0" ]; + }; + } + ''; + }; + }; + config = { + systemd.services = mapAttrs' (name: fs: nameValuePair "beesd@${name}" { + description = "Block-level BTRFS deduplication for %i"; + after = [ "sysinit.target" ]; + + serviceConfig = let + configOpts = [ + fs.spec + "verbosity=${toString fs.verbosity}" + "idxSizeMB=${toString fs.hashTableSizeMB}" + "workDir=${fs.workDir}" + ]; + configOptsStr = escapeShellArgs configOpts; + in { + # Values from https://github.com/Zygo/bees/blob/v0.6.1/scripts/beesd%40.service.in + ExecStart = "${pkgs.bees}/bin/bees-service-wrapper run ${configOptsStr} -- --no-timestamps ${escapeShellArgs fs.extraOptions}"; + ExecStopPost = "${pkgs.bees}/bin/bees-service-wrapper cleanup ${configOptsStr}"; + CPUAccounting = true; + CPUWeight = 12; + IOSchedulingClass = "idle"; + IOSchedulingPriority = 7; + IOWeight = 10; + KillMode = "control-group"; + KillSignal = "SIGTERM"; + MemoryAccounting = true; + Nice = 19; + Restart = "on-abnormal"; + StartupCPUWeight = 25; + StartupIOWeight = 25; + SyslogIdentifier = "bees"; # would otherwise be "bees-service-wrapper" + }; + wantedBy = ["multi-user.target"]; + }) cfg.filesystems; + }; +} diff --git a/nixos/modules/services/networking/chrony.nix b/nixos/modules/services/networking/chrony.nix index 9b8005e706ae..77f702577000 100644 --- a/nixos/modules/services/networking/chrony.nix +++ b/nixos/modules/services/networking/chrony.nix @@ -12,7 +12,7 @@ let ${concatMapStringsSep "\n" (server: "server " + server) cfg.servers} ${optionalString - cfg.initstepslew.enabled + (cfg.initstepslew.enabled && (cfg.servers != [])) "initstepslew ${toString cfg.initstepslew.threshold} ${concatStringsSep " " cfg.initstepslew.servers}" } @@ -113,6 +113,7 @@ in chown chrony:chrony ${stateDir} ${keyFile} ''; + unitConfig.ConditionCapability = "CAP_SYS_TIME"; serviceConfig = { Type = "forking"; ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}"; @@ -121,8 +122,8 @@ in ProtectSystem = "full"; PrivateTmp = "yes"; - ConditionCapability = "CAP_SYS_TIME"; }; + }; }; } diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index efdbca5d52e8..c217ccaa405a 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -71,7 +71,7 @@ let # anything ever again ("couldn't resolve ..., giving up on # it"), so we silently lose time synchronisation. This also # applies to openntpd. - ${config.systemd.package}/bin/systemctl try-reload-or-restart ntpd.service openntpd.service || true + ${config.systemd.package}/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service || true fi ${cfg.runHook} diff --git a/nixos/modules/services/search/kibana.nix b/nixos/modules/services/search/kibana.nix index ca36bba58c02..3539b3ddb4f1 100644 --- a/nixos/modules/services/search/kibana.nix +++ b/nixos/modules/services/search/kibana.nix @@ -149,7 +149,10 @@ in { after = [ "network.target" "elasticsearch.service" ]; environment = { BABEL_CACHE_PATH = "${cfg.dataDir}/.babelcache.json"; }; serviceConfig = { - ExecStart = "${cfg.package}/bin/kibana --config ${cfgFile}"; + ExecStart = + "${cfg.package}/bin/kibana" + + " --config ${cfgFile}" + + " --path.data ${cfg.dataDir}"; User = "kibana"; WorkingDirectory = cfg.dataDir; }; |