diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-01-27 12:01:38 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-27 12:01:38 +0000 |
commit | 10d19dce50559f7c7a59764e415c2b09c05694c0 (patch) | |
tree | 1db59063755d245f333d65304b0ded974313f6bf /nixos | |
parent | d976132a1fda4f3d3c8a2375d8db51bb80f0d696 (diff) | |
parent | ef4dd61b7d53af44b060473308c50fa3b34d5681 (diff) | |
download | nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.tar nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.tar.gz nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.tar.bz2 nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.tar.lz nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.tar.xz nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.tar.zst nixlib-10d19dce50559f7c7a59764e415c2b09c05694c0.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 20 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/system/systemd-lock-handler.md | 47 | ||||
-rw-r--r-- | nixos/modules/services/system/systemd-lock-handler.nix | 27 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud-notify_push.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.md | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 29 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix | 2 | ||||
-rw-r--r-- | nixos/tests/nextcloud/with-postgresql-and-redis.nix | 2 | ||||
-rw-r--r-- | nixos/tests/systemd-lock-handler.nix | 56 |
11 files changed, 162 insertions, 27 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 01e44b71f1e8..9a6802a9a060 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -71,6 +71,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer. +- [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable). + ## Backward Incompatibilities {#sec-release-24.05-incompatibilities} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -246,15 +248,15 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0. -- The following options of the Nextcloud module were moved into [`services.nextcloud.extraOptions`](#opt-services.nextcloud.extraOptions) and renamed to match the name from Nextcloud's `config.php`: - - `logLevel` -> [`loglevel`](#opt-services.nextcloud.extraOptions.loglevel), - - `logType` -> [`log_type`](#opt-services.nextcloud.extraOptions.log_type), - - `defaultPhoneRegion` -> [`default_phone_region`](#opt-services.nextcloud.extraOptions.default_phone_region), - - `overwriteProtocol` -> [`overwriteprotocol`](#opt-services.nextcloud.extraOptions.overwriteprotocol), - - `skeletonDirectory` -> [`skeletondirectory`](#opt-services.nextcloud.extraOptions.skeletondirectory), - - `globalProfiles` -> [`profile.enabled`](#opt-services.nextcloud.extraOptions._profile.enabled_), - - `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains) and - - `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.extraOptions.trusted_proxies). +- The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`: + - `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel), + - `logType` -> [`log_type`](#opt-services.nextcloud.settings.log_type), + - `defaultPhoneRegion` -> [`default_phone_region`](#opt-services.nextcloud.settings.default_phone_region), + - `overwriteProtocol` -> [`overwriteprotocol`](#opt-services.nextcloud.settings.overwriteprotocol), + - `skeletonDirectory` -> [`skeletondirectory`](#opt-services.nextcloud.settings.skeletondirectory), + - `globalProfiles` -> [`profile.enabled`](#opt-services.nextcloud.settings._profile.enabled_), + - `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and + - `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies). - The option [`services.nextcloud.config.dbport`] of the Nextcloud module was removed to match upstream. The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 8d0233065560..71498e397cb6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1236,6 +1236,7 @@ ./services/system/saslauthd.nix ./services/system/self-deploy.nix ./services/system/systembus-notify.nix + ./services/system/systemd-lock-handler.nix ./services/system/uptimed.nix ./services/system/zram-generator.nix ./services/torrent/deluge.nix diff --git a/nixos/modules/services/system/systemd-lock-handler.md b/nixos/modules/services/system/systemd-lock-handler.md new file mode 100644 index 000000000000..ac9ee00ae4bc --- /dev/null +++ b/nixos/modules/services/system/systemd-lock-handler.md @@ -0,0 +1,47 @@ +# systemd-lock-handler {#module-services-systemd-lock-handler} + +The `systemd-lock-handler` module provides a service that bridges +D-Bus events from `logind` to user-level systemd targets: + + - `lock.target` started by `loginctl lock-session`, + - `unlock.target` started by `loginctl unlock-session` and + - `sleep.target` started by `systemctl suspend`. + +You can create a user service that starts with any of these targets. + +For example, to create a service for `swaylock`: + +```nix +{ + services.systemd-lock-handler.enable = true; + + systemd.user.services.swaylock = { + description = "Screen locker for Wayland"; + documentation = ["man:swaylock(1)"]; + + # If swaylock exits cleanly, unlock the session: + onSuccess = ["unlock.target"]; + + # When lock.target is stopped, stops this too: + partOf = ["lock.target"]; + + # Delay lock.target until this service is ready: + before = ["lock.target"]; + wantedBy = ["lock.target"]; + + serviceConfig = { + # systemd will consider this service started when swaylock forks... + Type = "forking"; + + # ... and swaylock will fork only after it has locked the screen. + ExecStart = "${lib.getExe pkgs.swaylock} -f"; + + # If swaylock crashes, always restart it immediately: + Restart = "on-failure"; + RestartSec = 0; + }; + }; +} +``` + +See [upstream documentation](https://sr.ht/~whynothugo/systemd-lock-handler) for more information. diff --git a/nixos/modules/services/system/systemd-lock-handler.nix b/nixos/modules/services/system/systemd-lock-handler.nix new file mode 100644 index 000000000000..1ecb13b75bb3 --- /dev/null +++ b/nixos/modules/services/system/systemd-lock-handler.nix @@ -0,0 +1,27 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.services.systemd-lock-handler; + inherit (lib) mkIf mkEnableOption mkPackageOption; +in +{ + options.services.systemd-lock-handler = { + enable = mkEnableOption (lib.mdDoc "systemd-lock-handler"); + package = mkPackageOption pkgs "systemd-lock-handler" { }; + }; + + config = mkIf cfg.enable { + systemd.packages = [ cfg.package ]; + + # https://github.com/NixOS/nixpkgs/issues/81138 + systemd.user.services.systemd-lock-handler.wantedBy = [ "default.target" ]; + }; + + meta = { + maintainers = with lib.maintainers; [ liff ]; + doc = ./systemd-lock-handler.md; + }; +} diff --git a/nixos/modules/services/web-apps/nextcloud-notify_push.nix b/nixos/modules/services/web-apps/nextcloud-notify_push.nix index 759daa0c50dc..7b90e0bbaa9b 100644 --- a/nixos/modules/services/web-apps/nextcloud-notify_push.nix +++ b/nixos/modules/services/web-apps/nextcloud-notify_push.nix @@ -116,7 +116,7 @@ in } (lib.mkIf cfg.bendDomainToLocalhost { - nextcloud.extraOptions.trusted_proxies = [ "127.0.0.1" "::1" ]; + nextcloud.settings.trusted_proxies = [ "127.0.0.1" "::1" ]; }) ]; }; diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md index ce8f96a6a389..5db83d7e4463 100644 --- a/nixos/modules/services/web-apps/nextcloud.md +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -51,7 +51,7 @@ to ensure that changes can be applied by changing the module's options. In case the application serves multiple domains (those are checked with [`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php)) it's needed to add them to -[`services.nextcloud.extraOptions.trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains). +[`services.nextcloud.settings.trusted_domains`](#opt-services.nextcloud.settings.trusted_domains). Auto updates for Nextcloud apps can be enabled using [`services.nextcloud.autoUpdateApps`](#opt-services.nextcloud.autoUpdateApps.enable). diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 0b19265942c0..8669f84b1cbb 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -183,8 +183,8 @@ let ]; $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( - "${jsonFormat.generate "nextcloud-extraOptions.json" cfg.extraOptions}", - "impossible: this should never happen (decoding generated extraOptions file %s failed)" + "${jsonFormat.generate "nextcloud-settings.json" cfg.settings}", + "impossible: this should never happen (decoding generated settings file %s failed)" )); ${optionalString (cfg.secretFile != null) '' @@ -205,21 +205,22 @@ in { Add port to services.nextcloud.config.dbhost instead. '') (mkRenamedOptionModule - [ "services" "nextcloud" "logLevel" ] [ "services" "nextcloud" "extraOptions" "loglevel" ]) + [ "services" "nextcloud" "logLevel" ] [ "services" "nextcloud" "settings" "loglevel" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "logType" ] [ "services" "nextcloud" "extraOptions" "log_type" ]) + [ "services" "nextcloud" "logType" ] [ "services" "nextcloud" "settings" "log_type" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "config" "defaultPhoneRegion" ] [ "services" "nextcloud" "extraOptions" "default_phone_region" ]) + [ "services" "nextcloud" "config" "defaultPhoneRegion" ] [ "services" "nextcloud" "settings" "default_phone_region" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "config" "overwriteProtocol" ] [ "services" "nextcloud" "extraOptions" "overwriteprotocol" ]) + [ "services" "nextcloud" "config" "overwriteProtocol" ] [ "services" "nextcloud" "settings" "overwriteprotocol" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "skeletonDirectory" ] [ "services" "nextcloud" "extraOptions" "skeletondirectory" ]) + [ "services" "nextcloud" "skeletonDirectory" ] [ "services" "nextcloud" "settings" "skeletondirectory" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "globalProfiles" ] [ "services" "nextcloud" "extraOptions" "profile.enabled" ]) + [ "services" "nextcloud" "globalProfiles" ] [ "services" "nextcloud" "settings" "profile.enabled" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "config" "extraTrustedDomains" ] [ "services" "nextcloud" "extraOptions" "trusted_domains" ]) + [ "services" "nextcloud" "config" "extraTrustedDomains" ] [ "services" "nextcloud" "settings" "trusted_domains" ]) (mkRenamedOptionModule - [ "services" "nextcloud" "config" "trustedProxies" ] [ "services" "nextcloud" "extraOptions" "trusted_proxies" ]) + [ "services" "nextcloud" "config" "trustedProxies" ] [ "services" "nextcloud" "settings" "trusted_proxies" ]) + (mkRenamedOptionModule ["services" "nextcloud" "extraOptions" ] [ "services" "nextcloud" "settings" ]) ]; options.services.nextcloud = { @@ -648,7 +649,7 @@ in { ''; }; - extraOptions = mkOption { + settings = mkOption { type = types.submodule { freeformType = jsonFormat.type; options = { @@ -770,7 +771,7 @@ in { default = null; description = lib.mdDoc '' Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same - form as the [](#opt-services.nextcloud.extraOptions) option), for example + form as the [](#opt-services.nextcloud.settings) option), for example `{"redis":{"password":"secret"}}`. ''; }; @@ -930,7 +931,7 @@ in { (i: v: '' ${occ}/bin/nextcloud-occ config:system:set trusted_domains \ ${toString i} --value="${toString v}" - '') ([ cfg.hostName ] ++ cfg.extraOptions.trusted_domains)); + '') ([ cfg.hostName ] ++ cfg.settings.trusted_domains)); in { wantedBy = [ "multi-user.target" ]; @@ -1056,7 +1057,7 @@ in { services.nextcloud = { caching.redis = lib.mkIf cfg.configureRedis true; - extraOptions = mkMerge [({ + settings = mkMerge [({ datadirectory = lib.mkDefault "${datadir}/data"; trusted_domains = [ cfg.hostName ]; }) (lib.mkIf cfg.configureRedis { diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3f9dd173d3bf..81bd36cf0e34 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -856,6 +856,7 @@ in { systemd-journal = handleTest ./systemd-journal.nix {}; systemd-journal-gateway = handleTest ./systemd-journal-gateway.nix {}; systemd-journal-upload = handleTest ./systemd-journal-upload.nix {}; + systemd-lock-handler = runTestOn ["aarch64-linux" "x86_64-linux"] ./systemd-lock-handler.nix; systemd-machinectl = handleTest ./systemd-machinectl.nix {}; systemd-networkd = handleTest ./systemd-networkd.nix {}; systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {}; diff --git a/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix b/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix index addc898bd760..b09ee1276a13 100644 --- a/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix +++ b/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix @@ -41,7 +41,7 @@ in { }; secretFile = "/etc/nextcloud-secrets.json"; - extraOptions = { + settings = { allow_local_remote_servers = true; redis = { dbindex = 0; diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index d95af8a89d07..3c090f0d3c3b 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -41,7 +41,7 @@ in { extraApps = { inherit (pkgs."nextcloud${lib.versions.major config.services.nextcloud.package.version}Packages".apps) notify_push; }; - extraOptions.trusted_proxies = [ "::1" ]; + settings.trusted_proxies = [ "::1" ]; }; services.redis.servers."nextcloud".enable = true; diff --git a/nixos/tests/systemd-lock-handler.nix b/nixos/tests/systemd-lock-handler.nix new file mode 100644 index 000000000000..d6fb8f545900 --- /dev/null +++ b/nixos/tests/systemd-lock-handler.nix @@ -0,0 +1,56 @@ +{ lib, ... }: { + name = "systemd-lock-handler"; + + meta.maintainers = with lib.maintainers; [ liff ]; + + enableOCR = true; + + nodes.machine = { config, pkgs, lib, ... }: + let + touch = "${lib.getBin pkgs.coreutils}/bin/touch"; + in + { + imports = [ common/wayland-cage.nix ]; + + services.systemd-lock-handler.enable = true; + + systemd.user.services = { + test-lock = { + partOf = [ "lock.target" ]; + onSuccess = [ "unlock.target" ]; + before = [ "lock.target" ]; + wantedBy = [ "lock.target" ]; + serviceConfig.ExecStart = "${touch} /tmp/lock.target.activated"; + }; + test-unlock = { + partOf = [ "unlock.target" ]; + after = [ "unlock.target" ]; + wantedBy = [ "unlock.target" ]; + serviceConfig.ExecStart = "${touch} /tmp/unlock.target.activated"; + }; + test-sleep = { + partOf = [ "sleep.target" ]; + before = [ "sleep.target" ]; + wantedBy = [ "sleep.target" ]; + serviceConfig.ExecStart = "${touch} /tmp/sleep.target.activated"; + }; + }; + }; + + testScript = '' + machine.wait_for_unit('graphical.target') + machine.wait_for_text('alice@machine') + + machine.send_chars('loginctl lock-session\n') + machine.wait_for_file('/tmp/lock.target.activated') + machine.wait_for_file('/tmp/unlock.target.activated') + + machine.send_chars('systemctl suspend\n') + # wait_for_file won’t complete before the machine is asleep, + # so we’ll watch the log instead. + machine.wait_for_console_text('Started test-sleep.service.') + + # The VM is asleep, regular shutdown won’t work. + machine.crash() + ''; +} |