diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-12-09 21:00:07 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-12-09 21:00:07 +0100 |
| commit | 2309acf72337b49eef43d1dfc90d850d2682a4a5 (patch) | |
| tree | 645c03e7f03476375245bc064421b41329f21fb0 /nixos | |
| parent | 87317bab0a796b3c8301f27acfbf48a782d5dde0 (diff) | |
| parent | 8f4f9b62238da74bd3c78fe5708369d543c3e690 (diff) | |
| download | nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.tar nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.tar.gz nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.tar.bz2 nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.tar.lz nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.tar.xz nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.tar.zst nixlib-2309acf72337b49eef43d1dfc90d850d2682a4a5.zip | |
Merge branch 'master' into staging
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/hardware/u2f.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gollum.nix | 14 | ||||
| -rw-r--r-- | nixos/modules/services/misc/osrm.nix | 85 | ||||
| -rw-r--r-- | nixos/modules/services/networking/prosody.nix | 76 | ||||
| -rw-r--r-- | nixos/modules/testing/test-instrumentation.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 2 |
7 files changed, 181 insertions, 23 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1cb51f2c82fa..5f5ebae891f2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -239,6 +239,7 @@ ./services/hardware/tlp.nix ./services/hardware/thinkfan.nix ./services/hardware/trezord.nix + ./services/hardware/u2f.nix ./services/hardware/udev.nix ./services/hardware/udisks2.nix ./services/hardware/upower.nix @@ -328,6 +329,7 @@ ./services/misc/nix-ssh-serve.nix ./services/misc/nzbget.nix ./services/misc/octoprint.nix + ./services/misc/osrm.nix ./services/misc/packagekit.nix ./services/misc/parsoid.nix ./services/misc/phd.nix diff --git a/nixos/modules/services/hardware/u2f.nix b/nixos/modules/services/hardware/u2f.nix new file mode 100644 index 000000000000..bb4b2f05f890 --- /dev/null +++ b/nixos/modules/services/hardware/u2f.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.hardware.u2f; +in { + options = { + hardware.u2f = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable U2F hardware support. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + services.udev.packages = [ pkgs.libu2f-host ]; + }; +} + diff --git a/nixos/modules/services/misc/gollum.nix b/nixos/modules/services/misc/gollum.nix index a6ed0be2f364..0888221ab62f 100644 --- a/nixos/modules/services/misc/gollum.nix +++ b/nixos/modules/services/misc/gollum.nix @@ -38,6 +38,18 @@ in description = "Enable support for math rendering using MathJax"; }; + allowUploads = mkOption { + type = types.nullOr (types.enum [ "dir" "page" ]); + default = null; + description = "Enable uploads of external files"; + }; + + emoji = mkOption { + type = types.bool; + default = false; + description = "Parse and interpret emoji tags"; + }; + branch = mkOption { type = types.str; default = "master"; @@ -91,6 +103,8 @@ in --config ${builtins.toFile "gollum-config.rb" cfg.extraConfig} \ --ref ${cfg.branch} \ ${optionalString cfg.mathjax "--mathjax"} \ + ${optionalString cfg.emoji "--emoji"} \ + ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ ${cfg.stateDir} ''; }; diff --git a/nixos/modules/services/misc/osrm.nix b/nixos/modules/services/misc/osrm.nix new file mode 100644 index 000000000000..7ec8b15906fc --- /dev/null +++ b/nixos/modules/services/misc/osrm.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.osrm; +in + +{ + options.services.osrm = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable the OSRM service."; + }; + + address = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "IP address on which the web server will listen."; + }; + + port = mkOption { + type = types.int; + default = 5000; + description = "Port on which the web server will run."; + }; + + threads = mkOption { + type = types.int; + default = 4; + description = "Number of threads to use."; + }; + + algorithm = mkOption { + type = types.enum [ "CH" "CoreCH" "MLD" ]; + default = "MLD"; + description = "Algorithm to use for the data. Must be one of CH, CoreCH, MLD"; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + example = [ "--max-table-size 1000" "--max-matching-size 1000" ]; + description = "Extra command line arguments passed to osrm-routed"; + }; + + dataFile = mkOption { + type = types.path; + example = "/var/lib/osrm/berlin-latest.osrm"; + description = "Data file location"; + }; + + }; + + config = mkIf cfg.enable { + + users.users.osrm = { + group = config.users.users.osrm.name; + description = "OSRM user"; + createHome = false; + }; + + users.groups.osrm = { }; + + systemd.services.osrm = { + description = "OSRM service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = config.users.extraUsers.osrm.name; + ExecStart = '' + ${pkgs.osrm-backend}/bin/osrm-routed \ + --ip ${cfg.address} \ + --port ${toString cfg.port} \ + --threads ${toString cfg.threads} \ + --algorithm ${cfg.algorithm} \ + ${toString cfg.extraFlags} \ + ${cfg.dataFile} + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index fb9c9dc67f24..f34d8e172b46 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -10,98 +10,126 @@ let options = { - # TODO: require attribute key = mkOption { - type = types.str; - description = "Path to the key file"; + type = types.path; + description = "Path to the key file."; }; - # TODO: require attribute cert = mkOption { - type = types.str; - description = "Path to the certificate file"; + type = types.path; + description = "Path to the certificate file."; + }; + + extraOptions = mkOption { + type = types.attrs; + default = {}; + description = "Extra SSL configuration options."; }; + }; }; moduleOpts = { roster = mkOption { + type = types.bool; default = true; description = "Allow users to have a roster"; }; saslauth = mkOption { + type = types.bool; default = true; description = "Authentication for clients and servers. Recommended if you want to log in."; }; tls = mkOption { + type = types.bool; default = true; description = "Add support for secure TLS on c2s/s2s connections"; }; dialback = mkOption { + type = types.bool; default = true; description = "s2s dialback support"; }; disco = mkOption { + type = types.bool; default = true; description = "Service discovery"; }; legacyauth = mkOption { + type = types.bool; default = true; description = "Legacy authentication. Only used by some old clients and bots"; }; version = mkOption { + type = types.bool; default = true; description = "Replies to server version requests"; }; uptime = mkOption { + type = types.bool; default = true; description = "Report how long server has been running"; }; time = mkOption { + type = types.bool; default = true; description = "Let others know the time here on this server"; }; ping = mkOption { + type = types.bool; default = true; description = "Replies to XMPP pings with pongs"; }; console = mkOption { + type = types.bool; default = false; description = "telnet to port 5582"; }; bosh = mkOption { + type = types.bool; default = false; description = "Enable BOSH clients, aka 'Jabber over HTTP'"; }; httpserver = mkOption { + type = types.bool; default = false; description = "Serve static files from a directory over HTTP"; }; websocket = mkOption { + type = types.bool; default = false; description = "Enable WebSocket support"; }; }; - createSSLOptsStr = o: - if o ? key && o ? cert then - ''ssl = { key = "${o.key}"; certificate = "${o.cert}"; };'' - else ""; + toLua = x: + if builtins.isString x then ''"${x}"'' + else if builtins.isBool x then toString x + else if builtins.isInt x then toString x + else throw "Invalid Lua value"; + + createSSLOptsStr = o: '' + ssl = { + key = "${o.key}"; + certificate = "${o.cert}"; + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name} = ${toLua value};") o.extraOptions)} + }; + ''; vHostOpts = { ... }: { @@ -114,18 +142,20 @@ let }; enabled = mkOption { + type = types.bool; default = false; description = "Whether to enable the virtual host"; }; ssl = mkOption { - description = "Paths to SSL files"; + type = types.nullOr (types.submodule sslOpts); default = null; - options = [ sslOpts ]; + description = "Paths to SSL files"; }; extraConfig = mkOption { - default = ''''; + type = types.lines; + default = ""; description = "Additional virtual host specific configuration"; }; @@ -144,11 +174,13 @@ in services.prosody = { enable = mkOption { + type = types.bool; default = false; description = "Whether to enable the prosody server"; }; allowRegistration = mkOption { + type = types.bool; default = false; description = "Allow account creation"; }; @@ -156,8 +188,9 @@ in modules = moduleOpts; extraModules = mkOption { - description = "Enable custom modules"; + type = types.listOf types.str; default = []; + description = "Enable custom modules"; }; virtualHosts = mkOption { @@ -183,20 +216,21 @@ in }; ssl = mkOption { - description = "Paths to SSL files"; + type = types.nullOr (types.submodule sslOpts); default = null; - options = [ sslOpts ]; + description = "Paths to SSL files"; }; admins = mkOption { - description = "List of administrators of the current host"; - example = [ "admin1@example.com" "admin2@example.com" ]; + type = types.listOf types.str; default = []; + example = [ "admin1@example.com" "admin2@example.com" ]; + description = "List of administrators of the current host"; }; extraConfig = mkOption { type = types.lines; - default = ''''; + default = ""; description = "Additional prosody configuration"; }; @@ -263,17 +297,17 @@ in }; systemd.services.prosody = { - description = "Prosody XMPP server"; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; + restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ]; serviceConfig = { User = "prosody"; + Type = "forking"; PIDFile = "/var/lib/prosody/prosody.pid"; ExecStart = "${pkgs.prosody}/bin/prosodyctl start"; }; - }; }; diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 1d6c41406107..9b4136223c0f 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -128,7 +128,7 @@ in # Make it easy to log in as root when running the test interactively. users.extraUsers.root.initialHashedPassword = mkOverride 150 ""; - services.xserver.displayManager.logToJournal = true; + services.xserver.displayManager.job.logToJournal = true; }; } diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 770e5fb848a9..26f7945a4eda 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -18,7 +18,7 @@ let "i686-linux" = "${qemu}/bin/qemu-kvm"; "x86_64-linux" = "${qemu}/bin/qemu-kvm -cpu kvm64"; "armv7l-linux" = "${qemu}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host"; - "aarch64-linux" = "${qemu}/bin/qemu-system-aarch64 -enable-kvm -machine virt -cpu host"; + "aarch64-linux" = "${qemu}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host"; }.${pkgs.stdenv.system}; # FIXME: figure out a common place for this instead of copy pasting |