diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-02-05 00:02:17 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-05 00:02:17 +0000 |
commit | 42e44c05837e904af5274eea7ac1cd5fd5f4e64c (patch) | |
tree | 0cbe48a7632ccdb716f46649cf2322f1c5a497a6 /nixos | |
parent | 259981b0af5c285bb3cc7146de1da1b5af92236d (diff) | |
parent | 4888d2428dd1864029acc7f4419fb30adc07be26 (diff) | |
download | nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.tar nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.tar.gz nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.tar.bz2 nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.tar.lz nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.tar.xz nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.tar.zst nixlib-42e44c05837e904af5274eea7ac1cd5fd5f4e64c.zip |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 7 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/databases/etcd.nix (renamed from nixos/modules/services/misc/etcd.nix) | 25 | ||||
-rw-r--r-- | nixos/modules/services/databases/neo4j.nix | 77 |
4 files changed, 66 insertions, 45 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 9a9c22f64824..27117746f9d8 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -97,6 +97,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details. +- `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/) + +- `services.neo4j.allowUpgrade` was removed and no longer has any effect. Neo4j 5 supports automatic rolling upgrades. + - `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details. - `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`. @@ -138,6 +142,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m ''; ``` + +- The package `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few. + - The `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0). - The `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e97fb45e769c..b64a3360701a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -429,6 +429,7 @@ ./services/databases/couchdb.nix ./services/databases/dgraph.nix ./services/databases/dragonflydb.nix + ./services/databases/etcd.nix ./services/databases/ferretdb.nix ./services/databases/firebird.nix ./services/databases/foundationdb.nix @@ -679,7 +680,6 @@ ./services/misc/dwm-status.nix ./services/misc/dysnomia.nix ./services/misc/errbot.nix - ./services/misc/etcd.nix ./services/misc/etebase-server.nix ./services/misc/etesync-dav.nix ./services/misc/evdevremapkeys.nix diff --git a/nixos/modules/services/misc/etcd.nix b/nixos/modules/services/databases/etcd.nix index ee6a56db31d3..a5b3abdbcb59 100644 --- a/nixos/modules/services/misc/etcd.nix +++ b/nixos/modules/services/databases/etcd.nix @@ -99,6 +99,17 @@ in { type = types.nullOr types.path; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Open etcd ports in the firewall. + Ports opened: + - 2379/tcp for client requests + - 2380/tcp for peer communication + ''; + }; + peerCertFile = mkOption { description = lib.mdDoc "Cert file to use for peer to peer communication"; default = cfg.certFile; @@ -160,7 +171,10 @@ in { systemd.services.etcd = { description = "etcd key-value store"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + after = [ "network-online.target" ] + ++ lib.optional config.networking.firewall.enable "firewall.service"; + wants = [ "network-online.target" ] + ++ lib.optional config.networking.firewall.enable "firewall.service"; environment = (filterAttrs (n: v: v != null) { ETCD_NAME = cfg.name; @@ -190,6 +204,8 @@ in { serviceConfig = { Type = "notify"; + Restart = "always"; + RestartSec = "30s"; ExecStart = "${cfg.package}/bin/etcd"; User = "etcd"; LimitNOFILE = 40000; @@ -198,6 +214,13 @@ in { environment.systemPackages = [ cfg.package ]; + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ + 2379 # for client requests + 2380 # for peer communication + ]; + }; + users.users.etcd = { isSystemUser = true; group = "etcd"; diff --git a/nixos/modules/services/databases/neo4j.nix b/nixos/modules/services/databases/neo4j.nix index 56b916ee3758..45630e2d4488 100644 --- a/nixos/modules/services/databases/neo4j.nix +++ b/nixos/modules/services/databases/neo4j.nix @@ -35,65 +35,64 @@ let serverConfig = pkgs.writeText "neo4j.conf" '' # General - dbms.allow_upgrade=${boolToString cfg.allowUpgrade} - dbms.default_listen_address=${cfg.defaultListenAddress} - dbms.databases.default_to_read_only=${boolToString cfg.readOnly} + server.default_listen_address=${cfg.defaultListenAddress} + server.databases.default_to_read_only=${boolToString cfg.readOnly} ${optionalString (cfg.workerCount > 0) '' dbms.threads.worker_count=${toString cfg.workerCount} ''} # Directories (readonly) - dbms.directories.certificates=${cfg.directories.certificates} - dbms.directories.plugins=${cfg.directories.plugins} - dbms.directories.lib=${cfg.package}/share/neo4j/lib + # dbms.directories.certificates=${cfg.directories.certificates} + server.directories.plugins=${cfg.directories.plugins} + server.directories.lib=${cfg.package}/share/neo4j/lib ${optionalString (cfg.constrainLoadCsv) '' - dbms.directories.import=${cfg.directories.imports} + server.directories.import=${cfg.directories.imports} ''} # Directories (read and write) - dbms.directories.data=${cfg.directories.data} - dbms.directories.logs=${cfg.directories.home}/logs - dbms.directories.run=${cfg.directories.home}/run + server.directories.data=${cfg.directories.data} + server.directories.logs=${cfg.directories.home}/logs + server.directories.run=${cfg.directories.home}/run # HTTP Connector ${optionalString (cfg.http.enable) '' - dbms.connector.http.enabled=${boolToString cfg.http.enable} - dbms.connector.http.listen_address=${cfg.http.listenAddress} - dbms.connector.http.advertised_address=${cfg.http.listenAddress} + server.http.enabled=${boolToString cfg.http.enable} + server.http.listen_address=${cfg.http.listenAddress} + server.http.advertised_address=${cfg.http.listenAddress} ''} # HTTPS Connector - dbms.connector.https.enabled=${boolToString cfg.https.enable} - dbms.connector.https.listen_address=${cfg.https.listenAddress} - dbms.connector.https.advertised_address=${cfg.https.listenAddress} + server.https.enabled=${boolToString cfg.https.enable} + server.https.listen_address=${cfg.https.listenAddress} + server.https.advertised_address=${cfg.https.listenAddress} # BOLT Connector - dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable} - dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress} - dbms.connector.bolt.advertised_address=${cfg.bolt.listenAddress} - dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel} + server.bolt.enabled=${boolToString cfg.bolt.enable} + server.bolt.listen_address=${cfg.bolt.listenAddress} + server.bolt.advertised_address=${cfg.bolt.listenAddress} + server.bolt.tls_level=${cfg.bolt.tlsLevel} # SSL Policies ${concatStringsSep "\n" sslPolicies} # Default retention policy from neo4j.conf - dbms.tx_log.rotation.retention_policy=1 days + db.tx_log.rotation.retention_policy=1 days # Default JVM parameters from neo4j.conf - dbms.jvm.additional=-XX:+UseG1GC - dbms.jvm.additional=-XX:-OmitStackTraceInFastThrow - dbms.jvm.additional=-XX:+AlwaysPreTouch - dbms.jvm.additional=-XX:+UnlockExperimentalVMOptions - dbms.jvm.additional=-XX:+TrustFinalNonStaticFields - dbms.jvm.additional=-XX:+DisableExplicitGC - dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 - dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true - dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball - - #dbms.memory.heap.initial_size=12000m - #dbms.memory.heap.max_size=12000m - #dbms.memory.pagecache.size=4g - #dbms.tx_state.max_off_heap_memory=8000m + server.jvm.additional=-XX:+UseG1GC + server.jvm.additional=-XX:-OmitStackTraceInFastThrow + server.jvm.additional=-XX:+AlwaysPreTouch + server.jvm.additional=-XX:+UnlockExperimentalVMOptions + server.jvm.additional=-XX:+TrustFinalNonStaticFields + server.jvm.additional=-XX:+DisableExplicitGC + server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 + server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true + server.jvm.additional=-Dunsupported.dbms.udc.source=tarball + + #server.memory.off_heap.transaction_max_size=12000m + #server.memory.heap.max_size=12000m + #server.memory.pagecache.size=4g + #server.tx_state.max_off_heap_memory=8000m # Extra Configuration ${cfg.extraServerConfig} @@ -127,14 +126,6 @@ in { ''; }; - allowUpgrade = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Allow upgrade of Neo4j database files from an older version. - ''; - }; - constrainLoadCsv = mkOption { type = types.bool; default = true; |