diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-04-28 14:39:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-06-10 08:52:36 +0000 |
commit | 693e64ef7421374338ddb1dc12b9573feec75972 (patch) | |
tree | 2526ac075d248699c35d63e04499890ee4381f5f /nixpkgs/nixos/modules/services/misc | |
parent | 7014df2256694d97093d6f2bb1db340d346dea88 (diff) | |
parent | 8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17 (diff) | |
download | nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.gz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.bz2 nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.lz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.xz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.zst nixlib-693e64ef7421374338ddb1dc12b9573feec75972.zip |
Merge commit '8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17'
Diffstat (limited to 'nixpkgs/nixos/modules/services/misc')
8 files changed, 86 insertions, 22 deletions
diff --git a/nixpkgs/nixos/modules/services/misc/bazarr.nix b/nixpkgs/nixos/modules/services/misc/bazarr.nix index d3fd5b08cc84..99343a146a7a 100644 --- a/nixpkgs/nixos/modules/services/misc/bazarr.nix +++ b/nixpkgs/nixos/modules/services/misc/bazarr.nix @@ -64,6 +64,7 @@ in users.users = mkIf (cfg.user == "bazarr") { bazarr = { + isSystemUser = true; group = cfg.group; home = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}"; }; diff --git a/nixpkgs/nixos/modules/services/misc/etebase-server.nix b/nixpkgs/nixos/modules/services/misc/etebase-server.nix index 31e0952b5b98..b6bd6e9fd37b 100644 --- a/nixpkgs/nixos/modules/services/misc/etebase-server.nix +++ b/nixpkgs/nixos/modules/services/misc/etebase-server.nix @@ -192,8 +192,8 @@ in # Auto-migrate on first run or if the package has changed versionFile="${cfg.dataDir}/src-version" if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then - ${pythonEnv}/bin/etebase-server migrate - ${pythonEnv}/bin/etebase-server collectstatic + ${pythonEnv}/bin/etebase-server migrate --no-input + ${pythonEnv}/bin/etebase-server collectstatic --no-input --clear echo ${pkgs.etebase-server} > "$versionFile" fi ''; @@ -211,6 +211,7 @@ in users = optionalAttrs (cfg.user == defaultUser) { users.${defaultUser} = { + isSystemUser = true; group = defaultUser; home = cfg.dataDir; }; diff --git a/nixpkgs/nixos/modules/services/misc/home-assistant.nix b/nixpkgs/nixos/modules/services/misc/home-assistant.nix index 2787c975b352..0590f54ae60e 100644 --- a/nixpkgs/nixos/modules/services/misc/home-assistant.nix +++ b/nixpkgs/nixos/modules/services/misc/home-assistant.nix @@ -50,15 +50,10 @@ let # List of components used in config extraComponents = filter useComponent availableComponents; - testedPackage = if (cfg.autoExtraComponents && cfg.config != null) + package = if (cfg.autoExtraComponents && cfg.config != null) then (cfg.package.override { inherit extraComponents; }) else cfg.package; - # overridePythonAttrs has to be applied after override - package = testedPackage.overridePythonAttrs (oldAttrs: { - doCheck = false; - }); - # If you are changing this, please update the description in applyDefaultConfig defaultConfig = { homeassistant.time_zone = config.time.timeZone; @@ -188,9 +183,13 @@ in { }; package = mkOption { - default = pkgs.home-assistant; + default = pkgs.home-assistant.overrideAttrs (oldAttrs: { + doInstallCheck = false; + }); defaultText = literalExample '' - pkgs.home-assistant + pkgs.home-assistant.overrideAttrs (oldAttrs: { + doInstallCheck = false; + }) ''; type = types.package; example = literalExample '' @@ -199,12 +198,11 @@ in { } ''; description = '' - Home Assistant package to use. Tests are automatically disabled, as they take a considerable amout of time to complete. + Home Assistant package to use. By default the tests are disabled, as they take a considerable amout of time to complete. Override <literal>extraPackages</literal> or <literal>extraComponents</literal> in order to add additional dependencies. If you specify <option>config</option> and do not set <option>autoExtraComponents</option> to <literal>false</literal>, overriding <literal>extraComponents</literal> will have no effect. - Avoid <literal>home-assistant.overridePythonAttrs</literal> if you use - <literal>autoExtraComponents</literal>. + Avoid <literal>home-assistant.overridePythonAttrs</literal> if you use <literal>autoExtraComponents</literal>. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/jellyfin.nix b/nixpkgs/nixos/modules/services/misc/jellyfin.nix index 6a47dc3628f4..c1b45864041b 100644 --- a/nixpkgs/nixos/modules/services/misc/jellyfin.nix +++ b/nixpkgs/nixos/modules/services/misc/jellyfin.nix @@ -18,6 +18,7 @@ in package = mkOption { type = types.package; + default = pkgs.jellyfin; example = literalExample "pkgs.jellyfin"; description = '' Jellyfin package to use. @@ -29,6 +30,16 @@ in default = "jellyfin"; description = "Group under which jellyfin runs."; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open the default ports in the firewall for the media server. The + HTTP/HTTPS ports can be changed in the Web UI, so this option should + only be used if they are unchanged. + ''; + }; }; }; @@ -88,11 +99,6 @@ in }; }; - services.jellyfin.package = mkDefault ( - if versionAtLeast config.system.stateVersion "20.09" then pkgs.jellyfin - else pkgs.jellyfin_10_5 - ); - users.users = mkIf (cfg.user == "jellyfin") { jellyfin = { group = cfg.group; @@ -104,6 +110,12 @@ in jellyfin = {}; }; + networking.firewall = mkIf cfg.openFirewall { + # from https://jellyfin.org/docs/general/networking/index.html + allowedTCPPorts = [ 8096 8920 ]; + allowedUDPPorts = [ 1900 7359 ]; + }; + }; meta.maintainers = with lib.maintainers; [ minijackson ]; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix b/nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix index 63dc313ad10b..a0a5973d30f2 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix +++ b/nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix @@ -214,7 +214,8 @@ in { PrivateMounts = true; SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap"; SystemCallArchitectures = "native"; - RestrictAddressFamilies = "AF_INET AF_INET6"; + # AF_UNIX is required to connect to a postgres socket. + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-synapse.xml b/nixpkgs/nixos/modules/services/misc/matrix-synapse.xml index 358b631eb485..41a56df0f2b5 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-synapse.xml +++ b/nixpkgs/nixos/modules/services/misc/matrix-synapse.xml @@ -33,11 +33,11 @@ <link xlink:href="https://github.com/matrix-org/synapse#synapse-installation"> installation instructions of Synapse </link>. <programlisting> -{ pkgs, ... }: +{ pkgs, lib, ... }: let fqdn = let - join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; in join config.networking.hostName config.networking.domain; in { networking = { @@ -132,7 +132,7 @@ in { } ]; }; -}; +} </programlisting> </para> diff --git a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix index 64bdbf159d51..133e96da0ec8 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix @@ -21,6 +21,7 @@ let calls in `libstore/build.cc', don't add any supplementary group here except "nixbld". */ uid = builtins.add config.ids.uids.nixbld nr; + isSystemUser = true; group = "nixbld"; extraGroups = [ "nixbld" ]; }; diff --git a/nixpkgs/nixos/modules/services/misc/podgrab.nix b/nixpkgs/nixos/modules/services/misc/podgrab.nix new file mode 100644 index 000000000000..7077408b7942 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/podgrab.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.services.podgrab; +in +{ + options.services.podgrab = with lib; { + enable = mkEnableOption "Podgrab, a self-hosted podcast manager"; + + passwordFile = mkOption { + type = with types; nullOr str; + default = null; + example = "/run/secrets/password.env"; + description = '' + The path to a file containing the PASSWORD environment variable + definition for Podgrab's authentification. + ''; + }; + + port = mkOption { + type = types.port; + default = 8080; + example = 4242; + description = "The port on which Podgrab will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.podgrab = { + description = "Podgrab podcast manager"; + wantedBy = [ "multi-user.target" ]; + environment = { + CONFIG = "/var/lib/podgrab/config"; + DATA = "/var/lib/podgrab/data"; + GIN_MODE = "release"; + PORT = toString cfg.port; + }; + serviceConfig = { + DynamicUser = true; + EnvironmentFile = lib.optional (cfg.passwordFile != null) [ + cfg.passwordFile + ]; + ExecStart = "${pkgs.podgrab}/bin/podgrab"; + WorkingDirectory = "${pkgs.podgrab}/share"; + StateDirectory = [ "podgrab/config" "podgrab/data" ]; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ ambroisie ]; +} |