diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-04-22 21:15:06 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-04-22 21:18:23 +0000 |
commit | b935ae5f3cfb2bb4f9a3746d284f156a6dece505 (patch) | |
tree | 5efe4e2e7a7723a737d0130a333b057c5e76df40 /nixpkgs/nixos/modules/services | |
parent | dc9566e91c9453378c24e98b5737234364670df5 (diff) | |
parent | d26027792812fbfad4d0f451b5f47fdabf7fdeb9 (diff) | |
download | nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.gz nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.bz2 nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.lz nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.xz nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.zst nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.zip |
Merge commit 'd26027792812fbfad4d0f451b5f47fdabf7fdeb9'
Diffstat (limited to 'nixpkgs/nixos/modules/services')
68 files changed, 1199 insertions, 229 deletions
diff --git a/nixpkgs/nixos/modules/services/audio/ympd.nix b/nixpkgs/nixos/modules/services/audio/ympd.nix index d34c1c9d83cc..919b76622510 100644 --- a/nixpkgs/nixos/modules/services/audio/ympd.nix +++ b/nixpkgs/nixos/modules/services/audio/ympd.nix @@ -15,7 +15,7 @@ in { enable = mkEnableOption "ympd, the MPD Web GUI"; webPort = mkOption { - type = types.string; + type = types.either types.str types.port; # string for backwards compat default = "8080"; description = "The port where ympd's web interface will be available."; example = "ssl://8080:/path/to/ssl-private-key.pem"; @@ -49,7 +49,7 @@ in { systemd.services.ympd = { description = "Standalone MPD Web GUI written in C"; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${cfg.mpd.host} --port ${toString cfg.mpd.port} --webport ${cfg.webPort} --user nobody"; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${cfg.mpd.host} --port ${toString cfg.mpd.port} --webport ${toString cfg.webPort} --user nobody"; }; }; diff --git a/nixpkgs/nixos/modules/services/backup/bacula.nix b/nixpkgs/nixos/modules/services/backup/bacula.nix index 24cad6128260..41bda7893a75 100644 --- a/nixpkgs/nixos/modules/services/backup/bacula.nix +++ b/nixpkgs/nixos/modules/services/backup/bacula.nix @@ -15,7 +15,7 @@ let Name = "${fd_cfg.name}"; FDPort = ${toString fd_cfg.port}; WorkingDirectory = "${libDir}"; - Pid Directory = "/var/run"; + Pid Directory = "/run"; ${fd_cfg.extraClientConfig} } @@ -41,7 +41,7 @@ let Name = "${sd_cfg.name}"; SDPort = ${toString sd_cfg.port}; WorkingDirectory = "${libDir}"; - Pid Directory = "/var/run"; + Pid Directory = "/run"; ${sd_cfg.extraStorageConfig} } @@ -77,7 +77,7 @@ let Password = "${dir_cfg.password}"; DirPort = ${toString dir_cfg.port}; Working Directory = "${libDir}"; - Pid Directory = "/var/run/"; + Pid Directory = "/run/"; QueryFile = "${pkgs.bacula}/etc/query.sql"; ${dir_cfg.extraDirectorConfig} } diff --git a/nixpkgs/nixos/modules/services/databases/couchdb.nix b/nixpkgs/nixos/modules/services/databases/couchdb.nix index ca89b1198205..84d108d9c747 100644 --- a/nixpkgs/nixos/modules/services/databases/couchdb.nix +++ b/nixpkgs/nixos/modules/services/databases/couchdb.nix @@ -85,7 +85,7 @@ in { uriFile = mkOption { type = types.path; - default = "/var/run/couchdb/couchdb.uri"; + default = "/run/couchdb/couchdb.uri"; description = '' This file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is diff --git a/nixpkgs/nixos/modules/services/databases/mongodb.nix b/nixpkgs/nixos/modules/services/databases/mongodb.nix index 4c46d9228e5f..3fe4af2f2619 100644 --- a/nixpkgs/nixos/modules/services/databases/mongodb.nix +++ b/nixpkgs/nixos/modules/services/databases/mongodb.nix @@ -65,7 +65,7 @@ in }; pidFile = mkOption { - default = "/var/run/mongodb.pid"; + default = "/run/mongodb.pid"; description = "Location of MongoDB pid file"; }; diff --git a/nixpkgs/nixos/modules/services/databases/openldap.nix b/nixpkgs/nixos/modules/services/databases/openldap.nix index bb658918cb0d..c101e7375af9 100644 --- a/nixpkgs/nixos/modules/services/databases/openldap.nix +++ b/nixpkgs/nixos/modules/services/databases/openldap.nix @@ -226,8 +226,8 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; preStart = '' - mkdir -p /var/run/slapd - chown -R "${cfg.user}:${cfg.group}" /var/run/slapd + mkdir -p /run/slapd + chown -R "${cfg.user}:${cfg.group}" /run/slapd ${optionalString (cfg.declarativeContents != null) '' rm -Rf "${cfg.dataDir}" ''} diff --git a/nixpkgs/nixos/modules/services/databases/redis.nix b/nixpkgs/nixos/modules/services/databases/redis.nix index cc7b51982d1d..c04cc1283b2e 100644 --- a/nixpkgs/nixos/modules/services/databases/redis.nix +++ b/nixpkgs/nixos/modules/services/databases/redis.nix @@ -95,7 +95,7 @@ in type = with types; nullOr path; default = null; description = "The path to the socket to bind to."; - example = "/var/run/redis.sock"; + example = "/run/redis.sock"; }; logLevel = mkOption { diff --git a/nixpkgs/nixos/modules/services/databases/rethinkdb.nix b/nixpkgs/nixos/modules/services/databases/rethinkdb.nix index 789d9c851d64..4828e594b328 100644 --- a/nixpkgs/nixos/modules/services/databases/rethinkdb.nix +++ b/nixpkgs/nixos/modules/services/databases/rethinkdb.nix @@ -41,7 +41,7 @@ in }; pidpath = mkOption { - default = "/var/run/rethinkdb"; + default = "/run/rethinkdb"; description = "Location where each instance's pid file is located."; }; diff --git a/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix b/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix new file mode 100644 index 000000000000..057da4e2d7f2 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix @@ -0,0 +1,41 @@ +# dde-daemon + +{ config, pkgs, lib, ... }: + +{ + + ###### interface + + options = { + + services.deepin.dde-daemon = { + + enable = lib.mkEnableOption + "A daemon for handling Deepin Desktop Environment session settings"; + + }; + + }; + + + ###### implementation + + config = lib.mkIf config.services.deepin.dde-daemon.enable { + + environment.systemPackages = [ pkgs.deepin.dde-daemon ]; + + services.dbus.packages = [ pkgs.deepin.dde-daemon ]; + + systemd.packages = [ pkgs.deepin.dde-daemon ]; + + users.groups.dde-daemon = { }; + + users.users.dde-daemon = { + description = "Deepin daemon user"; + group = "dde-daemon"; + isSystemUser = true; + }; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/desktops/deepin/deepin-menu.nix b/nixpkgs/nixos/modules/services/desktops/deepin/deepin-menu.nix new file mode 100644 index 000000000000..23fe5a741c42 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktops/deepin/deepin-menu.nix @@ -0,0 +1,29 @@ +# deepin-menu + +{ config, pkgs, lib, ... }: + +{ + + ###### interface + + options = { + + services.deepin.deepin-menu = { + + enable = lib.mkEnableOption + "DBus service for unified menus in Deepin Desktop Environment"; + + }; + + }; + + + ###### implementation + + config = lib.mkIf config.services.deepin.deepin-menu.enable { + + services.dbus.packages = [ pkgs.deepin.deepin-menu ]; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/desktops/gnome3/evince.nix b/nixpkgs/nixos/modules/services/desktops/gnome3/evince.nix new file mode 100644 index 000000000000..5f040a16f067 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktops/gnome3/evince.nix @@ -0,0 +1,35 @@ +# Evince. + +{ config, pkgs, lib, ... }: + +with lib; + +{ + + ###### interface + + options = { + + services.gnome3.evince = { + + enable = mkEnableOption + "systemd and dbus services for Evince, the GNOME document viewer"; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.gnome3.evince.enable { + + environment.systemPackages = [ pkgs.evince ]; + + services.dbus.packages = [ pkgs.evince ]; + + systemd.packages = [ pkgs.evince ]; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/desktops/gnome3/glib-networking.nix b/nixpkgs/nixos/modules/services/desktops/gnome3/glib-networking.nix new file mode 100644 index 000000000000..186668d7d385 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktops/gnome3/glib-networking.nix @@ -0,0 +1,33 @@ +# GLib Networking + +{ config, pkgs, lib, ... }: + +with lib; + +{ + + ###### interface + + options = { + + services.gnome3.glib-networking = { + + enable = mkEnableOption "network extensions for GLib"; + + }; + + }; + + ###### implementation + + config = mkIf config.services.gnome3.glib-networking.enable { + + services.dbus.packages = [ pkgs.gnome3.glib-networking ]; + + systemd.packages = [ pkgs.gnome3.glib-networking ]; + + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gnome3.glib-networking.out}/lib/gio/modules" ]; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix index 5ea4350be5b4..4c350d8bb1c6 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix @@ -35,6 +35,8 @@ with lib; services.dbus.packages = [ pkgs.gnome3.gnome-keyring pkgs.gcr ]; + security.pam.services.login.enableGnomeKeyring = true; + }; } diff --git a/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix b/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix index 81d4a1ae65bf..bffe7353b10e 100644 --- a/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix @@ -57,6 +57,15 @@ in ''; }; + user = mkOption { + type = types.str; + default = "nobody"; + example = "root"; + description = '' + User account under which <command>triggerhappy</command> runs. + ''; + }; + bindings = mkOption { type = types.listOf (types.submodule bindingCfg); default = []; @@ -96,7 +105,7 @@ in after = [ "local-fs.target" ]; description = "Global hotkey daemon"; serviceConfig = { - ExecStart = "${pkgs.triggerhappy}/bin/thd --user nobody --socket ${socket} --triggers ${configFile} --deviceglob /dev/input/event*"; + ExecStart = "${pkgs.triggerhappy}/bin/thd ${optionalString (cfg.user != "root") "--user ${cfg.user}"} --socket ${socket} --triggers ${configFile} --deviceglob /dev/input/event*"; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix b/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix index ab5f4c39e8c2..9599854352c9 100644 --- a/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix +++ b/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix @@ -48,8 +48,8 @@ with lib; requiredBy = [ "postfix.service" ]; serviceConfig = { Type = "forking"; - PIDFile = "/var/run/pfix-srsd.pid"; - ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /var/run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}"; + PIDFile = "/run/pfix-srsd.pid"; + ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/postgrey.nix b/nixpkgs/nixos/modules/services/mail/postgrey.nix index 241f75eae279..8e2b9c5dbc56 100644 --- a/nixpkgs/nixos/modules/services/mail/postgrey.nix +++ b/nixpkgs/nixos/modules/services/mail/postgrey.nix @@ -29,7 +29,7 @@ with lib; let options = { path = mkOption { type = path; - default = "/var/run/postgrey.sock"; + default = "/run/postgrey.sock"; description = "Path of the unix socket"; }; @@ -53,7 +53,7 @@ in { socket = mkOption { type = socket; default = { - path = "/var/run/postgrey.sock"; + path = "/run/postgrey.sock"; mode = "0777"; }; example = { diff --git a/nixpkgs/nixos/modules/services/mail/roundcube.nix b/nixpkgs/nixos/modules/services/mail/roundcube.nix index 66b1c1e3e6f9..e8b2e11bf726 100644 --- a/nixpkgs/nixos/modules/services/mail/roundcube.nix +++ b/nixpkgs/nixos/modules/services/mail/roundcube.nix @@ -141,27 +141,31 @@ in systemd.services.roundcube-setup = let pgSuperUser = config.services.postgresql.superUser; - in { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - path = [ config.services.postgresql.package ]; - script = '' - mkdir -p /var/lib/roundcube - if [ ! -f /var/lib/roundcube/db-created ]; then - if [ "${cfg.database.host}" = "localhost" ]; then - ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create role ${cfg.database.username} with login password '${cfg.database.password}'"; - ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create database ${cfg.database.dbname} with owner ${cfg.database.username}"; + in mkMerge [ + (mkIf (cfg.database.host == "localhost") { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + path = [ config.services.postgresql.package ]; + }) + { + wantedBy = [ "multi-user.target" ]; + script = '' + mkdir -p /var/lib/roundcube + if [ ! -f /var/lib/roundcube/db-created ]; then + if [ "${cfg.database.host}" = "localhost" ]; then + ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create role ${cfg.database.username} with login password '${cfg.database.password}'"; + ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create database ${cfg.database.dbname} with owner ${cfg.database.username}"; + fi + PGPASSWORD=${cfg.database.password} ${pkgs.postgresql}/bin/psql -U ${cfg.database.username} \ + -f ${cfg.package}/SQL/postgres.initial.sql \ + -h ${cfg.database.host} ${cfg.database.dbname} + touch /var/lib/roundcube/db-created fi - PGPASSWORD=${cfg.database.password} ${pkgs.postgresql}/bin/psql -U ${cfg.database.username} \ - -f ${cfg.package}/SQL/postgres.initial.sql \ - -h ${cfg.database.host} ${cfg.database.dbname} - touch /var/lib/roundcube/db-created - fi - ${pkgs.php}/bin/php ${cfg.package}/bin/update.sh - ''; - serviceConfig.Type = "oneshot"; - }; + ${pkgs.php}/bin/php ${cfg.package}/bin/update.sh + ''; + serviceConfig.Type = "oneshot"; + } + ]; }; } diff --git a/nixpkgs/nixos/modules/services/mail/spamassassin.nix b/nixpkgs/nixos/modules/services/mail/spamassassin.nix index 0c11ea431368..1fe77ce5a0c7 100644 --- a/nixpkgs/nixos/modules/services/mail/spamassassin.nix +++ b/nixpkgs/nixos/modules/services/mail/spamassassin.nix @@ -174,7 +174,7 @@ in after = [ "network.target" ]; serviceConfig = { - ExecStart = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --siteconfigpath=${spamdEnv} --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid"; + ExecStart = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --siteconfigpath=${spamdEnv} --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; }; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix index 87999c3614fc..5e465926b832 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix @@ -30,7 +30,7 @@ ${optionalString (cfg.bind_host != null) '' bind_host: "${cfg.bind_host}" ''} server_name: "${cfg.server_name}" -pid_file: "/var/run/matrix-synapse.pid" +pid_file: "/run/matrix-synapse.pid" web_client: ${boolToString cfg.web_client} ${optionalString (cfg.public_baseurl != null) '' public_baseurl: "${cfg.public_baseurl}" diff --git a/nixpkgs/nixos/modules/services/misc/mbpfan.nix b/nixpkgs/nixos/modules/services/misc/mbpfan.nix index 50f6f80ad00c..e22d1ed61f99 100644 --- a/nixpkgs/nixos/modules/services/misc/mbpfan.nix +++ b/nixpkgs/nixos/modules/services/misc/mbpfan.nix @@ -101,7 +101,7 @@ in { Type = "simple"; ExecStart = "${cfg.package}/bin/mbpfan -f${verbose}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - PIDFile = "/var/run/mbpfan.pid"; + PIDFile = "/run/mbpfan.pid"; Restart = "always"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix b/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix index f322ba4cbd58..2dd9fcf68ab0 100644 --- a/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix +++ b/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix @@ -19,7 +19,7 @@ in description = "spice-vdagent daemon"; wantedBy = [ "graphical.target" ]; preStart = '' - mkdir -p "/var/run/spice-vdagentd/" + mkdir -p "/run/spice-vdagentd/" ''; serviceConfig = { Type = "forking"; diff --git a/nixpkgs/nixos/modules/services/misc/svnserve.nix b/nixpkgs/nixos/modules/services/misc/svnserve.nix index 04a6cd7bfa9b..6292bc52b1e3 100644 --- a/nixpkgs/nixos/modules/services/misc/svnserve.nix +++ b/nixpkgs/nixos/modules/services/misc/svnserve.nix @@ -38,7 +38,7 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = "mkdir -p ${cfg.svnBaseDir}"; - script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid"; + script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/run/svnserve.pid"; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/nagios.nix b/nixpkgs/nixos/modules/services/monitoring/nagios.nix index e5496209f827..7f65236ed3d3 100644 --- a/nixpkgs/nixos/modules/services/monitoring/nagios.nix +++ b/nixpkgs/nixos/modules/services/monitoring/nagios.nix @@ -24,7 +24,7 @@ let status_file=${nagiosState}/status.dat object_cache_file=${nagiosState}/objects.cache temp_file=${nagiosState}/nagios.tmp - lock_file=/var/run/nagios.lock # Not used I think. + lock_file=/run/nagios.lock # Not used I think. state_retention_file=${nagiosState}/retention.dat query_socket=${nagiosState}/nagios.qh check_result_path=${nagiosState} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix index 7d790b6b590b..11d85e9c4fc3 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -40,22 +40,6 @@ in { ''; }; - user = mkOption { - type = types.str; - default = "nobody"; - description = '' - User name under which Alertmanager shall be run. - ''; - }; - - group = mkOption { - type = types.str; - default = "nogroup"; - description = '' - Group under which Alertmanager shall be run. - ''; - }; - configuration = mkOption { type = types.nullOr types.attrs; default = null; @@ -151,17 +135,13 @@ in { systemd.services.alertmanager = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - script = '' - ${cfg.package}/bin/alertmanager \ - ${concatStringsSep " \\\n " cmdlineArgs} - ''; - serviceConfig = { - User = cfg.user; - Group = cfg.group; Restart = "always"; - PrivateTmp = true; + DynamicUser = true; WorkingDirectory = "/tmp"; + ExecStart = "${cfg.package}/bin/alertmanager" + + optionalString (length cmdlineArgs != 0) (" \\\n " + + concatStringsSep " \\\n " cmdlineArgs); ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix index cc703573d8cd..e7ac12c07d33 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix @@ -4,9 +4,24 @@ with lib; let cfg = config.services.prometheus; + cfg2 = config.services.prometheus2; promUser = "prometheus"; promGroup = "prometheus"; + stateDir = + if cfg.stateDir != null + then cfg.stateDir + else + if cfg.dataDir != null + then + # This assumes /var/lib/ is a prefix of cfg.dataDir. + # This is checked as an assertion below. + removePrefix stateDirBase cfg.dataDir + else "prometheus"; + stateDirBase = "/var/lib/"; + workingDir = stateDirBase + stateDir; + workingDir2 = stateDirBase + cfg2.stateDir; + # Get a submodule without any embedded metadata: _filter = x: filterAttrs (k: v: k != "_module") x; @@ -17,38 +32,96 @@ let promtool ${what} $out ''; + # a wrapper that verifies that the configuration is valid for + # prometheus 2 + prom2toolCheck = what: name: file: + pkgs.runCommand + "${name}-${replaceStrings [" "] [""] what}-checked" + { buildInputs = [ cfg2.package ]; } '' + ln -s ${file} $out + promtool ${what} $out + ''; + # Pretty-print JSON to a file writePrettyJSON = name: x: pkgs.runCommand name { preferLocalBuild = true; } '' echo '${builtins.toJSON x}' | ${pkgs.jq}/bin/jq . > $out ''; - # This becomes the main config file + # This becomes the main config file for Prometheus 1 promConfig = { global = cfg.globalConfig; rule_files = map (promtoolCheck "check-rules" "rules") (cfg.ruleFiles ++ [ (pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg.rules)) ]); - scrape_configs = cfg.scrapeConfigs; + scrape_configs = filterEmpty cfg.scrapeConfigs; }; generatedPrometheusYml = writePrettyJSON "prometheus.yml" promConfig; prometheusYml = let - yml = if cfg.configText != null then + yml = if cfg.configText != null then pkgs.writeText "prometheus.yml" cfg.configText else generatedPrometheusYml; in promtoolCheck "check-config" "prometheus.yml" yml; cmdlineArgs = cfg.extraFlags ++ [ - "-storage.local.path=${cfg.dataDir}/metrics" + "-storage.local.path=${workingDir}/metrics" "-config.file=${prometheusYml}" "-web.listen-address=${cfg.listenAddress}" "-alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}" "-alertmanager.timeout=${toString cfg.alertmanagerTimeout}s" - (optionalString (cfg.alertmanagerURL != []) "-alertmanager.url=${concatStringsSep "," cfg.alertmanagerURL}") - (optionalString (cfg.webExternalUrl != null) "-web.external-url=${cfg.webExternalUrl}") - ]; + ] ++ + optional (cfg.alertmanagerURL != []) "-alertmanager.url=${concatStringsSep "," cfg.alertmanagerURL}" ++ + optional (cfg.webExternalUrl != null) "-web.external-url=${cfg.webExternalUrl}"; + + # This becomes the main config file for Prometheus 2 + promConfig2 = { + global = cfg2.globalConfig; + rule_files = map (prom2toolCheck "check rules" "rules") (cfg2.ruleFiles ++ [ + (pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg2.rules)) + ]); + scrape_configs = filterEmpty cfg2.scrapeConfigs; + alerting = optionalAttrs (cfg2.alertmanagerURL != []) { + alertmanagers = [{ + static_configs = [{ + targets = cfg2.alertmanagerURL; + }]; + }]; + }; + }; + + generatedPrometheus2Yml = writePrettyJSON "prometheus.yml" promConfig2; + + prometheus2Yml = let + yml = if cfg2.configText != null then + pkgs.writeText "prometheus.yml" cfg2.configText + else generatedPrometheus2Yml; + in prom2toolCheck "check config" "prometheus.yml" yml; + + cmdlineArgs2 = cfg2.extraFlags ++ [ + "--storage.tsdb.path=${workingDir2}/data/" + "--config.file=${prometheus2Yml}" + "--web.listen-address=${cfg2.listenAddress}" + "--alertmanager.notification-queue-capacity=${toString cfg2.alertmanagerNotificationQueueCapacity}" + "--alertmanager.timeout=${toString cfg2.alertmanagerTimeout}s" + ] ++ + optional (cfg2.webExternalUrl != null) "--web.external-url=${cfg2.webExternalUrl}"; + + filterEmpty = filterAttrsListRecursive (_n: v: !(v == null || v == [] || v == {})); + filterAttrsListRecursive = pred: x: + if isAttrs x then + listToAttrs ( + concatMap (name: + let v = x.${name}; in + if pred name v then [ + (nameValuePair name (filterAttrsListRecursive pred v)) + ] else [] + ) (attrNames x) + ) + else if isList x then + map (filterAttrsListRecursive pred) x + else x; promTypes.globalConfig = types.submodule { options = { @@ -179,6 +252,14 @@ let Optional http login credentials for metrics scraping. ''; }; + tls_config = mkOption { + type = types.nullOr promTypes.tls_config; + default = null; + apply = x: mapNullable _filter x; + description = '' + Configures the scrape request's TLS settings. + ''; + }; dns_sd_configs = mkOption { type = types.listOf promTypes.dns_sd_config; default = []; @@ -211,6 +292,14 @@ let List of labeled target groups for this job. ''; }; + ec2_sd_configs = mkOption { + type = types.listOf promTypes.ec2_sd_config; + default = []; + apply = x: map _filter x; + description = '' + List of EC2 service discovery configurations. + ''; + }; relabel_configs = mkOption { type = types.listOf promTypes.relabel_config; default = []; @@ -240,6 +329,96 @@ let }; }; + promTypes.ec2_sd_config = types.submodule { + options = { + region = mkOption { + type = types.str; + description = '' + The AWS Region. + ''; + }; + endpoint = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Custom endpoint to be used. + ''; + }; + access_key = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The AWS API key id. If blank, the environment variable + <literal>AWS_ACCESS_KEY_ID</literal> is used. + ''; + }; + secret_key = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The AWS API key secret. If blank, the environment variable + <literal>AWS_SECRET_ACCESS_KEY</literal> is used. + ''; + }; + profile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Named AWS profile used to connect to the API. + ''; + }; + role_arn = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + AWS Role ARN, an alternative to using AWS API keys. + ''; + }; + refresh_interval = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Refresh interval to re-read the instance list. + ''; + }; + port = mkOption { + type = types.int; + default = 80; + description = '' + The port to scrape metrics from. If using the public IP + address, this must instead be specified in the relabeling + rule. + ''; + }; + filters = mkOption { + type = types.nullOr (types.listOf promTypes.filter); + default = null; + description = '' + Filters can be used optionally to filter the instance list by other criteria. + ''; + }; + }; + }; + + promTypes.filter = types.submodule { + options = { + name = mkOption { + type = types.str; + description = '' + See <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html">this list</link> + for the available filters. + ''; + }; + value = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Value of the filter. + ''; + }; + }; + }; + promTypes.dns_sd_config = types.submodule { options = { names = mkOption { @@ -373,6 +552,47 @@ let }; }; + promTypes.tls_config = types.submodule { + options = { + ca_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + CA certificate to validate API server certificate with. + ''; + }; + cert_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Certificate file for client cert authentication to the server. + ''; + }; + key_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Key file for client cert authentication to the server. + ''; + }; + server_name = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + ServerName extension to indicate the name of the server. + http://tools.ietf.org/html/rfc4366#section-3.1 + ''; + }; + insecure_skip_verify = mkOption { + type = types.bool; + default = false; + description = '' + Disable validation of the server certificate. + ''; + }; + }; + }; + in { options = { services.prometheus = { @@ -403,10 +623,21 @@ in { }; dataDir = mkOption { - type = types.path; - default = "/var/lib/prometheus"; + type = types.nullOr types.path; + default = null; description = '' Directory to store Prometheus metrics data. + This option is deprecated, please use <option>services.prometheus.stateDir</option>. + ''; + }; + + stateDir = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Directory below <literal>${stateDirBase}</literal> to store Prometheus metrics data. + This directory will be created automatically using systemd's StateDirectory mechanism. + Defaults to <literal>prometheus</literal>. ''; }; @@ -497,30 +728,201 @@ in { ''; }; }; - }; + services.prometheus2 = { - config = mkIf cfg.enable { - users.groups.${promGroup}.gid = config.ids.gids.prometheus; - users.users.${promUser} = { - description = "Prometheus daemon user"; - uid = config.ids.uids.prometheus; - group = promGroup; - home = cfg.dataDir; - createHome = true; - }; - systemd.services.prometheus = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - script = '' - #!/bin/sh - exec ${cfg.package}/bin/prometheus \ - ${concatStringsSep " \\\n " cmdlineArgs} - ''; - serviceConfig = { - User = promUser; - Restart = "always"; - WorkingDirectory = cfg.dataDir; + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable the Prometheus 2 monitoring daemon. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.prometheus_2; + defaultText = "pkgs.prometheus_2"; + description = '' + The prometheus2 package that should be used. + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = "0.0.0.0:9090"; + description = '' + Address to listen on for the web interface, API, and telemetry. + ''; + }; + + stateDir = mkOption { + type = types.str; + default = "prometheus2"; + description = '' + Directory below <literal>${stateDirBase}</literal> to store Prometheus metrics data. + This directory will be created automatically using systemd's StateDirectory mechanism. + Defaults to <literal>prometheus2</literal>. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra commandline options when launching Prometheus 2. + ''; + }; + + configText = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + If non-null, this option defines the text that is written to + prometheus.yml. If null, the contents of prometheus.yml is generated + from the structured config options. + ''; + }; + + globalConfig = mkOption { + type = promTypes.globalConfig; + default = {}; + apply = _filter; + description = '' + Parameters that are valid in all configuration contexts. They + also serve as defaults for other configuration sections + ''; + }; + + rules = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Alerting and/or Recording rules to evaluate at runtime. + ''; + }; + + ruleFiles = mkOption { + type = types.listOf types.path; + default = []; + description = '' + Any additional rules files to include in this configuration. + ''; + }; + + scrapeConfigs = mkOption { + type = types.listOf promTypes.scrape_config; + default = []; + apply = x: map _filter x; + description = '' + A list of scrape configurations. + ''; + }; + + alertmanagerURL = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of Alertmanager URLs to send notifications to. + ''; + }; + + alertmanagerNotificationQueueCapacity = mkOption { + type = types.int; + default = 10000; + description = '' + The capacity of the queue for pending alert manager notifications. + ''; + }; + + alertmanagerTimeout = mkOption { + type = types.int; + default = 10; + description = '' + Alert manager HTTP API timeout (in seconds). + ''; + }; + + webExternalUrl = mkOption { + type = types.nullOr types.str; + default = null; + example = "https://example.com/"; + description = '' + The URL under which Prometheus is externally reachable (for example, + if Prometheus is served via a reverse proxy). + ''; }; }; - }; + }; + + config = mkMerge [ + (mkIf (cfg.enable || cfg2.enable) { + users.groups.${promGroup}.gid = config.ids.gids.prometheus; + users.users.${promUser} = { + description = "Prometheus daemon user"; + uid = config.ids.uids.prometheus; + group = promGroup; + }; + }) + (mkIf cfg.enable { + warnings = + optional (cfg.dataDir != null) '' + The option services.prometheus.dataDir is deprecated, please use + services.prometheus.stateDir. + ''; + assertions = [ + { + assertion = !(cfg.dataDir != null && cfg.stateDir != null); + message = + "The options services.prometheus.dataDir and services.prometheus.stateDir" + + " can't both be set at the same time! It's recommended to only set the latter" + + " since the former is deprecated."; + } + { + assertion = cfg.dataDir != null -> hasPrefix stateDirBase cfg.dataDir; + message = + "The option services.prometheus.dataDir should have ${stateDirBase} as a prefix!"; + } + { + assertion = cfg.stateDir != null -> !hasPrefix "/" cfg.stateDir; + message = + "The option services.prometheus.stateDir shouldn't be an absolute directory." + + " It should be a directory relative to ${stateDirBase}."; + } + { + assertion = cfg2.stateDir != null -> !hasPrefix "/" cfg2.stateDir; + message = + "The option services.prometheus2.stateDir shouldn't be an absolute directory." + + " It should be a directory relative to ${stateDirBase}."; + } + ]; + systemd.services.prometheus = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${cfg.package}/bin/prometheus" + + optionalString (length cmdlineArgs != 0) (" \\\n " + + concatStringsSep " \\\n " cmdlineArgs); + User = promUser; + Restart = "always"; + WorkingDirectory = workingDir; + StateDirectory = stateDir; + }; + }; + }) + (mkIf cfg2.enable { + systemd.services.prometheus2 = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${cfg2.package}/bin/prometheus" + + optionalString (length cmdlineArgs2 != 0) (" \\\n " + + concatStringsSep " \\\n " cmdlineArgs2); + User = promUser; + Restart = "always"; + WorkingDirectory = workingDir2; + StateDirectory = cfg2.stateDir; + }; + }; + }) + ]; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix new file mode 100644 index 000000000000..f8fcc3eb97ef --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix @@ -0,0 +1,166 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.prometheus.pushgateway; + + cmdlineArgs = + opt "web.listen-address" cfg.web.listen-address + ++ opt "web.telemetry-path" cfg.web.telemetry-path + ++ opt "web.external-url" cfg.web.external-url + ++ opt "web.route-prefix" cfg.web.route-prefix + ++ optional cfg.persistMetrics ''--persistence.file="/var/lib/${cfg.stateDir}/metrics"'' + ++ opt "persistence.interval" cfg.persistence.interval + ++ opt "log.level" cfg.log.level + ++ opt "log.format" cfg.log.format + ++ cfg.extraFlags; + + opt = k : v : optional (v != null) ''--${k}="${v}"''; + +in { + options = { + services.prometheus.pushgateway = { + enable = mkEnableOption "Prometheus Pushgateway"; + + package = mkOption { + type = types.package; + default = pkgs.prometheus-pushgateway; + defaultText = "pkgs.prometheus-pushgateway"; + description = '' + Package that should be used for the prometheus pushgateway. + ''; + }; + + web.listen-address = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Address to listen on for the web interface, API and telemetry. + + <literal>null</literal> will default to <literal>:9091</literal>. + ''; + }; + + web.telemetry-path = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Path under which to expose metrics. + + <literal>null</literal> will default to <literal>/metrics</literal>. + ''; + }; + + web.external-url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The URL under which Pushgateway is externally reachable. + ''; + }; + + web.route-prefix = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Prefix for the internal routes of web endpoints. + + Defaults to the path of + <option>services.prometheus.pushgateway.web.external-url</option>. + ''; + }; + + persistence.interval = mkOption { + type = types.nullOr types.str; + default = null; + example = "10m"; + description = '' + The minimum interval at which to write out the persistence file. + + <literal>null</literal> will default to <literal>5m</literal>. + ''; + }; + + log.level = mkOption { + type = types.nullOr (types.enum ["debug" "info" "warn" "error" "fatal"]); + default = null; + description = '' + Only log messages with the given severity or above. + + <literal>null</literal> will default to <literal>info</literal>. + ''; + }; + + log.format = mkOption { + type = types.nullOr types.str; + default = null; + example = "logger:syslog?appname=bob&local=7"; + description = '' + Set the log target and format. + + <literal>null</literal> will default to <literal>logger:stderr</literal>. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra commandline options when launching the Pushgateway. + ''; + }; + + persistMetrics = mkOption { + type = types.bool; + default = false; + description = '' + Whether to persist metrics to a file. + + When enabled metrics will be saved to a file called + <literal>metrics</literal> in the directory + <literal>/var/lib/pushgateway</literal>. The directory below + <literal>/var/lib</literal> can be set using + <option>services.prometheus.pushgateway.stateDir</option>. + ''; + }; + + stateDir = mkOption { + type = types.str; + default = "pushgateway"; + description = '' + Directory below <literal>/var/lib</literal> to store metrics. + + This directory will be created automatically using systemd's + StateDirectory mechanism when + <option>services.prometheus.pushgateway.persistMetrics</option> + is enabled. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !hasPrefix "/" cfg.stateDir; + message = + "The option services.prometheus.pushgateway.stateDir" + + " shouldn't be an absolute directory." + + " It should be a directory relative to /var/lib."; + } + ]; + systemd.services.pushgateway = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + DynamicUser = true; + ExecStart = "${cfg.package}/bin/pushgateway" + + optionalString (length cmdlineArgs != 0) (" \\\n " + + concatStringsSep " \\\n " cmdlineArgs); + StateDirectory = if cfg.persistMetrics then cfg.stateDir else null; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix index 426cf9bf86ef..0519e7c2ad6a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix @@ -9,7 +9,7 @@ let zabbix = cfg.package; - stateDir = "/var/run/zabbix"; + stateDir = "/run/zabbix"; logDir = "/var/log/zabbix"; diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix index 5f9fc12832fc..fdeab6af4417 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix @@ -7,7 +7,7 @@ let cfg = config.services.zabbixServer; - stateDir = "/var/run/zabbix"; + stateDir = "/run/zabbix"; logDir = "/var/log/zabbix"; diff --git a/nixpkgs/nixos/modules/services/networking/asterisk.nix b/nixpkgs/nixos/modules/services/networking/asterisk.nix index b8ec2b25a227..03a2544b9a7e 100644 --- a/nixpkgs/nixos/modules/services/networking/asterisk.nix +++ b/nixpkgs/nixos/modules/services/networking/asterisk.nix @@ -45,7 +45,7 @@ let astdatadir => /var/lib/asterisk astagidir => /var/lib/asterisk/agi-bin astspooldir => /var/spool/asterisk - astrundir => /var/run/asterisk + astrundir => /run/asterisk astlogdir => /var/log/asterisk astsbindir => ${cfg.package}/sbin ''; @@ -257,7 +257,7 @@ in ExecReload = ''${cfg.package}/bin/asterisk -x "core reload" ''; Type = "forking"; - PIDFile = "/var/run/asterisk/asterisk.pid"; + PIDFile = "/run/asterisk/asterisk.pid"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix b/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix index 488d9877b5e0..4c91a0c415b6 100644 --- a/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix @@ -214,7 +214,7 @@ in systemd.sockets.avahi-daemon = { description = "Avahi mDNS/DNS-SD Stack Activation Socket"; - listenStreams = [ "/var/run/avahi-daemon/socket" ]; + listenStreams = [ "/run/avahi-daemon/socket" ]; wantedBy = [ "sockets.target" ]; }; @@ -229,7 +229,7 @@ in path = [ pkgs.coreutils pkgs.avahi ]; - preStart = "mkdir -p /var/run/avahi-daemon"; + preStart = "mkdir -p /run/avahi-daemon"; script = '' diff --git a/nixpkgs/nixos/modules/services/networking/bind.nix b/nixpkgs/nixos/modules/services/networking/bind.nix index abcd1ef6ff5d..98486cefd528 100644 --- a/nixpkgs/nixos/modules/services/networking/bind.nix +++ b/nixpkgs/nixos/modules/services/networking/bind.nix @@ -25,8 +25,8 @@ let blackhole { badnetworks; }; forward first; forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} }; - directory "/var/run/named"; - pid-file "/var/run/named/named.pid"; + directory "/run/named"; + pid-file "/run/named/named.pid"; ${cfg.extraOptions} }; @@ -187,8 +187,8 @@ in ${pkgs.bind.out}/sbin/rndc-confgen -r /dev/urandom -c /etc/bind/rndc.key -u ${bindUser} -a -A hmac-sha256 2>/dev/null fi - ${pkgs.coreutils}/bin/mkdir -p /var/run/named - chown ${bindUser} /var/run/named + ${pkgs.coreutils}/bin/mkdir -p /run/named + chown ${bindUser} /run/named ''; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/networking/hostapd.nix b/nixpkgs/nixos/modules/services/networking/hostapd.nix index 9f74e4963296..3fbc08e90607 100644 --- a/nixpkgs/nixos/modules/services/networking/hostapd.nix +++ b/nixpkgs/nixos/modules/services/networking/hostapd.nix @@ -25,7 +25,7 @@ let logger_stdout=-1 logger_stdout_level=2 - ctrl_interface=/var/run/hostapd + ctrl_interface=/run/hostapd ctrl_interface_group=${cfg.group} ${if cfg.wpa then '' diff --git a/nixpkgs/nixos/modules/services/networking/htpdate.nix b/nixpkgs/nixos/modules/services/networking/htpdate.nix index f5d512c7cd5a..6954e5b060c4 100644 --- a/nixpkgs/nixos/modules/services/networking/htpdate.nix +++ b/nixpkgs/nixos/modules/services/networking/htpdate.nix @@ -62,7 +62,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "forking"; - PIDFile = "/var/run/htpdate.pid"; + PIDFile = "/run/htpdate.pid"; ExecStart = concatStringsSep " " [ "${htpdate}/bin/htpdate" "-D -u nobody" diff --git a/nixpkgs/nixos/modules/services/networking/hylafax/default.nix b/nixpkgs/nixos/modules/services/networking/hylafax/default.nix index 4c63b822d165..d8ffa3fc04d2 100644 --- a/nixpkgs/nixos/modules/services/networking/hylafax/default.nix +++ b/nixpkgs/nixos/modules/services/networking/hylafax/default.nix @@ -26,4 +26,6 @@ }]; }; + meta.maintainers = [ lib.maintainers.yarny ]; + } diff --git a/nixpkgs/nixos/modules/services/networking/hylafax/faxq-default.nix b/nixpkgs/nixos/modules/services/networking/hylafax/faxq-default.nix index a2630ce66b71..9b634650cf79 100644 --- a/nixpkgs/nixos/modules/services/networking/hylafax/faxq-default.nix +++ b/nixpkgs/nixos/modules/services/networking/hylafax/faxq-default.nix @@ -4,7 +4,7 @@ { - ModemGroup = [ ''"any:.*"'' ]; + ModemGroup = [ ''"any:0:.*"'' ]; ServerTracing = "0x78701"; SessionTracing = "0x78701"; UUCPLockDir = "/var/lock"; diff --git a/nixpkgs/nixos/modules/services/networking/iodine.nix b/nixpkgs/nixos/modules/services/networking/iodine.nix index 58ad0df4ff20..344f84374bbd 100644 --- a/nixpkgs/nixos/modules/services/networking/iodine.nix +++ b/nixpkgs/nixos/modules/services/networking/iodine.nix @@ -63,7 +63,7 @@ in passwordFile = mkOption { type = types.str; default = ""; - description = "File that containts password"; + description = "File that contains password"; }; }; })); @@ -100,7 +100,7 @@ in passwordFile = mkOption { type = types.str; default = ""; - description = "File that containts password"; + description = "File that contains password"; }; }; @@ -120,7 +120,7 @@ in description = "iodine client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.relay} ${cfg.server}"; + script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; @@ -136,7 +136,7 @@ in description = "iodine, ip over dns server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "-P $(cat \"${cfg.server.passwordFile}\")"} ${cfg.server.ip} ${cfg.server.domain}"; + script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ircd-hybrid/ircd.conf b/nixpkgs/nixos/modules/services/networking/ircd-hybrid/ircd.conf index bb22832dbdb2..17ef203840af 100644 --- a/nixpkgs/nixos/modules/services/networking/ircd-hybrid/ircd.conf +++ b/nixpkgs/nixos/modules/services/networking/ircd-hybrid/ircd.conf @@ -987,7 +987,7 @@ general { * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7 * which automatically finds the path. */ -# egdpool_path = "/var/run/egd-pool"; +# egdpool_path = "/run/egd-pool"; /* diff --git a/nixpkgs/nixos/modules/services/networking/lldpd.nix b/nixpkgs/nixos/modules/services/networking/lldpd.nix index dec30cc92f6a..d5de9c45d84b 100644 --- a/nixpkgs/nixos/modules/services/networking/lldpd.nix +++ b/nixpkgs/nixos/modules/services/networking/lldpd.nix @@ -23,7 +23,7 @@ in users.users._lldpd = { description = "lldpd user"; group = "_lldpd"; - home = "/var/run/lldpd"; + home = "/run/lldpd"; isSystemUser = true; }; users.groups._lldpd = {}; diff --git a/nixpkgs/nixos/modules/services/networking/miniupnpd.nix b/nixpkgs/nixos/modules/services/networking/miniupnpd.nix index ab714a6ac75e..c095d9948546 100644 --- a/nixpkgs/nixos/modules/services/networking/miniupnpd.nix +++ b/nixpkgs/nixos/modules/services/networking/miniupnpd.nix @@ -71,7 +71,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}"; - PIDFile = "/var/run/miniupnpd.pid"; + PIDFile = "/run/miniupnpd.pid"; Type = "forking"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/networkmanager.nix b/nixpkgs/nixos/modules/services/networking/networkmanager.nix index d372dfd8f412..5e5544471818 100644 --- a/nixpkgs/nixos/modules/services/networking/networkmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/networkmanager.nix @@ -466,7 +466,7 @@ in { systemd.packages = cfg.packages; - systemd.services."network-manager" = { + systemd.services."NetworkManager" = { wantedBy = [ "network.target" ]; restartTriggers = [ configFile ]; @@ -478,9 +478,9 @@ in { }; systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled { - wantedBy = [ "network-manager.service" ]; - before = [ "network-manager.service" ]; - partOf = [ "network-manager.service" ]; + wantedBy = [ "NetworkManager.service" ]; + before = [ "NetworkManager.service" ]; + partOf = [ "NetworkManager.service" ]; script = concatStrings (mapAttrsToList (n: d: '' mkdir -p "/run/NetworkManager/hostsdirs/${n}" chown "${d.user}:${d.group}" "/run/NetworkManager/hostsdirs/${n}" diff --git a/nixpkgs/nixos/modules/services/networking/ocserv.nix b/nixpkgs/nixos/modules/services/networking/ocserv.nix index 61473a9fabf9..dc26ffeafeef 100644 --- a/nixpkgs/nixos/modules/services/networking/ocserv.nix +++ b/nixpkgs/nixos/modules/services/networking/ocserv.nix @@ -31,7 +31,7 @@ in udp-port = 443 run-as-user = nobody run-as-group = nogroup - socket-file = /var/run/ocserv-socket + socket-file = /run/ocserv-socket server-cert = certs/server-cert.pem server-key = certs/server-key.pem keepalive = 32400 @@ -50,7 +50,7 @@ in rekey-time = 172800 rekey-method = ssl use-occtl = true - pid-file = /var/run/ocserv.pid + pid-file = /run/ocserv.pid device = vpns predictable-ips = true default-domain = example.com @@ -90,8 +90,8 @@ in serviceConfig = { PrivateTmp = true; - PIDFile = "/var/run/ocserv.pid"; - ExecStart = "${pkgs.ocserv}/bin/ocserv --foreground --pid-file /var/run/ocesrv.pid --config /etc/ocserv/ocserv.conf"; + PIDFile = "/run/ocserv.pid"; + ExecStart = "${pkgs.ocserv}/bin/ocserv --foreground --pid-file /run/ocesrv.pid --config /etc/ocserv/ocserv.conf"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/racoon.nix b/nixpkgs/nixos/modules/services/networking/racoon.nix index 86e13d1ea0d6..328f4cb1497f 100644 --- a/nixpkgs/nixos/modules/services/networking/racoon.nix +++ b/nixpkgs/nixos/modules/services/networking/racoon.nix @@ -32,12 +32,12 @@ in { else cfg.configPath }"; ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config"; - PIDFile = "/var/run/racoon.pid"; + PIDFile = "/run/racoon.pid"; Type = "forking"; Restart = "always"; }; preStart = '' - rm /var/run/racoon.pid || true + rm /run/racoon.pid || true mkdir -p /var/racoon ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix index b9b5d40c4574..cbb305cd3825 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix @@ -431,8 +431,6 @@ in services.openssh.extraConfig = mkOrder 0 '' - Protocol 2 - UsePAM yes AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} diff --git a/nixpkgs/nixos/modules/services/networking/strongswan.nix b/nixpkgs/nixos/modules/services/networking/strongswan.nix index 707d24b9220f..41b69039ba7a 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan.nix @@ -54,7 +54,7 @@ in enable = mkEnableOption "strongSwan"; secrets = mkOption { - type = types.listOf types.path; + type = types.listOf types.str; default = []; example = [ "/run/keys/ipsec-foo.secret" ]; description = '' diff --git a/nixpkgs/nixos/modules/services/networking/supplicant.nix b/nixpkgs/nixos/modules/services/networking/supplicant.nix index 3c4321ab9e9d..35c1e649e2e1 100644 --- a/nixpkgs/nixos/modules/services/networking/supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/supplicant.nix @@ -132,7 +132,7 @@ in extraCmdArgs = mkOption { type = types.str; default = ""; - example = "-e/var/run/wpa_supplicant/entropy.bin"; + example = "-e/run/wpa_supplicant/entropy.bin"; description = "Command line arguments to add when executing <literal>wpa_supplicant</literal>."; }; @@ -164,7 +164,7 @@ in socketDir = mkOption { type = types.str; - default = "/var/run/wpa_supplicant"; + default = "/run/wpa_supplicant"; description = "Directory of sockets for controlling wpa_supplicant."; }; diff --git a/nixpkgs/nixos/modules/services/networking/tox-node.nix b/nixpkgs/nixos/modules/services/networking/tox-node.nix new file mode 100644 index 000000000000..c24e7fd12850 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/tox-node.nix @@ -0,0 +1,95 @@ +{ lib, pkgs, config, ... }: + +with lib; + +let + pkg = pkgs.tox-node; + cfg = config.services.tox-node; + homeDir = "/var/lib/tox-node"; + + configFile = let + # fetchurl should be switched to getting this file from tox-node.src once + # the dpkg directory is in a release + src = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/tox-rs/tox-node/master/dpkg/config.yml"; + sha256 = "1431wzpzm786mcvyzk1rp7ar418n45dr75hdggxvlm7pkpam31xa"; + }; + confJSON = pkgs.writeText "config.json" ( + builtins.toJSON { + log-type = cfg.logType; + keys-file = cfg.keysFile; + udp-address = cfg.udpAddress; + tcp-addresses = cfg.tcpAddresses; + tcp-connections-limit = cfg.tcpConnectionLimit; + lan-discovery = cfg.lanDiscovery; + threads = cfg.threads; + motd = cfg.motd; + } + ); + in with pkgs; runCommand "config.yml" {} '' + ${remarshal}/bin/remarshal -if yaml -of json ${src} -o src.json + ${jq}/bin/jq -s '(.[0] | with_entries( select(.key == "bootstrap-nodes"))) * .[1]' src.json ${confJSON} > $out + ''; + +in { + options.services.tox-node = { + enable = mkEnableOption "Tox Node service"; + + logType = mkOption { + type = types.enum [ "Stderr" "Stdout" "Syslog" "None" ]; + default = "Stderr"; + description = "Logging implementation."; + }; + keysFile = mkOption { + type = types.str; + default = "${homeDir}/keys"; + description = "Path to the file where DHT keys are stored."; + }; + udpAddress = mkOption { + type = types.str; + default = "0.0.0.0:33445"; + description = "UDP address to run DHT node."; + }; + tcpAddresses = mkOption { + type = types.listOf types.str; + default = [ "0.0.0.0:33445" ]; + description = "TCP addresses to run TCP relay."; + }; + tcpConnectionLimit = mkOption { + type = types.int; + default = 8192; + description = "Maximum number of active TCP connections relay can hold"; + }; + lanDiscovery = mkOption { + type = types.bool; + default = true; + description = "Enable local network discovery."; + }; + threads = mkOption { + type = types.int; + default = 1; + description = "Number of threads for execution"; + }; + motd = mkOption { + type = types.str; + default = "Hi from tox-rs! I'm up {{uptime}}. TCP: incoming {{tcp_packets_in}}, outgoing {{tcp_packets_out}}, UDP: incoming {{udp_packets_in}}, outgoing {{udp_packets_out}}"; + description = "Message of the day"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.tox-node = { + description = "Tox Node"; + + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${pkg}/bin/tox-node config ${configFile}"; + StateDirectory = "tox-node"; + DynamicUser = true; + Restart = "always"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix index cdfe98aa0341..0bd9edf4a41c 100644 --- a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix @@ -6,7 +6,7 @@ let cfg = config.networking.wireless; configFile = if cfg.networks != {} then pkgs.writeText "wpa_supplicant.conf" '' ${optionalString cfg.userControlled.enable '' - ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group} + ctrl_interface=DIR=/run/wpa_supplicant GROUP=${cfg.userControlled.group} update_config=1''} ${cfg.extraConfig} ${concatStringsSep "\n" (mapAttrsToList (ssid: config: with config; let diff --git a/nixpkgs/nixos/modules/services/networking/xrdp.nix b/nixpkgs/nixos/modules/services/networking/xrdp.nix index cc18f6d0064c..b7dd1c5d99dd 100644 --- a/nixpkgs/nixos/modules/services/networking/xrdp.nix +++ b/nixpkgs/nixos/modules/services/networking/xrdp.nix @@ -17,7 +17,7 @@ let chmod +x $out/startwm.sh substituteInPlace $out/xrdp.ini \ - --replace "#rsakeys_ini=" "rsakeys_ini=/var/run/xrdp/rsakeys.ini" \ + --replace "#rsakeys_ini=" "rsakeys_ini=/run/xrdp/rsakeys.ini" \ --replace "certificate=" "certificate=${cfg.sslCert}" \ --replace "key_file=" "key_file=${cfg.sslKey}" \ --replace LogFile=xrdp.log LogFile=/dev/null \ @@ -132,9 +132,9 @@ in chown root:xrdp ${cfg.sslKey} ${cfg.sslCert} chmod 440 ${cfg.sslKey} ${cfg.sslCert} fi - if [ ! -s /var/run/xrdp/rsakeys.ini ]; then - mkdir -p /var/run/xrdp - ${cfg.package}/bin/xrdp-keygen xrdp /var/run/xrdp/rsakeys.ini + if [ ! -s /run/xrdp/rsakeys.ini ]; then + mkdir -p /run/xrdp + ${cfg.package}/bin/xrdp-keygen xrdp /run/xrdp/rsakeys.ini fi ''; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/networking/znc/default.nix b/nixpkgs/nixos/modules/services/networking/znc/default.nix index bce5b15a19ec..1ad8855b86db 100644 --- a/nixpkgs/nixos/modules/services/networking/znc/default.nix +++ b/nixpkgs/nixos/modules/services/networking/znc/default.nix @@ -151,7 +151,7 @@ in ''; description = '' Configuration for ZNC, see - <literal>https://wiki.znc.in/Configuration</literal> for details. The + <link xlink:href="https://wiki.znc.in/Configuration"/> for details. The Nix value declared here will be translated directly to the xml-like format ZNC expects. This is much more flexible than the legacy options under <option>services.znc.confOptions.*</option>, but also can't do diff --git a/nixpkgs/nixos/modules/services/printing/cupsd.nix b/nixpkgs/nixos/modules/services/printing/cupsd.nix index 854c76cc0a16..9e9bdedff126 100644 --- a/nixpkgs/nixos/modules/services/printing/cupsd.nix +++ b/nixpkgs/nixos/modules/services/printing/cupsd.nix @@ -74,7 +74,7 @@ let ${concatMapStrings (addr: '' Listen ${addr} '') cfg.listenAddresses} - Listen /var/run/cups/cups.sock + Listen /run/cups/cups.sock SetEnv PATH /var/lib/cups/path/lib/cups/filter:/var/lib/cups/path/bin diff --git a/nixpkgs/nixos/modules/services/scheduling/fcron.nix b/nixpkgs/nixos/modules/services/scheduling/fcron.nix index ae3828977753..f77b3bcd5921 100644 --- a/nixpkgs/nixos/modules/services/scheduling/fcron.nix +++ b/nixpkgs/nixos/modules/services/scheduling/fcron.nix @@ -100,8 +100,8 @@ in in pkgs.writeText "fcron.conf" '' fcrontabs = /var/spool/fcron - pidfile = /var/run/fcron.pid - fifofile = /var/run/fcron.fifo + pidfile = /run/fcron.pid + fifofile = /run/fcron.fifo fcronallow = /etc/fcron.allow fcrondeny = /etc/fcron.deny shell = /bin/sh diff --git a/nixpkgs/nixos/modules/services/search/kibana.nix b/nixpkgs/nixos/modules/services/search/kibana.nix index 3539b3ddb4f1..ba58630a467a 100644 --- a/nixpkgs/nixos/modules/services/search/kibana.nix +++ b/nixpkgs/nixos/modules/services/search/kibana.nix @@ -5,6 +5,9 @@ with lib; let cfg = config.services.kibana; + ge7 = builtins.compareVersions cfg.package.version "7" >= 0; + lt6_6 = builtins.compareVersions cfg.package.version "6.6" < 0; + cfgFile = pkgs.writeText "kibana.json" (builtins.toJSON ( (filterAttrsRecursive (n: v: v != null) ({ server.host = cfg.listenAddress; @@ -16,6 +19,7 @@ let kibana.defaultAppId = cfg.defaultAppId; elasticsearch.url = cfg.elasticsearch.url; + elasticsearch.hosts = cfg.elasticsearch.hosts; elasticsearch.username = cfg.elasticsearch.username; elasticsearch.password = cfg.elasticsearch.password; @@ -67,9 +71,30 @@ in { elasticsearch = { url = mkOption { - description = "Elasticsearch url"; - default = "http://localhost:9200"; - type = types.str; + description = '' + Elasticsearch url. + + Defaults to <literal>"http://localhost:9200"</literal>. + + Don't set this when using Kibana >= 7.0.0 because it will result in a + configuration error. Use <option>services.kibana.elasticsearch.hosts</option> + instead. + ''; + default = null; + type = types.nullOr types.str; + }; + + hosts = mkOption { + description = '' + The URLs of the Elasticsearch instances to use for all your queries. + All nodes listed here must be on the same cluster. + + Defaults to <literal>[ "http://localhost:9200" ]</literal>. + + This option is only valid when using kibana >= 6.6. + ''; + default = null; + type = types.nullOr (types.listOf types.str); }; username = mkOption { @@ -143,6 +168,19 @@ in { }; config = mkIf (cfg.enable) { + assertions = [ + { + assertion = ge7 -> cfg.elasticsearch.url == null; + message = + "The option services.kibana.elasticsearch.url has been removed when using kibana >= 7.0.0. " + + "Please use option services.kibana.elasticsearch.hosts instead."; + } + { + assertion = lt6_6 -> cfg.elasticsearch.hosts == null; + message = + "The option services.kibana.elasticsearch.hosts is only valid for kibana >= 6.6."; + } + ]; systemd.services.kibana = { description = "Kibana Service"; wantedBy = [ "multi-user.target" ]; diff --git a/nixpkgs/nixos/modules/services/search/solr.nix b/nixpkgs/nixos/modules/services/search/solr.nix index 7200c40e89f7..6659cc8a2d1e 100644 --- a/nixpkgs/nixos/modules/services/search/solr.nix +++ b/nixpkgs/nixos/modules/services/search/solr.nix @@ -13,11 +13,19 @@ in services.solr = { enable = mkEnableOption "Enables the solr service."; + # default to the 8.x series not forcing major version upgrade of those on the 7.x series package = mkOption { type = types.package; - default = pkgs.solr; + default = if versionAtLeast config.system.stateVersion "19.09" + then pkgs.solr_8 + else pkgs.solr_7 + ; defaultText = "pkgs.solr"; - description = "Which Solr package to use."; + description = '' + Which Solr package to use. This defaults to version 7.x if + <literal>system.stateVersion < 19.09</literal> and version 8.x + otherwise. + ''; }; port = mkOption { diff --git a/nixpkgs/nixos/modules/services/security/hologram-agent.nix b/nixpkgs/nixos/modules/services/security/hologram-agent.nix index 39ed506f7617..a5087b0a99b4 100644 --- a/nixpkgs/nixos/modules/services/security/hologram-agent.nix +++ b/nixpkgs/nixos/modules/services/security/hologram-agent.nix @@ -45,7 +45,7 @@ in { wantedBy = [ "multi-user.target" ]; requires = [ "network-link-dummy0.service" "network-addresses-dummy0.service" ]; preStart = '' - /run/current-system/sw/bin/rm -fv /var/run/hologram.sock + /run/current-system/sw/bin/rm -fv /run/hologram.sock ''; serviceConfig = { ExecStart = "${pkgs.hologram.bin}/bin/hologram-agent -debug -conf ${cfgFile} -port ${cfg.httpPort}"; diff --git a/nixpkgs/nixos/modules/services/web-apps/codimd.nix b/nixpkgs/nixos/modules/services/web-apps/codimd.nix index 56e1de17e3c3..ee2fc2b9d857 100644 --- a/nixpkgs/nixos/modules/services/web-apps/codimd.nix +++ b/nixpkgs/nixos/modules/services/web-apps/codimd.nix @@ -67,7 +67,7 @@ in path = mkOption { type = types.nullOr types.str; default = null; - example = "/var/run/codimd.sock"; + example = "/run/codimd.sock"; description = '' Specify where a UNIX domain socket should be placed. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/documize.nix b/nixpkgs/nixos/modules/services/web-apps/documize.nix new file mode 100644 index 000000000000..206617b0e5ac --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/documize.nix @@ -0,0 +1,67 @@ +{ pkgs, lib, config, ... }: + +with lib; + +let + + cfg = config.services.documize; + +in + + { + options.services.documize = { + enable = mkEnableOption "Documize Wiki"; + + offline = mkEnableOption "Documize offline mode"; + + package = mkOption { + default = pkgs.documize-community; + type = types.package; + description = '' + Which package to use for documize. + ''; + }; + + db = mkOption { + type = types.str; + example = "host=localhost port=5432 sslmode=disable user=admin password=secret dbname=documize"; + description = '' + The DB connection string to use for the database. + ''; + }; + + dbtype = mkOption { + type = types.enum [ "postgresql" "percona" "mariadb" "mysql" ]; + description = '' + Which database to use for storage. + ''; + }; + + port = mkOption { + type = types.port; + example = 3000; + description = '' + Which TCP port to serve. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.documize-server = { + wantedBy = [ "multi-user.target" ]; + + script = '' + ${cfg.package}/bin/documize \ + -db "${cfg.db}" \ + -dbtype ${cfg.dbtype} \ + -port ${toString cfg.port} \ + -offline ${if cfg.offline then "1" else "0"} + ''; + + serviceConfig = { + Restart = "always"; + DynamicUser = "yes"; + }; + }; + }; + } diff --git a/nixpkgs/nixos/modules/services/web-apps/miniflux.nix b/nixpkgs/nixos/modules/services/web-apps/miniflux.nix new file mode 100644 index 000000000000..1d60004e574d --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/miniflux.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.miniflux; + + dbUser = "miniflux"; + dbPassword = "miniflux"; + dbHost = "localhost"; + dbName = "miniflux"; + + defaultCredentials = pkgs.writeText "miniflux-admin-credentials" '' + ADMIN_USERNAME=admin + ADMIN_PASSWORD=password + ''; + + pgsu = "${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser}"; + pgbin = "${config.services.postgresql.package}/bin"; + preStart = pkgs.writeScript "miniflux-pre-start" '' + #!${pkgs.runtimeShell} + db_exists() { + [ "$(${pgsu} ${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ] + } + if ! db_exists "${dbName}"; then + ${pgsu} ${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'" + ${pgsu} ${pgbin}/createdb --owner "${dbUser}" "${dbName}" + ${pgsu} ${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore" + fi + ''; +in + +{ + options = { + services.miniflux = { + enable = mkEnableOption "miniflux"; + + config = mkOption { + type = types.attrsOf types.str; + example = literalExample '' + { + CLEANUP_FREQUENCY = "48"; + LISTEN_ADDR = "localhost:8080"; + } + ''; + description = '' + Configuration for Miniflux, refer to + <link xlink:href="http://docs.miniflux.app/en/latest/configuration.html"/> + for documentation on the supported values. + ''; + }; + + adminCredentialsFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + File containing the ADMIN_USERNAME, default is "admin", and + ADMIN_PASSWORD (length >= 6), default is "password"; in the format of + an EnvironmentFile=, as described by systemd.exec(5). + ''; + example = "/etc/nixos/miniflux-admin-credentials"; + }; + }; + }; + + config = mkIf cfg.enable { + + services.miniflux.config = { + LISTEN_ADDR = mkDefault "localhost:8080"; + DATABASE_URL = "postgresql://${dbUser}:${dbPassword}@${dbHost}/${dbName}?sslmode=disable"; + RUN_MIGRATIONS = "1"; + CREATE_ADMIN = "1"; + }; + + services.postgresql.enable = true; + + systemd.services.miniflux = { + description = "Miniflux service"; + wantedBy = [ "multi-user.target" ]; + requires = [ "postgresql.service" ]; + after = [ "network.target" "postgresql.service" ]; + + serviceConfig = { + ExecStart = "${pkgs.miniflux}/bin/miniflux"; + ExecStartPre = "+${preStart}"; + DynamicUser = true; + RuntimeDirectory = "miniflux"; + RuntimeDirectoryMode = "0700"; + EnvironmentFile = if isNull cfg.adminCredentialsFile + then defaultCredentials + else cfg.adminCredentialsFile; + }; + + environment = cfg.config; + }; + environment.systemPackages = [ pkgs.miniflux ]; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix index eedcccac723c..d0e45e1c12a5 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix @@ -32,7 +32,7 @@ let cd ${pkgs.nextcloud} exec /run/wrappers/bin/sudo -u nextcloud \ NEXTCLOUD_CONFIG_DIR="${cfg.home}/config" \ - ${config.services.phpfpm.phpPackage}/bin/php \ + ${phpPackage}/bin/php \ -c ${pkgs.writeText "php.ini" phpOptionsStr}\ occ $* ''; @@ -360,7 +360,7 @@ in { environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; serviceConfig.Type = "oneshot"; serviceConfig.User = "nextcloud"; - serviceConfig.ExecStart = "${pkgs.php}/bin/php -f ${pkgs.nextcloud}/cron.php"; + serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php"; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/restya-board.nix b/nixpkgs/nixos/modules/services/web-apps/restya-board.nix index b064eae248ed..15fd943a0826 100644 --- a/nixpkgs/nixos/modules/services/web-apps/restya-board.nix +++ b/nixpkgs/nixos/modules/services/web-apps/restya-board.nix @@ -13,7 +13,7 @@ let runDir = "/run/restya-board"; poolName = "restya-board"; - phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock"; + phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; in diff --git a/nixpkgs/nixos/modules/services/web-apps/selfoss.nix b/nixpkgs/nixos/modules/services/web-apps/selfoss.nix index 7b0ce8a8d03f..cd0f743a5fb8 100644 --- a/nixpkgs/nixos/modules/services/web-apps/selfoss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/selfoss.nix @@ -4,7 +4,7 @@ let cfg = config.services.selfoss; poolName = "selfoss_pool"; - phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock"; + phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; dataDir = "/var/lib/selfoss"; diff --git a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix index f7a3daa5fdd5..08297c7275a4 100644 --- a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix @@ -15,7 +15,7 @@ let else cfg.database.port; poolName = "tt-rss"; - phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock"; + phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; tt-rss-config = pkgs.writeText "config.php" '' <?php diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix index 1eac5be2f8d3..8f00f81b078c 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -705,10 +705,7 @@ in path = [ httpd pkgs.coreutils pkgs.gnugrep ] - ++ # Needed for PHP's mail() function. !!! Probably the - # ssmtp module should export the path to sendmail in - # some way. - optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp + ++ optional enablePHP pkgs.system-sendmail # Needed for PHP's mail() function. ++ concatMap (svc: svc.extraServerPath) allSubservices; environment = diff --git a/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix b/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix index 4e7082c67690..f9b1a8b6ccce 100644 --- a/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix +++ b/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix @@ -22,7 +22,7 @@ in { User: root # If available, "nobody" is much more secure for Group:. Group: root - Pid_File: /var/run/mighty.pid + Pid_File: /run/mighty.pid Logging: Yes # Yes or No Log_File: /var/log/mighty # The directory must be writable by User: Log_File_Size: 16777216 # bytes diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix index ea01749349de..3d748d4308b7 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -126,8 +126,10 @@ in { services.dleyna-renderer.enable = mkDefault true; services.dleyna-server.enable = mkDefault true; services.gnome3.at-spi2-core.enable = true; + services.gnome3.evince.enable = mkDefault true; services.gnome3.evolution-data-server.enable = true; services.gnome3.file-roller.enable = mkDefault true; + services.gnome3.glib-networking.enable = true; services.gnome3.gnome-disks.enable = mkDefault true; services.gnome3.gnome-documents.enable = mkDefault true; services.gnome3.gnome-keyring.enable = true; @@ -160,7 +162,11 @@ in { # If gnome3 is installed, build vim for gtk3 too. nixpkgs.config.vim.gui = "gtk3"; - fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell-fonts ]; + fonts.fonts = [ + pkgs.dejavu_fonts pkgs.cantarell-fonts + pkgs.source-sans-pro + pkgs.source-code-pro # Default monospace font in 3.32 + ]; services.xserver.displayManager.extraSessionFilePackages = [ pkgs.gnome3.gnome-session ] ++ map @@ -200,7 +206,6 @@ in { services.xserver.updateDbusEnvironment = true; environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules" - "${pkgs.gnome3.glib-networking.out}/lib/gio/modules" "${pkgs.gnome3.gvfs}/lib/gio/modules" ]; environment.systemPackages = pkgs.gnome3.corePackages ++ cfg.sessionPath ++ (pkgs.gnome3.removePackagesByName pkgs.gnome3.optionalPackages config.environment.gnome3.excludePackages) ++ [ diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix index 3ce49b9d2bf8..65a7b9c628e5 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix @@ -20,7 +20,7 @@ in services.xserver.desktopManager.session = [{ name = "kodi"; start = '' - ${pkgs.kodi}/bin/kodi --lircdev /var/run/lirc/lircd --standalone & + ${pkgs.kodi}/bin/kodi --lircdev /run/lirc/lircd --standalone & waitPID=$! ''; }]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index d0278271409a..e1eeb32aa1a0 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -73,8 +73,14 @@ in # Ensure lightdm is used when Pantheon is enabled # Without it screen locking will be nonfunctional because of the use of lightlocker + + warnings = optional (config.services.xserver.displayManager.lightdm.enable != true) + '' + Using Pantheon without LightDM as a displayManager will break screenlocking from the UI. + ''; + services.xserver.displayManager.lightdm.enable = mkDefault true; - services.xserver.displayManager.lightdm.greeters.pantheon.enable = mkDefault true; + services.xserver.displayManager.lightdm.greeters.gtk.enable = mkDefault true; # If not set manually Pantheon session cannot be started # Known issue of https://github.com/NixOS/nixpkgs/pull/43992 @@ -116,9 +122,11 @@ in # pantheon has pantheon-agent-geoclue2 services.geoclue2.enableDemoAgent = false; services.gnome3.at-spi2-core.enable = true; + services.gnome3.evince.enable = mkDefault true; services.gnome3.evolution-data-server.enable = true; services.gnome3.file-roller.enable = mkDefault true; # TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully + services.gnome3.glib-networking.enable = true; services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-settings-daemon.enable = true; services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon; @@ -146,7 +154,6 @@ in environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules" - "${pkgs.gnome3.glib-networking.out}/lib/gio/modules" "${pkgs.gnome3.gvfs}/lib/gio/modules" ]; @@ -162,7 +169,6 @@ in gnome3.geary gnome3.epiphany gnome3.gnome-font-viewer - evince ] ++ pantheon.apps) config.environment.pantheon.excludePackages) ++ (with pkgs; [ diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix index 226fee7491c1..3edf7c8d9cab 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix @@ -208,76 +208,25 @@ in session optional pam_permit.so ''; - gdm.text = '' - auth requisite pam_nologin.so - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - - auth required pam_succeed_if.so uid >= 1000 quiet - auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so - auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth - ${optionalString config.security.pam.enableEcryptfs - "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} - - ${optionalString (! config.security.pam.enableEcryptfs) - "auth required pam_deny.so"} - - account sufficient pam_unix.so - - password requisite pam_unix.so nullok sha512 - ${optionalString config.security.pam.enableEcryptfs - "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - ${optionalString config.security.pam.enableEcryptfs - "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - session required pam_loginuid.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so - session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start - ''; - gdm-password.text = '' - auth requisite pam_nologin.so - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - - auth required pam_succeed_if.so uid >= 1000 quiet - auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so - auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth - ${optionalString config.security.pam.enableEcryptfs - "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} - ${optionalString (! config.security.pam.enableEcryptfs) - "auth required pam_deny.so"} - - account sufficient pam_unix.so - - password requisite pam_unix.so nullok sha512 - ${optionalString config.security.pam.enableEcryptfs - "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - ${optionalString config.security.pam.enableEcryptfs - "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - session required pam_loginuid.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so - session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start + auth substack login + account include login + password substack login + session include login ''; gdm-autologin.text = '' - auth requisite pam_nologin.so + auth requisite pam_nologin.so - auth required pam_succeed_if.so uid >= 1000 quiet - auth required pam_permit.so + auth required pam_succeed_if.so uid >= 1000 quiet + auth required pam_permit.so - account sufficient pam_unix.so + account sufficient pam_unix.so - password requisite pam_unix.so nullok sha512 + password requisite pam_unix.so nullok sha512 - session optional pam_keyinit.so revoke - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - session required pam_loginuid.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so + session optional pam_keyinit.so revoke + session include login ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix index 05011b999f2b..bfba174144a1 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix @@ -33,6 +33,13 @@ in config = mkIf (ldmcfg.enable && cfg.enable) { + warnings = [ + '' + The Pantheon greeter is suboptimal in NixOS and can possibly put you in + a situation where you cannot start a session when switching desktopManagers. + '' + ]; + services.xserver.displayManager.lightdm.greeters.gtk.enable = false; services.xserver.displayManager.lightdm.greeter = mkDefault { diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix b/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix index a4b57cfdab64..40a1680da537 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix @@ -221,7 +221,7 @@ in services.xserver.displayManager.job.execCmd = '' ${optionalString (cfg.pulseaudio) - "export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie"} + "export PULSE_COOKIE=/run/pulse/.config/pulse/cookie"} exec ${pkgs.xpra}/bin/xpra start \ --daemon=off \ --log-dir=/var/log \ @@ -233,7 +233,7 @@ in --mdns=no \ --pulseaudio=no \ ${optionalString (cfg.pulseaudio) "--sound-source=pulse"} \ - --socket-dirs=/var/run/xpra \ + --socket-dirs=/run/xpra \ --xvfb="xpra_Xdummy ${concatStringsSep " " dmcfg.xserverArgs}" \ ${optionalString (cfg.bindTcp != null) "--bind-tcp=${cfg.bindTcp}"} \ --auth=${cfg.auth} \ |