diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-01-06 17:31:51 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-01-10 07:13:25 +0000 |
commit | 1cdc42df888dc98c347e03bd942ed9825a55bcb3 (patch) | |
tree | 27aa457536e906712e4075a137af20510df8299d /nixpkgs/nixos | |
parent | f0205a49b465ab0e99502d2af4314526a1f90909 (diff) | |
parent | 1b8af3e1ae75df048fbdfb3acf6842f13de3e38f (diff) | |
download | nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.tar nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.tar.gz nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.tar.bz2 nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.tar.lz nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.tar.xz nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.tar.zst nixlib-1cdc42df888dc98c347e03bd942ed9825a55bcb3.zip |
Merge commit '1b8af3e1ae75df048fbdfb3acf6842f13de3e38f'
Diffstat (limited to 'nixpkgs/nixos')
10 files changed, 179 insertions, 56 deletions
diff --git a/nixpkgs/nixos/modules/programs/hamster.nix b/nixpkgs/nixos/modules/programs/hamster.nix index ddf26a22fb53..b2f4a82b260e 100644 --- a/nixpkgs/nixos/modules/programs/hamster.nix +++ b/nixpkgs/nixos/modules/programs/hamster.nix @@ -3,7 +3,7 @@ with lib; { - meta.maintainers = maintainers.fabianhauser; + meta.maintainers = pkgs.hamster.meta.maintainers; options.programs.hamster.enable = mkEnableOption "Whether to enable hamster time tracking."; diff --git a/nixpkgs/nixos/modules/services/databases/openldap.nix b/nixpkgs/nixos/modules/services/databases/openldap.nix index 8c2851c37ac2..9b4d9a98b745 100644 --- a/nixpkgs/nixos/modules/services/databases/openldap.nix +++ b/nixpkgs/nixos/modules/services/databases/openldap.nix @@ -232,7 +232,7 @@ in }; meta = { - maintainers = lib.maintainers.mic92; + maintainers = [ lib.maintainers.mic92 ]; }; diff --git a/nixpkgs/nixos/modules/services/hardware/undervolt.nix b/nixpkgs/nixos/modules/services/hardware/undervolt.nix index e5ef0601de3c..da627af73bc6 100644 --- a/nixpkgs/nixos/modules/services/hardware/undervolt.nix +++ b/nixpkgs/nixos/modules/services/hardware/undervolt.nix @@ -1,18 +1,32 @@ { config, pkgs, lib, ... }: with lib; - let cfg = config.services.undervolt; -in { + cliArgs = lib.cli.toGNUCommandLineShell {} { + inherit (cfg) + verbose + temp + ; + # `core` and `cache` are both intentionally set to `cfg.coreOffset` as according to the undervolt docs: + # + # Core or Cache offsets have no effect. It is not possible to set different offsets for + # CPU Core and Cache. The CPU will take the smaller of the two offsets, and apply that to + # both CPU and Cache. A warning message will be displayed if you attempt to set different offsets. + core = cfg.coreOffset; + cache = cfg.coreOffset; + gpu = cfg.gpuOffset; + uncore = cfg.uncoreOffset; + analogio = cfg.analogioOffset; + + temp-bat = cfg.tempBat; + temp-ac = cfg.tempAc; + }; +in +{ options.services.undervolt = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to undervolt intel cpus. - ''; - }; + enable = mkEnableOption + "Intel CPU undervolting service (WARNING: may permanently damage your hardware!)"; verbose = mkOption { type = types.bool; @@ -32,58 +46,58 @@ in { }; coreOffset = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The amount of voltage to offset the CPU cores by. Accepts a floating point number. + The amount of voltage in mV to offset the CPU cores by. ''; }; gpuOffset = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The amount of voltage to offset the GPU by. Accepts a floating point number. + The amount of voltage in mV to offset the GPU by. ''; }; uncoreOffset = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The amount of voltage to offset uncore by. Accepts a floating point number. + The amount of voltage in mV to offset uncore by. ''; }; analogioOffset = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The amount of voltage to offset analogio by. Accepts a floating point number. + The amount of voltage in mV to offset analogio by. ''; }; temp = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The temperature target. Accepts a floating point number. + The temperature target in Celsius degrees. ''; }; tempAc = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The temperature target on AC power. Accepts a floating point number. + The temperature target on AC power in Celsius degrees. ''; }; tempBat = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.int; default = null; description = '' - The temperature target on battery power. Accepts a floating point number. + The temperature target on battery power in Celsius degrees. ''; }; }; @@ -100,24 +114,7 @@ in { serviceConfig = { Type = "oneshot"; Restart = "no"; - - # `core` and `cache` are both intentionally set to `cfg.coreOffset` as according to the undervolt docs: - # - # Core or Cache offsets have no effect. It is not possible to set different offsets for - # CPU Core and Cache. The CPU will take the smaller of the two offsets, and apply that to - # both CPU and Cache. A warning message will be displayed if you attempt to set different offsets. - ExecStart = '' - ${pkgs.undervolt}/bin/undervolt \ - ${optionalString cfg.verbose "--verbose"} \ - ${optionalString (cfg.coreOffset != null) "--core ${cfg.coreOffset}"} \ - ${optionalString (cfg.coreOffset != null) "--cache ${cfg.coreOffset}"} \ - ${optionalString (cfg.gpuOffset != null) "--gpu ${cfg.gpuOffset}"} \ - ${optionalString (cfg.uncoreOffset != null) "--uncore ${cfg.uncoreOffset}"} \ - ${optionalString (cfg.analogioOffset != null) "--analogio ${cfg.analogioOffset}"} \ - ${optionalString (cfg.temp != null) "--temp ${cfg.temp}"} \ - ${optionalString (cfg.tempAc != null) "--temp-ac ${cfg.tempAc}"} \ - ${optionalString (cfg.tempBat != null) "--temp-bat ${cfg.tempBat}"} - ''; + ExecStart = "${pkgs.undervolt}/bin/undervolt ${cliArgs}"; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/mailman.nix b/nixpkgs/nixos/modules/services/mail/mailman.nix index 5da4171605b1..81108327d3c7 100644 --- a/nixpkgs/nixos/modules/services/mail/mailman.nix +++ b/nixpkgs/nixos/modules/services/mail/mailman.nix @@ -6,6 +6,11 @@ let cfg = config.services.mailman; + pythonEnv = pkgs.python3.withPackages (ps: + [ps.mailman ps.mailman-web] + ++ lib.optional cfg.hyperkitty.enable ps.mailman-hyperkitty + ++ cfg.extraPythonPackages); + # This deliberately doesn't use recursiveUpdate so users can # override the defaults. settings = { @@ -327,11 +332,7 @@ in { requiredBy = [ "mailman-uwsgi.service" ]; restartTriggers = [ config.environment.etc."mailman3/settings.py".source ]; script = '' - if [ -d ${escapeShellArg settings.STATIC_ROOT} ] - then - find ${escapeShellArg settings.STATIC_ROOT}/ -mindepth 1 -delete - fi - + [[ -e "${settings.STATIC_ROOT}" ]] && find "${settings.STATIC_ROOT}/" -mindepth 1 -delete ${pkgs.mailman-web}/bin/mailman-web migrate ${pkgs.mailman-web}/bin/mailman-web collectstatic ${pkgs.mailman-web}/bin/mailman-web compress @@ -351,7 +352,7 @@ in { uwsgiConfig.uwsgi = { type = "normal"; plugins = ["python3"]; - home = pythonEnv; + home = pkgs.mailman-web; module = "mailman_web.wsgi"; }; uwsgiConfigFile = pkgs.writeText "uwsgi-mailman.json" (builtins.toJSON uwsgiConfig); @@ -414,4 +415,9 @@ in { })); }; + meta = { + maintainers = with lib.maintainers; [ lheckemann ]; + doc = ./mailman.xml; + }; + } diff --git a/nixpkgs/nixos/modules/services/mail/mailman.xml b/nixpkgs/nixos/modules/services/mail/mailman.xml new file mode 100644 index 000000000000..cbe50ed0b917 --- /dev/null +++ b/nixpkgs/nixos/modules/services/mail/mailman.xml @@ -0,0 +1,59 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="module-services-mailman"> + <title>Mailman</title> + <para> + <link xlink:href="https://www.list.org">Mailman</link> is free + software for managing electronic mail discussion and e-newsletter + lists. Mailman and its web interface can be configured using the + corresponding NixOS module. Note that this service is best used with + an existing, securely configured Postfix setup, as it does not automatically configure this. + </para> + + <section xml:id="module-services-mailman-basic-usage"> + <title>Basic usage</title> + <para> + For a basic configuration, the following settings are suggested: + <programlisting>{ config, ... }: { + services.postfix = { + enable = true; + relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; + sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; + sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; + config = { + transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + }; + }; + services.mailman = { + <link linkend="opt-services.mailman.enable">enable</link> = true; + <link linkend="opt-services.mailman.serve.enable">serve.enable</link> = true; + <link linkend="opt-services.mailman.hyperkitty.enable">hyperkitty.enable</link> = true; + <link linkend="opt-services.mailman.hyperkitty.enable">webHosts</link> = ["lists.example.org"]; + <link linkend="opt-services.mailman.hyperkitty.enable">siteOwner</link> = "mailman@example.org"; + }; + <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">services.nginx.virtualHosts."lists.example.org".enableACME</link> = true; + <link linkend="opt-services.mailman.hyperkitty.enable">networking.firewall.allowedTCPPorts</link> = [ 25 80 443 ]; +}</programlisting> + </para> + <para> + DNS records will also be required: + <itemizedlist> + <listitem><para><literal>AAAA</literal> and <literal>A</literal> records pointing to the host in question, in order for browsers to be able to discover the address of the web server;</para></listitem> + <listitem><para>An <literal>MX</literal> record pointing to a domain name at which the host is reachable, in order for other mail servers to be able to deliver emails to the mailing lists it hosts.</para></listitem> + </itemizedlist> + </para> + <para> + After this has been done and appropriate DNS records have been + set up, the Postorius mailing list manager and the Hyperkitty + archive browser will be available at + https://lists.example.org/. Note that this setup is not + sufficient to deliver emails to most email providers nor to + avoid spam -- a number of additional measures for authenticating + incoming and outgoing mails, such as SPF, DMARC and DKIM are + necessary, but outside the scope of the Mailman module. + </para> + </section> +</chapter> diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index 0318acae50f7..29f402b212fe 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -39,6 +39,7 @@ let "node" "postfix" "postgres" + "redis" "rspamd" "snmp" "surfboard" diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix new file mode 100644 index 000000000000..befbcb21f766 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.redis; +in +{ + port = 9121; + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-redis-exporter}/bin/redis_exporter \ + -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix index a3bd40135d19..7d18410ff0a4 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix @@ -12,6 +12,19 @@ let (optionalString (cfg.defaultMode == "norouting") "--routing=none") ] ++ cfg.extraFlags); + splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw); + + multiaddrToListenStream = addrRaw: let + addr = splitMulitaddr addrRaw; + s = builtins.elemAt addr; + in if s 0 == "ip4" && s 2 == "tcp" + then "${s 1}:${s 3}" + else if s 0 == "ip6" && s 2 == "tcp" + then "[${s 1}]:${s 3}" + else if s 0 == "unix" + then "/${lib.concatStringsSep "/" (lib.tail addr)}" + else null; # not valid for listen stream, skip + in { ###### interface @@ -80,7 +93,10 @@ in { swarmAddress = mkOption { type = types.listOf types.str; - default = [ "/ip4/0.0.0.0/tcp/4001" "/ip6/::/tcp/4001" ]; + default = [ + "/ip4/0.0.0.0/tcp/4001" + "/ip6/::/tcp/4001" + ]; description = "Where IPFS listens for incoming p2p connections"; }; @@ -250,14 +266,18 @@ in { systemd.sockets.ipfs-gateway = { wantedBy = [ "sockets.target" ]; - socketConfig.ListenStream = [ "" ] - ++ lib.optional (cfg.gatewayAddress == opt.gatewayAddress.default) [ "127.0.0.1:8080" "[::1]:8080" ]; + socketConfig.ListenStream = let + fromCfg = multiaddrToListenStream cfg.gatewayAddress; + in [ "" ] ++ lib.optional (fromCfg != null) fromCfg; }; systemd.sockets.ipfs-api = { wantedBy = [ "sockets.target" ]; - socketConfig.ListenStream = [ "" "%t/ipfs.sock" ] - ++ lib.optional (cfg.apiAddress == opt.apiAddress.default) [ "127.0.0.1:5001" "[::1]:5001" ]; + # We also include "%t/ipfs.sock" because tere is no way to put the "%t" + # in the multiaddr. + socketConfig.ListenStream = let + fromCfg = multiaddrToListenStream cfg.apiAddress; + in [ "" "%t/ipfs.sock" ] ++ lib.optional (fromCfg != null) fromCfg; }; }; diff --git a/nixpkgs/nixos/tests/ipfs.nix b/nixpkgs/nixos/tests/ipfs.nix index 82234f969226..9c0ff5306e06 100644 --- a/nixpkgs/nixos/tests/ipfs.nix +++ b/nixpkgs/nixos/tests/ipfs.nix @@ -7,21 +7,28 @@ import ./make-test-python.nix ({ pkgs, ...} : { nodes.machine = { ... }: { services.ipfs = { enable = true; + # Also will add a unix domain socket socket API address, see module. + startWhenNeeded = true; apiAddress = "/ip4/127.0.0.1/tcp/2324"; }; }; testScript = '' start_all() - machine.wait_for_unit("ipfs") - machine.wait_until_succeeds("ipfs --api /ip4/127.0.0.1/tcp/2324 id") + # IPv4 activation + + machine.succeed("ipfs --api /ip4/127.0.0.1/tcp/2324 id") ipfs_hash = machine.succeed( "echo fnord | ipfs --api /ip4/127.0.0.1/tcp/2324 add | awk '{ print $2 }'" ) machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord") + # Unix domain socket activation + + machine.stop_job("ipfs") + ipfs_hash = machine.succeed( "echo fnord2 | ipfs --api /unix/run/ipfs.sock add | awk '{ print $2 }'" ) diff --git a/nixpkgs/nixos/tests/prometheus-exporters.nix b/nixpkgs/nixos/tests/prometheus-exporters.nix index 4dbd64312224..75c4ca12db24 100644 --- a/nixpkgs/nixos/tests/prometheus-exporters.nix +++ b/nixpkgs/nixos/tests/prometheus-exporters.nix @@ -475,6 +475,20 @@ let ''; }; + redis = { + exporterConfig = { + enable = true; + }; + metricProvider.services.redis.enable = true; + exporterTest = '' + wait_for_unit("redis.service") + wait_for_unit("prometheus-redis-exporter.service") + wait_for_open_port(6379) + wait_for_open_port(9121) + wait_until_succeeds("curl -sSf localhost:9121/metrics | grep -q 'redis_up 1'") + ''; + }; + rspamd = { exporterConfig = { enable = true; |