diff options
Diffstat (limited to 'nixos/modules/services/misc')
| -rw-r--r-- | nixos/modules/services/misc/airsonic.nix | 19 | ||||
| -rw-r--r-- | nixos/modules/services/misc/emby.nix | 19 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 15 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.xml | 124 | ||||
| -rw-r--r-- | nixos/modules/services/misc/lidarr.nix | 46 | ||||
| -rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/misc/nix-optimise.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/misc/nixos-manual.nix | 133 | ||||
| -rw-r--r-- | nixos/modules/services/misc/redmine.nix | 168 | ||||
| -rw-r--r-- | nixos/modules/services/misc/sickbeard.nix | 92 | ||||
| -rw-r--r-- | nixos/modules/services/misc/taskserver/doc.xml | 209 | ||||
| -rw-r--r-- | nixos/modules/services/misc/weechat.nix | 56 | ||||
| -rw-r--r-- | nixos/modules/services/misc/weechat.xml | 66 |
13 files changed, 641 insertions, 315 deletions
diff --git a/nixos/modules/services/misc/airsonic.nix b/nixos/modules/services/misc/airsonic.nix index 083587b8ebb1..01d7b3cf6b9d 100644 --- a/nixos/modules/services/misc/airsonic.nix +++ b/nixos/modules/services/misc/airsonic.nix @@ -73,6 +73,24 @@ in { ${cfg.home}/transcoders. ''; }; + + jvmOptions = mkOption { + description = '' + Extra command line options for the JVM running AirSonic. + Useful for sending jukebox output to non-default alsa + devices. + ''; + default = [ + ]; + type = types.listOf types.str; + example = [ + "-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'" + "-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'" + "-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'" + "-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'" + ]; + }; + }; }; @@ -98,6 +116,7 @@ in { -Dserver.port=${toString cfg.port} \ -Dairsonic.contextPath=${cfg.contextPath} \ -Djava.awt.headless=true \ + ${toString cfg.jvmOptions} \ -verbose:gc \ -jar ${pkgs.airsonic}/webapps/airsonic.war ''; diff --git a/nixos/modules/services/misc/emby.nix b/nixos/modules/services/misc/emby.nix index 64cc9c610ac3..0ad4a3f7376f 100644 --- a/nixos/modules/services/misc/emby.nix +++ b/nixos/modules/services/misc/emby.nix @@ -36,11 +36,18 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - test -d ${cfg.dataDir} || { - echo "Creating initial Emby data directory in ${cfg.dataDir}" - mkdir -p ${cfg.dataDir} - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} - } + if [ -d ${cfg.dataDir} ] + then + for plugin in ${cfg.dataDir}/plugins/* + do + echo "Correcting permissions of plugin: $plugin" + chmod u+w $plugin + done + else + echo "Creating initial Emby data directory in ${cfg.dataDir}" + mkdir -p ${cfg.dataDir} + chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} + fi ''; serviceConfig = { @@ -48,7 +55,7 @@ in User = cfg.user; Group = cfg.group; PermissionsStartOnly = "true"; - ExecStart = "${pkgs.emby}/bin/MediaBrowser.Server.Mono"; + ExecStart = "${pkgs.emby}/bin/emby -programdata ${cfg.dataDir}"; Restart = "on-failure"; }; }; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 5bf66354f487..d81aa5643e53 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -162,7 +162,7 @@ let makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ - --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package ]}:$PATH' \ + --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --run 'cd ${cfg.packages.gitlab}/share/gitlab' ''; @@ -203,6 +203,7 @@ in { default = pkgs.gitlab; defaultText = "pkgs.gitlab"; description = "Reference to the gitlab package"; + example = "pkgs.gitlab-ee"; }; packages.gitlab-shell = mkOption { @@ -501,7 +502,7 @@ in { }; systemd.services.gitlab-workhorse = { - after = [ "network.target" "gitlab.service" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment.HOME = gitlabEnv.HOME; environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; @@ -569,9 +570,9 @@ in { mkdir -p /run/gitlab mkdir -p ${cfg.statePath}/log - ln -sf ${cfg.statePath}/log /run/gitlab/log - ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp - ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads + [ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log + [ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp + [ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml chown -R ${cfg.user}:${cfg.group} /run/gitlab @@ -629,6 +630,10 @@ in { touch "${cfg.statePath}/db-seeded" fi + # The gitlab:shell:setup regenerates the authorized_keys file so that + # the store path to the gitlab-shell in it gets updated + ${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production + # The gitlab:shell:create_hooks task seems broken for fixing links # so we instead delete all the hooks and create them anew rm -f ${cfg.statePath}/repositories/**/*.git/hooks diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 67b9f1d3e474..ab99d7bd3a60 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -3,20 +3,22 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="module-services-gitlab"> - -<title>Gitlab</title> - -<para>Gitlab is a feature-rich git hosting service.</para> - -<section xml:id="module-services-gitlab-prerequisites"><title>Prerequisites</title> - -<para>The gitlab service exposes only an Unix socket at -<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a -webserver to proxy HTTP requests to the socket.</para> - -<para>For instance, the following configuration could be used to use nginx as - frontend proxy: - + <title>Gitlab</title> + <para> + Gitlab is a feature-rich git hosting service. + </para> + <section xml:id="module-services-gitlab-prerequisites"> + <title>Prerequisites</title> + + <para> + The gitlab service exposes only an Unix socket at + <literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to + configure a webserver to proxy HTTP requests to the socket. + </para> + + <para> + For instance, the following configuration could be used to use nginx as + frontend proxy: <programlisting> <link linkend="opt-services.nginx.enable">services.nginx</link> = { <link linkend="opt-services.nginx.enable">enable</link> = true; @@ -31,21 +33,24 @@ webserver to proxy HTTP requests to the socket.</para> }; }; </programlisting> -</para> - -</section> - -<section xml:id="module-services-gitlab-configuring"><title>Configuring</title> - -<para>Gitlab depends on both PostgreSQL and Redis and will automatically enable -both services. In the case of PostgreSQL, a database and a role will be created. -</para> - -<para>The default state dir is <literal>/var/gitlab/state</literal>. This is where -all data like the repositories and uploads will be stored.</para> - -<para>A basic configuration with some custom settings could look like this: - + </para> + </section> + <section xml:id="module-services-gitlab-configuring"> + <title>Configuring</title> + + <para> + Gitlab depends on both PostgreSQL and Redis and will automatically enable + both services. In the case of PostgreSQL, a database and a role will be + created. + </para> + + <para> + The default state dir is <literal>/var/gitlab/state</literal>. This is where + all data like the repositories and uploads will be stored. + </para> + + <para> + A basic configuration with some custom settings could look like this: <programlisting> services.gitlab = { <link linkend="opt-services.gitlab.enable">enable</link> = true; @@ -105,40 +110,41 @@ services.gitlab = { }; }; </programlisting> -</para> - -<para>If you're setting up a new Gitlab instance, generate new secrets. You -for instance use <literal>tr -dc A-Za-z0-9 < /dev/urandom | head -c 128</literal> -to generate a new secret. Gitlab encrypts sensitive data stored in the database. -If you're restoring an existing Gitlab instance, you must specify the secrets -secret from <literal>config/secrets.yml</literal> located in your Gitlab state -folder.</para> - -<para>Refer to <xref linkend="ch-options" /> for all available configuration -options for the <link linkend="opt-services.gitlab.enable">services.gitlab</link> module.</para> - -</section> - -<section xml:id="module-services-gitlab-maintenance"><title>Maintenance</title> - -<para>You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> -which will be available on the system when gitlab is enabled. You will -have to run the command as the user that you configured to run gitlab -with.</para> - -<para>For example, to backup a Gitlab instance: - + </para> + + <para> + If you're setting up a new Gitlab instance, generate new secrets. You for + instance use <literal>tr -dc A-Za-z0-9 < /dev/urandom | head -c + 128</literal> to generate a new secret. Gitlab encrypts sensitive data + stored in the database. If you're restoring an existing Gitlab instance, you + must specify the secrets secret from <literal>config/secrets.yml</literal> + located in your Gitlab state folder. + </para> + + <para> + Refer to <xref linkend="ch-options" /> for all available configuration + options for the + <link linkend="opt-services.gitlab.enable">services.gitlab</link> module. + </para> + </section> + <section xml:id="module-services-gitlab-maintenance"> + <title>Maintenance</title> + + <para> + You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> which + will be available on the system when gitlab is enabled. You will have to run + the command as the user that you configured to run gitlab with. + </para> + + <para> + For example, to backup a Gitlab instance: <programlisting> $ sudo -u git -H gitlab-rake gitlab:backup:create </programlisting> - -A list of all availabe rake tasks can be obtained by running: - + A list of all availabe rake tasks can be obtained by running: <programlisting> $ sudo -u git -H gitlab-rake -T </programlisting> -</para> - -</section> - + </para> + </section> </chapter> diff --git a/nixos/modules/services/misc/lidarr.nix b/nixos/modules/services/misc/lidarr.nix new file mode 100644 index 000000000000..627f22334fe8 --- /dev/null +++ b/nixos/modules/services/misc/lidarr.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.lidarr; +in +{ + options = { + services.lidarr = { + enable = mkEnableOption "Lidarr"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.lidarr = { + description = "Lidarr"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + [ ! -d /var/lib/lidarr ] && mkdir -p /var/lib/lidarr + chown -R lidarr:lidarr /var/lib/lidarr + ''; + + serviceConfig = { + Type = "simple"; + User = "lidarr"; + Group = "lidarr"; + PermissionsStartOnly = "true"; + ExecStart = "${pkgs.lidarr}/bin/Lidarr"; + Restart = "on-failure"; + + StateDirectory = "/var/lib/lidarr/"; + StateDirectoryMode = "0770"; + }; + }; + + users.users.lidarr = { + uid = config.ids.uids.lidarr; + home = "/var/lib/lidarr"; + group = "lidarr"; + }; + + users.groups.lidarr.gid = config.ids.gids.lidarr; + }; +} diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index ec56e75992be..5e171c08d893 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -345,7 +345,6 @@ in type = types.listOf types.str; default = [ - "$HOME/.nix-defexpr/channels" "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" @@ -436,7 +435,7 @@ in # Set up the environment variables for running Nix. environment.sessionVariables = cfg.envVars // - { NIX_PATH = concatStringsSep ":" cfg.nixPath; + { NIX_PATH = cfg.nixPath; }; environment.extraInit = optionalString (!isNix20) @@ -446,6 +445,10 @@ in if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then export NIX_REMOTE=daemon fi + '' + '' + if [ -e "$HOME/.nix-defexpr/channels" ]; then + export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" + fi ''; nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs); diff --git a/nixos/modules/services/misc/nix-optimise.nix b/nixos/modules/services/misc/nix-optimise.nix index 6f75e4dd03ea..416529f690e0 100644 --- a/nixos/modules/services/misc/nix-optimise.nix +++ b/nixos/modules/services/misc/nix-optimise.nix @@ -40,6 +40,8 @@ in systemd.services.nix-optimise = { description = "Nix Store Optimiser"; + # No point running it inside a nixos-container. It should be on the host instead. + unitConfig.ConditionVirtualization = "!container"; serviceConfig.ExecStart = "${config.nix.package}/bin/nix-store --optimise"; startAt = optionals cfg.automatic cfg.dates; }; diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index 993b59590bb0..df3e71c80dea 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -1,91 +1,21 @@ -# This module includes the NixOS man-pages in the system environment, -# and optionally starts a browser that shows the NixOS manual on one -# of the virtual consoles. The latter is useful for the installation +# This module optionally starts a browser that shows the NixOS manual +# on one of the virtual consoles which is useful for the installation # CD. -{ config, lib, pkgs, baseModules, ... }: +{ config, lib, pkgs, ... }: with lib; let - cfg = config.services.nixosManual; - - /* For the purpose of generating docs, evaluate options with each derivation - in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}". - It isn't perfect, but it seems to cover a vast majority of use cases. - Caveat: even if the package is reached by a different means, - the path above will be shown and not e.g. `${config.services.foo.package}`. */ - manual = import ../../../doc/manual rec { - inherit pkgs config; - version = config.system.nixos.release; - revision = "release-${version}"; - options = - let - scrubbedEval = evalModules { - modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules; - args = (config._module.args) // { modules = [ ]; }; - specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; }; - }; - scrubDerivations = namePrefix: pkgSet: mapAttrs - (name: value: - let wholeName = "${namePrefix}.${name}"; in - if isAttrs value then - scrubDerivations wholeName value - // (optionalAttrs (isDerivation value) { outPath = "\${${wholeName}}"; }) - else value - ) - pkgSet; - in scrubbedEval.options; - }; - - entry = "${manual.manual}/share/doc/nixos/index.html"; - - helpScript = pkgs.writeScriptBin "nixos-help" - '' - #! ${pkgs.runtimeShell} -e - # Finds first executable browser in a colon-separated list. - # (see how xdg-open defines BROWSER) - browser="$( - IFS=: ; for b in $BROWSER; do - [ -n "$(type -P "$b" || true)" ] && echo "$b" && break - done - )" - if [ -z "$browser" ]; then - browser="$(type -P xdg-open || true)" - if [ -z "$browser" ]; then - browser="$(type -P w3m || true)" - if [ -z "$browser" ]; then - echo "$0: unable to start a web browser; please set \$BROWSER" - exit 1 - fi - fi - fi - exec "$browser" ${entry} - ''; - - desktopItem = pkgs.makeDesktopItem { - name = "nixos-manual"; - desktopName = "NixOS Manual"; - genericName = "View NixOS documentation in a web browser"; - icon = "nix-snowflake"; - exec = "${helpScript}/bin/nixos-help"; - categories = "System"; - }; + cfgd = config.documentation; in { options = { - services.nixosManual.enable = mkOption { - type = types.bool; - default = true; - description = '' - Whether to build the NixOS manual pages. - ''; - }; - + # TODO(@oxij): rename this to `.enable` eventually. services.nixosManual.showManual = mkOption { type = types.bool; default = false; @@ -114,37 +44,30 @@ in }; - config = mkIf cfg.enable { - - system.build.manual = manual; - - environment.systemPackages = [] - ++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ] - ++ optional config.documentation.man.enable manual.manpages - ++ optionals config.documentation.doc.enable [ manual.manual helpScript ]; - - boot.extraTTYs = mkIf cfg.showManual ["tty${toString cfg.ttyNumber}"]; - - systemd.services = optionalAttrs cfg.showManual - { "nixos-manual" = - { description = "NixOS Manual"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = - { ExecStart = "${cfg.browser} ${entry}"; - StandardInput = "tty"; - StandardOutput = "tty"; - TTYPath = "/dev/tty${toString cfg.ttyNumber}"; - TTYReset = true; - TTYVTDisallocate = true; - Restart = "always"; - }; + config = mkMerge [ + (mkIf cfg.showManual { + assertions = singleton { + assertion = cfgd.enable && cfgd.nixos.enable; + message = "Can't enable `services.nixosManual.showManual` without `documentation.nixos.enable`"; + }; + }) + (mkIf (cfg.showManual && cfgd.enable && cfgd.nixos.enable) { + boot.extraTTYs = [ "tty${toString cfg.ttyNumber}" ]; + + systemd.services."nixos-manual" = { + description = "NixOS Manual"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${cfg.browser} ${config.system.build.manual.manualHTMLIndex}"; + StandardInput = "tty"; + StandardOutput = "tty"; + TTYPath = "/dev/tty${toString cfg.ttyNumber}"; + TTYReset = true; + TTYVTDisallocate = true; + Restart = "always"; }; }; - - services.mingetty.helpLine = "\nRun `nixos-help` " - + lib.optionalString cfg.showManual "or press <Alt-F${toString cfg.ttyNumber}> " - + "for the NixOS manual."; - - }; + }) + ]; } diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index f763ba21d0b2..8d25ac5cb76f 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.services.redmine; - bundle = "${pkgs.redmine}/share/redmine/bin/bundle"; + bundle = "${cfg.package}/share/redmine/bin/bundle"; databaseYml = pkgs.writeText "database.yml" '' production: @@ -15,6 +15,7 @@ let port: ${toString cfg.database.port} username: ${cfg.database.user} password: #dbpass# + ${optionalString (cfg.database.socket != null) "socket: ${cfg.database.socket}"} ''; configurationYml = pkgs.writeText "configuration.yml" '' @@ -29,6 +30,19 @@ let ${cfg.extraConfig} ''; + unpackTheme = unpack "theme"; + unpackPlugin = unpack "plugin"; + unpack = id: (name: source: + pkgs.stdenv.mkDerivation { + name = "redmine-${id}-${name}"; + buildInputs = [ pkgs.unzip ]; + buildCommand = '' + mkdir -p $out + cd $out + unpackFile ${source} + ''; + }); + in { @@ -40,6 +54,14 @@ in description = "Enable the Redmine service."; }; + package = mkOption { + type = types.package; + default = pkgs.redmine; + defaultText = "pkgs.redmine"; + description = "Which Redmine package to use."; + example = "pkgs.redmine.override { ruby = pkgs.ruby_2_3; }"; + }; + user = mkOption { type = types.str; default = "redmine"; @@ -52,6 +74,12 @@ in description = "Group under which Redmine is ran."; }; + port = mkOption { + type = types.int; + default = 3000; + description = "Port on which Redmine is ran."; + }; + stateDir = mkOption { type = types.str; default = "/var/lib/redmine"; @@ -66,6 +94,41 @@ in See https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration ''; + example = literalExample '' + email_delivery: + delivery_method: smtp + smtp_settings: + address: mail.example.com + port: 25 + ''; + }; + + themes = mkOption { + type = types.attrsOf types.path; + default = {}; + description = "Set of themes."; + example = literalExample '' + { + dkuk-redmine_alex_skin = builtins.fetchurl { + url = https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip; + sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl"; + }; + } + ''; + }; + + plugins = mkOption { + type = types.attrsOf types.path; + default = {}; + description = "Set of plugins."; + example = literalExample '' + { + redmine_env_auth = builtins.fetchurl { + url = https://github.com/Intera/redmine_env_auth/archive/0.6.zip; + sha256 = "0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak"; + }; + } + ''; }; database = { @@ -78,7 +141,7 @@ in host = mkOption { type = types.str; - default = "127.0.0.1"; + default = (if cfg.database.socket != null then "localhost" else "127.0.0.1"); description = "Database host address."; }; @@ -119,6 +182,13 @@ in <option>database.user</option>. ''; }; + + socket = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/mysqld/mysqld.sock"; + description = "Path to the unix socket file to use for authentication."; + }; }; }; }; @@ -126,17 +196,20 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = cfg.database.passwordFile != null || cfg.database.password != ""; - message = "either services.redmine.database.passwordFile or services.redmine.database.password must be set"; + { assertion = cfg.database.passwordFile != null || cfg.database.password != "" || cfg.database.socket != null; + message = "one of services.redmine.database.socket, services.redmine.database.passwordFile, or services.redmine.database.password must be set"; + } + { assertion = cfg.database.socket != null -> (cfg.database.type == "mysql2"); + message = "Socket authentication is only available for the mysql2 database type"; } ]; - environment.systemPackages = [ pkgs.redmine ]; + environment.systemPackages = [ cfg.package ]; systemd.services.redmine = { after = [ "network.target" (if cfg.database.type == "mysql2" then "mysql.service" else "postgresql.service") ]; wantedBy = [ "multi-user.target" ]; - environment.HOME = "${pkgs.redmine}/share/redmine"; + environment.HOME = "${cfg.package}/share/redmine"; environment.RAILS_ENV = "production"; environment.RAILS_CACHE = "${cfg.stateDir}/cache"; environment.REDMINE_LANG = "en"; @@ -151,43 +224,80 @@ in subversion ]; preStart = '' - # start with a fresh config directory every time - rm -rf ${cfg.stateDir}/config - cp -r ${pkgs.redmine}/share/redmine/config.dist ${cfg.stateDir}/config + # ensure cache directory exists for db:migrate command + mkdir -p "${cfg.stateDir}/cache" - # create the basic state directory layout pkgs.redmine expects - mkdir -p /run/redmine + # create the basic directory layout the redmine package expects + mkdir -p /run/redmine/public for i in config files log plugins tmp; do - mkdir -p ${cfg.stateDir}/$i - ln -fs ${cfg.stateDir}/$i /run/redmine/$i + mkdir -p "${cfg.stateDir}/$i" + ln -fs "${cfg.stateDir}/$i" /run/redmine/ + done + + for i in plugin_assets themes; do + mkdir -p "${cfg.stateDir}/public/$i" + ln -fs "${cfg.stateDir}/public/$i" /run/redmine/public/ done - # ensure cache directory exists for db:migrate command - mkdir -p ${cfg.stateDir}/cache + + # start with a fresh config directory + # the config directory is copied instead of linked as some mutable data is stored in there + rm -rf "${cfg.stateDir}/config/"* + cp -r ${cfg.package}/share/redmine/config.dist/* "${cfg.stateDir}/config/" # link in the application configuration - ln -fs ${configurationYml} ${cfg.stateDir}/config/configuration.yml + ln -fs ${configurationYml} "${cfg.stateDir}/config/configuration.yml" + + + # link in all user specified themes + rm -rf "${cfg.stateDir}/public/themes/"* + for theme in ${concatStringsSep " " (mapAttrsToList unpackTheme cfg.themes)}; do + ln -fs $theme/* "${cfg.stateDir}/public/themes" + done + + # link in redmine provided themes + ln -sf ${cfg.package}/share/redmine/public/themes.dist/* "${cfg.stateDir}/public/themes/" + - chmod -R ug+rwX,o-rwx+x ${cfg.stateDir}/ + # link in all user specified plugins + rm -rf "${cfg.stateDir}/plugins/"* + for plugin in ${concatStringsSep " " (mapAttrsToList unpackPlugin cfg.plugins)}; do + ln -fs $plugin/* "${cfg.stateDir}/plugins/''${plugin##*-redmine-plugin-}" + done + + + # ensure correct permissions for most files + chmod -R ug+rwX,o-rwx+x "${cfg.stateDir}/" - # handle database.passwordFile + + # handle database.passwordFile & permissions DBPASS=$(head -n1 ${cfg.database.passwordFile}) - cp -f ${databaseYml} ${cfg.stateDir}/config/database.yml - sed -e "s,#dbpass#,$DBPASS,g" -i ${cfg.stateDir}/config/database.yml - chmod 440 ${cfg.stateDir}/config/database.yml + cp -f ${databaseYml} "${cfg.stateDir}/config/database.yml" + sed -e "s,#dbpass#,$DBPASS,g" -i "${cfg.stateDir}/config/database.yml" + chmod 440 "${cfg.stateDir}/config/database.yml" + # generate a secret token if required if ! test -e "${cfg.stateDir}/config/initializers/secret_token.rb"; then ${bundle} exec rake generate_secret_token - chmod 440 ${cfg.stateDir}/config/initializers/secret_token.rb + chmod 440 "${cfg.stateDir}/config/initializers/secret_token.rb" fi + # ensure everything is owned by ${cfg.user} - chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir} + chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}" + + + # execute redmine required commands prior to starting the application + # NOTE: su required in case using mysql socket authentication + /run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake db:migrate' + /run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake redmine:load_default_data' + - ${bundle} exec rake db:migrate - ${bundle} exec rake redmine:load_default_data + # log files don't exist until after first command has been executed + # correct ownership of files generated by calling exec rake ... + chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}/log" ''; serviceConfig = { @@ -196,13 +306,13 @@ in User = cfg.user; Group = cfg.group; TimeoutSec = "300"; - WorkingDirectory = "${pkgs.redmine}/share/redmine"; - ExecStart="${bundle} exec rails server webrick -e production -P ${cfg.stateDir}/redmine.pid"; + WorkingDirectory = "${cfg.package}/share/redmine"; + ExecStart="${bundle} exec rails server webrick -e production -p ${toString cfg.port} -P '${cfg.stateDir}/redmine.pid'"; }; }; - users.extraUsers = optionalAttrs (cfg.user == "redmine") (singleton + users.users = optionalAttrs (cfg.user == "redmine") (singleton { name = "redmine"; group = cfg.group; home = cfg.stateDir; @@ -210,7 +320,7 @@ in uid = config.ids.uids.redmine; }); - users.extraGroups = optionalAttrs (cfg.group == "redmine") (singleton + users.groups = optionalAttrs (cfg.group == "redmine") (singleton { name = "redmine"; gid = config.ids.gids.redmine; }); diff --git a/nixos/modules/services/misc/sickbeard.nix b/nixos/modules/services/misc/sickbeard.nix new file mode 100644 index 000000000000..5cfbbe516ae1 --- /dev/null +++ b/nixos/modules/services/misc/sickbeard.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + name = "sickbeard"; + + cfg = config.services.sickbeard; + sickbeard = cfg.package; + +in +{ + + ###### interface + + options = { + services.sickbeard = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the sickbeard server."; + }; + package = mkOption { + type = types.package; + default = pkgs.sickbeard; + example = literalExample "pkgs.sickrage"; + description ='' + Enable <literal>pkgs.sickrage</literal> or <literal>pkgs.sickgear</literal> + as an alternative to SickBeard + ''; + }; + dataDir = mkOption { + type = types.path; + default = "/var/lib/${name}"; + description = "Path where to store data files."; + }; + configFile = mkOption { + type = types.path; + default = "${cfg.dataDir}/config.ini"; + description = "Path to config file."; + }; + port = mkOption { + type = types.ints.u16; + default = 8081; + description = "Port to bind to."; + }; + user = mkOption { + type = types.str; + default = name; + description = "User to run the service as"; + }; + group = mkOption { + type = types.str; + default = name; + description = "Group to run the service as"; + }; + }; + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.users = optionalAttrs (cfg.user == name) (singleton { + name = name; + uid = config.ids.uids.sickbeard; + group = cfg.group; + description = "sickbeard user"; + home = cfg.dataDir; + createHome = true; + }); + + users.groups = optionalAttrs (cfg.group == name) (singleton { + name = name; + gid = config.ids.gids.sickbeard; + }); + + systemd.services.sickbeard = { + description = "Sickbeard Server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart = "${sickbeard}/SickBeard.py --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port}"; + }; + }; + }; +} diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index 21d25ecf391f..5eac8d9ef784 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -2,101 +2,93 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="module-taskserver"> - - <title>Taskserver</title> + <title>Taskserver</title> + <para> + Taskserver is the server component of + <link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and + open source todo list application. + </para> + <para> + <emphasis>Upstream documentation:</emphasis> + <link xlink:href="https://taskwarrior.org/docs/#taskd"/> + </para> + <section xml:id="module-services-taskserver-configuration"> + <title>Configuration</title> <para> - Taskserver is the server component of - <link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and - open source todo list application. + Taskserver does all of its authentication via TLS using client certificates, + so you either need to roll your own CA or purchase a certificate from a + known CA, which allows creation of client certificates. These certificates + are usually advertised as <quote>server certificates</quote>. </para> <para> - <emphasis>Upstream documentation:</emphasis> - <link xlink:href="https://taskwarrior.org/docs/#taskd"/> + So in order to make it easier to handle your own CA, there is a helper tool + called <command>nixos-taskserver</command> which manages the custom CA along + with Taskserver organisations, users and groups. </para> - <section xml:id="module-services-taskserver-configuration"> - <title>Configuration</title> - - <para> - Taskserver does all of its authentication via TLS using client - certificates, so you either need to roll your own CA or purchase a - certificate from a known CA, which allows creation of client - certificates. - - These certificates are usually advertised as - <quote>server certificates</quote>. - </para> - - <para> - So in order to make it easier to handle your own CA, there is a helper - tool called <command>nixos-taskserver</command> which manages the custom - CA along with Taskserver organisations, users and groups. - </para> - - <para> - While the client certificates in Taskserver only authenticate whether a - user is allowed to connect, every user has its own UUID which identifies - it as an entity. - </para> - - <para> - With <command>nixos-taskserver</command> the client certificate is created - along with the UUID of the user, so it handles all of the credentials - needed in order to setup the Taskwarrior client to work with a Taskserver. - </para> - </section> + <para> + While the client certificates in Taskserver only authenticate whether a user + is allowed to connect, every user has its own UUID which identifies it as an + entity. + </para> - <section xml:id="module-services-taskserver-nixos-taskserver-tool"> - <title>The nixos-taskserver tool</title> + <para> + With <command>nixos-taskserver</command> the client certificate is created + along with the UUID of the user, so it handles all of the credentials needed + in order to setup the Taskwarrior client to work with a Taskserver. + </para> + </section> + <section xml:id="module-services-taskserver-nixos-taskserver-tool"> + <title>The nixos-taskserver tool</title> - <para> - Because Taskserver by default only provides scripts to setup users - imperatively, the <command>nixos-taskserver</command> tool is used for - addition and deletion of organisations along with users and groups defined - by <xref linkend="opt-services.taskserver.organisations"/> and as well for - imperative set up. - </para> + <para> + Because Taskserver by default only provides scripts to setup users + imperatively, the <command>nixos-taskserver</command> tool is used for + addition and deletion of organisations along with users and groups defined + by <xref linkend="opt-services.taskserver.organisations"/> and as well for + imperative set up. + </para> - <para> - The tool is designed to not interfere if the command is used to manually - set up some organisations, users or groups. - </para> + <para> + The tool is designed to not interfere if the command is used to manually set + up some organisations, users or groups. + </para> - <para> - For example if you add a new organisation using - <command>nixos-taskserver org add foo</command>, the organisation is not - modified and deleted no matter what you define in - <option>services.taskserver.organisations</option>, even if you're adding - the same organisation in that option. - </para> + <para> + For example if you add a new organisation using <command>nixos-taskserver + org add foo</command>, the organisation is not modified and deleted no + matter what you define in + <option>services.taskserver.organisations</option>, even if you're adding + the same organisation in that option. + </para> - <para> - The tool is modelled to imitate the official <command>taskd</command> - command, documentation for each subcommand can be shown by using the - <option>--help</option> switch. - </para> - </section> - <section xml:id="module-services-taskserver-declarative-ca-management"> - <title>Declarative/automatic CA management</title> + <para> + The tool is modelled to imitate the official <command>taskd</command> + command, documentation for each subcommand can be shown by using the + <option>--help</option> switch. + </para> + </section> + <section xml:id="module-services-taskserver-declarative-ca-management"> + <title>Declarative/automatic CA management</title> - <para> - Everything is done according to what you specify in the module options, - however in order to set up a Taskwarrior client for synchronisation with a - Taskserver instance, you have to transfer the keys and certificates to the - client machine. - </para> + <para> + Everything is done according to what you specify in the module options, + however in order to set up a Taskwarrior client for synchronisation with a + Taskserver instance, you have to transfer the keys and certificates to the + client machine. + </para> - <para> - This is done using - <command>nixos-taskserver user export $orgname $username</command> which - is printing a shell script fragment to stdout which can either be used - verbatim or adjusted to import the user on the client machine. - </para> + <para> + This is done using <command>nixos-taskserver user export $orgname + $username</command> which is printing a shell script fragment to stdout + which can either be used verbatim or adjusted to import the user on the + client machine. + </para> - <para> - For example, let's say you have the following configuration: + <para> + For example, let's say you have the following configuration: <screen> { <xref linkend="opt-services.taskserver.enable"/> = true; @@ -105,40 +97,39 @@ <link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ]; } </screen> - This creates an organisation called <literal>my-company</literal> with the - user <literal>alice</literal>. - </para> + This creates an organisation called <literal>my-company</literal> with the + user <literal>alice</literal>. + </para> - <para> - Now in order to import the <literal>alice</literal> user to another - machine <literal>alicebox</literal>, all we need to do is something like - this: + <para> + Now in order to import the <literal>alice</literal> user to another machine + <literal>alicebox</literal>, all we need to do is something like this: <screen> $ ssh server nixos-taskserver user export my-company alice | sh </screen> - Of course, if no SSH daemon is available on the server you can also copy - & paste it directly into a shell. - </para> + Of course, if no SSH daemon is available on the server you can also copy + & paste it directly into a shell. + </para> - <para> - After this step the user should be set up and you can start synchronising - your tasks for the first time with <command>task sync init</command> on - <literal>alicebox</literal>. - </para> + <para> + After this step the user should be set up and you can start synchronising + your tasks for the first time with <command>task sync init</command> on + <literal>alicebox</literal>. + </para> - <para> - Subsequent synchronisation requests merely require the command - <command>task sync</command> after that stage. - </para> - </section> - <section xml:id="module-services-taskserver-manual-ca-management"> - <title>Manual CA management</title> + <para> + Subsequent synchronisation requests merely require the command <command>task + sync</command> after that stage. + </para> + </section> + <section xml:id="module-services-taskserver-manual-ca-management"> + <title>Manual CA management</title> - <para> - If you set any options within - <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*, - <command>nixos-taskserver</command> won't issue certificates, but you can - still use it for adding or removing user accounts. - </para> - </section> + <para> + If you set any options within + <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*, + <command>nixos-taskserver</command> won't issue certificates, but you can + still use it for adding or removing user accounts. + </para> + </section> </chapter> diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix new file mode 100644 index 000000000000..1fcfb440485d --- /dev/null +++ b/nixos/modules/services/misc/weechat.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.weechat; +in + +{ + options.services.weechat = { + enable = mkEnableOption "weechat"; + root = mkOption { + description = "Weechat state directory."; + type = types.str; + default = "/var/lib/weechat"; + }; + sessionName = mkOption { + description = "Name of the `screen' session for weechat."; + default = "weechat-screen"; + type = types.str; + }; + binary = mkOption { + description = "Binary to execute (by default \${weechat}/bin/weechat)."; + example = literalExample '' + ''${pkgs.weechat}/bin/weechat-headless + ''; + default = "${pkgs.weechat}/bin/weechat"; + }; + }; + + config = mkIf cfg.enable { + users = { + groups.weechat = {}; + users.weechat = { + createHome = true; + group = "weechat"; + home = cfg.root; + isSystemUser = true; + }; + }; + + systemd.services.weechat = { + environment.WEECHAT_HOME = cfg.root; + serviceConfig = { + User = "weechat"; + Group = "weechat"; + RemainAfterExit = "yes"; + }; + script = "exec ${pkgs.screen}/bin/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + }; + }; + + meta.doc = ./weechat.xml; +} diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml new file mode 100644 index 000000000000..9c9ee0448c92 --- /dev/null +++ b/nixos/modules/services/misc/weechat.xml @@ -0,0 +1,66 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="module-services-weechat"> + <title>WeeChat</title> + <para> + <link xlink:href="https://weechat.org/">WeeChat</link> is a fast and + extensible IRC client. + </para> + <section> + <title>Basic Usage</title> + + <para> + By default, the module creates a + <literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal> + unit which runs the chat client in a detached + <literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal> + session. + </para> + + <para> + This can be done by enabling the <literal>weechat</literal> service: +<programlisting> +{ ... }: + +{ + <link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true; +} +</programlisting> + </para> + + <para> + The service is managed by a dedicated user named <literal>weechat</literal> + in the state directory <literal>/var/lib/weechat</literal>. + </para> + </section> + <section> + <title>Re-attaching to WeeChat</title> + + <para> + WeeChat runs in a screen session owned by a dedicated user. To explicitly + allow your another user to attach to this session, the + <literal>screenrc</literal> needs to be tweaked by adding + <link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link> + support: +<programlisting> +{ + <link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = '' + multiuser on + acladd normal_user + ''; +} +</programlisting> + Now, the session can be re-attached like this: +<programlisting> +screen -r weechat-screen +</programlisting> + </para> + + <para> + <emphasis>The session name can be changed using + <link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis> + </para> + </section> +</chapter> |