diff options
Diffstat (limited to 'nixos/modules/services/network-filesystems')
5 files changed, 250 insertions, 79 deletions
diff --git a/nixos/modules/services/network-filesystems/glusterfs.nix b/nixos/modules/services/network-filesystems/glusterfs.nix new file mode 100644 index 000000000000..a2f2c0339515 --- /dev/null +++ b/nixos/modules/services/network-filesystems/glusterfs.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + inherit (pkgs) glusterfs; + + cfg = config.services.glusterfs; + +in + +{ + + ###### interface + + options = { + + services.glusterfs = { + + enable = mkEnableOption "GlusterFS Daemon"; + + logLevel = mkOption { + type = types.enum ["DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" "TRACE" "NONE"]; + description = "Log level used by the GlusterFS daemon"; + default = "INFO"; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + description = "Extra flags passed to the GlusterFS daemon"; + default = []; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.glusterfs ]; + + services.rpcbind.enable = true; + + systemd.services.glusterd = { + + description = "GlusterFS, a clustered file-system server"; + + wantedBy = [ "multi-user.target" ]; + + requires = [ "rpcbind.service" ]; + after = [ "rpcbind.service" "network.target" "local-fs.target" ]; + before = [ "network-online.target" ]; + + preStart = '' + install -m 0755 -d /var/log/glusterfs + ''; + + serviceConfig = { + Type="forking"; + PIDFile="/run/glusterd.pid"; + LimitNOFILE=65536; + ExecStart="${glusterfs}/sbin/glusterd -p /run/glusterd.pid --log-level=${cfg.logLevel} ${toString cfg.extraFlags}"; + KillMode="process"; + }; + }; + + systemd.services.glustereventsd = { + + description = "Gluster Events Notifier"; + + wantedBy = [ "multi-user.target" ]; + + after = [ "syslog.target" "network.target" ]; + + serviceConfig = { + Type="simple"; + Environment="PYTHONPATH=${glusterfs}/usr/lib/python2.7/site-packages"; + PIDFile="/run/glustereventsd.pid"; + ExecStart="${glusterfs}/sbin/glustereventsd --pid-file /run/glustereventsd.pid"; + ExecReload="/bin/kill -SIGUSR2 $MAINPID"; + KillMode="control-group"; + }; + }; + }; +} diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix index c26a70737033..e6e04248854e 100644 --- a/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixos/modules/services/network-filesystems/ipfs.nix @@ -47,6 +47,18 @@ in ''; }; + gatewayAddress = mkOption { + type = types.str; + default = "/ip4/127.0.0.1/tcp/8080"; + description = "Where the IPFS Gateway can be reached"; + }; + + apiAddress = mkOption { + type = types.str; + default = "/ip4/127.0.0.1/tcp/5001"; + description = "Where IPFS exposes its API to"; + }; + enableGC = mkOption { type = types.bool; default = false; @@ -55,6 +67,14 @@ in ''; }; + emptyRepo = mkOption { + type = types.bool; + default = false; + description = '' + If set to true, the repo won't be initialized with help files + ''; + }; + extraFlags = mkOption { type = types.listOf types.str; description = "Extra flags passed to the IPFS daemon"; @@ -84,27 +104,72 @@ in }; }; + systemd.services.ipfs-init = { + description = "IPFS Initializer"; + + after = [ "local-fs.target" ]; + before = [ "ipfs.service" "ipfs-offline.service" ]; + + path = [ pkgs.ipfs pkgs.su pkgs.bash ]; + + preStart = '' + install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} + ''; + + script = '' + if [[ ! -d ${cfg.dataDir}/.ipfs ]]; then + cd ${cfg.dataDir} + ${ipfs}/bin/ipfs init ${optionalString cfg.emptyRepo "-e"} + fi + ${ipfs}/bin/ipfs --local config Addresses.API ${cfg.apiAddress} + ${ipfs}/bin/ipfs --local config Addresses.Gateway ${cfg.gatewayAddress} + ''; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + Type = "oneshot"; + RemainAfterExit = true; + PermissionsStartOnly = true; + }; + }; + systemd.services.ipfs = { description = "IPFS Daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; - path = [ pkgs.ipfs pkgs.su pkgs.bash ]; + after = [ "network.target" "local-fs.target" "ipfs-init.service" ]; - preStart = - '' - install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} - if [[ ! -d ${cfg.dataDir}/.ipfs ]]; then - cd ${cfg.dataDir} - ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c "${ipfs}/bin/ipfs init" - fi - ''; + conflicts = [ "ipfs-offline.service" ]; + wants = [ "ipfs-init.service" ]; + + path = [ pkgs.ipfs ]; serviceConfig = { ExecStart = "${ipfs}/bin/ipfs daemon ${ipfsFlags}"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = true; + Restart = "on-failure"; + RestartSec = 1; + }; + }; + + systemd.services.ipfs-offline = { + description = "IPFS Daemon (offline mode)"; + + after = [ "local-fs.target" "ipfs-init.service" ]; + + conflicts = [ "ipfs.service" ]; + wants = [ "ipfs-init.service" ]; + + path = [ pkgs.ipfs ]; + + serviceConfig = { + ExecStart = "${ipfs}/bin/ipfs daemon ${ipfsFlags} --offline"; + User = cfg.user; + Group = cfg.group; + Restart = "on-failure"; + RestartSec = 1; }; }; }; diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index ddc7258ce0b4..7d127145101b 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -20,6 +20,7 @@ in server = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the kernel's NFS server. @@ -27,6 +28,7 @@ in }; exports = mkOption { + type = types.lines; default = ""; description = '' Contents of the /etc/exports file. See @@ -36,6 +38,7 @@ in }; hostName = mkOption { + type = types.nullOr types.str; default = null; description = '' Hostname or address on which NFS requests will be accepted. @@ -46,6 +49,7 @@ in }; nproc = mkOption { + type = types.int; default = 8; description = '' Number of NFS server threads. Defaults to the recommended value of 8. @@ -53,11 +57,13 @@ in }; createMountPoints = mkOption { + type = types.bool; default = false; description = "Whether to create the mount points in the exports file at startup time."; }; mountdPort = mkOption { + type = types.nullOr types.int; default = null; example = 4002; description = '' @@ -66,11 +72,26 @@ in }; lockdPort = mkOption { - default = 0; + type = types.nullOr types.int; + default = null; + example = 4001; + description = '' + Use a fixed port for the NFS lock manager kernel module + (<literal>lockd/nlockmgr</literal>). This is useful if the + NFS server is behind a firewall. + ''; + }; + + statdPort = mkOption { + type = types.nullOr types.int; + default = null; + example = 4000; description = '' - Fix the lockd port number. This can help setting firewall rules for NFS. + Use a fixed port for <command>rpc.statd</command>. This is + useful if the NFS server is behind a firewall. ''; }; + }; }; @@ -82,60 +103,47 @@ in config = mkIf cfg.enable { - services.rpcbind.enable = true; + services.nfs.extraConfig = '' + [nfsd] + threads=${toString cfg.nproc} + ${optionalString (cfg.hostName != null) "host=${cfg.hostName}"} - boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd - - environment.systemPackages = [ pkgs.nfs-utils ]; + [mountd] + ${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"} - environment.etc.exports.source = exports; + [statd] + ${optionalString (cfg.statdPort != null) "port=${toString cfg.statdPort}"} - boot.kernelModules = [ "nfsd" ]; + [lockd] + ${optionalString (cfg.lockdPort != null) '' + port=${toString cfg.lockdPort} + udp-port=${toString cfg.lockdPort} + ''} + ''; - systemd.services.nfsd = - { description = "NFS Server"; + services.rpcbind.enable = true; - wantedBy = [ "multi-user.target" ]; + boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd - requires = [ "rpcbind.service" "mountd.service" ]; - after = [ "rpcbind.service" "mountd.service" "idmapd.service" ]; - before = [ "statd.service" ]; + environment.etc.exports.source = exports; - path = [ pkgs.nfs-utils ]; + systemd.services.nfs-server = + { enable = true; + wantedBy = [ "multi-user.target" ]; - script = + preStart = '' - # Create a state directory required by NFSv4. mkdir -p /var/lib/nfs/v4recovery - - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_tcpport=${builtins.toString cfg.lockdPort} - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_udpport=${builtins.toString cfg.lockdPort} - - rpc.nfsd \ - ${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \ - ${builtins.toString cfg.nproc} ''; - - postStop = "rpc.nfsd 0"; - - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; }; - systemd.services.mountd = - { description = "NFSv3 Mount Daemon"; - - requires = [ "rpcbind.service" ]; - after = [ "rpcbind.service" "local-fs.target" ]; - - path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ]; + systemd.services.nfs-mountd = + { enable = true; + restartTriggers = [ exports ]; preStart = '' mkdir -p /var/lib/nfs - touch /var/lib/nfs/rmtab - - mountpoint -q /proc/fs/nfsd || mount -t nfsd none /proc/fs/nfsd ${optionalString cfg.createMountPoints '' @@ -146,18 +154,7 @@ in | xargs -d '\n' mkdir -p '' } - - exportfs -rav ''; - - restartTriggers = [ exports ]; - - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = '' - @${pkgs.nfs-utils}/sbin/rpc.mountd rpc.mountd \ - ${if cfg.mountdPort != null then "-p ${toString cfg.mountdPort}" else ""} - ''; - serviceConfig.Restart = "always"; }; }; diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 7de85b59e2af..6ae5292fc303 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -30,7 +30,7 @@ let '' [ global ] security = ${cfg.securityType} - passwd program = /var/setuid-wrappers/passwd %u + passwd program = /run/wrappers/bin/passwd %u pam password change = ${smbToString cfg.syncPasswordsByPam} invalid users = ${smbToString cfg.invalidUsers} @@ -91,6 +91,26 @@ in ''; }; + enableNmbd = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable Samba's nmbd, which replies to NetBIOS over IP name + service requests. It also participates in the browsing protocols + which make up the Windows "Network Neighborhood" view. + ''; + }; + + enableWinbindd = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable Samba's winbindd, which provides a number of services + to the Name Service Switch capability found in most modern C libraries, + to arbitrary applications via PAM and ntlm_auth and to Samba itself. + ''; + }; + package = mkOption { type = types.package; default = pkgs.samba; @@ -185,7 +205,12 @@ in ###### implementation config = mkMerge - [ { # Always provide a smb.conf to shut up programs like smbclient and smbspool. + [ { assertions = + [ { assertion = cfg.nsswins -> cfg.enableWinbindd; + message = "If samba.nsswins is enabled, then samba.enableWinbindd must also be enabled"; + } + ]; + # Always provide a smb.conf to shut up programs like smbclient and smbspool. environment.etc = singleton { source = if cfg.enable then configFile @@ -194,7 +219,7 @@ in }; } - (mkIf config.services.samba.enable { + (mkIf cfg.enable { system.nssModules = optional cfg.nsswins samba; @@ -207,9 +232,9 @@ in }; services = { - "samba-nmbd" = daemonService "nmbd" "-F"; "samba-smbd" = daemonService "smbd" "-F"; - "samba-winbindd" = daemonService "winbindd" "-F"; + "samba-nmbd" = mkIf cfg.enableNmbd (daemonService "nmbd" "-F"); + "samba-winbindd" = mkIf cfg.enableWinbindd (daemonService "winbindd" "-F"); "samba-setup" = { description = "Samba Setup Task"; script = setupScript; diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix index 94668c9bb698..3d78ac096a2b 100644 --- a/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -233,6 +233,12 @@ in serviceConfig = { Type = "simple"; PIDFile = pidfile; + # Believe it or not, Tahoe is very brittle about the order of + # arguments to $(tahoe start). The node directory must come first, + # and arguments which alter Twisted's behavior come afterwards. + ExecStart = '' + ${settings.package}/bin/tahoe start ${nodedir} -n -l- --pidfile=${pidfile} + ''; }; preStart = '' if [ \! -d ${nodedir} ]; then @@ -248,12 +254,6 @@ in # ln -s /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg cp /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg ''; - # Believe it or not, Tahoe is very brittle about the order of - # arguments to $(tahoe start). The node directory must come first, - # and arguments which alter Twisted's behavior come afterwards. - script = '' - tahoe start ${nodedir} -n -l- --pidfile=${pidfile} - ''; }); users.extraUsers = flip mapAttrs' cfg.introducers (node: _: nameValuePair "tahoe.introducer-${node}" { @@ -333,11 +333,17 @@ in serviceConfig = { Type = "simple"; PIDFile = pidfile; + # Believe it or not, Tahoe is very brittle about the order of + # arguments to $(tahoe start). The node directory must come first, + # and arguments which alter Twisted's behavior come afterwards. + ExecStart = '' + ${settings.package}/bin/tahoe start ${nodedir} -n -l- --pidfile=${pidfile} + ''; }; preStart = '' if [ \! -d ${nodedir} ]; then mkdir -p /var/db/tahoe-lafs - tahoe create-node ${nodedir} + tahoe create-node --hostname=localhost ${nodedir} fi # Tahoe has created a predefined tahoe.cfg which we must now @@ -348,12 +354,6 @@ in # ln -s /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg cp /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg ''; - # Believe it or not, Tahoe is very brittle about the order of - # arguments to $(tahoe start). The node directory must come first, - # and arguments which alter Twisted's behavior come afterwards. - script = '' - tahoe start ${nodedir} -n -l- --pidfile=${pidfile} - ''; }); users.extraUsers = flip mapAttrs' cfg.nodes (node: _: nameValuePair "tahoe.${node}" { |