diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/development/hoogle.nix | 70 | ||||
-rw-r--r-- | nixos/modules/services/misc/emby.nix | 64 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 22 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-gc.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-ssh-serve.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/openafs-client/default.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/mfi.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/networking/nix-serve.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/quassel.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/unifi.nix | 16 | ||||
-rw-r--r-- | nixos/modules/services/networking/zerobin.nix | 102 | ||||
-rw-r--r-- | nixos/modules/services/system/kerberos.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/x11/redshift.nix | 10 |
13 files changed, 287 insertions, 29 deletions
diff --git a/nixos/modules/services/development/hoogle.nix b/nixos/modules/services/development/hoogle.nix new file mode 100644 index 000000000000..90aa04d2762e --- /dev/null +++ b/nixos/modules/services/development/hoogle.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.hoogle; + + hoogleEnv = pkgs.buildEnv { + name = "hoogle"; + paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ]; + }; + +in { + + options.services.hoogle = { + enable = mkEnableOption "Haskell documentation server"; + + port = mkOption { + type = types.int; + default = 8080; + description = '' + Port number Hoogle will be listening to. + ''; + }; + + packages = mkOption { + default = hp: []; + defaultText = "hp: []"; + example = "hp: with hp; [ text lens ]"; + description = '' + The Haskell packages to generate documentation for. + + The option value is a function that takes the package set specified in + the <varname>haskellPackages</varname> option as its sole parameter and + returns a list of packages. + ''; + }; + + haskellPackages = mkOption { + description = "Which haskell package set to use."; + default = pkgs.haskellPackages; + defaultText = "pkgs.haskellPackages"; + }; + + }; + + config = mkIf cfg.enable { + systemd.services.hoogle = { + description = "Haskell documentation server"; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Restart = "always"; + ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}''; + + User = "nobody"; + Group = "nogroup"; + + PrivateTmp = true; + ProtectHome = true; + + RuntimeDirectory = "hoogle"; + WorkingDirectory = "%t/hoogle"; + }; + }; + }; + +} diff --git a/nixos/modules/services/misc/emby.nix b/nixos/modules/services/misc/emby.nix new file mode 100644 index 000000000000..fe872349f45e --- /dev/null +++ b/nixos/modules/services/misc/emby.nix @@ -0,0 +1,64 @@ +{ config, pkgs, lib, mono, ... }: + +with lib; + +let + cfg = config.services.emby; + emby = pkgs.emby; +in +{ + options = { + services.emby = { + enable = mkEnableOption "Emby Media Server"; + + user = mkOption { + type = types.str; + default = "emby"; + description = "User account under which Emby runs."; + }; + + group = mkOption { + type = types.str; + default = "emby"; + description = "Group under which emby runs."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.emby = { + description = "Emby Media Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + test -d /var/lib/emby/ProgramData-Server || { + echo "Creating initial Emby data directory in /var/lib/emby/ProgramData-Server" + mkdir -p /var/lib/emby/ProgramData-Server + chown -R ${cfg.user}:${cfg.group} /var/lib/emby/ProgramData-Server + } + ''; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = "true"; + ExecStart = "${pkgs.mono}/bin/mono ${pkgs.emby}/bin/MediaBrowser.Server.Mono.exe"; + Restart = "on-failure"; + }; + }; + + users.extraUsers = mkIf (cfg.user == "emby") { + emby = { + group = cfg.group; + uid = config.ids.uids.emby; + }; + }; + + users.extraGroups = mkIf (cfg.group == "emby") { + emby = { + gid = config.ids.gids.emby; + }; + }; + }; +} diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 10ac6f93cfdb..d71837737ab3 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -6,7 +6,7 @@ let cfg = config.nix; - nix = cfg.package; + nix = cfg.package.out; makeNixBuildUser = nr: { name = "nixbld${toString nr}"; @@ -24,8 +24,8 @@ let nixConf = let - # If we're using a chroot for builds, then provide /bin/sh in - # the chroot as a bind-mount to bash. This means we also need to + # If we're using sandbox for builds, then provide /bin/sh in + # the sandbox as a bind-mount to bash. This means we also need to # include the entire closure of bash. sh = pkgs.stdenv.shell; binshDeps = pkgs.writeReferencesToFile sh; @@ -39,8 +39,8 @@ let build-users-group = nixbld build-max-jobs = ${toString (cfg.maxJobs)} build-cores = ${toString (cfg.buildCores)} - build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot} - build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths) + build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox} + build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths) binary-caches = ${toString cfg.binaryCaches} trusted-binary-caches = ${toString cfg.trustedBinaryCaches} binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys} @@ -65,8 +65,8 @@ in package = mkOption { type = types.package; - default = pkgs.nix.out; - defaultText = "pkgs.nix.out"; + default = pkgs.nix; + defaultText = "pkgs.nix"; description = '' This option specifies the Nix package instance to use throughout the system. ''; @@ -98,25 +98,25 @@ in ''; }; - useChroot = mkOption { + useSandbox = mkOption { type = types.either types.bool (types.enum ["relaxed"]); default = false; description = " - If set, Nix will perform builds in a chroot-environment that it + If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store. "; }; - chrootDirs = mkOption { + sandboxPaths = mkOption { type = types.listOf types.str; default = []; example = [ "/dev" "/proc" ]; description = '' Directories from the host filesystem to be included - in the chroot. + in the sandbox. ''; }; diff --git a/nixos/modules/services/misc/nix-gc.nix b/nixos/modules/services/misc/nix-gc.nix index 6a7a7f4cee72..5c13da6e83dd 100644 --- a/nixos/modules/services/misc/nix-gc.nix +++ b/nixos/modules/services/misc/nix-gc.nix @@ -52,7 +52,7 @@ in systemd.services.nix-gc = { description = "Nix Garbage Collector"; - script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}"; + script = "exec ${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}"; startAt = optionalString cfg.automatic cfg.dates; }; diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index d70bd855c7ff..66148431709f 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -41,7 +41,7 @@ with lib; PermitTTY no PermitTunnel no X11Forwarding no - ForceCommand ${config.nix.package}/bin/nix-store --serve + ForceCommand ${config.nix.package.out}/bin/nix-store --serve Match All ''; diff --git a/nixos/modules/services/network-filesystems/openafs-client/default.nix b/nixos/modules/services/network-filesystems/openafs-client/default.nix index 7a44fc1ea5ec..61c66bb88357 100644 --- a/nixos/modules/services/network-filesystems/openafs-client/default.nix +++ b/nixos/modules/services/network-filesystems/openafs-client/default.nix @@ -80,7 +80,7 @@ in preStart = '' mkdir -p -m 0755 /afs mkdir -m 0700 -p ${cfg.cacheDirectory} - ${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true + ${pkgs.kmod}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true ${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb ${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"} ''; @@ -92,7 +92,7 @@ in preStop = '' ${pkgs.utillinux}/bin/umount /afs ${openafsPkgs}/sbin/afsd -shutdown - ${pkgs.module_init_tools}/sbin/rmmod libafs + ${pkgs.kmod}/sbin/rmmod libafs ''; }; }; diff --git a/nixos/modules/services/networking/mfi.nix b/nixos/modules/services/networking/mfi.nix index 5afb83ed022f..775564a2c446 100644 --- a/nixos/modules/services/networking/mfi.nix +++ b/nixos/modules/services/networking/mfi.nix @@ -10,6 +10,7 @@ let { what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; } { what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; } { what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; } + { what = "${cfg.dataDir}"; where = "${stateDir}/data"; } ]; systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; ports = [ 6080 6880 6443 6843 ]; @@ -23,6 +24,15 @@ in default = true; description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services."; }; + dataDir = mkOption { + type = types.str; + default = "${stateDir}/data"; + description = '' + Where to store the database and other data. + + This directory will be bind-mounted to ${stateDir}/data as part of the service startup. + ''; + }; }; }; diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index 8f6881441cf7..3e865e3b76a8 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -50,7 +50,7 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ config.nix.package pkgs.bzip2.bin ]; + path = [ config.nix.package.out pkgs.bzip2.bin ]; environment.NIX_REMOTE = "daemon"; environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix index 52c7ac8e6893..99269c49e8f1 100644 --- a/nixos/modules/services/networking/quassel.nix +++ b/nixos/modules/services/networking/quassel.nix @@ -3,7 +3,7 @@ with lib; let - quassel = pkgs.quasselDaemon_qt5; + quassel = pkgs.kde4.quasselDaemon; cfg = config.services.quassel; user = if cfg.user != null then cfg.user else "quassel"; in diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 4dc0cd96904c..cb5a88e67aae 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -17,6 +17,10 @@ let what = "${pkgs.mongodb}/bin"; where = "${stateDir}/bin"; } + { + what = "${cfg.dataDir}"; + where = "${stateDir}/data"; + } ]; systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; in @@ -32,6 +36,16 @@ in ''; }; + services.unifi.dataDir = mkOption { + type = types.str; + default = "${stateDir}/data"; + description = '' + Where to store the database and other data. + + This directory will be bind-mounted to ${stateDir}/data as part of the service startup. + ''; + }; + }; config = mkIf cfg.enable { @@ -62,7 +76,7 @@ in bindsTo = systemdMountPoints; unitConfig.RequiresMountsFor = stateDir; # This a HACK to fix missing dependencies of dynamic libs extracted from jars - environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc}/lib"; + environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib"; preStart = '' # Ensure privacy of state diff --git a/nixos/modules/services/networking/zerobin.nix b/nixos/modules/services/networking/zerobin.nix new file mode 100644 index 000000000000..1c524602f8e9 --- /dev/null +++ b/nixos/modules/services/networking/zerobin.nix @@ -0,0 +1,102 @@ +{ config, pkgs, lib, nodes, ... }: +with lib; +let + cfg = config.services.zerobin; + + zerobin_config = pkgs.writeText "zerobin-config.py" '' + PASTE_FILES_ROOT = "${cfg.dataDir}" + ${cfg.extraConfig} + ''; + +in + { + options = { + services.zerobin = { + enable = mkEnableOption "0bin"; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/zerobin"; + description = '' + Path to the 0bin data directory + ''; + }; + + user = mkOption { + type = types.str; + default = "zerobin"; + description = '' + The user 0bin should run as + ''; + }; + + group = mkOption { + type = types.str; + default = "zerobin"; + description = '' + The group 0bin should run as + ''; + }; + + listenPort = mkOption { + type = types.int; + default = 8000; + example = 1357; + description = '' + The port zerobin should listen on + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = "localhost"; + example = "127.0.0.1"; + description = '' + The address zerobin should listen to + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + MENU = ( + ('Home', '/'), + ) + COMPRESSED_STATIC_FILE = True + ''; + description = '' + Extra configuration to be appended to the 0bin config file + (see https://0bin.readthedocs.org/en/latest/en/options.html) + ''; + }; + }; + }; + + config = mkIf (cfg.enable) { + users.users."${cfg.user}" = + if cfg.user == "zerobin" then { + isSystemUser = true; + group = cfg.group; + home = cfg.dataDir; + createHome = true; + } + else {}; + users.groups."${cfg.group}" = {}; + + systemd.services.zerobin = { + enable = true; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.pythonPackages.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}"; + serviceConfig.PrivateTmp="yes"; + serviceConfig.User = cfg.user; + serviceConfig.Group = cfg.group; + preStart = '' + mkdir -p ${cfg.dataDir} + chown ${cfg.user} ${cfg.dataDir} + ''; + }; + }; + } + diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix index 347302c6090d..4f2e2fdf662b 100644 --- a/nixos/modules/services/system/kerberos.nix +++ b/nixos/modules/services/system/kerberos.nix @@ -4,7 +4,7 @@ let inherit (lib) mkOption mkIf singleton; - inherit (pkgs) heimdal; + inherit (pkgs) heimdalFull; stateDir = "/var/heimdal"; in @@ -33,7 +33,7 @@ in config = mkIf config.services.kerberos_server.enable { - environment.systemPackages = [ heimdal ]; + environment.systemPackages = [ heimdalFull ]; services.xinetd.enable = true; services.xinetd.services = lib.singleton @@ -42,7 +42,7 @@ in protocol = "tcp"; user = "root"; server = "${pkgs.tcp_wrappers}/sbin/tcpd"; - serverArgs = "${pkgs.heimdal}/sbin/kadmind"; + serverArgs = "${pkgs.heimdalFull}/sbin/kadmind"; }; systemd.services.kdc = { @@ -51,13 +51,13 @@ in preStart = '' mkdir -m 0755 -p ${stateDir} ''; - script = "${heimdal}/sbin/kdc"; + script = "${heimdalFull}/sbin/kdc"; }; systemd.services.kpasswdd = { description = "Kerberos Password Changing daemon"; wantedBy = [ "multi-user.target" ]; - script = "${heimdal}/sbin/kpasswdd"; + script = "${heimdalFull}/sbin/kpasswdd"; }; }; diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix index 4318a17a4fa5..8f1e317e52b0 100644 --- a/nixos/modules/services/x11/redshift.nix +++ b/nixos/modules/services/x11/redshift.nix @@ -94,11 +94,9 @@ in { }; config = mkIf cfg.enable { - systemd.services.redshift = { + systemd.user.services.redshift = { description = "Redshift colour temperature adjuster"; - requires = [ "display-manager.service" ]; - after = [ "display-manager.service" ]; - wantedBy = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; serviceConfig = { ExecStart = '' ${cfg.package}/bin/redshift \ @@ -107,10 +105,10 @@ in { -b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \ ${lib.strings.concatStringsSep " " cfg.extraOptions} ''; - RestartSec = 3; + RestartSec = 3; + Restart = "always"; }; environment = { DISPLAY = ":0"; }; - serviceConfig.Restart = "always"; }; }; |