diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/tor.nix | 40 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/matomo.nix | 15 |
5 files changed, 57 insertions, 5 deletions
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index 0d91b247cd34..492c64583219 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -52,7 +52,7 @@ in enable = mkOption { type = types.bool; - default = cfg.rspamd.enable; + default = false; description = "Whether to run the rmilter daemon."; }; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index d81aa5643e53..8ea831afb7c1 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -53,6 +53,7 @@ let repos_path: "${cfg.statePath}/repositories" secret_file: "${cfg.statePath}/config/gitlab_shell_secret" log_file: "${cfg.statePath}/log/gitlab-shell.log" + custom_hooks_dir: "${cfg.statePath}/custom_hooks" redis: bin: ${pkgs.redis}/bin/redis-cli host: 127.0.0.1 @@ -562,6 +563,9 @@ in { mkdir -p ${cfg.statePath}/shell mkdir -p ${cfg.statePath}/db mkdir -p ${cfg.statePath}/uploads + mkdir -p ${cfg.statePath}/custom_hooks/pre-receive.d + mkdir -p ${cfg.statePath}/custom_hooks/post-receive.d + mkdir -p ${cfg.statePath}/custom_hooks/update.d rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks mkdir -p ${cfg.statePath}/config diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index ae8caac436da..950af848c0f6 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -30,6 +30,7 @@ let postfix = import ./exporters/postfix.nix { inherit config lib pkgs; }; snmp = import ./exporters/snmp.nix { inherit config lib pkgs; }; surfboard = import ./exporters/surfboard.nix { inherit config lib pkgs; }; + tor = import ./exporters/tor.nix { inherit config lib pkgs; }; unifi = import ./exporters/unifi.nix { inherit config lib pkgs; }; varnish = import ./exporters/varnish.nix { inherit config lib pkgs; }; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/tor.nix b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix new file mode 100644 index 000000000000..0e2a13c44ab7 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs }: + +with lib; + +let + cfg = config.services.prometheus.exporters.tor; +in +{ + port = 9130; + extraOpts = { + torControlAddress = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + Tor control IP address or hostname. + ''; + }; + + torControlPort = mkOption { + type = types.int; + default = 9051; + description = '' + Tor control port. + ''; + }; + }; + serviceOpts = { + serviceConfig = { + DynamicUser = true; + ExecStart = '' + ${pkgs.prometheus-tor-exporter}/bin/prometheus-tor-exporter \ + -b ${cfg.listenAddress} \ + -p ${toString cfg.port} \ + -a ${cfg.torControlAddress} \ + -c ${toString cfg.torControlPort} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index fbbd7715c6b3..9fddf8320748 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -34,6 +34,13 @@ in { ''; }; + package = mkOption { + type = types.package; + description = "Matomo package to use"; + default = pkgs.matomo; + defaultText = "pkgs.matomo"; + }; + webServerUser = mkOption { type = types.nullOr types.str; default = null; @@ -124,7 +131,7 @@ in { # the update part of the script can only work if the database is already up and running requires = [ databaseService ]; after = [ databaseService ]; - path = [ pkgs.matomo ]; + path = [ cfg.package ]; serviceConfig = { Type = "oneshot"; User = user; @@ -151,7 +158,7 @@ in { # Use User-Private Group scheme to protect matomo data, but allow administration / backup via matomo group # Copy config folder chmod g+s "${dataDir}" - cp -r "${pkgs.matomo}/config" "${dataDir}/" + cp -r "${cfg.package}/config" "${dataDir}/" chmod -R u+rwX,g+rwX,o-rwx "${dataDir}" # check whether user setup has already been done @@ -164,7 +171,7 @@ in { systemd.services.${phpExecutionUnit} = { # stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart - restartTriggers = [ pkgs.matomo ]; + restartTriggers = [ cfg.package ]; # stop config.ini.php from getting written with read permission for others serviceConfig.UMask = "0007"; }; @@ -195,7 +202,7 @@ in { "${user}.${fqdn}" = mkMerge [ cfg.nginx { # don't allow to override the root easily, as it will almost certainly break matomo. # disadvantage: not shown as default in docs. - root = mkForce "${pkgs.matomo}/share"; + root = mkForce "${cfg.package}/share"; # define locations here instead of as the submodule option's default # so that they can easily be extended with additional locations if required |