diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/backup/crashplan.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/plex.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/tahoe.nix | 286 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/u9fs.nix | 19 | ||||
-rw-r--r-- | nixos/modules/services/networking/iodine.nix | 136 | ||||
-rw-r--r-- | nixos/modules/services/networking/iodined.nix | 86 | ||||
-rw-r--r-- | nixos/modules/services/networking/mfi.nix | 90 | ||||
-rw-r--r-- | nixos/modules/services/networking/minidlna.nix | 17 | ||||
-rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 33 | ||||
-rw-r--r-- | nixos/modules/services/system/dbus.nix | 24 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/trac.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/kde5.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/x11/xserver.nix | 7 |
14 files changed, 600 insertions, 118 deletions
diff --git a/nixos/modules/services/backup/crashplan.nix b/nixos/modules/services/backup/crashplan.nix index 46d4c5192d9e..94aa3b17b663 100644 --- a/nixos/modules/services/backup/crashplan.nix +++ b/nixos/modules/services/backup/crashplan.nix @@ -50,7 +50,7 @@ with lib; ensureDir ${crashplan.vardir}/log 777 cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do - if [ -e $x ]; then + if [ -e ${crashplan.vardir}/$x ]; then true; else ln -s ${crashplan}/$x ${crashplan.vardir}/$x; diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix index 875771dfa37f..92b352db416c 100644 --- a/nixos/modules/services/misc/plex.nix +++ b/nixos/modules/services/misc/plex.nix @@ -128,6 +128,7 @@ in Group = cfg.group; PermissionsStartOnly = "true"; ExecStart = "/bin/sh -c '${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server'"; + Restart = "on-failure"; }; environment = { PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=cfg.dataDir; diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix new file mode 100644 index 000000000000..ab441339a560 --- /dev/null +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -0,0 +1,286 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.tahoe; +in + { + options.services.tahoe = { + introducers = mkOption { + default = {}; + type = types.loaOf types.optionSet; + description = '' + The Tahoe introducers. + ''; + options = { + nickname = mkOption { + type = types.str; + description = '' + The nickname of this Tahoe introducer. + ''; + }; + tub.port = mkOption { + default = 3458; + type = types.int; + description = '' + The port on which the introducer will listen. + ''; + }; + package = mkOption { + default = pkgs.tahoelafs; + defaultText = "pkgs.tahoelafs"; + type = types.package; + example = literalExample "pkgs.tahoelafs"; + description = '' + The package to use for the Tahoe LAFS daemon. + ''; + }; + }; + }; + nodes = mkOption { + default = {}; + type = types.loaOf types.optionSet; + description = '' + The Tahoe nodes. + ''; + options = { + nickname = mkOption { + type = types.str; + description = '' + The nickname of this Tahoe node. + ''; + }; + tub.port = mkOption { + default = 3457; + type = types.int; + description = '' + The port on which the tub will listen. + + This is the correct setting to tweak if you want Tahoe's storage + system to listen on a different port. + ''; + }; + web.port = mkOption { + default = 3456; + type = types.int; + description = '' + The port on which the Web server will listen. + + This is the correct setting to tweak if you want Tahoe's WUI to + listen on a different port. + ''; + }; + client.introducer = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The furl for a Tahoe introducer node. + + Like all furls, keep this safe and don't share it. + ''; + }; + client.helper = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The furl for a Tahoe helper node. + + Like all furls, keep this safe and don't share it. + ''; + }; + client.shares.needed = mkOption { + default = 3; + type = types.int; + description = '' + The number of shares required to reconstitute a file. + ''; + }; + client.shares.happy = mkOption { + default = 7; + type = types.int; + description = '' + The number of distinct storage nodes required to store + a file. + ''; + }; + client.shares.total = mkOption { + default = 10; + type = types.int; + description = '' + The number of shares required to store a file. + ''; + }; + storage.enable = mkEnableOption "storage service"; + storage.reservedSpace = mkOption { + default = "1G"; + type = types.str; + description = '' + The amount of filesystem space to not use for storage. + ''; + }; + helper.enable = mkEnableOption "helper service"; + package = mkOption { + default = pkgs.tahoelafs; + defaultText = "pkgs.tahoelafs"; + type = types.package; + example = literalExample "pkgs.tahoelafs"; + description = '' + The package to use for the Tahoe LAFS daemon. + ''; + }; + }; + }; + }; + config = mkMerge [ + (mkIf (cfg.introducers != {}) { + environment = { + etc = flip mapAttrs' cfg.introducers (node: settings: + nameValuePair "tahoe-lafs/introducer-${node}.cfg" { + mode = "0444"; + text = '' + # This configuration is generated by Nix. Edit at your own + # peril; here be dragons. + + [node] + nickname = ${settings.nickname} + tub.port = ${toString settings.tub.port} + ''; + }); + # Actually require Tahoe, so that we will have it installed. + systemPackages = flip mapAttrsToList cfg.introducers (node: settings: + settings.package + ); + }; + # Open up the firewall. + # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers + # (node: settings: settings.tub.port); + systemd.services = flip mapAttrs' cfg.introducers (node: settings: + let + pidfile = "/run/tahoe.introducer-${node}.pid"; + # This is a directory, but it has no trailing slash. Tahoe commands + # get antsy when there's a trailing slash. + nodedir = "/var/db/tahoe-lafs/introducer-${node}"; + in nameValuePair "tahoe.introducer-${node}" { + description = "Tahoe LAFS node ${node}"; + wantedBy = [ "multi-user.target" ]; + path = [ settings.package ]; + restartTriggers = [ + config.environment.etc."tahoe-lafs/introducer-${node}.cfg".source ]; + serviceConfig = { + Type = "simple"; + PIDFile = pidfile; + }; + preStart = '' + if [ \! -d ${nodedir} ]; then + mkdir -p /var/db/tahoe-lafs + tahoe create-introducer ${nodedir} + fi + + # Tahoe has created a predefined tahoe.cfg which we must now + # scribble over. + # XXX I thought that a symlink would work here, but it doesn't, so + # we must do this on every prestart. Fixes welcome. + # rm ${nodedir}/tahoe.cfg + # ln -s /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg + cp /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg + ''; + # Believe it or not, Tahoe is very brittle about the order of + # arguments to $(tahoe start). The node directory must come first, + # and arguments which alter Twisted's behavior come afterwards. + script = '' + tahoe start ${nodedir} -n -l- --pidfile=${pidfile} + ''; + }); + users.extraUsers = flip mapAttrs' cfg.introducers (node: _: + nameValuePair "tahoe.introducer-${node}" { + description = "Tahoe node user for introducer ${node}"; + isSystemUser = true; + }); + }) + (mkIf (cfg.nodes != {}) { + environment = { + etc = flip mapAttrs' cfg.nodes (node: settings: + nameValuePair "tahoe-lafs/${node}.cfg" { + mode = "0444"; + text = '' + # This configuration is generated by Nix. Edit at your own + # peril; here be dragons. + + [node] + nickname = ${settings.nickname} + tub.port = ${toString settings.tub.port} + # This is a Twisted endpoint. Twisted Web doesn't work on + # non-TCP. ~ C. + web.port = tcp:${toString settings.web.port} + + [client] + ${optionalString (settings.client.introducer != null) + "introducer.furl = ${settings.client.introducer}"} + ${optionalString (settings.client.helper != null) + "helper.furl = ${settings.client.helper}"} + + shares.needed = ${toString settings.client.shares.needed} + shares.happy = ${toString settings.client.shares.happy} + shares.total = ${toString settings.client.shares.total} + + [storage] + enabled = ${if settings.storage.enable then "true" else "false"} + reserved_space = ${settings.storage.reservedSpace} + + [helper] + enabled = ${if settings.helper.enable then "true" else "false"} + ''; + }); + # Actually require Tahoe, so that we will have it installed. + systemPackages = flip mapAttrsToList cfg.nodes (node: settings: + settings.package + ); + }; + # Open up the firewall. + # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes + # (node: settings: settings.tub.port); + systemd.services = flip mapAttrs' cfg.nodes (node: settings: + let + pidfile = "/run/tahoe.${node}.pid"; + # This is a directory, but it has no trailing slash. Tahoe commands + # get antsy when there's a trailing slash. + nodedir = "/var/db/tahoe-lafs/${node}"; + in nameValuePair "tahoe.${node}" { + description = "Tahoe LAFS node ${node}"; + wantedBy = [ "multi-user.target" ]; + path = [ settings.package ]; + restartTriggers = [ + config.environment.etc."tahoe-lafs/${node}.cfg".source ]; + serviceConfig = { + Type = "simple"; + PIDFile = pidfile; + }; + preStart = '' + if [ \! -d ${nodedir} ]; then + mkdir -p /var/db/tahoe-lafs + tahoe create-node ${nodedir} + fi + + # Tahoe has created a predefined tahoe.cfg which we must now + # scribble over. + # XXX I thought that a symlink would work here, but it doesn't, so + # we must do this on every prestart. Fixes welcome. + # rm ${nodedir}/tahoe.cfg + # ln -s /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg + cp /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg + ''; + # Believe it or not, Tahoe is very brittle about the order of + # arguments to $(tahoe start). The node directory must come first, + # and arguments which alter Twisted's behavior come afterwards. + script = '' + tahoe start ${nodedir} -n -l- --pidfile=${pidfile} + ''; + }); + users.extraUsers = flip mapAttrs' cfg.nodes (node: _: + nameValuePair "tahoe.${node}" { + description = "Tahoe node user for node ${node}"; + isSystemUser = true; + }); + }) + ]; + } diff --git a/nixos/modules/services/network-filesystems/u9fs.nix b/nixos/modules/services/network-filesystems/u9fs.nix index 648097274641..8bc37f0f62c3 100644 --- a/nixos/modules/services/network-filesystems/u9fs.nix +++ b/nixos/modules/services/network-filesystems/u9fs.nix @@ -27,10 +27,17 @@ in ''; }; + user = mkOption { + type = types.str; + default = "nobody"; + description = + "User to run u9fs under."; + }; + extraArgs = mkOption { type = types.str; default = ""; - example = "-a none -u nobody"; + example = "-a none"; description = '' Extra arguments to pass on invocation, @@ -38,13 +45,6 @@ in ''; }; - fsroot = mkOption { - type = types.path; - default = "/"; - example = "/srv"; - description = "File system root to serve to clients."; - }; - }; }; @@ -63,9 +63,10 @@ in reloadIfChanged = true; requires = [ "u9fs.socket" ]; serviceConfig = - { ExecStart = "-${pkgs.u9fs}/bin/u9fs ${cfg.extraArgs} ${cfg.fsroot}"; + { ExecStart = "-${pkgs.u9fs}/bin/u9fs ${cfg.extraArgs}"; StandardInput = "socket"; StandardError = "journal"; + User = cfg.user; }; }; }; diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix new file mode 100644 index 000000000000..1b0d2d9a517c --- /dev/null +++ b/nixos/modules/services/networking/iodine.nix @@ -0,0 +1,136 @@ +# NixOS module for iodine, ip over dns daemon + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.iodine; + + iodinedUser = "iodined"; + +in +{ + + ### configuration + + options = { + + services.iodine = { + clients = mkOption { + default = {}; + description = '' + Each attribute of this option defines a systemd service that + runs iodine. Many or none may be defined. + The name of each service is + <literal>iodine-<replaceable>name</replaceable></literal> + where <replaceable>name</replaceable> is the name of the + corresponding attribute name. + ''; + example = literalExample '' + { + foo = { + server = "tunnel.mdomain.com"; + relay = "8.8.8.8"; + extraConfig = "-P mysecurepassword"; + } + } + ''; + type = types.attrsOf (types.submodule ( + { + options = { + server = mkOption { + type = types.str; + default = ""; + description = "Domain or Subdomain of server running iodined"; + example = "tunnel.mydomain.com"; + }; + + relay = mkOption { + type = types.str; + default = ""; + description = "DNS server to use as a intermediate relay to the iodined server"; + example = "8.8.8.8"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + }; + }; + })); + }; + + server = { + enable = mkOption { + type = types.bool; + default = false; + description = "enable iodined server"; + }; + + ip = mkOption { + type = types.str; + default = ""; + description = "The assigned ip address or ip range"; + example = "172.16.10.1/24"; + }; + + domain = mkOption { + type = types.str; + default = ""; + description = "Domain or subdomain of which nameservers point to us"; + example = "tunnel.mydomain.com"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + }; + }; + + }; + }; + + ### implementation + + config = mkIf (cfg.server.enable || cfg.clients != {}) { + environment.systemPackages = [ pkgs.iodine ]; + boot.kernelModules = [ "tun" ]; + + systemd.services = + let + createIodineClientService = name: cfg: + { + description = "iodine client - ${name}"; + wantedBy = [ "ip-up.target" ]; + serviceConfig = { + RestartSec = "30s"; + Restart = "always"; + ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}"; + }; + }; + in + listToAttrs ( + mapAttrsToList + (name: value: nameValuePair "iodine-${name}" (createIodineClientService name value)) + cfg.clients + ) // { + iodined = mkIf (cfg.server.enable) { + description = "iodine, ip over dns server daemon"; + wantedBy = [ "ip-up.target" ]; + serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}"; + }; + }; + + users.extraUsers = singleton { + name = iodinedUser; + uid = config.ids.uids.iodined; + description = "Iodine daemon user"; + }; + users.extraGroups.iodined.gid = config.ids.gids.iodined; + }; +} diff --git a/nixos/modules/services/networking/iodined.nix b/nixos/modules/services/networking/iodined.nix deleted file mode 100644 index 20d371c4e2d1..000000000000 --- a/nixos/modules/services/networking/iodined.nix +++ /dev/null @@ -1,86 +0,0 @@ -# NixOS module for iodine, ip over dns daemon - -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.iodined; - - iodinedUser = "iodined"; - -in - -{ - - ### configuration - - options = { - - services.iodined = { - - enable = mkOption { - type = types.bool; - default = false; - description = "Enable iodine, ip over dns daemon"; - }; - - client = mkOption { - type = types.bool; - default = false; - description = "Start iodine in client mode"; - }; - - ip = mkOption { - type = types.str; - default = ""; - description = "Assigned ip address or ip range"; - example = "172.16.10.1/24"; - }; - - domain = mkOption { - type = types.str; - default = ""; - description = "Domain or subdomain of which nameservers point to us"; - example = "tunnel.mydomain.com"; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - description = "Additional command line parameters"; - example = "-P mysecurepassword -l 192.168.1.10 -p 23"; - }; - - }; - - }; - - ### implementation - - config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.iodine ]; - boot.kernelModules = [ "tun" ]; - - systemd.services.iodined = { - description = "iodine, ip over dns daemon"; - wantedBy = [ "ip-up.target" ]; - serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}"; - }; - - - users.extraUsers = singleton { - name = iodinedUser; - uid = config.ids.uids.iodined; - description = "Iodine daemon user"; - }; - users.extraGroups.iodined.gid = config.ids.gids.iodined; - - assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true; - message = "cannot start iodined without ip set";} - { assertion = cfg.domain != ""; - message = "cannot start iodined without domain name set";}]; - - }; - -} diff --git a/nixos/modules/services/networking/mfi.nix b/nixos/modules/services/networking/mfi.nix new file mode 100644 index 000000000000..5afb83ed022f --- /dev/null +++ b/nixos/modules/services/networking/mfi.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, utils, ... }: +with lib; +let + name = "Ubiquiti mFi Controller"; + cfg = config.services.mfi; + stateDir = "/var/lib/mfi"; + # XXX 2 runtime exceptions using jre8: JSPException on GET / ; can't initialize ./data/keystore on first run. + cmd = "@${pkgs.jre7}/bin/java java -jar ${stateDir}/lib/ace.jar"; + mountPoints = [ + { what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; } + { what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; } + { what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; } + ]; + systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; + ports = [ 6080 6880 6443 6843 ]; +in +{ + options = { + services.mfi = { + enable = mkEnableOption name; + openPorts = mkOption { + type = types.bool; + default = true; + description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services."; + }; + }; + }; + + config = mkIf cfg.enable { + + networking.firewall.allowedTCPPorts = mkIf config.services.mfi.openPorts ports; + + users.users.mfi = { + uid = config.ids.uids.mfi; + description = "mFi controller daemon user"; + home = "${stateDir}"; + }; + + # We must create the binary directories as bind mounts instead of symlinks + # This is because the controller resolves all symlinks to absolute paths + # to be used as the working directory. + systemd.mounts = map ({ what, where }: { + bindsTo = [ "mfi.service" ]; + partOf = [ "mfi.service" ]; + unitConfig.RequiresMountsFor = stateDir; + options = "bind"; + what = what; + where = where; + }) mountPoints; + + systemd.services.mfi = { + description = "mFi controller daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ] ++ systemdMountPoints; + partOf = systemdMountPoints; + bindsTo = systemdMountPoints; + unitConfig.RequiresMountsFor = stateDir; + + preStart = '' + # Clear ./webapps each run. + rm -rf "${stateDir}/webapps" + mkdir -p "${stateDir}/webapps" + ln -s "${pkgs.mfi}/webapps/ROOT.war" "${stateDir}/webapps" + + # Copy initial config only once. + test -e "${stateDir}/conf" || cp -ar "${pkgs.mfi}/conf" "${stateDir}/conf" + test -e "${stateDir}/data" || cp -ar "${pkgs.mfi}/data" "${stateDir}/data" + + # Fix Permissions. + # (Bind-mounts cause errors; ignore exit codes) + chown -fR mfi: "${stateDir}" || true + chmod -fR u=rwX,go= "${stateDir}" || true + ''; + + postStop = '' + rm -rf "${stateDir}/webapps" + ''; + + serviceConfig = { + Type = "simple"; + ExecStart = "${cmd} start"; + ExecStop = "${cmd} stop"; + User = "mfi"; + PermissionsStartOnly = true; + UMask = "0077"; + WorkingDirectory = "${stateDir}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix index aa28502a12c4..61d063dbfe0e 100644 --- a/nixos/modules/services/networking/minidlna.nix +++ b/nixos/modules/services/networking/minidlna.nix @@ -58,9 +58,9 @@ in services.minidlna.config = '' port=${toString port} - friendly_name=NixOS Media Server + friendly_name=${config.networking.hostName} MiniDLNA db_dir=/var/cache/minidlna - log_dir=/var/log/minidlna + log_level=warn inotify=yes ${concatMapStrings (dir: '' media_dir=${dir} @@ -83,21 +83,18 @@ in preStart = '' - mkdir -p /var/cache/minidlna /var/log/minidlna /run/minidlna - chown minidlna /var/cache/minidlna /var/log/minidlna /run/minidlna + mkdir -p /var/cache/minidlna + chown -R minidlna:minidlna /var/cache/minidlna ''; - # FIXME: log through the journal rather than - # /var/log/minidlna. The -d flag does that, but also raises - # the log level to debug... serviceConfig = { User = "minidlna"; - Group = "nogroup"; + Group = "minidlna"; PermissionsStartOnly = true; - Type = "forking"; + RuntimeDirectory = "minidlna"; PIDFile = "/run/minidlna/pid"; ExecStart = - "@${pkgs.minidlna}/sbin/minidlnad minidlnad -P /run/minidlna/pid" + + "${pkgs.minidlna}/sbin/minidlnad -S -P /run/minidlna/pid" + " -f ${pkgs.writeText "minidlna.conf" cfg.config}"; }; }; diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 67b90516b996..da9a270f30b6 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.syncthing; + defaultUser = "syncthing"; in @@ -17,6 +18,7 @@ in services.syncthing = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the Syncthing, self-hosted open-source alternative @@ -26,7 +28,8 @@ in }; user = mkOption { - default = "syncthing"; + type = types.string; + default = defaultUser; description = '' Syncthing will be run under this user (user must exist, this can be your user name). @@ -34,8 +37,8 @@ in }; all_proxy = mkOption { - type = types.string; - default = ""; + type = types.nullOr types.string; + default = null; example = "socks5://address.com:1234"; description = '' Overwrites all_proxy environment variable for the syncthing process to @@ -45,6 +48,7 @@ in }; dataDir = mkOption { + type = types.path; default = "/var/lib/syncthing"; description = '' Path where the settings and keys will exist. @@ -71,20 +75,33 @@ in config = mkIf cfg.enable { + users = mkIf (cfg.user == defaultUser) { + extraUsers."${defaultUser}" = + { group = defaultUser; + home = cfg.dataDir; + createHome = true; + uid = config.ids.uids.syncthing; + description = "Syncthing daemon user"; + }; + + extraGroups."${defaultUser}".gid = + config.ids.gids.syncthing; + }; + systemd.services.syncthing = { description = "Syncthing service"; - after = [ "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { STNORESTART = "yes"; # do not self-restart STNOUPGRADE = "yes"; - } // - (config.networking.proxy.envVars) // - (if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {}); + inherit (cfg) all_proxy; + } // config.networking.proxy.envVars; serviceConfig = { - User = "${cfg.user}"; + User = cfg.user; + Group = optionalString (cfg.user == defaultUser) defaultUser; PermissionsStartOnly = true; Restart = "on-failure"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index 2e29ef6a8f53..327993443048 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -139,6 +139,30 @@ in systemd.services.dbus.restartTriggers = [ configDir ]; + systemd.user = { + services.dbus = { + description = "D-Bus User Message Bus"; + requires = [ "dbus.socket" ]; + # NixOS doesn't support "Also" so we pull it in manually + # As the .service is supposed to come up at the same time as + # the .socket, we use basic.target instead of default.target + wantedBy = [ "basic.target" ]; + serviceConfig = { + ExecStart = "${pkgs.dbus_daemon}/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation"; + ExecReload = "${pkgs.dbus_daemon}/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig"; + }; + }; + + sockets.dbus = { + description = "D-Bus User Message Bus Socket"; + socketConfig = { + ListenStream = "%t/bus"; + ExecStartPost = "-${config.systemd.package}/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=%t/bus"; + }; + wantedBy = [ "sockets.target" ]; + }; + }; + environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ]; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 760d7e147d7c..7953729c00cd 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -685,6 +685,7 @@ in serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}"; serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop"; + serviceConfig.ExecReload = "${httpd}/bin/httpd -f ${httpdConf} -k graceful"; serviceConfig.Type = "forking"; serviceConfig.PIDFile = "${mainCfg.stateDir}/httpd.pid"; serviceConfig.Restart = "always"; diff --git a/nixos/modules/services/web-servers/apache-httpd/trac.nix b/nixos/modules/services/web-servers/apache-httpd/trac.nix index 8fe8b90d823c..c5c11029010e 100644 --- a/nixos/modules/services/web-servers/apache-httpd/trac.nix +++ b/nixos/modules/services/web-servers/apache-httpd/trac.nix @@ -5,14 +5,19 @@ with lib; let # Build a Subversion instance with Apache modules and Swig/Python bindings. - subversion = pkgs.subversion.override (origArgs: { + subversion = pkgs.subversion.override { bdbSupport = true; httpServer = true; pythonBindings = true; - }); + apacheHttpd = httpd; + }; pythonLib = p: "${p}/"; + httpd = serverInfo.serverConfig.package; + + versionPre24 = versionOlder httpd.version "2.4"; + in { @@ -82,7 +87,7 @@ in AuthName "${config.ldapAuthentication.name}" AuthBasicProvider "ldap" AuthLDAPURL "${config.ldapAuthentication.url}" - authzldapauthoritative Off + ${if versionPre24 then "authzldapauthoritative Off" else ""} require valid-user </LocationMatch> '' else ""} diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 1d60637c4ca2..4f74d5732af5 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -183,7 +183,10 @@ in services.upower.enable = config.powerManagement.enable; # Extra UDEV rules used by Solid - services.udev.packages = [ pkgs.media-player-info ]; + services.udev.packages = [ + pkgs.libmtp + pkgs.media-player-info + ]; services.xserver.displayManager.sddm = { theme = "breeze"; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index d5babd5012fa..d03e8ec8b1ba 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -219,6 +219,12 @@ in ''; }; + dpi = mkOption { + type = types.nullOr types.int; + default = 0; + description = "DPI resolution to use for X server."; + }; + startDbusSession = mkOption { type = types.bool; default = true; @@ -513,6 +519,7 @@ in "-xkbdir" "${cfg.xkbDir}" ] ++ optional (cfg.display != null) ":${toString cfg.display}" ++ optional (cfg.tty != null) "vt${toString cfg.tty}" + ++ optional (cfg.dpi != null) "-dpi ${toString cfg.dpi}" ++ optionals (cfg.display != null) [ "-logfile" "/var/log/X.${toString cfg.display}.log" ] ++ optional (!cfg.enableTCP) "-nolisten tcp"; |