diff options
Diffstat (limited to 'nixos/modules/services')
7 files changed, 40 insertions, 21 deletions
diff --git a/nixos/modules/services/databases/influxdb.nix b/nixos/modules/services/databases/influxdb.nix index e2268bd556ef..11ea0e1b6b41 100644 --- a/nixos/modules/services/databases/influxdb.nix +++ b/nixos/modules/services/databases/influxdb.nix @@ -66,16 +66,16 @@ let enabled = false; }]; - collectd = { + collectd = [{ enabled = false; typesdb = "${pkgs.collectd}/share/collectd/types.db"; database = "collectd_db"; port = 25826; - }; + }]; - opentsdb = { + opentsdb = [{ enabled = false; - }; + }]; continuous_queries = { enabled = true; @@ -171,6 +171,11 @@ in mkdir -m 0770 -p ${cfg.dataDir} if [ "$(id -u)" = 0 ]; then chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}; fi ''; + postStart = mkBefore '' + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://127.0.0.1${toString configOptions.http.bind-address}'/ping; do + sleep 1; + done + ''; }; users.extraUsers = optional (cfg.user == "influxdb") { diff --git a/nixos/modules/services/monitoring/cadvisor.nix b/nixos/modules/services/monitoring/cadvisor.nix index a67df158be47..8ae8b12056ce 100644 --- a/nixos/modules/services/monitoring/cadvisor.nix +++ b/nixos/modules/services/monitoring/cadvisor.nix @@ -90,6 +90,7 @@ in { ${optionalString cfg.storageDriverSecure "-storage_driver_secure"} ''} ''; + TimeoutStartSec=300; }; }; diff --git a/nixos/modules/services/monitoring/prometheus/node-exporter.nix b/nixos/modules/services/monitoring/prometheus/node-exporter.nix index 02aedb53564d..52dc14effc45 100644 --- a/nixos/modules/services/monitoring/prometheus/node-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/node-exporter.nix @@ -48,13 +48,10 @@ in { }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ cfg.port ]; - systemd.services.prometheus-node-exporter = { description = "Prometheus exporter for machine metrics"; unitConfig.Documentation = "https://github.com/prometheus/node_exporter"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; script = '' exec ${pkgs.prometheus-node-exporter}/bin/node_exporter \ ${optionalString (cfg.enabledCollectors != []) diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index ed0744c44ccf..6375ebee3209 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -12,9 +12,17 @@ let interfaces = concatMapStrings (x: " interface: ${x}\n") cfg.interfaces; - forward = optionalString (length cfg.forwardAddresses != 0) - "forward-zone:\n name: .\n" + - concatMapStrings (x: " forward-addr: ${x}\n") cfg.forwardAddresses; + isLocalAddress = x: substring 0 3 x == "::1" || substring 0 9 x == "127.0.0.1"; + + forward = + optionalString (any isLocalAddress cfg.forwardAddresses) '' + do-not-query-localhost: no + '' + + optionalString (cfg.forwardAddresses != []) '' + forward-zone: + name: . + '' + + concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses; rootTrustAnchorFile = "${stateDir}/root.key"; @@ -72,7 +80,11 @@ in extraConfig = mkOption { default = ""; type = types.str; - description = "Extra lines of unbound config."; + description = '' + Extra unbound config. See + <citerefentry><refentrytitle>unbound.conf</refentrytitle><manvolnum>8 + </manvolnum></citerefentry>. + ''; }; }; @@ -84,12 +96,9 @@ in environment.systemPackages = [ pkgs.unbound ]; - users.extraUsers = singleton { - name = "unbound"; - uid = config.ids.uids.unbound; + users.users.unbound = { description = "unbound daemon user"; - home = stateDir; - createHome = true; + isSystemUser = true; }; systemd.services.unbound = { @@ -107,12 +116,16 @@ in chown unbound ${stateDir} ${rootTrustAnchorFile} ''} touch ${stateDir}/dev/random - ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random + ${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random ''; serviceConfig = { ExecStart = "${pkgs.unbound}/bin/unbound -d -c ${stateDir}/unbound.conf"; ExecStopPost="${pkgs.utillinux}/bin/umount ${stateDir}/dev/random"; + + ProtectSystem = true; + ProtectHome = true; + PrivateDevices = true; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index 8a03dd65b335..7ea8b30d23d1 100644 --- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -32,10 +32,10 @@ in e.efl e.enlightenment e.terminology e.econnman pkgs.xorg.xauth # used by kdesu - pkgs.gtk # To get GTK+'s themes. + pkgs.gtk2 # To get GTK+'s themes. pkgs.tango-icon-theme pkgs.shared_mime_info - pkgs.gnome.gnomeicontheme + pkgs.gnome2.gnomeicontheme pkgs.xorg.xcursorthemes ]; diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index 634d2a39576a..51d7d905d587 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -69,7 +69,7 @@ in services.xserver.updateDbusEnvironment = true; environment.systemPackages = - [ pkgs.gtk # To get GTK+'s themes. + [ pkgs.gtk2 # To get GTK+'s themes. pkgs.hicolor_icon_theme pkgs.tango-icon-theme pkgs.shared_mime_info @@ -100,6 +100,7 @@ in pkgs.xfce.tumbler # found via dbus ] ++ optional config.powerManagement.enable pkgs.xfce.xfce4_power_manager + ++ optional config.networking.networkmanager.enable pkgs.networkmanagerapplet ++ optionals (!cfg.noDesktop) [ pkgs.xfce.xfce4panel pkgs.xfce.xfdesktop diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 47786f0a4321..33cd51f37c68 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -46,13 +46,15 @@ let [Seat:*] xserver-command = ${xserverWrapper} session-wrapper = ${dmcfg.session.script} + ${optionalString (elem defaultSessionName dmcfg.session.names) '' + user-session = ${defaultSessionName} + ''} ${optionalString cfg.greeter.enable '' greeter-session = ${cfg.greeter.name} ''} ${optionalString cfg.autoLogin.enable '' autologin-user = ${cfg.autoLogin.user} autologin-user-timeout = ${toString cfg.autoLogin.timeout} - autologin-session = ${defaultSessionName} ''} ${cfg.extraSeatDefaults} ''; |