diff options
Diffstat (limited to 'nixos/modules/services')
89 files changed, 596 insertions, 145 deletions
diff --git a/nixos/modules/services/audio/wyoming/faster-whisper.nix b/nixos/modules/services/audio/wyoming/faster-whisper.nix index dd7f62744cd0..0c36e8c9ab05 100644 --- a/nixos/modules/services/audio/wyoming/faster-whisper.nix +++ b/nixos/modules/services/audio/wyoming/faster-whisper.nix @@ -37,22 +37,13 @@ in enable = mkEnableOption (mdDoc "Wyoming faster-whisper server"); model = mkOption { - # Intersection between available and referenced models here: - # https://github.com/rhasspy/models/releases/tag/v1.0 - # https://github.com/rhasspy/rhasspy3/blob/wyoming-v1/programs/asr/faster-whisper/server/wyoming_faster_whisper/download.py#L17-L27 - type = enum [ - "tiny" - "tiny-int8" - "base" - "base-int8" - "small" - "small-int8" - "medium-int8" - ]; + type = str; default = "tiny-int8"; - example = "medium-int8"; + example = "Systran/faster-distil-whisper-small.en"; description = mdDoc '' Name of the voice model to use. + + Check the [2.0.0 release notes](https://github.com/rhasspy/wyoming-faster-whisper/releases/tag/v2.0.0) for possible values. ''; }; diff --git a/nixos/modules/services/desktop-managers/plasma6.nix b/nixos/modules/services/desktop-managers/plasma6.nix index 1cb7a7ea778b..e20b431f0b58 100644 --- a/nixos/modules/services/desktop-managers/plasma6.nix +++ b/nixos/modules/services/desktop-managers/plasma6.nix @@ -170,6 +170,7 @@ in { breeze.qt5 plasma-integration.qt5 pkgs.plasma5Packages.kwayland-integration + pkgs.plasma5Packages.kio kio-extras-kf5 ] # Optional hardware support features @@ -252,6 +253,7 @@ in { services.xserver.displayManager.sddm = { package = kdePackages.sddm; theme = mkDefault "breeze"; + wayland.compositor = "kwin"; extraPackages = with kdePackages; [ breeze-icons kirigami diff --git a/nixos/modules/services/desktops/pipewire/pipewire.nix b/nixos/modules/services/desktops/pipewire/pipewire.nix index 09448833620c..182615cd4d6c 100644 --- a/nixos/modules/services/desktops/pipewire/pipewire.nix +++ b/nixos/modules/services/desktops/pipewire/pipewire.nix @@ -95,6 +95,14 @@ in { enable = mkEnableOption (lib.mdDoc "JACK audio emulation"); }; + raopOpenFirewall = mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Opens UDP/6001-6002, required by RAOP/Airplay for timing and control data. + ''; + }; + pulse = { enable = mkEnableOption (lib.mdDoc "PulseAudio server emulation"); }; @@ -371,6 +379,8 @@ in { environment.sessionVariables.LD_LIBRARY_PATH = lib.mkIf cfg.jack.enable [ "${cfg.package.jack}/lib" ]; + networking.firewall.allowedUDPPorts = lib.mkIf cfg.raopOpenFirewall [ 6001 6002 ]; + users = lib.mkIf cfg.systemWide { users.pipewire = { uid = config.ids.uids.pipewire; diff --git a/nixos/modules/services/desktops/pipewire/wireplumber.nix b/nixos/modules/services/desktops/pipewire/wireplumber.nix index 5967ac36fa85..de177d0e4ef3 100644 --- a/nixos/modules/services/desktops/pipewire/wireplumber.nix +++ b/nixos/modules/services/desktops/pipewire/wireplumber.nix @@ -67,10 +67,12 @@ in ''; systemwideConfigPkg = pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/90-nixos-systemwide.conf" '' - # When running system-wide, we don't have logind to call ReserveDevice + # When running system-wide, we don't have logind to call ReserveDevice, + # And bluetooth logind integration needs to be disabled wireplumber.profiles = { main = { support.reserve-device = disabled + monitor.bluez.seat-monitoring = disabled } } ''; diff --git a/nixos/modules/services/display-managers/greetd.nix b/nixos/modules/services/display-managers/greetd.nix index c2d345152de9..5ce67c3fb3fd 100644 --- a/nixos/modules/services/display-managers/greetd.nix +++ b/nixos/modules/services/display-managers/greetd.nix @@ -61,6 +61,8 @@ in systemd.services."autovt@${tty}".enable = false; systemd.services.greetd = { + aliases = [ "display-manager.service" ]; + unitConfig = { Wants = [ "systemd-user-sessions.service" diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix index 546d52b1a3b5..6ec3807f0fb2 100644 --- a/nixos/modules/services/misc/etebase-server.nix +++ b/nixos/modules/services/misc/etebase-server.nix @@ -177,6 +177,7 @@ in systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ] ++ lib.optionals (cfg.unixSocket != null) [ "d '${builtins.dirOf cfg.unixSocket}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" ]; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 6be6ba7edf72..8c5ec2992eda 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, options, ... }: +{ config, pkgs, lib, options, utils, ... }: let inherit (lib) concatStrings foldl foldl' genAttrs literalExpression maintainers @@ -35,6 +35,7 @@ let "dovecot" "fastly" "flow" + "fritz" "fritzbox" "graphite" "idrac" @@ -94,10 +95,10 @@ let "zfs" ] (name: - import (./. + "/exporters/${name}.nix") { inherit config lib pkgs options; } + import (./. + "/exporters/${name}.nix") { inherit config lib pkgs options utils; } )) // (mapAttrs (name: params: - import (./. + "/exporters/${params.name}.nix") { inherit config lib pkgs options; type = params.type ; }) + import (./. + "/exporters/${params.name}.nix") { inherit config lib pkgs options utils; type = params.type ; }) { exportarr-bazarr = { name = "exportarr"; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix b/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix index a8a9f84ea8ea..de6cda18bc37 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix b/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix index bc67fe59b3b8..b3afdb596686 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/bind.nix b/nixos/modules/services/monitoring/prometheus/exporters/bind.nix index bd2003f06504..100446c1a4eb 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/bind.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/bind.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/bird.nix b/nixos/modules/services/monitoring/prometheus/exporters/bird.nix index 5f6c36f4c567..fc52135e3b45 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/bird.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/bird.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix b/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix index 330d54126448..45f00a04a86c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix index ce2c391de523..e8399e1bec80 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix b/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix index 0515b72b13f9..6bfadc3b7632 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix b/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix index f67596f05a3a..3b2b123bbd07 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix b/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix index 437cece588a7..a4a917b473ce 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix b/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix index ece42a34cb06..4cfee7c54a41 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/domain.nix b/nixos/modules/services/monitoring/prometheus/exporters/domain.nix index 61e2fc80afde..b2c8e6664c0f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/domain.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/domain.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix index 6fb438353a4c..df6b1ef3200c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix b/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix index 8511abbee1bd..c632b0290262 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options, type }: +{ config, lib, pkgs, options, type, ... }: let cfg = config.services.prometheus.exporters."exportarr-${type}"; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix b/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix index 2a8b7fc0818d..097ea3959478 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix @@ -2,6 +2,7 @@ , lib , pkgs , options +, ... }: let diff --git a/nixos/modules/services/monitoring/prometheus/exporters/flow.nix b/nixos/modules/services/monitoring/prometheus/exporters/flow.nix index 81099aaf1704..42292abeada2 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/flow.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/flow.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix new file mode 100644 index 000000000000..c3a962b576a5 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, utils, ... }: +let + inherit (lib) mkOption types mdDoc; + cfg = config.services.prometheus.exporters.fritz; + yaml = pkgs.formats.yaml { }; + configFile = yaml.generate "fritz-exporter.yaml" cfg.settings; +in +{ + port = 9787; + + extraOpts = { + settings = mkOption { + description = mdDoc "Configuration settings for fritz-exporter."; + type = types.submodule { + freeformType = yaml.type; + + options = { + # Pull existing port option into config file. + port = mkOption { + type = types.port; + default = cfg.port; + internal = true; + visible = false; + }; + # Pull existing listen address option into config file. + listen_address = mkOption { + type = types.str; + default = cfg.listenAddress; + internal = true; + visible = false; + }; + log_level = mkOption { + type = types.enum [ "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" ]; + default = "INFO"; + description = mdDoc '' + Log level to use for the exporter. + ''; + }; + devices = mkOption { + default = []; + description = "Fritz!-devices to monitor using the exporter."; + type = with types; listOf (submodule { + freeformType = yaml.type; + + options = { + name = mkOption { + type = types.str; + default = ""; + description = mdDoc '' + Name to use for the device. + ''; + }; + hostname = mkOption { + type = types.str; + default = "fritz.box"; + description = mdDoc '' + Hostname under which the target device is reachable. + ''; + }; + username = mkOption { + type = types.str; + description = mdDoc '' + Username to authenticate with the target device. + ''; + }; + password_file = mkOption { + type = types.path; + description = mdDoc '' + Path to a file which contains the password to authenticate with the target device. + Needs to be readable by the user the exporter runs under. + ''; + }; + host_info = mkOption { + type = types.bool; + description = mdDoc '' + Enable extended host info for this device. *Warning*: This will heavily increase scrape time. + ''; + default = false; + }; + }; + }); + }; + }; + }; + }; + }; + + serviceOpts = { + serviceConfig = { + ExecStart = utils.escapeSystemdExecArgs ([ + (lib.getExe pkgs.fritz-exporter) + "--config" configFile + ] ++ cfg.extraFlags); + DynamicUser = false; + }; + }; +} diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix b/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix index dc53d21406ff..7b881a8e2693 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix b/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix index 34a887104212..07c06afe1409 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: let cfg = config.services.prometheus.exporters.graphite; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix b/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix index f5604bc00ee0..78ae4826215c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; let diff --git a/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix b/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix index c5024a258e71..68fc63e40fcd 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix b/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix index 61c0c08d2250..d0d7f16bdadf 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix b/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix index 9adbe31d84d6..fe9734d33c7c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix b/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix index 024602718602..bc670ba9cc0e 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/json.nix b/nixos/modules/services/monitoring/prometheus/exporters/json.nix index 473f3a7e47e3..7f78985d80cd 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/json.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/json.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix b/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix index 15e0c9ecb177..72119d17fcb7 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/kea.nix b/nixos/modules/services/monitoring/prometheus/exporters/kea.nix index 3abb6ff6bdf8..ccfdd98b8db9 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/kea.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/kea.nix @@ -1,7 +1,8 @@ { config , lib , pkgs -, options +, utils +, ... }: with lib; @@ -9,18 +10,22 @@ with lib; let cfg = config.services.prometheus.exporters.kea; in { + imports = [ + (mkRenamedOptionModule [ "controlSocketPaths" ] [ "targets" ]) + ]; port = 9547; extraOpts = { - controlSocketPaths = mkOption { + targets = mkOption { type = types.listOf types.str; example = literalExpression '' [ "/run/kea/kea-dhcp4.socket" "/run/kea/kea-dhcp6.socket" + "http://127.0.0.1:8547" ] ''; description = lib.mdDoc '' - Paths to kea control sockets + Paths or URLs to the Kea control socket. ''; }; }; @@ -32,12 +37,11 @@ in { serviceConfig = { User = "kea"; DynamicUser = true; - ExecStart = '' - ${pkgs.prometheus-kea-exporter}/bin/kea-exporter \ - --address ${cfg.listenAddress} \ - --port ${toString cfg.port} \ - ${concatStringsSep " " cfg.controlSocketPaths} - ''; + ExecStart = utils.escapeSystemdExecArgs ([ + (lib.getExe pkgs.prometheus-kea-exporter) + "--address" cfg.listenAddress + "--port" cfg.port + ] ++ cfg.extraFlags ++ cfg.targets); RuntimeDirectory = "kea"; RuntimeDirectoryPreserve = true; RestrictAddressFamilies = [ diff --git a/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix b/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix index dfa56343b871..afdb664a0de5 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/knot.nix b/nixos/modules/services/monitoring/prometheus/exporters/knot.nix index 775848750803..0352aff8b013 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/knot.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/knot.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix b/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix index 9f914b1dc146..66d9c02f904b 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/mail.nix b/nixos/modules/services/monitoring/prometheus/exporters/mail.nix index 15079f5841f4..8c88f47ab86a 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/mail.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/mail.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix b/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix index 54dab4b5581a..a8dba75251d8 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/minio.nix b/nixos/modules/services/monitoring/prometheus/exporters/minio.nix index 82cc3fc314f2..e24d4f766e30 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/minio.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/minio.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix b/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix index 222ea3e5384f..0eb193c0021f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix b/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix index b36a09c60920..1ed6bbf0325d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix b/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix index 849c514de681..c6da052ccdf3 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: let cfg = config.services.prometheus.exporters.mysqld; inherit (lib) types mkOption mdDoc mkIf mkForce cli concatStringsSep optionalString escapeShellArgs; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix b/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix index 28a3eb6a134c..82deea6864e8 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix index 88dc79fc2503..339749226aa4 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix b/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix index 674dc9dd4158..b79a034e1384 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix index dd8602e2c63d..9b8a0d2c6bc2 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nut.nix b/nixos/modules/services/monitoring/prometheus/exporters/nut.nix index e58a394456a3..a14e379079b0 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nut.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nut.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix b/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix index 9e55cadae523..9587403c7802 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix b/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix index 8238f1ac1856..4ea5f64012c0 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix @@ -2,6 +2,7 @@ , lib , pkgs , options +, ... }: let diff --git a/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix b/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix index 6f403b3e58c8..4b7eca7493a6 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/ping.nix b/nixos/modules/services/monitoring/prometheus/exporters/ping.nix index af78b6bef625..bda5038a0c64 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/ping.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/ping.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix index 9f402b123110..ead8e806f85a 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix b/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix index 755d771ecdff..514b2d0c8f2d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/process.nix b/nixos/modules/services/monitoring/prometheus/exporters/process.nix index 278d6cd78074..86c71a88e28b 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/process.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/process.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/pve.nix b/nixos/modules/services/monitoring/prometheus/exporters/pve.nix index 83e740320df2..96db49d9591f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/pve.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/pve.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; let diff --git a/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix b/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix index f03b3c4df916..60243e0ed069 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/redis.nix b/nixos/modules/services/monitoring/prometheus/exporters/redis.nix index befbcb21f766..71f94a700efd 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/redis.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/redis.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/restic.nix b/nixos/modules/services/monitoring/prometheus/exporters/restic.nix index 977bd42e9812..12962af5f111 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/restic.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/restic.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix index f9dcfad07d30..8169d4075a9f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix b/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix index 1f7235cb7830..42b659501161 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: let cfg = config.services.prometheus.exporters.rtl_433; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix b/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix index b9ab305f7c08..0d937ac6673f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: let inherit (lib) mkOption types; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix b/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix index 3b6ebf65b090..d4c929d88b9c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix @@ -2,6 +2,7 @@ , lib , pkgs , options +, ... }: let diff --git a/nixos/modules/services/monitoring/prometheus/exporters/script.nix b/nixos/modules/services/monitoring/prometheus/exporters/script.nix index eab0e1d8a6b5..f37fa456d27c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/script.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/script.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix b/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix index b9cfd1b1e84a..1d2329dfbae1 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix b/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix index 50e1321a1e9c..1040e9ecadbd 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix b/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix index 459f5842f546..2bacc9cd7cac 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index 452cb154bcf6..207446e39f49 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/sql.nix b/nixos/modules/services/monitoring/prometheus/exporters/sql.nix index 678bc348679d..dbfa69678a0c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/sql.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/sql.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; let cfg = config.services.prometheus.exporters.sql; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix b/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix index d9d732d8c125..94df86167e8c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix b/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix index b1d6760b40b3..337ebd4ed66f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/tor.nix b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix index 7a9167110a27..b91f69aded3d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/tor.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix b/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix index f2336429d42f..2f4444a96c69 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix @@ -2,6 +2,7 @@ , lib , pkgs , options +, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix b/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix index 70f26d9783be..b7addcd56827 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix b/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix index 3b7f978528cd..aff1197a8775 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix b/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix index a019157c664b..7b21e5fc7cb7 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix index a7e5b41dffc6..98fbba82c8e9 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index 9b7590314936..127c8021a9f0 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix b/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix index ff12a52d49a9..21f6354cc4a2 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options }: +{ config, lib, pkgs, options, ... }: with lib; diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index eff13f69f470..4f5b77a5b685 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -86,7 +86,11 @@ in { config = mkIf config.services.dnscache.enable { environment.systemPackages = [ pkgs.djbdns ]; - users.users.dnscache.isSystemUser = true; + users.users.dnscache = { + isSystemUser = true; + group = "dnscache"; + }; + users.groups.dnscache = {}; systemd.services.dnscache = { description = "djbdns dnscache server"; diff --git a/nixos/modules/services/networking/mihomo.nix b/nixos/modules/services/networking/mihomo.nix new file mode 100644 index 000000000000..ae700603b529 --- /dev/null +++ b/nixos/modules/services/networking/mihomo.nix @@ -0,0 +1,118 @@ +# NOTE: +# cfg.configFile contains secrets such as proxy servers' credential! +# we dont want plaintext secrets in world-readable `/nix/store`. + +{ lib +, config +, pkgs +, ... +}: +let + cfg = config.services.mihomo; +in +{ + options.services.mihomo = { + enable = lib.mkEnableOption "Mihomo, A rule-based proxy in Go."; + + package = lib.mkPackageOption pkgs "mihomo" { }; + + configFile = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.path; + description = "Configuration file to use."; + }; + + webui = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.path; + description = '' + Local web interface to use. + + You can also use the following website, just in case: + - metacubexd: + - https://d.metacubex.one + - https://metacubex.github.io/metacubexd + - https://metacubexd.pages.dev + - yacd: + - https://yacd.haishan.me + - clash-dashboard (buggy): + - https://clash.razord.top + ''; + }; + + extraOpts = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.str; + description = "Extra command line options to use."; + }; + + tunMode = lib.mkEnableOption '' + necessary permission for Mihomo's systemd service for TUN mode to function properly. + + Keep in mind, that you still need to enable TUN mode manually in Mihomo's configuration. + ''; + }; + + config = lib.mkIf cfg.enable { + ### systemd service + systemd.services."mihomo" = { + description = "Mihomo daemon, A rule-based proxy in Go."; + documentation = [ "https://wiki.metacubex.one/" ]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = + { + ExecStart = lib.concatStringsSep " " [ + (lib.getExe cfg.package) + "-d /var/lib/private/mihomo" + (lib.optionalString (cfg.configFile != null) "-f \${CREDENTIALS_DIRECTORY}/config.yaml") + (lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}") + (lib.optionalString (cfg.extraOpts != null) cfg.extraOpts) + ]; + + DynamicUser = true; + StateDirectory = "mihomo"; + LoadCredential = "config.yaml:${cfg.configFile}"; + + ### Hardening + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + DeviceAllow = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RestrictNamespaces = true; + RestrictAddressFamilies = "AF_INET AF_INET6"; + SystemCallArchitectures = "native"; + SystemCallFilter = "@system-service bpf"; + UMask = "0077"; + } + // lib.optionalAttrs cfg.tunMode { + AmbientCapabilities = "CAP_NET_ADMIN"; + CapabilityBoundingSet = "CAP_NET_ADMIN"; + PrivateDevices = false; + PrivateUsers = false; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK"; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ Guanran928 ]; +} diff --git a/nixos/modules/services/networking/mycelium.nix b/nixos/modules/services/networking/mycelium.nix new file mode 100644 index 000000000000..9c4bca7c6861 --- /dev/null +++ b/nixos/modules/services/networking/mycelium.nix @@ -0,0 +1,133 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.mycelium; +in +{ + options.services.mycelium = { + enable = lib.mkEnableOption "mycelium network"; + peers = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = '' + List of peers to connect to, in the formats: + - `quic://[2001:0db8::1]:9651` + - `quic://192.0.2.1:9651` + - `tcp://[2001:0db8::1]:9651` + - `tcp://192.0.2.1:9651` + + If addHostedPublicNodes is set to true, the hosted public nodes will also be added. + ''; + default = [ ]; + }; + keyFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Optional path to a file containing the mycelium key material. + If unset, the default location (`/var/lib/mycelium/key.bin`) will be used. + If no key exist at this location, it will be generated on startup. + ''; + }; + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open the firewall for mycelium"; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.mycelium; + defaultText = lib.literalExpression ''"''${pkgs.mycelium}"''; + description = "The mycelium package to use"; + }; + addHostedPublicNodes = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Adds the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes. + ''; + }; + }; + config = lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ 9651 ]; + networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 9650 9651 ]; + + systemd.services.mycelium = { + description = "Mycelium network"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ + cfg.keyFile + ]; + + unitConfig.Documentation = "https://github.com/threefoldtech/mycelium"; + + serviceConfig = { + User = "mycelium"; + DynamicUser = true; + StateDirectory = "mycelium"; + ProtectHome = true; + ProtectSystem = true; + LoadCredential = lib.mkIf (cfg.keyFile != null) "keyfile:${cfg.keyFile}"; + SyslogIdentifier = "mycelium"; + AmbientCapabilities = [ "CAP_NET_ADMIN" ]; + MemoryDenyWriteExecute = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged @keyring" ]; + ExecStart = lib.concatStringsSep " " ([ + (lib.getExe cfg.package) + (if (cfg.keyFile != null) then + "--key-file \${CREDENTIALS_DIRECTORY}/keyfile" else + "--key-file %S/mycelium/key.bin" + ) + "--tun-name" + "mycelium" + ] ++ + (lib.optional (cfg.addHostedPublicNodes || cfg.peers != [ ]) "--peers") + ++ cfg.peers ++ (lib.optionals cfg.addHostedPublicNodes [ + "tcp://188.40.132.242:9651" # DE 01 + "tcp://[2a01:4f8:221:1e0b::2]:9651" + "quic://188.40.132.242:9651" + "quic://[2a01:4f8:221:1e0b::2]:9651" + + "tcp://136.243.47.186:9651" # DE 02 + "tcp://[2a01:4f8:212:fa6::2]:9651" + "quic://136.243.47.186:9651" + "quic://[2a01:4f8:212:fa6::2]:9651" + + "tcp://185.69.166.7:9651" # BE 03 + "tcp://[2a02:1802:5e:0:8478:51ff:fee2:3331]:9651" + "quic://185.69.166.7:9651" + "quic://[2a02:1802:5e:0:8478:51ff:fee2:3331]:9651" + + "tcp://185.69.166.8:9651" # BE 04 + "tcp://[2a02:1802:5e:0:8c9e:7dff:fec9:f0d2]:9651" + "quic://185.69.166.8:9651" + "quic://[2a02:1802:5e:0:8c9e:7dff:fec9:f0d2]:9651" + + "tcp://65.21.231.58:9651" # FI 05 + "tcp://[2a01:4f9:6a:1dc5::2]:9651" + "quic://65.21.231.58:9651" + "quic://[2a01:4f9:6a:1dc5::2]:9651" + + "tcp://65.109.18.113:9651" # FI 06 + "tcp://[2a01:4f9:5a:1042::2]:9651" + "quic://65.109.18.113:9651" + "quic://[2a01:4f9:5a:1042::2]:9651" + ])); + Restart = "always"; + RestartSec = 5; + TimeoutStopSec = 5; + }; + }; + }; + meta = { + maintainers = with lib.maintainers; [ flokli lassulus ]; + }; +} + diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index b7f0d9373608..573a02cbda9e 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -101,7 +101,23 @@ let pre-down = "pre-down.d/"; }; - macAddressOpt = mkOption { + macAddressOptWifi = mkOption { + type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" "stable-ssid" ]); + default = "preserve"; + example = "00:11:22:33:44:55"; + description = lib.mdDoc '' + Set the MAC address of the interface. + + - `"XX:XX:XX:XX:XX:XX"`: MAC address of the interface + - `"permanent"`: Use the permanent MAC address of the device + - `"preserve"`: Don’t change the MAC address of the device upon activation + - `"random"`: Generate a randomized value upon each connect + - `"stable"`: Generate a stable, hashed MAC address + - `"stable-ssid"`: Generate a stable MAC addressed based on Wi-Fi network + ''; + }; + + macAddressOptEth = mkOption { type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" ]); default = "preserve"; example = "00:11:22:33:44:55"; @@ -258,10 +274,10 @@ in ''; }; - ethernet.macAddress = macAddressOpt; + ethernet.macAddress = macAddressOptEth; wifi = { - macAddress = macAddressOpt; + macAddress = macAddressOptWifi; backend = mkOption { type = types.enum [ "wpa_supplicant" "iwd" ]; diff --git a/nixos/modules/services/web-apps/pretix.nix b/nixos/modules/services/web-apps/pretix.nix index 500b2eb5416b..2355f8c450a1 100644 --- a/nixos/modules/services/web-apps/pretix.nix +++ b/nixos/modules/services/web-apps/pretix.nix @@ -479,7 +479,7 @@ in CapabilityBoundingSet = [ "" ]; DevicePolicy = "closed"; LockPersonality = true; - MemoryDenyWriteExecute = true; + MemoryDenyWriteExecute = false; # required by pdftk NoNewPrivileges = true; PrivateDevices = true; PrivateTmp = true; @@ -535,6 +535,7 @@ in fi ''; serviceConfig = { + TimeoutStartSec = "5min"; ExecStart = "${getExe' pythonEnv "gunicorn"} --bind unix:/run/pretix/pretix.sock ${cfg.gunicorn.extraArgs} pretix.wsgi"; RuntimeDirectory = "pretix"; }; diff --git a/nixos/modules/services/web-apps/suwayomi-server.md b/nixos/modules/services/web-apps/suwayomi-server.md index ff1e06c8a53a..18e7a631443f 100644 --- a/nixos/modules/services/web-apps/suwayomi-server.md +++ b/nixos/modules/services/web-apps/suwayomi-server.md @@ -101,6 +101,9 @@ Not all the configuration options are available directly in this module, but you port = 4567; autoDownloadNewChapters = false; maxSourcesInParallel" = 6; + extensionRepos = [ + "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" + ]; }; }; }; diff --git a/nixos/modules/services/web-apps/suwayomi-server.nix b/nixos/modules/services/web-apps/suwayomi-server.nix index 94dbe6f99356..99c6ea2a36e6 100644 --- a/nixos/modules/services/web-apps/suwayomi-server.nix +++ b/nixos/modules/services/web-apps/suwayomi-server.nix @@ -102,6 +102,17 @@ in ''; }; + extensionRepos = mkOption { + type = types.listOf types.str; + default = []; + example = [ + "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" + ]; + description = mdDoc '' + URL of repositories from which the extensions can be installed. + ''; + }; + localSourcePath = mkOption { type = types.path; default = cfg.dataDir; diff --git a/nixos/modules/services/x11/desktop-managers/budgie.nix b/nixos/modules/services/x11/desktop-managers/budgie.nix index dfc5450d1c81..466ef5c565b7 100644 --- a/nixos/modules/services/x11/desktop-managers/budgie.nix +++ b/nixos/modules/services/x11/desktop-managers/budgie.nix @@ -146,7 +146,6 @@ in { mate.atril mate.engrampa mate.mate-calc - mate.mate-terminal mate.mate-system-monitor vlc @@ -160,6 +159,9 @@ in { ] config.environment.budgie.excludePackages) ++ cfg.sessionPath; + # Both budgie-desktop-view and nemo defaults to this emulator. + programs.gnome-terminal.enable = mkDefault true; + # Fonts. fonts.packages = [ pkgs.noto-fonts @@ -214,7 +216,6 @@ in { services.colord.enable = mkDefault true; # for BCC's Color panel. services.gnome.at-spi2-core.enable = mkDefault true; # for BCC's A11y panel. services.accounts-daemon.enable = mkDefault true; # for BCC's Users panel. - services.fprintd.enable = mkDefault true; # for BCC's Users panel. services.udisks2.enable = mkDefault true; # for BCC's Details panel. # For BCC's Online Accounts panel. diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 5b7f4bc58d80..a315a3ebf322 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -1,19 +1,24 @@ { config, lib, pkgs, ... }: -with lib; let xcfg = config.services.xserver; dmcfg = xcfg.displayManager; cfg = dmcfg.sddm; xEnv = config.systemd.services.display-manager.environment; - sddm = cfg.package.override(old: { + sddm = cfg.package.override (old: { withWayland = cfg.wayland.enable; - extraPackages = old.extraPackages or [] ++ cfg.extraPackages; + extraPackages = old.extraPackages or [ ] ++ cfg.extraPackages; }); iniFmt = pkgs.formats.ini { }; + inherit (lib) + concatMapStrings concatStringsSep getExe + attrNames getAttr optionalAttrs optionalString + mkRemovedOptionModule mkRenamedOptionModule mkIf mkEnableOption mkOption mkPackageOption types + ; + xserverWrapper = pkgs.writeShellScript "xserver-wrapper" '' ${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)} exec systemd-cat -t xserver-wrapper ${dmcfg.xserverBin} ${toString dmcfg.xserverArgs} "$@" @@ -38,12 +43,21 @@ let DefaultSession = optionalString (dmcfg.defaultSession != null) "${dmcfg.defaultSession}.desktop"; DisplayServer = if cfg.wayland.enable then "wayland" else "x11"; + } // optionalAttrs (cfg.wayland.compositor == "kwin") { + GreeterEnvironment = concatStringsSep " " [ + "LANG=C.UTF-8" + "QT_WAYLAND_SHELL_INTEGRATION=layer-shell" + ]; + InputMethod = ""; # needed if we are using --inputmethod with kwin }; Theme = { Current = cfg.theme; ThemeDir = "/run/current-system/sw/share/sddm/themes"; FacesDir = "/run/current-system/sw/share/sddm/faces"; + } // optionalAttrs (cfg.theme == "breeze") { + CursorTheme = "breeze_cursors"; + CursorSize = 24; }; Users = { @@ -69,7 +83,7 @@ let SessionDir = "${dmcfg.sessionData.desktops}/share/wayland-sessions"; CompositorCommand = lib.optionalString cfg.wayland.enable cfg.wayland.compositorCommand; }; - } // lib.optionalAttrs dmcfg.autoLogin.enable { + } // optionalAttrs dmcfg.autoLogin.enable { Autologin = { User = dmcfg.autoLogin.user; Session = autoLoginSessionName; @@ -83,6 +97,34 @@ let autoLoginSessionName = "${dmcfg.sessionData.autologinSession}.desktop"; + compositorCmds = { + kwin = concatStringsSep " " [ + "${lib.getBin pkgs.kdePackages.kwin}/bin/kwin_wayland" + "--no-global-shortcuts" + "--no-kactivities" + "--no-lockscreen" + "--locale1" + ]; + # This is basically the upstream default, but with Weston referenced by full path + # and the configuration generated from NixOS options. + weston = + let + westonIni = (pkgs.formats.ini { }).generate "weston.ini" { + libinput = { + enable-tap = xcfg.libinput.mouse.tapping; + left-handed = xcfg.libinput.mouse.leftHanded; + }; + keyboard = { + keymap_model = xcfg.xkb.model; + keymap_layout = xcfg.xkb.layout; + keymap_variant = xcfg.xkb.variant; + keymap_options = xcfg.xkb.options; + }; + }; + in + "${getExe pkgs.weston} --shell=kiosk -c ${westonIni}"; + }; + in { imports = [ @@ -111,7 +153,7 @@ in ''; }; - package = mkPackageOption pkgs [ "plasma5Packages" "sddm" ] {}; + package = mkPackageOption pkgs [ "plasma5Packages" "sddm" ] { }; enableHidpi = mkOption { type = types.bool; @@ -145,7 +187,7 @@ in extraPackages = mkOption { type = types.listOf types.package; - default = []; + default = [ ]; defaultText = "[]"; description = lib.mdDoc '' Extra Qt plugins / QML libraries to add to the environment. @@ -206,24 +248,16 @@ in wayland = { enable = mkEnableOption "experimental Wayland support"; + compositor = mkOption { + description = lib.mdDoc "The compositor to use: ${lib.concatStringsSep ", " (builtins.attrNames compositorCmds)}"; + type = types.enum (builtins.attrNames compositorCmds); + default = "weston"; + }; + compositorCommand = mkOption { type = types.str; internal = true; - - # This is basically the upstream default, but with Weston referenced by full path - # and the configuration generated from NixOS options. - default = let westonIni = (pkgs.formats.ini {}).generate "weston.ini" { - libinput = { - enable-tap = xcfg.libinput.mouse.tapping; - left-handed = xcfg.libinput.mouse.leftHanded; - }; - keyboard = { - keymap_model = xcfg.xkb.model; - keymap_layout = xcfg.xkb.layout; - keymap_variant = xcfg.xkb.variant; - keymap_options = xcfg.xkb.options; - }; - }; in "${pkgs.weston}/bin/weston --shell=kiosk -c ${westonIni}"; + default = compositorCmds.${cfg.wayland.compositor}; description = lib.mdDoc "Command used to start the selected compositor"; }; }; @@ -247,8 +281,6 @@ in } ]; - services.xserver.displayManager.job.execCmd = "exec /run/current-system/sw/bin/sddm"; - security.pam.services = { sddm.text = '' auth substack login @@ -293,30 +325,41 @@ in uid = config.ids.uids.sddm; }; - environment.etc."sddm.conf".source = cfgFile; - environment.pathsToLink = [ - "/share/sddm" - ]; + environment = { + etc."sddm.conf".source = cfgFile; + pathsToLink = [ + "/share/sddm" + ]; + systemPackages = [ sddm ]; + }; users.groups.sddm.gid = config.ids.gids.sddm; - environment.systemPackages = [ sddm ]; - services.dbus.packages = [ sddm ]; - systemd.tmpfiles.packages = [ sddm ]; - - # We're not using the upstream unit, so copy these: https://github.com/sddm/sddm/blob/develop/services/sddm.service.in - systemd.services.display-manager.after = [ - "systemd-user-sessions.service" - "getty@tty7.service" - "plymouth-quit.service" - "systemd-logind.service" - ]; - systemd.services.display-manager.conflicts = [ - "getty@tty7.service" - ]; + services = { + dbus.packages = [ sddm ]; + xserver = { + displayManager.job.execCmd = "exec /run/current-system/sw/bin/sddm"; + # To enable user switching, allow sddm to allocate TTYs/displays dynamically. + tty = null; + display = null; + }; + }; - # To enable user switching, allow sddm to allocate TTYs/displays dynamically. - services.xserver.tty = null; - services.xserver.display = null; + systemd = { + tmpfiles.packages = [ sddm ]; + + # We're not using the upstream unit, so copy these: https://github.com/sddm/sddm/blob/develop/services/sddm.service.in + services.display-manager = { + after = [ + "systemd-user-sessions.service" + "getty@tty7.service" + "plymouth-quit.service" + "systemd-logind.service" + ]; + conflicts = [ + "getty@tty7.service" + ]; + }; + }; }; } diff --git a/nixos/modules/services/x11/window-managers/nimdow.nix b/nixos/modules/services/x11/window-managers/nimdow.nix index de3192876024..9cee4bb271a5 100644 --- a/nixos/modules/services/x11/window-managers/nimdow.nix +++ b/nixos/modules/services/x11/window-managers/nimdow.nix @@ -8,16 +8,23 @@ in { options = { services.xserver.windowManager.nimdow.enable = mkEnableOption (lib.mdDoc "nimdow"); + services.xserver.windowManager.nimdow.package = mkOption { + type = types.package; + default = pkgs.nimdow; + defaultText = "pkgs.nimdow"; + description = lib.mdDoc "nimdow package to use"; + }; }; + config = mkIf cfg.enable { services.xserver.windowManager.session = singleton { name = "nimdow"; start = '' - ${pkgs.nimdow}/bin/nimdow & + ${cfg.package}/bin/nimdow & waitPID=$! ''; }; - environment.systemPackages = [ pkgs.nimdow ]; + environment.systemPackages = [ cfg.package pkgs.st ]; }; } diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 3d7474e18263..4e0235f9ad1d 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -749,7 +749,7 @@ in boot.kernel.sysctl."fs.inotify.max_user_instances" = mkDefault 524288; boot.kernel.sysctl."fs.inotify.max_user_watches" = mkDefault 524288; - programs.gnupg.agent.pinentryPackage = lib.mkDefault pkgs.pinentry-gnome3; + programs.gnupg.agent.pinentryPackage = lib.mkOverride 1100 pkgs.pinentry-gnome3; systemd.defaultUnit = mkIf cfg.autorun "graphical.target"; |