diff options
Diffstat (limited to 'nixos/modules/services')
30 files changed, 325 insertions, 328 deletions
diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix index f709dd7fe16b..b0b9264e8166 100644 --- a/nixos/modules/services/audio/snapserver.nix +++ b/nixos/modules/services/audio/snapserver.nix @@ -4,7 +4,6 @@ with lib; let - package = "snapcast"; name = "snapserver"; cfg = config.services.snapserver; diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 5e46bfc4240f..143b41f57f6a 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -72,13 +72,6 @@ let default = null; }; }; - - kubeConfigDefaults = { - server = mkDefault cfg.kubeconfig.server; - caFile = mkDefault cfg.kubeconfig.caFile; - certFile = mkDefault cfg.kubeconfig.certFile; - keyFile = mkDefault cfg.kubeconfig.keyFile; - }; in { ###### interface diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix index ccc8a16e788a..4c5df96bcc6a 100644 --- a/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -28,13 +28,6 @@ let kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig; - manifests = pkgs.buildEnv { - name = "kubernetes-manifests"; - paths = mapAttrsToList (name: manifest: - pkgs.writeTextDir "${name}.json" (builtins.toJSON manifest) - ) cfg.manifests; - }; - manifestPath = "kubernetes/manifests"; taintOptions = with lib.types; { name, ... }: { diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index e68660e8bdd4..47384ae50a07 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -118,7 +118,6 @@ in cfsslCertPathPrefix = "${config.services.cfssl.dataDir}/cfssl"; cfsslCert = "${cfsslCertPathPrefix}.pem"; cfsslKey = "${cfsslCertPathPrefix}-key.pem"; - cfsslPort = toString config.services.cfssl.port; certmgrPaths = [ top.caFile diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index bf4b644c9b86..b0b1ebeab45f 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -47,14 +47,14 @@ services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x After running <command>nixos-rebuild</command>, you can verify whether FoundationDB is running by executing <command>fdbcli</command> (which is added to <option>environment.systemPackages</option>): -<programlisting> -$ sudo -u foundationdb fdbcli +<screen> +<prompt>$ </prompt>sudo -u foundationdb fdbcli Using cluster file `/etc/foundationdb/fdb.cluster'. The database is available. Welcome to the fdbcli. For help, type `help'. -fdb> status +<prompt>fdb> </prompt>status Using cluster file `/etc/foundationdb/fdb.cluster'. @@ -72,8 +72,8 @@ Cluster: ... -fdb> -</programlisting> +<prompt>fdb></prompt> +</screen> </para> <para> @@ -82,8 +82,8 @@ fdb> cluster status, as a quick example. (This example uses <command>nix-shell</command> shebang support to automatically supply the necessary Python modules). -<programlisting> -a@link> cat fdb-status.py +<screen> +<prompt>a@link> </prompt>cat fdb-status.py #! /usr/bin/env nix-shell #! nix-shell -i python -p python pythonPackages.foundationdb52 @@ -103,11 +103,11 @@ def main(): if __name__ == "__main__": main() -a@link> chmod +x fdb-status.py -a@link> ./fdb-status.py +<prompt>a@link> </prompt>chmod +x fdb-status.py +<prompt>a@link> </prompt>./fdb-status.py FoundationDB available: True -a@link> -</programlisting> +<prompt>a@link></prompt> +</screen> </para> <para> @@ -266,10 +266,10 @@ services.foundationdb.dataDir = "/data/fdb"; <emphasis>every</emphasis> node a coordinator automatically: </para> -<programlisting> -fdbcli> configure double ssd -fdbcli> coordinators auto -</programlisting> +<screen> +<prompt>fdbcli> </prompt>configure double ssd +<prompt>fdbcli> </prompt>coordinators auto +</screen> <para> This will transparently update all the servers within seconds, and @@ -386,10 +386,10 @@ services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; You can now perform a backup: </para> -<programlisting> -$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups -$ sudo -u foundationdb fdbbackup status -t default -</programlisting> +<screen> +<prompt>$ </prompt>sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups +<prompt>$ </prompt>sudo -u foundationdb fdbbackup status -t default +</screen> </section> <section xml:id="module-services-foundationdb-limitations"> <title>Known limitations</title> diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 14f4d4909bc0..00bb02dcc5bf 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -42,11 +42,11 @@ whether PostgreSQL works by running <command>psql</command>: <screen> -$ psql +<prompt>$ </prompt>psql psql (9.2.9) Type "help" for help. -alice=> +<prompt>alice=></prompt> </screen> --> diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 8045d5fa14f8..fb27bd1f62b2 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -21,7 +21,7 @@ <filename>configuration.nix</filename>: <programlisting> <xref linkend="opt-services.flatpak.enable"/> = true; - </programlisting> +</programlisting> </para> <para> For the sandboxed apps to work correctly, desktop integration portals need to @@ -30,27 +30,27 @@ <filename>configuration.nix</filename>: <programlisting> <xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ]; - </programlisting> +</programlisting> </para> <para> Then, you will need to add a repository, for example, <link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>, either using the following commands: -<programlisting> - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - flatpak update - </programlisting> +<screen> +<prompt>$ </prompt>flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +<prompt>$ </prompt>flatpak update +</screen> or by opening the <link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository file</link> in GNOME Software. </para> <para> Finally, you can search and install programs: -<programlisting> - flatpak search bustle - flatpak install flathub org.freedesktop.Bustle - flatpak run org.freedesktop.Bustle - </programlisting> +<screen> +<prompt>$ </prompt>flatpak search bustle +<prompt>$ </prompt>flatpak install flathub org.freedesktop.Bustle +<prompt>$ </prompt>flatpak run org.freedesktop.Bustle +</screen> Again, GNOME Software offers graphical interface for these tasks. </para> </chapter> diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 1ac53c818a7f..88d7c4e1daf0 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -238,8 +238,8 @@ in <para> You can check that it works by executing this in a terminal: <screen> -$ nix-build emacs.nix -$ ./result/bin/emacs -q +<prompt>$ </prompt>nix-build emacs.nix +<prompt>$ </prompt>./result/bin/emacs -q </screen> and then typing <literal>M-x package-initialize</literal>. Check that you can use all the packages you want in this Emacs instance. For example, try @@ -403,9 +403,9 @@ in [...] <para> To start the daemon, execute the following: <screen> -$ nixos-rebuild switch # to activate the new configuration.nix -$ systemctl --user daemon-reload # to force systemd reload -$ systemctl --user start emacs.service # to start the Emacs daemon +<prompt>$ </prompt>nixos-rebuild switch # to activate the new configuration.nix +<prompt>$ </prompt>systemctl --user daemon-reload # to force systemd reload +<prompt>$ </prompt>systemctl --user start emacs.service # to start the Emacs daemon </screen> The server should now be ready to serve Emacs clients. </para> diff --git a/nixos/modules/services/hardware/triggerhappy.nix b/nixos/modules/services/hardware/triggerhappy.nix index bffe7353b10e..a500cb4fc367 100644 --- a/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixos/modules/services/hardware/triggerhappy.nix @@ -17,7 +17,7 @@ let ${cfg.extraConfig} ''; - bindingCfg = { config, ... }: { + bindingCfg = { ... }: { options = { keys = mkOption { diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index c9ba86780213..5541b8b79b7e 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.services.rspamd; - opts = options.services.rspamd; postfixCfg = config.services.postfix; bindSocketOpts = {options, config, ... }: { diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index ab99d7bd3a60..5ff570a442f6 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -138,13 +138,13 @@ services.gitlab = { <para> For example, to backup a Gitlab instance: -<programlisting> -$ sudo -u git -H gitlab-rake gitlab:backup:create -</programlisting> +<screen> +<prompt>$ </prompt>sudo -u git -H gitlab-rake gitlab:backup:create +</screen> A list of all availabe rake tasks can be obtained by running: -<programlisting> -$ sudo -u git -H gitlab-rake -T -</programlisting> +<screen> +<prompt>$ </prompt>sudo -u git -H gitlab-rake -T +</screen> </para> </section> </chapter> diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index 5eac8d9ef784..5656bb85b373 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -105,7 +105,7 @@ Now in order to import the <literal>alice</literal> user to another machine <literal>alicebox</literal>, all we need to do is something like this: <screen> -$ ssh server nixos-taskserver user export my-company alice | sh +<prompt>$ </prompt>ssh server nixos-taskserver user export my-company alice | sh </screen> Of course, if no SSH daemon is available on the server you can also copy & paste it directly into a shell. diff --git a/nixos/modules/services/monitoring/alerta.nix b/nixos/modules/services/monitoring/alerta.nix index 8f4258e26ded..d423a91993c7 100644 --- a/nixos/modules/services/monitoring/alerta.nix +++ b/nixos/modules/services/monitoring/alerta.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/monitoring/grafana-reporter.nix b/nixos/modules/services/monitoring/grafana-reporter.nix index 827cf6322cfd..b5a78e4583e1 100644 --- a/nixos/modules/services/monitoring/grafana-reporter.nix +++ b/nixos/modules/services/monitoring/grafana-reporter.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/monitoring/kapacitor.nix b/nixos/modules/services/monitoring/kapacitor.nix index a4bdfa8f8053..cc4074be111b 100644 --- a/nixos/modules/services/monitoring/kapacitor.nix +++ b/nixos/modules/services/monitoring/kapacitor.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index 7a0a1bdf2c14..81ac998729be 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -112,65 +112,65 @@ directory, which will be called postfix.nix and contains all exporter specific options and configuration: <programlisting> - # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix - { config, lib, pkgs }: +# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix +{ config, lib, pkgs }: - with lib; +with lib; - let - # for convenience we define cfg here - cfg = config.services.prometheus.exporters.postfix; - in - { - port = 9154; # The postfix exporter listens on this port by default +let + # for convenience we define cfg here + cfg = config.services.prometheus.exporters.postfix; +in +{ + port = 9154; # The postfix exporter listens on this port by default - # `extraOpts` is an attribute set which contains additional options - # (and optional overrides for default options). - # Note that this attribute is optional. - extraOpts = { - telemetryPath = mkOption { - type = types.str; - default = "/metrics"; - description = '' - Path under which to expose metrics. - ''; - }; - logfilePath = mkOption { - type = types.path; - default = /var/log/postfix_exporter_input.log; - example = /var/log/mail.log; - description = '' - Path where Postfix writes log entries. - This file will be truncated by this exporter! - ''; - }; - showqPath = mkOption { - type = types.path; - default = /var/spool/postfix/public/showq; - example = /var/lib/postfix/queue/public/showq; - description = '' - Path at which Postfix places its showq socket. - ''; - }; - }; + # `extraOpts` is an attribute set which contains additional options + # (and optional overrides for default options). + # Note that this attribute is optional. + extraOpts = { + telemetryPath = mkOption { + type = types.str; + default = "/metrics"; + description = '' + Path under which to expose metrics. + ''; + }; + logfilePath = mkOption { + type = types.path; + default = /var/log/postfix_exporter_input.log; + example = /var/log/mail.log; + description = '' + Path where Postfix writes log entries. + This file will be truncated by this exporter! + ''; + }; + showqPath = mkOption { + type = types.path; + default = /var/spool/postfix/public/showq; + example = /var/lib/postfix/queue/public/showq; + description = '' + Path at which Postfix places its showq socket. + ''; + }; + }; - # `serviceOpts` is an attribute set which contains configuration - # for the exporter's systemd service. One of - # `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart` - # has to be specified here. This will be merged with the default - # service confiuration. - serviceOpts = { - serviceConfig = { - ExecStart = '' - ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ - --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - --web.telemetry-path ${cfg.telemetryPath} \ - ${concatStringsSep " \\\n " cfg.extraFlags} - ''; - }; - }; - } - </programlisting> + # `serviceOpts` is an attribute set which contains configuration + # for the exporter's systemd service. One of + # `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart` + # has to be specified here. This will be merged with the default + # service confiuration. + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --web.telemetry-path ${cfg.telemetryPath} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} +</programlisting> </para> </listitem> <listitem> diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 10dc58311212..69368441c62c 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -86,10 +86,10 @@ in <note> <para>If you use the firewall consider adding the following:</para> - <programlisting> - networking.firewall.allowedTCPPorts = [ 139 445 ]; - networking.firewall.allowedUDPPorts = [ 137 138 ]; - </programlisting> + <programlisting> + networking.firewall.allowedTCPPorts = [ 139 445 ]; + networking.firewall.allowedUDPPorts = [ 137 138 ]; + </programlisting> </note> ''; }; diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 4c91a0c415b6..ddcfe3d77e2f 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -1,10 +1,8 @@ -# Avahi daemon. { config, lib, pkgs, ... }: with lib; let - cfg = config.services.avahi; yesNo = yes : if yes then "yes" else "no"; @@ -39,215 +37,245 @@ let enable-reflector=${yesNo reflector} ${extraConfig} ''; - in - { + options.services.avahi = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to run the Avahi daemon, which allows Avahi clients + to use Avahi's service discovery facilities and also allows + the local machine to advertise its presence and services + (through the mDNS responder implemented by `avahi-daemon'). + ''; + }; - ###### interface + hostName = mkOption { + type = types.str; + default = config.networking.hostName; + defaultText = literalExample "config.networking.hostName"; + description = '' + Host name advertised on the LAN. If not set, avahi will use the value + of <option>config.networking.hostName</option>. + ''; + }; - options = { + domainName = mkOption { + type = types.str; + default = "local"; + description = '' + Domain name for all advertisements. + ''; + }; - services.avahi = { + browseDomains = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "0pointer.de" "zeroconf.org" ]; + description = '' + List of non-local DNS domains to be browsed. + ''; + }; - enable = mkOption { - default = false; - description = '' - Whether to run the Avahi daemon, which allows Avahi clients - to use Avahi's service discovery facilities and also allows - the local machine to advertise its presence and services - (through the mDNS responder implemented by `avahi-daemon'). - ''; - }; + ipv4 = mkOption { + type = types.bool; + default = true; + description = "Whether to use IPv4."; + }; - hostName = mkOption { - type = types.str; - description = '' - Host name advertised on the LAN. If not set, avahi will use the value - of config.networking.hostName. - ''; - }; + ipv6 = mkOption { + type = types.bool; + default = false; + description = "Whether to use IPv6."; + }; - domainName = mkOption { - type = types.str; - default = "local"; - description = '' - Domain name for all advertisements. - ''; - }; + interfaces = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = '' + List of network interfaces that should be used by the <command>avahi-daemon</command>. + Other interfaces will be ignored. If <literal>null</literal>, all local interfaces + except loopback and point-to-point will be used. + ''; + }; - browseDomains = mkOption { - default = [ ]; - example = [ "0pointer.de" "zeroconf.org" ]; - description = '' - List of non-local DNS domains to be browsed. - ''; - }; + openFirewall = mkOption { + type = types.bool; + default = true; + description = '' + Whether to open the firewall for UDP port 5353. + ''; + }; - ipv4 = mkOption { - default = true; - description = ''Whether to use IPv4''; - }; + allowPointToPoint = mkOption { + type = types.bool; + default = false; + description= '' + Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large + latencies with such links and opens a potential security hole by allowing mDNS access from Internet + connections. + ''; + }; - ipv6 = mkOption { - default = false; - description = ''Whether to use IPv6''; - }; + wideArea = mkOption { + type = types.bool; + default = true; + description = "Whether to enable wide-area service discovery."; + }; - interfaces = mkOption { - type = types.nullOr (types.listOf types.str); - default = null; - description = '' - List of network interfaces that should be used by the <command>avahi-daemon</command>. - Other interfaces will be ignored. If <literal>null</literal> all local interfaces - except loopback and point-to-point will be used. - ''; - }; + reflector = mkOption { + type = types.bool; + default = false; + description = "Reflect incoming mDNS requests to all allowed network interfaces."; + }; - allowPointToPoint = mkOption { - default = false; - description= '' - Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large - latencies with such links and opens a potential security hole by allowing mDNS access from Internet - connections. Use with care and YMMV! - ''; - }; + extraServiceFiles = mkOption { + type = with types; attrsOf (either str path); + default = {}; + example = literalExample '' + { + ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; + smb = ''' + <?xml version="1.0" standalone='no'?><!--*-nxml-*--> + <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> + <service-group> + <name replace-wildcards="yes">%h</name> + <service> + <type>_smb._tcp</type> + <port>445</port> + </service> + </service-group> + '''; + } + ''; + description = '' + Specify custom service definitions which are placed in the avahi service directory. + See the <citerefentry><refentrytitle>avahi.service</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> manpage for detailed information. + ''; + }; - wideArea = mkOption { - default = true; - description = ''Whether to enable wide-area service discovery.''; + publish = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to allow publishing in general."; }; - reflector = mkOption { + userServices = mkOption { + type = types.bool; default = false; - description = ''Reflect incoming mDNS requests to all allowed network interfaces.''; + description = "Whether to publish user services. Will set <literal>addresses=true</literal>."; }; - publish = { - enable = mkOption { - default = false; - description = ''Whether to allow publishing in general.''; - }; - - userServices = mkOption { - default = false; - description = ''Whether to publish user services. Will set <literal>addresses=true</literal>.''; - }; - - addresses = mkOption { - default = false; - description = ''Whether to register mDNS address records for all local IP addresses.''; - }; - - hinfo = mkOption { - default = false; - description = '' - Whether to register an mDNS HINFO record which contains information about the - local operating system and CPU. - ''; - }; - - workstation = mkOption { - default = false; - description = ''Whether to register a service of type "_workstation._tcp" on the local LAN.''; - }; - - domain = mkOption { - default = false; - description = ''Whether to announce the locally used domain name for browsing by other hosts.''; - }; - + addresses = mkOption { + type = types.bool; + default = false; + description = "Whether to register mDNS address records for all local IP addresses."; }; - nssmdns = mkOption { + hinfo = mkOption { + type = types.bool; default = false; description = '' - Whether to enable the mDNS NSS (Name Service Switch) plug-in. - Enabling it allows applications to resolve names in the `.local' - domain by transparently querying the Avahi daemon. + Whether to register a mDNS HINFO record which contains information about the + local operating system and CPU. ''; }; - cacheEntriesMax = mkOption { - default = null; - type = types.nullOr types.int; + workstation = mkOption { + type = types.bool; + default = false; description = '' - Number of resource records to be cached per interface. Use 0 to - disable caching. Avahi daemon defaults to 4096 if not set. + Whether to register a service of type "_workstation._tcp" on the local LAN. ''; }; - extraConfig = mkOption { - default = ""; - type = types.lines; - description = '' - Extra config to append to avahi-daemon.conf. - ''; + domain = mkOption { + type = types.bool; + default = false; + description = "Whether to announce the locally used domain name for browsing by other hosts."; }; - }; - }; + nssmdns = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the mDNS NSS (Name Service Switch) plug-in. + Enabling it allows applications to resolve names in the `.local' + domain by transparently querying the Avahi daemon. + ''; + }; + cacheEntriesMax = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Number of resource records to be cached per interface. Use 0 to + disable caching. Avahi daemon defaults to 4096 if not set. + ''; + }; - ###### implementation + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra config to append to avahi-daemon.conf. + ''; + }; + }; config = mkIf cfg.enable { + users.users.avahi = { + description = "avahi-daemon privilege separation user"; + home = "/var/empty"; + group = "avahi"; + isSystemUser = true; + }; - services.avahi.hostName = mkDefault config.networking.hostName; - - users.users = singleton - { name = "avahi"; - uid = config.ids.uids.avahi; - description = "`avahi-daemon' privilege separation user"; - home = "/var/empty"; - }; - - users.groups = singleton - { name = "avahi"; - gid = config.ids.gids.avahi; - }; + users.groups.avahi = {}; system.nssModules = optional cfg.nssmdns pkgs.nssmdns; environment.systemPackages = [ pkgs.avahi ]; - systemd.sockets.avahi-daemon = - { description = "Avahi mDNS/DNS-SD Stack Activation Socket"; - listenStreams = [ "/run/avahi-daemon/socket" ]; - wantedBy = [ "sockets.target" ]; - }; + environment.etc = (mapAttrs' (n: v: nameValuePair + "avahi/services/${n}.service" + { ${if types.path.check v then "source" else "text"} = v; } + ) cfg.extraServiceFiles); - systemd.services.avahi-daemon = - { description = "Avahi mDNS/DNS-SD Stack"; - wantedBy = [ "multi-user.target" ]; - requires = [ "avahi-daemon.socket" ]; + systemd.sockets.avahi-daemon = { + description = "Avahi mDNS/DNS-SD Stack Activation Socket"; + listenStreams = [ "/run/avahi-daemon/socket" ]; + wantedBy = [ "sockets.target" ]; + }; - serviceConfig."NotifyAccess" = "main"; - serviceConfig."BusName" = "org.freedesktop.Avahi"; - serviceConfig."Type" = "dbus"; + systemd.tmpfiles.rules = [ "d /run/avahi-daemon - avahi avahi -" ]; - path = [ pkgs.coreutils pkgs.avahi ]; + systemd.services.avahi-daemon = { + description = "Avahi mDNS/DNS-SD Stack"; + wantedBy = [ "multi-user.target" ]; + requires = [ "avahi-daemon.socket" ]; - preStart = "mkdir -p /run/avahi-daemon"; + # Make NSS modules visible so that `avahi_nss_support ()' can + # return a sensible value. + environment.LD_LIBRARY_PATH = config.system.nssModules.path; - script = - '' - # Make NSS modules visible so that `avahi_nss_support ()' can - # return a sensible value. - export LD_LIBRARY_PATH="${config.system.nssModules.path}" + path = [ pkgs.coreutils pkgs.avahi ]; - exec ${pkgs.avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}" - ''; + serviceConfig = { + NotifyAccess = "main"; + BusName = "org.freedesktop.Avahi"; + Type = "dbus"; + ExecStart = "${pkgs.avahi}/sbin/avahi-daemon --syslog -f ${avahiDaemonConf}"; }; + }; services.dbus.enable = true; services.dbus.packages = [ pkgs.avahi ]; - # Enabling Avahi without exposing it in the firewall doesn't make - # sense. - networking.firewall.allowedUDPPorts = [ 5353 ]; - + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 5353 ]; }; - } diff --git a/nixos/modules/services/networking/bitcoind.nix b/nixos/modules/services/networking/bitcoind.nix index e94265564595..d3501636b41d 100644 --- a/nixos/modules/services/networking/bitcoind.nix +++ b/nixos/modules/services/networking/bitcoind.nix @@ -28,7 +28,7 @@ let "-datadir=${cfg.dataDir}" "-pid=${pidFile}" ]; - hexStr = types.strMatching "[0-9a-f]+"; + rpcUserOpts = { name, ... }: { options = { name = mkOption { diff --git a/nixos/modules/services/networking/dnscrypt-proxy.xml b/nixos/modules/services/networking/dnscrypt-proxy.xml index f90eef69848c..afc7880392a1 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.xml +++ b/nixos/modules/services/networking/dnscrypt-proxy.xml @@ -18,7 +18,7 @@ To enable the client proxy, set <programlisting> <xref linkend="opt-services.dnscrypt-proxy.enable"/> = true; - </programlisting> +</programlisting> </para> <para> @@ -36,7 +36,7 @@ the other client to it: <programlisting> <xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43; - </programlisting> +</programlisting> </para> <sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq"> @@ -47,7 +47,7 @@ <xref linkend="opt-services.dnsmasq.enable"/> = true; <xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ]; } - </programlisting> +</programlisting> </para> </sect2> @@ -59,7 +59,7 @@ <xref linkend="opt-services.unbound.enable"/> = true; <xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ]; } - </programlisting> +</programlisting> </para> </sect2> </sect1> diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index fab3ed5bb39d..c41d0edaf17f 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -101,17 +101,17 @@ in ''; example = literalExample '' # near constant pings. - step = 30 - pings = 20 - # consfn mrhb steps total - AVERAGE 0.5 1 10080 - AVERAGE 0.5 12 43200 - MIN 0.5 12 43200 - MAX 0.5 12 43200 - AVERAGE 0.5 144 7200 - MAX 0.5 144 7200 - MIN 0.5 144 7200 - ''; + step = 30 + pings = 20 + # consfn mrhb steps total + AVERAGE 0.5 1 10080 + AVERAGE 0.5 12 43200 + MIN 0.5 12 43200 + MAX 0.5 12 43200 + AVERAGE 0.5 144 7200 + MAX 0.5 144 7200 + MIN 0.5 144 7200 + ''; description = ''Configure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.''; diff --git a/nixos/modules/services/system/kerberos/default.nix b/nixos/modules/services/system/kerberos/default.nix index 26ac85de402f..c55241c4cff1 100644 --- a/nixos/modules/services/system/kerberos/default.nix +++ b/nixos/modules/services/system/kerberos/default.nix @@ -1,4 +1,4 @@ -{pkgs, config, lib, ...}: +{config, lib, ...}: let inherit (lib) mkOption mkIf types length attrNames; diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index d0f470f836ed..f0e56c7951a4 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -2,7 +2,7 @@ let inherit (lib) mkIf concatStringsSep concatMapStrings toList mapAttrs - mapAttrsToList attrValues; + mapAttrsToList; cfg = config.services.kerberos_server; kerberos = config.krb5.kerberos; stateDir = "/var/heimdal"; diff --git a/nixos/modules/services/system/kerberos/mit.nix b/nixos/modules/services/system/kerberos/mit.nix index a53d9dd0c6b5..25d7d51e808a 100644 --- a/nixos/modules/services/system/kerberos/mit.nix +++ b/nixos/modules/services/system/kerberos/mit.nix @@ -2,7 +2,7 @@ let inherit (lib) mkIf concatStrings concatStringsSep concatMapStrings toList - mapAttrs mapAttrsToList attrValues; + mapAttrs mapAttrsToList; cfg = config.services.kerberos_server; kerberos = config.krb5.kerberos; stateDir = "/var/lib/krb5kdc"; diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index f9e12e3642ea..f23b3075574d 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -2,7 +2,7 @@ let - inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption; inherit (lib) mapAttrs optional optionalString types; cfg = config.services.limesurvey; diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index 021a89be3f63..8485492c51c7 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -21,18 +21,18 @@ passwordless database authentication via the UNIX_SOCKET authentication plugin with the following SQL commands: <programlisting> - # For MariaDB - INSTALL PLUGIN unix_socket SONAME 'auth_socket'; - CREATE DATABASE matomo; - CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket; - GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; +# For MariaDB +INSTALL PLUGIN unix_socket SONAME 'auth_socket'; +CREATE DATABASE matomo; +CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket; +GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; - # For MySQL - INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; - CREATE DATABASE matomo; - CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; - GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; - </programlisting> +# For MySQL +INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; +CREATE DATABASE matomo; +CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; +GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; +</programlisting> Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank. This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index bb39a5d1d714..fa9a36d11892 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 08297c7275a4..b882f6c2ae7e 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -15,7 +15,6 @@ let else cfg.database.port; poolName = "tt-rss"; - phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; tt-rss-config = pkgs.writeText "config.php" '' <?php diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index d6653a65a95a..2b7fcb314041 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -269,17 +269,6 @@ let ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} } '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); - mkBasicAuth = vhostName: authDef: let - htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" ( - concatStringsSep "\n" (mapAttrsToList (user: password: '' - ${user}:{PLAIN}${password} - '') authDef) - ); - in '' - auth_basic secured; - auth_basic_user_file ${htpasswdFile}; - ''; - mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" ( concatStringsSep "\n" (mapAttrsToList (user: password: '' ${user}:{PLAIN}${password} diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 0f057c4ab730..a1ed2fd1e97b 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -4,8 +4,6 @@ with lib; let - kernelPackages = config.boot.kernelPackages; - # Abbreviations. cfg = config.services.xserver; xorg = pkgs.xorg; |