diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix | 2 | ||||
-rw-r--r-- | nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix | 2 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 4 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
-rw-r--r-- | nixos/modules/profiles/base.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/rngd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/databases/monetdb.nix | 88 | ||||
-rw-r--r-- | nixos/modules/services/editors/emacs.xml | 15 | ||||
-rw-r--r-- | nixos/modules/services/misc/autofs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/alertmanager.nix | 116 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/default.nix | 27 | ||||
-rw-r--r-- | nixos/modules/services/networking/powerdns.nix | 50 | ||||
-rw-r--r-- | nixos/modules/services/x11/window-managers/awesome.nix | 9 | ||||
-rw-r--r-- | nixos/modules/system/activation/activation-script.nix | 4 | ||||
-rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 12 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 2 |
17 files changed, 221 insertions, 121 deletions
diff --git a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix index d984cb307170..ba84cd51098f 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix @@ -61,7 +61,7 @@ in pkgs.cryptsetup # needed for dm-crypt volumes # Some networking tools. - pkgs.sshfsFuse + pkgs.sshfs-fuse pkgs.socat pkgs.screen pkgs.wpa_supplicant # !!! should use the wpa module diff --git a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix index 9e733241993d..7ec09acd5919 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix @@ -55,7 +55,7 @@ in pkgs.cryptsetup # needed for dm-crypt volumes # Some networking tools. - pkgs.sshfsFuse + pkgs.sshfs-fuse pkgs.socat pkgs.screen pkgs.wpa_supplicant # !!! should use the wpa module diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 2618514fbe5a..13a7323e858e 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -140,7 +140,7 @@ ngircd = 112; btsync = 113; minecraft = 114; - monetdb = 115; + #monetdb = 115; # unused (not packaged), removed 2016-09-19 rippled = 116; murmur = 117; foundationdb = 118; @@ -395,7 +395,7 @@ #ngircd = 112; # unused btsync = 113; #minecraft = 114; # unused - monetdb = 115; + #monetdb = 115; # unused (not packaged), removed 2016-09-19 #ripped = 116; # unused #murmur = 117; # unused foundationdb = 118; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6eab389122b5..7064dcd968ae 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -145,7 +145,6 @@ ./services/databases/hbase.nix ./services/databases/influxdb.nix ./services/databases/memcached.nix - ./services/databases/monetdb.nix ./services/databases/mongodb.nix ./services/databases/mysql.nix ./services/databases/neo4j.nix @@ -290,6 +289,7 @@ ./services/monitoring/nagios.nix ./services/monitoring/prometheus/default.nix ./services/monitoring/prometheus/node-exporter.nix + ./services/monitoring/prometheus/alertmanager.nix ./services/monitoring/riemann.nix ./services/monitoring/riemann-dash.nix ./services/monitoring/riemann-tools.nix @@ -388,6 +388,7 @@ ./services/networking/ostinato.nix ./services/networking/pdnsd.nix ./services/networking/polipo.nix + ./services/networking/powerdns.nix ./services/networking/pptpd.nix ./services/networking/prayer.nix ./services/networking/privoxy.nix diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 20a1f7f1ed8c..32bea97823ce 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -20,7 +20,7 @@ # Some networking tools. pkgs.fuse - pkgs.sshfsFuse + pkgs.sshfs-fuse pkgs.socat pkgs.screen diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix index b14ea7a5f276..3a1ffc55e5fe 100644 --- a/nixos/modules/security/rngd.nix +++ b/nixos/modules/security/rngd.nix @@ -18,7 +18,7 @@ with lib; config = mkIf config.security.rngd.enable { services.udev.extraRules = '' KERNEL=="random", TAG+="systemd" - SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service" + SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service" KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service" ${if config.services.tcsd.enable then "" else ''KERNEL=="tpm0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"''} ''; diff --git a/nixos/modules/services/databases/monetdb.nix b/nixos/modules/services/databases/monetdb.nix deleted file mode 100644 index 9f09c71e005a..000000000000 --- a/nixos/modules/services/databases/monetdb.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.services.monetdb; - monetdbUser = "monetdb"; -in -with lib; -{ - - ###### interface - - options = { - - services.monetdb = { - - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable MonetDB database server."; - }; - - package = mkOption { - type = types.path; - description = "MonetDB package to use."; - }; - - dbfarmDir = mkOption { - type = types.path; - default = "/var/lib/monetdb"; - description = '' - Specifies location of Monetdb dbfarm (keeps database and auxiliary files). - ''; - }; - - port = mkOption { - default = "50000"; - example = "50000"; - description = "Port to listen on."; - }; - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable { - - users.extraUsers.monetdb = - { name = monetdbUser; - uid = config.ids.uids.monetdb; - description = "monetdb user"; - home = cfg.dbfarmDir; - }; - - users.extraGroups.monetdb.gid = config.ids.gids.monetdb; - - environment.systemPackages = [ cfg.package ]; - - systemd.services.monetdb = - { description = "MonetDB Server"; - - wantedBy = [ "multi-user.target" ]; - - after = [ "network.target" ]; - - path = [ cfg.package ]; - - preStart = - '' - # Initialise the database. - if ! test -e ${cfg.dbfarmDir}/.merovingian_properties; then - mkdir -m 0700 -p ${cfg.dbfarmDir} - chown -R ${monetdbUser} ${cfg.dbfarmDir} - ${cfg.package}/bin/monetdbd create ${cfg.dbfarmDir} - ${cfg.package}/bin/monetdbd set port=${cfg.port} ${cfg.dbfarmDir} - fi - ''; - - serviceConfig.ExecStart = "${cfg.package}/bin/monetdbd start -n ${cfg.dbfarmDir}"; - - serviceConfig.ExecStop = "${cfg.package}/bin/monetdbd stop ${cfg.dbfarmDir}"; - - unitConfig.RequiresMountsFor = "${cfg.dbfarmDir}"; - }; - - }; - -} diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index ee8ef512bc70..618460953a17 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -59,17 +59,17 @@ <variablelist> <varlistentry> <term><varname>emacs</varname></term> - <term><varname>emacs24</varname></term> + <term><varname>emacs25</varname></term> <listitem> <para> - The latest stable version of Emacs 24 using the <link + The latest stable version of Emacs 25 using the <link xlink:href="http://www.gtk.org">GTK+ 2</link> widget toolkit. </para> </listitem> </varlistentry> <varlistentry> - <term><varname>emacs24-nox</varname></term> + <term><varname>emacs25-nox</varname></term> <listitem> <para> Emacs 24 built without any dependency on X11 @@ -86,15 +86,6 @@ </para> </listitem> </varlistentry> - <varlistentry> - <term><varname>emacs25pre</varname></term> - <listitem> - <para> - A pretest version of what will become the first - version of Emacs 25. - </para> - </listitem> - </varlistentry> </variablelist> </para> diff --git a/nixos/modules/services/misc/autofs.nix b/nixos/modules/services/misc/autofs.nix index 18f0c3eb83d5..40b48f70f7ed 100644 --- a/nixos/modules/services/misc/autofs.nix +++ b/nixos/modules/services/misc/autofs.nix @@ -22,7 +22,7 @@ in default = false; description = " Mount filesystems on demand. Unmount them automatically. - You may also be interested in afuese. + You may also be interested in afuse. "; }; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index b3f09999adba..de90d461f527 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -533,6 +533,8 @@ in { fi fi + # enable required pg_trgm extension for gitlab + psql gitlab -c "CREATE EXTENSION IF NOT EXISTS pg_trgm" # Always do the db migrations just to be sure the database is up-to-date ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixos/modules/services/monitoring/prometheus/alertmanager.nix new file mode 100644 index 000000000000..a9c0ce4ed6cb --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -0,0 +1,116 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.prometheus.alertmanager; + mkConfigFile = pkgs.writeText "alertmanager.yml" (builtins.toJSON cfg.configuration); +in { + options = { + services.prometheus.alertmanager = { + enable = mkEnableOption "Prometheus Alertmanager"; + + user = mkOption { + type = types.str; + default = "nobody"; + description = '' + User name under which Alertmanager shall be run. + ''; + }; + + group = mkOption { + type = types.str; + default = "nogroup"; + description = '' + Group under which Alertmanager shall be run. + ''; + }; + + configuration = mkOption { + type = types.attrs; + default = {}; + description = '' + Alertmanager configuration as nix attribute set. + ''; + }; + + logFormat = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + If set use a syslog logger or JSON logging. + ''; + }; + + logLevel = mkOption { + type = types.enum ["debug" "info" "warn" "error" "fatal"]; + default = "warn"; + description = '' + Only log messages with the given severity or above. + ''; + }; + + webExternalUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). + Used for generating relative and absolute links back to Alertmanager itself. + If the URL has a path portion, it will be used to prefix all HTTP endoints served by Alertmanager. + If omitted, relevant URL components will be derived automatically. + ''; + }; + + listenAddress = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Address to listen on for the web interface and API. + ''; + }; + + port = mkOption { + type = types.int; + default = 9093; + description = '' + Port to listen on for the web interface and API. + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; + }; + }; + + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + + systemd.services.alertmanager = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + script = '' + ${pkgs.prometheus-alertmanager.bin}/bin/alertmanager \ + -config.file ${mkConfigFile} \ + -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + -log.level ${cfg.logLevel} \ + ${optionalString (cfg.webExternalUrl != null) ''-web.external-url ${cfg.webExternalUrl} \''} + ${optionalString (cfg.logFormat != null) "-log.format ${cfg.logFormat}"} + ''; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + Restart = "always"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + }; + }; + }; +} diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index 31979d2660cc..e6817ee227ab 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -29,6 +29,9 @@ let "-storage.local.path=${cfg.dataDir}/metrics" "-config.file=${writePrettyJSON "prometheus.yml" promConfig}" "-web.listen-address=${cfg.listenAddress}" + "-alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}" + "-alertmanager.timeout=${toString cfg.alertmanagerTimeout}s" + (optionalString (cfg.alertmanagerURL != []) "-alertmanager.url=${concatStringsSep "," cfg.alertmanagerURL}") ]; promTypes.globalConfig = types.submodule { @@ -388,6 +391,30 @@ in { A list of scrape configurations. ''; }; + + alertmanagerURL = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of Alertmanager URLs to send notifications to. + ''; + }; + + alertmanagerNotificationQueueCapacity = mkOption { + type = types.int; + default = 10000; + description = '' + The capacity of the queue for pending alert manager notifications. + ''; + }; + + alertmanagerTimeout = mkOption { + type = types.int; + default = 10; + description = '' + Alert manager HTTP API timeout (in seconds). + ''; + }; }; }; diff --git a/nixos/modules/services/networking/powerdns.nix b/nixos/modules/services/networking/powerdns.nix new file mode 100644 index 000000000000..91ad63b88139 --- /dev/null +++ b/nixos/modules/services/networking/powerdns.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.powerdns; + configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}"; +in { + options = { + services.powerdns = { + enable = mkEnableOption "Powerdns domain name server"; + + extraConfig = mkOption { + type = types.lines; + default = "launch=bind"; + description = '' + Extra lines to be added verbatim to pdns.conf. + Powerdns will chroot to /var/lib/powerdns. + So any file, powerdns is supposed to be read, + should be in /var/lib/powerdns and needs to specified + relative to the chroot. + ''; + }; + }; + }; + + config = mkIf config.services.powerdns.enable { + systemd.services.pdns = { + unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)"; + description = "Powerdns name server"; + wantedBy = [ "multi-user.target" ]; + after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"]; + + serviceConfig = { + Restart="on-failure"; + RestartSec="1"; + StartLimitInterval="0"; + PrivateTmp=true; + PrivateDevices=true; + CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT"; + NoNewPrivileges=true; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns"; + ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}"; + ProtectSystem="full"; + ProtectHome=true; + RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; + }; + }; + }; +} diff --git a/nixos/modules/services/x11/window-managers/awesome.nix b/nixos/modules/services/x11/window-managers/awesome.nix index 455b3568499f..eb97449c6bd9 100644 --- a/nixos/modules/services/x11/window-managers/awesome.nix +++ b/nixos/modules/services/x11/window-managers/awesome.nix @@ -6,7 +6,7 @@ let cfg = config.services.xserver.windowManager.awesome; awesome = cfg.package; - + inherit (pkgs.luaPackages) getLuaPath getLuaCPath; in { @@ -46,10 +46,8 @@ in { name = "awesome"; start = '' - ${concatMapStrings (pkg: '' - export LUA_CPATH=$LUA_CPATH''${LUA_CPATH:+;}${pkg}/lib/lua/${awesome.lua.luaversion}/?.so - export LUA_PATH=$LUA_PATH''${LUA_PATH:+;}${pkg}/lib/lua/${awesome.lua.luaversion}/?.lua - '') cfg.luaModules} + export LUA_CPATH="${lib.concatStringsSep ";" (map getLuaCPath cfg.luaModules)}" + export LUA_PATH="${lib.concatStringsSep ";" (map getLuaPath cfg.luaModules)}" ${awesome}/bin/awesome & waitPID=$! @@ -59,5 +57,4 @@ in environment.systemPackages = [ awesome ]; }; - } diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 60298362d767..4c3d30e346c5 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -142,10 +142,10 @@ in # Empty, immutable home directory of many system accounts. mkdir -p /var/empty # Make sure it's really empty - ${pkgs.e2fsprogs}/bin/chattr -i /var/empty + ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true find /var/empty -mindepth 1 -delete chmod 0555 /var/empty - ${pkgs.e2fsprogs}/bin/chattr +i /var/empty + ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true ''; system.activationScripts.usrbinenv = if config.environment.usrbinenv != null diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index bc899984c57d..a8c7d4b3ee5e 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -85,10 +85,14 @@ in }; config = mkIf (config.boot.initrd.network.enable && cfg.enable) { - assertions = [ { - assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; - message = "You should specify at least one host key for initrd SSH"; - } ]; + assertions = [ + { assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; + message = "You should specify at least one host key for initrd SSH"; + } + { assertion = cfg.authorizedKeys != []; + message = "You should specify at least one authorized key for initrd SSH"; + } + ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index dc62cae24c7a..9042418b7234 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -391,7 +391,7 @@ in }; networking.localCommands = mkOption { - type = types.str; + type = types.lines; default = ""; example = "text=anything; echo You can put $text here."; description = '' |