diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/iftop.nix | 18 | ||||
-rw-r--r-- | nixos/modules/programs/less.nix | 17 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/backup/duplicati.nix | 40 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 9 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 4 |
8 files changed, 85 insertions, 9 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index c5dee2ca97af..3594f57595c7 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -305,6 +305,7 @@ hass = 286; monero = 287; ceph = 288; + duplicati = 289; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -578,6 +579,7 @@ hass = 286; monero = 287; ceph = 288; + duplicati = 289; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3a8b1014553c..2f9b1083ef1d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -86,6 +86,7 @@ ./programs/freetds.nix ./programs/gnupg.nix ./programs/gphoto2.nix + ./programs/iftop.nix ./programs/java.nix ./programs/kbdlight.nix ./programs/less.nix @@ -159,6 +160,7 @@ ./services/audio/ympd.nix ./services/backup/bacula.nix ./services/backup/borgbackup.nix + ./services/backup/duplicati.nix ./services/backup/crashplan.nix ./services/backup/crashplan-small-business.nix ./services/backup/mysql-backup.nix diff --git a/nixos/modules/programs/iftop.nix b/nixos/modules/programs/iftop.nix new file mode 100644 index 000000000000..a98a9a8187d4 --- /dev/null +++ b/nixos/modules/programs/iftop.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs.iftop; +in { + options = { + programs.iftop.enable = mkEnableOption "iftop + setcap wrapper"; + }; + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.iftop ]; + security.wrappers.iftop = { + source = "${pkgs.iftop}/bin/iftop"; + capabilities = "cap_net_raw+p"; + }; + }; +} diff --git a/nixos/modules/programs/less.nix b/nixos/modules/programs/less.nix index c0283c9e6862..d39103a58057 100644 --- a/nixos/modules/programs/less.nix +++ b/nixos/modules/programs/less.nix @@ -6,7 +6,7 @@ let cfg = config.programs.less; - configFile = '' + configText = if (cfg.configFile != null) then (builtins.readFile cfg.configFile) else '' #command ${concatStringsSep "\n" (mapAttrsToList (command: action: "${command} ${action}") cfg.commands) @@ -25,7 +25,7 @@ let ''; lessKey = pkgs.runCommand "lesskey" - { src = pkgs.writeText "lessconfig" configFile; } + { src = pkgs.writeText "lessconfig" configText; } "${pkgs.less}/bin/lesskey -o $out $src"; in @@ -37,6 +37,19 @@ in enable = mkEnableOption "less"; + configFile = mkOption { + type = types.nullOr types.path; + default = null; + example = literalExample "$${pkgs.my-configs}/lesskey"; + description = '' + Path to lesskey configuration file. + + <option>configFile</option> takes precedence over <option>commands</option>, + <option>clearDefaultCommands</option>, <option>lineEditingKeys</option>, and + <option>envVariables</option>. + ''; + }; + commands = mkOption { type = types.attrsOf types.str; default = {}; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index e1cad03e66e2..f2bdfcf885ee 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -386,7 +386,7 @@ let ${optionalString (cfg.enableGnomeKeyring) "session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"} ${optionalString (config.virtualisation.lxc.lxcfs.enable) - "session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"} + "session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"} ''); }; diff --git a/nixos/modules/services/backup/duplicati.nix b/nixos/modules/services/backup/duplicati.nix new file mode 100644 index 000000000000..9772ca4d20a7 --- /dev/null +++ b/nixos/modules/services/backup/duplicati.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.duplicati; +in +{ + options = { + services.duplicati = { + enable = mkEnableOption "Duplicati"; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.duplicati ]; + + systemd.services.duplicati = { + description = "Duplicati backup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "duplicati"; + Group = "duplicati"; + ExecStart = "${pkgs.duplicati}/bin/duplicati-server --webservice-interface=any --webservice-port=8200 --server-datafolder=/var/lib/duplicati"; + Restart = "on-failure"; + }; + }; + + users.extraUsers.duplicati = { + uid = config.ids.uids.duplicati; + home = "/var/lib/duplicati"; + createHome = true; + group = "duplicati"; + }; + users.extraGroups.duplicati.gid = config.ids.gids.duplicati; + + }; +} + diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index dee877f1c114..938a8a1fe334 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -9,15 +9,16 @@ let serverName = if vhostConfig.serverName != null then vhostConfig.serverName else vhostName; + acmeDirectory = config.security.acme.directory; in vhostConfig // { inherit serverName; } // (optionalAttrs vhostConfig.enableACME { - sslCertificate = "/var/lib/acme/${serverName}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/${serverName}/key.pem"; + sslCertificate = "${acmeDirectory}/${serverName}/fullchain.pem"; + sslCertificateKey = "${acmeDirectory}/${serverName}/key.pem"; }) // (optionalAttrs (vhostConfig.useACMEHost != null) { - sslCertificate = "/var/lib/acme/${vhostConfig.useACMEHost}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/${vhostConfig.useACMEHost}/key.pem"; + sslCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/fullchain.pem"; + sslCertificateKey = "${acmeDirectory}/${vhostConfig.useACMEHost}/key.pem"; }) ) cfg.virtualHosts; enableIPv6 = config.networking.enableIPv6; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index c7d56790fa0c..e754a1e8718d 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -191,7 +191,7 @@ let if out=$(ip addr add "${cidr}" dev "${i.name}" 2>&1); then echo "done" elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then - echo "failed" + echo "'ip addr add "${cidr}" dev "${i.name}"' failed: $out" exit 1 fi '' @@ -212,7 +212,7 @@ let if out=$(ip route add "${cidr}" ${options} ${via} dev "${i.name}" 2>&1); then echo "done" elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then - echo "failed" + echo "'ip route add "${cidr}" ${options} ${via} dev "${i.name}"' failed: $out" exit 1 fi '' |