diff options
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/programs/browserpass.nix | 18 | ||||
| -rw-r--r-- | nixos/modules/services/audio/mpd.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/services/logging/heartbeat.nix | 72 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/collectd.nix | 36 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/lighttpd/collectd.nix | 58 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/lumina.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/x11/xserver.nix | 56 | ||||
| -rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/xen-dom0.nix | 57 |
11 files changed, 232 insertions, 83 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 22059bb7fbbb..5ac5764cd7cb 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -166,7 +166,7 @@ dnsmasq = 141; uhub = 142; yandexdisk = 143; - collectd = 144; + #collectd = 144; #unused consul = 145; mailpile = 146; redmine = 147; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9f8d876704c9..a2add1b3e435 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -236,16 +236,17 @@ ./services/hardware/udisks2.nix ./services/hardware/upower.nix ./services/hardware/thermald.nix + ./services/logging/SystemdJournal2Gelf.nix ./services/logging/awstats.nix ./services/logging/fluentd.nix ./services/logging/graylog.nix + ./services/logging/heartbeat.nix ./services/logging/journalbeat.nix ./services/logging/klogd.nix ./services/logging/logcheck.nix ./services/logging/logrotate.nix ./services/logging/logstash.nix ./services/logging/rsyslogd.nix - ./services/logging/SystemdJournal2Gelf.nix ./services/logging/syslog-ng.nix ./services/logging/syslogd.nix ./services/mail/dovecot.nix @@ -587,6 +588,7 @@ ./services/web-servers/fcgiwrap.nix ./services/web-servers/jboss/default.nix ./services/web-servers/lighttpd/cgit.nix + ./services/web-servers/lighttpd/collectd.nix ./services/web-servers/lighttpd/default.nix ./services/web-servers/lighttpd/gitweb.nix ./services/web-servers/lighttpd/inginious.nix diff --git a/nixos/modules/programs/browserpass.nix b/nixos/modules/programs/browserpass.nix index 2b7ec1856431..a073c7e66eb8 100644 --- a/nixos/modules/programs/browserpass.nix +++ b/nixos/modules/programs/browserpass.nix @@ -6,21 +6,17 @@ with lib; ###### interface options = { - programs.browserpass = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Whether to install the NativeMessaging configuration for installed browsers. - ''; - }; - }; + programs.browserpass.enable = mkEnableOption "the NativeMessaging configuration for Chromium, Chrome, and Vivaldi."; }; ###### implementation config = mkIf config.programs.browserpass.enable { environment.systemPackages = [ pkgs.browserpass ]; - environment.etc."chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; - environment.etc."opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; + environment.etc = { + "chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; + "chromium/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json"; + "opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; + "opt/chrome/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json"; + }; }; } diff --git a/nixos/modules/services/audio/mpd.nix b/nixos/modules/services/audio/mpd.nix index 56af8fe152e0..11628781bbd8 100644 --- a/nixos/modules/services/audio/mpd.nix +++ b/nixos/modules/services/audio/mpd.nix @@ -10,9 +10,11 @@ let gid = config.ids.gids.mpd; cfg = config.services.mpd; + playlistDir = "${cfg.dataDir}/playlists"; + mpdConf = pkgs.writeText "mpd.conf" '' music_directory "${cfg.musicDirectory}" - playlist_directory "${cfg.dataDir}/playlists" + playlist_directory "${playlistDir}" db_file "${cfg.dbFile}" state_file "${cfg.dataDir}/state" sticker_file "${cfg.dataDir}/sticker.sql" @@ -126,7 +128,10 @@ in { description = "Music Player Daemon"; wantedBy = [ "multi-user.target" ]; - preStart = "mkdir -p ${cfg.dataDir} && chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}"; + preStart = '' + mkdir -p "${cfg.dataDir}" && chown -R ${cfg.user}:${cfg.group} "${cfg.dataDir}" + mkdir -p "${playlistDir}" && chown -R ${cfg.user}:${cfg.group} "${playlistDir}" + ''; serviceConfig = { User = "${cfg.user}"; PermissionsStartOnly = true; diff --git a/nixos/modules/services/logging/heartbeat.nix b/nixos/modules/services/logging/heartbeat.nix new file mode 100644 index 000000000000..b595ac07bf5e --- /dev/null +++ b/nixos/modules/services/logging/heartbeat.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.heartbeat; + + heartbeatYml = pkgs.writeText "heartbeat.yml" '' + name: ${cfg.name} + tags: ${builtins.toJSON cfg.tags} + + ${cfg.extraConfig} + ''; + +in +{ + options = { + + services.heartbeat = { + + enable = mkEnableOption "heartbeat"; + + name = mkOption { + type = types.str; + default = "heartbeat"; + description = "Name of the beat"; + }; + + tags = mkOption { + type = types.listOf types.str; + default = []; + description = "Tags to place on the shipped log messages"; + }; + + stateDir = mkOption { + type = types.str; + default = "/var/lib/heartbeat"; + description = "The state directory. heartbeat's own logs and other data are stored here."; + }; + + extraConfig = mkOption { + type = types.lines; + default = '' + heartbeat.monitors: + - type: http + urls: ["http://localhost:9200"] + schedule: '@every 10s' + ''; + description = "Any other configuration options you want to add"; + }; + + }; + }; + + config = mkIf cfg.enable { + + systemd.services.heartbeat = with pkgs; { + description = "heartbeat log shipper"; + wantedBy = [ "multi-user.target" ]; + preStart = '' + mkdir -p "${cfg.stateDir}"/{data,logs} + chown nobody:nogroup "${cfg.stateDir}"/{data,logs} + ''; + serviceConfig = { + User = "nobody"; + PermissionsStartOnly = true; + AmbientCapabilities = "cap_net_raw"; + ExecStart = "${pkgs.heartbeat}/bin/heartbeat -c \"${heartbeatYml}\" -path.data \"${cfg.stateDir}/data\" -path.logs \"${cfg.stateDir}/logs\""; + }; + }; + }; +} diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 79a8a1ff5aed..dfbac3446e03 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -7,7 +7,6 @@ let conf = pkgs.writeText "collectd.conf" '' BaseDir "${cfg.dataDir}" - PIDFile "${cfg.pidFile}" AutoLoadPlugin ${boolToString cfg.autoLoadPlugin} Hostname "${config.networking.hostName}" @@ -26,13 +25,7 @@ let in { options.services.collectd = with types; { - enable = mkOption { - default = false; - description = '' - Whether to enable collectd agent. - ''; - type = bool; - }; + enable = mkEnableOption "collectd agent"; package = mkOption { default = pkgs.collectd; @@ -59,14 +52,6 @@ in { type = path; }; - pidFile = mkOption { - default = "/var/run/collectd.pid"; - description = '' - Location of collectd pid file. - ''; - type = path; - }; - autoLoadPlugin = mkOption { default = false; description = '' @@ -100,27 +85,20 @@ in { wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -P ${cfg.pidFile}"; - Type = "forking"; - PIDFile = cfg.pidFile; - User = optional (cfg.user!="root") cfg.user; + ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f"; + User = cfg.user; PermissionsStartOnly = true; }; preStart = '' - mkdir -p ${cfg.dataDir} - chmod 755 ${cfg.dataDir} - install -D /dev/null ${cfg.pidFile} - if [ "$(id -u)" = 0 ]; then - chown -R ${cfg.user} ${cfg.dataDir}; - chown ${cfg.user} ${cfg.pidFile} - fi + mkdir -p "${cfg.dataDir}" + chmod 755 "${cfg.dataDir}" + chown -R ${cfg.user} "${cfg.dataDir}" ''; - }; + }; users.extraUsers = optional (cfg.user == "collectd") { name = "collectd"; - uid = config.ids.uids.collectd; }; }; } diff --git a/nixos/modules/services/web-servers/lighttpd/collectd.nix b/nixos/modules/services/web-servers/lighttpd/collectd.nix new file mode 100644 index 000000000000..35b5edced68b --- /dev/null +++ b/nixos/modules/services/web-servers/lighttpd/collectd.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.lighttpd.collectd; + + collectionConf = pkgs.writeText "collection.conf" '' + datadir: "${config.services.collectd.dataDir}" + libdir: "${config.services.collectd.package}/lib/collectd" + ''; + + defaultCollectionCgi = config.services.collectd.package.overrideDerivation(old: { + name = "collection.cgi"; + configurePhase = "true"; + buildPhase = "true"; + installPhase = '' + substituteInPlace contrib/collection.cgi --replace '"/etc/collection.conf"' '$ENV{COLLECTION_CONF}' + cp contrib/collection.cgi $out + ''; + }); +in +{ + + options.services.lighttpd.collectd = { + + enable = mkEnableOption "collectd subservice accessible at http://yourserver/collectd"; + + collectionCgi = mkOption { + type = types.path; + default = defaultCollectionCgi; + description = '' + Path to collection.cgi script from (collectd sources)/contrib/collection.cgi + This option allows to use a customized version + ''; + }; + }; + + config = mkIf cfg.enable { + services.lighttpd.enableModules = [ "mod_cgi" "mod_alias" "mod_setenv" ]; + + services.lighttpd.extraConfig = '' + $HTTP["url"] =~ "^/collectd" { + cgi.assign = ( + ".cgi" => "${pkgs.perl}/bin/perl" + ) + alias.url = ( + "/collectd" => "${cfg.collectionCgi}" + ) + setenv.add-environment = ( + "PERL5LIB" => "${with pkgs; lib.makePerlPath [ perlPackages.CGI perlPackages.HTMLParser perlPackages.URI rrdtool ]}", + "COLLECTION_CONF" => "${collectionConf}" + ) + } + ''; + }; + +} diff --git a/nixos/modules/services/x11/desktop-managers/lumina.nix b/nixos/modules/services/x11/desktop-managers/lumina.nix index ec5fbb13b323..5fe84cfb82ec 100644 --- a/nixos/modules/services/x11/desktop-managers/lumina.nix +++ b/nixos/modules/services/x11/desktop-managers/lumina.nix @@ -33,7 +33,6 @@ in environment.systemPackages = [ pkgs.fluxbox pkgs.libsForQt5.kwindowsystem - pkgs.kdeFrameworks.oxygen-icons5 pkgs.lumina pkgs.numlockx pkgs.qt5.qtsvg diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 01bab8fccadb..bb9704fc26f0 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -651,25 +651,49 @@ in system.extraDependencies = singleton (pkgs.runCommand "xkb-layouts-exist" { inherit (cfg) layout xkbDir; } '' - if sed -n -e ':i /^! \(layout\|variant\) *$/ { + # We can use the default IFS here, because the layouts won't contain + # spaces or tabs and are ruled out by the sed expression below. + availableLayouts="$( + sed -n -e ':i /^! \(layout\|variant\) *$/ { + # Loop through all of the layouts/variants until we hit another ! at + # the start of the line or the line is empty ('t' branches only if + # the last substitution was successful, so if the line is empty the + # substition will fail). :l; n; /^!/bi; s/^ *\([^ ]\+\).*/\1/p; tl - }' "$xkbDir/rules/base.lst" | grep -qxF "$layout" - then - touch "$out" - exit 0 - fi - - cat >&2 <<-EOF - - The selected keyboard layout definition does not exist: - - $layout + }' "$xkbDir/rules/base.lst" | sort -u + )" + + layoutNotFound() { + echo >&2 + echo "The following layouts and variants are available:" >&2 + echo >&2 + + # While an output width of 80 is more desirable for small terminals, we + # really don't know the amount of columns of the terminal from within + # the builder. The content in $availableLayouts however is pretty + # large, so let's opt for a larger width here, because it will print a + # smaller amount of lines on modern KMS/framebuffer terminals and won't + # lose information even in smaller terminals (it only will look a bit + # ugly). + echo "$availableLayouts" | ${pkgs.utillinux}/bin/column -c 150 >&2 + + echo >&2 + echo "However, the keyboard layout definition in" \ + "\`services.xserver.layout' contains the layout \`$1', which" \ + "isn't a valid layout or variant." >&2 + echo >&2 + exit 1 + } - Set \`services.xserver.layout' to the name of an existing keyboard - layout (check $xkbDir/rules/base.lst for options). + # Again, we don't need to take care of IFS, see the comment for + # $availableLayouts. + for l in ''${layout//,/ }; do + if ! echo "$availableLayouts" | grep -qxF "$l"; then + layoutNotFound "$l" + fi + done - EOF - exit 1 + touch "$out" ''); services.xserver.config = diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 59ebb88582ad..3ca679b479a0 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -241,7 +241,7 @@ in description = '' The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM - setups are sypported. The unencrypted devices can be accessed as + setups are supported. The unencrypted devices can be accessed as <filename>/dev/mapper/<replaceable>name</replaceable></filename>. ''; diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index f6f2d5dad01c..5239652d4075 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -267,26 +267,36 @@ in mkdir -p /var/lib/xen # so we create them here unconditionally. grep -q control_d /proc/xen/capabilities ''; - serviceConfig.ExecStart = '' - ${cfg.stored}${optionalString cfg.trace " -T /var/log/xen/xenstored-trace.log"} --no-fork - ''; + serviceConfig = if cfg.package.version < "4.8" then + { ExecStart = '' + ${cfg.stored}${optionalString cfg.trace " -T /var/log/xen/xenstored-trace.log"} --no-fork + ''; + } else { + ExecStart = '' + ${cfg.package}/etc/xen/scripts/launch-xenstore + ''; + Type = "notify"; + RemainAfterExit = true; + NotifyAccess = "all"; + }; postStart = '' - time=0 - timeout=30 - # Wait for xenstored to actually come up, timing out after 30 seconds - while [ $time -lt $timeout ] && ! `${cfg.package}/bin/xenstore-read -s / >/dev/null 2>&1` ; do - time=$(($time+1)) - sleep 1 - done - - # Exit if we timed out - if ! [ $time -lt $timeout ] ; then - echo "Could not start Xenstore Daemon" - exit 1 - fi - - ${cfg.package}/bin/xenstore-write "/local/domain/0/name" "Domain-0" - ${cfg.package}/bin/xenstore-write "/local/domain/0/domid" 0 + ${optionalString (cfg.package.version < "4.8") '' + time=0 + timeout=30 + # Wait for xenstored to actually come up, timing out after 30 seconds + while [ $time -lt $timeout ] && ! `${cfg.package}/bin/xenstore-read -s / >/dev/null 2>&1` ; do + time=$(($time+1)) + sleep 1 + done + + # Exit if we timed out + if ! [ $time -lt $timeout ] ; then + echo "Could not start Xenstore Daemon" + exit 1 + fi + ''} + echo "executing xen-init-dom0" + ${cfg.package}/lib/xen/bin/xen-init-dom0 ''; }; @@ -306,6 +316,7 @@ in description = "Xen Console Daemon"; wantedBy = [ "multi-user.target" ]; after = [ "xen-store.service" ]; + requires = [ "xen-store.service" ]; preStart = '' mkdir -p /var/run/xen ${optionalString cfg.trace "mkdir -p /var/log/xen"} @@ -313,7 +324,9 @@ in ''; serviceConfig = { ExecStart = '' - ${cfg.package}/bin/xenconsoled${optionalString cfg.trace " --log=all --log-dir=/var/log/xen"} + ${cfg.package}/bin/xenconsoled\ + ${optionalString ((cfg.package.version >= "4.8")) " -i"}\ + ${optionalString cfg.trace " --log=all --log-dir=/var/log/xen"} ''; }; }; @@ -323,6 +336,7 @@ in description = "Xen Qemu Daemon"; wantedBy = [ "multi-user.target" ]; after = [ "xen-console.service" ]; + requires = [ "xen-store.service" ]; serviceConfig.ExecStart = '' ${cfg.qemu} -xen-attach -xen-domid 0 -name dom0 -M xenpv \ -nographic -monitor /dev/null -serial /dev/null -parallel /dev/null @@ -333,7 +347,7 @@ in systemd.services.xen-watchdog = { description = "Xen Watchdog Daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "xen-qemu.service" ]; + after = [ "xen-qemu.service" "xen-domains.service" ]; serviceConfig.ExecStart = "${cfg.package}/bin/xenwatchdogd 30 15"; serviceConfig.Type = "forking"; serviceConfig.RestartSec = "1"; @@ -426,6 +440,7 @@ in description = "Xen domains - automatically starts, saves and restores Xen domains"; wantedBy = [ "multi-user.target" ]; after = [ "xen-bridge.service" "xen-qemu.service" ]; + requires = [ "xen-bridge.service" "xen-qemu.service" ]; ## To prevent a race between dhcpcd and xend's bridge setup script ## (which renames eth* to peth* and recreates eth* as a virtual ## device), start dhcpcd after xend. |