diff options
Diffstat (limited to 'nixos/modules')
24 files changed, 205 insertions, 112 deletions
diff --git a/nixos/modules/config/xdg/sounds.nix b/nixos/modules/config/xdg/sounds.nix index 148240d631cf..14d6340fc33b 100644 --- a/nixos/modules/config/xdg/sounds.nix +++ b/nixos/modules/config/xdg/sounds.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; { @@ -14,6 +14,10 @@ with lib; }; config = mkIf config.xdg.sounds.enable { + environment.systemPackages = [ + pkgs.sound-theme-freedesktop + ]; + environment.pathsToLink = [ "/share/sounds" ]; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix index 719ba5ffb127..e0b558dcb0d8 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix @@ -22,17 +22,7 @@ with lib; }); ''; - services.xserver = { - enable = true; - - # Automatically login as nixos. - displayManager.slim = { - enable = true; - defaultUser = "nixos"; - autoLogin = true; - }; - - }; + services.xserver.enable = true; # Provide networkmanager for easy wireless configuration. networking.networkmanager.enable = true; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix index 0b813bbf37b4..23c3426bff08 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix @@ -10,8 +10,6 @@ with lib; services.xserver.desktopManager.gnome3.enable = true; - services.xserver.displayManager.slim.enable = mkForce false; - # Auto-login as root. services.xserver.displayManager.gdm.autoLogin = { enable = true; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix index 1dc7920ff640..6a10a6404e67 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix @@ -13,6 +13,15 @@ with lib; enable = true; enableQt4Support = false; }; + + # Automatically login as nixos. + displayManager.sddm = { + enable = true; + autoLogin = { + enable = true; + user = "nixos"; + }; + }; }; environment.systemPackages = with pkgs; [ diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index d510f3b2daf2..7865b767f0b7 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -140,7 +140,11 @@ in export img=$out/sd-image/${config.sdImage.imageName} echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system - echo "file sd-image $img" >> $out/nix-support/hydra-build-products + if test -n "$compressImage"; then + echo "file sd-image $img.bz2" >> $out/nix-support/hydra-build-products + else + echo "file sd-image $img" >> $out/nix-support/hydra-build-products + fi # Gap in front of the first partition, in MiB gap=8 diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 3e8a5b07a5ed..a4db2c9d1d87 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -128,7 +128,7 @@ tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. firebird = 95; #keys = 96; # unused - haproxy = 97; + #haproxy = 97; # DynamicUser as of 2019-11-08 mongodb = 98; openldap = 99; #users = 100; # unused @@ -443,7 +443,7 @@ #tcpcryptd = 93; # unused firebird = 95; keys = 96; - haproxy = 97; + #haproxy = 97; # DynamicUser as of 2019-11-08 #mongodb = 98; # unused openldap = 99; munin = 102; diff --git a/nixos/modules/profiles/graphical.nix b/nixos/modules/profiles/graphical.nix index 649f5564ac61..ac3c228b3c65 100644 --- a/nixos/modules/profiles/graphical.nix +++ b/nixos/modules/profiles/graphical.nix @@ -16,7 +16,6 @@ # Enable sound in virtualbox appliances. hardware.pulseaudio.enable = true; - hardware.pulseaudio.systemWide = true; # Needed since we run plasma as root. environment.systemPackages = [ pkgs.glxinfo pkgs.firefox ]; } diff --git a/nixos/modules/services/audio/mpd.nix b/nixos/modules/services/audio/mpd.nix index 56dc858b6405..7932d094197b 100644 --- a/nixos/modules/services/audio/mpd.nix +++ b/nixos/modules/services/audio/mpd.nix @@ -18,7 +18,6 @@ let ''} state_file "${cfg.dataDir}/state" sticker_file "${cfg.dataDir}/sticker.sql" - log_file "syslog" user "${cfg.user}" group "${cfg.group}" diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index d1a1383e45b0..c70d999ca96d 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -18,7 +18,7 @@ let ${optionalString (cfg.controlAddr != null) ''controlAddr=${cfg.controlAddr}''} ${toString (map (x: "NodeName=${x}\n") cfg.nodeName)} ${toString (map (x: "PartitionName=${x}\n") cfg.partitionName)} - PlugStackConfig=${plugStackConfig} + PlugStackConfig=${plugStackConfig}/plugstack.conf ProctrackType=${cfg.procTrackType} ${cfg.extraConfig} ''; @@ -39,6 +39,8 @@ let DbdHost=${cfg.dbdserver.dbdHost} SlurmUser=${cfg.user} StorageType=accounting_storage/mysql + StorageUser=${cfg.dbdserver.storageUser} + ${optionalString (cfg.dbdserver.storagePass != null) "StoragePass=${cfg.dbdserver.storagePass}"} ${cfg.dbdserver.extraConfig} ''; @@ -48,7 +50,6 @@ let name = "etc-slurm"; paths = [ configFile cgroupConfig plugStackConfig ] ++ cfg.extraConfigPaths; }; - in { @@ -86,6 +87,37 @@ in ''; }; + storageUser = mkOption { + type = types.str; + default = cfg.user; + description = '' + Database user name. + ''; + }; + + storagePass = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Database password. Note that this password will be publicable + readable in the nix store. Use <option>configFile</option> + to store the and config file and password outside the nix store. + ''; + }; + + configFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Path to <literal>slurmdbd.conf</literal>. The password for the database connection + is stored in the config file. Use this option to specfify a path + outside the nix store. If this option is unset a configuration file + will be generated. See also: + <citerefentry><refentrytitle>slurmdbd.conf</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -112,7 +144,7 @@ in package = mkOption { type = types.package; - default = pkgs.slurm; + default = pkgs.slurm.override { enableX11 = ! cfg.enableSrunX11; }; defaultText = "pkgs.slurm"; example = literalExample "pkgs.slurm-full"; description = '' @@ -178,9 +210,14 @@ in If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the slurm-spank-x11 module. Note that this option also enables - 'services.openssh.forwardX11' on the client. + <option>services.openssh.forwardX11</option> on the client. This option requires slurm to be compiled without native X11 support. + The default behavior is to re-compile the slurm package with native X11 + support disabled if this option is set to true. + + To use the native X11 support add <literal>PrologFlags=X11</literal> in <option>extraConfig</option>. + Note that this method will only work RSA SSH host keys. ''; }; @@ -356,7 +393,11 @@ in requires = [ "munged.service" "mysql.service" ]; # slurm strips the last component off the path - environment.SLURM_CONF = "${slurmdbdConf}/slurm.conf"; + environment.SLURM_CONF = + if (cfg.dbdserver.configFile == null) then + "${slurmdbdConf}/slurm.conf" + else + cfg.dbdserver.configFile; serviceConfig = { Type = "forking"; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 5695eeaf74cb..95128a641d94 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -185,10 +185,10 @@ in ###### implementation config = mkIf config.services.redis.enable { - - boot.kernel.sysctl = { - "vm.nr_hugepages" = "0"; - } // mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; }; + boot.kernel.sysctl = (mkMerge [ + { "vm.nr_hugepages" = "0"; } + ( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } ) + ]); networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index a870550ba50b..1fabe2da45c5 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -101,6 +101,12 @@ in { }; }; + systemd.tmpfiles.rules = [ + "d /var/spool/smtpd 711 root - - -" + "d /var/spool/smtpd/offline 770 root smtpq - -" + "d /var/spool/smtpd/purge 700 smtpq root - -" + ]; + systemd.services.opensmtpd = let procEnv = pkgs.buildEnv { name = "opensmtpd-procs"; @@ -110,18 +116,6 @@ in { in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - preStart = '' - mkdir -p /var/spool/smtpd - chmod 711 /var/spool/smtpd - - mkdir -p /var/spool/smtpd/offline - chown root.smtpq /var/spool/smtpd/offline - chmod 770 /var/spool/smtpd/offline - - mkdir -p /var/spool/smtpd/purge - chown smtpq.root /var/spool/smtpd/purge - chmod 700 /var/spool/smtpd/purge - ''; serviceConfig.ExecStart = "${cfg.package}/sbin/smtpd -d -f ${conf} ${args}"; environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd"; }; diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index 3bff04e7127d..d7f7324580c0 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -265,7 +265,7 @@ in { } location /cache/ { - alias /var/cache/${dirName}; + alias /var/cache/${dirName}/; } location ~ \.php$ { diff --git a/nixos/modules/services/network-filesystems/ceph.nix b/nixos/modules/services/network-filesystems/ceph.nix index 656a2d21b868..543a7b25d5d6 100644 --- a/nixos/modules/services/network-filesystems/ceph.nix +++ b/nixos/modules/services/network-filesystems/ceph.nix @@ -9,12 +9,14 @@ let expandCamelCase = replaceStrings upperChars (map (s: " ${s}") lowerChars); expandCamelCaseAttrs = mapAttrs' (name: value: nameValuePair (expandCamelCase name) value); - makeServices = (daemonType: daemonIds: extraServiceConfig: + makeServices = (daemonType: daemonIds: mkMerge (map (daemonId: - { "ceph-${daemonType}-${daemonId}" = makeService daemonType daemonId cfg.global.clusterName pkgs.ceph extraServiceConfig; }) + { "ceph-${daemonType}-${daemonId}" = makeService daemonType daemonId cfg.global.clusterName pkgs.ceph; }) daemonIds)); - makeService = (daemonType: daemonId: clusterName: ceph: extraServiceConfig: { + makeService = (daemonType: daemonId: clusterName: ceph: + let + stateDirectory = "ceph/${if daemonType == "rgw" then "radosgw" else daemonType}/${clusterName}-${daemonId}"; in { enable = true; description = "Ceph ${builtins.replaceStrings lowerChars upperChars daemonType} daemon ${daemonId}"; after = [ "network-online.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target"; @@ -22,6 +24,11 @@ let partOf = [ "ceph-${daemonType}.target" ]; wantedBy = [ "ceph-${daemonType}.target" ]; + path = [ pkgs.getopt ]; + + # Don't start services that are not yet initialized + unitConfig.ConditionPathExists = "/var/lib/${stateDirectory}/keyring"; + serviceConfig = { LimitNOFILE = 1048576; LimitNPROC = 1048576; @@ -34,22 +41,22 @@ let Restart = "on-failure"; StartLimitBurst = "5"; StartLimitInterval = "30min"; + StateDirectory = stateDirectory; + User = "ceph"; + Group = if daemonType == "osd" then "disk" else "ceph"; ExecStart = ''${ceph.out}/bin/${if daemonType == "rgw" then "radosgw" else "ceph-${daemonType}"} \ - -f --cluster ${clusterName} --id ${daemonId} --setuser ceph \ - --setgroup ${if daemonType == "osd" then "disk" else "ceph"}''; - } // extraServiceConfig - // optionalAttrs (daemonType == "osd") { ExecStartPre = ''${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh \ - --id ${daemonId} --cluster ${clusterName}''; }; - } // optionalAttrs (builtins.elem daemonType [ "mds" "mon" "rgw" "mgr" ]) { - preStart = '' - daemonPath="/var/lib/ceph/${if daemonType == "rgw" then "radosgw" else daemonType}/${clusterName}-${daemonId}" - if [ ! -d $daemonPath ]; then - mkdir -m 755 -p $daemonPath - chown -R ceph:ceph $daemonPath - fi - ''; - } // optionalAttrs (daemonType == "osd") { path = [ pkgs.getopt ]; } - ); + -f --cluster ${clusterName} --id ${daemonId}''; + } // optionalAttrs (daemonType == "osd") { + ExecStartPre = ''${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}''; + StartLimitBurst = "30"; + RestartSec = "20s"; + PrivateDevices = "no"; # osd needs disk access + } // optionalAttrs ( daemonType == "mon") { + RestartSec = "10"; + } // optionalAttrs (lib.elem daemonType ["mgr" "mds"]) { + StartLimitBurst = "3"; + }; + }); makeTarget = (daemonType: { @@ -58,6 +65,7 @@ let partOf = [ "ceph.target" ]; wantedBy = [ "ceph.target" ]; before = [ "ceph.target" ]; + unitConfig.StopWhenUnneeded = true; }; } ); @@ -377,22 +385,22 @@ in systemd.services = let services = [] - ++ optional cfg.mon.enable (makeServices "mon" cfg.mon.daemons { RestartSec = "10"; }) - ++ optional cfg.mds.enable (makeServices "mds" cfg.mds.daemons { StartLimitBurst = "3"; }) - ++ optional cfg.osd.enable (makeServices "osd" cfg.osd.daemons { StartLimitBurst = "30"; - RestartSec = "20s"; - PrivateDevices = "no"; # osd needs disk access - }) - ++ optional cfg.rgw.enable (makeServices "rgw" cfg.rgw.daemons { }) - ++ optional cfg.mgr.enable (makeServices "mgr" cfg.mgr.daemons { StartLimitBurst = "3"; }); + ++ optional cfg.mon.enable (makeServices "mon" cfg.mon.daemons) + ++ optional cfg.mds.enable (makeServices "mds" cfg.mds.daemons) + ++ optional cfg.osd.enable (makeServices "osd" cfg.osd.daemons) + ++ optional cfg.rgw.enable (makeServices "rgw" cfg.rgw.daemons) + ++ optional cfg.mgr.enable (makeServices "mgr" cfg.mgr.daemons); in mkMerge services; systemd.targets = let targets = [ - { ceph = { description = "Ceph target allowing to start/stop all ceph service instances at once"; - wantedBy = [ "multi-user.target" ]; }; } - ] ++ optional cfg.mon.enable (makeTarget "mon") + { ceph = { + description = "Ceph target allowing to start/stop all ceph service instances at once"; + wantedBy = [ "multi-user.target" ]; + unitConfig.StopWhenUnneeded = true; + }; } ] + ++ optional cfg.mon.enable (makeTarget "mon") ++ optional cfg.mds.enable (makeTarget "mds") ++ optional cfg.osd.enable (makeTarget "osd") ++ optional cfg.rgw.enable (makeTarget "rgw") @@ -401,7 +409,11 @@ in mkMerge targets; systemd.tmpfiles.rules = [ + "d /etc/ceph - ceph ceph - -" "d /run/ceph 0770 ceph ceph -" - ]; + "d /var/lib/ceph - ceph ceph - -"] + ++ optionals cfg.mgr.enable [ "d /var/lib/ceph/mgr - ceph ceph - -"] + ++ optionals cfg.mon.enable [ "d /var/lib/ceph/mon - ceph ceph - -"] + ++ optionals cfg.osd.enable [ "d /var/lib/ceph/osd - ceph ceph - -"]; }; } diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index ce565dbaab81..0315c1c71ee3 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -12,11 +12,6 @@ let samba = cfg.package; - setupScript = - '' - mkdir -p /var/lock/samba /var/log/samba /var/cache/samba /var/lib/samba/private - ''; - shareConfig = name: let share = getAttr name cfg.shares; in "[${name}]\n " + (smbToString ( @@ -45,7 +40,6 @@ let daemonService = appName: args: { description = "Samba Service Daemon ${appName}"; - after = [ "network.target" ]; requiredBy = [ "samba.target" ]; partOf = [ "samba.target" ]; @@ -62,6 +56,7 @@ let Type = "notify"; NotifyAccess = "all"; #may not do anything... }; + unitConfig.RequiresMountsFor = "/var/lib/samba"; restartTriggers = [ configFile ]; }; @@ -228,8 +223,7 @@ in systemd = { targets.samba = { description = "Samba Server"; - requires = [ "samba-setup.service" ]; - after = [ "samba-setup.service" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; }; # Refer to https://github.com/samba-team/samba/tree/master/packaging/systemd @@ -238,12 +232,13 @@ in samba-smbd = daemonService "smbd" ""; samba-nmbd = mkIf cfg.enableNmbd (daemonService "nmbd" ""); samba-winbindd = mkIf cfg.enableWinbindd (daemonService "winbindd" ""); - samba-setup = { - description = "Samba Setup Task"; - script = setupScript; - unitConfig.RequiresMountsFor = "/var/lib/samba"; - }; }; + tmpfiles.rules = [ + "d /var/lock/samba - - - - -" + "d /var/log/samba - - - - -" + "d /var/cache/samba - - - - -" + "d /var/lib/samba/private - - - - -" + ]; }; security.pam.services.samba = {}; diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index 12eee136e639..8249da69bc1a 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -46,11 +46,10 @@ in { RestartSec="1"; DynamicUser = true; StartLimitInterval="0"; - PrivateTmp=true; PrivateDevices=true; - CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID"; + AmbientCapabilities="CAP_NET_BIND_SERVICE"; + CapabilityBoundingSet="CAP_NET_BIND_SERVICE"; ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; - ProtectSystem="full"; ProtectHome=true; RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; LimitNOFILE="16384"; diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix index 0438d0bf8d86..aff71e5e97da 100644 --- a/nixos/modules/services/networking/haproxy.nix +++ b/nixos/modules/services/networking/haproxy.nix @@ -1,7 +1,16 @@ { config, lib, pkgs, ... }: + let cfg = config.services.haproxy; - haproxyCfg = pkgs.writeText "haproxy.conf" cfg.config; + + haproxyCfg = pkgs.writeText "haproxy.conf" '' + global + # needed for hot-reload to work without dropping packets in multi-worker mode + stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level user + + ${cfg.config} + ''; + in with lib; { @@ -25,9 +34,7 @@ with lib; <filename>haproxy.conf</filename>. ''; }; - }; - }; config = mkIf cfg.enable { @@ -42,21 +49,16 @@ with lib; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - Type = "forking"; - PIDFile = "/run/haproxy.pid"; - ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -q -f ${haproxyCfg}"; - ExecStart = "${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /run/haproxy.pid"; - ExecReload = "-${pkgs.bash}/bin/bash -c \"exec ${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /run/haproxy.pid -sf $MAINPID\""; + DynamicUser = true; + Type = "notify"; + # when running the config test, don't be quiet so we can see what goes wrong + ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -f ${haproxyCfg}"; + ExecStart = "${pkgs.haproxy}/sbin/haproxy -Ws -f ${haproxyCfg}"; + Restart = "on-failure"; + RuntimeDirectory = "haproxy"; + # needed in case we bind to port < 1024 + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; }; - - environment.systemPackages = [ pkgs.haproxy ]; - - users.users.haproxy = { - group = "haproxy"; - uid = config.ids.uids.haproxy; - }; - - users.groups.haproxy.gid = config.ids.uids.haproxy; }; } diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix index 7b2c464ab46b..79507b2ebcdd 100644 --- a/nixos/modules/services/networking/tinydns.nix +++ b/nixos/modules/services/networking/tinydns.nix @@ -37,6 +37,7 @@ with lib; systemd.services.tinydns = { description = "djbdns tinydns server"; wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; path = with pkgs; [ daemontools djbdns ]; preStart = '' rm -rf /var/lib/tinydns diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 3c5918baa533..f5a6051b4b5f 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -33,6 +33,8 @@ let enableSSL = any (vhost: vhost.enableSSL) allHosts; + enableUserDir = any (vhost: vhost.enableUserDir) allHosts; + # NOTE: generally speaking order of modules is very important modules = [ # required apache modules our httpd service cannot run without @@ -45,6 +47,7 @@ let ] ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ]) ++ optional enableSSL "ssl" + ++ optional enableUserDir "userdir" ++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; } ++ optional mainCfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; } ++ optional mainCfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 4ab7e3f0c0a9..095de64dfb14 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -31,7 +31,7 @@ let ''; passAsFile = [ "nixDefaults" "phpOptions" ]; } '' - cat $phpPackage/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out + cat ${poolOpts.phpPackage}/etc/php.ini $nixDefaultsPath $phpOptionsPath > $out ''; poolOpts = { name, ... }: @@ -69,8 +69,6 @@ let phpOptions = mkOption { type = types.lines; - default = cfg.phpOptions; - defaultText = "config.services.phpfpm.phpOptions"; description = '' "Options appended to the PHP configuration file <filename>php.ini</filename> used for this PHP-FPM pool." ''; @@ -137,6 +135,7 @@ let config = { socket = if poolOpts.listen == "" then "${runtimeDir}/${name}.sock" else poolOpts.listen; group = mkDefault poolOpts.user; + phpOptions = mkBefore cfg.phpOptions; settings = mapAttrs (name: mkDefault){ listen = poolOpts.socket; diff --git a/nixos/modules/services/web-servers/varnish/default.nix b/nixos/modules/services/web-servers/varnish/default.nix index 63f967185c2d..01fe3d12917a 100644 --- a/nixos/modules/services/web-servers/varnish/default.nix +++ b/nixos/modules/services/web-servers/varnish/default.nix @@ -15,8 +15,8 @@ in package = mkOption { type = types.package; - default = pkgs.varnish5; - defaultText = "pkgs.varnish5"; + default = pkgs.varnish; + defaultText = "pkgs.varnish"; description = '' The package to use ''; @@ -48,7 +48,7 @@ in extraModules = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.varnish5Packages.geoip ]"; + example = literalExample "[ pkgs.varnishPackages.geoip ]"; description = " Varnish modules (except 'std'). "; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 5ad31e5b9d00..0135ac19cbf7 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -184,6 +184,13 @@ in enableGnomeKeyring = true; }; + systemd.packages = with pkgs.gnome3; [ + gnome-flashback + ] ++ (map + (wm: gnome-flashback.mkSystemdTargetForWm { + inherit (wm) wmName; + }) cfg.flashback.customSessions); + services.dbus.packages = [ pkgs.gnome3.gnome-screensaver ]; @@ -217,6 +224,12 @@ in services.xserver.updateDbusEnvironment = true; + # gnome has a custom alert theme but it still + # inherits from the freedesktop theme. + environment.systemPackages = with pkgs; [ + sound-theme-freedesktop + ]; + # Needed for themes and backgrounds environment.pathsToLink = [ "/share" # TODO: https://github.com/NixOS/nixpkgs/issues/47173 @@ -265,6 +278,26 @@ in source-sans-pro ]; + ## Enable soft realtime scheduling, only supported on wayland ## + + security.wrappers.".gnome-shell-wrapped" = { + source = "${pkgs.gnome3.gnome-shell}/bin/.gnome-shell-wrapped"; + capabilities = "cap_sys_nice=ep"; + }; + + systemd.user.services.gnome-shell-wayland = let + gnomeShellRT = with pkgs.gnome3; pkgs.runCommand "gnome-shell-rt" {} '' + mkdir -p $out/bin/ + cp ${gnome-shell}/bin/gnome-shell $out/bin + sed -i "s@${gnome-shell}/bin/@${config.security.wrapperDir}/@" $out/bin/gnome-shell + ''; + in { + # Note we need to clear ExecStart before overriding it + serviceConfig.ExecStart = ["" "${gnomeShellRT}/bin/gnome-shell"]; + # Do not use the default environment, it provides a broken PATH + environment = mkForce {}; + }; + # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-32/elements/core/meta-gnome-core-shell.bst environment.systemPackages = with pkgs.gnome3; [ adwaita-icon-theme diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix index adca3c3f66e7..23fce22366d8 100644 --- a/nixos/modules/system/boot/plymouth.nix +++ b/nixos/modules/system/boot/plymouth.nix @@ -25,6 +25,7 @@ let [Daemon] ShowDelay=0 Theme=${cfg.theme} + ${cfg.extraConfig} ''; in @@ -65,6 +66,15 @@ in ''; }; + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Literal string to append to <literal>configFile</literal> + and the config file generated by the plymouth module. + ''; + }; + }; }; diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix index c1f2c98afcd8..bee21f1a8f36 100644 --- a/nixos/modules/system/boot/systemd-unit-options.nix +++ b/nixos/modules/system/boot/systemd-unit-options.nix @@ -24,7 +24,7 @@ in rec { in if isList (head defs'') then concatLists defs'' - else mergeOneOption loc defs'; + else mergeEqualOption loc defs'; }; sharedOptions = { diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 16b79d869193..edde7dde39ed 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -146,7 +146,8 @@ in { # this file is expected in /etc/qemu and not sysconfdir (/var/lib) etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" (e: "allow ${e}") cfg.allowedBridges; - systemPackages = with pkgs; [ libvirt libressl.nc cfg.qemuPackage ]; + systemPackages = with pkgs; [ libvirt libressl.nc iptables cfg.qemuPackage ]; + etc.ethertypes.source = "${iptables}/etc/ethertypes"; }; boot.kernelModules = [ "tun" ]; |