diff options
Diffstat (limited to 'nixos/modules')
5 files changed, 76 insertions, 34 deletions
diff --git a/nixos/modules/programs/steam.nix b/nixos/modules/programs/steam.nix index c7f1e622f7ba..d6e2a82af100 100644 --- a/nixos/modules/programs/steam.nix +++ b/nixos/modules/programs/steam.nix @@ -56,6 +56,8 @@ in { # use the setuid wrapped bubblewrap bubblewrap = "${config.security.wrapperDir}/.."; }; + } // optionalAttrs cfg.extest.enable { + extraEnv.LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so"; }); description = lib.mdDoc '' The Steam package to use. Additional libraries are added from the system @@ -114,6 +116,11 @@ in { }; }; }; + + extest.enable = mkEnableOption (lib.mdDoc '' + Load the extest library into Steam, to translate X11 input events to + uinput events (e.g. for using Steam Input on Wayland) + ''); }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix b/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix index a90d234f65c0..1aaa2d07b9bd 100644 --- a/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix +++ b/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix @@ -1,37 +1,58 @@ -{ config, lib, pkgs }: let +{ + addDriverRunpath, + glibc, + jq, + lib, + nvidia-container-toolkit, + nvidia-driver, + runtimeShell, + writeScriptBin, +}: +let mountOptions = { options = ["ro" "nosuid" "nodev" "bind"]; }; mounts = [ - { hostPath = "${lib.getBin config.hardware.nvidia.package}/bin/nvidia-cuda-mps-control"; + # FIXME: Making /usr mounts optional + { hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-control"; containerPath = "/usr/bin/nvidia-cuda-mps-control"; } - { hostPath = "${lib.getBin config.hardware.nvidia.package}/bin/nvidia-cuda-mps-server"; + { hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-server"; containerPath = "/usr/bin/nvidia-cuda-mps-server"; } - { hostPath = "${lib.getBin config.hardware.nvidia.package}/bin/nvidia-debugdump"; + { hostPath = lib.getExe' nvidia-driver "nvidia-debugdump"; containerPath = "/usr/bin/nvidia-debugdump"; } - { hostPath = "${lib.getBin config.hardware.nvidia.package}/bin/nvidia-powerd"; + { hostPath = lib.getExe' nvidia-driver "nvidia-powerd"; containerPath = "/usr/bin/nvidia-powerd"; } - { hostPath = "${lib.getBin config.hardware.nvidia.package}/bin/nvidia-smi"; + { hostPath = lib.getExe' nvidia-driver "nvidia-smi"; containerPath = "/usr/bin/nvidia-smi"; } - { hostPath = "${pkgs.nvidia-container-toolkit}/bin/nvidia-ctk"; + { hostPath = lib.getExe' nvidia-container-toolkit "nvidia-ctk"; containerPath = "/usr/bin/nvidia-ctk"; } - { hostPath = "${pkgs.glibc}/lib"; - containerPath = "${pkgs.glibc}/lib"; } - { hostPath = "${pkgs.glibc}/lib64"; - containerPath = "${pkgs.glibc}/lib64"; } + { hostPath = "${lib.getLib glibc}/lib"; + containerPath = "${lib.getLib glibc}/lib"; } + + # FIXME: use closureinfo + { + hostPath = addDriverRunpath.driverLink; + containerPath = addDriverRunpath.driverLink; + } + { hostPath = "${lib.getLib glibc}/lib"; + containerPath = "${lib.getLib glibc}/lib"; } + { hostPath = "${lib.getLib glibc}/lib64"; + containerPath = "${lib.getLib glibc}/lib64"; } ]; jqAddMountExpression = ".containerEdits.mounts[.containerEdits.mounts | length] |= . +"; mountsToJq = lib.concatMap (mount: - ["${pkgs.jq}/bin/jq '${jqAddMountExpression} ${builtins.toJSON (mount // mountOptions)}'"]) + ["${lib.getExe jq} '${jqAddMountExpression} ${builtins.toJSON (mount // mountOptions)}'"]) mounts; -in '' -#! ${pkgs.runtimeShell} +in +writeScriptBin "nvidia-cdi-generator" +'' +#! ${runtimeShell} function cdiGenerate { - ${pkgs.nvidia-container-toolkit}/bin/nvidia-ctk cdi generate \ + ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} cdi generate \ --format json \ - --ldconfig-path ${pkgs.glibc.bin}/bin/ldconfig \ - --library-search-path ${config.hardware.nvidia.package}/lib \ - --nvidia-ctk-path ${pkgs.nvidia-container-toolkit}/bin/nvidia-ctk + --ldconfig-path ${lib.getExe' glibc "ldconfig"} \ + --library-search-path ${lib.getLib nvidia-driver}/lib \ + --nvidia-ctk-path ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} } cdiGenerate | \ diff --git a/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix b/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix index 3c96e9c41be5..b95bdf191fad 100644 --- a/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix +++ b/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix @@ -26,9 +26,11 @@ serviceConfig = { RuntimeDirectory = "cdi"; RemainAfterExit = true; - ExecStart = let - script = (pkgs.writeScriptBin "nvidia-cdi-generator" - (import ./cdi-generate.nix { inherit config lib pkgs; })); in (lib.getExe script); + ExecStart = + let + script = pkgs.callPackage ./cdi-generate.nix { nvidia-driver = config.hardware.nvidia.package; }; + in + lib.getExe script; Type = "oneshot"; }; }; diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix index 470db735bf64..60d8015d0cee 100644 --- a/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixos/modules/services/security/vaultwarden/default.nix @@ -180,7 +180,6 @@ in { users.groups.vaultwarden = { }; systemd.services.vaultwarden = { - aliases = [ "bitwarden_rs.service" ]; after = [ "network.target" ]; path = with pkgs; [ openssl ]; serviceConfig = { @@ -202,7 +201,6 @@ in { }; systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) { - aliases = [ "backup-bitwarden_rs.service" ]; description = "Backup vaultwarden"; environment = { DATA_FOLDER = "/var/lib/bitwarden_rs"; @@ -222,7 +220,6 @@ in { }; systemd.timers.backup-vaultwarden = mkIf (cfg.backupDir != null) { - aliases = [ "backup-bitwarden_rs.timer" ]; description = "Backup vaultwarden on time"; timerConfig = { OnCalendar = mkDefault "23:00"; @@ -240,6 +237,9 @@ in { }; }; - # uses attributes of the linked package - meta.buildDocsInSandbox = false; + meta = { + # uses attributes of the linked package + buildDocsInSandbox = false; + maintainers = with lib.maintainers; [ dotlambda SuperSandro2000 ]; + }; } diff --git a/nixos/modules/services/web-apps/miniflux.nix b/nixos/modules/services/web-apps/miniflux.nix index 1a5b7d0c24e9..16b6fb0d655d 100644 --- a/nixos/modules/services/web-apps/miniflux.nix +++ b/nixos/modules/services/web-apps/miniflux.nix @@ -16,10 +16,20 @@ in { options = { services.miniflux = { - enable = mkEnableOption (lib.mdDoc "miniflux and creates a local postgres database for it"); + enable = mkEnableOption (lib.mdDoc "miniflux"); package = mkPackageOption pkgs "miniflux" { }; + createDatabaseLocally = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Whether a PostgreSQL database should be automatically created and + configured on the local host. If set to `false`, you need provision a + database yourself and make sure to create the hstore extension in it. + ''; + }; + config = mkOption { type = with types; attrsOf (oneOf [ str int ]); example = literalExpression '' @@ -38,7 +48,7 @@ in ''; }; - adminCredentialsFile = mkOption { + adminCredentialsFile = mkOption { type = types.path; description = lib.mdDoc '' File containing the ADMIN_USERNAME and @@ -51,14 +61,14 @@ in }; config = mkIf cfg.enable { - services.miniflux.config = { + services.miniflux.config = { LISTEN_ADDR = mkDefault defaultAddress; - DATABASE_URL = "user=miniflux host=/run/postgresql dbname=miniflux"; + DATABASE_URL = lib.mkIf cfg.createDatabaseLocally "user=miniflux host=/run/postgresql dbname=miniflux"; RUN_MIGRATIONS = 1; CREATE_ADMIN = 1; }; - services.postgresql = { + services.postgresql = lib.mkIf cfg.createDatabaseLocally { enable = true; ensureUsers = [ { name = "miniflux"; @@ -67,7 +77,7 @@ in ensureDatabases = [ "miniflux" ]; }; - systemd.services.miniflux-dbsetup = { + systemd.services.miniflux-dbsetup = lib.mkIf cfg.createDatabaseLocally { description = "Miniflux database setup"; requires = [ "postgresql.service" ]; after = [ "network.target" "postgresql.service" ]; @@ -81,8 +91,9 @@ in systemd.services.miniflux = { description = "Miniflux service"; wantedBy = [ "multi-user.target" ]; - requires = [ "miniflux-dbsetup.service" ]; - after = [ "network.target" "postgresql.service" "miniflux-dbsetup.service" ]; + requires = lib.optional cfg.createDatabaseLocally "miniflux-dbsetup.service"; + after = [ "network.target" ] + ++ lib.optionals cfg.createDatabaseLocally [ "postgresql.service" "miniflux-dbsetup.service" ]; serviceConfig = { ExecStart = "${cfg.package}/bin/miniflux"; @@ -129,6 +140,7 @@ in include "${pkgs.apparmorRulesFromClosure { name = "miniflux"; } cfg.package}" r ${cfg.package}/bin/miniflux, r @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size, + rw /run/miniflux/**, } ''; }; |