diff options
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/programs/liboping.nix | 22 | ||||
| -rw-r--r-- | nixos/modules/services/networking/corerad.nix | 46 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/nginx/gitweb.nix | 53 |
5 files changed, 116 insertions, 10 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a48434641b0c..b6d6f1993922 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -127,6 +127,7 @@ ./programs/java.nix ./programs/kbdlight.nix ./programs/less.nix + ./programs/liboping.nix ./programs/light.nix ./programs/mosh.nix ./programs/mininet.nix @@ -577,6 +578,7 @@ ./services/networking/connman.nix ./services/networking/consul.nix ./services/networking/coredns.nix + ./services/networking/corerad.nix ./services/networking/coturn.nix ./services/networking/dante.nix ./services/networking/ddclient.nix diff --git a/nixos/modules/programs/liboping.nix b/nixos/modules/programs/liboping.nix new file mode 100644 index 000000000000..4e4c235ccde4 --- /dev/null +++ b/nixos/modules/programs/liboping.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.liboping; +in { + options.programs.liboping = { + enable = mkEnableOption "liboping"; + }; + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ liboping ]; + security.wrappers = mkMerge (map ( + exec: { + "${exec}" = { + source = "${pkgs.liboping}/bin/${exec}"; + capabilities = "cap_net_raw+p"; + }; + } + ) [ "oping" "noping" ]); + }; +} diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix new file mode 100644 index 000000000000..1a2c4aec6651 --- /dev/null +++ b/nixos/modules/services/networking/corerad.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.corerad; +in { + meta = { + maintainers = with maintainers; [ mdlayher ]; + }; + + options.services.corerad = { + enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; + + configFile = mkOption { + type = types.path; + example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\""; + description = "Path to CoreRAD TOML configuration file."; + }; + + package = mkOption { + default = pkgs.corerad; + defaultText = literalExample "pkgs.corerad"; + type = types.package; + description = "CoreRAD package to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.corerad = { + description = "CoreRAD IPv6 NDP RA daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + LimitNPROC = 512; + LimitNOFILE = 1048576; + CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; + AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW"; + NoNewPrivileges = true; + DynamicUser = true; + ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 4460f89ec5c1..fd17e4b54f0f 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -629,6 +629,9 @@ in environment.systemPackages = [httpd]; + # required for "apachectl configtest" + environment.etc."httpd/httpd.conf".source = httpdConf; + services.httpd.phpOptions = '' ; Needed for PHP's mail() function. diff --git a/nixos/modules/services/web-servers/nginx/gitweb.nix b/nixos/modules/services/web-servers/nginx/gitweb.nix index 272fd1480185..f7fb07bb7975 100644 --- a/nixos/modules/services/web-servers/nginx/gitweb.nix +++ b/nixos/modules/services/web-servers/nginx/gitweb.nix @@ -3,8 +3,9 @@ with lib; let - cfg = config.services.gitweb; - package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme { + cfg = config.services.nginx.gitweb; + gitwebConfig = config.services.gitweb; + package = pkgs.gitweb.override (optionalAttrs gitwebConfig.gitwebTheme { gitwebTheme = true; }); @@ -17,13 +18,45 @@ in default = false; type = types.bool; description = '' - If true, enable gitweb in nginx. Access it at http://yourserver/gitweb + If true, enable gitweb in nginx. + ''; + }; + + location = mkOption { + default = "/gitweb"; + type = types.str; + description = '' + Location to serve gitweb on. + ''; + }; + + user = mkOption { + default = "nginx"; + type = types.str; + description = '' + Existing user that the CGI process will belong to. (Default almost surely will do.) + ''; + }; + + group = mkOption { + default = "nginx"; + type = types.str; + description = '' + Group that the CGI process will belong to. (Set to <literal>config.services.gitolite.group</literal> if you are using gitolite.) + ''; + }; + + virtualHost = mkOption { + default = "_"; + type = types.str; + description = '' + VirtualHost to serve gitweb on. Default is catch-all. ''; }; }; - config = mkIf config.services.nginx.gitweb.enable { + config = mkIf cfg.enable { systemd.services.gitweb = { description = "GitWeb service"; @@ -32,22 +65,22 @@ in FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock"; }; serviceConfig = { - User = "nginx"; - Group = "nginx"; + User = cfg.user; + Group = cfg.group; RuntimeDirectory = [ "gitweb" ]; }; wantedBy = [ "multi-user.target" ]; }; services.nginx = { - virtualHosts.default = { - locations."/gitweb/static/" = { + virtualHosts.${cfg.virtualHost} = { + locations."${cfg.location}/static/" = { alias = "${package}/static/"; }; - locations."/gitweb/" = { + locations."${cfg.location}/" = { extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile}; + fastcgi_param GITWEB_CONFIG ${gitwebConfig.gitwebConfigFile}; fastcgi_pass unix:/run/gitweb/gitweb.sock; ''; }; |