diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/shell.nix | 4 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/misc/home-assistant.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/kapacitor.nix | 154 | ||||
-rw-r--r-- | nixos/modules/services/networking/zerotierone.nix | 3 | ||||
-rw-r--r-- | nixos/modules/system/boot/systemd-nspawn.nix | 1 | ||||
-rw-r--r-- | nixos/modules/virtualisation/containers.nix | 7 | ||||
-rw-r--r-- | nixos/tests/chromium.nix | 6 |
10 files changed, 177 insertions, 7 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index a32e4fe3f7c8..16737efb1856 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -332,6 +332,7 @@ lirc = 305; lidarr = 306; slurm = 307; + kapacitor = 308; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -624,6 +625,7 @@ lirc = 305; lidarr = 306; slurm = 307; + kapacitor = 308; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 660644eade8d..37e90232da2a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -433,6 +433,7 @@ ./services/monitoring/hdaps.nix ./services/monitoring/heapster.nix ./services/monitoring/incron.nix + ./services/monitoring/kapacitor.nix ./services/monitoring/longview.nix ./services/monitoring/monit.nix ./services/monitoring/munin.nix diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix index 6aa0262e3a4c..9842e2bef643 100644 --- a/nixos/modules/programs/shell.nix +++ b/nixos/modules/programs/shell.nix @@ -13,7 +13,7 @@ with lib; # Set up the per-user profile. mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR" if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then - echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR, should be $(id -u)" >&2 + echo "WARNING: the per-user profile dir $NIX_USER_PROFILE_DIR should belong to user id $(id -u)" >&2 fi if [ -w "$HOME" ]; then @@ -35,7 +35,7 @@ with lib; NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER" mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR" if [ "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then - echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR, should be $(id -u)" >&2 + echo "WARNING: the per-user gcroots dir $NIX_USER_GCROOTS_DIR should belong to user id $(id -u)" >&2 fi # Set up a default Nix expression from which to install stuff. diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index eb74b9bcac12..aa2b5c0b2dfb 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -28,7 +28,10 @@ with lib; (config: let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config; in if enabled then [ pkgs.gutenprint ] else [ ])) - (mkRenamedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ]) + (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] + (config: + let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; + in if value != "" then [ value ] else [])) (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") (mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ]) (mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ]) diff --git a/nixos/modules/services/misc/home-assistant.nix b/nixos/modules/services/misc/home-assistant.nix index 0756e81612ac..2e9aa33aeeee 100644 --- a/nixos/modules/services/misc/home-assistant.nix +++ b/nixos/modules/services/misc/home-assistant.nix @@ -157,6 +157,7 @@ in { Restart = "on-failure"; ProtectSystem = "strict"; ReadWritePaths = "${cfg.configDir}"; + KillSignal = "SIGINT"; PrivateTmp = true; RemoveIPC = true; }; diff --git a/nixos/modules/services/monitoring/kapacitor.nix b/nixos/modules/services/monitoring/kapacitor.nix new file mode 100644 index 000000000000..1de0a8d5af2f --- /dev/null +++ b/nixos/modules/services/monitoring/kapacitor.nix @@ -0,0 +1,154 @@ +{ options, config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.kapacitor; + + kapacitorConf = pkgs.writeTextFile { + name = "kapacitord.conf"; + text = '' + hostname="${config.networking.hostName}" + data_dir="${cfg.dataDir}" + + [http] + bind-address = "${cfg.bind}:${toString cfg.port}" + log-enabled = false + auth-enabled = false + + [task] + dir = "${cfg.dataDir}/tasks" + snapshot-interval = "${cfg.taskSnapshotInterval}" + + [replay] + dir = "${cfg.dataDir}/replay" + + [storage] + boltdb = "${cfg.dataDir}/kapacitor.db" + + ${optionalString (cfg.loadDirectory != null) '' + [load] + enabled = true + dir = "${cfg.loadDirectory}" + ''} + + ${optionalString (cfg.defaultDatabase.enable) '' + [[influxdb]] + name = "default" + enabled = true + default = true + urls = [ "${cfg.defaultDatabase.url}" ] + username = "${cfg.defaultDatabase.username}" + password = "${cfg.defaultDatabase.password}" + ''} + + ${cfg.extraConfig} + ''; + }; +in +{ + options.services.kapacitor = { + enable = mkEnableOption "kapacitor"; + + dataDir = mkOption { + type = types.path; + example = "/var/lib/kapacitor"; + default = "/var/lib/kapacitor"; + description = "Location where Kapacitor stores its state"; + }; + + port = mkOption { + type = types.int; + default = 9092; + description = "Port of Kapacitor"; + }; + + bind = mkOption { + type = types.str; + default = ""; + example = literalExample "0.0.0.0"; + description = "Address to bind to. The default is to bind to all addresses"; + }; + + extraConfig = mkOption { + description = "These lines go into kapacitord.conf verbatim."; + default = ""; + type = types.lines; + }; + + user = mkOption { + type = types.str; + default = "kapacitor"; + description = "User account under which Kapacitor runs"; + }; + + group = mkOption { + type = types.str; + default = "kapacitor"; + description = "Group under which Kapacitor runs"; + }; + + taskSnapshotInterval = mkOption { + type = types.str; + description = "Specifies how often to snapshot the task state (in InfluxDB time units)"; + default = "1m0s"; + example = "1m0s"; + }; + + loadDirectory = mkOption { + type = types.nullOr types.path; + description = "Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)"; + default = null; + }; + + defaultDatabase = { + enable = mkEnableOption "kapacitor.defaultDatabase"; + + url = mkOption { + description = "The URL to an InfluxDB server that serves as the default database"; + example = "http://localhost:8086"; + type = types.string; + }; + + username = mkOption { + description = "The username to connect to the remote InfluxDB server"; + type = types.string; + }; + + password = mkOption { + description = "The password to connect to the remote InfluxDB server"; + type = types.string; + }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.kapacitor ]; + + systemd.services.kapacitor = { + description = "Kapacitor Real-Time Stream Processing Engine"; + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" ]; + serviceConfig = { + ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${kapacitorConf}"; + User = "kapacitor"; + Group = "kapacitor"; + PermissionsStartOnly = true; + }; + preStart = '' + mkdir -p ${cfg.dataDir} + chown ${cfg.user}:${cfg.group} ${cfg.dataDir} + ''; + }; + + users.users.kapacitor = { + uid = config.ids.uids.kapacitor; + description = "Kapacitor user"; + home = cfg.dataDir; + }; + + users.groups.kapacitor = { + gid = config.ids.gids.kapacitor; + }; + }; +} diff --git a/nixos/modules/services/networking/zerotierone.nix b/nixos/modules/services/networking/zerotierone.nix index a4cd368397e7..764af3846fe5 100644 --- a/nixos/modules/services/networking/zerotierone.nix +++ b/nixos/modules/services/networking/zerotierone.nix @@ -39,7 +39,8 @@ in systemd.services.zerotierone = { description = "ZeroTierOne"; path = [ cfg.package ]; - after = [ "network.target" ]; + bindsTo = [ "network-online.target" ]; + after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' mkdir -p /var/lib/zerotier-one/networks.d diff --git a/nixos/modules/system/boot/systemd-nspawn.nix b/nixos/modules/system/boot/systemd-nspawn.nix index f4fa09694537..4f538ccdbbe1 100644 --- a/nixos/modules/system/boot/systemd-nspawn.nix +++ b/nixos/modules/system/boot/systemd-nspawn.nix @@ -112,6 +112,7 @@ in { environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] []; + systemd.targets."multi-user".wants = [ "machines.target "]; }; } diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 572092a2ba94..2fcc0f254256 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -243,6 +243,9 @@ let Restart = "on-failure"; + Slice = "machine.slice"; + Delegate = true; + # Hack: we don't want to kill systemd-nspawn, since we call # "machinectl poweroff" in preStop to shut down the # container cleanly. But systemd requires sending a signal @@ -657,6 +660,8 @@ in serviceConfig = serviceDirectives dummyConfig; }; in { + systemd.targets."multi-user".wants = [ "machines.target" ]; + systemd.services = listToAttrs (filter (x: x.value != null) ( # The generic container template used by imperative containers [{ name = "container@"; value = unit; }] @@ -680,7 +685,7 @@ in } // ( if config.autoStart then { - wantedBy = [ "multi-user.target" ]; + wantedBy = [ "machines.target" ]; wants = [ "network.target" ]; after = [ "network.target" ]; restartTriggers = [ config.path ]; diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index c341e83961a8..fcc55a59a216 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -12,8 +12,10 @@ with pkgs.lib; mapAttrs (channel: chromiumPkg: makeTest rec { name = "chromium-${channel}"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ aszlig ]; + meta = { + maintainers = with maintainers; [ aszlig ]; + # https://github.com/NixOS/hydra/issues/591#issuecomment-435125621 + inherit (chromiumPkg.meta) timeout; }; enableOCR = true; |