diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/power-management.nix | 3 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/less.nix | 118 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 19 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/vhost-options.nix | 16 | ||||
-rw-r--r-- | nixos/modules/virtualisation/container-config.nix | 2 | ||||
-rw-r--r-- | nixos/release.nix | 1 | ||||
-rw-r--r-- | nixos/tests/borgbackup.nix | 21 |
8 files changed, 172 insertions, 9 deletions
diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix index a4a4d6e1a6af..4c37e8a6208c 100644 --- a/nixos/modules/config/power-management.nix +++ b/nixos/modules/config/power-management.nix @@ -69,9 +69,6 @@ in config = mkIf cfg.enable { - # Leftover for old setups, should be set by nixos-generate-config now - powerManagement.cpuFreqGovernor = mkDefault "ondemand"; - systemd.targets.post-resume = { description = "Post-Resume Actions"; requires = [ "post-resume.service" ]; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e512881765e0..51f9917b192c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -84,6 +84,7 @@ ./programs/info.nix ./programs/java.nix ./programs/kbdlight.nix + ./programs/less.nix ./programs/light.nix ./programs/man.nix ./programs/mosh.nix diff --git a/nixos/modules/programs/less.nix b/nixos/modules/programs/less.nix new file mode 100644 index 000000000000..c0283c9e6862 --- /dev/null +++ b/nixos/modules/programs/less.nix @@ -0,0 +1,118 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.programs.less; + + configFile = '' + #command + ${concatStringsSep "\n" + (mapAttrsToList (command: action: "${command} ${action}") cfg.commands) + } + ${if cfg.clearDefaultCommands then "#stop" else ""} + + #line-edit + ${concatStringsSep "\n" + (mapAttrsToList (command: action: "${command} ${action}") cfg.lineEditingKeys) + } + + #env + ${concatStringsSep "\n" + (mapAttrsToList (variable: values: "${variable}=${values}") cfg.envVariables) + } + ''; + + lessKey = pkgs.runCommand "lesskey" + { src = pkgs.writeText "lessconfig" configFile; } + "${pkgs.less}/bin/lesskey -o $out $src"; + +in + +{ + options = { + + programs.less = { + + enable = mkEnableOption "less"; + + commands = mkOption { + type = types.attrsOf types.str; + default = {}; + example = { + "h" = "noaction 5\e("; + "l" = "noaction 5\e)"; + }; + description = "Defines new command keys."; + }; + + clearDefaultCommands = mkOption { + type = types.bool; + default = false; + description = '' + Clear all default commands. + You should remember to set the quit key. + Otherwise you will not be able to leave less without killing it. + ''; + }; + + lineEditingKeys = mkOption { + type = types.attrsOf types.str; + default = {}; + example = { + "\e" = "abort"; + }; + description = "Defines new line-editing keys."; + }; + + envVariables = mkOption { + type = types.attrsOf types.str; + default = {}; + example = { + LESS = "--quit-if-one-screen"; + }; + description = "Defines environment variables."; + }; + + lessopen = mkOption { + type = types.nullOr types.str; + default = "|${pkgs.lesspipe}/bin/lesspipe.sh %s"; + description = '' + Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed. + ''; + }; + + lessclose = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + When less closes a file opened in such a way, it will call another program, called the input postprocessor, which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN). + ''; + }; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.less ]; + + environment.variables = { + "LESSKEY_SYSTEM" = toString lessKey; + } // optionalAttrs (cfg.lessopen != null) { + "LESSOPEN" = cfg.lessopen; + } // optionalAttrs (cfg.lessclose != null) { + "LESSCLOSE" = cfg.lessclose; + }; + + warnings = optional ( + cfg.clearDefaultCommands && (all (x: x != "quit") (attrValues cfg.commands)) + ) '' + config.programs.less.clearDefaultCommands clears all default commands of less but there is no alternative binding for exiting. + Consider adding a binding for 'quit'. + ''; + }; + + meta.maintainers = with maintainers; [ johnazoidberg ]; + +} diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 2951e63e863e..100fabf902f8 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -15,6 +15,9 @@ let } // (optionalAttrs vhostConfig.enableACME { sslCertificate = "/var/lib/acme/${serverName}/fullchain.pem"; sslCertificateKey = "/var/lib/acme/${serverName}/key.pem"; + }) // (optionalAttrs (vhostConfig.useACMEHost != null) { + sslCertificate = "/var/lib/acme/${vhostConfig.useACMEHost}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${vhostConfig.useACMEHost}/key.pem"; }) ) cfg.virtualHosts; enableIPv6 = config.networking.enableIPv6; @@ -174,7 +177,7 @@ let redirectListen = filter (x: !x.ssl) defaultListen; - acmeLocation = '' + acmeLocation = optionalString (vhost.enableACME || vhost.useACMEHost != null) '' location /.well-known/acme-challenge { ${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"} root ${vhost.acmeRoot}; @@ -194,7 +197,7 @@ let ${concatMapStringsSep "\n" listenString redirectListen} server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases}; - ${optionalString vhost.enableACME acmeLocation} + ${acmeLocation} location / { return 301 https://$host$request_uri; } @@ -204,7 +207,7 @@ let server { ${concatMapStringsSep "\n" listenString hostListen} server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases}; - ${optionalString vhost.enableACME acmeLocation} + ${acmeLocation} ${optionalString (vhost.root != null) "root ${vhost.root};"} ${optionalString (vhost.globalRedirect != null) '' return 301 http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri; @@ -555,6 +558,14 @@ in are mutually exclusive. ''; } + + { + assertion = all (conf: !(conf.enableACME && conf.useACMEHost != null)) (attrValues virtualHosts); + message = '' + Options services.nginx.service.virtualHosts.<name>.enableACME and + services.nginx.virtualHosts.<name>.useACMEHost are mutually exclusive. + ''; + } ]; systemd.services.nginx = { @@ -580,7 +591,7 @@ in security.acme.certs = filterAttrs (n: v: v != {}) ( let vhostsConfigs = mapAttrsToList (vhostName: vhostConfig: vhostConfig) virtualHosts; - acmeEnabledVhosts = filter (vhostConfig: vhostConfig.enableACME) vhostsConfigs; + acmeEnabledVhosts = filter (vhostConfig: vhostConfig.enableACME && vhostConfig.useACMEHost == null) vhostsConfigs; acmePairs = map (vhostConfig: { name = vhostConfig.serverName; value = { user = cfg.user; group = lib.mkDefault cfg.group; diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 29f08cc4f307..bf18108a1a3c 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -48,7 +48,21 @@ with lib; enableACME = mkOption { type = types.bool; default = false; - description = "Whether to ask Let's Encrypt to sign a certificate for this vhost."; + description = '' + Whether to ask Let's Encrypt to sign a certificate for this vhost. + Alternately, you can use an existing certificate through <option>useACMEHost</option>. + ''; + }; + + useACMEHost = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + A host of an existing Let's Encrypt certificate to use. + This is useful if you have many subdomains and want to avoid hitting the + <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>. + Alternately, you can generate a certificate through <option>enableACME</option>. + ''; }; acmeRoot = mkOption { diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index b4f9d8b6fc17..5e368acd6d8b 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -11,7 +11,7 @@ with lib; services.udisks2.enable = mkDefault false; powerManagement.enable = mkDefault false; - networking.useHostResolvConf = true; + networking.useHostResolvConf = mkDefault true; # Containers should be light-weight, so start sshd on demand. services.openssh.startWhenNeeded = mkDefault true; diff --git a/nixos/release.nix b/nixos/release.nix index 7c2e5b6415c5..972c89c1a411 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -227,6 +227,7 @@ in rec { tests.blivet = callTest tests/blivet.nix {}; tests.boot = callSubTests tests/boot.nix {}; tests.boot-stage1 = callTest tests/boot-stage1.nix {}; + tests.borgbackup = callTest tests/borgbackup.nix {}; tests.cadvisor = callTestOnTheseSystems ["x86_64-linux"] tests/cadvisor.nix {}; tests.chromium = (callSubTestsOnTheseSystems ["x86_64-linux"] tests/chromium.nix {}).stable; tests.cjdns = callTest tests/cjdns.nix {}; diff --git a/nixos/tests/borgbackup.nix b/nixos/tests/borgbackup.nix new file mode 100644 index 000000000000..123b02be7251 --- /dev/null +++ b/nixos/tests/borgbackup.nix @@ -0,0 +1,21 @@ +import ./make-test.nix ({ pkgs, ...}: { + name = "borgbackup"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mic92 ]; + }; + + nodes = { + machine = { config, pkgs, ... }: { + environment.systemPackages = [ pkgs.borgbackup ]; + }; + }; + + testScript = '' + my $borg = "BORG_PASSPHRASE=supersecret borg"; + $machine->succeed("$borg init --encryption=repokey /tmp/backup"); + $machine->succeed("mkdir /tmp/data/ && echo 'data' >/tmp/data/file"); + $machine->succeed("$borg create --stats /tmp/backup::test /tmp/data"); + $machine->succeed("$borg extract /tmp/backup::test"); + $machine->succeed('c=$(cat data/file) && echo "c = $c" >&2 && [[ "$c" == "data" ]]'); + ''; +}) |