diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 2 | ||||
-rw-r--r-- | nixos/lib/utils.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/audio/wyoming/faster-whisper.nix | 17 | ||||
-rw-r--r-- | nixos/modules/services/display-managers/greetd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/fritz.nix | 97 | ||||
-rw-r--r-- | nixos/modules/services/networking/mycelium.nix | 23 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/suwayomi-server.md | 3 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/suwayomi-server.nix | 11 | ||||
-rw-r--r-- | nixos/tests/redlib.nix | 20 |
11 files changed, 158 insertions, 24 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 6ed47c4ba969..19ff6f4485cd 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -109,6 +109,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable). +- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](#opt-services.prometheus.exporters.fritz.enable). + - [armagetronad](https://wiki.armagetronad.org), a mid-2000s 3D lightcycle game widely played at iD Tech Camps. You can define multiple servers using `services.armagetronad.<server>.enable`. - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable). diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix index 49ba2e5c8386..22a2c79843c6 100644 --- a/nixos/lib/utils.nix +++ b/nixos/lib/utils.nix @@ -64,8 +64,8 @@ rec { let s = if builtins.isPath arg then "${arg}" else if builtins.isString arg then arg - else if builtins.isInt arg || builtins.isFloat arg then toString arg - else throw "escapeSystemdExecArg only allows strings, paths and numbers"; + else if builtins.isInt arg || builtins.isFloat arg || lib.isDerivation arg then toString arg + else throw "escapeSystemdExecArg only allows strings, paths, numbers and derivations"; in replaceStrings [ "%" "$" ] [ "%%" "$$" ] (builtins.toJSON s); diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 560e5eff5c39..26dc724ae159 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -683,7 +683,7 @@ let (let dp9ik = config.security.pam.dp9ik; in { name = "p9"; enable = dp9ik.enable; control = dp9ik.control; modulePath = "${pkgs.pam_dp9ik}/lib/security/pam_p9.so"; args = [ dp9ik.authserver ]; }) - { name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${pkgs.fprintd}/lib/security/pam_fprintd.so"; } + { name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${config.services.fprintd.package}/lib/security/pam_fprintd.so"; } ] ++ # Modules in this block require having the password set in PAM_AUTHTOK. # pam_unix is marked as 'sufficient' on NixOS which means nothing will run diff --git a/nixos/modules/services/audio/wyoming/faster-whisper.nix b/nixos/modules/services/audio/wyoming/faster-whisper.nix index dd7f62744cd0..0c36e8c9ab05 100644 --- a/nixos/modules/services/audio/wyoming/faster-whisper.nix +++ b/nixos/modules/services/audio/wyoming/faster-whisper.nix @@ -37,22 +37,13 @@ in enable = mkEnableOption (mdDoc "Wyoming faster-whisper server"); model = mkOption { - # Intersection between available and referenced models here: - # https://github.com/rhasspy/models/releases/tag/v1.0 - # https://github.com/rhasspy/rhasspy3/blob/wyoming-v1/programs/asr/faster-whisper/server/wyoming_faster_whisper/download.py#L17-L27 - type = enum [ - "tiny" - "tiny-int8" - "base" - "base-int8" - "small" - "small-int8" - "medium-int8" - ]; + type = str; default = "tiny-int8"; - example = "medium-int8"; + example = "Systran/faster-distil-whisper-small.en"; description = mdDoc '' Name of the voice model to use. + + Check the [2.0.0 release notes](https://github.com/rhasspy/wyoming-faster-whisper/releases/tag/v2.0.0) for possible values. ''; }; diff --git a/nixos/modules/services/display-managers/greetd.nix b/nixos/modules/services/display-managers/greetd.nix index c2d345152de9..5ce67c3fb3fd 100644 --- a/nixos/modules/services/display-managers/greetd.nix +++ b/nixos/modules/services/display-managers/greetd.nix @@ -61,6 +61,8 @@ in systemd.services."autovt@${tty}".enable = false; systemd.services.greetd = { + aliases = [ "display-manager.service" ]; + unitConfig = { Wants = [ "systemd-user-sessions.service" diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index b46b4596d563..8c5ec2992eda 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -35,6 +35,7 @@ let "dovecot" "fastly" "flow" + "fritz" "fritzbox" "graphite" "idrac" diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix new file mode 100644 index 000000000000..c3a962b576a5 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, utils, ... }: +let + inherit (lib) mkOption types mdDoc; + cfg = config.services.prometheus.exporters.fritz; + yaml = pkgs.formats.yaml { }; + configFile = yaml.generate "fritz-exporter.yaml" cfg.settings; +in +{ + port = 9787; + + extraOpts = { + settings = mkOption { + description = mdDoc "Configuration settings for fritz-exporter."; + type = types.submodule { + freeformType = yaml.type; + + options = { + # Pull existing port option into config file. + port = mkOption { + type = types.port; + default = cfg.port; + internal = true; + visible = false; + }; + # Pull existing listen address option into config file. + listen_address = mkOption { + type = types.str; + default = cfg.listenAddress; + internal = true; + visible = false; + }; + log_level = mkOption { + type = types.enum [ "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" ]; + default = "INFO"; + description = mdDoc '' + Log level to use for the exporter. + ''; + }; + devices = mkOption { + default = []; + description = "Fritz!-devices to monitor using the exporter."; + type = with types; listOf (submodule { + freeformType = yaml.type; + + options = { + name = mkOption { + type = types.str; + default = ""; + description = mdDoc '' + Name to use for the device. + ''; + }; + hostname = mkOption { + type = types.str; + default = "fritz.box"; + description = mdDoc '' + Hostname under which the target device is reachable. + ''; + }; + username = mkOption { + type = types.str; + description = mdDoc '' + Username to authenticate with the target device. + ''; + }; + password_file = mkOption { + type = types.path; + description = mdDoc '' + Path to a file which contains the password to authenticate with the target device. + Needs to be readable by the user the exporter runs under. + ''; + }; + host_info = mkOption { + type = types.bool; + description = mdDoc '' + Enable extended host info for this device. *Warning*: This will heavily increase scrape time. + ''; + default = false; + }; + }; + }); + }; + }; + }; + }; + }; + + serviceOpts = { + serviceConfig = { + ExecStart = utils.escapeSystemdExecArgs ([ + (lib.getExe pkgs.fritz-exporter) + "--config" configFile + ] ++ cfg.extraFlags); + DynamicUser = false; + }; + }; +} diff --git a/nixos/modules/services/networking/mycelium.nix b/nixos/modules/services/networking/mycelium.nix index 71ff8d1dd9af..9c4bca7c6861 100644 --- a/nixos/modules/services/networking/mycelium.nix +++ b/nixos/modules/services/networking/mycelium.nix @@ -9,17 +9,23 @@ in peers = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' - List of peers to connect to in the format quic://1.2.3.4:9651. - If addHostedPublicNodes is set to true, the hosted public nodes will be added to this list. + List of peers to connect to, in the formats: + - `quic://[2001:0db8::1]:9651` + - `quic://192.0.2.1:9651` + - `tcp://[2001:0db8::1]:9651` + - `tcp://192.0.2.1:9651` + + If addHostedPublicNodes is set to true, the hosted public nodes will also be added. ''; - default = []; + default = [ ]; }; keyFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; description = '' - optional path to a keyFile, if unset the default location (/var/lib/mycelium/key) will be used - If this key does not exist, it will be generated + Optional path to a file containing the mycelium key material. + If unset, the default location (`/var/lib/mycelium/key.bin`) will be used. + If no key exist at this location, it will be generated on startup. ''; }; openFirewall = lib.mkOption { @@ -37,7 +43,7 @@ in type = lib.types.bool; default = true; description = '' - add the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes + Adds the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes. ''; }; }; @@ -79,9 +85,10 @@ in "--key-file \${CREDENTIALS_DIRECTORY}/keyfile" else "--key-file %S/mycelium/key.bin" ) - "--tun-name" "mycelium" + "--tun-name" + "mycelium" ] ++ - (lib.optional (cfg.addHostedPublicNodes || cfg.peers != []) "--peers") + (lib.optional (cfg.addHostedPublicNodes || cfg.peers != [ ]) "--peers") ++ cfg.peers ++ (lib.optionals cfg.addHostedPublicNodes [ "tcp://188.40.132.242:9651" # DE 01 "tcp://[2a01:4f8:221:1e0b::2]:9651" diff --git a/nixos/modules/services/web-apps/suwayomi-server.md b/nixos/modules/services/web-apps/suwayomi-server.md index ff1e06c8a53a..18e7a631443f 100644 --- a/nixos/modules/services/web-apps/suwayomi-server.md +++ b/nixos/modules/services/web-apps/suwayomi-server.md @@ -101,6 +101,9 @@ Not all the configuration options are available directly in this module, but you port = 4567; autoDownloadNewChapters = false; maxSourcesInParallel" = 6; + extensionRepos = [ + "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" + ]; }; }; }; diff --git a/nixos/modules/services/web-apps/suwayomi-server.nix b/nixos/modules/services/web-apps/suwayomi-server.nix index 94dbe6f99356..99c6ea2a36e6 100644 --- a/nixos/modules/services/web-apps/suwayomi-server.nix +++ b/nixos/modules/services/web-apps/suwayomi-server.nix @@ -102,6 +102,17 @@ in ''; }; + extensionRepos = mkOption { + type = types.listOf types.str; + default = []; + example = [ + "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" + ]; + description = mdDoc '' + URL of repositories from which the extensions can be installed. + ''; + }; + localSourcePath = mkOption { type = types.path; default = cfg.dataDir; diff --git a/nixos/tests/redlib.nix b/nixos/tests/redlib.nix new file mode 100644 index 000000000000..e4bde25e30a6 --- /dev/null +++ b/nixos/tests/redlib.nix @@ -0,0 +1,20 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "redlib"; + meta.maintainers = with lib.maintainers; [ soispha ]; + + nodes.machine = { + services.libreddit = { + package = pkgs.redlib; + enable = true; + # Test CAP_NET_BIND_SERVICE + port = 80; + }; + }; + + testScript = '' + machine.wait_for_unit("libreddit.service") + machine.wait_for_open_port(80) + # Query a page that does not require Internet access + machine.succeed("curl --fail http://localhost:80/settings") + ''; +}) |