about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/doc/manual/release-notes/rl-2405.section.md2
-rw-r--r--nixos/lib/utils.nix4
-rw-r--r--nixos/modules/security/pam.nix2
-rw-r--r--nixos/modules/services/audio/wyoming/faster-whisper.nix17
-rw-r--r--nixos/modules/services/display-managers/greetd.nix2
-rw-r--r--nixos/modules/services/monitoring/prometheus/exporters.nix1
-rw-r--r--nixos/modules/services/monitoring/prometheus/exporters/fritz.nix97
-rw-r--r--nixos/modules/services/networking/mycelium.nix23
-rw-r--r--nixos/modules/services/web-apps/suwayomi-server.md3
-rw-r--r--nixos/modules/services/web-apps/suwayomi-server.nix11
-rw-r--r--nixos/tests/redlib.nix20
11 files changed, 158 insertions, 24 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md
index 6ed47c4ba969..19ff6f4485cd 100644
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@@ -109,6 +109,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 
 - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
 
+- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](#opt-services.prometheus.exporters.fritz.enable).
+
 - [armagetronad](https://wiki.armagetronad.org), a mid-2000s 3D lightcycle game widely played at iD Tech Camps. You can define multiple servers using `services.armagetronad.<server>.enable`.
 
 - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable).
diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix
index 49ba2e5c8386..22a2c79843c6 100644
--- a/nixos/lib/utils.nix
+++ b/nixos/lib/utils.nix
@@ -64,8 +64,8 @@ rec {
     let
       s = if builtins.isPath arg then "${arg}"
         else if builtins.isString arg then arg
-        else if builtins.isInt arg || builtins.isFloat arg then toString arg
-        else throw "escapeSystemdExecArg only allows strings, paths and numbers";
+        else if builtins.isInt arg || builtins.isFloat arg || lib.isDerivation arg then toString arg
+        else throw "escapeSystemdExecArg only allows strings, paths, numbers and derivations";
     in
       replaceStrings [ "%" "$" ] [ "%%" "$$" ] (builtins.toJSON s);
 
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 560e5eff5c39..26dc724ae159 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -683,7 +683,7 @@ let
           (let dp9ik = config.security.pam.dp9ik; in { name = "p9"; enable = dp9ik.enable; control = dp9ik.control; modulePath = "${pkgs.pam_dp9ik}/lib/security/pam_p9.so"; args = [
             dp9ik.authserver
           ]; })
-          { name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${pkgs.fprintd}/lib/security/pam_fprintd.so"; }
+          { name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${config.services.fprintd.package}/lib/security/pam_fprintd.so"; }
         ] ++
           # Modules in this block require having the password set in PAM_AUTHTOK.
           # pam_unix is marked as 'sufficient' on NixOS which means nothing will run
diff --git a/nixos/modules/services/audio/wyoming/faster-whisper.nix b/nixos/modules/services/audio/wyoming/faster-whisper.nix
index dd7f62744cd0..0c36e8c9ab05 100644
--- a/nixos/modules/services/audio/wyoming/faster-whisper.nix
+++ b/nixos/modules/services/audio/wyoming/faster-whisper.nix
@@ -37,22 +37,13 @@ in
             enable = mkEnableOption (mdDoc "Wyoming faster-whisper server");
 
             model = mkOption {
-              # Intersection between available and referenced models here:
-              # https://github.com/rhasspy/models/releases/tag/v1.0
-              # https://github.com/rhasspy/rhasspy3/blob/wyoming-v1/programs/asr/faster-whisper/server/wyoming_faster_whisper/download.py#L17-L27
-              type = enum [
-                "tiny"
-                "tiny-int8"
-                "base"
-                "base-int8"
-                "small"
-                "small-int8"
-                "medium-int8"
-              ];
+              type = str;
               default = "tiny-int8";
-              example = "medium-int8";
+              example = "Systran/faster-distil-whisper-small.en";
               description = mdDoc ''
                 Name of the voice model to use.
+
+                Check the [2.0.0 release notes](https://github.com/rhasspy/wyoming-faster-whisper/releases/tag/v2.0.0) for possible values.
               '';
             };
 
diff --git a/nixos/modules/services/display-managers/greetd.nix b/nixos/modules/services/display-managers/greetd.nix
index c2d345152de9..5ce67c3fb3fd 100644
--- a/nixos/modules/services/display-managers/greetd.nix
+++ b/nixos/modules/services/display-managers/greetd.nix
@@ -61,6 +61,8 @@ in
     systemd.services."autovt@${tty}".enable = false;
 
     systemd.services.greetd = {
+      aliases = [ "display-manager.service" ];
+
       unitConfig = {
         Wants = [
           "systemd-user-sessions.service"
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix
index b46b4596d563..8c5ec2992eda 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -35,6 +35,7 @@ let
     "dovecot"
     "fastly"
     "flow"
+    "fritz"
     "fritzbox"
     "graphite"
     "idrac"
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix
new file mode 100644
index 000000000000..c3a962b576a5
--- /dev/null
+++ b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix
@@ -0,0 +1,97 @@
+{ config, lib, pkgs, utils, ... }:
+let
+  inherit (lib) mkOption types mdDoc;
+  cfg = config.services.prometheus.exporters.fritz;
+  yaml = pkgs.formats.yaml { };
+  configFile = yaml.generate "fritz-exporter.yaml" cfg.settings;
+in
+{
+  port = 9787;
+
+  extraOpts = {
+    settings = mkOption {
+      description = mdDoc "Configuration settings for fritz-exporter.";
+      type = types.submodule {
+        freeformType = yaml.type;
+
+        options = {
+          # Pull existing port option into config file.
+          port = mkOption {
+            type = types.port;
+            default = cfg.port;
+            internal = true;
+            visible = false;
+          };
+          # Pull existing listen address option into config file.
+          listen_address = mkOption {
+            type = types.str;
+            default = cfg.listenAddress;
+            internal = true;
+            visible = false;
+          };
+          log_level = mkOption {
+            type = types.enum [ "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" ];
+            default = "INFO";
+            description = mdDoc ''
+              Log level to use for the exporter.
+            '';
+          };
+          devices = mkOption {
+            default = [];
+            description = "Fritz!-devices to monitor using the exporter.";
+            type = with types; listOf (submodule {
+              freeformType = yaml.type;
+
+              options = {
+                name = mkOption {
+                  type = types.str;
+                  default = "";
+                  description = mdDoc ''
+                    Name to use for the device.
+                  '';
+                };
+                hostname = mkOption {
+                  type = types.str;
+                  default = "fritz.box";
+                  description = mdDoc ''
+                    Hostname under which the target device is reachable.
+                  '';
+                };
+                username = mkOption {
+                  type = types.str;
+                  description = mdDoc ''
+                    Username to authenticate with the target device.
+                  '';
+                };
+                password_file = mkOption {
+                  type = types.path;
+                  description = mdDoc ''
+                    Path to a file which contains the password to authenticate with the target device.
+                    Needs to be readable by the user the exporter runs under.
+                  '';
+                };
+                host_info = mkOption {
+                  type = types.bool;
+                  description = mdDoc ''
+                    Enable extended host info for this device. *Warning*: This will heavily increase scrape time.
+                  '';
+                  default = false;
+                };
+              };
+            });
+          };
+        };
+      };
+    };
+  };
+
+  serviceOpts = {
+    serviceConfig = {
+      ExecStart = utils.escapeSystemdExecArgs ([
+        (lib.getExe pkgs.fritz-exporter)
+        "--config" configFile
+      ] ++ cfg.extraFlags);
+      DynamicUser = false;
+    };
+  };
+}
diff --git a/nixos/modules/services/networking/mycelium.nix b/nixos/modules/services/networking/mycelium.nix
index 71ff8d1dd9af..9c4bca7c6861 100644
--- a/nixos/modules/services/networking/mycelium.nix
+++ b/nixos/modules/services/networking/mycelium.nix
@@ -9,17 +9,23 @@ in
     peers = lib.mkOption {
       type = lib.types.listOf lib.types.str;
       description = ''
-        List of peers to connect to in the format quic://1.2.3.4:9651.
-        If addHostedPublicNodes is set to true, the hosted public nodes will be added to this list.
+        List of peers to connect to, in the formats:
+         - `quic://[2001:0db8::1]:9651`
+         - `quic://192.0.2.1:9651`
+         - `tcp://[2001:0db8::1]:9651`
+         - `tcp://192.0.2.1:9651`
+
+        If addHostedPublicNodes is set to true, the hosted public nodes will also be added.
       '';
-      default = [];
+      default = [ ];
     };
     keyFile = lib.mkOption {
       type = lib.types.nullOr lib.types.path;
       default = null;
       description = ''
-        optional path to a keyFile, if unset the default location (/var/lib/mycelium/key) will be used
-        If this key does not exist, it will be generated
+        Optional path to a file containing the mycelium key material.
+        If unset, the default location (`/var/lib/mycelium/key.bin`) will be used.
+        If no key exist at this location, it will be generated on startup.
       '';
     };
     openFirewall = lib.mkOption {
@@ -37,7 +43,7 @@ in
       type = lib.types.bool;
       default = true;
       description = ''
-        add the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes
+        Adds the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes.
       '';
     };
   };
@@ -79,9 +85,10 @@ in
             "--key-file \${CREDENTIALS_DIRECTORY}/keyfile" else
             "--key-file %S/mycelium/key.bin"
           )
-          "--tun-name" "mycelium"
+          "--tun-name"
+          "mycelium"
         ] ++
-          (lib.optional (cfg.addHostedPublicNodes || cfg.peers != []) "--peers")
+        (lib.optional (cfg.addHostedPublicNodes || cfg.peers != [ ]) "--peers")
         ++ cfg.peers ++ (lib.optionals cfg.addHostedPublicNodes [
           "tcp://188.40.132.242:9651" # DE 01
           "tcp://[2a01:4f8:221:1e0b::2]:9651"
diff --git a/nixos/modules/services/web-apps/suwayomi-server.md b/nixos/modules/services/web-apps/suwayomi-server.md
index ff1e06c8a53a..18e7a631443f 100644
--- a/nixos/modules/services/web-apps/suwayomi-server.md
+++ b/nixos/modules/services/web-apps/suwayomi-server.md
@@ -101,6 +101,9 @@ Not all the configuration options are available directly in this module, but you
         port = 4567;
         autoDownloadNewChapters = false;
         maxSourcesInParallel" = 6;
+        extensionRepos = [
+          "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json"
+        ];
       };
     };
   };
diff --git a/nixos/modules/services/web-apps/suwayomi-server.nix b/nixos/modules/services/web-apps/suwayomi-server.nix
index 94dbe6f99356..99c6ea2a36e6 100644
--- a/nixos/modules/services/web-apps/suwayomi-server.nix
+++ b/nixos/modules/services/web-apps/suwayomi-server.nix
@@ -102,6 +102,17 @@ in
                 '';
               };
 
+              extensionRepos = mkOption {
+                type = types.listOf types.str;
+                default = [];
+                example = [
+                  "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json"
+                ];
+                description = mdDoc ''
+                  URL of repositories from which the extensions can be installed.
+                '';
+              };
+
               localSourcePath = mkOption {
                 type = types.path;
                 default = cfg.dataDir;
diff --git a/nixos/tests/redlib.nix b/nixos/tests/redlib.nix
new file mode 100644
index 000000000000..e4bde25e30a6
--- /dev/null
+++ b/nixos/tests/redlib.nix
@@ -0,0 +1,20 @@
+import ./make-test-python.nix ({ lib, pkgs, ... }: {
+  name = "redlib";
+  meta.maintainers = with lib.maintainers; [ soispha ];
+
+  nodes.machine = {
+    services.libreddit = {
+      package = pkgs.redlib;
+      enable = true;
+      # Test CAP_NET_BIND_SERVICE
+      port = 80;
+    };
+  };
+
+  testScript = ''
+    machine.wait_for_unit("libreddit.service")
+    machine.wait_for_open_port(80)
+    # Query a page that does not require Internet access
+    machine.succeed("curl --fail http://localhost:80/settings")
+  '';
+})