diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/programs/chromium.nix | 48 | ||||
| -rw-r--r-- | nixos/modules/rename.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/hardware/fwupd.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/services/misc/sourcehut/default.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/cloudflared.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/networking/pyload.nix | 27 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 26 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/restya-board.nix | 380 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/oci-containers.nix | 7 | ||||
| -rw-r--r-- | nixos/tests/installed-tests/fwupd.nix | 9 | ||||
| -rw-r--r-- | nixos/tests/oci-containers.nix | 5 |
14 files changed, 104 insertions, 437 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 5af7284ac71a..cfa98c838af5 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -313,7 +313,7 @@ in kanboard = 281; # pykms = 282; # DynamicUser = true kodi = 283; - restya-board = 284; + # restya-board = 284; # removed 2024-01-22 mighttpd2 = 285; hass = 286; #monero = 287; # dynamically allocated as of 2021-05-08 @@ -623,7 +623,7 @@ in kanboard = 281; # pykms = 282; # DynamicUser = true kodi = 283; - restya-board = 284; + # restya-board = 284; # removed 2024-01-22 mighttpd2 = 285; hass = 286; # monero = 287; # dynamically allocated as of 2021-05-08 diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 72b6d42591da..c9e6c3794ffe 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1348,7 +1348,6 @@ ./services/web-apps/powerdns-admin.nix ./services/web-apps/pretalx.nix ./services/web-apps/prosody-filer.nix - ./services/web-apps/restya-board.nix ./services/web-apps/rimgo.nix ./services/web-apps/sftpgo.nix ./services/web-apps/suwayomi-server.nix diff --git a/nixos/modules/programs/chromium.nix b/nixos/modules/programs/chromium.nix index 4024f337dfcd..287d93c82cad 100644 --- a/nixos/modules/programs/chromium.nix +++ b/nixos/modules/programs/chromium.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; @@ -21,8 +21,12 @@ in programs.chromium = { enable = mkEnableOption (lib.mdDoc "{command}`chromium` policies"); + enablePlasmaBrowserIntegration = mkEnableOption (lib.mdDoc "Native Messaging Host for Plasma Browser Integration"); + + plasmaBrowserIntegrationPackage = mkPackageOption pkgs "plasma5Packages.plasma-browser-integration" { }; + extensions = mkOption { - type = types.listOf types.str; + type = with types; nullOr (listOf str); description = lib.mdDoc '' List of chromium extensions to install. For list of plugins ids see id in url of extensions on @@ -33,7 +37,7 @@ in [ExtensionInstallForcelist](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist) for additional details. ''; - default = []; + default = null; example = literalExpression '' [ "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet @@ -62,16 +66,14 @@ in type = types.nullOr types.str; description = lib.mdDoc "Chromium default search provider url."; default = null; - example = - "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"; + example = "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"; }; defaultSearchProviderSuggestURL = mkOption { type = types.nullOr types.str; description = lib.mdDoc "Chromium default search provider url for suggestions."; default = null; - example = - "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"; + example = "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"; }; extraOpts = mkOption { @@ -90,9 +92,9 @@ in "PasswordManagerEnabled" = false; "SpellcheckEnabled" = true; "SpellcheckLanguage" = [ - "de" - "en-US" - ]; + "de" + "en-US" + ]; } ''; }; @@ -101,15 +103,21 @@ in ###### implementation - config = lib.mkIf cfg.enable { - # for chromium - environment.etc."chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile; - environment.etc."chromium/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts; - # for google-chrome https://www.chromium.org/administrators/linux-quick-start - environment.etc."opt/chrome/policies/managed/default.json".text = builtins.toJSON defaultProfile; - environment.etc."opt/chrome/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts; - # for brave - environment.etc."brave/policies/managed/default.json".text = builtins.toJSON defaultProfile; - environment.etc."brave/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts; + config = { + environment.etc = lib.mkIf cfg.enable { + # for chromium + "chromium/native-messaging-hosts/org.kde.plasma.browser_integration.json" = lib.mkIf cfg.enablePlasmaBrowserIntegration + { source = "${cfg.plasmaBrowserIntegrationPackage}/etc/chromium/native-messaging-hosts/org.kde.plasma.browser_integration.json"; }; + "chromium/policies/managed/default.json" = lib.mkIf (defaultProfile != {}) { text = builtins.toJSON defaultProfile; }; + "chromium/policies/managed/extra.json" = lib.mkIf (cfg.extraOpts != {}) { text = builtins.toJSON cfg.extraOpts; }; + # for google-chrome https://www.chromium.org/administrators/linux-quick-start + "opt/chrome/native-messaging-hosts/org.kde.plasma.browser_integration.json" = lib.mkIf cfg.enablePlasmaBrowserIntegration + { source = "${cfg.plasmaBrowserIntegrationPackage}/etc/opt/chrome/native-messaging-hosts/org.kde.plasma.browser_integration.json"; }; + "opt/chrome/policies/managed/default.json" = lib.mkIf (defaultProfile != {}) { text = builtins.toJSON defaultProfile; }; + "opt/chrome/policies/managed/extra.json" = lib.mkIf (cfg.extraOpts != {}) { text = builtins.toJSON cfg.extraOpts; }; + # for brave + "brave/policies/managed/default.json" = lib.mkIf (defaultProfile != {}) { text = builtins.toJSON defaultProfile; }; + "brave/policies/managed/extra.json" = lib.mkIf (cfg.extraOpts != {}) { text = builtins.toJSON cfg.extraOpts; }; + }; }; } diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 3fab863adb7f..0a975fcd98c8 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -112,6 +112,7 @@ in (mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.") (mkRemovedOptionModule [ "services" "prayer" ] "The corresponding package was removed from nixpkgs.") + (mkRemovedOptionModule [ "services" "restya-board" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Please use fcitx5 instead") (mkRemovedOptionModule [ "services" "dhcpd4" ] '' diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index 6fbcbe676460..ebb6fa09aadb 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -51,7 +51,9 @@ let # to install it because it would create a cyclic dependency between # the outputs. We also need to enable the remote, # which should not be done by default. - lib.optionalAttrs cfg.enableTestRemote (enableRemote cfg.package.installedTests "fwupd-tests") + lib.optionalAttrs + (cfg.daemonSettings.TestDevices or false) + (enableRemote cfg.package.installedTests "fwupd-tests") ); in { @@ -86,15 +88,6 @@ in { ''; }; - enableTestRemote = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to enable test remote. This is used by - [installed tests](https://github.com/fwupd/fwupd/blob/master/data/installed-tests/README.md). - ''; - }; - package = mkPackageOption pkgs "fwupd" { }; daemonSettings = mkOption { @@ -128,6 +121,15 @@ in { or if this partition is not mounted at /boot/efi, /boot, or /efi ''; }; + + TestDevices = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Create virtual test devices and remote for validating daemon flows. + This is only intended for CI testing and development purposes. + ''; + }; }; }; default = {}; @@ -159,7 +161,6 @@ in { config = mkIf cfg.enable { # Disable test related plug-ins implicitly so that users do not have to care about them. services.fwupd.daemonSettings = { - DisabledPlugins = cfg.package.defaultDisabledPlugins; EspLocation = config.boot.loader.efi.efiSysMountPoint; }; diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index aa803d3bb693..80a6162b2168 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1370,5 +1370,5 @@ in ]; meta.doc = ./default.md; - meta.maintainers = with maintainers; [ tomberek nessdoor ]; + meta.maintainers = with maintainers; [ tomberek nessdoor christoph-heiss ]; } diff --git a/nixos/modules/services/networking/cloudflared.nix b/nixos/modules/services/networking/cloudflared.nix index 80c60fdb8013..b9556bfa60d0 100644 --- a/nixos/modules/services/networking/cloudflared.nix +++ b/nixos/modules/services/networking/cloudflared.nix @@ -276,9 +276,11 @@ in ingressesSet = filterIngressSet tunnel.ingress; ingressesStr = filterIngressStr tunnel.ingress; - fullConfig = { + fullConfig = filterConfig { tunnel = name; "credentials-file" = tunnel.credentialsFile; + warp-routing = filterConfig tunnel.warp-routing; + originRequest = filterConfig tunnel.originRequest; ingress = (map (key: { @@ -294,6 +296,7 @@ in (attrNames ingressesStr)) ++ [{ service = tunnel.default; }]; }; + mkConfigFile = pkgs.writeText "cloudflared.yml" (builtins.toJSON fullConfig); in nameValuePair "cloudflared-tunnel-${name}" ({ @@ -322,5 +325,5 @@ in }; }; - meta.maintainers = with maintainers; [ bbigras ]; + meta.maintainers = with maintainers; [ bbigras anpin ]; } diff --git a/nixos/modules/services/networking/pyload.nix b/nixos/modules/services/networking/pyload.nix index f2b85499d4dd..93f8dd7d731a 100644 --- a/nixos/modules/services/networking/pyload.nix +++ b/nixos/modules/services/networking/pyload.nix @@ -34,6 +34,18 @@ in description = "Directory to store downloads."; }; + user = mkOption { + type = types.str; + default = "pyload"; + description = "User under which pyLoad runs, and which owns the download directory."; + }; + + group = mkOption { + type = types.str; + default = "pyload"; + description = "Group under which pyLoad runs, and which owns the download directory."; + }; + credentialsFile = mkOption { type = with types; nullOr path; default = null; @@ -52,7 +64,7 @@ in config = lib.mkIf cfg.enable { systemd.tmpfiles.settings.pyload = { - ${cfg.downloadDirectory}.d = { }; + ${cfg.downloadDirectory}.d = { inherit (cfg) user group; }; }; systemd.services.pyload = { @@ -80,9 +92,8 @@ in cfg.downloadDirectory ]; - User = "pyload"; - Group = "pyload"; - DynamicUser = true; + User = cfg.user; + Group = cfg.group; EnvironmentFile = lib.optional (cfg.credentialsFile != null) cfg.credentialsFile; @@ -143,5 +154,13 @@ in ]; }; }; + + users.users.pyload = lib.mkIf (cfg.user == "pyload") { + isSystemUser = true; + group = cfg.group; + home = stateDir; + }; + + users.groups.pyload = lib.mkIf (cfg.group == "pyload") { }; }; } diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 8669f84b1cbb..08f90dcf59d8 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -873,9 +873,11 @@ in { { systemd.timers.nextcloud-cron = { wantedBy = [ "timers.target" ]; after = [ "nextcloud-setup.service" ]; - timerConfig.OnBootSec = "5m"; - timerConfig.OnUnitActiveSec = "5m"; - timerConfig.Unit = "nextcloud-cron.service"; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "5m"; + Unit = "nextcloud-cron.service"; + }; }; systemd.tmpfiles.rules = map (dir: "d ${dir} 0750 nextcloud nextcloud - -") [ @@ -992,15 +994,21 @@ in { nextcloud-cron = { after = [ "nextcloud-setup.service" ]; environment.NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; - serviceConfig.Type = "oneshot"; - serviceConfig.User = "nextcloud"; - serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${webroot}/cron.php"; + serviceConfig = { + Type = "oneshot"; + User = "nextcloud"; + ExecCondition = "${lib.getExe phpPackage} -f ${webroot}/occ status -e"; + ExecStart = "${lib.getExe phpPackage} -f ${webroot}/cron.php"; + KillMode = "process"; + }; }; nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable { after = [ "nextcloud-setup.service" ]; - serviceConfig.Type = "oneshot"; - serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all"; - serviceConfig.User = "nextcloud"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${occ}/bin/nextcloud-occ app:update --all"; + User = "nextcloud"; + }; startAt = cfg.autoUpdateApps.startAt; }; }; diff --git a/nixos/modules/services/web-apps/restya-board.nix b/nixos/modules/services/web-apps/restya-board.nix deleted file mode 100644 index 959bcbc5c9f1..000000000000 --- a/nixos/modules/services/web-apps/restya-board.nix +++ /dev/null @@ -1,380 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -# TODO: are these php-packages needed? -#imagick -#php-geoip -> php.ini: extension = geoip.so -#expat - -let - cfg = config.services.restya-board; - fpm = config.services.phpfpm.pools.${poolName}; - - runDir = "/run/restya-board"; - - poolName = "restya-board"; - -in - -{ - - ###### interface - - options = { - - services.restya-board = { - - enable = mkEnableOption (lib.mdDoc "restya-board"); - - dataDir = mkOption { - type = types.path; - default = "/var/lib/restya-board"; - description = lib.mdDoc '' - Data of the application. - ''; - }; - - user = mkOption { - type = types.str; - default = "restya-board"; - description = lib.mdDoc '' - User account under which the web-application runs. - ''; - }; - - group = mkOption { - type = types.str; - default = "nginx"; - description = lib.mdDoc '' - Group account under which the web-application runs. - ''; - }; - - virtualHost = { - serverName = mkOption { - type = types.str; - default = "restya.board"; - description = lib.mdDoc '' - Name of the nginx virtualhost to use. - ''; - }; - - listenHost = mkOption { - type = types.str; - default = "localhost"; - description = lib.mdDoc '' - Listen address for the virtualhost to use. - ''; - }; - - listenPort = mkOption { - type = types.port; - default = 3000; - description = lib.mdDoc '' - Listen port for the virtualhost to use. - ''; - }; - }; - - database = { - host = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - Host of the database. Leave 'null' to use a local PostgreSQL database. - A local PostgreSQL database is initialized automatically. - ''; - }; - - port = mkOption { - type = types.nullOr types.int; - default = 5432; - description = lib.mdDoc '' - The database's port. - ''; - }; - - name = mkOption { - type = types.str; - default = "restya_board"; - description = lib.mdDoc '' - Name of the database. The database must exist. - ''; - }; - - user = mkOption { - type = types.str; - default = "restya_board"; - description = lib.mdDoc '' - The database user. The user must exist and have access to - the specified database. - ''; - }; - - passwordFile = mkOption { - type = types.nullOr types.path; - default = null; - description = lib.mdDoc '' - The database user's password. 'null' if no password is set. - ''; - }; - }; - - email = { - server = mkOption { - type = types.nullOr types.str; - default = null; - example = "localhost"; - description = lib.mdDoc '' - Hostname to send outgoing mail. Null to use the system MTA. - ''; - }; - - port = mkOption { - type = types.port; - default = 25; - description = lib.mdDoc '' - Port used to connect to SMTP server. - ''; - }; - - login = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc '' - SMTP authentication login used when sending outgoing mail. - ''; - }; - - password = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc '' - SMTP authentication password used when sending outgoing mail. - - ATTENTION: The password is stored world-readable in the nix-store! - ''; - }; - }; - - timezone = mkOption { - type = types.lines; - default = "GMT"; - description = lib.mdDoc '' - Timezone the web-app runs in. - ''; - }; - - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable { - - services.phpfpm.pools = { - ${poolName} = { - inherit (cfg) user group; - - phpOptions = '' - date.timezone = "CET" - - ${optionalString (cfg.email.server != null) '' - SMTP = ${cfg.email.server} - smtp_port = ${toString cfg.email.port} - auth_username = ${cfg.email.login} - auth_password = ${cfg.email.password} - ''} - ''; - settings = mapAttrs (name: mkDefault) { - "listen.owner" = "nginx"; - "listen.group" = "nginx"; - "listen.mode" = "0600"; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - "catch_workers_output" = 1; - }; - }; - }; - - services.nginx.enable = true; - services.nginx.virtualHosts.${cfg.virtualHost.serverName} = { - listen = [ { addr = cfg.virtualHost.listenHost; port = cfg.virtualHost.listenPort; } ]; - serverName = cfg.virtualHost.serverName; - root = runDir; - extraConfig = '' - index index.html index.php; - - gzip on; - - gzip_comp_level 6; - gzip_min_length 1100; - gzip_buffers 16 8k; - gzip_proxied any; - gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; - - client_max_body_size 300M; - - rewrite ^/oauth/authorize$ /server/php/authorize.php last; - rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last; - rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last; - rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last; - rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last; - rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last; - ''; - - locations."/".root = "${runDir}/client"; - - locations."~ \\.php$" = { - tryFiles = "$uri =404"; - extraConfig = '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_pass unix:${fpm.socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; - ''; - }; - - locations."~* \\.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico)" = { - root = "${runDir}/client"; - extraConfig = '' - if (-f $request_filename) { - break; - } - rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last; - add_header Cache-Control public; - add_header Cache-Control must-revalidate; - expires 7d; - ''; - }; - }; - - systemd.services.restya-board-init = { - description = "Restya board initialization"; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - - wantedBy = [ "multi-user.target" ]; - requires = lib.optional (cfg.database.host != null) "postgresql.service"; - after = [ "network.target" ] ++ (lib.optional (cfg.database.host != null) "postgresql.service"); - - script = '' - rm -rf "${runDir}" - mkdir -m 750 -p "${runDir}" - cp -r "${pkgs.restya-board}/"* "${runDir}" - sed -i "s/@restya.com/@${cfg.virtualHost.serverName}/g" "${runDir}/sql/restyaboard_with_empty_data.sql" - rm -rf "${runDir}/media" - rm -rf "${runDir}/client/img" - chmod -R 0750 "${runDir}" - - sed -i "s@^php@${config.services.phpfpm.phpPackage}/bin/php@" "${runDir}/server/php/shell/"*.sh - - ${if (cfg.database.host == null) then '' - sed -i "s/^.*'R_DB_HOST'.*$/define('R_DB_HOST', 'localhost');/g" "${runDir}/server/php/config.inc.php" - sed -i "s/^.*'R_DB_PASSWORD'.*$/define('R_DB_PASSWORD', 'restya');/g" "${runDir}/server/php/config.inc.php" - '' else '' - sed -i "s/^.*'R_DB_HOST'.*$/define('R_DB_HOST', '${cfg.database.host}');/g" "${runDir}/server/php/config.inc.php" - sed -i "s/^.*'R_DB_PASSWORD'.*$/define('R_DB_PASSWORD', ${if cfg.database.passwordFile == null then "''" else "'$(cat ${cfg.database.passwordFile})');/g"}" "${runDir}/server/php/config.inc.php" - ''} - sed -i "s/^.*'R_DB_PORT'.*$/define('R_DB_PORT', '${toString cfg.database.port}');/g" "${runDir}/server/php/config.inc.php" - sed -i "s/^.*'R_DB_NAME'.*$/define('R_DB_NAME', '${cfg.database.name}');/g" "${runDir}/server/php/config.inc.php" - sed -i "s/^.*'R_DB_USER'.*$/define('R_DB_USER', '${cfg.database.user}');/g" "${runDir}/server/php/config.inc.php" - - chmod 0400 "${runDir}/server/php/config.inc.php" - - ln -sf "${cfg.dataDir}/media" "${runDir}/media" - ln -sf "${cfg.dataDir}/client/img" "${runDir}/client/img" - - chmod g+w "${runDir}/tmp/cache" - chown -R "${cfg.user}":"${cfg.group}" "${runDir}" - - - mkdir -m 0750 -p "${cfg.dataDir}" - mkdir -m 0750 -p "${cfg.dataDir}/media" - mkdir -m 0750 -p "${cfg.dataDir}/client/img" - cp -r "${pkgs.restya-board}/media/"* "${cfg.dataDir}/media" - cp -r "${pkgs.restya-board}/client/img/"* "${cfg.dataDir}/client/img" - chown "${cfg.user}":"${cfg.group}" "${cfg.dataDir}" - chown -R "${cfg.user}":"${cfg.group}" "${cfg.dataDir}/media" - chown -R "${cfg.user}":"${cfg.group}" "${cfg.dataDir}/client/img" - - ${optionalString (cfg.database.host == null) '' - if ! [ -e "${cfg.dataDir}/.db-initialized" ]; then - ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \ - ${config.services.postgresql.package}/bin/psql -U ${config.services.postgresql.superUser} \ - -c "CREATE USER ${cfg.database.user} WITH ENCRYPTED PASSWORD 'restya'" - - ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \ - ${config.services.postgresql.package}/bin/psql -U ${config.services.postgresql.superUser} \ - -c "CREATE DATABASE ${cfg.database.name} OWNER ${cfg.database.user} ENCODING 'UTF8' TEMPLATE template0" - - ${pkgs.sudo}/bin/sudo -u ${cfg.user} \ - ${config.services.postgresql.package}/bin/psql -U ${cfg.database.user} \ - -d ${cfg.database.name} -f "${runDir}/sql/restyaboard_with_empty_data.sql" - - touch "${cfg.dataDir}/.db-initialized" - fi - ''} - ''; - }; - - systemd.timers.restya-board = { - description = "restya-board scripts for e.g. email notification"; - wantedBy = [ "timers.target" ]; - after = [ "restya-board-init.service" ]; - requires = [ "restya-board-init.service" ]; - timerConfig = { - OnUnitInactiveSec = "60s"; - Unit = "restya-board-timers.service"; - }; - }; - - systemd.services.restya-board-timers = { - description = "restya-board scripts for e.g. email notification"; - serviceConfig.Type = "oneshot"; - serviceConfig.User = cfg.user; - - after = [ "restya-board-init.service" ]; - requires = [ "restya-board-init.service" ]; - - script = '' - /bin/sh ${runDir}/server/php/shell/instant_email_notification.sh 2> /dev/null || true - /bin/sh ${runDir}/server/php/shell/periodic_email_notification.sh 2> /dev/null || true - /bin/sh ${runDir}/server/php/shell/imap.sh 2> /dev/null || true - /bin/sh ${runDir}/server/php/shell/webhook.sh 2> /dev/null || true - /bin/sh ${runDir}/server/php/shell/card_due_notification.sh 2> /dev/null || true - ''; - }; - - users.users.restya-board = { - isSystemUser = true; - createHome = false; - home = runDir; - group = "restya-board"; - }; - users.groups.restya-board = {}; - - services.postgresql.enable = mkIf (cfg.database.host == null) true; - - services.postgresql.identMap = optionalString (cfg.database.host == null) - '' - restya-board-users restya-board restya_board - ''; - - services.postgresql.authentication = optionalString (cfg.database.host == null) - '' - local restya_board all ident map=restya-board-users - ''; - - }; - -} - diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 677465f55c47..0eb492ce4684 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -384,6 +384,7 @@ in system.userActivationScripts.plasmaSetup = activationScript; programs.firefox.nativeMessagingHosts.packages = [ pkgs.plasma5Packages.plasma-browser-integration ]; + programs.chromium.enablePlasmaBrowserIntegration = true; }) (mkIf (cfg.kwinrc != {}) { diff --git a/nixos/modules/virtualisation/oci-containers.nix b/nixos/modules/virtualisation/oci-containers.nix index 07ed08ab2f84..b6a7b1154c4a 100644 --- a/nixos/modules/virtualisation/oci-containers.nix +++ b/nixos/modules/virtualisation/oci-containers.nix @@ -308,9 +308,10 @@ let ); preStop = if cfg.backend == "podman" - then "[ $SERVICE_RESULT = success ] || podman stop --ignore --cidfile=/run/podman-${escapedName}.ctr-id" - else "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; - postStop = if cfg.backend == "podman" + then "podman stop --ignore --cidfile=/run/podman-${escapedName}.ctr-id" + else "${cfg.backend} stop ${name}"; + + postStop = if cfg.backend == "podman" then "podman rm -f --ignore --cidfile=/run/podman-${escapedName}.ctr-id" else "${cfg.backend} rm -f ${name} || true"; diff --git a/nixos/tests/installed-tests/fwupd.nix b/nixos/tests/installed-tests/fwupd.nix index c095a50dc836..fe4f443d7004 100644 --- a/nixos/tests/installed-tests/fwupd.nix +++ b/nixos/tests/installed-tests/fwupd.nix @@ -1,11 +1,12 @@ -{ pkgs, lib, makeInstalledTest, ... }: +{ pkgs, makeInstalledTest, ... }: makeInstalledTest { tested = pkgs.fwupd; testConfig = { - services.fwupd.enable = true; - services.fwupd.daemonSettings.DisabledPlugins = lib.mkForce [ ]; # don't disable test plugin - services.fwupd.enableTestRemote = true; + services.fwupd = { + enable = true; + daemonSettings.TestDevices = true; + }; }; } diff --git a/nixos/tests/oci-containers.nix b/nixos/tests/oci-containers.nix index 205ce623d089..1f8e276204a8 100644 --- a/nixos/tests/oci-containers.nix +++ b/nixos/tests/oci-containers.nix @@ -24,6 +24,10 @@ let ports = ["8181:80"]; }; }; + + # Stop systemd from killing remaining processes if ExecStop script + # doesn't work, so that proper stopping can be tested. + systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT"; }; }; @@ -32,6 +36,7 @@ let ${backend}.wait_for_unit("${backend}-nginx.service") ${backend}.wait_for_open_port(8181) ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello") + ${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10) ''; }; |