diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 7 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/misc/crashdump.nix | 2 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/desktops/pipewire/pipewire.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/development/distccd.nix | 155 | ||||
-rw-r--r-- | nixos/modules/services/misc/matrix-synapse.nix | 5 | ||||
-rw-r--r-- | nixos/modules/system/boot/kexec.nix | 6 |
9 files changed, 175 insertions, 7 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 3d2e8819d445..1b0371a0179a 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -214,6 +214,13 @@ <link xlink:href="options.html#opt-services.soju.enable">services.soju</link>. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://nats.io/">nats</link>, a high + performance cloud and edge messaging system. Available as + <link linkend="opt-services.nats.enable">services.nats</link>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-incompatibilities"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 25f89d692cc3..3df77d21d827 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -65,6 +65,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - [soju](https://sr.ht/~emersion/soju), a user-friendly IRC bouncer. Available as [services.soju](options.html#opt-services.soju.enable). +- [nats](https://nats.io/), a high performance cloud and edge messaging system. Available as [services.nats](#opt-services.nats.enable). + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} diff --git a/nixos/modules/misc/crashdump.nix b/nixos/modules/misc/crashdump.nix index 796078d7ef8c..b0f75d9caaa3 100644 --- a/nixos/modules/misc/crashdump.nix +++ b/nixos/modules/misc/crashdump.nix @@ -50,7 +50,7 @@ in boot = { postBootCommands = '' echo "loading crashdump kernel..."; - ${pkgs.kexectools}/sbin/kexec -p /run/current-system/kernel \ + ${pkgs.kexec-tools}/sbin/kexec -p /run/current-system/kernel \ --initrd=/run/current-system/initrd \ --reset-vga --console-vga \ --command-line="init=$(readlink -f /run/current-system/init) irqpoll maxcpus=1 reset_devices ${kernelParams}" diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index c7ab3f313a6e..02ae1390ce80 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -350,6 +350,7 @@ in # shadow = 318; # unused hqplayer = 319; moonraker = 320; + distcc = 321; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -654,6 +655,7 @@ in shadow = 318; hqplayer = 319; moonraker = 320; + distcc = 321; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ce948bac4282..1998a309035b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -374,6 +374,7 @@ ./services/desktops/zeitgeist.nix ./services/development/bloop.nix ./services/development/blackfire.nix + ./services/development/distccd.nix ./services/development/hoogle.nix ./services/development/jupyter/default.nix ./services/development/jupyterhub/default.nix diff --git a/nixos/modules/services/desktops/pipewire/pipewire.nix b/nixos/modules/services/desktops/pipewire/pipewire.nix index dbd6c5d87e1a..bc75aa2717a9 100644 --- a/nixos/modules/services/desktops/pipewire/pipewire.nix +++ b/nixos/modules/services/desktops/pipewire/pipewire.nix @@ -194,7 +194,7 @@ in { }; environment.sessionVariables.LD_LIBRARY_PATH = - lib.optional cfg.jack.enable "/run/current-system/sw/lib/pipewire"; + lib.optional cfg.jack.enable "${cfg.package.jack}/lib"; # https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/464#note_723554 systemd.user.services.pipewire.environment."PIPEWIRE_LINK_PASSIVE" = "1"; diff --git a/nixos/modules/services/development/distccd.nix b/nixos/modules/services/development/distccd.nix new file mode 100644 index 000000000000..8790ea08d0c1 --- /dev/null +++ b/nixos/modules/services/development/distccd.nix @@ -0,0 +1,155 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.distccd; +in +{ + options = { + services.distccd = { + enable = mkEnableOption "distccd"; + + allowedClients = mkOption { + type = types.listOf types.str; + default = [ "127.0.0.1" ]; + example = [ "127.0.0.1" "192.168.0.0/24" "10.0.0.0/24" ]; + description = '' + Client IPs which are allowed to connect to distccd in CIDR notation. + + Anyone who can connect to the distccd server can run arbitrary + commands on that system as the distcc user, therefore you should use + this judiciously. + ''; + }; + + jobTimeout = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Maximum duration, in seconds, of a single compilation request. + ''; + }; + + logLevel = mkOption { + type = types.nullOr (types.enum [ "critical" "error" "warning" "notice" "info" "debug" ]); + default = "warning"; + description = '' + Set the minimum severity of error that will be included in the log + file. Useful if you only want to see error messages rather than an + entry for each connection. + ''; + }; + + maxJobs = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Maximum number of tasks distccd should execute at any time. + ''; + }; + + + nice = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Niceness of the compilation tasks. + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Opens the specified TCP port for distcc. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.distcc; + example = "pkgs.distcc"; + description = '' + The distcc package to use. + ''; + }; + + port = mkOption { + type = types.port; + default = 3632; + description = '' + The TCP port which distccd will listen on. + ''; + }; + + stats = { + enable = mkEnableOption "statistics reporting via HTTP server"; + port = mkOption { + type = types.port; + default = 3633; + description = '' + The TCP port which the distccd statistics HTTP server will listen + on. + ''; + }; + }; + + zeroconf = mkOption { + type = types.bool; + default = false; + description = '' + Whether to register via mDNS/DNS-SD + ''; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ] + ++ optionals cfg.stats.enable [ cfg.stats.port ]; + }; + + systemd.services.distccd = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + description = "Distributed C, C++ and Objective-C compiler"; + documentation = [ "man:distccd(1)" ]; + + serviceConfig = { + User = "distcc"; + Group = "distcc"; + # FIXME: I'd love to get rid of `--enable-tcp-insecure` here, but I'm + # not sure how I'm supposed to get distccd to "accept" running a binary + # (the compiler) that's outside of /usr/lib. + ExecStart = pkgs.writeShellScript "start-distccd" '' + export PATH="${pkgs.distccMasquerade}/bin" + ${cfg.package}/bin/distccd \ + --no-detach \ + --daemon \ + --enable-tcp-insecure \ + --port ${toString cfg.port} \ + ${optionalString (cfg.jobTimeout != null) "--job-lifetime ${toString cfg.jobTimeout}"} \ + ${optionalString (cfg.logLevel != null) "--log-level ${cfg.logLevel}"} \ + ${optionalString (cfg.maxJobs != null) "--jobs ${toString cfg.maxJobs}"} \ + ${optionalString (cfg.nice != null) "--nice ${toString cfg.nice}"} \ + ${optionalString cfg.stats.enable "--stats"} \ + ${optionalString cfg.stats.enable "--stats-port ${toString cfg.stats.port}"} \ + ${optionalString cfg.zeroconf "--zeroconf"} \ + ${concatMapStrings (c: "--allow ${c} ") cfg.allowedClients} + ''; + }; + }; + + users = { + groups.distcc.gid = config.ids.gids.distcc; + users.distcc = { + description = "distccd user"; + group = "distcc"; + uid = config.ids.uids.distcc; + }; + }; + }; +} diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 3c734a948198..e150a1aaaad1 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -221,9 +221,10 @@ in { default = config.networking.hostName; description = '' The domain name of the server, with optional explicit port. - This is used by remote servers to connect to this server, - e.g. matrix.org, localhost:8080, etc. + This is used by remote servers to look up the server address. This is also the last part of your UserID. + + The server_name cannot be changed later so it is important to configure this correctly before you start Synapse. ''; }; public_baseurl = mkOption { diff --git a/nixos/modules/system/boot/kexec.nix b/nixos/modules/system/boot/kexec.nix index 03312aa26edc..02c2713ede11 100644 --- a/nixos/modules/system/boot/kexec.nix +++ b/nixos/modules/system/boot/kexec.nix @@ -1,8 +1,8 @@ { pkgs, lib, ... }: { - config = lib.mkIf (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexectools) { - environment.systemPackages = [ pkgs.kexectools ]; + config = lib.mkIf (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools) { + environment.systemPackages = [ pkgs.kexec-tools ]; systemd.services.prepare-kexec = { description = "Preparation for kexec"; @@ -10,7 +10,7 @@ before = [ "systemd-kexec.service" ]; unitConfig.DefaultDependencies = false; serviceConfig.Type = "oneshot"; - path = [ pkgs.kexectools ]; + path = [ pkgs.kexec-tools ]; script = '' # Don't load the current system profile if we already have a kernel loaded |