diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/misc')
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/beanstalkd.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/etcd.nix | 10 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/jackett.nix | 13 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/lidarr.nix | 7 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/matrix-synapse.nix | 5 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/mesos-master.nix | 7 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/mesos-slave.nix | 7 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/plex.nix | 104 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/radarr.nix | 13 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/sonarr.nix | 13 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/sssd.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/zookeeper.nix | 7 |
12 files changed, 74 insertions, 116 deletions
diff --git a/nixpkgs/nixos/modules/services/misc/beanstalkd.nix b/nixpkgs/nixos/modules/services/misc/beanstalkd.nix index 8a3e0ab1949a..06e881406b52 100644 --- a/nixpkgs/nixos/modules/services/misc/beanstalkd.nix +++ b/nixpkgs/nixos/modules/services/misc/beanstalkd.nix @@ -12,7 +12,7 @@ in options = { services.beanstalkd = { - enable = mkEnableOption "Enable the Beanstalk work queue."; + enable = mkEnableOption "the Beanstalk work queue"; listen = { port = mkOption { diff --git a/nixpkgs/nixos/modules/services/misc/etcd.nix b/nixpkgs/nixos/modules/services/misc/etcd.nix index 2d1893dae64b..e4d5322f9b5f 100644 --- a/nixpkgs/nixos/modules/services/misc/etcd.nix +++ b/nixpkgs/nixos/modules/services/misc/etcd.nix @@ -142,6 +142,10 @@ in { }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 etcd - - -" + ]; + systemd.services.etcd = { description = "etcd key-value store"; wantedBy = [ "multi-user.target" ]; @@ -176,14 +180,8 @@ in { Type = "notify"; ExecStart = "${pkgs.etcd.bin}/bin/etcd"; User = "etcd"; - PermissionsStartOnly = true; LimitNOFILE = 40000; }; - - preStart = '' - mkdir -m 0700 -p ${cfg.dataDir} - if [ "$(id -u)" = 0 ]; then chown etcd ${cfg.dataDir}; fi - ''; }; environment.systemPackages = [ pkgs.etcdctl ]; diff --git a/nixpkgs/nixos/modules/services/misc/jackett.nix b/nixpkgs/nixos/modules/services/misc/jackett.nix index b18ce2b1f81a..a07f20e5c24b 100644 --- a/nixpkgs/nixos/modules/services/misc/jackett.nix +++ b/nixpkgs/nixos/modules/services/misc/jackett.nix @@ -38,24 +38,19 @@ in }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.jackett = { description = "Jackett"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - test -d ${cfg.dataDir} || { - echo "Creating jackett data directory in ${cfg.dataDir}" - mkdir -p ${cfg.dataDir} - } - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} - chmod 0700 ${cfg.dataDir} - ''; serviceConfig = { Type = "simple"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = "true"; ExecStart = "${pkgs.jackett}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'"; Restart = "on-failure"; }; diff --git a/nixpkgs/nixos/modules/services/misc/lidarr.nix b/nixpkgs/nixos/modules/services/misc/lidarr.nix index 627f22334fe8..f466402abfc7 100644 --- a/nixpkgs/nixos/modules/services/misc/lidarr.nix +++ b/nixpkgs/nixos/modules/services/misc/lidarr.nix @@ -17,20 +17,15 @@ in description = "Lidarr"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - [ ! -d /var/lib/lidarr ] && mkdir -p /var/lib/lidarr - chown -R lidarr:lidarr /var/lib/lidarr - ''; serviceConfig = { Type = "simple"; User = "lidarr"; Group = "lidarr"; - PermissionsStartOnly = "true"; ExecStart = "${pkgs.lidarr}/bin/Lidarr"; Restart = "on-failure"; - StateDirectory = "/var/lib/lidarr/"; + StateDirectory = "lidarr"; StateDirectoryMode = "0770"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix index 5e465926b832..00c8e7408030 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix @@ -554,7 +554,10 @@ in { }; trusted_third_party_id_servers = mkOption { type = types.listOf types.str; - default = ["matrix.org"]; + default = [ + "matrix.org" + "vector.im" + ]; description = '' The list of identity servers trusted to verify third party identifiers by this server. ''; diff --git a/nixpkgs/nixos/modules/services/misc/mesos-master.nix b/nixpkgs/nixos/modules/services/misc/mesos-master.nix index 0523c6549ed6..572a9847e46c 100644 --- a/nixpkgs/nixos/modules/services/misc/mesos-master.nix +++ b/nixpkgs/nixos/modules/services/misc/mesos-master.nix @@ -95,6 +95,9 @@ in { config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.workDir}' 0700 - - - -" + ]; systemd.services.mesos-master = { description = "Mesos Master"; wantedBy = [ "multi-user.target" ]; @@ -114,11 +117,7 @@ in { ${toString cfg.extraCmdLineOptions} ''; Restart = "on-failure"; - PermissionsStartOnly = true; }; - preStart = '' - mkdir -m 0700 -p ${cfg.workDir} - ''; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/mesos-slave.nix b/nixpkgs/nixos/modules/services/misc/mesos-slave.nix index 468c7f36ecc5..170065d0065e 100644 --- a/nixpkgs/nixos/modules/services/misc/mesos-slave.nix +++ b/nixpkgs/nixos/modules/services/misc/mesos-slave.nix @@ -184,6 +184,9 @@ in { }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.workDir}' 0701 - - - -" + ]; systemd.services.mesos-slave = { description = "Mesos Slave"; wantedBy = [ "multi-user.target" ]; @@ -210,11 +213,7 @@ in { --executor_environment_variables=${lib.escapeShellArg (builtins.toJSON cfg.executorEnvironmentVariables)} \ ${toString cfg.extraCmdLineOptions} ''; - PermissionsStartOnly = true; }; - preStart = '' - mkdir -m 0701 -p ${cfg.workDir} - ''; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/plex.nix b/nixpkgs/nixos/modules/services/misc/plex.nix index fce9b29011f1..7efadf1b9bb1 100644 --- a/nixpkgs/nixos/modules/services/misc/plex.nix +++ b/nixpkgs/nixos/modules/services/misc/plex.nix @@ -10,35 +10,38 @@ in services.plex = { enable = mkEnableOption "Plex Media Server"; - # FIXME: In order for this config option to work, symlinks in the Plex - # package in the Nix store have to be changed to point to this directory. dataDir = mkOption { type = types.str; default = "/var/lib/plex"; - description = "The directory where Plex stores its data files."; + description = '' + The directory where Plex stores its data files. + ''; }; openFirewall = mkOption { type = types.bool; default = false; description = '' - Open ports in the firewall for the media server + Open ports in the firewall for the media server. ''; }; user = mkOption { type = types.str; default = "plex"; - description = "User account under which Plex runs."; + description = '' + User account under which Plex runs. + ''; }; group = mkOption { type = types.str; default = "plex"; - description = "Group under which Plex runs."; + description = '' + Group under which Plex runs. + ''; }; - managePlugins = mkOption { type = types.bool; default = true; @@ -80,73 +83,48 @@ in description = "Plex Media Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - test -d "${cfg.dataDir}/Plex Media Server" || { - echo "Creating initial Plex data directory in \"${cfg.dataDir}\"." - mkdir -p "${cfg.dataDir}/Plex Media Server" - chown -R ${cfg.user}:${cfg.group} "${cfg.dataDir}" - } - - # Copy the database skeleton files to /var/lib/plex/.skeleton - # See the the Nix expression for Plex's package for more information on - # why this is done. - install --owner ${cfg.user} --group ${cfg.group} -d "${cfg.dataDir}/.skeleton" - for db in "com.plexapp.plugins.library.db"; do - if [ ! -e "${cfg.dataDir}/.skeleton/$db" ]; then - cp "${cfg.package}/usr/lib/plexmediaserver/Resources/base_$db" "${cfg.dataDir}/.skeleton/$db" - fi - chmod u+w "${cfg.dataDir}/.skeleton/$db" - chown ${cfg.user}:${cfg.group} "${cfg.dataDir}/.skeleton/$db" - done - - # If managePlugins is enabled, setup symlinks for plugins. - ${optionalString cfg.managePlugins '' - echo "Preparing plugin directory." - PLUGINDIR="${cfg.dataDir}/Plex Media Server/Plug-ins" - test -d "$PLUGINDIR" || { - mkdir -p "$PLUGINDIR"; - chown ${cfg.user}:${cfg.group} "$PLUGINDIR"; - } - - echo "Removing old symlinks." - # First, remove all of the symlinks in the directory. - for f in `ls "$PLUGINDIR/"`; do - if [[ -L "$PLUGINDIR/$f" ]]; then - echo "Removing plugin symlink $PLUGINDIR/$f." - rm "$PLUGINDIR/$f" - fi - done - - echo "Symlinking plugins." - for path in ${toString cfg.extraPlugins}; do - dest="$PLUGINDIR/$(basename $path)" - if [[ ! -d "$path" ]]; then - echo "Error symlinking plugin from $path: no such directory." - elif [[ -d "$dest" || -L "$dest" ]]; then - echo "Error symlinking plugin from $path to $dest: file or directory already exists." - else - echo "Symlinking plugin at $path..." - ln -s "$path" "$dest" - fi - done - ''} - ''; + serviceConfig = { Type = "simple"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = "true"; - ExecStart = "\"${cfg.package}/usr/lib/plexmediaserver/Plex Media Server\""; + + # Run the pre-start script with full permissions (the "!" prefix) so it + # can create the data directory if necessary. + ExecStartPre = let + preStartScript = pkgs.writeScript "plex-run-prestart" '' + #!${pkgs.bash}/bin/bash + + # Create data directory if it doesn't exist + if ! test -d "$PLEX_DATADIR"; then + echo "Creating initial Plex data directory in: $PLEX_DATADIR" + install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$PLEX_DATADIR" + fi + ''; + in + "!${preStartScript}"; + + ExecStart = "${cfg.package}/bin/plexmediaserver"; KillSignal = "SIGQUIT"; Restart = "on-failure"; }; + environment = { - PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=cfg.dataDir; - PLEX_MEDIA_SERVER_HOME="${cfg.package}/usr/lib/plexmediaserver"; + # Configuration for our FHS userenv script + PLEX_DATADIR=cfg.dataDir; + PLEX_PLUGINS=concatMapStringsSep ":" builtins.toString cfg.extraPlugins; + + # The following variables should be set by the FHS userenv script: + # PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR + # PLEX_MEDIA_SERVER_HOME + + # Allow access to GPU acceleration; the Plex LD_LIBRARY_PATH is added + # by the FHS userenv script. + LD_LIBRARY_PATH="/run/opengl-driver/lib"; + PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6"; PLEX_MEDIA_SERVER_TMPDIR="/tmp"; PLEX_MEDIA_SERVER_USE_SYSLOG="true"; - LD_LIBRARY_PATH="/run/opengl-driver/lib:${cfg.package}/usr/lib/plexmediaserver/lib"; LC_ALL="en_US.UTF-8"; LANG="en_US.UTF-8"; }; diff --git a/nixpkgs/nixos/modules/services/misc/radarr.nix b/nixpkgs/nixos/modules/services/misc/radarr.nix index 9ab26d848325..74444e24043f 100644 --- a/nixpkgs/nixos/modules/services/misc/radarr.nix +++ b/nixpkgs/nixos/modules/services/misc/radarr.nix @@ -38,24 +38,19 @@ in }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.radarr = { description = "Radarr"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - test -d ${cfg.dataDir} || { - echo "Creating radarr data directory in ${cfg.dataDir}" - mkdir -p ${cfg.dataDir} - } - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} - chmod 0700 ${cfg.dataDir} - ''; serviceConfig = { Type = "simple"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = "true"; ExecStart = "${pkgs.radarr}/bin/Radarr -nobrowser -data='${cfg.dataDir}'"; Restart = "on-failure"; }; diff --git a/nixpkgs/nixos/modules/services/misc/sonarr.nix b/nixpkgs/nixos/modules/services/misc/sonarr.nix index a99445a268d7..77c7f0582d0b 100644 --- a/nixpkgs/nixos/modules/services/misc/sonarr.nix +++ b/nixpkgs/nixos/modules/services/misc/sonarr.nix @@ -39,24 +39,19 @@ in }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.sonarr = { description = "Sonarr"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - test -d ${cfg.dataDir} || { - echo "Creating sonarr data directory in ${cfg.dataDir}" - mkdir -p ${cfg.dataDir} - } - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} - chmod 0700 ${cfg.dataDir} - ''; serviceConfig = { Type = "simple"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = "true"; ExecStart = "${pkgs.sonarr}/bin/NzbDrone -nobrowser -data='${cfg.dataDir}'"; Restart = "on-failure"; }; diff --git a/nixpkgs/nixos/modules/services/misc/sssd.nix b/nixpkgs/nixos/modules/services/misc/sssd.nix index fe472a6c68e5..6b64045dde88 100644 --- a/nixpkgs/nixos/modules/services/misc/sssd.nix +++ b/nixpkgs/nixos/modules/services/misc/sssd.nix @@ -6,7 +6,7 @@ let in { options = { services.sssd = { - enable = mkEnableOption "the System Security Services Daemon."; + enable = mkEnableOption "the System Security Services Daemon"; config = mkOption { type = types.lines; diff --git a/nixpkgs/nixos/modules/services/misc/zookeeper.nix b/nixpkgs/nixos/modules/services/misc/zookeeper.nix index cb7cc97d5a5c..50c84e3c6b80 100644 --- a/nixpkgs/nixos/modules/services/misc/zookeeper.nix +++ b/nixpkgs/nixos/modules/services/misc/zookeeper.nix @@ -119,6 +119,10 @@ in { config = mkIf cfg.enable { environment.systemPackages = [cfg.package]; + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 zookeeper - - -" + ]; + systemd.services.zookeeper = { description = "Zookeeper Daemon"; wantedBy = [ "multi-user.target" ]; @@ -135,11 +139,8 @@ in { ${configDir}/zoo.cfg ''; User = "zookeeper"; - PermissionsStartOnly = true; }; preStart = '' - mkdir -m 0700 -p ${cfg.dataDir} - if [ "$(id -u)" = 0 ]; then chown zookeeper ${cfg.dataDir}; fi echo "${toString cfg.id}" > ${cfg.dataDir}/myid ''; }; |