diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/misc')
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/apache-kafka.nix | 9 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/couchpotato.nix | 7 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/gitea.nix | 17 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/gollum.nix | 15 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/lidarr.nix | 56 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/nix-daemon.nix | 5 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/octoprint.nix | 7 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/zoneminder.nix | 25 |
8 files changed, 96 insertions, 45 deletions
diff --git a/nixpkgs/nixos/modules/services/misc/apache-kafka.nix b/nixpkgs/nixos/modules/services/misc/apache-kafka.nix index 363ac4411e11..9eeae9556992 100644 --- a/nixpkgs/nixos/modules/services/misc/apache-kafka.nix +++ b/nixpkgs/nixos/modules/services/misc/apache-kafka.nix @@ -131,6 +131,8 @@ in { home = head cfg.logDirs; }; + systemd.tmpfiles.rules = map (logDir: "d '${logDir} 0700 apache-kafka - - -") cfg.logDirs; + systemd.services.apache-kafka = { description = "Apache Kafka Daemon"; wantedBy = [ "multi-user.target" ]; @@ -145,15 +147,8 @@ in { ${serverConfig} ''; User = "apache-kafka"; - PermissionsStartOnly = true; SuccessExitStatus = "0 143"; }; - preStart = '' - mkdir -m 0700 -p ${concatStringsSep " " cfg.logDirs} - if [ "$(id -u)" = 0 ]; then - chown apache-kafka ${concatStringsSep " " cfg.logDirs}; - fi - ''; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/couchpotato.nix b/nixpkgs/nixos/modules/services/misc/couchpotato.nix index 70aa895f76d8..528af486b414 100644 --- a/nixpkgs/nixos/modules/services/misc/couchpotato.nix +++ b/nixpkgs/nixos/modules/services/misc/couchpotato.nix @@ -19,16 +19,11 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - mkdir -p /var/lib/couchpotato - chown -R couchpotato:couchpotato /var/lib/couchpotato - ''; - serviceConfig = { Type = "simple"; User = "couchpotato"; Group = "couchpotato"; - PermissionsStartOnly = "true"; + StateDirectory = "couchpotato"; ExecStart = "${pkgs.couchpotato}/bin/couchpotato"; Restart = "on-failure"; }; diff --git a/nixpkgs/nixos/modules/services/misc/gitea.nix b/nixpkgs/nixos/modules/services/misc/gitea.nix index 7daa2dd0d4cc..5a964e672ede 100644 --- a/nixpkgs/nixos/modules/services/misc/gitea.nix +++ b/nixpkgs/nixos/modules/services/misc/gitea.nix @@ -38,6 +38,7 @@ let HTTP_PORT = ${toString cfg.httpPort} ROOT_URL = ${cfg.rootUrl} STATIC_ROOT_PATH = ${cfg.staticRootPath} + LFS_JWT_SECRET = #jwtsecret# [session] COOKIE_NAME = session @@ -307,6 +308,7 @@ in systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' - ${cfg.user} gitea - -" "d '${cfg.stateDir}/conf' - ${cfg.user} gitea - -" + "d '${cfg.stateDir}/custom' - ${cfg.user} gitea - -" "d '${cfg.stateDir}/custom/conf' - ${cfg.user} gitea - -" "d '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" "Z '${cfg.stateDir}' - ${cfg.user} gitea - -" @@ -325,21 +327,28 @@ in preStart = let runConfig = "${cfg.stateDir}/custom/conf/app.ini"; secretKey = "${cfg.stateDir}/custom/conf/secret_key"; + jwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; in '' # copy custom configuration and generate a random secret key if needed ${optionalString (cfg.useWizard == false) '' cp -f ${configFile} ${runConfig} if [ ! -e ${secretKey} ]; then - head -c 16 /dev/urandom | base64 > ${secretKey} + ${gitea.bin}/bin/gitea generate secret SECRET_KEY > ${secretKey} fi - KEY=$(head -n1 ${secretKey}) - DBPASS=$(head -n1 ${cfg.database.passwordFile}) + if [ ! -e ${jwtSecret} ]; then + ${gitea.bin}/bin/gitea generate secret LFS_JWT_SECRET > ${jwtSecret} + fi + + KEY="$(head -n1 ${secretKey})" + DBPASS="$(head -n1 ${cfg.database.passwordFile})" + JWTSECRET="$(head -n1 ${jwtSecret})" sed -e "s,#secretkey#,$KEY,g" \ -e "s,#dbpass#,$DBPASS,g" \ + -e "s,#jwtsecet#,$JWTSECET,g" \ -i ${runConfig} - chmod 640 ${runConfig} ${secretKey} + chmod 640 ${runConfig} ${secretKey} ${jwtSecret} ''} # update all hooks' binary paths diff --git a/nixpkgs/nixos/modules/services/misc/gollum.nix b/nixpkgs/nixos/modules/services/misc/gollum.nix index d1823bc6d4df..7653b415bf09 100644 --- a/nixpkgs/nixos/modules/services/misc/gollum.nix +++ b/nixpkgs/nixos/modules/services/misc/gollum.nix @@ -75,27 +75,24 @@ in users.groups.gollum = { }; + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" + ]; + systemd.services.gollum = { description = "Gollum wiki"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.git ]; - preStart = let - userName = config.users.users.gollum.name; - groupName = config.users.groups.gollum.name; - in '' - # All of this is safe to be run on an existing repo - mkdir -p ${cfg.stateDir} + preStart = '' + # This is safe to be run on an existing repo git init ${cfg.stateDir} - chmod 755 ${cfg.stateDir} - chown -R ${userName}:${groupName} ${cfg.stateDir} ''; serviceConfig = { User = config.users.users.gollum.name; Group = config.users.groups.gollum.name; - PermissionsStartOnly = true; ExecStart = '' ${pkgs.gollum}/bin/gollum \ --port ${toString cfg.port} \ diff --git a/nixpkgs/nixos/modules/services/misc/lidarr.nix b/nixpkgs/nixos/modules/services/misc/lidarr.nix index f466402abfc7..4c37bd74f150 100644 --- a/nixpkgs/nixos/modules/services/misc/lidarr.nix +++ b/nixpkgs/nixos/modules/services/misc/lidarr.nix @@ -9,6 +9,37 @@ in options = { services.lidarr = { enable = mkEnableOption "Lidarr"; + + package = mkOption { + type = types.package; + default = pkgs.lidarr; + defaultText = "pkgs.lidarr"; + description = "The Lidarr package to use"; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open ports in the firewall for Lidarr + ''; + }; + + user = mkOption { + type = types.str; + default = "lidarr"; + description = '' + User account under which Lidarr runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "lidarr"; + description = '' + Group under which Lidarr runs. + ''; + }; }; }; @@ -20,9 +51,9 @@ in serviceConfig = { Type = "simple"; - User = "lidarr"; - Group = "lidarr"; - ExecStart = "${pkgs.lidarr}/bin/Lidarr"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${cfg.package}/bin/Lidarr"; Restart = "on-failure"; StateDirectory = "lidarr"; @@ -30,12 +61,21 @@ in }; }; - users.users.lidarr = { - uid = config.ids.uids.lidarr; - home = "/var/lib/lidarr"; - group = "lidarr"; + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ 8686 ]; + }; + + users.users = mkIf (cfg.user == "lidarr") { + lidarr = { + group = cfg.group; + uid = config.ids.uids.lidarr; + }; }; - users.groups.lidarr.gid = config.ids.gids.lidarr; + users.groups = mkIf (cfg.group == "lidarr") { + lidarr = { + gid = config.ids.gids.lidarr; + }; + }; }; } diff --git a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix index 8db3c44246f3..d8f90f1539c1 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix @@ -272,10 +272,12 @@ in binaryCaches = mkOption { type = types.listOf types.str; - default = [ https://cache.nixos.org/ ]; description = '' List of binary cache URLs used to obtain pre-built binaries of Nix packages. + + By default https://cache.nixos.org/ is added, + to override it use <literal>lib.mkForce []</literal>. ''; }; @@ -386,6 +388,7 @@ in config = { nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + nix.binaryCaches = [ "https://cache.nixos.org/" ]; environment.etc."nix/nix.conf".source = nixConf; diff --git a/nixpkgs/nixos/modules/services/misc/octoprint.nix b/nixpkgs/nixos/modules/services/misc/octoprint.nix index 52ae25201c35..8950010773cf 100644 --- a/nixpkgs/nixos/modules/services/misc/octoprint.nix +++ b/nixpkgs/nixos/modules/services/misc/octoprint.nix @@ -97,6 +97,10 @@ in gid = config.ids.gids.octoprint; }); + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.octoprint = { description = "OctoPrint, web interface for 3D printers"; wantedBy = [ "multi-user.target" ]; @@ -105,7 +109,6 @@ in environment.PYTHONPATH = makeSearchPathOutput "lib" pkgs.python.sitePackages [ pluginsEnv ]; preStart = '' - mkdir -p "${cfg.stateDir}" if [ -e "${cfg.stateDir}/config.yaml" ]; then ${pkgs.yaml-merge}/bin/yaml-merge "${cfg.stateDir}/config.yaml" "${cfgUpdate}" > "${cfg.stateDir}/config.yaml.tmp" mv "${cfg.stateDir}/config.yaml.tmp" "${cfg.stateDir}/config.yaml" @@ -113,14 +116,12 @@ in cp "${cfgUpdate}" "${cfg.stateDir}/config.yaml" chmod 600 "${cfg.stateDir}/config.yaml" fi - chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}" ''; serviceConfig = { ExecStart = "${pkgs.octoprint}/bin/octoprint serve -b ${cfg.stateDir}"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = true; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/zoneminder.nix b/nixpkgs/nixos/modules/services/misc/zoneminder.nix index 9c555e8031c4..cf56ae89b399 100644 --- a/nixpkgs/nixos/modules/services/misc/zoneminder.nix +++ b/nixpkgs/nixos/modules/services/misc/zoneminder.nix @@ -50,7 +50,7 @@ let ZM_DB_TYPE=mysql ZM_DB_HOST=${cfg.database.host} ZM_DB_NAME=${cfg.database.name} - ZM_DB_USER=${if cfg.database.createLocally then user else cfg.database.username} + ZM_DB_USER=${cfg.database.username} ZM_DB_PASS=${cfg.database.password} # Web @@ -155,6 +155,7 @@ in { default = "zmpass"; description = '' Username for accessing the database. + Not used if <literal>createLocally</literal> is set. ''; }; }; @@ -189,6 +190,12 @@ in { config = lib.mkIf cfg.enable { + assertions = [ + { assertion = cfg.database.createLocally -> cfg.database.username == user; + message = "services.zoneminder.database.username must be set to ${user} if services.zoneminder.database.createLocally is set true"; + } + ]; + environment.etc = { "zoneminder/60-defaults.conf".source = defaultsFile; "zoneminder/80-nixos.conf".source = configFile; @@ -204,10 +211,9 @@ in { }; mysql = lib.mkIf cfg.database.createLocally { + enable = true; + package = lib.mkDefault pkgs.mariadb; ensureDatabases = [ cfg.database.name ]; - initialDatabases = [{ - inherit (cfg.database) name; schema = "${pkg}/share/zoneminder/db/zm_create.sql"; - }]; ensureUsers = [{ name = cfg.database.username; ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; @@ -256,7 +262,7 @@ in { fastcgi_pass ${fcgi.socketType}:${fcgi.socketAddress}; } - location /cache { + location /cache/ { alias /var/cache/${dirName}; } @@ -315,11 +321,16 @@ in { procps psmisc ]; - after = [ "mysql.service" "nginx.service" ]; + after = [ "nginx.service" ] ++ lib.optional cfg.database.createLocally "mysql.service"; wantedBy = [ "multi-user.target" ]; restartTriggers = [ defaultsFile configFile ]; - preStart = lib.mkIf useCustomDir '' + preStart = lib.optionalString useCustomDir '' install -dm775 -o ${user} -g ${group} ${cfg.storageDir}/{${lib.concatStringsSep "," libDirs}} + '' + lib.optionalString cfg.database.createLocally '' + if ! test -e "/var/lib/${dirName}/db-created"; then + ${config.services.mysql.package}/bin/mysql < ${pkg}/share/zoneminder/db/zm_create.sql + touch "/var/lib/${dirName}/db-created" + fi ''; serviceConfig = { User = user; |