diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services')
14 files changed, 112 insertions, 159 deletions
diff --git a/nixpkgs/nixos/modules/services/backup/restic.nix b/nixpkgs/nixos/modules/services/backup/restic.nix index 6f4cbab81726..78220e99c3d1 100644 --- a/nixpkgs/nixos/modules/services/backup/restic.nix +++ b/nixpkgs/nixos/modules/services/backup/restic.nix @@ -260,6 +260,16 @@ in Restic package to use. ''; }; + + createWrapper = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Whether to generate and add a script to the system path, that has the same environment variables set + as the systemd service. This can be used to e.g. mount snapshots or perform other opterations, without + having to manually specify most options. + ''; + }; }; })); default = { }; @@ -316,7 +326,8 @@ in in nameValuePair "restic-backups-${name}" ({ environment = { - RESTIC_CACHE_DIR = "%C/restic-backups-${name}"; + # not %C, because that wouldn't work in the wrapper script + RESTIC_CACHE_DIR = "/var/cache/restic-backups-${name}"; RESTIC_PASSWORD_FILE = backup.passwordFile; RESTIC_REPOSITORY = backup.repository; RESTIC_REPOSITORY_FILE = backup.repositoryFile; @@ -331,7 +342,7 @@ in nameValuePair (rcloneAttrToConf name) (toRcloneVal value) ) backup.rcloneConfig); - path = [ pkgs.openssh ]; + path = [ config.programs.ssh.package ]; restartIfChanged = false; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; @@ -378,5 +389,22 @@ in timerConfig = backup.timerConfig; }) config.services.restic.backups; + + # generate wrapper scripts, as described in the createWrapper option + environment.systemPackages = lib.mapAttrsToList (name: backup: let + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; + resticCmd = "${backup.package}/bin/restic${extraOptions}"; + in pkgs.writeShellScriptBin "restic-${name}" '' + set -a # automatically export variables + ${lib.optionalString (backup.environmentFile != null) "source ${backup.environmentFile}"} + # set same environment variables as the systemd service + ${lib.pipe config.systemd.services."restic-backups-${name}".environment [ + (lib.filterAttrs (_: v: v != null)) + (lib.mapAttrsToList (n: v: "${n}=${v}")) + (lib.concatStringsSep "\n") + ]} + + exec ${resticCmd} $@ + '') (lib.filterAttrs (_: v: v.createWrapper) config.services.restic.backups); }; } diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix index 595374ea1e5b..b4b997201c8f 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -272,7 +272,13 @@ in { Group = cfg.group; WorkingDirectory = cfg.home; # NOTE: call twistd directly with stdout logging for systemd - ExecStart = "${python.pkgs.twisted}/bin/twistd -o --nodaemon --pidfile= --logfile - --python ${tacFile}"; + ExecStart = "${python.pkgs.twisted}/bin/twistd -o --nodaemon --pidfile= --logfile - --python ${cfg.buildbotDir}/buildbot.tac"; + # To reload on upgrade, set the following in your configuration: + # systemd.services.buildbot-master.reloadIfChanged = true; + ExecReload = [ + "${pkgs.coreutils}/bin/ln -sf ${tacFile} ${cfg.buildbotDir}/buildbot.tac" + "${pkgs.coreutils}/bin/kill -HUP $MAINPID" + ]; }; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hail.nix b/nixpkgs/nixos/modules/services/continuous-integration/hail.nix deleted file mode 100644 index 62e8b8077c07..000000000000 --- a/nixpkgs/nixos/modules/services/continuous-integration/hail.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, pkgs, ...}: - -with lib; - -let - cfg = config.services.hail; -in { - - - ###### interface - - options.services.hail = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enables the Hail Auto Update Service. Hail can automatically deploy artifacts - built by a Hydra Continuous Integration server. A common use case is to provide - continuous deployment for single services or a full NixOS configuration.''; - }; - profile = mkOption { - type = types.str; - default = "hail-profile"; - description = lib.mdDoc "The name of the Nix profile used by Hail."; - }; - hydraJobUri = mkOption { - type = types.str; - description = lib.mdDoc "The URI of the Hydra Job."; - }; - netrc = mkOption { - type = types.nullOr types.path; - description = lib.mdDoc "The netrc file to use when fetching data from Hydra."; - default = null; - }; - package = mkOption { - type = types.package; - default = pkgs.haskellPackages.hail; - defaultText = literalExpression "pkgs.haskellPackages.hail"; - description = lib.mdDoc "Hail package to use."; - }; - }; - - - ###### implementation - - config = mkIf cfg.enable { - systemd.services.hail = { - description = "Hail Auto Update Service"; - wants = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ nix ]; - environment = { - HOME = "/var/lib/empty"; - }; - serviceConfig = { - ExecStart = "${cfg.package}/bin/hail --profile ${cfg.profile} --job-uri ${cfg.hydraJobUri}" - + lib.optionalString (cfg.netrc != null) " --netrc-file ${cfg.netrc}"; - }; - }; - }; -} diff --git a/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix b/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix index cc5b903afd59..3b883c72ff07 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix @@ -35,6 +35,16 @@ let ''; }; + path = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = [ ]; + example = [ "" ]; + description = lib.mdDoc '' + Additional packages that should be added to the agent's `PATH`. + Mostly useful for the `local` backend. + ''; + }; + environmentFile = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; @@ -94,7 +104,7 @@ let "-/etc/localtime" ]; }; - inherit (agentCfg) environment; + inherit (agentCfg) environment path; }; }; in @@ -106,28 +116,41 @@ in agents = lib.mkOption { default = { }; type = lib.types.attrsOf agentModule; - example = { - docker = { - environment = { - WOODPECKER_SERVER = "localhost:9000"; - WOODPECKER_BACKEND = "docker"; - DOCKER_HOST = "unix:///run/podman/podman.sock"; + example = lib.literalExpression '' + { + podman = { + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_BACKEND = "docker"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + }; + + extraGroups = [ "podman" ]; + + environmentFile = [ "/run/secrets/woodpecker/agent-secret.txt" ]; }; - extraGroups = [ "docker" ]; + exec = { + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_BACKEND = "local"; + }; - environmentFile = "/run/secrets/woodpecker/agent-secret.txt"; - }; + environmentFile = [ "/run/secrets/woodpecker/agent-secret.txt" ]; - exec = { - environment = { - WOODPECKER_SERVER = "localhost:9000"; - WOODPECKER_BACKEND = "exec"; + path = [ + # Needed to clone repos + git + git-lfs + woodpecker-plugin-git + # Used by the runner as the default shell + bash + # Most likely to be used in pipeline definitions + coreutils + ]; }; - - environmentFile = "/run/secrets/woodpecker/agent-secret.txt"; - }; - }; + } + ''; description = lib.mdDoc "woodpecker-agents configurations"; }; }; diff --git a/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix b/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix index 796de3a491e4..6b5bd8a0d9bb 100644 --- a/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix +++ b/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix @@ -66,9 +66,10 @@ in server = mkDefault "mqtt://localhost:1883"; }; serial.port = mkDefault "/dev/ttyACM0"; - # reference device configuration, that is kept in a separate file + # reference device/group configuration, that is kept in a separate file # to prevent it being overwritten in the units ExecStartPre script devices = mkDefault "devices.yaml"; + groups = mkDefault "groups.yaml"; }; systemd.services.zigbee2mqtt = { diff --git a/nixpkgs/nixos/modules/services/logging/logrotate.nix b/nixpkgs/nixos/modules/services/logging/logrotate.nix index 342ac5ec6e04..ba1445f08397 100644 --- a/nixpkgs/nixos/modules/services/logging/logrotate.nix +++ b/nixpkgs/nixos/modules/services/logging/logrotate.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, utils, ... }: with lib; @@ -220,6 +220,12 @@ in in this case you can disable the failing check with this option. ''; }; + + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional command line arguments to pass on logrotate invocation"; + }; }; }; @@ -231,7 +237,7 @@ in serviceConfig = { Restart = "no"; User = "root"; - ExecStart = "${pkgs.logrotate}/sbin/logrotate ${mailOption} ${cfg.configFile}"; + ExecStart = "${pkgs.logrotate}/sbin/logrotate ${utils.escapeSystemdExecArgs cfg.extraArgs} ${mailOption} ${cfg.configFile}"; }; }; systemd.services.logrotate-checkconf = { @@ -240,7 +246,7 @@ in serviceConfig = { Type = "oneshot"; RemainAfterExit = true; - ExecStart = "${pkgs.logrotate}/sbin/logrotate --debug ${cfg.configFile}"; + ExecStart = "${pkgs.logrotate}/sbin/logrotate ${utils.escapeSystemdExecArgs cfg.extraArgs} --debug ${cfg.configFile}"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/listmonk.nix b/nixpkgs/nixos/modules/services/mail/listmonk.nix index 251362fdd89d..11b2a5186229 100644 --- a/nixpkgs/nixos/modules/services/mail/listmonk.nix +++ b/nixpkgs/nixos/modules/services/mail/listmonk.nix @@ -54,7 +54,7 @@ let smtp = mkOption { type = listOf (submodule { - freeformType = with types; attrsOf (oneOf [ str int bool ]); + freeformType = with types; attrsOf anything; options = { enabled = mkEnableOption (lib.mdDoc "this SMTP server for listmonk"); @@ -86,7 +86,7 @@ let # TODO: refine this type based on the smtp one. "bounce.mailboxes" = mkOption { type = listOf - (submodule { freeformType = with types; oneOf [ str int bool ]; }); + (submodule { freeformType = with types; listOf (attrsOf anything); }); default = [ ]; description = lib.mdDoc "List of bounce mailboxes"; }; diff --git a/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix b/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix index fdbdc99070b9..eb87d9f6f695 100644 --- a/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix +++ b/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix @@ -18,7 +18,7 @@ in { default = { }; description = mdDoc '' Configuration options for the Stalwart email server. - See <https://stalw.art/docs/> for available options. + See <https://stalw.art/docs/category/configuration> for available options. By default, the module is configured to store everything locally. ''; diff --git a/nixpkgs/nixos/modules/services/misc/cfdyndns.nix b/nixpkgs/nixos/modules/services/misc/cfdyndns.nix index 9cd8b188ffae..5a02de2aad21 100644 --- a/nixpkgs/nixos/modules/services/misc/cfdyndns.nix +++ b/nixpkgs/nixos/modules/services/misc/cfdyndns.nix @@ -23,6 +23,15 @@ in ''; }; + apiTokenFile = mkOption { + default = null; + type = types.nullOr types.str; + description = lib.mdDoc '' + The path to a file containing the API Token + used to authenticate with CloudFlare. + ''; + }; + apikeyFile = mkOption { default = null; type = types.nullOr types.str; @@ -55,12 +64,15 @@ in Group = config.ids.gids.cfdyndns; }; environment = { - CLOUDFLARE_EMAIL="${cfg.email}"; CLOUDFLARE_RECORDS="${concatStringsSep "," cfg.records}"; }; script = '' ${optionalString (cfg.apikeyFile != null) '' export CLOUDFLARE_APIKEY="$(cat ${escapeShellArg cfg.apikeyFile})" + export CLOUDFLARE_EMAIL="${cfg.email}" + ''} + ${optionalString (cfg.apiTokenFile != null) '' + export CLOUDFLARE_APITOKEN="$(cat ${escapeShellArg cfg.apiTokenFile})" ''} ${pkgs.cfdyndns}/bin/cfdyndns ''; diff --git a/nixpkgs/nixos/modules/services/networking/wstunnel.nix b/nixpkgs/nixos/modules/services/networking/wstunnel.nix index 067d5df48725..3c3ecc3e04d7 100644 --- a/nixpkgs/nixos/modules/services/networking/wstunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/wstunnel.nix @@ -86,12 +86,12 @@ let description = mdDoc "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability."; type = types.submodule hostPortSubmodule; default = { - address = "0.0.0.0"; + host = "0.0.0.0"; port = if config.enableHTTPS then 443 else 80; }; defaultText = literalExpression '' { - address = "0.0.0.0"; + host = "0.0.0.0"; port = if enableHTTPS then 443 else 80; } ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/galene.nix b/nixpkgs/nixos/modules/services/web-apps/galene.nix index 747b85f94c65..81fed8a0b99a 100644 --- a/nixpkgs/nixos/modules/services/web-apps/galene.nix +++ b/nixpkgs/nixos/modules/services/web-apps/galene.nix @@ -186,7 +186,7 @@ in ProtectSystem = "strict"; ReadWritePaths = cfg.recordingsDir; RemoveIPC = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; diff --git a/nixpkgs/nixos/modules/services/web-apps/plausible.nix b/nixpkgs/nixos/modules/services/web-apps/plausible.nix index 911daa53e658..4b308d2ee56e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/plausible.nix +++ b/nixpkgs/nixos/modules/services/web-apps/plausible.nix @@ -248,6 +248,7 @@ in { # setup ${cfg.package}/createdb.sh ${cfg.package}/migrate.sh + ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))" ${optionalString cfg.adminUser.activate '' if ! ${cfg.package}/init-admin.sh | grep 'already exists'; then psql -d plausible <<< "UPDATE users SET email_verified=true;" diff --git a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix index 3102e6a46953..592ab253f7da 100644 --- a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix @@ -595,47 +595,9 @@ let tt-rss = { description = "Tiny Tiny RSS feeds update daemon"; - preStart = let - callSql = e: - if cfg.database.type == "pgsql" then '' - ${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \ - ${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \ - ${config.services.postgresql.package}/bin/psql \ - -U ${cfg.database.user} \ - ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \ - -c '${e}' \ - ${cfg.database.name}'' - - else if cfg.database.type == "mysql" then '' - echo '${e}' | ${config.services.mysql.package}/bin/mysql \ - -u ${cfg.database.user} \ - ${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \ - ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \ - ${cfg.database.name}'' - - else ""; - - in (optionalString (cfg.database.type == "pgsql") '' - exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \ - | tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//') - - if [ "$exists" == 'f' ]; then - ${callSql "\\i ${pkgs.tt-rss}/schema/ttrss_schema_${cfg.database.type}.sql"} - else - echo 'The database contains some data. Leaving it as it is.' - fi; - '') - - + (optionalString (cfg.database.type == "mysql") '' - exists=$(${callSql "select count(*) > 0 from information_schema.tables where table_schema = schema()"} \ - | tail -n+2 | sed -e 's/[ \n\t]*//') - - if [ "$exists" == '0' ]; then - ${callSql "\\. ${pkgs.tt-rss}/schema/ttrss_schema_${cfg.database.type}.sql"} - else - echo 'The database contains some data. Leaving it as it is.' - fi; - ''); + preStart = '' + ${pkgs.php81}/bin/php ${cfg.root}/www/update.php --update-schema + ''; serviceConfig = { User = "${cfg.user}"; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/oroborus.nix b/nixpkgs/nixos/modules/services/x11/window-managers/oroborus.nix deleted file mode 100644 index 654b8708e48f..000000000000 --- a/nixpkgs/nixos/modules/services/x11/window-managers/oroborus.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.xserver.windowManager.oroborus; -in -{ - ###### interface - options = { - services.xserver.windowManager.oroborus.enable = mkEnableOption (lib.mdDoc "oroborus"); - }; - - ###### implementation - config = mkIf cfg.enable { - services.xserver.windowManager.session = singleton { - name = "oroborus"; - start = '' - ${pkgs.oroborus}/bin/oroborus & - waitPID=$! - ''; - }; - environment.systemPackages = [ pkgs.oroborus ]; - }; -} |