From 93f185df6555de235e7d188682ea54767d8cfbc2 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Wed, 3 Jul 2019 12:26:47 -0700 Subject: nixos/nscd: no longer need to wait for readiness This postStart step was introduced on 2014-04-24 with the comment that "Nscd forks into the background before it's ready to accept connections." However, that was fixed upstream almost two months earlier, on 2014-03-03, with the comment that "This, along with setting the nscd service type to forking in its systemd configuration file, allows systemd to be certain that the nscd service is ready and is accepting connections." The fix was released several months later in glibc 2.20, which was merged in NixOS sometime before 15.09, so it certainly should be safe to remove this workaround by now. --- nixos/modules/services/system/nscd.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index fd1570d11980..d9444a279eaa 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -75,15 +75,6 @@ in "${pkgs.glibc.bin}/sbin/nscd --invalidate hosts" ]; }; - - # Urgggggh... Nscd forks before opening its socket and writing - # its pid. So wait until it's ready. - postStart = - '' - while ! ${pkgs.glibc.bin}/sbin/nscd -g > /dev/null; do - sleep 0.2 - done - ''; }; }; -- cgit 1.4.1 From 597563d248470857470481681e3d187866c4a3b7 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Wed, 3 Jul 2019 12:39:48 -0700 Subject: nixos/nscd: let systemd manage directories Previously this module created both /var/db/nscd and /run/nscd using shell commands in a preStart script. Note that both of these paths are hard-coded in the nscd source. (Well, the latter is actually /var/run/nscd but /var/run is a symlink to /run so it works out the same.) /var/db/nscd is only used if the nscd.conf "persistent" option is turned on for one or more databases, which it is not in our default config file. I'm not even sure persistent mode can work under systemd, since `nscd --shutdown` is not synchronous so systemd will always unceremoniously kill nscd without reliably giving it time to mark the databases as unused. Nonetheless, if someone wants to use that option, they can ensure the directory exists using systemd.tmpfiles.rules. systemd can create /run/nscd for us with the RuntimeDirectory directive, with the added benefit of causing systemd to delete the directory on service stop or restart. The default value of RuntimeDirectoryMode is 755, the same as the mode which this module was using before. I don't think the `rm -f /run/nscd/nscd.pid` was necessary after NixOS switched to systemd and used its PIDFile directive, because systemd deletes the specified file after the service stops, and because the file can't persist across reboots since /run is a tmpfs. Even if the file still exists when nscd starts, it's only a problem if the pid it contains has been reused by another process, which is unlikely. Anyway, this change makes that deletion even less necessary, because now systemd deletes the entire /run/nscd directory when the service stops. --- nixos/modules/services/system/nscd.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index d9444a279eaa..146440035396 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -51,13 +51,6 @@ in environment = { LD_LIBRARY_PATH = nssModulesPath; }; - preStart = - '' - mkdir -m 0755 -p /run/nscd - rm -f /run/nscd/nscd.pid - mkdir -m 0755 -p /var/db/nscd - ''; - restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source @@ -67,6 +60,7 @@ in serviceConfig = { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd"; Type = "forking"; + RuntimeDirectory = "nscd"; PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; ExecReload = -- cgit 1.4.1 From de251704d66331f61417b9eaa42c58270ea6c766 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Wed, 3 Jul 2019 13:11:05 -0700 Subject: nixos/nscd: run with a dynamic user nscd doesn't create any files outside of /run/nscd unless the nscd.conf "persistent" option is used, which we don't do by default. Therefore it doesn't matter what UID/GID we run this service as, so long as it isn't shared with any other running processes. /run/nscd does need to be owned by the same UID that the service is running as, but systemd takes care of that for us thanks to the RuntimeDirectory directive. If someone wants to turn on the "persistent" option, they need to manually configure users.users.nscd and systemd.tmpfiles.rules so that /var/db/nscd is owned by the same user that nscd runs as. In an all-defaults boot.isContainer configuration of NixOS, this removes the only user which did not have a pre-assigned UID. --- nixos/modules/services/system/nscd.conf | 1 - nixos/modules/services/system/nscd.nix | 7 ++----- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.conf b/nixos/modules/services/system/nscd.conf index 603a5d01acce..b294e9339185 100644 --- a/nixos/modules/services/system/nscd.conf +++ b/nixos/modules/services/system/nscd.conf @@ -6,7 +6,6 @@ # fallback to trying to handle the request by itself. Which won't work as glibc # is not aware of the path in which the nss modules live. As a workaround, we # have `enable-cache yes` with an explicit ttl of 0 -server-user nscd threads 1 paranoia no debug-level 0 diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 146440035396..cf034caa1285 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -39,11 +39,6 @@ in config = mkIf cfg.enable { environment.etc."nscd.conf".text = cfg.config; - users.users.nscd = - { isSystemUser = true; - description = "Name service cache daemon user"; - }; - systemd.services.nscd = { description = "Name Service Cache Daemon"; @@ -60,6 +55,8 @@ in serviceConfig = { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd"; Type = "forking"; + User = "nscd"; + DynamicUser = true; RuntimeDirectory = "nscd"; PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; -- cgit 1.4.1 From 4c64375e91ca400c646316ae2da8d3603aebfb9c Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Wed, 3 Jul 2019 15:30:17 -0700 Subject: nixos/nscd: delete redundant nscd.conf options These options were being set to the same value as the defaults that are hardcoded in nscd. Delete them so it's clear which settings are actually important for NixOS. One exception is `threads 1`, which is different from the built-in default of 4. However, both values are equivalent because nscd forces the number of threads to be at least as many as the number of kinds of databases it supports, which is 5. --- nixos/modules/services/system/nscd.conf | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.conf b/nixos/modules/services/system/nscd.conf index b294e9339185..bd802bd3c2ee 100644 --- a/nixos/modules/services/system/nscd.conf +++ b/nixos/modules/services/system/nscd.conf @@ -6,46 +6,28 @@ # fallback to trying to handle the request by itself. Which won't work as glibc # is not aware of the path in which the nss modules live. As a workaround, we # have `enable-cache yes` with an explicit ttl of 0 -threads 1 -paranoia no -debug-level 0 enable-cache passwd yes positive-time-to-live passwd 0 negative-time-to-live passwd 0 -suggested-size passwd 211 -check-files passwd yes -persistent passwd no shared passwd yes enable-cache group yes positive-time-to-live group 0 negative-time-to-live group 0 -suggested-size group 211 -check-files group yes -persistent group no shared group yes enable-cache netgroup yes positive-time-to-live netgroup 0 negative-time-to-live netgroup 0 -suggested-size netgroup 211 -check-files netgroup yes -persistent netgroup no shared netgroup yes enable-cache hosts yes positive-time-to-live hosts 600 negative-time-to-live hosts 0 -suggested-size hosts 211 -check-files hosts yes -persistent hosts no shared hosts yes enable-cache services yes positive-time-to-live services 0 negative-time-to-live services 0 -suggested-size services 211 -check-files services yes -persistent services no shared services yes -- cgit 1.4.1 From c38fa99757baec0ba04c41985783b6f63a58ced2 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 6 Jul 2019 09:24:49 -0700 Subject: nixos/nscd: don't need to specify username Thanks to @arianvp for pointing out that when DynamicUser is true, systemd defaults the value of User to be the name of the unit, which in this case is already "nscd". --- nixos/modules/services/system/nscd.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index cf034caa1285..d094e9893ff0 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -55,7 +55,6 @@ in serviceConfig = { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd"; Type = "forking"; - User = "nscd"; DynamicUser = true; RuntimeDirectory = "nscd"; PIDFile = "/run/nscd/nscd.pid"; -- cgit 1.4.1 From f7c776760babb4f2d5d4341a5dbd882bf7751e9c Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sun, 7 Jul 2019 08:43:41 -0700 Subject: nixos/nscd: only drop privs after nss module init NixOS usually needs nscd just to have a single place where LD_LIBRARY_PATH can be set to include all NSS modules, but nscd is also useful if some of the NSS modules need to read files which are only accessible by root. For example, nixos/modules/config/ldap.nix needs this when users.ldap.enable = true; users.ldap.daemon.enable = false; and users.ldap.bind.passwordFile exists. In that case, the module creates an /etc/ldap.conf which is only readable by root, but which the NSS module needs to read in order to find out what LDAP server to connect to and with what credentials. If nscd is started as root and configured with the server-user option in nscd.conf, then it gives each NSS module the opportunity to initialize itself before dropping privileges. The initialization happens in the glibc-internal __nss_disable_nscd function, which pre-loads all the configured NSS modules for passwd, group, hosts, and services (but not netgroup for some reason?) and, for each loaded module, calls an init function if one is defined. After that finishes, nscd's main() calls nscd_init() which ends by calling finish_drop_privileges(). There are provisions in systemd for using DynamicUser with a service which needs to drop privileges itself, so this patch does that. --- nixos/modules/services/system/nscd.conf | 1 + nixos/modules/services/system/nscd.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.conf b/nixos/modules/services/system/nscd.conf index bd802bd3c2ee..2b7523a7346d 100644 --- a/nixos/modules/services/system/nscd.conf +++ b/nixos/modules/services/system/nscd.conf @@ -6,6 +6,7 @@ # fallback to trying to handle the request by itself. Which won't work as glibc # is not aware of the path in which the nss modules live. As a workaround, we # have `enable-cache yes` with an explicit ttl of 0 +server-user nscd enable-cache passwd yes positive-time-to-live passwd 0 diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index d094e9893ff0..c2d0cd5d0eb0 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -53,7 +53,7 @@ in ]; serviceConfig = - { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd"; + { ExecStart = "!@${pkgs.glibc.bin}/sbin/nscd nscd"; Type = "forking"; DynamicUser = true; RuntimeDirectory = "nscd"; -- cgit 1.4.1 From 8317663b9427ef021e917bde6c6c9d6ff05e240c Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Wed, 10 Jul 2019 21:29:25 +0800 Subject: nixos/syncthing: do not use nogroup We were already creating a group for the user under which to run syncthing but we were defaulting to running as `nogroup`. Additionally, use `install` instead of multiple calls to mkdir/cp/chown. --- nixos/modules/services/networking/syncthing.nix | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index d78a54a3327b..8148139c3a81 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -291,7 +291,7 @@ in { group = mkOption { type = types.str; - default = "nogroup"; + default = defaultUser; description = '' Syncthing will be run under this group (group will not be created if it doesn't exist. This can be your user name). @@ -403,18 +403,12 @@ in { Group = cfg.group; ExecStartPre = mkIf (cfg.declarative.cert != null || cfg.declarative.key != null) "+${pkgs.writers.writeBash "syncthing-copy-keys" '' - mkdir -p ${cfg.configDir} - chown ${cfg.user}:${cfg.group} ${cfg.configDir} - chmod 700 ${cfg.configDir} + install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir} ${optionalString (cfg.declarative.cert != null) '' - cp ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem - chown ${cfg.user}:${cfg.group} ${cfg.configDir}/cert.pem - chmod 400 ${cfg.configDir}/cert.pem + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem ''} ${optionalString (cfg.declarative.key != null) '' - cp ${toString cfg.declarative.key} ${cfg.configDir}/key.pem - chown ${cfg.user}:${cfg.group} ${cfg.configDir}/key.pem - chmod 400 ${cfg.configDir}/key.pem + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.key} ${cfg.configDir}/key.pem ''} ''}" ; -- cgit 1.4.1 From d79584c90253107d8d29869de0951545a567554a Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Fri, 12 Jul 2019 12:07:45 -0700 Subject: nixos/nscd: document why it is configured this way --- nixos/modules/services/system/nscd.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index c2d0cd5d0eb0..e11f7e049d8f 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -52,6 +52,12 @@ in config.environment.etc."nscd.conf".source ]; + # We use DynamicUser because in default configurations nscd doesn't + # create any files that need to survive restarts. However, in some + # configurations, nscd needs to be started as root; it will drop + # privileges after all the NSS modules have read their configuration + # files. So prefix the ExecStart command with "!" to prevent systemd + # from dropping privileges early. See ExecStart in systemd.service(5). serviceConfig = { ExecStart = "!@${pkgs.glibc.bin}/sbin/nscd nscd"; Type = "forking"; -- cgit 1.4.1 From 23ae47a2d040023d5a912e8df44f47ec6ca5c668 Mon Sep 17 00:00:00 2001 From: Edmund Wu Date: Fri, 19 Jul 2019 09:48:28 -0400 Subject: compton: 6.2 -> 7 --- nixos/modules/services/x11/compton.nix | 136 +++++++++++---------- .../window-managers/compton/default.nix | 10 +- 2 files changed, 76 insertions(+), 70 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/x11/compton.nix b/nixos/modules/services/x11/compton.nix index d4357324c870..c02c9bfd94e8 100644 --- a/nixos/modules/services/x11/compton.nix +++ b/nixos/modules/services/x11/compton.nix @@ -7,57 +7,35 @@ let cfg = config.services.compton; - literalAttrs = v: - if isString v then toString v - else if isAttrs v then "{\n" - + concatStringsSep "\n" (mapAttrsToList - (name: value: "${literalAttrs name} = ${literalAttrs value};") - v) - + "\n}" - else generators.toPretty {} v; + pairOf = x: with types; addCheck (listOf x) (y: length y == 2); floatBetween = a: b: with lib; with types; addCheck str (x: versionAtLeast x a && versionOlder x b); - pairOf = x: with types; addCheck (listOf x) (y: length y == 2); - - opacityRules = optionalString (length cfg.opacityRules != 0) - (concatMapStringsSep ",\n" (rule: ''"${rule}"'') cfg.opacityRules); - - configFile = pkgs.writeText "compton.conf" - (optionalString cfg.fade '' - # fading - fading = true; - fade-delta = ${toString cfg.fadeDelta}; - fade-in-step = ${elemAt cfg.fadeSteps 0}; - fade-out-step = ${elemAt cfg.fadeSteps 1}; - fade-exclude = ${toJSON cfg.fadeExclude}; - '' + optionalString cfg.shadow '' - - # shadows - shadow = true; - shadow-offset-x = ${toString (elemAt cfg.shadowOffsets 0)}; - shadow-offset-y = ${toString (elemAt cfg.shadowOffsets 1)}; - shadow-opacity = ${cfg.shadowOpacity}; - shadow-exclude = ${toJSON cfg.shadowExclude}; - '' + '' - - # opacity - active-opacity = ${cfg.activeOpacity}; - inactive-opacity = ${cfg.inactiveOpacity}; - - wintypes: - ${literalAttrs cfg.wintypes}; - - opacity-rule = [ - ${opacityRules} - ]; - - # other options - backend = ${toJSON cfg.backend}; - vsync = ${boolToString cfg.vSync}; - refresh-rate = ${toString cfg.refreshRate}; - '' + cfg.extraOptions); + toConf = attrs: concatStringsSep "\n" + (mapAttrsToList + (k: v: let + sep = if isAttrs v then ":" else "="; + # Basically a tinkered lib.generators.mkKeyValueDefault + mkValueString = v: + if isBool v then boolToString v + else if isInt v then toString v + else if isFloat v then toString v + else if isString v then ''"${escape [ ''"'' ] v}"'' + else if isList v then "[ " + + concatMapStringsSep " , " mkValueString v + + " ]" + else if isAttrs v then "{ " + + concatStringsSep " " + (mapAttrsToList + (key: value: "${toString key}=${mkValueString value};") + v) + + " }" + else abort "compton.mkValueString: unexpected type (v = ${v})"; + in "${escape [ sep ] k}${sep}${mkValueString v};") + attrs); + + configFile = pkgs.writeText "compton.conf" (toConf cfg.settings); in { @@ -236,23 +214,13 @@ in { ''; }; - package = mkOption { - type = types.package; - default = pkgs.compton; - defaultText = "pkgs.compton"; - example = literalExample "pkgs.compton"; - description = '' - Compton derivation to use. - ''; - }; - - extraOptions = mkOption { - type = types.lines; - default = ""; - example = '' - unredir-if-possible = true; - dbe = true; - ''; + settings = let + configTypes = with types; either bool (either int (either float str)); + # types.loaOf converts lists to sets + loaOf = t: with types; either (listOf t) (attrsOf t); + in mkOption { + type = loaOf (types.either configTypes (loaOf (types.either configTypes (loaOf configTypes)))); + default = {}; description = '' Additional Compton configuration. ''; @@ -260,6 +228,42 @@ in { }; config = mkIf cfg.enable { + services.compton.settings = let + # Hard conversion to float, literally lib.toInt but toFloat + toFloat = str: let + may_be_float = builtins.fromJSON str; + in if builtins.isFloat may_be_float + then may_be_float + else throw "Could not convert ${str} to float."; + in { + # fading + fading = mkDefault cfg.fade; + fade-delta = mkDefault cfg.fadeDelta; + fade-in-step = mkDefault (toFloat (elemAt cfg.fadeSteps 0)); + fade-out-step = mkDefault (toFloat (elemAt cfg.fadeSteps 1)); + fade-exclude = mkDefault cfg.fadeExclude; + + # shadows + shadow = mkDefault cfg.shadow; + shadow-offset-x = mkDefault (elemAt cfg.shadowOffsets 0); + shadow-offset-y = mkDefault (elemAt cfg.shadowOffsets 1); + shadow-opacity = mkDefault (toFloat cfg.shadowOpacity); + shadow-exclude = mkDefault cfg.shadowExclude; + + # opacity + active-opacity = mkDefault (toFloat cfg.activeOpacity); + inactive-opacity = mkDefault (toFloat cfg.inactiveOpacity); + + wintypes = mkDefault cfg.wintypes; + + opacity-rule = mkDefault cfg.opacityRules; + + # other options + backend = mkDefault cfg.backend; + vsync = mkDefault cfg.vSync; + refresh-rate = mkDefault cfg.refreshRate; + }; + systemd.user.services.compton = { description = "Compton composite manager"; wantedBy = [ "graphical-session.target" ]; @@ -271,13 +275,13 @@ in { }; serviceConfig = { - ExecStart = "${cfg.package}/bin/compton --config ${configFile}"; + ExecStart = "${pkgs.compton}/bin/compton --config ${configFile}"; RestartSec = 3; Restart = "always"; }; }; - environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [ pkgs.compton ]; }; } diff --git a/pkgs/applications/window-managers/compton/default.nix b/pkgs/applications/window-managers/compton/default.nix index e729f786a566..843c331f91cd 100644 --- a/pkgs/applications/window-managers/compton/default.nix +++ b/pkgs/applications/window-managers/compton/default.nix @@ -1,11 +1,11 @@ -{ stdenv, lib, fetchFromGitHub, pkgconfig, asciidoc, docbook_xml_dtd_45 +{ stdenv, lib, fetchFromGitHub, pkgconfig, uthash, asciidoc, docbook_xml_dtd_45 , docbook_xsl, libxslt, libxml2, makeWrapper, meson, ninja , xorgproto, libxcb ,xcbutilrenderutil, xcbutilimage, pixman, libev , dbus, libconfig, libdrm, libGL, pcre, libX11 , libXinerama, libXext, xwininfo, libxdg_basedir }: stdenv.mkDerivation rec { pname = "compton"; - version = "6.2"; + version = "7"; COMPTON_VERSION = "v${version}"; @@ -13,12 +13,14 @@ stdenv.mkDerivation rec { owner = "yshui"; repo = "compton"; rev = COMPTON_VERSION; - sha256 = "03fi9q8zw2qrwpkmy1bnavgfh91ci9in5fdi17g4s5s0n2l7yil7"; + sha256 = "0f23dv2p1snlpzc91v38q6896ncz4zqzmh2d97yf66j78g21awas"; + fetchSubmodules = true; }; nativeBuildInputs = [ meson ninja pkgconfig + uthash asciidoc docbook_xml_dtd_45 docbook_xsl @@ -41,7 +43,7 @@ stdenv.mkDerivation rec { ]; preBuild = '' - git() { echo "v${version}"; } + git() { echo "$COMPTON_VERSION"; } export -f git ''; -- cgit 1.4.1 From 186222ce7b3fdf955afb10e8c95f05bf92aec86d Mon Sep 17 00:00:00 2001 From: Dima <43349662+d-goldin@users.noreply.github.com> Date: Fri, 19 Jul 2019 21:13:57 +0200 Subject: Fixing minor typo in prometheus exporters doc --- nixos/modules/services/monitoring/prometheus/exporters.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index 81ac998729be..d6705ff63985 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -17,7 +17,7 @@ exporter, it provides hardware and OS metrics from the host it's running on. The exporter could be configured as follows: - services.promtheus.exporters.node = { + services.prometheus.exporters.node = { enable = true; enabledCollectors = [ "logind" -- cgit 1.4.1 From 6332bc25cde78d79d70041952f787f31bc12ae00 Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Sat, 20 Jul 2019 17:36:05 +0200 Subject: nixos/bind: allow manual additions to zone config fragments --- nixos/modules/services/networking/bind.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 2097b9a31639..06af4dbcca4e 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -33,7 +33,7 @@ let ${cfg.extraConfig} ${ concatMapStrings - ({ name, file, master ? true, slaves ? [], masters ? [] }: + ({ name, file, master ? true, slaves ? [], masters ? [], extraConfig ? "" }: '' zone "${name}" { type ${if master then "master" else "slave"}; @@ -52,6 +52,7 @@ let '' } allow-query { any; }; + ${extraConfig} }; '') cfg.zones } @@ -131,6 +132,7 @@ in file = "/var/dns/example.com"; masters = ["192.168.0.1"]; slaves = []; + extraConfig = ""; }]; }; -- cgit 1.4.1 From 505df09d502c2f58063828e03e522ffa29d611d1 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 1 Jul 2019 15:55:35 -0400 Subject: nixos/httpd: drop the port option --- nixos/modules/services/web-servers/apache-httpd/default.nix | 9 +++------ .../services/web-servers/apache-httpd/per-server-options.nix | 8 -------- 2 files changed, 3 insertions(+), 14 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index bf99f6c132af..12ff94a1f8f6 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -21,10 +21,9 @@ let else [{ip = "*"; port = 80;}]; getListen = cfg: - let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen; - in if list == [] - then defaultListen cfg - else list; + if cfg.listen == [] + then defaultListen cfg + else cfg.listen; listenToString = l: "${l.ip}:${toString l.port}"; @@ -638,8 +637,6 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); - users.users = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; group = mainCfg.group; diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix index 4bbd041b6e04..536e707137c6 100644 --- a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -24,14 +24,6 @@ with lib; ''; }; - port = mkOption { - type = types.int; - default = 0; - description = '' - Port for the server. Option will be removed, use instead. - ''; - }; - listen = mkOption { type = types.listOf (types.submodule ( { -- cgit 1.4.1 From 0fd69629c703a508a3529463604140caa059e349 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 1 Jul 2019 16:10:14 -0400 Subject: nixos/httpd: mark extraSubservices option as deprecated --- nixos/doc/manual/release-notes/rl-1909.xml | 12 +++++++++--- nixos/modules/services/web-servers/apache-httpd/default.nix | 2 ++ 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index c8739d046386..e04945e27309 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -149,9 +149,15 @@ - Several of the apache subservices have been replaced with full NixOS - modules including LimeSurvey, WordPress, and Zabbix. - These modules can be enabled using the , + The option has been + marked as deprecated. You may still use this feature, but it will be + removed in a future release of NixOS. You are encouraged to convert any + httpd subservices you may have written to a full NixOS module. + + + Most of the httpd subservices packaged with NixOS have been replaced with + full NixOS modules including LimeSurvey, WordPress, and Zabbix. These + modules can be enabled using the , , and options. diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 12ff94a1f8f6..d6cb5bd44719 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -637,6 +637,8 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; + warnings = map (cfg: "apache-httpd's extraSubservices option is deprecated. Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (lib.filter (cfg: cfg.extraSubservices != []) allHosts); + users.users = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; group = mainCfg.group; -- cgit 1.4.1 From 9b970d07f384f31737cb3d598913aba16dbc59bb Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 2 Jul 2019 11:53:45 -0400 Subject: nixos/httpd: drop postgresql reference --- nixos/doc/manual/release-notes/rl-1909.xml | 5 +++++ nixos/modules/services/web-servers/apache-httpd/default.nix | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index e04945e27309..53fec6c9b62f 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -148,6 +148,11 @@ + + The httpd service no longer attempts to start the postgresql service. If you have come to depend + on this behaviour then you can preserve the behavior with the following configuration: + systemd.services.httpd.after = [ "postgresql.service" ]; + The option has been marked as deprecated. You may still use this feature, but it will be diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index d6cb5bd44719..ea9476a7c915 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -671,7 +671,7 @@ in wantedBy = [ "multi-user.target" ]; wants = [ "keys.target" ]; - after = [ "network.target" "fs.target" "postgresql.service" "keys.target" ]; + after = [ "network.target" "fs.target" "keys.target" ]; path = [ httpd pkgs.coreutils pkgs.gnugrep ] -- cgit 1.4.1 From 53841fcea9cbd639dfd30714e48959a9752c5818 Mon Sep 17 00:00:00 2001 From: Anders Lundstedt Date: Fri, 19 Jul 2019 22:13:06 +0200 Subject: nixos/spotifyd: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/audio/spotifyd.nix | 42 +++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 nixos/modules/services/audio/spotifyd.nix (limited to 'nixos/modules/services') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e07fabb348c0..add9483f4a5f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -198,6 +198,7 @@ ./services/audio/slimserver.nix ./services/audio/snapserver.nix ./services/audio/squeezelite.nix + ./services/audio/spotifyd.nix ./services/audio/ympd.nix ./services/backup/automysqlbackup.nix ./services/backup/bacula.nix diff --git a/nixos/modules/services/audio/spotifyd.nix b/nixos/modules/services/audio/spotifyd.nix new file mode 100644 index 000000000000..e3556b2559c2 --- /dev/null +++ b/nixos/modules/services/audio/spotifyd.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.spotifyd; + spotifydConf = pkgs.writeText "spotifyd.conf" cfg.config; +in +{ + options = { + services.spotifyd = { + enable = mkEnableOption "spotifyd, a Spotify playing daemon"; + + config = mkOption { + default = ""; + type = types.lines; + description = '' + Configuration for Spotifyd. For syntax and directives, see + https://github.com/Spotifyd/spotifyd#Configuration. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.spotifyd = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "sound.target" ]; + description = "spotifyd, a Spotify playing daemon"; + serviceConfig = { + ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --cache_path /var/cache/spotifyd --config ${spotifydConf}"; + Restart = "always"; + RestartSec = 12; + DynamicUser = true; + CacheDirectory = "spotifyd"; + SupplementaryGroups = ["audio"]; + }; + }; + }; + + meta.maintainers = [ maintainers.anderslundstedt ]; +} -- cgit 1.4.1 From 01ee2ee2ba5b1d4763c77a6ed46523c17df97167 Mon Sep 17 00:00:00 2001 From: WilliButz Date: Wed, 17 Jul 2019 14:17:58 +0200 Subject: nixos/test: fix prometheus-{bind,varnish}-exporter tests --- nixos/modules/services/monitoring/prometheus/exporters/varnish.nix | 1 - nixos/tests/prometheus-exporters.nix | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix index aaed76175b84..924689dc994b 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix @@ -68,7 +68,6 @@ in serviceOpts = { path = [ pkgs.varnish ]; serviceConfig = { - DynamicUser = true; RestartSec = mkDefault 1; ExecStart = '' ${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \ diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 9a85501d15f8..fb01b5018214 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -73,7 +73,7 @@ let exporterTest = '' waitForUnit("prometheus-bind-exporter.service"); waitForOpenPort(9119); - succeed("curl -sSf http://localhost:9119/metrics" | grep -q 'bind_query_recursions_total 0'); + succeed("curl -sSf http://localhost:9119/metrics | grep -q 'bind_query_recursions_total 0'"); ''; }; @@ -311,6 +311,7 @@ let }; exporterTest = '' waitForUnit("prometheus-varnish-exporter.service"); + waitForOpenPort(6081); waitForOpenPort(9131); succeed("curl -sSf http://localhost:9131/metrics | grep -q 'varnish_up 1'"); ''; -- cgit 1.4.1 From 774221191dcd9614b8316cc00bbd7e4a7604ae2c Mon Sep 17 00:00:00 2001 From: WilliButz Date: Wed, 17 Jul 2019 14:19:18 +0200 Subject: nixos/prometheus-exporters: refactor imports, replace 'with lib;' Pass through 'options' to exporter definitions and replace 'with lib;' by explicit function imports. --- .../services/monitoring/prometheus/exporters.nix | 49 ++++++++++++---------- .../monitoring/prometheus/exporters/bind.nix | 2 +- .../monitoring/prometheus/exporters/blackbox.nix | 2 +- .../monitoring/prometheus/exporters/collectd.nix | 2 +- .../monitoring/prometheus/exporters/dnsmasq.nix | 2 +- .../monitoring/prometheus/exporters/dovecot.nix | 2 +- .../monitoring/prometheus/exporters/fritzbox.nix | 2 +- .../monitoring/prometheus/exporters/json.nix | 2 +- .../monitoring/prometheus/exporters/minio.nix | 2 +- .../monitoring/prometheus/exporters/nginx.nix | 2 +- .../monitoring/prometheus/exporters/node.nix | 2 +- .../monitoring/prometheus/exporters/postfix.nix | 2 +- .../monitoring/prometheus/exporters/snmp.nix | 2 +- .../monitoring/prometheus/exporters/surfboard.nix | 2 +- .../monitoring/prometheus/exporters/tor.nix | 2 +- .../monitoring/prometheus/exporters/unifi.nix | 2 +- .../monitoring/prometheus/exporters/varnish.nix | 2 +- .../monitoring/prometheus/exporters/wireguard.nix | 2 +- 18 files changed, 44 insertions(+), 39 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 20e7eba43412..e7cc7448c891 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -1,8 +1,10 @@ -{ config, pkgs, lib, ... }: - -with lib; +{ config, pkgs, lib, options, ... }: let + inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers + mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption + optional types; + cfg = config.services.prometheus.exporters; # each attribute in `exporterOpts` is expected to have specified: @@ -17,25 +19,28 @@ let # Note that `extraOpts` is optional, but a script for the exporter's # systemd service must be provided by specifying either # `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart` - exporterOpts = { - blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; }; - collectd = import ./exporters/collectd.nix { inherit config lib pkgs; }; - dnsmasq = import ./exporters/dnsmasq.nix { inherit config lib pkgs; }; - dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; }; - fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; }; - json = import ./exporters/json.nix { inherit config lib pkgs; }; - minio = import ./exporters/minio.nix { inherit config lib pkgs; }; - nginx = import ./exporters/nginx.nix { inherit config lib pkgs; }; - node = import ./exporters/node.nix { inherit config lib pkgs; }; - postfix = import ./exporters/postfix.nix { inherit config lib pkgs; }; - snmp = import ./exporters/snmp.nix { inherit config lib pkgs; }; - surfboard = import ./exporters/surfboard.nix { inherit config lib pkgs; }; - tor = import ./exporters/tor.nix { inherit config lib pkgs; }; - unifi = import ./exporters/unifi.nix { inherit config lib pkgs; }; - varnish = import ./exporters/varnish.nix { inherit config lib pkgs; }; - bind = import ./exporters/bind.nix { inherit config lib pkgs; }; - wireguard = import ./exporters/wireguard.nix { inherit config lib pkgs; }; - }; + + exporterOpts = genAttrs [ + "bind" + "blackbox" + "collectd" + "dnsmasq" + "dovecot" + "fritzbox" + "json" + "minio" + "nginx" + "node" + "postfix" + "snmp" + "surfboard" + "tor" + "unifi" + "varnish" + "wireguard" + ] (name: + import (./. + "/exporters/${name}.nix") { inherit config lib pkgs options; } + ); mkExporterOpts = ({ name, port }: { enable = mkEnableOption "the prometheus ${name} exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/bind.nix b/nixos/modules/services/monitoring/prometheus/exporters/bind.nix index a9746c4d65d5..7bcd03e0706d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/bind.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/bind.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix index d09d1c4f3663..bf78cb15ad92 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix b/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix index 0eba3527162d..8c8ea08b5d42 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix b/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix index b1fab85109af..1b2ab93b302c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix index c47e87a3dc35..039242b730c6 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix b/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix index 530206681d36..f2f7dcf06a8d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/json.nix b/nixos/modules/services/monitoring/prometheus/exporters/json.nix index a5494e85e016..c0b677f2f62d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/json.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/json.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/minio.nix b/nixos/modules/services/monitoring/prometheus/exporters/minio.nix index 3cc4ffdbc8fd..2ecc62b0d79a 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/minio.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/minio.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix index 431dd8b4ead7..519bd9efca26 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix index 8c4128f9b634..2477e69ea267 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix index efe78ebcba86..963fa7592565 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index 0d9194124325..4361c3543ba1 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix b/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix index 715dba06a3dc..197a0a949e0d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/tor.nix b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix index e0ae83802425..4a59e83fc2e8 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/tor.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix b/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix index 011dcbe208e4..696c2fe35353 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix index 924689dc994b..f38221527b32 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index eae7a61297d1..5aed4a3a966d 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; -- cgit 1.4.1 From fb6f0a48bbe439e9fd34e365308f36e2cd395026 Mon Sep 17 00:00:00 2001 From: WilliButz Date: Wed, 17 Jul 2019 14:33:40 +0200 Subject: nixos/prometheus-exporters: add option renaming for submodules Adds the functionality to create option renamings and removals for exporter submodules as in nixos/modules/rename.nix. --- .../services/monitoring/prometheus/exporters.nix | 7 ++-- .../services/monitoring/prometheus/exporters.xml | 40 +++++++++++++++++++++- 2 files changed, 44 insertions(+), 3 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index e7cc7448c891..802281e71643 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -102,9 +102,10 @@ let }; }); - mkSubModule = { name, port, extraOpts, ... }: { + mkSubModule = { name, port, extraOpts, imports }: { ${name} = mkOption { type = types.submodule { + inherit imports; options = (mkExporterOpts { inherit name port; } // extraOpts); @@ -117,13 +118,15 @@ let mkSubModules = (foldl' (a: b: a//b) {} (mapAttrsToList (name: opts: mkSubModule { inherit name; - inherit (opts) port serviceOpts; + inherit (opts) port; extraOpts = opts.extraOpts or {}; + imports = opts.imports or []; }) exporterOpts) ); mkExporterConf = { name, conf, serviceOpts }: mkIf conf.enable { + warnings = conf.warnings or []; networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ "ip46tables -A nixos-fw ${conf.firewallFilter} " "-m comment --comment ${name}-exporter -j nixos-fw-accept" diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index 81ac998729be..616f29e8dd05 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -113,7 +113,7 @@ specific options and configuration: # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix -{ config, lib, pkgs }: +{ config, lib, pkgs, options }: with lib; @@ -184,4 +184,42 @@ in +
+ Updating an exporter module + + Should an exporter option change at some point, it is possible to add + information about the change to the exporter definition similar to + nixpkgs/nixos/modules/rename.nix: + +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.nginx; +in +{ + port = 9113; + extraOpts = { + # additional module options + # ... + }; + serviceOpts = { + # service configuration + # ... + }; + imports = [ + # 'services.prometheus.exporters.nginx.telemetryEndpoint' -> 'services.prometheus.exporters.nginx.telemetryPath' + (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ]) + + # removed option 'services.prometheus.exporters.nginx.insecure' + (mkRemovedOptionModule [ "insecure" ] '' + This option was replaced by 'prometheus.exporters.nginx.sslVerify' which defaults to true. + '') + ({ options.warnings = options.warnings; }) + ]; +} + + +
-- cgit 1.4.1 From c64f621bfd6f8746eb8441872492173cfb12e8c9 Mon Sep 17 00:00:00 2001 From: WilliButz Date: Wed, 17 Jul 2019 14:36:37 +0200 Subject: nixos/prometheus-nginx-exporter: update module Update exporter submodule to match the new exporter version. --- .../monitoring/prometheus/exporters/nginx.nix | 24 ++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix index 519bd9efca26..7d819b04adaa 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix @@ -16,32 +16,40 @@ in Can be enabled with services.nginx.statusPage = true. ''; }; - telemetryEndpoint = mkOption { + telemetryPath = mkOption { type = types.str; default = "/metrics"; description = '' Path under which to expose metrics. ''; }; - insecure = mkOption { + sslVerify = mkOption { type = types.bool; default = true; description = '' - Ignore server certificate if using https. + Whether to perform certificate verification for https. ''; }; + }; serviceOpts = { serviceConfig = { DynamicUser = true; ExecStart = '' - ${pkgs.prometheus-nginx-exporter}/bin/nginx_exporter \ - --nginx.scrape_uri '${cfg.scrapeUri}' \ - --telemetry.address ${cfg.listenAddress}:${toString cfg.port} \ - --telemetry.endpoint ${cfg.telemetryEndpoint} \ - --insecure ${toString cfg.insecure} \ + ${pkgs.prometheus-nginx-exporter}/bin/nginx-prometheus-exporter \ + --nginx.scrape-uri '${cfg.scrapeUri}' \ + --nginx.ssl-verify ${toString cfg.sslVerify} \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --web.telemetry-path ${cfg.telemetryPath} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; }; }; + imports = [ + (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ]) + (mkRemovedOptionModule [ "insecure" ] '' + This option was replaced by 'prometheus.exporters.nginx.sslVerify'. + '') + ({ options.warnings = options.warnings; }) + ]; } -- cgit 1.4.1 From 3944aa051ca503e255a9da5cf03a58faf6dec268 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 28 Jun 2019 17:54:11 +0200 Subject: nixos/nextcloud: write config to additional config file One of the main problems of the Nextcloud module is that it's currently not possible to alter e.g. database configuration after the initial setup as it's written by their imperative installer to a file. After some research[1] it turned out that it's possible to override all values with an additional config file. The documentation has been slightly updated to remain up-to-date, but the warnings should remain there as the imperative configuration is still used and may cause unwanted side-effects. Also simplified the postgresql test which uses `ensure{Databases,Users}` to configure the database. Fixes #49783 [1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922 --- nixos/doc/manual/release-notes/rl-1909.xml | 9 +++ nixos/modules/services/web-apps/nextcloud.nix | 33 +++++++++-- nixos/modules/services/web-apps/nextcloud.xml | 64 ++++++++++------------ .../tests/nextcloud/with-postgresql-and-redis.nix | 15 +++-- 4 files changed, 74 insertions(+), 47 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 8cb8bba6263d..77ba31811648 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -354,6 +354,15 @@ The tomcat-connector httpd.extraSubservice has been removed from nixpkgs. + + + It's now possible to change configuration in + services.nextcloud after the initial deploy + since all config parameters are persisted in an additional config file generated by the module. + Previously core configuration like database parameters were set using their imperative + installer after creating /var/lib/nextcloud. + + diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index fa9a36d11892..7051b73fb57c 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -297,8 +297,23 @@ in { systemd.services = { "nextcloud-setup" = let + c = cfg.config; + writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; overrideConfig = pkgs.writeText "nextcloud-config.php" '' [ [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], @@ -309,19 +324,27 @@ in { ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} 'log_type' => 'syslog', 'log_level' => '${builtins.toString cfg.logLevel}', - ${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"} + ${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"} + ${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"} + ${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"} + ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"} + ${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"} + ${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"} + ${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"} + ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"} + 'dbtype' => '${c.dbtype}', + 'trusted_domains' => ${writePhpArrary c.extraTrustedDomains}, ]; ''; occInstallCmd = let - c = cfg.config; - adminpass = if c.adminpassFile != null - then ''"$(<"${toString c.adminpassFile}")"'' - else ''"${toString c.adminpass}"''; dbpass = if c.dbpassFile != null then ''"$(<"${toString c.dbpassFile}")"'' else if c.dbpass != null then ''"${toString c.dbpass}"'' else null; + adminpass = if c.adminpassFile != null + then ''"$(<"${toString c.adminpassFile}")"'' + else ''"${toString c.adminpass}"''; installFlags = concatStringsSep " \\\n " (mapAttrsToList (k: v: "${k} ${toString v}") { "--database" = ''"${c.dbtype}"''; diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index d78d866086a6..d66e0f0c2997 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -42,10 +42,12 @@ services.postgresql = { enable = true; - initialScript = pkgs.writeText "psql-init" '' - CREATE ROLE nextcloud WITH LOGIN; - CREATE DATABASE nextcloud WITH OWNER nextcloud; - ''; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; }; # ensure that postgres is running *before* running the setup @@ -63,17 +65,22 @@ are used internally to configure an HTTP server using PHP-FPM and nginx. The config attribute set is - used for the config.php which is used for the - application's configuration. Beware: this isn't entirely pure - since the config is modified by the application's runtime! + used by the imperative installer and all values are written to an additional file + to ensure that changes can be applied by changing the module's options. - In case the application serves multiple hosts (those are checked with + In case the application serves multiple domains (those are checked with $_SERVER['HTTP_HOST']) - those can be added using + it's needed to add them to services.nextcloud.config.extraTrustedDomains. + + + Auto updates for Nextcloud apps can be enabled using + services.nextcloud.autoUpdateApps. + +
Pitfalls @@ -87,35 +94,24 @@ - Right now changes to the services.nextcloud.config - attribute set won't take effect after the first install (except - services.nextcloud.config.extraTrustedDomains) - since the actual configuration file is generated by the NextCloud installer - which also sets up critical parts such as the database structure. + All configuration parameters are also stored in + /var/lib/nextcloud/config/override.config.php which is generated by + the module and linked from the store to ensure that all values from config.php + can be modified by the module. + However config.php manages the application's state and shouldn't be touched + manually because of that. - - Warning: don't delete config.php! This file + + Don't delete config.php! This file tracks the application's state and a deletion can cause unwanted - side-effects! - + side-effects! + - - Warning: don't rerun nextcloud-occ + + Don't rerun nextcloud-occ maintenance:install! This command tries to install the application - and can cause unwanted side-effects! - - - - The issues are known and reported in - #49783, - for now it's unfortunately necessary to manually work around these issues. - - - - Right now app installation and configuration is done imperatively in the nextcloud web ui or via the nextcloud-occ command line utility. - You can activate auto updates for your apps via - services.nextcloud.autoUpdateApps. - + and can cause unwanted side-effects! +
diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 0351d4db69ac..8a840a608753 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -27,10 +27,7 @@ in { dbtype = "pgsql"; dbname = "nextcloud"; dbuser = "nextcloud"; - dbhost = "localhost"; - dbpassFile = toString (pkgs.writeText "db-pass-file" '' - hunter2 - ''); + dbhost = "/run/postgresql"; inherit adminuser; adminpassFile = toString (pkgs.writeText "admin-pass-file" '' ${adminpass} @@ -84,10 +81,12 @@ in { services.postgresql = { enable = true; - initialScript = pkgs.writeText "psql-init" '' - create role nextcloud with login password 'hunter2'; - create database nextcloud with owner nextcloud; - ''; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; }; }; }; -- cgit 1.4.1 From bbd4a0c1001a2cce7457c8ae2a8f8ef905daa424 Mon Sep 17 00:00:00 2001 From: Johan Thomsen Date: Fri, 19 Jul 2019 14:16:15 +0200 Subject: nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images --- nixos/modules/services/misc/gitlab.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 52589b593b44..9fce9419a1af 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -585,6 +585,7 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = with pkgs; [ + exiftool gitAndTools.git gnutar gzip -- cgit 1.4.1 From 5ccfa0c816860a32e2687a034d6bd8bbd6ed2709 Mon Sep 17 00:00:00 2001 From: steve-chavez Date: Tue, 29 Jan 2019 20:38:47 -0500 Subject: nixos/modules: add greenclip user service --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/greenclip.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 nixos/modules/services/misc/greenclip.nix (limited to 'nixos/modules/services') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1b944199a66c..0b8ed530889f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -422,6 +422,7 @@ ./services/misc/gollum.nix ./services/misc/gpsd.nix ./services/misc/headphones.nix + ./services/misc/greenclip.nix ./services/misc/home-assistant.nix ./services/misc/ihaskell.nix ./services/misc/irkerd.nix diff --git a/nixos/modules/services/misc/greenclip.nix b/nixos/modules/services/misc/greenclip.nix new file mode 100644 index 000000000000..21d8365697a0 --- /dev/null +++ b/nixos/modules/services/misc/greenclip.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.greenclip; +in { + + options.services.greenclip = { + enable = mkEnableOption "Whether to enable the greenclip daemon that will listen to selections"; + + package = mkOption { + type = types.package; + default = pkgs.haskellPackages.greenclip; + defaultText = "pkgs.haskellPackages.greenclip"; + description = "greenclip derivation to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.user.services.greenclip = { + enable = true; + description = "greenclip daemon"; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig.ExecStart = "${cfg.package}/bin/greenclip daemon"; + }; + + environment.systemPackages = [ cfg.package ]; + }; +} -- cgit 1.4.1 From dfd3a0269cc9b9ca4cd03e8c1799e103ebc203e0 Mon Sep 17 00:00:00 2001 From: steve-chavez Date: Mon, 22 Jul 2019 19:50:21 -0500 Subject: Shorten mkEnableOption description --- nixos/modules/services/misc/greenclip.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/misc/greenclip.nix b/nixos/modules/services/misc/greenclip.nix index 21d8365697a0..9152a782d7f0 100644 --- a/nixos/modules/services/misc/greenclip.nix +++ b/nixos/modules/services/misc/greenclip.nix @@ -7,7 +7,7 @@ let in { options.services.greenclip = { - enable = mkEnableOption "Whether to enable the greenclip daemon that will listen to selections"; + enable = mkEnableOption "Greenclip daemon"; package = mkOption { type = types.package; -- cgit 1.4.1 From 356d9ad758b75674108cb0fbe22238acf260816d Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Tue, 23 Jul 2019 03:43:21 -0400 Subject: nixos/pantheon: don't add extraPortals Pantheon's XDG Portal is still WIP and we it's probably not proper to use gtk's one. --- nixos/modules/services/x11/desktop-managers/pantheon.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index c0eae1eb8d44..41903b33fae9 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -145,8 +145,6 @@ in isSystem = true; }; - xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; - networking.networkmanager.enable = mkDefault true; networking.networkmanager.basePackages = { inherit (pkgs) networkmanager modemmanager wpa_supplicant; -- cgit 1.4.1 From d54e52276bc381fd7093d44884fe4c6ad9629ad6 Mon Sep 17 00:00:00 2001 From: Danylo Hlynskyi Date: Tue, 23 Jul 2019 14:17:14 +0300 Subject: postgresql: update docs https://github.com/NixOS/nixpkgs/issues/32156 --- nixos/modules/services/databases/postgresql.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 02db47568d33..72d4a8249a32 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -52,7 +52,7 @@ Type "help" for help. By default, PostgreSQL stores its databases in - /var/db/postgresql. You can override this using + /var/lib/postgresql/$psqlSchema. You can override this using , e.g. = "/data/postgresql"; -- cgit 1.4.1 From 37a2f058ed7ee008a8363933617ccb07db140541 Mon Sep 17 00:00:00 2001 From: Mrmaxmeier Date: Mon, 22 Jul 2019 18:52:20 +0200 Subject: nixos/thelounge: init The Lounge is the official and community-managed fork of Shout. This intends to replace the `shout` service. --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/thelounge.nix | 75 +++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 nixos/modules/services/networking/thelounge.nix (limited to 'nixos/modules/services') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0b8ed530889f..5041e49db1da 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -692,6 +692,7 @@ ./services/networking/tcpcrypt.nix ./services/networking/teamspeak3.nix ./services/networking/tedicross.nix + ./services/networking/thelounge.nix ./services/networking/tinc.nix ./services/networking/tinydns.nix ./services/networking/tftpd.nix diff --git a/nixos/modules/services/networking/thelounge.nix b/nixos/modules/services/networking/thelounge.nix new file mode 100644 index 000000000000..b1d23372955e --- /dev/null +++ b/nixos/modules/services/networking/thelounge.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, config, ... }: + +with lib; + +let + cfg = config.services.thelounge; + dataDir = "/var/lib/thelounge"; + configJsData = "module.exports = " + builtins.toJSON ( + { private = cfg.private; port = cfg.port; } // cfg.extraConfig + ); +in { + options.services.thelounge = { + enable = mkEnableOption "The Lounge web IRC client"; + + private = mkOption { + type = types.bool; + default = false; + description = '' + Make your The Lounge instance private. You will need to configure user + accounts by using the (thelounge) command or by adding + entries in ${dataDir}/users. You might need to restart + The Lounge after making changes to the state directory. + ''; + }; + + port = mkOption { + type = types.port; + default = 9000; + description = "TCP port to listen on for http connections."; + }; + + extraConfig = mkOption { + default = {}; + type = types.attrs; + example = literalExample ''{ + reverseProxy = true; + defaults = { + name = "Your Network"; + host = "localhost"; + port = 6697; + }; + }''; + description = '' + The Lounge's config.js contents as attribute set (will be + converted to JSON to generate the configuration file). + + The options defined here will be merged to the default configuration file. + Note: In case of duplicate configuration, options from have priority. + + Documentation: + ''; + }; + }; + + config = mkIf cfg.enable { + users.users.thelounge = { + description = "thelounge service user"; + group = "thelounge"; + }; + users.groups.thelounge = {}; + systemd.services.thelounge = { + description = "The Lounge web IRC client"; + wantedBy = [ "multi-user.target" ]; + environment = { THELOUNGE_HOME = dataDir; }; + preStart = "ln -sf ${pkgs.writeText "config.js" configJsData} ${dataDir}/config.js"; + serviceConfig = { + User = "thelounge"; + StateDirectory = baseNameOf dataDir; + ExecStart = "${pkgs.thelounge}/bin/thelounge start"; + }; + }; + + environment.systemPackages = [ pkgs.thelounge ]; + }; +} -- cgit 1.4.1 From c5e515f5c7bd0bfdd1ab90500225e2d26f5a6cbb Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Tue, 23 Jul 2019 13:15:27 +0200 Subject: nixos/nextcloud: fix inclusion of trusted_domains in override config Regression I caused with 3944aa051ca503e255a9da5cf03a58faf6dec268, sorry for this! The Nextcloud installer broke back then because `trusted_domains` was an empty value by default (a.k.a an empty array) which seemed to break the config merger of Nextcloud as Nextcloud doesn't do recursive merging and now no domain was trusted because of that, hence Nextcloud was unreachable for the `curl` call. --- nixos/modules/services/web-apps/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 7051b73fb57c..a0214a75d93e 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -333,7 +333,7 @@ in { ${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"} ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"} 'dbtype' => '${c.dbtype}', - 'trusted_domains' => ${writePhpArrary c.extraTrustedDomains}, + 'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)}, ]; ''; occInstallCmd = let -- cgit 1.4.1