From 478e7184f88db1364cc75107036f7c4decc0cc41 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Thu, 8 Aug 2019 22:48:27 +0200 Subject: nixos/modules: Remove all usages of types.string And replace them with a more appropriate type Also fix up some minor module problems along the way --- nixos/modules/virtualisation/anbox.nix | 2 +- nixos/modules/virtualisation/containers.nix | 8 ++++---- nixos/modules/virtualisation/kvmgt.nix | 4 ++-- nixos/modules/virtualisation/xen-dom0.nix | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/anbox.nix b/nixos/modules/virtualisation/anbox.nix index c63b971ead02..da5df3580734 100644 --- a/nixos/modules/virtualisation/anbox.nix +++ b/nixos/modules/virtualisation/anbox.nix @@ -56,7 +56,7 @@ in dns = mkOption { default = "1.1.1.1"; - type = types.string; + type = types.str; description = '' Container DNS server. ''; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index b61558b22019..0c0d8551e4aa 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -337,7 +337,7 @@ let networkOptions = { hostBridge = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "br0"; description = '' @@ -387,7 +387,7 @@ let }; hostAddress6 = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "fc00::1"; description = '' @@ -409,7 +409,7 @@ let }; localAddress6 = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "fc00::2"; description = '' @@ -565,7 +565,7 @@ in }; interfaces = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; description = '' diff --git a/nixos/modules/virtualisation/kvmgt.nix b/nixos/modules/virtualisation/kvmgt.nix index 289e26e17035..78753da55328 100644 --- a/nixos/modules/virtualisation/kvmgt.nix +++ b/nixos/modules/virtualisation/kvmgt.nix @@ -9,7 +9,7 @@ let vgpuOptions = { uuid = mkOption { - type = types.string; + type = types.str; description = "UUID of VGPU device. You can generate one with libossp_uuid."; }; }; @@ -23,7 +23,7 @@ in { ''; # multi GPU support is under the question device = mkOption { - type = types.string; + type = types.str; default = "0000:00:02.0"; description = "PCI ID of graphics card. You can figure it with ls /sys/class/mdev_bus."; }; diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index 70e575b6c0d2..06d5c63476f9 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -119,7 +119,7 @@ in virtualisation.xen.domains = { extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; description = '' -- cgit 1.4.1 From bbb525d541c0dc30af4885de2623f007ad58f361 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 31 Aug 2019 22:21:33 +0200 Subject: google-compute-config: remove amazon pv-grub comment --- nixos/modules/virtualisation/google-compute-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 79766970c757..df05328b8b86 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -21,7 +21,7 @@ in boot.initrd.kernelModules = [ "virtio_scsi" ]; boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. + # Generate a GRUB menu. boot.loader.grub.device = "/dev/sda"; boot.loader.timeout = 0; -- cgit 1.4.1 From a811437e6ebf93d62552d0a2a7495c0f75952f59 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 31 Aug 2019 22:22:47 +0200 Subject: google-compute-config.nix: update comment about ssh login also move OS Login next to it, for better understandability --- nixos/modules/virtualisation/google-compute-config.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index df05328b8b86..827e7efdb351 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -29,12 +29,16 @@ in # way to select them anyway. boot.loader.grub.configurationLimit = 0; - # Allow root logins only using the SSH key that the user specified - # at instance creation time. + # Allow root logins only using SSH keys + # and disable password authentication in general services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = mkDefault false; + # enable OS Login. This also requires setting enable-oslogin=TRUE metadata on + # instance or project level + security.googleOsLogin.enable = true; + # Use GCE udev rules for dynamic disk volumes services.udev.packages = [ gce ]; @@ -65,8 +69,6 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - security.googleOsLogin.enable = true; - systemd.services.google-clock-skew-daemon = { description = "Google Compute Engine Clock Skew Daemon"; after = [ -- cgit 1.4.1 From 106a1fe265b6314ee20e5f0822676e6a6877803a Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 31 Aug 2019 22:42:34 +0200 Subject: google-compute-config: sync with upstream units With local-fs.target part of sysinit.target (https://github.com/NixOS/nixpkgs/pull/61321), we don't need to add it explicitly to certain units anymore, and can change dependencies like they are in other distros (I picked from Google's official CentOS 7 image here). Like them, use StandardOutput=journal+console to pipe google-*.service output to the serial console as well. --- .../virtualisation/google-compute-config.nix | 67 ++++++++++------------ 1 file changed, 30 insertions(+), 37 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 827e7efdb351..61bced598620 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -69,86 +69,79 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - systemd.services.google-instance-setup = { description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; + after = [ "network-online.target" "network.target" "rsyslog.service" ]; + before = [ "sshd.service" ]; path = with pkgs; [ ethtool openssh ]; serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; + ExecStart = "${gce}/bin/google_instance_setup"; + StandardOutput="journal+console"; Type = "oneshot"; }; + wantedBy = [ "sshd.service" "multi-user.target" ]; }; systemd.services.google-network-daemon = { description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "network.target" "google-instance-setup.service" ]; path = with pkgs; [ iproute ]; serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; + ExecStart = "${gce}/bin/google_network_daemon"; + StandardOutput="journal+console"; + Type="simple"; }; + wantedBy = [ "multi-user.target" ]; }; + systemd.services.google-clock-skew-daemon = { + description = "Google Compute Engine Clock Skew Daemon"; + after = [ "network.target" "google-instance-setup.service" "google-network-daemon.service" ]; + serviceConfig = { + ExecStart = "${gce}/bin/google_clock_skew_daemon"; + StandardOutput="journal+console"; + Type = "simple"; + }; + wantedBy = ["multi-user.target"]; + }; + + systemd.services.google-shutdown-scripts = { description = "Google Compute Engine Shutdown Scripts"; after = [ - "local-fs.target" "network-online.target" "network.target" "rsyslog.service" - "systemd-resolved.service" "google-instance-setup.service" "google-network-daemon.service" ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; + ExecStop = "${gce}/bin/google_metadata_script_runner --script-type shutdown"; RemainAfterExit = true; - TimeoutStopSec = "infinity"; + StandardOutput="journal+console"; + TimeoutStopSec = "0"; + Type = "oneshot"; }; + wantedBy = [ "multi-user.target" ]; }; systemd.services.google-startup-scripts = { description = "Google Compute Engine Startup Scripts"; after = [ - "local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service" "google-network-daemon.service" ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; + ExecStart = "${gce}/bin/google_metadata_script_runner --script-type startup"; KillMode = "process"; + StandardOutput = "journal+console"; Type = "oneshot"; }; + wantedBy = [ "multi-user.target" ]; }; -- cgit 1.4.1 From d658dd4ce0bf1c9b0206b1cb737ea3bfb4fdd6dd Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 1 Sep 2019 00:28:28 +0200 Subject: google-compute-config.nix: add coreutils to google-instance-setup's $PATH It executes bin/google_set_multiqueue which will execute basename --- nixos/modules/virtualisation/google-compute-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 61bced598620..41fbf4702e86 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -73,7 +73,7 @@ in description = "Google Compute Engine Instance Setup"; after = [ "network-online.target" "network.target" "rsyslog.service" ]; before = [ "sshd.service" ]; - path = with pkgs; [ ethtool openssh ]; + path = with pkgs; [ coreutils ethtool openssh ]; serviceConfig = { ExecStart = "${gce}/bin/google_instance_setup"; StandardOutput="journal+console"; -- cgit 1.4.1 From e95d4c734acf71813c33872c7f1a09bd13abd96d Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 1 Sep 2019 02:55:28 +0200 Subject: google-compute-config.nix: use sysctl snippets from gce We make them available at ${gce}/sysctl.d and add them to environments.etc, like we do with the systemd ones. --- .../virtualisation/google-compute-config.nix | 78 +--------------------- .../google-compute-engine/default.nix | 4 ++ 2 files changed, 5 insertions(+), 77 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 41fbf4702e86..327324f2921d 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -144,81 +144,5 @@ in wantedBy = [ "multi-user.target" ]; }; - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # strict reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # strict path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - - }; - + environment.etc."sysctl.d/11-gce-network-security.conf".source = "${gce}/sysctl.d/11-gce-network-security.conf"; } diff --git a/pkgs/tools/virtualization/google-compute-engine/default.nix b/pkgs/tools/virtualization/google-compute-engine/default.nix index d4c817b7ecb7..48255ca68a73 100644 --- a/pkgs/tools/virtualization/google-compute-engine/default.nix +++ b/pkgs/tools/virtualization/google-compute-engine/default.nix @@ -46,6 +46,10 @@ buildPythonApplication rec { mkdir -p $out/lib/udev/rules.d cp -r google_config/udev/*.rules $out/lib/udev/rules.d + # sysctl snippets will be used by google-compute-config.nix + mkdir -p $out/sysctl.d + cp google_config/sysctl/*.conf $out/sysctl.d + patchShebangs $out/bin/* ''; -- cgit 1.4.1 From f74735c9d7e7b978827ff17b5f8cb375753dca0b Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 1 Sep 2019 03:07:23 +0200 Subject: nixos: remove dependencies on local-fs.target Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is part of sysinit.target again, meaning units without DefaultDependencies=no will automatically depend on it, and the manual set dependencies can be dropped. --- nixos/modules/services/computing/boinc/client.nix | 2 +- .../services/desktops/profile-sync-daemon.nix | 2 +- nixos/modules/services/hardware/triggerhappy.nix | 1 - nixos/modules/services/misc/airsonic.nix | 2 +- nixos/modules/services/misc/mediatomb.nix | 2 +- nixos/modules/services/misc/mwlib.nix | 5 ++--- nixos/modules/services/misc/serviio.nix | 16 ++++++++-------- nixos/modules/services/misc/subsonic.nix | 2 +- .../modules/services/network-filesystems/ceph.nix | 22 +++++++++++----------- .../services/network-filesystems/glusterfs.nix | 2 +- .../modules/services/network-filesystems/ipfs.nix | 7 +++---- nixos/modules/services/networking/aria2.nix | 2 +- .../services/networking/logmein-hamachi.nix | 2 +- nixos/modules/services/networking/minidlna.nix | 2 +- nixos/modules/services/networking/resilio.nix | 2 +- nixos/modules/services/scheduling/fcron.nix | 1 - nixos/modules/services/security/tor.nix | 1 - nixos/modules/services/security/usbguard.nix | 2 +- nixos/modules/services/system/cgmanager.nix | 1 - nixos/modules/services/system/cloud-init.nix | 6 ++---- nixos/modules/services/torrent/transmission.nix | 2 +- nixos/modules/services/x11/xserver.nix | 2 +- nixos/modules/virtualisation/azure-agent.nix | 1 - nixos/modules/virtualisation/azure-image.nix | 1 - nixos/tests/hocker-fetchdocker/machine.nix | 4 ++-- 25 files changed, 41 insertions(+), 51 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index 7022751b3f01..a7edac025384 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -111,7 +111,7 @@ in systemd.services.boinc = { description = "BOINC Client"; - after = ["network.target" "local-fs.target"]; + after = ["network.target"]; wantedBy = ["multi-user.target"]; script = '' ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag} diff --git a/nixos/modules/services/desktops/profile-sync-daemon.nix b/nixos/modules/services/desktops/profile-sync-daemon.nix index e4e47cfbd438..a8ac22ac1276 100644 --- a/nixos/modules/services/desktops/profile-sync-daemon.nix +++ b/nixos/modules/services/desktops/profile-sync-daemon.nix @@ -34,7 +34,7 @@ in { psd = { enable = true; description = "Profile Sync daemon"; - wants = [ "psd-resync.service" "local-fs.target" ]; + wants = [ "psd-resync.service" ]; wantedBy = [ "default.target" ]; path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ]; unitConfig = { diff --git a/nixos/modules/services/hardware/triggerhappy.nix b/nixos/modules/services/hardware/triggerhappy.nix index a500cb4fc367..f9f5234bdc3f 100644 --- a/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixos/modules/services/hardware/triggerhappy.nix @@ -102,7 +102,6 @@ in systemd.services.triggerhappy = { wantedBy = [ "multi-user.target" ]; - after = [ "local-fs.target" ]; description = "Global hotkey daemon"; serviceConfig = { ExecStart = "${pkgs.triggerhappy}/bin/thd ${optionalString (cfg.user != "root") "--user ${cfg.user}"} --socket ${socket} --triggers ${configFile} --deviceglob /dev/input/event*"; diff --git a/nixos/modules/services/misc/airsonic.nix b/nixos/modules/services/misc/airsonic.nix index 4480445c1eaa..f449ccaa8d2c 100644 --- a/nixos/modules/services/misc/airsonic.nix +++ b/nixos/modules/services/misc/airsonic.nix @@ -105,7 +105,7 @@ in { config = mkIf cfg.enable { systemd.services.airsonic = { description = "Airsonic Media Server"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index dbf12fd1da39..107fb57fe1c4 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -259,7 +259,7 @@ in { config = mkIf cfg.enable { systemd.services.mediatomb = { description = "MediaTomb media Server"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.mediatomb ]; serviceConfig.ExecStart = "${pkgs.mediatomb}/bin/mediatomb -p ${toString cfg.port} ${if cfg.interface!="" then "-e ${cfg.interface}" else ""} ${if cfg.customCfg then "" else "-c ${mtConf}"} -m ${cfg.dataDir}"; diff --git a/nixos/modules/services/misc/mwlib.nix b/nixos/modules/services/misc/mwlib.nix index a8edecff2a1e..6b41b552a86d 100644 --- a/nixos/modules/services/misc/mwlib.nix +++ b/nixos/modules/services/misc/mwlib.nix @@ -165,7 +165,7 @@ in }; # options.services - config = { + config = { systemd.services.mwlib-nserve = mkIf cfg.nserve.enable { @@ -191,7 +191,6 @@ in description = "mwlib job queue server"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; preStart = '' mkdir -pv '${cfg.qserve.datadir}' @@ -218,7 +217,7 @@ in description = "mwlib worker"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; preStart = '' mkdir -pv '${cfg.nslave.cachedir}' diff --git a/nixos/modules/services/misc/serviio.nix b/nixos/modules/services/misc/serviio.nix index 8808f2d21931..9868192724b5 100644 --- a/nixos/modules/services/misc/serviio.nix +++ b/nixos/modules/services/misc/serviio.nix @@ -10,7 +10,7 @@ let #!${pkgs.bash}/bin/sh SERVIIO_HOME=${pkgs.serviio} - + # Setup the classpath SERVIIO_CLASS_PATH="$SERVIIO_HOME/lib/*:$SERVIIO_HOME/config" @@ -21,13 +21,13 @@ let # Execute the JVM in the foreground exec ${pkgs.jre}/bin/java -Xmx512M -Xms20M -XX:+UseG1GC -XX:GCTimeRatio=1 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 $JAVA_OPTS -classpath "$SERVIIO_CLASS_PATH" org.serviio.MediaServer "$@" ''; - + in { ###### interface options = { services.serviio = { - + enable = mkOption { type = types.bool; default = false; @@ -52,7 +52,7 @@ in { config = mkIf cfg.enable { systemd.services.serviio = { description = "Serviio Media Server"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.serviio ]; serviceConfig = { @@ -64,7 +64,7 @@ in { }; users.users = [ - { + { name = "serviio"; group = "serviio"; home = cfg.dataDir; @@ -75,16 +75,16 @@ in { ]; users.groups = [ - { name = "serviio";} + { name = "serviio";} ]; networking.firewall = { - allowedTCPPorts = [ + allowedTCPPorts = [ 8895 # serve UPnP responses 23423 # console 23424 # mediabrowser ]; - allowedUDPPorts = [ + allowedUDPPorts = [ 1900 # UPnP service discovey ]; }; diff --git a/nixos/modules/services/misc/subsonic.nix b/nixos/modules/services/misc/subsonic.nix index c1e1a7f40f0c..152917d345cc 100644 --- a/nixos/modules/services/misc/subsonic.nix +++ b/nixos/modules/services/misc/subsonic.nix @@ -105,7 +105,7 @@ let cfg = config.services.subsonic; in { config = mkIf cfg.enable { systemd.services.subsonic = { description = "Personal media streamer"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; script = '' ${pkgs.jre}/bin/java -Xmx${toString cfg.maxMemory}m \ diff --git a/nixos/modules/services/network-filesystems/ceph.nix b/nixos/modules/services/network-filesystems/ceph.nix index 4e3bc839d400..54841861c081 100644 --- a/nixos/modules/services/network-filesystems/ceph.nix +++ b/nixos/modules/services/network-filesystems/ceph.nix @@ -9,7 +9,7 @@ let translateOption = replaceStrings upperChars (map (s: " ${s}") lowerChars); generateDaemonList = (daemonType: daemons: extraServiceConfig: mkMerge ( - map (daemon: + map (daemon: { "ceph-${daemonType}-${daemon}" = generateServiceFile daemonType daemon cfg.global.clusterName ceph extraServiceConfig; } ) daemons ) @@ -17,8 +17,8 @@ let generateServiceFile = (daemonType: daemonId: clusterName: ceph: extraServiceConfig: { enable = true; description = "Ceph ${builtins.replaceStrings lowerChars upperChars daemonType} daemon ${daemonId}"; - after = [ "network-online.target" "local-fs.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target"; - wants = [ "network-online.target" "local-fs.target" "time-sync.target" ]; + after = [ "network-online.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target"; + wants = [ "network-online.target" "time-sync.target" ]; partOf = [ "ceph-${daemonType}.target" ]; wantedBy = [ "ceph-${daemonType}.target" ]; @@ -41,7 +41,7 @@ let daemonPath="/var/lib/ceph/${if daemonType == "rgw" then "radosgw" else daemonType}/${clusterName}-${daemonId}" if [ ! -d ''$daemonPath ]; then mkdir -m 755 -p ''$daemonPath - chown -R ceph:ceph ''$daemonPath + chown -R ceph:ceph ''$daemonPath fi ''; } // optionalAttrs (daemonType == "osd") { path = [ pkgs.getopt ]; } @@ -55,7 +55,7 @@ let }; } ); -in +in { options.services.ceph = { # Ceph has a monolithic configuration file but different sections for @@ -86,7 +86,7 @@ in type = with types; nullOr commas; default = null; example = '' - node0, node1, node2 + node0, node1, node2 ''; description = '' List of hosts that will be used as monitors at startup. @@ -313,9 +313,9 @@ in } ]; - warnings = optional (cfg.global.monInitialMembers == null) + warnings = optional (cfg.global.monInitialMembers == null) ''Not setting up a list of members in monInitialMembers requires that you set the host variable for each mon daemon or else the cluster won't function''; - + environment.etc."ceph/ceph.conf".text = let # Translate camelCaseOptions to the expected camel case option for ceph.conf translatedGlobalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) cfg.global; @@ -344,13 +344,13 @@ in }; systemd.services = let - services = [] - ++ optional cfg.mon.enable (generateDaemonList "mon" cfg.mon.daemons { RestartSec = "10"; }) + services = [] + ++ optional cfg.mon.enable (generateDaemonList "mon" cfg.mon.daemons { RestartSec = "10"; }) ++ optional cfg.mds.enable (generateDaemonList "mds" cfg.mds.daemons { StartLimitBurst = "3"; }) ++ optional cfg.osd.enable (generateDaemonList "osd" cfg.osd.daemons { StartLimitBurst = "30"; RestartSec = "20s"; }) ++ optional cfg.rgw.enable (generateDaemonList "rgw" cfg.rgw.daemons { }) ++ optional cfg.mgr.enable (generateDaemonList "mgr" cfg.mgr.daemons { StartLimitBurst = "3"; }); - in + in mkMerge services; systemd.targets = let diff --git a/nixos/modules/services/network-filesystems/glusterfs.nix b/nixos/modules/services/network-filesystems/glusterfs.nix index 00875c6c4a18..d70092999f67 100644 --- a/nixos/modules/services/network-filesystems/glusterfs.nix +++ b/nixos/modules/services/network-filesystems/glusterfs.nix @@ -156,7 +156,7 @@ in wantedBy = [ "multi-user.target" ]; requires = lib.optional cfg.useRpcbind "rpcbind.service"; - after = [ "network.target" "local-fs.target" ] ++ lib.optional cfg.useRpcbind "rpcbind.service"; + after = [ "network.target" ] ++ lib.optional cfg.useRpcbind "rpcbind.service"; preStart = '' install -m 0755 -d /var/log/glusterfs diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix index bbbfcf6a4738..b6d881afd7bd 100644 --- a/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixos/modules/services/network-filesystems/ipfs.nix @@ -236,7 +236,6 @@ in { systemd.services.ipfs-init = recursiveUpdate commonEnv { description = "IPFS Initializer"; - after = [ "local-fs.target" ]; before = [ "ipfs.service" "ipfs-offline.service" "ipfs-norouting.service" ]; script = '' @@ -263,21 +262,21 @@ in { systemd.services.ipfs = recursiveUpdate baseService { description = "IPFS Daemon"; wantedBy = mkIf (cfg.defaultMode == "online") [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" "ipfs-init.service" ]; + after = [ "network.target" "ipfs-init.service" ]; conflicts = [ "ipfs-offline.service" "ipfs-norouting.service"]; }; systemd.services.ipfs-offline = recursiveUpdate baseService { description = "IPFS Daemon (offline mode)"; wantedBy = mkIf (cfg.defaultMode == "offline") [ "multi-user.target" ]; - after = [ "local-fs.target" "ipfs-init.service" ]; + after = [ "ipfs-init.service" ]; conflicts = [ "ipfs.service" "ipfs-norouting.service"]; }; systemd.services.ipfs-norouting = recursiveUpdate baseService { description = "IPFS Daemon (no routing mode)"; wantedBy = mkIf (cfg.defaultMode == "norouting") [ "multi-user.target" ]; - after = [ "local-fs.target" "ipfs-init.service" ]; + after = [ "ipfs-init.service" ]; conflicts = [ "ipfs.service" "ipfs-offline.service"]; }; diff --git a/nixos/modules/services/networking/aria2.nix b/nixos/modules/services/networking/aria2.nix index c5b146283de3..156fef144791 100644 --- a/nixos/modules/services/networking/aria2.nix +++ b/nixos/modules/services/networking/aria2.nix @@ -109,7 +109,7 @@ in systemd.services.aria2 = { description = "aria2 Service"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' if [[ ! -e "${sessionFile}" ]] diff --git a/nixos/modules/services/networking/logmein-hamachi.nix b/nixos/modules/services/networking/logmein-hamachi.nix index 406626a8a343..11cbdda2f845 100644 --- a/nixos/modules/services/networking/logmein-hamachi.nix +++ b/nixos/modules/services/networking/logmein-hamachi.nix @@ -35,7 +35,7 @@ in description = "LogMeIn Hamachi Daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; serviceConfig = { Type = "forking"; diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix index ed0c1044a570..0947471adbc9 100644 --- a/nixos/modules/services/networking/minidlna.nix +++ b/nixos/modules/services/networking/minidlna.nix @@ -96,7 +96,7 @@ in { description = "MiniDLNA Server"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; serviceConfig = { User = "minidlna"; diff --git a/nixos/modules/services/networking/resilio.nix b/nixos/modules/services/networking/resilio.nix index ee7f82ac7bee..9b25aa575837 100644 --- a/nixos/modules/services/networking/resilio.nix +++ b/nixos/modules/services/networking/resilio.nix @@ -249,7 +249,7 @@ in systemd.services.resilio = with pkgs; { description = "Resilio Sync Service"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; serviceConfig = { Restart = "on-abort"; UMask = "0002"; diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix index f77b3bcd5921..e43ca014e148 100644 --- a/nixos/modules/services/scheduling/fcron.nix +++ b/nixos/modules/services/scheduling/fcron.nix @@ -143,7 +143,6 @@ in }; systemd.services.fcron = { description = "fcron daemon"; - after = [ "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.fcron ]; diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index abdc0cd78b4d..ed862387cce1 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -722,7 +722,6 @@ in systemd.services.tor-init = { description = "Tor Daemon Init"; wantedBy = [ "tor.service" ]; - after = [ "local-fs.target" ]; script = '' install -m 0700 -o tor -g tor -d ${torDirectory} ${torDirectory}/onion install -m 0750 -o tor -g tor -d ${torRunDirectory} diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 20d5e3b28eb9..4ced5acd9bd9 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -195,7 +195,7 @@ in { description = "USBGuard daemon"; wantedBy = [ "basic.target" ]; - wants = [ "systemd-udevd.service" "local-fs.target" ]; + wants = [ "systemd-udevd.service" ]; # make sure an empty rule file and required directories exist preStart = '' diff --git a/nixos/modules/services/system/cgmanager.nix b/nixos/modules/services/system/cgmanager.nix index 59d3deced867..d3d57aa76928 100644 --- a/nixos/modules/services/system/cgmanager.nix +++ b/nixos/modules/services/system/cgmanager.nix @@ -14,7 +14,6 @@ in { config = mkIf cfg.enable { systemd.services.cgmanager = { wantedBy = [ "multi-user.target" ]; - after = [ "local-fs.target" ]; description = "Cgroup management daemon"; restartIfChanged = false; serviceConfig = { diff --git a/nixos/modules/services/system/cloud-init.nix b/nixos/modules/services/system/cloud-init.nix index 3ad555f78ef8..15fe822aec67 100644 --- a/nixos/modules/services/system/cloud-init.nix +++ b/nixos/modules/services/system/cloud-init.nix @@ -112,8 +112,6 @@ in systemd.services.cloud-init-local = { description = "Initial cloud-init job (pre-networking)"; wantedBy = [ "multi-user.target" ]; - wants = [ "local-fs.target" ]; - after = [ "local-fs.target" ]; path = path; serviceConfig = { Type = "oneshot"; @@ -127,9 +125,9 @@ in systemd.services.cloud-init = { description = "Initial cloud-init job (metadata service crawler)"; wantedBy = [ "multi-user.target" ]; - wants = [ "local-fs.target" "network-online.target" "cloud-init-local.service" + wants = [ "network-online.target" "cloud-init-local.service" "sshd.service" "sshd-keygen.service" ]; - after = [ "local-fs.target" "network-online.target" "cloud-init-local.service" ]; + after = [ "network-online.target" "cloud-init-local.service" ]; before = [ "sshd.service" "sshd-keygen.service" ]; requires = [ "network.target "]; path = path; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index a94a471361ef..7409eb8cdcbe 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -102,7 +102,7 @@ in config = mkIf cfg.enable { systemd.services.transmission = { description = "Transmission BitTorrent Service"; - after = [ "local-fs.target" "network.target" ] ++ optional apparmor "apparmor.service"; + after = [ "network.target" ] ++ optional apparmor "apparmor.service"; requires = mkIf apparmor [ "apparmor.service" ]; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index c94a06438315..a8406544a72f 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -659,7 +659,7 @@ in systemd.services.display-manager = { description = "X11 Server"; - after = [ "systemd-udev-settle.service" "local-fs.target" "acpid.service" "systemd-logind.service" ]; + after = [ "systemd-udev-settle.service" "acpid.service" "systemd-logind.service" ]; wants = [ "systemd-udev-settle.service" ]; restartIfChanged = false; diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 770cefbcd511..036b1036f92a 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -166,7 +166,6 @@ in wantedBy = [ "sshd.service" "waagent.service" ]; before = [ "sshd.service" "waagent.service" ]; - after = [ "local-fs.target" ]; path = [ pkgs.coreutils ]; script = diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index dd2108ccc379..e91dd72ff5d4 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -26,7 +26,6 @@ in wantedBy = [ "sshd.service" "waagent.service" ]; before = [ "sshd.service" "waagent.service" ]; - after = [ "local-fs.target" ]; path = [ pkgs.coreutils ]; script = diff --git a/nixos/tests/hocker-fetchdocker/machine.nix b/nixos/tests/hocker-fetchdocker/machine.nix index 78343f0e02f0..885adebe1498 100644 --- a/nixos/tests/hocker-fetchdocker/machine.nix +++ b/nixos/tests/hocker-fetchdocker/machine.nix @@ -11,8 +11,8 @@ systemd.services.docker-load-fetchdocker-image = { description = "Docker load hello-world-container"; wantedBy = [ "multi-user.target" ]; - wants = [ "docker.service" "local-fs.target" ]; - after = [ "docker.service" "local-fs.target" ]; + wants = [ "docker.service" ]; + after = [ "docker.service" ]; script = '' ${pkgs.hello-world-container}/compositeImage.sh | ${pkgs.docker}/bin/docker load -- cgit 1.4.1