From 9953edaf75a34ddb3f4ab360d71502d829dc0fc5 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Tue, 12 Jun 2018 18:26:20 +0200 Subject: sshd: Support more ssh-keygen parameters --- nixos/modules/services/networking/ssh/sshd.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 902e759f3a3a..9a6ac024bd43 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -198,6 +198,10 @@ in [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; + example = + [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; } + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; } + ]; description = '' NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See @@ -356,7 +360,14 @@ in ${flip concatMapStrings cfg.hostKeys (k: '' if ! [ -f "${k.path}" ]; then - ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" + ssh-keygen \ + -t "${k.type}" \ + ${if k ? bits then "-b ${toString k.bits}" else ""} \ + ${if k ? rounds then "-a ${toString k.rounds}" else ""} \ + ${if k ? comment then "-C '${k.comment}'" else ""} \ + ${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \ + -f "${k.path}" \ + -N "" fi '')} ''; -- cgit 1.4.1 From 1846a85b77c60c2f72c95ee63f7f43a5557f8a48 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Tue, 12 Jun 2018 18:30:53 +0200 Subject: sshd: Add issue references to services.openssh.authorizedKeysFiles --- nixos/modules/services/networking/ssh/sshd.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 9a6ac024bd43..77673b5287bc 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -413,6 +413,9 @@ in unixAuth = cfg.passwordAuthentication; }; + # These values are merged with the ones defined externally, see: + # https://github.com/NixOS/nixpkgs/pull/10155 + # https://github.com/NixOS/nixpkgs/pull/41745 services.openssh.authorizedKeysFiles = [ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; -- cgit 1.4.1 From 8b3fb83160c68209e07914ac2201eb6fce9d727b Mon Sep 17 00:00:00 2001 From: Bastian Köcher Date: Tue, 3 Jul 2018 15:18:07 +0200 Subject: services.plasma5: Update start menu with an activationScript To update the plasma start menu `kbuildsyscoca5` needs to be executed. There are several people complaining about missing applications in their plasma start menu. This patch adds a activationScript for plasma, that runs `kbuildsyscoca5` for each user that has `isNormalUser` == `true`. --- nixos/modules/services/x11/desktop-managers/plasma5.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 91d091d7d7e2..4b9e561d53c8 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -221,6 +221,11 @@ in security.pam.services.sddm.enableKwallet = true; security.pam.services.slim.enableKwallet = true; + # Update the start menu for each user that has `isNormalUser` set. + system.activationScripts.plasmaSetup = stringAfter [ "users" "groups" ] + (concatStringsSep "\n" + (mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c kbuildsycoca5") + (filterAttrs (n: v: v.isNormalUser) config.users.users))); }) ]; -- cgit 1.4.1 From 4106de56d080761975c204215e75b5b632ae7397 Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Sat, 7 Jul 2018 22:25:23 -0400 Subject: stage-1: Fixes use of stripDirs. --- nixos/modules/system/boot/stage-1.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 6756f68cdf72..b6a7081b896c 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -164,7 +164,7 @@ let # Strip binaries further than normal. chmod -R u+w $out - stripDirs "lib bin" "-s" + stripDirs "$STRIP" "lib bin" "-s" # Run patchelf to make the programs refer to the copied libraries. find $out/bin $out/lib -type f | while read i; do -- cgit 1.4.1 From cd4e54b3a11451fd5e03297790b3d3a00a08e188 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Mon, 9 Jul 2018 14:51:05 +0800 Subject: sddm: use tmpfiles.d to wipe QML cache --- .../modules/services/x11/display-managers/sddm.nix | 26 +++++++++++++--------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 8db7414e811f..426b899586f5 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -19,17 +19,6 @@ let Xsetup = pkgs.writeScript "Xsetup" '' #!/bin/sh - - # Prior to Qt 5.9.2, there is a QML cache invalidation bug which sometimes - # strikes new Plasma 5 releases. If the QML cache is not invalidated, SDDM - # will segfault without explanation. We really tore our hair out for awhile - # before finding the bug: - # https://bugreports.qt.io/browse/QTBUG-62302 - # We work around the problem by deleting the QML cache before startup. It - # will be regenerated, causing a small but perceptible delay when SDDM - # starts. - rm -fr /var/lib/sddm/.cache/sddm-greeter/qmlcache - ${cfg.setupScript} ''; @@ -285,5 +274,20 @@ in # To enable user switching, allow sddm to allocate TTYs/displays dynamically. services.xserver.tty = null; services.xserver.display = null; + + systemd.tmpfiles.rules = [ + # Prior to Qt 5.9.2, there is a QML cache invalidation bug which sometimes + # strikes new Plasma 5 releases. If the QML cache is not invalidated, SDDM + # will segfault without explanation. We really tore our hair out for awhile + # before finding the bug: + # https://bugreports.qt.io/browse/QTBUG-62302 + # We work around the problem by deleting the QML cache before startup. + # This was supposedly fixed in Qt 5.9.2 however it has been reported with + # 5.10 and 5.11 as well. The initial workaround was to delete the directory + # in the Xsetup script but that doesn't do anything. + # Instead we use tmpfiles.d to ensure it gets wiped. + # This causes a small but perceptible delay when SDDM starts. + "e ${config.users.users.sddm.home}/.cache - - - 0" + ]; }; } -- cgit 1.4.1 From 6f72b636019031de5bca89c63fc1a00a8b3d0768 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 7 Jul 2018 20:26:28 +0200 Subject: nixos/nixos-option: don't abort in case of evaluation errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When running e.g. `nixos-option boot.kernelPackages` I get an output like this on the current unstable channel (18.09pre144959.be1461fc0ab): ``` $ nixos-option boot.kernelPackages Value: *exit 1* ``` This is fairly counter-intuitive as I have no clue what might went wrong. `strace` delivers an output like this: ``` read(3, "error: Package \342\200\230cryptodev-linu"..., 128) = 128 read(3, "ux/cryptodev/default.nix:22 is m"..., 128) = 128 read(3, "lowBroken = true; }\nin configura"..., 128) = 128 read(3, "you can add\n { allowBroken = tr"..., 128) = 128 read(3, "n)\n", 128) = 3 read(3, "", 128) = 0 ``` `nixos-option` evaluates the system config using `nix-instantiate` which might break when the evaluation fails (e.g. due to broken or unfree packages that are prohibited to evaluate by default). The script aborts due to the shebang `@shell@ -e`. In order to ensure that no unexpected behavior occurs due to removing `-e` from the interpreter the easiest way to work around this was to wrap `nix-instantiate` in `evalNix()` with a `set +e`. The function checks the success of the evaluation with `$?` in the end. Additionally `evalNix` shouldn't break, if one evaluation (e.g. the values that contain a package set by default) to return additional information like a description. With the change `nixos-option boot.kernelPackages` delivers the following output for me: ``` Value: error: Package ‘cryptodev-linux-1.9-4.14.52’ in /nix/store/47z2s8cwppymmgzw6n7pbcashikyk5jk-nixos/nixos/pkgs/os-specific/linux/cryptodev/default.nix:22 is marked as broken, refusing to evaluate. Default: { __unfix__ = ; acpi_call = ; amdgpu-pro = ; ati_drivers_x11 = ; batman_adv = ; bbswitch = ; bcc = ; beegfs-module = ; blcr = ; broadcom_sta = ; callPackage = ; cpupower = ; cryptodev = ; dpdk = ; e1000e = ; ena = ; evdi = ; exfat-nofuse = ; extend = ; facetimehd = ; fusionio-vsl = ; hyperv-daemons = ; ixgbevf = ; jool = ; kernel = ; lttng-modules = ; mba6x_bl = ; mwprocapture = ; mxu11x0 = ; ndiswrapper = ; netatop = ; nvidiaPackages = ; nvidia_x11 = ; nvidia_x11_beta = ; nvidia_x11_legacy304 = ; nvidia_x11_legacy340 = ; nvidiabl = ; odp-dpdk = ; openafs = ; openafs_1_8 = ; perf = ; phc-intel = ; pktgen = ; ply = ; prl-tools = ; recurseForDerivations = true; rtl8192eu = ; rtl8723bs = ; rtl8812au = ; rtl8814au = ; rtlwifi_new = ; sch_cake = ; spl = ; splLegacyCrypto = ; splStable = ; splUnstable = ; stdenv = ; sysdig = ; systemtap = ; tbs = ; tmon = ; tp_smapi = ; usbip = ; v4l2loopback = ; v86d = ; vhba = ; virtualbox = ; virtualboxGuestAdditions = ; wireguard = ; x86_energy_perf_policy = ; zfs = ; zfsLegacyCrypto = ; zfsStable = ; zfsUnstable = ; } Example: { _type = "literalExample"; text = "pkgs.linuxPackages_2_6_25"; } Description: "This option allows you to override the Linux kernel used by\nNixOS. Since things like external kernel module packages are\ntied to the kernel you're using, it also overrides those.\nThis option is a function that takes Nixpkgs as an argument\n(as a convenience), and returns an attribute set containing at\nthe very least an attribute kernel.\nAdditional attributes may be needed depending on your\nconfiguration. For instance, if you use the NVIDIA X driver,\nthen it also needs to contain an attribute\nnvidia_x11.\n" Declared by: "/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/kernel.nix" Defined by: "/home/ma27/Projects/nixos-config/system/boot.nix" ``` --- nixos/modules/installer/tools/nixos-option.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/installer/tools/nixos-option.sh b/nixos/modules/installer/tools/nixos-option.sh index 5141f3cd51cf..3f1e591b97b0 100644 --- a/nixos/modules/installer/tools/nixos-option.sh +++ b/nixos/modules/installer/tools/nixos-option.sh @@ -16,6 +16,7 @@ verbose=false nixPath="" option="" +exit_code=0 argfun="" for arg; do @@ -74,8 +75,13 @@ fi ############################# evalNix(){ + # disable `-e` flag, it's possible that the evaluation of `nix-instantiate` fails (e.g. due to broken pkgs) + set +e result=$(nix-instantiate ${nixPath:+$nixPath} - --eval-only "$@" 2>&1) - if test $? -eq 0; then + exit_code=$? + set -e + + if test $exit_code -eq 0; then cat < Date: Sat, 14 Jul 2018 13:25:28 +0800 Subject: firejail: add nixos module Also add support for wrapping binaries with firejail. --- nixos/doc/manual/release-notes/rl-1809.xml | 21 +++++++++++++ nixos/modules/module-list.nix | 1 + nixos/modules/programs/firejail.nix | 48 ++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 nixos/modules/programs/firejail.nix (limited to 'nixos/modules') diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 13b244e12f8c..7fd6483bca1a 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -18,6 +18,27 @@ + + + Support for wrapping binaries using firejail has been + added through programs.firejail.wrappedBinaries. + + + For example + + +programs.firejail = { + enable = true; + wrappedBinaries = { + firefox = "${lib.getBin pkgs.firefox}/bin/firefox"; + mpv = "${lib.getBin pkgs.mpv}/bin/mpv"; + }; +}; + + + This will place firefox and mpv binaries in the global path wrapped by firejail. + + User channels are now in the default NIX_PATH, allowing diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f6628b8e9c51..23103581cf05 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -86,6 +86,7 @@ ./programs/dconf.nix ./programs/digitalbitbox/default.nix ./programs/environment.nix + ./programs/firejail.nix ./programs/fish.nix ./programs/freetds.nix ./programs/gnupg.nix diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix new file mode 100644 index 000000000000..46ee4bc0f7a0 --- /dev/null +++ b/nixos/modules/programs/firejail.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.firejail; + + wrappedBins = pkgs.stdenv.mkDerivation rec { + name = "firejail-wrapped-binaries"; + nativeBuildInputs = with pkgs; [ makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' + cat <<_EOF >$out/bin/${command} + #!${pkgs.stdenv.shell} -e + /run/wrappers/bin/firejail ${binary} "\$@" + _EOF + chmod 0755 $out/bin/${command} + '') cfg.wrappedBinaries)} + ''; + }; + +in { + options.programs.firejail = { + enable = mkEnableOption "firejail"; + + wrappedBinaries = mkOption { + type = types.attrs; + default = {}; + description = '' + Wrap the binaries in firejail and place them in the global path. + + + You will get file collisions if you put the actual application binary in + the global environment and applications started via .desktop files are + not wrapped if they specify the absolute path to the binary. + ''; + }; + }; + + config = mkIf cfg.enable { + security.wrappers.firejail.source = "${lib.getBin pkgs.firejail}/bin/firejail"; + + environment.systemPackages = [ wrappedBins ]; + }; + + meta.maintainers = with maintainers; [ peterhoeg ]; +} -- cgit 1.4.1 From d81f819db35fe833d935486439d085bd5c3e85da Mon Sep 17 00:00:00 2001 From: Johannes Frankenau Date: Thu, 15 Mar 2018 12:55:03 +0100 Subject: nixos/cupsd: add option to start when needed --- nixos/modules/services/printing/cupsd.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index b074d15cbec1..dbf18ec1d114 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -124,6 +124,16 @@ in ''; }; + startWhenNeeded = mkOption { + type = types.bool; + default = false; + description = '' + If set, CUPS is socket-activated; that is, + instead of having it permanently running as a daemon, + systemd will start it on the first incoming connection. + ''; + }; + listenAddresses = mkOption { type = types.listOf types.str; default = [ "localhost:631" ]; @@ -287,8 +297,13 @@ in systemd.packages = [ cups.out ]; + systemd.sockets.cups = mkIf cfg.startWhenNeeded { + wantedBy = [ "sockets.target" ]; + listenStreams = map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses; + }; + systemd.services.cups = - { wantedBy = [ "multi-user.target" ]; + { wantedBy = optionals (!cfg.startWhenNeeded) [ "multi-user.target" ]; wants = [ "network.target" ]; after = [ "network.target" ]; -- cgit 1.4.1 From 6c1eb15a3b6c64f01544ce1ccfc866efaf6f40b9 Mon Sep 17 00:00:00 2001 From: William Casarin Date: Fri, 13 Jul 2018 12:47:57 -0700 Subject: nixos/modules: add clipmenu user service add a clipmenud daemon user service --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/clipmenu.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 nixos/modules/services/misc/clipmenu.nix (limited to 'nixos/modules') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 988693d924bf..cf30fc693fc7 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -320,6 +320,7 @@ ./services/misc/canto-daemon.nix ./services/misc/calibre-server.nix ./services/misc/cfdyndns.nix + ./services/misc/clipmenu.nix ./services/misc/cpuminer-cryptonight.nix ./services/misc/cgminer.nix ./services/misc/confd.nix diff --git a/nixos/modules/services/misc/clipmenu.nix b/nixos/modules/services/misc/clipmenu.nix new file mode 100644 index 000000000000..3ba050044cac --- /dev/null +++ b/nixos/modules/services/misc/clipmenu.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.clipmenu; +in { + + options.services.clipmenu = { + enable = mkEnableOption "clipmenu, the clipboard management daemon"; + + package = mkOption { + type = types.package; + default = pkgs.clipmenu; + defaultText = "pkgs.clipmenu"; + description = "clipmenu derivation to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.user.services.clipmenu = { + enable = true; + description = "Clipboard management daemon"; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig.ExecStart = "${cfg.package}/bin/clipmenud"; + }; + + environment.systemPackages = [ cfg.package ]; + }; +} -- cgit 1.4.1 From fd2448b2e6ec49808bb3a92e7ad99ac8318bb8e5 Mon Sep 17 00:00:00 2001 From: "Wael M. Nasreddine" Date: Sun, 15 Jul 2018 17:40:53 -0700 Subject: aerospike: init at 4.2.0.4 Co-authored-by: Volth --- nixos/modules/misc/ids.nix | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/databases/aerospike.nix | 155 +++++++++++++++++++++++++ pkgs/servers/nosql/aerospike/default.nix | 36 ++++++ pkgs/top-level/all-packages.nix | 2 + 5 files changed, 196 insertions(+) create mode 100644 nixos/modules/services/databases/aerospike.nix create mode 100644 pkgs/servers/nosql/aerospike/default.nix (limited to 'nixos/modules') diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index aac86087f9ec..ffe8fbf2c008 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -143,6 +143,7 @@ jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused + aerospike = 111; ngircd = 112; btsync = 113; minecraft = 114; @@ -436,6 +437,7 @@ jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused + aerospike = 111; #ngircd = 112; # unused btsync = 113; #minecraft = 114; # unused diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index cf30fc693fc7..7bbf942b6a33 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -200,6 +200,7 @@ ./services/continuous-integration/jenkins/slave.nix ./services/databases/4store-endpoint.nix ./services/databases/4store.nix + ./services/databases/aerospike.nix ./services/databases/clickhouse.nix ./services/databases/couchdb.nix ./services/databases/firebird.nix diff --git a/nixos/modules/services/databases/aerospike.nix b/nixos/modules/services/databases/aerospike.nix new file mode 100644 index 000000000000..5f33164998be --- /dev/null +++ b/nixos/modules/services/databases/aerospike.nix @@ -0,0 +1,155 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.aerospike; + + aerospikeConf = pkgs.writeText "aerospike.conf" '' + # This stanza must come first. + service { + user aerospike + group aerospike + paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1. + proto-fd-max 15000 + work-directory ${cfg.workDir} + } + logging { + console { + context any info + } + } + mod-lua { + system-path ${cfg.package}/share/udf/lua + user-path ${cfg.workDir}/udf/lua + } + network { + ${cfg.networkConfig} + } + ${cfg.extraConfig} + ''; + +in + +{ + + ###### interface + + options = { + + services.aerospike = { + enable = mkEnableOption "Aerospike server"; + + package = mkOption { + default = pkgs.aerospike; + type = types.package; + description = "Which Aerospike derivation to use"; + }; + + workDir = mkOption { + type = types.str; + default = "/var/lib/aerospike"; + description = "Location where Aerospike stores its files"; + }; + + networkConfig = mkOption { + type = types.lines; + default = '' + service { + address any + port 3000 + } + + heartbeat { + address any + mode mesh + port 3002 + interval 150 + timeout 10 + } + + fabric { + address any + port 3001 + } + + info { + address any + port 3003 + } + ''; + description = "network section of configuration file"; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + namespace test { + replication-factor 2 + memory-size 4G + default-ttl 30d + storage-engine memory + } + ''; + description = "Extra configuration"; + }; + }; + + }; + + + ###### implementation + + config = mkIf config.services.aerospike.enable { + + users.users.aerospike = { + name = "aerospike"; + group = "aerospike"; + uid = config.ids.uids.aerospike; + description = "Aerospike server user"; + }; + users.groups.aerospike.gid = config.ids.gids.aerospike; + + systemd.services.aerospike = rec { + description = "Aerospike server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/asd --fgdaemon --config-file ${aerospikeConf}"; + User = "aerospike"; + Group = "aerospike"; + LimitNOFILE = 100000; + PermissionsStartOnly = true; + }; + + preStart = '' + if [ $(echo "$(${pkgs.procps}/bin/sysctl -n kernel.shmall) < 4294967296" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "kernel.shmall too low, setting to 4G pages" + ${pkgs.procps}/bin/sysctl -w kernel.shmall=4294967296 + fi + if [ $(echo "$(${pkgs.procps}/bin/sysctl -n kernel.shmmax) < 1073741824" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "kernel.shmmax too low, setting to 1GB" + ${pkgs.procps}/bin/sysctl -w kernel.shmmax=1073741824 + fi + if [ $(echo "$(cat /proc/sys/net/core/rmem_max) < 15728640" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "increasing socket buffer limit (/proc/sys/net/core/rmem_max): $(cat /proc/sys/net/core/rmem_max) -> 15728640" + echo 15728640 > /proc/sys/net/core/rmem_max + fi + if [ $(echo "$(cat /proc/sys/net/core/wmem_max) < 5242880" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "increasing socket buffer limit (/proc/sys/net/core/wmem_max): $(cat /proc/sys/net/core/wmem_max) -> 5242880" + echo 5242880 > /proc/sys/net/core/wmem_max + fi + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}" + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}/smd" + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}/udf" + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}/udf/lua" + ''; + }; + + }; + +} diff --git a/pkgs/servers/nosql/aerospike/default.nix b/pkgs/servers/nosql/aerospike/default.nix new file mode 100644 index 000000000000..4426128dafd2 --- /dev/null +++ b/pkgs/servers/nosql/aerospike/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, openssl, zlib }: + +stdenv.mkDerivation rec { + name = "aerospike-server-${version}"; + version = "4.2.0.4"; + + src = fetchFromGitHub { + owner = "aerospike"; + repo = "aerospike-server"; + rev = version; + sha256 = "1vqi3xir4l57v62q1ns3713vajxffs6crss8fpvbcs57p7ygx3s7"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ autoconf automake libtool ]; + buildInputs = [ openssl zlib ]; + + preBuild = '' + patchShebangs build/gen_version + substituteInPlace build/gen_version --replace 'git describe' 'echo ${version}' + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/udf + cp target/Linux-x86_64/bin/asd $out/bin/asd + cp -dpR modules/lua-core/src $out/share/udf/lua + ''; + + meta = with stdenv.lib; { + description = "Flash-optimized, in-memory, NoSQL database"; + homepage = http://aerospike.com/; + license = licenses.agpl3; + platforms = [ "x86_64-linux" ]; + maintainer = with maintainers; [ kalbasit ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0e71563ba47e..e0e4bfd40435 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -429,6 +429,8 @@ with pkgs; portaudioSupport = config.aegisub.portaudioSupport or false; }; + aerospike = callPackage ../servers/nosql/aerospike { }; + aespipe = callPackage ../tools/security/aespipe { }; aescrypt = callPackage ../tools/misc/aescrypt { }; -- cgit 1.4.1