From 48f7778d996fae8ab5e7177ac39ce9e86ed37b9b Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Sun, 5 Aug 2018 23:07:54 +0200 Subject: dhcpcd service: order before network target This reverts a change applied in PR #18491. When interfaces are configured by DHCP (typical in a cloud environment), ordering after network.target cause trouble to applications expecting some network to be present on boot (for example, cloud-init is quite brittle when network hasn't been configured for `cloud-init.service`) and on shutdown (for example, collectd needs to flush metrics on shutdown). When ordering after network.target, we ensure applications relying on network.target won't have any network reachability on boot and potentially on shutdown. Therefore, I think ordering before network.target is better. --- nixos/modules/services/networking/dhcpcd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index de0aa1a2c2c3..019c8fd9ec48 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -161,8 +161,8 @@ in { description = "DHCP Client"; wantedBy = [ "multi-user.target" ] ++ optional (!hasDefaultGatewaySet) "network-online.target"; - after = [ "network.target" ]; wants = [ "network.target" ]; + before = [ "network.target" ]; # Stopping dhcpcd during a reconfiguration is undesirable # because it brings down the network interfaces configured by -- cgit 1.4.1 From 51618113f4813b6d500f9ac153c8f57234ef5fd0 Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Sat, 5 May 2018 13:46:10 +0100 Subject: nixos/dd-agent: Fix dodgy temp files DataDog was dropping PID files and and python pickle files in /tmp. Move these to private directories as a precaution. --- .../services/monitoring/dd-agent/dd-agent.nix | 80 +++++++++++----------- 1 file changed, 41 insertions(+), 39 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix index cf65b6c28cf2..abc8d65d58f2 100644 --- a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix +++ b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix @@ -114,13 +114,22 @@ let in { options.services.dd-agent = { enable = mkOption { - description = "Whether to enable the dd-agent montioring service"; + description = '' + Whether to enable the dd-agent v5 monitoring service. + For datadog-agent v6, see . + ''; default = false; type = types.bool; }; api_key = mkOption { - description = "The Datadog API key to associate the agent with your account"; + description = '' + The Datadog API key to associate the agent with your account. + + Warning: this key is stored in cleartext within the world-readable + Nix store! Consider using the new v6 + module instead. + ''; example = "ae0aa6a8f08efa988ba0a17578f009ab"; type = types.str; }; @@ -188,48 +197,41 @@ in { users.groups.datadog.gid = config.ids.gids.datadog; - systemd.services.dd-agent = { - description = "Datadog agent monitor"; - path = [ pkgs."dd-agent" pkgs.python pkgs.sysstat pkgs.procps pkgs.gohai ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.dd-agent}/bin/dd-agent foreground"; - User = "datadog"; - Group = "datadog"; - Restart = "always"; - RestartSec = 2; + systemd.services = let + makeService = attrs: recursiveUpdate { + path = [ pkgs.dd-agent pkgs.python pkgs.sysstat pkgs.procps pkgs.gohai ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "datadog"; + Group = "datadog"; + Restart = "always"; + RestartSec = 2; + PrivateTmp = true; + }; + restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig jmxConfig processConfig ]; + } attrs; + in { + dd-agent = makeService { + description = "Datadog agent monitor"; + serviceConfig.ExecStart = "${pkgs.dd-agent}/bin/dd-agent foreground"; }; - restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig jmxConfig processConfig ]; - }; - systemd.services.dogstatsd = { - description = "Datadog statsd"; - path = [ pkgs."dd-agent" pkgs.python pkgs.procps ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.dd-agent}/bin/dogstatsd start"; - User = "datadog"; - Group = "datadog"; - Type = "forking"; - PIDFile = "/tmp/dogstatsd.pid"; - Restart = "always"; - RestartSec = 2; + dogstatsd = makeService { + description = "Datadog statsd"; + environment.TMPDIR = "/run/dogstatsd"; + serviceConfig = { + ExecStart = "${pkgs.dd-agent}/bin/dogstatsd start"; + Type = "forking"; + PIDFile = "/run/dogstatsd/dogstatsd.pid"; + RuntimeDirectory = "dogstatsd"; + }; }; - restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig jmxConfig processConfig ]; - }; - systemd.services.dd-jmxfetch = lib.mkIf (cfg.jmxConfig != null) { - description = "Datadog JMX Fetcher"; - path = [ pkgs."dd-agent" pkgs.python pkgs.sysstat pkgs.procps pkgs.jdk ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.dd-agent}/bin/dd-jmxfetch"; - User = "datadog"; - Group = "datadog"; - Restart = "always"; - RestartSec = 2; + dd-jmxfetch = lib.mkIf (cfg.jmxConfig != null) { + description = "Datadog JMX Fetcher"; + path = [ pkgs.dd-agent pkgs.python pkgs.sysstat pkgs.procps pkgs.jdk ]; + serviceConfig.ExecStart = "${pkgs.dd-agent}/bin/dd-jmxfetch"; }; - restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig jmxConfig ]; }; environment.etc = etcfiles; -- cgit 1.4.1 From b9486e2b50b28524758ccc5a7825a54abe35c09e Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Sun, 27 May 2018 14:59:38 +0100 Subject: nixos/datadog-agent: add module This is the new v6 version of datadog-agent. The old v5 module is kept as dd-agent. --- nixos/modules/module-list.nix | 1 + .../modules/services/monitoring/datadog-agent.nix | 201 +++++++++++++++++++++ 2 files changed, 202 insertions(+) create mode 100644 nixos/modules/services/monitoring/datadog-agent.nix (limited to 'nixos/modules') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 73173dd4e24b..ef4293570318 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -407,6 +407,7 @@ ./services/monitoring/cadvisor.nix ./services/monitoring/collectd.nix ./services/monitoring/das_watchdog.nix + ./services/monitoring/datadog-agent.nix ./services/monitoring/dd-agent/dd-agent.nix ./services/monitoring/fusion-inventory.nix ./services/monitoring/grafana.nix diff --git a/nixos/modules/services/monitoring/datadog-agent.nix b/nixos/modules/services/monitoring/datadog-agent.nix new file mode 100644 index 000000000000..65bc7da4e5dd --- /dev/null +++ b/nixos/modules/services/monitoring/datadog-agent.nix @@ -0,0 +1,201 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.datadog-agent; + + ddConf = { + dd_url = "https://app.datadoghq.com"; + skip_ssl_validation = "no"; + api_key = ""; + confd_path = "/etc/datadog-agent/conf.d"; + additional_checksd = "/etc/datadog-agent/checks.d"; + use_dogstatsd = "yes"; + } + // optionalAttrs (cfg.logLevel != null) { log_level = cfg.logLevel; } + // optionalAttrs (cfg.hostname != null) { inherit (cfg) hostname; } + // optionalAttrs (cfg.tags != null ) { tags = concatStringsSep ", " cfg.tags; } + // cfg.extraConfig; + + makeConfigDir = entries: mapAttrsToList (name: conf: { + source = pkgs.writeText (baseNameOf name) (builtins.toJSON conf); + target = "datadog-agent/" + name; + }) (filterAttrs (name: conf: conf != null) entries); + + etcfiles = makeConfigDir + { "datadog.yaml" = ddConf; + "conf.d/disk.yaml" = cfg.diskConfig; + "conf.d/network.yaml" = cfg.networkConfig; + "conf.d/postgres.d/conf.yaml" = cfg.postgresqlConfig; + "conf.d/nginx.d/conf.yaml" = cfg.nginxConfig; + "conf.d/mongo.d/conf.yaml" = cfg.mongoConfig; + "conf.d/process.yaml" = cfg.processConfig; + "conf.d/jmx.yaml" = cfg.jmxConfig; + }; + +in { + options.services.datadog-agent = { + enable = mkOption { + description = '' + Whether to enable the datadog-agent v6 monitoring service + ''; + default = false; + type = types.bool; + }; + + package = mkOption { + default = pkgs.datadog-agent; + defaultText = "pkgs.datadog-agent"; + description = '' + Which DataDog v6 agent package to use. + Override the pythonPackages argument + of this derivation to include more checks. + ''; + type = types.package; + }; + + apiKeyFile = mkOption { + description = '' + Path to a file containing the Datadog API key to associate the + agent with your account. + ''; + example = "/run/keys/datadog_api_key"; + type = types.path; + }; + + tags = mkOption { + description = "The tags to mark this Datadog agent"; + example = [ "test" "service" ]; + default = null; + type = types.nullOr (types.listOf types.str); + }; + + hostname = mkOption { + description = "The hostname to show in the Datadog dashboard (optional)"; + default = null; + example = "mymachine.mydomain"; + type = types.uniq (types.nullOr types.string); + }; + + logLevel = mkOption { + description = "Logging verbosity."; + default = null; + type = types.nullOr (types.enum ["DEBUG" "INFO" "WARN" "ERROR"]); + }; + + extraConfig = mkOption { + default = {}; + type = types.attrs; + description = '' + Extra configuration options that will be merged into the + main config file datadog.yaml. + ''; + }; + + diskConfig = mkOption { + description = "Disk check config"; + type = types.attrs; + default = { + init_config = {}; + instances = [ { use-mount = "no"; } ]; + }; + }; + + networkConfig = mkOption { + description = "Network check config"; + type = types.attrs; + default = { + init_config = {}; + # Network check only supports one configured instance + instances = [ { collect_connection_state = false; + excluded_interfaces = [ "lo" "lo0" ]; } ]; + }; + }; + + postgresqlConfig = mkOption { + description = "Datadog PostgreSQL integration configuration"; + default = null; + type = types.nullOr types.attrs; + }; + + nginxConfig = mkOption { + description = "Datadog nginx integration configuration"; + default = null; + type = types.nullOr types.attrs; + }; + + mongoConfig = mkOption { + description = "MongoDB integration configuration"; + default = null; + type = types.nullOr types.attrs; + }; + + jmxConfig = mkOption { + description = "JMX integration configuration"; + default = null; + type = types.nullOr types.attrs; + }; + + processConfig = mkOption { + description = '' + Process integration configuration + + See http://docs.datadoghq.com/integrations/process/ + ''; + default = null; + type = types.nullOr types.attrs; + }; + + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package pkgs.sysstat pkgs.procps ]; + + users.extraUsers.datadog = { + description = "Datadog Agent User"; + uid = config.ids.uids.datadog; + group = "datadog"; + home = "/var/log/datadog/"; + createHome = true; + }; + + users.extraGroups.datadog.gid = config.ids.gids.datadog; + + systemd.services = let + makeService = attrs: recursiveUpdate { + path = [ cfg.package pkgs.python pkgs.sysstat pkgs.procps ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "datadog"; + Group = "datadog"; + Restart = "always"; + RestartSec = 2; + PrivateTmp = true; + }; + restartTriggers = [ cfg.package ] ++ map (etc: etc.source) etcfiles; + } attrs; + in { + datadog-agent = makeService { + description = "Datadog agent monitor"; + preStart = '' + chown -R datadog: /etc/datadog-agent + rm -f /etc/datadog-agent/auth_token + ''; + script = '' + export DD_API_KEY=$(head -n1 ${cfg.apiKeyFile}) + exec ${cfg.package}/bin/agent start -c /etc/datadog-agent/datadog.yaml + ''; + serviceConfig.PermissionsStartOnly = true; + }; + + dd-jmxfetch = lib.mkIf (cfg.jmxConfig != null) (makeService { + description = "Datadog JMX Fetcher"; + path = [ cfg.package pkgs.python pkgs.sysstat pkgs.procps pkgs.jdk ]; + serviceConfig.ExecStart = "${cfg.package}/bin/dd-jmxfetch"; + }); + }; + + environment.etc = etcfiles; + }; +} -- cgit 1.4.1 From 5a07bb2fc7b743d3fea1c9e42a49f622a5ac5532 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 9 Aug 2018 14:00:24 +0200 Subject: nixos/datadog-agent: Refactor to allow arbitrary check configs Refactors the datadog-agent (i.e. V6) module to let users configure arbitrary checks, not just a limited set, without having to resort to linking the files manually and updating the systemd unit. Checks are now configured via a `services.datadog-agent.checks` option which takes an attribute set in which the keys refer directly to Datadog check names, and the values are attribute sets representing Datadog's configuration structure. With this mechanism users can configure arbitrary integrations, for example for the `ntp`-check, simply by saying: services.datadog-agent.checks.ntp = { init_config = null; # ... other check configuration options as per Datadog # documentation }; The previous check-specific configuration options for non-default checks have been removed. Disk & network check configuration options have been kept rather than making them a `default`-value of the `checks`-option because they will be overridden by user-configurations in that case. Relates to NixOS/nixpkgs#40399. --- .../modules/services/monitoring/datadog-agent.nix | 119 +++++++++++---------- 1 file changed, 63 insertions(+), 56 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/monitoring/datadog-agent.nix b/nixos/modules/services/monitoring/datadog-agent.nix index 65bc7da4e5dd..6b7359934f5c 100644 --- a/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixos/modules/services/monitoring/datadog-agent.nix @@ -18,21 +18,25 @@ let // optionalAttrs (cfg.tags != null ) { tags = concatStringsSep ", " cfg.tags; } // cfg.extraConfig; - makeConfigDir = entries: mapAttrsToList (name: conf: { - source = pkgs.writeText (baseNameOf name) (builtins.toJSON conf); - target = "datadog-agent/" + name; - }) (filterAttrs (name: conf: conf != null) entries); - - etcfiles = makeConfigDir - { "datadog.yaml" = ddConf; - "conf.d/disk.yaml" = cfg.diskConfig; - "conf.d/network.yaml" = cfg.networkConfig; - "conf.d/postgres.d/conf.yaml" = cfg.postgresqlConfig; - "conf.d/nginx.d/conf.yaml" = cfg.nginxConfig; - "conf.d/mongo.d/conf.yaml" = cfg.mongoConfig; - "conf.d/process.yaml" = cfg.processConfig; - "conf.d/jmx.yaml" = cfg.jmxConfig; - }; + # Generate Datadog configuration files for each configured checks. + # This works because check configurations have predictable paths, + # and because JSON is a valid subset of YAML. + makeCheckConfigs = entries: mapAttrsToList (name: conf: { + source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf); + target = "datadog-agent/conf.d/${name}.d/conf.yaml"; + }) entries; + + defaultChecks = { + disk = cfg.diskCheck; + network = cfg.networkCheck; + }; + + # Assemble all check configurations and the top-level agent + # configuration. + etcfiles = with pkgs; with builtins; [{ + source = writeText "datadog.yaml" (toJSON ddConf); + target = "datadog-agent/datadog.yaml"; + }] ++ makeCheckConfigs (cfg.checks // defaultChecks); in { options.services.datadog-agent = { @@ -93,62 +97,65 @@ in { ''; }; - diskConfig = mkOption { + checks = mkOption { + description = '' + Configuration for all Datadog checks. Keys of this attribute + set will be used as the name of the check to create the + appropriate configuration in `conf.d/$check.d/conf.yaml`. + + The configuration is converted into JSON from the plain Nix + language configuration, meaning that you should write + configuration adhering to Datadog's documentation - but in Nix + language. + + Refer to the implementation of this module (specifically the + definition of `defaultChecks`) for an example. + + Note: The 'disk' and 'network' check are configured in + separate options because they exist by default. Attempting to + override their configuration here will have no effect. + ''; + + example = { + http_check = { + init_config = null; # sic! + instances = [ + { + name = "some-service"; + url = "http://localhost:1337/healthz"; + tags = [ "some-service" ]; + } + ]; + }; + }; + + default = {}; + + # sic! The structure of the values is up to the check, so we can + # not usefully constrain the type further. + type = with types; attrsOf attrs; + }; + + diskCheck = mkOption { description = "Disk check config"; type = types.attrs; default = { init_config = {}; instances = [ { use-mount = "no"; } ]; }; - }; + }; - networkConfig = mkOption { + networkCheck = mkOption { description = "Network check config"; type = types.attrs; default = { init_config = {}; # Network check only supports one configured instance instances = [ { collect_connection_state = false; - excluded_interfaces = [ "lo" "lo0" ]; } ]; + excluded_interfaces = [ "lo" "lo0" ]; } ]; }; }; - - postgresqlConfig = mkOption { - description = "Datadog PostgreSQL integration configuration"; - default = null; - type = types.nullOr types.attrs; - }; - - nginxConfig = mkOption { - description = "Datadog nginx integration configuration"; - default = null; - type = types.nullOr types.attrs; - }; - - mongoConfig = mkOption { - description = "MongoDB integration configuration"; - default = null; - type = types.nullOr types.attrs; - }; - - jmxConfig = mkOption { - description = "JMX integration configuration"; - default = null; - type = types.nullOr types.attrs; - }; - - processConfig = mkOption { - description = '' - Process integration configuration - - See http://docs.datadoghq.com/integrations/process/ - ''; - default = null; - type = types.nullOr types.attrs; - }; - }; - config = mkIf cfg.enable { environment.systemPackages = [ cfg.package pkgs.sysstat pkgs.procps ]; @@ -189,7 +196,7 @@ in { serviceConfig.PermissionsStartOnly = true; }; - dd-jmxfetch = lib.mkIf (cfg.jmxConfig != null) (makeService { + dd-jmxfetch = lib.mkIf (lib.hasAttr "jmx" cfg.checks) (makeService { description = "Datadog JMX Fetcher"; path = [ cfg.package pkgs.python pkgs.sysstat pkgs.procps pkgs.jdk ]; serviceConfig.ExecStart = "${cfg.package}/bin/dd-jmxfetch"; -- cgit 1.4.1 From 5b748bd8fa517fa16d0fdb60fd5a83d4d1717efe Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 9 Aug 2018 16:01:12 +0200 Subject: nixos/datadog-agent: Add option to configure datadog integrations Introduces an option `services.datadog-agent.extraIntegrations` that can be set to include additional Datadog agent integrations from the integrations-core repository. Documentation and an example is provided with the change. Relates to NixOS/nixpkgs#40399 --- .../modules/services/monitoring/datadog-agent.nix | 48 +++++++++++++++++----- 1 file changed, 38 insertions(+), 10 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/monitoring/datadog-agent.nix b/nixos/modules/services/monitoring/datadog-agent.nix index 6b7359934f5c..f8ee34ebdf88 100644 --- a/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixos/modules/services/monitoring/datadog-agent.nix @@ -38,6 +38,12 @@ let target = "datadog-agent/datadog.yaml"; }] ++ makeCheckConfigs (cfg.checks // defaultChecks); + # Apply the configured extraIntegrations to the provided agent + # package. See the documentation of `dd-agent/integrations-core.nix` + # for detailed information on this. + datadogPkg = cfg.package.overrideAttrs(_: { + python = (pkgs.datadog-integrations-core cfg.extraIntegrations).python; + }); in { options.services.datadog-agent = { enable = mkOption { @@ -52,9 +58,10 @@ in { default = pkgs.datadog-agent; defaultText = "pkgs.datadog-agent"; description = '' - Which DataDog v6 agent package to use. - Override the pythonPackages argument - of this derivation to include more checks. + Which DataDog v6 agent package to use. Note that the provided + package is expected to have an overridable `python`-attribute + which configures the Python environment with the Datadog + checks. ''; type = types.package; }; @@ -88,6 +95,27 @@ in { type = types.nullOr (types.enum ["DEBUG" "INFO" "WARN" "ERROR"]); }; + extraIntegrations = mkOption { + default = {}; + type = types.attrs; + + description = '' + Extra integrations from the Datadog core-integrations + repository that should be built and included. + + By default the included integrations are disk, mongo, network, + nginx and postgres. + + To include additional integrations the name of the derivation + and a function to filter its dependencies from the Python + package set must be provided. + ''; + + example = { + ntp = (pythonPackages: [ pythonPackages.ntplib ]); + }; + }; + extraConfig = mkOption { default = {}; type = types.attrs; @@ -157,7 +185,7 @@ in { }; }; config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package pkgs.sysstat pkgs.procps ]; + environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps ]; users.extraUsers.datadog = { description = "Datadog Agent User"; @@ -171,7 +199,7 @@ in { systemd.services = let makeService = attrs: recursiveUpdate { - path = [ cfg.package pkgs.python pkgs.sysstat pkgs.procps ]; + path = [ datadogPkg pkgs.python pkgs.sysstat pkgs.procps ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "datadog"; @@ -180,7 +208,7 @@ in { RestartSec = 2; PrivateTmp = true; }; - restartTriggers = [ cfg.package ] ++ map (etc: etc.source) etcfiles; + restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles; } attrs; in { datadog-agent = makeService { @@ -190,16 +218,16 @@ in { rm -f /etc/datadog-agent/auth_token ''; script = '' - export DD_API_KEY=$(head -n1 ${cfg.apiKeyFile}) - exec ${cfg.package}/bin/agent start -c /etc/datadog-agent/datadog.yaml + export DD_API_KEY=$(head -n 1 ${cfg.apiKeyFile}) + exec ${datadogPkg}/bin/agent start -c /etc/datadog-agent/datadog.yaml ''; serviceConfig.PermissionsStartOnly = true; }; dd-jmxfetch = lib.mkIf (lib.hasAttr "jmx" cfg.checks) (makeService { description = "Datadog JMX Fetcher"; - path = [ cfg.package pkgs.python pkgs.sysstat pkgs.procps pkgs.jdk ]; - serviceConfig.ExecStart = "${cfg.package}/bin/dd-jmxfetch"; + path = [ datadogPkg pkgs.python pkgs.sysstat pkgs.procps pkgs.jdk ]; + serviceConfig.ExecStart = "${datadogPkg}/bin/dd-jmxfetch"; }); }; -- cgit 1.4.1 From 56ad359d93caeb3d8f41fd449193fd0adceeb669 Mon Sep 17 00:00:00 2001 From: "(cdep)illabout" Date: Sat, 11 Aug 2018 02:48:29 +0900 Subject: virtualization: update the virtualbox-host module to use the extension pack if enabled. --- nixos/modules/virtualisation/virtualbox-host.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index 8adf3aa919d8..af0a27b0ad86 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -6,7 +6,8 @@ let cfg = config.virtualisation.virtualbox.host; virtualbox = pkgs.virtualbox.override { - inherit (cfg) enableExtensionPack enableHardening headless; + inherit (cfg) enableHardening headless; + extensionPack = if cfg.enableExtensionPack then pkgs.virtualboxExtpack else null; }; kernelModules = config.boot.kernelPackages.virtualbox.override { @@ -28,7 +29,16 @@ in ''; }; - enableExtensionPack = mkEnableOption "VirtualBox extension pack"; + enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { + description = '' + Whether to install the Oracle Extension Pack for VirtualBox. + + + You must set nixpkgs.config.allowUnfree = true in + order to use this. This requires you accept the VirtualBox PUEL. + + ''; + }; addNetworkInterface = mkOption { type = types.bool; -- cgit 1.4.1 From 43595c7884533769a68f92359ca13f06dd62af97 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Mon, 13 Aug 2018 19:47:30 +0200 Subject: zfsLegacyCrypto: remove This package was only mandatory for migration for people on zfsUnstable in nixos unstable. --- nixos/modules/rename.nix | 1 + nixos/modules/tasks/filesystems/zfs.nix | 27 +-------------------------- pkgs/os-specific/linux/spl/default.nix | 7 ------- pkgs/os-specific/linux/zfs/default.nix | 26 +------------------------- pkgs/top-level/all-packages.nix | 6 +++--- 5 files changed, 6 insertions(+), 61 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 75f02ea78e64..f032f10e4557 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -256,6 +256,7 @@ with lib; (mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "") (mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "") (mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.") + (mkRemovedOptionModule [ "boot" "zfs" "enableLegacyCrypto" ] "The corresponding package was removed from nixpkgs.") # ZSH (mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ]) diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 7120856387ef..a7ed18a9bcda 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -23,11 +23,7 @@ let kernel = config.boot.kernelPackages; - packages = if config.boot.zfs.enableLegacyCrypto then { - spl = kernel.splLegacyCrypto; - zfs = kernel.zfsLegacyCrypto; - zfsUser = pkgs.zfsLegacyCrypto; - } else if config.boot.zfs.enableUnstable then { + packages = if config.boot.zfs.enableUnstable then { spl = kernel.splUnstable; zfs = kernel.zfsUnstable; zfsUser = pkgs.zfsUnstable; @@ -117,27 +113,6 @@ in ''; }; - enableLegacyCrypto = mkOption { - type = types.bool; - default = false; - description = '' - Enabling this option will allow you to continue to use the old format for - encrypted datasets. With the inclusion of stability patches the format of - encrypted datasets has changed. They can still be accessed and mounted but - in read-only mode mounted. It is highly recommended to convert them to - the new format. - - This option is only for convenience to people that cannot convert their - datasets to the new format yet and it will be removed in due time. - - For migration strategies from old format to this new one, check the Wiki: - https://nixos.wiki/wiki/NixOS_on_ZFS#Encrypted_Dataset_Format_Change - - See https://github.com/zfsonlinux/zfs/pull/6864 for more details about - the stability patches. - ''; - }; - extraPools = mkOption { type = types.listOf types.str; default = []; diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix index 880da81c42e0..43711f92209f 100644 --- a/pkgs/os-specific/linux/spl/default.nix +++ b/pkgs/os-specific/linux/spl/default.nix @@ -73,11 +73,4 @@ in sha256 = "07qlx7l23y696gzyy7ynly7n1141w66y21gkmxiia2xwldj8klkx"; patches = [ ./install_prefix.patch ]; }; - - splLegacyCrypto = common { - version = "2018-01-24"; - rev = "23602fdb39e1254c669707ec9d2d0e6bcdbf1771"; - sha256 = "09py2dwj77f6s2qcnkwdslg5nxb3hq2bq39zpxpm6msqyifhl69h"; - patches = [ ./install_prefix.patch ]; - }; } diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 45edf8945c0e..9a1baf8f7b91 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -9,7 +9,7 @@ , gawk, gnugrep, gnused, systemd # Kernel dependencies -, kernel ? null, spl ? null, splUnstable ? null, splLegacyCrypto ? null +, kernel ? null, spl ? null, splUnstable ? null }: with stdenv.lib; @@ -194,28 +194,4 @@ in { spl = splUnstable; }; - - # TODO: Remove this module before 18.09 - # also remove boot.zfs.enableLegacyCrypto - zfsLegacyCrypto = common { - # comment/uncomment if breaking kernel versions are known - incompatibleKernelVersion = null; - - # this package should point to a version / git revision compatible with the latest kernel release - version = "2018-02-01"; - - rev = "4c46b99d24a6e71b3c72462c11cb051d0930ad60"; - sha256 = "011lcp2x44jgfzqqk2gjmyii1v7rxcprggv20prxa3c552drsx3c"; - isUnstable = true; - - extraPatches = [ - (fetchpatch { - url = "https://github.com/Mic92/zfs/compare/4c46b99d24a6e71b3c72462c11cb051d0930ad60...nixos-zfs-2018-02-01.patch"; - sha256 = "1gqmgqi39qhk5kbbvidh8f2xqq25vj58i9x0wjqvcx6a71qj49ch"; - }) - ]; - - spl = splLegacyCrypto; - }; - } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 74af33761c34..fab09745a426 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14024,7 +14024,7 @@ with pkgs; sch_cake = callPackage ../os-specific/linux/sch_cake { }; inherit (callPackage ../os-specific/linux/spl {}) - splStable splUnstable splLegacyCrypto; + splStable splUnstable; spl = splStable; @@ -14057,7 +14057,7 @@ with pkgs; inherit (callPackage ../os-specific/linux/zfs { configFile = "kernel"; inherit kernel spl; - }) zfsStable zfsUnstable zfsLegacyCrypto; + }) zfsStable zfsUnstable; zfs = zfsStable; }); @@ -14605,7 +14605,7 @@ with pkgs; inherit (callPackage ../os-specific/linux/zfs { configFile = "user"; - }) zfsStable zfsUnstable zfsLegacyCrypto; + }) zfsStable zfsUnstable; zfs = zfsStable; -- cgit 1.4.1 From 4360a87c45f69f7444c7b87546705de7fbc8681f Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Mon, 13 Aug 2018 20:40:45 +0200 Subject: linuxPackages.zfsUnstable: 2018-05-22 -> 2018-08-13 spl was merged into zfs master --- nixos/modules/tasks/filesystems/zfs.nix | 8 +- pkgs/os-specific/linux/spl/default.nix | 89 +++++------ .../linux/spl/install_prefix-0.7.9.patch | 162 --------------------- pkgs/os-specific/linux/zfs/default.nix | 23 +-- pkgs/top-level/all-packages.nix | 5 +- 5 files changed, 51 insertions(+), 236 deletions(-) delete mode 100644 pkgs/os-specific/linux/spl/install_prefix-0.7.9.patch (limited to 'nixos/modules') diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index a7ed18a9bcda..2b3b09d725c7 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -24,7 +24,7 @@ let kernel = config.boot.kernelPackages; packages = if config.boot.zfs.enableUnstable then { - spl = kernel.splUnstable; + spl = null; zfs = kernel.zfsUnstable; zfsUser = pkgs.zfsUnstable; } else { @@ -325,12 +325,12 @@ in virtualisation.lxd.zfsSupport = true; boot = { - kernelModules = [ "spl" "zfs" ] ; - extraModulePackages = with packages; [ spl zfs ]; + kernelModules = [ "zfs" ] ++ optional (!cfgZfs.enableUnstable) "spl"; + extraModulePackages = with packages; [ zfs ] ++ optional (!cfgZfs.enableUnstable) spl; }; boot.initrd = mkIf inInitrd { - kernelModules = [ "spl" "zfs" ]; + kernelModules = [ "zfs" ] ++ optional (!cfgZfs.enableUnstable) "spl"; extraUtilsCommands = '' copy_bin_and_libs ${packages.zfsUser}/sbin/zfs diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix index 43711f92209f..58c4fc53a419 100644 --- a/pkgs/os-specific/linux/spl/default.nix +++ b/pkgs/os-specific/linux/spl/default.nix @@ -6,71 +6,50 @@ with stdenv.lib; -let - common = { version - , sha256 - , rev ? "spl-${version}" - , broken ? false - , patches ? [] - }: stdenv.mkDerivation rec { - name = "spl-${version}-${kernel.version}"; +assert kernel != null; - src = fetchFromGitHub { - owner = "zfsonlinux"; - repo = "spl"; - inherit rev sha256; - }; +stdenv.mkDerivation rec { + name = "spl-${version}-${kernel.version}"; - inherit patches; + src = fetchFromGitHub { + owner = "zfsonlinux"; + repo = "spl"; + rev = "spl-0.7.9"; + sha256 = "0540m1dv9jvrzk9kw61glg0h0cwj976mr9zb42y3nh17k47ywff0"; + }; - nativeBuildInputs = [ autoreconfHook ] ++ kernel.moduleBuildDependencies; + patches = [ ./install_prefix.patch ]; - hardeningDisable = [ "fortify" "stackprotector" "pic" ]; + nativeBuildInputs = [ autoreconfHook ] ++ kernel.moduleBuildDependencies; - preConfigure = '' - substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid - substituteInPlace ./module/spl/spl-generic.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:${gawk}:/bin" - substituteInPlace ./module/splat/splat-vnode.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin" - substituteInPlace ./module/splat/splat-linux.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin" - ''; + hardeningDisable = [ "fortify" "stackprotector" "pic" ]; - configureFlags = [ - "--with-config=kernel" - "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source" - "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" - ]; + preConfigure = '' + substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid + substituteInPlace ./module/spl/spl-generic.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:${gawk}:/bin" + substituteInPlace ./module/splat/splat-vnode.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin" + substituteInPlace ./module/splat/splat-linux.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin" + ''; - enableParallelBuilding = true; + configureFlags = [ + "--with-config=kernel" + "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source" + "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; - meta = { - description = "Kernel module driver for solaris porting layer (needed by in-kernel zfs)"; + enableParallelBuilding = true; - longDescription = '' - This kernel module is a porting layer for ZFS to work inside the linux - kernel. - ''; + meta = { + description = "Kernel module driver for solaris porting layer (needed by in-kernel zfs)"; - inherit broken; + longDescription = '' + This kernel module is a porting layer for ZFS to work inside the linux + kernel. + ''; - homepage = http://zfsonlinux.org/; - platforms = platforms.linux; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ]; - }; + homepage = http://zfsonlinux.org/; + platforms = platforms.linux; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ]; }; -in - assert kernel != null; -{ - splStable = common { - version = "0.7.9"; - sha256 = "0540m1dv9jvrzk9kw61glg0h0cwj976mr9zb42y3nh17k47ywff0"; - patches = [ ./install_prefix-0.7.9.patch ]; - }; - - splUnstable = common { - version = "2018-05-07"; - rev = "1149b62d20b7ed9d8ae25d5da7a06213d79b7602"; - sha256 = "07qlx7l23y696gzyy7ynly7n1141w66y21gkmxiia2xwldj8klkx"; - patches = [ ./install_prefix.patch ]; - }; } diff --git a/pkgs/os-specific/linux/spl/install_prefix-0.7.9.patch b/pkgs/os-specific/linux/spl/install_prefix-0.7.9.patch deleted file mode 100644 index 114ca1231470..000000000000 --- a/pkgs/os-specific/linux/spl/install_prefix-0.7.9.patch +++ /dev/null @@ -1,162 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 4977448..ac17217 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -12,10 +12,10 @@ endif - if CONFIG_KERNEL - SUBDIRS += module - --extradir = @prefix@/src/spl-$(VERSION) -+extradir = @prefix@/libexec/spl - extra_HEADERS = spl.release.in spl_config.h.in - --kerneldir = @prefix@/src/spl-$(VERSION)/$(LINUX_VERSION) -+kerneldir = @prefix@/libexec/spl/$(LINUX_VERSION) - nodist_kernel_HEADERS = spl.release spl_config.h module/$(LINUX_SYMBOLS) - endif - -diff --git a/include/Makefile.am b/include/Makefile.am -index 3200222..4a47aaa 100644 ---- a/include/Makefile.am -+++ b/include/Makefile.am -@@ -13,6 +13,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include -+kerneldir = @prefix@/libexec/spl/include - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/fs/Makefile.am b/include/fs/Makefile.am -index e0da4b3..d6d7af0 100644 ---- a/include/fs/Makefile.am -+++ b/include/fs/Makefile.am -@@ -8,6 +8,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/fs -+kerneldir = @prefix@/libexec/spl/include/fs - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/linux/Makefile.am b/include/linux/Makefile.am -index 712e94e..4af9fb7 100644 ---- a/include/linux/Makefile.am -+++ b/include/linux/Makefile.am -@@ -18,6 +18,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/linux -+kerneldir = @prefix@/libexec/spl/include/linux - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/rpc/Makefile.am b/include/rpc/Makefile.am -index cfc8246..4fbd33d 100644 ---- a/include/rpc/Makefile.am -+++ b/include/rpc/Makefile.am -@@ -9,6 +9,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/rpc -+kerneldir = @prefix@/libexec/spl/include/rpc - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/sharefs/Makefile.am b/include/sharefs/Makefile.am -index 10e7093..febecdf 100644 ---- a/include/sharefs/Makefile.am -+++ b/include/sharefs/Makefile.am -@@ -8,6 +8,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/sharefs -+kerneldir = @prefix@/libexec/spl/include/sharefs - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/sys/Makefile.am b/include/sys/Makefile.am -index 73c4a84..31a9f50 100644 ---- a/include/sys/Makefile.am -+++ b/include/sys/Makefile.am -@@ -107,7 +107,7 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/sys -+kerneldir = @prefix@/libexec/spl/include/sys - kernel_HEADERS = $(KERNEL_H) - endif - -diff --git a/include/sys/fm/Makefile.am b/include/sys/fm/Makefile.am -index 2821cbe..a84ce8e 100644 ---- a/include/sys/fm/Makefile.am -+++ b/include/sys/fm/Makefile.am -@@ -9,6 +9,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/sys/fm -+kerneldir = @prefix@/libexec/spl/include/sys/fm - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/sys/fs/Makefile.am b/include/sys/fs/Makefile.am -index 581083e..0c35fb7 100644 ---- a/include/sys/fs/Makefile.am -+++ b/include/sys/fs/Makefile.am -@@ -8,6 +8,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/sys/fs -+kerneldir = @prefix@/libexec/spl/include/sys/fs - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/util/Makefile.am b/include/util/Makefile.am -index e2bf09f..3f5d6ce 100644 ---- a/include/util/Makefile.am -+++ b/include/util/Makefile.am -@@ -9,6 +9,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/util -+kerneldir = @prefix@/libexec/spl/include/util - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/include/vm/Makefile.am b/include/vm/Makefile.am -index 7faab0a..8148b3d 100644 ---- a/include/vm/Makefile.am -+++ b/include/vm/Makefile.am -@@ -10,6 +10,6 @@ USER_H = - EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) - - if CONFIG_KERNEL --kerneldir = @prefix@/src/spl-$(VERSION)/include/vm -+kerneldir = @prefix@/libexec/spl/include/vm - kernel_HEADERS = $(KERNEL_H) - endif -diff --git a/module/Makefile.in b/module/Makefile.in -index d4e62e1..73fa01c 100644 ---- a/module/Makefile.in -+++ b/module/Makefile.in -@@ -21,15 +21,15 @@ clean: - modules_install: - @# Install the kernel modules - $(MAKE) -C @LINUX_OBJ@ SUBDIRS=`pwd` $@ \ -- INSTALL_MOD_PATH=$(DESTDIR)$(INSTALL_MOD_PATH) \ -+ INSTALL_MOD_PATH=@prefix@/$(INSTALL_MOD_PATH) \ - INSTALL_MOD_DIR=$(INSTALL_MOD_DIR) \ - KERNELRELEASE=@LINUX_VERSION@ - @# Remove extraneous build products when packaging -- kmoddir=$(DESTDIR)$(INSTALL_MOD_PATH)/lib/modules/@LINUX_VERSION@; \ -- if [ -n "$(DESTDIR)" ]; then \ -+ kmoddir=@prefix@/$(INSTALL_MOD_PATH)/lib/modules/@LINUX_VERSION@; \ -+ if [ -n "@prefix@" ]; then \ - find $$kmoddir -name 'modules.*' | xargs $(RM); \ - fi -- sysmap=$(DESTDIR)$(INSTALL_MOD_PATH)/boot/System.map-@LINUX_VERSION@; \ -+ sysmap=@prefix@/$(INSTALL_MOD_PATH)/boot/System.map-@LINUX_VERSION@; \ - if [ -f $$sysmap ]; then \ - depmod -ae -F $$sysmap @LINUX_VERSION@; \ - fi diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 9a1baf8f7b91..776842da1dc4 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -9,7 +9,7 @@ , gawk, gnugrep, gnused, systemd # Kernel dependencies -, kernel ? null, spl ? null, splUnstable ? null +, kernel ? null, spl ? null }: with stdenv.lib; @@ -51,7 +51,7 @@ let ''; nativeBuildInputs = [ autoreconfHook nukeReferences ] - ++ optional buildKernel (kernel.moduleBuildDependencies ++ [ perl ]); + ++ optional buildKernel (kernel.moduleBuildDependencies ++ [ perl ]); buildInputs = optionals buildKernel [ spl ] ++ optionals buildUser [ zlib libuuid python attr ] @@ -93,7 +93,7 @@ let configureFlags = [ "--with-config=${configFile}" - ] ++ optionals buildUser [ + ] ++ optionals buildUser [ "--with-dracutdir=$(out)/lib/dracut" "--with-udevdir=$(out)/lib/udev" "--with-systemdunitdir=$(out)/etc/systemd/system" @@ -103,10 +103,11 @@ let "--sysconfdir=/etc" "--localstatedir=/var" "--enable-systemd" - ] ++ optionals buildKernel [ - "--with-spl=${spl}/libexec/spl" + ] ++ optionals buildKernel [ "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source" "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ] ++ optionals (buildKernel && spl != null) [ + "--with-spl=${spl}/libexec/spl" ]; enableParallelBuilding = true; @@ -179,19 +180,19 @@ in { incompatibleKernelVersion = null; # this package should point to a version / git revision compatible with the latest kernel release - version = "2018-05-22"; + version = "2018-08-13"; - rev = "ba863d0be4cbfbea938b10e49fb6ff459ac9ec20"; - sha256 = "11dhigw1gybalwg2m6si148b6w195dj2lw38snqf6576wb5zndd0"; + rev = "64e96969a88c21aebb2f8d982a8c345e55a2ae6c"; + sha256 = "164fvsf9zqvq3vafnvjxafjl8gihmfqfsjwsmky16i90a6hs96gf"; isUnstable = true; extraPatches = [ (fetchpatch { - url = "https://github.com/Mic92/zfs/compare/${rev}...nixos-zfs-2018-02-02.patch"; - sha256 = "1gqmgqi39qhk5kbbvidh8f2xqq25vj58i9x0wjqvcx6a71qj49ch"; + url = "https://github.com/Mic92/zfs/compare/${rev}...nixos-zfs-2018-08-13.patch"; + sha256 = "1sdcr1w2jp3djpwlf1f91hrxxmc34q0jl388smdkxh5n5bpw5gzw"; }) ]; - spl = splUnstable; + spl = null; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fab09745a426..2404a1507bff 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14023,10 +14023,7 @@ with pkgs; sch_cake = callPackage ../os-specific/linux/sch_cake { }; - inherit (callPackage ../os-specific/linux/spl {}) - splStable splUnstable; - - spl = splStable; + spl = callPackage ../os-specific/linux/spl { }; sysdig = callPackage ../os-specific/linux/sysdig {}; -- cgit 1.4.1 From a1762065c3696530789109d37781dedb0400e140 Mon Sep 17 00:00:00 2001 From: Michael Peyton Jones Date: Thu, 9 Aug 2018 15:17:43 +0100 Subject: redshift: install desktop files, and use absolute paths in them to avoid confusing geoclue agent --- nixos/modules/services/x11/redshift.nix | 3 +++ pkgs/applications/misc/redshift/default.nix | 9 +++++++++ 2 files changed, 12 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix index 30d853841ea4..b7dd7debcb63 100644 --- a/nixos/modules/services/x11/redshift.nix +++ b/nixos/modules/services/x11/redshift.nix @@ -116,6 +116,9 @@ in { } ]; + # needed so that .desktop files are installed, which geoclue cares about + environment.systemPackages = [ cfg.package ]; + services.geoclue2.enable = mkIf (cfg.provider == "geoclue2") true; systemd.user.services.redshift = diff --git a/pkgs/applications/misc/redshift/default.nix b/pkgs/applications/misc/redshift/default.nix index c6d3d6e1a9d5..b8c49cb02a69 100644 --- a/pkgs/applications/misc/redshift/default.nix +++ b/pkgs/applications/misc/redshift/default.nix @@ -61,6 +61,15 @@ stdenv.mkDerivation rec { postFixup = "wrapPythonPrograms"; + # the geoclue agent may inspect these paths and expect them to be + # valid without having the correct $PATH set + postInstall = '' + substituteInPlace $out/share/applications/redshift.desktop \ + --replace 'Exec=redshift' "Exec=$out/bin/redshift" + substituteInPlace $out/share/applications/redshift.desktop \ + --replace 'Exec=redshift-gtk' "Exec=$out/bin/redshift-gtk" + ''; + enableParallelBuilding = true; meta = with stdenv.lib; { -- cgit 1.4.1 From 316669327c6cb0e85dc522f0b7af55db33474553 Mon Sep 17 00:00:00 2001 From: Michael Peyton Jones Date: Thu, 9 Aug 2018 15:29:07 +0100 Subject: geoclue2 service: add option to run demo agent --- nixos/modules/services/desktops/geoclue2.nix | 39 ++++++++++++++++++---- .../services/x11/desktop-managers/gnome3.nix | 2 ++ 2 files changed, 34 insertions(+), 7 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/desktops/geoclue2.nix b/nixos/modules/services/desktops/geoclue2.nix index c5a000d5c6a7..dafb0af20756 100644 --- a/nixos/modules/services/desktops/geoclue2.nix +++ b/nixos/modules/services/desktops/geoclue2.nix @@ -4,6 +4,10 @@ with lib; +let + # the demo agent isn't built by default, but we need it here + package = pkgs.geoclue2.override { withDemoAgent = config.services.geoclue2.enableDemoAgent; }; +in { ###### interface @@ -21,21 +25,42 @@ with lib; ''; }; + enableDemoAgent = mkOption { + type = types.bool; + default = true; + description = '' + Whether to use the GeoClue demo agent. This should be + overridden by desktop environments that provide their own + agent. + ''; + }; + }; }; ###### implementation - config = mkIf config.services.geoclue2.enable { - environment.systemPackages = [ pkgs.geoclue2 ]; - - services.dbus.packages = [ pkgs.geoclue2 ]; - - systemd.packages = [ pkgs.geoclue2 ]; - + environment.systemPackages = [ package ]; + + services.dbus.packages = [ package ]; + + systemd.packages = [ package ]; + + # this needs to run as a user service, since it's associated with the + # user who is making the requests + systemd.user.services = mkIf config.services.geoclue2.enableDemoAgent { + "geoclue-agent" = { + description = "Geoclue agent"; + script = "${package}/libexec/geoclue-2.0/demos/agent"; + # this should really be `partOf = [ "geoclue.service" ]`, but + # we can't be part of a system service, and the agent should + # be okay with the main service coming and going + wantedBy = [ "default.target" ]; + }; + }; }; } diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 9fb8f44b2421..e000e34cafc4 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -93,6 +93,8 @@ in { services.udisks2.enable = true; services.accounts-daemon.enable = true; services.geoclue2.enable = mkDefault true; + # GNOME should have its own geoclue agent + services.geoclue2.enableDemoAgent = false; services.dleyna-renderer.enable = mkDefault true; services.dleyna-server.enable = mkDefault true; services.gnome3.at-spi2-core.enable = true; -- cgit 1.4.1 From 80d4fa725bc0a61c11c51a392c95561442d795f5 Mon Sep 17 00:00:00 2001 From: Michael Peyton Jones Date: Thu, 9 Aug 2018 15:50:53 +0100 Subject: localtime: simplify module a little --- nixos/modules/services/system/localtime.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/system/localtime.nix b/nixos/modules/services/system/localtime.nix index b9355bbb9441..c7e897c96448 100644 --- a/nixos/modules/services/system/localtime.nix +++ b/nixos/modules/services/system/localtime.nix @@ -22,14 +22,8 @@ in { config = mkIf cfg.enable { services.geoclue2.enable = true; - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.timedate1.set-timezone" - && subject.user == "localtimed") { - return polkit.Result.YES; - } - }); - ''; + # so polkit will pick up the rules + environment.systemPackages = [ pkgs.localtime ]; users.users = [{ name = "localtimed"; -- cgit 1.4.1 From c2b24892b0e59c02eff42085737483fd1d57788d Mon Sep 17 00:00:00 2001 From: Izorkin Date: Wed, 15 Aug 2018 19:46:47 +0300 Subject: syslog-ng: enable reload service --- nixos/modules/services/logging/syslog-ng.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules') diff --git a/nixos/modules/services/logging/syslog-ng.nix b/nixos/modules/services/logging/syslog-ng.nix index 21be286a6e98..8466ff4630af 100644 --- a/nixos/modules/services/logging/syslog-ng.nix +++ b/nixos/modules/services/logging/syslog-ng.nix @@ -88,6 +88,7 @@ in { StandardOutput = "null"; Restart = "on-failure"; ExecStart = "${cfg.package}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP ${pidFile}"; }; }; }; -- cgit 1.4.1 From 300fe1cc9a406784fc157461f13ddb7e7f00002f Mon Sep 17 00:00:00 2001 From: Izorkin Date: Wed, 15 Aug 2018 22:02:50 +0300 Subject: syslog-ng: fix reload service --- nixos/modules/services/logging/syslog-ng.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/logging/syslog-ng.nix b/nixos/modules/services/logging/syslog-ng.nix index 8466ff4630af..985b93a53746 100644 --- a/nixos/modules/services/logging/syslog-ng.nix +++ b/nixos/modules/services/logging/syslog-ng.nix @@ -88,7 +88,7 @@ in { StandardOutput = "null"; Restart = "on-failure"; ExecStart = "${cfg.package}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP ${pidFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP `${pkgs.coreutils}/bin/cat ${pidFile}`"; }; }; }; -- cgit 1.4.1 From 48a765e6412b0df2d7809a044ee713a59a428e15 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Wed, 15 Aug 2018 19:05:30 -0400 Subject: nixos/zeitgeist: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/desktops/zeitgeist.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 nixos/modules/services/desktops/zeitgeist.nix (limited to 'nixos/modules') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e19853efd73c..67d7d11e84ec 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -247,6 +247,7 @@ ./services/desktops/gnome3/tracker-miners.nix ./services/desktops/profile-sync-daemon.nix ./services/desktops/telepathy.nix + ./services/desktops/zeitgeist.nix ./services/development/bloop.nix ./services/development/hoogle.nix ./services/editors/emacs.nix diff --git a/nixos/modules/services/desktops/zeitgeist.nix b/nixos/modules/services/desktops/zeitgeist.nix new file mode 100644 index 000000000000..20c82ccdd56c --- /dev/null +++ b/nixos/modules/services/desktops/zeitgeist.nix @@ -0,0 +1,26 @@ +# Zeitgeist + +{ config, lib, pkgs, ... }: + +with lib; + +{ + ###### interface + + options = { + services.zeitgeist = { + enable = mkEnableOption "zeitgeist"; + }; + }; + + ###### implementation + + config = mkIf config.services.zeitgeist.enable { + + environment.systemPackages = [ pkgs.zeitgeist ]; + + services.dbus.packages = [ pkgs.zeitgeist ]; + + systemd.packages = [ pkgs.zeitgeist ]; + }; +} -- cgit 1.4.1 From aba87b85efaa1b2b31176ecbad4f6bf9a82f5d4a Mon Sep 17 00:00:00 2001 From: Okina Matara Date: Tue, 14 Aug 2018 23:19:31 -0500 Subject: nixos/hydron: Various tweaks Make timer persistent Start timer after hydron Change interval from hourly to weekly --- nixos/modules/services/web-servers/hydron.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix index c49efaede160..ed63230bc784 100644 --- a/nixos/modules/services/web-servers/hydron.nix +++ b/nixos/modules/services/web-servers/hydron.nix @@ -16,10 +16,10 @@ in with lib; { interval = mkOption { type = types.str; - default = "hourly"; + default = "weekly"; example = "06:00"; description = '' - How often we run hydron import and possibly fetch tags. Runs by default every hour. + How often we run hydron import and possibly fetch tags. Runs by default every week. The format is described in systemd.time @@ -137,9 +137,13 @@ in with lib; { systemd.timers.hydron-fetch = { description = "Automatically import paths into hydron and possibly fetch tags"; - after = [ "network.target" ]; + after = [ "network.target" "hydron.service" ]; wantedBy = [ "timers.target" ]; - timerConfig.OnCalendar = cfg.interval; + + timerConfig = { + Persistent = true; + OnCalendar = cfg.interval; + }; }; users = { -- cgit 1.4.1 From 51169880bd41b24642c5440c4d51c459aa2a8b05 Mon Sep 17 00:00:00 2001 From: Johannes Frankenau Date: Mon, 30 Jul 2018 20:13:32 +0200 Subject: nixos/samba: allow dummy conf file to be overridden This allows configuring samba clients on systems without a samba server. --- nixos/modules/services/network-filesystems/samba.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index b23266e8d43a..10dc58311212 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -214,12 +214,10 @@ in } ]; # Always provide a smb.conf to shut up programs like smbclient and smbspool. - environment.etc = singleton - { source = - if cfg.enable then configFile - else pkgs.writeText "smb-dummy.conf" "# Samba is disabled."; - target = "samba/smb.conf"; - }; + environment.etc."samba/smb.conf".source = mkOptionDefault ( + if cfg.enable then configFile + else pkgs.writeText "smb-dummy.conf" "# Samba is disabled." + ); } (mkIf cfg.enable { -- cgit 1.4.1 From b2f17900700931ccc7a31c766f32ecbc2a24d4b7 Mon Sep 17 00:00:00 2001 From: Johannes Frankenau Date: Mon, 30 Jul 2018 09:22:33 +0200 Subject: nixos/networkd: add missing options --- nixos/modules/system/boot/networkd.nix | 189 ++++++++++++++++++++++++++++----- 1 file changed, 160 insertions(+), 29 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ce770d067608..a3b7d7ba07ad 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -11,17 +11,29 @@ let checkLink = checkUnitConfig "Link" [ (assertOnlyFields [ "Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "Name" - "MTUBytes" "BitsPerSecond" "Duplex" "WakeOnLan" + "MTUBytes" "BitsPerSecond" "Duplex" "AutoNegotiation" "WakeOnLan" "Port" + "TCPSegmentationOffload" "TCP6SegmentationOffload" "GenericSegmentationOffload" + "GenericReceiveOffload" "LargeReceiveOffload" "RxChannels" "TxChannels" + "OtherChannels" "CombinedChannels" ]) - (assertValueOneOf "MACAddressPolicy" ["persistent" "random"]) + (assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"]) (assertMacAddress "MACAddress") - (assertValueOneOf "NamePolicy" [ - "kernel" "database" "onboard" "slot" "path" "mac" - ]) (assertByteFormat "MTUBytes") (assertByteFormat "BitsPerSecond") (assertValueOneOf "Duplex" ["half" "full"]) - (assertValueOneOf "WakeOnLan" ["phy" "magic" "off"]) + (assertValueOneOf "AutoNegotiation" boolValues) + (assertValueOneOf "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon" "off"]) + (assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"]) + (assertValueOneOf "TCPSegmentationOffload" boolValues) + (assertValueOneOf "TCP6SegmentationOffload" boolValues) + (assertValueOneOf "GenericSegmentationOffload" boolValues) + (assertValueOneOf "UDPSegmentationOffload" boolValues) + (assertValueOneOf "GenericReceiveOffload" boolValues) + (assertValueOneOf "LargeReceiveOffload" boolValues) + (range "RxChannels" 1 4294967295) + (range "TxChannels" 1 4294967295) + (range "OtherChannels" 1 4294967295) + (range "CombinedChannels" 1 4294967295) ]; checkNetdev = checkUnitConfig "Netdev" [ @@ -31,16 +43,21 @@ let (assertHasField "Name") (assertHasField "Kind") (assertValueOneOf "Kind" [ - "bridge" "bond" "vlan" "macvlan" "vxlan" "ipip" - "gre" "sit" "vti" "veth" "tun" "tap" "dummy" + "bond" "bridge" "dummy" "gre" "gretap" "ip6gre" "ip6tnl" "ip6gretap" "ipip" + "ipvlan" "macvlan" "macvtap" "sit" "tap" "tun" "veth" "vlan" "vti" "vti6" + "vxlan" "geneve" "vrf" "vcan" "vxcan" "wireguard" "netdevsim" ]) (assertByteFormat "MTUBytes") (assertMacAddress "MACAddress") ]; checkVlan = checkUnitConfig "VLAN" [ - (assertOnlyFields ["Id"]) + (assertOnlyFields ["Id" "GVRP" "MVRP" "LooseBinding" "ReorderHeader"]) (assertRange "Id" 0 4094) + (assertValueOneOf "GVRP" boolValues) + (assertValueOneOf "MVRP" boolValues) + (assertValueOneOf "LooseBinding" boolValues) + (assertValueOneOf "ReorderHeader" boolValues) ]; checkMacvlan = checkUnitConfig "MACVLAN" [ @@ -49,15 +66,41 @@ let ]; checkVxlan = checkUnitConfig "VXLAN" [ - (assertOnlyFields ["Id" "Group" "TOS" "TTL" "MacLearning"]) + (assertOnlyFields [ + "Id" "Remote" "Local" "TOS" "TTL" "MacLearning" "FDBAgeingSec" + "MaximumFDBEntries" "ReduceARPProxy" "L2MissNotification" + "L3MissNotification" "RouteShortCircuit" "UDPChecksum" + "UDP6ZeroChecksumTx" "UDP6ZeroChecksumRx" "RemoteChecksumTx" + "RemoteChecksumRx" "GroupPolicyExtension" "DestinationPort" "PortRange" + "FlowLabel" + ]) (assertRange "TTL" 0 255) (assertValueOneOf "MacLearning" boolValues) + (assertValueOneOf "ReduceARPProxy" boolValues) + (assertValueOneOf "L2MissNotification" boolValues) + (assertValueOneOf "L3MissNotification" boolValues) + (assertValueOneOf "RouteShortCircuit" boolValues) + (assertValueOneOf "UDPChecksum" boolValues) + (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) + (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) + (assertValueOneOf "RemoteChecksumTx" boolValues) + (assertValueOneOf "RemoteChecksumRx" boolValues) + (assertValueOneOf "GroupPolicyExtension" boolValues) + (assertRange "FlowLabel" 0 1048575) ]; checkTunnel = checkUnitConfig "Tunnel" [ - (assertOnlyFields ["Local" "Remote" "TOS" "TTL" "DiscoverPathMTU"]) + (assertOnlyFields [ + "Local" "Remote" "TOS" "TTL" "DiscoverPathMTU" "IPv6FlowLabel" "CopyDSCP" + "EncapsulationLimit" "Key" "InputKey" "OutputKey" "Mode" "Independent" + "AllowLocalRemote" + ]) (assertRange "TTL" 0 255) (assertValueOneOf "DiscoverPathMTU" boolValues) + (assertValueOneOf "CopyDSCP" boolValues) + (assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"]) + (assertValueOneOf "Independent" boolValues) + (assertValueOneOf "AllowLocalRemote" boolValues) ]; checkPeer = checkUnitConfig "Peer" [ @@ -66,10 +109,11 @@ let ]; tunTapChecks = [ - (assertOnlyFields ["OneQueue" "MultiQueue" "PacketInfo" "User" "Group"]) + (assertOnlyFields ["OneQueue" "MultiQueue" "PacketInfo" "VNetHeader" "User" "Group"]) (assertValueOneOf "OneQueue" boolValues) (assertValueOneOf "MultiQueue" boolValues) (assertValueOneOf "PacketInfo" boolValues) + (assertValueOneOf "VNetHeader" boolValues) ]; checkTun = checkUnitConfig "Tun" tunTapChecks; @@ -79,67 +123,121 @@ let checkBond = checkUnitConfig "Bond" [ (assertOnlyFields [ "Mode" "TransmitHashPolicy" "LACPTransmitRate" "MIIMonitorSec" - "UpDelaySec" "DownDelaySec" "GratuitousARP" + "UpDelaySec" "DownDelaySec" "LearnPacketIntervalSec" "AdSelect" + "FailOverMACPolicy" "ARPValidate" "ARPIntervalSec" "ARPIPTargets" + "ARPAllTargets" "PrimaryReselectPolicy" "ResendIGMP" "PacketsPerSlave" + "GratuitousARP" "AllSlavesActive" "MinLinks" ]) (assertValueOneOf "Mode" [ "balance-rr" "active-backup" "balance-xor" "broadcast" "802.3ad" "balance-tlb" "balance-alb" ]) (assertValueOneOf "TransmitHashPolicy" [ - "layer2" "layer3+4" "layer2+3" "encap2+3" "802.3ad" "encap3+4" + "layer2" "layer3+4" "layer2+3" "encap2+3" "encap3+4" ]) (assertValueOneOf "LACPTransmitRate" ["slow" "fast"]) + (assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"]) + (assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"]) + (assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"]) + (assertValueOneOf "ARPAllTargets" ["any" "all"]) + (assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"]) + (assertRange "ResendIGMP" 0 255) + (assertRange "PacketsPerSlave" 0 65535) + (assertRange "GratuitousARP" 0 255) + (assertValueOneOf "AllSlavesActive" boolValues) ]; checkNetwork = checkUnitConfig "Network" [ (assertOnlyFields [ - "Description" "DHCP" "DHCPServer" "IPForward" "IPMasquerade" "IPv4LL" "IPv4LLRoute" - "LLMNR" "MulticastDNS" "Domains" "Bridge" "Bond" "IPv6PrivacyExtensions" + "Description" "DHCP" "DHCPServer" "LinkLocalAddressing" "IPv4LLRoute" + "IPv6Token" "LLMNR" "MulticastDNS" "DNSOverTLS" "DNSSEC" + "DNSSECNegativeTrustAnchors" "LLDP" "EmitLLDP" "BindCarrier" "Address" + "Gateway" "DNS" "Domains" "NTP" "IPForward" "IPMasquerade" + "IPv6PrivacyExtensions" "IPv6AcceptRA" "IPv6DuplicateAddressDetection" + "IPv6HopLimit" "IPv4ProxyARP" "IPv6ProxyNDP" "IPv6ProxyNDPAddress" + "IPv6PrefixDelegation" "IPv6MTUBytes" "Bridge" "Bond" "VRF" "VLAN" + "IPVLAN" "MACVLAN" "VXLAN" "Tunnel" "ActiveSlave" "PrimarySlave" + "ConfigureWithoutCarrier" ]) - (assertValueOneOf "DHCP" ["both" "none" "v4" "v6"]) + # Note: For DHCP the values both, none, v4, v6 are deprecated + (assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6" "both" "none" "v4" "v6"]) (assertValueOneOf "DHCPServer" boolValues) + (assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6"]) + (assertValueOneOf "IPv4LLRoute" boolValues) + (assertValueOneOf "LLMNR" ["yes" "resolve" "no"]) + (assertValueOneOf "MulticastDNS" ["yes" "resolve" "no"]) + (assertValueOneOf "DNSOverTLS" ["opportunistic" "no"]) + (assertValueOneOf "DNSSEC" ["yes" "allow-downgrade" "no"]) + (assertValueOneOf "LLDP" ["yes" "routers-only" "no"]) + (assertValueOneOf "EmitLLDP" ["yes" "no" "nearest-bridge" "non-tpmr-bridge" "customer-bridge"]) (assertValueOneOf "IPForward" ["yes" "no" "ipv4" "ipv6"]) (assertValueOneOf "IPMasquerade" boolValues) - (assertValueOneOf "IPv4LL" boolValues) - (assertValueOneOf "IPv4LLRoute" boolValues) - (assertValueOneOf "LLMNR" boolValues) - (assertValueOneOf "MulticastDNS" boolValues) (assertValueOneOf "IPv6PrivacyExtensions" ["yes" "no" "prefer-public" "kernel"]) + (assertValueOneOf "IPv6AcceptRA" boolValues) + (assertValueOneOf "IPv4ProxyARP" boolValues) + (assertValueOneOf "IPv6ProxyNDP" boolValues) + (assertValueOneOf "IPv6PrefixDelegation" boolValues) + (assertValueOneOf "ActiveSlave" boolValues) + (assertValueOneOf "PrimarySlave" boolValues) + (assertValueOneOf "ConfigureWithoutCarrier" boolValues) ]; checkAddress = checkUnitConfig "Address" [ - (assertOnlyFields ["Address" "Peer" "Broadcast" "Label"]) + (assertOnlyFields [ + "Address" "Peer" "Broadcast" "Label" "PreferredLifetime" "Scope" + "HomeAddress" "DuplicateAddressDetection" "ManageTemporaryAddress" + "PrefixRoute" "AutoJoin" + ]) (assertHasField "Address") + (assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0]) + (assertValueOneOf "HomeAddress" boolValues) + (assertValueOneOf "DuplicateAddressDetection" boolValues) + (assertValueOneOf "ManageTemporaryAddress" boolValues) + (assertValueOneOf "PrefixRoute" boolValues) + (assertValueOneOf "AutoJoin" boolValues) ]; checkRoute = checkUnitConfig "Route" [ - (assertOnlyFields ["Gateway" "Destination" "Metric"]) + (assertOnlyFields [ + "Gateway" "GatewayOnlink" "Destination" "Source" "Metric" + "IPv6Preference" "Scope" "PreferredSource" "Table" "Protocol" "Type" + "InitialCongestionWindow" "InitialAdvertisedReceiveWindow" "QuickAck" + "MTUBytes" + ]) (assertHasField "Gateway") ]; checkDhcp = checkUnitConfig "DHCP" [ (assertOnlyFields [ - "UseDNS" "UseMTU" "SendHostname" "UseHostname" "UseDomains" "UseRoutes" - "CriticalConnections" "VendorClassIdentifier" "RequestBroadcast" - "RouteMetric" + "UseDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname" + "Hostname" "UseDomains" "UseRoutes" "UseTimezone" "CriticalConnection" + "ClientIdentifier" "VendorClassIdentifier" "UserClass" "DUIDType" + "DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable" + "ListenPort" "RapidCommit" ]) (assertValueOneOf "UseDNS" boolValues) + (assertValueOneOf "UseNTP" boolValues) (assertValueOneOf "UseMTU" boolValues) + (assertValueOneOf "Anonymize" boolValues) (assertValueOneOf "SendHostname" boolValues) (assertValueOneOf "UseHostname" boolValues) - (assertValueOneOf "UseDomains" boolValues) + (assertValueOneOf "UseDomains" ["yes" "no" "route"]) (assertValueOneOf "UseRoutes" boolValues) - (assertValueOneOf "CriticalConnections" boolValues) + (assertValueOneOf "UseTimezone" boolValues) + (assertValueOneOf "CriticalConnection" boolValues) (assertValueOneOf "RequestBroadcast" boolValues) + (assertRange "RouteTable" 0 4294967295) + (assertValueOneOf "RapidCommit" boolValues) ]; checkDhcpServer = checkUnitConfig "DHCPServer" [ (assertOnlyFields [ "PoolOffset" "PoolSize" "DefaultLeaseTimeSec" "MaxLeaseTimeSec" - "EmitDNS" "DNS" "EmitNTP" "NTP" "EmitTimezone" "Timezone" + "EmitDNS" "DNS" "EmitNTP" "NTP" "EmitRouter" "EmitTimezone" "Timezone" ]) (assertValueOneOf "EmitDNS" boolValues) (assertValueOneOf "EmitNTP" boolValues) + (assertValueOneOf "EmitRouter" boolValues) (assertValueOneOf "EmitTimezone" boolValues) ]; @@ -461,6 +559,36 @@ let ''; }; + bridge = mkOption { + default = [ ]; + type = types.listOf types.str; + description = '' + A list of bridge interfaces to be added to the network section of the + unit. See systemd.network + 5 for details. + ''; + }; + + bond = mkOption { + default = [ ]; + type = types.listOf types.str; + description = '' + A list of bond interfaces to be added to the network section of the + unit. See systemd.network + 5 for details. + ''; + }; + + vrf = mkOption { + default = [ ]; + type = types.listOf types.str; + description = '' + A list of vrf interfaces to be added to the network section of the + unit. See systemd.network + 5 for details. + ''; + }; + vlan = mkOption { default = [ ]; type = types.listOf types.str; @@ -619,6 +747,9 @@ let ${concatStringsSep "\n" (map (s: "Gateway=${s}") def.gateway)} ${concatStringsSep "\n" (map (s: "DNS=${s}") def.dns)} ${concatStringsSep "\n" (map (s: "NTP=${s}") def.ntp)} + ${concatStringsSep "\n" (map (s: "Bridge=${s}") def.bridge)} + ${concatStringsSep "\n" (map (s: "Bond=${s}") def.bond)} + ${concatStringsSep "\n" (map (s: "VRF=${s}") def.vrf)} ${concatStringsSep "\n" (map (s: "VLAN=${s}") def.vlan)} ${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)} ${concatStringsSep "\n" (map (s: "VXLAN=${s}") def.vxlan)} -- cgit 1.4.1 From 7952b51461c8ece7ebabe83e52ac682f2c179a01 Mon Sep 17 00:00:00 2001 From: Mitsuhiro Nakamura Date: Thu, 16 Aug 2018 17:48:35 +0900 Subject: accountsservice: fix a bug --- nixos/modules/services/desktops/accountsservice.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/desktops/accountsservice.nix b/nixos/modules/services/desktops/accountsservice.nix index 2a7450669ea0..a19ac2a50c2d 100644 --- a/nixos/modules/services/desktops/accountsservice.nix +++ b/nixos/modules/services/desktops/accountsservice.nix @@ -36,11 +36,11 @@ with lib; systemd.packages = [ pkgs.accountsservice ]; - systemd.services.accounts-daemon= { + systemd.services.accounts-daemon = { wantedBy = [ "graphical.target" ]; - } // (mkIf (!config.users.mutableUsers) { + } // (optionalAttrs (!config.users.mutableUsers) { environment.NIXOS_USERS_PURE = "true"; }); }; -- cgit 1.4.1 From 78fb4bd644dcb1dac30364ad04f16e4e28bc3669 Mon Sep 17 00:00:00 2001 From: Sarah Brofeldt Date: Sun, 12 Aug 2018 19:33:59 +0200 Subject: nixos/qemu-vm: Don't explicitly mknod /dev/vda* And don't need to source the uevent files anymore either since $MAJOR or $MINOR aren't used elsewhere. [dezgeg: The reason these are no longer needed is that 0d27df280f7ed5 switched /tmp to a devtmpfs which automatically creates such device nodes] --- nixos/modules/virtualisation/qemu-vm.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 0abf7b11703c..4e9c87222d0a 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -156,9 +156,6 @@ let --partition-guid=2:970C694F-AFD0-4B99-B750-CDB7A329AB6F \ --hybrid 2 \ --recompute-chs /dev/vda - . /sys/class/block/vda2/uevent - mknod /dev/vda2 b $MAJOR $MINOR - . /sys/class/block/vda/uevent ${pkgs.dosfstools}/bin/mkfs.fat -F16 /dev/vda2 export MTOOLS_SKIP_CHECK=1 ${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot -- cgit 1.4.1 From 6c84945099a9dd82d252e7b57f3fc3a8fbffd11e Mon Sep 17 00:00:00 2001 From: Mitsuhiro Nakamura Date: Thu, 16 Aug 2018 21:50:41 +0900 Subject: lightdm: fix typos --- nixos/modules/services/x11/display-managers/lightdm.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 6be15d8cdf46..06f017e9bf47 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -15,7 +15,7 @@ let inherit (pkgs) lightdm writeScript writeText; - # lightdm runs with clearenv(), but we need a few things in the enviornment for X to startup + # lightdm runs with clearenv(), but we need a few things in the environment for X to startup xserverWrapper = writeScript "xserver-wrapper" '' #! ${pkgs.bash}/bin/bash @@ -209,7 +209,7 @@ in services.dbus.enable = true; services.dbus.packages = [ lightdm ]; - # lightdm uses the accounts daemon to rember language/window-manager per user + # lightdm uses the accounts daemon to remember language/window-manager per user services.accounts-daemon.enable = true; security.pam.services.lightdm = { -- cgit 1.4.1 From 7fbdd7fcf4242f406182c4b2671f25e1d2c86397 Mon Sep 17 00:00:00 2001 From: Mitsuhiro Nakamura Date: Thu, 16 Aug 2018 17:56:44 +0900 Subject: lightdm: enable the accounts daemon to find dbus interface --- nixos/modules/services/desktops/accountsservice.nix | 6 ++++++ nixos/modules/services/x11/display-managers/lightdm.nix | 3 +++ 2 files changed, 9 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/services/desktops/accountsservice.nix b/nixos/modules/services/desktops/accountsservice.nix index a19ac2a50c2d..933b9da2c83c 100644 --- a/nixos/modules/services/desktops/accountsservice.nix +++ b/nixos/modules/services/desktops/accountsservice.nix @@ -32,6 +32,9 @@ with lib; environment.systemPackages = [ pkgs.accountsservice ]; + # Accounts daemon looks for dbus interfaces in $XDG_DATA_DIRS/accountsservice + environment.pathsToLink = [ "/share/accountsservice" ]; + services.dbus.packages = [ pkgs.accountsservice ]; systemd.packages = [ pkgs.accountsservice ]; @@ -40,6 +43,9 @@ with lib; wantedBy = [ "graphical.target" ]; + # Accounts daemon looks for dbus interfaces in $XDG_DATA_DIRS/accountsservice + environment.XDG_DATA_DIRS = "${config.system.path}/share"; + } // (optionalAttrs (!config.users.mutableUsers) { environment.NIXOS_USERS_PURE = "true"; }); diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 06f017e9bf47..dc82f7086c82 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -212,6 +212,9 @@ in # lightdm uses the accounts daemon to remember language/window-manager per user services.accounts-daemon.enable = true; + # Enable the accounts daemon to find lightdm's dbus interface + environment.systemPackages = [ lightdm ]; + security.pam.services.lightdm = { allowNullPassword = true; startSession = true; -- cgit 1.4.1 From 9a63f51454e54517e9987940825506bb49b690c4 Mon Sep 17 00:00:00 2001 From: Alex Whitt Date: Fri, 18 May 2018 21:36:34 -0400 Subject: nixos/synergy: Use graphical target (fixes #9468) --- nixos/modules/services/misc/synergy.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/misc/synergy.nix b/nixos/modules/services/misc/synergy.nix index 7e8eadbe5f37..b89cb41ac3ad 100644 --- a/nixos/modules/services/misc/synergy.nix +++ b/nixos/modules/services/misc/synergy.nix @@ -83,20 +83,20 @@ in config = mkMerge [ (mkIf cfgC.enable { - systemd.services."synergy-client" = { - after = [ "network.target" ]; + systemd.user.services."synergy-client" = { + after = [ "network.target" "graphical-session.target" ]; description = "Synergy client"; - wantedBy = optional cfgC.autoStart "multi-user.target"; + wantedBy = optional cfgC.autoStart "graphical-session.target"; path = [ pkgs.synergy ]; serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}''; serviceConfig.Restart = "on-failure"; }; }) (mkIf cfgS.enable { - systemd.services."synergy-server" = { - after = [ "network.target" ]; + systemd.user.services."synergy-server" = { + after = [ "network.target" "graphical-session.target" ]; description = "Synergy server"; - wantedBy = optional cfgS.autoStart "multi-user.target"; + wantedBy = optional cfgS.autoStart "graphical-session.target"; path = [ pkgs.synergy ]; serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }''; serviceConfig.Restart = "on-failure"; -- cgit 1.4.1 From e4f45891866976f4df72d9ab635659b6e8c380e1 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Thu, 16 Aug 2018 08:13:36 +0300 Subject: syslog-ng: fix reload service --- nixos/modules/services/logging/syslog-ng.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/logging/syslog-ng.nix b/nixos/modules/services/logging/syslog-ng.nix index 985b93a53746..65e103ac2ba5 100644 --- a/nixos/modules/services/logging/syslog-ng.nix +++ b/nixos/modules/services/logging/syslog-ng.nix @@ -85,10 +85,11 @@ in { after = [ "multi-user.target" ]; # makes sure hostname etc is set serviceConfig = { Type = "notify"; + PIDFile = pidFile; StandardOutput = "null"; Restart = "on-failure"; ExecStart = "${cfg.package}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP `${pkgs.coreutils}/bin/cat ${pidFile}`"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; }; }; }; -- cgit 1.4.1 From 571fb74f449aa173e231166515b41feb778524b8 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Fri, 17 Aug 2018 06:56:51 +0300 Subject: installer: Disable udisks Due to whoever-knows-what, udisks nowadays pulls in GTK+ et al. But it shouldn't be needed anyway in the installer, so disable it. --- nixos/modules/profiles/installation-device.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules') diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 57d947b52684..8e0e1ffb0c63 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -32,6 +32,7 @@ with lib; # Disable some other stuff we don't need. security.sudo.enable = false; + services.udisks2.enable = false; # Automatically log in at the virtual consoles. services.mingetty.autologinUser = "root"; -- cgit 1.4.1 From 58dc26180f43cd6565eb1049665daf2dbba83c5e Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Fri, 17 Aug 2018 07:43:58 +0300 Subject: nixos: Fix iso_graphical evaluation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I broke it: in job ‘nixos.iso_graphical.x86_64-linux’: The option `services.udisks2.enable' has conflicting definitions, in `/nix/store/bwcjw1ddj94q83vbbnq1nnrs5aisaw59-source/nixos/modules/profiles/installation-device.nix' and `/nix/store/bwcjw1ddj94q83vbbnq1nnrs5aisaw59-source/nixos/modules/services/x11/desktop-managers/plasma5.nix'. --- nixos/modules/profiles/installation-device.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 8e0e1ffb0c63..ff4a23a18d06 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -31,8 +31,8 @@ with lib; #services.rogue.enable = true; # Disable some other stuff we don't need. - security.sudo.enable = false; - services.udisks2.enable = false; + security.sudo.enable = mkDefault false; + services.udisks2.enable = mkDefault false; # Automatically log in at the virtual consoles. services.mingetty.autologinUser = "root"; -- cgit 1.4.1