diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-12-17 00:02:17 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-17 00:02:17 +0000 |
commit | 30b97b0e835b1ac4404fa0ef28df0b199f5d9b93 (patch) | |
tree | 4948199785b22f3298bca157b66d8c65d87a35af /nixos/modules | |
parent | 5bfe30aafaae2024e63bb2b047084a11c2fcd9af (diff) | |
parent | d154d50e2c1cd54a0097e57fcb7a9aecfc3cbf96 (diff) |
Merge master into staging-next
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/streamdeck-ui.nix | 14 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 20 | ||||
-rw-r--r-- | nixos/modules/services/backup/borgbackup.nix | 25 | ||||
-rw-r--r-- | nixos/modules/services/misc/atuin.nix | 85 |
5 files changed, 135 insertions, 10 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2500fe2a71f51..a621432327776 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -559,6 +559,7 @@ ./services/misc/airsonic.nix ./services/misc/ankisyncd.nix ./services/misc/apache-kafka.nix + ./services/misc/atuin.nix ./services/misc/autofs.nix ./services/misc/autorandr.nix ./services/misc/bazarr.nix diff --git a/nixos/modules/programs/streamdeck-ui.nix b/nixos/modules/programs/streamdeck-ui.nix index e933b899c55ec..113d1d49e151a 100644 --- a/nixos/modules/programs/streamdeck-ui.nix +++ b/nixos/modules/programs/streamdeck-ui.nix @@ -4,7 +4,8 @@ with lib; let cfg = config.programs.streamdeck-ui; -in { +in +{ options.programs.streamdeck-ui = { enable = mkEnableOption (lib.mdDoc "streamdeck-ui"); @@ -13,15 +14,20 @@ in { type = types.bool; description = lib.mdDoc "Whether streamdeck-ui should be started automatically."; }; + + package = mkPackageOption pkgs "streamdeck-ui" { + default = [ "streamdeck-ui" ]; + }; + }; config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ - streamdeck-ui - (mkIf cfg.autoStart (makeAutostartItem { name = "streamdeck-ui"; package = streamdeck-ui; })) + cfg.package + (mkIf cfg.autoStart (makeAutostartItem { name = "streamdeck-ui"; package = cfg.package; })) ]; - services.udev.packages = with pkgs; [ streamdeck-ui ]; + services.udev.packages = [ cfg.package ]; }; meta.maintainers = with maintainers; [ majiir ]; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 21e1749d85032..08b51788e0828 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -694,7 +694,7 @@ let optionalString (cfg.limits != []) '' session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits} '' + - optionalString (cfg.showMotd && config.users.motd != null) '' + optionalString (cfg.showMotd && (config.users.motd != null || config.users.motdFile != null)) '' session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd} '' + optionalString (cfg.enableAppArmor && config.security.apparmor.enable) '' @@ -775,7 +775,9 @@ let }; })); - motd = pkgs.writeText "motd" config.users.motd; + motd = if isNull config.users.motdFile + then pkgs.writeText "motd" config.users.motd + else config.users.motdFile; makePAMService = name: service: { name = "pam.d/${name}"; @@ -1199,12 +1201,26 @@ in description = lib.mdDoc "Message of the day shown to users when they log in."; }; + users.motdFile = mkOption { + default = null; + example = "/etc/motd"; + type = types.nullOr types.path; + description = lib.mdDoc "A file containing the message of the day shown to users when they log in."; + }; }; ###### implementation config = { + assertions = [ + { + assertion = isNull config.users.motd || isNull config.users.motdFile; + message = '' + Only one of users.motd and users.motdFile can be set. + ''; + } + ]; environment.systemPackages = # Include the PAM modules in the system path mostly for the manpages. diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index ea1d393c7b026..0ae3d4180ae75 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -19,7 +19,8 @@ let concatStringsSep " " (mapAttrsToList (x: y: "--keep-${x}=${toString y}") cfg.prune.keep); - mkBackupScript = cfg: '' + mkBackupScript = name: cfg: pkgs.writeShellScript "${name}-script" ('' + set -e on_exit() { exitStatus=$? @@ -61,7 +62,7 @@ let ${optionalString (cfg.prune.prefix != null) "--glob-archives ${escapeShellArg "${cfg.prune.prefix}*"}"} \ $extraPruneArgs ${cfg.postPrune} - ''; + ''); mkPassEnv = cfg: with cfg.encryption; if passCommand != null then @@ -73,12 +74,19 @@ let mkBackupService = name: cfg: let userHome = config.users.users.${cfg.user}.home; - in nameValuePair "borgbackup-job-${name}" { + backupJobName = "borgbackup-job-${name}"; + backupScript = mkBackupScript backupJobName cfg; + in nameValuePair backupJobName { description = "BorgBackup job ${name}"; path = with pkgs; [ borgbackup openssh ]; - script = mkBackupScript cfg; + script = "exec " + optionalString cfg.inhibitsSleep ''\ + ${pkgs.systemd}/bin/systemd-inhibit \ + --who="borgbackup" \ + --what="sleep" \ + --why="Scheduled backup" \ + '' + backupScript; serviceConfig = { User = cfg.user; Group = cfg.group; @@ -341,6 +349,15 @@ in { ''; }; + inhibitsSleep = mkOption { + default = false; + type = types.bool; + example = true; + description = lib.mdDoc '' + Prevents the system from sleeping while backing up. + ''; + }; + user = mkOption { type = types.str; description = lib.mdDoc '' diff --git a/nixos/modules/services/misc/atuin.nix b/nixos/modules/services/misc/atuin.nix new file mode 100644 index 0000000000000..c94852e3aad9c --- /dev/null +++ b/nixos/modules/services/misc/atuin.nix @@ -0,0 +1,85 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.atuin; +in +{ + options = { + services.atuin = { + enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin."); + + openRegistration = mkOption { + type = types.bool; + default = false; + description = mdDoc "Allow new user registrations with the atuin server."; + }; + + path = mkOption { + type = types.str; + default = ""; + description = mdDoc "A path to prepend to all the routes of the server."; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = mdDoc "The host address the atuin server should listen on."; + }; + + port = mkOption { + type = types.port; + default = 8888; + description = mdDoc "The port the atuin server should listen on."; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = mdDoc "Open ports in the firewall for the atuin server."; + }; + + }; + }; + + config = mkIf cfg.enable { + + # enable postgres to host atuin db + services.postgresql = { + enable = true; + ensureUsers = [{ + name = "atuin"; + ensurePermissions = { + "DATABASE atuin" = "ALL PRIVILEGES"; + }; + }]; + ensureDatabases = [ "atuin" ]; + }; + + systemd.services.atuin = { + description = "atuin server"; + after = [ "network.target" "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.atuin}/bin/atuin server start"; + RuntimeDirectory = "atuin"; + RuntimeDirectoryMode = "0700"; + DynamicUser = true; + }; + + environment = { + ATUIN_HOST = cfg.host; + ATUIN_PORT = toString cfg.port; + ATUIN_OPEN_REGISTRATION = boolToString cfg.openRegistration; + ATUIN_DB_URI = "postgresql:///atuin"; + ATUIN_PATH = cfg.path; + ATUIN_CONFIG_DIR = "/run/atuin"; # required to start, but not used as configuration is via environment variables + }; + }; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + + }; +} |