diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-11-09 00:16:09 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-09 00:16:09 +0000 |
| commit | 8deed80953751f1a89e66d2f02743703fd0b00ff (patch) | |
| tree | 367287439f1ebf5424f5a9c43c60a1a5d23487b4 /nixos | |
| parent | c171316c93736ddd890b8ab5ed5630aa1cadd82e (diff) | |
| parent | 3e2445be79265715ba008a69c8e87209f486d7bb (diff) | |
Merge master into haskell-updates
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 32 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2211.section.md | 15 | ||||
| -rw-r--r-- | nixos/modules/config/sysctl.nix | 16 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/prometheus/default.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/blocky.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/torrent/transmission.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/invoiceplane.nix | 57 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 4 | ||||
| -rw-r--r-- | nixos/tests/zrepl.nix | 4 |
9 files changed, 123 insertions, 11 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 22aa1ec88fa8b..9c5db2f8a5869 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -891,6 +891,14 @@ </listitem> <listitem> <para> + The <literal>zrepl</literal> package has been updated from + 0.5.0 to 0.6.0. See the + <link xlink:href="https://zrepl.github.io/changelog.html">changelog</link> + for details. + </para> + </listitem> + <listitem> + <para> <literal>k3s</literal> no longer supports docker as runtime due to upstream dropping support. </para> @@ -938,6 +946,22 @@ </listitem> <listitem> <para> + <literal>signald</literal> has been bumped to + <literal>0.23.0</literal>. For the upgrade, a migration + process is necessary. It can be done by running a command like + this before starting <literal>signald.service</literal>: + </para> + <programlisting> +signald -d /var/lib/signald/db \ + --database sqlite:/var/lib/signald/db \ + --migrate-data +</programlisting> + <para> + For further information, please read the upstream changelogs. + </para> + </listitem> + <listitem> + <para> <literal>stylua</literal> no longer accepts <literal>lua52Support</literal> and <literal>luauSupport</literal> overrides, use @@ -1328,6 +1352,14 @@ the npm install step prunes dev dependencies. </para> </listitem> + <listitem> + <para> + boot.kernel.sysctl is defined as a freeformType and adds a + custom merge option for <quote>net.core.rmem_max</quote> + (taking the highest value defined to avoid conflicts between 2 + services trying to set that value) + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index b59ecc83e7dc1..6da6101572829 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -273,6 +273,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The default `kops` version is now 1.25.1 and support for 1.22 and older has been dropped. +- The `zrepl` package has been updated from 0.5.0 to 0.6.0. See the [changelog](https://zrepl.github.io/changelog.html) for details. + - `k3s` no longer supports docker as runtime due to upstream dropping support. - `cassandra_2_1` and `cassandra_2_2` have been removed. Please update to `cassandra_3_11` or `cassandra_3_0`. See the [changelog](https://github.com/apache/cassandra/blob/cassandra-3.11.14/NEWS.txt) for more information about the upgrade process. @@ -284,6 +286,17 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - `percona-server56` has been removed. Please migrate to `mysql` or `mariadb` if possible. +- `signald` has been bumped to `0.23.0`. For the upgrade, a migration process is necessary. It can be + done by running a command like this before starting `signald.service`: + + ``` + signald -d /var/lib/signald/db \ + --database sqlite:/var/lib/signald/db \ + --migrate-data + ``` + + For further information, please read the upstream changelogs. + - `stylua` no longer accepts `lua52Support` and `luauSupport` overrides, use `features` instead, which defaults to `[ "lua54" "luau" ]`. - `pkgs.fetchNextcloudApp` has been rewritten to circumvent impurities in e.g. tarballs from GitHub and to make it easier to @@ -393,4 +406,6 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The `nodePackages` package set now defaults to the LTS release in the `nodejs` package again, instead of being pinned to `nodejs-14_x`. Several updates to node2nix have been made for compatibility with newer Node.js and npm versions and a new `postRebuild` hook has been added for packages to perform extra build steps before the npm install step prunes dev dependencies. +- boot.kernel.sysctl is defined as a freeformType and adds a custom merge option for "net.core.rmem_max" (taking the highest value defined to avoid conflicts between 2 services trying to set that value) + <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index b4b2d0452c4f2..4346c88f7688c 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -21,11 +21,24 @@ in options = { boot.kernel.sysctl = mkOption { + type = types.submodule { + freeformType = types.attrsOf sysctlOption; + options."net.core.rmem_max" = mkOption { + type = types.nullOr types.ints.unsigned // { + merge = loc: defs: + foldl + (a: b: if b.value == null then null else lib.max a b.value) + 0 + (filterOverrides defs); + }; + default = null; + description = lib.mdDoc "The maximum socket receive buffer size. In case of conflicting values, the highest will be used."; + }; + }; default = {}; example = literalExpression '' { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } ''; - type = types.attrsOf sysctlOption; description = lib.mdDoc '' Runtime parameters of the Linux kernel, as set by {manpage}`sysctl(8)`. Note that sysctl @@ -35,6 +48,7 @@ in parameter may be a string, integer, boolean, or null (signifying the option will not appear at all). ''; + }; }; diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index 892d8e537ccf6..1dc6a65973d71 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -1822,7 +1822,7 @@ in RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; - SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; + SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; # prometheus-config-reload will activate after prometheus. However, what we diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix index 2acbcea2aa41d..9714485456161 100644 --- a/nixos/modules/services/networking/blocky.nix +++ b/nixos/modules/services/networking/blocky.nix @@ -10,7 +10,7 @@ let in { options.services.blocky = { - enable = mkEnableOption (lib.mdDoc "Fast and lightweight DNS proxy as ad-blocker for local network with many features"); + enable = mkEnableOption (lib.mdDoc "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"); settings = mkOption { type = format.type; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 5e0d13211bcf3..9b53f5de143d4 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -431,7 +431,7 @@ in # https://trac.transmissionbt.com/browser/trunk/libtransmission/tr-udp.c?rev=11956. # at least up to the values hardcoded here: (mkIf cfg.settings.utp-enabled { - "net.core.rmem_max" = mkDefault "4194304"; # 4MB + "net.core.rmem_max" = mkDefault 4194304; # 4MB "net.core.wmem_max" = mkDefault "1048576"; # 1MB }) (mkIf cfg.performanceNetParameters { diff --git a/nixos/modules/services/web-apps/invoiceplane.nix b/nixos/modules/services/web-apps/invoiceplane.nix index c54915b10a2db..8f0acbea4ee2f 100644 --- a/nixos/modules/services/web-apps/invoiceplane.nix +++ b/nixos/modules/services/web-apps/invoiceplane.nix @@ -184,6 +184,26 @@ let ''; }; + cron = { + + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Enable cron service which periodically runs Invoiceplane tasks. + Requires key taken from the administration page. Refer to + <https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices> + on how to configure it. + ''; + }; + + key = mkOption { + type = types.str; + description = lib.mdDoc "Cron key taken from the administration page."; + }; + + }; + }; }; @@ -224,8 +244,11 @@ in } { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.''; - }] - ) eachSite); + } + { assertion = cfg.cron.enable -> cfg.cron.key != null; + message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.''; + } + ]) eachSite); services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { enable = true; @@ -255,6 +278,7 @@ in } { + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -" "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -" @@ -284,6 +308,34 @@ in group = webserver.group; isSystemUser = true; }; + + } + { + + # Cron service implementation + + systemd.timers = mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "5m"; + Unit = "invoiceplane-cron-${hostName}.service"; + }; + }) + )) eachSite; + + systemd.services = + (mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { + serviceConfig = { + Type = "oneshot"; + User = user; + ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/index.php/invoices/cron/recur/${cfg.cron.key}"; + }; + }) + )) eachSite); + } (mkIf (cfg.webserver == "caddy") { @@ -302,6 +354,5 @@ in }; }) - ]); } diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index d524bee66c420..04599884f139c 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -823,9 +823,9 @@ in { ${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"''; ${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"''; ${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"''; - "--database-pass" = "\$${dbpass.arg}"; + "--database-pass" = "\"\$${dbpass.arg}\""; "--admin-user" = ''"${c.adminuser}"''; - "--admin-pass" = "\$${adminpass.arg}"; + "--admin-pass" = "\"\$${adminpass.arg}\""; "--data-dir" = ''"${datadir}/data"''; }); in '' diff --git a/nixos/tests/zrepl.nix b/nixos/tests/zrepl.nix index 0ed73fea34b0d..b16c7eddc7aec 100644 --- a/nixos/tests/zrepl.nix +++ b/nixos/tests/zrepl.nix @@ -58,8 +58,8 @@ import ./make-test-python.nix ( out = host.succeed("curl -f localhost:9811/metrics") assert ( - "zrepl_version_daemon" in out - ), "zrepl version metric was not found in Prometheus output" + "zrepl_start_time" in out + ), "zrepl start time metric was not found in Prometheus output" assert ( "zrepl_zfs_snapshot_duration_count{filesystem=\"test\"}" in out |