diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-06-19 00:03:05 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-19 00:03:05 +0000 |
commit | 446fc5bdf385135d124b80d5138df8175e727953 (patch) | |
tree | a41302becc2c6ae7cefe30301e6a16cf0bfcdc0d /nixos | |
parent | 5d55b71ae2ca47b44a2400d8b52aa3b3ad590267 (diff) | |
parent | d60c16acfeed7893f3a6972fdd6b7e7726a8f42d (diff) |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2411.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/search/qdrant.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/torrent/flood.nix | 85 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/akkoma.nix | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix | 6 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/flood.nix | 27 |
8 files changed, 121 insertions, 4 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 3219afc294c26..a9368566b60a9 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -15,6 +15,8 @@ - [Quickwit](https://quickwit.io), sub-second search & analytics engine on cloud storage. Available as [services.quickwit](options.html#opt-services.quickwit). +- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood). + - [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable). ## Backward Incompatibilities {#sec-release-24.11-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b20e98a9f229b..a008c3c5bdeae 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1316,6 +1316,7 @@ ./services/system/zram-generator.nix ./services/torrent/deluge.nix ./services/torrent/flexget.nix + ./services/torrent/flood.nix ./services/torrent/magnetico.nix ./services/torrent/opentracker.nix ./services/torrent/peerflix.nix diff --git a/nixos/modules/services/search/qdrant.nix b/nixos/modules/services/search/qdrant.nix index f28178a5f1751..41a4e9b41f6d9 100644 --- a/nixos/modules/services/search/qdrant.nix +++ b/nixos/modules/services/search/qdrant.nix @@ -60,6 +60,7 @@ in { config = mkIf cfg.enable { services.qdrant.settings = { + service.static_content_dir = mkDefault pkgs.qdrant-web-ui; storage.storage_path = mkDefault "/var/lib/qdrant/storage"; storage.snapshots_path = mkDefault "/var/lib/qdrant/snapshots"; # The following default values are the same as in the default config, diff --git a/nixos/modules/services/torrent/flood.nix b/nixos/modules/services/torrent/flood.nix new file mode 100644 index 0000000000000..213f4ef046483 --- /dev/null +++ b/nixos/modules/services/torrent/flood.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, utils, ... }: + +let + cfg = config.services.flood; +in +{ + meta.maintainers = with lib.maintainers; [ thiagokokada ]; + + options.services.flood = { + enable = lib.mkEnableOption "flood"; + package = lib.mkPackageOption pkgs "flood" { }; + openFirewall = lib.mkEnableOption "" // { + description = "Whether to open the firewall for the port in {option}`services.flood.port`."; + }; + port = lib.mkOption { + type = lib.types.int; + description = "Port to bind webserver."; + default = 3000; + example = 3001; + }; + host = lib.mkOption { + type = lib.types.str; + description = "Host to bind webserver."; + default = "localhost"; + example = "::"; + }; + extraArgs = lib.mkOption { + type = with lib.types; listOf str; + description = "Extra arguments passed to `flood`."; + default = [ ]; + example = [ "--baseuri=/" ]; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.flood = { + description = "A modern web UI for various torrent clients."; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + unitConfig = { + Documentation = "https://github.com/jesec/flood/wiki"; + }; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "3s"; + ExecStart = utils.escapeSystemdExecArgs ([ + (lib.getExe cfg.package) + "--host" + cfg.host + "--port" + (toString cfg.port) + "--rundir=/var/lib/flood" + ] ++ cfg.extraArgs); + + CapabilityBoundingSet = [ "" ]; + DynamicUser = true; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + StateDirectory = "flood"; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "@pkey" "~@privileged" ]; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ + cfg.port + ]; + }; +} + diff --git a/nixos/modules/services/web-apps/akkoma.nix b/nixos/modules/services/web-apps/akkoma.nix index 338e7c7383380..8ba3c7eaa1e6a 100644 --- a/nixos/modules/services/web-apps/akkoma.nix +++ b/nixos/modules/services/web-apps/akkoma.nix @@ -1136,6 +1136,6 @@ in { }; }; - meta.maintainers = with maintainers; [ mvs tcmal ]; + meta.maintainers = with maintainers; [ mvs ]; meta.doc = ./akkoma.md; } diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index cee8663f0040e..e73048dc2ecbe 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -323,15 +323,15 @@ in { assertions = [ { assertion = (hasPrefix "/" efi.efiSysMountPoint); - message = "The ESP mount point '${efi.efiSysMountPoint}' must be an absolute path"; + message = "The ESP mount point '${toString efi.efiSysMountPoint}' must be an absolute path"; } { assertion = cfg.xbootldrMountPoint == null || (hasPrefix "/" cfg.xbootldrMountPoint); - message = "The XBOOTLDR mount point '${cfg.xbootldrMountPoint}' must be an absolute path"; + message = "The XBOOTLDR mount point '${toString cfg.xbootldrMountPoint}' must be an absolute path"; } { assertion = cfg.xbootldrMountPoint != efi.efiSysMountPoint; - message = "The XBOOTLDR mount point '${cfg.xbootldrMountPoint}' cannot be the same as the ESP mount point '${efi.efiSysMountPoint}'"; + message = "The XBOOTLDR mount point '${toString cfg.xbootldrMountPoint}' cannot be the same as the ESP mount point '${toString efi.efiSysMountPoint}'"; } { assertion = (config.boot.kernelPackages.kernel.features or { efiBootStub = true; }) ? efiBootStub; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 746b29fd27258..708332a9317b5 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -328,6 +328,7 @@ in { firewall-nftables = handleTest ./firewall.nix { nftables = true; }; fish = handleTest ./fish.nix {}; flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {}; + flood = handleTest ./flood.nix {}; floorp = handleTest ./firefox.nix { firefoxPackage = pkgs.floorp; }; fluentd = handleTest ./fluentd.nix {}; fluidd = handleTest ./fluidd.nix {}; diff --git a/nixos/tests/flood.nix b/nixos/tests/flood.nix new file mode 100644 index 0000000000000..075d37e62835f --- /dev/null +++ b/nixos/tests/flood.nix @@ -0,0 +1,27 @@ +import ./make-test-python.nix ({ pkgs, ... }: +let + port = 3001; +in +{ + name = "flood"; + meta = { + maintainers = with pkgs.lib.maintainers; [ thiagokokada ]; + }; + + nodes.machine = { pkgs, ... }: { + services.flood = { + inherit port; + enable = true; + openFirewall = true; + extraArgs = [ "--baseuri=/" ]; + }; + }; + + testScript = /* python */ '' + machine.start() + machine.wait_for_unit("flood.service") + machine.wait_for_open_port(${toString port}) + + machine.succeed("curl --fail http://localhost:${toString port}") + ''; +}) |