diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2018-04-08 10:54:17 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2018-04-08 10:54:17 +0200 |
commit | 595a72589f038e4512ca12232009c97a47fba044 (patch) | |
tree | 079cdeab0e7722d19292fb7532adc42d77533d1f /nixos | |
parent | f9e17ca3f68b040bd0cf68c26104e4a5c9bc7b4f (diff) | |
parent | 62dc989963c67fe5564b30a2b4bf21ba49446eee (diff) |
Merge master into staging
Diffstat (limited to 'nixos')
-rwxr-xr-x | nixos/maintainers/scripts/gce/create-gce.sh | 4 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitweb.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/torrent/transmission.nix | 17 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/gitweb.nix | 29 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/lxqt.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/mate.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 9 | ||||
-rw-r--r-- | nixos/release.nix | 1 | ||||
-rw-r--r-- | nixos/tests/transmission.nix | 21 |
9 files changed, 64 insertions, 22 deletions
diff --git a/nixos/maintainers/scripts/gce/create-gce.sh b/nixos/maintainers/scripts/gce/create-gce.sh index ef1801fe54beb..0fd26d34d07f9 100755 --- a/nixos/maintainers/scripts/gce/create-gce.sh +++ b/nixos/maintainers/scripts/gce/create-gce.sh @@ -3,7 +3,7 @@ set -euo pipefail -BUCKET_NAME="${BUCKET_NAME:-nixos-images}" +BUCKET_NAME="${BUCKET_NAME:-nixos-cloud-images}" TIMESTAMP="$(date +%Y%m%d%H%M)" export TIMESTAMP @@ -19,5 +19,5 @@ img_name=$(basename "$img_path") img_id=$(echo "$img_name" | sed 's|.raw.tar.gz$||;s|\.|-|g;s|_|-|g') if ! gsutil ls "gs://${BUCKET_NAME}/$img_name"; then gsutil cp "$img_path" "gs://${BUCKET_NAME}/$img_name" + gsutil acl ch -u AllUsers:R "gs://${BUCKET_NAME}/$img_name" fi -gcloud compute images create "$img_id" --source-uri "gs://${BUCKET_NAME}/$img_name" diff --git a/nixos/modules/services/misc/gitweb.nix b/nixos/modules/services/misc/gitweb.nix index 8e4d85a1e15f7..b0e34a690ca50 100644 --- a/nixos/modules/services/misc/gitweb.nix +++ b/nixos/modules/services/misc/gitweb.nix @@ -28,6 +28,7 @@ in example = '' $feature{'highlight'}{'default'} = [1]; $feature{'ctags'}{'default'} = [1]; + $feature{'avatar'}{'default'} = ['gravatar']; ''; }; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 1cf85af2a06c3..0998d5a7107a7 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -21,6 +21,19 @@ let # for users in group "transmission" to have access to torrents fullSettings = { umask = 2; download-dir = downloadDir; incomplete-dir = incompleteDir; } // cfg.settings; + + # Directories transmission expects to exist and be ug+rwx. + directoriesToManage = [ homeDir settingsDir fullSettings.download-dir fullSettings.incomplete-dir ]; + + preStart = pkgs.writeScript "transmission-pre-start" '' + #!${pkgs.runtimeShell} + set -ex + for DIR in ${escapeShellArgs directoriesToManage}; do + mkdir -p "$DIR" + chmod 770 "$DIR" + done + cp -f ${settingsFile} ${settingsDir}/settings.json + ''; in { options = { @@ -89,9 +102,7 @@ in # 1) Only the "transmission" user and group have access to torrents. # 2) Optionally update/force specific fields into the configuration file. - serviceConfig.ExecStartPre = '' - ${pkgs.runtimeShell} -c "mkdir -p ${homeDir} ${settingsDir} ${fullSettings.download-dir} ${fullSettings.incomplete-dir} && chmod 770 ${homeDir} ${settingsDir} ${fullSettings.download-dir} ${fullSettings.incomplete-dir} && rm -f ${settingsDir}/settings.json && cp -f ${settingsFile} ${settingsDir}/settings.json" - ''; + serviceConfig.ExecStartPre = preStart; serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.port}"; serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; serviceConfig.User = "transmission"; diff --git a/nixos/modules/services/web-servers/nginx/gitweb.nix b/nixos/modules/services/web-servers/nginx/gitweb.nix index 344c1f7b8aa48..3dc3ebc7e4c2b 100644 --- a/nixos/modules/services/web-servers/nginx/gitweb.nix +++ b/nixos/modules/services/web-servers/nginx/gitweb.nix @@ -22,36 +22,31 @@ in config = mkIf config.services.nginx.gitweb.enable { - systemd.sockets.gitweb = { - description = "GitWeb Listen Socket"; - listenStreams = [ "/run/gitweb.sock" ]; - socketConfig = { - Accept = "false"; - SocketUser = "nginx"; - SocketGroup = "nginx"; - SocketMode = "0600"; - }; - wantedBy = [ "sockets.target" ]; - }; systemd.services.gitweb = { description = "GitWeb service"; - script = "${git}/share/gitweb/gitweb.cgi --fcgi"; + script = "${pkgs.git}/share/gitweb/gitweb.cgi --fastcgi --nproc=1"; + environment = { + FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock"; + }; serviceConfig = { - Type = "simple"; - StandardInput = "socket"; User = "nginx"; Group = "nginx"; + RuntimeDirectory = [ "gitweb" ]; }; + wantedBy = [ "multi-user.target" ]; }; services.nginx = { virtualHosts.default = { - locations."/gitweb" = { - root = "${pkgs.git}/share/gitweb"; + locations."/gitweb/" = { + root = "${pkgs.git}/share"; + tryFiles = "$uri @gitweb"; + }; + locations."@gitweb" = { extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile}; - fastcgi_pass unix:/run/gitweb.sock; + fastcgi_pass unix:/run/gitweb/gitweb.sock; ''; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/lxqt.nix b/nixos/modules/services/x11/desktop-managers/lxqt.nix index fb907618d35b7..2596ec4ad85cb 100644 --- a/nixos/modules/services/x11/desktop-managers/lxqt.nix +++ b/nixos/modules/services/x11/desktop-managers/lxqt.nix @@ -61,6 +61,8 @@ in environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + services.upower.enable = config.powerManagement.enable; }; + } diff --git a/nixos/modules/services/x11/desktop-managers/mate.nix b/nixos/modules/services/x11/desktop-managers/mate.nix index 0117dc9d132be..db83aaf3c19f3 100644 --- a/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixos/modules/services/x11/desktop-managers/mate.nix @@ -108,6 +108,8 @@ in services.gnome3.gnome-keyring.enable = true; services.upower.enable = config.powerManagement.enable; + security.pam.services."mate-screensaver".unixAuth = true; + environment.pathsToLink = [ "/share" ]; }; diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index eaf8b14cd8e10..0b6bec786da4c 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -57,6 +57,12 @@ in # Always include cryptsetup so that NixOps can use it. environment.systemPackages = [ pkgs.cryptsetup ]; + # Make sure GCE image does not replace host key that NixOps sets + environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' + [InstanceSetup] + set_host_keys = false + ''; + # Rely on GCP's firewall instead networking.firewall.enable = mkDefault false; @@ -69,6 +75,9 @@ in networking.usePredictableInterfaceNames = false; + # GC has 1460 MTU + networking.interfaces.eth0.mtu = 1460; + # allow the google-accounts-daemon to manage users users.mutableUsers = true; # and allow users to sudo without password diff --git a/nixos/release.nix b/nixos/release.nix index 22deea6fee057..c84853a142c17 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -383,6 +383,7 @@ in rec { tests.switchTest = callTest tests/switch-test.nix {}; tests.taskserver = callTest tests/taskserver.nix {}; tests.tomcat = callTest tests/tomcat.nix {}; + tests.transmission = callTest tests/transmission.nix {}; tests.udisks2 = callTest tests/udisks2.nix {}; tests.vault = callTest tests/vault.nix {}; tests.virtualbox = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/virtualbox.nix {}; diff --git a/nixos/tests/transmission.nix b/nixos/tests/transmission.nix new file mode 100644 index 0000000000000..34c49bd7f15b8 --- /dev/null +++ b/nixos/tests/transmission.nix @@ -0,0 +1,21 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "transmission"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ coconnor ]; + }; + + machine = { config, pkgs, ... }: { + imports = [ ../modules/profiles/minimal.nix ]; + + networking.firewall.allowedTCPPorts = [ 9091 ]; + + services.transmission.enable = true; + }; + + testScript = + '' + startAll; + $machine->waitForUnit("transmission"); + $machine->shutdown; + ''; +}) |