diff options
Diffstat (limited to 'nixos/modules/services/system')
7 files changed, 25 insertions, 8 deletions
diff --git a/nixos/modules/services/system/cachix-agent/default.nix b/nixos/modules/services/system/cachix-agent/default.nix index 196d3291d5555..f8020fe970f1b 100644 --- a/nixos/modules/services/system/cachix-agent/default.nix +++ b/nixos/modules/services/system/cachix-agent/default.nix @@ -49,6 +49,7 @@ in { config = mkIf cfg.enable { systemd.services.cachix-agent = { description = "Cachix Deploy Agent"; + wants = [ "network-online.target" ]; after = ["network-online.target"]; path = [ config.nix.package ]; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/system/cachix-watch-store.nix b/nixos/modules/services/system/cachix-watch-store.nix index 992a59cbc075b..d48af29465aa5 100644 --- a/nixos/modules/services/system/cachix-watch-store.nix +++ b/nixos/modules/services/system/cachix-watch-store.nix @@ -23,6 +23,14 @@ in ''; }; + signingKeyFile = mkOption { + type = types.nullOr types.path; + description = lib.mdDoc '' + Optional file containing a self-managed signing key to sign uploaded store paths. + ''; + default = null; + }; + compressionLevel = mkOption { type = types.nullOr types.int; description = lib.mdDoc "The compression level for ZSTD compression (between 0 and 16)"; @@ -53,6 +61,7 @@ in config = mkIf cfg.enable { systemd.services.cachix-watch-store-agent = { description = "Cachix watch store Agent"; + wants = [ "network-online.target" ]; after = [ "network-online.target" ]; path = [ config.nix.package ]; wantedBy = [ "multi-user.target" ]; @@ -69,7 +78,8 @@ in DynamicUser = true; LoadCredential = [ "cachix-token:${toString cfg.cachixTokenFile}" - ]; + ] + ++ lib.optional (cfg.signingKeyFile != null) "signing-key:${toString cfg.signingKeyFile}"; }; script = let @@ -80,6 +90,7 @@ in in '' export CACHIX_AUTH_TOKEN="$(<"$CREDENTIALS_DIRECTORY/cachix-token")" + ${lib.optionalString (cfg.signingKeyFile != null) ''export CACHIX_SIGNING_KEY="$(<"$CREDENTIALS_DIRECTORY/signing-key")"''} ${lib.escapeShellArgs command} ''; }; diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index 8d5b25e617625..b47ebc92f93a8 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -184,6 +184,11 @@ in aliases = [ "dbus.service" ]; + unitConfig = { + # We get errors when reloading the dbus-broker service + # if /tmp got remounted after this service started + RequiresMountsFor = [ "/tmp" ]; + }; # Don't restart dbus. Bad things tend to happen if we do. reloadIfChanged = true; restartTriggers = [ diff --git a/nixos/modules/services/system/kerberos/default.nix b/nixos/modules/services/system/kerberos/default.nix index 4ed48e463741a..486d4b49c195a 100644 --- a/nixos/modules/services/system/kerberos/default.nix +++ b/nixos/modules/services/system/kerberos/default.nix @@ -3,7 +3,7 @@ let inherit (lib) mkOption mkIf types length attrNames; cfg = config.services.kerberos_server; - kerberos = config.krb5.kerberos; + kerberos = config.security.krb5.package; aclEntry = { options = { diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index 837c59caa5620..ecafc92766704 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -4,7 +4,7 @@ let inherit (lib) mkIf concatStringsSep concatMapStrings toList mapAttrs mapAttrsToList; cfg = config.services.kerberos_server; - kerberos = config.krb5.kerberos; + kerberos = config.security.krb5.package; stateDir = "/var/heimdal"; aclFiles = mapAttrs (name: {acl, ...}: pkgs.writeText "${name}.acl" (concatMapStrings (( @@ -35,7 +35,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = - "${kerberos}/libexec/heimdal/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; + "${kerberos}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; restartTriggers = [ kdcConfFile ]; }; @@ -46,7 +46,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = - "${kerberos}/libexec/heimdal/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; + "${kerberos}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; restartTriggers = [ kdcConfFile ]; }; @@ -56,7 +56,7 @@ in preStart = '' mkdir -m 0755 -p ${stateDir} ''; - serviceConfig.ExecStart = "${kerberos}/libexec/heimdal/kpasswdd"; + serviceConfig.ExecStart = "${kerberos}/libexec/kpasswdd"; restartTriggers = [ kdcConfFile ]; }; diff --git a/nixos/modules/services/system/kerberos/mit.nix b/nixos/modules/services/system/kerberos/mit.nix index 112000140453f..a654bd1fe7e1b 100644 --- a/nixos/modules/services/system/kerberos/mit.nix +++ b/nixos/modules/services/system/kerberos/mit.nix @@ -4,7 +4,7 @@ let inherit (lib) mkIf concatStrings concatStringsSep concatMapStrings toList mapAttrs mapAttrsToList; cfg = config.services.kerberos_server; - kerberos = config.krb5.kerberos; + kerberos = config.security.krb5.package; stateDir = "/var/lib/krb5kdc"; PIDFile = "/run/kdc.pid"; aclMap = { diff --git a/nixos/modules/services/system/zram-generator.nix b/nixos/modules/services/system/zram-generator.nix index 10b9992375cc1..429531e5743d8 100644 --- a/nixos/modules/services/system/zram-generator.nix +++ b/nixos/modules/services/system/zram-generator.nix @@ -27,7 +27,7 @@ in config = lib.mkIf cfg.enable { system.requiredKernelConfig = with config.lib.kernelConfig; [ - (isModule "ZRAM") + (isEnabled "ZRAM") ]; systemd.packages = [ cfg.package ]; |