diff options
Diffstat (limited to 'nixos/modules')
33 files changed, 603 insertions, 70 deletions
diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 711576982ec39..8514f765e6107 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -14,6 +14,8 @@ let nvidiaForKernel = kernelPackages: if elem "nvidia" drivers then kernelPackages.nvidia_x11 + else if elem "nvidiaBeta" drivers then + kernelPackages.nvidia_x11_beta else if elem "nvidiaLegacy173" drivers then kernelPackages.nvidia_x11_legacy173 else if elem "nvidiaLegacy304" drivers then diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0ab2b8a76fc5b..919271cc4e96d 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -254,6 +254,7 @@ octoprint = 230; avahi-autoipd = 231; nntp-proxy = 232; + mjpg-streamer = 233; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index 18f270cd531b8..f12ecc1b88ec4 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -104,7 +104,7 @@ in nixosVersion = mkDefault (maybeEnv "NIXOS_VERSION" (cfg.nixosRelease + cfg.nixosVersionSuffix)); # Note: code names must only increase in alphabetical order. - nixosCodeName = "Emu"; + nixosCodeName = "Flounder"; }; # Generate /etc/os-release. See diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 69b96f55f783a..edfe2bb00c0b0 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -176,6 +176,7 @@ ./services/hardware/udisks2.nix ./services/hardware/upower.nix ./services/hardware/thermald.nix + ./services/logging/awstats.nix ./services/logging/fluentd.nix ./services/logging/klogd.nix ./services/logging/logcheck.nix @@ -219,6 +220,7 @@ ./services/misc/gitolite.nix ./services/misc/gpsd.nix ./services/misc/ihaskell.nix + ./services/misc/mantisbt.nix ./services/misc/mathics.nix ./services/misc/matrix-synapse.nix ./services/misc/mbpfan.nix @@ -329,6 +331,7 @@ ./services/networking/lambdabot.nix ./services/networking/libreswan.nix ./services/networking/mailpile.nix + ./services/networking/mjpg-streamer.nix ./services/networking/minidlna.nix ./services/networking/miniupnpd.nix ./services/networking/mstpd.nix @@ -438,6 +441,7 @@ ./services/web-servers/varnish/default.nix ./services/web-servers/winstone.nix ./services/web-servers/zope2.nix + ./services/x11/colord.nix ./services/x11/unclutter.nix ./services/x11/desktop-managers/default.nix ./services/x11/display-managers/auto.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 85435884b1993..0de6ca758c165 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -98,6 +98,9 @@ with lib; (mkRenamedOptionModule [ "services" "hostapd" "extraCfg" ] [ "services" "hostapd" "extraConfig" ]) + # Enlightenment + (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ]) + # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ]) (mkRemovedOptionModule [ "programs" "bash" "enable" ]) diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 40942644868a9..236206026c3f4 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -26,19 +26,11 @@ in ''; }; - stable = mkOption { - type = types.bool; - default = false; - description = '' - Enable the stable grsecurity patch, based on Linux 3.14. - ''; - }; - - testing = mkOption { - type = types.bool; - default = false; + kernelPatch = mkOption { + type = types.attrs; + example = lib.literalExample "pkgs.kernelPatches.grsecurity_4_1"; description = '' - Enable the testing grsecurity patch, based on Linux 4.0. + Grsecurity patch to use. ''; }; @@ -219,16 +211,7 @@ in config = mkIf cfg.enable { assertions = - [ { assertion = cfg.stable || cfg.testing; - message = '' - If grsecurity is enabled, you must select either the - stable patch (with kernel 3.14), or the testing patch (with - kernel 4.0) to continue. - ''; - } - { assertion = !(cfg.stable && cfg.testing); - message = "Select either one of the stable or testing patch"; - } + [ { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc); message = "You cannot enable both restrictProc and restrictProcWithGroup"; @@ -247,6 +230,8 @@ in } ]; + security.grsecurity.kernelPatch = lib.mkDefault pkgs.kernelPatches.grsecurity_latest; + systemd.services.grsec-lock = mkIf cfg.config.sysctl { description = "grsecurity sysctl-lock Service"; requires = [ "systemd-sysctl.service" ]; diff --git a/nixos/modules/services/backup/tarsnap.nix b/nixos/modules/services/backup/tarsnap.nix index 78776786468be..24892a2a59a14 100644 --- a/nixos/modules/services/backup/tarsnap.nix +++ b/nixos/modules/services/backup/tarsnap.nix @@ -293,7 +293,7 @@ in # make sure that the tarsnap server is reachable after systemd starts up # the service - therefore we sleep in a loop until we can ping the # endpoint. - preStart = "while ! ping -q -c 1 betatest-server.tarsnap.com &> /dev/null; do sleep 3; done"; + preStart = "while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done"; scriptArgs = "%i"; script = '' mkdir -p -m 0755 ${dirOf cfg.cachedir} diff --git a/nixos/modules/services/logging/awstats.nix b/nixos/modules/services/logging/awstats.nix new file mode 100644 index 0000000000000..8ab7e6acd98ef --- /dev/null +++ b/nixos/modules/services/logging/awstats.nix @@ -0,0 +1,123 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.awstats; + package = pkgs.awstats; +in + +{ + options.services.awstats = { + enable = mkOption { + type = types.bool; + default = cfg.service.enable; + description = '' + Enable the awstats program (but not service). + Currently only simple httpd (Apache) configs are supported, + and awstats plugins may not work correctly. + ''; + }; + vardir = mkOption { + type = types.path; + default = "/var/lib/awstats"; + description = "The directory where variable awstats data will be stored."; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Extra configuration to be appendend to awstats.conf."; + }; + + updateAt = mkOption { + type = types.nullOr types.string; + default = null; + example = "hourly"; + description = '' + Specification of the time at which awstats will get updated. + (in the format described by <citerefentry> + <refentrytitle>systemd.time</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>) + ''; + }; + + service = { + enable = mkOption { + type = types.bool; + default = false; + description = ''Enable the awstats web service. This switches on httpd.''; + }; + urlPrefix = mkOption { + type = types.string; + default = "/awstats"; + description = "The URL prefix under which the awstats service appears."; + }; + }; + }; + + + config = mkIf cfg.enable { + environment.systemPackages = [ package.bin ]; + /* TODO: + - heed config.services.httpd.logPerVirtualHost, etc. + - Can't AllowToUpdateStatsFromBrowser, as CGI scripts don't have permission + to read the logs, and our httpd config apparently doesn't an option for that. + */ + environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf" + { preferLocalBuild = true; } + ( let + cfg-httpd = config.services.httpd; + logFormat = + if cfg-httpd.logFormat == "combined" then "1" else + if cfg-httpd.logFormat == "common" then "4" else + throw "awstats service doesn't support Apache log format `${cfg-httpd.logFormat}`"; + in + '' + sed \ + -e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \ + -e 's|^\(DirIcons\)=.*$|\1="icons"|' \ + -e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \ + -e 's|^\(SiteDomain\)=.*$|\1="${cfg-httpd.hostName}"|' \ + -e 's|^\(LogFile\)=.*$|\1="${cfg-httpd.logDir}/access_log"|' \ + -e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \ + < '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out" + echo '${cfg.extraConfig}' >> "$out" + ''); + + # The httpd sub-service showing awstats. + services.httpd.enable = mkIf cfg.service.enable true; + services.httpd.extraSubservices = mkIf cfg.service.enable [ { function = { serverInfo, ... }: { + extraConfig = + '' + Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/" + Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/" + Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/" + ScriptAlias ${cfg.service.urlPrefix}/ "${package.out}/wwwroot/cgi-bin/" + + <Directory "${package.out}/wwwroot"> + Options None + AllowOverride None + Order allow,deny + Allow from all + </Directory> + ''; + startupScript = + let + inherit (serverInfo.serverConfig) user group; + in pkgs.writeScript "awstats_startup.sh" + '' + mkdir -p '${cfg.vardir}' + chown '${user}:${group}' '${cfg.vardir}' + ''; + };}]; + + systemd.services.awstats-update = mkIf (cfg.updateAt != null) { + description = "awstats log collector"; + script = "exec '${package.bin}/bin/awstats' -update -config=awstats.conf"; + startAt = cfg.updateAt; + }; + }; + +} + diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 404cdf0f564bc..bad9d527f9a1d 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -27,7 +27,7 @@ let mainCf = '' - compatibility_level = 2 + compatibility_level = 9999 mail_owner = ${user} default_privs = nobody diff --git a/nixos/modules/services/misc/autofs.nix b/nixos/modules/services/misc/autofs.nix index 3a95e92282004..8913030e0ea2f 100644 --- a/nixos/modules/services/misc/autofs.nix +++ b/nixos/modules/services/misc/autofs.nix @@ -79,6 +79,11 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; + preStart = '' + # There should be only one autofs service managed by systemd, so this should be safe. + rm -f /tmp/autofs-running + ''; + serviceConfig = { ExecStart = "${pkgs.autofs5}/sbin/automount ${if cfg.debug then "-d" else ""} -f -t ${builtins.toString cfg.timeout} ${autoMaster} ${if cfg.debug then "-l7" else ""}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index cc50bfbea5319..85b3ab6f92497 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -328,7 +328,7 @@ in { Group = cfg.group; TimeoutSec = "300"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; - ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\""; + ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\""; }; }; diff --git a/nixos/modules/services/misc/mantisbt.nix b/nixos/modules/services/misc/mantisbt.nix new file mode 100644 index 0000000000000..7e3474feb672c --- /dev/null +++ b/nixos/modules/services/misc/mantisbt.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.mantisbt; + + freshInstall = cfg.extraConfig == ""; + + # combined code+config directory + mantisbt = let + config_inc = pkgs.writeText "config_inc.php" ("<?php\n" + cfg.extraConfig); + src = pkgs.fetchurl { + url = "mirror://sourceforge/mantisbt/${name}.tar.gz"; + sha256 = "1pl6xn793p3mxc6ibpr2bhg85vkdlcf57yk7pfc399g47l8x4508"; + }; + name = "mantisbt-1.2.19"; + in + # We have to copy every time; otherwise config won't be found. + pkgs.runCommand name + { preferLocalBuild = true; allowSubstitutes = false; } + ('' + mkdir -p "$out" + cd "$out" + tar -xf '${src}' --strip-components=1 + ln -s '${config_inc}' config_inc.php + '' + + lib.optionalString (!freshInstall) "rm -r admin/" + ); +in +{ + options.services.mantisbt = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable the mantisbt web service. + This switches on httpd with PHP and database. + ''; + }; + urlPrefix = mkOption { + type = types.string; + default = "/mantisbt"; + description = "The URL prefix under which the mantisbt service appears."; + }; + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + The contents of config_inc.php, without leading <?php. + If left empty, the admin directory will be accessible. + ''; + }; + }; + + + config = mkIf cfg.enable { + services.mysql.enable = true; + services.httpd.enable = true; + services.httpd.enablePHP = true; + # The httpd sub-service showing mantisbt. + services.httpd.extraSubservices = [ { function = { ... }: { + extraConfig = + '' + Alias ${cfg.urlPrefix} "${mantisbt}" + ''; + };}]; + }; +} diff --git a/nixos/modules/services/misc/octoprint.nix b/nixos/modules/services/misc/octoprint.nix index 9cf46345c2289..8ab2a9307a719 100644 --- a/nixos/modules/services/misc/octoprint.nix +++ b/nixos/modules/services/misc/octoprint.nix @@ -6,12 +6,16 @@ let cfg = config.services.octoprint; - cfgUpdate = pkgs.writeText "octoprint-config.yaml" (builtins.toJSON { + baseConfig = { plugins.cura.cura_engine = "${pkgs.curaengine}/bin/CuraEngine"; server.host = cfg.host; server.port = cfg.port; webcam.ffmpeg = "${pkgs.ffmpeg}/bin/ffmpeg"; - }); + }; + + fullConfig = recursiveUpdate cfg.extraConfig baseConfig; + + cfgUpdate = pkgs.writeText "octoprint-config.yaml" (builtins.toJSON fullConfig); pluginsEnv = pkgs.python.buildEnv.override { extraLibs = cfg.plugins pkgs.octoprint-plugins; @@ -62,13 +66,18 @@ in }; plugins = mkOption { - #type = types.functionTo (types.listOf types.package); default = plugins: []; defaultText = "plugins: []"; example = literalExample "plugins: [ m3d-fio ]"; description = "Additional plugins."; }; + extraConfig = mkOption { + type = types.attrs; + default = {}; + description = "Extra options which are added to OctoPrint's YAML configuration file."; + }; + }; }; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index 976fd253a7cdd..7104a5796f761 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -51,7 +51,13 @@ let ''; carbonEnv = { - PYTHONPATH = "${pkgs.python27Packages.carbon}/lib/python2.7/site-packages"; + PYTHONPATH = let + cenv = pkgs.python.buildEnv.override { + extraLibs = [ pkgs.python27Packages.carbon ]; + }; + cenvPack = "${cenv}/${pkgs.python.sitePackages}"; + # opt/graphite/lib contains twisted.plugins.carbon-cache + in "${cenvPack}/opt/graphite/lib:${cenvPack}"; GRAPHITE_ROOT = dataDir; GRAPHITE_CONF_DIR = configDir; GRAPHITE_STORAGE_DIR = dataDir; @@ -445,10 +451,21 @@ in { after = [ "network-interfaces.target" ]; path = [ pkgs.perl ]; environment = { - PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages"; + PYTHONPATH = let + penv = pkgs.python.buildEnv.override { + extraLibs = [ + pkgs.python27Packages.graphite_web + pkgs.python27Packages.pysqlite + ]; + }; + penvPack = "${penv}/${pkgs.python.sitePackages}"; + # opt/graphite/webapp contains graphite/settings.py + # explicitly adding pycairo in path because it cannot be imported via buildEnv + in "${penvPack}/opt/graphite/webapp:${penvPack}:${pkgs.pycairo}/${pkgs.python.sitePackages}"; DJANGO_SETTINGS_MODULE = "graphite.settings"; GRAPHITE_CONF_DIR = configDir; GRAPHITE_STORAGE_DIR = dataDir; + LD_LIBRARY_PATH = "${pkgs.cairo}/lib"; }; serviceConfig = { ExecStart = '' @@ -486,9 +503,11 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" ]; environment = { - PYTHONPATH = - "${cfg.api.package}/lib/python2.7/site-packages:" + - concatMapStringsSep ":" (f: f + "/lib/python2.7/site-packages") cfg.api.finders; + PYTHONPATH = let + aenv = pkgs.python.buildEnv.override { + extraLibs = [ cfg.api.package pkgs.cairo ] ++ cfg.api.finders; + }; + in "${aenv}/${pkgs.python.sitePackages}"; GRAPHITE_API_CONFIG = graphiteApiConfig; LD_LIBRARY_PATH = "${pkgs.cairo}/lib"; }; diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index c724ee979c2d4..9bb28838878f9 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -49,7 +49,7 @@ in ''; }; resolverName = mkOption { - default = "opendns"; + default = "cisco"; type = types.nullOr types.string; description = '' The name of the upstream DNSCrypt resolver to use. See @@ -130,6 +130,9 @@ in ${pkgs.xz}/lib/liblzma.so.* mr, ${pkgs.libgcrypt}/lib/libgcrypt.so.* mr, ${pkgs.libgpgerror}/lib/libgpg-error.so.* mr, + ${pkgs.libcap}/lib/libcap.so.* mr, + ${pkgs.lz4}/lib/liblz4.so.* mr, + ${pkgs.attr}/lib/libattr.so.* mr, ${resolverListFile} r, } diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index e73316a9b1e8c..15ec9be801217 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -10,9 +10,10 @@ let extip = "EXTIP=\$(${pkgs.curl}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')"; - toOneZero = b: if b then "1" else "0"; + toYesNo = b: if b then "yes" else "no"; mkEndpointOpt = name: addr: port: { + enable = mkEnableOption name; name = mkOption { type = types.str; default = name; @@ -63,9 +64,9 @@ let } // mkEndpointOpt name "127.0.0.1" 0; i2pdConf = pkgs.writeText "i2pd.conf" '' - ipv6 = ${toOneZero cfg.enableIPv6} - notransit = ${toOneZero cfg.notransit} - floodfill = ${toOneZero cfg.floodfill} + ipv6 = ${toYesNo cfg.enableIPv6} + notransit = ${toYesNo cfg.notransit} + floodfill = ${toYesNo cfg.floodfill} ${if isNull cfg.port then "" else "port = ${toString cfg.port}"} ${flip concatMapStrings (collect (proto: proto ? port && proto ? address && proto ? name) cfg.proto) @@ -73,6 +74,7 @@ let [${proto.name}] address = ${proto.address} port = ${toString proto.port} + enabled = ${toYesNo proto.enable} '') } ''; diff --git a/nixos/modules/services/networking/mjpg-streamer.nix b/nixos/modules/services/networking/mjpg-streamer.nix new file mode 100644 index 0000000000000..9986f549aecf5 --- /dev/null +++ b/nixos/modules/services/networking/mjpg-streamer.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.mjpg-streamer; + +in { + + options = { + + services.mjpg-streamer = { + + enable = mkEnableOption "mjpg-streamer webcam streamer"; + + inputPlugin = mkOption { + type = types.str; + default = "input_uvc.so"; + description = '' + Input plugin. See plugins documentation for more information. + ''; + }; + + outputPlugin = mkOption { + type = types.str; + default = "output_http.so -w @www@ -n -p 5050"; + description = '' + Output plugin. <literal>@www@</literal> is substituted for default mjpg-streamer www directory. + See plugins documentation for more information. + ''; + }; + + user = mkOption { + type = types.str; + default = "mjpg-streamer"; + description = "mjpg-streamer user name."; + }; + + group = mkOption { + type = types.str; + default = "video"; + description = "mjpg-streamer group name."; + }; + + }; + + }; + + config = mkIf cfg.enable { + + users.extraUsers = optional (cfg.user == "mjpg-streamer") { + name = "mjpg-streamer"; + uid = config.ids.uids.mjpg-streamer; + group = cfg.group; + }; + + systemd.services.mjpg-streamer = { + description = "mjpg-streamer webcam streamer"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig.User = cfg.user; + serviceConfig.Group = cfg.group; + + script = '' + IPLUGIN="${cfg.inputPlugin}" + OPLUGIN="${cfg.outputPlugin}" + OPLUGIN="''${OPLUGIN//@www@/${pkgs.mjpg-streamer}/share/mjpg-streamer/www}" + exec ${pkgs.mjpg-streamer}/bin/mjpg_streamer -i "$IPLUGIN" -o "$OPLUGIN" + ''; + }; + + }; + +} diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix index e7301e9ef5f5c..7ec484941ede1 100644 --- a/nixos/modules/services/networking/vsftpd.nix +++ b/nixos/modules/services/networking/vsftpd.nix @@ -85,6 +85,9 @@ let ssl_enable=YES rsa_cert_file=${cfg.rsaCertFile} ''} + ${optionalString (cfg.rsaKeyFile != null) '' + rsa_private_key_file=${cfg.rsaKeyFile} + ''} ${optionalString (cfg.userlistFile != null) '' userlist_file=${cfg.userlistFile} ''} @@ -147,6 +150,12 @@ in description = "RSA certificate file."; }; + rsaKeyFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "RSA private key file."; + }; + anonymousUmask = mkOption { type = types.string; default = "077"; diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 80d11565e47d9..9fb854e50cfb1 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -238,7 +238,8 @@ in example = literalExample "[ pkgs.splix ]"; description = '' CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript - and Samba are added unconditionally. + and Samba are added unconditionally. For adding Gutenprint, see + <literal>gutenprint</literal>. ''; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/foswiki.nix b/nixos/modules/services/web-servers/apache-httpd/foswiki.nix new file mode 100644 index 0000000000000..8c1ac8935a47b --- /dev/null +++ b/nixos/modules/services/web-servers/apache-httpd/foswiki.nix @@ -0,0 +1,78 @@ +{ config, pkgs, lib, serverInfo, ... }: +let + inherit (pkgs) foswiki; + inherit (serverInfo.serverConfig) user group; + inherit (config) vardir; +in +{ + options.vardir = lib.mkOption { + type = lib.types.path; + default = "/var/www/foswiki"; + description = "The directory where variable foswiki data will be stored and served from."; + }; + + # TODO: this will probably need to be better customizable + extraConfig = + let httpd-conf = pkgs.runCommand "foswiki-httpd.conf" + { preferLocalBuild = true; } + '' + substitute '${foswiki}/foswiki_httpd_conf.txt' "$out" \ + --replace /var/www/foswiki/ "${vardir}/" + ''; + in + '' + RewriteEngine on + RewriteRule /foswiki/(.*) ${vardir}/$1 + + <Directory "${vardir}"> + Require all granted + </Directory> + + Include ${httpd-conf} + <Directory "${vardir}/pub"> + Options FollowSymlinks + </Directory> + ''; + + /** This handles initial setup and updates. + It will probably need some tweaking, maybe per-site. */ + startupScript = pkgs.writeScript "foswiki_startup.sh" ( + let storeLink = "${vardir}/package"; in + '' + [ -e '${storeLink}' ] || needs_setup=1 + mkdir -p '${vardir}' + cd '${vardir}' + ln -sf -T '${foswiki}' '${storeLink}' + + if [ -n "$needs_setup" ]; then # do initial setup + mkdir -p bin lib + # setup most of data/ as copies only + cp -r '${foswiki}'/data '${vardir}/' + rm -r '${vardir}'/data/{System,mime.types} + ln -sr -t '${vardir}/data/' '${storeLink}'/data/{System,mime.types} + + ln -sr '${storeLink}/locale' . + + mkdir pub + ln -sr '${storeLink}/pub/System' pub/ + + mkdir templates + ln -sr '${storeLink}'/templates/* templates/ + + ln -sr '${storeLink}/tools' . + + mkdir -p '${vardir}'/working/{logs,tmp} + ln -sr '${storeLink}/working/README' working/ # used to check dir validity + + chown -R '${user}:${group}' . + chmod +w -R . + fi + + # bin/* and lib/* shall always be overwritten, in case files are added + ln -srf '${storeLink}'/bin/* '${vardir}/bin/' + ln -srf '${storeLink}'/lib/* '${vardir}/lib/' + '' + /* Symlinking bin/ one-by-one ensures that ${vardir}/lib/LocalSite.cfg + is used instead of ${foswiki}/... */ + ); +} diff --git a/nixos/modules/services/x11/colord.nix b/nixos/modules/services/x11/colord.nix new file mode 100644 index 0000000000000..d9e81d7507250 --- /dev/null +++ b/nixos/modules/services/x11/colord.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.colord; + +in { + + options = { + + services.colord = { + enable = mkEnableOption "colord, the color management daemon"; + }; + + }; + + config = mkIf cfg.enable { + + services.dbus.packages = [ pkgs.colord ]; + + services.udev.packages = [ pkgs.colord ]; + + environment.systemPackages = [ pkgs.colord ]; + + systemd.services.colord = { + description = "Manage, Install and Generate Color Profiles"; + serviceConfig = { + Type = "dbus"; + BusName = "org.freedesktop.ColorManager"; + ExecStart = "${pkgs.colord}/libexec/colord"; + PrivateTmp = true; + }; + }; + + }; + +} diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix index 3e91450a39d22..1ea7b5ccf16aa 100644 --- a/nixos/modules/services/x11/desktop-managers/default.nix +++ b/nixos/modules/services/x11/desktop-managers/default.nix @@ -19,7 +19,7 @@ in # E.g., if KDE is enabled, it supersedes xterm. imports = [ ./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./kde5.nix - ./e19.nix ./gnome3.nix ./kodi.nix + ./enlightenment.nix ./gnome3.nix ./kodi.nix ]; options = { diff --git a/nixos/modules/services/x11/desktop-managers/e19.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index 2d5c7b192bc66..c981b40f74a6a 100644 --- a/nixos/modules/services/x11/desktop-managers/e19.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -4,9 +4,9 @@ with lib; let + e = pkgs.enlightenment; xcfg = config.services.xserver; - cfg = xcfg.desktopManager.e19; - e19_enlightenment = pkgs.e19.enlightenment.override { set_freqset_setuid = true; }; + cfg = xcfg.desktopManager.enlightenment; GST_PLUGIN_PATH = lib.makeSearchPath "lib/gstreamer-1.0" [ pkgs.gst_all_1.gst-plugins-base pkgs.gst_all_1.gst-plugins-good @@ -18,10 +18,10 @@ in { options = { - services.xserver.desktopManager.e19.enable = mkOption { + services.xserver.desktopManager.enlightenment.enable = mkOption { default = false; example = true; - description = "Enable the E19 desktop environment."; + description = "Enable the Enlightenment desktop environment."; }; }; @@ -29,8 +29,8 @@ in config = mkIf (xcfg.enable && cfg.enable) { environment.systemPackages = [ - pkgs.e19.efl pkgs.e19.evas pkgs.e19.emotion pkgs.e19.elementary e19_enlightenment - pkgs.e19.terminology pkgs.e19.econnman + e.efl e.evas e.emotion e.elementary e.enlightenment + e.terminology e.econnman pkgs.xorg.xauth # used by kdesu pkgs.gtk # To get GTK+'s themes. pkgs.tango-icon-theme @@ -42,7 +42,7 @@ in environment.pathsToLink = [ "/etc/enlightenment" "/etc/xdg" "/share/enlightenment" "/share/elementary" "/share/applications" "/share/locale" "/share/icons" "/share/themes" "/share/mime" "/share/desktop-directories" ]; services.xserver.desktopManager.session = [ - { name = "E19"; + { name = "Enlightenment"; start = '' # Set GTK_DATA_PREFIX so that GTK+ can find the themes export GTK_DATA_PREFIX=${config.system.path} @@ -53,17 +53,16 @@ in export GST_PLUGIN_PATH="${GST_PLUGIN_PATH}" # make available for D-BUS user services - #export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${pkgs.e19.efl}/share + #export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${e.efl}/share # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update - ${e19_enlightenment}/bin/enlightenment_start - waitPID=$! + exec ${e.enlightenment}/bin/enlightenment_start ''; }]; - security.setuidPrograms = [ "e19_freqset" ]; + security.setuidPrograms = [ "e_freqset" ]; environment.etc = singleton { source = "${pkgs.xkeyboard_config}/etc/X11/xkb"; @@ -75,13 +74,13 @@ in services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; - #services.dbus.packages = [ pkgs.efl ]; # dbus-1 folder is not in /etc but in /share, so needs fixing first + services.dbus.packages = [ e.efl ]; systemd.user.services.efreet = { enable = true; description = "org.enlightenment.Efreet"; serviceConfig = - { ExecStart = "${pkgs.e19.efl}/bin/efreetd"; + { ExecStart = "${e.efl}/bin/efreetd"; StandardOutput = "null"; }; }; @@ -90,7 +89,7 @@ in { enable = true; description = "org.enlightenment.Ethumb"; serviceConfig = - { ExecStart = "${pkgs.e19.efl}/bin/ethumbd"; + { ExecStart = "${e.efl}/bin/ethumbd"; StandardOutput = "null"; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 867dea63cc226..9891da2169ea5 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -128,6 +128,7 @@ in ++ lib.optional config.networking.networkmanager.enable kde5.plasma-nm ++ lib.optional config.hardware.pulseaudio.enable kde5.plasma-pa ++ lib.optional config.powerManagement.enable kde5.powerdevil + ++ lib.optional config.services.colord.enable kde5.colord-kde ++ lib.optionals config.services.samba.enable [ kde5.kdenetwork-filesharing pkgs.samba ] ++ lib.optionals cfg.phonon.gstreamer.enable diff --git a/nixos/modules/services/x11/window-managers/default.nix b/nixos/modules/services/x11/window-managers/default.nix index 26dfbb1f4e18d..63136beac7100 100644 --- a/nixos/modules/services/x11/window-managers/default.nix +++ b/nixos/modules/services/x11/window-managers/default.nix @@ -17,6 +17,7 @@ in ./fluxbox.nix ./herbstluftwm.nix ./i3.nix + ./jwm.nix ./metacity.nix ./openbox.nix ./notion.nix diff --git a/nixos/modules/services/x11/window-managers/jwm.nix b/nixos/modules/services/x11/window-managers/jwm.nix new file mode 100644 index 0000000000000..0e8dab2e9224d --- /dev/null +++ b/nixos/modules/services/x11/window-managers/jwm.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.xserver.windowManager.jwm; +in +{ + ###### interface + options = { + services.xserver.windowManager.jwm.enable = mkEnableOption "jwm"; + }; + + ###### implementation + config = mkIf cfg.enable { + services.xserver.windowManager.session = singleton { + name = "jwm"; + start = '' + ${pkgs.jwm}/bin/jwm & + waitPID=$! + ''; + }; + environment.systemPackages = [ pkgs.jwm ]; + }; +} diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index f31620df1d859..757d883373ac5 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -58,6 +58,7 @@ let # Add RAID mdadm tool. copy_bin_and_libs ${pkgs.mdadm}/sbin/mdadm + copy_bin_and_libs ${pkgs.mdadm}/sbin/mdmon # Copy udev. copy_bin_and_libs ${udev}/lib/systemd/systemd-udevd diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index 4d1466db22d0f..dd351306cb636 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -93,7 +93,7 @@ let config = { mountPoint = mkDefault name; device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType); - options = mkIf config.autoResize "x-nixos.autoresize"; + options = mkIf config.autoResize [ "x-nixos.autoresize" ]; # -F needed to allow bare block device without partitions formatOptions = mkIf ((builtins.substring 0 3 config.fsType) == "ext") (mkDefault "-F"); diff --git a/nixos/modules/tasks/swraid.nix b/nixos/modules/tasks/swraid.nix index 8e97289197188..d6cb1c96ef46a 100644 --- a/nixos/modules/tasks/swraid.nix +++ b/nixos/modules/tasks/swraid.nix @@ -12,4 +12,45 @@ cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/ ''; + systemd.services.mdadm-shutdown = { + wantedBy = [ "final.target"]; + after = [ "umount.target" ]; + + unitConfig = { + DefaultDependencies = false; + }; + + serviceConfig = { + Type = "oneshot"; + ExecStart = ''${pkgs.mdadm}/bin/mdadm --wait-clean --scan''; + }; + }; + + systemd.services."mdmon@" = { + description = "MD Metadata Monitor on /dev/%I"; + + unitConfig.DefaultDependencies = false; + + serviceConfig = { + Type = "forking"; + Environment = "IMSM_NO_PLATFORM=1"; + ExecStart = ''${pkgs.mdadm}/bin/mdmon --offroot --takeover %I''; + KillMode = "none"; + }; + }; + + systemd.services."mdadm-grow-continue@" = { + description = "Manage MD Reshape on /dev/%I"; + + unitConfig.DefaultDependencies = false; + + serviceConfig = { + ExecStart = ''${pkgs.mdadm}/bin/mdadm --grow --continue /dev/%I''; + StandardInput = "null"; + StandardOutput = "null"; + StandardError = "null"; + KillMode = "none"; + }; + }; + } diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index a895f66db8efa..35af905bc6287 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -40,7 +40,6 @@ let cfg = config.ec2; in # Force udev to exit to prevent random "Device or resource busy # while trying to open /dev/xvda" errors from fsck. udevadm control --exit || true - kill -9 -1 ''; boot.initrd.network.enable = true; diff --git a/nixos/modules/virtualisation/azure-agent-entropy.patch b/nixos/modules/virtualisation/azure-agent-entropy.patch new file mode 100644 index 0000000000000..2a7ad08a4afcd --- /dev/null +++ b/nixos/modules/virtualisation/azure-agent-entropy.patch @@ -0,0 +1,17 @@ +--- a/waagent 2016-03-12 09:58:15.728088851 +0200 ++++ a/waagent 2016-03-12 09:58:43.572680025 +0200 +@@ -6173,10 +6173,10 @@ + Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac])) + + # Consume Entropy in ACPI table provided by Hyper-V +- try: +- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) +- except: +- pass ++ #try: ++ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) ++ #except: ++ # pass + + Log("Probing for Azure environment.") + self.Endpoint = self.DoDhcpWork() diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 640519758c741..da97565fd6de2 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -14,6 +14,9 @@ let rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; }; + + patches = [ ./azure-agent-entropy.patch ]; + buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh nettools # for hostname @@ -54,9 +57,15 @@ in ###### interface - options.virtualisation.azure.agent.enable = mkOption { - default = false; - description = "Whether to enable the Windows Azure Linux Agent."; + options.virtualisation.azure.agent = { + enable = mkOption { + default = false; + description = "Whether to enable the Windows Azure Linux Agent."; + }; + verboseLogging = mkOption { + default = false; + description = "Whether to enable verbose logging."; + }; }; ###### implementation @@ -88,7 +97,7 @@ in Provisioning.DeleteRootPassword=n # Generate fresh host key pair. - Provisioning.RegenerateSshHostKeyPair=y + Provisioning.RegenerateSshHostKeyPair=n # Supported values are "rsa", "dsa" and "ecdsa". Provisioning.SshHostKeyPairType=ed25519 @@ -121,7 +130,7 @@ in Logs.Console=y # Enable verbose logging (y|n) - Logs.Verbose=n + Logs.Verbose=${if cfg.verboseLogging then "y" else "n"} # Root device timeout in seconds. OS.RootDeviceScsiTimeout=300 @@ -146,16 +155,30 @@ in systemd.targets.provisioned = { description = "Services Requiring Azure VM provisioning to have finished"; - wantedBy = [ "sshd.service" ]; - before = [ "sshd.service" ]; }; + systemd.services.consume-hypervisor-entropy = + { description = "Consume entropy in ACPI table provided by Hyper-V"; + + wantedBy = [ "sshd.service" "waagent.service" ]; + before = [ "sshd.service" "waagent.service" ]; + after = [ "local-fs.target" ]; + + path = [ pkgs.coreutils ]; + script = + '' + echo "Fetching entropy..." + cat /sys/firmware/acpi/tables/OEM0 > /dev/random + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + serviceConfig.StandardError = "journal+console"; + serviceConfig.StandardOutput = "journal+console"; + }; systemd.services.waagent = { - wantedBy = [ "sshd.service" ]; - before = [ "sshd.service" ]; - after = [ "ip-up.target" ]; - wants = [ "ip-up.target" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" "sshd.service" ]; path = [ pkgs.e2fsprogs ]; description = "Windows Azure Agent Service"; diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index 79d1f7d7cc43a..9dc0ce119929a 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -2,7 +2,7 @@ with lib; let - diskSize = "4096"; + diskSize = "30720"; in { system.build.azureImage = @@ -23,7 +23,7 @@ in postVM = '' mkdir -p $out - ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc -o subformat=fixed $diskImage $out/disk.vhd + ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd rm $diskImage ''; diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw"; |