From c60dd90d1f04f58ad631a546e732bd1e706dbdf2 Mon Sep 17 00:00:00 2001 From: Ryan Horiguchi Date: Fri, 19 Apr 2024 18:37:19 +0200 Subject: nixos/adguardhome: update config to match new schema --- nixos/modules/services/networking/adguardhome.nix | 122 +++++++++++++--------- 1 file changed, 70 insertions(+), 52 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/networking/adguardhome.nix b/nixos/modules/services/networking/adguardhome.nix index 6958bcccf54cf..df9927351edc3 100644 --- a/nixos/modules/services/networking/adguardhome.nix +++ b/nixos/modules/services/networking/adguardhome.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.services.adguardhome; + settingsFormat = pkgs.formats.yaml { }; args = concatStringsSep " " ([ "--no-check-update" @@ -12,27 +13,33 @@ let "--config /var/lib/AdGuardHome/AdGuardHome.yaml" ] ++ cfg.extraArgs); - configFile = pkgs.writeTextFile { - name = "AdGuardHome.yaml"; - text = builtins.toJSON cfg.settings; - checkPhase = "${pkgs.adguardhome}/bin/adguardhome -c $out --check-config"; - }; - defaultBindPort = 3000; - -in -{ - - imports = - let cfgPath = [ "services" "adguardhome" ]; - in - [ - (mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "host" ]; to = cfgPath ++ [ "settings" "bind_host" ]; }) - (mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "port" ]; to = cfgPath ++ [ "settings" "bind_port" ]; }) - ]; - + settings = if (cfg.settings != null) then + cfg.settings // (if cfg.settings.schema_version < 23 then { + bind_host = cfg.host; + bind_port = cfg.port; + } else { + http.address = "${cfg.host}:${toString cfg.port}"; + }) + else + null; + + configFile = + (settingsFormat.generate "AdGuardHome.yaml" settings).overrideAttrs (_: { + checkPhase = "${cfg.package}/bin/adguardhome -c $out --check-config"; + }); +in { options.services.adguardhome = with types; { enable = mkEnableOption "AdGuard Home network-wide ad blocker"; + package = mkOption { + type = package; + default = pkgs.adguardhome; + defaultText = literalExpression "pkgs.adguardhome"; + description = '' + The package that runs adguardhome. + ''; + }; + openFirewall = mkOption { default = false; type = bool; @@ -43,8 +50,8 @@ in }; allowDHCP = mkOption { - default = cfg.settings.dhcp.enabled or false; - defaultText = literalExpression ''config.services.adguardhome.settings.dhcp.enabled or false''; + default = settings.dhcp.enabled or false; + defaultText = literalExpression "config.services.adguardhome.settings.dhcp.enabled or false"; type = bool; description = '' Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is @@ -65,32 +72,34 @@ in ''; }; + host = mkOption { + default = "0.0.0.0"; + type = str; + description = '' + Host address to bind HTTP server to. + ''; + }; + + port = mkOption { + default = 3000; + type = port; + description = '' + Port to serve HTTP pages on. + ''; + }; + settings = mkOption { default = null; type = nullOr (submodule { - freeformType = (pkgs.formats.yaml { }).type; + freeformType = settingsFormat.type; options = { schema_version = mkOption { - default = pkgs.adguardhome.schema_version; - defaultText = literalExpression "pkgs.adguardhome.schema_version"; + default = cfg.package.schema_version; + defaultText = literalExpression "cfg.package.schema_version"; type = int; description = '' Schema version for the configuration. - Defaults to the `schema_version` supplied by `pkgs.adguardhome`. - ''; - }; - bind_host = mkOption { - default = "0.0.0.0"; - type = str; - description = '' - Host address to bind HTTP server to. - ''; - }; - bind_port = mkOption { - default = defaultBindPort; - type = port; - description = '' - Port to serve HTTP pages on. + Defaults to the `schema_version` supplied by `cfg.package`. ''; }; }; @@ -107,7 +116,7 @@ in Set this to `null` (default) for a non-declarative configuration without any Nix-supplied values. - Declarative configurations are supplied with a default `schema_version`, `bind_host`, and `bind_port`. + Declarative configurations are supplied with a default `schema_version`, and `http.address`. ::: ''; }; @@ -124,17 +133,25 @@ in config = mkIf cfg.enable { assertions = [ { - assertion = cfg.settings != null -> cfg.mutableSettings - || (hasAttrByPath [ "dns" "bind_host" ] cfg.settings) - || (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings); - message = - "AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration"; + assertion = cfg.settings != null + -> !(hasAttrByPath [ "bind_host" ] cfg.settings); + message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.host'"; + } + { + assertion = cfg.settings != null + -> !(hasAttrByPath [ "bind_port" ] cfg.settings); + message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.port'"; + } + { + assertion = settings != null -> cfg.mutableSettings + || hasAttrByPath [ "dns" "bootstrap_dns" ] settings; + message = "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration"; } { - assertion = cfg.settings != null -> cfg.mutableSettings - || hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings; - message = - "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration"; + assertion = settings != null -> cfg.mutableSettings + || hasAttrByPath [ "dns" "bootstrap_dns" ] settings + && isList settings.dns.bootstrap_dns; + message = "AdGuard setting dns.bootstrap_dns needs to be a list"; } ]; @@ -147,7 +164,7 @@ in StartLimitBurst = 10; }; - preStart = optionalString (cfg.settings != null) '' + preStart = optionalString (settings != null) '' if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \ && [ "${toString cfg.mutableSettings}" = "1" ]; then # Writing directly to AdGuardHome.yaml results in empty file @@ -161,8 +178,9 @@ in serviceConfig = { DynamicUser = true; - ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}"; - AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; + ExecStart = "${cfg.package}/bin/adguardhome ${args}"; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] + ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; Restart = "always"; RestartSec = 10; RuntimeDirectory = "AdGuardHome"; @@ -170,6 +188,6 @@ in }; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.bind_port or defaultBindPort ]; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; }; } -- cgit 1.4.1 From c960becaf8b88b10550fe846c539ee0491ea499d Mon Sep 17 00:00:00 2001 From: Sandro Date: Sun, 28 Apr 2024 17:10:59 +0200 Subject: nixos/no-x-libs: add ffmpeg, ffmpeg_6, ffmpeg_7 --- nixos/modules/config/no-x-libs.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index c9a133d0558a5..b811823d698a1 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -31,8 +31,11 @@ with lib; cairo = super.cairo.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; }; fastfetch = super.fastfetch.override { vulkanSupport = false; waylandSupport = false; x11Support = false; }; + ffmpeg = super.ffmpeg.override { ffmpegVariant = "headless"; }; ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; }; ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; }; + ffmpeg_6 = super.ffmpeg_6.override { ffmpegVariant = "headless"; }; + ffmpeg_7 = super.ffmpeg_7.override { ffmpegVariant = "headless"; }; # dep of graphviz, libXpm is optional for Xpm support gd = super.gd.override { withXorg = false; }; ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; }; -- cgit 1.4.1 From d8e31f66170f106c559e7021f1dfcc71b58fab94 Mon Sep 17 00:00:00 2001 From: nicoo Date: Tue, 30 Apr 2024 15:56:27 +0000 Subject: nixos/systemd-boot: Avoid remote mypy executions (#263397) --- nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index 02540c362d318..cee8663f0040e 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -10,7 +10,9 @@ let # We check the source code in a derivation that does not depend on the # system configuration so that most users don't have to redo the check and require # the necessary dependencies. - checkedSource = pkgs.runCommand "systemd-boot" { } '' + checkedSource = pkgs.runCommand "systemd-boot" { + preferLocalBuild = true; + } '' install -m755 -D ${./systemd-boot-builder.py} $out ${lib.getExe pkgs.buildPackages.mypy} \ --no-implicit-optional \ -- cgit 1.4.1