From 6120738eaad48d46ec81f90c62762886fc557c37 Mon Sep 17 00:00:00 2001 From: linsui Date: Fri, 18 Nov 2022 10:53:56 +0800 Subject: nixos/firefox: fix "The option is used but not defined" --- nixos/modules/programs/firefox.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index 76e6c1a553f3a..c1bb0b3e36120 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -69,12 +69,13 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - environment.etc."firefox/policies/policies.json".source = - let policiesJSON = - policyFormat.generate - "firefox-policies.json" - { inherit (cfg) policies; }; - in mkIf (cfg.policies != {}) "${policiesJSON}"; + environment.etc = + let + policiesJSON = policyFormat.generate "firefox-policies.json" { inherit (cfg) policies; }; + in + mkIf (cfg.policies != { }) { + "firefox/policies/policies.json".source = "${policiesJSON}"; + }; # Preferences are converted into a policy programs.firefox.policies = -- cgit 1.4.1 From b9778b3a9555a571b019e4dec5434e5e470c1ece Mon Sep 17 00:00:00 2001 From: linsui Date: Fri, 18 Nov 2022 11:01:28 +0800 Subject: nixos/firefox: lint --- nixos/modules/programs/firefox.nix | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index c1bb0b3e36120..0d162922f57ae 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -15,15 +15,15 @@ let given control of your browser, unless of course they also control your NixOS configuration. ''; - -in { +in +{ options.programs.firefox = { enable = mkEnableOption (mdDoc "the Firefox web browser"); package = mkOption { - description = mdDoc "Firefox package to use."; type = types.package; default = pkgs.firefox; + description = mdDoc "Firefox package to use."; defaultText = literalExpression "pkgs.firefox"; relatedPackages = [ "firefox" @@ -37,6 +37,8 @@ in { }; policies = mkOption { + type = policyFormat.type; + default = { }; description = mdDoc '' Group policies to install. @@ -48,21 +50,19 @@ in { ${organisationInfo} ''; - type = policyFormat.type; - default = {}; }; preferences = mkOption { + type = with types; attrsOf (oneOf [ bool int string ]); + default = { }; description = mdDoc '' - Preferences to set from `about://config`. + Preferences to set from `about:config`. Some of these might be able to be configured more ergonomically using policies. ${organisationInfo} ''; - type = with types; attrsOf (oneOf [ bool int string ]); - default = {}; }; }; @@ -78,14 +78,11 @@ in { }; # Preferences are converted into a policy - programs.firefox.policies = - mkIf (cfg.preferences != {}) - { - Preferences = (mapAttrs (name: value: { - Value = value; - Status = "locked"; - }) cfg.preferences); - }; + programs.firefox.policies = mkIf (cfg.preferences != { }) { + Preferences = (mapAttrs + (name: value: { Value = value; Status = cfg.preferencesStatus; }) + cfg.preferences); + }; }; meta.maintainers = with maintainers; [ danth ]; -- cgit 1.4.1 From 958cdd7c6bc9482b43040662f03861b3836a964a Mon Sep 17 00:00:00 2001 From: linsui Date: Fri, 18 Nov 2022 11:13:59 +0800 Subject: nixos/firefox: add preferencesStatus, autoConfig ... and nativeMessagingHosts --- nixos/modules/programs/firefox.nix | 64 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index 0d162922f57ae..f108776aa0980 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -5,6 +5,8 @@ with lib; let cfg = config.programs.firefox; + nmh = cfg.nativeMessagingHosts; + policyFormat = pkgs.formats.json { }; organisationInfo = '' @@ -64,10 +66,68 @@ in ${organisationInfo} ''; }; + + preferencesStatus = mkOption { + type = types.enum [ "default" "locked" "user" "clear" ]; + default = "locked"; + description = mdDoc '' + The status of `firefox.preferences`. + + `status` can assume the following values: + - `"default"`: Preferences appear as default. + - `"locked"`: Preferences appear as default and can't be changed. + - `"user"`: Preferences appear as changed. + - `"clear"`: Value has no effect. Resets to factory defaults on each startup. + ''; + }; + + autoConfig = mkOption { + type = types.lines; + default = ""; + description = mdDoc '' + AutoConfig files can be used to set and lock preferences that are not covered + by the policies.json for Mac and Linux. This method can be used to automatically + change user preferences or prevent the end user from modifiying specific + preferences by locking them. More info can be found in https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig. + ''; + }; + + nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) { + browserpass = "Browserpass support"; + bukubrow = "Bukubrow support"; + ff2mpv = "ff2mpv support"; + fxCast = "fx_cast support"; + gsconnect = "GSConnect support"; + jabref = "JabRef support"; + passff = "PassFF support"; + tridactyl = "Tridactyl support"; + ugetIntegrator = "Uget Integrator support"; + }; }; config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [ + (cfg.package.override { + extraPrefs = cfg.autoConfig; + extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [ + ff2mpv + ] ++ optionals nmh.gsconnect [ + gnomeExtensions.gsconnect + ] ++ optionals nmh.jabref [ + jabref + ] ++ optionals nmh.passff [ + passff-host + ]; + }) + ]; + + nixpkgs.config.firefox = { + enableBrowserpass = nmh.browserpass; + enableBukubrow = nmh.bukubrow; + enableTridactylNative = nmh.tridactyl; + enableUgetIntegrator = nmh.ugetIntegrator; + enableFXCastBridge = nmh.fxCast; + }; environment.etc = let @@ -80,7 +140,7 @@ in # Preferences are converted into a policy programs.firefox.policies = mkIf (cfg.preferences != { }) { Preferences = (mapAttrs - (name: value: { Value = value; Status = cfg.preferencesStatus; }) + (_: value: { Value = value; Status = cfg.preferencesStatus; }) cfg.preferences); }; }; -- cgit 1.4.1 From 7370fcf517830810ceab1fcca65ba634dd85827d Mon Sep 17 00:00:00 2001 From: linsui Date: Sat, 19 Nov 2022 17:55:13 +0800 Subject: nixos/firefox: remove firefox-wayland --- nixos/modules/programs/firefox.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index f108776aa0980..dfd912cdf5c11 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -33,8 +33,6 @@ in "firefox-bin" "firefox-devedition-bin" "firefox-esr" - "firefox-esr-wayland" - "firefox-wayland" ]; }; -- cgit 1.4.1 From f8f19f84c6b3d0b2e34c7ba78f46698f9334de50 Mon Sep 17 00:00:00 2001 From: "Andy Chun @noneucat" Date: Wed, 30 Nov 2022 22:18:05 -0800 Subject: nixos/grocy: add a basic smoke test for file uploads --- nixos/tests/grocy.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'nixos') diff --git a/nixos/tests/grocy.nix b/nixos/tests/grocy.nix index fe0ddd341486b..48bbc9f7d3fa2 100644 --- a/nixos/tests/grocy.nix +++ b/nixos/tests/grocy.nix @@ -14,6 +14,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { }; testScript = '' + from base64 import b64encode + from urllib.parse import quote + machine.start() machine.wait_for_open_port(80) machine.wait_for_unit("multi-user.target") @@ -42,6 +45,29 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.succeed("curl -sSI http://localhost/api/tasks 2>&1 | grep '401 Unauthorized'") + file_name = "test.txt" + file_name_base64 = b64encode(file_name.encode('ascii')).decode('ascii') + file_name_base64_urlencode = quote(file_name_base64) + + machine.succeed( + f"echo Sample equipment manual > /tmp/{file_name}" + ) + + machine.succeed( + f"curl -sSf -X 'PUT' -b 'grocy_session={cookie}' " + + f" 'http://localhost/api/files/equipmentmanuals/{file_name_base64_urlencode}' " + + " --header 'Accept: */*' " + + " --header 'Content-Type: application/octet-stream' " + + f" --data-binary '@/tmp/{file_name}' " + ) + + machine.succeed( + f"curl -sSf -X 'GET' -b 'grocy_session={cookie}' " + + f" 'http://localhost/api/files/equipmentmanuals/{file_name_base64_urlencode}' " + + " --header 'Accept: application/octet-stream' " + + f" | cmp /tmp/{file_name}" + ) + machine.shutdown() ''; }) -- cgit 1.4.1 From 6e845a849179d00f748d0e816c85a8384ba92713 Mon Sep 17 00:00:00 2001 From: Sandro Jäckel Date: Thu, 1 Dec 2022 00:13:57 +0100 Subject: nixos/mastodon: replace mastodon-env with a proper wrapper mastodon-tootctl --- .../from_md/release-notes/rl-2305.section.xml | 9 ++++++++ nixos/doc/manual/release-notes/rl-2305.section.md | 2 ++ nixos/modules/services/web-apps/mastodon.nix | 27 ++++++++++++---------- nixos/tests/web-apps/mastodon.nix | 26 ++++++++++----------- 4 files changed, 39 insertions(+), 25 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index c8bd237dbb003..3271f4beb3b94 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -91,6 +91,15 @@ services.opensnitch.rules + + + services.mastodon gained a tootctl wrapped + named mastodon-tootctl similar to + nextcloud-occ which can be executed from + any user and switches to the configured mastodon user with + sudo and sources the environment variables. + + A new virtualisation.rosetta module was diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index c438fdc1aaafd..61402ea5db9c3 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -35,4 +35,6 @@ In addition to numerous new and upgraded packages, this release has the followin - The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules) +- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables. + - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index c3220a03d33ff..fb65700318054 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -92,12 +92,18 @@ let ] else [] ) env)))); - mastodonEnv = pkgs.writeShellScriptBin "mastodon-env" '' + mastodonTootctl = pkgs.writeShellScriptBin "mastodon-tootctl" '' + #! ${pkgs.runtimeShell} set -a export RAILS_ROOT="${cfg.package}" source "${envFile}" source /var/lib/mastodon/.secrets_env - eval -- "\$@" + + sudo=exec + if [[ "$USER" != ${cfg.user} ]]; then + sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env' + fi + $sudo ${cfg.package}/bin/tootctl "$@" ''; in { @@ -133,15 +139,10 @@ in { description = lib.mdDoc '' User under which mastodon runs. If it is set to "mastodon", that user will be created, otherwise it should be set to the - name of a user created elsewhere. In both cases, - `mastodon` and a package containing only - the shell script `mastodon-env` will be added to - the user's package set. To run a command from - `mastodon` such as `tootctl` - with the environment configured by this module use - `mastodon-env`, as in: - - `mastodon-env tootctl accounts create newuser --email newuser@example.com` + name of a user created elsewhere. + In both cases, the `mastodon` package will be added to the user's package set + and a tootctl wrapper to system packages that switches to the configured account + and load the right environment. ''; type = lib.types.str; default = "mastodon"; @@ -485,6 +486,8 @@ in { } ]; + environment.systemPackages = [ mastodonTootctl ]; + systemd.services.mastodon-init-dirs = { script = '' umask 077 @@ -704,7 +707,7 @@ in { inherit (cfg) group; }; }) - (lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package mastodonEnv pkgs.imagemagick ]) + (lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package pkgs.imagemagick ]) ]; users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user; diff --git a/nixos/tests/web-apps/mastodon.nix b/nixos/tests/web-apps/mastodon.nix index d3d53dc319469..f10cb8cdc6771 100644 --- a/nixos/tests/web-apps/mastodon.nix +++ b/nixos/tests/web-apps/mastodon.nix @@ -104,24 +104,24 @@ in # Simple check tootctl commands # Check Mastodon version - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'") + server.succeed("mastodon-tootctl version | grep '${pkgs.mastodon.version}'") # Manage accounts - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks add example.com'") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'example.com'") - server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'mastodon.local'") - server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create alice --email=alice@example.com'") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks remove example.com'") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create bob --email=bob@example.com'") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts approve bob'") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts delete bob'") + server.succeed("mastodon-tootctl email_domain_blocks add example.com") + server.succeed("mastodon-tootctl email_domain_blocks list | grep example.com") + server.fail("mastodon-tootctl email_domain_blocks list | grep mastodon.local") + server.fail("mastodon-tootctl accounts create alice --email=alice@example.com") + server.succeed("mastodon-tootctl email_domain_blocks remove example.com") + server.succeed("mastodon-tootctl accounts create bob --email=bob@example.com") + server.succeed("mastodon-tootctl accounts approve bob") + server.succeed("mastodon-tootctl accounts delete bob") # Manage IP access - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'") - server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '172.16.0.0/16'") + server.succeed("mastodon-tootctl ip_blocks add 192.168.0.0/16 --severity=no_access") + server.succeed("mastodon-tootctl ip_blocks export | grep 192.168.0.0/16") + server.fail("mastodon-tootctl ip_blocks export | grep 172.16.0.0/16") client.fail("curl --fail https://mastodon.local/about") - server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'") + server.succeed("mastodon-tootctl ip_blocks remove 192.168.0.0/16") client.succeed("curl --fail https://mastodon.local/about") server.shutdown() -- cgit 1.4.1 From 3c1906b2023a1824ea78f69ae1fcf36d8ee4da28 Mon Sep 17 00:00:00 2001 From: phaer Date: Sat, 3 Dec 2022 14:58:52 +0100 Subject: initrd-ssh: add ignoreEmptyHostKeys option --- nixos/modules/system/boot/initrd-ssh.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index 673655f20ee84..701d242abc154 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -73,6 +73,15 @@ in ''; }; + ignoreEmptyHostKeys = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Allow leaving {option}`config.boot.initrd.network.ssh` empty, + to deploy ssh host keys out of band. + ''; + }; + authorizedKeys = mkOption { type = types.listOf types.str; default = config.users.users.root.openssh.authorizedKeys.keys; @@ -141,7 +150,7 @@ in } { - assertion = cfg.hostKeys != []; + assertion = (cfg.hostKeys != []) || cfg.ignoreEmptyHostKeys; message = '' You must now pre-generate the host keys for initrd SSH. See the boot.initrd.network.ssh.hostKeys documentation -- cgit 1.4.1 From c3cfa83884d861f249984a2d59dbff458cb381b8 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sat, 3 Dec 2022 16:00:13 +0100 Subject: nixos/lxd: add missing util-linux to $PATH This fixes `lxd init`, which previously failed like this: $ yes "" | lxd init [...] Error: Failed to create storage pool "default": Failed to run: losetup --find --nooverlap --direct-io=on --show /var/lib/lxd/disks/default.img: exec: "losetup": executable file not found in $PATH --- nixos/modules/virtualisation/lxd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index e3eb519b7dddf..c06716e5eb605 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -140,7 +140,8 @@ in { ]; documentation = [ "man:lxd(1)" ]; - path = optional cfg.zfsSupport config.boot.zfs.package; + path = [ pkgs.util-linux ] + ++ optional cfg.zfsSupport config.boot.zfs.package; serviceConfig = { ExecStart = "@${cfg.package}/bin/lxd lxd --group lxd"; -- cgit 1.4.1 From 5d685e0eed043faa6ee397569b58cb5162c4a7dd Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Dec 2022 19:42:50 +0100 Subject: nixos/zigbee2mqtt: Update syscall filter The tests would fail after migrating to `buildNpmPackage`, likely because we are now using nodejs 18. > audit: type=1326 audit(1670092271.655:102): auid=4294967295 uid=317 gid=317 ses=4294967295 subj=kernel pid=995 comm="node" exe="/nix/store/dj805sw07vvpbxx39c8g67x8qddg0ikw-nodejs-18.12.1/bin/node" sig=31 arch=c000003e syscall=330 compat=0 ip=0x7ff8b655f37b code=0x8000000 --- nixos/modules/services/home-automation/zigbee2mqtt.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/home-automation/zigbee2mqtt.nix b/nixos/modules/services/home-automation/zigbee2mqtt.nix index 71f6e7a258404..796de3a491e49 100644 --- a/nixos/modules/services/home-automation/zigbee2mqtt.nix +++ b/nixos/modules/services/home-automation/zigbee2mqtt.nix @@ -119,9 +119,8 @@ in ]; SystemCallArchitectures = "native"; SystemCallFilter = [ - "@system-service" - "~@privileged" - "~@resources" + "@system-service @pkey" + "~@privileged @resources" ]; UMask = "0077"; }; -- cgit 1.4.1 From 3126eb762147bc32c23d7511992157c0ea5bb71c Mon Sep 17 00:00:00 2001 From: Daniel Nagy Date: Sat, 3 Dec 2022 16:15:00 +0100 Subject: nixos/fzf: refactor two options --- nixos/modules/programs/fzf.nix | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/programs/fzf.nix b/nixos/modules/programs/fzf.nix index 0452bf4262276..eda4eacde4ac9 100644 --- a/nixos/modules/programs/fzf.nix +++ b/nixos/modules/programs/fzf.nix @@ -5,18 +5,8 @@ let in { options = { programs.fzf = { - fuzzyCompletion = mkOption { - type = types.bool; - description = lib.mdDoc "Whether to use fzf for fuzzy completion"; - default = false; - example = true; - }; - keybindings = mkOption { - type = types.bool; - description = lib.mdDoc "Whether to set up fzf keybindings"; - default = false; - example = true; - }; + fuzzyCompletion = mkEnableOption (mdDoc "fuzzy completion with fzf"); + keybindings = mkEnableOption (mdDoc "fzf keybindings"); }; }; config = { -- cgit 1.4.1 From ffcd97b521a413eb53b532952be847406a9495ed Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 24 Nov 2022 15:30:14 +0000 Subject: nixos/unifi-poller: rename to unpoller. --- nixos/modules/module-list.nix | 2 +- nixos/modules/services/monitoring/unifi-poller.nix | 318 -------------------- nixos/modules/services/monitoring/unpoller.nix | 322 +++++++++++++++++++++ 3 files changed, 323 insertions(+), 319 deletions(-) delete mode 100644 nixos/modules/services/monitoring/unifi-poller.nix create mode 100644 nixos/modules/services/monitoring/unpoller.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 59d6cf165f180..3d6f1e84ecec0 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -724,7 +724,7 @@ ./services/monitoring/thanos.nix ./services/monitoring/tremor-rs.nix ./services/monitoring/tuptime.nix - ./services/monitoring/unifi-poller.nix + ./services/monitoring/unpoller.nix ./services/monitoring/ups.nix ./services/monitoring/uptime.nix ./services/monitoring/vmagent.nix diff --git a/nixos/modules/services/monitoring/unifi-poller.nix b/nixos/modules/services/monitoring/unifi-poller.nix deleted file mode 100644 index b30e28a3ecc93..0000000000000 --- a/nixos/modules/services/monitoring/unifi-poller.nix +++ /dev/null @@ -1,318 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.unifi-poller; - - configFile = pkgs.writeText "unifi-poller.json" (generators.toJSON {} { - inherit (cfg) poller influxdb loki prometheus unifi; - }); - -in { - options.services.unifi-poller = { - enable = mkEnableOption (lib.mdDoc "unifi-poller"); - - poller = { - debug = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Turns on line numbers, microsecond logging, and a per-device log. - This may be noisy if you have a lot of devices. It adds one line per device. - ''; - }; - quiet = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Turns off per-interval logs. Only startup and error logs will be emitted. - ''; - }; - plugins = mkOption { - type = with types; listOf str; - default = []; - description = lib.mdDoc '' - Load additional plugins. - ''; - }; - }; - - prometheus = { - disable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to disable the prometheus ouput plugin. - ''; - }; - http_listen = mkOption { - type = types.str; - default = "[::]:9130"; - description = lib.mdDoc '' - Bind the prometheus exporter to this IP or hostname. - ''; - }; - report_errors = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to report errors. - ''; - }; - }; - - influxdb = { - disable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to disable the influxdb ouput plugin. - ''; - }; - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8086"; - description = lib.mdDoc '' - URL of the influxdb host. - ''; - }; - user = mkOption { - type = types.str; - default = "unifipoller"; - description = lib.mdDoc '' - Username for the influxdb. - ''; - }; - pass = mkOption { - type = types.path; - default = pkgs.writeText "unifi-poller-influxdb-default.password" "unifipoller"; - defaultText = literalExpression "unifi-poller-influxdb-default.password"; - description = lib.mdDoc '' - Path of a file containing the password for influxdb. - This file needs to be readable by the unifi-poller user. - ''; - apply = v: "file://${v}"; - }; - db = mkOption { - type = types.str; - default = "unifi"; - description = lib.mdDoc '' - Database name. Database should exist. - ''; - }; - verify_ssl = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Verify the influxdb's certificate. - ''; - }; - interval = mkOption { - type = types.str; - default = "30s"; - description = lib.mdDoc '' - Setting this lower than the Unifi controller's refresh - interval may lead to zeroes in your database. - ''; - }; - }; - - loki = { - url = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc '' - URL of the Loki host. - ''; - }; - user = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc '' - Username for Loki. - ''; - }; - pass = mkOption { - type = types.path; - default = pkgs.writeText "unifi-poller-loki-default.password" ""; - defaultText = "unifi-poller-influxdb-default.password"; - description = lib.mdDoc '' - Path of a file containing the password for Loki. - This file needs to be readable by the unifi-poller user. - ''; - apply = v: "file://${v}"; - }; - verify_ssl = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Verify Loki's certificate. - ''; - }; - tenant_id = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc '' - Tenant ID to use in Loki. - ''; - }; - interval = mkOption { - type = types.str; - default = "2m"; - description = lib.mdDoc '' - How often the events are polled and pushed to Loki. - ''; - }; - timeout = mkOption { - type = types.str; - default = "10s"; - description = lib.mdDoc '' - Should be increased in case of timeout errors. - ''; - }; - }; - - unifi = let - controllerOptions = { - user = mkOption { - type = types.str; - default = "unifi"; - description = lib.mdDoc '' - Unifi service user name. - ''; - }; - pass = mkOption { - type = types.path; - default = pkgs.writeText "unifi-poller-unifi-default.password" "unifi"; - defaultText = literalExpression "unifi-poller-unifi-default.password"; - description = lib.mdDoc '' - Path of a file containing the password for the unifi service user. - This file needs to be readable by the unifi-poller user. - ''; - apply = v: "file://${v}"; - }; - url = mkOption { - type = types.str; - default = "https://unifi:8443"; - description = lib.mdDoc '' - URL of the Unifi controller. - ''; - }; - sites = mkOption { - type = with types; either (enum [ "default" "all" ]) (listOf str); - default = "all"; - description = lib.mdDoc '' - List of site names for which statistics should be exported. - Or the string "default" for the default site or the string "all" for all sites. - ''; - apply = toList; - }; - save_ids = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Collect and save data from the intrusion detection system to influxdb and Loki. - ''; - }; - save_events = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Collect and save data from UniFi events to influxdb and Loki. - ''; - }; - save_alarms = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Collect and save data from UniFi alarms to influxdb and Loki. - ''; - }; - save_anomalies = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Collect and save data from UniFi anomalies to influxdb and Loki. - ''; - }; - save_dpi = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Collect and save data from deep packet inspection. - Adds around 150 data points and impacts performance. - ''; - }; - save_sites = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Collect and save site data. - ''; - }; - hash_pii = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Hash, with md5, client names and MAC addresses. This attempts - to protect personally identifiable information. - ''; - }; - verify_ssl = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Verify the Unifi controller's certificate. - ''; - }; - }; - - in { - dynamic = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Let prometheus select which controller to poll when scraping. - Use with default credentials. See unifi-poller wiki for more. - ''; - }; - - defaults = controllerOptions; - - controllers = mkOption { - type = with types; listOf (submodule { options = controllerOptions; }); - default = []; - description = lib.mdDoc '' - List of Unifi controllers to poll. Use defaults if empty. - ''; - apply = map (flip removeAttrs [ "_module" ]); - }; - }; - }; - - config = mkIf cfg.enable { - users.groups.unifi-poller = { }; - users.users.unifi-poller = { - description = "unifi-poller Service User"; - group = "unifi-poller"; - isSystemUser = true; - }; - - systemd.services.unifi-poller = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.unifi-poller}/bin/unifi-poller --config ${configFile}"; - Restart = "always"; - PrivateTmp = true; - ProtectHome = true; - ProtectSystem = "full"; - DevicePolicy = "closed"; - NoNewPrivileges = true; - User = "unifi-poller"; - WorkingDirectory = "/tmp"; - }; - }; - }; -} diff --git a/nixos/modules/services/monitoring/unpoller.nix b/nixos/modules/services/monitoring/unpoller.nix new file mode 100644 index 0000000000000..f0ced5513d64b --- /dev/null +++ b/nixos/modules/services/monitoring/unpoller.nix @@ -0,0 +1,322 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.unpoller; + + configFile = pkgs.writeText "unpoller.json" (generators.toJSON {} { + inherit (cfg) poller influxdb loki prometheus unifi; + }); + +in { + imports = [ + (lib.mkRenamedOptionModule [ "services" "unifi-poller" ] [ "services" "unpoller" ]) + ]; + + options.services.unpoller = { + enable = mkEnableOption (lib.mdDoc "unpoller"); + + poller = { + debug = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Turns on line numbers, microsecond logging, and a per-device log. + This may be noisy if you have a lot of devices. It adds one line per device. + ''; + }; + quiet = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Turns off per-interval logs. Only startup and error logs will be emitted. + ''; + }; + plugins = mkOption { + type = with types; listOf str; + default = []; + description = lib.mdDoc '' + Load additional plugins. + ''; + }; + }; + + prometheus = { + disable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to disable the prometheus ouput plugin. + ''; + }; + http_listen = mkOption { + type = types.str; + default = "[::]:9130"; + description = lib.mdDoc '' + Bind the prometheus exporter to this IP or hostname. + ''; + }; + report_errors = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to report errors. + ''; + }; + }; + + influxdb = { + disable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to disable the influxdb ouput plugin. + ''; + }; + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8086"; + description = lib.mdDoc '' + URL of the influxdb host. + ''; + }; + user = mkOption { + type = types.str; + default = "unifipoller"; + description = lib.mdDoc '' + Username for the influxdb. + ''; + }; + pass = mkOption { + type = types.path; + default = pkgs.writeText "unpoller-influxdb-default.password" "unifipoller"; + defaultText = literalExpression "unpoller-influxdb-default.password"; + description = lib.mdDoc '' + Path of a file containing the password for influxdb. + This file needs to be readable by the unifi-poller user. + ''; + apply = v: "file://${v}"; + }; + db = mkOption { + type = types.str; + default = "unifi"; + description = lib.mdDoc '' + Database name. Database should exist. + ''; + }; + verify_ssl = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Verify the influxdb's certificate. + ''; + }; + interval = mkOption { + type = types.str; + default = "30s"; + description = lib.mdDoc '' + Setting this lower than the Unifi controller's refresh + interval may lead to zeroes in your database. + ''; + }; + }; + + loki = { + url = mkOption { + type = types.str; + default = ""; + description = lib.mdDoc '' + URL of the Loki host. + ''; + }; + user = mkOption { + type = types.str; + default = ""; + description = lib.mdDoc '' + Username for Loki. + ''; + }; + pass = mkOption { + type = types.path; + default = pkgs.writeText "unpoller-loki-default.password" ""; + defaultText = "unpoller-influxdb-default.password"; + description = lib.mdDoc '' + Path of a file containing the password for Loki. + This file needs to be readable by the unifi-poller user. + ''; + apply = v: "file://${v}"; + }; + verify_ssl = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Verify Loki's certificate. + ''; + }; + tenant_id = mkOption { + type = types.str; + default = ""; + description = lib.mdDoc '' + Tenant ID to use in Loki. + ''; + }; + interval = mkOption { + type = types.str; + default = "2m"; + description = lib.mdDoc '' + How often the events are polled and pushed to Loki. + ''; + }; + timeout = mkOption { + type = types.str; + default = "10s"; + description = lib.mdDoc '' + Should be increased in case of timeout errors. + ''; + }; + }; + + unifi = let + controllerOptions = { + user = mkOption { + type = types.str; + default = "unifi"; + description = lib.mdDoc '' + Unifi service user name. + ''; + }; + pass = mkOption { + type = types.path; + default = pkgs.writeText "unpoller-unifi-default.password" "unifi"; + defaultText = literalExpression "unpoller-unifi-default.password"; + description = lib.mdDoc '' + Path of a file containing the password for the unifi service user. + This file needs to be readable by the unifi-poller user. + ''; + apply = v: "file://${v}"; + }; + url = mkOption { + type = types.str; + default = "https://unifi:8443"; + description = lib.mdDoc '' + URL of the Unifi controller. + ''; + }; + sites = mkOption { + type = with types; either (enum [ "default" "all" ]) (listOf str); + default = "all"; + description = lib.mdDoc '' + List of site names for which statistics should be exported. + Or the string "default" for the default site or the string "all" for all sites. + ''; + apply = toList; + }; + save_ids = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Collect and save data from the intrusion detection system to influxdb and Loki. + ''; + }; + save_events = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Collect and save data from UniFi events to influxdb and Loki. + ''; + }; + save_alarms = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Collect and save data from UniFi alarms to influxdb and Loki. + ''; + }; + save_anomalies = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Collect and save data from UniFi anomalies to influxdb and Loki. + ''; + }; + save_dpi = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Collect and save data from deep packet inspection. + Adds around 150 data points and impacts performance. + ''; + }; + save_sites = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Collect and save site data. + ''; + }; + hash_pii = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Hash, with md5, client names and MAC addresses. This attempts + to protect personally identifiable information. + ''; + }; + verify_ssl = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Verify the Unifi controller's certificate. + ''; + }; + }; + + in { + dynamic = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Let prometheus select which controller to poll when scraping. + Use with default credentials. See unifi-poller wiki for more. + ''; + }; + + defaults = controllerOptions; + + controllers = mkOption { + type = with types; listOf (submodule { options = controllerOptions; }); + default = []; + description = lib.mdDoc '' + List of Unifi controllers to poll. Use defaults if empty. + ''; + apply = map (flip removeAttrs [ "_module" ]); + }; + }; + }; + + config = mkIf cfg.enable { + users.groups.unifi-poller = { }; + users.users.unifi-poller = { + description = "unifi-poller Service User"; + group = "unifi-poller"; + isSystemUser = true; + }; + + systemd.services.unifi-poller = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.unpoller}/bin/unpoller --config ${configFile}"; + Restart = "always"; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "full"; + DevicePolicy = "closed"; + NoNewPrivileges = true; + User = "unifi-poller"; + WorkingDirectory = "/tmp"; + }; + }; + }; +} -- cgit 1.4.1 From c7918fed9e51371bf7783a59492683f3533331dd Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 24 Nov 2022 15:30:34 +0000 Subject: nixos/prometheus/unifi-poller: rename to unpoller. --- .../services/monitoring/prometheus/exporters.nix | 11 +++++-- .../prometheus/exporters/unifi-poller.nix | 37 ---------------------- .../monitoring/prometheus/exporters/unpoller.nix | 37 ++++++++++++++++++++++ nixos/tests/prometheus-exporters.nix | 8 ++--- 4 files changed, 49 insertions(+), 44 deletions(-) delete mode 100644 nixos/modules/services/monitoring/prometheus/exporters/unifi-poller.nix create mode 100644 nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 22b78981b2cce..2451f46ba7d75 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -73,7 +73,7 @@ let "tor" "unbound" "unifi" - "unifi-poller" + "unpoller" "v2ray" "varnish" "wireguard" @@ -230,6 +230,10 @@ in options.services.prometheus.exporters = mkOption { type = types.submodule { options = (mkSubModules); + imports = [ + ../../../misc/assertions.nix + (lib.mkRenamedOptionModule [ "unifi-poller" ] [ "unpoller" ]) + ]; }; description = lib.mdDoc "Prometheus exporter configuration"; default = {}; @@ -293,13 +297,14 @@ in Please specify either 'services.prometheus.exporters.sql.configuration' or 'services.prometheus.exporters.sql.configFile' ''; - } ] ++ (flip map (attrNames cfg) (exporter: { + } ] ++ (flip map (attrNames exporterOpts) (exporter: { assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall; message = '' The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless `openFirewall' is set to `true'! ''; - })); + })) ++ config.services.prometheus.exporters.assertions; + warnings = config.services.prometheus.exporters.warnings; }] ++ [(mkIf config.services.minio.enable { services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000"; services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/unifi-poller.nix b/nixos/modules/services/monitoring/prometheus/exporters/unifi-poller.nix deleted file mode 100644 index 35de31df88e6d..0000000000000 --- a/nixos/modules/services/monitoring/prometheus/exporters/unifi-poller.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, options }: - -with lib; - -let - cfg = config.services.prometheus.exporters.unifi-poller; - - configFile = pkgs.writeText "prometheus-unifi-poller-exporter.json" (generators.toJSON {} { - poller = { inherit (cfg.log) debug quiet; }; - unifi = { inherit (cfg) controllers; }; - influxdb.disable = true; - datadog.disable = true; # workaround for https://github.com/unpoller/unpoller/issues/442 - prometheus = { - http_listen = "${cfg.listenAddress}:${toString cfg.port}"; - report_errors = cfg.log.prometheusErrors; - }; - inherit (cfg) loki; - }); - -in { - port = 9130; - - extraOpts = { - inherit (options.services.unifi-poller.unifi) controllers; - inherit (options.services.unifi-poller) loki; - log = { - debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs."); - quiet = mkEnableOption (lib.mdDoc "startup and error logs only."); - prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus."); - }; - }; - - serviceOpts.serviceConfig = { - ExecStart = "${pkgs.unifi-poller}/bin/unpoller --config ${configFile}"; - DynamicUser = false; - }; -} diff --git a/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix b/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix new file mode 100644 index 0000000000000..5cd1e2c65e906 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.unpoller; + + configFile = pkgs.writeText "prometheus-unpoller-exporter.json" (generators.toJSON {} { + poller = { inherit (cfg.log) debug quiet; }; + unifi = { inherit (cfg) controllers; }; + influxdb.disable = true; + datadog.disable = true; # workaround for https://github.com/unpoller/unpoller/issues/442 + prometheus = { + http_listen = "${cfg.listenAddress}:${toString cfg.port}"; + report_errors = cfg.log.prometheusErrors; + }; + inherit (cfg) loki; + }); + +in { + port = 9130; + + extraOpts = { + inherit (options.services.unpoller.unifi) controllers; + inherit (options.services.unpoller) loki; + log = { + debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs."); + quiet = mkEnableOption (lib.mdDoc "startup and error logs only."); + prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus."); + }; + }; + + serviceOpts.serviceConfig = { + ExecStart = "${pkgs.unpoller}/bin/unpoller --config ${configFile}"; + DynamicUser = false; + }; +} diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index d91fc52f1cb45..cdf666378fa37 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -1244,15 +1244,15 @@ let ''; }; - unifi-poller = { - nodeName = "unifi_poller"; + unpoller = { + nodeName = "unpoller"; exporterConfig.enable = true; exporterConfig.controllers = [{ }]; exporterTest = '' - wait_for_unit("prometheus-unifi-poller-exporter.service") + wait_for_unit("prometheus-unpoller-exporter.service") wait_for_open_port(9130) succeed( - "curl -sSf localhost:9130/metrics | grep 'unifipoller_build_info{.\\+} 1'" + "curl -sSf localhost:9130/metrics | grep 'unpoller_build_info{.\\+} 1'" ) ''; }; -- cgit 1.4.1 From 7b7bff387b620b3356095fc62e0e88a69adf761f Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 24 Nov 2022 15:30:57 +0000 Subject: nixos: update release notes for unifi-poller --> unpoller. --- nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 7 +++++++ nixos/doc/manual/release-notes/rl-2305.section.md | 2 ++ 2 files changed, 9 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index e54bec81b2f3f..b43af0758e5e5 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -139,6 +139,13 @@ the Nix store. + + + The unifi-poller package and corresponding + NixOS module have been renamed to unpoller + to match upstream. + + diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 0e5b97c898460..fd58623a68efc 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -44,3 +44,5 @@ In addition to numerous new and upgraded packages, this release has the followin - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. + +- The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream. -- cgit 1.4.1 From a78621f9b02cb5a1a0d671b9f721349a9ad0e558 Mon Sep 17 00:00:00 2001 From: laalsaas Date: Sat, 3 Dec 2022 19:12:04 +0100 Subject: skim: init module --- nixos/modules/module-list.nix | 1 + nixos/modules/programs/skim.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 nixos/modules/programs/skim.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 59d6cf165f180..f3ec76c0e9f79 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -215,6 +215,7 @@ ./programs/screen.nix ./programs/sedutil.nix ./programs/seahorse.nix + ./programs/skim.nix ./programs/slock.nix ./programs/shadow.nix ./programs/spacefm.nix diff --git a/nixos/modules/programs/skim.nix b/nixos/modules/programs/skim.nix new file mode 100644 index 0000000000000..1333cdd30ab23 --- /dev/null +++ b/nixos/modules/programs/skim.nix @@ -0,0 +1,30 @@ +{ pkgs, config, lib, ... }: +let + inherit (lib) mdDoc mkEnableOption mkPackageOption optional optionalString; + cfg = config.programs.skim; +in +{ + options = { + programs.skim = { + fuzzyCompletion = mkEnableOption (mdDoc "fuzzy Completion with skim"); + keybindings = mkEnableOption (mdDoc "skim keybindings"); + package = mkPackageOption pkgs "skim" {}; + }; + }; + + config = { + environment.systemPackages = optional (cfg.keybindings || cfg.fuzzyCompletion) cfg.package; + + programs.bash.interactiveShellInit = optionalString cfg.fuzzyCompletion '' + source ${cfg.package}/share/skim/completion.bash + '' + optionalString cfg.keybindings '' + source ${cfg.package}/share/skim/key-bindings.bash + ''; + + programs.zsh.interactiveShellInit = optionalString cfg.fuzzyCompletion '' + source ${cfg.package}/share/skim/completion.zsh + '' + optionalString cfg.keybindings '' + source ${cfg.package}/share/skim/key-bindings.zsh + ''; + }; +} -- cgit 1.4.1 From 1b6468cfb48712cad1d14deaba959ceaf22a9bb3 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Sat, 3 Dec 2022 10:26:46 +0800 Subject: nixos/lightdm-greeters/slick: Add options for cursor themes These options are newly added in 1.6.0. --- .../display-managers/lightdm-greeters/slick.nix | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix index 00fa8af71dc54..4456374cc569e 100644 --- a/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix +++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix @@ -11,6 +11,7 @@ let theme = cfg.theme.package; icons = cfg.iconTheme.package; font = cfg.font.package; + cursors = cfg.cursorTheme.package; slickGreeterConf = writeText "slick-greeter.conf" '' [Greeter] @@ -18,6 +19,8 @@ let theme-name=${cfg.theme.name} icon-theme-name=${cfg.iconTheme.name} font-name=${cfg.font.name} + cursor-theme-name=${cfg.cursorTheme.name} + cursor-theme-size=${toString cfg.cursorTheme.size} draw-user-backgrounds=${boolToString cfg.draw-user-backgrounds} ${cfg.extraConfig} ''; @@ -84,6 +87,33 @@ in }; }; + cursorTheme = { + package = mkOption { + type = types.package; + default = pkgs.gnome.adwaita-icon-theme; + defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; + description = lib.mdDoc '' + The package path that contains the cursor theme given in the name option. + ''; + }; + + name = mkOption { + type = types.str; + default = "Adwaita"; + description = lib.mdDoc '' + Name of the cursor theme to use for the lightdm-slick-greeter. + ''; + }; + + size = mkOption { + type = types.int; + default = 24; + description = lib.mdDoc '' + Size of the cursor theme to use for the lightdm-slick-greeter. + ''; + }; + }; + draw-user-backgrounds = mkEnableOption (lib.mdDoc "draw user backgrounds"); extraConfig = mkOption { @@ -107,6 +137,7 @@ in }; environment.systemPackages = [ + cursors icons theme ]; -- cgit 1.4.1 From 35763bc43b61e81c6df3ec20a7380cb8278c294a Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Sat, 3 Dec 2022 10:38:55 +0800 Subject: cinnamon.mint-artwork: 1.7.0 -> 1.7.2 Now sets cursor theme and size. --- nixos/modules/services/x11/desktop-managers/cinnamon.nix | 4 ++++ pkgs/desktops/cinnamon/mint-artwork/default.nix | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/desktop-managers/cinnamon.nix b/nixos/modules/services/x11/desktop-managers/cinnamon.nix index 25de29554b1eb..8e6a44428fce1 100644 --- a/nixos/modules/services/x11/desktop-managers/cinnamon.nix +++ b/nixos/modules/services/x11/desktop-managers/cinnamon.nix @@ -74,6 +74,10 @@ in name = mkDefault "Mint-X-Dark"; package = mkDefault pkgs.cinnamon.mint-x-icons; }; + cursorTheme = mkIf (notExcluded pkgs.cinnamon.mint-cursor-themes) { + name = mkDefault "Bibata-Modern-Classic"; + package = mkDefault pkgs.cinnamon.mint-cursor-themes; + }; }; services.xserver.displayManager.sessionCommands = '' if test "$XDG_CURRENT_DESKTOP" = "Cinnamon"; then diff --git a/pkgs/desktops/cinnamon/mint-artwork/default.nix b/pkgs/desktops/cinnamon/mint-artwork/default.nix index 9c59e381f8192..fab1c48578fba 100644 --- a/pkgs/desktops/cinnamon/mint-artwork/default.nix +++ b/pkgs/desktops/cinnamon/mint-artwork/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "mint-artwork"; - version = "1.7.0"; + version = "1.7.2"; src = fetchurl { urls = [ "http://packages.linuxmint.com/pool/main/m/mint-artwork/mint-artwork_${version}.tar.xz" - "https://web.archive.org/web/20221130011545/http://packages.linuxmint.com/pool/main/m/mint-artwork/mint-artwork_${version}.tar.xz" + "https://web.archive.org/web/20221203023403/http://packages.linuxmint.com/pool/main/m/mint-artwork/mint-artwork_${version}.tar.xz" ]; - hash = "sha256-1dBLsN9nTzrqitlwoobYnjh1qKXR6UOaDsTkBMfnX1k="; + hash = "sha256-I8gLWwwuXZkgc5zZ9QVkSarugcNWLFIz2mU1d4QqJRU="; }; nativeBuildInputs = [ -- cgit 1.4.1 From 8f14c05c504b2f674a274341a0203acf02bd98ca Mon Sep 17 00:00:00 2001 From: Alexandre Acebedo Date: Fri, 16 Sep 2022 19:23:46 +0200 Subject: nixos/supergfxctl: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/hardware/supergfxd.nix | 38 +++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 nixos/modules/services/hardware/supergfxd.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3d6f1e84ecec0..765a532407f7e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -477,6 +477,7 @@ ./services/hardware/sane_extra_backends/brscan5.nix ./services/hardware/sane_extra_backends/dsseries.nix ./services/hardware/spacenavd.nix + ./services/hardware/supergfxd.nix ./services/hardware/tcsd.nix ./services/hardware/tlp.nix ./services/hardware/thinkfan.nix diff --git a/nixos/modules/services/hardware/supergfxd.nix b/nixos/modules/services/hardware/supergfxd.nix new file mode 100644 index 0000000000000..abb6bedb98ff3 --- /dev/null +++ b/nixos/modules/services/hardware/supergfxd.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.supergfxd; + ini = pkgs.formats.ini { }; +in +{ + options = { + services.supergfxd = { + enable = lib.mkEnableOption (lib.mdDoc "Enable the supergfxd service"); + + settings = lib.mkOption { + type = lib.types.nullOr ini.type; + default = null; + description = lib.mdDoc '' + The content of /etc/supergfxd.conf. + See https://gitlab.com/asus-linux/supergfxctl/#config-options-etcsupergfxdconf. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ pkgs.supergfxctl ]; + + environment.etc."supergfxd.conf" = lib.mkIf (cfg.settings != null) (ini.generate "supergfxd.conf" cfg.settings); + + services.dbus.enable = true; + + systemd.packages = [ pkgs.supergfxctl ]; + systemd.services.supergfxd.wantedBy = [ "multi-user.target" ]; + + services.dbus.packages = [ pkgs.supergfxctl ]; + services.udev.packages = [ pkgs.supergfxctl ]; + }; + + meta.maintainers = pkgs.supergfxctl.meta.maintainers; +} -- cgit 1.4.1 From 8f7537e34fdaa2d1e0dda57e36a1b93e91449757 Mon Sep 17 00:00:00 2001 From: Alexandre Acebedo Date: Fri, 16 Sep 2022 19:23:46 +0200 Subject: nixos/asusctl: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/hardware/asusd.nix | 114 ++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 nixos/modules/services/hardware/asusd.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 765a532407f7e..f691d74bfd22f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -450,6 +450,7 @@ ./services/hardware/acpid.nix ./services/hardware/actkbd.nix ./services/hardware/argonone.nix + ./services/hardware/asusd.nix ./services/hardware/auto-cpufreq.nix ./services/hardware/bluetooth.nix ./services/hardware/bolt.nix diff --git a/nixos/modules/services/hardware/asusd.nix b/nixos/modules/services/hardware/asusd.nix new file mode 100644 index 0000000000000..f0751c4402516 --- /dev/null +++ b/nixos/modules/services/hardware/asusd.nix @@ -0,0 +1,114 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.asusd; + json = pkgs.formats.json { }; + toml = pkgs.formats.toml { }; +in +{ + options = { + services.asusd = { + enable = lib.mkEnableOption (lib.mdDoc "the asusd service for ASUS ROG laptops"); + + enableUserService = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Activate the asusd-user service. + ''; + }; + + animeConfig = lib.mkOption { + type = json.type; + default = { }; + description = lib.mdDoc '' + The content of /etc/asusd/anime.conf. + See https://asus-linux.org/asusctl/#anime-control. + ''; + }; + + asusdConfig = lib.mkOption { + type = json.type; + default = { }; + description = lib.mdDoc '' + The content of /etc/asusd/asusd.conf. + See https://asus-linux.org/asusctl/. + ''; + }; + + auraConfig = lib.mkOption { + type = json.type; + default = { }; + description = lib.mdDoc '' + The content of /etc/asusd/aura.conf. + See https://asus-linux.org/asusctl/#led-keyboard-control. + ''; + }; + + profileConfig = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = ""; + description = lib.mdDoc '' + The content of /etc/asusd/profile.conf. + See https://asus-linux.org/asusctl/#profiles. + ''; + }; + + ledModesConfig = lib.mkOption { + type = lib.types.nullOr toml.type; + default = null; + description = lib.mdDoc '' + The content of /etc/asusd/asusd-ledmodes.toml. Leave `null` to use default settings. + See https://asus-linux.org/asusctl/#led-keyboard-control. + ''; + }; + + userLedModesConfig = lib.mkOption { + type = lib.types.nullOr toml.type; + default = null; + description = lib.mdDoc '' + The content of /etc/asusd/asusd-user-ledmodes.toml. + See https://asus-linux.org/asusctl/#led-keyboard-control. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ pkgs.asusctl ]; + + environment.etc = + let + maybeConfig = name: cfg: lib.mkIf (cfg != { }) { + source = json.generate name cfg; + mode = "0644"; + }; + in + { + "asusd/anime.conf" = maybeConfig "anime.conf" cfg.animeConfig; + "asusd/asusd.conf" = maybeConfig "asusd.conf" cfg.asusdConfig; + "asusd/aura.conf" = maybeConfig "aura.conf" cfg.auraConfig; + "asusd/profile.conf" = lib.mkIf (cfg.profileConfig != null) { + source = pkgs.writeText "profile.conf" cfg.profileConfig; + mode = "0644"; + }; + "asusd/asusd-ledmodes.toml" = { + source = + if cfg.ledModesConfig == null + then "${pkgs.asusctl}/share/asusd/data/asusd-ledmodes.toml" + else toml.generate "asusd-ledmodes.toml" cfg.ledModesConfig; + mode = "0644"; + }; + }; + + services.dbus.enable = true; + systemd.packages = [ pkgs.asusctl ]; + services.dbus.packages = [ pkgs.asusctl ]; + services.udev.packages = [ pkgs.asusctl ]; + services.supergfxd.enable = true; + + systemd.user.services.asusd-user.enable = cfg.enableUserService; + }; + + meta.maintainers = pkgs.asusctl.meta.maintainers; +} -- cgit 1.4.1 From 0905acf06944ac5b6b38723b7b15963213e34df6 Mon Sep 17 00:00:00 2001 From: Alexandre Acebedo Date: Sat, 3 Dec 2022 17:09:28 +0100 Subject: nixos/rog-control-center: init --- nixos/modules/module-list.nix | 1 + nixos/modules/programs/rog-control-center.nix | 29 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 nixos/modules/programs/rog-control-center.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f691d74bfd22f..f7321904170ae 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -211,6 +211,7 @@ ./programs/plotinus.nix ./programs/proxychains.nix ./programs/qt5ct.nix + ./programs/rog-control-center.nix ./programs/rust-motd.nix ./programs/screen.nix ./programs/sedutil.nix diff --git a/nixos/modules/programs/rog-control-center.nix b/nixos/modules/programs/rog-control-center.nix new file mode 100644 index 0000000000000..4aef5143ac7ff --- /dev/null +++ b/nixos/modules/programs/rog-control-center.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.rog-control-center; +in +{ + options = { + programs.rog-control-center = { + enable = lib.mkEnableOption (lib.mdDoc "the rog-control-center application"); + + autoStart = lib.mkOption { + default = false; + type = lib.types.bool; + description = lib.mdDoc "Whether rog-control-center should be started automatically."; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + pkgs.asusctl + (lib.mkIf cfg.autoStart (pkgs.makeAutostartItem { name = "rog-control-center"; package = pkgs.asusctl; })) + ]; + + services.asusd.enable = true; + }; + + meta.maintainers = pkgs.asusctl.meta.maintainers; +} -- cgit 1.4.1 From 2ae17515e08dd815b8c8cfa5df38893c4ae1ff66 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Fri, 8 Apr 2022 15:06:20 +0200 Subject: nixos/networkd: doc activation of systemd.networkd --- nixos/modules/system/boot/networkd.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 28abf820ec097..5f40ee9c08dc7 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -928,6 +928,8 @@ let type = types.bool; description = lib.mdDoc '' Whether to manage network configuration using {command}`systemd-network`. + + This also enables {option}`systemd.networkd.enable`. ''; }; -- cgit 1.4.1