diff options
| author | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2017-01-05 18:57:45 +0100 |
|---|---|---|
| committer | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2017-01-26 12:57:02 +0100 |
| commit | cc1ebd1db46e9d56feaf06b80ba88a632f8c5774 (patch) | |
| tree | c4e754e05d0fb9bef4ef4fab2d08b7657c02fdc2 /nixos/modules/misc/locate.nix | |
| parent | 114e738e41aa88d63bb86d3c6bf8ff55729d4908 (diff) | |
| download | nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.tar nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.tar.gz nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.tar.bz2 nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.tar.lz nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.tar.xz nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.tar.zst nixpkgs-cc1ebd1db46e9d56feaf06b80ba88a632f8c5774.zip | |
locate: enhance mlocate support
Diffstat (limited to 'nixos/modules/misc/locate.nix')
| -rw-r--r-- | nixos/modules/misc/locate.nix | 80 |
1 files changed, 65 insertions, 15 deletions
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 938c2d4401e..e7fc25fc207 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -4,10 +4,12 @@ with lib; let cfg = config.services.locate; + isMLocate = hasPrefix "mlocate" cfg.locate.name; + isFindutils = hasPrefix "findutils" cfg.locate.name; in { - options.services.locate = { + options.services.locate = with types; { enable = mkOption { - type = types.bool; + type = bool; default = false; description = '' If enabled, NixOS will periodically update the database of @@ -16,7 +18,7 @@ in { }; locate = mkOption { - type = types.package; + type = package; default = pkgs.findutils; defaultText = "pkgs.findutils"; example = "pkgs.mlocate"; @@ -26,7 +28,7 @@ in { }; interval = mkOption { - type = types.str; + type = str; default = "02:15"; example = "hourly"; description = '' @@ -40,7 +42,7 @@ in { }; extraFlags = mkOption { - type = types.listOf types.str; + type = listOf str; default = [ ]; description = '' Extra flags to pass to <command>updatedb</command>. @@ -48,7 +50,7 @@ in { }; output = mkOption { - type = types.path; + type = path; default = "/var/cache/locatedb"; description = '' The database file to build. @@ -56,7 +58,7 @@ in { }; localuser = mkOption { - type = types.nullOr types.str; + type = nullOr str; default = "nobody"; description = '' The user to search non-network directories as, using @@ -64,27 +66,75 @@ in { ''; }; - includeStore = mkOption { - type = types.bool; + pruneFS = mkOption { + type = listOf str; + default = ["afs" "anon_inodefs" "auto" "autofs" "bdev" "binfmt" "binfmt_misc" "cgroup" "cifs" "coda" "configfs" "cramfs" "cpuset" "debugfs" "devfs" "devpts" "devtmpfs" "ecryptfs" "eventpollfs" "exofs" "futexfs" "ftpfs" "fuse" "fusectl" "gfs" "gfs2" "hostfs" "hugetlbfs" "inotifyfs" "iso9660" "jffs2" "lustre" "misc" "mqueue" "ncpfs" "nnpfs" "ocfs" "ocfs2" "pipefs" "proc" "ramfs" "rpc_pipefs" "securityfs" "selinuxfs" "sfs" "shfs" "smbfs" "sockfs" "spufs" "nfs" "NFS" "nfs4" "nfsd" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" "ubifs" "udf" "usbfs" "vboxsf" "vperfctrfs" ]; + description = '' + Which filesystem types to exclude from indexing + ''; + }; + + prunePaths = mkOption { + type = listOf path; + default = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool" "/nix/store"]; + description = '' + Which paths to exclude from indexing + ''; + }; + + pruneNames = mkOption { + type = listOf str; + default = []; + description = '' + Directory components which should exclude paths containing them from indexing + ''; + }; + + pruneBindMounts = mkOption { + type = bool; default = false; description = '' - Whether to include <filename>/nix/store</filename> in the locate database. + Whether not to index bind mounts ''; }; + }; - config = { + config = mkIf cfg.enable { + users.extraGroups = mkIf isMLocate { mlocate = {}; }; + + security.setuidOwners = mkIf isMLocate + [ { group = "mlocate"; + owner = "root"; + permissions = "u+rx,g+x,o+x"; + setgid = true; + setuid = false; + program = "locate"; + } + ]; + + environment.systemPackages = [ cfg.locate ]; + + warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" + ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" + ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; + systemd.services.update-locatedb = { description = "Update Locate Database"; - path = [ pkgs.su ]; + path = mkIf (!isMLocate) [ pkgs.su ]; script = '' - mkdir -m 0755 -p $(dirname ${toString cfg.output}) + install -m ${if isMLocate then "0750" else "0755"} -o root -g ${if isMLocate then "mlocate" else "root"} -d $(dirname ${cfg.output}) exec ${cfg.locate}/bin/updatedb \ ${optionalString (cfg.localuser != null) ''--localuser=${cfg.localuser}''} \ - ${optionalString (!cfg.includeStore) "--prunepaths='/nix/store'"} \ --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ''; + environment = { + PRUNEFS = concatStringsSep " " cfg.pruneFS; + PRUNEPATHS = concatStringsSep " " cfg.prunePaths; + PRUNENAMES = concatStringsSep " " cfg.pruneNames; + PRUNE_BIND_MOUNTS = if cfg.pruneBindMounts then "yes" else "no"; + }; serviceConfig.Nice = 19; serviceConfig.IOSchedulingClass = "idle"; serviceConfig.PrivateTmp = "yes"; @@ -94,7 +144,7 @@ in { serviceConfig.ReadWriteDirectories = dirOf cfg.output; }; - systemd.timers.update-locatedb = mkIf cfg.enable + systemd.timers.update-locatedb = { description = "Update timer for locate database"; partOf = [ "update-locatedb.service" ]; wantedBy = [ "timers.target" ]; |