diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-12-29 00:03:11 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-29 00:03:11 +0000 |
commit | 351a07ba79784add89471449a728c33241df8d26 (patch) | |
tree | af53f890550284128ed21508bc2a2ae0a855fcb3 /nixos/modules | |
parent | cca1d7bc1c8684108599ba3800dc0ae4617e62a2 (diff) | |
parent | 2b02f05ba28cc2817b7f54b262ef608dd7a27836 (diff) | |
download | nixpkgs-351a07ba79784add89471449a728c33241df8d26.tar nixpkgs-351a07ba79784add89471449a728c33241df8d26.tar.gz nixpkgs-351a07ba79784add89471449a728c33241df8d26.tar.bz2 nixpkgs-351a07ba79784add89471449a728c33241df8d26.tar.lz nixpkgs-351a07ba79784add89471449a728c33241df8d26.tar.xz nixpkgs-351a07ba79784add89471449a728c33241df8d26.tar.zst nixpkgs-351a07ba79784add89471449a728c33241df8d26.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/mail/exim.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/tinc.nix | 169 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/hedgedoc.nix | 26 | ||||
-rw-r--r-- | nixos/modules/system/boot/binfmt.nix | 16 |
4 files changed, 112 insertions, 104 deletions
diff --git a/nixos/modules/services/mail/exim.nix b/nixos/modules/services/mail/exim.nix index cd0da4fc509..a9504acee35 100644 --- a/nixos/modules/services/mail/exim.nix +++ b/nixos/modules/services/mail/exim.nix @@ -116,8 +116,9 @@ in wantedBy = [ "multi-user.target" ]; restartTriggers = [ config.environment.etc."exim.conf".source ]; serviceConfig = { - ExecStart = "${cfg.package}/bin/exim -bdf -q${cfg.queueRunnerInterval}"; - ExecReload = "${coreutils}/bin/kill -HUP $MAINPID"; + ExecStart = "+${cfg.package}/bin/exim -bdf -q${cfg.queueRunnerInterval}"; + ExecReload = "+${coreutils}/bin/kill -HUP $MAINPID"; + User = cfg.user; }; preStart = '' if ! test -d ${cfg.spoolDir}; then diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index 09b23a60a4a..7db83e6a584 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -349,91 +349,94 @@ in ###### implementation - config = mkIf (cfg.networks != { }) { - - environment.etc = foldr (a: b: a // b) { } - (flip mapAttrsToList cfg.networks (network: data: - flip mapAttrs' data.hosts (host: text: nameValuePair - ("tinc/${network}/hosts/${host}") - ({ mode = "0644"; user = "tinc.${network}"; inherit text; }) - ) // { - "tinc/${network}/tinc.conf" = { - mode = "0444"; - text = '' - ${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)} - ${data.extraConfig} - ''; + config = mkIf (cfg.networks != { }) ( + let + etcConfig = foldr (a: b: a // b) { } + (flip mapAttrsToList cfg.networks (network: data: + flip mapAttrs' data.hosts (host: text: nameValuePair + ("tinc/${network}/hosts/${host}") + ({ mode = "0644"; user = "tinc.${network}"; inherit text; }) + ) // { + "tinc/${network}/tinc.conf" = { + mode = "0444"; + text = '' + ${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)} + ${data.extraConfig} + ''; + }; + } + )); + in { + environment.etc = etcConfig; + + systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair + ("tinc.${network}") + (let version = getVersion data.package; in { + description = "Tinc Daemon - ${network}"; + wantedBy = [ "multi-user.target" ]; + path = [ data.package ]; + reloadTriggers = mkIf (versionAtLeast version "1.1pre") [ (builtins.toJSON etcConfig) ]; + restartTriggers = mkIf (versionOlder version "1.1pre") [ (builtins.toJSON etcConfig) ]; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "3"; + ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload"; + ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; }; - } - )); - - systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair - ("tinc.${network}") - ({ - description = "Tinc Daemon - ${network}"; - wantedBy = [ "multi-user.target" ]; - path = [ data.package ]; - restartTriggers = [ config.environment.etc."tinc/${network}/tinc.conf".source ]; - serviceConfig = { - Type = "simple"; - Restart = "always"; - RestartSec = "3"; - ExecReload = mkIf (versionAtLeast (getVersion data.package) "1.1pre") "${data.package}/bin/tinc -n ${network} reload"; - ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; + preStart = '' + mkdir -p /etc/tinc/${network}/hosts + chown tinc.${network} /etc/tinc/${network}/hosts + mkdir -p /etc/tinc/${network}/invitations + chown tinc.${network} /etc/tinc/${network}/invitations + + # Determine how we should generate our keys + if type tinc >/dev/null 2>&1; then + # Tinc 1.1+ uses the tinc helper application for key generation + ${if data.ed25519PrivateKeyFile != null then " # ed25519 Keyfile managed by nix" else '' + # Prefer ED25519 keys (only in 1.1+) + [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys + ''} + ${if data.rsaPrivateKeyFile != null then " # RSA Keyfile managed by nix" else '' + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 + ''} + # In case there isn't anything to do + true + else + # Tinc 1.0 uses the tincd application + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 + fi + ''; + }) + ); + + environment.systemPackages = let + cli-wrappers = pkgs.stdenv.mkDerivation { + name = "tinc-cli-wrappers"; + nativeBuildInputs = [ pkgs.makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + ${concatStringsSep "\n" (mapAttrsToList (network: data: + optionalString (versionAtLeast data.package.version "1.1pre") '' + makeWrapper ${data.package}/bin/tinc "$out/bin/tinc.${network}" \ + --add-flags "--pidfile=/run/tinc.${network}.pid" \ + --add-flags "--config=/etc/tinc/${network}" + '') cfg.networks)} + ''; }; - preStart = '' - mkdir -p /etc/tinc/${network}/hosts - chown tinc.${network} /etc/tinc/${network}/hosts - mkdir -p /etc/tinc/${network}/invitations - chown tinc.${network} /etc/tinc/${network}/invitations - - # Determine how we should generate our keys - if type tinc >/dev/null 2>&1; then - # Tinc 1.1+ uses the tinc helper application for key generation - ${if data.ed25519PrivateKeyFile != null then " # ed25519 Keyfile managed by nix" else '' - # Prefer ED25519 keys (only in 1.1+) - [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys - ''} - ${if data.rsaPrivateKeyFile != null then " # RSA Keyfile managed by nix" else '' - [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 - ''} - # In case there isn't anything to do - true - else - # Tinc 1.0 uses the tincd application - [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 - fi - ''; - }) - ); - - environment.systemPackages = let - cli-wrappers = pkgs.stdenv.mkDerivation { - name = "tinc-cli-wrappers"; - nativeBuildInputs = [ pkgs.makeWrapper ]; - buildCommand = '' - mkdir -p $out/bin - ${concatStringsSep "\n" (mapAttrsToList (network: data: - optionalString (versionAtLeast data.package.version "1.1pre") '' - makeWrapper ${data.package}/bin/tinc "$out/bin/tinc.${network}" \ - --add-flags "--pidfile=/run/tinc.${network}.pid" \ - --add-flags "--config=/etc/tinc/${network}" - '') cfg.networks)} - ''; - }; - in [ cli-wrappers ]; - - users.users = flip mapAttrs' cfg.networks (network: _: - nameValuePair ("tinc.${network}") ({ - description = "Tinc daemon user for ${network}"; - isSystemUser = true; - group = "tinc.${network}"; - }) - ); - users.groups = flip mapAttrs' cfg.networks (network: _: - nameValuePair "tinc.${network}" {} - ); - }; + in [ cli-wrappers ]; + + users.users = flip mapAttrs' cfg.networks (network: _: + nameValuePair ("tinc.${network}") ({ + description = "Tinc daemon user for ${network}"; + isSystemUser = true; + group = "tinc.${network}"; + }) + ); + users.groups = flip mapAttrs' cfg.networks (network: _: + nameValuePair "tinc.${network}" {} + ); + }); meta.maintainers = with maintainers; [ minijackson mic92 ]; } diff --git a/nixos/modules/services/web-apps/hedgedoc.nix b/nixos/modules/services/web-apps/hedgedoc.nix index a623e45691d..90ca3002c59 100644 --- a/nixos/modules/services/web-apps/hedgedoc.nix +++ b/nixos/modules/services/web-apps/hedgedoc.nix @@ -291,7 +291,8 @@ in }; defaultNotePath = mkOption { type = types.nullOr types.str; - default = "./public/default.md"; + default = "${cfg.package}/public/default.md"; + defaultText = literalExpression "\"\${cfg.package}/public/default.md\""; description = lib.mdDoc '' Path to the default Note file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -299,7 +300,8 @@ in }; docsPath = mkOption { type = types.nullOr types.str; - default = "./public/docs"; + default = "${cfg.package}/public/docs"; + defaultText = literalExpression "\"\${cfg.package}/public/docs\""; description = lib.mdDoc '' Path to the docs directory. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -307,7 +309,8 @@ in }; indexPath = mkOption { type = types.nullOr types.str; - default = "./public/views/index.ejs"; + default = "${cfg.package}/public/views/index.ejs"; + defaultText = literalExpression "\"\${cfg.package}/public/views/index.ejs\""; description = lib.mdDoc '' Path to the index template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -315,7 +318,8 @@ in }; hackmdPath = mkOption { type = types.nullOr types.str; - default = "./public/views/hackmd.ejs"; + default = "${cfg.package}/public/views/hackmd.ejs"; + defaultText = literalExpression "\"\${cfg.package}/public/views/hackmd.ejs\""; description = lib.mdDoc '' Path to the hackmd template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -323,8 +327,8 @@ in }; errorPath = mkOption { type = types.nullOr types.str; - default = null; - defaultText = literalExpression "./public/views/error.ejs"; + default = "${cfg.package}/public/views/error.ejs"; + defaultText = literalExpression "\"\${cfg.package}/public/views/error.ejs\""; description = lib.mdDoc '' Path to the error template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -332,8 +336,8 @@ in }; prettyPath = mkOption { type = types.nullOr types.str; - default = null; - defaultText = literalExpression "./public/views/pretty.ejs"; + default = "${cfg.package}/public/views/pretty.ejs"; + defaultText = literalExpression "\"\${cfg.package}/public/views/pretty.ejs\""; description = lib.mdDoc '' Path to the pretty template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -341,8 +345,8 @@ in }; slidePath = mkOption { type = types.nullOr types.str; - default = null; - defaultText = literalExpression "./public/views/slide.hbs"; + default = "${cfg.package}/public/views/slide.hbs"; + defaultText = literalExpression "\"\${cfg.package}/public/views/slide.hbs\""; description = lib.mdDoc '' Path to the slide template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -351,7 +355,7 @@ in uploadsPath = mkOption { type = types.str; default = "${cfg.workDir}/uploads"; - defaultText = literalExpression "/var/lib/${name}/uploads"; + defaultText = literalExpression "\"\${cfg.workDir}/uploads\""; description = lib.mdDoc '' Path under which uploaded files are saved. ''; diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix index 87e66f73be0..7f817e5d350 100644 --- a/nixos/modules/system/boot/binfmt.nix +++ b/nixos/modules/system/boot/binfmt.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkOption types optionalString stringAfter; + inherit (lib) mkOption mkDefault types optionalString stringAfter; cfg = config.boot.binfmt; @@ -281,7 +281,7 @@ in { config = { boot.binfmt.registrations = builtins.listToAttrs (map (system: { name = system; - value = let + value = { config, ... }: let interpreter = getEmulator system; qemuArch = getQemuArch system; @@ -292,13 +292,13 @@ in { in if preserveArgvZero then "${wrapper}/bin/${wrapperName}" else interpreter; - in { - inherit preserveArgvZero; + in ({ + preserveArgvZero = mkDefault preserveArgvZero; - interpreter = interpreterReg; - wrapInterpreterInShell = !preserveArgvZero; - interpreterSandboxPath = dirOf (dirOf interpreterReg); - } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}")); + interpreter = mkDefault interpreterReg; + wrapInterpreterInShell = mkDefault (!config.preserveArgvZero); + interpreterSandboxPath = mkDefault (dirOf (dirOf config.interpreter)); + } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"))); }) cfg.emulatedSystems); nix.settings = lib.mkIf (cfg.emulatedSystems != []) { extra-platforms = cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux"; |