diff options
Diffstat (limited to 'nixos/modules/services/system')
-rw-r--r-- | nixos/modules/services/system/dbus.nix | 194 | ||||
-rw-r--r-- | nixos/modules/services/system/kerberos.nix | 71 | ||||
-rw-r--r-- | nixos/modules/services/system/nscd.conf | 28 | ||||
-rw-r--r-- | nixos/modules/services/system/nscd.nix | 71 | ||||
-rw-r--r-- | nixos/modules/services/system/uptimed.nix | 68 |
5 files changed, 432 insertions, 0 deletions
diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix new file mode 100644 index 00000000000..eab876be76d --- /dev/null +++ b/nixos/modules/services/system/dbus.nix @@ -0,0 +1,194 @@ +# D-Bus configuration and system bus daemon. + +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.dbus; + + homeDir = "/var/run/dbus"; + + configDir = pkgs.stdenv.mkDerivation { + name = "dbus-conf"; + preferLocalBuild = true; + buildCommand = '' + ensureDir $out + + cp -v ${pkgs.dbus_daemon}/etc/dbus-1/system.conf $out/system.conf + + # !!! Hm, these `sed' calls are rather error-prone... + + # Tell the daemon where the setuid wrapper around + # dbus-daemon-launch-helper lives. + sed -i $out/system.conf \ + -e 's|<servicehelper>.*/libexec/dbus-daemon-launch-helper|<servicehelper>${config.security.wrapperDir}/dbus-daemon-launch-helper|' + + # Add the system-services and system.d directories to the system + # bus search path. + sed -i $out/system.conf \ + -e 's|<standard_system_servicedirs/>|${systemServiceDirs}|' \ + -e 's|<includedir>system.d</includedir>|${systemIncludeDirs}|' + + cp ${pkgs.dbus_daemon}/etc/dbus-1/session.conf $out/session.conf + + # Add the services and session.d directories to the session bus + # search path. + sed -i $out/session.conf \ + -e 's|<standard_session_servicedirs />|${sessionServiceDirs}&|' \ + -e 's|<includedir>session.d</includedir>|${sessionIncludeDirs}|' + ''; # */ + }; + + systemServiceDirs = concatMapStrings + (d: "<servicedir>${d}/share/dbus-1/system-services</servicedir> ") + cfg.packages; + + systemIncludeDirs = concatMapStrings + (d: "<includedir>${d}/etc/dbus-1/system.d</includedir> ") + cfg.packages; + + sessionServiceDirs = concatMapStrings + (d: "<servicedir>${d}/share/dbus-1/services</servicedir> ") + cfg.packages; + + sessionIncludeDirs = concatMapStrings + (d: "<includedir>${d}/etc/dbus-1/session.d</includedir> ") + cfg.packages; + +in + +{ + + ###### interface + + options = { + + services.dbus = { + + enable = mkOption { + default = true; + description = '' + Whether to start the D-Bus message bus daemon, which is + required by many other system services and applications. + ''; + merge = pkgs.lib.mergeEnableOption; + }; + + packages = mkOption { + default = []; + description = '' + Packages whose D-Bus configuration files should be included in + the configuration of the D-Bus system-wide message bus. + Specifically, every file in + <filename><replaceable>pkg</replaceable>/etc/dbus-1/system.d</filename> + is included. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.dbus_daemon pkgs.dbus_tools ]; + + environment.etc = singleton + { source = configDir; + target = "dbus-1"; + }; + + users.extraUsers.messagebus = { + uid = config.ids.uids.messagebus; + description = "D-Bus system message bus daemon user"; + home = homeDir; + group = "messagebus"; + }; + + users.extraGroups.messagebus.gid = config.ids.gids.messagebus; + + # FIXME: these are copied verbatim from the dbus source tree. We + # should install and use the originals. + systemd.units."dbus.socket".text = + '' + [Unit] + Description=D-Bus System Message Bus Socket + + [Socket] + ListenStream=/var/run/dbus/system_bus_socket + ''; + + systemd.units."dbus.service".text = + '' + [Unit] + Description=D-Bus System Message Bus + Requires=dbus.socket + + [Service] + ExecStartPre=${pkgs.dbus_tools}/bin/dbus-uuidgen --ensure + ExecStartPre=-${pkgs.coreutils}/bin/rm -f /var/run/dbus/pid + ExecStart=${pkgs.dbus_daemon}/bin/dbus-daemon --system --address=systemd: --nofork --systemd-activation + ExecReload=${pkgs.dbus_tools}/bin/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig + OOMScoreAdjust=-900 + ''; + + /* + jobs.dbus = + { startOn = "started udev and started syslogd"; + + restartIfChanged = false; + + path = [ pkgs.dbus_daemon pkgs.dbus_tools ]; + + preStart = + '' + mkdir -m 0755 -p ${homeDir} + chown messagebus ${homeDir} + + mkdir -m 0755 -p /var/lib/dbus + dbus-uuidgen --ensure + + rm -f ${homeDir}/pid + ''; + + daemonType = "fork"; + + exec = "dbus-daemon --system"; + + postStop = + '' + # !!! Hack: doesn't belong here. + pid=$(cat /var/run/ConsoleKit/pid || true) + if test -n "$pid"; then + kill $pid || true + rm -f /var/run/ConsoleKit/pid + fi + ''; + }; + */ + + security.setuidOwners = singleton + { program = "dbus-daemon-launch-helper"; + source = "${pkgs.dbus_daemon}/libexec/dbus-daemon-launch-helper"; + owner = "root"; + group = "messagebus"; + setuid = true; + setgid = false; + permissions = "u+rx,g+rx,o-rx"; + }; + + services.dbus.packages = + [ "/nix/var/nix/profiles/default" + config.system.path + ]; + + environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ]; + + }; + +} diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix new file mode 100644 index 00000000000..8fb5debd20e --- /dev/null +++ b/nixos/modules/services/system/kerberos.nix @@ -0,0 +1,71 @@ +{pkgs, config, ...}: + +let + + inherit (pkgs.lib) mkOption mkIf singleton; + + inherit (pkgs) heimdal; + + stateDir = "/var/heimdal"; +in + +{ + + ###### interface + + options = { + + services.kerberos_server = { + + enable = mkOption { + default = false; + description = '' + Enable the kerberos authentification server. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.kerberos_server.enable { + + environment.systemPackages = [ heimdal ]; + + services.xinetd.enable = true; + services.xinetd.services = pkgs.lib.singleton + { name = "kerberos-adm"; + flags = "REUSE NAMEINARGS"; + protocol = "tcp"; + user = "root"; + server = "${pkgs.tcp_wrappers}/sbin/tcpd"; + serverArgs = "${pkgs.heimdal}/sbin/kadmind"; + }; + + jobs.kdc = + { description = "Kerberos Domain Controller daemon"; + + startOn = "ip-up"; + + preStart = + '' + mkdir -m 0755 -p ${stateDir} + ''; + + exec = "${heimdal}/sbin/kdc"; + + }; + + jobs.kpasswdd = + { description = "Kerberos Domain Controller daemon"; + + startOn = "ip-up"; + + exec = "${heimdal}/sbin/kpasswdd"; + }; + }; + +} diff --git a/nixos/modules/services/system/nscd.conf b/nixos/modules/services/system/nscd.conf new file mode 100644 index 00000000000..6d0dcacf977 --- /dev/null +++ b/nixos/modules/services/system/nscd.conf @@ -0,0 +1,28 @@ +server-user nscd +threads 1 +paranoia no +debug-level 0 + +enable-cache passwd yes +positive-time-to-live passwd 600 +negative-time-to-live passwd 20 +suggested-size passwd 211 +check-files passwd yes +persistent passwd no +shared passwd yes + +enable-cache group yes +positive-time-to-live group 3600 +negative-time-to-live group 60 +suggested-size group 211 +check-files group yes +persistent group no +shared group yes + +enable-cache hosts yes +positive-time-to-live hosts 600 +negative-time-to-live hosts 5 +suggested-size hosts 211 +check-files hosts yes +persistent hosts no +shared hosts yes diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix new file mode 100644 index 00000000000..e8534b12043 --- /dev/null +++ b/nixos/modules/services/system/nscd.nix @@ -0,0 +1,71 @@ +{pkgs, config, ...}: + +with pkgs.lib; + +let + + nssModulesPath = config.system.nssModules.path; + + inherit (pkgs.lib) singleton; + +in + +{ + + ###### interface + + options = { + + services.nscd = { + + enable = mkOption { + default = true; + description = "Whether to enable the Name Service Cache Daemon."; + }; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.nscd.enable { + + users.extraUsers = singleton + { name = "nscd"; + uid = config.ids.uids.nscd; + description = "Name service cache daemon user"; + }; + + systemd.services.nscd = + { description = "Name Service Cache Daemon"; + + wantedBy = [ "nss-lookup.target" "nss-user-lookup.target" ]; + + environment = { LD_LIBRARY_PATH = nssModulesPath; }; + + preStart = + '' + mkdir -m 0755 -p /run/nscd + rm -f /run/nscd/nscd.pid + mkdir -m 0755 -p /var/db/nscd + ''; + + restartTriggers = [ config.environment.etc.hosts.source ]; + + serviceConfig = + { ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${./nscd.conf}"; + Type = "forking"; + PIDFile = "/run/nscd/nscd.pid"; + Restart = "always"; + ExecReload = + [ "${pkgs.glibc}/sbin/nscd --invalidate passwd" + "${pkgs.glibc}/sbin/nscd --invalidate group" + "${pkgs.glibc}/sbin/nscd --invalidate hosts" + ]; + }; + }; + + }; +} diff --git a/nixos/modules/services/system/uptimed.nix b/nixos/modules/services/system/uptimed.nix new file mode 100644 index 00000000000..61eecd5c9ba --- /dev/null +++ b/nixos/modules/services/system/uptimed.nix @@ -0,0 +1,68 @@ +{pkgs, config, ...}: + +let + + inherit (pkgs.lib) mkOption mkIf singleton; + + inherit (pkgs) uptimed; + + stateDir = "/var/spool/uptimed"; + + uptimedUser = "uptimed"; + +in + +{ + + ###### interface + + options = { + + services.uptimed = { + + enable = mkOption { + default = false; + description = '' + Uptimed allows you to track your highest uptimes. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.uptimed.enable { + + environment.systemPackages = [ uptimed ]; + + users.extraUsers = singleton + { name = uptimedUser; + uid = config.ids.uids.uptimed; + description = "Uptimed daemon user"; + home = stateDir; + }; + + jobs.uptimed = + { description = "Uptimed daemon"; + + startOn = "startup"; + + preStart = + '' + mkdir -m 0755 -p ${stateDir} + chown ${uptimedUser} ${stateDir} + + if ! test -f ${stateDir}/bootid ; then + ${uptimed}/sbin/uptimed -b + fi + ''; + + exec = "${uptimed}/sbin/uptimed"; + }; + + }; + +} |