diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/config/networking.nix | 2 | ||||
-rw-r--r-- | nixos/modules/hardware/ksm.nix | 22 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/logging/graylog.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/jackett.nix | 9 | ||||
-rw-r--r-- | nixos/modules/services/misc/lidarr.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/zoneminder.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/loki.nix | 112 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/netdata.nix | 18 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 3 | ||||
-rw-r--r-- | nixos/modules/virtualisation/kvmgt.nix | 12 |
12 files changed, 174 insertions, 13 deletions
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 8b352dad472..eab4e73e19a 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -233,7 +233,7 @@ in oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip}; allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set); in '' - ${allToString cfg.hosts} + ${allToString (filterAttrs (_: v: v != []) cfg.hosts)} ${cfg.extraHosts} ''; diff --git a/nixos/modules/hardware/ksm.nix b/nixos/modules/hardware/ksm.nix index d6ac69b5d65..99d46c25236 100644 --- a/nixos/modules/hardware/ksm.nix +++ b/nixos/modules/hardware/ksm.nix @@ -1,9 +1,24 @@ { config, lib, ... }: -{ - options.hardware.enableKSM = lib.mkEnableOption "Kernel Same-Page Merging"; +with lib; - config = lib.mkIf config.hardware.enableKSM { +let + cfg = config.hardware.ksm; + +in { + options.hardware.ksm = { + enable = mkEnableOption "Kernel Same-Page Merging"; + sleep = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + How many milliseconds ksmd should sleep between scans. + Setting it to <literal>null</literal> uses the kernel's default time. + ''; + }; + }; + + config = mkIf cfg.enable { systemd.services.enable-ksm = { description = "Enable Kernel Same-Page Merging"; wantedBy = [ "multi-user.target" ]; @@ -11,6 +26,7 @@ script = '' if [ -e /sys/kernel/mm/ksm ]; then echo 1 > /sys/kernel/mm/ksm/run + ${optionalString (cfg.sleep != null) ''echo ${toString cfg.sleep} > /sys/kernel/mm/ksm/sleep_millisecs''} fi ''; }; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index c4ee28a9593..1d1995eda25 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -492,6 +492,7 @@ ./services/monitoring/heapster.nix ./services/monitoring/incron.nix ./services/monitoring/kapacitor.nix + ./services/monitoring/loki.nix ./services/monitoring/longview.nix ./services/monitoring/monit.nix ./services/monitoring/munin.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 7fa76dc0c68..1b77a895d71 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -241,6 +241,9 @@ with lib; # binfmt (mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ]) + # KSM + (mkRenamedOptionModule [ "hardware" "enableKSM" ] [ "hardware" "ksm" "enable" ]) + ] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "snmpExporter" "unifiExporter" "varnishExporter" ] diff --git a/nixos/modules/services/logging/graylog.nix b/nixos/modules/services/logging/graylog.nix index ee566825498..c8c4a9ff06d 100644 --- a/nixos/modules/services/logging/graylog.nix +++ b/nixos/modules/services/logging/graylog.nix @@ -108,7 +108,7 @@ in }; extraConfig = mkOption { - type = types.str; + type = types.lines; default = ""; description = "Any other configuration options you might want to add"; }; diff --git a/nixos/modules/services/misc/jackett.nix b/nixos/modules/services/misc/jackett.nix index a07f20e5c24..f2dc6635df9 100644 --- a/nixos/modules/services/misc/jackett.nix +++ b/nixos/modules/services/misc/jackett.nix @@ -34,6 +34,13 @@ in default = "jackett"; description = "Group under which Jackett runs."; }; + + package = mkOption { + type = types.package; + default = pkgs.jackett; + defaultText = "pkgs.jackett"; + description = "Jackett package to use."; + }; }; }; @@ -51,7 +58,7 @@ in Type = "simple"; User = cfg.user; Group = cfg.group; - ExecStart = "${pkgs.jackett}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'"; + ExecStart = "${cfg.package}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'"; Restart = "on-failure"; }; }; diff --git a/nixos/modules/services/misc/lidarr.nix b/nixos/modules/services/misc/lidarr.nix index 4c37bd74f15..40755c16217 100644 --- a/nixos/modules/services/misc/lidarr.nix +++ b/nixos/modules/services/misc/lidarr.nix @@ -68,6 +68,7 @@ in users.users = mkIf (cfg.user == "lidarr") { lidarr = { group = cfg.group; + home = "/var/lib/lidarr"; uid = config.ids.uids.lidarr; }; }; diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index 8d58c2b37c8..cf56ae89b39 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -262,7 +262,7 @@ in { fastcgi_pass ${fcgi.socketType}:${fcgi.socketAddress}; } - location /cache { + location /cache/ { alias /var/cache/${dirName}; } diff --git a/nixos/modules/services/monitoring/loki.nix b/nixos/modules/services/monitoring/loki.nix new file mode 100644 index 00000000000..4d11360d07e --- /dev/null +++ b/nixos/modules/services/monitoring/loki.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) escapeShellArgs literalExample mkEnableOption mkIf mkOption types; + + cfg = config.services.loki; + + prettyJSON = conf: + pkgs.runCommand "loki-config.json" { } '' + echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq 'del(._module)' > $out + ''; + +in { + options.services.loki = { + enable = mkEnableOption "loki"; + + user = mkOption { + type = types.str; + default = "loki"; + description = '' + User under which the Loki service runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "loki"; + description = '' + Group under which the Loki service runs. + ''; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/loki"; + description = '' + Specify the directory for Loki. + ''; + }; + + configuration = mkOption { + type = types.attrs; + default = {}; + description = '' + Specify the configuration for Loki in Nix. + ''; + }; + + configFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Specify a configuration file that Loki should use. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + example = literalExample [ "--server.http-listen-port=3101" ]; + description = '' + Specify a list of additional command line flags, + which get escaped and are then passed to Loki. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [{ + assertion = ( + (cfg.configuration == {} -> cfg.configFile != null) && + (cfg.configFile != null -> cfg.configuration == {}) + ); + message = '' + Please specify either + 'services.loki.configuration' or + 'services.loki.configFile'. + ''; + }]; + + users.groups.${cfg.group} = { }; + users.users.${cfg.user} = { + description = "Loki Service User"; + group = cfg.group; + home = cfg.dataDir; + createHome = true; + isSystemUser = true; + }; + + systemd.services.loki = { + description = "Loki Service Daemon"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = let + conf = if cfg.configFile == null + then prettyJSON cfg.configuration + else cfg.configFile; + in + { + ExecStart = "${pkgs.grafana-loki}/bin/loki --config.file=${conf} ${escapeShellArgs cfg.extraFlags}"; + User = cfg.user; + Restart = "always"; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "full"; + DecvicePolicy = "closed"; + NoNewPrivileges = true; + WorkingDirectory = cfg.dataDir; + }; + }; + }; +} diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index f264b6dd456..f9b7550af23 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -141,11 +141,18 @@ in { path = (with pkgs; [ gawk curl ]) ++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages); serviceConfig = { - User = cfg.user; - Group = cfg.group; Environment="PYTHONPATH=${pkgs.netdata}/libexec/netdata/python.d/python_modules"; - ExecStart = "${pkgs.netdata}/bin/netdata -D -c ${configFile}"; + ExecStart = "${pkgs.netdata}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}"; + ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID"; TimeoutStopSec = 60; + # User and group + User = cfg.user; + Group = cfg.group; + # Runtime directory and mode + RuntimeDirectory = "netdata"; + RuntimeDirectoryMode = "0755"; + # Performance + LimitNOFILE = "30000"; }; }; @@ -165,6 +172,11 @@ in { permissions = "u+rx,g+rx,o-rwx"; }; + security.pam.loginLimits = [ + { domain = "netdata"; type = "soft"; item = "nofile"; value = "10000"; } + { domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; } + ]; + users.users = optional (cfg.user == defaultUser) { name = defaultUser; }; diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 22578b01260..f7f07bad952 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -179,10 +179,9 @@ in requestEncryptionCredentials = mkOption { type = types.bool; - default = config.boot.zfs.enableUnstable; + default = true; description = '' Request encryption keys or passwords for all encrypted datasets on import. - Dataset encryption is only supported in zfsUnstable at the moment. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://). Note that for data pools the encryption key can diff --git a/nixos/modules/virtualisation/kvmgt.nix b/nixos/modules/virtualisation/kvmgt.nix index bfcf51d09c4..289e26e1703 100644 --- a/nixos/modules/virtualisation/kvmgt.nix +++ b/nixos/modules/virtualisation/kvmgt.nix @@ -4,13 +4,16 @@ with lib; let cfg = config.virtualisation.kvmgt; + kernelPackages = config.boot.kernelPackages; + vgpuOptions = { uuid = mkOption { type = types.string; description = "UUID of VGPU device. You can generate one with <package>libossp_uuid</package>."; }; }; + in { options = { virtualisation.kvmgt = { @@ -45,7 +48,13 @@ in { assertion = versionAtLeast kernelPackages.kernel.version "4.16"; message = "KVMGT is not properly supported for kernels older than 4.16"; }; - boot.kernelParams = [ "i915.enable_gvt=1" ]; + + boot.kernelModules = [ "kvmgt" ]; + + boot.extraModprobeConfig = '' + options i915 enable_gvt=1 + ''; + systemd.paths = mapAttrs' (name: value: nameValuePair "kvmgt-${name}" { description = "KVMGT VGPU ${name} path"; @@ -55,6 +64,7 @@ in { }; } ) cfg.vgpus; + systemd.services = mapAttrs' (name: value: nameValuePair "kvmgt-${name}" { description = "KVMGT VGPU ${name}"; |