diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/config/swap.nix | 13 | ||||
-rw-r--r-- | nixos/modules/services/audio/roon-bridge.nix | 74 | ||||
-rw-r--r-- | nixos/modules/services/hardware/auto-cpufreq.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/misc/home-assistant.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/solanum.nix | 12 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 16 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems.nix | 7 |
7 files changed, 128 insertions, 8 deletions
diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix index 59bc9e9d11e..a37b46b8c46 100644 --- a/nixos/modules/config/swap.nix +++ b/nixos/modules/config/swap.nix @@ -114,6 +114,19 @@ let ''; }; + discardPolicy = mkOption { + default = null; + example = "once"; + type = types.nullOr (types.enum ["once" "pages" "both" ]); + description = '' + Specify the discard policy for the swap device. If "once", then the + whole swap space is discarded at swapon invocation. If "pages", + asynchronous discard on freed pages is performed, before returning to + the available pages pool. With "both", both policies are activated. + See swapon(8) for more information. + ''; + }; + deviceName = mkOption { type = types.str; internal = true; diff --git a/nixos/modules/services/audio/roon-bridge.nix b/nixos/modules/services/audio/roon-bridge.nix new file mode 100644 index 00000000000..85273a2039c --- /dev/null +++ b/nixos/modules/services/audio/roon-bridge.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + name = "roon-bridge"; + cfg = config.services.roon-bridge; +in { + options = { + services.roon-bridge = { + enable = mkEnableOption "Roon Bridge"; + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open ports in the firewall for the bridge. + + UDP: 9003 + TCP: 9100 - 9200 + ''; + }; + user = mkOption { + type = types.str; + default = "roon-bridge"; + description = '' + User to run the Roon bridge as. + ''; + }; + group = mkOption { + type = types.str; + default = "roon-bridge"; + description = '' + Group to run the Roon Bridge as. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.roon-bridge = { + after = [ "network.target" ]; + description = "Roon Bridge"; + wantedBy = [ "multi-user.target" ]; + + environment.ROON_DATAROOT = "/var/lib/${name}"; + + serviceConfig = { + ExecStart = "${pkgs.roon-bridge}/start.sh"; + LimitNOFILE = 8192; + User = cfg.user; + Group = cfg.group; + StateDirectory = name; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPortRanges = [ + { from = 9100; to = 9200; } + ]; + allowedUDPPorts = [ 9003 ]; + }; + + + users.groups.${cfg.group} = {}; + users.users.${cfg.user} = + if cfg.user == "roon-bridge" then { + isSystemUser = true; + description = "Roon Bridge user"; + group = cfg.group; + extraGroups = [ "audio" ]; + } + else {}; + }; +} diff --git a/nixos/modules/services/hardware/auto-cpufreq.nix b/nixos/modules/services/hardware/auto-cpufreq.nix index 72c4eccaff7..f846476b30b 100644 --- a/nixos/modules/services/hardware/auto-cpufreq.nix +++ b/nixos/modules/services/hardware/auto-cpufreq.nix @@ -12,7 +12,13 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ pkgs.auto-cpufreq ]; - systemd.packages = [ pkgs.auto-cpufreq ]; - systemd.services.auto-cpufreq.path = with pkgs; [ bash coreutils ]; + systemd = { + packages = [ pkgs.auto-cpufreq ]; + services.auto-cpufreq = { + # Workaround for https://github.com/NixOS/nixpkgs/issues/81138 + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ bash coreutils ]; + }; + }; }; } diff --git a/nixos/modules/services/misc/home-assistant.nix b/nixos/modules/services/misc/home-assistant.nix index 1e33381de24..c8ffead7b1a 100644 --- a/nixos/modules/services/misc/home-assistant.nix +++ b/nixos/modules/services/misc/home-assistant.nix @@ -66,7 +66,9 @@ in { meta.maintainers = teams.home-assistant.members; options.services.home-assistant = { - enable = mkEnableOption "Home Assistant"; + # Running home-assistant on NixOS is considered an installation method that is unsupported by the upstream project. + # https://github.com/home-assistant/architecture/blob/master/adr/0012-define-supported-installation-method.md#decision + enable = mkEnableOption "Home Assistant. Please note that this installation method is unsupported upstream"; configDir = mkOption { default = "/var/lib/hass"; diff --git a/nixos/modules/services/networking/solanum.nix b/nixos/modules/services/networking/solanum.nix index b6496fb8b35..dc066a24549 100644 --- a/nixos/modules/services/networking/solanum.nix +++ b/nixos/modules/services/networking/solanum.nix @@ -2,7 +2,7 @@ let inherit (lib) mkEnableOption mkIf mkOption types; - inherit (pkgs) solanum; + inherit (pkgs) solanum util-linux; cfg = config.services.solanum; configFile = pkgs.writeText "solanum.conf" cfg.config; @@ -78,12 +78,20 @@ in config = mkIf cfg.enable (lib.mkMerge [ { + + environment.etc."solanum/ircd.conf".source = configFile; + systemd.services.solanum = { description = "Solanum IRC daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ + configFile + ]; serviceConfig = { - ExecStart = "${solanum}/bin/solanum -foreground -logfile /dev/stdout -configfile ${configFile} -pidfile /run/solanum/ircd.pid"; + ExecStart = "${solanum}/bin/solanum -foreground -logfile /dev/stdout -configfile /etc/solanum/ircd.conf -pidfile /run/solanum/ircd.pid"; + ExecReload = "${util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; User = "solanum"; StateDirectory = "solanum"; diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 089c7a12afb..227dfe834b2 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -41,6 +41,10 @@ let Warning: If you are using <literal>NixOps</literal> then don't use this option since it will replace the key required for deployment via ssh. ''; + example = [ + "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" + "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" + ]; }; keyFiles = mkOption { @@ -252,7 +256,17 @@ in authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; - description = "Files from which authorized keys are read."; + description = '' + Specify the rules for which files to read on the host. + + This is an advanced option. If you're looking to configure user + keys, you can generally use <xref linkend="opt-users.users._name_.openssh.authorizedKeys.keys"/> + or <xref linkend="opt-users.users._name_.openssh.authorizedKeys.keyFiles"/>. + + These are paths relative to the host root file system or home + directories and they are subject to certain token expansion rules. + See AuthorizedKeysFile in man sshd_config for details. + ''; }; authorizedKeysCommand = mkOption { diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index 2949c82df8f..d274a38a270 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -254,8 +254,11 @@ in skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck; # https://wiki.archlinux.org/index.php/fstab#Filepath_spaces escape = string: builtins.replaceStrings [ " " "\t" ] [ "\\040" "\\011" ] string; - swapOptions = sw: "defaults" - + optionalString (sw.priority != null) ",pri=${toString sw.priority}"; + swapOptions = sw: concatStringsSep "," ( + [ "defaults" ] + ++ optional (sw.priority != null) "pri=${toString sw.priority}" + ++ optional (sw.discardPolicy != null) "discard${optionalString (sw.discardPolicy != "both") "=${toString sw.discardPolicy}"}" + ); in '' # This is a generated file. Do not edit! # |