diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/hardware/video/switcheroo-control.nix | 18 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
-rw-r--r-- | nixos/modules/programs/cdemu.nix | 3 | ||||
-rw-r--r-- | nixos/modules/programs/venus.nix | 173 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/audio/snapserver.nix | 24 | ||||
-rw-r--r-- | nixos/modules/services/hardware/auto-cpufreq.nix | 18 | ||||
-rw-r--r-- | nixos/modules/services/misc/etebase-server.nix | 205 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 3 | ||||
-rw-r--r-- | nixos/modules/system/activation/top-level.nix | 1 | ||||
-rw-r--r-- | nixos/modules/virtualisation/cri-o.nix | 5 | ||||
-rw-r--r-- | nixos/modules/virtualisation/nixos-containers.nix | 55 | ||||
-rw-r--r-- | nixos/tests/containers-custom-pkgs.nix | 50 | ||||
-rw-r--r-- | nixos/tests/snapcast.nix | 7 |
14 files changed, 336 insertions, 230 deletions
diff --git a/nixos/modules/hardware/video/switcheroo-control.nix b/nixos/modules/hardware/video/switcheroo-control.nix new file mode 100644 index 00000000000..199adb2ad8f --- /dev/null +++ b/nixos/modules/hardware/video/switcheroo-control.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + pkg = [ pkgs.switcheroo-control ]; + cfg = config.services.switcherooControl; +in { + options.services.switcherooControl = { + enable = mkEnableOption "switcheroo-control, a D-Bus service to check the availability of dual-GPU"; + }; + + config = mkIf cfg.enable { + services.dbus.packages = pkg; + environment.systemPackages = pkg; + systemd.packages = pkg; + systemd.targets.multi-user.wants = [ "switcheroo-control.service" ]; + }; +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3d9b73a8150..7a656a58e9c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -178,7 +178,6 @@ ./programs/tsm-client.nix ./programs/udevil.nix ./programs/usbtop.nix - ./programs/venus.nix ./programs/vim.nix ./programs/wavemon.nix ./programs/waybar.nix @@ -360,6 +359,7 @@ ./services/games/terraria.nix ./services/hardware/acpid.nix ./services/hardware/actkbd.nix + ./services/hardware/auto-cpufreq.nix ./services/hardware/bluetooth.nix ./services/hardware/bolt.nix ./services/hardware/brltty.nix @@ -457,6 +457,7 @@ ./services/misc/domoticz.nix ./services/misc/errbot.nix ./services/misc/etcd.nix + ./services/misc/etebase-server.nix ./services/misc/ethminer.nix ./services/misc/exhibitor.nix ./services/misc/felix.nix diff --git a/nixos/modules/programs/cdemu.nix b/nixos/modules/programs/cdemu.nix index a59cd93cadf..142e2934240 100644 --- a/nixos/modules/programs/cdemu.nix +++ b/nixos/modules/programs/cdemu.nix @@ -16,18 +16,21 @@ in { ''; }; group = mkOption { + type = types.str; default = "cdrom"; description = '' Group that users must be in to use <command>cdemu</command>. ''; }; gui = mkOption { + type = types.bool; default = true; description = '' Whether to install the <command>cdemu</command> GUI (gCDEmu). ''; }; image-analyzer = mkOption { + type = types.bool; default = true; description = '' Whether to install the image analyzer. diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix deleted file mode 100644 index 58faf38777d..00000000000 --- a/nixos/modules/programs/venus.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.venus; - - configFile = pkgs.writeText "venus.ini" - '' - [Planet] - name = ${cfg.name} - link = ${cfg.link} - owner_name = ${cfg.ownerName} - owner_email = ${cfg.ownerEmail} - output_theme = ${cfg.cacheDirectory}/theme - output_dir = ${cfg.outputDirectory} - cache_directory = ${cfg.cacheDirectory} - items_per_page = ${toString cfg.itemsPerPage} - ${(concatStringsSep "\n\n" - (map ({ name, feedUrl, homepageUrl }: - '' - [${feedUrl}] - name = ${name} - link = ${homepageUrl} - '') cfg.feeds))} - ''; - -in -{ - - options = { - services.venus = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Planet Venus is an awesome ‘river of news’ feed reader. It downloads - news feeds published by web sites and aggregates their content - together into a single combined feed, latest news first. - ''; - }; - - dates = mkOption { - default = "*:0/15"; - type = types.str; - description = '' - Specification (in the format described by - <citerefentry><refentrytitle>systemd.time</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>) of the time at - which the Venus will collect feeds. - ''; - }; - - user = mkOption { - default = "root"; - type = types.str; - description = '' - User for running venus script. - ''; - }; - - group = mkOption { - default = "root"; - type = types.str; - description = '' - Group for running venus script. - ''; - }; - - name = mkOption { - default = "NixOS Planet"; - type = types.str; - description = '' - Your planet's name. - ''; - }; - - link = mkOption { - default = "https://planet.nixos.org"; - type = types.str; - description = '' - Link to the main page. - ''; - }; - - ownerName = mkOption { - default = "Rok Garbas"; - type = types.str; - description = '' - Your name. - ''; - }; - - ownerEmail = mkOption { - default = "some@example.com"; - type = types.str; - description = '' - Your e-mail address. - ''; - }; - - outputTheme = mkOption { - default = "${pkgs.venus}/themes/classic_fancy"; - type = types.path; - description = '' - Directory containing a config.ini file which is merged with this one. - This is typically used to specify templating and bill of material - information. - ''; - }; - - outputDirectory = mkOption { - type = types.path; - description = '' - Directory to place output files. - ''; - }; - - cacheDirectory = mkOption { - default = "/var/cache/venus"; - type = types.path; - description = '' - Where cached feeds are stored. - ''; - }; - - itemsPerPage = mkOption { - default = 15; - type = types.int; - description = '' - How many items to put on each page. - ''; - }; - - feeds = mkOption { - default = []; - example = [ - { - name = "Rok Garbas"; - feedUrl= "http://url/to/rss/feed.xml"; - homepageUrl = "http://garbas.si"; - } - ]; - description = '' - List of feeds. - ''; - }; - - }; - }; - - config = mkIf cfg.enable { - - system.activationScripts.venus = - '' - mkdir -p ${cfg.outputDirectory} - chown ${cfg.user}:${cfg.group} ${cfg.outputDirectory} -R - rm -rf ${cfg.cacheDirectory}/theme - mkdir -p ${cfg.cacheDirectory}/theme - cp -R ${cfg.outputTheme}/* ${cfg.cacheDirectory}/theme - chown ${cfg.user}:${cfg.group} ${cfg.cacheDirectory} -R - ''; - - systemd.services.venus = - { description = "Planet Venus Feed Reader"; - path = [ pkgs.venus ]; - script = "exec venus-planet ${configFile}"; - serviceConfig.User = "${cfg.user}"; - serviceConfig.Group = "${cfg.group}"; - startAt = cfg.dates; - }; - - }; -} diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index c6f705bb2d6..1dd8b48d76b 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -70,6 +70,7 @@ with lib; '') (mkRemovedOptionModule [ "services" "seeks" ] "") + (mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.") # Do NOT add any option renames here, see top of the file ]; diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix index f614f0ba3e1..0acaccfd3ca 100644 --- a/nixos/modules/services/audio/snapserver.nix +++ b/nixos/modules/services/audio/snapserver.nix @@ -198,13 +198,14 @@ in { type = with types; attrsOf (submodule { options = { location = mkOption { - type = types.path; + type = types.oneOf [ types.path types.str ]; description = '' - The location of the pipe. + The location of the pipe, file, Librespot/Airplay/process binary, or a TCP address. + Use an empty string for alsa. ''; }; type = mkOption { - type = types.enum [ "pipe" "file" "process" "spotify" "airplay" ]; + type = types.enum [ "pipe" "librespot" "airplay" "file" "process" "tcp" "alsa" "spotify" ]; default = "pipe"; description = '' The type of input stream. @@ -219,13 +220,21 @@ in { example = literalExample '' # for type == "pipe": { - mode = "listen"; + mode = "create"; }; # for type == "process": { params = "--param1 --param2"; logStderr = "true"; }; + # for type == "tcp": + { + mode = "client"; + } + # for type == "alsa": + { + device = "hw:0,0"; + } ''; }; inherit sampleFormat; @@ -255,6 +264,11 @@ in { config = mkIf cfg.enable { + # https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85 + warnings = filter (w: w != "") (mapAttrsToList (k: v: if v.type == "spotify" then '' + services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead. + '' else "") cfg.streams); + systemd.services.snapserver = { after = [ "network.target" ]; description = "Snapserver"; @@ -272,7 +286,7 @@ in { ProtectKernelTunables = true; ProtectControlGroups = true; ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; RestrictNamespaces = true; RuntimeDirectory = name; StateDirectory = name; diff --git a/nixos/modules/services/hardware/auto-cpufreq.nix b/nixos/modules/services/hardware/auto-cpufreq.nix new file mode 100644 index 00000000000..72c4eccaff7 --- /dev/null +++ b/nixos/modules/services/hardware/auto-cpufreq.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.auto-cpufreq; +in { + options = { + services.auto-cpufreq = { + enable = mkEnableOption "auto-cpufreq daemon"; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.auto-cpufreq ]; + + systemd.packages = [ pkgs.auto-cpufreq ]; + systemd.services.auto-cpufreq.path = with pkgs; [ bash coreutils ]; + }; +} diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix new file mode 100644 index 00000000000..d9d12698d79 --- /dev/null +++ b/nixos/modules/services/misc/etebase-server.nix @@ -0,0 +1,205 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.etebase-server; + + pythonEnv = pkgs.python3.withPackages (ps: with ps; + [ etebase-server daphne ]); + + dbConfig = { + sqlite3 = '' + engine = django.db.backends.sqlite3 + name = ${cfg.dataDir}/db.sqlite3 + ''; + }; + + defaultConfigIni = toString (pkgs.writeText "etebase-server.ini" '' + [global] + debug = false + secret_file = ${if cfg.secretFile != null then cfg.secretFile else ""} + media_root = ${cfg.dataDir}/media + + [allowed_hosts] + allowed_host1 = ${cfg.host} + + [database] + ${dbConfig."${cfg.database.type}"} + ''); + + configIni = if cfg.customIni != null then cfg.customIni else defaultConfigIni; + + defaultUser = "etebase-server"; +in +{ + options = { + services.etebase-server = { + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether to enable the Etebase server. + + Once enabled you need to create an admin user using the + shell command <literal>etebase-server createsuperuser</literal>. + Then you can login and create accounts on your-etebase-server.com/admin + ''; + }; + + secretFile = mkOption { + default = null; + type = with types; nullOr str; + description = '' + The path to a file containing the secret + used as django's SECRET_KEY. + ''; + }; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/etebase-server"; + description = "Directory to store the Etebase server data."; + }; + + port = mkOption { + type = with types; nullOr port; + default = 8001; + description = "Port to listen on."; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall for the server. + ''; + }; + + host = mkOption { + type = types.str; + default = "0.0.0.0"; + example = "localhost"; + description = '' + Host to listen on. + ''; + }; + + unixSocket = mkOption { + type = with types; nullOr str; + default = null; + description = "The path to the socket to bind to."; + example = "/run/etebase-server/etebase-server.sock"; + }; + + database = { + type = mkOption { + type = types.enum [ "sqlite3" ]; + default = "sqlite3"; + description = '' + Database engine to use. + Currently only sqlite3 is supported. + Other options can be configured using <literal>extraConfig</literal>. + ''; + }; + }; + + customIni = mkOption { + type = with types; nullOr str; + default = null; + description = '' + Custom etebase-server.ini. + + See <literal>etebase-src/etebase-server.ini.example</literal> for available options. + + Setting this option overrides the default config which is generated from the options + <literal>secretFile</literal>, <literal>host</literal> and <literal>database</literal>. + ''; + example = literalExample '' + [global] + debug = false + secret_file = /path/to/secret + media_root = /path/to/media + + [allowed_hosts] + allowed_host1 = example.com + + [database] + engine = django.db.backends.sqlite3 + name = db.sqlite3 + ''; + }; + + user = mkOption { + type = types.str; + default = defaultUser; + description = "User under which Etebase server runs."; + }; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = with pkgs; [ + (runCommand "etebase-server" { + buildInputs = [ makeWrapper ]; + } '' + makeWrapper ${pythonEnv}/bin/etebase-server \ + $out/bin/etebase-server \ + --run "cd ${cfg.dataDir}" \ + --prefix ETEBASE_EASY_CONFIG_PATH : "${configIni}" + '') + ]; + + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ]; + + systemd.services.etebase-server = { + description = "An Etebase (EteSync 2.0) server"; + after = [ "network.target" "systemd-tmpfiles-setup.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = cfg.user; + Restart = "always"; + WorkingDirectory = cfg.dataDir; + }; + environment = { + PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}"; + ETEBASE_EASY_CONFIG_PATH="${configIni}"; + }; + preStart = '' + # Auto-migrate on first run or if the package has changed + versionFile="${cfg.dataDir}/src-version" + if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then + ${pythonEnv}/bin/etebase-server migrate + echo ${pkgs.etebase-server} > "$versionFile" + fi + ''; + script = + let + networking = if cfg.unixSocket != null + then "-u ${cfg.unixSocket}" + else "-b 0.0.0.0 -p ${toString cfg.port}"; + in '' + cd "${pythonEnv}/lib/etebase-server"; + ${pythonEnv}/bin/daphne ${networking} \ + etebase_server.asgi:application + ''; + }; + + users = optionalAttrs (cfg.user == defaultUser) { + users.${defaultUser} = { + group = defaultUser; + home = cfg.dataDir; + }; + + groups.${defaultUser} = {}; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; +} diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 1b643bd3260..d50939e701e 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -244,7 +244,8 @@ in { type = types.nullOr types.str; default = null; description = '' - The full path to a file that contains the admin's password. + The full path to a file that contains the admin's password. Must be + readable by user <literal>nextcloud</literal>. ''; }; diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 75eb91f2834..b0f77ca3fb8 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -173,7 +173,6 @@ in }; options.configuration = mkOption { - type = types.attrsOf types.anything; default = {}; description = "Arbitrary NixOS configuration options."; }; diff --git a/nixos/modules/virtualisation/cri-o.nix b/nixos/modules/virtualisation/cri-o.nix index aa416e7990a..8d352e36ef9 100644 --- a/nixos/modules/virtualisation/cri-o.nix +++ b/nixos/modules/virtualisation/cri-o.nix @@ -103,7 +103,10 @@ in cgroup_manager = "systemd" log_level = "${cfg.logLevel}" pinns_path = "${cfg.package}/bin/pinns" - hooks_dir = [] + hooks_dir = [ + ${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable + ''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''} + ] ${optionalString (cfg.runtime != null) '' default_runtime = "${cfg.runtime}" diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index 7bec1b1ff26..f06977f88fc 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -463,21 +463,15 @@ in { config, options, name, ... }: { options = { - config = mkOption { description = '' A specification of the desired configuration of this container, as a NixOS module. ''; - type = let - confPkgs = if config.pkgs == null then pkgs else config.pkgs; - in lib.mkOptionType { + type = lib.mkOptionType { name = "Toplevel NixOS config"; - merge = loc: defs: (import (confPkgs.path + "/nixos/lib/eval-config.nix") { + merge = loc: defs: (import "${toString config.nixpkgs}/nixos/lib/eval-config.nix" { inherit system; - pkgs = confPkgs; - baseModules = import (confPkgs.path + "/nixos/modules/module-list.nix"); - inherit (confPkgs) lib; modules = let extraConfig = { @@ -526,12 +520,18 @@ in ''; }; - pkgs = mkOption { - type = types.nullOr types.attrs; - default = null; - example = literalExample "pkgs"; + nixpkgs = mkOption { + type = types.path; + default = pkgs.path; + defaultText = "pkgs.path"; description = '' - Customise which nixpkgs to use for this container. + A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container. + + To only change the <literal>pkgs</literal> argument used inside the container modules, + set the <literal>nixpkgs.*</literal> options in the container <option>config</option>. + Setting <literal>config.nixpkgs.pkgs = pkgs</literal> speeds up the container evaluation + by reusing the system pkgs, but the <literal>nixpkgs.config</literal> option in the + container config is ignored in this case. ''; }; @@ -672,14 +672,31 @@ in ''; }; + # Removed option. See `checkAssertion` below for the accompanying error message. + pkgs = mkOption { visible = false; }; } // networkOptions; - config = mkMerge - [ - (mkIf options.config.isDefined { - path = config.config.system.build.toplevel; - }) - ]; + config = let + # Throw an error when removed option `pkgs` is used. + # Because this is a submodule we cannot use `mkRemovedOptionModule` or option `assertions`. + optionPath = "containers.${name}.pkgs"; + files = showFiles options.pkgs.files; + checkAssertion = if options.pkgs.isDefined then throw '' + The option definition `${optionPath}' in ${files} no longer has any effect; please remove it. + + Alternatively, you can use the following options: + - containers.${name}.nixpkgs + This sets the nixpkgs (and thereby the modules, pkgs and lib) that + are used for evaluating the container. + + - containers.${name}.config.nixpkgs.pkgs + This only sets the `pkgs` argument used inside the container modules. + '' + else null; + in { + path = builtins.seq checkAssertion + mkIf options.config.isDefined config.config.system.build.toplevel; + }; })); default = {}; diff --git a/nixos/tests/containers-custom-pkgs.nix b/nixos/tests/containers-custom-pkgs.nix index 397a4a905e6..1412c32bfb5 100644 --- a/nixos/tests/containers-custom-pkgs.nix +++ b/nixos/tests/containers-custom-pkgs.nix @@ -1,42 +1,34 @@ -# Test for NixOS' container support. - import ./make-test-python.nix ({ pkgs, lib, ...} : let - customPkgs = pkgs // { - hello = pkgs.hello.overrideAttrs(old: { - name = "custom-hello"; + customPkgs = pkgs.appendOverlays [ (self: super: { + hello = super.hello.overrideAttrs (old: { + name = "custom-hello"; }); - }; + }) ]; in { - name = "containers-hosts"; + name = "containers-custom-pkgs"; meta = with lib.maintainers; { - maintainers = [ adisbladis ]; + maintainers = [ adisbladis earvstedt ]; }; - machine = - { ... }: - { - virtualisation.memorySize = 256; - virtualisation.vlans = []; + machine = { config, ... }: { + assertions = let + helloName = (builtins.head config.containers.test.config.system.extraDependencies).name; + in [ { + assertion = helloName == "custom-hello"; + message = "Unexpected value: ${helloName}"; + } ]; - containers.simple = { - autoStart = true; - pkgs = customPkgs; - config = {pkgs, config, ... }: { - environment.systemPackages = [ - pkgs.hello - ]; - }; + containers.test = { + autoStart = true; + config = { pkgs, config, ... }: { + nixpkgs.pkgs = customPkgs; + system.extraDependencies = [ pkgs.hello ]; }; - }; + }; - testScript = '' - start_all() - machine.wait_for_unit("default.target") - machine.succeed( - "test $(nixos-container run simple -- readlink -f /run/current-system/sw/bin/hello) = ${customPkgs.hello}/bin/hello" - ) - ''; + # This test only consists of evaluating the test machine + testScript = ""; }) diff --git a/nixos/tests/snapcast.nix b/nixos/tests/snapcast.nix index a69b7afe99d..05d08d76cc0 100644 --- a/nixos/tests/snapcast.nix +++ b/nixos/tests/snapcast.nix @@ -4,6 +4,7 @@ let port = 10004; tcpPort = 10005; httpPort = 10080; + tcpStreamPort = 10006; in { name = "snapcast"; meta = with pkgs.lib.maintainers; { @@ -21,11 +22,16 @@ in { mpd = { type = "pipe"; location = "/run/snapserver/mpd"; + query.mode = "create"; }; bluetooth = { type = "pipe"; location = "/run/snapserver/bluetooth"; }; + tcp = { + type = "tcp"; + location = "127.0.0.1:${toString tcpStreamPort}"; + }; }; }; }; @@ -42,6 +48,7 @@ in { server.wait_until_succeeds("ss -ntl | grep -q ${toString port}") server.wait_until_succeeds("ss -ntl | grep -q ${toString tcpPort}") server.wait_until_succeeds("ss -ntl | grep -q ${toString httpPort}") + server.wait_until_succeeds("ss -ntl | grep -q ${toString tcpStreamPort}") with subtest("check that pipes are created"): server.succeed("test -p /run/snapserver/mpd") |