diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/databases/victoriametrics.nix | 70 | ||||
| -rw-r--r-- | nixos/modules/services/misc/freeswitch.nix | 103 | ||||
| -rw-r--r-- | nixos/modules/services/security/bitwarden_rs/default.nix | 44 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/lxd.nix | 44 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/freeswitch.nix | 29 | ||||
| -rw-r--r-- | nixos/tests/victoriametrics.nix | 31 |
8 files changed, 304 insertions, 21 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9957fdbb5c4..b6b41f6a169 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -281,6 +281,7 @@ ./services/databases/riak.nix ./services/databases/riak-cs.nix ./services/databases/stanchion.nix + ./services/databases/victoriametrics.nix ./services/databases/virtuoso.nix ./services/desktops/accountsservice.nix ./services/desktops/bamf.nix @@ -427,6 +428,7 @@ ./services/misc/exhibitor.nix ./services/misc/felix.nix ./services/misc/folding-at-home.nix + ./services/misc/freeswitch.nix ./services/misc/fstrim.nix ./services/misc/gammu-smsd.nix ./services/misc/geoip-updater.nix diff --git a/nixos/modules/services/databases/victoriametrics.nix b/nixos/modules/services/databases/victoriametrics.nix new file mode 100644 index 00000000000..cb6bf8508fb --- /dev/null +++ b/nixos/modules/services/databases/victoriametrics.nix @@ -0,0 +1,70 @@ +{ config, pkgs, lib, ... }: +let cfg = config.services.victoriametrics; in +{ + options.services.victoriametrics = with lib; { + enable = mkEnableOption "victoriametrics"; + package = mkOption { + type = types.package; + default = pkgs.victoriametrics; + defaultText = "pkgs.victoriametrics"; + description = '' + The VictoriaMetrics distribution to use. + ''; + }; + listenAddress = mkOption { + default = ":8428"; + type = types.str; + description = '' + The listen address for the http interface. + ''; + }; + retentionPeriod = mkOption { + type = types.int; + default = 1; + description = '' + Retention period in months. + ''; + }; + extraOptions = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra options to pass to VictoriaMetrics. See the README: <link + xlink:href="https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/README.md" /> + or <command>victoriametrics -help</command> for more + information. + ''; + }; + }; + config = lib.mkIf cfg.enable { + systemd.services.victoriametrics = { + description = "VictoriaMetrics time series database"; + after = [ "network.target" ]; + serviceConfig = { + Restart = "on-failure"; + RestartSec = 1; + StartLimitBurst = 5; + StateDirectory = "victoriametrics"; + DynamicUser = true; + ExecStart = '' + ${cfg.package}/bin/victoria-metrics \ + -storageDataPath=/var/lib/victoriametrics \ + -httpListenAddr ${cfg.listenAddress} + -retentionPeriod ${toString cfg.retentionPeriod} + ${lib.escapeShellArgs cfg.extraOptions} + ''; + }; + wantedBy = [ "multi-user.target" ]; + + postStart = + let + bindAddr = (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress; + in + lib.mkBefore '' + until ${lib.getBin pkgs.curl}/bin/curl -s -o /dev/null http://${bindAddr}/ping; do + sleep 1; + done + ''; + }; + }; +} diff --git a/nixos/modules/services/misc/freeswitch.nix b/nixos/modules/services/misc/freeswitch.nix new file mode 100644 index 00000000000..0de5ba42811 --- /dev/null +++ b/nixos/modules/services/misc/freeswitch.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ...}: +with lib; +let + cfg = config.services.freeswitch; + pkg = cfg.package; + configDirectory = pkgs.runCommand "freeswitch-config-d" { } '' + mkdir -p $out + cp -rT ${cfg.configTemplate} $out + chmod -R +w $out + ${concatStringsSep "\n" (mapAttrsToList (fileName: filePath: '' + mkdir -p $out/$(dirname ${fileName}) + cp ${filePath} $out/${fileName} + '') cfg.configDir)} + ''; + configPath = if cfg.enableReload + then "/etc/freeswitch" + else configDirectory; +in { + options = { + services.freeswitch = { + enable = mkEnableOption "FreeSWITCH"; + enableReload = mkOption { + default = false; + type = types.bool; + description = '' + Issue the <literal>reloadxml</literal> command to FreeSWITCH when configuration directory changes (instead of restart). + See <link xlink:href="https://freeswitch.org/confluence/display/FREESWITCH/Reloading">FreeSWITCH documentation</link> for more info. + The configuration directory is exposed at <filename>/etc/freeswitch</filename>. + See also <literal>systemd.services.*.restartIfChanged</literal>. + ''; + }; + configTemplate = mkOption { + type = types.path; + default = "${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"; + defaultText = literalExample "\${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"; + example = literalExample "\${config.services.freeswitch.package}/share/freeswitch/conf/minimal"; + description = '' + Configuration template to use. + See available templates in <link xlink:href="https://github.com/signalwire/freeswitch/tree/master/conf">FreeSWITCH repository</link>. + You can also set your own configuration directory. + ''; + }; + configDir = mkOption { + type = with types; attrsOf path; + default = { }; + example = literalExample '' + { + "freeswitch.xml" = ./freeswitch.xml; + "dialplan/default.xml" = pkgs.writeText "dialplan-default.xml" ''' + [xml lines] + '''; + } + ''; + description = '' + Override file in FreeSWITCH config template directory. + Each top-level attribute denotes a file path in the configuration directory, its value is the file path. + See <link xlink:href="https://freeswitch.org/confluence/display/FREESWITCH/Default+Configuration">FreeSWITCH documentation</link> for more info. + Also check available templates in <link xlink:href="https://github.com/signalwire/freeswitch/tree/master/conf">FreeSWITCH repository</link>. + ''; + }; + package = mkOption { + type = types.package; + default = pkgs.freeswitch; + defaultText = literalExample "pkgs.freeswitch"; + example = literalExample "pkgs.freeswitch"; + description = '' + FreeSWITCH package. + ''; + }; + }; + }; + config = mkIf cfg.enable { + environment.etc.freeswitch = mkIf cfg.enableReload { + source = configDirectory; + }; + systemd.services.freeswitch-config-reload = mkIf cfg.enableReload { + before = [ "freeswitch.service" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ configDirectory ]; + serviceConfig = { + ExecStart = "${pkgs.systemd}/bin/systemctl try-reload-or-restart freeswitch.service"; + RemainAfterExit = true; + Type = "oneshot"; + }; + }; + systemd.services.freeswitch = { + description = "Free and open-source application server for real-time communication"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + StateDirectory = "freeswitch"; + ExecStart = "${pkg}/bin/freeswitch -nf \\ + -mod ${pkg}/lib/freeswitch/mod \\ + -conf ${configPath} \\ + -base /var/lib/freeswitch"; + ExecReload = "${pkg}/bin/fs_cli -x reloadxml"; + Restart = "always"; + RestartSec = "5s"; + }; + }; + }; +} diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix index d1817db0755..a63be0ee766 100644 --- a/nixos/modules/services/security/bitwarden_rs/default.nix +++ b/nixos/modules/services/security/bitwarden_rs/default.nix @@ -18,15 +18,33 @@ let else key + toUpper x) "" parts; in if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts; - configFile = pkgs.writeText "bitwarden_rs.env" (concatMapStrings (s: s + "\n") ( - (concatLists (mapAttrsToList (name: value: - if value != null then [ "${nameToEnvVar name}=${if isBool value then boolToString value else toString value}" ] else [] - ) cfg.config)))); + # Due to the different naming schemes allowed for config keys, + # we can only check for values consistently after converting them to their corresponding environment variable name. + configEnv = + let + configEnv = listToAttrs (concatLists (mapAttrsToList (name: value: + if value != null then [ (nameValuePair (nameToEnvVar name) (if isBool value then boolToString value else toString value)) ] else [] + ) cfg.config)); + in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { + WEB_VAULT_FOLDER = "${pkgs.bitwarden_rs-vault}/share/bitwarden_rs/vault"; + } // configEnv; + + configFile = pkgs.writeText "bitwarden_rs.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)); + + bitwarden_rs = pkgs.bitwarden_rs.override { inherit (cfg) dbBackend; }; in { options.services.bitwarden_rs = with types; { enable = mkEnableOption "bitwarden_rs"; + dbBackend = mkOption { + type = enum [ "sqlite" "mysql" "postgresql" ]; + default = "sqlite"; + description = '' + Which database backend bitwarden_rs will be using. + ''; + }; + backupDir = mkOption { type = nullOr str; default = null; @@ -56,23 +74,20 @@ in { even though foo2 would have been converted to FOO_2. This allows working around any potential future conflicting naming conventions. - Based on the attributes passed to this config option a environment file will be generated + Based on the attributes passed to this config option an environment file will be generated that is passed to bitwarden_rs's systemd service. The available configuration options can be found in - <link xlink:href="https://github.com/dani-garcia/bitwarden_rs/blob/1.8.0/.env.template">the environment template file</link>. + <link xlink:href="https://github.com/dani-garcia/bitwarden_rs/blob/${bitwarden_rs.version}/.env.template">the environment template file</link>. ''; - apply = config: optionalAttrs config.webVaultEnabled { - webVaultFolder = "${pkgs.bitwarden_rs-vault}/share/bitwarden_rs/vault"; - } // config; }; }; config = mkIf cfg.enable { - services.bitwarden_rs.config = { - dataFolder = "/var/lib/bitwarden_rs"; - webVaultEnabled = mkDefault true; - }; + assertions = [ { + assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite"; + message = "Backups for database backends other than sqlite will need customization"; + } ]; users.users.bitwarden_rs = { inherit group; @@ -87,7 +102,7 @@ in { User = user; Group = group; EnvironmentFile = configFile; - ExecStart = "${pkgs.bitwarden_rs}/bin/bitwarden_rs"; + ExecStart = "${bitwarden_rs}/bin/bitwarden_rs"; LimitNOFILE = "1048576"; LimitNPROC = "64"; PrivateTmp = "true"; @@ -109,6 +124,7 @@ in { path = with pkgs; [ sqlite ]; serviceConfig = { SyslogIdentifier = "backup-bitwarden_rs"; + Type = "oneshot"; User = mkDefault user; Group = mkDefault group; ExecStart = "${pkgs.bash}/bin/bash ${./backup.sh}"; diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index b4934a86cf5..de48d3a780e 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -7,6 +7,7 @@ with lib; let cfg = config.virtualisation.lxd; + zfsCfg = config.boot.zfs; in @@ -26,11 +27,40 @@ in <command>lxc</command> command line tool, among others. ''; }; + + package = mkOption { + type = types.package; + default = pkgs.lxd; + defaultText = "pkgs.lxd"; + description = '' + The LXD package to use. + ''; + }; + + lxcPackage = mkOption { + type = types.package; + default = pkgs.lxc; + defaultText = "pkgs.lxc"; + description = '' + The LXC package to use with LXD (required for AppArmor profiles). + ''; + }; + + zfsPackage = mkOption { + type = types.package; + default = with pkgs; if zfsCfg.enableUnstable then zfsUnstable else zfs; + defaultText = "pkgs.zfs"; + description = '' + The ZFS package to use with LXD. + ''; + }; + zfsSupport = mkOption { type = types.bool; default = false; description = '' - enables lxd to use zfs as a storage for containers. + Enables lxd to use zfs as a storage for containers. + This option is enabled by default if a zfs pool is configured with nixos. ''; @@ -54,15 +84,15 @@ in config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.lxd ]; + environment.systemPackages = [ cfg.package ]; security.apparmor = { enable = true; profiles = [ - "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start" - "${pkgs.lxc}/etc/apparmor.d/lxc-containers" + "${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start" + "${cfg.lxcPackage}/etc/apparmor.d/lxc-containers" ]; - packages = [ pkgs.lxc ]; + packages = [ cfg.lxcPackage ]; }; systemd.services.lxd = { @@ -71,14 +101,14 @@ in wantedBy = [ "multi-user.target" ]; after = [ "systemd-udev-settle.service" ]; - path = lib.optional cfg.zfsSupport pkgs.zfs; + path = lib.optional cfg.zfsSupport cfg.zfsPackage; preStart = '' mkdir -m 0755 -p /var/lib/lxc/rootfs ''; serviceConfig = { - ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd"; + ExecStart = "@${cfg.package.bin}/bin/lxd lxd --group lxd"; Type = "simple"; KillMode = "process"; # when stopping, leave the containers alone LimitMEMLOCK = "infinity"; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 8c11464f9d6..2f26bb782c9 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -94,6 +94,7 @@ in flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {}; fluentd = handleTest ./fluentd.nix {}; fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {}; + freeswitch = handleTest ./freeswitch.nix {}; fsck = handleTest ./fsck.nix {}; gotify-server = handleTest ./gotify-server.nix {}; gitea = handleTest ./gitea.nix {}; @@ -293,6 +294,7 @@ in upnp = handleTest ./upnp.nix {}; uwsgi = handleTest ./uwsgi.nix {}; vault = handleTest ./vault.nix {}; + victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; wireguard = handleTest ./wireguard {}; wireguard-generated = handleTest ./wireguard/generated.nix {}; diff --git a/nixos/tests/freeswitch.nix b/nixos/tests/freeswitch.nix new file mode 100644 index 00000000000..349d0e7bc6f --- /dev/null +++ b/nixos/tests/freeswitch.nix @@ -0,0 +1,29 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "freeswitch"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ misuzu ]; + }; + nodes = { + node0 = { config, lib, ... }: { + networking.useDHCP = false; + networking.interfaces.eth1 = { + ipv4.addresses = [ + { + address = "192.168.0.1"; + prefixLength = 24; + } + ]; + }; + services.freeswitch = { + enable = true; + enableReload = true; + configTemplate = "${config.services.freeswitch.package}/share/freeswitch/conf/minimal"; + }; + }; + }; + testScript = '' + node0.wait_for_unit("freeswitch.service") + # Wait for SIP port to be open + node0.wait_for_open_port("5060") + ''; +}) diff --git a/nixos/tests/victoriametrics.nix b/nixos/tests/victoriametrics.nix new file mode 100644 index 00000000000..73ef8b72861 --- /dev/null +++ b/nixos/tests/victoriametrics.nix @@ -0,0 +1,31 @@ +# This test runs influxdb and checks if influxdb is up and running + +import ./make-test-python.nix ({ pkgs, ...} : { + name = "victoriametrics"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ yorickvp ]; + }; + + nodes = { + one = { ... }: { + services.victoriametrics.enable = true; + }; + }; + + testScript = '' + start_all() + + one.wait_for_unit("victoriametrics.service") + + # write some points and run simple query + out = one.succeed( + "curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/write'" + ) + cmd = """curl -s -G 'http://localhost:8428/api/v1/export' -d 'match={__name__!=""}'""" + # data takes a while to appear + one.wait_until_succeeds(f"[[ $({cmd} | wc -l) -ne 0 ]]") + out = one.succeed(cmd) + assert '"values":[123]' in out + assert '"values":[1.23]' in out + ''; +}) |