diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 9 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 2 | ||||
| -rw-r--r-- | nixos/modules/hardware/all-firmware.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/misc/ids.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/programs/captive-browser.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/admin/meshcentral.nix | 53 | ||||
| -rw-r--r-- | nixos/modules/services/continuous-integration/gitlab-runner.nix | 8 | ||||
| -rw-r--r-- | nixos/modules/services/databases/redis.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/system/boot/systemd.nix | 1 |
10 files changed, 78 insertions, 2 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index fa43befea7e..2874039e3f0 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -140,6 +140,15 @@ <link linkend="opt-services.mx-puppet-discord.enable">services.mx-puppet-discord</link>. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://www.meshcommander.com/meshcentral2/overview">MeshCentral</link>, + a remote administration service (<quote>TeamViewer but + self-hosted and with more features</quote>) is now available + with a package and a module: + <link linkend="opt-services.meshcentral.enable">services.meshcentral.enable</link> + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-incompatibilities"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 7d423581059..fe7a7326a40 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -43,6 +43,8 @@ pt-services.clipcat.enable). - [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord), a discord puppeting bridge for matrix. Available as [services.mx-puppet-discord](#opt-services.mx-puppet-discord.enable). +- [MeshCentral](https://www.meshcommander.com/meshcentral2/overview), a remote administration service ("TeamViewer but self-hosted and with more features") is now available with a package and a module: [services.meshcentral.enable](#opt-services.meshcentral.enable) + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} - The `staticjinja` package has been upgraded from 1.0.4 to 3.0.1 diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix index 524dae57010..a4e4fa8d0ed 100644 --- a/nixos/modules/hardware/all-firmware.nix +++ b/nixos/modules/hardware/all-firmware.nix @@ -58,6 +58,7 @@ in { rtl8723bs-firmware rtl8761b-firmware rtw88-firmware + rtw89-firmware zd1211fw alsa-firmware sof-firmware diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 858c7ee53db..a7a31ba8576 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -187,6 +187,7 @@ in #seeks = 148; # removed 2020-06-21 prosody = 149; i2pd = 150; + systemd-coredump = 151; systemd-network = 152; systemd-resolve = 153; systemd-timesync = 154; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index c9aa18e1edf..1a6d8599e7e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -236,6 +236,7 @@ ./security/doas.nix ./security/systemd-confinement.nix ./security/tpm2.nix + ./services/admin/meshcentral.nix ./services/admin/oxidized.nix ./services/admin/salt/master.nix ./services/admin/salt/minion.nix diff --git a/nixos/modules/programs/captive-browser.nix b/nixos/modules/programs/captive-browser.nix index 1f223e2475c..007b0369ec1 100644 --- a/nixos/modules/programs/captive-browser.nix +++ b/nixos/modules/programs/captive-browser.nix @@ -27,6 +27,7 @@ in browser = mkOption { type = types.str; default = concatStringsSep " " [ + ''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME"'' ''${pkgs.chromium}/bin/chromium'' ''--user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive'' ''--proxy-server="socks5://$PROXY"'' @@ -111,6 +112,7 @@ in security.wrappers.captive-browser = { capabilities = "cap_net_raw+p"; source = pkgs.writeShellScript "captive-browser" '' + export PREV_CONFIG_HOME="$XDG_CONFIG_HOME" export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" '' browser = """${cfg.browser}""" dhcp-dns = """${cfg.dhcp-dns}""" diff --git a/nixos/modules/services/admin/meshcentral.nix b/nixos/modules/services/admin/meshcentral.nix new file mode 100644 index 00000000000..ae7b6edda7d --- /dev/null +++ b/nixos/modules/services/admin/meshcentral.nix @@ -0,0 +1,53 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.services.meshcentral; + configFormat = pkgs.formats.json {}; + configFile = configFormat.generate "meshcentral-config.json" cfg.settings; +in with lib; { + options.services.meshcentral = with types; { + enable = mkEnableOption "MeshCentral computer management server"; + package = mkOption { + description = "MeshCentral package to use. Replacing this may be necessary to add dependencies for extra functionality."; + type = types.package; + default = pkgs.meshcentral; + defaultText = "pkgs.meshcentral"; + }; + settings = mkOption { + description = '' + Settings for MeshCentral. Refer to upstream documentation for details: + + <itemizedlist> + <listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json">JSON Schema definition</link></para></listitem> + <listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/sample-config.json">simple sample configuration</link></para></listitem> + <listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/sample-config-advanced.json">complex sample configuration</link></para></listitem> + <listitem><para><link xlink:href="https://www.meshcommander.com/meshcentral2">Old homepage) with documentation link</link></para></listitem> + </itemizedlist> + ''; + type = types.submodule { + freeformType = configFormat.type; + }; + example = { + settings = { + WANonly = true; + Cert = "meshcentral.example.com"; + TlsOffload = "10.0.0.2,fd42::2"; + Port = 4430; + }; + domains."".certUrl = "https://meshcentral.example.com/"; + }; + }; + }; + config = mkIf cfg.enable { + services.meshcentral.settings.settings.autoBackup.backupPath = lib.mkDefault "/var/lib/meshcentral/backups"; + systemd.services.meshcentral = { + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${cfg.package}/bin/meshcentral --datapath /var/lib/meshcentral --configfile ${configFile}"; + DynamicUser = true; + StateDirectory = "meshcentral"; + CacheDirectory = "meshcentral"; + }; + }; + }; + meta.maintainers = [ maintainers.lheckemann ]; +} diff --git a/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixos/modules/services/continuous-integration/gitlab-runner.nix index 2c6d9530a6b..15c37c2bc76 100644 --- a/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -339,6 +339,9 @@ in <literal>CI_SERVER_URL=<CI server URL></literal> <literal>REGISTRATION_TOKEN=<registration secret></literal> + + WARNING: make sure to use quoted absolute path, + or it is going to be copied to Nix Store. ''; }; registrationFlags = mkOption { @@ -523,7 +526,10 @@ in }; }; config = mkIf cfg.enable { - warnings = optional (cfg.configFile != null) "services.gitlab-runner.`configFile` is deprecated, please use services.gitlab-runner.`services`."; + warnings = (mapAttrsToList + (n: v: "services.gitlab-runner.services.${n}.`registrationConfigFile` points to a file in Nix Store. You should use quoted absolute path to prevent this.") + (filterAttrs (n: v: isStorePath v.registrationConfigFile) cfg.services)) + ++ optional (cfg.configFile != null) "services.gitlab-runner.`configFile` is deprecated, please use services.gitlab-runner.`services`."; environment.systemPackages = [ cfg.package ]; systemd.services.gitlab-runner = { description = "Gitlab Runner"; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 9c0740f28c9..8873f6d00e0 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -272,7 +272,7 @@ in { } (mkIf (cfg.bind != null) { bind = cfg.bind; }) (mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; }) - (mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${cfg.slaveOf.port}"; }) + (mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}"; }) (mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; }) (mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; }) ]; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index a7900d731c2..73616065a08 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -1053,6 +1053,7 @@ in services.dbus.enable = true; + users.users.systemd-coredump.uid = config.ids.uids.systemd-coredump; users.users.systemd-network.uid = config.ids.uids.systemd-network; users.groups.systemd-network.gid = config.ids.gids.systemd-network; users.users.systemd-resolve.uid = config.ids.uids.systemd-resolve; |