From 2e46cc1f00cd965cef074d655b3813832c71a745 Mon Sep 17 00:00:00 2001 From: Naïm Favier Date: Sun, 13 Feb 2022 16:25:24 +0100 Subject: nixos/earlyoom: remove useKernelOOMKiller This option is deprecated and ignored by earlyoom since 1.2. --- nixos/modules/services/system/earlyoom.nix | 35 +++++++++++++----------------- 1 file changed, 15 insertions(+), 20 deletions(-) (limited to 'nixos/modules/services/system') diff --git a/nixos/modules/services/system/earlyoom.nix b/nixos/modules/services/system/earlyoom.nix index 452efc73643..b355df056bc 100644 --- a/nixos/modules/services/system/earlyoom.nix +++ b/nixos/modules/services/system/earlyoom.nix @@ -39,20 +39,12 @@ in ''; }; - useKernelOOMKiller= mkOption { - type = types.bool; - default = false; - description = '' - Use kernel OOM killer instead of own user-space implementation. - ''; - }; - + # TODO: remove or warn after 1.7 (https://github.com/rfjakob/earlyoom/commit/7ebc4554) ignoreOOMScoreAdjust = mkOption { type = types.bool; default = false; description = '' Ignore oom_score_adjust values of processes. - User-space implementation only. ''; }; @@ -87,16 +79,21 @@ in }; }; + imports = [ + (mkRemovedOptionModule [ "services" "earlyoom" "useKernelOOMKiller" ] '' + This option is deprecated and ignored by earlyoom since 1.2. + '') + ]; + config = mkIf ecfg.enable { assertions = [ { assertion = ecfg.freeMemThreshold > 0 && ecfg.freeMemThreshold <= 100; message = "Needs to be a positive percentage"; } { assertion = ecfg.freeSwapThreshold > 0 && ecfg.freeSwapThreshold <= 100; message = "Needs to be a positive percentage"; } - { assertion = !ecfg.useKernelOOMKiller || !ecfg.ignoreOOMScoreAdjust; - message = "Both options in conjunction do not make sense"; } ]; + # TODO: reimplement this option as -N after 1.7 (https://github.com/rfjakob/earlyoom/commit/afe03606) warnings = optional (ecfg.notificationsCommand != null) "`services.earlyoom.notificationsCommand` is deprecated and ignored by earlyoom since 1.6."; @@ -107,15 +104,13 @@ in serviceConfig = { StandardOutput = "null"; StandardError = "journal"; - ExecStart = '' - ${pkgs.earlyoom}/bin/earlyoom \ - -m ${toString ecfg.freeMemThreshold} \ - -s ${toString ecfg.freeSwapThreshold} \ - ${optionalString ecfg.useKernelOOMKiller "-k"} \ - ${optionalString ecfg.ignoreOOMScoreAdjust "-i"} \ - ${optionalString ecfg.enableDebugInfo "-d"} \ - ${optionalString ecfg.enableNotifications "-n"} - ''; + ExecStart = concatStringsSep " " ([ + "${pkgs.earlyoom}/bin/earlyoom" + "-m ${toString ecfg.freeMemThreshold}" + "-s ${toString ecfg.freeSwapThreshold}" + ] ++ optional ecfg.ignoreOOMScoreAdjust "-i" + ++ optional ecfg.enableDebugInfo "-d" + ++ optional ecfg.enableNotifications "-n"); }; }; -- cgit 1.4.1 From 27e32bbfde6c0c27c78859b23943e79b84e3c860 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Mon, 12 Jul 2021 15:34:26 +0800 Subject: nixos/systembus-notify: add support for system services notifying users --- .../from_md/release-notes/rl-2205.section.xml | 11 ++++++ nixos/doc/manual/release-notes/rl-2205.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/system/systembus-notify.nix | 27 +++++++++++++ .../applications/misc/systembus-notify/default.nix | 44 +++++++++++++++++++--- 5 files changed, 80 insertions(+), 5 deletions(-) create mode 100644 nixos/modules/services/system/systembus-notify.nix (limited to 'nixos/modules/services/system') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index bdf51211378..d3a944533ab 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -249,6 +249,17 @@ services.prosody-filer. + + + systembus-notify, + allow system level notifications to reach the users. Available + as + services.systembus-notify. + Please keep in mind that this service should only be enabled + on machines with fully trusted users, as any local user is + able to DoS user sessions by spamming notifications. + + ethercalc, diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index b8d6078a21d..fe30cbc3cf5 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -72,6 +72,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable). +- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications. + - [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative spreadsheet. Available as [services.ethercalc](options.html#opt-services.ethercalc.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ff95d6500b9..13703968167 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -987,6 +987,7 @@ ./services/system/nscd.nix ./services/system/saslauthd.nix ./services/system/self-deploy.nix + ./services/system/systembus-notify.nix ./services/system/uptimed.nix ./services/torrent/deluge.nix ./services/torrent/flexget.nix diff --git a/nixos/modules/services/system/systembus-notify.nix b/nixos/modules/services/system/systembus-notify.nix new file mode 100644 index 00000000000..e918bc552ec --- /dev/null +++ b/nixos/modules/services/system/systembus-notify.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.systembus-notify; + + inherit (lib) mkEnableOption mkIf; + +in +{ + options.services.systembus-notify = { + enable = mkEnableOption '' + System bus notification support + + WARNING: enabling this option (while convenient) should *not* be done on a + machine where you do not trust the other users as it allows any other + local user to DoS your session by spamming notifications. + ''; + }; + + config = mkIf cfg.enable { + systemd = { + packages = with pkgs; [ systembus-notify ]; + + user.services.systembus-notify.wantedBy = [ "graphical-session.target" ]; + }; + }; +} diff --git a/pkgs/applications/misc/systembus-notify/default.nix b/pkgs/applications/misc/systembus-notify/default.nix index 6e5405ce988..770cd858401 100644 --- a/pkgs/applications/misc/systembus-notify/default.nix +++ b/pkgs/applications/misc/systembus-notify/default.nix @@ -1,5 +1,30 @@ -{ lib, stdenv, fetchFromGitHub, systemd }: +{ lib +, stdenv +, fetchFromGitHub +, formats +, systemd +}: +let + ini = formats.ini { }; + + unit = ini.generate "systembus-notify.service" { + Unit = { + Description = "system bus notification daemon"; + }; + + Service = { + Type = "exec"; + ExecStart = "@out@/bin/systembus-notify"; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "strict"; + Restart = "on-failure"; + Slice = "background.slice"; + }; + }; + +in stdenv.mkDerivation rec { pname = "systembus-notify"; version = "1.1"; @@ -8,23 +33,32 @@ stdenv.mkDerivation rec { owner = "rfjakob"; repo = "systembus-notify"; rev = "v${version}"; - sha256 = "1pdn45rfpwhrf20hs87qmk2j8sr7ab8161f81019wnypnb1q2fsv"; + sha256 = "sha256-WzuBw7LXW54CCMgFE9BSJ2skxaz4IA2BcBny63Ihtt0="; }; buildInputs = [ systemd ]; installPhase = '' runHook preInstall - install -Dm755 systembus-notify -t $out/bin - install -Dm644 systembus-notify.desktop -t $out/etc/xdg/autostart + + install -Dm555 -t $out/bin systembus-notify + install -Dm444 -t $out/share/systembus-notify systembus-notify.desktop + + install -d $out/lib/systemd/user + substitute ${unit} $out/lib/systemd/user/${unit.name} \ + --subst-var out + runHook postInstall ''; + # requires a running dbus instance + doCheck = false; + meta = with lib; { description = "System bus notification daemon"; homepage = "https://github.com/rfjakob/systembus-notify"; license = licenses.mit; + maintainers = with maintainers; [ peterhoeg ]; platforms = platforms.linux; - maintainers = with maintainers; []; }; } -- cgit 1.4.1 From 895090bf89cd1a9cd7bc3ea7edd3bd2a0ae9d88f Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Mon, 12 Jul 2021 15:36:22 +0800 Subject: nixos/earlyoom: use the newly introduced systembus-notify option Also some cleanups. --- nixos/modules/services/system/earlyoom.nix | 155 +++++++++++++---------------- 1 file changed, 70 insertions(+), 85 deletions(-) (limited to 'nixos/modules/services/system') diff --git a/nixos/modules/services/system/earlyoom.nix b/nixos/modules/services/system/earlyoom.nix index b355df056bc..ddd5bcebcdd 100644 --- a/nixos/modules/services/system/earlyoom.nix +++ b/nixos/modules/services/system/earlyoom.nix @@ -1,81 +1,73 @@ { config, lib, pkgs, ... }: -with lib; - let - ecfg = config.services.earlyoom; + cfg = config.services.earlyoom; + + inherit (lib) + mkDefault mkEnableOption mkIf mkOption types + mkRemovedOptionModule + concatStringsSep optional; + in { - options = { - services.earlyoom = { + options.services.earlyoom = { + enable = mkEnableOption "Early out of memory killing"; - enable = mkOption { - type = types.bool; - default = false; - description = '' - Enable early out of memory killing. - ''; - }; + freeMemThreshold = mkOption { + type = types.ints.between 1 100; + default = 10; + description = '' + Minimum of availabe memory (in percent). + If the free memory falls below this threshold and the analog is true for + + the killing begins. + ''; + }; - freeMemThreshold = mkOption { - type = types.int; - default = 10; - description = '' - Minimum of availabe memory (in percent). - If the free memory falls below this threshold and the analog is true for - - the killing begins. - ''; - }; + freeSwapThreshold = mkOption { + type = types.ints.between 1 100; + default = 10; + description = '' + Minimum of availabe swap space (in percent). + If the available swap space falls below this threshold and the analog + is true for + the killing begins. + ''; + }; - freeSwapThreshold = mkOption { - type = types.int; - default = 10; - description = '' - Minimum of availabe swap space (in percent). - If the available swap space falls below this threshold and the analog - is true for - the killing begins. - ''; - }; + # TODO: remove or warn after 1.7 (https://github.com/rfjakob/earlyoom/commit/7ebc4554) + ignoreOOMScoreAdjust = mkOption { + type = types.bool; + default = false; + description = '' + Ignore oom_score_adjust values of processes. + ''; + }; - # TODO: remove or warn after 1.7 (https://github.com/rfjakob/earlyoom/commit/7ebc4554) - ignoreOOMScoreAdjust = mkOption { - type = types.bool; - default = false; - description = '' - Ignore oom_score_adjust values of processes. - ''; - }; + enableDebugInfo = mkOption { + type = types.bool; + default = false; + description = '' + Enable debugging messages. + ''; + }; - enableDebugInfo = mkOption { - type = types.bool; - default = false; - description = '' - Enable debugging messages. - ''; - }; + enableNotifications = mkOption { + type = types.bool; + default = false; + description = '' + Send notifications about killed processes via the system d-bus. - notificationsCommand = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - This option is deprecated and ignored by earlyoom since 1.6. - Use instead. - ''; - }; + WARNING: enabling this option (while convenient) should *not* be done on a + machine where you do not trust the other users as it allows any other + local user to DoS your session by spamming notifications. - enableNotifications = mkOption { - type = types.bool; - default = false; - description = '' - Send notifications about killed processes via the system d-bus. - To actually see the notifications in your GUI session, you need to have - systembus-notify running as your user. + To actually see the notifications in your GUI session, you need to have + systembus-notify running as your user which this + option handles. - See README for details. - ''; - }; + See README for details. + ''; }; }; @@ -83,37 +75,30 @@ in (mkRemovedOptionModule [ "services" "earlyoom" "useKernelOOMKiller" ] '' This option is deprecated and ignored by earlyoom since 1.2. '') + (mkRemovedOptionModule [ "services" "earlyoom" "notificationsCommand" ] '' + This option is deprecated and ignored by earlyoom since 1.6. + '') ]; - config = mkIf ecfg.enable { - assertions = [ - { assertion = ecfg.freeMemThreshold > 0 && ecfg.freeMemThreshold <= 100; - message = "Needs to be a positive percentage"; } - { assertion = ecfg.freeSwapThreshold > 0 && ecfg.freeSwapThreshold <= 100; - message = "Needs to be a positive percentage"; } - ]; - - # TODO: reimplement this option as -N after 1.7 (https://github.com/rfjakob/earlyoom/commit/afe03606) - warnings = optional (ecfg.notificationsCommand != null) - "`services.earlyoom.notificationsCommand` is deprecated and ignored by earlyoom since 1.6."; + config = mkIf cfg.enable { + services.systembus-notify.enable = mkDefault cfg.enableNotifications; systemd.services.earlyoom = { description = "Early OOM Daemon for Linux"; wantedBy = [ "multi-user.target" ]; - path = optional ecfg.enableNotifications pkgs.dbus; + path = optional cfg.enableNotifications pkgs.dbus; serviceConfig = { - StandardOutput = "null"; StandardError = "journal"; ExecStart = concatStringsSep " " ([ "${pkgs.earlyoom}/bin/earlyoom" - "-m ${toString ecfg.freeMemThreshold}" - "-s ${toString ecfg.freeSwapThreshold}" - ] ++ optional ecfg.ignoreOOMScoreAdjust "-i" - ++ optional ecfg.enableDebugInfo "-d" - ++ optional ecfg.enableNotifications "-n"); + "-m ${toString cfg.freeMemThreshold}" + "-s ${toString cfg.freeSwapThreshold}" + ] + ++ optional cfg.ignoreOOMScoreAdjust "-i" + ++ optional cfg.enableDebugInfo "-d" + ++ optional cfg.enableNotifications "-n" + ); }; }; - - environment.systemPackages = optional ecfg.enableNotifications pkgs.systembus-notify; }; } -- cgit 1.4.1