From 2b220cc57b198ae353afaf2b1859533c60e50bc0 Mon Sep 17 00:00:00 2001
From: Christine Dodrill <me@christine.website>
Date: Sun, 6 Jun 2021 14:17:03 +0000
Subject: nixos/tailscale: add procps to $PATH

Currently tailscaled expects `sysctl` (from package procps) to be present
in the path when running on Linux. It can function without the `sysctl`
command present but it prints an error about it. This fixes that error.

    Warning: couldn't check net.ipv4.ip_forward (exec: "sysctl":
        executable file not found in $PATH).

Signed-off-by: Christine Dodrill <me@christine.website>
---
 nixos/modules/services/networking/tailscale.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix
index 9a28a266a92..d1b23b72a25 100644
--- a/nixos/modules/services/networking/tailscale.nix
+++ b/nixos/modules/services/networking/tailscale.nix
@@ -28,7 +28,7 @@ in {
     systemd.packages = [ cfg.package ];
     systemd.services.tailscaled = {
       wantedBy = [ "multi-user.target" ];
-      path = [ pkgs.openresolv ];
+      path = [ pkgs.openresolv pkgs.procps ];
       serviceConfig.Environment = "PORT=${toString cfg.port}";
     };
   };
-- 
cgit 1.4.1


From b62a093a58e1b42bda1424093099b00327594663 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+nixpkgs@sourcephile.fr>
Date: Tue, 31 Mar 2020 18:09:59 +0200
Subject: sanoid: fix sanoid.conf generation

---
 nixos/modules/services/backup/sanoid.nix | 88 +++++++++++---------------------
 nixos/tests/sanoid.nix                   |  2 +-
 2 files changed, 31 insertions(+), 59 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/backup/sanoid.nix b/nixos/modules/services/backup/sanoid.nix
index 0472fb4ba1e..be44a43b6d3 100644
--- a/nixos/modules/services/backup/sanoid.nix
+++ b/nixos/modules/services/backup/sanoid.nix
@@ -10,74 +10,51 @@ let
       description = "dataset/template options";
     };
 
-  # Default values from https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf
-
   commonOptions = {
     hourly = mkOption {
       description = "Number of hourly snapshots.";
-      type = types.ints.unsigned;
-      default = 48;
+      type = with types; nullOr ints.unsigned;
+      default = null;
     };
 
     daily = mkOption {
       description = "Number of daily snapshots.";
-      type = types.ints.unsigned;
-      default = 90;
+      type = with types; nullOr ints.unsigned;
+      default = null;
     };
 
     monthly = mkOption {
       description = "Number of monthly snapshots.";
-      type = types.ints.unsigned;
-      default = 6;
+      type = with types; nullOr ints.unsigned;
+      default = null;
     };
 
     yearly = mkOption {
       description = "Number of yearly snapshots.";
-      type = types.ints.unsigned;
-      default = 0;
+      type = with types; nullOr ints.unsigned;
+      default = null;
     };
 
     autoprune = mkOption {
       description = "Whether to automatically prune old snapshots.";
-      type = types.bool;
-      default = true;
+      type = with types; nullOr bool;
+      default = null;
     };
 
     autosnap = mkOption {
       description = "Whether to automatically take snapshots.";
-      type = types.bool;
-      default = true;
-    };
-
-    settings = mkOption {
-      description = ''
-        Free-form settings for this template/dataset. See
-        <link xlink:href="https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf"/>
-        for allowed values.
-      '';
-      type = datasetSettingsType;
-    };
-  };
-
-  commonConfig = config: {
-    settings = {
-      hourly = mkDefault config.hourly;
-      daily = mkDefault config.daily;
-      monthly = mkDefault config.monthly;
-      yearly = mkDefault config.yearly;
-      autoprune = mkDefault config.autoprune;
-      autosnap = mkDefault config.autosnap;
+      type = with types; nullOr bool;
+      default = null;
     };
   };
 
-  datasetOptions = {
-    useTemplate = mkOption {
+  datasetOptions = rec {
+    use_template = mkOption {
       description = "Names of the templates to use for this dataset.";
-      type = (types.listOf (types.enum (attrNames cfg.templates))) // {
-        description = "list of template names";
-      };
+      type = types.listOf (types.enum (attrNames cfg.templates));
       default = [];
     };
+    useTemplate = use_template;
 
     recursive = mkOption {
       description = "Whether to recursively snapshot dataset children.";
@@ -85,19 +62,12 @@ let
       default = false;
     };
 
-    processChildrenOnly = mkOption {
+    process_children_only = mkOption {
       description = "Whether to only snapshot child datasets if recursing.";
       type = types.bool;
       default = false;
     };
-  };
-
-  datasetConfig = config: {
-    settings = {
-      use_template = mkDefault config.useTemplate;
-      recursive = mkDefault config.recursive;
-      process_children_only = mkDefault config.processChildrenOnly;
-    };
+    processChildrenOnly = process_children_only;
   };
 
   # Extract pool names from configured datasets
@@ -109,11 +79,11 @@ let
       else generators.mkValueStringDefault {} v;
 
     mkKeyValue = k: v: if v == null then ""
+      else if k == "processChildrenOnly" then ""
+      else if k == "useTemplate" then ""
       else generators.mkKeyValueDefault { inherit mkValueString; } "=" k v;
   in generators.toINI { inherit mkKeyValue; } cfg.settings;
 
-  configDir = pkgs.writeTextDir "sanoid.conf" configFile;
-
 in {
 
     # Interface
@@ -135,19 +105,21 @@ in {
       };
 
       datasets = mkOption {
-        type = types.attrsOf (types.submodule ({ config, ... }: {
+        type = types.attrsOf (types.submodule ({config, options, ...}: {
+          freeformType = datasetSettingsType;
           options = commonOptions // datasetOptions;
-          config = mkMerge [ (commonConfig config) (datasetConfig config) ];
+          config.use_template = mkAliasDefinitions (options.useTemplate or {});
+          config.process_children_only = mkAliasDefinitions (options.processChildrenOnly or {});
         }));
         default = {};
         description = "Datasets to snapshot.";
       };
 
       templates = mkOption {
-        type = types.attrsOf (types.submodule ({ config, ... }: {
+        type = types.attrsOf (types.submodule {
+          freeformType = datasetSettingsType;
           options = commonOptions;
-          config = commonConfig config;
-        }));
+        });
         default = {};
         description = "Templates for datasets.";
       };
@@ -177,8 +149,8 @@ in {
 
     config = mkIf cfg.enable {
       services.sanoid.settings = mkMerge [
-        (mapAttrs' (d: v: nameValuePair ("template_" + d) v.settings) cfg.templates)
-        (mapAttrs (d: v: v.settings) cfg.datasets)
+        (mapAttrs' (d: v: nameValuePair ("template_" + d) v) cfg.templates)
+        (mapAttrs (d: v: v) cfg.datasets)
       ];
 
       systemd.services.sanoid = {
@@ -191,7 +163,7 @@ in {
           ExecStart = lib.escapeShellArgs ([
             "${pkgs.sanoid}/bin/sanoid"
             "--cron"
-            "--configdir" configDir
+            "--configdir" (pkgs.writeTextDir "sanoid.conf" configFile)
           ] ++ cfg.extraArgs);
           ExecStopPost = map (pool: lib.escapeShellArgs [
             "+/run/booted-system/sw/bin/zfs" "unallow" "sanoid" pool
diff --git a/nixos/tests/sanoid.nix b/nixos/tests/sanoid.nix
index c691bfc08ef..1983945915f 100644
--- a/nixos/tests/sanoid.nix
+++ b/nixos/tests/sanoid.nix
@@ -33,7 +33,7 @@ in {
 
           autosnap = true;
         };
-        datasets."pool/sanoid".useTemplate = [ "test" ];
+        datasets."pool/sanoid".use_template = [ "test" ];
         extraArgs = [ "--verbose" ];
       };
 
-- 
cgit 1.4.1


From 9af3672f4faaafba0ce0129a87fc7925c14eeb61 Mon Sep 17 00:00:00 2001
From: talyz <kim.lindberger@gmail.com>
Date: Wed, 23 Jun 2021 18:15:14 +0200
Subject: discourse: Fix plugin support

For plugins to work properly, their assets need to be precompiled
along with the rest of Discourse's assets. This means we need to build
new packages when the list of plugins change.
---
 nixos/modules/services/web-apps/discourse.nix | 5 +++--
 pkgs/servers/web-apps/discourse/default.nix   | 7 ++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix
index 49958fc6190..00a269ba871 100644
--- a/nixos/modules/services/web-apps/discourse.nix
+++ b/nixos/modules/services/web-apps/discourse.nix
@@ -30,6 +30,9 @@ in
       package = lib.mkOption {
         type = lib.types.package;
         default = pkgs.discourse;
+        apply = p: p.override {
+          plugins = lib.unique (p.enabledPlugins ++ cfg.plugins);
+        };
         defaultText = "pkgs.discourse";
         description = ''
           The discourse package to use.
@@ -731,8 +734,6 @@ in
 
           cp -r ${cfg.package}/share/discourse/config.dist/* /run/discourse/config/
           cp -r ${cfg.package}/share/discourse/public.dist/* /run/discourse/public/
-          cp -r ${cfg.package}/share/discourse/plugins.dist/* /run/discourse/plugins/
-          ${lib.concatMapStringsSep "\n" (p: "ln -sf ${p} /run/discourse/plugins/") cfg.plugins}
           ln -sf /var/lib/discourse/uploads /run/discourse/public/uploads
           ln -sf /var/lib/discourse/backups /run/discourse/public/backups
 
diff --git a/pkgs/servers/web-apps/discourse/default.nix b/pkgs/servers/web-apps/discourse/default.nix
index 5e7c4d5368a..8258049a403 100644
--- a/pkgs/servers/web-apps/discourse/default.nix
+++ b/pkgs/servers/web-apps/discourse/default.nix
@@ -3,6 +3,8 @@
 , util-linux, gawk, imagemagick, optipng, pngquant, libjpeg, jpegoptim
 , gifsicle, libpsl, redis, postgresql, which, brotli, procps, rsync
 , nodePackages, v8
+
+, plugins ? []
 }:
 
 let
@@ -148,6 +150,8 @@ let
       mkdir $NIX_BUILD_TOP/tmp_home
       export HOME=$NIX_BUILD_TOP/tmp_home
 
+      ${lib.concatMapStringsSep "\n" (p: "cp -r ${p} plugins/") plugins}
+
       export RAILS_ENV=production
 
       bundle exec rake db:migrate >/dev/null
@@ -212,7 +216,6 @@ let
 
       mv config config.dist
       mv public public.dist
-      mv plugins plugins.dist
 
       runHook postBuild
     '';
@@ -230,6 +233,7 @@ let
       ln -sf /run/discourse/public $out/share/discourse/public
       ln -sf /run/discourse/plugins $out/share/discourse/plugins
       ln -sf ${assets} $out/share/discourse/public.dist/assets
+      ${lib.concatMapStringsSep "\n" (p: "ln -sf ${p} $out/share/discourse/plugins/") plugins}
 
       runHook postInstall
     '';
@@ -244,6 +248,7 @@ let
 
     passthru = {
       inherit rubyEnv runtimeEnv runtimeDeps rake;
+      enabledPlugins = plugins;
       ruby = rubyEnv.wrappedRuby;
       tests = nixosTests.discourse;
     };
-- 
cgit 1.4.1


From bbe66636f4dee107b6e710eefca4b4dd3f691ef4 Mon Sep 17 00:00:00 2001
From: gwitmond <guido@witmond.nl>
Date: Thu, 1 Jul 2021 00:43:54 +0200
Subject: nixos/sshd: add -D flag to prevent forking into a separate process
 (#122844)

It makes it easier for init-processes to monitor correct startup and liveness.
---
 nixos/modules/services/networking/ssh/sshd.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 91caa2ccb42..2c96b94ca43 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -453,6 +453,7 @@ in
               { ExecStart =
                   (optionalString cfg.startWhenNeeded "-") +
                   "${cfgc.package}/bin/sshd " + (optionalString cfg.startWhenNeeded "-i ") +
+                  "-D " +  # don't detach into a daemon process
                   "-f /etc/ssh/sshd_config";
                 KillMode = "process";
               } // (if cfg.startWhenNeeded then {
-- 
cgit 1.4.1