From be25e45fc86612fc52cc3361800547b3552b0131 Mon Sep 17 00:00:00 2001 From: "symphorien+git@xlumurb.eu" Date: Thu, 26 Dec 2019 12:00:00 +0000 Subject: nagios: various improvements * structured config for main config file allows to launch nagios in debug mode without having to write the whole config file by hand * build time syntax check * all options have types, one more example * I find it misleading that the main nagios config file is linked in /etc but that if you change the link in /etc/ and restart nagios, it has no effect. Have nagios use /etc/nagios.cfg * fix paths in example nagios config files, which allows to reuse it: services.nagios.objectDefs = (map (x: "${pkgs.nagios}/etc/objects/${x}.cfg") [ "templates" "timeperiods" "commands" ]) ++ [ ./main.cfg ] * for the above reason, add mailutils to default plugins Co-Authored-By: Aaron Andersen --- pkgs/servers/monitoring/nagios/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'pkgs') diff --git a/pkgs/servers/monitoring/nagios/default.nix b/pkgs/servers/monitoring/nagios/default.nix index 693e67ee6dd..d1654bdf3f7 100644 --- a/pkgs/servers/monitoring/nagios/default.nix +++ b/pkgs/servers/monitoring/nagios/default.nix @@ -20,6 +20,13 @@ stdenv.mkDerivation rec { substituteInPlace Makefile --replace '$(MAKE) install-basic' "" ''; installTargets = "install install-config"; + postInstall = '' + # don't make default files use hardcoded paths to commands + sed -i 's@command_line *[^ ]*/\([^/]*\) @command_line \1 @' $out/etc/objects/commands.cfg + sed -i 's@/usr/bin/@@g' $out/etc/objects/commands.cfg + sed -i 's@/bin/@@g' $out/etc/objects/commands.cfg + ''; + meta = { description = "A host, service and network monitoring program"; -- cgit 1.4.1 From cb38bf33e7fd34dff5a2488600c343762a578ffb Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Mon, 30 Dec 2019 12:00:00 +0000 Subject: nagios: add nixos test --- nixos/tests/all-tests.nix | 1 + nixos/tests/nagios.nix | 116 +++++++++++++++++++++++++++++ pkgs/servers/monitoring/nagios/default.nix | 5 +- 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/nagios.nix (limited to 'pkgs') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 111643ad69c..0bbf0d9ab41 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -179,6 +179,7 @@ in mysql = handleTest ./mysql.nix {}; mysqlBackup = handleTest ./mysql-backup.nix {}; mysqlReplication = handleTest ./mysql-replication.nix {}; + nagios = handleTest ./nagios.nix {}; nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; nat.standalone = handleTest ./nat.nix { withFirewall = false; }; diff --git a/nixos/tests/nagios.nix b/nixos/tests/nagios.nix new file mode 100644 index 00000000000..6f5d4447287 --- /dev/null +++ b/nixos/tests/nagios.nix @@ -0,0 +1,116 @@ +import ./make-test-python.nix ( + { pkgs, ... }: { + name = "nagios"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ symphorien ]; + }; + + machine = { lib, ... }: let + writer = pkgs.writeShellScript "write" '' + set -x + echo "$@" >> /tmp/notifications + ''; + in + { + # tested service + services.sshd.enable = true; + # nagios + services.nagios = { + enable = true; + # make state transitions faster + extraConfig.interval_length = "5"; + objectDefs = + (map (x: "${pkgs.nagios}/etc/objects/${x}.cfg") [ "templates" "timeperiods" "commands" ]) ++ [ + ( + pkgs.writeText "objects.cfg" '' + # notifications are written to /tmp/notifications + define command { + command_name notify-host-by-file + command_line ${writer} "$HOSTNAME is $HOSTSTATE$" + } + define command { + command_name notify-service-by-file + command_line ${writer} "$SERVICEDESC$ is $SERVICESTATE$" + } + + # nagios boilerplate + define contact { + contact_name alice + alias alice + host_notifications_enabled 1 + service_notifications_enabled 1 + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r,f,s + host_notification_options d,u,r,f,s + service_notification_commands notify-service-by-file + host_notification_commands notify-host-by-file + email foo@example.com + } + define contactgroup { + contactgroup_name admins + alias Admins + members alice + } + define hostgroup{ + hostgroup_name allhosts + alias All hosts + } + + # monitored objects + define host { + use generic-host + host_name localhost + alias localhost + address localhost + hostgroups allhosts + contact_groups admins + # make state transitions faster. + max_check_attempts 2 + check_interval 1 + retry_interval 1 + } + define service { + use generic-service + host_name localhost + service_description ssh + check_command check_ssh + # make state transitions faster. + max_check_attempts 2 + check_interval 1 + retry_interval 1 + } + '' + ) + ]; + }; + }; + + testScript = { ... }: '' + with subtest("ensure sshd starts"): + machine.wait_for_unit("sshd.service") + + + with subtest("ensure nagios starts"): + machine.wait_for_file("/var/log/nagios/current") + + + def assert_notify(text): + machine.wait_for_file("/tmp/notifications") + real = machine.succeed("cat /tmp/notifications").strip() + print(f"got {real!r}, expected {text!r}") + assert text == real + + + with subtest("ensure we get a notification when sshd is down"): + machine.succeed("systemctl stop sshd") + assert_notify("ssh is CRITICAL") + + + with subtest("ensure tests can succeed"): + machine.succeed("systemctl start sshd") + machine.succeed("rm /tmp/notifications") + assert_notify("ssh is OK") + ''; + } +) diff --git a/pkgs/servers/monitoring/nagios/default.nix b/pkgs/servers/monitoring/nagios/default.nix index d1654bdf3f7..042450941d2 100644 --- a/pkgs/servers/monitoring/nagios/default.nix +++ b/pkgs/servers/monitoring/nagios/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, perl, php, gd, libpng, zlib, unzip }: +{ stdenv, fetchurl, perl, php, gd, libpng, zlib, unzip, nixosTests }: stdenv.mkDerivation rec { pname = "nagios"; @@ -27,6 +27,9 @@ stdenv.mkDerivation rec { sed -i 's@/bin/@@g' $out/etc/objects/commands.cfg ''; + passthru.tests = { + inherit (nixosTests) nagios; + }; meta = { description = "A host, service and network monitoring program"; -- cgit 1.4.1 From 5f182a9eedbcd2336af33e8c6b2dd35db1d977ef Mon Sep 17 00:00:00 2001 From: Pawel Kruszewski Date: Mon, 30 Dec 2019 18:33:21 +0100 Subject: gradle: 5.6.1 -> 5.6.4 --- pkgs/development/tools/build-managers/gradle/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs') diff --git a/pkgs/development/tools/build-managers/gradle/default.nix b/pkgs/development/tools/build-managers/gradle/default.nix index 5e01438844c..a15eb275231 100644 --- a/pkgs/development/tools/build-managers/gradle/default.nix +++ b/pkgs/development/tools/build-managers/gradle/default.nix @@ -54,12 +54,12 @@ rec { gradle_latest = gradle_5_6; gradle_5_6 = gradleGen rec { - name = "gradle-5.6.1"; + name = "gradle-5.6.4"; nativeVersion = "0.18"; src = fetchurl { url = "http://services.gradle.org/distributions/${name}-bin.zip"; - sha256 = "04pccfcry5c59xwm6rr4r3baanwbfr5yrwhxv4r5v8z4414291h9"; + sha256 = "1f3067073041bc44554d0efe5d402a33bc3d3c93cc39ab684f308586d732a80d"; }; }; -- cgit 1.4.1 From 56a73dfb35f504e1251ca95db79f5e995676e65e Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Wed, 14 Mar 2018 05:25:55 +0100 Subject: shorewall: init at 5.2.3.3 nixos/shorewall: init --- nixos/modules/module-list.nix | 2 + nixos/modules/services/networking/shorewall.nix | 75 +++++++++++++ nixos/modules/services/networking/shorewall6.nix | 75 +++++++++++++ pkgs/tools/networking/shorewall/default.nix | 130 +++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 5 files changed, 284 insertions(+) create mode 100644 nixos/modules/services/networking/shorewall.nix create mode 100644 nixos/modules/services/networking/shorewall6.nix create mode 100644 pkgs/tools/networking/shorewall/default.nix (limited to 'pkgs') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 50e3078d977..f94703a881b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -662,6 +662,8 @@ ./services/networking/skydns.nix ./services/networking/shadowsocks.nix ./services/networking/shairport-sync.nix + ./services/networking/shorewall.nix + ./services/networking/shorewall6.nix ./services/networking/shout.nix ./services/networking/sniproxy.nix ./services/networking/smokeping.nix diff --git a/nixos/modules/services/networking/shorewall.nix b/nixos/modules/services/networking/shorewall.nix new file mode 100644 index 00000000000..0f94d414fcf --- /dev/null +++ b/nixos/modules/services/networking/shorewall.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: +let + types = lib.types; + cfg = config.services.shorewall; +in { + options = { + services.shorewall = { + enable = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable Shorewall IPv4 Firewall. + + + Enabling this service WILL disable the existing NixOS + firewall! Default firewall rules provided by packages are not + considered at the moment. + + + ''; + }; + package = lib.mkOption { + type = types.package; + default = pkgs.shorewall; + defaultText = "pkgs.shorewall"; + description = "The shorewall package to use."; + }; + configs = lib.mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + This option defines the Shorewall configs. + The attribute name defines the name of the config, + and the attribute value defines the content of the config. + ''; + apply = lib.mapAttrs (name: text: pkgs.writeText "${name}" text); + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.firewall.enable = false; + systemd.services.shorewall = { + description = "Shorewall IPv4 Firewall"; + after = [ "ipset.target" ]; + before = [ "network-pre.target" ]; + wants = [ "network-pre.target" ]; + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = lib.attrValues cfg.configs; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + ExecStart = "${cfg.package}/bin/shorewall start"; + ExecReload = "${cfg.package}/bin/shorewall reload"; + ExecStop = "${cfg.package}/bin/shorewall stop"; + }; + preStart = '' + install -D -d -m 750 /var/lib/shorewall + install -D -d -m 755 /var/lock/subsys + touch /var/log/shorewall.log + chown 750 /var/log/shorewall.log + ''; + }; + environment = { + etc = lib.mapAttrsToList + (name: file: + { source = file; + target = "shorewall/${name}"; + }) + cfg.configs; + systemPackages = [ cfg.package ]; + }; + }; +} diff --git a/nixos/modules/services/networking/shorewall6.nix b/nixos/modules/services/networking/shorewall6.nix new file mode 100644 index 00000000000..9c22a037c0b --- /dev/null +++ b/nixos/modules/services/networking/shorewall6.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: +let + types = lib.types; + cfg = config.services.shorewall6; +in { + options = { + services.shorewall6 = { + enable = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable Shorewall IPv6 Firewall. + + + Enabling this service WILL disable the existing NixOS + firewall! Default firewall rules provided by packages are not + considered at the moment. + + + ''; + }; + package = lib.mkOption { + type = types.package; + default = pkgs.shorewall; + defaultText = "pkgs.shorewall"; + description = "The shorewall package to use."; + }; + configs = lib.mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + This option defines the Shorewall configs. + The attribute name defines the name of the config, + and the attribute value defines the content of the config. + ''; + apply = lib.mapAttrs (name: text: pkgs.writeText "${name}" text); + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.firewall.enable = false; + systemd.services.shorewall6 = { + description = "Shorewall IPv6 Firewall"; + after = [ "ipset.target" ]; + before = [ "network-pre.target" ]; + wants = [ "network-pre.target" ]; + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = lib.attrValues cfg.configs; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + ExecStart = "${cfg.package}/bin/shorewall6 start"; + ExecReload = "${cfg.package}/bin/shorewall6 reload"; + ExecStop = "${cfg.package}/bin/shorewall6 stop"; + }; + preStart = '' + install -D -d -m 750 /var/lib/shorewall6 + install -D -d -m 755 /var/lock/subsys + touch /var/log/shorewall6.log + chown 750 /var/log/shorewall6.log + ''; + }; + environment = { + etc = lib.mapAttrsToList + (name: file: + { source = file; + target = "shorewall6/${name}"; + }) + cfg.configs; + systemPackages = [ cfg.package ]; + }; + }; +} diff --git a/pkgs/tools/networking/shorewall/default.nix b/pkgs/tools/networking/shorewall/default.nix new file mode 100644 index 00000000000..8e62aa735a4 --- /dev/null +++ b/pkgs/tools/networking/shorewall/default.nix @@ -0,0 +1,130 @@ +{ coreutils +, ebtables +, fetchurl +, gnugrep +, gnused +, iproute +, ipset +, iptables +, perl +, perlPackages +, stdenv +, tree +, utillinux +}: +let + PATH = stdenv.lib.concatStringsSep ":" + [ "${coreutils}/bin" + "${iproute}/bin" + "${iptables}/bin" + "${ipset}/bin" + "${ebtables}/bin" + "${utillinux}/bin" + "${gnugrep}/bin" + "${gnused}/bin" + ]; +in +stdenv.mkDerivation rec { + pname = "shorewall"; + version = "5.2.3.3"; + + srcs = [ + (fetchurl { + url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2"; + sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5"; + }) + (fetchurl { + url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2"; + sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b"; + }) + (fetchurl { + url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2"; + sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n"; + }) + ]; + sourceRoot = "."; + + buildInputs = [ + coreutils + iproute + ipset + iptables + ebtables + utillinux + gnugrep + gnused + perl + ] ++ (with perlPackages; [ + DigestSHA1 + ]); + prePatch = '' + # Patch configure and install.sh files + patchShebangs . + + # Remove hardcoded PATH + sed -i shorewall-core-${version}/lib.cli \ + -e '/^ *PATH=.*/d' + ''; + configurePhase = '' + shorewall-core-${version}/configure \ + HOST=linux \ + PREFIX=$out \ + CONFDIR=\$PREFIX/etc-example \ + SBINDIR=\$PREFIX/sbin \ + SYSCONFDIR= \ + SHAREDIR=\$PREFIX/share \ + LIBEXECDIR=\$SHAREDIR \ + PERLLIBDIR=\$SHAREDIR/shorewall \ + MANDIR=$out/man \ + VARLIB=/var/lib \ + INITSOURCE= \ + INITDIR= \ + INITFILE= \ + DEFAULT_PAGER= + ''; + installPhase = '' + export DESTDIR=/ + shorewall-core-${version}/install.sh + + ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/ + shorewall-${version}/install.sh + + ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/ + shorewall6-${version}/install.sh + + # Patch the example shorewall{,6}.conf in case it is included + # in services.shorewall{,6}.configs + sed -i $out/etc-example/shorewall/shorewall.conf \ + $out/etc-example/shorewall6/shorewall6.conf \ + -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \ + -e 's|^PATH=.*|PATH=${PATH}|' \ + -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \ + -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|' + sed -i $out/etc-example/shorewall6/shorewall6.conf \ + -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|' + # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention. + + # Redirect CONFDIR to /etc where services.shorewall{,6}.configs + # will generate the config files. + sed -i $out/share/shorewall/shorewallrc \ + -e 's~^CONFDIR=.*~CONFDIR=/etc~' + ''; + + meta = { + homepage = http://www.shorewall.net/; + description = "An IP gateway/firewall configuration tool for GNU/Linux"; + longDescription = '' + Shorewall is a high-level tool for configuring Netfilter. You describe your + firewall/gateway requirements using entries in a set of configuration + files. Shorewall reads those configuration files and with the help of the + iptables, iptables-restore, ip and tc utilities, Shorewall configures + Netfilter and the Linux networking subsystem to match your requirements. + Shorewall can be used on a dedicated firewall system, a multi-function + gateway/router/server or on a standalone GNU/Linux system. Shorewall does + not use Netfilter's ipchains compatibility mode and can thus take + advantage of Netfilter's connection state tracking capabilities. + ''; + license = stdenv.lib.licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fecf53c3f4d..b4bb3f36471 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5831,6 +5831,8 @@ in shocco = callPackage ../tools/text/shocco { }; + shorewall = callPackage ../tools/networking/shorewall { }; + shotwell = callPackage ../applications/graphics/shotwell { }; shout = nodePackages.shout; -- cgit 1.4.1 From a36e54de9deb15a16bd1caa6371983d4dae4d2c1 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Mon, 30 Dec 2019 15:13:16 -0300 Subject: Bochs: quote homepage URL in order to suit the new standards --- pkgs/applications/virtualization/bochs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs') diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix index 48ff2d3cf49..f6e202ac499 100644 --- a/pkgs/applications/virtualization/bochs/default.nix +++ b/pkgs/applications/virtualization/bochs/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { patches = [ ./bochs-2.6.10-glibc-2.26.patch ]; - buildInputs = with stdenv.lib; + buildInputs = [ pkgconfig libtool gtk2 libGLU libGL readline libX11 libXpm docbook_xml_dtd_45 docbook_xsl ] ++ optionals termSupport [ ncurses ] ++ optionals sdlSupport [ SDL2 ] @@ -118,7 +118,7 @@ stdenv.mkDerivation rec { in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS. ''; - homepage = http://bochs.sourceforge.net/; + homepage = "http://bochs.sourceforge.net/"; license = licenses.lgpl2Plus; maintainers = with maintainers; [ AndersonTorres ]; platforms = platforms.unix; -- cgit 1.4.1