movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2021-04-01 12:06:32 +00:00 committed by GitHub
commit 85e9b4acf4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
123 changed files with 2570 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2105.xml
View file

@ -244,7 +244,7 @@
</listitem>
<listitem>
<para>
xfsprogs was update from 4.19 to 5.10. It now enables reflink support by default on filesystem creation.
xfsprogs was update from 4.19 to 5.11. It now enables reflink support by default on filesystem creation.
Support for reflinks was added with an experimental status to kernel 4.9 and deemed stable in kernel 4.16.
If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than those, you need to format them
with <literal>mkfs.xfs -m reflink=0</literal>.

1
nixos/modules/module-list.nix
View file

@ -515,6 +515,7 @@
./services/misc/nzbget.nix
./services/misc/nzbhydra2.nix
./services/misc/octoprint.nix
./services/misc/ombi.nix
./services/misc/osrm.nix
./services/misc/packagekit.nix
./services/misc/paperless.nix

80
nixos/modules/services/misc/ombi.nix Normal file
View file

@ -0,0 +1,80 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.ombi;
in {
options = {
services.ombi = {
enable = mkEnableOption ''
Ombi.
Optionally see <link xlink:href="https://docs.ombi.app/info/reverse-proxy"/>
on how to set up a reverse proxy
'';
dataDir = mkOption {
type = types.str;
default = "/var/lib/ombi";
description = "The directory where Ombi stores its data files.";
};
port = mkOption {
type = types.port;
default = 5000;
description = "The port for the Ombi web interface.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for the Ombi web interface.";
};
user = mkOption {
type = types.str;
default = "ombi";
description = "User account under which Ombi runs.";
};
group = mkOption {
type = types.str;
default = "ombi";
description = "Group under which Ombi runs.";
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.services.ombi = {
description = "Ombi";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.ombi}/bin/Ombi --storage '${cfg.dataDir}' --host 'http://*:${toString cfg.port}'";
Restart = "on-failure";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
users.users = mkIf (cfg.user == "ombi") {
ombi = {
group = cfg.group;
home = cfg.dataDir;
};
};
users.groups = mkIf (cfg.group == "ombi") { ombi = { }; };
};
}

19
nixos/modules/services/monitoring/netdata.nix
View file

@ -123,9 +123,20 @@ in {
"error log" = "syslog";
};
'';
};
};
enableAnalyticsReporting = mkOption {
type = types.bool;
default = false;
description = ''
Enable reporting of anonymous usage statistics to Netdata Inc. via either
Google Analytics (in versions prior to 1.29.4), or Netdata Inc.'s
self-hosted PostHog (in versions 1.29.4 and later).
See: <link xlink:href="https://learn.netdata.cloud/docs/agent/anonymous-statistics"/>
'';
};
};
};
config = mkIf cfg.enable {
assertions =
@ -140,8 +151,12 @@ in {
wantedBy = [ "multi-user.target" ];
path = (with pkgs; [ curl gawk which ]) ++ lib.optional cfg.python.enable
(pkgs.python3.withPackages cfg.python.extraPackages);
environment = {
PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules";
} // lib.optionalAttrs (!cfg.enableAnalyticsReporting) {
DO_NOT_TRACK = "1";
};
serviceConfig = {
Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
ExecReload = "${pkgs.util-linux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
TimeoutStopSec = 60;

27
nixos/modules/services/security/privacyidea.nix
View file

@ -57,6 +57,26 @@ in
services.privacyidea = {
enable = mkEnableOption "PrivacyIDEA";
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/root/privacyidea.env";
description = ''
File to load as environment file. Environment variables
from this file will be interpolated into the config file
using <package>envsubst</package> which is helpful for specifying
secrets:
<programlisting>
{ <xref linkend="opt-services.privacyidea.secretKey" /> = "$SECRET"; }
</programlisting>
The environment-file can now specify the actual secret key:
<programlisting>
SECRET=veryverytopsecret
</programlisting>
'';
};
stateDir = mkOption {
type = types.str;
default = "/var/lib/privacyidea";
@ -206,7 +226,7 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
path = with pkgs; [ openssl ];
environment.PRIVACYIDEA_CONFIGFILE = piCfgFile;
environment.PRIVACYIDEA_CONFIGFILE = "${cfg.stateDir}/privacyidea.cfg";
preStart = let
pi-manage = "${pkgs.sudo}/bin/sudo -u privacyidea -HE ${penv}/bin/pi-manage";
pgsu = config.services.postgresql.superUser;
@ -214,6 +234,10 @@ in
in ''
mkdir -p ${cfg.stateDir} /run/privacyidea
chown ${cfg.user}:${cfg.group} -R ${cfg.stateDir} /run/privacyidea
umask 077
${lib.getBin pkgs.envsubst}/bin/envsubst -o ${cfg.stateDir}/privacyidea.cfg \
-i "${piCfgFile}"
chown ${cfg.user}:${cfg.group} ${cfg.stateDir}/privacyidea.cfg
if ! test -e "${cfg.stateDir}/db-created"; then
${pkgs.sudo}/bin/sudo -u ${pgsu} ${psql}/bin/createuser --no-superuser --no-createdb --no-createrole ${cfg.user}
${pkgs.sudo}/bin/sudo -u ${pgsu} ${psql}/bin/createdb --owner ${cfg.user} privacyidea
@ -231,6 +255,7 @@ in
Type = "notify";
ExecStart = "${uwsgi}/bin/uwsgi --json ${piuwsgi}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
NotifyAccess = "main";
KillSignal = "SIGQUIT";

1
nixos/tests/all-tests.nix
View file

@ -290,6 +290,7 @@ in
nzbget = handleTest ./nzbget.nix {};
nzbhydra2 = handleTest ./nzbhydra2.nix {};
oh-my-zsh = handleTest ./oh-my-zsh.nix {};
ombi = handleTest ./ombi.nix {};
openarena = handleTest ./openarena.nix {};
openldap = handleTest ./openldap.nix {};
opensmtpd = handleTest ./opensmtpd.nix {};

18
nixos/tests/ombi.nix Normal file
View file

@ -0,0 +1,18 @@
import ./make-test-python.nix ({ lib, ... }:
with lib;
{
name = "ombi";
meta.maintainers = with maintainers; [ woky ];
nodes.machine =
{ pkgs, ... }:
{ services.ombi.enable = true; };
testScript = ''
machine.wait_for_unit("ombi.service")
machine.wait_for_open_port("5000")
machine.succeed("curl --fail http://localhost:5000/")
'';
})

12
nixos/tests/privacyidea.nix
View file

@ -12,10 +12,16 @@ import ./make-test-python.nix ({ pkgs, ...} : rec {
services.privacyidea = {
enable = true;
secretKey = "testing";
pepper = "testing";
secretKey = "$SECRET_KEY";
pepper = "$PEPPER";
adminPasswordFile = pkgs.writeText "admin-password" "testing";
adminEmail = "root@localhost";
# Don't try this at home!
environmentFile = pkgs.writeText "pi-secrets.env" ''
SECRET_KEY=testing
PEPPER=testing
'';
};
services.nginx = {
enable = true;
@ -29,6 +35,8 @@ import ./make-test-python.nix ({ pkgs, ...} : rec {
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("curl --fail http://localhost | grep privacyIDEA")
machine.succeed("grep \"SECRET_KEY = 'testing'\" /var/lib/privacyidea/privacyidea.cfg")
machine.succeed("grep \"PI_PEPPER = 'testing'\" /var/lib/privacyidea/privacyidea.cfg")
machine.succeed(
"curl --fail http://localhost/auth -F username=admin -F password=testing | grep token"
)