mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-19 16:40:32 +03:00
Merge branch 'staging-next' into staging
Conflicts (simple): nixos/doc/manual/release-notes/rl-1909.xml
This commit is contained in:
commit
ee86a325dd
392 changed files with 11536 additions and 4972 deletions
|
@ -21,6 +21,15 @@ let
|
|||
and scalable concurrency support.
|
||||
'';
|
||||
};
|
||||
|
||||
"scudo" = {
|
||||
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
|
||||
description = ''
|
||||
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
||||
which aims at providing additional mitigations against heap based
|
||||
vulnerabilities, while maintaining good performance.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
providerConf = providers."${cfg.provider}";
|
||||
|
@ -82,5 +91,7 @@ in
|
|||
|
||||
config = mkIf (cfg.provider != "libc") {
|
||||
environment.variables.LD_PRELOAD = providerLibPath;
|
||||
systemd.extraConfig = "DefaultEnvironment=\"LD_PRELOAD=${providerLibPath}\"";
|
||||
systemd.user.extraConfig = "DefaultEnvironment=\"LD_PRELOAD=${providerLibPath}\"";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -95,6 +95,7 @@
|
|||
./programs/ccache.nix
|
||||
./programs/cdemu.nix
|
||||
./programs/chromium.nix
|
||||
./programs/clickshare.nix
|
||||
./programs/command-not-found/command-not-found.nix
|
||||
./programs/criu.nix
|
||||
./programs/dconf.nix
|
||||
|
@ -762,6 +763,7 @@
|
|||
./services/web-apps/frab.nix
|
||||
./services/web-apps/icingaweb2/icingaweb2.nix
|
||||
./services/web-apps/icingaweb2/module-monitoring.nix
|
||||
./services/web-apps/limesurvey.nix
|
||||
./services/web-apps/mattermost.nix
|
||||
./services/web-apps/miniflux.nix
|
||||
./services/web-apps/nextcloud.nix
|
||||
|
|
21
nixos/modules/programs/clickshare.nix
Normal file
21
nixos/modules/programs/clickshare.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
options.programs.clickshare-csc1.enable =
|
||||
lib.options.mkEnableOption ''
|
||||
Barco ClickShare CSC-1 driver/client.
|
||||
This allows users in the <literal>clickshare</literal>
|
||||
group to access and use a ClickShare USB dongle
|
||||
that is connected to the machine
|
||||
'';
|
||||
|
||||
config = lib.modules.mkIf config.programs.clickshare-csc1.enable {
|
||||
environment.systemPackages = [ pkgs.clickshare-csc1 ];
|
||||
services.udev.packages = [ pkgs.clickshare-csc1 ];
|
||||
users.groups.clickshare = {};
|
||||
};
|
||||
|
||||
meta.maintainers = [ lib.maintainers.yarny ];
|
||||
|
||||
}
|
|
@ -177,7 +177,7 @@ in {
|
|||
systemPackages = [ pkgs.tmux ];
|
||||
|
||||
variables = {
|
||||
TMUX_TMPDIR = lib.optional cfg.secureSocket ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}'';
|
||||
TMUX_TMPDIR = lib.optional cfg.secureSocket ''''${XDG_RUNTIME_DIR:-"/run/user/$(id -u)"}'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -113,9 +113,10 @@ with lib;
|
|||
|
||||
# murmur
|
||||
(mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
|
||||
(mkRemovedOptionModule [ "services" "murmur" "pidfile" ] "Hardcoded to /run/murmur/murmurd.pid now")
|
||||
|
||||
# parsoid
|
||||
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
|
||||
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] "Use services.parsoid.wikis instead")
|
||||
|
||||
# plexpy / tautulli
|
||||
(mkRenamedOptionModule [ "services" "plexpy" ] [ "services" "tautulli" ])
|
||||
|
@ -211,6 +212,7 @@ with lib;
|
|||
(mkRemovedOptionModule [ "services" "logstash" "enableWeb" ] "The web interface was removed from logstash")
|
||||
(mkRemovedOptionModule [ "boot" "zfs" "enableLegacyCrypto" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
|
||||
|
||||
# ZSH
|
||||
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
|
||||
|
|
|
@ -18,16 +18,12 @@ let
|
|||
in (pName mysql == pName pkgs.mysql57)
|
||||
&& ((builtins.compareVersions mysql.version "5.7") >= 0);
|
||||
|
||||
pidFile = "${cfg.pidDir}/mysqld.pid";
|
||||
|
||||
mysqldAndInstallOptions =
|
||||
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";
|
||||
mysqldOptions =
|
||||
"${mysqldAndInstallOptions} --pid-file=${pidFile}";
|
||||
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";
|
||||
# For MySQL 5.7+, --insecure creates the root user without password
|
||||
# (earlier versions and MariaDB do this by default).
|
||||
installOptions =
|
||||
"${mysqldAndInstallOptions} ${lib.optionalString isMysqlAtLeast57 "--insecure"}";
|
||||
"${mysqldOptions} ${lib.optionalString isMysqlAtLeast57 "--insecure"}";
|
||||
|
||||
in
|
||||
|
||||
|
@ -80,11 +76,6 @@ in
|
|||
description = "Location where MySQL stores its table files";
|
||||
};
|
||||
|
||||
pidDir = mkOption {
|
||||
default = "/run/mysqld";
|
||||
description = "Location of the file which stores the PID of the MySQL server";
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
@ -296,6 +287,10 @@ in
|
|||
${cfg.extraOptions}
|
||||
'';
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql -"
|
||||
];
|
||||
|
||||
systemd.services.mysql = let
|
||||
hasNotify = (cfg.package == pkgs.mariadb);
|
||||
in {
|
||||
|
@ -313,70 +308,69 @@ in
|
|||
pkgs.nettools
|
||||
];
|
||||
|
||||
preStart =
|
||||
''
|
||||
if ! test -e ${cfg.dataDir}/mysql; then
|
||||
mkdir -m 0700 -p ${cfg.dataDir}
|
||||
chown -R ${cfg.user} ${cfg.dataDir}
|
||||
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${installOptions}
|
||||
touch /tmp/mysql_init
|
||||
fi
|
||||
|
||||
mkdir -m 0755 -p ${cfg.pidDir}
|
||||
chown -R ${cfg.user} ${cfg.pidDir}
|
||||
'';
|
||||
preStart = ''
|
||||
if ! test -e ${cfg.dataDir}/mysql; then
|
||||
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${installOptions}
|
||||
touch /tmp/mysql_init
|
||||
fi
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = "mysql";
|
||||
Type = if hasNotify then "notify" else "simple";
|
||||
RuntimeDirectory = "mysqld";
|
||||
RuntimeDirectoryMode = "0755";
|
||||
# The last two environment variables are used for starting Galera clusters
|
||||
ExecStart = "${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION";
|
||||
};
|
||||
|
||||
postStart = ''
|
||||
${lib.optionalString (!hasNotify) ''
|
||||
# Wait until the MySQL server is available for use
|
||||
count=0
|
||||
while [ ! -e /run/mysqld/mysqld.sock ]
|
||||
do
|
||||
if [ $count -eq 30 ]
|
||||
then
|
||||
echo "Tried 30 times, giving up..."
|
||||
exit 1
|
||||
fi
|
||||
postStart =
|
||||
let
|
||||
cmdWatchForMysqlSocket = ''
|
||||
# Wait until the MySQL server is available for use
|
||||
count=0
|
||||
while [ ! -e /run/mysqld/mysqld.sock ]
|
||||
do
|
||||
if [ $count -eq 30 ]
|
||||
then
|
||||
echo "Tried 30 times, giving up..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "MySQL daemon not yet started. Waiting for 1 second..."
|
||||
count=$((count++))
|
||||
sleep 1
|
||||
done
|
||||
''}
|
||||
echo "MySQL daemon not yet started. Waiting for 1 second..."
|
||||
count=$((count++))
|
||||
sleep 1
|
||||
done
|
||||
'';
|
||||
cmdInitialDatabases = concatMapStrings (database: ''
|
||||
# Create initial databases
|
||||
if ! test -e "${cfg.dataDir}/${database.name}"; then
|
||||
echo "Creating initial database: ${database.name}"
|
||||
( echo 'create database `${database.name}`;'
|
||||
|
||||
${optionalString (database.schema != null) ''
|
||||
echo 'use `${database.name}`;'
|
||||
|
||||
# TODO: this silently falls through if database.schema does not exist,
|
||||
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
|
||||
if [ -f "${database.schema}" ]
|
||||
then
|
||||
cat ${database.schema}
|
||||
elif [ -d "${database.schema}" ]
|
||||
then
|
||||
cat ${database.schema}/mysql-databases/*.sql
|
||||
fi
|
||||
''}
|
||||
) | ${mysql}/bin/mysql -u root -N
|
||||
fi
|
||||
'') cfg.initialDatabases;
|
||||
in
|
||||
|
||||
lib.optionalString (!hasNotify) cmdWatchForMysqlSocket + ''
|
||||
if [ -f /tmp/mysql_init ]
|
||||
then
|
||||
${concatMapStrings (database:
|
||||
''
|
||||
# Create initial databases
|
||||
if ! test -e "${cfg.dataDir}/${database.name}"; then
|
||||
echo "Creating initial database: ${database.name}"
|
||||
( echo 'create database `${database.name}`;'
|
||||
|
||||
${optionalString (database.schema != null) ''
|
||||
echo 'use `${database.name}`;'
|
||||
|
||||
# TODO: this silently falls through if database.schema does not exist,
|
||||
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
|
||||
if [ -f "${database.schema}" ]
|
||||
then
|
||||
cat ${database.schema}
|
||||
elif [ -d "${database.schema}" ]
|
||||
then
|
||||
cat ${database.schema}/mysql-databases/*.sql
|
||||
fi
|
||||
''}
|
||||
) | ${mysql}/bin/mysql -u root -N
|
||||
fi
|
||||
'') cfg.initialDatabases}
|
||||
|
||||
${cmdInitialDatabases}
|
||||
${optionalString (cfg.replication.role == "master")
|
||||
''
|
||||
# Set up the replication master
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
cfg = config.services.octoprint;
|
||||
|
||||
baseConfig = {
|
||||
plugins.cura.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine";
|
||||
plugins.curalegacy.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine";
|
||||
server.host = cfg.host;
|
||||
server.port = cfg.port;
|
||||
webcam.ffmpeg = "${pkgs.ffmpeg.bin}/bin/ffmpeg";
|
||||
|
|
|
@ -28,7 +28,7 @@ in
|
|||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
|
||||
${pkgs.prometheus-fritzbox-exporter}/bin/exporter \
|
||||
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
-gateway-address ${cfg.gatewayAddress} \
|
||||
-gateway-port ${toString cfg.gatewayPort} \
|
||||
|
|
|
@ -4,6 +4,7 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.murmur;
|
||||
forking = cfg.logFile != null;
|
||||
configFile = pkgs.writeText "murmurd.ini" ''
|
||||
database=/var/lib/murmur/murmur.sqlite
|
||||
dbDriver=QSQLITE
|
||||
|
@ -12,8 +13,8 @@ let
|
|||
autobanTimeframe=${toString cfg.autobanTimeframe}
|
||||
autobanTime=${toString cfg.autobanTime}
|
||||
|
||||
logfile=/var/log/murmur/murmurd.log
|
||||
pidfile=${cfg.pidfile}
|
||||
logfile=${optionalString (cfg.logFile != null) cfg.logFile}
|
||||
${optionalString forking "pidfile=/run/murmur/murmurd.pid"}
|
||||
|
||||
welcometext="${cfg.welcometext}"
|
||||
port=${toString cfg.port}
|
||||
|
@ -78,10 +79,11 @@ in
|
|||
description = "The amount of time an IP ban lasts (in seconds).";
|
||||
};
|
||||
|
||||
pidfile = mkOption {
|
||||
type = types.path;
|
||||
default = "/run/murmur/murmurd.pid";
|
||||
description = "Path to PID file for Murmur daemon.";
|
||||
logFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/log/murmur/murmurd.log";
|
||||
description = "Path to the log file for Murmur daemon. Empty means log to journald.";
|
||||
};
|
||||
|
||||
welcometext = mkOption {
|
||||
|
@ -251,19 +253,13 @@ in
|
|||
after = [ "network-online.target "];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
RuntimeDirectory = "murmur";
|
||||
PIDFile = cfg.pidfile;
|
||||
Restart = "always";
|
||||
# murmurd doesn't fork when logging to the console.
|
||||
Type = if forking then "forking" else "simple";
|
||||
PIDFile = mkIf forking "/run/murmur/murmurd.pid";
|
||||
RuntimeDirectory = mkIf forking "murmur";
|
||||
User = "murmur";
|
||||
ExecStart = "${pkgs.murmur}/bin/murmurd -ini ${configFile}";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
mkdir -p /var/log/murmur
|
||||
chown -R murmur /var/log/murmur
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -477,6 +477,10 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
systemd.services.NetworkManager-wait-online = {
|
||||
wantedBy = [ "network-online.target" ];
|
||||
};
|
||||
|
||||
systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled {
|
||||
wantedBy = [ "NetworkManager.service" ];
|
||||
before = [ "NetworkManager.service" ];
|
||||
|
|
|
@ -426,7 +426,9 @@ in {
|
|||
'';
|
||||
};
|
||||
};
|
||||
syncthing-init = {
|
||||
syncthing-init = mkIf (
|
||||
cfg.declarative.devices != {} || cfg.declarative.folders != {}
|
||||
) {
|
||||
after = [ "syncthing.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
|
|
@ -229,8 +229,61 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
generatePeerUnit = { interfaceName, interfaceCfg, peer }:
|
||||
let
|
||||
keyToUnitName = replaceChars
|
||||
[ "/" "-" " " "+" "=" ]
|
||||
[ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ];
|
||||
unitName = keyToUnitName peer.publicKey;
|
||||
psk =
|
||||
if peer.presharedKey != null
|
||||
then pkgs.writeText "wg-psk" peer.presharedKey
|
||||
else peer.presharedKeyFile;
|
||||
in nameValuePair "wireguard-${interfaceName}-peer-${unitName}"
|
||||
{
|
||||
description = "WireGuard Peer - ${interfaceName} - ${peer.publicKey}";
|
||||
requires = [ "wireguard-${interfaceName}.service" ];
|
||||
after = [ "wireguard-${interfaceName}.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment.DEVICE = interfaceName;
|
||||
environment.WG_ENDPOINT_RESOLUTION_RETRIES = "infinity";
|
||||
path = with pkgs; [ iproute wireguard-tools ];
|
||||
|
||||
generateSetupServiceUnit = name: values:
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
script = let
|
||||
wg_setup = "wg set ${interfaceName} peer ${peer.publicKey}" +
|
||||
optionalString (psk != null) " preshared-key ${psk}" +
|
||||
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
|
||||
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
|
||||
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}";
|
||||
route_setup =
|
||||
optionalString (interfaceCfg.allowedIPsAsRoutes != false)
|
||||
(concatMapStringsSep "\n"
|
||||
(allowedIP:
|
||||
"ip route replace ${allowedIP} dev ${interfaceName} table ${interfaceCfg.table}"
|
||||
) peer.allowedIPs);
|
||||
in ''
|
||||
${wg_setup}
|
||||
${route_setup}
|
||||
'';
|
||||
|
||||
postStop = let
|
||||
route_destroy = optionalString (interfaceCfg.allowedIPsAsRoutes != false)
|
||||
(concatMapStringsSep "\n"
|
||||
(allowedIP:
|
||||
"ip route delete ${allowedIP} dev ${interfaceName} table ${interfaceCfg.table}"
|
||||
) peer.allowedIPs);
|
||||
in ''
|
||||
wg set ${interfaceName} peer ${peer.publicKey} remove
|
||||
${route_destroy}
|
||||
'';
|
||||
};
|
||||
|
||||
generateInterfaceUnit = name: values:
|
||||
# exactly one way to specify the private key must be set
|
||||
#assert (values.privateKey != null) != (values.privateKeyFile != null);
|
||||
let privKey = if values.privateKeyFile != null then values.privateKeyFile else pkgs.writeText "wg-key" values.privateKey;
|
||||
|
@ -245,9 +298,7 @@ let
|
|||
path = with pkgs; [ kmod iproute wireguard-tools ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
|
@ -265,25 +316,8 @@ let
|
|||
wg set ${name} private-key ${privKey} ${
|
||||
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}"}
|
||||
|
||||
${concatMapStringsSep "\n" (peer:
|
||||
assert (peer.presharedKeyFile == null) || (peer.presharedKey == null); # at most one of the two must be set
|
||||
let psk = if peer.presharedKey != null then pkgs.writeText "wg-psk" peer.presharedKey else peer.presharedKeyFile;
|
||||
in
|
||||
"wg set ${name} peer ${peer.publicKey}" +
|
||||
optionalString (psk != null) " preshared-key ${psk}" +
|
||||
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
|
||||
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
|
||||
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}"
|
||||
) values.peers}
|
||||
|
||||
ip link set up dev ${name}
|
||||
|
||||
${optionalString (values.allowedIPsAsRoutes != false) (concatStringsSep "\n" (concatMap (peer:
|
||||
(map (allowedIP:
|
||||
"ip route replace ${allowedIP} dev ${name} table ${values.table}"
|
||||
) peer.allowedIPs)
|
||||
) values.peers))}
|
||||
|
||||
${values.postSetup}
|
||||
'';
|
||||
|
||||
|
@ -335,7 +369,12 @@ in
|
|||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = mkIf cfg.enable (let
|
||||
all_peers = flatten
|
||||
(mapAttrsToList (interfaceName: interfaceCfg:
|
||||
map (peer: { inherit interfaceName interfaceCfg peer;}) interfaceCfg.peers
|
||||
) cfg.interfaces);
|
||||
in {
|
||||
|
||||
assertions = (attrValues (
|
||||
mapAttrs (name: value: {
|
||||
|
@ -346,19 +385,24 @@ in
|
|||
mapAttrs (name: value: {
|
||||
assertion = value.generatePrivateKeyFile -> (value.privateKey == null);
|
||||
message = "networking.wireguard.interfaces.${name}.generatePrivateKey must not be set if networking.wireguard.interfaces.${name}.privateKey is set.";
|
||||
}) cfg.interfaces));
|
||||
|
||||
}) cfg.interfaces))
|
||||
++ map ({ interfaceName, peer, ... }: {
|
||||
assertion = (peer.presharedKey == null) || (peer.presharedKeyFile == null);
|
||||
message = "networking.wireguard.interfaces.${interfaceName} peer «${peer.publicKey}» has both presharedKey and presharedKeyFile set, but only one can be used.";
|
||||
}) all_peers;
|
||||
|
||||
boot.extraModulePackages = [ kernel.wireguard ];
|
||||
environment.systemPackages = [ pkgs.wireguard-tools ];
|
||||
|
||||
systemd.services = (mapAttrs' generateSetupServiceUnit cfg.interfaces)
|
||||
systemd.services =
|
||||
(mapAttrs' generateInterfaceUnit cfg.interfaces)
|
||||
// (listToAttrs (map generatePeerUnit all_peers))
|
||||
// (mapAttrs' generateKeyServiceUnit
|
||||
(filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces));
|
||||
|
||||
systemd.paths = mapAttrs' generatePathUnit
|
||||
(filterAttrs (name: value: value.privateKeyFile != null) cfg.interfaces);
|
||||
|
||||
};
|
||||
});
|
||||
|
||||
}
|
||||
|
|
|
@ -60,6 +60,8 @@ let
|
|||
|
||||
TempDir ${cfg.tempDir}
|
||||
|
||||
SetEnv PATH /var/lib/cups/path/lib/cups/filter:/var/lib/cups/path/bin
|
||||
|
||||
# User and group used to run external programs, including
|
||||
# those that actually send the job to the printer. Note that
|
||||
# Udev sets the group of printer devices to `lp', so we want
|
||||
|
@ -76,8 +78,6 @@ let
|
|||
'') cfg.listenAddresses}
|
||||
Listen /run/cups/cups.sock
|
||||
|
||||
SetEnv PATH /var/lib/cups/path/lib/cups/filter:/var/lib/cups/path/bin
|
||||
|
||||
DefaultShared ${if cfg.defaultShared then "Yes" else "No"}
|
||||
|
||||
Browsing ${if cfg.browsing then "Yes" else "No"}
|
||||
|
|
288
nixos/modules/services/web-apps/limesurvey.nix
Normal file
288
nixos/modules/services/web-apps/limesurvey.nix
Normal file
|
@ -0,0 +1,288 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption;
|
||||
inherit (lib) mapAttrs optional optionalString types;
|
||||
|
||||
cfg = config.services.limesurvey;
|
||||
|
||||
user = "limesurvey";
|
||||
group = config.services.httpd.group;
|
||||
stateDir = "/var/lib/limesurvey";
|
||||
|
||||
php = pkgs.php;
|
||||
pkg = pkgs.limesurvey;
|
||||
|
||||
configType = with types; either (either (attrsOf configType) str) (either int bool) // {
|
||||
description = "limesurvey config type (str, int, bool or attribute set thereof)";
|
||||
};
|
||||
|
||||
limesurveyConfig = pkgs.writeText "config.php" ''
|
||||
<?php
|
||||
return json_decode('${builtins.toJSON cfg.config}', true);
|
||||
?>
|
||||
'';
|
||||
|
||||
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
|
||||
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
|
||||
|
||||
in
|
||||
{
|
||||
# interface
|
||||
|
||||
options.services.limesurvey = {
|
||||
enable = mkEnableOption "Limesurvey web application.";
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = types.enum [ "mysql" "pgsql" "odbc" "mssql" ];
|
||||
example = "pgsql";
|
||||
default = "mysql";
|
||||
description = "Database engine to use.";
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = if cfg.database.type == "pgsql" then 5442 else 3306;
|
||||
defaultText = "3306";
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "limesurvey";
|
||||
description = "Database name.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "limesurvey";
|
||||
description = "Database user.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/limesurvey-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>database.user</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default =
|
||||
if mysqlLocal then "/run/mysqld/mysqld.sock"
|
||||
else if pgsqlLocal then "/run/postgresql"
|
||||
else null
|
||||
;
|
||||
defaultText = "/run/mysqld/mysqld.sock";
|
||||
description = "Path to the unix socket file to use for authentication.";
|
||||
};
|
||||
|
||||
createLocally = mkOption {
|
||||
type = types.bool;
|
||||
default = cfg.database.type == "mysql";
|
||||
defaultText = "true";
|
||||
description = ''
|
||||
Create the database and database user locally.
|
||||
This currently only applies if database type "mysql" is selected.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHost = mkOption {
|
||||
type = types.submodule ({
|
||||
options = import ../web-servers/apache-httpd/per-server-options.nix {
|
||||
inherit lib;
|
||||
forMainServer = false;
|
||||
};
|
||||
});
|
||||
example = {
|
||||
hostName = "survey.example.org";
|
||||
enableSSL = true;
|
||||
adminAddr = "webmaster@example.org";
|
||||
sslServerCert = "/var/lib/acme/survey.example.org/full.pem";
|
||||
sslServerKey = "/var/lib/acme/survey.example.org/key.pem";
|
||||
};
|
||||
description = ''
|
||||
Apache configuration can be done by adapting <literal>services.httpd.virtualHosts.<name></literal>.
|
||||
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
|
||||
'';
|
||||
};
|
||||
|
||||
poolConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = ''
|
||||
pm = dynamic
|
||||
pm.max_children = 32
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 2
|
||||
pm.max_spare_servers = 4
|
||||
pm.max_requests = 500
|
||||
'';
|
||||
description = ''
|
||||
Options for LimeSurvey's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
|
||||
'';
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = configType;
|
||||
default = {};
|
||||
description = ''
|
||||
LimeSurvey configuration. Refer to
|
||||
<link xlink:href="https://manual.limesurvey.org/Optional_settings"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.type == "mysql";
|
||||
message = "services.limesurvey.createLocally is currently only supported for database type 'mysql'";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
|
||||
message = "services.limesurvey.database.user must be set to ${user} if services.limesurvey.database.createLocally is set true";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.socket != null;
|
||||
message = "services.limesurvey.database.socket must be set if services.limesurvey.database.createLocally is set to true";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
|
||||
message = "a password cannot be specified if services.limesurvey.database.createLocally is set to true";
|
||||
}
|
||||
];
|
||||
|
||||
services.limesurvey.config = mapAttrs (name: mkDefault) {
|
||||
runtimePath = "${stateDir}/tmp/runtime";
|
||||
components = {
|
||||
db = {
|
||||
connectionString = "${cfg.database.type}:dbname=${cfg.database.name};host=${if pgsqlLocal then cfg.database.socket else cfg.database.host};port=${toString cfg.database.port}" +
|
||||
optionalString mysqlLocal ";socket=${cfg.database.socket}";
|
||||
username = cfg.database.user;
|
||||
password = mkIf (cfg.database.passwordFile != null) "file_get_contents(\"${toString cfg.database.passwordFile}\");";
|
||||
tablePrefix = "limesurvey_";
|
||||
};
|
||||
assetManager.basePath = "${stateDir}/tmp/assets";
|
||||
urlManager = {
|
||||
urlFormat = "path";
|
||||
showScriptName = false;
|
||||
};
|
||||
};
|
||||
config = {
|
||||
tempdir = "${stateDir}/tmp";
|
||||
uploaddir = "${stateDir}/upload";
|
||||
force_ssl = mkIf cfg.virtualHost.enableSSL "on";
|
||||
config.defaultlang = "en";
|
||||
};
|
||||
};
|
||||
|
||||
services.mysql = mkIf mysqlLocal {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.mariadb;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = {
|
||||
"${cfg.database.name}.*" = "SELECT, CREATE, INSERT, UPDATE, DELETE, ALTER, DROP, INDEX";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.phpfpm.pools.limesurvey = {
|
||||
phpPackage = php;
|
||||
listen = "/run/phpfpm/limesurvey.sock";
|
||||
extraConfig = ''
|
||||
listen.owner = ${config.services.httpd.user};
|
||||
listen.group = ${config.services.httpd.group};
|
||||
user = ${user};
|
||||
group = ${group};
|
||||
|
||||
env[LIMESURVEY_CONFIG] = ${limesurveyConfig}
|
||||
|
||||
${cfg.poolConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
services.httpd = {
|
||||
enable = true;
|
||||
adminAddr = mkDefault cfg.virtualHost.adminAddr;
|
||||
extraModules = [ "proxy_fcgi" ];
|
||||
virtualHosts = [
|
||||
(cfg.virtualHost // {
|
||||
documentRoot = mkForce "${pkg}/share/limesurvey";
|
||||
extraConfig = ''
|
||||
Alias "/tmp" "${stateDir}/tmp"
|
||||
<Directory "${stateDir}">
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Options -Indexes +FollowSymlinks
|
||||
</Directory>
|
||||
|
||||
Alias "/upload" "${stateDir}/upload"
|
||||
<Directory "${stateDir}/upload">
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Options -Indexes
|
||||
</Directory>
|
||||
|
||||
<Directory "${pkg}/share/limesurvey">
|
||||
<FilesMatch "\.php$">
|
||||
<If "-f %{REQUEST_FILENAME}">
|
||||
SetHandler "proxy:unix:/run/phpfpm/limesurvey.sock|fcgi://localhost/"
|
||||
</If>
|
||||
</FilesMatch>
|
||||
|
||||
AllowOverride all
|
||||
Options -Indexes
|
||||
DirectoryIndex index.php
|
||||
</Directory>
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${stateDir} 0750 ${user} ${group} - -"
|
||||
"d ${stateDir}/tmp 0750 ${user} ${group} - -"
|
||||
"d ${stateDir}/tmp/assets 0750 ${user} ${group} - -"
|
||||
"d ${stateDir}/tmp/runtime 0750 ${user} ${group} - -"
|
||||
"d ${stateDir}/tmp/upload 0750 ${user} ${group} - -"
|
||||
"C ${stateDir}/upload 0750 ${user} ${group} - ${pkg}/share/limesurvey/upload"
|
||||
];
|
||||
|
||||
systemd.services.limesurvey-init = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-limesurvey.service" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
environment.LIMESURVEY_CONFIG = limesurveyConfig;
|
||||
script = ''
|
||||
# update or install the database as required
|
||||
${php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php updatedb || \
|
||||
${php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = user;
|
||||
Group = group;
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
|
||||
users.users."${user}".group = group;
|
||||
|
||||
};
|
||||
}
|
|
@ -1,196 +0,0 @@
|
|||
{ config, lib, pkgs, serverInfo, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
httpd = serverInfo.serverConfig.package;
|
||||
|
||||
version24 = !versionOlder httpd.version "2.4";
|
||||
|
||||
allGranted = if version24 then ''
|
||||
Require all granted
|
||||
'' else ''
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
'';
|
||||
|
||||
limesurveyConfig = pkgs.writeText "config.php" ''
|
||||
<?php
|
||||
$config = array();
|
||||
$config['name'] = "${config.siteName}";
|
||||
$config['runtimePath'] = "${config.dataDir}/tmp/runtime";
|
||||
$config['components'] = array();
|
||||
$config['components']['db'] = array();
|
||||
$config['components']['db']['connectionString'] = '${config.dbType}:host=${config.dbHost};port=${toString config.dbPort};user=${config.dbUser};password=${config.dbPassword};dbname=${config.dbName};';
|
||||
$config['components']['db']['username'] = '${config.dbUser}';
|
||||
$config['components']['db']['password'] = '${config.dbPassword}';
|
||||
$config['components']['db']['charset'] = 'utf-8';
|
||||
$config['components']['db']['tablePrefix'] = "prefix_";
|
||||
$config['components']['assetManager'] = array();
|
||||
$config['components']['assetManager']['basePath'] = '${config.dataDir}/tmp/assets';
|
||||
$config['config'] = array();
|
||||
$config['config']['debug'] = 1;
|
||||
$config['config']['tempdir'] = "${config.dataDir}/tmp";
|
||||
$config['config']['tempdir'] = "${config.dataDir}/tmp";
|
||||
$config['config']['uploaddir'] = "${config.dataDir}/upload";
|
||||
$config['config']['force_ssl'] = '${if config.forceSSL then "on" else ""}';
|
||||
$config['config']['defaultlang'] = '${config.defaultLang}';
|
||||
return $config;
|
||||
?>
|
||||
'';
|
||||
|
||||
limesurveyRoot = "${pkgs.limesurvey}/share/limesurvey/";
|
||||
|
||||
in rec {
|
||||
|
||||
extraConfig = ''
|
||||
Alias ${config.urlPrefix}/tmp ${config.dataDir}/tmp
|
||||
|
||||
<Directory ${config.dataDir}/tmp>
|
||||
${allGranted}
|
||||
Options -Indexes +FollowSymlinks
|
||||
</Directory>
|
||||
|
||||
Alias ${config.urlPrefix}/upload ${config.dataDir}/upload
|
||||
|
||||
<Directory ${config.dataDir}/upload>
|
||||
${allGranted}
|
||||
Options -Indexes
|
||||
</Directory>
|
||||
|
||||
${if config.urlPrefix != "" then ''
|
||||
Alias ${config.urlPrefix} ${limesurveyRoot}
|
||||
'' else ''
|
||||
RewriteEngine On
|
||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
|
||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
|
||||
''}
|
||||
|
||||
<Directory ${limesurveyRoot}>
|
||||
DirectoryIndex index.php
|
||||
</Directory>
|
||||
'';
|
||||
|
||||
globalEnvVars = [
|
||||
{ name = "LIMESURVEY_CONFIG"; value = limesurveyConfig; }
|
||||
];
|
||||
|
||||
documentRoot = if config.urlPrefix == "" then limesurveyRoot else null;
|
||||
|
||||
enablePHP = true;
|
||||
|
||||
options = {
|
||||
|
||||
id = mkOption {
|
||||
default = "main";
|
||||
description = ''
|
||||
A unique identifier necessary to keep multiple Limesurvey server
|
||||
instances on the same machine apart. This is used to
|
||||
disambiguate the administrative scripts, which get names like
|
||||
mediawiki-$id-change-password.
|
||||
'';
|
||||
};
|
||||
|
||||
urlPrefix = mkOption {
|
||||
default = "";
|
||||
description = "Url prefix for site.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dbType = mkOption {
|
||||
default = "pgsql";
|
||||
description = "Type of database for limesurvey, for now, only pgsql.";
|
||||
type = types.enum ["pgsql"];
|
||||
};
|
||||
|
||||
dbName = mkOption {
|
||||
default = "limesurvey";
|
||||
description = "Name of the database that holds the limesurvey data.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dbHost = mkOption {
|
||||
default = "localhost";
|
||||
description = "Limesurvey database host.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dbPort = mkOption {
|
||||
default = 5432;
|
||||
description = "Limesurvey database port.";
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
dbUser = mkOption {
|
||||
default = "limesurvey";
|
||||
description = "Limesurvey database user.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dbPassword = mkOption {
|
||||
example = "foobar";
|
||||
description = "Limesurvey database password.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
adminUser = mkOption {
|
||||
description = "Limesurvey admin username.";
|
||||
default = "admin";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
adminPassword = mkOption {
|
||||
description = "Default limesurvey admin password.";
|
||||
default = "admin";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
adminEmail = mkOption {
|
||||
description = "Limesurvey admin email.";
|
||||
default = "admin@admin.com";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
forceSSL = mkOption {
|
||||
default = false;
|
||||
description = "Force use of HTTPS connection.";
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
siteName = mkOption {
|
||||
default = "LimeSurvey";
|
||||
description = "LimeSurvey name of the site.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
defaultLang = mkOption {
|
||||
default = "en";
|
||||
description = "LimeSurvey default language.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
default = "/var/lib/limesurvey";
|
||||
description = "LimeSurvey data directory.";
|
||||
type = types.path;
|
||||
};
|
||||
};
|
||||
|
||||
startupScript = pkgs.writeScript "limesurvey_startup.sh" ''
|
||||
if [ ! -f ${config.dataDir}/.created ]; then
|
||||
mkdir -p ${config.dataDir}/{tmp/runtime,tmp/assets,tmp/upload,upload}
|
||||
chmod -R ug+rw ${config.dataDir}
|
||||
chmod -R o-rwx ${config.dataDir}
|
||||
chown -R wwwrun:wwwrun ${config.dataDir}
|
||||
|
||||
${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true
|
||||
${pkgs.postgresql}/bin/createdb "${config.dbName}" -O "${config.dbUser}" || true
|
||||
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -U postgres -d postgres -c "alter user ${config.dbUser} with password '${config.dbPassword}';" || true
|
||||
|
||||
${pkgs.limesurvey}/bin/limesurvey-console install '${config.adminUser}' '${config.adminPassword}' '${config.adminUser}' '${config.adminEmail}'
|
||||
|
||||
touch ${config.dataDir}/.created
|
||||
fi
|
||||
'';
|
||||
}
|
|
@ -273,7 +273,7 @@ in
|
|||
if [ ! -d ${serverInfo.fullConfig.services.mysql.dataDir}/${config.dbName} ]; then
|
||||
echo "Need to create the database '${config.dbName}' and grant permissions to user named '${config.dbUser}'."
|
||||
# Wait until MySQL is up
|
||||
while [ ! -e ${serverInfo.fullConfig.services.mysql.pidDir}/mysqld.pid ]; do
|
||||
while [ ! -S /run/mysqld/mysqld.sock ]; do
|
||||
sleep 1
|
||||
done
|
||||
${pkgs.mysql}/bin/mysql -e 'CREATE DATABASE ${config.dbName};'
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
let
|
||||
cfg = config.services.hydron;
|
||||
postgres = config.services.postgresql;
|
||||
in with lib; {
|
||||
options.services.hydron = {
|
||||
enable = mkEnableOption "hydron";
|
||||
|
@ -81,40 +80,40 @@ in with lib; {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
security.sudo.enable = cfg.enable;
|
||||
services.postgresql.enable = cfg.enable;
|
||||
services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);
|
||||
services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);
|
||||
services.hydron.postgresArgs = mkDefault ''
|
||||
{
|
||||
"driver": "postgres",
|
||||
"connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable"
|
||||
"connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"
|
||||
}
|
||||
'';
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "hydron" ];
|
||||
ensureUsers = [
|
||||
{ name = "hydron";
|
||||
ensurePermissions = { "DATABASE hydron" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0750 hydron hydron - -"
|
||||
"d '${cfg.dataDir}/.hydron' - hydron hydron - -"
|
||||
"d '${cfg.dataDir}/images' - hydron hydron - -"
|
||||
"Z '${cfg.dataDir}' - hydron hydron - -"
|
||||
|
||||
"L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"
|
||||
];
|
||||
|
||||
systemd.services.hydron = {
|
||||
description = "hydron";
|
||||
after = [ "network.target" "postgresql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart = ''
|
||||
# Ensure folder exists or create it and permissions are correct
|
||||
mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images}
|
||||
ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json
|
||||
chmod 750 ${escapeShellArg cfg.dataDir}
|
||||
chown -R hydron:hydron ${escapeShellArg cfg.dataDir}
|
||||
|
||||
# Ensure the database is correct or create it
|
||||
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
|
||||
-SDR hydron || true
|
||||
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
|
||||
-T template0 -E UTF8 -O hydron hydron || true
|
||||
${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \
|
||||
-c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true;
|
||||
User = "hydron";
|
||||
Group = "hydron";
|
||||
ExecStart = "${pkgs.hydron}/bin/hydron serve"
|
||||
|
@ -139,7 +138,7 @@ in with lib; {
|
|||
description = "Automatically import paths into hydron and possibly fetch tags";
|
||||
after = [ "network.target" "hydron.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
|
||||
timerConfig = {
|
||||
Persistent = true;
|
||||
OnCalendar = cfg.interval;
|
||||
|
@ -148,11 +147,10 @@ in with lib; {
|
|||
|
||||
users = {
|
||||
groups.hydron.gid = config.ids.gids.hydron;
|
||||
|
||||
|
||||
users.hydron = {
|
||||
description = "hydron server service user";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
group = "hydron";
|
||||
uid = config.ids.uids.hydron;
|
||||
};
|
||||
|
|
|
@ -64,7 +64,7 @@ let
|
|||
include ${cfg.package}/conf/uwsgi_params;
|
||||
|
||||
${optionalString (cfg.resolver.addresses != []) ''
|
||||
resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"};
|
||||
resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"};
|
||||
''}
|
||||
${upstreamConfig}
|
||||
|
||||
|
@ -521,6 +521,15 @@ in
|
|||
An optional valid parameter allows overriding it
|
||||
'';
|
||||
};
|
||||
ipv6 = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
By default, nginx will look up both IPv4 and IPv6 addresses while resolving.
|
||||
If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be
|
||||
specified.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
|
|
|
@ -25,7 +25,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
config = mkIf (xcfg.enable && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [
|
||||
e.efl e.enlightenment
|
||||
|
@ -38,10 +38,10 @@ in
|
|||
pkgs.xorg.xcursorthemes
|
||||
];
|
||||
|
||||
environment.pathsToLink = [
|
||||
"/etc/enlightenment"
|
||||
"/share/enlightenment"
|
||||
"/share/elementary"
|
||||
environment.pathsToLink = [
|
||||
"/etc/enlightenment"
|
||||
"/share/enlightenment"
|
||||
"/share/elementary"
|
||||
"/share/locale"
|
||||
];
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ in
|
|||
};
|
||||
|
||||
|
||||
config = mkIf (xcfg.enable && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.xserver.desktopManager.session = singleton {
|
||||
name = "lumina";
|
||||
|
|
|
@ -26,7 +26,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
config = mkIf (xcfg.enable && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.xserver.desktopManager.session = singleton {
|
||||
name = "lxqt";
|
||||
|
|
|
@ -42,7 +42,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
config = mkIf (xcfg.enable && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.xserver.desktopManager.session = singleton {
|
||||
name = "mate";
|
||||
|
|
|
@ -10,7 +10,7 @@ in {
|
|||
enable = mkEnableOption "MaXX desktop environment";
|
||||
};
|
||||
|
||||
config = mkIf (xcfg.enable && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.maxx ];
|
||||
|
||||
# there is hardcoded path in binaries
|
||||
|
|
|
@ -36,7 +36,7 @@ in
|
|||
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf (xcfg.enable && cfg.enable) {
|
||||
(mkIf cfg.enable {
|
||||
services.xserver.desktopManager.session = singleton {
|
||||
name = "plasma5";
|
||||
bgSupport = true;
|
||||
|
@ -161,7 +161,6 @@ in
|
|||
|
||||
qtvirtualkeyboard
|
||||
|
||||
libsForQt56.phonon-backend-gstreamer
|
||||
libsForQt5.phonon-backend-gstreamer
|
||||
|
||||
xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/
|
||||
|
|
|
@ -19,7 +19,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
config = mkIf (config.services.xserver.enable && cfg.enable) {
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.xserver.desktopManager.session = singleton
|
||||
{ name = "xterm";
|
||||
|
|
|
@ -14,6 +14,23 @@ let
|
|||
exec "$@"
|
||||
'';
|
||||
|
||||
# Solves problems like:
|
||||
# https://wiki.archlinux.org/index.php/Talk:Bluetooth_headset#GDMs_pulseaudio_instance_captures_bluetooth_headset
|
||||
# Instead of blacklisting plugins, we use Fedora's PulseAudio configuration for GDM:
|
||||
# https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm
|
||||
pulseConfig = pkgs.writeText "default.pa" ''
|
||||
load-module module-device-restore
|
||||
load-module module-card-restore
|
||||
load-module module-udev-detect
|
||||
load-module module-native-protocol-unix
|
||||
load-module module-default-device-restore
|
||||
load-module module-rescue-streams
|
||||
load-module module-always-sink
|
||||
load-module module-intended-roles
|
||||
load-module module-suspend-on-idle
|
||||
load-module module-position-event-sounds
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -126,6 +143,11 @@ in
|
|||
GDM_X_SESSION_WRAPPER = "${xSessionWrapper}";
|
||||
};
|
||||
execCmd = "exec ${gdm}/bin/gdm";
|
||||
preStart = optionalString config.hardware.pulseaudio.enable ''
|
||||
mkdir -p /run/gdm/.config/pulse
|
||||
ln -sf ${pulseConfig} /run/gdm/.config/pulse/default.pa
|
||||
chown -R gdm:gdm /run/gdm/.config
|
||||
'';
|
||||
};
|
||||
|
||||
# Because sd_login_monitor_new requires /run/systemd/machines
|
||||
|
|
|
@ -347,6 +347,7 @@ in
|
|||
|
||||
xkbDir = mkOption {
|
||||
type = types.path;
|
||||
default = "${pkgs.xkeyboard_config}/etc/X11/xkb";
|
||||
description = ''
|
||||
Path used for -xkbdir xserver parameter.
|
||||
'';
|
||||
|
@ -708,8 +709,6 @@ in
|
|||
xorg.xf86inputevdev.out
|
||||
];
|
||||
|
||||
services.xserver.xkbDir = mkDefault "${pkgs.xkeyboard_config}/etc/X11/xkb";
|
||||
|
||||
system.extraDependencies = singleton (pkgs.runCommand "xkb-validated" {
|
||||
inherit (cfg) xkbModel layout xkbVariant xkbOptions;
|
||||
nativeBuildInputs = [ pkgs.xkbvalidate ];
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue