0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-19 16:40:32 +03:00

Merge branch 'staging-next' into staging

Conflicts (simple):
	nixos/doc/manual/release-notes/rl-1909.xml
This commit is contained in:
Vladimír Čunát 2019-06-03 22:33:52 +02:00
commit ee86a325dd
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
392 changed files with 11536 additions and 4972 deletions

View file

@ -21,6 +21,15 @@ let
and scalable concurrency support.
'';
};
"scudo" = {
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
which aims at providing additional mitigations against heap based
vulnerabilities, while maintaining good performance.
'';
};
};
providerConf = providers."${cfg.provider}";
@ -82,5 +91,7 @@ in
config = mkIf (cfg.provider != "libc") {
environment.variables.LD_PRELOAD = providerLibPath;
systemd.extraConfig = "DefaultEnvironment=\"LD_PRELOAD=${providerLibPath}\"";
systemd.user.extraConfig = "DefaultEnvironment=\"LD_PRELOAD=${providerLibPath}\"";
};
}

View file

@ -95,6 +95,7 @@
./programs/ccache.nix
./programs/cdemu.nix
./programs/chromium.nix
./programs/clickshare.nix
./programs/command-not-found/command-not-found.nix
./programs/criu.nix
./programs/dconf.nix
@ -762,6 +763,7 @@
./services/web-apps/frab.nix
./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/limesurvey.nix
./services/web-apps/mattermost.nix
./services/web-apps/miniflux.nix
./services/web-apps/nextcloud.nix

View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
options.programs.clickshare-csc1.enable =
lib.options.mkEnableOption ''
Barco ClickShare CSC-1 driver/client.
This allows users in the <literal>clickshare</literal>
group to access and use a ClickShare USB dongle
that is connected to the machine
'';
config = lib.modules.mkIf config.programs.clickshare-csc1.enable {
environment.systemPackages = [ pkgs.clickshare-csc1 ];
services.udev.packages = [ pkgs.clickshare-csc1 ];
users.groups.clickshare = {};
};
meta.maintainers = [ lib.maintainers.yarny ];
}

View file

@ -177,7 +177,7 @@ in {
systemPackages = [ pkgs.tmux ];
variables = {
TMUX_TMPDIR = lib.optional cfg.secureSocket ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}'';
TMUX_TMPDIR = lib.optional cfg.secureSocket ''''${XDG_RUNTIME_DIR:-"/run/user/$(id -u)"}'';
};
};
};

View file

@ -113,9 +113,10 @@ with lib;
# murmur
(mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
(mkRemovedOptionModule [ "services" "murmur" "pidfile" ] "Hardcoded to /run/murmur/murmurd.pid now")
# parsoid
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] "Use services.parsoid.wikis instead")
# plexpy / tautulli
(mkRenamedOptionModule [ "services" "plexpy" ] [ "services" "tautulli" ])
@ -211,6 +212,7 @@ with lib;
(mkRemovedOptionModule [ "services" "logstash" "enableWeb" ] "The web interface was removed from logstash")
(mkRemovedOptionModule [ "boot" "zfs" "enableLegacyCrypto" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])

View file

@ -18,16 +18,12 @@ let
in (pName mysql == pName pkgs.mysql57)
&& ((builtins.compareVersions mysql.version "5.7") >= 0);
pidFile = "${cfg.pidDir}/mysqld.pid";
mysqldAndInstallOptions =
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";
mysqldOptions =
"${mysqldAndInstallOptions} --pid-file=${pidFile}";
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";
# For MySQL 5.7+, --insecure creates the root user without password
# (earlier versions and MariaDB do this by default).
installOptions =
"${mysqldAndInstallOptions} ${lib.optionalString isMysqlAtLeast57 "--insecure"}";
"${mysqldOptions} ${lib.optionalString isMysqlAtLeast57 "--insecure"}";
in
@ -80,11 +76,6 @@ in
description = "Location where MySQL stores its table files";
};
pidDir = mkOption {
default = "/run/mysqld";
description = "Location of the file which stores the PID of the MySQL server";
};
extraOptions = mkOption {
type = types.lines;
default = "";
@ -296,6 +287,10 @@ in
${cfg.extraOptions}
'';
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql -"
];
systemd.services.mysql = let
hasNotify = (cfg.package == pkgs.mariadb);
in {
@ -313,70 +308,69 @@ in
pkgs.nettools
];
preStart =
''
if ! test -e ${cfg.dataDir}/mysql; then
mkdir -m 0700 -p ${cfg.dataDir}
chown -R ${cfg.user} ${cfg.dataDir}
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${installOptions}
touch /tmp/mysql_init
fi
mkdir -m 0755 -p ${cfg.pidDir}
chown -R ${cfg.user} ${cfg.pidDir}
'';
preStart = ''
if ! test -e ${cfg.dataDir}/mysql; then
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${installOptions}
touch /tmp/mysql_init
fi
'';
serviceConfig = {
User = cfg.user;
Group = "mysql";
Type = if hasNotify then "notify" else "simple";
RuntimeDirectory = "mysqld";
RuntimeDirectoryMode = "0755";
# The last two environment variables are used for starting Galera clusters
ExecStart = "${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION";
};
postStart = ''
${lib.optionalString (!hasNotify) ''
# Wait until the MySQL server is available for use
count=0
while [ ! -e /run/mysqld/mysqld.sock ]
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
postStart =
let
cmdWatchForMysqlSocket = ''
# Wait until the MySQL server is available for use
count=0
while [ ! -e /run/mysqld/mysqld.sock ]
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "MySQL daemon not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
''}
echo "MySQL daemon not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
'';
cmdInitialDatabases = concatMapStrings (database: ''
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo 'create database `${database.name}`;'
${optionalString (database.schema != null) ''
echo 'use `${database.name}`;'
# TODO: this silently falls through if database.schema does not exist,
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
if [ -f "${database.schema}" ]
then
cat ${database.schema}
elif [ -d "${database.schema}" ]
then
cat ${database.schema}/mysql-databases/*.sql
fi
''}
) | ${mysql}/bin/mysql -u root -N
fi
'') cfg.initialDatabases;
in
lib.optionalString (!hasNotify) cmdWatchForMysqlSocket + ''
if [ -f /tmp/mysql_init ]
then
${concatMapStrings (database:
''
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo 'create database `${database.name}`;'
${optionalString (database.schema != null) ''
echo 'use `${database.name}`;'
# TODO: this silently falls through if database.schema does not exist,
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
if [ -f "${database.schema}" ]
then
cat ${database.schema}
elif [ -d "${database.schema}" ]
then
cat ${database.schema}/mysql-databases/*.sql
fi
''}
) | ${mysql}/bin/mysql -u root -N
fi
'') cfg.initialDatabases}
${cmdInitialDatabases}
${optionalString (cfg.replication.role == "master")
''
# Set up the replication master

View file

@ -7,7 +7,7 @@ let
cfg = config.services.octoprint;
baseConfig = {
plugins.cura.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine";
plugins.curalegacy.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine";
server.host = cfg.host;
server.port = cfg.port;
webcam.ffmpeg = "${pkgs.ffmpeg.bin}/bin/ffmpeg";

View file

@ -28,7 +28,7 @@ in
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
${pkgs.prometheus-fritzbox-exporter}/bin/exporter \
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
-gateway-address ${cfg.gatewayAddress} \
-gateway-port ${toString cfg.gatewayPort} \

View file

@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.murmur;
forking = cfg.logFile != null;
configFile = pkgs.writeText "murmurd.ini" ''
database=/var/lib/murmur/murmur.sqlite
dbDriver=QSQLITE
@ -12,8 +13,8 @@ let
autobanTimeframe=${toString cfg.autobanTimeframe}
autobanTime=${toString cfg.autobanTime}
logfile=/var/log/murmur/murmurd.log
pidfile=${cfg.pidfile}
logfile=${optionalString (cfg.logFile != null) cfg.logFile}
${optionalString forking "pidfile=/run/murmur/murmurd.pid"}
welcometext="${cfg.welcometext}"
port=${toString cfg.port}
@ -78,10 +79,11 @@ in
description = "The amount of time an IP ban lasts (in seconds).";
};
pidfile = mkOption {
type = types.path;
default = "/run/murmur/murmurd.pid";
description = "Path to PID file for Murmur daemon.";
logFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/log/murmur/murmurd.log";
description = "Path to the log file for Murmur daemon. Empty means log to journald.";
};
welcometext = mkOption {
@ -251,19 +253,13 @@ in
after = [ "network-online.target "];
serviceConfig = {
Type = "forking";
RuntimeDirectory = "murmur";
PIDFile = cfg.pidfile;
Restart = "always";
# murmurd doesn't fork when logging to the console.
Type = if forking then "forking" else "simple";
PIDFile = mkIf forking "/run/murmur/murmurd.pid";
RuntimeDirectory = mkIf forking "murmur";
User = "murmur";
ExecStart = "${pkgs.murmur}/bin/murmurd -ini ${configFile}";
PermissionsStartOnly = true;
};
preStart = ''
mkdir -p /var/log/murmur
chown -R murmur /var/log/murmur
'';
};
};
}

View file

@ -477,6 +477,10 @@ in {
'';
};
systemd.services.NetworkManager-wait-online = {
wantedBy = [ "network-online.target" ];
};
systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled {
wantedBy = [ "NetworkManager.service" ];
before = [ "NetworkManager.service" ];

View file

@ -426,7 +426,9 @@ in {
'';
};
};
syncthing-init = {
syncthing-init = mkIf (
cfg.declarative.devices != {} || cfg.declarative.folders != {}
) {
after = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];

View file

@ -229,8 +229,61 @@ let
'';
};
generatePeerUnit = { interfaceName, interfaceCfg, peer }:
let
keyToUnitName = replaceChars
[ "/" "-" " " "+" "=" ]
[ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ];
unitName = keyToUnitName peer.publicKey;
psk =
if peer.presharedKey != null
then pkgs.writeText "wg-psk" peer.presharedKey
else peer.presharedKeyFile;
in nameValuePair "wireguard-${interfaceName}-peer-${unitName}"
{
description = "WireGuard Peer - ${interfaceName} - ${peer.publicKey}";
requires = [ "wireguard-${interfaceName}.service" ];
after = [ "wireguard-${interfaceName}.service" ];
wantedBy = [ "multi-user.target" ];
environment.DEVICE = interfaceName;
environment.WG_ENDPOINT_RESOLUTION_RETRIES = "infinity";
path = with pkgs; [ iproute wireguard-tools ];
generateSetupServiceUnit = name: values:
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = let
wg_setup = "wg set ${interfaceName} peer ${peer.publicKey}" +
optionalString (psk != null) " preshared-key ${psk}" +
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}";
route_setup =
optionalString (interfaceCfg.allowedIPsAsRoutes != false)
(concatMapStringsSep "\n"
(allowedIP:
"ip route replace ${allowedIP} dev ${interfaceName} table ${interfaceCfg.table}"
) peer.allowedIPs);
in ''
${wg_setup}
${route_setup}
'';
postStop = let
route_destroy = optionalString (interfaceCfg.allowedIPsAsRoutes != false)
(concatMapStringsSep "\n"
(allowedIP:
"ip route delete ${allowedIP} dev ${interfaceName} table ${interfaceCfg.table}"
) peer.allowedIPs);
in ''
wg set ${interfaceName} peer ${peer.publicKey} remove
${route_destroy}
'';
};
generateInterfaceUnit = name: values:
# exactly one way to specify the private key must be set
#assert (values.privateKey != null) != (values.privateKeyFile != null);
let privKey = if values.privateKeyFile != null then values.privateKeyFile else pkgs.writeText "wg-key" values.privateKey;
@ -245,9 +298,7 @@ let
path = with pkgs; [ kmod iproute wireguard-tools ];
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = "5s";
Type = "oneshot";
RemainAfterExit = true;
};
@ -265,25 +316,8 @@ let
wg set ${name} private-key ${privKey} ${
optionalString (values.listenPort != null) " listen-port ${toString values.listenPort}"}
${concatMapStringsSep "\n" (peer:
assert (peer.presharedKeyFile == null) || (peer.presharedKey == null); # at most one of the two must be set
let psk = if peer.presharedKey != null then pkgs.writeText "wg-psk" peer.presharedKey else peer.presharedKeyFile;
in
"wg set ${name} peer ${peer.publicKey}" +
optionalString (psk != null) " preshared-key ${psk}" +
optionalString (peer.endpoint != null) " endpoint ${peer.endpoint}" +
optionalString (peer.persistentKeepalive != null) " persistent-keepalive ${toString peer.persistentKeepalive}" +
optionalString (peer.allowedIPs != []) " allowed-ips ${concatStringsSep "," peer.allowedIPs}"
) values.peers}
ip link set up dev ${name}
${optionalString (values.allowedIPsAsRoutes != false) (concatStringsSep "\n" (concatMap (peer:
(map (allowedIP:
"ip route replace ${allowedIP} dev ${name} table ${values.table}"
) peer.allowedIPs)
) values.peers))}
${values.postSetup}
'';
@ -335,7 +369,12 @@ in
###### implementation
config = mkIf cfg.enable {
config = mkIf cfg.enable (let
all_peers = flatten
(mapAttrsToList (interfaceName: interfaceCfg:
map (peer: { inherit interfaceName interfaceCfg peer;}) interfaceCfg.peers
) cfg.interfaces);
in {
assertions = (attrValues (
mapAttrs (name: value: {
@ -346,19 +385,24 @@ in
mapAttrs (name: value: {
assertion = value.generatePrivateKeyFile -> (value.privateKey == null);
message = "networking.wireguard.interfaces.${name}.generatePrivateKey must not be set if networking.wireguard.interfaces.${name}.privateKey is set.";
}) cfg.interfaces));
}) cfg.interfaces))
++ map ({ interfaceName, peer, ... }: {
assertion = (peer.presharedKey == null) || (peer.presharedKeyFile == null);
message = "networking.wireguard.interfaces.${interfaceName} peer «${peer.publicKey}» has both presharedKey and presharedKeyFile set, but only one can be used.";
}) all_peers;
boot.extraModulePackages = [ kernel.wireguard ];
environment.systemPackages = [ pkgs.wireguard-tools ];
systemd.services = (mapAttrs' generateSetupServiceUnit cfg.interfaces)
systemd.services =
(mapAttrs' generateInterfaceUnit cfg.interfaces)
// (listToAttrs (map generatePeerUnit all_peers))
// (mapAttrs' generateKeyServiceUnit
(filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces));
systemd.paths = mapAttrs' generatePathUnit
(filterAttrs (name: value: value.privateKeyFile != null) cfg.interfaces);
};
});
}

View file

@ -60,6 +60,8 @@ let
TempDir ${cfg.tempDir}
SetEnv PATH /var/lib/cups/path/lib/cups/filter:/var/lib/cups/path/bin
# User and group used to run external programs, including
# those that actually send the job to the printer. Note that
# Udev sets the group of printer devices to `lp', so we want
@ -76,8 +78,6 @@ let
'') cfg.listenAddresses}
Listen /run/cups/cups.sock
SetEnv PATH /var/lib/cups/path/lib/cups/filter:/var/lib/cups/path/bin
DefaultShared ${if cfg.defaultShared then "Yes" else "No"}
Browsing ${if cfg.browsing then "Yes" else "No"}

View file

@ -0,0 +1,288 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption;
inherit (lib) mapAttrs optional optionalString types;
cfg = config.services.limesurvey;
user = "limesurvey";
group = config.services.httpd.group;
stateDir = "/var/lib/limesurvey";
php = pkgs.php;
pkg = pkgs.limesurvey;
configType = with types; either (either (attrsOf configType) str) (either int bool) // {
description = "limesurvey config type (str, int, bool or attribute set thereof)";
};
limesurveyConfig = pkgs.writeText "config.php" ''
<?php
return json_decode('${builtins.toJSON cfg.config}', true);
?>
'';
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
in
{
# interface
options.services.limesurvey = {
enable = mkEnableOption "Limesurvey web application.";
database = {
type = mkOption {
type = types.enum [ "mysql" "pgsql" "odbc" "mssql" ];
example = "pgsql";
default = "mysql";
description = "Database engine to use.";
};
host = mkOption {
type = types.str;
default = "localhost";
description = "Database host address.";
};
port = mkOption {
type = types.int;
default = if cfg.database.type == "pgsql" then 5442 else 3306;
defaultText = "3306";
description = "Database host port.";
};
name = mkOption {
type = types.str;
default = "limesurvey";
description = "Database name.";
};
user = mkOption {
type = types.str;
default = "limesurvey";
description = "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/limesurvey-dbpassword";
description = ''
A file containing the password corresponding to
<option>database.user</option>.
'';
};
socket = mkOption {
type = types.nullOr types.path;
default =
if mysqlLocal then "/run/mysqld/mysqld.sock"
else if pgsqlLocal then "/run/postgresql"
else null
;
defaultText = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication.";
};
createLocally = mkOption {
type = types.bool;
default = cfg.database.type == "mysql";
defaultText = "true";
description = ''
Create the database and database user locally.
This currently only applies if database type "mysql" is selected.
'';
};
};
virtualHost = mkOption {
type = types.submodule ({
options = import ../web-servers/apache-httpd/per-server-options.nix {
inherit lib;
forMainServer = false;
};
});
example = {
hostName = "survey.example.org";
enableSSL = true;
adminAddr = "webmaster@example.org";
sslServerCert = "/var/lib/acme/survey.example.org/full.pem";
sslServerKey = "/var/lib/acme/survey.example.org/key.pem";
};
description = ''
Apache configuration can be done by adapting <literal>services.httpd.virtualHosts.&lt;name&gt;</literal>.
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
'';
};
poolConfig = mkOption {
type = types.lines;
default = ''
pm = dynamic
pm.max_children = 32
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 500
'';
description = ''
Options for LimeSurvey's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
'';
};
config = mkOption {
type = configType;
default = {};
description = ''
LimeSurvey configuration. Refer to
<link xlink:href="https://manual.limesurvey.org/Optional_settings"/>
for details on supported values.
'';
};
};
# implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.database.createLocally -> cfg.database.type == "mysql";
message = "services.limesurvey.createLocally is currently only supported for database type 'mysql'";
}
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = "services.limesurvey.database.user must be set to ${user} if services.limesurvey.database.createLocally is set true";
}
{ assertion = cfg.database.createLocally -> cfg.database.socket != null;
message = "services.limesurvey.database.socket must be set if services.limesurvey.database.createLocally is set to true";
}
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = "a password cannot be specified if services.limesurvey.database.createLocally is set to true";
}
];
services.limesurvey.config = mapAttrs (name: mkDefault) {
runtimePath = "${stateDir}/tmp/runtime";
components = {
db = {
connectionString = "${cfg.database.type}:dbname=${cfg.database.name};host=${if pgsqlLocal then cfg.database.socket else cfg.database.host};port=${toString cfg.database.port}" +
optionalString mysqlLocal ";socket=${cfg.database.socket}";
username = cfg.database.user;
password = mkIf (cfg.database.passwordFile != null) "file_get_contents(\"${toString cfg.database.passwordFile}\");";
tablePrefix = "limesurvey_";
};
assetManager.basePath = "${stateDir}/tmp/assets";
urlManager = {
urlFormat = "path";
showScriptName = false;
};
};
config = {
tempdir = "${stateDir}/tmp";
uploaddir = "${stateDir}/upload";
force_ssl = mkIf cfg.virtualHost.enableSSL "on";
config.defaultlang = "en";
};
};
services.mysql = mkIf mysqlLocal {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = {
"${cfg.database.name}.*" = "SELECT, CREATE, INSERT, UPDATE, DELETE, ALTER, DROP, INDEX";
};
}
];
};
services.phpfpm.pools.limesurvey = {
phpPackage = php;
listen = "/run/phpfpm/limesurvey.sock";
extraConfig = ''
listen.owner = ${config.services.httpd.user};
listen.group = ${config.services.httpd.group};
user = ${user};
group = ${group};
env[LIMESURVEY_CONFIG] = ${limesurveyConfig}
${cfg.poolConfig}
'';
};
services.httpd = {
enable = true;
adminAddr = mkDefault cfg.virtualHost.adminAddr;
extraModules = [ "proxy_fcgi" ];
virtualHosts = [
(cfg.virtualHost // {
documentRoot = mkForce "${pkg}/share/limesurvey";
extraConfig = ''
Alias "/tmp" "${stateDir}/tmp"
<Directory "${stateDir}">
AllowOverride all
Require all granted
Options -Indexes +FollowSymlinks
</Directory>
Alias "/upload" "${stateDir}/upload"
<Directory "${stateDir}/upload">
AllowOverride all
Require all granted
Options -Indexes
</Directory>
<Directory "${pkg}/share/limesurvey">
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/run/phpfpm/limesurvey.sock|fcgi://localhost/"
</If>
</FilesMatch>
AllowOverride all
Options -Indexes
DirectoryIndex index.php
</Directory>
'';
})
];
};
systemd.tmpfiles.rules = [
"d ${stateDir} 0750 ${user} ${group} - -"
"d ${stateDir}/tmp 0750 ${user} ${group} - -"
"d ${stateDir}/tmp/assets 0750 ${user} ${group} - -"
"d ${stateDir}/tmp/runtime 0750 ${user} ${group} - -"
"d ${stateDir}/tmp/upload 0750 ${user} ${group} - -"
"C ${stateDir}/upload 0750 ${user} ${group} - ${pkg}/share/limesurvey/upload"
];
systemd.services.limesurvey-init = {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-limesurvey.service" ];
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
environment.LIMESURVEY_CONFIG = limesurveyConfig;
script = ''
# update or install the database as required
${php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php updatedb || \
${php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose
'';
serviceConfig = {
User = user;
Group = group;
Type = "oneshot";
};
};
systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
users.users."${user}".group = group;
};
}

View file

@ -1,196 +0,0 @@
{ config, lib, pkgs, serverInfo, ... }:
with lib;
let
httpd = serverInfo.serverConfig.package;
version24 = !versionOlder httpd.version "2.4";
allGranted = if version24 then ''
Require all granted
'' else ''
Order allow,deny
Allow from all
'';
limesurveyConfig = pkgs.writeText "config.php" ''
<?php
$config = array();
$config['name'] = "${config.siteName}";
$config['runtimePath'] = "${config.dataDir}/tmp/runtime";
$config['components'] = array();
$config['components']['db'] = array();
$config['components']['db']['connectionString'] = '${config.dbType}:host=${config.dbHost};port=${toString config.dbPort};user=${config.dbUser};password=${config.dbPassword};dbname=${config.dbName};';
$config['components']['db']['username'] = '${config.dbUser}';
$config['components']['db']['password'] = '${config.dbPassword}';
$config['components']['db']['charset'] = 'utf-8';
$config['components']['db']['tablePrefix'] = "prefix_";
$config['components']['assetManager'] = array();
$config['components']['assetManager']['basePath'] = '${config.dataDir}/tmp/assets';
$config['config'] = array();
$config['config']['debug'] = 1;
$config['config']['tempdir'] = "${config.dataDir}/tmp";
$config['config']['tempdir'] = "${config.dataDir}/tmp";
$config['config']['uploaddir'] = "${config.dataDir}/upload";
$config['config']['force_ssl'] = '${if config.forceSSL then "on" else ""}';
$config['config']['defaultlang'] = '${config.defaultLang}';
return $config;
?>
'';
limesurveyRoot = "${pkgs.limesurvey}/share/limesurvey/";
in rec {
extraConfig = ''
Alias ${config.urlPrefix}/tmp ${config.dataDir}/tmp
<Directory ${config.dataDir}/tmp>
${allGranted}
Options -Indexes +FollowSymlinks
</Directory>
Alias ${config.urlPrefix}/upload ${config.dataDir}/upload
<Directory ${config.dataDir}/upload>
${allGranted}
Options -Indexes
</Directory>
${if config.urlPrefix != "" then ''
Alias ${config.urlPrefix} ${limesurveyRoot}
'' else ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
''}
<Directory ${limesurveyRoot}>
DirectoryIndex index.php
</Directory>
'';
globalEnvVars = [
{ name = "LIMESURVEY_CONFIG"; value = limesurveyConfig; }
];
documentRoot = if config.urlPrefix == "" then limesurveyRoot else null;
enablePHP = true;
options = {
id = mkOption {
default = "main";
description = ''
A unique identifier necessary to keep multiple Limesurvey server
instances on the same machine apart. This is used to
disambiguate the administrative scripts, which get names like
mediawiki-$id-change-password.
'';
};
urlPrefix = mkOption {
default = "";
description = "Url prefix for site.";
type = types.str;
};
dbType = mkOption {
default = "pgsql";
description = "Type of database for limesurvey, for now, only pgsql.";
type = types.enum ["pgsql"];
};
dbName = mkOption {
default = "limesurvey";
description = "Name of the database that holds the limesurvey data.";
type = types.str;
};
dbHost = mkOption {
default = "localhost";
description = "Limesurvey database host.";
type = types.str;
};
dbPort = mkOption {
default = 5432;
description = "Limesurvey database port.";
type = types.int;
};
dbUser = mkOption {
default = "limesurvey";
description = "Limesurvey database user.";
type = types.str;
};
dbPassword = mkOption {
example = "foobar";
description = "Limesurvey database password.";
type = types.str;
};
adminUser = mkOption {
description = "Limesurvey admin username.";
default = "admin";
type = types.str;
};
adminPassword = mkOption {
description = "Default limesurvey admin password.";
default = "admin";
type = types.str;
};
adminEmail = mkOption {
description = "Limesurvey admin email.";
default = "admin@admin.com";
type = types.str;
};
forceSSL = mkOption {
default = false;
description = "Force use of HTTPS connection.";
type = types.bool;
};
siteName = mkOption {
default = "LimeSurvey";
description = "LimeSurvey name of the site.";
type = types.str;
};
defaultLang = mkOption {
default = "en";
description = "LimeSurvey default language.";
type = types.str;
};
dataDir = mkOption {
default = "/var/lib/limesurvey";
description = "LimeSurvey data directory.";
type = types.path;
};
};
startupScript = pkgs.writeScript "limesurvey_startup.sh" ''
if [ ! -f ${config.dataDir}/.created ]; then
mkdir -p ${config.dataDir}/{tmp/runtime,tmp/assets,tmp/upload,upload}
chmod -R ug+rw ${config.dataDir}
chmod -R o-rwx ${config.dataDir}
chown -R wwwrun:wwwrun ${config.dataDir}
${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true
${pkgs.postgresql}/bin/createdb "${config.dbName}" -O "${config.dbUser}" || true
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -U postgres -d postgres -c "alter user ${config.dbUser} with password '${config.dbPassword}';" || true
${pkgs.limesurvey}/bin/limesurvey-console install '${config.adminUser}' '${config.adminPassword}' '${config.adminUser}' '${config.adminEmail}'
touch ${config.dataDir}/.created
fi
'';
}

View file

@ -273,7 +273,7 @@ in
if [ ! -d ${serverInfo.fullConfig.services.mysql.dataDir}/${config.dbName} ]; then
echo "Need to create the database '${config.dbName}' and grant permissions to user named '${config.dbUser}'."
# Wait until MySQL is up
while [ ! -e ${serverInfo.fullConfig.services.mysql.pidDir}/mysqld.pid ]; do
while [ ! -S /run/mysqld/mysqld.sock ]; do
sleep 1
done
${pkgs.mysql}/bin/mysql -e 'CREATE DATABASE ${config.dbName};'

View file

@ -2,7 +2,6 @@
let
cfg = config.services.hydron;
postgres = config.services.postgresql;
in with lib; {
options.services.hydron = {
enable = mkEnableOption "hydron";
@ -81,40 +80,40 @@ in with lib; {
};
config = mkIf cfg.enable {
security.sudo.enable = cfg.enable;
services.postgresql.enable = cfg.enable;
services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);
services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);
services.hydron.postgresArgs = mkDefault ''
{
"driver": "postgres",
"connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable"
"connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"
}
'';
services.postgresql = {
enable = true;
ensureDatabases = [ "hydron" ];
ensureUsers = [
{ name = "hydron";
ensurePermissions = { "DATABASE hydron" = "ALL PRIVILEGES"; };
}
];
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0750 hydron hydron - -"
"d '${cfg.dataDir}/.hydron' - hydron hydron - -"
"d '${cfg.dataDir}/images' - hydron hydron - -"
"Z '${cfg.dataDir}' - hydron hydron - -"
"L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"
];
systemd.services.hydron = {
description = "hydron";
after = [ "network.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
# Ensure folder exists or create it and permissions are correct
mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images}
ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json
chmod 750 ${escapeShellArg cfg.dataDir}
chown -R hydron:hydron ${escapeShellArg cfg.dataDir}
# Ensure the database is correct or create it
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
-SDR hydron || true
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
-T template0 -E UTF8 -O hydron hydron || true
${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \
-c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
'';
serviceConfig = {
PermissionsStartOnly = true;
User = "hydron";
Group = "hydron";
ExecStart = "${pkgs.hydron}/bin/hydron serve"
@ -139,7 +138,7 @@ in with lib; {
description = "Automatically import paths into hydron and possibly fetch tags";
after = [ "network.target" "hydron.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = cfg.interval;
@ -148,11 +147,10 @@ in with lib; {
users = {
groups.hydron.gid = config.ids.gids.hydron;
users.hydron = {
description = "hydron server service user";
home = cfg.dataDir;
createHome = true;
group = "hydron";
uid = config.ids.uids.hydron;
};

View file

@ -64,7 +64,7 @@ let
include ${cfg.package}/conf/uwsgi_params;
${optionalString (cfg.resolver.addresses != []) ''
resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"};
resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"};
''}
${upstreamConfig}
@ -521,6 +521,15 @@ in
An optional valid parameter allows overriding it
'';
};
ipv6 = mkOption {
type = types.bool;
default = true;
description = ''
By default, nginx will look up both IPv4 and IPv6 addresses while resolving.
If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be
specified.
'';
};
};
};
description = ''

View file

@ -25,7 +25,7 @@ in
};
config = mkIf (xcfg.enable && cfg.enable) {
config = mkIf cfg.enable {
environment.systemPackages = [
e.efl e.enlightenment
@ -38,10 +38,10 @@ in
pkgs.xorg.xcursorthemes
];
environment.pathsToLink = [
"/etc/enlightenment"
"/share/enlightenment"
"/share/elementary"
environment.pathsToLink = [
"/etc/enlightenment"
"/share/enlightenment"
"/share/elementary"
"/share/locale"
];

View file

@ -21,7 +21,7 @@ in
};
config = mkIf (xcfg.enable && cfg.enable) {
config = mkIf cfg.enable {
services.xserver.desktopManager.session = singleton {
name = "lumina";

View file

@ -26,7 +26,7 @@ in
};
config = mkIf (xcfg.enable && cfg.enable) {
config = mkIf cfg.enable {
services.xserver.desktopManager.session = singleton {
name = "lxqt";

View file

@ -42,7 +42,7 @@ in
};
config = mkIf (xcfg.enable && cfg.enable) {
config = mkIf cfg.enable {
services.xserver.desktopManager.session = singleton {
name = "mate";

View file

@ -10,7 +10,7 @@ in {
enable = mkEnableOption "MaXX desktop environment";
};
config = mkIf (xcfg.enable && cfg.enable) {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.maxx ];
# there is hardcoded path in binaries

View file

@ -36,7 +36,7 @@ in
config = mkMerge [
(mkIf (xcfg.enable && cfg.enable) {
(mkIf cfg.enable {
services.xserver.desktopManager.session = singleton {
name = "plasma5";
bgSupport = true;
@ -161,7 +161,6 @@ in
qtvirtualkeyboard
libsForQt56.phonon-backend-gstreamer
libsForQt5.phonon-backend-gstreamer
xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/

View file

@ -19,7 +19,7 @@ in
};
config = mkIf (config.services.xserver.enable && cfg.enable) {
config = mkIf cfg.enable {
services.xserver.desktopManager.session = singleton
{ name = "xterm";

View file

@ -14,6 +14,23 @@ let
exec "$@"
'';
# Solves problems like:
# https://wiki.archlinux.org/index.php/Talk:Bluetooth_headset#GDMs_pulseaudio_instance_captures_bluetooth_headset
# Instead of blacklisting plugins, we use Fedora's PulseAudio configuration for GDM:
# https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm
pulseConfig = pkgs.writeText "default.pa" ''
load-module module-device-restore
load-module module-card-restore
load-module module-udev-detect
load-module module-native-protocol-unix
load-module module-default-device-restore
load-module module-rescue-streams
load-module module-always-sink
load-module module-intended-roles
load-module module-suspend-on-idle
load-module module-position-event-sounds
'';
in
{
@ -126,6 +143,11 @@ in
GDM_X_SESSION_WRAPPER = "${xSessionWrapper}";
};
execCmd = "exec ${gdm}/bin/gdm";
preStart = optionalString config.hardware.pulseaudio.enable ''
mkdir -p /run/gdm/.config/pulse
ln -sf ${pulseConfig} /run/gdm/.config/pulse/default.pa
chown -R gdm:gdm /run/gdm/.config
'';
};
# Because sd_login_monitor_new requires /run/systemd/machines

View file

@ -347,6 +347,7 @@ in
xkbDir = mkOption {
type = types.path;
default = "${pkgs.xkeyboard_config}/etc/X11/xkb";
description = ''
Path used for -xkbdir xserver parameter.
'';
@ -708,8 +709,6 @@ in
xorg.xf86inputevdev.out
];
services.xserver.xkbDir = mkDefault "${pkgs.xkeyboard_config}/etc/X11/xkb";
system.extraDependencies = singleton (pkgs.runCommand "xkb-validated" {
inherit (cfg) xkbModel layout xkbVariant xkbOptions;
nativeBuildInputs = [ pkgs.xkbvalidate ];