mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-12 20:55:31 +03:00
4f0dadbf38
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
147 lines
3.8 KiB
Nix
147 lines
3.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.services.journald.gateway;
|
|
|
|
cliArgs = lib.cli.toGNUCommandLineShell { } {
|
|
# If either of these are null / false, they are not passed in the command-line
|
|
inherit (cfg)
|
|
cert
|
|
key
|
|
trust
|
|
system
|
|
user
|
|
merge
|
|
;
|
|
};
|
|
in
|
|
{
|
|
meta.maintainers = [ lib.maintainers.raitobezarius ];
|
|
options.services.journald.gateway = {
|
|
enable = lib.mkEnableOption "the HTTP gateway to the journal";
|
|
|
|
port = lib.mkOption {
|
|
default = 19531;
|
|
type = lib.types.port;
|
|
description = ''
|
|
The port to listen to.
|
|
'';
|
|
};
|
|
|
|
cert = lib.mkOption {
|
|
default = null;
|
|
type = with lib.types; nullOr str;
|
|
description = ''
|
|
The path to a file or `AF_UNIX` stream socket to read the server
|
|
certificate from.
|
|
|
|
The certificate must be in PEM format. This option switches
|
|
`systemd-journal-gatewayd` into HTTPS mode and must be used together
|
|
with {option}`services.journald.gateway.key`.
|
|
'';
|
|
};
|
|
|
|
key = lib.mkOption {
|
|
default = null;
|
|
type = with lib.types; nullOr str;
|
|
description = ''
|
|
Specify the path to a file or `AF_UNIX` stream socket to read the
|
|
secret server key corresponding to the certificate specified with
|
|
{option}`services.journald.gateway.cert` from.
|
|
|
|
The key must be in PEM format.
|
|
|
|
This key should not be world-readable, and must be readably by the
|
|
`systemd-journal-gateway` user.
|
|
'';
|
|
};
|
|
|
|
trust = lib.mkOption {
|
|
default = null;
|
|
type = with lib.types; nullOr str;
|
|
description = ''
|
|
Specify the path to a file or `AF_UNIX` stream socket to read a CA
|
|
certificate from.
|
|
|
|
The certificate must be in PEM format.
|
|
|
|
Setting this option enforces client certificate checking.
|
|
'';
|
|
};
|
|
|
|
system = lib.mkOption {
|
|
default = true;
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Serve entries from system services and the kernel.
|
|
|
|
This has the same meaning as `--system` for {manpage}`journalctl(1)`.
|
|
'';
|
|
};
|
|
|
|
user = lib.mkOption {
|
|
default = true;
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Serve entries from services for the current user.
|
|
|
|
This has the same meaning as `--user` for {manpage}`journalctl(1)`.
|
|
'';
|
|
};
|
|
|
|
merge = lib.mkOption {
|
|
default = false;
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Serve entries interleaved from all available journals, including other
|
|
machines.
|
|
|
|
This has the same meaning as `--merge` option for
|
|
{manpage}`journalctl(1)`.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
assertions = [
|
|
{
|
|
# This prevents the weird case were disabling "system" and "user"
|
|
# actually enables both because the cli flags are not present.
|
|
assertion = cfg.system || cfg.user;
|
|
message = ''
|
|
systemd-journal-gatewayd cannot serve neither "system" nor "user"
|
|
journals.
|
|
'';
|
|
}
|
|
];
|
|
|
|
systemd.additionalUpstreamSystemUnits = [
|
|
"systemd-journal-gatewayd.socket"
|
|
"systemd-journal-gatewayd.service"
|
|
];
|
|
|
|
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
|
|
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
|
|
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
|
|
|
|
systemd.services.systemd-journal-gatewayd.serviceConfig.ExecStart = [
|
|
# Clear the default command line
|
|
""
|
|
"${pkgs.systemd}/lib/systemd/systemd-journal-gatewayd ${cliArgs}"
|
|
];
|
|
|
|
systemd.sockets.systemd-journal-gatewayd = {
|
|
wantedBy = [ "sockets.target" ];
|
|
listenStreams = [
|
|
# Clear the default port
|
|
""
|
|
(toString cfg.port)
|
|
];
|
|
};
|
|
};
|
|
}
|