Merge branch 'master' into staging
This commit is contained in:
commit
620c147cce
|
@ -0,0 +1,288 @@
|
|||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="users-guide-to-the-erlang-infrastructure">
|
||||
|
||||
<title>User's Guide to the Erlang Infrastructure</title>
|
||||
|
||||
<section xml:id="how-to-install-erlang-packages">
|
||||
<title>How to install Erlang packages</title>
|
||||
<para>
|
||||
Erlang packages are not registered in the top level simply because
|
||||
they are not relevant to the vast majority of Nix users. They are
|
||||
installable using the <literal>erlangPackages</literal> attribute set.
|
||||
|
||||
You can list the avialable packages in the
|
||||
<literal>erlangPackages</literal> with the following command:
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
$ nix-env -f "<nixpkgs>" -qaP -A erlangPackages
|
||||
erlangPackages.esqlite esqlite-0.2.1
|
||||
erlangPackages.goldrush goldrush-0.1.7
|
||||
erlangPackages.ibrowse ibrowse-4.2.2
|
||||
erlangPackages.jiffy jiffy-0.14.5
|
||||
erlangPackages.lager lager-3.0.2
|
||||
erlangPackages.meck meck-0.8.3
|
||||
erlangPackages.rebar3-pc pc-1.1.0
|
||||
</programlisting>
|
||||
<para>
|
||||
To install any of those packages into your profile, refer to them by
|
||||
their attribute path (first column):
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-env -f "<nixpkgs>" -iA erlangPackages.ibrowse
|
||||
</programlisting>
|
||||
<para>
|
||||
The attribute path of any Erlang packages corresponds to the name
|
||||
of that particular package in Hex or its OTP Application/Release name.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="packaging-erlang-applications">
|
||||
<title>Packaging Erlang Applications</title>
|
||||
<section xml:id="rebar3-packages">
|
||||
<title>Rebar3 Packages</title>
|
||||
<para>
|
||||
There is a Nix functional called
|
||||
<literal>buildRebar3</literal>. We use this function to make a
|
||||
derivation that understands how to build the rebar3 project. For
|
||||
example, the epression we use to build the <link
|
||||
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
|
||||
project follows.
|
||||
</para>
|
||||
<programlisting>
|
||||
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
|
||||
|
||||
buildRebar3 rec {
|
||||
name = "hex2nix";
|
||||
version = "0.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ericbmerritt";
|
||||
repo = "hex2nix";
|
||||
rev = "${version}";
|
||||
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
|
||||
};
|
||||
|
||||
erlangDeps = [ ibrowse jsx erlware_commons ];
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
The only visible difference between this derivation and
|
||||
something like <literal>stdenv.mkDerivation</literal> is that we
|
||||
have added <literal>erlangDeps</literal> to the derivation. If
|
||||
you add your Erlang dependencies here they will be correctly
|
||||
handled by the system.
|
||||
</para>
|
||||
<para>
|
||||
If your package needs to compile native code via Rebar's port
|
||||
compilation mechenism. You should add <literal>compilePort =
|
||||
true;</literal> to the derivation.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="hex-packages">
|
||||
<title>Hex Packages</title>
|
||||
<para>
|
||||
Hex packages are based on Rebar packages. In fact, at the moment
|
||||
we can only compile Hex packages that are buildable with
|
||||
Rebar3. Packages that use Mix and other build systems are not
|
||||
supported. That being said, we know a lot more about Hex and can
|
||||
do more for you.
|
||||
</para>
|
||||
<programlisting>
|
||||
{ buildHex }:
|
||||
buildHex {
|
||||
name = "esqlite";
|
||||
version = "0.2.1";
|
||||
sha256 = "1296fn1lz4lz4zqzn4dwc3flgkh0i6n4sydg501faabfbv8d3wkr";
|
||||
compilePort = true;
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
For Hex packages you need to provide the name, the version, and
|
||||
the Sha 256 digest of the package and use
|
||||
<literal>buildHex</literal> to build it. Obviously, the package
|
||||
needs to have already been published to Hex.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="how-to-develop">
|
||||
<title>How to develop</title>
|
||||
<section xml:id="accessing-an-environment">
|
||||
<title>Accessing an Environment</title>
|
||||
<para>
|
||||
Often, all you want to do is be able to access a valid
|
||||
environment that contains a specific package and its
|
||||
dependencies. we can do that with the <literal>env</literal>
|
||||
part of a derivation. For example, lets say we want to access an
|
||||
erlang repl with ibrowse loaded up. We could do the following.
|
||||
</para>
|
||||
<programlisting>
|
||||
~/w/nixpkgs ❯❯❯ nix-shell -A erlangPackages.ibrowse.env --run "erl"
|
||||
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
|
||||
|
||||
Eshell V7.0 (abort with ^G)
|
||||
1> m(ibrowse).
|
||||
Module: ibrowse
|
||||
MD5: 3b3e0137d0cbb28070146978a3392945
|
||||
Compiled: January 10 2016, 23:34
|
||||
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
|
||||
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
|
||||
debug_info,debug_info,nowarn_shadow_vars,
|
||||
warn_unused_import,warn_unused_vars,warnings_as_errors,
|
||||
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
|
||||
Exports:
|
||||
add_config/1 send_req_direct/7
|
||||
all_trace_off/0 set_dest/3
|
||||
code_change/3 set_max_attempts/3
|
||||
get_config_value/1 set_max_pipeline_size/3
|
||||
get_config_value/2 set_max_sessions/3
|
||||
get_metrics/0 show_dest_status/0
|
||||
get_metrics/2 show_dest_status/1
|
||||
handle_call/3 show_dest_status/2
|
||||
handle_cast/2 spawn_link_worker_process/1
|
||||
handle_info/2 spawn_link_worker_process/2
|
||||
init/1 spawn_worker_process/1
|
||||
module_info/0 spawn_worker_process/2
|
||||
module_info/1 start/0
|
||||
rescan_config/0 start_link/0
|
||||
rescan_config/1 stop/0
|
||||
send_req/3 stop_worker_process/1
|
||||
send_req/4 stream_close/1
|
||||
send_req/5 stream_next/1
|
||||
send_req/6 terminate/2
|
||||
send_req_direct/4 trace_off/0
|
||||
send_req_direct/5 trace_off/2
|
||||
send_req_direct/6 trace_on/0
|
||||
trace_on/2
|
||||
ok
|
||||
2>
|
||||
</programlisting>
|
||||
<para>
|
||||
Notice the <literal>-A erlangPackages.ibrowse.env</literal>.That
|
||||
is the key to this functionality.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="creating-a-shell">
|
||||
<title>Creating a Shell</title>
|
||||
<para>
|
||||
Getting access to an environment often isn't enough to do real
|
||||
development. Many times we need to create a
|
||||
<literal>shell.nix</literal> file and do our development inside
|
||||
of the environment specified by that file. This file looks a lot
|
||||
like the packageing described above. The main difference is that
|
||||
<literal>src</literal> points to project root and we call the
|
||||
package directly.
|
||||
</para>
|
||||
<programlisting>
|
||||
{ pkgs ? import "<nixpkgs"> {} }:
|
||||
|
||||
with pkgs;
|
||||
|
||||
let
|
||||
|
||||
f = { buildHex, ibrowse, jsx, erlware_commons }:
|
||||
buildHex {
|
||||
name = "hex2nix";
|
||||
version = "0.1.0";
|
||||
src = ./.;
|
||||
erlangDeps = [ ibrowse jsx erlware_commons ];
|
||||
};
|
||||
drv = erlangPackages.callPackage f {};
|
||||
|
||||
in
|
||||
drv
|
||||
</programlisting>
|
||||
<section xml:id="building-in-a-shell">
|
||||
<title>Building in a shell</title>
|
||||
<para>
|
||||
Unfortunatly for us users of Nix, Rebar isn't very cooperative
|
||||
with us from the standpoint of building a hermetic
|
||||
environment. When building the rebar3 support we had to do some
|
||||
sneaky things to get it not to go out and pull packages on its
|
||||
own. Also unfortunately, you have to do some of the same things
|
||||
when building a project inside of a Nix shell.
|
||||
|
||||
<orderedlist numeration="arabic">
|
||||
<listitem>
|
||||
<para>Run <literal>rebar3-nix-bootstrap</literal> every time
|
||||
dependencies change</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Set Home to the current directory.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
If you do these two things then Rebar will be happy with you. I
|
||||
codify these into a makefile. Forunately, rebar3-nix-bootstrap
|
||||
is idempotent and fairly quick. so you can run it as often as
|
||||
you like.
|
||||
</para>
|
||||
<programlisting>
|
||||
# =============================================================================
|
||||
# Rules
|
||||
# =============================================================================
|
||||
.PHONY= all test clean repl shell build test analyze bootstrap
|
||||
|
||||
all: test
|
||||
|
||||
clean:
|
||||
rm -rf _build
|
||||
rm -rf .cache
|
||||
|
||||
repl:
|
||||
nix-shell --run "erl"
|
||||
|
||||
shell:
|
||||
nix-shell --run "bash"
|
||||
|
||||
bootstrap:
|
||||
nix-shell --pure --run "rebar3-nix-bootstrap"
|
||||
|
||||
build: bootstrap
|
||||
nix-shell --pure --run "HOME=$(CURDIR) rebar3 compile"
|
||||
|
||||
analyze: bootstrap
|
||||
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer"
|
||||
|
||||
test: bootstrap
|
||||
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer,eunit"
|
||||
|
||||
</programlisting>
|
||||
<para>
|
||||
If you add the <literal>shell.nix</literal> as described and
|
||||
user rebar as follows things should simply work.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="generating-packages-from-hex-with-hex2nix">
|
||||
<title>Generating Packages from Hex with Hex2Nix</title>
|
||||
<para>
|
||||
Updating the Hex packages requires the use of the
|
||||
<literal>hex2nix</literal> tool. Given the path to the Erlang
|
||||
modules (usually
|
||||
<literal>pkgs/development/erlang-modules</literal>). It will
|
||||
happily dump a file called
|
||||
<literal>hex-packages.nix</literal>. That file will contain all
|
||||
the packages that use a recognized build system in Hex. However,
|
||||
it can't know whether or not all those packages are buildable.
|
||||
</para>
|
||||
<para>
|
||||
To make life easier for our users, it makes good sense to go
|
||||
ahead and attempt to build all those packages and remove the
|
||||
ones that don't build. To do that, simply run the command (in
|
||||
the root of your <literal>nixpkgs</literal> repository). that follows.
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-build -A erlangPackages
|
||||
</programlisting>
|
||||
<para>
|
||||
That will build every package in
|
||||
<literal>erlangPackages</literal>. Then you can go through and
|
||||
manually remove the ones that fail. Hopefully, someone will
|
||||
improve <literal>hex2nix</literal> in the future to automate
|
||||
that.
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -20,6 +20,7 @@
|
|||
<xi:include href="coding-conventions.xml" />
|
||||
<xi:include href="submitting-changes.xml" />
|
||||
<xi:include href="haskell-users-guide.xml" />
|
||||
<xi:include href="erlang-users-guide.xml" />
|
||||
<xi:include href="contributing.xml" />
|
||||
|
||||
</book>
|
||||
|
|
|
@ -335,6 +335,7 @@
|
|||
wyvie = "Elijah Rum <elijahrum@gmail.com>";
|
||||
yarr = "Dmitry V. <savraz@gmail.com>";
|
||||
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
|
||||
zagy = "Christian Zagrodnick <cz@flyingcircus.io>";
|
||||
zef = "Zef Hemel <zef@zef.me>";
|
||||
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
|
||||
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
|
||||
|
|
|
@ -57,6 +57,7 @@ in
|
|||
users.ldap = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable authentication against an LDAP server.";
|
||||
};
|
||||
|
|
|
@ -99,6 +99,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pulseaudioLight;
|
||||
defaultText = "pkgs.pulseaudioLight";
|
||||
example = literalExample "pkgs.pulseaudioFull";
|
||||
description = ''
|
||||
The PulseAudio derivation to use. This can be used to enable
|
||||
|
|
|
@ -119,6 +119,7 @@ in
|
|||
|
||||
environment.binsh = mkOption {
|
||||
default = "${config.system.build.binsh}/bin/sh";
|
||||
defaultText = "\${config.system.build.binsh}/bin/sh";
|
||||
example = literalExample ''
|
||||
"''${pkgs.dash}/bin/dash"
|
||||
'';
|
||||
|
|
|
@ -10,8 +10,9 @@ with lib;
|
|||
|
||||
options = {
|
||||
environment.unixODBCDrivers = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = literalExample "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
|
||||
example = literalExample "with pkgs.unixODBCDrivers; [ mysql psql psqlng ]";
|
||||
description = ''
|
||||
Specifies Unix ODBC drivers to be registered in
|
||||
<filename>/etc/odbcinst.ini</filename>. You may also want to
|
||||
|
@ -26,7 +27,7 @@ with lib;
|
|||
config = mkIf (config.environment.unixODBCDrivers != []) {
|
||||
|
||||
environment.etc."odbcinst.ini".text =
|
||||
let inis = config.environment.unixODBCDrivers;
|
||||
let inis = map (x : x.ini) config.environment.unixODBCDrivers;
|
||||
in lib.concatStringsSep "\n" inis;
|
||||
|
||||
};
|
||||
|
|
|
@ -17,7 +17,9 @@ let
|
|||
mkdir -p $out
|
||||
cp -prd ${pkgs.path} $out/nixos
|
||||
chmod -R u+w $out/nixos
|
||||
ln -s . $out/nixos/nixpkgs
|
||||
if [ ! -e $out/nixos/nixpkgs ]; then
|
||||
ln -s . $out/nixos/nixpkgs
|
||||
fi
|
||||
rm -rf $out/nixos/.git
|
||||
echo -n ${config.system.nixosVersionSuffix} > $out/nixos/.version-suffix
|
||||
'';
|
||||
|
|
|
@ -109,7 +109,7 @@ in
|
|||
# not be started by default on the installation CD because the
|
||||
# default root password is empty.
|
||||
services.openssh.enable = true;
|
||||
jobs.openssh.startOn = lib.mkOverride 50 "";
|
||||
systemd.services.openssh.wantedBy = lib.mkOverride 50 [];
|
||||
|
||||
# To be able to use the systemTarball to catch troubles.
|
||||
boot.crashDump = {
|
||||
|
|
|
@ -24,6 +24,7 @@ in
|
|||
'';
|
||||
};
|
||||
kernelPackages = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.linuxPackages;
|
||||
# We don't want to evaluate all of linuxPackages for the manual
|
||||
# - some of it might not even evaluate correctly.
|
||||
|
|
|
@ -245,6 +245,9 @@
|
|||
opendkim = 221;
|
||||
dspam = 222;
|
||||
gale = 223;
|
||||
matrix-synapse = 224;
|
||||
rspamd = 225;
|
||||
rmilter = 226;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
|
@ -467,6 +470,9 @@
|
|||
opendkim = 221;
|
||||
dspam = 222;
|
||||
gale = 223;
|
||||
matrix-synapse = 224;
|
||||
rspamd = 225;
|
||||
rmilter = 226;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -37,8 +37,8 @@ with lib;
|
|||
|
||||
nixos.extraModules = mkOption {
|
||||
default = [];
|
||||
example = literalExample "mkIf config.services.openssh.enable [ ./sshd-config.nix ]";
|
||||
type = types.listOf types.unspecified;
|
||||
example = literalExample "[ ./sshd-config.nix ]";
|
||||
type = types.listOf (types.either (types.submodule ({...}:{options={};})) types.path);
|
||||
description = ''
|
||||
Define additional modules which would be loaded to evaluate the
|
||||
configuration.
|
||||
|
|
|
@ -193,6 +193,8 @@
|
|||
./services/mail/postfix.nix
|
||||
./services/mail/postsrsd.nix
|
||||
./services/mail/spamassassin.nix
|
||||
./services/mail/rspamd.nix
|
||||
./services/mail/rmilter.nix
|
||||
./services/misc/apache-kafka.nix
|
||||
./services/misc/autofs.nix
|
||||
./services/misc/bepasty.nix
|
||||
|
@ -214,6 +216,7 @@
|
|||
./services/misc/gpsd.nix
|
||||
./services/misc/ihaskell.nix
|
||||
./services/misc/mathics.nix
|
||||
./services/misc/matrix-synapse.nix
|
||||
./services/misc/mbpfan.nix
|
||||
./services/misc/mediatomb.nix
|
||||
./services/misc/mesos-master.nix
|
||||
|
|
|
@ -93,7 +93,9 @@ in
|
|||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.openssh;
|
||||
defaultText = "pkgs.openssh";
|
||||
description = ''
|
||||
The package used for the openssh client and daemon.
|
||||
'';
|
||||
|
@ -142,16 +144,18 @@ in
|
|||
description = ''
|
||||
The set of system-wide known SSH hosts.
|
||||
'';
|
||||
example = [
|
||||
{
|
||||
hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
|
||||
publicKeyFile = literalExample "./pubkeys/myhost_ssh_host_dsa_key.pub";
|
||||
}
|
||||
{
|
||||
hostNames = [ "myhost2" ];
|
||||
publicKeyFile = literalExample "./pubkeys/myhost2_ssh_host_dsa_key.pub";
|
||||
}
|
||||
];
|
||||
example = literalExample ''
|
||||
[
|
||||
{
|
||||
hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
|
||||
publicKeyFile = "./pubkeys/myhost_ssh_host_dsa_key.pub";
|
||||
}
|
||||
{
|
||||
hostNames = [ "myhost2" ];
|
||||
publicKeyFile = "./pubkeys/myhost2_ssh_host_dsa_key.pub";
|
||||
}
|
||||
]
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
@ -98,18 +98,18 @@ in
|
|||
loginShellInit = cfge.loginShellInit;
|
||||
|
||||
interactiveShellInit = ''
|
||||
${cfge.interactiveShellInit}
|
||||
|
||||
${cfg.promptInit}
|
||||
${zshAliases}
|
||||
|
||||
# Some sane history defaults
|
||||
# history defaults
|
||||
export SAVEHIST=2000
|
||||
export HISTSIZE=2000
|
||||
export HISTFILE=$HOME/.zsh_history
|
||||
|
||||
setopt HIST_IGNORE_DUPS SHARE_HISTORY HIST_FCNTL_LOCK
|
||||
|
||||
${cfge.interactiveShellInit}
|
||||
|
||||
${cfg.promptInit}
|
||||
${zshAliases}
|
||||
|
||||
# Tell zsh how to find installed completions
|
||||
for p in ''${(z)NIX_PROFILES}; do
|
||||
fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions)
|
||||
|
|
|
@ -46,7 +46,7 @@ in
|
|||
example = {
|
||||
myStream1 = literalExample "\"/etc/liquidsoap/myStream1.liq\"";
|
||||
myStream2 = literalExample "./myStream2.liq";
|
||||
myStream3 = literalExample "\"out(playlist(\"/srv/music/\"))\"";
|
||||
myStream3 = literalExample "\"out(playlist(\\\"/srv/music/\\\"))\"";
|
||||
};
|
||||
|
||||
type = types.attrsOf (types.either types.path types.str);
|
||||
|
|
|
@ -207,7 +207,7 @@ in {
|
|||
description = ''
|
||||
Extra configuration to be passed in Client directive.
|
||||
'';
|
||||
example = literalExample ''
|
||||
example = ''
|
||||
Maximum Concurrent Jobs = 20;
|
||||
Heartbeat Interval = 30;
|
||||
'';
|
||||
|
@ -218,7 +218,7 @@ in {
|
|||
description = ''
|
||||
Extra configuration to be passed in Messages directive.
|
||||
'';
|
||||
example = literalExample ''
|
||||
example = ''
|
||||
console = all
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -43,6 +43,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.rsnapshot;
|
||||
defaultText = "pkgs.rsnapshot";
|
||||
example = literalExample "pkgs.rsnapshotGit";
|
||||
description = ''
|
||||
RSnapshot package to use.
|
||||
|
|
|
@ -5,9 +5,9 @@ with lib;
|
|||
let
|
||||
cfg = config.services.tarsnap;
|
||||
|
||||
configFile = cfg: ''
|
||||
cachedir ${config.services.tarsnap.cachedir}
|
||||
keyfile ${config.services.tarsnap.keyfile}
|
||||
configFile = name: cfg: ''
|
||||
cachedir ${config.services.tarsnap.cachedir}/${name}
|
||||
keyfile ${cfg.keyfile}
|
||||
${optionalString cfg.nodump "nodump"}
|
||||
${optionalString cfg.printStats "print-stats"}
|
||||
${optionalString cfg.printStats "humanize-numbers"}
|
||||
|
@ -41,6 +41,20 @@ in
|
|||
account.
|
||||
Create the keyfile with <command>tarsnap-keygen</command>.
|
||||
|
||||
Note that each individual archive (specified below) may also have its
|
||||
own individual keyfile specified. Tarsnap does not allow multiple
|
||||
concurrent backups with the same cache directory and key (starting a
|
||||
new backup will cause another one to fail). If you have multiple
|
||||
archives specified, you should either spread out your backups to be
|
||||
far apart, or specify a separate key for each archive. By default
|
||||
every archive defaults to using
|
||||
<literal>"/root/tarsnap.key"</literal>.
|
||||
|
||||
It's recommended for backups that you generate a key for every archive
|
||||
using <literal>tarsnap-keygen(1)</literal>, and then generate a
|
||||
write-only tarsnap key using <literal>tarsnap-keymgmt(1)</literal>,
|
||||
and keep your master key(s) for a particular machine off-site.
|
||||
|
||||
The keyfile name should be given as a string and not a path, to
|
||||
avoid the key being copied into the Nix store.
|
||||
'';
|
||||
|
@ -57,6 +71,12 @@ in
|
|||
will refuse to run until you manually rebuild the cache with
|
||||
<command>tarsnap --fsck</command>.
|
||||
|
||||
Note that each individual archive (specified below) has its own cache
|
||||
directory specified under <literal>cachedir</literal>; this is because
|
||||
tarsnap locks the cache during backups, meaning multiple services
|
||||
archives cannot be backed up concurrently or overlap with a shared
|
||||
cache.
|
||||
|
||||
Set to <literal>null</literal> to disable caching.
|
||||
'';
|
||||
};
|
||||
|
@ -65,6 +85,28 @@ in
|
|||
type = types.attrsOf (types.submodule (
|
||||
{
|
||||
options = {
|
||||
keyfile = mkOption {
|
||||
type = types.str;
|
||||
default = config.services.tarsnap.keyfile;
|
||||
description = ''
|
||||
Set a specific keyfile for this archive. This defaults to
|
||||
<literal>"/root/tarsnap.key"</literal> if left unspecified.
|
||||
|
||||
Use this option if you want to run multiple backups
|
||||
concurrently - each archive must have a unique key. You can
|
||||
generate a write-only key derived from your master key (which
|
||||
is recommended) using <literal>tarsnap-keymgmt(1)</literal>.
|
||||
|
||||
Note: every archive must have an individual master key. You
|
||||
must generate multiple keys with
|
||||
<literal>tarsnap-keygen(1)</literal>, and then generate write
|
||||
only keys from those.
|
||||
|
||||
The keyfile name should be given as a string and not a path, to
|
||||
avoid the key being copied into the Nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
nodump = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -258,6 +300,7 @@ in
|
|||
mkdir -p -m 0700 ${cfg.cachedir}
|
||||
chown root:root ${cfg.cachedir}
|
||||
chmod 0700 ${cfg.cachedir}
|
||||
mkdir -p -m 0700 ${cfg.cachedir}/$1
|
||||
DIRS=`cat /etc/tarsnap/$1.dirs`
|
||||
exec tarsnap --configfile /etc/tarsnap/$1.conf -c -f $1-$(date +"%Y%m%d%H%M%S") $DIRS
|
||||
'';
|
||||
|
@ -280,7 +323,7 @@ in
|
|||
|
||||
environment.etc =
|
||||
(mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf"
|
||||
{ text = configFile cfg;
|
||||
{ text = configFile name cfg;
|
||||
}) cfg.archives) //
|
||||
(mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.dirs"
|
||||
{ text = concatStringsSep " " cfg.directories;
|
||||
|
|
|
@ -80,6 +80,7 @@ in {
|
|||
|
||||
packages = mkOption {
|
||||
default = [ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ];
|
||||
defaultText = "[ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ]";
|
||||
type = types.listOf types.package;
|
||||
description = ''
|
||||
Packages to add to PATH for the jenkins process.
|
||||
|
|
|
@ -74,7 +74,7 @@ in {
|
|||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
]
|
||||
'';
|
||||
description = ''
|
||||
Job descriptions for Jenkins Job Builder in Nix format.
|
||||
|
|
|
@ -38,6 +38,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.couchdb;
|
||||
defaultText = "pkgs.couchdb";
|
||||
example = literalExample "pkgs.couchdb";
|
||||
description = ''
|
||||
CouchDB package to use.
|
||||
|
|
|
@ -49,6 +49,7 @@ in
|
|||
|
||||
package = mkOption {
|
||||
default = pkgs.firebirdSuper;
|
||||
defaultText = "pkgs.firebirdSuper";
|
||||
type = types.package;
|
||||
/*
|
||||
Example: <code>package = pkgs.firebirdSuper.override { icu =
|
||||
|
|
|
@ -44,6 +44,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.hbase;
|
||||
defaultText = "pkgs.hbase";
|
||||
example = literalExample "pkgs.hbase";
|
||||
description = ''
|
||||
HBase package to use.
|
||||
|
|
|
@ -120,6 +120,7 @@ in
|
|||
|
||||
package = mkOption {
|
||||
default = pkgs.influxdb;
|
||||
defaultText = "pkgs.influxdb";
|
||||
description = "Which influxdb derivation to use";
|
||||
type = types.package;
|
||||
};
|
||||
|
|
|
@ -41,6 +41,7 @@ in
|
|||
|
||||
package = mkOption {
|
||||
default = pkgs.mongodb;
|
||||
defaultText = "pkgs.mongodb";
|
||||
type = types.package;
|
||||
description = "
|
||||
Which MongoDB derivation to use.
|
||||
|
|
|
@ -49,6 +49,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Neo4j package to use.";
|
||||
default = pkgs.neo4j;
|
||||
defaultText = "pkgs.neo4j";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
|
|
@ -25,22 +25,7 @@ in
|
|||
description = "
|
||||
Whether to enable the ldap server.
|
||||
";
|
||||
example = literalExample ''
|
||||
openldap.enable = true;
|
||||
openldap.extraConfig = '''
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/core.schema
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/cosine.schema
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/nis.schema
|
||||
|
||||
database bdb
|
||||
suffix dc=example,dc=org
|
||||
rootdn cn=admin,dc=example,dc=org
|
||||
# NOTE: change after first start
|
||||
rootpw secret
|
||||
directory /var/db/openldap
|
||||
''';
|
||||
'';
|
||||
example = true;
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
|
@ -67,6 +52,19 @@ in
|
|||
description = "
|
||||
sldapd.conf configuration
|
||||
";
|
||||
example = ''
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/core.schema
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/cosine.schema
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
|
||||
include ''${pkgs.openldap}/etc/openldap/schema/nis.schema
|
||||
|
||||
database bdb
|
||||
suffix dc=example,dc=org
|
||||
rootdn cn=admin,dc=example,dc=org
|
||||
# NOTE: change after first start
|
||||
rootpw secret
|
||||
directory /var/db/openldap
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.opentsdb;
|
||||
defaultText = "pkgs.opentsdb";
|
||||
example = literalExample "pkgs.opentsdb";
|
||||
description = ''
|
||||
OpenTSDB package to use.
|
||||
|
|
|
@ -46,6 +46,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.redis;
|
||||
defaultText = "pkgs.redis";
|
||||
description = "Which Redis derivation to use.";
|
||||
};
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ let
|
|||
}
|
||||
'';
|
||||
|
||||
events = [powerEvent lidEvent acEvent];
|
||||
events = [powerEvent lidEvent acEvent muteEvent volumeDownEvent volumeUpEvent cdPlayEvent cdNextEvent cdPrevEvent];
|
||||
|
||||
# Called when the power button is pressed.
|
||||
powerEvent =
|
||||
|
@ -55,6 +55,61 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
muteEvent = {
|
||||
name = "mute";
|
||||
event = "button/mute.*";
|
||||
action = ''
|
||||
#! ${pkgs.bash}/bin/sh
|
||||
${config.services.acpid.muteCommands}
|
||||
'';
|
||||
};
|
||||
|
||||
volumeDownEvent = {
|
||||
name = "volume-down";
|
||||
event = "button/volumedown.*";
|
||||
action = ''
|
||||
#! ${pkgs.bash}/bin/sh
|
||||
${config.services.acpid.volumeDownEventCommands}
|
||||
'';
|
||||
};
|
||||
|
||||
volumeUpEvent = {
|
||||
name = "volume-up";
|
||||
event = "button/volumeup.*";
|
||||
action = ''
|
||||
#! ${pkgs.bash}/bin/sh
|
||||
${config.services.acpid.volumeUpEventCommands}
|
||||
'';
|
||||
};
|
||||
|
||||
cdPlayEvent = {
|
||||
name = "cd-play";
|
||||
event = "cd/play.*";
|
||||
action = ''
|
||||
#! ${pkgs.bash}/bin/sh
|
||||
${config.services.acpid.cdPlayEventCommands}
|
||||
'';
|
||||
};
|
||||
|
||||
cdNextEvent = {
|
||||
name = "cd-next";
|
||||
event = "cd/next.*";
|
||||
action = ''
|
||||
#! ${pkgs.bash}/bin/sh
|
||||
${config.services.acpid.cdNextEventCommands}
|
||||
'';
|
||||
};
|
||||
|
||||
cdPrevEvent = {
|
||||
name = "cd-prev";
|
||||
event = "cd/prev.*";
|
||||
action = ''
|
||||
#! ${pkgs.bash}/bin/sh
|
||||
${config.services.acpid.cdPrevEventCommands}
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -89,6 +144,42 @@ in
|
|||
description = "Shell commands to execute on an ac_adapter.* event.";
|
||||
};
|
||||
|
||||
muteCommands = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Shell commands to execute on an button/mute.* event.";
|
||||
};
|
||||
|
||||
volumeDownEventCommands = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Shell commands to execute on an button/volumedown.* event.";
|
||||
};
|
||||
|
||||
volumeUpEventCommands = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Shell commands to execute on an button/volumeup.* event.";
|
||||
};
|
||||
|
||||
cdPlayEventCommands = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Shell commands to execute on an cd/play.* event.";
|
||||
};
|
||||
|
||||
cdNextEventCommands = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Shell commands to execute on an cd/next.* event.";
|
||||
};
|
||||
|
||||
cdPrevEventCommands = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Shell commands to execute on an cd/prev.* event.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
@ -21,6 +21,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.freefall;
|
||||
defaultText = "pkgs.freefall";
|
||||
description = ''
|
||||
freefall derivation to use.
|
||||
'';
|
||||
|
|
|
@ -27,6 +27,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.upower;
|
||||
defaultText = "pkgs.upower";
|
||||
example = lib.literalExample "pkgs.upower";
|
||||
description = ''
|
||||
Which upower package to use.
|
||||
|
|
|
@ -13,6 +13,7 @@ in
|
|||
options = {
|
||||
services.logrotate = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the logrotate cron job
|
||||
|
|
|
@ -33,6 +33,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.logstash;
|
||||
defaultText = "pkgs.logstash";
|
||||
example = literalExample "pkgs.logstash";
|
||||
description = "Logstash package to use.";
|
||||
};
|
||||
|
@ -84,7 +85,7 @@ in
|
|||
type = types.lines;
|
||||
default = ''stdin { type => "example" }'';
|
||||
description = "Logstash input configuration.";
|
||||
example = literalExample ''
|
||||
example = ''
|
||||
# Read from journal
|
||||
pipe {
|
||||
command => "''${pkgs.systemd}/bin/journalctl -f -o json"
|
||||
|
|
|
@ -39,6 +39,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.syslogng;
|
||||
defaultText = "pkgs.syslogng";
|
||||
description = ''
|
||||
The package providing syslog-ng binaries.
|
||||
'';
|
||||
|
|
|
@ -90,6 +90,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.dovecot22;
|
||||
defaultText = "pkgs.dovecot22";
|
||||
description = "Dovecot package to use.";
|
||||
};
|
||||
|
||||
|
@ -131,7 +132,7 @@ in
|
|||
modules = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = [ pkgs.dovecot_pigeonhole ];
|
||||
example = literalExample "[ pkgs.dovecot_pigeonhole ]";
|
||||
description = ''
|
||||
Symlinks the contents of lib/dovecot of every given package into
|
||||
/var/lib/dovecot/modules. This will make the given modules available
|
||||
|
|
|
@ -300,7 +300,7 @@ in
|
|||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "
|
||||
Extra lines to be added verbatim to the main.cf configuration file.
|
||||
|
|
|
@ -0,0 +1,189 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
rspamdCfg = config.services.rspamd;
|
||||
cfg = config.services.rmilter;
|
||||
|
||||
rmilterConf = ''
|
||||
pidfile = /run/rmilter/rmilter.pid;
|
||||
bind_socket = ${cfg.bindSocket};
|
||||
tempdir = /tmp;
|
||||
|
||||
'' + (with cfg.rspamd; if enable then ''
|
||||
spamd {
|
||||
servers = ${concatStringsSep ", " servers};
|
||||
connect_timeout = 1s;
|
||||
results_timeout = 20s;
|
||||
error_time = 10;
|
||||
dead_time = 300;
|
||||
maxerrors = 10;
|
||||
reject_message = "${rejectMessage}";
|
||||
${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"}
|
||||
|
||||
# rspamd_metric - metric for using with rspamd
|
||||
# Default: "default"
|
||||
rspamd_metric = "default";
|
||||
${extraConfig}
|
||||
};
|
||||
'' else "") + cfg.extraConfig;
|
||||
|
||||
rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.rmilter = {
|
||||
|
||||
enable = mkOption {
|
||||
default = cfg.rspamd.enable;
|
||||
description = "Whether to run the rmilter daemon.";
|
||||
};
|
||||
|
||||
debug = mkOption {
|
||||
default = false;
|
||||
description = "Whether to run the rmilter daemon in debug mode.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "rmilter";
|
||||
description = ''
|
||||
User to use when no root privileges are required.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "rmilter";
|
||||
description = ''
|
||||
Group to use when no root privileges are required.
|
||||
'';
|
||||
};
|
||||
|
||||
bindSocket = mkOption {
|
||||
type = types.string;
|
||||
default = "unix:/run/rmilter/rmilter.sock";
|
||||
description = "Socket to listed for MTA requests";
|
||||
example = ''
|
||||
"unix:/run/rmilter/rmilter.sock" or
|
||||
"inet:11990@127.0.0.1"
|
||||
'';
|
||||
};
|
||||
|
||||
rspamd = {
|
||||
enable = mkOption {
|
||||
default = rspamdCfg.enable;
|
||||
description = "Whether to use rspamd to filter mails";
|
||||
};
|
||||
|
||||
servers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = ["r:0.0.0.0:11333"];
|
||||
description = ''
|
||||
Spamd socket definitions.
|
||||
Is server name is prefixed with r: it is rspamd server.
|
||||
'';
|
||||
};
|
||||
|
||||
whitelist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = "list of ips or nets that should be not checked with spamd";
|
||||
};
|
||||
|
||||
rejectMessage = mkOption {
|
||||
type = types.str;
|
||||
default = "Spam message rejected; If this is not spam contact abuse";
|
||||
description = "reject message for spam";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Custom snippet to append to end of `spamd' section";
|
||||
};
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Custom snippet to append to rmilter config";
|
||||
};
|
||||
|
||||
postfix = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Add rmilter to postfix main.conf";
|
||||
};
|
||||
|
||||
configFragment = mkOption {
|
||||
type = types.str;
|
||||
description = "Addon to postfix configuration";
|
||||
default = ''
|
||||
smtpd_milters = ${cfg.bindSocket}
|
||||
# or for TCP socket
|
||||
# # smtpd_milters = inet:localhost:9900
|
||||
milter_protocol = 6
|
||||
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
|
||||
# skip mail without checks if milter will die
|
||||
milter_default_action = accept
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
users.extraUsers = singleton {
|
||||
name = cfg.user;
|
||||
description = "rspamd daemon";
|
||||
uid = config.ids.uids.rmilter;
|
||||
group = cfg.group;
|
||||
};
|
||||
|
||||
users.extraGroups = singleton {
|
||||
name = cfg.group;
|
||||
gid = config.ids.gids.rmilter;
|
||||
};
|
||||
|
||||
systemd.services.rmilter = {
|
||||
description = "Rmilter Service";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
PermissionsStartOnly = true;
|
||||
Restart = "always";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
${pkgs.coreutils}/bin/mkdir -p /run/rmilter
|
||||
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,90 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.rspamd;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.rspamd = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "Whether to run the rspamd daemon.";
|
||||
};
|
||||
|
||||
debug = mkOption {
|
||||
default = false;
|
||||
description = "Whether to run the rspamd daemon in debug mode.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "rspamd";
|
||||
description = ''
|
||||
User to use when no root privileges are required.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "rspamd";
|
||||
description = ''
|
||||
Group to use when no root privileges are required.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# Allow users to run 'rspamc' and 'rspamadm'.
|
||||
environment.systemPackages = [ pkgs.rspamd ];
|
||||
|
||||
users.extraUsers = singleton {
|
||||
name = cfg.user;
|
||||
description = "rspamd daemon";
|
||||
uid = config.ids.uids.rspamd;
|
||||
group = cfg.group;
|
||||
};
|
||||
|
||||
users.extraGroups = singleton {
|
||||
name = cfg.group;
|
||||
gid = config.ids.gids.spamd;
|
||||
};
|
||||
|
||||
systemd.services.rspamd = {
|
||||
description = "Rspamd Service";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
|
||||
RuntimeDirectory = "/var/lib/rspamd";
|
||||
PermissionsStartOnly = true;
|
||||
Restart = "always";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
${pkgs.coreutils}/bin/mkdir -p /var/{lib,log}/rspamd
|
||||
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -118,9 +118,8 @@ in {
|
|||
|
||||
package = mkOption {
|
||||
description = "The kafka package to use";
|
||||
|
||||
default = pkgs.apacheKafka;
|
||||
|
||||
defaultText = "pkgs.apacheKafka";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
|
|
@ -27,8 +27,9 @@ in
|
|||
};
|
||||
|
||||
autoMaster = mkOption {
|
||||
type = types.str;
|
||||
example = literalExample ''
|
||||
autoMaster = let
|
||||
let
|
||||
mapConf = pkgs.writeText "auto" '''
|
||||
kernel -ro,soft,intr ftp.kernel.org:/pub/linux
|
||||
boot -fstype=ext2 :/dev/hda1
|
||||
|
|
|
@ -41,6 +41,7 @@ in
|
|||
|
||||
package = mkOption {
|
||||
default = pkgs.cgminer;
|
||||
defaultText = "pkgs.cgminer";
|
||||
description = "Which cgminer derivation to use.";
|
||||
type = types.package;
|
||||
};
|
||||
|
|
|
@ -64,6 +64,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Confd package to use.";
|
||||
default = pkgs.confd;
|
||||
defaultText = "pkgs.confd";
|
||||
type = types.package;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -110,6 +110,7 @@ in
|
|||
// optionalAttrs (config.services.mysql.enable) { mysqlPort = config.services.mysql.port; }
|
||||
// optionalAttrs (config.services.tomcat.enable) { tomcatPort = 8080; }
|
||||
// optionalAttrs (config.services.svnserve.enable) { svnBaseDir = config.services.svnserve.svnBaseDir; }
|
||||
// optionalAttrs (config.services.ejabberd.enable) { ejabberdUser = config.services.ejabberd.user; }
|
||||
// optionalAttrs (cfg.publishInfrastructure.enableAuthentication) (
|
||||
optionalAttrs (config.services.mysql.enable) { mysqlUsername = "root"; mysqlPassword = readFile config.services.mysql.rootPassword; })
|
||||
)
|
||||
|
|
|
@ -77,11 +77,11 @@ in {
|
|||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
"CORS": "*",
|
||||
"NAME": "default-name",
|
||||
"MAX_RESULT_BUFFER": "1024",
|
||||
"MAX_CLUSTER_SIZE": "9",
|
||||
"MAX_RETRY_ATTEMPTS": "3"
|
||||
"CORS" = "*";
|
||||
"NAME" = "default-name";
|
||||
"MAX_RESULT_BUFFER" = "1024";
|
||||
"MAX_CLUSTER_SIZE" = "9";
|
||||
"MAX_RETRY_ATTEMPTS" = "3";
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -23,7 +23,9 @@ in
|
|||
};
|
||||
|
||||
bundles = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ pkgs.felix_remoteshell ];
|
||||
defaultText = "[ pkgs.felix_remoteshell ]";
|
||||
description = "List of bundles that should be activated on startup";
|
||||
};
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ let
|
|||
};
|
||||
|
||||
haskellPackages = mkOption {
|
||||
type = types.attrsOf types.package;
|
||||
default = pkgs.haskellPackages;
|
||||
defaultText = "pkgs.haskellPackages";
|
||||
example = literalExample "pkgs.haskell.packages.ghc784";
|
||||
|
|
|
@ -22,6 +22,7 @@ in
|
|||
};
|
||||
|
||||
haskellPackages = mkOption {
|
||||
type = types.attrsOf types.package;
|
||||
default = pkgs.haskellPackages;
|
||||
defaultText = "pkgs.haskellPackages";
|
||||
example = literalExample "pkgs.haskell.packages.ghc784";
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
version: 1
|
||||
|
||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
||||
# from the message text.
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
handlers: [journal]
|
||||
|
||||
disable_existing_loggers: False
|
|
@ -0,0 +1,279 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse;
|
||||
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
|
||||
configFile = pkgs.writeText "homeserver.yaml" ''
|
||||
tls_certificate_path: "${cfg.tls_certificate_path}"
|
||||
tls_private_key_path: "${cfg.tls_private_key_path}"
|
||||
tls_dh_params_path: "${cfg.tls_dh_params_path}"
|
||||
no_tls: ${if cfg.no_tls then "true" else "false"}
|
||||
bind_port: ${toString cfg.bind_port}
|
||||
unsecure_port: ${toString cfg.unsecure_port}
|
||||
bind_host: "${cfg.bind_host}"
|
||||
server_name: "${cfg.server_name}"
|
||||
pid_file: "/var/run/matrix-synapse.pid"
|
||||
web_client: ${if cfg.web_client then "true" else "false"}
|
||||
database: {
|
||||
name: "${cfg.database_type}",
|
||||
args: {
|
||||
${concatStringsSep ",\n " (
|
||||
mapAttrsToList (n: v: "\"${n}\": ${v}") cfg.database_args
|
||||
)}
|
||||
}
|
||||
}
|
||||
log_file: "/var/log/matrix-synapse/homeserver.log"
|
||||
log_config: "${logConfigFile}"
|
||||
media_store_path: "/var/lib/matrix-synapse/media"
|
||||
recaptcha_private_key: "${cfg.recaptcha_private_key}"
|
||||
recaptcha_public_key: "${cfg.recaptcha_public_key}"
|
||||
enable_registration_captcha: ${if cfg.enable_registration_captcha then "true" else "false"}
|
||||
turn_uris: ${if (length cfg.turn_uris) == 0 then "[]" else ("\n" + (concatStringsSep "\n" (map (s: "- " + s) cfg.turn_uris)))}
|
||||
turn_shared_secret: "${cfg.turn_shared_secret}"
|
||||
enable_registration: ${if cfg.enable_registration then "true" else "false"}
|
||||
${optionalString (cfg.registration_shared_secret != "") ''
|
||||
registration_shared_secret: "${cfg.registration_shared_secret}"
|
||||
''}
|
||||
enable_metrics: ${if cfg.enable_metrics then "true" else "false"}
|
||||
report_stats: ${if cfg.report_stats then "true" else "false"}
|
||||
signing_key_path: "/var/lib/matrix-synapse/homeserver.signing.key"
|
||||
perspectives:
|
||||
servers: {
|
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
|
||||
"${n}": {
|
||||
"verify_keys": {
|
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
|
||||
"${n}": {
|
||||
"key": "${v}"
|
||||
}'') v)}
|
||||
}
|
||||
'') cfg.servers)}
|
||||
}
|
||||
}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
services.matrix-synapse = {
|
||||
enable = mkEnableOption "matrix.org synapse";
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.matrix-synapse;
|
||||
description = ''
|
||||
Overridable attribute of the matrix synapse server package to use.
|
||||
'';
|
||||
};
|
||||
no_tls = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Don't bind to the https port
|
||||
'';
|
||||
};
|
||||
tls_certificate_path = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/matrix-synapse/homeserver.tls.crt";
|
||||
description = ''
|
||||
PEM encoded X509 certificate for TLS
|
||||
'';
|
||||
};
|
||||
tls_private_key_path = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/matrix-synapse/homeserver.tls.key";
|
||||
description = ''
|
||||
PEM encoded private key for TLS
|
||||
'';
|
||||
};
|
||||
tls_dh_params_path = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/matrix-synapse/homeserver.tls.dh";
|
||||
description = ''
|
||||
PEM dh parameters for ephemeral keys
|
||||
'';
|
||||
};
|
||||
bind_port = mkOption {
|
||||
type = types.int;
|
||||
default = 8448;
|
||||
description = ''
|
||||
The port to listen for HTTPS requests on.
|
||||
For when matrix traffic is sent directly to synapse.
|
||||
'';
|
||||
};
|
||||
unsecure_port = mkOption {
|
||||
type = types.int;
|
||||
default = 8008;
|
||||
description = ''
|
||||
The port to listen for HTTP requests on.
|
||||
For when matrix traffic passes through loadbalancer that unwraps TLS.
|
||||
'';
|
||||
};
|
||||
bind_host = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Local interface to listen on.
|
||||
The empty string will cause synapse to listen on all interfaces.
|
||||
'';
|
||||
};
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
The domain name of the server, with optional explicit port.
|
||||
This is used by remote servers to connect to this server,
|
||||
e.g. matrix.org, localhost:8080, etc.
|
||||
This is also the last part of your UserID.
|
||||
'';
|
||||
};
|
||||
web_client = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to serve a web client from the HTTP/HTTPS root resource.
|
||||
'';
|
||||
};
|
||||
database_type = mkOption {
|
||||
type = types.enum [ "sqlite3" "psycopg2" ];
|
||||
default = "sqlite3";
|
||||
description = ''
|
||||
The database engine name. Can be sqlite or psycopg2.
|
||||
'';
|
||||
};
|
||||
database_args = mkOption {
|
||||
type = types.attrs;
|
||||
default = {
|
||||
database = "/var/lib/matrix-synapse/homeserver.db";
|
||||
};
|
||||
description = ''
|
||||
Arguments to pass to the engine.
|
||||
'';
|
||||
};
|
||||
recaptcha_private_key = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This Home Server's ReCAPTCHA private key.
|
||||
'';
|
||||
};
|
||||
recaptcha_public_key = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This Home Server's ReCAPTCHA public key.
|
||||
'';
|
||||
};
|
||||
enable_registration_captcha = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enables ReCaptcha checks when registering, preventing signup
|
||||
unless a captcha is answered. Requires a valid ReCaptcha
|
||||
public/private key.
|
||||
'';
|
||||
};
|
||||
turn_uris = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
The public URIs of the TURN server to give to clients
|
||||
'';
|
||||
};
|
||||
turn_shared_secret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
The shared secret used to compute passwords for the TURN server
|
||||
'';
|
||||
};
|
||||
enable_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable registration for new users.
|
||||
'';
|
||||
};
|
||||
registration_shared_secret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set, allows registration by anyone who also has the shared
|
||||
secret, even if registration is otherwise disabled.
|
||||
'';
|
||||
};
|
||||
enable_metrics = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable collection and rendering of performance metrics
|
||||
'';
|
||||
};
|
||||
report_stats = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
servers = mkOption {
|
||||
type = types.attrs;
|
||||
default = {
|
||||
"matrix.org" = {
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
The trusted servers to download signing keys from.
|
||||
'';
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra config options for matrix-synapse.
|
||||
'';
|
||||
};
|
||||
logConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = readFile ./matrix-synapse-log_config.yaml;
|
||||
description = ''
|
||||
A yaml python logging config file
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.extraUsers = [
|
||||
{ name = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
home = "/var/lib/matrix-synapse";
|
||||
createHome = true;
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
uid = config.ids.uids.matrix-synapse;
|
||||
} ];
|
||||
|
||||
users.extraGroups = [
|
||||
{ name = "matrix-synapse";
|
||||
gid = config.ids.gids.matrix-synapse;
|
||||
} ];
|
||||
|
||||
systemd.services.matrix-synapse = {
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
mkdir -p /var/lib/matrix-synapse
|
||||
chmod 700 /var/lib/matrix-synapse
|
||||
chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse
|
||||
${cfg.package}/bin/homeserver --config-path ${configFile} --generate-keys
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "matrix-synapse";
|
||||
Group = "matrix-synapse";
|
||||
WorkingDirectory = "/var/lib/matrix-synapse";
|
||||
PermissionsStartOnly = true;
|
||||
ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -17,7 +17,9 @@ in {
|
|||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.mbpfan;
|
||||
defaultText = "pkgs.mbpfan";
|
||||
description = ''
|
||||
The package used for the mbpfan daemon.
|
||||
'';
|
||||
|
|
|
@ -66,6 +66,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.nix;
|
||||
defaultText = "pkgs.nix";
|
||||
description = ''
|
||||
This option specifies the Nix package instance to use throughout the system.
|
||||
'';
|
||||
|
|
|
@ -75,7 +75,7 @@ in
|
|||
preStart = ''
|
||||
test -d "${cfg.dataDir}" || {
|
||||
echo "Creating initial Plex data directory in \"${cfg.dataDir}\"."
|
||||
mkdir -p "${cfg.dataDir}"
|
||||
mkdir -p "${cfg.dataDir}/Plex Media Server"
|
||||
chown -R ${cfg.user}:${cfg.group} "${cfg.dataDir}"
|
||||
}
|
||||
|
||||
|
|
|
@ -208,6 +208,7 @@ in
|
|||
description = "Which rippled package to use.";
|
||||
type = types.package;
|
||||
default = pkgs.rippled;
|
||||
defaultText = "pkgs.rippled";
|
||||
};
|
||||
|
||||
ports = mkOption {
|
||||
|
@ -238,7 +239,7 @@ in
|
|||
nodeDb = mkOption {
|
||||
description = "Rippled main database options.";
|
||||
type = types.nullOr types.optionSet;
|
||||
options = [dbOptions];
|
||||
options = dbOptions;
|
||||
default = {
|
||||
type = "rocksdb";
|
||||
extraOpts = ''
|
||||
|
@ -254,14 +255,14 @@ in
|
|||
tempDb = mkOption {
|
||||
description = "Rippled temporary database options.";
|
||||
type = types.nullOr types.optionSet;
|
||||
options = [dbOptions];
|
||||
options = dbOptions;
|
||||
default = null;
|
||||
};
|
||||
|
||||
importDb = mkOption {
|
||||
description = "Settings for performing a one-time import.";
|
||||
type = types.nullOr types.optionSet;
|
||||
options = [dbOptions];
|
||||
options = dbOptions;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.bosun;
|
||||
defaultText = "pkgs.bosun";
|
||||
example = literalExample "pkgs.bosun";
|
||||
description = ''
|
||||
bosun binary to use.
|
||||
|
|
|
@ -93,6 +93,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Package to use.";
|
||||
default = pkgs.grafana;
|
||||
defaultText = "pkgs.grafana";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
|
|
@ -108,7 +108,7 @@ in {
|
|||
finders = mkOption {
|
||||
description = "List of finder plugins to load.";
|
||||
default = [];
|
||||
example = [ pkgs.python27Packages.graphite_influxdb ];
|
||||
example = literalExample "[ pkgs.python27Packages.graphite_influxdb ]";
|
||||
type = types.listOf types.package;
|
||||
};
|
||||
|
||||
|
@ -136,6 +136,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Package to use for graphite api.";
|
||||
default = pkgs.python27Packages.graphite_api;
|
||||
defaultText = "pkgs.python27Packages.graphite_api";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
@ -146,7 +147,7 @@ in {
|
|||
directories:
|
||||
- ${dataDir}/whisper
|
||||
'';
|
||||
example = literalExample ''
|
||||
example = ''
|
||||
allowed_origins:
|
||||
- dashboard.example.com
|
||||
cheat_times: true
|
||||
|
@ -350,7 +351,7 @@ in {
|
|||
critical: 200
|
||||
name: Test
|
||||
'';
|
||||
example = literalExample ''
|
||||
example = ''
|
||||
pushbullet_key: pushbullet_api_key
|
||||
alerts:
|
||||
- target: stats.seatgeek.app.deal_quality.venue_info_cache.hit
|
||||
|
|
|
@ -33,6 +33,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Package to use by heapster";
|
||||
default = pkgs.heapster;
|
||||
defaultText = "pkgs.heapster";
|
||||
type = types.package;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -122,21 +122,6 @@ in
|
|||
HTML output is in <filename>/var/www/munin/</filename>, configure your
|
||||
favourite webserver to serve static files.
|
||||
'';
|
||||
example = literalExample ''
|
||||
services = {
|
||||
munin-node.enable = true;
|
||||
munin-cron = {
|
||||
enable = true;
|
||||
hosts = '''
|
||||
[''${config.networking.hostName}]
|
||||
address localhost
|
||||
''';
|
||||
extraGlobalConfig = '''
|
||||
contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com
|
||||
''';
|
||||
};
|
||||
};
|
||||
'';
|
||||
};
|
||||
|
||||
extraGlobalConfig = mkOption {
|
||||
|
@ -147,6 +132,9 @@ in
|
|||
Useful to setup notifications, see
|
||||
<link xlink:href='http://munin-monitoring.org/wiki/HowToContact' />
|
||||
'';
|
||||
example = ''
|
||||
contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com
|
||||
'';
|
||||
};
|
||||
|
||||
hosts = mkOption {
|
||||
|
|
|
@ -94,7 +94,9 @@ in
|
|||
};
|
||||
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [pkgs.nagiosPluginsOfficial pkgs.ssmtp];
|
||||
defaultText = "[pkgs.nagiosPluginsOfficial pkgs.ssmtp]";
|
||||
description = "
|
||||
Packages to be added to the Nagios <envar>PATH</envar>.
|
||||
Typically used to add plugins, but can be anything.
|
||||
|
@ -102,14 +104,18 @@ in
|
|||
};
|
||||
|
||||
mainConfigFile = mkOption {
|
||||
type = types.package;
|
||||
default = nagiosCfgFile;
|
||||
defaultText = "nagiosCfgFile";
|
||||
description = "
|
||||
Derivation for the main configuration file of Nagios.
|
||||
";
|
||||
};
|
||||
|
||||
cgiConfigFile = mkOption {
|
||||
type = types.package;
|
||||
default = nagiosCGICfgFile;
|
||||
defaultText = "nagiosCGICfgFile";
|
||||
description = "
|
||||
Derivation for the configuration file of Nagios CGI scripts
|
||||
that can be used in web servers for running the Nagios web interface.
|
||||
|
|
|
@ -43,6 +43,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.scollector;
|
||||
defaultText = "pkgs.scollector";
|
||||
example = literalExample "pkgs.scollector";
|
||||
description = ''
|
||||
scollector binary to use.
|
||||
|
@ -77,7 +78,7 @@ in {
|
|||
collectors = mkOption {
|
||||
type = with types; attrsOf (listOf path);
|
||||
default = {};
|
||||
example = literalExample "{ 0 = [ \"\${postgresStats}/bin/collect-stats\" ]; }";
|
||||
example = literalExample "{ \"0\" = [ \"\${postgresStats}/bin/collect-stats\" ]; }";
|
||||
description = ''
|
||||
An attribute set mapping the frequency of collection to a list of
|
||||
binaries that should be executed at that frequency. You can use "0"
|
||||
|
|
|
@ -85,7 +85,8 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.samba;
|
||||
example = pkgs.samba4;
|
||||
defaultText = "pkgs.samba";
|
||||
example = literalExample "pkgs.samba4";
|
||||
description = ''
|
||||
Defines which package should be used for the samba server.
|
||||
'';
|
||||
|
|
|
@ -120,7 +120,9 @@ in
|
|||
};
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.path;
|
||||
default = confFile;
|
||||
defaultText = "confFile";
|
||||
description = "
|
||||
Overridable config file to use for named. By default, that
|
||||
generated by nixos.
|
||||
|
|
|
@ -118,6 +118,7 @@ in
|
|||
package = mkOption {
|
||||
description = "Package to use for consul-alerts.";
|
||||
default = pkgs.consul-alerts;
|
||||
defaultText = "pkgs.consul-alerts";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
|
|
@ -421,8 +421,9 @@ in
|
|||
};
|
||||
|
||||
networking.firewall.extraPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
example = [ pkgs.ipset ];
|
||||
example = literalExample "[ pkgs.ipset ]";
|
||||
description =
|
||||
''
|
||||
Additional packages to be included in the environment of the system
|
||||
|
|
|
@ -27,6 +27,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.lambdabot;
|
||||
defaultText = "pkgs.lambdabot";
|
||||
description = "Used lambdabot package";
|
||||
};
|
||||
|
||||
|
|
|
@ -110,7 +110,7 @@ in {
|
|||
|
||||
# Ugly hack for using the correct gnome3 packageSet
|
||||
basePackages = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
type = types.attrsOf types.package;
|
||||
default = { inherit networkmanager modemmanager wpa_supplicant
|
||||
networkmanager_openvpn networkmanager_vpnc
|
||||
networkmanager_openconnect
|
||||
|
|
|
@ -34,6 +34,7 @@ in {
|
|||
type = types.package;
|
||||
|
||||
default = pkgs.ngircd;
|
||||
defaultText = "pkgs.ngircd";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -56,6 +56,7 @@ in {
|
|||
|
||||
package = mkOption {
|
||||
default = pkgs.skydns;
|
||||
defaultText = "pkgs.skydns";
|
||||
type = types.package;
|
||||
description = "Skydns package to use.";
|
||||
};
|
||||
|
|
|
@ -115,7 +115,7 @@ in
|
|||
|
||||
path = mkOption {
|
||||
type = types.path;
|
||||
example = "/etc/wpa_supplicant.conf";
|
||||
example = literalExample "/etc/wpa_supplicant.conf";
|
||||
description = ''
|
||||
External <literal>wpa_supplicant.conf</literal> configuration file.
|
||||
The configuration options defined declaratively within <literal>networking.supplicant</literal> have
|
||||
|
|
|
@ -43,6 +43,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.syncthing;
|
||||
defaultText = "pkgs.syncthing";
|
||||
example = literalExample "pkgs.syncthing";
|
||||
description = ''
|
||||
Syncthing package to use.
|
||||
|
|
|
@ -87,7 +87,9 @@ in
|
|||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.tinc_pre;
|
||||
defaultText = "pkgs.tinc_pre";
|
||||
description = ''
|
||||
The package to use for the tinc daemon's binary.
|
||||
'';
|
||||
|
|
|
@ -120,7 +120,9 @@ in
|
|||
};
|
||||
|
||||
userlistFile = mkOption {
|
||||
type = types.path;
|
||||
default = pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist);
|
||||
defaultText = "pkgs.writeText \"userlist\" (concatMapStrings (x: \"\${x}\n\") cfg.userlist)";
|
||||
description = ''
|
||||
Newline separated list of names to be allowed/denied if <option>userlistEnable</option>
|
||||
is <literal>true</literal>. Meaning see <option>userlistDeny</option>.
|
||||
|
|
|
@ -40,6 +40,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Elasticsearch package to use.";
|
||||
default = pkgs.elasticsearch;
|
||||
defaultText = "pkgs.elasticsearch";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
|
|
@ -127,6 +127,7 @@ in {
|
|||
package = mkOption {
|
||||
description = "Kibana package to use";
|
||||
default = pkgs.kibana;
|
||||
defaultText = "pkgs.kibana";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
|
|
|
@ -45,6 +45,7 @@ in {
|
|||
javaPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.jre;
|
||||
defaultText = "pkgs.jre";
|
||||
description = ''
|
||||
Which Java derivation to use for running solr.
|
||||
'';
|
||||
|
@ -53,6 +54,7 @@ in {
|
|||
solrPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.solr;
|
||||
defaultText = "pkgs.solr";
|
||||
description = ''
|
||||
Which solr derivation to use for running solr.
|
||||
'';
|
||||
|
|
|
@ -429,6 +429,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.apacheHttpd;
|
||||
defaultText = "pkgs.apacheHttpd";
|
||||
description = ''
|
||||
Overridable attribute of the Apache HTTP Server package to use.
|
||||
'';
|
||||
|
@ -437,7 +438,8 @@ in
|
|||
configFile = mkOption {
|
||||
type = types.path;
|
||||
default = confFile;
|
||||
example = literalExample ''pkgs.writeText "httpd.conf" "# my custom config file ...";'';
|
||||
defaultText = "confFile";
|
||||
example = literalExample ''pkgs.writeText "httpd.conf" "# my custom config file ..."'';
|
||||
description = ''
|
||||
Override the configuration file used by Apache. By default,
|
||||
NixOS generates one automatically.
|
||||
|
|
|
@ -34,6 +34,7 @@ in
|
|||
|
||||
package = mkOption {
|
||||
default = pkgs.nginx;
|
||||
defaultText = "pkgs.nginx";
|
||||
type = types.package;
|
||||
description = "
|
||||
Nginx package to use.
|
||||
|
|
|
@ -36,7 +36,9 @@ in {
|
|||
};
|
||||
|
||||
phpPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.php;
|
||||
defaultText = "pkgs.php";
|
||||
description = ''
|
||||
The PHP package to use for running the FPM service.
|
||||
'';
|
||||
|
|
|
@ -24,6 +24,7 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.tomcat7;
|
||||
defaultText = "pkgs.tomcat7";
|
||||
example = lib.literalExample "pkgs.tomcat8";
|
||||
description = ''
|
||||
Which tomcat package to use.
|
||||
|
@ -72,7 +73,9 @@ in
|
|||
};
|
||||
|
||||
webapps = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ tomcat ];
|
||||
defaultText = "[ tomcat ]";
|
||||
description = "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat";
|
||||
};
|
||||
|
||||
|
@ -87,7 +90,9 @@ in
|
|||
};
|
||||
|
||||
jdk = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.jdk;
|
||||
defaultText = "pkgs.jdk";
|
||||
description = "Which JDK to use.";
|
||||
};
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@ let
|
|||
javaPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.jre;
|
||||
defaultText = "pkgs.jre";
|
||||
description = ''
|
||||
Which Java derivation to use for running Winstone.
|
||||
'';
|
||||
|
|
|
@ -75,25 +75,26 @@ in
|
|||
services.zope2.instances = mkOption {
|
||||
default = {};
|
||||
type = types.loaOf types.optionSet;
|
||||
example = {
|
||||
plone01 = {
|
||||
http_address = "127.0.0.1:8080";
|
||||
extra =
|
||||
''
|
||||
<zodb_db main>
|
||||
mount-point /
|
||||
cache-size 30000
|
||||
<blobstorage>
|
||||
blob-dir /var/lib/zope2/plone01/blobstorage
|
||||
<filestorage>
|
||||
path /var/lib/zope2/plone01/filestorage/Data.fs
|
||||
</filestorage>
|
||||
</blobstorage>
|
||||
</zodb_db>
|
||||
'';
|
||||
|
||||
};
|
||||
};
|
||||
example = literalExample ''
|
||||
{
|
||||
plone01 = {
|
||||
http_address = "127.0.0.1:8080";
|
||||
extra =
|
||||
'''
|
||||
<zodb_db main>
|
||||
mount-point /
|
||||
cache-size 30000
|
||||
<blobstorage>
|
||||
blob-dir /var/lib/zope2/plone01/blobstorage
|
||||
<filestorage>
|
||||
path /var/lib/zope2/plone01/filestorage/Data.fs
|
||||
</filestorage>
|
||||
</blobstorage>
|
||||
</zodb_db>
|
||||
''';
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = "zope2 instances to be created automaticaly by the system.";
|
||||
options = [ zope2Opts ];
|
||||
};
|
||||
|
|
|
@ -62,6 +62,7 @@ in {
|
|||
};
|
||||
|
||||
environment.gnome3.packageSet = mkOption {
|
||||
type = types.nullOr types.package;
|
||||
default = null;
|
||||
example = literalExample "pkgs.gnome3_16";
|
||||
description = "Which GNOME 3 package set to use.";
|
||||
|
|
|
@ -66,6 +66,7 @@ in
|
|||
kdeWorkspacePackage = mkOption {
|
||||
internal = true;
|
||||
default = pkgs.kde4.kde_workspace;
|
||||
defaultText = "pkgs.kde4.kde_workspace";
|
||||
type = types.package;
|
||||
description = "Custom kde-workspace, used for NixOS rebranding.";
|
||||
};
|
||||
|
|
|
@ -67,8 +67,9 @@ in
|
|||
theme = {
|
||||
|
||||
package = mkOption {
|
||||
type = types.path;
|
||||
type = types.package;
|
||||
default = pkgs.gnome3.gnome_themes_standard;
|
||||
defaultText = "pkgs.gnome3.gnome_themes_standard";
|
||||
description = ''
|
||||
The package path that contains the theme given in the name option.
|
||||
'';
|
||||
|
@ -87,8 +88,9 @@ in
|
|||
iconTheme = {
|
||||
|
||||
package = mkOption {
|
||||
type = types.path;
|
||||
type = types.package;
|
||||
default = pkgs.gnome3.defaultIconTheme;
|
||||
defaultText = "pkgs.gnome3.defaultIconTheme";
|
||||
description = ''
|
||||
The package path that contains the icon theme given in the name option.
|
||||
'';
|
||||
|
|
|
@ -69,7 +69,7 @@ in
|
|||
|
||||
greeter = {
|
||||
package = mkOption {
|
||||
type = types.path;
|
||||
type = types.package;
|
||||
description = ''
|
||||
The LightDM greeter to login via. The package should be a directory
|
||||
containing a .desktop file matching the name in the 'name' option.
|
||||
|
@ -86,6 +86,7 @@ in
|
|||
};
|
||||
|
||||
background = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
The background image or color to use.
|
||||
'';
|
||||
|
|
|
@ -61,6 +61,10 @@ in
|
|||
url = "https://github.com/jagajaga/nixos-slim-theme/archive/2.0.tar.gz";
|
||||
sha256 = "0lldizhigx7bjhxkipii87y432hlf5wdvamnfxrryf9z7zkfypc8";
|
||||
};
|
||||
defaultText = ''pkgs.fetchurl {
|
||||
url = "https://github.com/jagajaga/nixos-slim-theme/archive/2.0.tar.gz";
|
||||
sha256 = "0lldizhigx7bjhxkipii87y432hlf5wdvamnfxrryf9z7zkfypc8";
|
||||
}'';
|
||||
example = literalExample ''
|
||||
pkgs.fetchurl {
|
||||
url = "mirror://sourceforge/slim.berlios/slim-wave.tar.gz";
|
||||
|
|
|
@ -76,6 +76,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.redshift;
|
||||
defaultText = "pkgs.redshift";
|
||||
description = ''
|
||||
redshift derivation to use.
|
||||
'';
|
||||
|
|
|
@ -9,19 +9,6 @@
|
|||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
# Wrap Xvfb to set some flags/variables.
|
||||
xvfbWrapper = pkgs.writeScriptBin "Xvfb"
|
||||
''
|
||||
#! ${pkgs.stdenv.shell}
|
||||
export XKB_BINDIR=${pkgs.xorg.xkbcomp}/bin
|
||||
export XORG_DRI_DRIVER_PATH=${pkgs.mesa}/lib/dri
|
||||
exec ${pkgs.xorg.xorgserver}/bin/Xvfb "$@" -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
config = {
|
||||
|
@ -54,7 +41,7 @@ in
|
|||
{ description = "Terminal Server";
|
||||
|
||||
path =
|
||||
[ xvfbWrapper pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
|
||||
[ pkgs.xorgserver pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
|
||||
pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash
|
||||
];
|
||||
|
||||
|
|
|
@ -205,7 +205,7 @@ in
|
|||
|
||||
system.replaceRuntimeDependencies = mkOption {
|
||||
default = [];
|
||||
example = lib.literalExample "[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { ... }; }) ]";
|
||||
example = lib.literalExample "[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]";
|
||||
type = types.listOf (types.submodule (
|
||||
{ options, ... }: {
|
||||
options.original = mkOption {
|
||||
|
|
|
@ -63,7 +63,7 @@ in
|
|||
};
|
||||
|
||||
boot.extraModulePackages = mkOption {
|
||||
type = types.listOf types.path;
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = literalExample "[ pkgs.linuxPackages.nvidia_x11 ]";
|
||||
description = "A list of additional packages supplying kernel modules.";
|
||||
|
|
|
@ -251,6 +251,7 @@ in
|
|||
};
|
||||
|
||||
extraFiles = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{ "memtest.bin" = "''${pkgs.memtest86plus}/memtest.bin"; }
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
dhcp
|
||||
chain http://boot.ipxe.org/demo/boot.php
|
||||
''';
|
||||
};
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -229,7 +229,7 @@ in
|
|||
|
||||
boot.initrd.luks.devices = mkOption {
|
||||
default = [ ];
|
||||
example = [ { name = "luksroot"; device = "/dev/sda3"; preLVM = true; } ];
|
||||
example = literalExample ''[ { name = "luksroot"; device = "/dev/sda3"; preLVM = true; } ]'';
|
||||
description = ''
|
||||
The list of devices that should be decrypted using LUKS before trying to mount the
|
||||
root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups.
|
||||
|
|
|
@ -374,6 +374,7 @@ in
|
|||
|
||||
systemd.package = mkOption {
|
||||
default = pkgs.systemd;
|
||||
defaultText = "pkgs.systemd";
|
||||
type = types.package;
|
||||
description = "The systemd package.";
|
||||
};
|
||||
|
|
|
@ -5,13 +5,13 @@ with lib;
|
|||
let
|
||||
|
||||
makeColor = n: value: "COLOR_${toString n}=${value}";
|
||||
colors = concatImapStringsSep "\n" makeColor config.i18n.consoleColors;
|
||||
|
||||
vconsoleConf = pkgs.writeText "vconsole.conf"
|
||||
''
|
||||
KEYMAP=${config.i18n.consoleKeyMap}
|
||||
FONT=${config.i18n.consoleFont}
|
||||
'' + concatImapStringsSep "\n" makeColor config.i18n.consoleColors;
|
||||
|
||||
vconsoleConf = pkgs.writeText "vconsole.conf" ''
|
||||
KEYMAP=${config.i18n.consoleKeyMap}
|
||||
FONT=${config.i18n.consoleFont}
|
||||
${colors}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
|
|
|
@ -355,6 +355,7 @@ in
|
|||
};
|
||||
|
||||
networking.nameservers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = ["130.161.158.4" "130.161.33.17"];
|
||||
description = ''
|
||||
|
@ -390,6 +391,7 @@ in
|
|||
};
|
||||
|
||||
networking.localCommands = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "text=anything; echo You can put $text here.";
|
||||
description = ''
|
||||
|
|
|
@ -122,18 +122,14 @@ in
|
|||
chmod 755 /var/lib/libvirt
|
||||
chmod 755 /var/lib/libvirt/dnsmasq
|
||||
|
||||
# Libvirt unfortunately writes mutable state (such as
|
||||
# runtime changes to VM, network or filter configurations)
|
||||
# to /etc. So we can't use environment.etc to make the
|
||||
# default network and filter definitions available, since
|
||||
# libvirt will then modify the originals in the Nix store.
|
||||
# So here we copy them instead. Ugly.
|
||||
for i in $(cd ${pkgs.libvirt}/etc && echo \
|
||||
# Copy default libvirt network config .xml files to /var/lib
|
||||
# Files modified by the user will not be overwritten
|
||||
for i in $(cd ${pkgs.libvirt}/var/lib && echo \
|
||||
libvirt/qemu/networks/*.xml libvirt/qemu/networks/autostart/*.xml \
|
||||
libvirt/nwfilter/*.xml );
|
||||
do
|
||||
mkdir -p /etc/$(dirname $i) -m 755
|
||||
cp -fpd ${pkgs.libvirt}/etc/$i /etc/$i
|
||||
mkdir -p /var/lib/$(dirname $i) -m 755
|
||||
cp -npd ${pkgs.libvirt}/var/lib/$i /var/lib/$i
|
||||
done
|
||||
|
||||
# libvirtd puts the full path of the emulator binary in the machine
|
||||
|
|
|
@ -31,6 +31,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.openvswitch;
|
||||
defaultText = "pkgs.openvswitch";
|
||||
description = ''
|
||||
Open vSwitch package to use.
|
||||
'';
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue