Project import generated by Copybara.
GitOrigin-RevId: 6f0c00907bbd81b47052eef59f7b284926a77289
This commit is contained in:
parent
4c0778487f
commit
93ffb054db
668 changed files with 25836 additions and 6850 deletions
2
third_party/nixpkgs/.github/CODEOWNERS
vendored
2
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -213,7 +213,7 @@
|
||||||
/doc/builders/images/dockertools.xml @roberth
|
/doc/builders/images/dockertools.xml @roberth
|
||||||
|
|
||||||
# Blockchains
|
# Blockchains
|
||||||
/pkgs/applications/blockchains @mmahut
|
/pkgs/applications/blockchains @mmahut @RaghavSood
|
||||||
|
|
||||||
# Go
|
# Go
|
||||||
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq
|
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq
|
||||||
|
|
8
third_party/nixpkgs/lib/lists.nix
vendored
8
third_party/nixpkgs/lib/lists.nix
vendored
|
@ -640,13 +640,7 @@ rec {
|
||||||
unique [ 3 2 3 4 ]
|
unique [ 3 2 3 4 ]
|
||||||
=> [ 3 2 4 ]
|
=> [ 3 2 4 ]
|
||||||
*/
|
*/
|
||||||
unique = list:
|
unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
|
||||||
if list == [] then
|
|
||||||
[]
|
|
||||||
else
|
|
||||||
let
|
|
||||||
x = head list;
|
|
||||||
in [x] ++ unique (remove x list);
|
|
||||||
|
|
||||||
/* Intersects list 'e' and another list. O(nm) complexity.
|
/* Intersects list 'e' and another list. O(nm) complexity.
|
||||||
|
|
||||||
|
|
5
third_party/nixpkgs/lib/systems/examples.nix
vendored
5
third_party/nixpkgs/lib/systems/examples.nix
vendored
|
@ -34,6 +34,11 @@ rec {
|
||||||
platform = platforms.raspberrypi;
|
platform = platforms.raspberrypi;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
remarkable1 = {
|
||||||
|
config = "armv7l-unknown-linux-gnueabihf";
|
||||||
|
platform = platforms.zero-gravitas;
|
||||||
|
};
|
||||||
|
|
||||||
armv7l-hf-multiplatform = {
|
armv7l-hf-multiplatform = {
|
||||||
config = "armv7l-unknown-linux-gnueabihf";
|
config = "armv7l-unknown-linux-gnueabihf";
|
||||||
platform = platforms.armv7l-hf-multiplatform;
|
platform = platforms.armv7l-hf-multiplatform;
|
||||||
|
|
14
third_party/nixpkgs/lib/systems/platforms.nix
vendored
14
third_party/nixpkgs/lib/systems/platforms.nix
vendored
|
@ -203,6 +203,20 @@ rec {
|
||||||
# Legacy attribute, for compatibility with existing configs only.
|
# Legacy attribute, for compatibility with existing configs only.
|
||||||
raspberrypi2 = armv7l-hf-multiplatform;
|
raspberrypi2 = armv7l-hf-multiplatform;
|
||||||
|
|
||||||
|
zero-gravitas = {
|
||||||
|
name = "zero-gravitas";
|
||||||
|
kernelBaseConfig = "zero-gravitas_defconfig";
|
||||||
|
kernelArch = "arm";
|
||||||
|
# kernelTarget verified by checking /boot on reMarkable 1 device
|
||||||
|
kernelTarget = "zImage";
|
||||||
|
kernelAutoModules = false;
|
||||||
|
kernelDTB = true;
|
||||||
|
gcc = {
|
||||||
|
fpu = "neon";
|
||||||
|
cpu = "cortex-a9";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
scaleway-c1 = armv7l-hf-multiplatform // {
|
scaleway-c1 = armv7l-hf-multiplatform // {
|
||||||
gcc = {
|
gcc = {
|
||||||
cpu = "cortex-a9";
|
cpu = "cortex-a9";
|
||||||
|
|
|
@ -5496,6 +5496,12 @@
|
||||||
githubId = 1191859;
|
githubId = 1191859;
|
||||||
name = "Maxim Krivchikov";
|
name = "Maxim Krivchikov";
|
||||||
};
|
};
|
||||||
|
mazurel = {
|
||||||
|
email = "mateusz.mazur@yahoo.com";
|
||||||
|
github = "Mazurel";
|
||||||
|
githubId = 22836301;
|
||||||
|
name = "Mateusz Mazur";
|
||||||
|
};
|
||||||
mbakke = {
|
mbakke = {
|
||||||
email = "mbakke@fastmail.com";
|
email = "mbakke@fastmail.com";
|
||||||
github = "mbakke";
|
github = "mbakke";
|
||||||
|
@ -9998,4 +10004,10 @@
|
||||||
github = "pulsation";
|
github = "pulsation";
|
||||||
githubId = 1838397;
|
githubId = 1838397;
|
||||||
};
|
};
|
||||||
|
zupo = {
|
||||||
|
name = "Nejc Zupan";
|
||||||
|
email = "nejczupan+nix@gmail.com";
|
||||||
|
github = "zupo";
|
||||||
|
githubId = 311580;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
<xi:include href="xfce.xml" />
|
<xi:include href="xfce.xml" />
|
||||||
<xi:include href="networking.xml" />
|
<xi:include href="networking.xml" />
|
||||||
<xi:include href="linux-kernel.xml" />
|
<xi:include href="linux-kernel.xml" />
|
||||||
|
<xi:include href="subversion.xml" />
|
||||||
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
|
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
|
||||||
<xi:include href="profiles.xml" />
|
<xi:include href="profiles.xml" />
|
||||||
<xi:include href="kubernetes.xml" />
|
<xi:include href="kubernetes.xml" />
|
||||||
|
|
140
third_party/nixpkgs/nixos/doc/manual/configuration/subversion.xml
vendored
Normal file
140
third_party/nixpkgs/nixos/doc/manual/configuration/subversion.xml
vendored
Normal file
|
@ -0,0 +1,140 @@
|
||||||
|
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||||
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
|
version="5.0"
|
||||||
|
xml:id="module-services-subversion">
|
||||||
|
<title>Subversion</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://subversion.apache.org/">Subversion</link>
|
||||||
|
is a centralized version-control system. It can use a <link
|
||||||
|
xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing">variety
|
||||||
|
of protocols</link> for communication between client and server.
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-services-subversion-apache-httpd">
|
||||||
|
<title>Subversion inside Apache HTTP</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This section focuses on configuring a web-based server on top of
|
||||||
|
the Apache HTTP server, which uses
|
||||||
|
<link xlink:href="http://www.webdav.org/">WebDAV</link>/<link
|
||||||
|
xlink:href="http://www.webdav.org/deltav/WWW10/deltav-intro.htm">DeltaV</link>
|
||||||
|
for communication.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>For more information on the general setup, please refer to
|
||||||
|
the <link
|
||||||
|
xlink:href="http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd">the
|
||||||
|
appropriate section of the Subversion book</link>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>To configure, include in
|
||||||
|
<literal>/etc/nixos/configuration.nix</literal> code to activate
|
||||||
|
Apache HTTP, setting <xref linkend="opt-services.httpd.adminAddr" />
|
||||||
|
appropriately:
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
services.httpd.enable = true;
|
||||||
|
services.httpd.adminAddr = ...;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>For a simple Subversion server with basic authentication,
|
||||||
|
configure the Subversion module for Apache as follows, setting
|
||||||
|
<literal>hostName</literal> and <literal>documentRoot</literal>
|
||||||
|
appropriately, and <literal>SVNParentPath</literal> to the parent
|
||||||
|
directory of the repositories,
|
||||||
|
<literal>AuthzSVNAccessFile</literal> to the location of the
|
||||||
|
<code>.authz</code> file describing access permission, and
|
||||||
|
<literal>AuthUserFile</literal> to the password file.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
services.httpd.extraModules = [
|
||||||
|
# note that order is *super* important here
|
||||||
|
{ name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; }
|
||||||
|
{ name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; }
|
||||||
|
];
|
||||||
|
services.httpd.virtualHosts = {
|
||||||
|
"svn" = {
|
||||||
|
hostName = HOSTNAME;
|
||||||
|
documentRoot = DOCUMENTROOT;
|
||||||
|
locations."/svn".extraConfig = ''
|
||||||
|
DAV svn
|
||||||
|
SVNParentPath REPO_PARENT
|
||||||
|
AuthzSVNAccessFile ACCESS_FILE
|
||||||
|
AuthName "SVN Repositories"
|
||||||
|
AuthType Basic
|
||||||
|
AuthUserFile PASSWORD_FILE
|
||||||
|
Require valid-user
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The key <code>"svn"</code> is just a symbolic name identifying the
|
||||||
|
virtual host. The <code>"/svn"</code> in
|
||||||
|
<code>locations."/svn".extraConfig</code> is the path underneath
|
||||||
|
which the repositories will be served.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para><link
|
||||||
|
xlink:href="https://wiki.archlinux.org/index.php/Subversion">This
|
||||||
|
page</link> explains how to set up the Subversion configuration
|
||||||
|
itself. This boils down to the following:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Underneath <literal>REPO_PARENT</literal> repositories can be set up
|
||||||
|
as follows:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<screen>
|
||||||
|
<prompt>$ </prompt> svn create REPO_NAME
|
||||||
|
</screen>
|
||||||
|
</para>
|
||||||
|
<para>Repository files need to be accessible by
|
||||||
|
<literal>wwwrun</literal>:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<screen>
|
||||||
|
<prompt>$ </prompt> chown -R wwwrun:wwwrun REPO_PARENT
|
||||||
|
</screen>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The password file <literal>PASSWORD_FILE</literal> can be created as follows:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<screen>
|
||||||
|
<prompt>$ </prompt> htpasswd -cs PASSWORD_FILE USER_NAME
|
||||||
|
</screen>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Additional users can be set up similarly, omitting the
|
||||||
|
<code>c</code> flag:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<screen>
|
||||||
|
<prompt>$ </prompt> htpasswd -s PASSWORD_FILE USER_NAME
|
||||||
|
</screen>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The file describing access permissions
|
||||||
|
<literal>ACCESS_FILE</literal> will look something like
|
||||||
|
the following:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
[/]
|
||||||
|
* = r
|
||||||
|
|
||||||
|
[REPO_NAME:/]
|
||||||
|
USER_NAME = rw
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>The Subversion repositories will be accessible as <code>http://HOSTNAME/svn/REPO_NAME</code>.</para>
|
||||||
|
</section>
|
||||||
|
</chapter>
|
|
@ -56,6 +56,11 @@
|
||||||
section of the NixOS manual</link> for more information.
|
section of the NixOS manual</link> for more information.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<xref linkend="opt-services.samba-wsdd.enable" /> Web Services Dynamic Discovery host daemon
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
@ -101,6 +106,13 @@
|
||||||
for more info.
|
for more info.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Setting <option>services.openssh.authorizedKeysFiles</option> now also affects which keys <option>security.pam.enableSSHAgentAuth</option> will use.
|
||||||
|
|
||||||
|
WARNING: If you are using these options in combination do make sure that any key paths you use are present in <option>services.openssh.authorizedKeysFiles</option>!
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The option <option>fonts.enableFontDir</option> has been renamed to
|
The option <option>fonts.enableFontDir</option> has been renamed to
|
||||||
|
@ -185,6 +197,48 @@
|
||||||
which is the new stable release. OpenAFS 1.6 was removed.
|
which is the new stable release. OpenAFS 1.6 was removed.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>openldap</literal> module now has support for OLC-style
|
||||||
|
configuration, users of the <literal>configDir</literal> option may wish
|
||||||
|
to migrate. If you continue to use <literal>configDir</literal>, ensure that
|
||||||
|
<literal>olcPidFile</literal> is set to <literal>/run/slapd/slapd.pid</literal>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
As a result, <literal>extraConfig</literal> and <literal>extraDatabaseConfig</literal>
|
||||||
|
are removed. To help with migration, you can convert your <literal>slapd.conf</literal>
|
||||||
|
file to OLC configuration with the following script (find the location of this
|
||||||
|
configuration file by running <literal>systemctl status openldap</literal>, it is the
|
||||||
|
<literal>-f</literal> option.
|
||||||
|
</para>
|
||||||
|
<programlisting>
|
||||||
|
TMPDIR=$(mktemp -d)
|
||||||
|
slaptest -f /path/to/slapd.conf $TMPDIR
|
||||||
|
slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
This will dump your current configuration in LDIF format, which should be
|
||||||
|
straightforward to convert into Nix settings. This does not show your schema
|
||||||
|
configuration, as this is unnecessarily verbose for users of the default schemas
|
||||||
|
and <literal>slaptest</literal> is buggy with schemas directly in the config file.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance
|
||||||
|
metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and
|
||||||
|
restarting the instance will now cause it to fetch and apply the new user data.
|
||||||
|
</para>
|
||||||
|
<warning>
|
||||||
|
<para>
|
||||||
|
Specifically, <literal>/etc/ec2-metadata</literal> is re-populated on each boot. Some NixOS scripts that read
|
||||||
|
from this directory are guarded to only run if the files they want to manipulate do not already exist, and so
|
||||||
|
will not re-apply their changes if the IMDS response changes. Examples: <literal>root</literal>'s SSH key is
|
||||||
|
only added if <literal>/root/.ssh/authorized_keys</literal> does not exist, and SSH host keys are only set from
|
||||||
|
user data if they do not exist in <literal>/etc/ssh</literal>.
|
||||||
|
</para>
|
||||||
|
</warning>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
|
@ -134,7 +134,7 @@ let format' = format; in let
|
||||||
|
|
||||||
binPath = with pkgs; makeBinPath (
|
binPath = with pkgs; makeBinPath (
|
||||||
[ rsync
|
[ rsync
|
||||||
utillinux
|
util-linux
|
||||||
parted
|
parted
|
||||||
e2fsprogs
|
e2fsprogs
|
||||||
lkl
|
lkl
|
||||||
|
@ -239,7 +239,7 @@ let format' = format; in let
|
||||||
in pkgs.vmTools.runInLinuxVM (
|
in pkgs.vmTools.runInLinuxVM (
|
||||||
pkgs.runCommand name
|
pkgs.runCommand name
|
||||||
{ preVM = prepareImage;
|
{ preVM = prepareImage;
|
||||||
buildInputs = with pkgs; [ utillinux e2fsprogs dosfstools ];
|
buildInputs = with pkgs; [ util-linux e2fsprogs dosfstools ];
|
||||||
postVM = ''
|
postVM = ''
|
||||||
${if format == "raw" then ''
|
${if format == "raw" then ''
|
||||||
mv $diskImage $out/${filename}
|
mv $diskImage $out/${filename}
|
||||||
|
|
|
@ -187,7 +187,7 @@ in
|
||||||
before = [ "${realDevice'}.swap" ];
|
before = [ "${realDevice'}.swap" ];
|
||||||
# If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
|
# If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
|
||||||
after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
|
after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
|
||||||
path = [ pkgs.utillinux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
|
path = [ pkgs.util-linux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
|
||||||
|
|
||||||
script =
|
script =
|
||||||
''
|
''
|
||||||
|
|
|
@ -37,7 +37,7 @@ let
|
||||||
pkgs.procps
|
pkgs.procps
|
||||||
pkgs.su
|
pkgs.su
|
||||||
pkgs.time
|
pkgs.time
|
||||||
pkgs.utillinux
|
pkgs.util-linux
|
||||||
pkgs.which
|
pkgs.which
|
||||||
pkgs.zstd
|
pkgs.zstd
|
||||||
];
|
];
|
||||||
|
|
|
@ -80,15 +80,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
memoryMax = mkOption {
|
|
||||||
default = null;
|
|
||||||
type = with types; nullOr int;
|
|
||||||
description = ''
|
|
||||||
Maximum total amount of memory (in bytes) that can be used by the zram
|
|
||||||
swap devices.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
priority = mkOption {
|
priority = mkOption {
|
||||||
default = 5;
|
default = 5;
|
||||||
type = types.int;
|
type = types.int;
|
||||||
|
@ -155,16 +146,11 @@ in
|
||||||
|
|
||||||
# Calculate memory to use for zram
|
# Calculate memory to use for zram
|
||||||
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
|
mem=$(${pkgs.gawk}/bin/awk '/MemTotal: / {
|
||||||
value=int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024);
|
print int($2*${toString cfg.memoryPercent}/100.0/${toString devicesCount}*1024)
|
||||||
${if cfg.memoryMax != null then ''
|
|
||||||
memory_max=int(${toString cfg.memoryMax}/${toString devicesCount});
|
|
||||||
if (value > memory_max) { value = memory_max }
|
|
||||||
'' else ""}
|
|
||||||
print value
|
|
||||||
}' /proc/meminfo)
|
}' /proc/meminfo)
|
||||||
|
|
||||||
${pkgs.utillinux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
|
${pkgs.util-linux}/sbin/zramctl --size $mem --algorithm ${cfg.algorithm} /dev/${dev}
|
||||||
${pkgs.utillinux}/sbin/mkswap /dev/${dev}
|
${pkgs.util-linux}/sbin/mkswap /dev/${dev}
|
||||||
'';
|
'';
|
||||||
restartIfChanged = false;
|
restartIfChanged = false;
|
||||||
};
|
};
|
||||||
|
|
|
@ -147,10 +147,10 @@ in
|
||||||
sdImage.storePaths = [ config.system.build.toplevel ];
|
sdImage.storePaths = [ config.system.build.toplevel ];
|
||||||
|
|
||||||
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
|
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
|
||||||
mtools, libfaketime, utillinux, zstd }: stdenv.mkDerivation {
|
mtools, libfaketime, util-linux, zstd }: stdenv.mkDerivation {
|
||||||
name = config.sdImage.imageName;
|
name = config.sdImage.imageName;
|
||||||
|
|
||||||
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux zstd ];
|
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime util-linux zstd ];
|
||||||
|
|
||||||
inherit (config.sdImage) compressImage;
|
inherit (config.sdImage) compressImage;
|
||||||
|
|
||||||
|
@ -221,7 +221,7 @@ in
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
set -x
|
set -x
|
||||||
# Figure out device names for the boot device and root filesystem.
|
# Figure out device names for the boot device and root filesystem.
|
||||||
rootPart=$(${pkgs.utillinux}/bin/findmnt -n -o SOURCE /)
|
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
|
||||||
bootDevice=$(lsblk -npo PKNAME $rootPart)
|
bootDevice=$(lsblk -npo PKNAME $rootPart)
|
||||||
|
|
||||||
# Resize the root partition and the filesystem to fit the disk
|
# Resize the root partition and the filesystem to fit the disk
|
||||||
|
|
|
@ -96,7 +96,7 @@ in
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands =
|
boot.initrd.extraUtilsCommands =
|
||||||
''
|
''
|
||||||
copy_bin_and_libs ${pkgs.utillinux}/sbin/hwclock
|
copy_bin_and_libs ${pkgs.util-linux}/sbin/hwclock
|
||||||
'';
|
'';
|
||||||
|
|
||||||
boot.initrd.postDeviceCommands =
|
boot.initrd.postDeviceCommands =
|
||||||
|
|
|
@ -135,7 +135,7 @@ in
|
||||||
#keys = 96; # unused
|
#keys = 96; # unused
|
||||||
#haproxy = 97; # dynamically allocated as of 2020-03-11
|
#haproxy = 97; # dynamically allocated as of 2020-03-11
|
||||||
mongodb = 98;
|
mongodb = 98;
|
||||||
openldap = 99;
|
#openldap = 99; # dynamically allocated as of PR#94610
|
||||||
#users = 100; # unused
|
#users = 100; # unused
|
||||||
cgminer = 101;
|
cgminer = 101;
|
||||||
munin = 102;
|
munin = 102;
|
||||||
|
@ -451,7 +451,7 @@ in
|
||||||
keys = 96;
|
keys = 96;
|
||||||
#haproxy = 97; # dynamically allocated as of 2020-03-11
|
#haproxy = 97; # dynamically allocated as of 2020-03-11
|
||||||
#mongodb = 98; # unused
|
#mongodb = 98; # unused
|
||||||
openldap = 99;
|
#openldap = 99; # dynamically allocated as of PR#94610
|
||||||
munin = 102;
|
munin = 102;
|
||||||
#logcheck = 103; # unused
|
#logcheck = 103; # unused
|
||||||
#nix-ssh = 104; # unused
|
#nix-ssh = 104; # unused
|
||||||
|
|
|
@ -583,6 +583,7 @@
|
||||||
./services/network-filesystems/orangefs/client.nix
|
./services/network-filesystems/orangefs/client.nix
|
||||||
./services/network-filesystems/rsyncd.nix
|
./services/network-filesystems/rsyncd.nix
|
||||||
./services/network-filesystems/samba.nix
|
./services/network-filesystems/samba.nix
|
||||||
|
./services/network-filesystems/samba-wsdd.nix
|
||||||
./services/network-filesystems/tahoe.nix
|
./services/network-filesystems/tahoe.nix
|
||||||
./services/network-filesystems/diod.nix
|
./services/network-filesystems/diod.nix
|
||||||
./services/network-filesystems/u9fs.nix
|
./services/network-filesystems/u9fs.nix
|
||||||
|
|
|
@ -110,7 +110,7 @@ in {
|
||||||
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
|
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
|
||||||
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
|
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
|
||||||
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
|
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
|
||||||
"L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid"
|
"L+ /usr/local/bin/setsid - - - - ${util-linux}/bin/setsid"
|
||||||
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
|
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
|
||||||
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
|
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
|
||||||
];
|
];
|
||||||
|
|
|
@ -396,7 +396,7 @@ let
|
||||||
${optionalString cfg.logFailures
|
${optionalString cfg.logFailures
|
||||||
"auth required pam_tally.so"}
|
"auth required pam_tally.so"}
|
||||||
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
|
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
|
||||||
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
|
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
|
||||||
${optionalString cfg.fprintAuth
|
${optionalString cfg.fprintAuth
|
||||||
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
|
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
|
||||||
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth
|
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth
|
||||||
|
|
|
@ -60,7 +60,7 @@ in
|
||||||
<!-- if activated, requires ofl from hxtools to be present -->
|
<!-- if activated, requires ofl from hxtools to be present -->
|
||||||
<logout wait="0" hup="no" term="no" kill="no" />
|
<logout wait="0" hup="no" term="no" kill="no" />
|
||||||
<!-- set PATH variable for pam_mount module -->
|
<!-- set PATH variable for pam_mount module -->
|
||||||
<path>${pkgs.utillinux}/bin</path>
|
<path>${pkgs.util-linux}/bin</path>
|
||||||
<!-- create mount point if not present -->
|
<!-- create mount point if not present -->
|
||||||
<mkmountpoint enable="1" remove="true" />
|
<mkmountpoint enable="1" remove="true" />
|
||||||
|
|
||||||
|
|
|
@ -163,8 +163,8 @@ in
|
||||||
# These are mount related wrappers that require the +s permission.
|
# These are mount related wrappers that require the +s permission.
|
||||||
fusermount.source = "${pkgs.fuse}/bin/fusermount";
|
fusermount.source = "${pkgs.fuse}/bin/fusermount";
|
||||||
fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
|
fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
|
||||||
mount.source = "${lib.getBin pkgs.utillinux}/bin/mount";
|
mount.source = "${lib.getBin pkgs.util-linux}/bin/mount";
|
||||||
umount.source = "${lib.getBin pkgs.utillinux}/bin/umount";
|
umount.source = "${lib.getBin pkgs.util-linux}/bin/umount";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.specialFileSystems.${parentWrapperDir} = {
|
boot.specialFileSystems.${parentWrapperDir} = {
|
||||||
|
|
|
@ -45,7 +45,7 @@ in
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
utillinux # for dmesg
|
util-linux # for dmesg
|
||||||
];
|
];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.salt}/bin/salt-master";
|
ExecStart = "${pkgs.salt}/bin/salt-master";
|
||||||
|
|
|
@ -50,7 +50,7 @@ in
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
utillinux
|
util-linux
|
||||||
];
|
];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.salt}/bin/salt-minion";
|
ExecStart = "${pkgs.salt}/bin/salt-minion";
|
||||||
|
|
|
@ -308,7 +308,7 @@ in
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
|
|
||||||
path = with pkgs; [ iputils tarsnap utillinux ];
|
path = with pkgs; [ iputils tarsnap util-linux ];
|
||||||
|
|
||||||
# In order for the persistent tarsnap timer to work reliably, we have to
|
# In order for the persistent tarsnap timer to work reliably, we have to
|
||||||
# make sure that the tarsnap server is reachable after systemd starts up
|
# make sure that the tarsnap server is reachable after systemd starts up
|
||||||
|
@ -355,7 +355,7 @@ in
|
||||||
description = "Tarsnap restore '${name}'";
|
description = "Tarsnap restore '${name}'";
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
|
|
||||||
path = with pkgs; [ iputils tarsnap utillinux ];
|
path = with pkgs; [ iputils tarsnap util-linux ];
|
||||||
|
|
||||||
script = let
|
script = let
|
||||||
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
|
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
|
||||||
|
|
|
@ -241,7 +241,7 @@ in
|
||||||
description = "Kubernetes Kubelet Service";
|
description = "Kubernetes Kubelet Service";
|
||||||
wantedBy = [ "kubernetes.target" ];
|
wantedBy = [ "kubernetes.target" ];
|
||||||
after = [ "network.target" "docker.service" "kube-apiserver.service" ];
|
after = [ "network.target" "docker.service" "kube-apiserver.service" ];
|
||||||
path = with pkgs; [ gitMinimal openssh docker utillinux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
|
path = with pkgs; [ gitMinimal openssh docker util-linux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
|
||||||
preStart = ''
|
preStart = ''
|
||||||
${concatMapStrings (img: ''
|
${concatMapStrings (img: ''
|
||||||
echo "Seeding docker image: ${img}"
|
echo "Seeding docker image: ${img}"
|
||||||
|
|
|
@ -32,7 +32,7 @@ in
|
||||||
environment.systemPackages = [ pkgs.torque ];
|
environment.systemPackages = [ pkgs.torque ];
|
||||||
|
|
||||||
systemd.services.torque-mom-init = {
|
systemd.services.torque-mom-init = {
|
||||||
path = with pkgs; [ torque utillinux procps inetutils ];
|
path = with pkgs; [ torque util-linux procps inetutils ];
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
pbs_mkdirs -v aux
|
pbs_mkdirs -v aux
|
||||||
|
|
|
@ -21,7 +21,7 @@ in
|
||||||
environment.systemPackages = [ pkgs.torque ];
|
environment.systemPackages = [ pkgs.torque ];
|
||||||
|
|
||||||
systemd.services.torque-server-init = {
|
systemd.services.torque-server-init = {
|
||||||
path = with pkgs; [ torque utillinux procps inetutils ];
|
path = with pkgs; [ torque util-linux procps inetutils ];
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
tmpsetup=$(mktemp -t torque-XXXX)
|
tmpsetup=$(mktemp -t torque-XXXX)
|
||||||
|
|
|
@ -541,7 +541,7 @@ in
|
||||||
jq
|
jq
|
||||||
moreutils
|
moreutils
|
||||||
remarshal
|
remarshal
|
||||||
utillinux
|
util-linux
|
||||||
cfg.package
|
cfg.package
|
||||||
] ++ cfg.extraPackages;
|
] ++ cfg.extraPackages;
|
||||||
reloadIfChanged = true;
|
reloadIfChanged = true;
|
||||||
|
|
|
@ -233,7 +233,7 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "Check.Valid=1,Check.Unexpired=1";
|
default = "Check.Valid=1,Check.Unexpired=1";
|
||||||
description = ''
|
description = ''
|
||||||
"Peer verification string". This may be used to adjust which TLS
|
"Peer verification string". This may be used to adjust which TLS
|
||||||
client certificates a server will accept, as a form of user
|
client certificates a server will accept, as a form of user
|
||||||
authorization; for example, it may only accept TLS clients who
|
authorization; for example, it may only accept TLS clients who
|
||||||
offer a certificate abiding by some locality or organization name.
|
offer a certificate abiding by some locality or organization name.
|
||||||
|
|
|
@ -1,43 +1,121 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.services.openldap;
|
cfg = config.services.openldap;
|
||||||
|
legacyOptions = [ "rootpwFile" "suffix" "dataDir" "rootdn" "rootpw" ];
|
||||||
openldap = cfg.package;
|
openldap = cfg.package;
|
||||||
|
configDir = if cfg.configDir != null then cfg.configDir else "/etc/openldap/slapd.d";
|
||||||
|
|
||||||
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
|
ldapValueType = let
|
||||||
configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
|
# Can't do types.either with multiple non-overlapping submodules, so define our own
|
||||||
include ${openldap.out}/etc/schema/core.schema
|
singleLdapValueType = lib.mkOptionType rec {
|
||||||
include ${openldap.out}/etc/schema/cosine.schema
|
name = "LDAP";
|
||||||
include ${openldap.out}/etc/schema/inetorgperson.schema
|
description = "LDAP value";
|
||||||
include ${openldap.out}/etc/schema/nis.schema
|
check = x: lib.isString x || (lib.isAttrs x && (x ? path || x ? base64));
|
||||||
'') + ''
|
merge = lib.mergeEqualOption;
|
||||||
${cfg.extraConfig}
|
};
|
||||||
database ${cfg.database}
|
# We don't coerce to lists of single values, as some values must be unique
|
||||||
suffix ${cfg.suffix}
|
in types.either singleLdapValueType (types.listOf singleLdapValueType);
|
||||||
rootdn ${cfg.rootdn}
|
|
||||||
${if (cfg.rootpw != null) then ''
|
|
||||||
rootpw ${cfg.rootpw}
|
|
||||||
'' else ''
|
|
||||||
include ${cfg.rootpwFile}
|
|
||||||
''}
|
|
||||||
directory ${cfg.dataDir}
|
|
||||||
${cfg.extraDatabaseConfig}
|
|
||||||
'');
|
|
||||||
configOpts = if cfg.configDir == null then "-f ${configFile}"
|
|
||||||
else "-F ${cfg.configDir}";
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
ldapAttrsType =
|
||||||
|
let
|
||||||
|
options = {
|
||||||
|
attrs = mkOption {
|
||||||
|
type = types.attrsOf ldapValueType;
|
||||||
|
default = {};
|
||||||
|
description = "Attributes of the parent entry.";
|
||||||
|
};
|
||||||
|
children = mkOption {
|
||||||
|
# Hide the child attributes, to avoid infinite recursion in e.g. documentation
|
||||||
|
# Actual Nix evaluation is lazy, so this is not an issue there
|
||||||
|
type = let
|
||||||
|
hiddenOptions = lib.mapAttrs (name: attr: attr // { visible = false; }) options;
|
||||||
|
in types.attrsOf (types.submodule { options = hiddenOptions; });
|
||||||
|
default = {};
|
||||||
|
description = "Child entries of the current entry, with recursively the same structure.";
|
||||||
|
example = lib.literalExample ''
|
||||||
|
{
|
||||||
|
"cn=schema" = {
|
||||||
|
# The attribute used in the DN must be defined
|
||||||
|
attrs = { cn = "schema"; };
|
||||||
|
children = {
|
||||||
|
# This entry's DN is expanded to "cn=foo,cn=schema"
|
||||||
|
"cn=foo" = { ... };
|
||||||
|
};
|
||||||
|
# These includes are inserted after "cn=schema", but before "cn=foo,cn=schema"
|
||||||
|
includes = [ ... ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
includes = mkOption {
|
||||||
|
type = types.listOf types.path;
|
||||||
|
default = [];
|
||||||
|
description = ''
|
||||||
|
LDIF files to include after the parent's attributes but before its children.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in types.submodule { inherit options; };
|
||||||
|
|
||||||
###### interface
|
valueToLdif = attr: values: let
|
||||||
|
listValues = if lib.isList values then values else lib.singleton values;
|
||||||
|
in map (value:
|
||||||
|
if lib.isAttrs value then
|
||||||
|
if lib.hasAttr "path" value
|
||||||
|
then "${attr}:< file://${value.path}"
|
||||||
|
else "${attr}:: ${value.base64}"
|
||||||
|
else "${attr}: ${lib.replaceStrings [ "\n" ] [ "\n " ] value}"
|
||||||
|
) listValues;
|
||||||
|
|
||||||
|
attrsToLdif = dn: { attrs, children, includes, ... }: [''
|
||||||
|
dn: ${dn}
|
||||||
|
${lib.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList valueToLdif attrs))}
|
||||||
|
''] ++ (map (path: "include: file://${path}\n") includes) ++ (
|
||||||
|
lib.flatten (lib.mapAttrsToList (name: value: attrsToLdif "${name},${dn}" value) children)
|
||||||
|
);
|
||||||
|
in {
|
||||||
|
imports = let
|
||||||
|
deprecationNote = "This option is removed due to the deprecation of `slapd.conf` upstream. Please migrate to `services.openldap.settings`, see the release notes for advice with this process.";
|
||||||
|
mkDatabaseOption = old: new:
|
||||||
|
lib.mkChangedOptionModule [ "services" "openldap" old ] [ "services" "openldap" "settings" "children" ]
|
||||||
|
(config: let
|
||||||
|
database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
|
||||||
|
value = lib.getAttrFromPath [ "services" "openldap" old ] config;
|
||||||
|
in lib.setAttrByPath ([ "olcDatabase={1}${database}" "attrs" ] ++ new) value);
|
||||||
|
in [
|
||||||
|
(lib.mkRemovedOptionModule [ "services" "openldap" "extraConfig" ] deprecationNote)
|
||||||
|
(lib.mkRemovedOptionModule [ "services" "openldap" "extraDatabaseConfig" ] deprecationNote)
|
||||||
|
|
||||||
|
(lib.mkChangedOptionModule [ "services" "openldap" "logLevel" ] [ "services" "openldap" "settings" "attrs" "olcLogLevel" ]
|
||||||
|
(config: lib.splitString " " (lib.getAttrFromPath [ "services" "openldap" "logLevel" ] config)))
|
||||||
|
(lib.mkChangedOptionModule [ "services" "openldap" "defaultSchemas" ] [ "services" "openldap" "settings" "children" "cn=schema" "includes"]
|
||||||
|
(config: lib.optionals (lib.getAttrFromPath [ "services" "openldap" "defaultSchemas" ] config) (
|
||||||
|
map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ])))
|
||||||
|
|
||||||
|
(lib.mkChangedOptionModule [ "services" "openldap" "database" ] [ "services" "openldap" "settings" "children" ]
|
||||||
|
(config: let
|
||||||
|
database = lib.getAttrFromPath [ "services" "openldap" "database" ] config;
|
||||||
|
in {
|
||||||
|
"olcDatabase={1}${database}".attrs = {
|
||||||
|
# objectClass is case-insensitive, so don't need to capitalize ${database}
|
||||||
|
objectClass = [ "olcdatabaseconfig" "olc${database}config" ];
|
||||||
|
olcDatabase = "{1}${database}";
|
||||||
|
olcDbDirectory = lib.mkDefault "/var/db/openldap";
|
||||||
|
};
|
||||||
|
"cn=schema".includes = lib.mkDefault (
|
||||||
|
map (schema: "${openldap}/etc/schema/${schema}.ldif") [ "core" "cosine" "inetorgperson" "nis" ]
|
||||||
|
);
|
||||||
|
}))
|
||||||
|
(mkDatabaseOption "rootpwFile" [ "olcRootPW" "path" ])
|
||||||
|
(mkDatabaseOption "suffix" [ "olcSuffix" ])
|
||||||
|
(mkDatabaseOption "dataDir" [ "olcDbDirectory" ])
|
||||||
|
(mkDatabaseOption "rootdn" [ "olcRootDN" ])
|
||||||
|
(mkDatabaseOption "rootpw" [ "olcRootPW" ])
|
||||||
|
];
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.openldap = {
|
services.openldap = {
|
||||||
|
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -77,224 +155,170 @@ in
|
||||||
example = [ "ldaps:///" ];
|
example = [ "ldaps:///" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
dataDir = mkOption {
|
settings = mkOption {
|
||||||
type = types.path;
|
type = ldapAttrsType;
|
||||||
default = "/var/db/openldap";
|
description = "Configuration for OpenLDAP, in OLC format";
|
||||||
description = "The database directory.";
|
example = lib.literalExample ''
|
||||||
};
|
{
|
||||||
|
attrs.olcLogLevel = [ "stats" ];
|
||||||
defaultSchemas = mkOption {
|
children = {
|
||||||
type = types.bool;
|
"cn=schema".includes = [
|
||||||
default = true;
|
"\${pkgs.openldap}/etc/schema/core.ldif"
|
||||||
description = ''
|
"\${pkgs.openldap}/etc/schema/cosine.ldif"
|
||||||
Include the default schemas core, cosine, inetorgperson and nis.
|
"\${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
||||||
This setting will be ignored if configDir is set.
|
];
|
||||||
|
"olcDatabase={-1}frontend" = {
|
||||||
|
attrs = {
|
||||||
|
objectClass = "olcDatabaseConfig";
|
||||||
|
olcDatabase = "{-1}frontend";
|
||||||
|
olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"olcDatabase={0}config" = {
|
||||||
|
attrs = {
|
||||||
|
objectClass = "olcDatabaseConfig";
|
||||||
|
olcDatabase = "{0}config";
|
||||||
|
olcAccess = [ "{0}to * by * none break" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"olcDatabase={1}mdb" = {
|
||||||
|
attrs = {
|
||||||
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||||
|
olcDatabase = "{1}mdb";
|
||||||
|
olcDbDirectory = "/var/db/ldap";
|
||||||
|
olcDbIndex = [
|
||||||
|
"objectClass eq"
|
||||||
|
"cn pres,eq"
|
||||||
|
"uid pres,eq"
|
||||||
|
"sn pres,eq,subany"
|
||||||
|
];
|
||||||
|
olcSuffix = "dc=example,dc=com";
|
||||||
|
olcAccess = [ "{0}to * by * read break" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
database = mkOption {
|
# This option overrides settings
|
||||||
type = types.str;
|
|
||||||
default = "mdb";
|
|
||||||
description = ''
|
|
||||||
Database type to use for the LDAP.
|
|
||||||
This setting will be ignored if configDir is set.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
suffix = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
example = "dc=example,dc=org";
|
|
||||||
description = ''
|
|
||||||
Specify the DN suffix of queries that will be passed to this backend
|
|
||||||
database.
|
|
||||||
This setting will be ignored if configDir is set.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
rootdn = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
example = "cn=admin,dc=example,dc=org";
|
|
||||||
description = ''
|
|
||||||
Specify the distinguished name that is not subject to access control
|
|
||||||
or administrative limit restrictions for operations on this database.
|
|
||||||
This setting will be ignored if configDir is set.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
rootpw = mkOption {
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
default = null;
|
|
||||||
description = ''
|
|
||||||
Password for the root user.
|
|
||||||
This setting will be ignored if configDir is set.
|
|
||||||
Using this option will store the root password in plain text in the
|
|
||||||
world-readable nix store. To avoid this the <literal>rootpwFile</literal> can be used.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
rootpwFile = mkOption {
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
default = null;
|
|
||||||
description = ''
|
|
||||||
Password file for the root user.
|
|
||||||
The file should contain the string <literal>rootpw</literal> followed by the password.
|
|
||||||
e.g.: <literal>rootpw mysecurepassword</literal>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
logLevel = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "0";
|
|
||||||
example = "acl trace";
|
|
||||||
description = "The log level selector of slapd.";
|
|
||||||
};
|
|
||||||
|
|
||||||
configDir = mkOption {
|
configDir = mkOption {
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
description = "Use this optional config directory instead of using slapd.conf";
|
description = ''
|
||||||
|
Use this config directory instead of generating one from the
|
||||||
|
<literal>settings</literal> option. Overrides all NixOS settings. If
|
||||||
|
you use this option,ensure `olcPidFile` is set to `/run/slapd/slapd.conf`.
|
||||||
|
'';
|
||||||
example = "/var/db/slapd.d";
|
example = "/var/db/slapd.d";
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
|
||||||
type = types.lines;
|
|
||||||
default = "";
|
|
||||||
description = "
|
|
||||||
slapd.conf configuration
|
|
||||||
";
|
|
||||||
example = literalExample ''
|
|
||||||
'''
|
|
||||||
include ${openldap.out}/etc/schema/core.schema
|
|
||||||
include ${openldap.out}/etc/schema/cosine.schema
|
|
||||||
include ${openldap.out}/etc/schema/inetorgperson.schema
|
|
||||||
include ${openldap.out}/etc/schema/nis.schema
|
|
||||||
|
|
||||||
database bdb
|
|
||||||
suffix dc=example,dc=org
|
|
||||||
rootdn cn=admin,dc=example,dc=org
|
|
||||||
# NOTE: change after first start
|
|
||||||
rootpw secret
|
|
||||||
directory /var/db/openldap
|
|
||||||
'''
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
declarativeContents = mkOption {
|
declarativeContents = mkOption {
|
||||||
type = with types; nullOr lines;
|
type = with types; attrsOf lines;
|
||||||
default = null;
|
default = {};
|
||||||
description = ''
|
description = ''
|
||||||
Declarative contents for the LDAP database, in LDIF format.
|
Declarative contents for the LDAP database, in LDIF format by suffix.
|
||||||
|
|
||||||
Note a few facts when using it. First, the database
|
All data will be erased when starting the LDAP server. Modifications
|
||||||
<emphasis>must</emphasis> be stored in the directory defined by
|
to the database are not prevented, they are just dropped on the next
|
||||||
<code>dataDir</code>. Second, all <code>dataDir</code> will be erased
|
reboot of the server. Performance-wise the database and indexes are
|
||||||
when starting the LDAP server. Third, modifications to the database
|
rebuilt on each server startup, so this will slow down server startup,
|
||||||
are not prevented, they are just dropped on the next reboot of the
|
|
||||||
server. Finally, performance-wise the database and indexes are rebuilt
|
|
||||||
on each server startup, so this will slow down server startup,
|
|
||||||
especially with large databases.
|
especially with large databases.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = lib.literalExample ''
|
||||||
dn: dc=example,dc=org
|
{
|
||||||
objectClass: domain
|
"dc=example,dc=org" = '''
|
||||||
dc: example
|
dn= dn: dc=example,dc=org
|
||||||
|
objectClass: domain
|
||||||
|
dc: example
|
||||||
|
|
||||||
dn: ou=users,dc=example,dc=org
|
dn: ou=users,dc=example,dc=org
|
||||||
objectClass = organizationalUnit
|
objectClass = organizationalUnit
|
||||||
ou: users
|
ou: users
|
||||||
|
|
||||||
# ...
|
# ...
|
||||||
|
''';
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraDatabaseConfig = mkOption {
|
|
||||||
type = types.lines;
|
|
||||||
default = "";
|
|
||||||
description = ''
|
|
||||||
slapd.conf configuration after the database option.
|
|
||||||
This setting will be ignored if configDir is set.
|
|
||||||
'';
|
|
||||||
example = ''
|
|
||||||
# Indices to maintain for this directory
|
|
||||||
# unique id so equality match only
|
|
||||||
index uid eq
|
|
||||||
# allows general searching on commonname, givenname and email
|
|
||||||
index cn,gn,mail eq,sub
|
|
||||||
# allows multiple variants on surname searching
|
|
||||||
index sn eq,sub
|
|
||||||
# sub above includes subintial,subany,subfinal
|
|
||||||
# optimise department searches
|
|
||||||
index ou eq
|
|
||||||
# if searches will include objectClass uncomment following
|
|
||||||
# index objectClass eq
|
|
||||||
# shows use of default index parameter
|
|
||||||
index default eq,sub
|
|
||||||
# indices missing - uses default eq,sub
|
|
||||||
index telephonenumber
|
|
||||||
|
|
||||||
# other database parameters
|
|
||||||
# read more in slapd.conf reference section
|
|
||||||
cachesize 10000
|
|
||||||
checkpoint 128 15
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = {
|
meta.maintainers = with lib.maintainters; [ mic92 kwohlfahrt ];
|
||||||
maintainers = [ lib.maintainers.mic92 ];
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
###### implementation
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
assertions = [
|
assertions = map (opt: {
|
||||||
{
|
assertion = ((getAttr opt cfg) != "_mkMergedOptionModule") -> (cfg.database != "_mkMergedOptionModule");
|
||||||
assertion = cfg.configDir != null || cfg.rootpwFile != null || cfg.rootpw != null;
|
message = "Legacy OpenLDAP option `services.openldap.${opt}` requires `services.openldap.database` (use value \"mdb\" if unsure)";
|
||||||
message = "services.openldap: Unless configDir is set, either rootpw or rootpwFile must be set";
|
}) legacyOptions;
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.systemPackages = [ openldap ];
|
environment.systemPackages = [ openldap ];
|
||||||
|
|
||||||
|
# Literal attributes must always be set
|
||||||
|
services.openldap.settings = {
|
||||||
|
attrs = {
|
||||||
|
objectClass = "olcGlobal";
|
||||||
|
cn = "config";
|
||||||
|
olcPidFile = "/run/slapd/slapd.pid";
|
||||||
|
};
|
||||||
|
children."cn=schema".attrs = {
|
||||||
|
cn = "schema";
|
||||||
|
objectClass = "olcSchemaConfig";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.openldap = {
|
systemd.services.openldap = {
|
||||||
description = "LDAP server";
|
description = "LDAP server";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
preStart = ''
|
preStart = let
|
||||||
|
settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings));
|
||||||
|
|
||||||
|
dbSettings = lib.filterAttrs (name: value: lib.hasPrefix "olcDatabase=" name) cfg.settings.children;
|
||||||
|
dataDirs = lib.mapAttrs' (name: value: lib.nameValuePair value.attrs.olcSuffix value.attrs.olcDbDirectory)
|
||||||
|
(lib.filterAttrs (_: value: value.attrs ? olcDbDirectory) dbSettings);
|
||||||
|
dataFiles = lib.mapAttrs (dn: contents: pkgs.writeText "${dn}.ldif" contents) cfg.declarativeContents;
|
||||||
|
mkLoadScript = dn: let
|
||||||
|
dataDir = lib.escapeShellArg (getAttr dn dataDirs);
|
||||||
|
in ''
|
||||||
|
rm -rf ${dataDir}/*
|
||||||
|
${openldap}/bin/slapadd -F ${lib.escapeShellArg configDir} -b ${dn} -l ${getAttr dn dataFiles}
|
||||||
|
chown -R "${cfg.user}:${cfg.group}" ${dataDir}
|
||||||
|
'';
|
||||||
|
in ''
|
||||||
mkdir -p /run/slapd
|
mkdir -p /run/slapd
|
||||||
chown -R "${cfg.user}:${cfg.group}" /run/slapd
|
chown -R "${cfg.user}:${cfg.group}" /run/slapd
|
||||||
${optionalString (cfg.declarativeContents != null) ''
|
|
||||||
rm -Rf "${cfg.dataDir}"
|
|
||||||
''}
|
|
||||||
mkdir -p "${cfg.dataDir}"
|
|
||||||
${optionalString (cfg.declarativeContents != null) ''
|
|
||||||
${openldap.out}/bin/slapadd ${configOpts} -l ${dataFile}
|
|
||||||
''}
|
|
||||||
chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}"
|
|
||||||
|
|
||||||
${openldap}/bin/slaptest ${configOpts}
|
mkdir -p ${lib.escapeShellArg configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)}
|
||||||
|
chown "${cfg.user}:${cfg.group}" ${lib.escapeShellArg configDir} ${lib.escapeShellArgs (lib.attrValues dataDirs)}
|
||||||
|
|
||||||
|
${lib.optionalString (cfg.configDir == null) (''
|
||||||
|
rm -Rf ${configDir}/*
|
||||||
|
${openldap}/bin/slapadd -F ${configDir} -bcn=config -l ${settingsFile}
|
||||||
|
'')}
|
||||||
|
chown -R "${cfg.user}:${cfg.group}" ${lib.escapeShellArg configDir}
|
||||||
|
|
||||||
|
${lib.concatStrings (map mkLoadScript (lib.attrNames cfg.declarativeContents))}
|
||||||
|
${openldap}/bin/slaptest -u -F ${lib.escapeShellArg configDir}
|
||||||
'';
|
'';
|
||||||
serviceConfig.ExecStart =
|
serviceConfig = {
|
||||||
"${openldap.out}/libexec/slapd -d '${cfg.logLevel}' " +
|
ExecStart = lib.escapeShellArgs ([
|
||||||
"-u '${cfg.user}' -g '${cfg.group}' " +
|
"${openldap}/libexec/slapd" "-u" cfg.user "-g" cfg.group "-F" configDir
|
||||||
"-h '${concatStringsSep " " cfg.urlList}' " +
|
"-h" (lib.concatStringsSep " " cfg.urlList)
|
||||||
"${configOpts}";
|
]);
|
||||||
|
Type = "forking";
|
||||||
|
PIDFile = cfg.settings.attrs.olcPidFile;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.openldap =
|
users.users = lib.optionalAttrs (cfg.user == "openldap") {
|
||||||
{ name = cfg.user;
|
openldap = {
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
uid = config.ids.uids.openldap;
|
isSystemUser = true;
|
||||||
};
|
|
||||||
|
|
||||||
users.groups.openldap =
|
|
||||||
{ name = cfg.group;
|
|
||||||
gid = config.ids.gids.openldap;
|
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups = lib.optionalAttrs (cfg.group == "openldap") {
|
||||||
|
openldap = {};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -118,7 +118,7 @@ in
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
||||||
path = [
|
path = [
|
||||||
pkgs.utillinux # for `logger`
|
pkgs.util-linux # for `logger`
|
||||||
pkgs.bash
|
pkgs.bash
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ in {
|
||||||
description = "Profile Sync daemon";
|
description = "Profile Sync daemon";
|
||||||
wants = [ "psd-resync.service" ];
|
wants = [ "psd-resync.service" ];
|
||||||
wantedBy = [ "default.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
|
path = with pkgs; [ rsync kmod gawk nettools util-linux profile-sync-daemon ];
|
||||||
unitConfig = {
|
unitConfig = {
|
||||||
RequiresMountsFor = [ "/home/" ];
|
RequiresMountsFor = [ "/home/" ];
|
||||||
};
|
};
|
||||||
|
@ -55,7 +55,7 @@ in {
|
||||||
wants = [ "psd-resync.timer" ];
|
wants = [ "psd-resync.timer" ];
|
||||||
partOf = [ "psd.service" ];
|
partOf = [ "psd.service" ];
|
||||||
wantedBy = [ "default.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
|
path = with pkgs; [ rsync kmod gawk nettools util-linux profile-sync-daemon ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync";
|
ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync";
|
||||||
|
|
|
@ -57,8 +57,8 @@ let
|
||||||
substituteInPlace $i \
|
substituteInPlace $i \
|
||||||
--replace \"/sbin/modprobe \"${pkgs.kmod}/bin/modprobe \
|
--replace \"/sbin/modprobe \"${pkgs.kmod}/bin/modprobe \
|
||||||
--replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \
|
--replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \
|
||||||
--replace \"/sbin/blkid \"${pkgs.utillinux}/sbin/blkid \
|
--replace \"/sbin/blkid \"${pkgs.util-linux}/sbin/blkid \
|
||||||
--replace \"/bin/mount \"${pkgs.utillinux}/bin/mount \
|
--replace \"/bin/mount \"${pkgs.util-linux}/bin/mount \
|
||||||
--replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \
|
--replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \
|
||||||
--replace /usr/bin/basename ${pkgs.coreutils}/bin/basename
|
--replace /usr/bin/basename ${pkgs.coreutils}/bin/basename
|
||||||
done
|
done
|
||||||
|
@ -280,7 +280,7 @@ in
|
||||||
|
|
||||||
services.udev.packages = [ extraUdevRules extraHwdbFile ];
|
services.udev.packages = [ extraUdevRules extraHwdbFile ];
|
||||||
|
|
||||||
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ];
|
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.util-linux udev ];
|
||||||
|
|
||||||
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
|
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
|
||||||
|
|
||||||
|
|
|
@ -834,12 +834,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postfix.masterConfig = {
|
services.postfix.masterConfig = {
|
||||||
smtp_inet = {
|
|
||||||
name = "smtp";
|
|
||||||
type = "inet";
|
|
||||||
private = false;
|
|
||||||
command = "smtpd";
|
|
||||||
};
|
|
||||||
pickup = {
|
pickup = {
|
||||||
private = false;
|
private = false;
|
||||||
wakeup = 60;
|
wakeup = 60;
|
||||||
|
@ -921,6 +915,12 @@ in
|
||||||
in concatLists (mapAttrsToList mkKeyVal cfg.submissionOptions);
|
in concatLists (mapAttrsToList mkKeyVal cfg.submissionOptions);
|
||||||
};
|
};
|
||||||
} // optionalAttrs cfg.enableSmtp {
|
} // optionalAttrs cfg.enableSmtp {
|
||||||
|
smtp_inet = {
|
||||||
|
name = "smtp";
|
||||||
|
type = "inet";
|
||||||
|
private = false;
|
||||||
|
command = "smtpd";
|
||||||
|
};
|
||||||
smtp = {};
|
smtp = {};
|
||||||
relay = {
|
relay = {
|
||||||
command = "smtp";
|
command = "smtp";
|
||||||
|
|
|
@ -408,7 +408,7 @@ in
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
(mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ]
|
(mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ]
|
||||||
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
|
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
|
||||||
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
|
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
|
||||||
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
|
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
|
||||||
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")
|
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")
|
||||||
|
|
|
@ -31,7 +31,7 @@ in {
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
systemd.packages = [ pkgs.utillinux ];
|
systemd.packages = [ pkgs.util-linux ];
|
||||||
|
|
||||||
systemd.timers.fstrim = {
|
systemd.timers.fstrim = {
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
|
|
|
@ -43,9 +43,13 @@ let
|
||||||
|
|
||||||
[gitlab-shell]
|
[gitlab-shell]
|
||||||
dir = "${cfg.packages.gitlab-shell}"
|
dir = "${cfg.packages.gitlab-shell}"
|
||||||
|
|
||||||
|
[gitlab]
|
||||||
secret_file = "${cfg.statePath}/gitlab_shell_secret"
|
secret_file = "${cfg.statePath}/gitlab_shell_secret"
|
||||||
gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}"
|
url = "http+unix://${pathUrlQuote gitlabSocket}"
|
||||||
http_settings = { self_signed_cert = false }
|
|
||||||
|
[gitlab.http-settings]
|
||||||
|
self_signed_cert = false
|
||||||
|
|
||||||
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
|
${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
|
||||||
[[storage]]
|
[[storage]]
|
||||||
|
@ -119,6 +123,7 @@ let
|
||||||
receive_pack = true;
|
receive_pack = true;
|
||||||
};
|
};
|
||||||
workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
|
workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
|
||||||
|
gitlab_kas.secret_file = "${cfg.statePath}/.gitlab_kas_secret";
|
||||||
git.bin_path = "git";
|
git.bin_path = "git";
|
||||||
monitoring = {
|
monitoring = {
|
||||||
ip_whitelist = [ "127.0.0.0/8" "::1/128" ];
|
ip_whitelist = [ "127.0.0.0/8" "::1/128" ];
|
||||||
|
@ -653,7 +658,7 @@ in {
|
||||||
script = ''
|
script = ''
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
PSQL="${pkgs.utillinux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
|
PSQL="${pkgs.util-linux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
|
||||||
|
|
||||||
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
|
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
|
||||||
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
|
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
|
||||||
|
@ -668,6 +673,7 @@ in {
|
||||||
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
|
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
|
||||||
fi
|
fi
|
||||||
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
|
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
|
||||||
|
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS btree_gist;"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -750,7 +756,8 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.gitaly = {
|
systemd.services.gitaly = {
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" "gitlab.service" ];
|
||||||
|
requires = [ "gitlab.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
openssh
|
openssh
|
||||||
|
@ -839,7 +846,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.gitlab = {
|
systemd.services.gitlab = {
|
||||||
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
|
after = [ "gitlab-workhorse.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
|
||||||
requires = [ "gitlab-sidekiq.service" ];
|
requires = [ "gitlab-sidekiq.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
environment = gitlabEnv;
|
environment = gitlabEnv;
|
||||||
|
|
|
@ -713,7 +713,7 @@ in {
|
||||||
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
|
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
|
||||||
--keys-directory ${cfg.dataDir}
|
--keys-directory ${cfg.dataDir}
|
||||||
'';
|
'';
|
||||||
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -539,7 +539,7 @@ in
|
||||||
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
|
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
|
||||||
|
|
||||||
systemd.services.nix-daemon =
|
systemd.services.nix-daemon =
|
||||||
{ path = [ nix pkgs.utillinux config.programs.ssh.package ]
|
{ path = [ nix pkgs.util-linux config.programs.ssh.package ]
|
||||||
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
|
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
|
||||||
|
|
||||||
environment = cfg.envVars
|
environment = cfg.envVars
|
||||||
|
|
|
@ -39,7 +39,7 @@ in
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Whether to enable the Siproxd SIP
|
Whether to enable the Siproxd SIP
|
||||||
proxy/masquerading daemon.
|
proxy/masquerading daemon.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -57,29 +57,29 @@ in
|
||||||
|
|
||||||
hostsAllowReg = mkOption {
|
hostsAllowReg = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "192.168.1.0/24" "192.168.2.0/24" ];
|
example = [ "192.168.1.0/24" "192.168.2.0/24" ];
|
||||||
description = ''
|
description = ''
|
||||||
Acess control list for incoming SIP registrations.
|
Acess control list for incoming SIP registrations.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
hostsAllowSip = mkOption {
|
hostsAllowSip = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "123.45.0.0/16" "123.46.0.0/16" ];
|
example = [ "123.45.0.0/16" "123.46.0.0/16" ];
|
||||||
description = ''
|
description = ''
|
||||||
Acess control list for incoming SIP traffic.
|
Acess control list for incoming SIP traffic.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
hostsDenySip = mkOption {
|
hostsDenySip = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "10.0.0.0/8" "11.0.0.0/8" ];
|
example = [ "10.0.0.0/8" "11.0.0.0/8" ];
|
||||||
description = ''
|
description = ''
|
||||||
Acess control list for denying incoming
|
Acess control list for denying incoming
|
||||||
SIP registrations and traffic.
|
SIP registrations and traffic.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -87,7 +87,7 @@ in
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 5060;
|
default = 5060;
|
||||||
description = ''
|
description = ''
|
||||||
Port to listen for incoming SIP messages.
|
Port to listen for incoming SIP messages.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ in
|
||||||
|
|
||||||
svnBaseDir = mkOption {
|
svnBaseDir = mkOption {
|
||||||
default = "/repos";
|
default = "/repos";
|
||||||
description = "Base directory from which Subversion repositories are accessed.";
|
description = "Base directory from which Subversion repositories are accessed.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -142,7 +142,7 @@ in {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
|
Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
|
||||||
ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
|
ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
|
||||||
ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
|
ExecReload = "${pkgs.util-linux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
|
||||||
TimeoutStopSec = 60;
|
TimeoutStopSec = 60;
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
# User and group
|
# User and group
|
||||||
|
|
|
@ -36,7 +36,7 @@ let
|
||||||
|
|
||||||
$SMARTD_MESSAGE
|
$SMARTD_MESSAGE
|
||||||
EOF
|
EOF
|
||||||
} | ${pkgs.utillinux}/bin/wall 2>/dev/null
|
} | ${pkgs.util-linux}/bin/wall 2>/dev/null
|
||||||
''}
|
''}
|
||||||
${optionalString nx.enable ''
|
${optionalString nx.enable ''
|
||||||
export DISPLAY=${nx.display}
|
export DISPLAY=${nx.display}
|
||||||
|
|
|
@ -108,10 +108,10 @@ in
|
||||||
|
|
||||||
extmap = mkOption {
|
extmap = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = ''
|
||||||
File name extension mappings.
|
File name extension mappings.
|
||||||
See <literal>man extmap.conf</literal> for more information.
|
See <literal>man extmap.conf</literal> for more information.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -132,10 +132,10 @@ in
|
||||||
Type = "forking";
|
Type = "forking";
|
||||||
GuessMainPID = "no";
|
GuessMainPID = "no";
|
||||||
PIDFile = "/run/lock/netatalk";
|
PIDFile = "/run/lock/netatalk";
|
||||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID";
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID";
|
||||||
ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}";
|
ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}";
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
|
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = 1;
|
RestartSec = 1;
|
||||||
};
|
};
|
||||||
|
|
|
@ -244,7 +244,7 @@ in
|
||||||
# postStop, then we get a hang + kernel oops, because AFS can't be
|
# postStop, then we get a hang + kernel oops, because AFS can't be
|
||||||
# stopped simply by sending signals to processes.
|
# stopped simply by sending signals to processes.
|
||||||
preStop = ''
|
preStop = ''
|
||||||
${pkgs.utillinux}/bin/umount ${cfg.mountPoint}
|
${pkgs.util-linux}/bin/umount ${cfg.mountPoint}
|
||||||
${openafsBin}/sbin/afsd -shutdown
|
${openafsBin}/sbin/afsd -shutdown
|
||||||
${pkgs.kmod}/sbin/rmmod libafs
|
${pkgs.kmod}/sbin/rmmod libafs
|
||||||
'';
|
'';
|
||||||
|
|
124
third_party/nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix
vendored
Normal file
124
third_party/nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix
vendored
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.samba-wsdd;
|
||||||
|
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
services.samba-wsdd = {
|
||||||
|
enable = mkEnableOption ''
|
||||||
|
Enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
|
||||||
|
to be found by Web Service Discovery Clients like Windows.
|
||||||
|
<note>
|
||||||
|
<para>If you use the firewall consider adding the following:</para>
|
||||||
|
<programlisting>
|
||||||
|
networking.firewall.allowedTCPPorts = [ 5357 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 3702 ];
|
||||||
|
</programlisting>
|
||||||
|
</note>
|
||||||
|
'';
|
||||||
|
interface = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "eth0";
|
||||||
|
description = "Interface or address to use.";
|
||||||
|
};
|
||||||
|
hoplimit = mkOption {
|
||||||
|
type = types.nullOr types.int;
|
||||||
|
default = null;
|
||||||
|
example = 2;
|
||||||
|
description = "Hop limit for multicast packets (default = 1).";
|
||||||
|
};
|
||||||
|
workgroup = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "HOME";
|
||||||
|
description = "Set workgroup name (default WORKGROUP).";
|
||||||
|
};
|
||||||
|
hostname = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "FILESERVER";
|
||||||
|
description = "Override (NetBIOS) hostname to be used (default hostname).";
|
||||||
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "Set domain name (disables workgroup).";
|
||||||
|
};
|
||||||
|
discovery = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Enable discovery operation mode.";
|
||||||
|
};
|
||||||
|
listen = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/run/wsdd/wsdd.sock";
|
||||||
|
description = "Listen on path or localhost port in discovery mode.";
|
||||||
|
};
|
||||||
|
extraOptions = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ "--shortlog" ];
|
||||||
|
example = [ "--verbose" "--no-http" "--ipv4only" "--no-host" ];
|
||||||
|
description = "Additional wsdd options.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.wsdd ];
|
||||||
|
|
||||||
|
systemd.services.samba-wsdd = {
|
||||||
|
description = "Web Services Dynamic Discovery host daemon";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = true;
|
||||||
|
Type = "simple";
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.wsdd}/bin/wsdd ${optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \
|
||||||
|
${optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \
|
||||||
|
${optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \
|
||||||
|
${optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \
|
||||||
|
${optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \
|
||||||
|
${optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \
|
||||||
|
${escapeShellArgs cfg.extraOptions}
|
||||||
|
'';
|
||||||
|
# Runtime directory and mode
|
||||||
|
RuntimeDirectory = "wsdd";
|
||||||
|
RuntimeDirectoryMode = "0750";
|
||||||
|
# Access write directories
|
||||||
|
UMask = "0027";
|
||||||
|
# Capabilities
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
# Security
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
# Sandboxing
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateUsers = false;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
# System Call Filtering
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = "~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @resources @swap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -112,7 +112,7 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
Must be set to a unique identifier, preferably a UUID according to
|
Must be set to a unique identifier, preferably a UUID according to
|
||||||
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
|
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
|
||||||
the `utillinux` package.
|
the `util-linux` package.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
|
@ -232,7 +232,7 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
Must be set to a unique identifier, preferably a UUID according to
|
Must be set to a unique identifier, preferably a UUID according to
|
||||||
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
|
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
|
||||||
the `utillinux` package.
|
the `util-linux` package.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
|
@ -370,7 +370,7 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
Must be set to a unique identifier, preferably a UUID according to
|
Must be set to a unique identifier, preferably a UUID according to
|
||||||
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
|
RFC 4122. UUIDs can be generated with `uuidgen` command, found in
|
||||||
the `utillinux` package.
|
the `util-linux` package.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
|
|
|
@ -29,9 +29,11 @@ in
|
||||||
key = mkOption {
|
key = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "";
|
default = "";
|
||||||
description = "HMAC url validation key (hexadecimal encoded).
|
description = ''
|
||||||
Leave blank to disable. Without validation key, anyone can
|
HMAC url validation key (hexadecimal encoded).
|
||||||
submit proxy requests. Leave blank to disable.";
|
Leave blank to disable. Without validation key, anyone can
|
||||||
|
submit proxy requests. Leave blank to disable.
|
||||||
|
'';
|
||||||
defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey";
|
defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -85,10 +87,10 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "morty";
|
User = "morty";
|
||||||
ExecStart = ''${cfg.package}/bin/morty \
|
ExecStart = ''${cfg.package}/bin/morty \
|
||||||
-listen ${cfg.listenAddress}:${toString cfg.port} \
|
-listen ${cfg.listenAddress}:${toString cfg.port} \
|
||||||
${optionalString cfg.ipv6 "-ipv6"} \
|
${optionalString cfg.ipv6 "-ipv6"} \
|
||||||
${optionalString (cfg.key != "") "-key " + cfg.key} \
|
${optionalString (cfg.key != "") "-key " + cfg.key} \
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
|
@ -15,6 +15,9 @@ with lib;
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
boot.kernelModules = [ "tun" ];
|
boot.kernelModules = [ "tun" ];
|
||||||
|
|
||||||
|
# mullvad-daemon writes to /etc/iproute2/rt_tables
|
||||||
|
networking.iproute2.enable = true;
|
||||||
|
|
||||||
systemd.services.mullvad-daemon = {
|
systemd.services.mullvad-daemon = {
|
||||||
description = "Mullvad VPN daemon";
|
description = "Mullvad VPN daemon";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
|
@ -465,7 +465,7 @@ in {
|
||||||
restartTriggers = [ configFile overrideNameserversScript ];
|
restartTriggers = [ configFile overrideNameserversScript ];
|
||||||
|
|
||||||
# useful binaries for user-specified hooks
|
# useful binaries for user-specified hooks
|
||||||
path = [ pkgs.iproute pkgs.utillinux pkgs.coreutils ];
|
path = [ pkgs.iproute pkgs.util-linux pkgs.coreutils ];
|
||||||
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
|
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -477,7 +477,7 @@ in
|
||||||
# https://github.com/NixOS/nixpkgs/pull/10155
|
# https://github.com/NixOS/nixpkgs/pull/10155
|
||||||
# https://github.com/NixOS/nixpkgs/pull/41745
|
# https://github.com/NixOS/nixpkgs/pull/41745
|
||||||
services.openssh.authorizedKeysFiles =
|
services.openssh.authorizedKeysFiles =
|
||||||
[ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
|
[ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
|
||||||
|
|
||||||
services.openssh.extraConfig = mkOrder 0
|
services.openssh.extraConfig = mkOrder 0
|
||||||
''
|
''
|
||||||
|
|
|
@ -63,7 +63,7 @@ in {
|
||||||
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
|
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
path = with pkgs; [ kmod iproute iptables utillinux ];
|
path = with pkgs; [ kmod iproute iptables util-linux ];
|
||||||
environment = {
|
environment = {
|
||||||
STRONGSWAN_CONF = pkgs.writeTextFile {
|
STRONGSWAN_CONF = pkgs.writeTextFile {
|
||||||
name = "strongswan.conf";
|
name = "strongswan.conf";
|
||||||
|
|
|
@ -1173,20 +1173,20 @@ in {
|
||||||
|
|
||||||
ppk = mkPrefixedAttrsOfParams {
|
ppk = mkPrefixedAttrsOfParams {
|
||||||
secret = mkOptionalStrParam ''
|
secret = mkOptionalStrParam ''
|
||||||
Value of the PPK. It may either be an ASCII string, a hex encoded string
|
Value of the PPK. It may either be an ASCII string, a hex encoded string
|
||||||
if it has a <literal>0x</literal> prefix or a Base64 encoded string if
|
if it has a <literal>0x</literal> prefix or a Base64 encoded string if
|
||||||
it has a <literal>0s</literal> prefix in its value. Should have at least
|
it has a <literal>0s</literal> prefix in its value. Should have at least
|
||||||
256 bits of entropy for 128-bit security.
|
256 bits of entropy for 128-bit security.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
|
id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
|
||||||
PPK identity the PPK belongs to. Multiple unique identities may be
|
PPK identity the PPK belongs to. Multiple unique identities may be
|
||||||
specified, each having an <literal>id</literal> prefix, if a secret is
|
specified, each having an <literal>id</literal> prefix, if a secret is
|
||||||
shared between multiple peers.
|
shared between multiple peers.
|
||||||
'';
|
'';
|
||||||
} ''
|
} ''
|
||||||
Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
|
Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
|
||||||
defined in a unique section having the <literal>ppk</literal> prefix.
|
defined in a unique section having the <literal>ppk</literal> prefix.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
private = mkPrefixedAttrsOfParams {
|
private = mkPrefixedAttrsOfParams {
|
||||||
|
|
|
@ -152,7 +152,7 @@ in
|
||||||
systemd.services.strongswan = {
|
systemd.services.strongswan = {
|
||||||
description = "strongSwan IPSec Service";
|
description = "strongSwan IPSec Service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
|
path = with pkgs; [ kmod iproute iptables util-linux ]; # XXX Linux
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
environment = {
|
environment = {
|
||||||
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };
|
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };
|
||||||
|
|
|
@ -21,7 +21,7 @@ let
|
||||||
RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
|
RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
|
||||||
};
|
};
|
||||||
|
|
||||||
configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions);
|
configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions);
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
|
|
@ -448,7 +448,7 @@ in
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
In case when running behind a reverse proxy, controls whether headers
|
In case when running behind a reverse proxy, controls whether headers
|
||||||
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
|
like <literal>X-Real-Ip</literal> are accepted. Usage behind a reverse
|
||||||
proxy will require this flag to be set to avoid logging the reverse
|
proxy will require this flag to be set to avoid logging the reverse
|
||||||
proxy IP address.
|
proxy IP address.
|
||||||
'';
|
'';
|
||||||
|
@ -524,7 +524,7 @@ in
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Profile access endpoint.
|
Profile access endpoint.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ let cfg = config.services.cloud-init;
|
||||||
nettools
|
nettools
|
||||||
openssh
|
openssh
|
||||||
shadow
|
shadow
|
||||||
utillinux
|
util-linux
|
||||||
] ++ optional cfg.btrfs.enable btrfs-progs
|
] ++ optional cfg.btrfs.enable btrfs-progs
|
||||||
++ optional cfg.ext4.enable e2fsprogs
|
++ optional cfg.ext4.enable e2fsprogs
|
||||||
;
|
;
|
||||||
|
|
|
@ -397,9 +397,9 @@ in
|
||||||
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
|
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
|
||||||
mr ${getLib pkgs.openssl}/lib/libssl*.so*,
|
mr ${getLib pkgs.openssl}/lib/libssl*.so*,
|
||||||
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
|
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
|
||||||
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so*,
|
mr ${getLib pkgs.util-linuxMinimal.out}/lib/libblkid.so*,
|
||||||
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so*,
|
mr ${getLib pkgs.util-linuxMinimal.out}/lib/libmount.so*,
|
||||||
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so*,
|
mr ${getLib pkgs.util-linuxMinimal.out}/lib/libuuid.so*,
|
||||||
mr ${getLib pkgs.xz}/lib/liblzma*.so*,
|
mr ${getLib pkgs.xz}/lib/liblzma*.so*,
|
||||||
mr ${getLib pkgs.zlib}/lib/libz*.so*,
|
mr ${getLib pkgs.zlib}/lib/libz*.so*,
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
|
autologinArg = optionalString (config.services.mingetty.autologinUser != null) "--autologin ${config.services.mingetty.autologinUser}";
|
||||||
gettyCmd = extraArgs: "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
|
gettyCmd = extraArgs: "@${pkgs.util-linux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login ${autologinArg} ${extraArgs}";
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
|
|
@ -143,7 +143,7 @@ in
|
||||||
Set a UUID that uniquely identifies the server.
|
Set a UUID that uniquely identifies the server.
|
||||||
|
|
||||||
This can be generated with
|
This can be generated with
|
||||||
<literal>nix-shell -p utillinux --run uuidgen</literal>.
|
<literal>nix-shell -p util-linux --run uuidgen</literal>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -750,8 +750,8 @@ in
|
||||||
# Get rid of old semaphores. These tend to accumulate across
|
# Get rid of old semaphores. These tend to accumulate across
|
||||||
# server restarts, eventually preventing it from restarting
|
# server restarts, eventually preventing it from restarting
|
||||||
# successfully.
|
# successfully.
|
||||||
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do
|
for i in $(${pkgs.util-linux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do
|
||||||
${pkgs.utillinux}/bin/ipcrm -s $i
|
${pkgs.util-linux}/bin/ipcrm -s $i
|
||||||
done
|
done
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ with lib;
|
||||||
|
|
||||||
path =
|
path =
|
||||||
[ pkgs.xorg.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
|
[ pkgs.xorg.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
|
||||||
pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash
|
pkgs.nettools pkgs.shadow pkgs.procps pkgs.util-linux pkgs.bash
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.FD_GEOM = "1024x786x24";
|
environment.FD_GEOM = "1024x786x24";
|
||||||
|
|
|
@ -16,8 +16,8 @@ in
|
||||||
services.xserver.windowManager.session = singleton {
|
services.xserver.windowManager.session = singleton {
|
||||||
name = "evilwm";
|
name = "evilwm";
|
||||||
start = ''
|
start = ''
|
||||||
${pkgs.evilwm}/bin/evilwm &
|
${pkgs.evilwm}/bin/evilwm &
|
||||||
waitPID=$!
|
waitPID=$!
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ pkgs.evilwm ];
|
environment.systemPackages = [ pkgs.evilwm ];
|
||||||
|
|
|
@ -25,7 +25,7 @@ let
|
||||||
stdenv.cc.libc # nscd in update-users-groups.pl
|
stdenv.cc.libc # nscd in update-users-groups.pl
|
||||||
shadow
|
shadow
|
||||||
nettools # needed for hostname
|
nettools # needed for hostname
|
||||||
utillinux # needed for mount and mountpoint
|
util-linux # needed for mount and mountpoint
|
||||||
];
|
];
|
||||||
|
|
||||||
scriptType = with types;
|
scriptType = with types;
|
||||||
|
|
|
@ -97,10 +97,11 @@ let
|
||||||
allowSubstitutes = false;
|
allowSubstitutes = false;
|
||||||
buildCommand = systemBuilder;
|
buildCommand = systemBuilder;
|
||||||
|
|
||||||
inherit (pkgs) utillinux coreutils;
|
inherit (pkgs) coreutils;
|
||||||
systemd = config.systemd.package;
|
systemd = config.systemd.package;
|
||||||
shell = "${pkgs.bash}/bin/sh";
|
shell = "${pkgs.bash}/bin/sh";
|
||||||
su = "${pkgs.shadow.su}/bin/su";
|
su = "${pkgs.shadow.su}/bin/su";
|
||||||
|
utillinux = pkgs.util-linux;
|
||||||
|
|
||||||
kernelParams = config.boot.kernelParams;
|
kernelParams = config.boot.kernelParams;
|
||||||
installBootLoader =
|
installBootLoader =
|
||||||
|
|
|
@ -20,8 +20,8 @@ with lib;
|
||||||
boot.initrd.extraUtilsCommands = ''
|
boot.initrd.extraUtilsCommands = ''
|
||||||
copy_bin_and_libs ${pkgs.gawk}/bin/gawk
|
copy_bin_and_libs ${pkgs.gawk}/bin/gawk
|
||||||
copy_bin_and_libs ${pkgs.gnused}/bin/sed
|
copy_bin_and_libs ${pkgs.gnused}/bin/sed
|
||||||
copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
|
copy_bin_and_libs ${pkgs.util-linux}/sbin/sfdisk
|
||||||
copy_bin_and_libs ${pkgs.utillinux}/sbin/lsblk
|
copy_bin_and_libs ${pkgs.util-linux}/sbin/lsblk
|
||||||
|
|
||||||
substitute "${pkgs.cloud-utils.guest}/bin/.growpart-wrapped" "$out/bin/growpart" \
|
substitute "${pkgs.cloud-utils.guest}/bin/.growpart-wrapped" "$out/bin/growpart" \
|
||||||
--replace "${pkgs.bash}/bin/sh" "/bin/sh" \
|
--replace "${pkgs.bash}/bin/sh" "/bin/sh" \
|
||||||
|
|
|
@ -66,7 +66,7 @@ let
|
||||||
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
|
extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels
|
||||||
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
|
default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios gfxpayloadEfi gfxpayloadBios;
|
||||||
path = with pkgs; makeBinPath (
|
path = with pkgs; makeBinPath (
|
||||||
[ coreutils gnused gnugrep findutils diffutils btrfs-progs utillinux mdadm ]
|
[ coreutils gnused gnugrep findutils diffutils btrfs-progs util-linux mdadm ]
|
||||||
++ optional (cfg.efiSupport && (cfg.version == 2)) efibootmgr
|
++ optional (cfg.efiSupport && (cfg.version == 2)) efibootmgr
|
||||||
++ optionals cfg.useOSProber [ busybox os-prober ]);
|
++ optionals cfg.useOSProber [ busybox os-prober ]);
|
||||||
font = if cfg.font == null then ""
|
font = if cfg.font == null then ""
|
||||||
|
@ -705,7 +705,7 @@ in
|
||||||
let
|
let
|
||||||
install-grub-pl = pkgs.substituteAll {
|
install-grub-pl = pkgs.substituteAll {
|
||||||
src = ./install-grub.pl;
|
src = ./install-grub.pl;
|
||||||
inherit (pkgs) utillinux;
|
utillinux = pkgs.util-linux;
|
||||||
btrfsprogs = pkgs.btrfs-progs;
|
btrfsprogs = pkgs.btrfs-progs;
|
||||||
};
|
};
|
||||||
in pkgs.writeScript "install-grub.sh" (''
|
in pkgs.writeScript "install-grub.sh" (''
|
||||||
|
|
|
@ -18,7 +18,7 @@ with lib;
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
ExecStart = "${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
|
ExecStart = "${pkgs.util-linux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -107,8 +107,8 @@ let
|
||||||
copy_bin_and_libs $BIN
|
copy_bin_and_libs $BIN
|
||||||
done
|
done
|
||||||
|
|
||||||
# Copy some utillinux stuff.
|
# Copy some util-linux stuff.
|
||||||
copy_bin_and_libs ${pkgs.utillinux}/sbin/blkid
|
copy_bin_and_libs ${pkgs.util-linux}/sbin/blkid
|
||||||
|
|
||||||
# Copy dmsetup and lvm.
|
# Copy dmsetup and lvm.
|
||||||
copy_bin_and_libs ${getBin pkgs.lvm2}/bin/dmsetup
|
copy_bin_and_libs ${getBin pkgs.lvm2}/bin/dmsetup
|
||||||
|
@ -235,7 +235,7 @@ let
|
||||||
--replace scsi_id ${extraUtils}/bin/scsi_id \
|
--replace scsi_id ${extraUtils}/bin/scsi_id \
|
||||||
--replace cdrom_id ${extraUtils}/bin/cdrom_id \
|
--replace cdrom_id ${extraUtils}/bin/cdrom_id \
|
||||||
--replace ${pkgs.coreutils}/bin/basename ${extraUtils}/bin/basename \
|
--replace ${pkgs.coreutils}/bin/basename ${extraUtils}/bin/basename \
|
||||||
--replace ${pkgs.utillinux}/bin/blkid ${extraUtils}/bin/blkid \
|
--replace ${pkgs.util-linux}/bin/blkid ${extraUtils}/bin/blkid \
|
||||||
--replace ${getBin pkgs.lvm2}/bin ${extraUtils}/bin \
|
--replace ${getBin pkgs.lvm2}/bin ${extraUtils}/bin \
|
||||||
--replace ${pkgs.mdadm}/sbin ${extraUtils}/sbin \
|
--replace ${pkgs.mdadm}/sbin ${extraUtils}/sbin \
|
||||||
--replace ${pkgs.bash}/bin/sh ${extraUtils}/bin/sh \
|
--replace ${pkgs.bash}/bin/sh ${extraUtils}/bin/sh \
|
||||||
|
|
|
@ -17,7 +17,7 @@ let
|
||||||
inherit (config.system.build) earlyMountScript;
|
inherit (config.system.build) earlyMountScript;
|
||||||
path = lib.makeBinPath ([
|
path = lib.makeBinPath ([
|
||||||
pkgs.coreutils
|
pkgs.coreutils
|
||||||
pkgs.utillinux
|
pkgs.util-linux
|
||||||
] ++ lib.optional useHostResolvConf pkgs.openresolv);
|
] ++ lib.optional useHostResolvConf pkgs.openresolv);
|
||||||
fsPackagesPath = lib.makeBinPath config.system.fsPackages;
|
fsPackagesPath = lib.makeBinPath config.system.fsPackages;
|
||||||
postBootCommands = pkgs.writeText "local-cmds"
|
postBootCommands = pkgs.writeText "local-cmds"
|
||||||
|
|
|
@ -286,7 +286,7 @@ in
|
||||||
before = [ mountPoint' "systemd-fsck@${device'}.service" ];
|
before = [ mountPoint' "systemd-fsck@${device'}.service" ];
|
||||||
requires = [ device'' ];
|
requires = [ device'' ];
|
||||||
after = [ device'' ];
|
after = [ device'' ];
|
||||||
path = [ pkgs.utillinux ] ++ config.system.fsPackages;
|
path = [ pkgs.util-linux ] ++ config.system.fsPackages;
|
||||||
script =
|
script =
|
||||||
''
|
''
|
||||||
if ! [ -e "${fs.device}" ]; then exit 1; fi
|
if ! [ -e "${fs.device}" ]; then exit 1; fi
|
||||||
|
|
|
@ -18,9 +18,9 @@
|
||||||
|
|
||||||
boot.initrd.postDeviceCommands = ''
|
boot.initrd.postDeviceCommands = ''
|
||||||
# Hacky!!! fuse hard-codes the path to mount
|
# Hacky!!! fuse hard-codes the path to mount
|
||||||
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
|
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
|
||||||
ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
|
ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
|
||||||
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
|
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.util-linux.name}-bin/bin
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -440,7 +440,7 @@ in
|
||||||
pkgs.gnugrep
|
pkgs.gnugrep
|
||||||
pkgs.gnused
|
pkgs.gnused
|
||||||
pkgs.nettools
|
pkgs.nettools
|
||||||
pkgs.utillinux
|
pkgs.util-linux
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1246,7 +1246,7 @@ in
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Udev attributes for systemd to name the device and to create a .device target.
|
# Udev attributes for systemd to name the device and to create a .device target.
|
||||||
systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}:="${n}", ENV{SYSTEMD_ALIAS}:="/sys/subsystem/net/devices/${n}", TAG+="systemd"'';
|
systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}="${n}", ENV{SYSTEMD_ALIAS}="/sys/subsystem/net/devices/${n}", TAG+="systemd"'';
|
||||||
in
|
in
|
||||||
flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device:
|
flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device:
|
||||||
let
|
let
|
||||||
|
|
|
@ -124,7 +124,7 @@ in
|
||||||
boot.initrd.extraUtilsCommands =
|
boot.initrd.extraUtilsCommands =
|
||||||
''
|
''
|
||||||
# We need swapon in the initrd.
|
# We need swapon in the initrd.
|
||||||
copy_bin_and_libs ${pkgs.utillinux}/sbin/swapon
|
copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Don't put old configurations in the GRUB menu. The user has no
|
# Don't put old configurations in the GRUB menu. The user has no
|
||||||
|
|
|
@ -22,7 +22,7 @@ let
|
||||||
nettools # for hostname
|
nettools # for hostname
|
||||||
procps # for pidof
|
procps # for pidof
|
||||||
shadow # for useradd, usermod
|
shadow # for useradd, usermod
|
||||||
utillinux # for (u)mount, fdisk, sfdisk, mkswap
|
util-linux # for (u)mount, fdisk, sfdisk, mkswap
|
||||||
parted
|
parted
|
||||||
];
|
];
|
||||||
pythonPath = [ pythonPackages.pyasn1 ];
|
pythonPath = [ pythonPackages.pyasn1 ];
|
||||||
|
|
|
@ -27,7 +27,7 @@ in
|
||||||
popd
|
popd
|
||||||
'';
|
'';
|
||||||
diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw";
|
diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw";
|
||||||
buildInputs = [ pkgs.utillinux pkgs.perl ];
|
buildInputs = [ pkgs.util-linux pkgs.perl ];
|
||||||
exportReferencesGraph =
|
exportReferencesGraph =
|
||||||
[ "closure" config.system.build.toplevel ];
|
[ "closure" config.system.build.toplevel ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,9 +8,14 @@
|
||||||
# Make sure that every package you depend on here is already listed as
|
# Make sure that every package you depend on here is already listed as
|
||||||
# a channel blocker for both the full-sized and small channels.
|
# a channel blocker for both the full-sized and small channels.
|
||||||
# Otherwise, we risk breaking user deploys in released channels.
|
# Otherwise, we risk breaking user deploys in released channels.
|
||||||
|
#
|
||||||
|
# Also note: OpenStack's metadata service for its instances aims to be
|
||||||
|
# compatible with the EC2 IMDS. Where possible, try to keep the set of
|
||||||
|
# fetched metadata in sync with ./openstack-metadata-fetcher.nix .
|
||||||
''
|
''
|
||||||
metaDir=${targetRoot}etc/ec2-metadata
|
metaDir=${targetRoot}etc/ec2-metadata
|
||||||
mkdir -m 0755 -p "$metaDir"
|
mkdir -m 0755 -p "$metaDir"
|
||||||
|
rm -f "$metaDir/*"
|
||||||
|
|
||||||
get_imds_token() {
|
get_imds_token() {
|
||||||
# retry-delay of 1 selected to give the system a second to get going,
|
# retry-delay of 1 selected to give the system a second to get going,
|
||||||
|
@ -61,19 +66,12 @@
|
||||||
|
|
||||||
echo "getting EC2 instance metadata..."
|
echo "getting EC2 instance metadata..."
|
||||||
|
|
||||||
if ! [ -e "$metaDir/ami-manifest-path" ]; then
|
wget_imds() {
|
||||||
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
|
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@";
|
||||||
fi
|
}
|
||||||
|
|
||||||
if ! [ -e "$metaDir/user-data" ]; then
|
wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
|
||||||
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
|
wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
|
||||||
fi
|
wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
|
||||||
|
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
|
||||||
if ! [ -e "$metaDir/hostname" ]; then
|
|
||||||
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
|
|
||||||
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
|
|
||||||
fi
|
|
||||||
''
|
''
|
||||||
|
|
|
@ -614,17 +614,17 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
timeoutStartSec = mkOption {
|
timeoutStartSec = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "1min";
|
default = "1min";
|
||||||
description = ''
|
description = ''
|
||||||
Time for the container to start. In case of a timeout,
|
Time for the container to start. In case of a timeout,
|
||||||
the container processes get killed.
|
the container processes get killed.
|
||||||
See <citerefentry><refentrytitle>systemd.time</refentrytitle>
|
See <citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||||
<manvolnum>7</manvolnum></citerefentry>
|
<manvolnum>7</manvolnum></citerefentry>
|
||||||
for more information about the format.
|
for more information about the format.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
bindMounts = mkOption {
|
bindMounts = mkOption {
|
||||||
type = with types; attrsOf (submodule bindMountOpts);
|
type = with types; attrsOf (submodule bindMountOpts);
|
||||||
|
|
|
@ -1,23 +1,21 @@
|
||||||
{ targetRoot, wgetExtraOptions }:
|
{ targetRoot, wgetExtraOptions }:
|
||||||
|
|
||||||
|
# OpenStack's metadata service aims to be EC2-compatible. Where
|
||||||
|
# possible, try to keep the set of fetched metadata in sync with
|
||||||
|
# ./ec2-metadata-fetcher.nix .
|
||||||
''
|
''
|
||||||
metaDir=${targetRoot}etc/ec2-metadata
|
metaDir=${targetRoot}etc/ec2-metadata
|
||||||
mkdir -m 0755 -p "$metaDir"
|
mkdir -m 0755 -p "$metaDir"
|
||||||
|
rm -f "$metaDir/*"
|
||||||
|
|
||||||
echo "getting EC2 instance metadata..."
|
echo "getting instance metadata..."
|
||||||
|
|
||||||
if ! [ -e "$metaDir/ami-manifest-path" ]; then
|
wget_imds() {
|
||||||
wget ${wgetExtraOptions} -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
|
wget ${wgetExtraOptions} "$@"
|
||||||
fi
|
}
|
||||||
|
|
||||||
if ! [ -e "$metaDir/user-data" ]; then
|
wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
|
||||||
wget ${wgetExtraOptions} -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
|
wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
|
||||||
fi
|
wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
|
||||||
|
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
|
||||||
if ! [ -e "$metaDir/hostname" ]; then
|
|
||||||
wget ${wgetExtraOptions} -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! [ -e "$metaDir/public-keys-0-openssh-key" ]; then
|
|
||||||
wget ${wgetExtraOptions} -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
|
|
||||||
fi
|
|
||||||
''
|
''
|
||||||
|
|
|
@ -190,7 +190,7 @@ let
|
||||||
'' else ''
|
'' else ''
|
||||||
''}
|
''}
|
||||||
'';
|
'';
|
||||||
buildInputs = [ pkgs.utillinux ];
|
buildInputs = [ pkgs.util-linux ];
|
||||||
QEMU_OPTS = "-nographic -serial stdio -monitor none"
|
QEMU_OPTS = "-nographic -serial stdio -monitor none"
|
||||||
+ lib.optionalString cfg.useEFIBoot (
|
+ lib.optionalString cfg.useEFIBoot (
|
||||||
" -drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}"
|
" -drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}"
|
||||||
|
|
|
@ -201,8 +201,8 @@ in
|
||||||
''
|
''
|
||||||
if [ -d /proc/xen ]; then
|
if [ -d /proc/xen ]; then
|
||||||
${pkgs.kmod}/bin/modprobe xenfs 2> /dev/null
|
${pkgs.kmod}/bin/modprobe xenfs 2> /dev/null
|
||||||
${pkgs.utillinux}/bin/mountpoint -q /proc/xen || \
|
${pkgs.util-linux}/bin/mountpoint -q /proc/xen || \
|
||||||
${pkgs.utillinux}/bin/mount -t xenfs none /proc/xen
|
${pkgs.util-linux}/bin/mount -t xenfs none /proc/xen
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -315,6 +315,7 @@ in
|
||||||
runInMachine = handleTest ./run-in-machine.nix {};
|
runInMachine = handleTest ./run-in-machine.nix {};
|
||||||
rxe = handleTest ./rxe.nix {};
|
rxe = handleTest ./rxe.nix {};
|
||||||
samba = handleTest ./samba.nix {};
|
samba = handleTest ./samba.nix {};
|
||||||
|
samba-wsdd = handleTest ./samba-wsdd.nix {};
|
||||||
sanoid = handleTest ./sanoid.nix {};
|
sanoid = handleTest ./sanoid.nix {};
|
||||||
sbt = handleTest ./sbt.nix {};
|
sbt = handleTest ./sbt.nix {};
|
||||||
sbt-extras = handleTest ./sbt-extras.nix {};
|
sbt-extras = handleTest ./sbt-extras.nix {};
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
import ../make-test-python.nix (
|
import ../make-test-python.nix (
|
||||||
{
|
{
|
||||||
pkgs, ...
|
pkgs, ...
|
||||||
}:
|
}:
|
||||||
# copy_from_host works only for store paths
|
# copy_from_host works only for store paths
|
||||||
rec {
|
rec {
|
||||||
name = "fcitx";
|
name = "fcitx";
|
||||||
machine =
|
machine =
|
||||||
{
|
{
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
virtualisation.memorySize = 1024;
|
virtualisation.memorySize = 1024;
|
||||||
|
|
||||||
|
@ -19,11 +19,11 @@ import ../make-test-python.nix (
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
# To avoid clashing with xfce4-terminal
|
# To avoid clashing with xfce4-terminal
|
||||||
pkgs.alacritty
|
pkgs.alacritty
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
services.xserver =
|
services.xserver =
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ import ../make-test-python.nix (
|
||||||
|
|
||||||
desktopManager.xfce.enable = true;
|
desktopManager.xfce.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
i18n = {
|
i18n = {
|
||||||
inputMethod = {
|
inputMethod = {
|
||||||
enabled = "fcitx";
|
enabled = "fcitx";
|
||||||
|
@ -50,14 +50,14 @@ import ../make-test-python.nix (
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
|
||||||
testScript = { nodes, ... }:
|
testScript = { nodes, ... }:
|
||||||
let
|
let
|
||||||
user = nodes.machine.config.users.users.alice;
|
user = nodes.machine.config.users.users.alice;
|
||||||
userName = user.name;
|
userName = user.name;
|
||||||
userHome = user.home;
|
userHome = user.home;
|
||||||
xauth = "${userHome}/.Xauthority";
|
xauth = "${userHome}/.Xauthority";
|
||||||
fcitx_confdir = "${userHome}/.config/fcitx";
|
fcitx_confdir = "${userHome}/.config/fcitx";
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
# We need config files before login session
|
# We need config files before login session
|
||||||
# So copy first thing
|
# So copy first thing
|
||||||
|
@ -92,7 +92,7 @@ import ../make-test-python.nix (
|
||||||
machine.send_key("ctrl-alt-shift-u")
|
machine.send_key("ctrl-alt-shift-u")
|
||||||
machine.sleep(5)
|
machine.sleep(5)
|
||||||
machine.sleep(1)
|
machine.sleep(1)
|
||||||
|
|
||||||
### Search for smiling face
|
### Search for smiling face
|
||||||
machine.send_chars("smil")
|
machine.send_chars("smil")
|
||||||
machine.sleep(1)
|
machine.sleep(1)
|
||||||
|
|
6
third_party/nixpkgs/nixos/tests/gitlab.nix
vendored
6
third_party/nixpkgs/nixos/tests/gitlab.nix
vendored
|
@ -33,9 +33,9 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
|
||||||
initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
|
initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
|
||||||
smtp.enable = true;
|
smtp.enable = true;
|
||||||
secrets = {
|
secrets = {
|
||||||
secretFile = pkgs.writeText "secret" "Aig5zaic";
|
secretFile = pkgs.writeText "secret" "r8X9keSKynU7p4aKlh4GO1Bo77g5a7vj";
|
||||||
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
|
otpFile = pkgs.writeText "otpsecret" "Zu5hGx3YvQx40DvI8WoZJQpX2paSDOlG";
|
||||||
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
|
dbFile = pkgs.writeText "dbsecret" "lsGltKWTejOf6JxCVa7nLDenzkO9wPLR";
|
||||||
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
6
third_party/nixpkgs/nixos/tests/morty.nix
vendored
6
third_party/nixpkgs/nixos/tests/morty.nix
vendored
|
@ -12,9 +12,9 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{ services.morty = {
|
{ services.morty = {
|
||||||
enable = true;
|
enable = true;
|
||||||
key = "78a9cd0cfee20c672f78427efb2a2a96036027f0";
|
key = "78a9cd0cfee20c672f78427efb2a2a96036027f0";
|
||||||
port = 3001;
|
port = 3001;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
142
third_party/nixpkgs/nixos/tests/openldap.nix
vendored
142
third_party/nixpkgs/nixos/tests/openldap.nix
vendored
|
@ -1,33 +1,125 @@
|
||||||
import ./make-test-python.nix {
|
{ pkgs, system ? builtins.currentSystem, ... }: let
|
||||||
name = "openldap";
|
dbContents = ''
|
||||||
|
dn: dc=example
|
||||||
machine = { pkgs, ... }: {
|
objectClass: domain
|
||||||
services.openldap = {
|
dc: example
|
||||||
enable = true;
|
|
||||||
suffix = "dc=example";
|
|
||||||
rootdn = "cn=root,dc=example";
|
|
||||||
rootpw = "notapassword";
|
|
||||||
database = "bdb";
|
|
||||||
extraDatabaseConfig = ''
|
|
||||||
directory /var/db/openldap
|
|
||||||
'';
|
|
||||||
declarativeContents = ''
|
|
||||||
dn: dc=example
|
|
||||||
objectClass: domain
|
|
||||||
dc: example
|
|
||||||
|
|
||||||
dn: ou=users,dc=example
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
ou: users
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
dn: ou=users,dc=example
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: users
|
||||||
|
'';
|
||||||
testScript = ''
|
testScript = ''
|
||||||
machine.wait_for_unit("openldap.service")
|
machine.wait_for_unit("openldap.service")
|
||||||
machine.succeed(
|
machine.succeed(
|
||||||
"systemctl status openldap.service",
|
|
||||||
'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
|
'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"',
|
||||||
)
|
)
|
||||||
'';
|
'';
|
||||||
|
in {
|
||||||
|
# New-style configuration
|
||||||
|
current = import ./make-test-python.nix {
|
||||||
|
inherit testScript;
|
||||||
|
name = "openldap";
|
||||||
|
|
||||||
|
machine = { pkgs, ... }: {
|
||||||
|
environment.etc."openldap/root_password".text = "notapassword";
|
||||||
|
services.openldap = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
children = {
|
||||||
|
"cn=schema".includes = [
|
||||||
|
"${pkgs.openldap}/etc/schema/core.ldif"
|
||||||
|
"${pkgs.openldap}/etc/schema/cosine.ldif"
|
||||||
|
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
||||||
|
"${pkgs.openldap}/etc/schema/nis.ldif"
|
||||||
|
];
|
||||||
|
"olcDatabase={1}mdb" = {
|
||||||
|
# This tests string, base64 and path values, as well as lists of string values
|
||||||
|
attrs = {
|
||||||
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||||
|
olcDatabase = "{1}mdb";
|
||||||
|
olcDbDirectory = "/var/db/openldap";
|
||||||
|
olcSuffix = "dc=example";
|
||||||
|
olcRootDN = {
|
||||||
|
# cn=root,dc=example
|
||||||
|
base64 = "Y249cm9vdCxkYz1leGFtcGxl";
|
||||||
|
};
|
||||||
|
olcRootPW = {
|
||||||
|
path = "/etc/openldap/root_password";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
declarativeContents."dc=example" = dbContents;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Old-style configuration
|
||||||
|
oldOptions = import ./make-test-python.nix {
|
||||||
|
inherit testScript;
|
||||||
|
name = "openldap";
|
||||||
|
|
||||||
|
machine = { pkgs, ... }: {
|
||||||
|
services.openldap = {
|
||||||
|
enable = true;
|
||||||
|
logLevel = "stats acl";
|
||||||
|
defaultSchemas = true;
|
||||||
|
database = "mdb";
|
||||||
|
suffix = "dc=example";
|
||||||
|
rootdn = "cn=root,dc=example";
|
||||||
|
rootpw = "notapassword";
|
||||||
|
declarativeContents."dc=example" = dbContents;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Manually managed configDir, for example if dynamic config is essential
|
||||||
|
manualConfigDir = import ./make-test-python.nix {
|
||||||
|
name = "openldap";
|
||||||
|
|
||||||
|
machine = { pkgs, ... }: {
|
||||||
|
services.openldap = {
|
||||||
|
enable = true;
|
||||||
|
configDir = "/var/db/slapd.d";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = let
|
||||||
|
contents = pkgs.writeText "data.ldif" dbContents;
|
||||||
|
config = pkgs.writeText "config.ldif" ''
|
||||||
|
dn: cn=config
|
||||||
|
cn: config
|
||||||
|
objectClass: olcGlobal
|
||||||
|
olcLogLevel: stats
|
||||||
|
olcPidFile: /run/slapd/slapd.pid
|
||||||
|
|
||||||
|
dn: cn=schema,cn=config
|
||||||
|
cn: schema
|
||||||
|
objectClass: olcSchemaConfig
|
||||||
|
|
||||||
|
include: file://${pkgs.openldap}/etc/schema/core.ldif
|
||||||
|
include: file://${pkgs.openldap}/etc/schema/cosine.ldif
|
||||||
|
include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif
|
||||||
|
|
||||||
|
dn: olcDatabase={1}mdb,cn=config
|
||||||
|
objectClass: olcDatabaseConfig
|
||||||
|
objectClass: olcMdbConfig
|
||||||
|
olcDatabase: {1}mdb
|
||||||
|
olcDbDirectory: /var/db/openldap
|
||||||
|
olcDbIndex: objectClass eq
|
||||||
|
olcSuffix: dc=example
|
||||||
|
olcRootDN: cn=root,dc=example
|
||||||
|
olcRootPW: notapassword
|
||||||
|
'';
|
||||||
|
in ''
|
||||||
|
machine.succeed(
|
||||||
|
"mkdir -p /var/db/slapd.d /var/db/openldap",
|
||||||
|
"slapadd -F /var/db/slapd.d -n0 -l ${config}",
|
||||||
|
"slapadd -F /var/db/slapd.d -n1 -l ${contents}",
|
||||||
|
"chown -R openldap:openldap /var/db/slapd.d /var/db/openldap",
|
||||||
|
"systemctl restart openldap",
|
||||||
|
)
|
||||||
|
'' + testScript;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ let
|
||||||
${parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
|
${parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
|
||||||
mkdir /mnt
|
mkdir /mnt
|
||||||
${e2fsprogs}/bin/mkfs.ext4 /dev/vda1
|
${e2fsprogs}/bin/mkfs.ext4 /dev/vda1
|
||||||
${utillinux}/bin/mount -t ext4 /dev/vda1 /mnt
|
${util-linux}/bin/mount -t ext4 /dev/vda1 /mnt
|
||||||
|
|
||||||
if test -e /mnt/.debug; then
|
if test -e /mnt/.debug; then
|
||||||
exec ${bash}/bin/sh
|
exec ${bash}/bin/sh
|
||||||
|
|
2
third_party/nixpkgs/nixos/tests/quorum.nix
vendored
2
third_party/nixpkgs/nixos/tests/quorum.nix
vendored
|
@ -55,7 +55,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
||||||
parentHash =
|
parentHash =
|
||||||
"0x0000000000000000000000000000000000000000000000000000000000000000";
|
"0x0000000000000000000000000000000000000000000000000000000000000000";
|
||||||
timestamp = "0x5cffc201";
|
timestamp = "0x5cffc201";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
2
third_party/nixpkgs/nixos/tests/rspamd.nix
vendored
2
third_party/nixpkgs/nixos/tests/rspamd.nix
vendored
|
@ -209,7 +209,7 @@ in
|
||||||
return false
|
return false
|
||||||
end,
|
end,
|
||||||
score = 5.0,
|
score = 5.0,
|
||||||
description = 'Allow no cows',
|
description = 'Allow no cows',
|
||||||
group = "cows",
|
group = "cows",
|
||||||
}
|
}
|
||||||
rspamd_logger.infox(rspamd_config, 'Work dammit!!!')
|
rspamd_logger.infox(rspamd_config, 'Work dammit!!!')
|
||||||
|
|
44
third_party/nixpkgs/nixos/tests/samba-wsdd.nix
vendored
Normal file
44
third_party/nixpkgs/nixos/tests/samba-wsdd.nix
vendored
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
name = "samba-wsdd";
|
||||||
|
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ izorkin ];
|
||||||
|
|
||||||
|
nodes = {
|
||||||
|
client_wsdd = { pkgs, ... }: {
|
||||||
|
services.samba-wsdd = {
|
||||||
|
enable = true;
|
||||||
|
interface = "eth1";
|
||||||
|
workgroup = "WORKGROUP";
|
||||||
|
hostname = "CLIENT-WSDD";
|
||||||
|
discovery = true;
|
||||||
|
extraOptions = [ "--no-host" ];
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 5357 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 3702 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
server_wsdd = { ... }: {
|
||||||
|
services.samba-wsdd = {
|
||||||
|
enable = true;
|
||||||
|
interface = "eth1";
|
||||||
|
workgroup = "WORKGROUP";
|
||||||
|
hostname = "SERVER-WSDD";
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 5357 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 3702 ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
client_wsdd.start()
|
||||||
|
client_wsdd.wait_for_unit("samba-wsdd")
|
||||||
|
|
||||||
|
server_wsdd.start()
|
||||||
|
server_wsdd.wait_for_unit("samba-wsdd")
|
||||||
|
|
||||||
|
client_wsdd.wait_until_succeeds(
|
||||||
|
"echo list | ${pkgs.libressl.nc}/bin/nc -U /run/wsdd/wsdd.sock | grep -i SERVER-WSDD"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
})
|
74
third_party/nixpkgs/nixos/tests/sssd-ldap.nix
vendored
74
third_party/nixpkgs/nixos/tests/sssd-ldap.nix
vendored
|
@ -1,4 +1,4 @@
|
||||||
import ./make-test-python.nix ({ pkgs, ... }:
|
({ pkgs, ... }:
|
||||||
let
|
let
|
||||||
dbDomain = "example.org";
|
dbDomain = "example.org";
|
||||||
dbSuffix = "dc=example,dc=org";
|
dbSuffix = "dc=example,dc=org";
|
||||||
|
@ -7,8 +7,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
ldapRootPassword = "foobar";
|
ldapRootPassword = "foobar";
|
||||||
|
|
||||||
testUser = "alice";
|
testUser = "alice";
|
||||||
in
|
in import ./make-test-python.nix {
|
||||||
{
|
|
||||||
name = "sssd-ldap";
|
name = "sssd-ldap";
|
||||||
|
|
||||||
meta = with pkgs.stdenv.lib.maintainers; {
|
meta = with pkgs.stdenv.lib.maintainers; {
|
||||||
|
@ -18,34 +17,53 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
machine = { pkgs, ... }: {
|
machine = { pkgs, ... }: {
|
||||||
services.openldap = {
|
services.openldap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
rootdn = "cn=${ldapRootUser},${dbSuffix}";
|
settings = {
|
||||||
rootpw = ldapRootPassword;
|
children = {
|
||||||
suffix = dbSuffix;
|
"cn=schema".includes = [
|
||||||
declarativeContents = ''
|
"${pkgs.openldap}/etc/schema/core.ldif"
|
||||||
dn: ${dbSuffix}
|
"${pkgs.openldap}/etc/schema/cosine.ldif"
|
||||||
objectClass: top
|
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
||||||
objectClass: dcObject
|
"${pkgs.openldap}/etc/schema/nis.ldif"
|
||||||
objectClass: organization
|
];
|
||||||
o: ${dbDomain}
|
"olcDatabase={1}mdb" = {
|
||||||
|
attrs = {
|
||||||
|
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||||
|
olcDatabase = "{1}mdb";
|
||||||
|
olcDbDirectory = "/var/db/openldap";
|
||||||
|
olcSuffix = dbSuffix;
|
||||||
|
olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
|
||||||
|
olcRootPW = ldapRootPassword;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
declarativeContents = {
|
||||||
|
${dbSuffix} = ''
|
||||||
|
dn: ${dbSuffix}
|
||||||
|
objectClass: top
|
||||||
|
objectClass: dcObject
|
||||||
|
objectClass: organization
|
||||||
|
o: ${dbDomain}
|
||||||
|
|
||||||
dn: ou=posix,${dbSuffix}
|
dn: ou=posix,${dbSuffix}
|
||||||
objectClass: top
|
objectClass: top
|
||||||
objectClass: organizationalUnit
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
dn: ou=accounts,ou=posix,${dbSuffix}
|
dn: ou=accounts,ou=posix,${dbSuffix}
|
||||||
objectClass: top
|
objectClass: top
|
||||||
objectClass: organizationalUnit
|
objectClass: organizationalUnit
|
||||||
|
|
||||||
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
|
dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
|
||||||
objectClass: person
|
objectClass: person
|
||||||
objectClass: posixAccount
|
objectClass: posixAccount
|
||||||
# userPassword: somePasswordHash
|
# userPassword: somePasswordHash
|
||||||
homeDirectory: /home/${testUser}
|
homeDirectory: /home/${testUser}
|
||||||
uidNumber: 1234
|
uidNumber: 1234
|
||||||
gidNumber: 1234
|
gidNumber: 1234
|
||||||
cn: ""
|
cn: ""
|
||||||
sn: ""
|
sn: ""
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.sssd = {
|
services.sssd = {
|
||||||
|
|
2
third_party/nixpkgs/nixos/tests/systemd.nix
vendored
2
third_party/nixpkgs/nixos/tests/systemd.nix
vendored
|
@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
||||||
|
|
||||||
systemd.shutdown.test = pkgs.writeScript "test.shutdown" ''
|
systemd.shutdown.test = pkgs.writeScript "test.shutdown" ''
|
||||||
#!${pkgs.runtimeShell}
|
#!${pkgs.runtimeShell}
|
||||||
PATH=${lib.makeBinPath (with pkgs; [ utillinux coreutils ])}
|
PATH=${lib.makeBinPath (with pkgs; [ util-linux coreutils ])}
|
||||||
mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared
|
mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared
|
||||||
touch /tmp/shared/shutdown-test
|
touch /tmp/shared/shutdown-test
|
||||||
umount /tmp/shared
|
umount /tmp/shared
|
||||||
|
|
|
@ -24,7 +24,7 @@ let
|
||||||
|
|
||||||
miniInit = ''
|
miniInit = ''
|
||||||
#!${pkgs.runtimeShell} -xe
|
#!${pkgs.runtimeShell} -xe
|
||||||
export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.utillinux ]}"
|
export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.util-linux ]}"
|
||||||
|
|
||||||
mkdir -p /run/dbus
|
mkdir -p /run/dbus
|
||||||
cat > /etc/passwd <<EOF
|
cat > /etc/passwd <<EOF
|
||||||
|
@ -72,7 +72,7 @@ let
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands = ''
|
boot.initrd.extraUtilsCommands = ''
|
||||||
copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf"
|
copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf"
|
||||||
copy_bin_and_libs "${pkgs.utillinux}/bin/unshare"
|
copy_bin_and_libs "${pkgs.util-linux}/bin/unshare"
|
||||||
${(attrs.extraUtilsCommands or (const "")) pkgs}
|
${(attrs.extraUtilsCommands or (const "")) pkgs}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -122,7 +122,7 @@ let
|
||||||
"$diskImage" "$out/disk.vdi"
|
"$diskImage" "$out/disk.vdi"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
buildInputs = [ pkgs.utillinux pkgs.perl ];
|
buildInputs = [ pkgs.util-linux pkgs.perl ];
|
||||||
} ''
|
} ''
|
||||||
${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos
|
${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos
|
||||||
${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
|
${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ fetchurl, bitwig-studio1, pulseaudio, xorg }:
|
{ fetchurl, bitwig-studio1, pulseaudio, libjack2, xorg }:
|
||||||
|
|
||||||
bitwig-studio1.overrideAttrs (oldAttrs: rec {
|
bitwig-studio1.overrideAttrs (oldAttrs: rec {
|
||||||
name = "bitwig-studio-${version}";
|
name = "bitwig-studio-${version}";
|
||||||
|
@ -11,7 +11,7 @@ bitwig-studio1.overrideAttrs (oldAttrs: rec {
|
||||||
|
|
||||||
buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ];
|
buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ];
|
||||||
|
|
||||||
runtimeDependencies = [ pulseaudio ];
|
runtimeDependencies = [ pulseaudio libjack2 ];
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
${oldAttrs.installPhase}
|
${oldAttrs.installPhase}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ stdenv, fetchFromGitHub, makeWrapper, rofi, mpc_cli, perl,
|
{ stdenv, fetchFromGitHub, makeWrapper, rofi, mpc_cli, perl,
|
||||||
utillinux, pythonPackages, libnotify }:
|
util-linux, pythonPackages, libnotify }:
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "clerk-2016-10-14";
|
name = "clerk-2016-10-14";
|
||||||
|
@ -18,7 +18,7 @@ stdenv.mkDerivation {
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
DESTDIR=$out PREFIX=/ make install
|
DESTDIR=$out PREFIX=/ make install
|
||||||
wrapProgram $out/bin/clerk \
|
wrapProgram $out/bin/clerk \
|
||||||
--prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl utillinux libnotify ]}"
|
--prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl util-linux libnotify ]}"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
||||||
|
|
|
@ -9,13 +9,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "ft2-clone";
|
pname = "ft2-clone";
|
||||||
version = "1.40";
|
version = "1.41_fix";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "8bitbubsy";
|
owner = "8bitbubsy";
|
||||||
repo = "ft2-clone";
|
repo = "ft2-clone";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "0qc3hai6fhn4amk5ixmxx3yswsi25qpax0r9nvvnyhbcb6crqcs1";
|
sha256 = "0c7jli79ckachl5n2rbhc4yzml8nc36pl9yzxcwgaz544q8pzmaa";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake ];
|
nativeBuildInputs = [ cmake ];
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
pname = "HybridReverb2";
|
pname = "HybridReverb2";
|
||||||
version = "2.1.1";
|
version = "2.1.2";
|
||||||
owner = "jpcima";
|
owner = "jpcima";
|
||||||
DBversion = "1.0.0";
|
DBversion = "1.0.0";
|
||||||
in
|
in
|
||||||
|
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
|
||||||
inherit owner;
|
inherit owner;
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "15mba9qvlis0qrklr50wp3jdysvmk33m7pvclp0k1is9pirj97cb";
|
sha256 = "16r20plz1w068bgbkrydv01a991ygjybdya3ah7bhp3m5xafjwqb";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
commit 4ec09e6f6e00e40622a5207ed24dc657da9a9090
|
|
||||||
Author: Pavol Rusnak <stick@gk2.sk>
|
|
||||||
Date: Tue Dec 4 12:06:22 2018 +0100
|
|
||||||
|
|
||||||
build: add install: true to executable in meson.build
|
|
||||||
|
|
||||||
diff --git a/meson.build b/meson.build
|
|
||||||
index 050e1b1..9224ed5 100644
|
|
||||||
--- a/meson.build
|
|
||||||
+++ b/meson.build
|
|
||||||
@@ -39,4 +39,5 @@ endforeach
|
|
||||||
|
|
||||||
# compile the main project
|
|
||||||
executable('luppp', luppp_src + [version_hxx],
|
|
||||||
+ install: true,
|
|
||||||
dependencies: deps)
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ stdenv, fetchFromGitHub
|
{ stdenv
|
||||||
|
, fetchFromGitHub
|
||||||
, meson
|
, meson
|
||||||
, ninja
|
, ninja
|
||||||
, pkgconfig
|
, pkgconfig
|
||||||
|
@ -12,26 +13,32 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "luppp";
|
pname = "luppp";
|
||||||
version = "1.2.0";
|
version = "1.2.1";
|
||||||
patches = [ ./build-install.patch ];
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "openAVproductions";
|
owner = "openAVproductions";
|
||||||
repo = "openAV-Luppp";
|
repo = "openAV-Luppp";
|
||||||
rev = "release-${version}";
|
rev = "release-${version}";
|
||||||
sha256 = "194yq0lqc2psq9vyxmzif40ccawcvd9jndcn18mkz4f8h5w5rc1a";
|
sha256 = "1ncbn099fyfnr7jw2bp3wf2g9k738lw53m6ssw6wji2wxwmghv78";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
meson ninja pkgconfig
|
meson
|
||||||
|
ninja
|
||||||
|
pkgconfig
|
||||||
];
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
jack2 cairo liblo libsndfile libsamplerate ntk
|
jack2
|
||||||
|
cairo
|
||||||
|
liblo
|
||||||
|
libsndfile
|
||||||
|
libsamplerate
|
||||||
|
ntk
|
||||||
];
|
];
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
||||||
homepage = "http://openavproductions.com/luppp/";
|
homepage = "http://openavproductions.com/luppp/"; # https does not work
|
||||||
description = "A music creation tool, intended for live use";
|
description = "A music creation tool, intended for live use";
|
||||||
license = licenses.gpl3Plus;
|
license = licenses.gpl3Plus;
|
||||||
maintainers = with maintainers; [ prusnak ];
|
maintainers = with maintainers; [ prusnak ];
|
||||||
|
|
|
@ -13,13 +13,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "mamba";
|
pname = "mamba";
|
||||||
version = "1.7";
|
version = "1.8";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "brummer10";
|
owner = "brummer10";
|
||||||
repo = "Mamba";
|
repo = "Mamba";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1i78snpyxap2r4899967nyfr8hg20k45nsbshs9h6hdxbfwhikbc";
|
sha256 = "049gvdvvv3hkh1b47h0bia02g1p71agwh6g7q0n4yxz4d81b8kha";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue