summaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/default.nix2
-rw-r--r--nixos/modules/boot.nix19
-rw-r--r--nixos/modules/openrc.nix59
-rw-r--r--nixos/modules/services.nix93
-rw-r--r--nixos/modules/systemd-compat.nix489
5 files changed, 662 insertions, 0 deletions
diff --git a/nixos/default.nix b/nixos/default.nix
index 2c63c08..572ebb3 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,2 +1,4 @@
{
+ openrc = import ./modules/openrc.nix;
+ services = import ./modules/services.nix;
}
diff --git a/nixos/modules/boot.nix b/nixos/modules/boot.nix
new file mode 100644
index 0000000..344293f
--- /dev/null
+++ b/nixos/modules/boot.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ options = {
+
+ };
+
+
+ config = {
+ rc.service.aggety = {
+ description = "start agetty on a terminal line";
+ };
+
+ };
+
+}
diff --git a/nixos/modules/openrc.nix b/nixos/modules/openrc.nix
new file mode 100644
index 0000000..7b68efc
--- /dev/null
+++ b/nixos/modules/openrc.nix
@@ -0,0 +1,59 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ options = {
+
+ rc = {
+ conf = {
+ parallel = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If you want the rc system to try and start services in parallel for
+ a slight speed improvement. When running in parallel we prefix the
+ service output with its name as the output will get jumbled up.
+ '';
+ };
+ interactive = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Set to true and you'll be able to press the I key during boot so you
+ can choose to start specific services. Set to false to disable this
+ feature. This feature is automatically disabled if rc_parallel is
+ set to false.
+ '';
+ };
+ logger = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Logger launches a logging daemon to log the entire rc process to
+ /var/log/rc.log
+ NOTE: Linux systems require the devfs service to be started before
+ logging can take place and as such cannot log the sysinit runlevel.
+ '';
+ };
+ };
+ };
+
+ };
+
+
+ config = let
+
+ rc_bool = enabled: if enabled then "YES" else "NO";
+
+ in {
+ environment.etc."rc.conf".text = ''
+ # Global OpenRC configuration settings
+ rc_parallel="${rc_bool config.rc.conf.parallel}"
+ rc_interactive="${rc_bool config.rc.conf.interactive}"
+ rc_logger="${rc_bool config.rc.conf.logger}"
+ '';
+ };
+
+}
diff --git a/nixos/modules/services.nix b/nixos/modules/services.nix
new file mode 100644
index 0000000..3fa6835
--- /dev/null
+++ b/nixos/modules/services.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ upstreamServices = [
+ "aggety"
+ "binfmt"
+ "bootmisc"
+ "cgroups"
+ "consolefont"
+ "devfs"
+ "dmesg"
+ "fsck"
+ "hostname"
+ "hwclock"
+ "keymaps"
+ "killprocs"
+ "local"
+ "localmount"
+ "loopback"
+ "modules"
+ "mount-ro"
+ "mtab"
+ "netmount"
+ "net-online"
+ "network"
+ "numlock"
+ "osclock"
+ "procfs"
+ "root"
+ "runsvdir"
+ "s6-svscan"
+ "savecache"
+ "save-keymaps"
+ "save-termencoding"
+ "staticroute"
+ "swap"
+ "swclock"
+ "sysctl"
+ "sysfs"
+ "termencoding"
+ "urandom"
+ ];
+
+in {
+
+ options = {
+
+ rc = {
+ services = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule {
+ enable = {
+ type = types.bool;
+ default = false;
+ description = "Enable service spawning.";
+ };
+ runlevel = {
+ type = types.enum [ "boot" "default" "nonetwork" "shutdown" "sysinit" ];
+ default = "default";
+ description = "Select runlevel the services should be activated in.";
+ };
+ description = {
+ type = types.str;
+ description = "Service description.";
+ };
+ command = {
+ type = types.package;
+ description = "Command to be started.";
+ };
+ });
+ description = "Definition of system service.";
+ };
+ };
+
+ };
+
+
+ config = let
+
+ rc_bool = enabled: if enabled then "YES" else "NO";
+
+ in {
+
+ environment.etc."init.d".source = pkgs.runCommand "rc-init.d" {
+ } ''
+ mkdir -p "$out"
+ '';
+ };
+
+}
diff --git a/nixos/modules/systemd-compat.nix b/nixos/modules/systemd-compat.nix
new file mode 100644
index 0000000..5172b78
--- /dev/null
+++ b/nixos/modules/systemd-compat.nix
@@ -0,0 +1,489 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+ options = {
+
+ systemd.package = mkOption {
+ default = pkgs.systemd;
+ defaultText = literalExpression "pkgs.systemd";
+ type = types.package;
+ description = "The systemd package.";
+ };
+
+ systemd.units = mkOption {
+ description = "Definition of systemd units.";
+ default = {};
+ type = with types; attrsOf (submodule (
+ { name, config, ... }:
+ { options = concreteUnitOptions;
+ config = {
+ unit = mkDefault (makeUnit name config);
+ };
+ }));
+ };
+
+ systemd.packages = mkOption {
+ default = [];
+ type = types.listOf types.package;
+ example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]";
+ description = "Packages providing systemd units and hooks.";
+ };
+
+ systemd.targets = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = targetOptions; } unitConfig] );
+ description = "Definition of systemd target units.";
+ };
+
+ systemd.services = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = serviceOptions; } unitConfig serviceConfig ]);
+ description = "Definition of systemd service units.";
+ };
+
+ systemd.sockets = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = socketOptions; } unitConfig ]);
+ description = "Definition of systemd socket units.";
+ };
+
+ systemd.timers = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = timerOptions; } unitConfig ]);
+ description = "Definition of systemd timer units.";
+ };
+
+ systemd.paths = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = pathOptions; } unitConfig ]);
+ description = "Definition of systemd path units.";
+ };
+
+ systemd.mounts = mkOption {
+ default = [];
+ type = with types; listOf (submodule [ { options = mountOptions; } unitConfig mountConfig ]);
+ description = ''
+ Definition of systemd mount units.
+ This is a list instead of an attrSet, because systemd mandates the names to be derived from
+ the 'where' attribute.
+ '';
+ };
+
+ systemd.automounts = mkOption {
+ default = [];
+ type = with types; listOf (submodule [ { options = automountOptions; } unitConfig automountConfig ]);
+ description = ''
+ Definition of systemd automount units.
+ This is a list instead of an attrSet, because systemd mandates the names to be derived from
+ the 'where' attribute.
+ '';
+ };
+
+ systemd.slices = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = sliceOptions; } unitConfig] );
+ description = "Definition of slice configurations.";
+ };
+
+ systemd.generators = mkOption {
+ type = types.attrsOf types.path;
+ default = {};
+ example = { systemd-gpt-auto-generator = "/dev/null"; };
+ description = ''
+ Definition of systemd generators.
+ For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from
+ <literal>/etc/systemd/system-generators/NAME</literal> to <literal>VALUE</literal>.
+ '';
+ };
+
+ systemd.shutdown = mkOption {
+ type = types.attrsOf types.path;
+ default = {};
+ description = ''
+ Definition of systemd shutdown executables.
+ For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from
+ <literal>/etc/systemd/system-shutdown/NAME</literal> to <literal>VALUE</literal>.
+ '';
+ };
+
+ systemd.defaultUnit = mkOption {
+ default = "multi-user.target";
+ type = types.str;
+ description = "Default unit started when the system boots.";
+ };
+
+ systemd.ctrlAltDelUnit = mkOption {
+ default = "reboot.target";
+ type = types.str;
+ example = "poweroff.target";
+ description = ''
+ Target that should be started when Ctrl-Alt-Delete is pressed.
+ '';
+ };
+
+ systemd.globalEnvironment = mkOption {
+ type = with types; attrsOf (nullOr (oneOf [ str path package ]));
+ default = {};
+ example = { TZ = "CET"; };
+ description = ''
+ Environment variables passed to <emphasis>all</emphasis> systemd units.
+ '';
+ };
+
+ systemd.enableCgroupAccounting = mkOption {
+ default = true;
+ type = types.bool;
+ description = ''
+ Whether to enable cgroup accounting.
+ '';
+ };
+
+ systemd.enableUnifiedCgroupHierarchy = mkOption {
+ default = true;
+ type = types.bool;
+ description = ''
+ Whether to enable the unified cgroup hierarchy (cgroupsv2).
+ '';
+ };
+
+ systemd.coredump.enable = mkOption {
+ default = true;
+ type = types.bool;
+ description = ''
+ Whether core dumps should be processed by
+ <command>systemd-coredump</command>. If disabled, core dumps
+ appear in the current directory of the crashing process.
+ '';
+ };
+
+ systemd.coredump.extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = "Storage=journal";
+ description = ''
+ Extra config options for systemd-coredump. See coredump.conf(5) man page
+ for available options.
+ '';
+ };
+
+ systemd.extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = "DefaultLimitCORE=infinity";
+ description = ''
+ Extra config options for systemd. See man systemd-system.conf for
+ available options.
+ '';
+ };
+
+ services.journald.console = mkOption {
+ default = "";
+ type = types.str;
+ description = "If non-empty, write log messages to the specified TTY device.";
+ };
+
+ services.journald.rateLimitInterval = mkOption {
+ default = "30s";
+ type = types.str;
+ description = ''
+ Configures the rate limiting interval that is applied to all
+ messages generated on the system. This rate limiting is applied
+ per-service, so that two services which log do not interfere with
+ each other's limit. The value may be specified in the following
+ units: s, min, h, ms, us. To turn off any kind of rate limiting,
+ set either value to 0.
+
+ See <option>services.journald.rateLimitBurst</option> for important
+ considerations when setting this value.
+ '';
+ };
+
+ services.journald.rateLimitBurst = mkOption {
+ default = 10000;
+ type = types.int;
+ description = ''
+ Configures the rate limiting burst limit (number of messages per
+ interval) that is applied to all messages generated on the system.
+ This rate limiting is applied per-service, so that two services
+ which log do not interfere with each other's limit.
+
+ Note that the effective rate limit is multiplied by a factor derived
+ from the available free disk space for the journal as described on
+ <link xlink:href="https://www.freedesktop.org/software/systemd/man/journald.conf.html">
+ journald.conf(5)</link>.
+
+ Note that the total amount of logs stored is limited by journald settings
+ such as <literal>SystemMaxUse</literal>, which defaults to a 4 GB cap.
+
+ It is thus recommended to compute what period of time that you will be
+ able to store logs for when an application logs at full burst rate.
+ With default settings for log lines that are 100 Bytes long, this can
+ amount to just a few hours.
+ '';
+ };
+
+ services.journald.extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = "Storage=volatile";
+ description = ''
+ Extra config options for systemd-journald. See man journald.conf
+ for available options.
+ '';
+ };
+
+ services.journald.enableHttpGateway = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ Whether to enable the HTTP gateway to the journal.
+ '';
+ };
+
+ services.journald.forwardToSyslog = mkOption {
+ default = config.services.rsyslogd.enable || config.services.syslog-ng.enable;
+ defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable";
+ type = types.bool;
+ description = ''
+ Whether to forward log messages to syslog.
+ '';
+ };
+
+ services.logind.extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = "IdleAction=lock";
+ description = ''
+ Extra config options for systemd-logind. See
+ <link xlink:href="https://www.freedesktop.org/software/systemd/man/logind.conf.html">
+ logind.conf(5)</link> for available options.
+ '';
+ };
+
+ services.logind.killUserProcesses = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ Specifies whether the processes of a user should be killed
+ when the user logs out. If true, the scope unit corresponding
+ to the session and all processes inside that scope will be
+ terminated. If false, the scope is "abandoned" (see
+ <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.scope.html#">
+ systemd.scope(5)</link>), and processes are not killed.
+ </para>
+
+ <para>
+ See <link xlink:href="https://www.freedesktop.org/software/systemd/man/logind.conf.html#KillUserProcesses=">logind.conf(5)</link>
+ for more details.
+ '';
+ };
+
+ services.logind.lidSwitch = mkOption {
+ default = "suspend";
+ example = "ignore";
+ type = logindHandlerType;
+
+ description = ''
+ Specifies what to be done when the laptop lid is closed.
+ '';
+ };
+
+ services.logind.lidSwitchDocked = mkOption {
+ default = "ignore";
+ example = "suspend";
+ type = logindHandlerType;
+
+ description = ''
+ Specifies what to be done when the laptop lid is closed
+ and another screen is added.
+ '';
+ };
+
+ services.logind.lidSwitchExternalPower = mkOption {
+ default = config.services.logind.lidSwitch;
+ defaultText = literalExpression "services.logind.lidSwitch";
+ example = "ignore";
+ type = logindHandlerType;
+
+ description = ''
+ Specifies what to do when the laptop lid is closed and the system is
+ on external power. By default use the same action as specified in
+ services.logind.lidSwitch.
+ '';
+ };
+
+ systemd.sleep.extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = "HibernateDelaySec=1h";
+ description = ''
+ Extra config options for systemd sleep state logic.
+ See sleep.conf.d(5) man page for available options.
+ '';
+ };
+
+ systemd.user.extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = "DefaultCPUAccounting=yes";
+ description = ''
+ Extra config options for systemd user instances. See man systemd-user.conf for
+ available options.
+ '';
+ };
+
+ systemd.tmpfiles.rules = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ example = [ "d /tmp 1777 root root 10d" ];
+ description = ''
+ Rules for creation, deletion and cleaning of volatile and temporary files
+ automatically. See
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for the exact format.
+ '';
+ };
+
+ systemd.tmpfiles.packages = mkOption {
+ type = types.listOf types.package;
+ default = [];
+ example = literalExpression "[ pkgs.lvm2 ]";
+ apply = map getLib;
+ description = ''
+ List of packages containing <command>systemd-tmpfiles</command> rules.
+
+ All files ending in .conf found in
+ <filename><replaceable>pkg</replaceable>/lib/tmpfiles.d</filename>
+ will be included.
+ If this folder does not exist or does not contain any files an error will be returned instead.
+
+ If a <filename>lib</filename> output is available, rules are searched there and only there.
+ If there is no <filename>lib</filename> output it will fall back to <filename>out</filename>
+ and if that does not exist either, the default output will be used.
+ '';
+ };
+
+ systemd.user.units = mkOption {
+ description = "Definition of systemd per-user units.";
+ default = {};
+ type = with types; attrsOf (submodule (
+ { name, config, ... }:
+ { options = concreteUnitOptions;
+ config = {
+ unit = mkDefault (makeUnit name config);
+ };
+ }));
+ };
+
+ systemd.user.paths = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = pathOptions; } unitConfig ]);
+ description = "Definition of systemd per-user path units.";
+ };
+
+ systemd.user.services = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = serviceOptions; } unitConfig serviceConfig ] );
+ description = "Definition of systemd per-user service units.";
+ };
+
+ systemd.user.slices = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = sliceOptions; } unitConfig ] );
+ description = "Definition of systemd per-user slice units.";
+ };
+
+ systemd.user.sockets = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = socketOptions; } unitConfig ] );
+ description = "Definition of systemd per-user socket units.";
+ };
+
+ systemd.user.targets = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = targetOptions; } unitConfig] );
+ description = "Definition of systemd per-user target units.";
+ };
+
+ systemd.user.timers = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule [ { options = timerOptions; } unitConfig ] );
+ description = "Definition of systemd per-user timer units.";
+ };
+
+ systemd.additionalUpstreamSystemUnits = mkOption {
+ default = [ ];
+ type = types.listOf types.str;
+ example = [ "debug-shell.service" "systemd-quotacheck.service" ];
+ description = ''
+ Additional units shipped with systemd that shall be enabled.
+ '';
+ };
+
+ systemd.suppressedSystemUnits = mkOption {
+ default = [ ];
+ type = types.listOf types.str;
+ example = [ "systemd-backlight@.service" ];
+ description = ''
+ A list of units to suppress when generating system systemd configuration directory. This has
+ priority over upstream units, <option>systemd.units</option>, and
+ <option>systemd.additionalUpstreamSystemUnits</option>. The main purpose of this is to
+ suppress a upstream systemd unit with any modifications made to it by other NixOS modules.
+ '';
+ };
+
+ systemd.watchdog.device = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ example = "/dev/watchdog";
+ description = ''
+ The path to a hardware watchdog device which will be managed by systemd.
+ If not specified, systemd will default to /dev/watchdog.
+ '';
+ };
+
+ systemd.watchdog.runtimeTime = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ example = "30s";
+ description = ''
+ The amount of time which can elapse before a watchdog hardware device
+ will automatically reboot the system. Valid time units include "ms",
+ "s", "min", "h", "d", and "w".
+ '';
+ };
+
+ systemd.watchdog.rebootTime = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ example = "10m";
+ description = ''
+ The amount of time which can elapse after a reboot has been triggered
+ before a watchdog hardware device will automatically reboot the system.
+ Valid time units include "ms", "s", "min", "h", "d", and "w".
+ '';
+ };
+
+ systemd.watchdog.kexecTime = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ example = "10m";
+ description = ''
+ The amount of time which can elapse when kexec is being executed before
+ a watchdog hardware device will automatically reboot the system. This
+ option should only be enabled if reloadTime is also enabled. Valid
+ time units include "ms", "s", "min", "h", "d", and "w".
+ '';
+ };
+
+ };
+
+
+ config = {
+
+ };
+
+}