diff options
| author | Robin Gloster <mail@glob.in> | 2016-01-06 06:50:18 +0000 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2016-01-07 06:39:06 +0000 |
| commit | 88292fdf09960e9cb8e3c063a6b95ac4284222ec (patch) | |
| tree | 34ff267ed7bacf9fd906b1736476b431e9afe909 /nixos/modules/services/networking | |
| parent | af50b03f50d88954e98018c7c18c0581928b7165 (diff) | |
jobs -> systemd.services
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/amuled.nix | 31 | ||||
| -rw-r--r-- | nixos/modules/services/networking/bind.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/services/networking/ejabberd.nix | 134 | ||||
| -rw-r--r-- | nixos/modules/services/networking/git-daemon.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/services/networking/gvpe.nix | 32 | ||||
| -rw-r--r-- | nixos/modules/services/networking/ifplugd.nix | 26 | ||||
| -rw-r--r-- | nixos/modules/services/networking/ircd-hybrid/default.nix | 18 | ||||
| -rw-r--r-- | nixos/modules/services/networking/oidentd.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/services/networking/openfire.nix | 48 | ||||
| -rw-r--r-- | nixos/modules/services/networking/prayer.nix | 25 | ||||
| -rw-r--r-- | nixos/modules/services/networking/radicale.nix | 12 | ||||
| -rw-r--r-- | nixos/modules/services/networking/softether.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/networking/ssh/lshd.nix | 106 | ||||
| -rw-r--r-- | nixos/modules/services/networking/tcpcrypt.nix | 8 | ||||
| -rw-r--r-- | nixos/modules/services/networking/wicd.nix | 14 | ||||
| -rw-r--r-- | nixos/modules/services/networking/xinetd.nix | 22 |
16 files changed, 226 insertions, 305 deletions
diff --git a/nixos/modules/services/networking/amuled.nix b/nixos/modules/services/networking/amuled.nix index 516238fdddf6..bc488d0e9100 100644 --- a/nixos/modules/services/networking/amuled.nix +++ b/nixos/modules/services/networking/amuled.nix @@ -57,22 +57,19 @@ in gid = config.ids.gids.amule; } ]; - jobs.amuled = - { description = "AMule daemon"; - - startOn = "ip-up"; - - preStart = '' - mkdir -p ${cfg.dataDir} - chown ${user} ${cfg.dataDir} - ''; - - exec = '' - ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \ - -c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled' - ''; - }; - + systemd.services.amuled = { + description = "AMule daemon"; + wantedBy = [ "ip-up.target" ]; + + preStart = '' + mkdir -p ${cfg.dataDir} + chown ${user} ${cfg.dataDir} + ''; + + script = '' + ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \ + -c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled' + ''; + }; }; - } diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 34e7470dfc6f..dc11524ffeb8 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -142,20 +142,17 @@ in description = "BIND daemon user"; }; - jobs.bind = - { description = "BIND name server job"; + systemd.services.bind = { + description = "BIND name server job"; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; - startOn = "started network-interfaces"; - - preStart = - '' - ${pkgs.coreutils}/bin/mkdir -p /var/run/named - chown ${bindUser} /var/run/named - ''; - - exec = "${pkgs.bind}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; - }; + preStart = '' + ${pkgs.coreutils}/bin/mkdir -p /var/run/named + chown ${bindUser} /var/run/named + ''; + script = "${pkgs.bind}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f"; + }; }; - } diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix index 28b8e234a5cf..97360396c79e 100644 --- a/nixos/modules/services/networking/ejabberd.nix +++ b/nixos/modules/services/networking/ejabberd.nix @@ -56,81 +56,73 @@ in config = mkIf cfg.enable { environment.systemPackages = [ pkgs.ejabberd ]; - jobs.ejabberd = - { description = "EJabberd server"; - - startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; - - environment = { - PATH = "$PATH:${pkgs.ejabberd}/sbin:${pkgs.ejabberd}/bin:${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.gnused}/bin"; - }; - - preStart = + systemd.services.ejabberd = { + description = "EJabberd server"; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ ejabberd coreutils bash gnused ]; + + preStart = '' + # Initialise state data + mkdir -p ${cfg.logsDir} + + if ! test -d ${cfg.spoolDir} + then + initialize=1 + cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib + fi + + if ! test -d ${cfg.confDir} + then + mkdir -p ${cfg.confDir} + cp ${pkgs.ejabberd}/etc/ejabberd/* ${cfg.confDir} + sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg + fi + + ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} start + + ${if cfg.loadDumps == [] then "" else '' - PATH="$PATH:${pkgs.ejabberd}/sbin:${pkgs.ejabberd}/bin:${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.gnused}/bin"; - - # Initialise state data - mkdir -p ${cfg.logsDir} - - if ! test -d ${cfg.spoolDir} - then - initialize=1 - cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib - fi - - if ! test -d ${cfg.confDir} + if [ "$initialize" = "1" ] then - mkdir -p ${cfg.confDir} - cp ${pkgs.ejabberd}/etc/ejabberd/* ${cfg.confDir} - sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg + # Wait until the ejabberd server is available for use + count=0 + while ! ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} status + do + if [ $count -eq 30 ] + then + echo "Tried 30 times, giving up..." + exit 1 + fi + + echo "Ejabberd daemon not yet started. Waiting for 1 second..." + count=$((count++)) + sleep 1 + done + + ${concatMapStrings (dump: + '' + echo "Importing dump: ${dump}" + + if [ -f ${dump} ] + then + ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load ${dump} + elif [ -d ${dump} ] + then + for i in ${dump}/ejabberd-dump/* + do + ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load $i + done + fi + '') cfg.loadDumps} fi + ''} + ''; - ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} start - - ${if cfg.loadDumps == [] then "" else - '' - if [ "$initialize" = "1" ] - then - # Wait until the ejabberd server is available for use - count=0 - while ! ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} status - do - if [ $count -eq 30 ] - then - echo "Tried 30 times, giving up..." - exit 1 - fi - - echo "Ejabberd daemon not yet started. Waiting for 1 second..." - count=$((count++)) - sleep 1 - done - - ${concatMapStrings (dump: - '' - echo "Importing dump: ${dump}" - - if [ -f ${dump} ] - then - ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load ${dump} - elif [ -d ${dump} ] - then - for i in ${dump}/ejabberd-dump/* - do - ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load $i - done - fi - '') cfg.loadDumps} - fi - ''} - ''; - - postStop = - '' - ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} stop - ''; - }; + postStop = '' + ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} stop + ''; + }; security.pam.services.ejabberd = {}; diff --git a/nixos/modules/services/networking/git-daemon.nix b/nixos/modules/services/networking/git-daemon.nix index 566936a7d0fa..215ffe48a563 100644 --- a/nixos/modules/services/networking/git-daemon.nix +++ b/nixos/modules/services/networking/git-daemon.nix @@ -16,7 +16,7 @@ in type = types.bool; default = false; description = '' - Enable Git daemon, which allows public hosting of git repositories + Enable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access. You can allow write access by setting daemon.receivepack configuration @@ -115,10 +115,9 @@ in gid = config.ids.gids.git; }; - jobs.gitDaemon = { - name = "git-daemon"; - startOn = "ip-up"; - exec = "${pkgs.git}/bin/git daemon --reuseaddr " + systemd.services."git-daemon" = { + wantedBy = [ "ip-up.target" ]; + script = "${pkgs.git}/bin/git daemon --reuseaddr " + (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} " diff --git a/nixos/modules/services/networking/gvpe.nix b/nixos/modules/services/networking/gvpe.nix index c633ffedef49..27b64b5bb95f 100644 --- a/nixos/modules/services/networking/gvpe.nix +++ b/nixos/modules/services/networking/gvpe.nix @@ -37,13 +37,6 @@ let ''; executable = true; }); - - exec = "${pkgs.gvpe}/sbin/gvpe -c /var/gvpe -D ${cfg.nodename} " - + " ${cfg.nodename}.pid-file=/var/gvpe/gvpe.pid" - + " ${cfg.nodename}.if-up=if-up" - + " &> /var/log/gvpe"; - - inherit (cfg) startOn stopOn; in { @@ -55,18 +48,6 @@ in Whether to run gvpe ''; }; - startOn = mkOption { - default = "started network-interfaces"; - description = '' - Condition to start GVPE - ''; - }; - stopOn = mkOption { - default = "stopping network-interfaces"; - description = '' - Condition to stop GVPE - ''; - }; nodename = mkOption { default = null; description ='' @@ -122,10 +103,10 @@ in }; }; config = mkIf cfg.enable { - jobs.gvpe = { + systemd.services.gvpe = { description = "GNU Virtual Private Ethernet node"; - - inherit startOn stopOn; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; preStart = '' mkdir -p /var/gvpe @@ -136,9 +117,12 @@ in cp ${ifupScript} /var/gvpe/if-up ''; - inherit exec; + script = "${pkgs.gvpe}/sbin/gvpe -c /var/gvpe -D ${cfg.nodename} " + + " ${cfg.nodename}.pid-file=/var/gvpe/gvpe.pid" + + " ${cfg.nodename}.if-up=if-up" + + " &> /var/log/gvpe"; - respawn = true; + serviceConfig.Restart = "always"; }; }; } diff --git a/nixos/modules/services/networking/ifplugd.nix b/nixos/modules/services/networking/ifplugd.nix index 20bfca8f8723..00b94fe2284e 100644 --- a/nixos/modules/services/networking/ifplugd.nix +++ b/nixos/modules/services/networking/ifplugd.nix @@ -66,23 +66,17 @@ in ###### implementation config = mkIf cfg.enable { - - jobs.ifplugd = - { description = "Network interface connectivity monitor"; - - startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; - - exec = - '' - ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \ - ${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \ - --run ${plugScript} - ''; - }; + systemd.services.ifplugd = { + description = "Network interface connectivity monitor"; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + script = '' + ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \ + ${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \ + --run ${plugScript} + ''; + }; environment.systemPackages = [ ifplugd ]; - }; - } diff --git a/nixos/modules/services/networking/ircd-hybrid/default.nix b/nixos/modules/services/networking/ircd-hybrid/default.nix index 2c397f94d230..ede57c5046d3 100644 --- a/nixos/modules/services/networking/ircd-hybrid/default.nix +++ b/nixos/modules/services/networking/ircd-hybrid/default.nix @@ -121,17 +121,11 @@ in users.extraGroups.ircd.gid = config.ids.gids.ircd; - jobs.ircd_hybrid = - { name = "ircd-hybrid"; - - description = "IRCD Hybrid server"; - - startOn = "started networking"; - stopOn = "stopping networking"; - - exec = "${ircdService}/bin/control start"; - }; - + systemd.services."ircd-hybrid" = { + description = "IRCD Hybrid server"; + after = [ "started networking" ]; + wantedBy = [ "multi-user.target" ]; + script = "${ircdService}/bin/control start"; + }; }; - } diff --git a/nixos/modules/services/networking/oidentd.nix b/nixos/modules/services/networking/oidentd.nix index 738ab8313a5d..651bb8e967cf 100644 --- a/nixos/modules/services/networking/oidentd.nix +++ b/nixos/modules/services/networking/oidentd.nix @@ -20,18 +20,17 @@ with lib; }; - + ###### implementation config = mkIf config.services.oidentd.enable { - - jobs.oidentd = - { startOn = "started network-interfaces"; - daemonType = "fork"; - exec = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup" + - optionalString config.networking.enableIPv6 " -a ::" - ; - }; + systemd.services.oidentd = { + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "forking"; + script = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup" + + optionalString config.networking.enableIPv6 " -a ::"; + }; users.extraUsers.oidentd = { description = "Ident Protocol daemon user"; diff --git a/nixos/modules/services/networking/openfire.nix b/nixos/modules/services/networking/openfire.nix index c3b4ba90b4e7..ed91b45ec945 100644 --- a/nixos/modules/services/networking/openfire.nix +++ b/nixos/modules/services/networking/openfire.nix @@ -2,17 +2,7 @@ with lib; -let - - inherit (pkgs) jre openfire coreutils which gnugrep gawk gnused; - - extraStartDependency = - if config.services.openfire.usePostgreSQL then "and started postgresql" else ""; - -in - { - ###### interface options = { @@ -47,26 +37,24 @@ in message = "OpenFire assertion failed."; }; - jobs.openfire = - { description = "OpenFire XMPP server"; - - startOn = "started networking ${extraStartDependency}"; - - script = - '' - export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin - export HOME=/tmp - mkdir /var/log/openfire || true - mkdir /etc/openfire || true - for i in ${openfire}/conf.inst/*; do - if ! test -f /etc/openfire/$(basename $i); then - cp $i /etc/openfire/ - fi - done - openfire start - ''; # */ - }; - + systemd.services.openfire = { + description = "OpenFire XMPP server"; + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" ] ++ + optional config.services.openfire.usePostgreSQL "postgresql.service"; + path = with pkgs; [ jre openfire coreutils which gnugrep gawk gnused ]; + script = '' + export HOME=/tmp + mkdir /var/log/openfire || true + mkdir /etc/openfire || true + for i in ${openfire}/conf.inst/*; do + if ! test -f /etc/openfire/$(basename $i); then + cp $i /etc/openfire/ + fi + done + openfire start + ''; # */ + }; }; } diff --git a/nixos/modules/services/networking/prayer.nix b/nixos/modules/services/networking/prayer.nix index ad0fb0af01cb..cb8fe6bf4fe9 100644 --- a/nixos/modules/services/networking/prayer.nix +++ b/nixos/modules/services/networking/prayer.nix @@ -83,21 +83,14 @@ in gid = config.ids.gids.prayer; }; - jobs.prayer = - { name = "prayer"; - - startOn = "startup"; - - preStart = - '' - mkdir -m 0755 -p ${stateDir} - chown ${prayerUser}.${prayerGroup} ${stateDir} - ''; - - daemonType = "daemon"; - - exec = "${prayer}/sbin/prayer --config-file=${prayerCfg}"; - }; + systemd.services.prayer = { + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "forking"; + preStart = '' + mkdir -m 0755 -p ${stateDir} + chown ${prayerUser}.${prayerGroup} ${stateDir} + ''; + script = "${prayer}/sbin/prayer --config-file=${prayerCfg}"; + }; }; - } diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index fc9afc70aca4..4b77ef22ac12 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -33,16 +33,14 @@ in }; config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.pythonPackages.radicale ]; - jobs.radicale = { + systemd.services.radicale = { description = "A Simple Calendar and Contact Server"; - startOn = "started network-interfaces"; - exec = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d"; - daemonType = "fork"; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d"; + serviceConfig.Type = "forking"; }; - }; - } diff --git a/nixos/modules/services/networking/softether.nix b/nixos/modules/services/networking/softether.nix index 49538af7d351..a421b32f02c2 100644 --- a/nixos/modules/services/networking/softether.nix +++ b/nixos/modules/services/networking/softether.nix @@ -61,9 +61,10 @@ in dataDir = cfg.dataDir; })) ]; - jobs.softether = { + systemd.services.softether = { description = "SoftEther VPN services initial job"; - startOn = "started network-interfaces"; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; preStart = '' for d in vpnserver vpnbridge vpnclient vpncmd; do if ! test -e ${cfg.dataDir}/$d; then @@ -74,7 +75,6 @@ in rm -rf ${cfg.dataDir}/vpncmd/vpncmd ln -s ${pkg}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd ''; - exec = "true"; }; } diff --git a/nixos/modules/services/networking/ssh/lshd.nix b/nixos/modules/services/networking/ssh/lshd.nix index 81e523fd2a51..661a6a524631 100644 --- a/nixos/modules/services/networking/ssh/lshd.nix +++ b/nixos/modules/services/networking/ssh/lshd.nix @@ -117,62 +117,60 @@ in services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ]; - jobs.lshd = - { description = "GNU lshd SSH2 daemon"; - - startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; - - environment = - { LD_LIBRARY_PATH = config.system.nssModules.path; }; - - preStart = - '' - test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh - test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh - - if ! test -f /var/spool/lsh/yarrow-seed-file - then - # XXX: It would be nice to provide feedback to the - # user when this fails, so that they can retry it - # manually. - ${lsh}/bin/lsh-make-seed --sloppy \ - -o /var/spool/lsh/yarrow-seed-file - fi - - if ! test -f "${cfg.hostKey}" - then - ${lsh}/bin/lsh-keygen --server | \ - ${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}" - fi - ''; - - exec = with cfg; - '' - ${lsh}/sbin/lshd --daemonic \ - --password-helper="${lsh}/sbin/lsh-pam-checkpw" \ - -p ${toString portNumber} \ - ${if interfaces == [] then "" - else (concatStrings (map (i: "--interface=\"${i}\"") - interfaces))} \ - -h "${hostKey}" \ - ${if !syslog then "--no-syslog" else ""} \ - ${if passwordAuthentication then "--password" else "--no-password" } \ - ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \ - ${if rootLogin then "--root-login" else "--no-root-login" } \ - ${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \ - ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \ - ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \ - ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \ - --subsystems=${concatStringsSep "," - (map (pair: (head pair) + "=" + - (head (tail pair))) - subsystems)} - ''; + systemd.services.lshd = { + description = "GNU lshd SSH2 daemon"; + + after = [ "network-interfaces.target" ]; + + wantedBy = [ "multi-user.target" ]; + + environment = { + LD_LIBRARY_PATH = config.system.nssModules.path; }; - security.pam.services.lshd = {}; + preStart = '' + test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh + test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh + + if ! test -f /var/spool/lsh/yarrow-seed-file + then + # XXX: It would be nice to provide feedback to the + # user when this fails, so that they can retry it + # manually. + ${lsh}/bin/lsh-make-seed --sloppy \ + -o /var/spool/lsh/yarrow-seed-file + fi + + if ! test -f "${cfg.hostKey}" + then + ${lsh}/bin/lsh-keygen --server | \ + ${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}" + fi + ''; + + script = with cfg; '' + ${lsh}/sbin/lshd --daemonic \ + --password-helper="${lsh}/sbin/lsh-pam-checkpw" \ + -p ${toString portNumber} \ + ${if interfaces == [] then "" + else (concatStrings (map (i: "--interface=\"${i}\"") + interfaces))} \ + -h "${hostKey}" \ + ${if !syslog then "--no-syslog" else ""} \ + ${if passwordAuthentication then "--password" else "--no-password" } \ + ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \ + ${if rootLogin then "--root-login" else "--no-root-login" } \ + ${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \ + ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \ + ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \ + ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \ + --subsystems=${concatStringsSep "," + (map (pair: (head pair) + "=" + + (head (tail pair))) + subsystems)} + ''; + }; + security.pam.services.lshd = {}; }; - } diff --git a/nixos/modules/services/networking/tcpcrypt.nix b/nixos/modules/services/networking/tcpcrypt.nix index fbd581cc4b4c..267653abce03 100644 --- a/nixos/modules/services/networking/tcpcrypt.nix +++ b/nixos/modules/services/networking/tcpcrypt.nix @@ -35,11 +35,11 @@ in description = "tcpcrypt daemon user"; }; - jobs.tcpcrypt = { + systemd.services.tcpcrypt = { description = "tcpcrypt"; - wantedBy = ["multi-user.target"]; - after = ["network-interfaces.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network-interfaces.target" ]; path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ]; @@ -58,7 +58,7 @@ in iptables -t mangle -I POSTROUTING -j nixos-tcpcrypt ''; - exec = "tcpcryptd -x 0x10"; + script = "tcpcryptd -x 0x10"; postStop = '' if [ -f /run/pre-tcpcrypt-ecn-state ]; then diff --git a/nixos/modules/services/networking/wicd.nix b/nixos/modules/services/networking/wicd.nix index 18258084fc2c..9e5a437b4856 100644 --- a/nixos/modules/services/networking/wicd.nix +++ b/nixos/modules/services/networking/wicd.nix @@ -25,17 +25,13 @@ with lib; environment.systemPackages = [pkgs.wicd]; - jobs.wicd = - { startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; - - script = - "${pkgs.wicd}/sbin/wicd -f"; - }; + systemd.services.wicd = { + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + script = "${pkgs.wicd}/sbin/wicd -f"; + }; services.dbus.enable = true; services.dbus.packages = [pkgs.wicd]; - }; - } diff --git a/nixos/modules/services/networking/xinetd.nix b/nixos/modules/services/networking/xinetd.nix index 14ee52ae52e6..08680b517808 100644 --- a/nixos/modules/services/networking/xinetd.nix +++ b/nixos/modules/services/networking/xinetd.nix @@ -6,8 +6,6 @@ let cfg = config.services.xinetd; - inherit (pkgs) xinetd; - configFile = pkgs.writeText "xinetd.conf" '' defaults @@ -141,18 +139,12 @@ in ###### implementation config = mkIf cfg.enable { - - jobs.xinetd = - { description = "xinetd server"; - - startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; - - path = [ xinetd ]; - - exec = "xinetd -syslog daemon -dontfork -stayalive -f ${configFile}"; - }; - + systemd.services.xinetd = { + description = "xinetd server"; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.xinetd ]; + script = "xinetd -syslog daemon -dontfork -stayalive -f ${configFile}"; + }; }; - } |