diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2021-01-14 12:42:20 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-14 12:42:20 +0000 |
| commit | 730ff71234db1d6b6b6d0424c8384ec74525a955 (patch) | |
| tree | 683d9a8bab765a1368a6a1bd353a3be865c3dd5b /nixos/modules | |
| parent | d247d74ff9a9e522cff6c9632dae0cb864c0382b (diff) | |
| parent | c1e1834ead2707fbee72b64d05d019d2f95cfaa2 (diff) | |
Merge master into staging-next
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 18 | ||||
| -rw-r--r-- | nixos/modules/services/networking/searx.nix | 60 |
2 files changed, 28 insertions, 50 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 795a76f748a7..1dcdcab8d481 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -25,8 +25,6 @@ let clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); - smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may"; - mainCf = let escape = replaceStrings ["$"] ["$$"]; mkList = items: "\n " + concatStringsSep ",\n " items; @@ -510,14 +508,6 @@ in ''; }; - useDane = mkOption { - type = types.bool; - default = false; - description = '' - Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details. - ''; - }; - sslCert = mkOption { type = types.str; default = ""; @@ -819,13 +809,13 @@ in // optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; } // optionalAttrs (cfg.tlsTrustedAuthorities != "") { smtp_tls_CAfile = cfg.tlsTrustedAuthorities; - smtp_tls_security_level = smtpTlsSecurityLevel; + smtp_tls_security_level = mkDefault "may"; } // optionalAttrs (cfg.sslCert != "") { smtp_tls_cert_file = cfg.sslCert; smtp_tls_key_file = cfg.sslKey; - smtp_tls_security_level = smtpTlsSecurityLevel; + smtp_tls_security_level = mkDefault "may"; smtpd_tls_cert_file = cfg.sslCert; smtpd_tls_key_file = cfg.sslKey; @@ -969,5 +959,9 @@ in imports = [ (mkRemovedOptionModule [ "services" "postfix" "sslCACert" ] "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.") + + (mkChangedOptionModule [ "services" "postfix" "useDane" ] + [ "services" "postfix" "config" "smtp_tls_security_level" ] + (config: mkIf config.services.postfix.useDane "dane")) ]; } diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index 85696beeba4a..a515e4a3dc3b 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ options, config, lib, pkgs, ... }: with lib; @@ -6,42 +6,14 @@ let runDir = "/run/searx"; cfg = config.services.searx; - hasEngines = - builtins.hasAttr "engines" cfg.settings && - cfg.settings.engines != { }; - - # Script to merge NixOS settings with - # the default settings.yml bundled in searx. - mergeConfig = '' + generateConfig = '' cd ${runDir} - # find the default settings.yml - default=$(find '${cfg.package}/' -name settings.yml) # write NixOS settings as JSON - cat <<'EOF' > settings.json + cat <<'EOF' > settings.yml ${builtins.toJSON cfg.settings} EOF - ${optionalString hasEngines '' - # extract and convert the default engines array to an object - ${pkgs.yq-go}/bin/yq r "$default" engines -j | \ - ${pkgs.jq}/bin/jq 'reduce .[] as $e ({}; .[$e.name] = $e)' \ - > engines.json - - # merge and update the NixOS engines with the newly created object - cp settings.json temp.json - ${pkgs.jq}/bin/jq -s '. as [$s, $e] | $s | .engines |= - ($e * . | to_entries | map (.value))' \ - temp.json engines.json > settings.json - - # clean up temporary files - rm {engines,temp}.json - ''} - - # merge the default and NixOS settings - ${pkgs.yq-go}/bin/yq m -P settings.json "$default" > settings.yml - rm settings.json - # substitute environment variables env -0 | while IFS='=' read -r -d ''' n v; do sed "s#@$n@#$v#g" -i settings.yml @@ -51,6 +23,12 @@ let chmod 400 settings.yml ''; + settingType = with types; (oneOf + [ bool int float str + (listOf settingType) + (attrsOf settingType) + ]) // { description = "JSON value"; }; + in { @@ -86,15 +64,16 @@ in }; settings = mkOption { - type = types.attrs; + type = types.attrsOf settingType; default = { }; example = literalExample '' { server.port = 8080; server.bind_address = "0.0.0.0"; server.secret_key = "@SEARX_SECRET_KEY@"; - engines.wolframalpha = - { shortcut = "wa"; + engines = lib.singleton + { name = "wolframalpha"; + shortcut = "wa"; api_key = "@WOLFRAM_API_KEY@"; engine = "wolframalpha_api"; }; @@ -155,9 +134,9 @@ in }; uwsgiConfig = mkOption { - type = types.attrs; + type = options.services.uwsgi.instance.type; default = { http = ":8080"; }; - example = lib.literalExample '' + example = literalExample '' { disable-logging = true; http = ":8080"; # serve via HTTP... @@ -199,7 +178,7 @@ in RuntimeDirectoryMode = "750"; } // optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = builtins.toPath cfg.environmentFile; }; - script = mergeConfig; + script = generateConfig; }; systemd.services.searx = mkIf (!cfg.runInUwsgi) { @@ -221,6 +200,11 @@ in after = [ "searx-init.service" ]; }; + services.searx.settings = { + # merge NixOS settings with defaults settings.yml + use_default_settings = mkDefault true; + }; + services.uwsgi = mkIf (cfg.runInUwsgi) { enable = true; plugins = [ "python3" ]; @@ -241,6 +225,6 @@ in }; - meta.maintainers = with lib.maintainers; [ rnhmjoj ]; + meta.maintainers = with maintainers; [ rnhmjoj ]; } |