diff options
52 files changed, 1061 insertions, 246 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index a7313e8fdfae..a6c6c547aedc 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -868,6 +868,12 @@ githubId = 706854; name = "Etienne Laurin"; }; + attila-lendvai = { + name = "Attila Lendvai"; + email = "attila@lendvai.name"; + github = "attila-lendvai"; + githubId = 840345; + }; auntie = { email = "auntieNeo@gmail.com"; github = "auntieNeo"; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f64f2dbb2cb2..30fdde780098 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -609,6 +609,8 @@ ./services/networking/atftpd.nix ./services/networking/avahi-daemon.nix ./services/networking/babeld.nix + ./services/networking/bee.nix + ./services/networking/bee-clef.nix ./services/networking/biboumi.nix ./services/networking/bind.nix ./services/networking/bitcoind.nix diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix index 31d606b141a8..506ded5e9e8c 100644 --- a/nixos/modules/services/backup/mysql-backup.nix +++ b/nixos/modules/services/backup/mysql-backup.nix @@ -48,6 +48,7 @@ in }; user = mkOption { + type = types.str; default = defaultUser; description = '' User to be used to perform backup. @@ -56,12 +57,14 @@ in databases = mkOption { default = []; + type = types.listOf types.str; description = '' List of database names to dump. ''; }; location = mkOption { + type = types.path; default = "/var/backup/mysql"; description = '' Location to put the gzipped MySQL database dumps. @@ -70,6 +73,7 @@ in singleTransaction = mkOption { default = false; + type = types.bool; description = '' Whether to create database dump in a single transaction ''; diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 428861a7598a..f4bd3aa447e5 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -48,6 +48,7 @@ in { startAt = mkOption { default = "*-*-* 01:15:00"; + type = types.str; description = '' This option defines (see <literal>systemd.time</literal> for format) when the databases should be dumped. @@ -70,6 +71,7 @@ in { databases = mkOption { default = []; + type = types.listOf types.str; description = '' List of database names to dump. ''; @@ -77,6 +79,7 @@ in { location = mkOption { default = "/var/backup/postgresql"; + type = types.path; description = '' Location to put the gzipped PostgreSQL database dumps. ''; diff --git a/nixos/modules/services/networking/bee-clef.nix b/nixos/modules/services/networking/bee-clef.nix new file mode 100644 index 000000000000..719714b28982 --- /dev/null +++ b/nixos/modules/services/networking/bee-clef.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +# NOTE for now nothing is installed into /etc/bee-clef/. the config files are used as read-only from the nix store. + +with lib; +let + cfg = config.services.bee-clef; +in { + meta = { + maintainers = with maintainers; [ attila-lendvai ]; + }; + + ### interface + + options = { + services.bee-clef = { + enable = mkEnableOption "clef external signer instance for Ethereum Swarm Bee"; + + dataDir = mkOption { + type = types.nullOr types.str; + default = "/var/lib/bee-clef"; + description = '' + Data dir for bee-clef. Beware that some helper scripts may not work when changed! + The service itself should work fine, though. + ''; + }; + + passwordFile = mkOption { + type = types.nullOr types.str; + default = "/var/lib/bee-clef/password"; + description = "Password file for bee-clef."; + }; + + user = mkOption { + type = types.str; + default = "bee-clef"; + description = '' + User the bee-clef daemon should execute under. + ''; + }; + + group = mkOption { + type = types.str; + default = "bee-clef"; + description = '' + Group the bee-clef daemon should execute under. + ''; + }; + }; + }; + + ### implementation + + config = mkIf cfg.enable { + # if we ever want to have rules.js under /etc/bee-clef/ + # environment.etc."bee-clef/rules.js".source = ${pkgs.bee-clef}/rules.js + + systemd.packages = [ pkgs.bee-clef ]; # include the upstream bee-clef.service file + + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}/' 0750 ${cfg.user} ${cfg.group}" + "d '${cfg.dataDir}/keystore' 0700 ${cfg.user} ${cfg.group}" + ]; + + systemd.services.bee-clef = { + path = [ + # these are needed for the ensure-clef-account script + pkgs.coreutils + pkgs.gnused + pkgs.gawk + ]; + + wantedBy = [ "bee.service" "multi-user.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStartPre = ''${pkgs.bee-clef}/share/bee-clef/ensure-clef-account "${cfg.dataDir}" "${pkgs.bee-clef}/share/bee-clef/"''; + ExecStart = [ + "" # this hides/overrides what's in the original entry + "${pkgs.bee-clef}/share/bee-clef/bee-clef-service start" + ]; + ExecStop = [ + "" # this hides/overrides what's in the original entry + "${pkgs.bee-clef}/share/bee-clef/bee-clef-service stop" + ]; + Environment = [ + "CONFIGDIR=${cfg.dataDir}" + "PASSWORD_FILE=${cfg.passwordFile}" + ]; + }; + }; + + users.users = optionalAttrs (cfg.user == "bee-clef") { + bee-clef = { + group = cfg.group; + home = cfg.dataDir; + isSystemUser = true; + description = "Daemon user for the bee-clef service"; + }; + }; + + users.groups = optionalAttrs (cfg.group == "bee-clef") { + bee-clef = {}; + }; + }; +} diff --git a/nixos/modules/services/networking/bee.nix b/nixos/modules/services/networking/bee.nix new file mode 100644 index 000000000000..8a77ce23ab4d --- /dev/null +++ b/nixos/modules/services/networking/bee.nix @@ -0,0 +1,149 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.bee; + format = pkgs.formats.yaml {}; + configFile = format.generate "bee.yaml" cfg.settings; +in { + meta = { + # doc = ./bee.xml; + maintainers = with maintainers; [ attila-lendvai ]; + }; + + ### interface + + options = { + services.bee = { + enable = mkEnableOption "Ethereum Swarm Bee"; + + package = mkOption { + type = types.package; + default = pkgs.bee; + defaultText = "pkgs.bee"; + example = "pkgs.bee-unstable"; + description = "The package providing the bee binary for the service."; + }; + + settings = mkOption { + type = format.type; + description = '' + Ethereum Swarm Bee configuration. Refer to + <link xlink:href="https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/"/> + for details on supported values. + ''; + }; + + daemonNiceLevel = mkOption { + type = types.int; + default = 0; + description = '' + Daemon process priority for bee. + 0 is the default Unix process priority, 19 is the lowest. + ''; + }; + + user = mkOption { + type = types.str; + default = "bee"; + description = '' + User the bee binary should execute under. + ''; + }; + + group = mkOption { + type = types.str; + default = "bee"; + description = '' + Group the bee binary should execute under. + ''; + }; + }; + }; + + ### implementation + + config = mkIf cfg.enable { + assertions = [ + { assertion = (hasAttr "password" cfg.settings) != true; + message = '' + `services.bee.settings.password` is insecure. Use `services.bee.settings.password-file` or `systemd.services.bee.serviceConfig.EnvironmentFile` instead. + ''; + } + { assertion = (hasAttr "swap-endpoint" cfg.settings) || (cfg.settings.swap-enable or true == false); + message = '' + In a swap-enabled network a working Ethereum blockchain node is required. You must specify one using `services.bee.settings.swap-endpoint`, or disable `services.bee.settings.swap-enable` = false. + ''; + } + ]; + + warnings = optional (! config.services.bee-clef.enable) "The bee service requires an external signer. Consider setting `config.services.bee-clef.enable` = true"; + + services.bee.settings = { + data-dir = lib.mkDefault "/var/lib/bee"; + password-file = lib.mkDefault "/var/lib/bee/password"; + clef-signer-enable = lib.mkDefault true; + clef-signer-endpoint = lib.mkDefault "/var/lib/bee-clef/clef.ipc"; + swap-endpoint = lib.mkDefault "https://rpc.slock.it/goerli"; + }; + + systemd.packages = [ cfg.package ]; # include the upstream bee.service file + + systemd.tmpfiles.rules = [ + "d '${cfg.settings.data-dir}' 0750 ${cfg.user} ${cfg.group}" + ]; + + systemd.services.bee = { + requires = optional config.services.bee-clef.enable + "bee-clef.service"; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Nice = cfg.daemonNiceLevel; + User = cfg.user; + Group = cfg.group; + ExecStart = [ + "" # this hides/overrides what's in the original entry + "${cfg.package}/bin/bee --config=${configFile} start" + ]; + }; + + preStart = with cfg.settings; '' + if ! test -f ${password-file}; then + < /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 > ${password-file} + chmod 0600 ${password-file} + echo "Initialized ${password-file} from /dev/urandom" + fi + if [ ! -f ${data-dir}/keys/libp2p.key ]; then + ${cfg.package}/bin/bee init --config=${configFile} >/dev/null + echo " +Logs: journalctl -f -u bee.service + +Bee has SWAP enabled by default and it needs ethereum endpoint to operate. +It is recommended to use external signer with bee. +Check documentation for more info: +- SWAP https://docs.ethswarm.org/docs/installation/manual#swap-bandwidth-incentives +- External signer https://docs.ethswarm.org/docs/installation/bee-clef + +After you finish configuration run 'sudo bee-get-addr'." + fi + ''; + }; + + users.users = optionalAttrs (cfg.user == "bee") { + bee = { + group = cfg.group; + home = cfg.settings.data-dir; + isSystemUser = true; + description = "Daemon user for Ethereum Swarm Bee"; + extraGroups = optional config.services.bee-clef.enable + config.services.bee-clef.group; + }; + }; + + users.groups = optionalAttrs (cfg.group == "bee") { + bee = {}; + }; + }; +} diff --git a/pkgs/applications/editors/vscode/update-vscode.sh b/pkgs/applications/editors/vscode/update-vscode.sh index cb1400f048e0..d1ae71cd11e2 100755 --- a/pkgs/applications/editors/vscode/update-vscode.sh +++ b/pkgs/applications/editors/vscode/update-vscode.sh @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i bash -p curl gnugrep gnused gawk +#!nix-shell -i bash -p curl jq gnused # Update script for the vscode versions and hashes. # Usually doesn't need to be called by hand, @@ -16,8 +16,7 @@ fi # VSCode -VSCODE_VER=$(curl -s -L "https://code.visualstudio.com/Download" | grep "is now available" | awk -F'</span>' '{print $1}' | awk -F'>' '{print $NF}') -VSCODE_VER=$(curl -s -L "https://code.visualstudio.com/updates/v${VSCODE_VER/./_}" | grep "Downloads:" | awk -F'code.visualstudio.com/' '{print $2}' | awk -F'/' '{print $1}') +VSCODE_VER=$(curl --fail --silent https://api.github.com/repos/Microsoft/vscode/releases/latest | jq --raw-output .tag_name) sed -i "s/version = \".*\"/version = \"${VSCODE_VER}\"/" "$ROOT/vscode.nix" VSCODE_LINUX_URL="https://vscode-update.azurewebsites.net/${VSCODE_VER}/linux-x64/stable" diff --git a/pkgs/applications/misc/nrsc5/default.nix b/pkgs/applications/misc/nrsc5/default.nix index 8b8fa16fc213..e55438f0eb11 100644 --- a/pkgs/applications/misc/nrsc5/default.nix +++ b/pkgs/applications/misc/nrsc5/default.nix @@ -46,7 +46,7 @@ in stdenv.mkDerivation { homepage = "https://github.com/theori-io/nrsc5"; description = "HD-Radio decoder for RTL-SDR"; platforms = lib.platforms.linux; - license = licenses.gpl3; + license = licenses.gpl3Plus; maintainers = with maintainers; [ markuskowa ]; }; } diff --git a/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch new file mode 100644 index 000000000000..fb551646b7c6 --- /dev/null +++ b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch @@ -0,0 +1,44 @@ +From 04933c578f51aa1f536991318dc5aede57f81c0d Mon Sep 17 00:00:00 2001 +From: Attila Lendvai <attila@lendvai.name> +Date: Sat, 30 Jan 2021 14:02:02 +0100 +Subject: [PATCH 1/2] clef-service: accept default CONFIGDIR from the + environment + +--- + packaging/bee-clef-service | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service +index 10bcd92..34c7edd 100755 +--- a/packaging/bee-clef-service ++++ b/packaging/bee-clef-service +@@ -1,16 +1,21 @@ + #!/usr/bin/env sh + + start() { +- KEYSTORE=/var/lib/bee-clef/keystore +- CONFIGDIR=/var/lib/bee-clef ++ if [ -z "$CONFIGDIR" ]; then ++ CONFIGDIR=/var/lib/bee-clef ++ fi ++ if [ -z "$PASSWORD_FILE" ]; then ++ PASSWORD_FILE=${CONFIGDIR}/password ++ fi ++ KEYSTORE=${CONFIGDIR}/keystore ++ SECRET=$(cat ${PASSWORD_FILE}) + CHAINID=5 +- SECRET=$(cat /var/lib/bee-clef/password) + # clef with every start sets permissions back to 600 +- (sleep 4; chmod 660 /var/lib/bee-clef/clef.ipc) & ++ (sleep 4; chmod 660 ${CONFIGDIR}/clef.ipc) & + ( sleep 2; cat << EOF + { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } } + EOF +-) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath /var/lib/bee-clef ++) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} + } + + stop() { +-- +2.29.2 + diff --git a/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch new file mode 100644 index 000000000000..611aed0b890a --- /dev/null +++ b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch @@ -0,0 +1,25 @@ +From 1a1ab986245e8b74648a1a0adb5d1c7019561d18 Mon Sep 17 00:00:00 2001 +From: Attila Lendvai <attila@lendvai.name> +Date: Sat, 30 Jan 2021 15:24:57 +0100 +Subject: [PATCH 2/2] nix diff for substituteAll + +--- + packaging/bee-clef-service | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service +index 34c7edd..31e9d95 100755 +--- a/packaging/bee-clef-service ++++ b/packaging/bee-clef-service +@@ -15,7 +15,7 @@ start() { + ( sleep 2; cat << EOF + { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } } + EOF +-) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} ++) | @clefBinary@ --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules @out@/share/bee-clef/rules.js --nousb --4bytedb-custom @out@/share/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} + } + + stop() { +-- +2.29.2 + diff --git a/pkgs/applications/networking/bee/bee-clef.nix b/pkgs/applications/networking/bee/bee-clef.nix new file mode 100644 index 000000000000..a94386ea3f11 --- /dev/null +++ b/pkgs/applications/networking/bee/bee-clef.nix @@ -0,0 +1,57 @@ +{ version ? "release", stdenv, lib, substituteAll, fetchFromGitHub, go-ethereum }: + +stdenv.mkDerivation rec { + pname = "bee-clef"; + version = "0.4.7"; + + src = fetchFromGitHub { + owner = "ethersphere"; + repo = "bee-clef"; + rev = "refs/tags/v${version}"; + sha256 = "1sfwql0kvnir8b9ggpqcyc0ar995gxgfbhqb1xpfzp6wl0g3g4zz"; + }; + + buildInputs = [ go-ethereum ]; + + clefBinary = "${go-ethereum}/bin/clef"; + + patches = [ + ./0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch + ./0002-nix-diff-for-substituteAll.patch + ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin/ + mkdir -p $out/share/bee-clef/ + mkdir -p $out/lib/systemd/system/ + cp packaging/bee-clef.service $out/lib/systemd/system/ + substituteAll packaging/bee-clef-service $out/share/bee-clef/bee-clef-service + substituteAll ${./ensure-clef-account} $out/share/bee-clef/ensure-clef-account + substituteAll packaging/bee-clef-keys $out/bin/bee-clef-keys + cp packaging/rules.js packaging/4byte.json $out/share/bee-clef/ + chmod +x $out/bin/bee-clef-keys + chmod +x $out/share/bee-clef/bee-clef-service + chmod +x $out/share/bee-clef/ensure-clef-account |