chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update dependencies
All checks were successful
Cachix / build (kholinar) (push) Successful in 5m29s
Details
Cachix / build (elendel) (push) Successful in 4m58s
Details
Cachix / build (marabethia) (push) Successful in 6m53s
Details

Browse source
This commit is contained in:
Charlotte Van Petegem 2025-06-05 10:42:38 +02:00
parent 8f6dd4eecf
commit 87992e33b8
Signed by: chvp
SSH key fingerprint: SHA256:+xxExaZKfphaPBA/f79I53pATM1GM3mRUFmOl/ChUbM
2 changed files with 490 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

70
flake.lock generated
View file

@ -45,11 +45,11 @@
]
},
"locked": {
"lastModified": 1748774759,
"narHash": "sha256-4t/g+NC7UZsqQSv+GSFA6rYTgAmMCeF9XQZcsUfGEzg=",
"lastModified": 1749012650,
"narHash": "sha256-uzPwNYw58UZkU8XtqpRFfPcqSOYi86HHJzBPZ+o1PTo=",
"owner": "accentor",
"repo": "api",
"rev": "80fb9675961aab3758d878906d94eba69ef5913e",
"rev": "cf9e50f9f424880667be9b7b50f4d8447d266bf0",
"type": "github"
},
"original": {
@ -74,11 +74,11 @@
]
},
"locked": {
"lastModified": 1748774863,
"narHash": "sha256-rRk1JlZrHHftzed1RIYeeH6km6yKz8DUAmD1YG33htg=",
"lastModified": 1749012769,
"narHash": "sha256-SZypUcgPixs3TPy3x6beVEvoGWOWECI6KscIzvdgLxM=",
"owner": "accentor",
"repo": "web",
"rev": "e94c5f555378a7ccfea327ebc0c27a1a36b351fe",
"rev": "66542e16f24ec118768862a81e26acc99ea349aa",
"type": "github"
},
"original": {
@ -139,11 +139,11 @@
]
},
"locked": {
"lastModified": 1748998583,
"narHash": "sha256-X8kkfgfqdYa/sqGpMdDkrLytS6mj89PJW+x22+r29Yg=",
"lastModified": 1749012745,
"narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "d46a07214fc25b6313f2ea3ba789cd7ff036aeb2",
"rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b",
"type": "github"
},
"original": {
@ -184,11 +184,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1749003682,
"narHash": "sha256-7AZ5Jl235GGOnTciCmENWMvEfcemKocp3tzdiIgaSUA=",
"lastModified": 1749090069,
"narHash": "sha256-uN3Mp+o7IfVT9H/OuwEtJ17NktCaF4t9Ond3TKt+BE4=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "92b75bf8b4e26ae3373fbe6331f9a1c63efc1e29",
"rev": "c17506666090e412a50b01c57944386ab81d2aa8",
"type": "github"
},
"original": {
@ -210,11 +210,11 @@
]
},
"locked": {
"lastModified": 1748514353,
"narHash": "sha256-kpG2mIxj+18WjhcPJkGqCqmggyPf3um9ZX96Klv8HSA=",
"lastModified": 1749023534,
"narHash": "sha256-pZcoIizU6jTCA6jhCmWFkJyDmz/XaCosBtey5IHCWE0=",
"ref": "refs/heads/main",
"rev": "8ea2452ba4eb5eb238edffe98cf5402bee8abee0",
"revCount": 33,
"rev": "50d87ab03ff7e463069df2af189406756455e28d",
"revCount": 34,
"type": "git",
"url": "https://git.chvp.be/chvp/entrance-exam"
},
@ -335,11 +335,11 @@
]
},
"locked": {
"lastModified": 1748979197,
"narHash": "sha256-mKYwYcO9RmA2AcAFIXGDBOw5iv/fbjw6adWvMbnfIuk=",
"lastModified": 1749062139,
"narHash": "sha256-gGGLujmeWU+ZjFzfMvFMI0hp9xONsSbm88187wJr82Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "34a13086148cbb3ae65a79f753eb451ce5cac3d3",
"rev": "86b95fc1ed2b9b04a451a08ccf13d78fb421859c",
"type": "github"
},
"original": {
@ -394,11 +394,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1748693115,
"narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github"
},
"original": {
@ -426,11 +426,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1748810746,
"narHash": "sha256-1na8blYvU1F6HLwx/aFjrhUqpqZ0SCsnqqW9n2vXvok=",
"lastModified": 1748995628,
"narHash": "sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP+ZX+zthYcml9U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "78d9f40fd6941a1543ffc3ed358e19c69961d3c1",
"rev": "8eb3b6a2366a7095939cd22f0dc0e9991313294b",
"type": "github"
},
"original": {
@ -449,11 +449,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1749004151,
"narHash": "sha256-aXLR+ISfL8ue9DT3YgYEnRRanAsp3qBGxuGPFax2gAQ=",
"lastModified": 1749092205,
"narHash": "sha256-2QTM4E7QljCYsGNnCiibgFjx/K5hvQ7VkCHDY05rU4Y=",
"owner": "nix-community",
"repo": "NUR",
"rev": "3dc37c85b1d923b2c20b4be07e39e30e4f43f50e",
"rev": "bf9746362fc9a50cdf053883f0c06a4d9b93e3ca",
"type": "github"
},
"original": {
@ -511,11 +511,11 @@
]
},
"locked": {
"lastModified": 1748770758,
"narHash": "sha256-2mWcL/Nd2sXl7vPnMC059wDatzPXpjTnnWK0pi6VF0A=",
"lastModified": 1749012525,
"narHash": "sha256-SgHx9B3WM1miouDqzcakLUzBBCsFH6ZZnM6v8jSZrsE=",
"owner": "chvp",
"repo": "tetris",
"rev": "0649cd8fabe55d210080cd9cb62d549821c2abdf",
"rev": "1d99a2611fcca7fb5bbb973bb2a0b5e4e0e2f644",
"type": "github"
},
"original": {
@ -561,11 +561,11 @@
]
},
"locked": {
"lastModified": 1748770588,
"narHash": "sha256-hbmgx83bO0LoHdE/dzM2ECjAa20N2gC4oaxozoLC4+4=",
"lastModified": 1749011816,
"narHash": "sha256-dId6O9HUL9fs40X70yu65GYNwgqZBExKRqLjXuv0voM=",
"ref": "refs/heads/main",
"rev": "751eb9bc844e1aa9f144b1e7eae85d453f7d84fc",
"revCount": 133,
"rev": "f0fbb330a1451fcce514f0f33f3dc925f3330458",
"revCount": 134,
"type": "git",
"url": "https://git.chvp.be/chvp/www.chvp.be"
},

455
patches/413495.patch Normal file
View file

@ -0,0 +1,455 @@
diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix
index 8ff4c811063861..aa205d1f60b44a 100644
--- a/nixos/modules/services/networking/murmur.nix
+++ b/nixos/modules/services/networking/murmur.nix
@@ -5,6 +5,8 @@
...
}:
+with lib;
+
let
cfg = config.services.murmur;
forking = cfg.logFile != null;
@@ -12,53 +14,68 @@ let
database=${cfg.stateDir}/murmur.sqlite
dbDriver=QSQLITE
- autobanAttempts=${lib.toString cfg.autobanAttempts}
- autobanTimeframe=${lib.toString cfg.autobanTimeframe}
- autobanTime=${lib.toString cfg.autobanTime}
+ autobanAttempts=${toString cfg.autobanAttempts}
+ autobanTimeframe=${toString cfg.autobanTimeframe}
+ autobanTime=${toString cfg.autobanTime}
- logfile=${lib.optionalString (cfg.logFile != null) cfg.logFile}
- ${lib.optionalString forking "pidfile=/run/murmur/murmurd.pid"}
+ logfile=${optionalString (cfg.logFile != null) cfg.logFile}
+ ${optionalString forking "pidfile=/run/murmur/murmurd.pid"}
welcometext="${cfg.welcometext}"
- port=${lib.toString cfg.port}
+ port=${toString cfg.port}
- ${lib.optionalString (cfg.hostName != "") "host=${cfg.hostName}"}
- ${lib.optionalString (cfg.password != "") "serverpassword=${cfg.password}"}
+ ${optionalString (cfg.hostName != "") "host=${cfg.hostName}"}
+ ${optionalString (cfg.password != "") "serverpassword=${cfg.password}"}
- bandwidth=${lib.toString cfg.bandwidth}
- users=${lib.toString cfg.users}
+ bandwidth=${toString cfg.bandwidth}
+ users=${toString cfg.users}
- textmessagelength=${lib.toString cfg.textMsgLength}
- imagemessagelength=${lib.toString cfg.imgMsgLength}
- allowhtml=${lib.boolToString cfg.allowHtml}
- logdays=${lib.toString cfg.logDays}
- bonjour=${lib.boolToString cfg.bonjour}
- sendversion=${lib.boolToString cfg.sendVersion}
+ textmessagelength=${toString cfg.textMsgLength}
+ imagemessagelength=${toString cfg.imgMsgLength}
+ allowhtml=${boolToString cfg.allowHtml}
+ logdays=${toString cfg.logDays}
+ bonjour=${boolToString cfg.bonjour}
+ sendversion=${boolToString cfg.sendVersion}
- ${lib.optionalString (cfg.registerName != "") "registerName=${cfg.registerName}"}
- ${lib.optionalString (cfg.registerPassword != "") "registerPassword=${cfg.registerPassword}"}
- ${lib.optionalString (cfg.registerUrl != "") "registerUrl=${cfg.registerUrl}"}
- ${lib.optionalString (cfg.registerHostname != "") "registerHostname=${cfg.registerHostname}"}
+ ${optionalString (cfg.registerName != "") "registerName=${cfg.registerName}"}
+ ${optionalString (cfg.registerPassword != "") "registerPassword=${cfg.registerPassword}"}
+ ${optionalString (cfg.registerUrl != "") "registerUrl=${cfg.registerUrl}"}
+ ${optionalString (cfg.registerHostname != "") "registerHostname=${cfg.registerHostname}"}
- certrequired=${lib.boolToString cfg.clientCertRequired}
- ${lib.optionalString (cfg.sslCert != "") "sslCert=${cfg.sslCert}"}
- ${lib.optionalString (cfg.sslKey != "") "sslKey=${cfg.sslKey}"}
- ${lib.optionalString (cfg.sslCa != "") "sslCA=${cfg.sslCa}"}
+ certrequired=${boolToString cfg.clientCertRequired}
+ ${optionalString (cfg.sslCert != "") "sslCert=${cfg.sslCert}"}
+ ${optionalString (cfg.sslKey != "") "sslKey=${cfg.sslKey}"}
+ ${optionalString (cfg.sslCa != "") "sslCA=${cfg.sslCa}"}
- ${lib.optionalString (cfg.dbus != null) "dbus=${cfg.dbus}"}
+ ${optionalString (cfg.dbus != null) "dbus=${cfg.dbus}"}
${cfg.extraConfig}
'';
in
{
+ imports = [
+ (mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
+ (mkRemovedOptionModule [ "services" "murmur" "pidfile" ] "Hardcoded to /run/murmur/murmurd.pid now")
+ ];
+
options = {
services.murmur = {
- enable = lib.mkEnableOption "Mumble server";
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "If enabled, start the Murmur Mumble server.";
+ };
- openFirewall = lib.mkEnableOption "opening ports in the firewall for the Mumble server";
+ openFirewall = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Open ports in the firewall for the Murmur Mumble server.
+ '';
+ };
- user = lib.mkOption {
- type = lib.types.str;
+ user = mkOption {
+ type = types.str;
default = "murmur";
description = ''
The name of an existing user to use to run the service.
@@ -66,8 +83,8 @@ in
'';
};
- group = lib.mkOption {
- type = lib.types.str;
+ group = mkOption {
+ type = types.str;
default = "murmur";
description = ''
The name of an existing group to use to run the service.
@@ -75,16 +92,16 @@ in
'';
};
- stateDir = lib.mkOption {
- type = lib.types.path;
+ stateDir = mkOption {
+ type = types.path;
default = "/var/lib/murmur";
description = ''
Directory to store data for the server.
'';
};
- autobanAttempts = lib.mkOption {
- type = lib.types.int;
+ autobanAttempts = mkOption {
+ type = types.int;
default = 10;
description = ''
Number of attempts a client is allowed to make in
@@ -93,8 +110,8 @@ in
'';
};
- autobanTimeframe = lib.mkOption {
- type = lib.types.int;
+ autobanTimeframe = mkOption {
+ type = types.int;
default = 120;
description = ''
Timeframe in which a client can connect without being banned
@@ -102,47 +119,47 @@ in
'';
};
- autobanTime = lib.mkOption {
- type = lib.types.int;
+ autobanTime = mkOption {
+ type = types.int;
default = 300;
description = "The amount of time an IP ban lasts (in seconds).";
};
- logFile = lib.mkOption {
- type = lib.types.nullOr lib.types.path;
+ logFile = mkOption {
+ type = types.nullOr types.path;
default = null;
example = "/var/log/murmur/murmurd.log";
description = "Path to the log file for Murmur daemon. Empty means log to journald.";
};
- welcometext = lib.mkOption {
- type = lib.types.str;
+ welcometext = mkOption {
+ type = types.str;
default = "";
description = "Welcome message for connected clients.";
};
- port = lib.mkOption {
- type = lib.types.port;
+ port = mkOption {
+ type = types.port;
default = 64738;
description = "Ports to bind to (UDP and TCP).";
};
- hostName = lib.mkOption {
- type = lib.types.str;
+ hostName = mkOption {
+ type = types.str;
default = "";
description = "Host to bind to. Defaults binding on all addresses.";
};
- package = lib.mkPackageOption pkgs "murmur" { };
+ package = mkPackageOption pkgs "murmur" { };
- password = lib.mkOption {
- type = lib.types.str;
+ password = mkOption {
+ type = types.str;
default = "";
description = "Required password to join server, if specified.";
};
- bandwidth = lib.mkOption {
- type = lib.types.int;
+ bandwidth = mkOption {
+ type = types.int;
default = 72000;
description = ''
Maximum bandwidth (in bits per second) that clients may send
@@ -150,26 +167,26 @@ in
'';
};
- users = lib.mkOption {
- type = lib.types.int;
+ users = mkOption {
+ type = types.int;
default = 100;
description = "Maximum number of concurrent clients allowed.";
};
- textMsgLength = lib.mkOption {
- type = lib.types.int;
+ textMsgLength = mkOption {
+ type = types.int;
default = 5000;
description = "Max length of text messages. Set 0 for no limit.";
};
- imgMsgLength = lib.mkOption {
- type = lib.types.int;
+ imgMsgLength = mkOption {
+ type = types.int;
default = 131072;
description = "Max length of image messages. Set 0 for no limit.";
};
- allowHtml = lib.mkOption {
- type = lib.types.bool;
+ allowHtml = mkOption {
+ type = types.bool;
default = true;
description = ''
Allow HTML in client messages, comments, and channel
@@ -177,8 +194,8 @@ in
'';
};
- logDays = lib.mkOption {
- type = lib.types.int;
+ logDays = mkOption {
+ type = types.int;
default = 31;
description = ''
How long to store RPC logs for in the database. Set 0 to
@@ -186,16 +203,23 @@ in
'';
};
- bonjour = lib.mkEnableOption "Bonjour auto-discovery, which allows clients over your LAN to automatically discover Mumble servers";
+ bonjour = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Enable Bonjour auto-discovery, which allows clients over
+ your LAN to automatically discover Murmur servers.
+ '';
+ };
- sendVersion = lib.mkOption {
- type = lib.types.bool;
+ sendVersion = mkOption {
+ type = types.bool;
default = true;
description = "Send Murmur version in UDP response.";
};
- registerName = lib.mkOption {
- type = lib.types.str;
+ registerName = mkOption {
+ type = types.str;
default = "";
description = ''
Public server registration name, and also the name of the
@@ -204,8 +228,8 @@ in
'';
};
- registerPassword = lib.mkOption {
- type = lib.types.str;
+ registerPassword = mkOption {
+ type = types.str;
default = "";
description = ''
Public server registry password, used authenticate your
@@ -214,14 +238,14 @@ in
'';
};
- registerUrl = lib.mkOption {
- type = lib.types.str;
+ registerUrl = mkOption {
+ type = types.str;
default = "";
description = "URL website for your server.";
};
- registerHostname = lib.mkOption {
- type = lib.types.str;
+ registerHostname = mkOption {
+ type = types.str;
default = "";
description = ''
DNS hostname where your server can be reached. This is only
@@ -231,36 +255,40 @@ in
'';
};
- clientCertRequired = lib.mkEnableOption "requiring clients to authenticate via certificates";
+ clientCertRequired = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Require clients to authenticate via certificates.";
+ };
- sslCert = lib.mkOption {
- type = lib.types.str;
+ sslCert = mkOption {
+ type = types.str;
default = "";
description = "Path to your SSL certificate.";
};
- sslKey = lib.mkOption {
- type = lib.types.str;
+ sslKey = mkOption {
+ type = types.str;
default = "";
description = "Path to your SSL key.";
};
- sslCa = lib.mkOption {
- type = lib.types.str;
+ sslCa = mkOption {
+ type = types.str;
default = "";
description = "Path to your SSL CA certificate.";
};
- extraConfig = lib.mkOption {
- type = lib.types.lines;
+ extraConfig = mkOption {
+ type = types.lines;
default = "";
description = "Extra configuration to put into murmur.ini.";
};
- environmentFile = lib.mkOption {
- type = lib.types.nullOr lib.types.path;
+ environmentFile = mkOption {
+ type = types.nullOr types.path;
default = null;
- example = lib.literalExpression ''"''${config.services.murmur.stateDir}/murmurd.env"'';
+ example = literalExpression ''"''${config.services.murmur.stateDir}/murmurd.env"'';
description = ''
Environment file as defined in {manpage}`systemd.exec(5)`.
@@ -283,8 +311,8 @@ in
'';
};
- dbus = lib.mkOption {
- type = lib.types.enum [
+ dbus = mkOption {
+ type = types.enum [
null
"session"
"system"
@@ -295,19 +323,19 @@ in
};
};
- config = lib.mkIf cfg.enable {
- users.users.murmur = lib.mkIf (cfg.user == "murmur") {
+ config = mkIf cfg.enable {
+ users.users.murmur = mkIf (cfg.user == "murmur") {
description = "Murmur Service user";
home = cfg.stateDir;
createHome = true;
uid = config.ids.uids.murmur;
group = cfg.group;
};
- users.groups.murmur = lib.mkIf (cfg.group == "murmur") {
+ users.groups.murmur = mkIf (cfg.group == "murmur") {
gid = config.ids.gids.murmur;
};
- networking.firewall = lib.mkIf cfg.openFirewall {
+ networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
@@ -325,8 +353,8 @@ in
serviceConfig = {
# murmurd doesn't fork when logging to the console.
Type = if forking then "forking" else "simple";
- PIDFile = lib.mkIf forking "/run/murmur/murmurd.pid";
- EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
+ PIDFile = mkIf forking "/run/murmur/murmurd.pid";
+ EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${cfg.package}/bin/mumble-server -ini /run/murmur/murmurd.ini";
Restart = "always";
RuntimeDirectory = "murmur";
@@ -362,7 +390,7 @@ in
# currently not included in upstream package, addition requested at
# https://github.com/mumble-voip/mumble/issues/6078
- services.dbus.packages = lib.mkIf (cfg.dbus == "system") [
+ services.dbus.packages = mkIf (cfg.dbus == "system") [
(pkgs.writeTextFile {
name = "murmur-dbus-policy";
text = ''
@@ -404,19 +432,19 @@ in
r /run/murmur/murmurd.ini,
r ${configFile},
''
- + lib.optionalString (cfg.logFile != null) ''
+ + optionalString (cfg.logFile != null) ''
rw ${cfg.logFile},
''
- + lib.optionalString (cfg.sslCert != "") ''
+ + optionalString (cfg.sslCert != "") ''
r ${cfg.sslCert},
''
- + lib.optionalString (cfg.sslKey != "") ''
+ + optionalString (cfg.sslKey != "") ''
r ${cfg.sslKey},
''
- + lib.optionalString (cfg.sslCa != "") ''
+ + optionalString (cfg.sslCa != "") ''
r ${cfg.sslCa},
''
- + lib.optionalString (cfg.dbus != null) ''
+ + optionalString (cfg.dbus != null) ''
dbus bus=${cfg.dbus}
''
+ ''