commit 02abb271ea90d672cea83d34ce27eecae49b1799 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/murmur: Get rid of global lib expansion (#412693)

authored by Felix Bühler and committed by GitHub 8 months ago 02abb271 b589370d

+99 -127

1 changed file

expand all

unified split

nixos

modules

services

networking

murmur.nix

+99 -127

nixos/modules/services/networking/murmur.nix

··· 5 ... 6 }: 7 8 - with lib; 9 - 10 let 11 cfg = config.services.murmur; 12 forking = cfg.logFile != null; ··· 14 database=${cfg.stateDir}/murmur.sqlite 15 dbDriver=QSQLITE 16 17 - autobanAttempts=${toString cfg.autobanAttempts} 18 - autobanTimeframe=${toString cfg.autobanTimeframe} 19 - autobanTime=${toString cfg.autobanTime} 20 21 - logfile=${optionalString (cfg.logFile != null) cfg.logFile} 22 - ${optionalString forking "pidfile=/run/murmur/murmurd.pid"} 23 24 welcometext="${cfg.welcometext}" 25 - port=${toString cfg.port} 26 27 - ${optionalString (cfg.hostName != "") "host=${cfg.hostName}"} 28 - ${optionalString (cfg.password != "") "serverpassword=${cfg.password}"} 29 30 - bandwidth=${toString cfg.bandwidth} 31 - users=${toString cfg.users} 32 33 - textmessagelength=${toString cfg.textMsgLength} 34 - imagemessagelength=${toString cfg.imgMsgLength} 35 - allowhtml=${boolToString cfg.allowHtml} 36 - logdays=${toString cfg.logDays} 37 - bonjour=${boolToString cfg.bonjour} 38 - sendversion=${boolToString cfg.sendVersion} 39 40 - ${optionalString (cfg.registerName != "") "registerName=${cfg.registerName}"} 41 - ${optionalString (cfg.registerPassword != "") "registerPassword=${cfg.registerPassword}"} 42 - ${optionalString (cfg.registerUrl != "") "registerUrl=${cfg.registerUrl}"} 43 - ${optionalString (cfg.registerHostname != "") "registerHostname=${cfg.registerHostname}"} 44 45 - certrequired=${boolToString cfg.clientCertRequired} 46 - ${optionalString (cfg.sslCert != "") "sslCert=${cfg.sslCert}"} 47 - ${optionalString (cfg.sslKey != "") "sslKey=${cfg.sslKey}"} 48 - ${optionalString (cfg.sslCa != "") "sslCA=${cfg.sslCa}"} 49 50 - ${optionalString (cfg.dbus != null) "dbus=${cfg.dbus}"} 51 52 ${cfg.extraConfig} 53 ''; 54 in 55 { 56 - imports = [ 57 - (mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ]) 58 - (mkRemovedOptionModule [ "services" "murmur" "pidfile" ] "Hardcoded to /run/murmur/murmurd.pid now") 59 - ]; 60 - 61 options = { 62 services.murmur = { 63 - enable = mkOption { 64 - type = types.bool; 65 - default = false; 66 - description = "If enabled, start the Murmur Mumble server."; 67 - }; 68 69 - openFirewall = mkOption { 70 - type = types.bool; 71 - default = false; 72 - description = '' 73 - Open ports in the firewall for the Murmur Mumble server. 74 - ''; 75 - }; 76 77 - user = mkOption { 78 - type = types.str; 79 default = "murmur"; 80 description = '' 81 The name of an existing user to use to run the service. ··· 83 ''; 84 }; 85 86 - group = mkOption { 87 - type = types.str; 88 default = "murmur"; 89 description = '' 90 The name of an existing group to use to run the service. ··· 92 ''; 93 }; 94 95 - stateDir = mkOption { 96 - type = types.path; 97 default = "/var/lib/murmur"; 98 description = '' 99 Directory to store data for the server. 100 ''; 101 }; 102 103 - autobanAttempts = mkOption { 104 - type = types.int; 105 default = 10; 106 description = '' 107 Number of attempts a client is allowed to make in ··· 110 ''; 111 }; 112 113 - autobanTimeframe = mkOption { 114 - type = types.int; 115 default = 120; 116 description = '' 117 Timeframe in which a client can connect without being banned ··· 119 ''; 120 }; 121 122 - autobanTime = mkOption { 123 - type = types.int; 124 default = 300; 125 description = "The amount of time an IP ban lasts (in seconds)."; 126 }; 127 128 - logFile = mkOption { 129 - type = types.nullOr types.path; 130 default = null; 131 example = "/var/log/murmur/murmurd.log"; 132 description = "Path to the log file for Murmur daemon. Empty means log to journald."; 133 }; 134 135 - welcometext = mkOption { 136 - type = types.str; 137 default = ""; 138 description = "Welcome message for connected clients."; 139 }; 140 141 - port = mkOption { 142 - type = types.port; 143 default = 64738; 144 description = "Ports to bind to (UDP and TCP)."; 145 }; 146 147 - hostName = mkOption { 148 - type = types.str; 149 default = ""; 150 description = "Host to bind to. Defaults binding on all addresses."; 151 }; 152 153 - package = mkPackageOption pkgs "murmur" { }; 154 155 - password = mkOption { 156 - type = types.str; 157 default = ""; 158 description = "Required password to join server, if specified."; 159 }; 160 161 - bandwidth = mkOption { 162 - type = types.int; 163 default = 72000; 164 description = '' 165 Maximum bandwidth (in bits per second) that clients may send ··· 167 ''; 168 }; 169 170 - users = mkOption { 171 - type = types.int; 172 default = 100; 173 description = "Maximum number of concurrent clients allowed."; 174 }; 175 176 - textMsgLength = mkOption { 177 - type = types.int; 178 default = 5000; 179 description = "Max length of text messages. Set 0 for no limit."; 180 }; 181 182 - imgMsgLength = mkOption { 183 - type = types.int; 184 default = 131072; 185 description = "Max length of image messages. Set 0 for no limit."; 186 }; 187 188 - allowHtml = mkOption { 189 - type = types.bool; 190 default = true; 191 description = '' 192 Allow HTML in client messages, comments, and channel ··· 194 ''; 195 }; 196 197 - logDays = mkOption { 198 - type = types.int; 199 default = 31; 200 description = '' 201 How long to store RPC logs for in the database. Set 0 to ··· 203 ''; 204 }; 205 206 - bonjour = mkOption { 207 - type = types.bool; 208 - default = false; 209 - description = '' 210 - Enable Bonjour auto-discovery, which allows clients over 211 - your LAN to automatically discover Murmur servers. 212 - ''; 213 - }; 214 215 - sendVersion = mkOption { 216 - type = types.bool; 217 default = true; 218 description = "Send Murmur version in UDP response."; 219 }; 220 221 - registerName = mkOption { 222 - type = types.str; 223 default = ""; 224 description = '' 225 Public server registration name, and also the name of the ··· 228 ''; 229 }; 230 231 - registerPassword = mkOption { 232 - type = types.str; 233 default = ""; 234 description = '' 235 Public server registry password, used authenticate your ··· 238 ''; 239 }; 240 241 - registerUrl = mkOption { 242 - type = types.str; 243 default = ""; 244 description = "URL website for your server."; 245 }; 246 247 - registerHostname = mkOption { 248 - type = types.str; 249 default = ""; 250 description = '' 251 DNS hostname where your server can be reached. This is only ··· 255 ''; 256 }; 257 258 - clientCertRequired = mkOption { 259 - type = types.bool; 260 - default = false; 261 - description = "Require clients to authenticate via certificates."; 262 - }; 263 264 - sslCert = mkOption { 265 - type = types.str; 266 default = ""; 267 description = "Path to your SSL certificate."; 268 }; 269 270 - sslKey = mkOption { 271 - type = types.str; 272 default = ""; 273 description = "Path to your SSL key."; 274 }; 275 276 - sslCa = mkOption { 277 - type = types.str; 278 default = ""; 279 description = "Path to your SSL CA certificate."; 280 }; 281 282 - extraConfig = mkOption { 283 - type = types.lines; 284 default = ""; 285 description = "Extra configuration to put into murmur.ini."; 286 }; 287 288 - environmentFile = mkOption { 289 - type = types.nullOr types.path; 290 default = null; 291 - example = literalExpression ''"''${config.services.murmur.stateDir}/murmurd.env"''; 292 description = '' 293 Environment file as defined in {manpage}`systemd.exec(5)`. 294 ··· 311 ''; 312 }; 313 314 - dbus = mkOption { 315 - type = types.enum [ 316 null 317 "session" 318 "system" ··· 323 }; 324 }; 325 326 - config = mkIf cfg.enable { 327 - users.users.murmur = mkIf (cfg.user == "murmur") { 328 description = "Murmur Service user"; 329 home = cfg.stateDir; 330 createHome = true; 331 uid = config.ids.uids.murmur; 332 group = cfg.group; 333 }; 334 - users.groups.murmur = mkIf (cfg.group == "murmur") { 335 gid = config.ids.gids.murmur; 336 }; 337 338 - networking.firewall = mkIf cfg.openFirewall { 339 allowedTCPPorts = [ cfg.port ]; 340 allowedUDPPorts = [ cfg.port ]; 341 }; ··· 353 serviceConfig = { 354 # murmurd doesn't fork when logging to the console. 355 Type = if forking then "forking" else "simple"; 356 - PIDFile = mkIf forking "/run/murmur/murmurd.pid"; 357 - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; 358 ExecStart = "${cfg.package}/bin/mumble-server -ini /run/murmur/murmurd.ini"; 359 Restart = "always"; 360 RuntimeDirectory = "murmur"; ··· 390 391 # currently not included in upstream package, addition requested at 392 # https://github.com/mumble-voip/mumble/issues/6078 393 - services.dbus.packages = mkIf (cfg.dbus == "system") [ 394 (pkgs.writeTextFile { 395 name = "murmur-dbus-policy"; 396 text = '' ··· 432 r /run/murmur/murmurd.ini, 433 r ${configFile}, 434 '' 435 - + optionalString (cfg.logFile != null) '' 436 rw ${cfg.logFile}, 437 '' 438 - + optionalString (cfg.sslCert != "") '' 439 r ${cfg.sslCert}, 440 '' 441 - + optionalString (cfg.sslKey != "") '' 442 r ${cfg.sslKey}, 443 '' 444 - + optionalString (cfg.sslCa != "") '' 445 r ${cfg.sslCa}, 446 '' 447 - + optionalString (cfg.dbus != null) '' 448 dbus bus=${cfg.dbus} 449 '' 450 + ''

··· 5 ... 6 }: 7 8 let 9 cfg = config.services.murmur; 10 forking = cfg.logFile != null; ··· 12 database=${cfg.stateDir}/murmur.sqlite 13 dbDriver=QSQLITE 14 15 + autobanAttempts=${lib.toString cfg.autobanAttempts} 16 + autobanTimeframe=${lib.toString cfg.autobanTimeframe} 17 + autobanTime=${lib.toString cfg.autobanTime} 18 19 + logfile=${lib.optionalString (cfg.logFile != null) cfg.logFile} 20 + ${lib.optionalString forking "pidfile=/run/murmur/murmurd.pid"} 21 22 welcometext="${cfg.welcometext}" 23 + port=${lib.toString cfg.port} 24 25 + ${lib.optionalString (cfg.hostName != "") "host=${cfg.hostName}"} 26 + ${lib.optionalString (cfg.password != "") "serverpassword=${cfg.password}"} 27 28 + bandwidth=${lib.toString cfg.bandwidth} 29 + users=${lib.toString cfg.users} 30 31 + textmessagelength=${lib.toString cfg.textMsgLength} 32 + imagemessagelength=${lib.toString cfg.imgMsgLength} 33 + allowhtml=${lib.boolToString cfg.allowHtml} 34 + logdays=${lib.toString cfg.logDays} 35 + bonjour=${lib.boolToString cfg.bonjour} 36 + sendversion=${lib.boolToString cfg.sendVersion} 37 38 + ${lib.optionalString (cfg.registerName != "") "registerName=${cfg.registerName}"} 39 + ${lib.optionalString (cfg.registerPassword != "") "registerPassword=${cfg.registerPassword}"} 40 + ${lib.optionalString (cfg.registerUrl != "") "registerUrl=${cfg.registerUrl}"} 41 + ${lib.optionalString (cfg.registerHostname != "") "registerHostname=${cfg.registerHostname}"} 42 43 + certrequired=${lib.boolToString cfg.clientCertRequired} 44 + ${lib.optionalString (cfg.sslCert != "") "sslCert=${cfg.sslCert}"} 45 + ${lib.optionalString (cfg.sslKey != "") "sslKey=${cfg.sslKey}"} 46 + ${lib.optionalString (cfg.sslCa != "") "sslCA=${cfg.sslCa}"} 47 48 + ${lib.optionalString (cfg.dbus != null) "dbus=${cfg.dbus}"} 49 50 ${cfg.extraConfig} 51 ''; 52 in 53 { 54 options = { 55 services.murmur = { 56 + enable = lib.mkEnableOption "Mumble server"; 57 58 + openFirewall = lib.mkEnableOption "opening ports in the firewall for the Mumble server"; 59 60 + user = lib.mkOption { 61 + type = lib.types.str; 62 default = "murmur"; 63 description = '' 64 The name of an existing user to use to run the service. ··· 66 ''; 67 }; 68 69 + group = lib.mkOption { 70 + type = lib.types.str; 71 default = "murmur"; 72 description = '' 73 The name of an existing group to use to run the service. ··· 75 ''; 76 }; 77 78 + stateDir = lib.mkOption { 79 + type = lib.types.path; 80 default = "/var/lib/murmur"; 81 description = '' 82 Directory to store data for the server. 83 ''; 84 }; 85 86 + autobanAttempts = lib.mkOption { 87 + type = lib.types.int; 88 default = 10; 89 description = '' 90 Number of attempts a client is allowed to make in ··· 93 ''; 94 }; 95 96 + autobanTimeframe = lib.mkOption { 97 + type = lib.types.int; 98 default = 120; 99 description = '' 100 Timeframe in which a client can connect without being banned ··· 102 ''; 103 }; 104 105 + autobanTime = lib.mkOption { 106 + type = lib.types.int; 107 default = 300; 108 description = "The amount of time an IP ban lasts (in seconds)."; 109 }; 110 111 + logFile = lib.mkOption { 112 + type = lib.types.nullOr lib.types.path; 113 default = null; 114 example = "/var/log/murmur/murmurd.log"; 115 description = "Path to the log file for Murmur daemon. Empty means log to journald."; 116 }; 117 118 + welcometext = lib.mkOption { 119 + type = lib.types.str; 120 default = ""; 121 description = "Welcome message for connected clients."; 122 }; 123 124 + port = lib.mkOption { 125 + type = lib.types.port; 126 default = 64738; 127 description = "Ports to bind to (UDP and TCP)."; 128 }; 129 130 + hostName = lib.mkOption { 131 + type = lib.types.str; 132 default = ""; 133 description = "Host to bind to. Defaults binding on all addresses."; 134 }; 135 136 + package = lib.mkPackageOption pkgs "murmur" { }; 137 138 + password = lib.mkOption { 139 + type = lib.types.str; 140 default = ""; 141 description = "Required password to join server, if specified."; 142 }; 143 144 + bandwidth = lib.mkOption { 145 + type = lib.types.int; 146 default = 72000; 147 description = '' 148 Maximum bandwidth (in bits per second) that clients may send ··· 150 ''; 151 }; 152 153 + users = lib.mkOption { 154 + type = lib.types.int; 155 default = 100; 156 description = "Maximum number of concurrent clients allowed."; 157 }; 158 159 + textMsgLength = lib.mkOption { 160 + type = lib.types.int; 161 default = 5000; 162 description = "Max length of text messages. Set 0 for no limit."; 163 }; 164 165 + imgMsgLength = lib.mkOption { 166 + type = lib.types.int; 167 default = 131072; 168 description = "Max length of image messages. Set 0 for no limit."; 169 }; 170 171 + allowHtml = lib.mkOption { 172 + type = lib.types.bool; 173 default = true; 174 description = '' 175 Allow HTML in client messages, comments, and channel ··· 177 ''; 178 }; 179 180 + logDays = lib.mkOption { 181 + type = lib.types.int; 182 default = 31; 183 description = '' 184 How long to store RPC logs for in the database. Set 0 to ··· 186 ''; 187 }; 188 189 + bonjour = lib.mkEnableOption "Bonjour auto-discovery, which allows clients over your LAN to automatically discover Mumble servers"; 190 191 + sendVersion = lib.mkOption { 192 + type = lib.types.bool; 193 default = true; 194 description = "Send Murmur version in UDP response."; 195 }; 196 197 + registerName = lib.mkOption { 198 + type = lib.types.str; 199 default = ""; 200 description = '' 201 Public server registration name, and also the name of the ··· 204 ''; 205 }; 206 207 + registerPassword = lib.mkOption { 208 + type = lib.types.str; 209 default = ""; 210 description = '' 211 Public server registry password, used authenticate your ··· 214 ''; 215 }; 216 217 + registerUrl = lib.mkOption { 218 + type = lib.types.str; 219 default = ""; 220 description = "URL website for your server."; 221 }; 222 223 + registerHostname = lib.mkOption { 224 + type = lib.types.str; 225 default = ""; 226 description = '' 227 DNS hostname where your server can be reached. This is only ··· 231 ''; 232 }; 233 234 + clientCertRequired = lib.mkEnableOption "requiring clients to authenticate via certificates"; 235 236 + sslCert = lib.mkOption { 237 + type = lib.types.str; 238 default = ""; 239 description = "Path to your SSL certificate."; 240 }; 241 242 + sslKey = lib.mkOption { 243 + type = lib.types.str; 244 default = ""; 245 description = "Path to your SSL key."; 246 }; 247 248 + sslCa = lib.mkOption { 249 + type = lib.types.str; 250 default = ""; 251 description = "Path to your SSL CA certificate."; 252 }; 253 254 + extraConfig = lib.mkOption { 255 + type = lib.types.lines; 256 default = ""; 257 description = "Extra configuration to put into murmur.ini."; 258 }; 259 260 + environmentFile = lib.mkOption { 261 + type = lib.types.nullOr lib.types.path; 262 default = null; 263 + example = lib.literalExpression ''"''${config.services.murmur.stateDir}/murmurd.env"''; 264 description = '' 265 Environment file as defined in {manpage}`systemd.exec(5)`. 266 ··· 283 ''; 284 }; 285 286 + dbus = lib.mkOption { 287 + type = lib.types.enum [ 288 null 289 "session" 290 "system" ··· 295 }; 296 }; 297 298 + config = lib.mkIf cfg.enable { 299 + users.users.murmur = lib.mkIf (cfg.user == "murmur") { 300 description = "Murmur Service user"; 301 home = cfg.stateDir; 302 createHome = true; 303 uid = config.ids.uids.murmur; 304 group = cfg.group; 305 }; 306 + users.groups.murmur = lib.mkIf (cfg.group == "murmur") { 307 gid = config.ids.gids.murmur; 308 }; 309 310 + networking.firewall = lib.mkIf cfg.openFirewall { 311 allowedTCPPorts = [ cfg.port ]; 312 allowedUDPPorts = [ cfg.port ]; 313 }; ··· 325 serviceConfig = { 326 # murmurd doesn't fork when logging to the console. 327 Type = if forking then "forking" else "simple"; 328 + PIDFile = lib.mkIf forking "/run/murmur/murmurd.pid"; 329 + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; 330 ExecStart = "${cfg.package}/bin/mumble-server -ini /run/murmur/murmurd.ini"; 331 Restart = "always"; 332 RuntimeDirectory = "murmur"; ··· 362 363 # currently not included in upstream package, addition requested at 364 # https://github.com/mumble-voip/mumble/issues/6078 365 + services.dbus.packages = lib.mkIf (cfg.dbus == "system") [ 366 (pkgs.writeTextFile { 367 name = "murmur-dbus-policy"; 368 text = '' ··· 404 r /run/murmur/murmurd.ini, 405 r ${configFile}, 406 '' 407 + + lib.optionalString (cfg.logFile != null) '' 408 rw ${cfg.logFile}, 409 '' 410 + + lib.optionalString (cfg.sslCert != "") '' 411 r ${cfg.sslCert}, 412 '' 413 + + lib.optionalString (cfg.sslKey != "") '' 414 r ${cfg.sslKey}, 415 '' 416 + + lib.optionalString (cfg.sslCa != "") '' 417 r ${cfg.sslCa}, 418 '' 419 + + lib.optionalString (cfg.dbus != null) '' 420 dbus bus=${cfg.dbus} 421 '' 422 + ''