diff options
Diffstat (limited to 'nixos/modules/services/misc')
| -rw-r--r-- | nixos/modules/services/misc/gitea.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 14 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.xml | 34 | ||||
| -rw-r--r-- | nixos/modules/services/misc/taskserver/doc.xml | 74 | ||||
| -rw-r--r-- | nixos/modules/services/misc/weechat.xml | 21 |
5 files changed, 112 insertions, 32 deletions
diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 59c1c104b9b..4992b13c9d4 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -322,6 +322,7 @@ in "d '${cfg.stateDir}/conf' - ${cfg.user} gitea - -" "d '${cfg.stateDir}/custom' - ${cfg.user} gitea - -" "d '${cfg.stateDir}/custom/conf' - ${cfg.user} gitea - -" + "d '${cfg.stateDir}/log' - ${cfg.user} gitea - -" "d '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" "Z '${cfg.stateDir}' - ${cfg.user} gitea - -" diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 66da6864fca..4c1ffead00c 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -223,7 +223,15 @@ in { statePath = mkOption { type = types.str; default = "/var/gitlab/state"; - description = "Gitlab state directory, logs are stored here."; + description = '' + Gitlab state directory. Configuration, repositories and + logs, among other things, are stored here. + + The directory will be created automatically if it doesn't + exist already. Its parent directories must be owned by + either <literal>root</literal> or the user set in + <option>services.gitlab.user</option>. + ''; }; backupPath = mkOption { @@ -673,6 +681,10 @@ in { openssh nodejs gnupg + + # Needed for GitLab project imports + gnutar + gzip ]; serviceConfig = { Type = "simple"; diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index a59f8919a47..b6171a9a194 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -11,11 +11,14 @@ <title>Prerequisites</title> <para> - The gitlab service exposes only an Unix socket at <literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a webserver to proxy HTTP requests to the socket. + The gitlab service exposes only an Unix socket at + <literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to + configure a webserver to proxy HTTP requests to the socket. </para> <para> - For instance, the following configuration could be used to use nginx as frontend proxy: + For instance, the following configuration could be used to use nginx as + frontend proxy: <programlisting> <link linkend="opt-services.nginx.enable">services.nginx</link> = { <link linkend="opt-services.nginx.enable">enable</link> = true; @@ -36,11 +39,14 @@ <title>Configuring</title> <para> - Gitlab depends on both PostgreSQL and Redis and will automatically enable both services. In the case of PostgreSQL, a database and a role will be created. + Gitlab depends on both PostgreSQL and Redis and will automatically enable + both services. In the case of PostgreSQL, a database and a role will be + created. </para> <para> - The default state dir is <literal>/var/gitlab/state</literal>. This is where all data like the repositories and uploads will be stored. + The default state dir is <literal>/var/gitlab/state</literal>. This is where + all data like the repositories and uploads will be stored. </para> <para> @@ -79,19 +85,31 @@ services.gitlab = { </para> <para> - If you're setting up a new Gitlab instance, generate new secrets. You for instance use <literal>tr -dc A-Za-z0-9 < /dev/urandom | head -c 128 > /var/keys/gitlab/db</literal> to generate a new db secret. Make sure the files can be read by, and only by, the user specified by <link - linkend="opt-services.gitlab.user">services.gitlab.user</link>. Gitlab encrypts sensitive data stored in the database. If you're restoring an existing Gitlab instance, you must specify the secrets secret from <literal>config/secrets.yml</literal> located in your Gitlab state folder. + If you're setting up a new Gitlab instance, generate new + secrets. You for instance use <literal>tr -dc A-Za-z0-9 < + /dev/urandom | head -c 128 > /var/keys/gitlab/db</literal> to + generate a new db secret. Make sure the files can be read by, and + only by, the user specified by <link + linkend="opt-services.gitlab.user">services.gitlab.user</link>. Gitlab + encrypts sensitive data stored in the database. If you're restoring + an existing Gitlab instance, you must specify the secrets secret + from <literal>config/secrets.yml</literal> located in your Gitlab + state folder. </para> <para> - Refer to <xref linkend="ch-options" /> for all available configuration options for the <link linkend="opt-services.gitlab.enable">services.gitlab</link> module. + Refer to <xref linkend="ch-options" /> for all available configuration + options for the + <link linkend="opt-services.gitlab.enable">services.gitlab</link> module. </para> </section> <section xml:id="module-services-gitlab-maintenance"> <title>Maintenance</title> <para> - You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> which will be available on the system when gitlab is enabled. You will have to run the command as the user that you configured to run gitlab with. + You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> which + will be available on the system when gitlab is enabled. You will have to run + the command as the user that you configured to run gitlab with. </para> <para> diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index 902ed14940e..5656bb85b37 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -4,58 +4,87 @@ xml:id="module-taskserver"> <title>Taskserver</title> <para> - Taskserver is the server component of <link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and open source todo list application. + Taskserver is the server component of + <link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and + open source todo list application. </para> <para> - <emphasis>Upstream documentation:</emphasis> <link xlink:href="https://taskwarrior.org/docs/#taskd"/> + <emphasis>Upstream documentation:</emphasis> + <link xlink:href="https://taskwarrior.org/docs/#taskd"/> </para> <section xml:id="module-services-taskserver-configuration"> <title>Configuration</title> <para> - Taskserver does all of its authentication via TLS using client certificates, so you either need to roll your own CA or purchase a certificate from a known CA, which allows creation of client certificates. These certificates are usually advertised as <quote>server certificates</quote>. + Taskserver does all of its authentication via TLS using client certificates, + so you either need to roll your own CA or purchase a certificate from a + known CA, which allows creation of client certificates. These certificates + are usually advertised as <quote>server certificates</quote>. </para> <para> - So in order to make it easier to handle your own CA, there is a helper tool called <command>nixos-taskserver</command> which manages the custom CA along with Taskserver organisations, users and groups. + So in order to make it easier to handle your own CA, there is a helper tool + called <command>nixos-taskserver</command> which manages the custom CA along + with Taskserver organisations, users and groups. </para> <para> - While the client certificates in Taskserver only authenticate whether a user is allowed to connect, every user has its own UUID which identifies it as an entity. + While the client certificates in Taskserver only authenticate whether a user + is allowed to connect, every user has its own UUID which identifies it as an + entity. </para> <para> - With <command>nixos-taskserver</command> the client certificate is created along with the UUID of the user, so it handles all of the credentials needed in order to setup the Taskwarrior client to work with a Taskserver. + With <command>nixos-taskserver</command> the client certificate is created + along with the UUID of the user, so it handles all of the credentials needed + in order to setup the Taskwarrior client to work with a Taskserver. </para> </section> <section xml:id="module-services-taskserver-nixos-taskserver-tool"> <title>The nixos-taskserver tool</title> <para> - Because Taskserver by default only provides scripts to setup users imperatively, the <command>nixos-taskserver</command> tool is used for addition and deletion of organisations along with users and groups defined by <xref linkend="opt-services.taskserver.organisations"/> and as well for imperative set up. + Because Taskserver by default only provides scripts to setup users + imperatively, the <command>nixos-taskserver</command> tool is used for + addition and deletion of organisations along with users and groups defined + by <xref linkend="opt-services.taskserver.organisations"/> and as well for + imperative set up. </para> <para> - The tool is designed to not interfere if the command is used to manually set up some organisations, users or groups. + The tool is designed to not interfere if the command is used to manually set + up some organisations, users or groups. </para> <para> - For example if you add a new organisation using <command>nixos-taskserver org add foo</command>, the organisation is not modified and deleted no matter what you define in <option>services.taskserver.organisations</option>, even if you're adding the same organisation in that option. + For example if you add a new organisation using <command>nixos-taskserver + org add foo</command>, the organisation is not modified and deleted no + matter what you define in + <option>services.taskserver.organisations</option>, even if you're adding + the same organisation in that option. </para> <para> - The tool is modelled to imitate the official <command>taskd</command> command, documentation for each subcommand can be shown by using the <option>--help</option> switch. + The tool is modelled to imitate the official <command>taskd</command> + command, documentation for each subcommand can be shown by using the + <option>--help</option> switch. </para> </section> <section xml:id="module-services-taskserver-declarative-ca-management"> <title>Declarative/automatic CA management</title> <para> - Everything is done according to what you specify in the module options, however in order to set up a Taskwarrior client for synchronisation with a Taskserver instance, you have to transfer the keys and certificates to the client machine. + Everything is done according to what you specify in the module options, + however in order to set up a Taskwarrior client for synchronisation with a + Taskserver instance, you have to transfer the keys and certificates to the + client machine. </para> <para> - This is done using <command>nixos-taskserver user export $orgname $username</command> which is printing a shell script fragment to stdout which can either be used verbatim or adjusted to import the user on the client machine. + This is done using <command>nixos-taskserver user export $orgname + $username</command> which is printing a shell script fragment to stdout + which can either be used verbatim or adjusted to import the user on the + client machine. </para> <para> @@ -68,30 +97,39 @@ <link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ]; } </screen> - This creates an organisation called <literal>my-company</literal> with the user <literal>alice</literal>. + This creates an organisation called <literal>my-company</literal> with the + user <literal>alice</literal>. </para> <para> - Now in order to import the <literal>alice</literal> user to another machine <literal>alicebox</literal>, all we need to do is something like this: + Now in order to import the <literal>alice</literal> user to another machine + <literal>alicebox</literal>, all we need to do is something like this: <screen> <prompt>$ </prompt>ssh server nixos-taskserver user export my-company alice | sh </screen> - Of course, if no SSH daemon is available on the server you can also copy & paste it directly into a shell. + Of course, if no SSH daemon is available on the server you can also copy + & paste it directly into a shell. </para> <para> - After this step the user should be set up and you can start synchronising your tasks for the first time with <command>task sync init</command> on <literal>alicebox</literal>. + After this step the user should be set up and you can start synchronising + your tasks for the first time with <command>task sync init</command> on + <literal>alicebox</literal>. </para> <para> - Subsequent synchronisation requests merely require the command <command>task sync</command> after that stage. + Subsequent synchronisation requests merely require the command <command>task + sync</command> after that stage. </para> </section> <section xml:id="module-services-taskserver-manual-ca-management"> <title>Manual CA management</title> <para> - If you set any options within <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*, <command>nixos-taskserver</command> won't issue certificates, but you can still use it for adding or removing user accounts. + If you set any options within + <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*, + <command>nixos-taskserver</command> won't issue certificates, but you can + still use it for adding or removing user accounts. </para> </section> </chapter> diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index 34bfffe15d8..7255edfb9da 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -5,13 +5,18 @@ xml:id="module-services-weechat"> <title>WeeChat</title> <para> - <link xlink:href="https://weechat.org/">WeeChat</link> is a fast and extensible IRC client. + <link xlink:href="https://weechat.org/">WeeChat</link> is a fast and + extensible IRC client. </para> <section xml:id="module-services-weechat-basic-usage"> <title>Basic Usage</title> <para> - By default, the module creates a <literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal> unit which runs the chat client in a detached <literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal> session. + By default, the module creates a + <literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal> + unit which runs the chat client in a detached + <literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal> + session. </para> <para> @@ -26,14 +31,19 @@ </para> <para> - The service is managed by a dedicated user named <literal>weechat</literal> in the state directory <literal>/var/lib/weechat</literal>. + The service is managed by a dedicated user named <literal>weechat</literal> + in the state directory <literal>/var/lib/weechat</literal>. </para> </section> <section xml:id="module-services-weechat-reattach"> <title>Re-attaching to WeeChat</title> <para> - WeeChat runs in a screen session owned by a dedicated user. To explicitly allow your another user to attach to this session, the <literal>screenrc</literal> needs to be tweaked by adding <link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link> support: + WeeChat runs in a screen session owned by a dedicated user. To explicitly + allow your another user to attach to this session, the + <literal>screenrc</literal> needs to be tweaked by adding + <link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link> + support: <programlisting> { <link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = '' @@ -49,7 +59,8 @@ screen -x weechat/weechat-screen </para> <para> - <emphasis>The session name can be changed using <link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis> + <emphasis>The session name can be changed using + <link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis> </para> </section> </chapter> |