diff options
-rw-r--r-- | custom/libvirtd-guests.nix | 84 | ||||
-rw-r--r-- | custom/uucp-notifyclient.nix | 37 | ||||
-rw-r--r-- | hel.nix | 9 |
3 files changed, 128 insertions, 2 deletions
diff --git a/custom/libvirtd-guests.nix b/custom/libvirtd-guests.nix new file mode 100644 index 00000000..36ffa3c9 --- /dev/null +++ b/custom/libvirtd-guests.nix | |||
@@ -0,0 +1,84 @@ | |||
1 | { config, pkgs, lib, utils, ... }: | ||
2 | |||
3 | with utils; | ||
4 | with lib; | ||
5 | |||
6 | let | ||
7 | cfg = virtualisation.libvirtd; | ||
8 | |||
9 | textfile = with types; coercedTo str (pkgs.writeText "spec.xml") path; | ||
10 | |||
11 | domain = { | ||
12 | options = { | ||
13 | xml = mkOption { | ||
14 | type = | ||
15 | }; | ||
16 | |||
17 | autostart = mkOption { | ||
18 | type = types.bool; | ||
19 | default = true; | ||
20 | }; | ||
21 | }; | ||
22 | }; | ||
23 | |||
24 | define = let | ||
25 | python = pkgs.python27.withPackages (ps: with ps; [ libvirt ]); | ||
26 | in dCfg: '' | ||
27 | #!${python}/bin/python | ||
28 | |||
29 | import libvirt | ||
30 | import sys | ||
31 | |||
32 | conn = libvirt.open(None); | ||
33 | if conn == None: | ||
34 | print('Failed to open connection to hypervisor', file=sys.stderr) | ||
35 | sys.exit(1) | ||
36 | |||
37 | xmlFile = open(${escapeShellArg dCfg.xml}, 'r') | ||
38 | dom = conn.defineXML(xmlFile.read(), 0) | ||
39 | xmlFile.close() | ||
40 | if dom == None: | ||
41 | print('Failed to define domain', file=sys.stderr) | ||
42 | sys.exit(1) | ||
43 | |||
44 | dom.setAutostart(${if dCfg.autostart then "1" else "0"}) | ||
45 | |||
46 | conn.close() | ||
47 | sys.exit(0) | ||
48 | ''; | ||
49 | in { | ||
50 | options = { | ||
51 | virtualisation.libvirtd = { | ||
52 | domains = mkOption { | ||
53 | type = with types; attrsOf (submodule guest); | ||
54 | default = {}; | ||
55 | }; | ||
56 | }; | ||
57 | }; | ||
58 | |||
59 | config = mkIf (cfg.domains != {}) { | ||
60 | systemd.services."libvirtd-guest@" = { | ||
61 | after = [ "libvirtd.service" ]; | ||
62 | bindsTo = [ "libvirtd.service" ]; | ||
63 | |||
64 | before = [ "libvirt-guests.service" ]; | ||
65 | |||
66 | serviceConfig = { | ||
67 | Type = "oneshot"; | ||
68 | RemainAfterExit = true; | ||
69 | }; | ||
70 | |||
71 | path = with pkgs; [ libvirtd ]; | ||
72 | }; | ||
73 | |||
74 | systemd.services = mapAttrs' (dName: dCfg: nameValuePair ("libvirtd-guest@" + escapeSystemdPath dName + ".service") { | ||
75 | serviceConfig = { | ||
76 | ExecStart = pkgs.writeScript (dName + ".py") (define dCfg); | ||
77 | }; | ||
78 | }) cfg.domains; | ||
79 | |||
80 | systemd.services."libvirt-guests.service" = { | ||
81 | wants = mapAttrsToList (dName: dCfg: "libvirtd-guest@" + escapeSystemdPath dName + ".service") cfg.domains; | ||
82 | }; | ||
83 | }; | ||
84 | } | ||
diff --git a/custom/uucp-notifyclient.nix b/custom/uucp-notifyclient.nix new file mode 100644 index 00000000..373c0553 --- /dev/null +++ b/custom/uucp-notifyclient.nix | |||
@@ -0,0 +1,37 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | cfg = config.services.uucp.notify-client; | ||
7 | |||
8 | nodeConfig = { | ||
9 | options = { | ||
10 | allowedUsers = mkOption { | ||
11 | type = with types; uniq (listOf str); | ||
12 | default = services.notify-users.allowedUsers; | ||
13 | }; | ||
14 | }; | ||
15 | }; | ||
16 | in { | ||
17 | options = { | ||
18 | services.uucp.notify-client = mkOption { | ||
19 | remoteNodes = mkOption { | ||
20 | type = with types; attrsOf (submodule nodeConfig); | ||
21 | default = []; | ||
22 | description = '' | ||
23 | Servers to receive notifications from | ||
24 | ''; | ||
25 | }; | ||
26 | }; | ||
27 | }; | ||
28 | |||
29 | imports = [ ./notify-users.nix ]; | ||
30 | |||
31 | config = mkIf (cfg.nodes != {}) { | ||
32 | services.notify-users = concatMap ({ allowedUsers }: allowedUsers) cfg.remoteNodes; | ||
33 | |||
34 | services.uucp.remoteNodes = mapAttrs (name: { allowedUsers }: { commands = map (user: "notify-${user}") allowedUsers; }) cfg.remoteNodes; | ||
35 | services.uucp.commandPath = [ config.security.wrapperDir ]; | ||
36 | }; | ||
37 | } | ||
@@ -16,6 +16,7 @@ | |||
16 | ./custom/uucp.nix | 16 | ./custom/uucp.nix |
17 | ./custom/borgbackup.nix | 17 | ./custom/borgbackup.nix |
18 | ./custom/uucp-mediaclient.nix | 18 | ./custom/uucp-mediaclient.nix |
19 | ./custom/uucp-notifyclient.nix | ||
19 | ./custom/notify-users.nix | 20 | ./custom/notify-users.nix |
20 | ./utils/nix/module.nix | 21 | ./utils/nix/module.nix |
21 | ]; | 22 | ]; |
@@ -216,7 +217,6 @@ | |||
216 | "odin" = { | 217 | "odin" = { |
217 | publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcDj49TqmflGTmtGBqDawxmCBWW1txj61CZ7KT0hTHK uucp@odin"]; | 218 | publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcDj49TqmflGTmtGBqDawxmCBWW1txj61CZ7KT0hTHK uucp@odin"]; |
218 | hostnames = ["odin.asgard.yggdrasil"]; | 219 | hostnames = ["odin.asgard.yggdrasil"]; |
219 | commands = ["notify-gkleen"]; | ||
220 | }; | 220 | }; |
221 | "ymir" = { | 221 | "ymir" = { |
222 | publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir"]; | 222 | publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir"]; |
@@ -224,13 +224,18 @@ | |||
224 | }; | 224 | }; |
225 | }; | 225 | }; |
226 | 226 | ||
227 | commandPath = [ "${config.security.wrapperDir}" ]; | ||
228 | defaultCommands = lib.mkForce []; | 227 | defaultCommands = lib.mkForce []; |
229 | 228 | ||
230 | media-client = { | 229 | media-client = { |
231 | remoteNodes = [ "odin" ]; | 230 | remoteNodes = [ "odin" ]; |
232 | notify.users = [ "gkleen" ]; | 231 | notify.users = [ "gkleen" ]; |
233 | }; | 232 | }; |
233 | |||
234 | notify-client = { | ||
235 | remoteNodes = { | ||
236 | odin = {}; | ||
237 | }; | ||
238 | }; | ||
234 | }; | 239 | }; |
235 | 240 | ||
236 | notify-users = [ "gkleen" ]; | 241 | notify-users = [ "gkleen" ]; |