From 656f65c78eb6b2e72711acc35e2b936f4279238f Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 2 Jun 2018 18:40:43 +0200 Subject: uucp-notifyclient --- custom/libvirtd-guests.nix | 84 ++++++++++++++++++++++++++++++++++++++++++++ custom/uucp-notifyclient.nix | 37 +++++++++++++++++++ hel.nix | 9 +++-- 3 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 custom/libvirtd-guests.nix create mode 100644 custom/uucp-notifyclient.nix diff --git a/custom/libvirtd-guests.nix b/custom/libvirtd-guests.nix new file mode 100644 index 00000000..36ffa3c9 --- /dev/null +++ b/custom/libvirtd-guests.nix @@ -0,0 +1,84 @@ +{ config, pkgs, lib, utils, ... }: + +with utils; +with lib; + +let + cfg = virtualisation.libvirtd; + + textfile = with types; coercedTo str (pkgs.writeText "spec.xml") path; + + domain = { + options = { + xml = mkOption { + type = + }; + + autostart = mkOption { + type = types.bool; + default = true; + }; + }; + }; + + define = let + python = pkgs.python27.withPackages (ps: with ps; [ libvirt ]); + in dCfg: '' + #!${python}/bin/python + + import libvirt + import sys + + conn = libvirt.open(None); + if conn == None: + print('Failed to open connection to hypervisor', file=sys.stderr) + sys.exit(1) + + xmlFile = open(${escapeShellArg dCfg.xml}, 'r') + dom = conn.defineXML(xmlFile.read(), 0) + xmlFile.close() + if dom == None: + print('Failed to define domain', file=sys.stderr) + sys.exit(1) + + dom.setAutostart(${if dCfg.autostart then "1" else "0"}) + + conn.close() + sys.exit(0) + ''; +in { + options = { + virtualisation.libvirtd = { + domains = mkOption { + type = with types; attrsOf (submodule guest); + default = {}; + }; + }; + }; + + config = mkIf (cfg.domains != {}) { + systemd.services."libvirtd-guest@" = { + after = [ "libvirtd.service" ]; + bindsTo = [ "libvirtd.service" ]; + + before = [ "libvirt-guests.service" ]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + path = with pkgs; [ libvirtd ]; + }; + + systemd.services = mapAttrs' (dName: dCfg: nameValuePair ("libvirtd-guest@" + escapeSystemdPath dName + ".service") { + serviceConfig = { + ExecStart = pkgs.writeScript (dName + ".py") (define dCfg); + }; + }) cfg.domains; + + systemd.services."libvirt-guests.service" = { + wants = mapAttrsToList (dName: dCfg: "libvirtd-guest@" + escapeSystemdPath dName + ".service") cfg.domains; + }; + }; +} diff --git a/custom/uucp-notifyclient.nix b/custom/uucp-notifyclient.nix new file mode 100644 index 00000000..373c0553 --- /dev/null +++ b/custom/uucp-notifyclient.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.uucp.notify-client; + + nodeConfig = { + options = { + allowedUsers = mkOption { + type = with types; uniq (listOf str); + default = services.notify-users.allowedUsers; + }; + }; + }; +in { + options = { + services.uucp.notify-client = mkOption { + remoteNodes = mkOption { + type = with types; attrsOf (submodule nodeConfig); + default = []; + description = '' + Servers to receive notifications from + ''; + }; + }; + }; + + imports = [ ./notify-users.nix ]; + + config = mkIf (cfg.nodes != {}) { + services.notify-users = concatMap ({ allowedUsers }: allowedUsers) cfg.remoteNodes; + + services.uucp.remoteNodes = mapAttrs (name: { allowedUsers }: { commands = map (user: "notify-${user}") allowedUsers; }) cfg.remoteNodes; + services.uucp.commandPath = [ config.security.wrapperDir ]; + }; +} diff --git a/hel.nix b/hel.nix index efc58b8f..0c64ef19 100644 --- a/hel.nix +++ b/hel.nix @@ -16,6 +16,7 @@ ./custom/uucp.nix ./custom/borgbackup.nix ./custom/uucp-mediaclient.nix + ./custom/uucp-notifyclient.nix ./custom/notify-users.nix ./utils/nix/module.nix ]; @@ -216,7 +217,6 @@ "odin" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcDj49TqmflGTmtGBqDawxmCBWW1txj61CZ7KT0hTHK uucp@odin"]; hostnames = ["odin.asgard.yggdrasil"]; - commands = ["notify-gkleen"]; }; "ymir" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir"]; @@ -224,13 +224,18 @@ }; }; - commandPath = [ "${config.security.wrapperDir}" ]; defaultCommands = lib.mkForce []; media-client = { remoteNodes = [ "odin" ]; notify.users = [ "gkleen" ]; }; + + notify-client = { + remoteNodes = { + odin = {}; + }; + }; }; notify-users = [ "gkleen" ]; -- cgit v1.2.3