From dc61ae10fbc524c075e604047b950c1059779cc4 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 03:20:38 -0600 Subject: [PATCH 01/28] modules/supervisord: init --- modules/environment/login/login-inner.nix | 11 ++ modules/module-list.nix | 1 + modules/supervisord.nix | 177 ++++++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 modules/supervisord.nix diff --git a/modules/environment/login/login-inner.nix b/modules/environment/login/login-inner.nix index ff5ee59..c6e18a9 100644 --- a/modules/environment/login/login-inner.nix +++ b/modules/environment/login/login-inner.nix @@ -16,6 +16,17 @@ writeText "login-inner" '' echo "If nothing works, open an issue at https://github.com/t184256/nix-on-droid/issues or try the rescue shell." fi + ${lib.optionalString config.supervisord.enable '' + set +e + if [ ! -e "${config.supervisord.socketPath}" ]; then + ${config.supervisord.package}/bin/supervisord -c /etc/supervisord.conf + if [ $? != 0 ]; then + echo "Warning: supervisord failed to start" + fi + fi + set -e + ''} + ${lib.optionalString config.build.initialBuild '' if [ -e /etc/UNINTIALISED ]; then export HOME="${config.user.home}" diff --git a/modules/module-list.nix b/modules/module-list.nix index a99d4f8..db3ce36 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -16,6 +16,7 @@ ./environment/shell.nix ./home-manager.nix ./nixpkgs/options.nix + ./supervisord.nix ./terminal.nix ./time.nix ./upgrade.nix diff --git a/modules/supervisord.nix b/modules/supervisord.nix new file mode 100644 index 0000000..ca24911 --- /dev/null +++ b/modules/supervisord.nix @@ -0,0 +1,177 @@ +{ pkgs, lib, config, ... }: +let + inherit (lib) types; + + cfg = config.supervisord; + + format = pkgs.formats.ini {}; + + programType = types.submodule ({ name, config, ... }: { + options = { + enable = lib.mkOption { + description = '' + Whether to enable this program. + ''; + type = types.bool; + default = true; + }; + command = lib.mkOption { + description = '' + The command that will be run as the service's main process. + ''; + type = types.str; + default = toString (pkgs.writeShellScript "${name}-script.sh" config.script); + }; + script = lib.mkOption { + description = '' + Shell commands executed as the service's main process. + ''; + type = types.lines; + default = ""; + }; + path = lib.mkOption { + description = '' + Packages added to the service's PATH environment variable. + ''; + type = types.listOf (types.either types.package types.str); + default = []; + }; + autoRestart = lib.mkOption { + description = '' + Whether to automatically restart the process if it exits. + ''; + type = types.either types.bool (types.enum [ "false" "true" "unexpected" ]); + default = "unexpected"; + }; + environment = lib.mkOption { + description = '' + Environment variables passed to the service's process. + ''; + type = types.attrsOf types.str; + default = { + PATH = lib.makeBinPath config.path; + }; + }; + extraConfig = lib.mkOption { + description = '' + Extra structured configurations to add to the [program:x] section. + ''; + type = types.attrsOf types.str; + default = {}; + }; + }; + }); + + renderAtom = val: + if builtins.isBool val then if val then "true" else "false" + else toString val; + + renderProgram = program: let + section = { + inherit (program) command; + autorestart = program.autoRestart; + environment = let + # FIXME: Make more robust + escape = builtins.replaceStrings [ "%" ] [ "%%" ]; + envs = lib.mapAttrsToList (k: v: "${k}=\"${escape v}\"") program.environment; + in builtins.concatStringsSep "," envs; + } // program.extraConfig; + in lib.mapAttrs (_: v: renderAtom v) section; + + numPrograms = builtins.length (builtins.attrNames cfg.programs); + enabledPrograms = lib.filterAttrs (_: program: program.enable) cfg.programs; + + structuredConfig = { + supervisord = { + logfile = cfg.logPath; + pidfile = cfg.pidPath; + }; + supervisorctl = { + serverurl = "unix://${cfg.socketPath}"; + }; + unix_http_server = { + file = cfg.socketPath; + }; + "rpcinterface:supervisor" = { + "supervisor.rpcinterface_factory" = "supervisor.rpcinterface:make_main_rpcinterface"; + }; + } // (lib.mapAttrs' (k: v: { + name = "program:${k}"; + value = renderProgram v; + }) enabledPrograms); + + configFile = format.generate "supervisord.conf" structuredConfig; + + # Only expose the "supervisorctl" executable + supervisorctl = pkgs.runCommand "supervisorctl" {} '' + mkdir -p $out/bin + ln -s ${cfg.package}/bin/supervisorctl $out/bin/supervisorctl + ''; +in { + options = { + supervisord = { + enable = lib.mkOption { + description = '' + Whether to enable the supervisord process control system. + + This allows you to define long-running services in Nix-on-Droid. + ''; + type = types.bool; + default = numPrograms != 0; + }; + package = lib.mkOption { + description = '' + The supervisord package to use. + ''; + type = types.package; + default = pkgs.python3Packages.supervisor; + defaultText = lib.literalExpression "pkgs.python3Packages.supervisor"; + }; + socketPath = lib.mkOption { + description = '' + Path to the UNIX domain socket on which supervisord will listen on. + ''; + type = types.path; + default = "/tmp/supervisor.sock"; + }; + pidPath = lib.mkOption { + description = '' + Path to the file in which supervisord saves its PID. + ''; + type = types.path; + default = "/tmp/supervisor.pid"; + }; + logPath = lib.mkOption { + description = '' + Path to the log file. + ''; + type = types.path; + default = "/tmp/supervisor.log"; + }; + programs = lib.mkOption { + description = '' + Definition of supervisord programs. + ''; + type = types.attrsOf programType; + default = {}; + }; + configFile = lib.mkOption { + type = types.package; + internal = true; + default = configFile; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment.etc."supervisord.conf" = { + source = cfg.configFile; + }; + + environment.packages = [ supervisorctl ]; + + build.activationAfter.reloadSupervisord = '' + ${cfg.package}/bin/supervisorctl -c /etc/supervisord.conf update + ''; + }; +} From 3a02d097569a5df5b3c726e2d9826d87f7a9d551 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 03:20:38 -0600 Subject: [PATCH 02/28] modules/openssh: init --- modules/module-list.nix | 1 + modules/services/openssh.nix | 137 +++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 modules/services/openssh.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index db3ce36..1d9ec4d 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -16,6 +16,7 @@ ./environment/shell.nix ./home-manager.nix ./nixpkgs/options.nix + ./services/openssh.nix ./supervisord.nix ./terminal.nix ./time.nix diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix new file mode 100644 index 0000000..08e2030 --- /dev/null +++ b/modules/services/openssh.nix @@ -0,0 +1,137 @@ +# Parts from nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +# MIT Licensed. Copyright (c) 2003-2022 Eelco Dolstra and the Nixpkgs/NixOS contributors + +{ pkgs, lib, config, ... }: +let + inherit (lib) + types + flip + concatStringsSep + concatMapStrings + optionalString; + + cfg = config.services.openssh; + + uncheckedConf = '' + ${concatMapStrings (port: '' + Port ${toString port} + '') cfg.ports} + PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"} + ${flip concatMapStrings cfg.hostKeys (k: '' + HostKey ${k.path} + '')} + ${optionalString cfg.allowSFTP '' + Subsystem sftp ${cfg.package}/libexec/sftp-server + ''} + SetEnv PATH=${config.user.home}/.nix-profile/bin:/usr/bin:/bin + ${cfg.extraConfig} + ''; + + sshdConf = pkgs.runCommand "sshd.conf-validated" { + nativeBuildInputs = [ cfg.package ]; + } '' + cat >$out < Date: Wed, 21 Sep 2022 18:28:27 +0000 Subject: [PATCH 03/28] fixup svd: remove cfg.configFile --- modules/supervisord.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index ca24911..60a0c43 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -155,17 +155,12 @@ in { type = types.attrsOf programType; default = {}; }; - configFile = lib.mkOption { - type = types.package; - internal = true; - default = configFile; - }; }; }; config = lib.mkIf cfg.enable { environment.etc."supervisord.conf" = { - source = cfg.configFile; + source = configFile; }; environment.packages = [ supervisorctl ]; From a00dc02a84ca246140678ae48e7433a2bc9ae72d Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 18:28:28 +0000 Subject: [PATCH 04/28] fixup svd: mdDoc-ify everything --- modules/supervisord.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 60a0c43..9c71738 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -9,42 +9,42 @@ let programType = types.submodule ({ name, config, ... }: { options = { enable = lib.mkOption { - description = '' + description = lib.mdDoc '' Whether to enable this program. ''; type = types.bool; default = true; }; command = lib.mkOption { - description = '' + description = lib.mdDoc '' The command that will be run as the service's main process. ''; type = types.str; default = toString (pkgs.writeShellScript "${name}-script.sh" config.script); }; script = lib.mkOption { - description = '' + description = lib.mdDoc '' Shell commands executed as the service's main process. ''; type = types.lines; default = ""; }; path = lib.mkOption { - description = '' + description = lib.mdDoc '' Packages added to the service's PATH environment variable. ''; type = types.listOf (types.either types.package types.str); default = []; }; autoRestart = lib.mkOption { - description = '' + description = lib.mdDoc '' Whether to automatically restart the process if it exits. ''; type = types.either types.bool (types.enum [ "false" "true" "unexpected" ]); default = "unexpected"; }; environment = lib.mkOption { - description = '' + description = lib.mdDoc '' Environment variables passed to the service's process. ''; type = types.attrsOf types.str; @@ -53,7 +53,7 @@ let }; }; extraConfig = lib.mkOption { - description = '' + description = lib.mdDoc '' Extra structured configurations to add to the [program:x] section. ''; type = types.attrsOf types.str; @@ -111,7 +111,7 @@ in { options = { supervisord = { enable = lib.mkOption { - description = '' + description = lib.mdDoc '' Whether to enable the supervisord process control system. This allows you to define long-running services in Nix-on-Droid. @@ -120,7 +120,7 @@ in { default = numPrograms != 0; }; package = lib.mkOption { - description = '' + description = lib.mdDoc '' The supervisord package to use. ''; type = types.package; @@ -128,14 +128,14 @@ in { defaultText = lib.literalExpression "pkgs.python3Packages.supervisor"; }; socketPath = lib.mkOption { - description = '' + description = lib.mdDoc '' Path to the UNIX domain socket on which supervisord will listen on. ''; type = types.path; default = "/tmp/supervisor.sock"; }; pidPath = lib.mkOption { - description = '' + description = lib.mdDoc '' Path to the file in which supervisord saves its PID. ''; type = types.path; @@ -149,7 +149,7 @@ in { default = "/tmp/supervisor.log"; }; programs = lib.mkOption { - description = '' + description = lib.mdDoc '' Definition of supervisord programs. ''; type = types.attrsOf programType; From 7834088728bbacbf3f03a1403060ad3ced5c736d Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 18:28:28 +0000 Subject: [PATCH 05/28] fixup svd: make script-generated command have normal priority --- modules/supervisord.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 9c71738..3ddfbb7 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -20,7 +20,6 @@ let The command that will be run as the service's main process. ''; type = types.str; - default = toString (pkgs.writeShellScript "${name}-script.sh" config.script); }; script = lib.mkOption { description = lib.mdDoc '' @@ -60,6 +59,10 @@ let default = {}; }; }; + config = { + command = lib.mkIf (config.script != "") + (toString (pkgs.writeShellScript "${name}-script.sh" config.script)); + }; }); renderAtom = val: From 16107f5520c6e8a7ab5efc92205f44839f9d4785 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 18:28:28 +0000 Subject: [PATCH 06/28] fixup svd: add more docs --- modules/supervisord.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 3ddfbb7..abacf3d 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -38,6 +38,10 @@ let autoRestart = lib.mkOption { description = lib.mdDoc '' Whether to automatically restart the process if it exits. + + If `unexpected`, the process will be restarted if it exits + with an exit code not listed in the programs's `exitcodes` + configuration. ''; type = types.either types.bool (types.enum [ "false" "true" "unexpected" ]); default = "unexpected"; @@ -154,6 +158,8 @@ in { programs = lib.mkOption { description = lib.mdDoc '' Definition of supervisord programs. + + Upstream documentations are available at . ''; type = types.attrsOf programType; default = {}; From 86248da1100bde05551380699f5430b6ffa78fc0 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 18:28:32 +0000 Subject: [PATCH 07/28] fixup svd: make environment.PATH compose better --- modules/supervisord.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index abacf3d..8c10603 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -51,9 +51,7 @@ let Environment variables passed to the service's process. ''; type = types.attrsOf types.str; - default = { - PATH = lib.makeBinPath config.path; - }; + default = {}; }; extraConfig = lib.mkOption { description = lib.mdDoc '' @@ -66,6 +64,8 @@ let config = { command = lib.mkIf (config.script != "") (toString (pkgs.writeShellScript "${name}-script.sh" config.script)); + + environment.PATH = lib.mkDefault (lib.makeBinPath config.path); }; }); From 4d935710bbce5f3779018ca01e2a93066e19b475 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 18:28:37 +0000 Subject: [PATCH 08/28] fixup svd: start svd during activation --- modules/supervisord.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 8c10603..4eca6fc 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -175,7 +175,12 @@ in { environment.packages = [ supervisorctl ]; build.activationAfter.reloadSupervisord = '' - ${cfg.package}/bin/supervisorctl -c /etc/supervisord.conf update + if [ ! -e "${config.supervisord.socketPath}" ]; then + echo "Starting supervisord..." + ${cfg.package}/bin/supervisord -c /etc/supervisord.conf + else + ${cfg.package}/bin/supervisorctl -c /etc/supervisord.conf update + fi ''; }; } From 3278a9c2c76326c498c944a57071208b06c693c0 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 09/28] fixup ssh: just hardcode password auth to no --- modules/services/openssh.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 08e2030..d9fd433 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -16,7 +16,7 @@ let ${concatMapStrings (port: '' Port ${toString port} '') cfg.ports} - PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"} + PasswordAuthentication no ${flip concatMapStrings cfg.hostKeys (k: '' HostKey ${k.path} '')} @@ -63,13 +63,6 @@ in { type = types.listOf types.port; default = [ 8022 ]; }; - passwordAuthentication = lib.mkOption { - description = lib.mdDoc '' - Whether password authentication is allowed. - ''; - type = types.bool; - default = true; - }; allowSFTP = lib.mkOption { description = lib.mdDoc '' Whether to enable the SFTP subsystem in the SSH daemon. This From 269f6d15189d7c1e4679e29238d86de6d9bdbe7f Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 10/28] fixup svd: use enabledPrograms for numPrograms --- modules/supervisord.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 4eca6fc..b49666b 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -85,7 +85,7 @@ let } // program.extraConfig; in lib.mapAttrs (_: v: renderAtom v) section; - numPrograms = builtins.length (builtins.attrNames cfg.programs); + numPrograms = builtins.length (builtins.attrNames enabledPrograms); enabledPrograms = lib.filterAttrs (_: program: program.enable) cfg.programs; structuredConfig = { From 6e9389cdb8d16434e95ae087e9bba9cd4fbd8daf Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 11/28] fixup svd: license header --- modules/supervisord.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index b49666b..df92e5e 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -1,3 +1,5 @@ +# Copyright (c) 2019-2022, see AUTHORS. Licensed under MIT License, see LICENSE. + { pkgs, lib, config, ... }: let inherit (lib) types; From 0faa47c86f7d14e6481b1272029e14df39007ccd Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 12/28] fixup ssh: license header --- modules/services/openssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index d9fd433..8146f2b 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -1,3 +1,5 @@ +# Copyright (c) 2019-2022, see AUTHORS. Licensed under MIT License, see LICENSE. + # Parts from nixpkgs/nixos/modules/services/networking/ssh/sshd.nix # MIT Licensed. Copyright (c) 2003-2022 Eelco Dolstra and the Nixpkgs/NixOS contributors From bd44a10ac801c704c9115ec2c7e7d1819c9ce01d Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 13/28] fixup svd: add message when reloading --- modules/supervisord.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index df92e5e..f4f2b93 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -181,6 +181,7 @@ in { echo "Starting supervisord..." ${cfg.package}/bin/supervisord -c /etc/supervisord.conf else + echo "Reloading supervisord..." ${cfg.package}/bin/supervisorctl -c /etc/supervisord.conf update fi ''; From c39cb39afef069802c813e53c76d7e595b6d5dfe Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 14/28] fixup ssh: reduce lib inherits --- modules/services/openssh.nix | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 8146f2b..0b34230 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -5,24 +5,19 @@ { pkgs, lib, config, ... }: let - inherit (lib) - types - flip - concatStringsSep - concatMapStrings - optionalString; + inherit (lib) types; cfg = config.services.openssh; uncheckedConf = '' - ${concatMapStrings (port: '' + ${lib.concatMapStrings (port: '' Port ${toString port} '') cfg.ports} PasswordAuthentication no - ${flip concatMapStrings cfg.hostKeys (k: '' + ${lib.flip lib.concatMapStrings cfg.hostKeys (k: '' HostKey ${k.path} '')} - ${optionalString cfg.allowSFTP '' + ${lib.optionalString cfg.allowSFTP '' Subsystem sftp ${cfg.package}/libexec/sftp-server ''} SetEnv PATH=${config.user.home}/.nix-profile/bin:/usr/bin:/bin @@ -108,7 +103,7 @@ in { path = [ cfg.package ]; autoRestart = true; script = '' - ${flip concatMapStrings cfg.hostKeys (k: '' + ${lib.flip lib.concatMapStrings cfg.hostKeys (k: '' if ! [ -s "${k.path}" ]; then if ! [ -h "${k.path}" ]; then rm -f "${k.path}" From 42b95bd00fcf267d0a6894bf6a15fa269e21238d Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 15/28] fixup svd: dont do set +e --- modules/environment/login/login-inner.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/environment/login/login-inner.nix b/modules/environment/login/login-inner.nix index c6e18a9..0a49fa8 100644 --- a/modules/environment/login/login-inner.nix +++ b/modules/environment/login/login-inner.nix @@ -17,14 +17,9 @@ writeText "login-inner" '' fi ${lib.optionalString config.supervisord.enable '' - set +e if [ ! -e "${config.supervisord.socketPath}" ]; then - ${config.supervisord.package}/bin/supervisord -c /etc/supervisord.conf - if [ $? != 0 ]; then - echo "Warning: supervisord failed to start" - fi + ${config.supervisord.package}/bin/supervisord -c /etc/supervisord.conf || echo "Warning: supervisord failed to start" fi - set -e ''} ${lib.optionalString config.build.initialBuild '' From 06d245c0af22474ecc8fe2dde914c60629d12a98 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:30:40 +0000 Subject: [PATCH 16/28] fixup svd: support dry-run --- modules/supervisord.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index f4f2b93..1595a34 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -179,10 +179,10 @@ in { build.activationAfter.reloadSupervisord = '' if [ ! -e "${config.supervisord.socketPath}" ]; then echo "Starting supervisord..." - ${cfg.package}/bin/supervisord -c /etc/supervisord.conf + $DRY_RUN_CMD ${cfg.package}/bin/supervisord -c /etc/supervisord.conf else echo "Reloading supervisord..." - ${cfg.package}/bin/supervisorctl -c /etc/supervisord.conf update + $DRY_RUN_CMD ${cfg.package}/bin/supervisorctl -c /etc/supervisord.conf update fi ''; }; From 5ea968caacb90680b708d3fa057c1fd2961e6ddc Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Wed, 21 Sep 2022 22:34:29 +0000 Subject: [PATCH 17/28] fixup ssh: don't write to stdout --- modules/services/openssh.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 0b34230..32f2958 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -103,6 +103,9 @@ in { path = [ cfg.package ]; autoRestart = true; script = '' + # don't write to stdout + exec >&2 + ${lib.flip lib.concatMapStrings cfg.hostKeys (k: '' if ! [ -s "${k.path}" ]; then if ! [ -h "${k.path}" ]; then From f861f458e7eb6d9f2f7ae28239a1056c5dffe1c0 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:18 +0000 Subject: [PATCH 18/28] fixup svd: add autostart option --- modules/supervisord.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 1595a34..bc79875 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -37,6 +37,16 @@ let type = types.listOf (types.either types.package types.str); default = []; }; + autostart = lib.mkOption { + description = lib.mdDoc '' + Whether to automatically start the process. + + If false, the process has to be manually started using + `supervisorctl`. + ''; + type = types.bool; + default = true; + }; autoRestart = lib.mkOption { description = lib.mdDoc '' Whether to automatically restart the process if it exits. @@ -77,7 +87,7 @@ let renderProgram = program: let section = { - inherit (program) command; + inherit (program) command autostart; autorestart = program.autoRestart; environment = let # FIXME: Make more robust From b416b5859519bf13cdfebbe5a8038d1500a76dd4 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:19 +0000 Subject: [PATCH 19/28] fixup ssh: add autostart option --- modules/services/openssh.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 32f2958..3e63bb4 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -45,6 +45,16 @@ in { type = types.bool; default = false; }; + autostart = lib.mkOption { + description = '' + Whether to automatically start the OpenSSH daemon. + + If false, the server has to be manually started using + `supervisorctl`. + ''; + type = types.bool; + default = true; + }; package = lib.mkOption { description = '' The package to use for OpenSSH. @@ -100,6 +110,7 @@ in { }; supervisord.programs.sshd = { + inherit (cfg) autostart; path = [ cfg.package ]; autoRestart = true; script = '' From 2f92f246242093ffbdcc915541a10c30a5957d7e Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:19 +0000 Subject: [PATCH 20/28] fixup ssh: also add coreutils to path Otherwise mkdir et al may silently fail. --- modules/services/openssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 3e63bb4..3a46f1f 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -111,7 +111,7 @@ in { supervisord.programs.sshd = { inherit (cfg) autostart; - path = [ cfg.package ]; + path = [ cfg.package pkgs.coreutils ]; autoRestart = true; script = '' # don't write to stdout From 5278b3d2d722a81ee4fc222655e36eeb73dd8222 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:19 +0000 Subject: [PATCH 21/28] fixup svd: add set -e to job script This matches the behavior of makeJobScript in nixos/lib/systemd-lib.nix. --- modules/supervisord.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index bc79875..00c3dc3 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -75,7 +75,10 @@ let }; config = { command = lib.mkIf (config.script != "") - (toString (pkgs.writeShellScript "${name}-script.sh" config.script)); + (toString (pkgs.writeShellScript "${name}-script.sh" '' + set -e + ${config.script} + '')); environment.PATH = lib.mkDefault (lib.makeBinPath config.path); }; From edb3247477660527fbb52627fa3d52c57b3aac23 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:19 +0000 Subject: [PATCH 22/28] fixup svd: only accept the typed boolean form in nix config --- modules/supervisord.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 00c3dc3..e8bda9c 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -55,7 +55,7 @@ let with an exit code not listed in the programs's `exitcodes` configuration. ''; - type = types.either types.bool (types.enum [ "false" "true" "unexpected" ]); + type = types.either types.bool (types.enum [ "unexpected" ]); default = "unexpected"; }; environment = lib.mkOption { From 82c42b36c0717206c80d24fc500fd919362ad55f Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:20 +0000 Subject: [PATCH 23/28] fixup svd: also accept boolean in extraConfig --- modules/supervisord.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index e8bda9c..98f33c4 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -69,7 +69,7 @@ let description = lib.mdDoc '' Extra structured configurations to add to the [program:x] section. ''; - type = types.attrsOf types.str; + type = types.attrsOf (types.either types.str types.bool); default = {}; }; }; From 56f4e449fddadd74f67d025af20bdc3ea38f2378 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 24 Sep 2022 21:05:20 +0000 Subject: [PATCH 24/28] fixup svd: disallow double quotes in environment --- modules/supervisord.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index 98f33c4..e6daf54 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -94,7 +94,9 @@ let autorestart = program.autoRestart; environment = let # FIXME: Make more robust - escape = builtins.replaceStrings [ "%" ] [ "%%" ]; + escape = s: + assert lib.assertMsg (!(lib.hasInfix "\"" s)) "supervisord.programs..environment: Values cannot have double quotes at the moment (${s})"; + builtins.replaceStrings [ "%" ] [ "%%" ] s; envs = lib.mapAttrsToList (k: v: "${k}=\"${escape v}\"") program.environment; in builtins.concatStringsSep "," envs; } // program.extraConfig; From ca13b296cc14d4a808eea1cdf280f77b329a93ab Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 1 Oct 2022 21:52:56 +0000 Subject: [PATCH 25/28] fixup ssh: Remove mdDoc for now Doesn't exist in stable. --- modules/services/openssh.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 3a46f1f..0e9d1a1 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -38,7 +38,7 @@ in { options = { services.openssh = { enable = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins. ''; @@ -64,14 +64,14 @@ in { defaultText = lib.literalExpression "pkgs.openssh"; }; ports = lib.mkOption { - description = lib.mdDoc '' + description = '' Specifies on which ports the SSH daemon listens. ''; type = types.listOf types.port; default = [ 8022 ]; }; allowSFTP = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as {command}`sftp` and {command}`sshfs`. @@ -80,7 +80,7 @@ in { default = true; }; hostKeys = lib.mkOption { - description = lib.mdDoc '' + description = '' Nix-on-Droid can automatically generate SSH host keys. This option specifies the path, type and size of each key. See {manpage}`ssh-keygen(1)` for supported types @@ -97,7 +97,7 @@ in { ]; }; extraConfig = lib.mkOption { - description = lib.mdDoc "Verbatim contents of {file}`sshd_config`."; + description = "Verbatim contents of {file}`sshd_config`."; type = types.lines; default = ""; }; From 01a744705a426edd2473dcc0f820a4b9dff4b0ed Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 1 Oct 2022 21:52:56 +0000 Subject: [PATCH 26/28] fixup svd: Remove mdDoc for now --- modules/supervisord.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index e6daf54..e253928 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -11,34 +11,34 @@ let programType = types.submodule ({ name, config, ... }: { options = { enable = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to enable this program. ''; type = types.bool; default = true; }; command = lib.mkOption { - description = lib.mdDoc '' + description = '' The command that will be run as the service's main process. ''; type = types.str; }; script = lib.mkOption { - description = lib.mdDoc '' + description = '' Shell commands executed as the service's main process. ''; type = types.lines; default = ""; }; path = lib.mkOption { - description = lib.mdDoc '' + description = '' Packages added to the service's PATH environment variable. ''; type = types.listOf (types.either types.package types.str); default = []; }; autostart = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to automatically start the process. If false, the process has to be manually started using @@ -48,7 +48,7 @@ let default = true; }; autoRestart = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to automatically restart the process if it exits. If `unexpected`, the process will be restarted if it exits @@ -59,14 +59,14 @@ let default = "unexpected"; }; environment = lib.mkOption { - description = lib.mdDoc '' + description = '' Environment variables passed to the service's process. ''; type = types.attrsOf types.str; default = {}; }; extraConfig = lib.mkOption { - description = lib.mdDoc '' + description = '' Extra structured configurations to add to the [program:x] section. ''; type = types.attrsOf (types.either types.str types.bool); @@ -135,7 +135,7 @@ in { options = { supervisord = { enable = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to enable the supervisord process control system. This allows you to define long-running services in Nix-on-Droid. @@ -144,7 +144,7 @@ in { default = numPrograms != 0; }; package = lib.mkOption { - description = lib.mdDoc '' + description = '' The supervisord package to use. ''; type = types.package; @@ -152,14 +152,14 @@ in { defaultText = lib.literalExpression "pkgs.python3Packages.supervisor"; }; socketPath = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to the UNIX domain socket on which supervisord will listen on. ''; type = types.path; default = "/tmp/supervisor.sock"; }; pidPath = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to the file in which supervisord saves its PID. ''; type = types.path; @@ -173,7 +173,7 @@ in { default = "/tmp/supervisor.log"; }; programs = lib.mkOption { - description = lib.mdDoc '' + description = '' Definition of supervisord programs. Upstream documentations are available at . From 9222c0334b1620f2005c6ad3a478e0058b94e94b Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 1 Oct 2022 21:52:56 +0000 Subject: [PATCH 27/28] fixup svd: use module assertions for double quote check --- modules/supervisord.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/supervisord.nix b/modules/supervisord.nix index e253928..913b500 100644 --- a/modules/supervisord.nix +++ b/modules/supervisord.nix @@ -94,9 +94,7 @@ let autorestart = program.autoRestart; environment = let # FIXME: Make more robust - escape = s: - assert lib.assertMsg (!(lib.hasInfix "\"" s)) "supervisord.programs..environment: Values cannot have double quotes at the moment (${s})"; - builtins.replaceStrings [ "%" ] [ "%%" ] s; + escape = s: builtins.replaceStrings [ "%" ] [ "%%" ] s; envs = lib.mapAttrsToList (k: v: "${k}=\"${escape v}\"") program.environment; in builtins.concatStringsSep "," envs; } // program.extraConfig; @@ -185,6 +183,13 @@ in { }; config = lib.mkIf cfg.enable { + assertions = lib.flatten (lib.mapAttrsToList (name: program: let + envAsserts = lib.mapAttrsToList (k: v: { + assertion = !(lib.hasInfix "\"" v); + message = "supervisord.programs.${name}.environment.${k}: Value cannot have double quotes at the moment (${v})"; + }) program.environment; + in envAsserts) cfg.programs); + environment.etc."supervisord.conf" = { source = configFile; }; From ba1526a6bae07bef5f1161ad3bd192aa2bbfab2f Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Sat, 1 Oct 2022 21:52:57 +0000 Subject: [PATCH 28/28] fixup svd: start supervisord in background This removes the 1-second delay between supervisord starting and forking into background. --- modules/environment/login/login-inner.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/environment/login/login-inner.nix b/modules/environment/login/login-inner.nix index 0a49fa8..7f452ec 100644 --- a/modules/environment/login/login-inner.nix +++ b/modules/environment/login/login-inner.nix @@ -17,9 +17,9 @@ writeText "login-inner" '' fi ${lib.optionalString config.supervisord.enable '' - if [ ! -e "${config.supervisord.socketPath}" ]; then + (if [ ! -e "${config.supervisord.socketPath}" ]; then ${config.supervisord.package}/bin/supervisord -c /etc/supervisord.conf || echo "Warning: supervisord failed to start" - fi + fi&) ''} ${lib.optionalString config.build.initialBuild ''