commit ad36a97de0f098ce1050129a38868a4f41dc74f4 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2305.section.md

···

       36
        
       

     

       37
        
       - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).

     

       38
        
       

     

       0
        
       
     

       0
        
       
     

       39
        
       - [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).

     

       40
        
       

     

       41
        
       - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).

···

       36
        
       

     

       37
        
       - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).

     

       38
        
       

     

       39
       +
       - [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).

     

       40
       +
       

     

       41
        
       - [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).

     

       42
        
       

     

       43
        
       - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).

nixos/modules/module-list.nix

···

       1048
        
         ./services/search/hound.nix

     

       1049
        
         ./services/search/kibana.nix

     

       1050
        
         ./services/search/meilisearch.nix

     

       0
        
       
     

       1051
        
         ./services/search/solr.nix

     

       1052
        
         ./services/security/aesmd.nix

     

       1053
        
         ./services/security/certmgr.nix

···

       1048
        
         ./services/search/hound.nix

     

       1049
        
         ./services/search/kibana.nix

     

       1050
        
         ./services/search/meilisearch.nix

     

       1051
       +
         ./services/search/opensearch.nix

     

       1052
        
         ./services/search/solr.nix

     

       1053
        
         ./services/security/aesmd.nix

     

       1054
        
         ./services/security/certmgr.nix

+244

nixos/modules/services/search/opensearch.nix

···

       1
       +
       { config, lib, pkgs, ... }:

     

       2
       +
       

     

       3
       +
       with lib;

     

       4
       +
       

     

       5
       +
       let

     

       6
       +
         cfg = config.services.opensearch;

     

       7
       +
       

     

       8
       +
         settingsFormat = pkgs.formats.yaml {};

     

       9
       +
       

     

       10
       +
         configDir = cfg.dataDir + "/config";

     

       11
       +
       

     

       12
       +
         usingDefaultDataDir = cfg.dataDir == "/var/lib/opensearch";

     

       13
       +
         usingDefaultUserAndGroup = cfg.user == "opensearch" && cfg.group == "opensearch";

     

       14
       +
       

     

       15
       +
         opensearchYml = settingsFormat.generate "opensearch.yml" cfg.settings;

     

       16
       +
       

     

       17
       +
         loggingConfigFilename = "log4j2.properties";

     

       18
       +
         loggingConfigFile = pkgs.writeTextFile {

     

       19
       +
           name = loggingConfigFilename;

     

       20
       +
           text = cfg.logging;

     

       21
       +
         };

     

       22
       +
       in

     

       23
       +
       {

     

       24
       +
       

     

       25
       +
         options.services.opensearch = {

     

       26
       +
           enable = mkEnableOption (lib.mdDoc "OpenSearch");

     

       27
       +
       

     

       28
       +
           package = lib.mkPackageOptionMD pkgs "OpenSearch" {

     

       29
       +
             default = [ "opensearch" ];

     

       30
       +
           };

     

       31
       +
       

     

       32
       +
           settings = lib.mkOption {

     

       33
       +
             type = lib.types.submodule {

     

       34
       +
               freeformType = settingsFormat.type;

     

       35
       +
       

     

       36
       +
               options."network.host" = lib.mkOption {

     

       37
       +
                 type = lib.types.str;

     

       38
       +
                 default = "127.0.0.1";

     

       39
       +
                 description = lib.mdDoc ''

     

       40
       +
                   Which port this service should listen on.

     

       41
       +
                 '';

     

       42
       +
               };

     

       43
       +
       

     

       44
       +
               options."cluster.name" = lib.mkOption {

     

       45
       +
                 type = lib.types.str;

     

       46
       +
                 default = "opensearch";

     

       47
       +
                 description = lib.mdDoc ''

     

       48
       +
                   The name of the cluster.

     

       49
       +
                 '';

     

       50
       +
               };

     

       51
       +
       

     

       52
       +
               options."discovery.type" = lib.mkOption {

     

       53
       +
                 type = lib.types.str;

     

       54
       +
                 default = "single-node";

     

       55
       +
                 description = lib.mdDoc ''

     

       56
       +
                   The type of discovery to use.

     

       57
       +
                 '';

     

       58
       +
               };

     

       59
       +
       

     

       60
       +
               options."http.port" = lib.mkOption {

     

       61
       +
                 type = lib.types.port;

     

       62
       +
                 default = 9200;

     

       63
       +
                 description = lib.mdDoc ''

     

       64
       +
                   The port to listen on for HTTP traffic.

     

       65
       +
                 '';

     

       66
       +
               };

     

       67
       +
       

     

       68
       +
               options."transport.port" = lib.mkOption {

     

       69
       +
                 type = lib.types.port;

     

       70
       +
                 default = 9300;

     

       71
       +
                 description = lib.mdDoc ''

     

       72
       +
                   The port to listen on for transport traffic.

     

       73
       +
                 '';

     

       74
       +
               };

     

       75
       +
             };

     

       76
       +
       

     

       77
       +
             default = {};

     

       78
       +
       

     

       79
       +
             description = lib.mdDoc ''

     

       80
       +
               OpenSearch configuration.

     

       81
       +
             '';

     

       82
       +
           };

     

       83
       +
       

     

       84
       +
           logging = lib.mkOption {

     

       85
       +
             description = lib.mdDoc "opensearch logging configuration.";

     

       86
       +
       

     

       87
       +
             default = ''

     

       88
       +
               logger.action.name = org.opensearch.action

     

       89
       +
               logger.action.level = info

     

       90
       +
       

     

       91
       +
               appender.console.type = Console

     

       92
       +
               appender.console.name = console

     

       93
       +
               appender.console.layout.type = PatternLayout

     

       94
       +
               appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

     

       95
       +
       

     

       96
       +
               rootLogger.level = info

     

       97
       +
               rootLogger.appenderRef.console.ref = console

     

       98
       +
             '';

     

       99
       +
             type = types.str;

     

       100
       +
           };

     

       101
       +
       

     

       102
       +
           dataDir = lib.mkOption {

     

       103
       +
             type = lib.types.path;

     

       104
       +
             default = "/var/lib/opensearch";

     

       105
       +
             apply = converge (removeSuffix "/");

     

       106
       +
             description = lib.mdDoc ''

     

       107
       +
               Data directory for OpenSearch. If you change this, you need to

     

       108
       +
               manually create the directory. You also need to create the

     

       109
       +
               `opensearch` user and group, or change

     

       110
       +
               [](#opt-services.opensearch.user) and

     

       111
       +
               [](#opt-services.opensearch.group) to existing ones with

     

       112
       +
               access to the directory.

     

       113
       +
             '';

     

       114
       +
           };

     

       115
       +
       

     

       116
       +
           user = lib.mkOption {

     

       117
       +
             type = lib.types.str;

     

       118
       +
             default = "opensearch";

     

       119
       +
             description = lib.mdDoc ''

     

       120
       +
               The user OpenSearch runs as. Should be left at default unless

     

       121
       +
               you have very specific needs.

     

       122
       +
             '';

     

       123
       +
           };

     

       124
       +
       

     

       125
       +
           group = lib.mkOption {

     

       126
       +
             type = lib.types.str;

     

       127
       +
             default = "opensearch";

     

       128
       +
             description = lib.mdDoc ''

     

       129
       +
               The group OpenSearch runs as. Should be left at default unless

     

       130
       +
               you have very specific needs.

     

       131
       +
             '';

     

       132
       +
           };

     

       133
       +
       

     

       134
       +
           extraCmdLineOptions = lib.mkOption {

     

       135
       +
             description = lib.mdDoc "Extra command line options for the OpenSearch launcher.";

     

       136
       +
             default = [ ];

     

       137
       +
             type = lib.types.listOf lib.types.str;

     

       138
       +
           };

     

       139
       +
       

     

       140
       +
           extraJavaOptions = lib.mkOption {

     

       141
       +
             description = lib.mdDoc "Extra command line options for Java.";

     

       142
       +
             default = [ ];

     

       143
       +
             type = lib.types.listOf lib.types.str;

     

       144
       +
             example = [ "-Djava.net.preferIPv4Stack=true" ];

     

       145
       +
           };

     

       146
       +
       

     

       147
       +
           restartIfChanged = lib.mkOption {

     

       148
       +
             type = lib.types.bool;

     

       149
       +
             description = lib.mdDoc ''

     

       150
       +
               Automatically restart the service on config change.

     

       151
       +
               This can be set to false to defer restarts on a server or cluster.

     

       152
       +
               Please consider the security implications of inadvertently running an older version,

     

       153
       +
               and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.

     

       154
       +
             '';

     

       155
       +
             default = true;

     

       156
       +
           };

     

       157
       +
         };

     

       158
       +
       

     

       159
       +
         config = mkIf cfg.enable {

     

       160
       +
           systemd.services.opensearch = {

     

       161
       +
             description = "OpenSearch Daemon";

     

       162
       +
             wantedBy = [ "multi-user.target" ];

     

       163
       +
             after = [ "network.target" ];

     

       164
       +
             path = [ pkgs.inetutils ];

     

       165
       +
             inherit (cfg) restartIfChanged;

     

       166
       +
             environment = {

     

       167
       +
               OPENSEARCH_HOME = cfg.dataDir;

     

       168
       +
               OPENSEARCH_JAVA_OPTS = toString cfg.extraJavaOptions;

     

       169
       +
               OPENSEARCH_PATH_CONF = configDir;

     

       170
       +
             };

     

       171
       +
             serviceConfig = {

     

       172
       +
               ExecStartPre =

     

       173
       +
                 let

     

       174
       +
                   startPreFullPrivileges = ''

     

       175
       +
                     set -o errexit -o pipefail -o nounset -o errtrace

     

       176
       +
                     shopt -s inherit_errexit

     

       177
       +
                   '' + (optionalString (!config.boot.isContainer) ''

     

       178
       +
                     # Only set vm.max_map_count if lower than ES required minimum

     

       179
       +
                     # This avoids conflict if configured via boot.kernel.sysctl

     

       180
       +
                     if [ $(${pkgs.procps}/bin/sysctl -n vm.max_map_count) -lt 262144 ]; then

     

       181
       +
                       ${pkgs.procps}/bin/sysctl -w vm.max_map_count=262144

     

       182
       +
                     fi

     

       183
       +
                   '');

     

       184
       +
                   startPreUnprivileged = ''

     

       185
       +
                     set -o errexit -o pipefail -o nounset -o errtrace

     

       186
       +
                     shopt -s inherit_errexit

     

       187
       +
       

     

       188
       +
                     # Install plugins

     

       189
       +
                     ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib

     

       190
       +
                     ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules

     

       191
       +
       

     

       192
       +
                     # opensearch needs to create the opensearch.keystore in the config directory

     

       193
       +
                     # so this directory needs to be writable.

     

       194
       +
                     mkdir -p ${configDir}

     

       195
       +
                     chmod 0700 ${configDir}

     

       196
       +
       

     

       197
       +
                     # Note that we copy config files from the nix store instead of symbolically linking them

     

       198
       +
                     # because otherwise X-Pack Security will raise the following exception:

     

       199
       +
                     # java.security.AccessControlException:

     

       200
       +
                     # access denied ("java.io.FilePermission" "/var/lib/opensearch/config/opensearch.yml" "read")

     

       201
       +
       

     

       202
       +
                     cp ${opensearchYml} ${configDir}/opensearch.yml

     

       203
       +
       

     

       204
       +
                     # Make sure the logging configuration for old OpenSearch versions is removed:

     

       205
       +
                     rm -f "${configDir}/logging.yml"

     

       206
       +
                     cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename}

     

       207
       +
                     mkdir -p ${configDir}/scripts

     

       208
       +
                     cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options

     

       209
       +
       

     

       210
       +
                     # redirect jvm logs to the data directory

     

       211
       +
                     mkdir -p ${cfg.dataDir}/logs

     

       212
       +
                     chmod 0700 ${cfg.dataDir}/logs

     

       213
       +
                     sed -e '#logs/gc.log#${cfg.dataDir}/logs/gc.log#' -i ${configDir}/jvm.options

     

       214
       +
                   '';

     

       215
       +
                 in [

     

       216
       +
                   "+${pkgs.writeShellScript "opensearch-start-pre-full-privileges" startPreFullPrivileges}"

     

       217
       +
                   "${pkgs.writeShellScript "opensearch-start-pre-unprivileged" startPreUnprivileged}"

     

       218
       +
                 ];

     

       219
       +
               ExecStartPost = pkgs.writeShellScript "opensearch-start-post" ''

     

       220
       +
                 set -o errexit -o pipefail -o nounset -o errtrace

     

       221
       +
                 shopt -s inherit_errexit

     

       222
       +
       

     

       223
       +
                 # Make sure opensearch is up and running before dependents

     

       224
       +
                 # are started

     

       225
       +
                 while ! ${pkgs.curl}/bin/curl -sS -f http://${cfg.settings."network.host"}:${toString cfg.settings."http.port"} 2>/dev/null; do

     

       226
       +
                   sleep 1

     

       227
       +
                 done

     

       228
       +
               '';

     

       229
       +
               ExecStart = "${cfg.package}/bin/opensearch ${toString cfg.extraCmdLineOptions}";

     

       230
       +
               User = cfg.user;

     

       231
       +
               Group = cfg.group;

     

       232
       +
               LimitNOFILE = "1024000";

     

       233
       +
               Restart = "always";

     

       234
       +
               TimeoutStartSec = "infinity";

     

       235
       +
               DynamicUser = usingDefaultUserAndGroup && usingDefaultDataDir;

     

       236
       +
             } // (optionalAttrs (usingDefaultDataDir) {

     

       237
       +
               StateDirectory = "opensearch";

     

       238
       +
               StateDirectoryMode = "0700";

     

       239
       +
             });

     

       240
       +
           };

     

       241
       +
       

     

       242
       +
           environment.systemPackages = [ cfg.package ];

     

       243
       +
         };

     

       244
       +
       }

nixos/tests/all-tests.nix

···

       490
        
         ombi = handleTest ./ombi.nix {};

     

       491
        
         openarena = handleTest ./openarena.nix {};

     

       492
        
         openldap = handleTest ./openldap.nix {};

     

       0
        
       
     

       493
        
         openresty-lua = handleTest ./openresty-lua.nix {};

     

       494
        
         opensmtpd = handleTest ./opensmtpd.nix {};

     

       495
        
         opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {};

···

       490
        
         ombi = handleTest ./ombi.nix {};

     

       491
        
         openarena = handleTest ./openarena.nix {};

     

       492
        
         openldap = handleTest ./openldap.nix {};

     

       493
       +
         opensearch = discoverTests (import ./opensearch.nix);

     

       494
        
         openresty-lua = handleTest ./openresty-lua.nix {};

     

       495
        
         opensmtpd = handleTest ./opensmtpd.nix {};

     

       496
        
         opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {};

+52

nixos/tests/opensearch.nix

···

       1
       +
       let

     

       2
       +
         opensearchTest =

     

       3
       +
           import ./make-test-python.nix (

     

       4
       +
             { pkgs, lib, extraSettings ? {} }: {

     

       5
       +
               name = "opensearch";

     

       6
       +
               meta.maintainers = with pkgs.lib.maintainers; [ shyim ];

     

       7
       +
       

     

       8
       +
               nodes.machine = lib.mkMerge [

     

       9
       +
                 {

     

       10
       +
                   virtualisation.memorySize = 2048;

     

       11
       +
                   services.opensearch.enable = true;

     

       12
       +
                 }

     

       13
       +
                 extraSettings

     

       14
       +
               ];

     

       15
       +
       

     

       16
       +
               testScript = ''

     

       17
       +
                 machine.start()

     

       18
       +
                 machine.wait_for_unit("opensearch.service")

     

       19
       +
                 machine.wait_for_open_port(9200)

     

       20
       +
       

     

       21
       +
                 machine.succeed(

     

       22
       +
                     "curl --fail localhost:9200"

     

       23
       +
                 )

     

       24
       +
               '';

     

       25
       +
             });

     

       26
       +
       in

     

       27
       +
       {

     

       28
       +
         opensearch = opensearchTest {};

     

       29
       +
         opensearchCustomPathAndUser = opensearchTest {

     

       30
       +
           extraSettings = {

     

       31
       +
             services.opensearch.dataDir = "/var/opensearch_test";

     

       32
       +
             services.opensearch.user = "open_search";

     

       33
       +
             services.opensearch.group = "open_search";

     

       34
       +
             system.activationScripts.createDirectory = {

     

       35
       +
               text = ''

     

       36
       +
                 mkdir -p "/var/opensearch_test"

     

       37
       +
                 chown open_search:open_search /var/opensearch_test

     

       38
       +
                 chmod 0700 /var/opensearch_test

     

       39
       +
               '';

     

       40
       +
               deps = [ "users" "groups" ];

     

       41
       +
             };

     

       42
       +
             users = {

     

       43
       +
               groups.open_search = {};

     

       44
       +
               users.open_search = {

     

       45
       +
                 description = "OpenSearch daemon user";

     

       46
       +
                 group = "open_search";

     

       47
       +
                 isSystemUser = true;

     

       48
       +
               };

     

       49
       +
             };

     

       50
       +
           };

     

       51
       +
         };

     

       52
       +
       }

+54

pkgs/servers/search/opensearch/default.nix

···

       1
       +
       { lib

     

       2
       +
       , stdenvNoCC

     

       3
       +
       , fetchurl

     

       4
       +
       , makeWrapper

     

       5
       +
       , jre_headless

     

       6
       +
       , util-linux

     

       7
       +
       , gnugrep

     

       8
       +
       , coreutils

     

       9
       +
       , autoPatchelfHook

     

       10
       +
       , zlib

     

       11
       +
       , nixosTests

     

       12
       +
       }:

     

       13
       +
       

     

       14
       +
       stdenvNoCC.mkDerivation rec {

     

       15
       +
         pname = "opensearch";

     

       16
       +
         version = "2.5.0";

     

       17
       +
       

     

       18
       +
         src = fetchurl {

     

       19
       +
           url = "https://artifacts.opensearch.org/releases/bundle/opensearch/${version}/opensearch-${version}-linux-x64.tar.gz";

     

       20
       +
           hash = "sha256-WPD5StVBb/hK+kP/1wkQQBKRQma/uaP+8ULeIFUBL1U=";

     

       21
       +
         };

     

       22
       +
       

     

       23
       +
         nativeBuildInputs = [ makeWrapper ];

     

       24
       +
         buildInputs = [ jre_headless util-linux ];

     

       25
       +
         patches = [./opensearch-home-fix.patch ];

     

       26
       +
       

     

       27
       +
         installPhase = ''

     

       28
       +
           runHook preInstall

     

       29
       +
       

     

       30
       +
           mkdir -p $out

     

       31
       +
           cp -R bin config lib modules plugins $out

     

       32
       +
       

     

       33
       +
           substituteInPlace $out/bin/opensearch \

     

       34
       +
             --replace 'bin/opensearch-keystore' "$out/bin/opensearch-keystore"

     

       35
       +
       

     

       36
       +
           wrapProgram $out/bin/opensearch \

     

       37
       +
             --prefix PATH : "${lib.makeBinPath [ util-linux gnugrep coreutils ]}" \

     

       38
       +
             --set JAVA_HOME "${jre_headless}"

     

       39
       +
       

     

       40
       +
           wrapProgram $out/bin/opensearch-plugin --set JAVA_HOME "${jre_headless}"

     

       41
       +
       

     

       42
       +
           runHook postInstall

     

       43
       +
         '';

     

       44
       +
       

     

       45
       +
         passthru.tests = nixosTests.opensearch;

     

       46
       +
       

     

       47
       +
         meta = {

     

       48
       +
           description = "Open Source, Distributed, RESTful Search Engine";

     

       49
       +
           homepage = "https://github.com/opensearch-project/OpenSearch";

     

       50
       +
           license = lib.licenses.asl20;

     

       51
       +
           platforms = lib.platforms.unix;

     

       52
       +
           maintainers = with lib.maintainers; [ shyim ];

     

       53
       +
         };

     

       54
       +
       }

+26

pkgs/servers/search/opensearch/opensearch-home-fix.patch

···

       1
       +
       diff -Naur a/bin/opensearch-env b/bin/opensearch-env

     

       2
       +
       --- a/bin/opensearch-env	2017-12-12 13:31:51.000000000 +0100

     

       3
       +
       +++ b/bin/opensearch-env	2017-12-18 19:51:12.282809695 +0100

     

       4
       +
       @@ -19,18 +19,10 @@

     

       5
       +
          fi

     

       6
       +
        done

     

       7
       +
        

     

       8
       +
       -# determine OpenSearch home; to do this, we strip from the path until we find

     

       9
       +
       -# bin, and then strip bin (there is an assumption here that there is no nested

     

       10
       +
       -# directory under bin also named bin)

     

       11
       +
       -OPENSEARCH_HOME=`dirname "$SCRIPT"`

     

       12
       +
       -

     

       13
       +
       -# now make OPENSEARCH_HOME absolute

     

       14
       +
       -OPENSEARCH_HOME=`cd "$OPENSEARCH_HOME"; pwd`

     

       15
       +
       -

     

       16
       +
       -while [ "`basename "$OPENSEARCH_HOME"`" != "bin" ]; do

     

       17
       +
       -  OPENSEARCH_HOME=`dirname "$OPENSEARCH_HOME"`

     

       18
       +
       -done

     

       19
       +
       -OPENSEARCH_HOME=`dirname "$OPENSEARCH_HOME"`

     

       20
       +
       +if [ -z "$OPENSEARCH_HOME" ]; then

     

       21
       +
       +    echo "You must set the OPENSEARCH_HOME var" >&2

     

       22
       +
       +    exit 1

     

       23
       +
       +fi

     

       24
       +
        

     

       25
       +
        # now set the classpath

     

       26
       +
        OPENSEARCH_CLASSPATH="$OPENSEARCH_HOME/lib/*"

pkgs/top-level/all-packages.nix

···

       34819
        
       

     

       34820
        
         openrct2 = callPackage ../games/openrct2 { };

     

       34821
        
       

     

       0
        
       
     

       0
        
       
     

       34822
        
         osu-lazer = callPackage ../games/osu-lazer { };

     

       34823
        
       

     

       34824
        
         osu-lazer-bin = callPackage ../games/osu-lazer/bin.nix { };

···

       34819
        
       

     

       34820
        
         openrct2 = callPackage ../games/openrct2 { };

     

       34821
        
       

     

       34822
       +
         opensearch = callPackage ../servers/search/opensearch { };

     

       34823
       +
       

     

       34824
        
         osu-lazer = callPackage ../games/osu-lazer { };

     

       34825
        
       

     

       34826
        
         osu-lazer-bin = callPackage ../games/osu-lazer/bin.nix { };