public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into flip-map-foreach

This commit is contained in:
danbst 2019-08-18 18:00:25 +03:00
parent 29ba0a0adf 2ca09a94be
commit d80cd26ff9
1062 changed files with 25722 additions and 18335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
doc/functions/dockertools.xml
View File

@ -312,7 +312,23 @@ hello latest de2bf4786de6 About a minute ago 25.2MB
Maximum number of layers to create.
</para>
<para>
<emphasis>Default:</emphasis> <literal>24</literal>
<emphasis>Default:</emphasis> <literal>100</literal>
</para>
<para>
<emphasis>Maximum:</emphasis> <literal>125</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>extraCommands</varname> <emphasis>optional</emphasis>
</term>
<listitem>
<para>
Shell commands to run while building the final layer, without access
to most of the layer contents. Changes to this layer are "on top"
of all the other layers, so can create additional directories
and files.
</para>
</listitem>
</varlistentry>

18
doc/languages-frameworks/idris.section.md
View File

@ -124,3 +124,21 @@ in another file (say `default.nix`) to be able to build it with
```
$ nix-build -A yaml
```
## Passing options to `idris` commands
The `build-idris-package` function provides also optional input values to set additional options for the used `idris` commands.
Specifically, you can set `idrisBuildOptions`, `idrisTestOptions`, `idrisInstallOptions` and `idrisDocOptions` to provide additional options to the `idris` command respectively when building, testing, installing and generating docs for your package.
For example you could set
```
build-idris-package {
idrisBuildOptions = [ "--log" "1" "--verbose" ]
...
}
```
to require verbose output during `idris` build phase.

9
doc/languages-frameworks/qt.xml
View File

@ -113,6 +113,15 @@ mkDerivation {
</programlisting>
</para>
<note>
<para>
<literal>wrapQtAppsHook</literal> ignores files that are non-ELF executables.
This means that scripts won't be automatically wrapped so you'll need to manually
wrap them as previously mentioned. An example of when you'd always need to do this
is with Python applications that use PyQT.
</para>
</note>
<para>
Libraries are built with every available version of Qt. Use the <literal>meta.broken</literal>
attribute to disable the package for unsupported Qt versions:

8
doc/quick-start.xml
View File

@ -210,8 +210,12 @@
</listitem>
<listitem>
<para>
Optionally commit the new package and open a pull request, or send a patch
to <literal>https://groups.google.com/forum/#!forum/nix-devel</literal>.
Optionally commit the new package and open a pull request <link
xlink:href="https://github.com/NixOS/nixpkgs/pulls">to nixpkgs</link>, or
use <link
xlink:href="https://discourse.nixos.org/t/about-the-patches-category/477">
the Patches category</link> on Discourse for sending a patch without a
GitHub account.
</para>
</listitem>
</orderedlist>

10
doc/stdenv.xml
View File

@ -1599,6 +1599,16 @@ installTargets = "install-bin install-doc";</programlisting>
<variablelist>
<title>Variables controlling the fixup phase</title>
<varlistentry>
<term>
<varname>dontFixup</varname>
</term>
<listitem>
<para>
Set to true to skip the fixup phase.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>dontStrip</varname>

9
lib/tests/modules.sh
View File

@ -71,6 +71,15 @@ checkConfigError 'The option value .* in .* is not of type.*positive integer.*'
checkConfigOutput "42" config.value ./declare-int-between-value.nix ./define-value-int-positive.nix
checkConfigError 'The option value .* in .* is not of type.*between.*-21 and 43.*inclusive.*' config.value ./declare-int-between-value.nix ./define-value-int-negative.nix
# Check either types
# types.either
checkConfigOutput "42" config.value ./declare-either.nix ./define-value-int-positive.nix
checkConfigOutput "\"24\"" config.value ./declare-either.nix ./define-value-string.nix
# types.oneOf
checkConfigOutput "42" config.value ./declare-oneOf.nix ./define-value-int-positive.nix
checkConfigOutput "[ ]" config.value ./declare-oneOf.nix ./define-value-list.nix
checkConfigOutput "\"24\"" config.value ./declare-oneOf.nix ./define-value-string.nix
# Check mkForce without submodules.
set -- config.enable ./declare-enable.nix ./define-enable.nix
checkConfigOutput "true" "$@"

5
lib/tests/modules/declare-either.nix Normal file
View File

@ -0,0 +1,5 @@
{ lib, ... }: {
options.value = lib.mkOption {
type = lib.types.either lib.types.int lib.types.str;
};
}

9
lib/tests/modules/declare-oneOf.nix Normal file
View File

@ -0,0 +1,9 @@
{ lib, ... }: {
options.value = lib.mkOption {
type = lib.types.oneOf [
lib.types.int
(lib.types.listOf lib.types.int)
lib.types.str
];
};
}

7
lib/types.nix
View File

@ -443,6 +443,13 @@ rec {
functor = (defaultFunctor name) // { wrapped = [ t1 t2 ]; };
};
# Any of the types in the given list
oneOf = ts:
let
head' = if ts == [] then throw "types.oneOf needs to get at least one type in its argument" else head ts;
tail' = tail ts;
in foldl' either head' tail';
# Either value of type `finalType` or `coercedType`, the latter is
# converted to `finalType` using `coerceFunc`.
coercedTo = coercedType: coerceFunc: finalType:

1095
maintainers/maintainer-list.nix
View File

File diff suppressed because it is too large Load Diff

106
nixos/doc/manual/default.nix
View File

@ -5,55 +5,6 @@ with pkgs;
let
lib = pkgs.lib;
# Remove invisible and internal options.
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
# Replace functions by the string <function>
substFunction = x:
if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x
else if builtins.isList x then map substFunction x
else if lib.isFunction x then "<function>"
else x;
# Generate DocBook documentation for a list of packages. This is
# what `relatedPackages` option of `mkOption` from
# ../../../lib/options.nix influences.
#
# Each element of `relatedPackages` can be either
# - a string: that will be interpreted as an attribute name from `pkgs`,
# - a list: that will be interpreted as an attribute path from `pkgs`,
# - an attrset: that can specify `name`, `path`, `package`, `comment`
# (either of `name`, `path` is required, the rest are optional).
genRelatedPackages = packages:
let
unpack = p: if lib.isString p then { name = p; }
else if lib.isList p then { path = p; }
else p;
describe = args:
let
title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path);
path = args.path or [ args.name ];
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs);
in "<listitem>"
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"
+ ": ${package.meta.description or "???"}.</para>"
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
+ "</listitem>";
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
optionsListDesc = lib.forEach optionsListVisible (opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree.
declarations = map stripAnyPrefixes opt.declarations;
}
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
// lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; });
# We need to strip references to /nix/store/* from options,
# including any `extraSources` if some modules came from elsewhere,
# or else the build will fail.
@ -63,37 +14,13 @@ let
prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources);
stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) prefixesToStrip;
# Custom "less" that pushes up all the things ending in ".enable*"
# and ".package*"
optionLess = a: b:
let
ise = lib.hasPrefix "enable";
isp = lib.hasPrefix "package";
cmp = lib.splitByAndCompare ise lib.compare
(lib.splitByAndCompare isp lib.compare lib.compare);
in lib.compareLists cmp a.loc b.loc < 0;
# Customly sort option list for the man page.
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsDocBook = runCommand "options-db.xml" {} ''
optionsXML=${optionsXML}
if grep /nixpkgs/nixos/modules $optionsXML; then
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
echo "since this prevents sharing via the NixOS channel. This is typically"
echo "caused by an option default that refers to a relative path (see above"
echo "for hints about the offending path)."
exit 1
fi
${buildPackages.libxslt.bin}/bin/xsltproc \
--stringparam revision '${revision}' \
-o intermediate.xml ${./options-to-docbook.xsl} $optionsXML
${buildPackages.libxslt.bin}/bin/xsltproc \
-o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml
'';
optionsDoc = buildPackages.nixosOptionsDoc {
inherit options revision;
transformOptions = opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree.
declarations = map stripAnyPrefixes opt.declarations;
};
};
sources = lib.sourceFilesBySuffices ./. [".xml"];
@ -108,7 +35,7 @@ let
generatedSources = runCommand "generated-docbook" {} ''
mkdir $out
ln -s ${modulesDoc} $out/modules.xml
ln -s ${optionsDocBook} $out/options-db.xml
ln -s ${optionsDoc.optionsDocBook} $out/options-db.xml
printf "%s" "${version}" > $out/version
'';
@ -234,22 +161,7 @@ let
in rec {
inherit generatedSources;
# The NixOS options in JSON format.
optionsJSON = runCommand "options-json"
{ meta.description = "List of NixOS options in JSON format";
}
''
# Export list of options in different format.
dst=$out/share/doc/nixos
mkdir -p $dst
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON
(builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList))))
} $dst/options.json
mkdir -p $out/nix-support
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
''; # */
inherit (optionsDoc) optionsJSON optionsXML optionsDocBook;
# Generate the NixOS manual.
manualHTML = runCommand "nixos-manual-html"

12
nixos/doc/manual/development/option-types.xml
View File

@ -346,6 +346,18 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>types.oneOf</varname> [ <replaceable>t1</replaceable> <replaceable>t2</replaceable> ... ]
</term>
<listitem>
<para>
Type <replaceable>t1</replaceable> or type <replaceable>t2</replaceable> and so forth,
e.g. <literal>with types; oneOf [ int str bool ]</literal>. Multiple definitions
cannot be merged.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>types.coercedTo</varname> <replaceable>from</replaceable> <replaceable>f</replaceable> <replaceable>to</replaceable>

10
nixos/doc/manual/development/releases.xml
View File

@ -98,6 +98,16 @@
<literal>stableBranch</literal> set to false.
</para>
</listitem>
<listitem>
<para>
Remove attributes that we know we will not be able to support,
especially if there is a stable alternative. E.g. Check that our
Linux kernels'
<link xlink:href="https://www.kernel.org/category/releases.html">
projected end-of-life</link> are after our release projected
end-of-life
</para>
</listitem>
<listitem>
<para>
Edit changelog at

7
nixos/doc/manual/installation/changing-config.xml
View File

@ -14,6 +14,13 @@
to build the new configuration, make it the default configuration for
booting, and try to realise the configuration in the running system (e.g., by
restarting system services).
<warning>
<para>
This command doesn't start/stop <link linkend="opt-systemd.user.services">user
services</link> automatically. <command>nixos-rebuild</command> only runs a
<literal>daemon-reload</literal> for each user with running user services.
</para>
</warning>
</para>
<warning>
<para>

19
nixos/doc/manual/installation/installing.xml
View File

@ -29,13 +29,14 @@
</para>
<para>
You are logged-in automatically as <literal>root</literal>. (The
<literal>root</literal> user account has an empty password.)
You are logged-in automatically as <literal>nixos</literal>.
The <literal>nixos</literal> user account has an empty password so you
can use <command>sudo</command> without a password.
</para>
<para>
If you downloaded the graphical ISO image, you can run <command>systemctl
start display-manager</command> to start KDE. If you want to continue on the
start display-manager</command> to start the desktop environment. If you want to continue on the
terminal, you can use <command>loadkeys</command> to switch to your
preferred keyboard layout. (We even provide neo2 via <command>loadkeys de
neo</command>!)
@ -65,9 +66,9 @@
<para>
If you would like to continue the installation from a different machine you
need to activate the SSH daemon via <literal>systemctl start
sshd</literal>. In order to be able to login you also need to set a
password for <literal>root</literal> using <literal>passwd</literal>.
need to activate the SSH daemon via <command>systemctl start
sshd</command>. You then must set a password for either <literal>root</literal> or
<literal>nixos</literal> with <command>passwd></command> to be able to login.
</para>
</section>
</section>
@ -334,7 +335,7 @@
If youre using the graphical ISO image, other editors may be available
(such as <command>vim</command>). If you have network access, you can also
install other editors — for instance, you can install Emacs by running
<literal>nix-env -i emacs</literal>.
<literal>nix-env -f '&lt;nixpkgs&gt;' -iA emacs</literal>.
</para>
<variablelist>
<varlistentry>
@ -466,10 +467,10 @@ Retype new UNIX password: ***</screen>
<para>
You may also want to install some software. For instance,
<screen>
<prompt>$ </prompt>nix-env -qa \*</screen>
<prompt>$ </prompt>nix-env -qaP \*</screen>
shows what packages are available, and
<screen>
<prompt>$ </prompt>nix-env -i w3m</screen>
<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -iA w3m</screen>
install the <literal>w3m</literal> browser.
</para>
</listitem>

16
nixos/doc/manual/man-nixos-enter.xml
View File

@ -35,6 +35,12 @@
<replaceable>shell-command</replaceable>
</arg>
<arg>
<arg choice='plain'>
<option>--silent</option>
</arg>
</arg>
<arg>
<arg choice='plain'>
<option>--help</option>
@ -100,6 +106,16 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--silent</option>
</term>
<listitem>
<para>
Suppresses all output from the activation script of the target system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--</option>

32
nixos/doc/manual/man-nixos-rebuild.xml
View File

@ -90,6 +90,35 @@
<arg>
<option>--show-trace</option>
</arg>
<arg>
<option>-I</option>
<replaceable>path</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--verbose</option></arg>
<arg choice='plain'><option>-v</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--max-jobs</option></arg>
<arg choice='plain'><option>-j</option></arg>
</group>
<replaceable>number</replaceable>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--keep-failed</option></arg>
<arg choice='plain'><option>-K</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--keep-going</option></arg>
<arg choice='plain'><option>-k</option></arg>
</group>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
@ -101,7 +130,8 @@
NixOS module, you must run <command>nixos-rebuild</command> to make the
changes take effect. It builds the new system in
<filename>/nix/store</filename>, runs its activation script, and stop and
(re)starts any system services if needed.
(re)starts any system services if needed. Please note that user services need
to be started manually as they aren't detected by the activation script at the moment.
</para>
<para>
This command has one required argument, which specifies the desired

37
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -33,6 +33,21 @@
PHP 7.1 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 19.09 release.
</para>
</listitem>
<listitem>
<para>
The binfmt module is now easier to use. Additional systems can
be added through <option>boot.binfmt.emulatedSystems</option>.
For instance, <literal>boot.binfmt.emulatedSystems = [
"wasm32-wasi" "x86_64-windows" "aarch64-linux" ];</literal> will
set up binfmt interpreters for each of those listed systems.
</para>
</listitem>
<listitem>
<para>
The installer now uses a less privileged <literal>nixos</literal> user whereas before we logged in as root.
To gain root privileges use <literal>sudo -i</literal> without a password.
</para>
</listitem>
</itemizedlist>
</section>
@ -47,6 +62,13 @@
The following new services were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
<literal>./programs/dwm-status.nix</literal>
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
@ -226,6 +248,21 @@
Only some exporters are affected by the latter, namely the exporters <literal>dovecot</literal>, <literal>node</literal>, <literal>postfix</literal> and <literal>varnish</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>ibus-qt</literal> package is not installed by default anymore when <xref linkend="opt-i18n.inputMethod.enabled" /> is set to <literal>ibus</literal>.
If IBus support in Qt 4.x applications is required, add the <literal>ibus-qt</literal> package to your <xref linkend="opt-environment.systemPackages" /> manually.
</para>
</listitem>
<listitem>
<para>
The CUPS Printing service now uses socket-based activation by
default, only starting when needed. The previous behavior can
be restored by setting
<option>services.cups.startWhenNeeded</option> to
<literal>false</literal>.
</para>
</listitem>
</itemizedlist>
</section>

2
nixos/lib/build-vms.nix
View File

@ -67,7 +67,7 @@ rec {
in
{ key = "ip-address";
config =
{ networking.hostName = m.fst;
{ networking.hostName = mkDefault m.fst;
networking.interfaces = listToAttrs interfaces;

164
nixos/lib/make-options-doc/default.nix Normal file
View File

@ -0,0 +1,164 @@
/* Generate JSON, XML and DocBook documentation for given NixOS options.
Minimal example:
{ pkgs, }:
let
eval = import (pkgs.path + "/nixos/lib/eval-config.nix") {
baseModules = [
../module.nix
];
modules = [];
};
in pkgs.nixosOptionsDoc {
options = eval.options;
}
*/
{ pkgs
, lib
, options
, transformOptions ? lib.id # function for additional tranformations of the options
, revision ? "" # Specify revision for the options
}:
let
# Replace functions by the string <function>
substFunction = x:
if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x
else if builtins.isList x then map substFunction x
else if lib.isFunction x then "<function>"
else x;
optionsListDesc = lib.flip map optionsListVisible
(opt: transformOptions opt
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
// lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; }
);
# Generate DocBook documentation for a list of packages. This is
# what `relatedPackages` option of `mkOption` from
# ../../../lib/options.nix influences.
#
# Each element of `relatedPackages` can be either
# - a string: that will be interpreted as an attribute name from `pkgs`,
# - a list: that will be interpreted as an attribute path from `pkgs`,
# - an attrset: that can specify `name`, `path`, `package`, `comment`
# (either of `name`, `path` is required, the rest are optional).
genRelatedPackages = packages:
let
unpack = p: if lib.isString p then { name = p; }
else if lib.isList p then { path = p; }
else p;
describe = args:
let
title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path);
path = args.path or [ args.name ];
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs);
in "<listitem>"
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"
+ ": ${package.meta.description or "???"}.</para>"
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
+ "</listitem>";
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
# Custom "less" that pushes up all the things ending in ".enable*"
# and ".package*"
optionLess = a: b:
let
ise = lib.hasPrefix "enable";
isp = lib.hasPrefix "package";
cmp = lib.splitByAndCompare ise lib.compare
(lib.splitByAndCompare isp lib.compare lib.compare);
in lib.compareLists cmp a.loc b.loc < 0;
# Remove invisible and internal options.
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
# Customly sort option list for the man page.
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);
# TODO: declarations: link to github
singleAsciiDoc = name: value: ''
== ${name}
${value.description}
[discrete]
=== details
Type:: ${value.type}
${ if lib.hasAttr "default" value
then ''
Default::
+
----
${builtins.toJSON value.default}
----
''
else "No Default:: {blank}"
}
${ if value.readOnly
then "Read Only:: {blank}"
else ""
}
${ if lib.hasAttr "example" value
then ''
Example::
+
----
${builtins.toJSON value.example}
----
''
else "No Example:: {blank}"
}
'';
in rec {
inherit optionsNix;
optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix);
optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
}
''
# Export list of options in different format.
dst=$out/share/doc/nixos
mkdir -p $dst
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json
mkdir -p $out/nix-support
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
''; # */
optionsDocBook = pkgs.runCommand "options-docbook.xml" {} ''
optionsXML=${optionsXML}
if grep /nixpkgs/nixos/modules $optionsXML; then
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
echo "since this prevents sharing via the NixOS channel. This is typically"
echo "caused by an option default that refers to a relative path (see above"
echo "for hints about the offending path)."
exit 1
fi
${pkgs.libxslt.bin}/bin/xsltproc \
--stringparam revision '${revision}' \
-o intermediate.xml ${./options-to-docbook.xsl} $optionsXML
${pkgs.libxslt.bin}/bin/xsltproc \
-o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml
'';
}

0
nixos/doc/manual/options-to-docbook.xsl → nixos/lib/make-options-doc/options-to-docbook.xsl
View File

0
nixos/doc/manual/postprocess-option-descriptions.xsl → nixos/lib/make-options-doc/postprocess-option-descriptions.xsl
View File

35
nixos/modules/config/timezone.nix → nixos/modules/config/locale.nix
View File

@ -9,6 +9,8 @@ let
timezone = types.nullOr (types.addCheck types.str nospace)
// { description = "null or string without spaces"; };
lcfg = config.location;
in
{
@ -37,12 +39,45 @@ in
};
};
location = {
latitude = mkOption {
type = types.float;
description = ''
Your current latitude, between
<literal>-90.0</literal> and <literal>90.0</literal>. Must be provided
along with longitude.
'';
};
longitude = mkOption {
type = types.float;
description = ''
Your current longitude, between
between <literal>-180.0</literal> and <literal>180.0</literal>. Must be
provided along with latitude.
'';
};
provider = mkOption {
type = types.enum [ "manual" "geoclue2" ];
default = "manual";
description = ''
The location provider to use for determining your location. If set to
<literal>manual</literal> you must also provide latitude/longitude.
'';
};
};
};
config = {
environment.sessionVariables.TZDIR = "/etc/zoneinfo";
services.geoclue2.enable = mkIf (lcfg.provider == "geoclue2") true;
# This way services are restarted when tzdata changes.
systemd.globalEnvironment.TZDIR = tzdir;

5
nixos/modules/config/users-groups.nix
View File

@ -564,7 +564,10 @@ in {
};
}) (filterAttrs (_: u: u.packages != []) cfg.users));
environment.profiles = [ "/etc/profiles/per-user/$USER" ];
environment.profiles = [
"$HOME/.nix-profile"
"/etc/profiles/per-user/$USER"
];
assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);

56
nixos/modules/hardware/device-tree.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.deviceTree;
in {
options = {
hardware.deviceTree = {
enable = mkOption {
default = pkgs.stdenv.hostPlatform.platform.kernelDTB or false;
type = types.bool;
description = ''
Build device tree files. These are used to describe the
non-discoverable hardware of a system.
'';
};
base = mkOption {
default = "${config.boot.kernelPackages.kernel}/dtbs";
defaultText = "\${config.boot.kernelPackages.kernel}/dtbs";
example = literalExample "pkgs.deviceTree_rpi";
type = types.path;
description = ''
The package containing the base device-tree (.dtb) to boot. Contains
device trees bundled with the Linux kernel by default.
'';
};
overlays = mkOption {
default = [];
example = literalExample
"[\"\${pkgs.deviceTree_rpi.overlays}/w1-gpio.dtbo\"]";
type = types.listOf types.path;
description = ''
A path containing device tree overlays (.dtbo) to be applied to all
base device-trees.
'';
};
package = mkOption {
default = null;
type = types.nullOr types.path;
internal = true;
description = ''
A path containing the result of applying `overlays` to `base`.
'';
};
};
};
config = mkIf (cfg.enable) {
hardware.deviceTree.package = if (cfg.overlays != [])
then pkgs.deviceTree.applyOverlays cfg.base cfg.overlays else cfg.base;
};
}

2
nixos/modules/i18n/input-method/ibus.nix
View File

@ -55,7 +55,7 @@ in
# Without dconf enabled it is impossible to use IBus
environment.systemPackages = with pkgs; [
ibus-qt gnome3.dconf ibusAutostart
gnome3.dconf ibusAutostart
];
environment.variables = {

19
nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix
View File

@ -8,16 +8,30 @@ with lib;
{
imports = [ ./installation-cd-base.nix ];
# Whitelist wheel users to do anything
# This is useful for things like pkexec
#
# WARNING: this is dangerous for systems
# outside the installation-cd and shouldn't
# be used anywhere else.
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
services.xserver = {
enable = true;
# Don't start the X server by default.
autorun = mkForce false;
# Automatically login as root.
# Automatically login as nixos.
displayManager.slim = {
enable = true;
defaultUser = "root";
defaultUser = "nixos";
autoLogin = true;
};
@ -33,7 +47,6 @@ with lib;
# Enable sound in graphical iso's.
hardware.pulseaudio.enable = true;
hardware.pulseaudio.systemWide = true; # Needed since we run plasma as root.
environment.systemPackages = [
# Include gparted for partitioning disks.

15
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -30,15 +30,20 @@ with lib;
Version=1.0
Type=Application
Name=NixOS Manual
Exec=firefox ${config.system.build.manual.manualHTMLIndex}
Exec=firefox ${config.system.build.manual.manual}/share/doc/nixos/index.html
Icon=text-html
'';
homeDir = "/home/nixos/";
desktopDir = homeDir + "Desktop/";
in ''
mkdir -p /root/Desktop
ln -sfT ${manualDesktopFile} /root/Desktop/nixos-manual.desktop
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
mkdir -p ${desktopDir}
chown nixos ${homeDir} ${desktopDir}
ln -sfT ${manualDesktopFile} ${desktopDir + "nixos-manual.desktop"}
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop ${desktopDir + "gparted.desktop"}
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop ${desktopDir + "org.kde.konsole.desktop"}
'';
}

21
nixos/modules/installer/tools/nixos-enter.sh
View File

@ -16,7 +16,8 @@ fi
mountPoint=/mnt
system=/nix/var/nix/profiles/system
command=($system/sw/bin/bash "--login")
command=("$system/sw/bin/bash" "--login")
silent=0
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
@ -32,9 +33,12 @@ while [ "$#" -gt 0 ]; do
exit 1
;;
--command|-c)
command=($system/sw/bin/bash "-c" "$1")
command=("$system/sw/bin/bash" "-c" "$1")
shift 1
;;
--silent)
silent=1
;;
--)
command=("$@")
break
@ -51,11 +55,20 @@ if [[ ! -e $mountPoint/etc/NIXOS ]]; then
exit 126
fi
mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/sys"
mkdir -p "$mountPoint/dev" "$mountPoint/sys"
chmod 0755 "$mountPoint/dev" "$mountPoint/sys"
mount --rbind /dev "$mountPoint/dev"
mount --rbind /sys "$mountPoint/sys"
# If silent, write both stdout and stderr of activation script to /dev/null
# otherwise, write both streams to stderr of this process
if [ "$silent" -eq 0 ]; then
PIPE_TARGET="/dev/stderr"
else
PIPE_TARGET="/dev/null"
fi
# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings.
LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 || true
LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" chroot "$mountPoint" "$system/activate" >>$PIPE_TARGET 2>&1 || true
exec chroot "$mountPoint" "${command[@]}"

85
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -607,90 +607,7 @@ EOF
}
write_file($fn, <<EOF);
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
$bootLoaderConfig
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search, run:
# \$ nix search wget
# environment.systemPackages = with pkgs; [
# wget vim
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "${\(qw(@release@))}"; # Did you read the comment?
}
@configuration@
EOF
} else {
print STDERR "warning: not overwriting existing $fn\n";

105
nixos/modules/installer/tools/tools.nix
View File

@ -38,7 +38,7 @@ let
src = ./nixos-generate-config.pl;
path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ];
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/${pkgs.perl.libPrefix}";
inherit (config.system.nixos) release;
inherit (config.system.nixos-generate-config) configuration;
};
nixos-option = makeProg {
@ -61,8 +61,111 @@ in
{
options.system.nixos-generate-config.configuration = mkOption {
internal = true;
type = types.str;
description = ''
The NixOS module that <literal>nixos-generate-config</literal>
saves to <literal>/etc/nixos/configuration.nix</literal>.
This is an internal option. No backward compatibility is guaranteed.
Use at your own risk!
Note that this string gets spliced into a Perl script. The perl
variable <literal>$bootLoaderConfig</literal> can be used to
splice in the boot loader configuration.
'';
};
config = {
system.nixos-generate-config.configuration = mkDefault ''
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
$bootLoaderConfig
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search, run:
# \$ nix search wget
# environment.systemPackages = with pkgs; [
# wget vim
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "${config.system.nixos.release}"; # Did you read the comment?
}
'';
environment.systemPackages =
[ nixos-build-vms
nixos-install

1
nixos/modules/misc/crashdump.nix
View File

@ -58,7 +58,6 @@ in
"crashkernel=${crashdump.reservedMemory}"
"nmi_watchdog=panic"
"softlockup_panic=1"
"idle=poll"
];
kernelPatches = [ {
name = "crashdump-config";

2
nixos/modules/misc/nixpkgs.nix
View File

@ -19,7 +19,7 @@ let
lhs = optCall lhs_ { inherit pkgs; };
rhs = optCall rhs_ { inherit pkgs; };
in
lhs // rhs //
recursiveUpdate lhs rhs //
optionalAttrs (lhs ? packageOverrides) {
packageOverrides = pkgs:
optCall lhs.packageOverrides pkgs //

17
nixos/modules/module-list.nix
View File

@ -20,6 +20,7 @@
./config/iproute2.nix
./config/krb5/default.nix
./config/ldap.nix
./config/locale.nix
./config/malloc.nix
./config/networking.nix
./config/no-x-libs.nix
@ -33,7 +34,6 @@
./config/system-environment.nix
./config/system-path.nix
./config/terminfo.nix
./config/timezone.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/vpnc.nix
@ -46,6 +46,7 @@
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/digitalbitbox.nix
./hardware/device-tree.nix
./hardware/sensor/iio.nix
./hardware/ksm.nix
./hardware/ledger.nix
@ -106,9 +107,15 @@
./programs/digitalbitbox/default.nix
./programs/dmrconfig.nix
./programs/environment.nix
./programs/evince.nix
./programs/file-roller.nix
./programs/firejail.nix
./programs/fish.nix
./programs/freetds.nix
./programs/fuse.nix
./programs/gnome-disks.nix
./programs/gnome-documents.nix
./programs/gpaste.nix
./programs/gnupg.nix
./programs/gphoto2.nix
./programs/iftop.nix
@ -209,6 +216,7 @@
./services/backup/duplicity.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/postgresql-wal-receiver.nix
./services/backup/restic.nix
./services/backup/restic-rest-server.nix
./services/backup/rsnapshot.nix
@ -280,12 +288,8 @@
./services/desktops/pipewire.nix
./services/desktops/gnome3/at-spi2-core.nix
./services/desktops/gnome3/chrome-gnome-shell.nix
./services/desktops/gnome3/evince.nix
./services/desktops/gnome3/evolution-data-server.nix
./services/desktops/gnome3/file-roller.nix
./services/desktops/gnome3/glib-networking.nix
./services/desktops/gnome3/gnome-disks.nix
./services/desktops/gnome3/gnome-documents.nix
./services/desktops/gnome3/gnome-keyring.nix
./services/desktops/gnome3/gnome-online-accounts.nix
./services/desktops/gnome3/gnome-remote-desktop.nix
@ -293,7 +297,6 @@
./services/desktops/gnome3/gnome-settings-daemon.nix
./services/desktops/gnome3/gnome-terminal-server.nix
./services/desktops/gnome3/gnome-user-share.nix
./services/desktops/gnome3/gpaste.nix
./services/desktops/gnome3/gvfs.nix
./services/desktops/gnome3/rygel.nix
./services/desktops/gnome3/seahorse.nix
@ -402,6 +405,7 @@
./services/misc/couchpotato.nix
./services/misc/devmon.nix
./services/misc/dictd.nix
./services/misc/dwm-status.nix
./services/misc/dysnomia.nix
./services/misc/disnix.nix
./services/misc/docker-registry.nix
@ -818,6 +822,7 @@
./services/web-servers/varnish/default.nix
./services/web-servers/zope2.nix
./services/x11/extra-layouts.nix
./services/x11/clight.nix
./services/x11/colord.nix
./services/x11/compton.nix
./services/x11/unclutter.nix

6
nixos/modules/profiles/hardened.nix
View File

@ -44,6 +44,9 @@ with lib;
# Disable legacy virtual syscalls
"vsyscall=none"
# Enable page allocator randomization
"page_alloc.shuffle=1"
];
boot.blacklistedKernelModules = [
@ -121,4 +124,7 @@ with lib;
# Ignore outgoing ICMP redirects (this is ipv4 only)
boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
# Restrict userfaultfd syscalls to processes with the SYS_PTRACE capability
boot.kernel.sysctl."vm.unprivileged_userfaultfd" = mkDefault false;
}

27
nixos/modules/profiles/installation-device.nix
View File

@ -32,19 +32,35 @@ with lib;
#services.rogue.enable = true;
# Disable some other stuff we don't need.
security.sudo.enable = mkDefault false;
services.udisks2.enable = mkDefault false;
# Use less privileged nixos user
users.users.nixos = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "video" ];
# Allow the graphical user to login without password
initialHashedPassword = "";
};
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
# Allow passwordless sudo from nixos user
security.sudo = {
enable = mkDefault true;
wheelNeedsPassword = mkForce false;
};
# Automatically log in at the virtual consoles.
services.mingetty.autologinUser = "root";
services.mingetty.autologinUser = "nixos";
# Some more help text.
services.mingetty.helpLine =
''
The "root" account has an empty password. ${
The "nixos" and "root" account have empty passwords. ${
optionalString config.services.xserver.enable
"Type `systemctl start display-manager' to\nstart the graphical user interface."}
"Type `sudo systemctl start display-manager' to\nstart the graphical user interface."}
'';
# Allow sshd to be started manually through "systemctl start sshd".
@ -86,8 +102,5 @@ with lib;
# because we have the firewall enabled. This makes installs from the
# console less cumbersome if the machine has a public IP.
networking.firewall.logRefusedConnections = mkDefault false;
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
};
}

5
nixos/modules/programs/environment.nix
View File

@ -23,9 +23,8 @@ in
XCURSOR_PATH = [ "$HOME/.icons" ];
};
environment.profiles =
[ "$HOME/.nix-profile"
"/nix/var/nix/profiles/default"
environment.profiles = mkAfter
[ "/nix/var/nix/profiles/default"
"/run/current-system/sw"
];

13
nixos/modules/services/desktops/gnome3/evince.nix → nixos/modules/programs/evince.nix
View File

@ -6,14 +6,21 @@ with lib;
{
# Added 2019-08-09
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "evince" "enable" ]
[ "programs" "evince" "enable" ])
];
###### interface
options = {
services.gnome3.evince = {
programs.evince = {
enable = mkEnableOption
"systemd and dbus services for Evince, the GNOME document viewer";
"Evince, the GNOME document viewer";
};
@ -22,7 +29,7 @@ with lib;
###### implementation
config = mkIf config.services.gnome3.evince.enable {
config = mkIf config.programs.evince.enable {
environment.systemPackages = [ pkgs.evince ];

11
nixos/modules/services/desktops/gnome3/file-roller.nix → nixos/modules/programs/file-roller.nix
View File

@ -6,11 +6,18 @@ with lib;
{
# Added 2019-08-09
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "file-roller" "enable" ]
[ "programs" "file-roller" "enable" ])
];
###### interface
options = {
services.gnome3.file-roller = {
programs.file-roller = {
enable = mkEnableOption "File Roller, an archive manager for GNOME";
@ -21,7 +28,7 @@ with lib;
###### implementation
config = mkIf config.services.gnome3.file-roller.enable {
config = mkIf config.programs.file-roller.enable {
environment.systemPackages = [ pkgs.gnome3.file-roller ];

37
nixos/modules/programs/fuse.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, ... }:
with lib;
let
cfg = config.programs.fuse;
in {
meta.maintainers = with maintainers; [ primeos ];
options.programs.fuse = {
mountMax = mkOption {
# In the C code it's an "int" (i.e. signed and at least 16 bit), but
# negative numbers obviously make no sense:
type = types.ints.between 0 32767; # 2^15 - 1
default = 1000;
description = ''
Set the maximum number of FUSE mounts allowed to non-root users.
'';
};
userAllowOther = mkOption {
type = types.bool;
default = false;
description = ''
Allow non-root users to specify the allow_other or allow_root mount
options, see mount.fuse3(8).
'';
};
};
config = {
environment.etc."fuse.conf".text = ''
${optionalString (!cfg.userAllowOther) "#"}user_allow_other
mount_max = ${toString cfg.mountMax}
'';
};
}

15
nixos/modules/services/desktops/gnome3/gnome-disks.nix → nixos/modules/programs/gnome-disks.nix
View File

@ -1,4 +1,4 @@
# GNOME Disks daemon.
# GNOME Disks.
{ config, pkgs, lib, ... }:
@ -6,17 +6,24 @@ with lib;
{
# Added 2019-08-09
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "gnome-disks" "enable" ]
[ "programs" "gnome-disks" "enable" ])
];
###### interface
options = {
services.gnome3.gnome-disks = {
programs.gnome-disks = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable GNOME Disks daemon, a service designed to
Whether to enable GNOME Disks daemon, a program designed to
be a UDisks2 graphical front-end.
'';
};
@ -28,7 +35,7 @@ with lib;
###### implementation
config = mkIf config.services.gnome3.gnome-disks.enable {
config = mkIf config.programs.gnome-disks.enable {
environment.systemPackages = [ pkgs.gnome3.gnome-disk-utility ];

15
nixos/modules/services/desktops/gnome3/gnome-documents.nix → nixos/modules/programs/gnome-documents.nix
View File

@ -1,4 +1,4 @@
# GNOME Documents daemon.
# GNOME Documents.
{ config, pkgs, lib, ... }:
@ -6,17 +6,24 @@ with lib;
{
# Added 2019-08-09
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "gnome-documents" "enable" ]
[ "programs" "gnome-documents" "enable" ])
];
###### interface
options = {
services.gnome3.gnome-documents = {
programs.gnome-documents = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable GNOME Documents services, a document
Whether to enable GNOME Documents, a document
manager application for GNOME.
'';
};
@ -28,7 +35,7 @@ with lib;
###### implementation
config = mkIf config.services.gnome3.gnome-documents.enable {
config = mkIf config.programs.gnome-documents.enable {
environment.systemPackages = [ pkgs.gnome3.gnome-documents ];

15
nixos/modules/services/desktops/gnome3/gpaste.nix → nixos/modules/programs/gpaste.nix
View File

@ -1,12 +1,20 @@
# GPaste daemon.
# GPaste.
{ config, lib, pkgs, ... }:
with lib;
{
# Added 2019-08-09
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "gpaste" "enable" ]
[ "programs" "gpaste" "enable" ])
];
###### interface
options = {
services.gnome3.gpaste = {
programs.gpaste = {
enable = mkOption {
type = types.bool;
default = false;
@ -18,10 +26,9 @@ with lib;
};
###### implementation
config = mkIf config.services.gnome3.gpaste.enable {
config = mkIf config.programs.gpaste.enable {
environment.systemPackages = [ pkgs.gnome3.gpaste ];
services.dbus.packages = [ pkgs.gnome3.gpaste ];
services.xserver.desktopManager.gnome3.sessionPath = [ pkgs.gnome3.gpaste ];
systemd.packages = [ pkgs.gnome3.gpaste ];
};
}

36
nixos/modules/programs/nylas-mail.nix
View File

@ -1,36 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nylas-mail;
in {
###### interface
options = {
services.nylas-mail = {
enable = mkEnableOption ''
nylas-mail - Open-source mail client built on the modern web with Electron, React, and Flux
'';
gnome3-keyring = mkOption {
type = types.bool;
default = true;
description = "Enable gnome3 keyring for nylas-mail.";
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.nylas-mail-bin ];
services.gnome3.gnome-keyring = mkIf cfg.gnome3-keyring {
enable = true;
};
};
}

19
nixos/modules/rename.nix
View File

@ -51,6 +51,10 @@ with lib;
(mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRemovedOptionModule [ "services" "prometheus2" "alertmanagerURL" ] ''
Due to incompatibility, the alertmanagerURL option has been removed,
please use 'services.prometheus2.alertmanagers' instead.
'')
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
@ -221,6 +225,7 @@ with lib;
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
@ -257,6 +262,20 @@ with lib;
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
# Redshift
(mkChangedOptionModule [ "services" "redshift" "latitude" ] [ "location" "latitude" ]
(config:
let value = getAttrFromPath [ "services" "redshift" "latitude" ] config;
in if value == null then
throw "services.redshift.latitude is set to null, you can remove this"
else builtins.fromJSON value))
(mkChangedOptionModule [ "services" "redshift" "longitude" ] [ "location" "longitude" ]
(config:
let value = getAttrFromPath [ "services" "redshift" "longitude" ] config;
in if value == null then
throw "services.redshift.longitude is set to null, you can remove this"
else builtins.fromJSON value))
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]

4
nixos/modules/services/admin/oxidized.nix
View File

@ -97,8 +97,8 @@ in
preStart = ''
mkdir -p ${cfg.dataDir}/.config/oxidized
cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
ln -f -s ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
ln -f -s ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
'';
serviceConfig = {

2
nixos/modules/services/backup/automysqlbackup.nix
View File

@ -41,7 +41,7 @@ in
};
config = mkOption {
type = with types; attrsOf (either (either str (either int bool)) (listOf str));
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
default = {};
description = ''
automysqlbackup configuration. Refer to

203
nixos/modules/services/backup/postgresql-wal-receiver.nix Normal file
View File

@ -0,0 +1,203 @@
{ config, lib, pkgs, ... }:
with lib;
let
receiverSubmodule = {
options = {
postgresqlPackage = mkOption {
type = types.package;
example = literalExample "pkgs.postgresql_11";
description = ''
PostgreSQL package to use.
'';
};
directory = mkOption {
type = types.path;
example = literalExample "/mnt/pg_wal/main/";
description = ''
Directory to write the output to.
'';
};
statusInterval = mkOption {
type = types.int;
default = 10;
description = ''
Specifies the number of seconds between status packets sent back to the server.
This allows for easier monitoring of the progress from server.
A value of zero disables the periodic status updates completely,
although an update will still be sent when requested by the server, to avoid timeout disconnect.
'';
};
slot = mkOption {
type = types.str;
default = "";
example = "some_slot_name";
description = ''
Require <command>pg_receivewal</command> to use an existing replication slot (see
<link xlink:href="https://www.postgresql.org/docs/current/warm-standby.html#STREAMING-REPLICATION-SLOTS">Section 26.2.6 of the PostgreSQL manual</link>).
When this option is used, <command>pg_receivewal</command> will report a flush position to the server,
indicating when each segment has been synchronized to disk so that the server can remove that segment if it is not otherwise needed.
When the replication client of <command>pg_receivewal</command> is configured on the server as a synchronous standby,
then using a replication slot will report the flush position to the server, but only when a WAL file is closed.
Therefore, that configuration will cause transactions on the primary to wait for a long time and effectively not work satisfactorily.
The option <option>synchronous</option> must be specified in addition to make this work correctly.
'';
};
synchronous = mkOption {
type = types.bool;
default = false;
description = ''
Flush the WAL data to disk immediately after it has been received.
Also send a status packet back to the server immediately after flushing, regardless of <option>statusInterval</option>.
This option should be specified if the replication client of <command>pg_receivewal</command> is configured on the server as a synchronous standby,
to ensure that timely feedback is sent to the server.
'';
};
compress = mkOption {
type = types.ints.between 0 9;
default = 0;
description = ''
Enables gzip compression of write-ahead logs, and specifies the compression level
(<literal>0</literal> through <literal>9</literal>, <literal>0</literal> being no compression and <literal>9</literal> being best compression).
The suffix <literal>.gz</literal> will automatically be added to all filenames.
This option requires PostgreSQL >= 10.
'';
};
connection = mkOption {
type = types.str;
example = "postgresql://user@somehost";
description = ''
Specifies parameters used to connect to the server, as a connection string.
See <link xlink:href="https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING">Section 34.1.1 of the PostgreSQL manual</link> for more information.
Because <command>pg_receivewal</command> doesn't connect to any particular database in the cluster,
database name in the connection string will be ignored.
'';
};
extraArgs = mkOption {
type = with types; listOf str;
default = [ ];
example = literalExample ''
[
"--no-sync"
]
'';
description = ''
A list of extra arguments to pass to the <command>pg_receivewal</command> command.
'';
};
environment = mkOption {
type = with types; attrsOf str;
default = { };
example = literalExample ''
{
PGPASSFILE = "/private/passfile";
PGSSLMODE = "require";
}
'';
description = ''
Environment variables passed to the service.
Usable parameters are listed in <link xlink:href="https://www.postgresql.org/docs/current/libpq-envars.html">Section 34.14 of the PostgreSQL manual</link>.
'';
};
};
};
in {
options = {
services.postgresqlWalReceiver = {
receivers = mkOption {
type = with types; attrsOf (submodule receiverSubmodule);
default = { };
example = literalExample ''
{
main = {
postgresqlPackage = pkgs.postgresql_11;
directory = /mnt/pg_wal/main/;
slot = "main_wal_receiver";
connection = "postgresql://user@somehost";
};
}
'';
description = ''
PostgreSQL WAL receivers.
Stream write-ahead logs from a PostgreSQL server using <command>pg_receivewal</command> (formerly <command>pg_receivexlog</command>).
See <link xlink:href="https://www.postgresql.org/docs/current/app-pgreceivewal.html">the man page</link> for more information.
'';
};
};
};
config = let
receivers = config.services.postgresqlWalReceiver.receivers;
in mkIf (receivers != { }) {
users = {
users.postgres = {
uid = config.ids.uids.postgres;
group = "postgres";
description = "PostgreSQL server user";
};
groups.postgres = {
gid = config.ids.gids.postgres;
};
};
assertions = concatLists (attrsets.mapAttrsToList (name: config: [
{
assertion = config.compress > 0 -> versionAtLeast config.postgresqlPackage.version "10";
message = "Invalid configuration for WAL receiver \"${name}\": compress requires PostgreSQL version >= 10.";
}
]) receivers);
systemd.tmpfiles.rules = mapAttrsToList (name: config: ''
d ${escapeShellArg config.directory} 0750 postgres postgres - -
'') receivers;
systemd.services = with attrsets; mapAttrs' (name: config: nameValuePair "postgresql-wal-receiver-${name}" {
description = "PostgreSQL WAL receiver (${name})";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "postgres";
Group = "postgres";
KillSignal = "SIGINT";
Restart = "always";
RestartSec = 30;
};
inherit (config) environment;
script = let
receiverCommand = postgresqlPackage:
if (versionAtLeast postgresqlPackage.version "10")
then "${postgresqlPackage}/bin/pg_receivewal"
else "${postgresqlPackage}/bin/pg_receivexlog";
in ''
${receiverCommand config.postgresqlPackage} \
--no-password \
--directory=${escapeShellArg config.directory} \
--status-interval=${toString config.statusInterval} \
--dbname=${escapeShellArg config.connection} \
${optionalString (config.compress > 0) "--compress=${toString config.compress}"} \
${optionalString (config.slot != "") "--slot=${escapeShellArg config.slot}"} \
${optionalString config.synchronous "--synchronous"} \
${concatStringsSep " " config.extraArgs}
'';
}) receivers;
};
meta.maintainers = with maintainers; [ pacien ];
}

6
nixos/modules/services/databases/couchdb.nix
View File

@ -160,7 +160,7 @@ in {
systemd.tmpfiles.rules = [
"d '${dirOf cfg.uriFile}' - ${cfg.user} ${cfg.group} - -"
"d '${dirOf cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
"f '${cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.databaseDir}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.viewIndexDir}' - ${cfg.user} ${cfg.group} - -"
];
@ -169,10 +169,8 @@ in {
description = "CouchDB Server";
wantedBy = [ "multi-user.target" ];
preStart =
''
preStart = ''
touch ${cfg.configFile}
touch -a ${cfg.logFile}
'';
environment = mkIf useVersion2 {

18
nixos/modules/services/databases/memcached.nix
View File

@ -86,7 +86,25 @@ in
in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
User = cfg.user;
# Filesystem access
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RuntimeDirectory = "memcached";
# Caps
CapabilityBoundingSet = "";
NoNewPrivileges = true;
# Misc.
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
PrivateUsers = true;
MemoryDenyWriteExecute = true;
};
};
};

8
nixos/modules/services/databases/postgresql.nix
View File

@ -251,6 +251,10 @@ in
environment.systemPackages = [ postgresql ];
environment.pathsToLink = [
"/share/postgresql"
];
systemd.services.postgresql =
{ description = "PostgreSQL Server";
@ -326,13 +330,13 @@ in
fi
'' + optionalString (cfg.ensureDatabases != []) ''
${concatMapStrings (database: ''
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc "CREATE DATABASE ${database}"
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"'
'') cfg.ensureDatabases}
'' + ''
${concatMapStrings (user: ''
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc "CREATE USER ${user.name}"
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
$PSQL -tAc "GRANT ${permission} ON ${database} TO ${user.name}"
$PSQL -tAc 'GRANT ${permission} ON ${database} TO ${user.name}'
'') user.ensurePermissions)}
'') cfg.ensureUsers}
'';

11
nixos/modules/services/desktops/flatpak.nix
View File

@ -38,5 +38,16 @@ in {
"$HOME/.local/share/flatpak/exports"
"/var/lib/flatpak/exports"
];
# It has been possible since https://github.com/flatpak/flatpak/releases/tag/1.3.2
# to build a SELinux policy module.
users.users.flatpak = {
description = "Flatpak system helper";
group = "flatpak";
isSystemUser = true;
};
users.groups.flatpak = { };
};
}

2
nixos/modules/services/editors/emacs.xml
View File

@ -552,7 +552,7 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
<xref linkend="opt-environment.systemPackages"/>
(<link
linkend="sec-declarative-package-mgmt">NixOS</link>), or run
<literal>nix-env -i pkgs.docbook5</literal>
<literal>nix-env -f '&lt;nixpkgs&gt;' -iA docbook5</literal>
(<link linkend="sec-ad-hoc-packages">Nix</link>).
</para>

2
nixos/modules/services/games/minecraft-server.nix
View File

@ -118,7 +118,7 @@ in {
};
serverProperties = mkOption {
type = with types; attrsOf (either bool (either int str));
type = with types; attrsOf (oneOf [ bool int str ]);
default = {};
example = literalExample ''
{

11
nixos/modules/services/hardware/throttled.nix
View File

@ -8,6 +8,12 @@ in {
options = {
services.throttled = {
enable = mkEnableOption "fix for Intel CPU throttling";
extraConfig = mkOption {
type = types.str;
default = "";
description = "Alternative configuration";
};
};
};
@ -16,6 +22,9 @@ in {
# The upstream package has this in Install, but that's not enough, see the NixOS manual
systemd.services."lenovo_fix".wantedBy = [ "multi-user.target" ];
environment.etc."lenovo_fix.conf".source = "${pkgs.throttled}/etc/lenovo_fix.conf";
environment.etc."lenovo_fix.conf".source =
if cfg.extraConfig != ""
then pkgs.writeText "lenovo_fix.conf" cfg.extraConfig
else "${pkgs.throttled}/etc/lenovo_fix.conf";
};
}

2
nixos/modules/services/mail/davmail.nix
View File

@ -7,7 +7,7 @@ let
cfg = config.services.davmail;
configType = with types;
either (either (attrsOf configType) str) (either int bool) // {
oneOf [ (attrsOf configType) str int bool ] // {
description = "davmail config type (str, int, bool or attribute set thereof)";
};

2
nixos/modules/services/mail/postfix.nix
View File

@ -447,7 +447,7 @@ in
};
config = mkOption {
type = with types; attrsOf (either bool (either str (listOf str)));
type = with types; attrsOf (oneOf [ bool str (listOf str) ]);
description = ''
The main.cf configuration file as key value set.
'';

2
nixos/modules/services/mail/rspamd.nix
View File

@ -331,7 +331,7 @@ in
};
config = mkOption {
type = with types; attrsOf (either bool (either str (listOf str)));
type = with types; attrsOf (oneOf [ bool str (listOf str) ]);
description = ''
Addon to postfix configuration
'';

2
nixos/modules/services/mail/rss2email.nix
View File

@ -30,7 +30,7 @@ in {
};
config = mkOption {
type = with types; attrsOf (either str (either int bool));
type = with types; attrsOf (oneOf [ str int bool ]);
default = {};
description = ''
The configuration to give rss2email.

73
nixos/modules/services/misc/dwm-status.nix Normal file
View File

@ -0,0 +1,73 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.dwm-status;
order = concatMapStringsSep "," (feature: ''"${feature}"'') cfg.order;
configFile = pkgs.writeText "dwm-status.toml" ''
order = [${order}]
${cfg.extraConfig}
'';
in
{
###### interface
options = {
services.dwm-status = {
enable = mkEnableOption "dwm-status user service";
package = mkOption {
type = types.package;
default = pkgs.dwm-status;
defaultText = "pkgs.dwm-status";
example = "pkgs.dwm-status.override { enableAlsaUtils = false; }";
description = ''
Which dwm-status package to use.
'';
};
order = mkOption {
type = types.listOf (types.enum [ "audio" "backlight" "battery" "cpu_load" "network" "time" ]);
description = ''
List of enabled features in order.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra config in TOML format.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
services.upower.enable = elem "battery" cfg.order;
systemd.user.services.dwm-status = {
description = "Highly performant and configurable DWM status service";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${cfg.package}/bin/dwm-status ${configFile}";
};
};
}

4
nixos/modules/services/misc/gitlab.nix
View File

@ -502,7 +502,7 @@ in {
"d ${cfg.statePath} 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -"
"D ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -"
@ -659,7 +659,7 @@ in {
fi
# We remove potentially broken links to old gitlab-shell versions
rm -f ${cfg.statePath}/repositories/**/*.git/hooks
rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${pkgs.git}/bin/git config --global core.autocrlf "input"
'';

8
nixos/modules/services/monitoring/datadog-agent.nix
View File

@ -42,9 +42,9 @@ let
# Apply the configured extraIntegrations to the provided agent
# package. See the documentation of `dd-agent/integrations-core.nix`
# for detailed information on this.
datadogPkg = cfg.package.overrideAttrs(_: {
python = (pkgs.datadog-integrations-core cfg.extraIntegrations).python;
});
datadogPkg = cfg.package.override {
pythonPackages = pkgs.datadog-integrations-core cfg.extraIntegrations;
};
in {
options.services.datadog-agent = {
enable = mkOption {
@ -60,7 +60,7 @@ in {
defaultText = "pkgs.datadog-agent";
description = ''
Which DataDog v6 agent package to use. Note that the provided
package is expected to have an overridable `python`-attribute
package is expected to have an overridable `pythonPackages`-attribute
which configures the Python environment with the Datadog
checks.
'';

4
nixos/modules/services/monitoring/grafana.nix
View File

@ -503,12 +503,12 @@ in {
message = "Cannot set both adminPassword and adminPasswordFile";
}
{
assertion = cfg.security.secretKeyFile != opt.security.secretKeyFile.default -> cfg.security.secretKeyFile == null;
assertion = cfg.security.secretKey != opt.security.secretKey.default -> cfg.security.secretKeyFile == null;
message = "Cannot set both secretKey and secretKeyFile";
}
{
assertion = cfg.smtp.password != opt.smtp.password.default -> cfg.smtp.passwordFile == null;
message = "Cannot set both password and secretKeyFile";
message = "Cannot set both password and passwordFile";
}
];

2
nixos/modules/services/monitoring/loki.nix
View File

@ -103,7 +103,7 @@ in {
PrivateTmp = true;
ProtectHome = true;
ProtectSystem = "full";
DecvicePolicy = "closed";
DevicePolicy = "closed";
NoNewPrivileges = true;
WorkingDirectory = cfg.dataDir;
};

26
nixos/modules/services/monitoring/prometheus/default.nix
View File

@ -79,12 +79,8 @@ let
(pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg2.rules))
]);
scrape_configs = filterValidPrometheus cfg2.scrapeConfigs;
alerting = optionalAttrs (cfg2.alertmanagerURL != []) {
alertmanagers = [{
static_configs = [{
targets = cfg2.alertmanagerURL;
}];
}];
alerting = {
inherit (cfg2) alertmanagers;
};
};
@ -738,11 +734,23 @@ in {
'';
};
alertmanagerURL = mkOption {
type = types.listOf types.str;
alertmanagers = mkOption {
type = types.listOf types.attrs;
example = literalExample ''
[ {
scheme = "https";
path_prefix = "/alertmanager";
static_configs = [ {
targets = [
"prometheus.domain.tld"
];
} ];
} ]
'';
default = [];
description = ''
List of Alertmanager URLs to send notifications to.
A list of alertmanagers to send alerts to.
See <link xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config">the official documentation</link> for more information.
'';
};

9
nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix
View File

@ -4,6 +4,13 @@ with lib;
let
cfg = config.services.prometheus.exporters.blackbox;
checkConfig = file: pkgs.runCommand "checked-blackbox-exporter.conf" {
preferLocalBuild = true;
buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; } ''
ln -s ${file} $out
blackbox_exporter --config.check --config.file $out
'';
in
{
port = 9115;
@ -21,7 +28,7 @@ in
ExecStart = ''
${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--config.file ${cfg.configFile} \
--config.file ${checkConfig cfg.configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

9
nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
View File

@ -34,6 +34,14 @@ in {
<literal>allowed_ip_1</literal> and so on.
'';
};
withRemoteIp = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
'';
};
};
serviceOpts = {
path = [ pkgs.wireguard-tools ];
@ -45,6 +53,7 @@ in {
-p ${toString cfg.port} \
${optionalString cfg.verbose "-v"} \
${optionalString cfg.singleSubnetPerField "-s"} \
${optionalString cfg.withRemoteIp "-r"} \
${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}
'';
};

11
nixos/modules/services/monitoring/zabbix-proxy.nix
View File

@ -120,7 +120,8 @@ in
name = mkOption {
type = types.str;
default = "zabbix";
default = if cfg.database.type == "sqlite" then "${stateDir}/zabbix.db" else "zabbix";
defaultText = "zabbix";
description = "Database name.";
};
@ -261,17 +262,17 @@ in
preStart = optionalString pgsqlLocal ''
if ! test -e "${stateDir}/db-created"; then
cat ${cfg.package}/share/zabbix/database/postgresql/schema.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
cat ${cfg.package}/share/zabbix/database/postgresql/images.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
cat ${cfg.package}/share/zabbix/database/postgresql/data.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
touch "${stateDir}/db-created"
fi
'' + optionalString mysqlLocal ''
if ! test -e "${stateDir}/db-created"; then
cat ${cfg.package}/share/zabbix/database/mysql/schema.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
cat ${cfg.package}/share/zabbix/database/mysql/images.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
cat ${cfg.package}/share/zabbix/database/mysql/data.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
touch "${stateDir}/db-created"
fi
'' + optionalString (cfg.database.type == "sqlite") ''
if ! test -e "${cfg.database.name}"; then
${pkgs.sqlite}/bin/sqlite3 "${cfg.database.name}" < ${cfg.package}/share/zabbix/database/sqlite3/schema.sql
fi
'' + optionalString (cfg.database.passwordFile != null) ''
# create a copy of the supplied password file in a format zabbix can consume
touch ${passwordFile}

6
nixos/modules/services/network-filesystems/ipfs.nix
View File

@ -208,9 +208,9 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ wrapped ];
environment.etc."fuse.conf" = mkIf cfg.autoMount { text = ''
user_allow_other
''; };
programs.fuse = mkIf cfg.autoMount {
userAllowOther = true;
};
users.users = mkIf (cfg.user == "ipfs") {
ipfs = {

2
nixos/modules/services/networking/unifi.nix
View File

@ -148,7 +148,7 @@ in
systemd.tmpfiles.rules = [
"e '${stateDir}' 0700 unifi - - -"
"e '${stateDir}/data' 0700 unifi - - -"
"d '${stateDir}/data' 0700 unifi - - -"
];
systemd.services.unifi = {

4
nixos/modules/services/networking/znc/default.nix
View File

@ -62,9 +62,9 @@ let
concatStringsSep "\n" (toLines cfg.config);
semanticTypes = with types; rec {
zncAtom = nullOr (either (either int bool) str);
zncAtom = nullOr (oneOf [ int bool str ]);
zncAttr = attrsOf (nullOr zncConf);
zncAll = either (either zncAtom (listOf zncAtom)) zncAttr;
zncAll = oneOf [ zncAtom (listOf zncAtom) zncAttr ];
zncConf = attrsOf (zncAll // {
# Since this is a recursive type and the description by default contains
# the description of its subtypes, infinite recursion would occur without

20
nixos/modules/services/printing/cupsd.nix
View File

@ -127,7 +127,7 @@ in
startWhenNeeded = mkOption {
type = types.bool;
default = false;
default = true;
description = ''
If set, CUPS is socket-activated; that is,
instead of having it permanently running as a daemon,
@ -296,11 +296,16 @@ in
# gets loaded, and then cups cannot access the printers.
boot.blacklistedKernelModules = [ "usblp" ];
# Some programs like print-manager rely on this value to get
# printer test pages.
environment.sessionVariables.CUPS_DATADIR = "${bindir}/share/cups";
systemd.packages = [ cups.out ];
systemd.sockets.cups = mkIf cfg.startWhenNeeded {
wantedBy = [ "sockets.target" ];
listenStreams = map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses;
listenStreams = [ "/run/cups/cups.sock" ]
++ map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses;
};
systemd.services.cups =
@ -362,10 +367,10 @@ in
{ description = "CUPS Remote Printer Discovery";
wantedBy = [ "multi-user.target" ];
wants = [ "cups.service" "avahi-daemon.service" ];
bindsTo = [ "cups.service" "avahi-daemon.service" ];
partOf = [ "cups.service" "avahi-daemon.service" ];
after = [ "cups.service" "avahi-daemon.service" ];
wants = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
bindsTo = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
partOf = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
after = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
path = [ cups ];
@ -421,4 +426,7 @@ in
security.pam.services.cups = {};
};
meta.maintainers = with lib.maintainers; [ matthewbauer ];
}

1
nixos/modules/services/search/elasticsearch.nix
View File

@ -131,6 +131,7 @@ in {
description = "Extra elasticsearch plugins";
default = [];
type = types.listOf types.package;
example = lib.literalExample "[ pkgs.elasticsearchPlugins.discovery-ec2 ]";
};
};

2
nixos/modules/services/security/bitwarden_rs/default.nix
View File

@ -36,7 +36,7 @@ in {
};
config = mkOption {
type = attrsOf (nullOr (either (either bool int) str));
type = attrsOf (nullOr (oneOf [ bool int str ]));
default = {};
example = literalExample ''
{

2
nixos/modules/services/web-apps/limesurvey.nix
View File

@ -14,7 +14,7 @@ let
pkg = pkgs.limesurvey;
configType = with types; either (either (attrsOf configType) str) (either int bool) // {
configType = with types; oneOf [ (attrsOf configType) str int bool ] // {
description = "limesurvey config type (str, int, bool or attribute set thereof)";
};

2
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -336,7 +336,7 @@ let
++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }
++ concatMap (svc: svc.extraModules) allSubservices
++ extraForeignModules;
in concatMapStrings load allModules
in concatMapStrings load (unique allModules)
}
AddHandler type-map var

115
nixos/modules/services/x11/clight.nix Normal file
View File

@ -0,0 +1,115 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.clight;
toConf = v:
if builtins.isFloat v then toString v
else if isInt v then toString v
else if isBool v then boolToString v
else if isString v then ''"${escape [''"''] v}"''
else if isList v then "[ " + concatMapStringsSep ", " toConf v + " ]"
else abort "clight.toConf: unexpected type (v = ${v})";
clightConf = pkgs.writeText "clight.conf"
(concatStringsSep "\n" (mapAttrsToList
(name: value: "${toString name} = ${toConf value};")
(filterAttrs
(_: value: value != null)
cfg.settings)));
in {
options.services.clight = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable clight or not.
'';
};
temperature = {
day = mkOption {
type = types.int;
default = 5500;
description = ''
Colour temperature to use during the day, between
<literal>1000</literal> and <literal>25000</literal> K.
'';
};
night = mkOption {
type = types.int;
default = 3700;
description = ''
Colour temperature to use at night, between
<literal>1000</literal> and <literal>25000</literal> K.
'';
};
};
settings = let
validConfigTypes = with types; either int (either str (either bool float));
in mkOption {
type = with types; attrsOf (nullOr (either validConfigTypes (listOf validConfigTypes)));
default = {};
example = { captures = 20; gamma_long_transition = true; ac_capture_timeouts = [ 120 300 60 ]; };
description = ''
Additional configuration to extend clight.conf. See
<link xlink:href="https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf"/> for a
sample configuration file.
'';
};
};
config = mkIf cfg.enable {
boot.kernelModules = [ "i2c_dev" ];
environment.systemPackages = with pkgs; [ clight clightd ];
services.dbus.packages = with pkgs; [ clight clightd ];
services.upower.enable = true;
services.clight.settings = {
gamma_temp = with cfg.temperature; mkDefault [ day night ];
} // (optionalAttrs (config.location.provider == "manual") {
latitude = mkDefault config.location.latitude;
longitude = mkDefault config.location.longitude;
});
services.geoclue2.appConfig."clightc" = {
isAllowed = true;
isSystem = true;
};
systemd.services.clightd = {
requires = [ "polkit.service" ];
wantedBy = [ "multi-user.target" ];
description = "Bus service to manage various screen related properties (gamma, dpms, backlight)";
serviceConfig = {
Type = "dbus";
BusName = "org.clightd.clightd";
Restart = "on-failure";
RestartSec = 5;
ExecStart = ''
${pkgs.clightd}/bin/clightd
'';
};
};
systemd.user.services.clight = {
after = [ "upower.service" "clightd.service" ];
wants = [ "upower.service" "clightd.service" ];
partOf = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
description = "C daemon to adjust screen brightness to match ambient brightness, as computed capturing frames from webcam";
serviceConfig = {
Restart = "on-failure";
RestartSec = 5;
ExecStart = ''
${pkgs.clight}/bin/clight --conf-file ${clightConf}
'';
};
};
};
}

2
nixos/modules/services/x11/compton.nix
View File

@ -215,7 +215,7 @@ in {
};
settings = let
configTypes = with types; either bool (either int (either float str));
configTypes = with types; oneOf [ bool int float str ];
# types.loaOf converts lists to sets
loaOf = t: with types; either (listOf t) (attrsOf t);
in mkOption {

2
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -20,7 +20,7 @@ in
imports = [
./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix
./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix ./maxx.nix
./mate.nix ./pantheon.nix
./mate.nix ./pantheon.nix ./surf-display.nix
];
options = {

23
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -15,12 +15,16 @@ let
'';
};
nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; }
nixos-gsettings-desktop-schemas = let
defaultPackages = with pkgs; [ gsettings-desktop-schemas gnome3.gnome-shell ];
in
pkgs.runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; }
''
mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
cp -rf ${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages}
${concatMapStrings
(pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n")
(defaultPackages ++ cfg.extraGSettingsOverridePackages)}
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
@ -30,6 +34,9 @@ let
[org.gnome.desktop.screensaver]
picture-uri='${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png'
[org.gnome.shell]
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'evolution.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ]
${cfg.extraGSettingsOverrides}
EOF
@ -123,12 +130,8 @@ in {
services.dleyna-renderer.enable = mkDefault true;
services.dleyna-server.enable = mkDefault true;
services.gnome3.at-spi2-core.enable = true;
services.gnome3.evince.enable = mkDefault true;
services.gnome3.evolution-data-server.enable = true;
services.gnome3.file-roller.enable = mkDefault true;
services.gnome3.glib-networking.enable = true;
services.gnome3.gnome-disks.enable = mkDefault true;
services.gnome3.gnome-documents.enable = mkDefault true;
services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-online-accounts.enable = mkDefault true;
services.gnome3.gnome-remote-desktop.enable = mkDefault true;
@ -157,6 +160,12 @@ in {
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# Enable default programs
programs.evince.enable = mkDefault true;
programs.file-roller.enable = mkDefault true;
programs.gnome-disks.enable = mkDefault true;
programs.gnome-documents.enable = mkDefault true;
# If gnome3 is installed, build vim for gtk3 too.
nixpkgs.config.vim.gui = "gtk3";

12
nixos/modules/services/x11/desktop-managers/pantheon.nix
View File

@ -102,6 +102,10 @@ in
# Makes qt applications look less alien
export QT_QPA_PLATFORMTHEME=gtk3
export QT_STYLE_OVERRIDE=adwaita
# Settings from elementary-default-settings
export GTK_CSD=1
export GTK_MODULES=$GTK_MODULES:pantheon-filechooser-module
fi
'';
@ -119,11 +123,9 @@ in
];
services.pantheon.contractor.enable = mkDefault true;
services.gnome3.at-spi2-core.enable = true;
services.gnome3.evince.enable = mkDefault true;
services.gnome3.evolution-data-server.enable = true;
services.gnome3.file-roller.enable = mkDefault true;
# TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully
services.gnome3.glib-networking.enable = true;
# TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully
services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-settings-daemon.enable = true;
services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon;
@ -136,7 +138,6 @@ in
services.xserver.libinput.enable = mkDefault true;
services.xserver.updateDbusEnvironment = true;
services.zeitgeist.enable = mkDefault true;
services.geoclue2.enable = mkDefault true;
# pantheon has pantheon-agent-geoclue2
services.geoclue2.enableDemoAgent = false;
@ -145,6 +146,9 @@ in
isSystem = true;
};
programs.evince.enable = mkDefault true;
programs.file-roller.enable = mkDefault true;
networking.networkmanager.enable = mkDefault true;
networking.networkmanager.basePackages =
{ inherit (pkgs) networkmanager modemmanager wpa_supplicant crda;

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -178,7 +178,7 @@ in
++ lib.optional (cfg.phononBackend == "vlc" && cfg.enableQt4Support) pkgs.phonon-backend-vlc
# Optional hardware support features
++ lib.optional config.hardware.bluetooth.enable bluedevil
++ lib.optionals config.hardware.bluetooth.enable [ bluedevil bluez-qt ]
++ lib.optional config.networking.networkmanager.enable plasma-nm
++ lib.optional config.hardware.pulseaudio.enable plasma-pa
++ lib.optional config.powerManagement.enable powerdevil

127
nixos/modules/services/x11/desktop-managers/surf-display.nix Normal file
View File

@ -0,0 +1,127 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.desktopManager.surf-display;
surfDisplayConf = ''
# Surf Kiosk Display: Wrap around surf browser and turn your
# system into a browser screen in KIOSK-mode.
# default download URI for all display screens if not configured individually
DEFAULT_WWW_URI="${cfg.defaultWwwUri}"
# Enforce fixed resolution for all displays (default: not set):
#DEFAULT_RESOLUTION="1920x1080"
# HTTP proxy URL, if needed (default: not set).
#HTTP_PROXY_URL="http://webcache:3128"
# Setting for internal inactivity timer to restart surf-display
# if the user goes inactive/idle.
INACTIVITY_INTERVAL="${builtins.toString cfg.inactivityInterval}"
# log to syslog instead of .xsession-errors
LOG_TO_SYSLOG="yes"
# Launch pulseaudio daemon if not already running.
WITH_PULSEAUDIO="yes"
# screensaver settings, see "man 1 xset" for possible options
SCREENSAVER_SETTINGS="${cfg.screensaverSettings}"
# disable right and middle pointer device click in browser sessions while keeping
# scrolling wheels' functionality intact... (consider "pointer" subcommand on
# xmodmap man page for details).
POINTER_BUTTON_MAP="${cfg.pointerButtonMap}"
# Hide idle mouse pointer.
HIDE_IDLE_POINTER="${cfg.hideIdlePointer}"
${cfg.extraConfig}
'';
in {
options = {
services.xserver.desktopManager.surf-display = {
enable = mkEnableOption "surf-display as a kiosk browser session";
defaultWwwUri = mkOption {
type = types.string;
default = "${pkgs.surf-display}/share/surf-display/empty-page.html";
example = "https://www.example.com/";
description = "Default URI to display.";
};
inactivityInterval = mkOption {
type = types.int;
default = 300;
example = "0";
description = ''
Setting for internal inactivity timer to restart surf-display if the
user goes inactive/idle to get a fresh session for the next user of
the kiosk.
If this value is set to zero, the whole feature of restarting due to
inactivity is disabled.
'';
};
screensaverSettings = mkOption {
type = types.string;
default = "";
description = ''
Screensaver settings, see <literal>man 1 xset</literal> for possible options.
'';
};
pointerButtonMap = mkOption {
type = types.string;
default = "1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0";
description = ''
Disable right and middle pointer device click in browser sessions
while keeping scrolling wheels' functionality intact. See pointer
subcommand on <literal>man xmodmap</literal> for details.
'';
};
hideIdlePointer = mkOption {
type = types.string;
default = "yes";
example = "no";
description = "Hide idle mouse pointer.";
};
extraConfig = mkOption {
type = types.string;
default = "";
example = ''
# Enforce fixed resolution for all displays (default: not set):
DEFAULT_RESOLUTION="1920x1080"
# HTTP proxy URL, if needed (default: not set).
HTTP_PROXY_URL="http://webcache:3128"
# Configure individual display screens with host specific parameters:
DISPLAYS['display-host-0']="www_uri=https://www.displayserver.comany.net/display-1/index.html"
DISPLAYS['display-host-1']="www_uri=https://www.displayserver.comany.net/display-2/index.html"
DISPLAYS['display-host-2']="www_uri=https://www.displayserver.comany.net/display-3/index.html|res=1920x1280"
DISPLAYS['display-host-3']="www_uri=https://www.displayserver.comany.net/display-4/index.html"|res=1280x1024"
DISPLAYS['display-host-local-file']="www_uri=file:///usr/share/doc/surf-display/empty-page.html"
'';
description = ''
Extra configuration options to append to <literal>/etc/default/surf-display</literal>.
'';
};
};
};
config = mkIf cfg.enable {
services.xserver.displayManager.extraSessionFilePackages = [
pkgs.surf-display
];
environment.etc."default/surf-display".text = surfDisplayConf;
};
}

44
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -96,6 +96,14 @@ in
type = types.bool;
};
autoSuspend = mkOption {
default = true;
description = ''
Suspend the machine after inactivity.
'';
type = types.bool;
};
};
};
@ -176,10 +184,40 @@ in
systemd.user.services.dbus.wantedBy = [ "default.target" ];
programs.dconf.profiles.gdm = pkgs.writeText "dconf-gdm-profile" ''
system-db:local
${gdm}/share/dconf/profile/gdm
programs.dconf.profiles.gdm =
let
customDconf = pkgs.writeTextFile {
name = "gdm-dconf";
destination = "/dconf/gdm-custom";
text = ''
${optionalString (!cfg.gdm.autoSuspend) ''
[org/gnome/settings-daemon/plugins/power]
sleep-inactive-ac-type='nothing'
sleep-inactive-battery-type='nothing'
sleep-inactive-ac-timeout=0
sleep-inactive-battery-timeout=0
''}
'';
};
customDconfDb = pkgs.stdenv.mkDerivation {
name = "gdm-dconf-db";
buildCommand = ''
${pkgs.gnome3.dconf}/bin/dconf compile $out ${customDconf}/dconf
'';
};
in pkgs.stdenv.mkDerivation {
name = "dconf-gdm-profile";
buildCommand = ''
# Check that the GDM profile starts with what we expect.
if [ $(head -n 1 ${gdm}/share/dconf/profile/gdm) != "user-db:user" ]; then
echo "GDM dconf profile changed, please update gdm.nix"
exit 1
fi
# Insert our custom DB behind it.
sed '2ifile-db:${customDconfDb}' ${gdm}/share/dconf/profile/gdm > $out
'';
};
# Use AutomaticLogin if delay is zero, because it's immediate.
# Otherwise with TimedLogin with zero seconds the prompt is still

52
nixos/modules/services/x11/redshift.nix
View File

@ -5,6 +5,7 @@ with lib;
let
cfg = config.services.redshift;
lcfg = config.location;
in {
@ -18,35 +19,6 @@ in {
'';
};
latitude = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Your current latitude, between
<literal>-90.0</literal> and <literal>90.0</literal>. Must be provided
along with longitude.
'';
};
longitude = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Your current longitude, between
between <literal>-180.0</literal> and <literal>180.0</literal>. Must be
provided along with latitude.
'';
};
provider = mkOption {
type = types.enum [ "manual" "geoclue2" ];
default = "manual";
description = ''
The location provider to use for determining your location. If set to
<literal>manual</literal> you must also provide latitude/longitude.
'';
};
temperature = {
day = mkOption {
type = types.int;
@ -106,33 +78,19 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion =
if cfg.provider == "manual"
then (cfg.latitude != null && cfg.longitude != null)
else (cfg.latitude == null && cfg.longitude == null);
message = "Latitude and longitude must be provided together, and with provider set to null.";
}
];
# needed so that .desktop files are installed, which geoclue cares about
environment.systemPackages = [ cfg.package ];
services.geoclue2 = mkIf (cfg.provider == "geoclue2") {
enable = true;
appConfig."redshift" = {
services.geoclue2.appConfig."redshift" = {
isAllowed = true;
isSystem = true;
};
};
systemd.user.services.redshift =
let
providerString =
if cfg.provider == "manual"
then "${cfg.latitude}:${cfg.longitude}"
else cfg.provider;
providerString = if lcfg.provider == "manual"
then "${toString lcfg.latitude}:${toString lcfg.longitude}"
else lcfg.provider;
in
{
description = "Redshift colour temperature adjuster";

2
nixos/modules/services/x11/xserver.nix
View File

@ -714,7 +714,7 @@ in
nativeBuildInputs = [ pkgs.xkbvalidate ];
preferLocalBuild = true;
} ''
validate "$xkbModel" "$layout" "$xkbVariant" "$xkbOptions"
xkbvalidate "$xkbModel" "$layout" "$xkbVariant" "$xkbOptions"
touch "$out"
'');

4
nixos/modules/system/activation/top-level.nix
View File

@ -46,8 +46,8 @@ let
ln -s ${kernelPath} $out/kernel
ln -s ${config.system.modulesTree} $out/kernel-modules
${optionalString (pkgs.stdenv.hostPlatform.platform.kernelDTB or false) ''
ln -s ${config.boot.kernelPackages.kernel}/dtbs $out/dtbs
${optionalString (config.hardware.deviceTree.package != null) ''
ln -s ${config.hardware.deviceTree.package} $out/dtbs
''}
echo -n "$kernelParams" > $out/kernel-params

9
nixos/modules/system/boot/binfmt.nix
View File

@ -115,6 +115,14 @@ let
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
wasm32-wasi = {
magicOrExtension = ''\x00asm'';
mask = ''\xff\xff\xff\xff'';
};
wasm64-wasi = {
magicOrExtension = ''\x00asm'';
mask = ''\xff\xff\xff\xff'';
};
x86_64-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
@ -226,6 +234,7 @@ in {
emulatedSystems = mkOption {
default = [];
example = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];
description = ''
List of systems to emulate. Will also configure Nix to
support your new systems.

5
nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh
View File

@ -75,9 +75,8 @@ addEntry() {
copyToKernelsDir "$path/kernel"; kernel=$result
copyToKernelsDir "$path/initrd"; initrd=$result
# XXX UGLY: maybe the system config should have a top-level "dtbs" entry?
dtbDir=$(readlink -m "$path/kernel/../dtbs")
if [ -d "$dtbDir" ]; then
dtbDir=$(readlink -m "$path/dtbs")
if [ -e "$dtbDir" ]; then
copyToKernelsDir "$dtbDir"; dtbs=$result
fi

2
nixos/modules/system/boot/networkd.nix
View File

@ -10,7 +10,7 @@ let
checkLink = checkUnitConfig "Link" [
(assertOnlyFields [
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "Name"
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "OriginalName"
"MTUBytes" "BitsPerSecond" "Duplex" "AutoNegotiation" "WakeOnLan" "Port"
"TCPSegmentationOffload" "TCP6SegmentationOffload" "GenericSegmentationOffload"
"GenericReceiveOffload" "LargeReceiveOffload" "RxChannels" "TxChannels"

8
nixos/modules/system/boot/stage-1.nix
View File

@ -217,13 +217,11 @@ let
--replace ata_id ${extraUtils}/bin/ata_id \
--replace scsi_id ${extraUtils}/bin/scsi_id \
--replace cdrom_id ${extraUtils}/bin/cdrom_id \
--replace ${pkgs.utillinux}/sbin/blkid ${extraUtils}/bin/blkid \
--replace /sbin/blkid ${extraUtils}/bin/blkid \
--replace ${pkgs.coreutils}/bin/basename ${extraUtils}/bin/basename \
--replace ${pkgs.utillinux}/bin/blkid ${extraUtils}/bin/blkid \
--replace ${pkgs.lvm2}/sbin ${extraUtils}/bin \
--replace /sbin/mdadm ${extraUtils}/bin/mdadm \
--replace ${pkgs.mdadm}/sbin ${extraUtils}/sbin \
--replace ${pkgs.bash}/bin/sh ${extraUtils}/bin/sh \
--replace /usr/bin/readlink ${extraUtils}/bin/readlink \
--replace /usr/bin/basename ${extraUtils}/bin/basename \
--replace ${udev}/bin/udevadm ${extraUtils}/bin/udevadm
done

2
nixos/modules/system/boot/systemd-unit-options.nix
View File

@ -226,7 +226,7 @@ in rec {
environment = mkOption {
default = {};
type = with types; attrsOf (nullOr (either str (either path package)));
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
description = "Environment variables passed to the service's processes.";
};

38
nixos/modules/system/boot/systemd.nix
View File

@ -427,7 +427,8 @@ in
systemd.packages = mkOption {
default = [];
type = types.listOf types.package;
description = "Packages providing systemd units.";
example = literalExample "[ pkgs.systemd-cryptsetup-generator ]";
description = "Packages providing systemd units and hooks.";
};
systemd.targets = mkOption {
@ -497,11 +498,14 @@ in
'';
};
systemd.generator-packages = mkOption {
default = [];
type = types.listOf types.package;
example = literalExample "[ pkgs.systemd-cryptsetup-generator ]";
description = "Packages providing systemd generators.";
systemd.shutdown = mkOption {
type = types.attrsOf types.path;
default = {};
description = ''
Definition of systemd shutdown executables.
For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from
<literal>/etc/systemd/system-shutdown/NAME</literal> to <literal>VALUE</literal>.
'';
};
systemd.defaultUnit = mkOption {
@ -520,7 +524,7 @@ in
};
systemd.globalEnvironment = mkOption {
type = with types; attrsOf (nullOr (either str (either path package)));
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
default = {};
example = { TZ = "CET"; };
description = ''
@ -761,18 +765,21 @@ in
environment.systemPackages = [ systemd ];
environment.etc = let
# generate contents for /etc/systemd/system-generators from
# systemd.generators and systemd.generator-packages
generators = pkgs.runCommand "system-generators" {
# generate contents for /etc/systemd/system-${type} from attrset of links and packages
hooks = type: links: pkgs.runCommand "system-${type}" {
preferLocalBuild = true;
packages = cfg.generator-packages;
packages = cfg.packages;
} ''
set -e
mkdir -p $out
for package in $packages
do
ln -s $package/lib/systemd/system-generators/* $out/
done;
${concatStrings (mapAttrsToList (generator: target: "ln -s ${target} $out/${generator};\n") cfg.generators)}
for hook in $package/lib/systemd/system-${type}/*
do
ln -s $hook $out/
done
done
${concatStrings (mapAttrsToList (exec: target: "ln -s ${target} $out/${exec};\n") links)}
'';
in ({
"systemd/system".source = generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants;
@ -834,7 +841,8 @@ in
${concatStringsSep "\n" cfg.tmpfiles.rules}
'';
"systemd/system-generators" = { source = generators; };
"systemd/system-generators" = { source = hooks "generators" cfg.generators; };
"systemd/system-shutdown" = { source = hooks "shutdown" cfg.shutdown; };
});
services.dbus.enable = true;

1
nixos/modules/tasks/filesystems/nfs.nix
View File

@ -56,7 +56,6 @@ in
boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ];
systemd.packages = [ pkgs.nfs-utils ];
systemd.generator-packages = [ pkgs.nfs-utils ];
environment.etc = {
"idmapd.conf".source = idmapdConfFile;

43
nixos/modules/tasks/swraid.nix
View File

@ -6,51 +6,12 @@
services.udev.packages = [ pkgs.mdadm ];
systemd.packages = [ pkgs.mdadm ];
boot.initrd.availableKernelModules = [ "md_mod" "raid0" "raid1" "raid10" "raid456" ];
boot.initrd.extraUdevRulesCommands = ''
cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/
'';
systemd.services.mdadm-shutdown = {
wantedBy = [ "final.target"];
after = [ "umount.target" ];
unitConfig = {
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.mdadm}/bin/mdadm --wait-clean --scan'';
};
};
systemd.services."mdmon@" = {
description = "MD Metadata Monitor on /dev/%I";
unitConfig.DefaultDependencies = false;
serviceConfig = {
Type = "forking";
Environment = "IMSM_NO_PLATFORM=1";
ExecStart = ''${pkgs.mdadm}/bin/mdmon --offroot --takeover %I'';
KillMode = "none";
};
};
systemd.services."mdadm-grow-continue@" = {
description = "Manage MD Reshape on /dev/%I";
unitConfig.DefaultDependencies = false;
serviceConfig = {
ExecStart = ''${pkgs.mdadm}/bin/mdadm --grow --continue /dev/%I'';
StandardInput = "null";
StandardOutput = "null";
StandardError = "null";
KillMode = "none";
};
};
}

3
nixos/modules/virtualisation/amazon-image.nix
View File

@ -35,8 +35,7 @@ in
autoResize = true;
};
boot.extraModulePackages =
[ config.boot.kernelPackages.ixgbevf
boot.extraModulePackages = [
config.boot.kernelPackages.ena
];
boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ];

7
nixos/release-combined.nix
View File

@ -68,8 +68,9 @@ in rec {
nixos.tests.chromium.x86_64-linux or []
(all nixos.tests.firefox)
(all nixos.tests.firewall)
(except ["aarch64-linux"] nixos.tests.gnome3)
(except ["aarch64-linux"] nixos.tests.pantheon)
(all nixos.tests.gnome3-xorg)
(all nixos.tests.gnome3)
(all nixos.tests.pantheon)
nixos.tests.installer.zfsroot.x86_64-linux or [] # ZFS is 64bit only
(except ["aarch64-linux"] nixos.tests.installer.lvm)
(except ["aarch64-linux"] nixos.tests.installer.luksroot)
@ -103,7 +104,7 @@ in rec {
#(all nixos.tests.keymap.neo)
#(all nixos.tests.keymap.qwertz)
(all nixos.tests.plasma5)
#(all nixos.tests.lightdm)
(all nixos.tests.lightdm)
(all nixos.tests.login)
(all nixos.tests.misc)
(all nixos.tests.mutableUsers)

10
nixos/tests/all-tests.nix
View File

@ -56,7 +56,7 @@ in
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
containers-restart_networking = handleTest ./containers-restart_networking.nix {};
containers-tmpfs = handleTest ./containers-tmpfs.nix {};
#couchdb = handleTest ./couchdb.nix {}; # spidermonkey-1.8.5 is marked as broken
couchdb = handleTest ./couchdb.nix {};
deluge = handleTest ./deluge.nix {};
dhparams = handleTest ./dhparams.nix {};
dnscrypt-proxy = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy.nix {};
@ -93,8 +93,8 @@ in
gitlab = handleTest ./gitlab.nix {};
gitolite = handleTest ./gitolite.nix {};
gjs = handleTest ./gjs.nix {};
gnome3 = handleTestOn ["x86_64-linux"] ./gnome3.nix {}; # libsmbios is unsupported on aarch64
gnome3-gdm = handleTestOn ["x86_64-linux"] ./gnome3-gdm.nix {}; # libsmbios is unsupported on aarch64
gnome3-xorg = handleTest ./gnome3-xorg.nix {};
gnome3 = handleTest ./gnome3.nix {};
gocd-agent = handleTest ./gocd-agent.nix {};
gocd-server = handleTest ./gocd-server.nix {};
google-oslogin = handleTest ./google-oslogin {};
@ -139,7 +139,7 @@ in
ldap = handleTest ./ldap.nix {};
leaps = handleTest ./leaps.nix {};
lidarr = handleTest ./lidarr.nix {};
#lightdm = handleTest ./lightdm.nix {};
lightdm = handleTest ./lightdm.nix {};
limesurvey = handleTest ./limesurvey.nix {};
login = handleTest ./login.nix {};
loki = handleTest ./loki.nix {};
@ -183,6 +183,7 @@ in
nginx = handleTest ./nginx.nix {};
nginx-sso = handleTest ./nginx-sso.nix {};
nix-ssh-serve = handleTest ./nix-ssh-serve.nix {};
nixos-generate-config = handleTest ./nixos-generate-config.nix {};
novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
nsd = handleTest ./nsd.nix {};
nzbget = handleTest ./nzbget.nix {};
@ -209,6 +210,7 @@ in
plotinus = handleTest ./plotinus.nix {};
postgis = handleTest ./postgis.nix {};
postgresql = handleTest ./postgresql.nix {};
postgresql-wal-receiver = handleTest ./postgresql-wal-receiver.nix {};
powerdns = handleTest ./powerdns.nix {};
predictable-interface-names = handleTest ./predictable-interface-names.nix {};
printing = handleTest ./printing.nix {};

63
nixos/tests/gnome3-gdm.nix
View File

@ -1,63 +0,0 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "gnome3-gdm";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lethalman ];
};
machine =
{ ... }:
{ imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.displayManager.gdm = {
enable = true;
autoLogin = {
enable = true;
user = "alice";
};
};
services.xserver.desktopManager.gnome3.enable = true;
virtualisation.memorySize = 1024;
};
testScript = let
# Keep line widths somewhat managable
bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus";
gdbus = "${bus} gdbus";
# Call javascript in gnome shell, returns a tuple (success, output), where
# `success` is true if the dbus call was successful and output is what the
# javascript evaluates to.
eval = "call --session -d org.gnome.Shell -o /org/gnome/Shell -m org.gnome.Shell.Eval";
# False when startup is done
startingUp = "${gdbus} ${eval} Main.layoutManager._startingUp";
# Hopefully gnome-terminal's wm class
wmClass = "${gdbus} ${eval} global.display.focus_window.wm_class";
in ''
# wait for gdm to start
$machine->waitForUnit("display-manager.service");
# wait for alice to be logged in
$machine->waitForUnit("default.target","alice");
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
# Wait for the wayland server
$machine->waitForFile("/run/user/1000/wayland-0");
# Wait for gnome shell, correct output should be "(true, 'false')"
$machine->waitUntilSucceeds("su - alice -c '${startingUp} | grep -q true,..false'");
# open a terminal
$machine->succeed("su - alice -c '${bus} gnome-terminal'");
# and check it's there
$machine->waitUntilSucceeds("su - alice -c '${wmClass} | grep -q gnome-terminal-server'");
# wait to get a nice screenshot
$machine->sleep(20);
$machine->screenshot("screen");
'';
})

41
nixos/tests/gnome3-xorg.nix Normal file
View File

@ -0,0 +1,41 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "gnome3-xorg";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = pkgs.gnome3.maintainers;
};
machine =
{ ... }:
{ imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = false;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.displayManager.lightdm.autoLogin.enable = true;
services.xserver.displayManager.lightdm.autoLogin.user = "alice";
services.xserver.desktopManager.gnome3.enable = true;
services.xserver.desktopManager.default = "gnome-xorg";
virtualisation.memorySize = 1024;
};
testScript =
''
$machine->waitForX;
# wait for alice to be logged in
$machine->waitForUnit("default.target","alice");
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
$machine->succeed("xauth merge ~alice/.Xauthority");
$machine->waitForWindow(qr/alice.*machine/);
$machine->succeed("timeout 900 bash -c 'while read msg; do if [[ \$msg =~ \"GNOME Shell started\" ]]; then break; fi; done < <(journalctl -f)'");
$machine->sleep(10);
$machine->screenshot("screen");
'';
})

Some files were not shown because too many files have changed in this diff Show More