JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

treewide: use attrs instead of list for types.loaOf options

Browse Source
This commit is contained in:
rnhmjoj 2019-09-14 19:51:29 +02:00 committed by worldofpeace
parent 6bd13ccd8e
commit 1d61efb7f1
153 changed files with 811 additions and 1006 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/config/i18n.nix
View File

@ -80,14 +80,11 @@ with lib;
};
# /etc/locale.conf is used by systemd.
environment.etc = singleton
{ target = "locale.conf";
source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
'';
};
environment.etc."locale.conf".source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
'';
};
}

4
nixos/modules/config/ldap.nix
View File

@ -224,7 +224,9 @@ in
config = mkIf cfg.enable {
environment.etc = optional (!cfg.daemon.enable) ldapConfig;
environment.etc = optionalAttrs (!cfg.daemon.enable) {
"ldap.conf" = ldapConfig;
};
system.activationScripts = mkIf (!cfg.daemon.enable) {
ldap = stringAfter [ "etc" "groups" "users" ] ''

27
nixos/modules/config/pulseaudio.nix
View File

@ -215,9 +215,8 @@ in {
config = mkMerge [
{
environment.etc = singleton {
target = "pulse/client.conf";
source = clientConf;
environment.etc = {
"pulse/client.conf".source = clientConf;
};
hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";
@ -228,19 +227,16 @@ in {
sound.enable = true;
environment.etc = [
{ target = "asound.conf";
source = alsaConf; }
environment.etc = {
"asound.conf".source = alsaConf;
{ target = "pulse/daemon.conf";
source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); }
"pulse/daemon.conf".source = writeText "daemon.conf"
(lib.generators.toKeyValue {} cfg.daemon.config);
{ target = "openal/alsoft.conf";
source = writeText "alsoft.conf" "drivers=pulse"; }
"openal/alsoft.conf".source = writeText "alsoft.conf" "drivers=pulse";
{ target = "libao.conf";
source = writeText "libao.conf" "default_driver=pulse"; }
];
"libao.conf".source = writeText "libao.conf" "default_driver=pulse";
};
# Disable flat volumes to enable relative ones
hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";
@ -275,9 +271,8 @@ in {
})
(mkIf nonSystemWide {
environment.etc = singleton {
target = "pulse/default.pa";
source = myConfigFile;
environment.etc = {
"pulse/default.pa".source = myConfigFile;
};
systemd.user = {
services.pulseaudio = {

5
nixos/modules/installer/cd-dvd/system-tarball-pc.nix
View File

@ -122,11 +122,10 @@ in
/* fake entry, just to have a happy stage-1. Users
may boot without having stage-1 though */
fileSystems = [
fileSystems.fake =
{ mountPoint = "/";
device = "/dev/something";
}
];
};
nixpkgs.config = {
packageOverrides = p: {

5
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -117,11 +117,10 @@ in
/* fake entry, just to have a happy stage-1. Users
may boot without having stage-1 though */
fileSystems = [
fileSystems.fake =
{ mountPoint = "/";
device = "/dev/something";
}
];
};
services.mingetty = {
# Some more help text.

2
nixos/modules/installer/cd-dvd/system-tarball.nix
View File

@ -41,7 +41,7 @@ in
# In stage 1 of the boot, mount the CD/DVD as the root FS by label
# so that we don't need to know its device.
fileSystems = [ ];
fileSystems = { };
# boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];

9
nixos/modules/programs/dconf.nix
View File

@ -6,7 +6,10 @@ let
cfg = config.programs.dconf;
mkDconfProfile = name: path:
{ source = path; target = "dconf/profile/${name}"; };
{
name = "dconf/profile/${name}";
value.source = path;
};
in
{
@ -29,8 +32,8 @@ in
###### implementation
config = mkIf (cfg.profiles != {} || cfg.enable) {
environment.etc = optionals (cfg.profiles != {})
(mapAttrsToList mkDconfProfile cfg.profiles);
environment.etc = optionalAttrs (cfg.profiles != {})
(mapAttrs' mkDconfProfile cfg.profiles);
services.dbus.packages = [ pkgs.dconf ];

26
nixos/modules/programs/shadow.nix
View File

@ -76,22 +76,18 @@ in
config.users.defaultUserShell;
environment.etc =
[ { # /etc/login.defs: global configuration for pwdutils. You
# cannot login without it!
source = pkgs.writeText "login.defs" loginDefs;
target = "login.defs";
}
{ # /etc/login.defs: global configuration for pwdutils. You
# cannot login without it!
"login.defs".source = pkgs.writeText "login.defs" loginDefs;
{ # /etc/default/useradd: configuration for useradd.
source = pkgs.writeText "useradd"
''
GROUP=100
HOME=/home
SHELL=${utils.toShellPath config.users.defaultUserShell}
'';
target = "default/useradd";
}
];
# /etc/default/useradd: configuration for useradd.
"default/useradd".source = pkgs.writeText "useradd"
''
GROUP=100
HOME=/home
SHELL=${utils.toShellPath config.users.defaultUserShell}
'';
};
security.pam.services =
{ chsh = { rootOK = true; };

28
nixos/modules/security/duosec.nix
View File

@ -25,19 +25,21 @@ let
accept_env_factor=${boolToStr cfg.acceptEnvFactor}
'';
loginCfgFile = optional cfg.ssh.enable
{ source = pkgs.writeText "login_duo.conf" configFileLogin;
mode = "0600";
user = "sshd";
target = "duo/login_duo.conf";
};
loginCfgFile = optionalAttrs cfg.ssh.enable {
"duo/login_duo.conf" =
{ source = pkgs.writeText "login_duo.conf" configFileLogin;
mode = "0600";
user = "sshd";
};
};
pamCfgFile = optional cfg.pam.enable
{ source = pkgs.writeText "pam_duo.conf" configFilePam;
mode = "0600";
user = "sshd";
target = "duo/pam_duo.conf";
};
pamCfgFile = optional cfg.pam.enable {
"duo/pam_duo.conf" =
{ source = pkgs.writeText "pam_duo.conf" configFilePam;
mode = "0600";
user = "sshd";
};
};
in
{
options = {
@ -186,7 +188,7 @@ in
environment.systemPackages = [ pkgs.duo-unix ];
security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";
environment.etc = loginCfgFile ++ pamCfgFile;
environment.etc = loginCfgFile // pamCfgFile;
/* If PAM *and* SSH are enabled, then don't do anything special.
If PAM isn't used, set the default SSH-only options. */

9
nixos/modules/security/pam.nix
View File

@ -475,9 +475,9 @@ let
motd = pkgs.writeText "motd" config.users.motd;
makePAMService = pamService:
{ source = pkgs.writeText "${pamService.name}.pam" pamService.text;
target = "pam.d/${pamService.name}";
makePAMService = name: service:
{ name = "pam.d/${name}";
value.source = pkgs.writeText "${name}.pam" service.text;
};
in
@ -760,8 +760,7 @@ in
};
};
environment.etc =
mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
environment.etc = mapAttrs' makePAMService config.security.pam.services;
security.pam.services =
{ other.text =

5
nixos/modules/security/pam_mount.nix
View File

@ -36,8 +36,7 @@ in
config = mkIf (cfg.enable || anyPamMount) {
environment.systemPackages = [ pkgs.pam_mount ];
environment.etc = [{
target = "security/pam_mount.conf.xml";
environment.etc."security/pam_mount.conf.xml" = {
source =
let
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
@ -66,7 +65,7 @@ in
${concatStringsSep "\n" cfg.extraVolumes}
</pam_mount>
'';
}];
};
};
}

5
nixos/modules/security/rtkit.nix
View File

@ -34,9 +34,8 @@ with lib;
services.dbus.packages = [ pkgs.rtkit ];
users.users = singleton
{ name = "rtkit";
uid = config.ids.uids.rtkit;
users.users.rtkit =
{ uid = config.ids.uids.rtkit;
description = "RealtimeKit daemon";
};

3
nixos/modules/security/sudo.nix
View File

@ -212,7 +212,7 @@ in
security.pam.services.sudo = { sshAgentAuth = true; };
environment.etc = singleton
environment.etc.sudoers =
{ source =
pkgs.runCommand "sudoers"
{
@ -222,7 +222,6 @@ in
# Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66)
"${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";
target = "sudoers";
mode = "0440";
};

24
nixos/modules/services/audio/mpd.nix
View File

@ -184,19 +184,19 @@ in {
};
};
users.users = optionalAttrs (cfg.user == name) (singleton {
inherit uid;
inherit name;
group = cfg.group;
extraGroups = [ "audio" ];
description = "Music Player Daemon user";
home = "${cfg.dataDir}";
});
users.users = optionalAttrs (cfg.user == name) {
${name} = {
inherit uid;
group = cfg.group;
extraGroups = [ "audio" ];
description = "Music Player Daemon user";
home = "${cfg.dataDir}";
};
};
users.groups = optionalAttrs (cfg.group == name) (singleton {
inherit name;
gid = gid;
});
users.groups = optionalAttrs (cfg.group == name) {
${name}.gid = gid;
};
};
}

7
nixos/modules/services/backup/mysql-backup.nix
View File

@ -84,13 +84,14 @@ in
};
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == defaultUser) (singleton
{ name = defaultUser;
users.users = optionalAttrs (cfg.user == defaultUser) {
${defaultUser} = {
isSystemUser = true;
createHome = false;
home = cfg.location;
group = "nogroup";
});
};
};
services.mysql.ensureUsers = [{
name = cfg.user;

3
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -266,8 +266,7 @@ in {
"d /var/lib/kubernetes 0755 kubernetes kubernetes -"
];
users.users = singleton {
name = "kubernetes";
users.users.kubernetes = {
uid = config.ids.uids.kubernetes;
description = "Kubernetes user";
extraGroups = [ "docker" ];

21
nixos/modules/services/continuous-integration/buildbot/master.nix
View File

@ -223,18 +223,19 @@ in {
config = mkIf cfg.enable {
users.groups = optional (cfg.group == "buildbot") {
name = "buildbot";
buildbot = { };
};
users.users = optional (cfg.user == "buildbot") {
name = "buildbot";
description = "Buildbot User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
users.users = optionalAttrs (cfg.user == "buildbot") {
buildbot = {
description = "Buildbot User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
};
};
systemd.services.buildbot-master = {

21
nixos/modules/services/continuous-integration/buildbot/worker.nix
View File

@ -137,18 +137,19 @@ in {
services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);
users.groups = optional (cfg.group == "bbworker") {
name = "bbworker";
bbworker = { };
};
users.users = optional (cfg.user == "bbworker") {
name = "bbworker";
description = "Buildbot Worker User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
users.users = optionalAttrs (cfg.user == "bbworker") {
bbworker = {
description = "Buildbot Worker User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
};
};
systemd.services.buildbot-worker = {

24
nixos/modules/services/continuous-integration/gocd-agent/default.nix
View File

@ -135,20 +135,20 @@ in {
};
config = mkIf cfg.enable {
users.groups = optional (cfg.group == "gocd-agent") {
name = "gocd-agent";
gid = config.ids.gids.gocd-agent;
users.groups = optionalAttrs (cfg.group == "gocd-agent") {
gocd-agent.gid = config.ids.gids.gocd-agent;
};
users.users = optional (cfg.user == "gocd-agent") {
name = "gocd-agent";
description = "gocd-agent user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-agent;
users.users = optionalAttrs (cfg.user == "gocd-agent") {
gocd-agent = {
description = "gocd-agent user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-agent;
};
};
systemd.services.gocd-agent = {

24
nixos/modules/services/continuous-integration/gocd-server/default.nix
View File

@ -143,20 +143,20 @@ in {
};
config = mkIf cfg.enable {
users.groups = optional (cfg.group == "gocd-server") {
name = "gocd-server";
gid = config.ids.gids.gocd-server;
users.groups = optionalAttrs (cfg.group == "gocd-server") {
gocd-server.gid = config.ids.gids.gocd-server;
};
users.users = optional (cfg.user == "gocd-server") {
name = "gocd-server";
description = "gocd-server user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-server;
users.users = optionalAttrs (cfg.user == "gocd-server") {
gocd-server = {
description = "gocd-server user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-server;
};
};
systemd.services.gocd-server = {

24
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -150,20 +150,20 @@ in {
pkgs.dejavu_fonts
];
users.groups = optional (cfg.group == "jenkins") {
name = "jenkins";
gid = config.ids.gids.jenkins;
users.groups = optionalAttrs (cfg.group == "jenkins") {
jenkins.gid = config.ids.gids.jenkins;
};
users.users = optional (cfg.user == "jenkins") {
name = "jenkins";
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
users.users = optionalAttrs (cfg.user == "jenkins") {
jenkins = {
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
};
};
systemd.services.jenkins = {

20
nixos/modules/services/continuous-integration/jenkins/slave.nix
View File

@ -51,18 +51,18 @@ in {
config = mkIf (cfg.enable && !masterCfg.enable) {
users.groups = optional (cfg.group == "jenkins") {
name = "jenkins";
gid = config.ids.gids.jenkins;
jenkins.gid = config.ids.gids.jenkins;
};
users.users = optional (cfg.user == "jenkins") {
name = "jenkins";
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
users.users = optionalAttrs (cfg.user == "jenkins") {
jenkins = {
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
};
};
};
}

14
nixos/modules/services/databases/cockroachdb.nix
View File

@ -171,17 +171,17 @@ in
environment.systemPackages = [ crdb ];
users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton
{ name = "cockroachdb";
users.users = optionalAttrs (cfg.user == "cockroachdb") {
cockroachdb = {
description = "CockroachDB Server User";
uid = config.ids.uids.cockroachdb;
group = cfg.group;
});
};
};
users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton
{ name = "cockroachdb";
gid = config.ids.gids.cockroachdb;
});
users.groups = optionalAttrs (cfg.group == "cockroachdb") {
cockroachdb.gid = config.ids.gids.cockroachdb;
};
networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts
[ cfg.http.port cfg.listen.port ];

14
nixos/modules/services/databases/foundationdb.nix
View File

@ -341,17 +341,17 @@ in
environment.systemPackages = [ pkg ];
users.users = optionalAttrs (cfg.user == "foundationdb") (singleton
{ name = "foundationdb";
users.users = optionalAttrs (cfg.user == "foundationdb") {
foundationdb = {
description = "FoundationDB User";
uid = config.ids.uids.foundationdb;
group = cfg.group;
});
};
};
users.groups = optionalAttrs (cfg.group == "foundationdb") (singleton
{ name = "foundationdb";
gid = config.ids.gids.foundationdb;
});
users.groups = optionalAttrs (cfg.group == "foundationdb") {
foundationdb.gid = config.ids.gids.foundationdb;
};
networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall
[ { from = cfg.listenPortStart;

14
nixos/modules/services/databases/influxdb.nix
View File

@ -182,15 +182,15 @@ in
'';
};
users.users = optional (cfg.user == "influxdb") {
name = "influxdb";
uid = config.ids.uids.influxdb;
description = "Influxdb daemon user";
users.users = optionalAttrs (cfg.user == "influxdb") {
influxdb = {
uid = config.ids.uids.influxdb;
description = "Influxdb daemon user";
};
};
users.groups = optional (cfg.group == "influxdb") {
name = "influxdb";
gid = config.ids.gids.influxdb;
users.groups = optionalAttrs (cfg.group == "influxdb") {
influxdb.gid = config.ids.gids.influxdb;
};
};

7
nixos/modules/services/databases/memcached.nix
View File

@ -64,10 +64,9 @@ in
config = mkIf config.services.memcached.enable {
users.users = optional (cfg.user == "memcached") {
name = "memcached";
description = "Memcached server user";
isSystemUser = true;
users.users = optionalAttrs (cfg.user == "memcached") {
memcached.description = "Memcached server user";
memcached.isSystemUser = true;
};
environment.systemPackages = [ memcached ];

3
nixos/modules/services/databases/neo4j.nix
View File

@ -650,8 +650,7 @@ in {
environment.systemPackages = [ cfg.package ];
users.users = singleton {
name = "neo4j";
users.users.neo4j = {
uid = config.ids.uids.neo4j;
description = "Neo4j daemon user";
home = cfg.directories.home;

5
nixos/modules/services/databases/virtuoso.nix
View File

@ -54,9 +54,8 @@ with lib;
config = mkIf cfg.enable {
users.users = singleton
{ name = virtuosoUser;
uid = config.ids.uids.virtuoso;
users.users.${virtuosoUser} =
{ uid = config.ids.uids.virtuoso;
description = "virtuoso user";
home = stateDir;
};

15
nixos/modules/services/editors/infinoted.nix
View File

@ -111,14 +111,15 @@ in {
};
config = mkIf (cfg.enable) {
users.users = optional (cfg.user == "infinoted")
{ name = "infinoted";
description = "Infinoted user";
group = cfg.group;
isSystemUser = true;
users.users = optionalAttrs (cfg.user == "infinoted")
{ infinoted = {
description = "Infinoted user";
group = cfg.group;
isSystemUser = true;
};
};
users.groups = optional (cfg.group == "infinoted")
{ name = "infinoted";
users.groups = optionalAttrs (cfg.group == "infinoted")
{ infinoted = { };
};
systemd.services.infinoted =

6
nixos/modules/services/hardware/bluetooth.nix
View File

@ -74,9 +74,9 @@ in {
environment.systemPackages = [ bluez-bluetooth ];
environment.etc = singleton {
source = pkgs.writeText "main.conf" (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
target = "bluetooth/main.conf";
environment.etc."bluetooth/main.conf"= {
source = pkgs.writeText "main.conf"
(generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
};
services.udev.packages = [ bluez-bluetooth ];

11
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
View File

@ -67,11 +67,11 @@ in
{
options = {
hardware.sane.brscan4.enable =
hardware.sane.brscan4.enable =
mkEnableOption "Brother's brscan4 scan backend" // {
description = ''
When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
backend and bring configuration files to their expected location.
'';
};
@ -95,14 +95,11 @@ in
pkgs.brscan4
];
environment.etc = singleton {
target = "opt/brother/scanner/brscan4";
source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
};
environment.etc."opt/brother/scanner/brscan4" =
{ source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; };
assertions = [
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
message = ''
When describing a network device as part of the attribute list
`hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`

14
nixos/modules/services/hardware/tcsd.nix
View File

@ -137,15 +137,15 @@ in
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
};
users.users = optionalAttrs (cfg.user == "tss") (singleton
{ name = "tss";
users.users = optionalAttrs (cfg.user == "tss") {
tss = {
group = "tss";
uid = config.ids.uids.tss;
});
};
};
users.groups = optionalAttrs (cfg.group == "tss") (singleton
{ name = "tss";
gid = config.ids.gids.tss;
});
users.groups = optionalAttrs (cfg.group == "tss") {
tss.gid = config.ids.gids.tss;
};
};
}

15
nixos/modules/services/hardware/tlp.nix
View File

@ -103,13 +103,14 @@ in
services.udev.packages = [ tlp ];
environment.etc = [{ source = confFile;
target = "default/tlp";
}
] ++ optional enableRDW {
source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
target = "NetworkManager/dispatcher.d/99tlp-rdw-nm";
};
environment.etc =
{
"default/tlp".source = confFile;
} // optionalAttrs enableRDW {
"NetworkManager/dispatcher.d/99tlp-rdw-nm" = {
source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
};
};
environment.systemPackages = [ tlp ];

11
nixos/modules/services/hardware/udev.nix
View File

@ -281,13 +281,10 @@ in
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
environment.etc =
[ { source = udevRules;
target = "udev/rules.d";
}
{ source = hwdbBin;
target = "udev/hwdb.bin";
}
];
{
"udev/rules.d".source = udevRules;
"udev/hwdb.bin".source = hwdbBin;
};
system.requiredKernelConfig = with config.lib.kernelConfig; [
(isEnabled "UNIX")

13
nixos/modules/services/hardware/usbmuxd.nix
View File

@ -43,15 +43,16 @@ in
config = mkIf cfg.enable {
users.users = optional (cfg.user == defaultUserGroup) {
name = cfg.user;
description = "usbmuxd user";
group = cfg.group;
isSystemUser = true;
users.users = optionalAttrs (cfg.user == defaultUserGroup) {
${cfg.user} = {
description = "usbmuxd user";
group = cfg.group;
isSystemUser = true;
};
};
users.groups = optional (cfg.group == defaultUserGroup) {
name = cfg.group;
${cfg.group} = { };
};
# Give usbmuxd permission for Apple devices

7
nixos/modules/services/logging/logcheck.nix
View File

@ -213,13 +213,14 @@ in
mapAttrsToList writeIgnoreRule cfg.ignore
++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;
users.users = optionalAttrs (cfg.user == "logcheck") (singleton
{ name = "logcheck";
users.users = optionalAttrs (cfg.user == "logcheck") {
logcheck = {
uid = config.ids.uids.logcheck;
shell = "/bin/sh";
description = "Logcheck user account";
extraGroups = cfg.extraGroups;
});
};
};
system.activationScripts.logcheck = ''
mkdir -m 700 -p /var/{lib,lock}/logcheck

50
nixos/modules/services/mail/dovecot.nix
View File

@ -310,36 +310,32 @@ in
++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp";
users.users = [
{ name = "dovenull";
uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins";
group = "dovenull";
}
] ++ optional (cfg.user == "dovecot2")
{ name = "dovecot2";
uid = config.ids.uids.dovecot2;
users.users = {
dovenull =
{ uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins";
group = "dovenull";
};
} // optionalAttrs (cfg.user == "dovecot2") {
dovecot2 =
{ uid = config.ids.uids.dovecot2;
description = "Dovecot user";
group = cfg.group;
}
++ optional (cfg.createMailUser && cfg.mailUser != null)
({ name = cfg.mailUser;
description = "Virtual Mail User";
} // optionalAttrs (cfg.mailGroup != null) {
group = cfg.mailGroup;
});
};
} // optionalAttrs (cfg.createMailUser && cfg.mailUser != null) {
${cfg.mailUser} =
{ description = "Virtual Mail User"; } //
optionalAttrs (cfg.mailGroup != null)
{ group = cfg.mailGroup; };
};
users.groups = optional (cfg.group == "dovecot2")
{ name = "dovecot2";
gid = config.ids.gids.dovecot2;
}
++ optional (cfg.createMailUser && cfg.mailGroup != null)
{ name = cfg.mailGroup;
}
++ singleton
{ name = "dovenull";
gid = config.ids.gids.dovenull2;
};
users.groups = {
dovenull.gid = config.ids.gids.dovenull2;
} // optionalAttrs (cfg.group == "dovecot2") {
dovecot2.gid = config.ids.gids.dovecot2;
} // optionalAttrs (cfg.createMailUser && cfg.mailGroup != null) {
${cfg.mailgroup} = { };
};
environment.etc."dovecot/modules".source = modulesDir;
environment.etc."dovecot/dovecot.conf".source = cfg.configFile;

14
nixos/modules/services/mail/dspam.nix
View File

@ -86,16 +86,16 @@ in {
config = mkIf cfg.enable (mkMerge [
{
users.users = optionalAttrs (cfg.user == "dspam") (singleton
{ name = "dspam";
users.users = optionalAttrs (cfg.user == "dspam") {
dspam = {
group = cfg.group;
uid = config.ids.uids.dspam;
});
};
};
users.groups = optionalAttrs (cfg.group == "dspam") (singleton
{ name = "dspam";
gid = config.ids.gids.dspam;
});
users.groups = optionalAttrs (cfg.group == "dspam") {
dspam.gid = config.ids.gids.dspam;
};
environment.systemPackages = [ dspam ];

6
nixos/modules/services/mail/exim.nix
View File

@ -87,15 +87,13 @@ in
systemPackages = [ cfg.package ];
};
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "Exim mail transfer agent user";
uid = config.ids.uids.exim;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.exim;
};

6
nixos/modules/services/mail/mlmmj.nix
View File

@ -94,8 +94,7 @@ in
config = mkIf cfg.enable {
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "mlmmj user";
home = stateDir;
createHome = true;
@ -104,8 +103,7 @@ in
useDefaultShell = true;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.mlmmj;
};

7
nixos/modules/services/mail/nullmailer.nix
View File

@ -201,15 +201,12 @@ with lib;
};
users = {
users = singleton {
name = cfg.user;
users.${cfg.user} = {
description = "Nullmailer relay-only mta user";
group = cfg.group;
};
groups = singleton {
name = cfg.group;
};
groups.${cfg.group} = { };
};
systemd.tmpfiles.rules = [

14
nixos/modules/services/mail/opendkim.nix
View File

@ -91,16 +91,16 @@ in {
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "opendkim") (singleton
{ name = "opendkim";
users.users = optionalAttrs (cfg.user == "opendkim") {
opendkim = {
group = cfg.group;
uid = config.ids.uids.opendkim;
});
};
};
users.groups = optionalAttrs (cfg.group == "opendkim") (singleton
{ name = "opendkim";
gid = config.ids.gids.opendkim;
});
users.groups = optionalAttrs (cfg.group == "opendkim") {
opendkimgid = config.ids.gids.opendkim;
};
environment.systemPackages = [ pkgs.opendkim ];

21
nixos/modules/services/mail/postfix.nix
View File

@ -655,21 +655,20 @@ in
setgid = true;
};
users.users = optional (user == "postfix")
{ name = "postfix";
description = "Postfix mail server user";
uid = config.ids.uids.postfix;
group = group;
users.users = optionalAttrs (user == "postfix")
{ postfix = {
description = "Postfix mail server user";
uid = config.ids.uids.postfix;
group = group;
};
};
users.groups =
optional (group == "postfix")
{ name = group;
gid = config.ids.gids.postfix;
optionalAttrs (group == "postfix")
{ group.gid = config.ids.gids.postfix;
}
++ optional (setgidGroup == "postdrop")
{ name = setgidGroup;
gid = config.ids.gids.postdrop;
++ optionalAttrs (setgidGroup == "postdrop")
{ ${setgidGroup}.gid = config.ids.gids.postdrop;
};
systemd.services.postfix =

14
nixos/modules/services/mail/postsrsd.nix
View File

@ -90,16 +90,16 @@ in {
services.postsrsd.domain = mkDefault config.networking.hostName;
users.users = optionalAttrs (cfg.user == "postsrsd") (singleton
{ name = "postsrsd";
users.users = optionalAttrs (cfg.user == "postsrsd") {
postsrsd = {
group = cfg.group;
uid = config.ids.uids.postsrsd;
});
};
};
users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton
{ name = "postsrsd";
gid = config.ids.gids.postsrsd;
});
users.groups = optionalAttrs (cfg.group == "postsrsd") {
postsrsd.gid = config.ids.gids.postsrsd;
};
systemd.services.postsrsd = {
description = "PostSRSd SRS rewriting server";

6
nixos/modules/services/mail/rspamd.nix
View File

@ -374,15 +374,13 @@ in
# Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ];
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "rspamd daemon";
uid = config.ids.uids.rspamd;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.rspamd;
};

6
nixos/modules/services/mail/spamassassin.nix
View File

@ -128,15 +128,13 @@ in
systemPackages = [ pkgs.spamassassin ];
};
users.users = singleton {
name = "spamd";
users.users.spamd = {
description = "Spam Assassin Daemon";
uid = config.ids.uids.spamd;
group = "spamd";
};
users.groups = singleton {
name = "spamd";
users.groups.spamd = {
gid = config.ids.gids.spamd;
};

3
nixos/modules/services/misc/apache-kafka.nix
View File

@ -124,8 +124,7 @@ in {
environment.systemPackages = [cfg.package];
users.users = singleton {
name = "apache-kafka";
users.users.apache-kafka = {
uid = config.ids.uids.apache-kafka;
description = "Apache Kafka daemon user";
home = head cfg.logDirs;

16
nixos/modules/services/misc/bepasty.nix
View File

@ -168,16 +168,12 @@ in
})
) cfg.servers;
users.users = [{
uid = config.ids.uids.bepasty;
name = user;
group = group;
home = default_home;
}];
users.users.${user} =
{ uid = config.ids.uids.bepasty;
group = group;
home = default_home;
};
users.groups = [{
name = group;
gid = config.ids.gids.bepasty;
}];
users.groups.${group}.gid = config.ids.gids.bepasty;
};
}

7
nixos/modules/services/misc/cgminer.nix
View File

@ -110,11 +110,12 @@ in
config = mkIf config.services.cgminer.enable {
users.users = optionalAttrs (cfg.user == "cgminer") (singleton
{ name = "cgminer";
users.users = optionalAttrs (cfg.user == "cgminer") {
cgminer = {
uid = config.ids.uids.cgminer;
description = "Cgminer user";
});
};
};
environment.systemPackages = [ cfg.package ];

11
nixos/modules/services/misc/couchpotato.nix
View File

@ -29,17 +29,14 @@ in
};
};
users.users = singleton
{ name = "couchpotato";
group = "couchpotato";
users.users.couchpotato =
{ group = "couchpotato";
home = "/var/lib/couchpotato/";
description = "CouchPotato daemon user";
uid = config.ids.uids.couchpotato;
};
users.groups = singleton
{ name = "couchpotato";
gid = config.ids.gids.couchpotato;
};
users.groups.couchpotato =
{ gid = config.ids.gids.couchpotato; };
};
}

10
nixos/modules/services/misc/dictd.nix
View File

@ -45,18 +45,14 @@ in
# get the command line client on system path to make some use of the service
environment.systemPackages = [ pkgs.dict ];
users.users = singleton
{ name = "dictd";
group = "dictd";
users.users.dictd =
{ group = "dictd";
description = "DICT.org dictd server";
home = "${dictdb}/share/dictd";
uid = config.ids.uids.dictd;
};
users.groups = singleton
{ name = "dictd";
gid = config.ids.gids.dictd;
};
users.groups.dictd.gid = config.ids.gids.dictd;
systemd.services.dictd = {
description = "DICT.org Dictionary Server";

3
nixos/modules/services/misc/etcd.nix
View File

@ -186,8 +186,7 @@ in {
environment.systemPackages = [ pkgs.etcdctl ];
users.users = singleton {
name = "etcd";
users.users.etcd = {
uid = config.ids.uids.etcd;
description = "Etcd daemon user";
home = cfg.dataDir;

3
nixos/modules/services/misc/exhibitor.nix
View File

@ -410,8 +410,7 @@ in
sed -i 's/'"$replace_what"'/'"$replace_with"'/g' ${cfg.baseDir}/zookeeper/bin/zk*.sh
'';
};
users.users = singleton {
name = "zookeeper";
users.users.zookeeper = {
uid = config.ids.uids.zookeeper;
description = "Zookeeper daemon user";
home = cfg.baseDir;

10
nixos/modules/services/misc/felix.nix
View File

@ -47,14 +47,10 @@ in
###### implementation
config = mkIf cfg.enable {
users.groups = singleton
{ name = "osgi";
gid = config.ids.gids.osgi;
};
users.groups.osgi.gid = config.ids.gids.osgi;
users.users = singleton
{ name = "osgi";
uid = config.ids.uids.osgi;
users.users.osgi =
{ uid = config.ids.uids.osgi;
description = "OSGi user";
home = "/homeless-shelter";
};

5
nixos/modules/services/misc/folding-at-home.nix
View File

@ -42,9 +42,8 @@ in {
config = mkIf cfg.enable {
users.users = singleton
{ name = fahUser;
uid = config.ids.uids.foldingathome;
users.users.${fahUser} =
{ uid = config.ids.uids.foldingathome;
description = "Folding@Home user";
home = stateDir;
};

14
nixos/modules/services/misc/gitlab.nix
View File

@ -633,20 +633,14 @@ in {
# Use postfix to send out mails.
services.postfix.enable = mkDefault true;
users.users = [
{ name = cfg.user;
group = cfg.group;
users.users.${cfg.user} =
{ group = cfg.group;
home = "${cfg.statePath}/home";
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.gitlab;
}
];
};
users.groups = [
{ name = cfg.group;
gid = config.ids.gids.gitlab;
}
];
users.groups.${cfg.group}.gid = config.ids.gids.gitlab;
systemd.tmpfiles.rules = [
"d /run/gitlab 0755 ${cfg.user} ${cfg.group} -"

10
nixos/modules/services/misc/gpsd.nix
View File

@ -86,17 +86,13 @@ in
config = mkIf cfg.enable {
users.users = singleton
{ name = "gpsd";
inherit uid;
users.users.gpsd =
{ inherit uid;
description = "gpsd daemon user";
home = "/var/empty";
};
users.groups = singleton
{ name = "gpsd";
inherit gid;
};
users.groups.gpsd = { inherit gid; };
systemd.services.gpsd = {
description = "GPSD daemon";

24
nixos/modules/services/misc/headphones.nix
View File

@ -59,19 +59,19 @@ in
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton {
name = name;
uid = config.ids.uids.headphones;
group = cfg.group;
description = "headphones user";
home = cfg.dataDir;
createHome = true;
});
users.users = optionalAttrs (cfg.user == name) {
${name} = {
uid = config.ids.uids.headphones;
group = cfg.group;
description = "headphones user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = optionalAttrs (cfg.group == name) (singleton {
name = name;
gid = config.ids.gids.headphones;
});
users.groups = optionalAttrs (cfg.group == name) {
${name}.gid = config.ids.gids.headphones;
};
systemd.services.headphones = {
description = "Headphones Server";

13
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -657,19 +657,18 @@ in {
};
config = mkIf cfg.enable {
users.users = [
{ name = "matrix-synapse";
users.users.matrix-synapse =
{ name = "";
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse;
} ];
};
users.groups = [
{ name = "matrix-synapse";
gid = config.ids.gids.matrix-synapse;
} ];
users.groups.matrix-synapse = {
gid = config.ids.gids.matrix-synapse;
};
services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
enable = mkDefault true;

24
nixos/modules/services/misc/mediatomb.nix
View File

@ -266,19 +266,19 @@ in {
serviceConfig.User = "${cfg.user}";
};
users.groups = optionalAttrs (cfg.group == "mediatomb") (singleton {
name = "mediatomb";
gid = gid;
});
users.groups = optionalAttrs (cfg.group == "mediatomb") {
mediatomb.gid = gid;
};
users.users = optionalAttrs (cfg.user == "mediatomb") (singleton {
name = "mediatomb";
isSystemUser = true;
group = cfg.group;
home = "${cfg.dataDir}";
createHome = true;
description = "Mediatomb DLNA Server User";
});
users.users = optionalAttrs (cfg.user == "mediatomb") {
mediatomb = {
isSystemUser = true;
group = cfg.group;
home = "${cfg.dataDir}";
createHome = true;
description = "Mediatomb DLNA Server User";
};
};
networking.firewall = {
allowedUDPPorts = [ 1900 cfg.port ];

10
nixos/modules/services/misc/nix-daemon.nix
View File

@ -12,8 +12,9 @@ let
isNix23 = versionAtLeast nixVersion "2.3pre";
makeNixBuildUser = nr:
{ name = "nixbld${toString nr}";
makeNixBuildUser = nr: {
name = "nixbld${toString nr}";
value = {
description = "Nix build user ${toString nr}";
/* For consistency with the setgid(2), setuid(2), and setgroups(2)
@ -23,8 +24,9 @@ let
group = "nixbld";
extraGroups = [ "nixbld" ];
};
};
nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers));
nixConf =
assert versionAtLeast nixVersion "2.2";
@ -445,7 +447,7 @@ in
users.users = nixbldUsers;
services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;
services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;
system.activationScripts.nix = stringAfter [ "etc" "users" ]
''

14
nixos/modules/services/misc/octoprint.nix
View File

@ -86,16 +86,16 @@ in
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "octoprint") (singleton
{ name = "octoprint";
users.users = optionalAttrs (cfg.user == "octoprint") {
octoprint = {
group = cfg.group;
uid = config.ids.uids.octoprint;
});
};
};
users.groups = optionalAttrs (cfg.group == "octoprint") (singleton
{ name = "octoprint";
gid = config.ids.gids.octoprint;
});
users.groups = optionalAttrs (cfg.group == "octoprint") {
octoprint.gid = config.ids.gids.octoprint;
};
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"

14
nixos/modules/services/misc/redmine.nix
View File

@ -367,17 +367,17 @@ in
};
users.users = optionalAttrs (cfg.user == "redmine") (singleton
{ name = "redmine";
users.users = optionalAttrs (cfg.user == "redmine") {
redmine = {
group = cfg.group;
home = cfg.stateDir;
uid = config.ids.uids.redmine;
});
};
};
users.groups = optionalAttrs (cfg.group == "redmine") (singleton
{ name = "redmine";
gid = config.ids.gids.redmine;
});
users.groups = optionalAttrs (cfg.group == "redmine") {
redmine.gid = config.ids.gids.redmine;
};
warnings = optional (cfg.database.password != "")
''config.services.redmine.database.password will be stored as plaintext

5
nixos/modules/services/misc/ripple-data-api.nix
View File

@ -185,9 +185,8 @@ in {
];
};
users.users = singleton
{ name = "ripple-data-api";
description = "Ripple data api user";
users.users.ripple-data-api =
{ description = "Ripple data api user";
uid = config.ids.uids.ripple-data-api;
};
};

5
nixos/modules/services/misc/rippled.nix
View File

@ -406,9 +406,8 @@ in
config = mkIf cfg.enable {
users.users = singleton
{ name = "rippled";
description = "Ripple server user";
users.users.rippled =
{ description = "Ripple server user";
uid = config.ids.uids.rippled;
home = cfg.databasePath;
createHome = true;

13
nixos/modules/services/misc/serviio.nix
View File

@ -63,20 +63,15 @@ in {
};
};
users.users = [
{
name = "serviio";
group = "serviio";
users.users.serviio =
{ group = "serviio";
home = cfg.dataDir;
description = "Serviio Media Server User";
createHome = true;
isSystemUser = true;
}
];
};
users.groups = [
{ name = "serviio";}
];
users.groups.serviio = { };
networking.firewall = {
allowedTCPPorts = [

24
nixos/modules/services/misc/sickbeard.nix
View File

@ -63,19 +63,19 @@ in
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton {
name = name;
uid = config.ids.uids.sickbeard;
group = cfg.group;
description = "sickbeard user";
home = cfg.dataDir;
createHome = true;
});
users.users = optionalAttrs (cfg.user == name) {
${name} = {
uid = config.ids.uids.sickbeard;
group = cfg.group;
description = "sickbeard user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = optionalAttrs (cfg.group == name) (singleton {
name = name;
gid = config.ids.gids.sickbeard;
});
users.groups = optionalAttrs (cfg.group == name) {
${name}.gid = config.ids.gids.sickbeard;
};
systemd.services.sickbeard = {
description = "Sickbeard Server";

3
nixos/modules/services/misc/siproxd.nix
View File

@ -161,8 +161,7 @@ in
config = mkIf cfg.enable {
users.users = singleton {
name = "siproxyd";
users.users.siproxyd = {
uid = config.ids.uids.siproxd;
};

16
nixos/modules/services/misc/taskserver/default.nix
View File

@ -368,16 +368,16 @@ in {
(mkIf cfg.enable {
environment.systemPackages = [ nixos-taskserver ];
users.users = optional (cfg.user == "taskd") {
name = "taskd";
uid = config.ids.uids.taskd;
description = "Taskserver user";
group = cfg.group;
users.users = optionalAttrs (cfg.user == "taskd") {
taskd = {
uid = config.ids.uids.taskd;
description = "Taskserver user";
group = cfg.group;
};
};
users.groups = optional (cfg.group == "taskd") {
name = "taskd";
gid = config.ids.gids.taskd;
users.groups = optionalAttrs (cfg.group == "taskd") {
taskd.gid = config.ids.gids.taskd;
};
services.taskserver.config = {

24
nixos/modules/services/misc/uhub.nix
View File

@ -41,31 +41,31 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the uhub ADC hub.";
description = "Whether to enable the uhub ADC hub.";
};
port = mkOption {
type = types.int;
default = 1511;
description = "TCP port to bind the hub to.";
description = "TCP port to bind the hub to.";
};
address = mkOption {
type = types.str;
default = "any";
description = "Address to bind the hub to.";
description = "Address to bind the hub to.";
};
enableTLS = mkOption {
type = types.bool;
default = false;
description = "Whether to enable TLS support.";
description = "Whether to enable TLS support.";
};
hubConfig = mkOption {
type = types.lines;
default = "";
description = "Contents of uhub configuration file.";
description = "Contents of uhub configuration file.";
};
aclConfig = mkOption {
@ -77,11 +77,11 @@ in
plugins = {
authSqlite = {
enable = mkOption {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Sqlite authentication database plugin";
};
};
file = mkOption {
type = types.path;
example = "/var/db/uhub-users";
@ -161,14 +161,8 @@ in
config = mkIf cfg.enable {
users = {
users = singleton {
name = "uhub";
uid = config.ids.uids.uhub;
};
groups = singleton {
name = "uhub";
gid = config.ids.gids.uhub;
};
users.uhub.uid = config.ids.uids.uhub;
groups.uhub.gid = config.ids.gids.uhub;
};
systemd.services.uhub = {

3
nixos/modules/services/misc/zookeeper.nix
View File

@ -146,8 +146,7 @@ in {
'';
};
users.users = singleton {
name = "zookeeper";
users.users.zookeeper = {
uid = config.ids.uids.zookeeper;
description = "Zookeeper daemon user";
home = cfg.dataDir;

7
nixos/modules/services/monitoring/collectd.nix
View File

@ -129,9 +129,10 @@ in {
};
};
users.users = optional (cfg.user == "collectd") {
name = "collectd";
isSystemUser = true;
users.users = optionalAttrs (cfg.user == "collectd") {
collectd = {
isSystemUser = true;
};
};
};
}

21
nixos/modules/services/monitoring/datadog-agent.nix
View File

@ -22,9 +22,9 @@ let
# Generate Datadog configuration files for each configured checks.
# This works because check configurations have predictable paths,
# and because JSON is a valid subset of YAML.
makeCheckConfigs = entries: mapAttrsToList (name: conf: {
source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
target = "datadog-agent/conf.d/${name}.d/conf.yaml";
makeCheckConfigs = entries: mapAttrs' (name: conf: {
name = "datadog-agent/conf.d/${name}.d/conf.yaml";
value.source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
}) entries;
defaultChecks = {
@ -34,10 +34,11 @@ let
# Assemble all check configurations and the top-level agent
# configuration.
etcfiles = with pkgs; with builtins; [{
source = writeText "datadog.yaml" (toJSON ddConf);
target = "datadog-agent/datadog.yaml";
}] ++ makeCheckConfigs (cfg.checks // defaultChecks);
etcfiles = with pkgs; with builtins;
{ "datadog-agent/datadog.yaml" = {
source = writeText "datadog.yaml" (toJSON ddConf);
};
} // makeCheckConfigs (cfg.checks // defaultChecks);
# Apply the configured extraIntegrations to the provided agent
# package. See the documentation of `dd-agent/integrations-core.nix`
@ -204,7 +205,7 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ];
users.extraUsers.datadog = {
users.users.datadog = {
description = "Datadog Agent User";
uid = config.ids.uids.datadog;
group = "datadog";
@ -212,7 +213,7 @@ in {
createHome = true;
};
users.extraGroups.datadog.gid = config.ids.gids.datadog;
users.groups.datadog.gid = config.ids.gids.datadog;
systemd.services = let
makeService = attrs: recursiveUpdate {
@ -224,7 +225,7 @@ in {
Restart = "always";
RestartSec = 2;
};
restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles;
restartTriggers = [ datadogPkg ] ++ attrNames etcfiles;
} attrs;
in {
datadog-agent = makeService {

60
nixos/modules/services/monitoring/dd-agent/dd-agent.nix
View File

@ -78,37 +78,35 @@ let
etcfiles =
let
defaultConfd = import ./dd-agent-defaults.nix;
in (map (f: { source = "${pkgs.dd-agent}/agent/conf.d-system/${f}";
target = "dd-agent/conf.d/${f}";
}) defaultConfd) ++ [
{ source = ddConf;
target = "dd-agent/datadog.conf";
}
{ source = diskConfig;
target = "dd-agent/conf.d/disk.yaml";
}
{ source = networkConfig;
target = "dd-agent/conf.d/network.yaml";
} ] ++
(optional (cfg.postgresqlConfig != null)
{ source = postgresqlConfig;
target = "dd-agent/conf.d/postgres.yaml";
}) ++
(optional (cfg.nginxConfig != null)
{ source = nginxConfig;
target = "dd-agent/conf.d/nginx.yaml";
}) ++
(optional (cfg.mongoConfig != null)
{ source = mongoConfig;
target = "dd-agent/conf.d/mongo.yaml";
}) ++
(optional (cfg.processConfig != null)
{ source = processConfig;
target = "dd-agent/conf.d/process.yaml";
}) ++
(optional (cfg.jmxConfig != null)
{ source = jmxConfig;
target = "dd-agent/conf.d/jmx.yaml";
in
listToAttrs (map (f: {
name = "dd-agent/conf.d/${f}";
value.source = "${pkgs.dd-agent}/agent/conf.d-system/${f}";
}) defaultConfd) //
{
"dd-agent/datadog.conf".source = ddConf;
"dd-agent/conf.d/disk.yaml".source = diskConfig;
"dd-agent/conf.d/network.yaml".source = networkConfig;
} //
(optionalAttrs (cfg.postgresqlConfig != null)
{
"dd-agent/conf.d/postgres.yaml".source = postgresqlConfig;
}) //
(optionalAttrs (cfg.nginxConfig != null)
{
"dd-agent/conf.d/nginx.yaml".source = nginxConfig;
}) //
(optionalAttrs (cfg.mongoConfig != null)
{
"dd-agent/conf.d/mongo.yaml".source = mongoConfig;
}) //
(optionalAttrs (cfg.processConfig != null)
{
"dd-agent/conf.d/process.yaml".source = processConfig;
}) //
(optionalAttrs (cfg.jmxConfig != null)
{
"dd-agent/conf.d/jmx.yaml".source = jmxConfig;
});
in {

3
nixos/modules/services/monitoring/fusion-inventory.nix
View File

@ -46,8 +46,7 @@ in {
config = mkIf cfg.enable {
users.users = singleton {
name = "fusion-inventory";
users.users.fusion-inventory = {
description = "FusionInventory user";
isSystemUser = true;
};

3
nixos/modules/services/monitoring/graphite.nix
View File

@ -632,8 +632,7 @@ in {
cfg.web.enable || cfg.api.enable ||
cfg.seyren.enable || cfg.pager.enable || cfg.beacon.enable
) {
users.users = singleton {
name = "graphite";
users.users.graphite = {
uid = config.ids.uids.graphite;
description = "Graphite daemon user";
home = dataDir;

3
nixos/modules/services/monitoring/heapster.nix
View File

@ -49,8 +49,7 @@ in {
};
};
users.users = singleton {
name = "heapster";
users.users.heapsterrs = {
uid = config.ids.uids.heapster;
description = "Heapster user";
};

10
nixos/modules/services/monitoring/munin.nix
View File

@ -317,18 +317,16 @@ in
environment.systemPackages = [ pkgs.munin ];
users.users = [{
name = "munin";
users.users.munin = {
description = "Munin monitoring user";
group = "munin";
uid = config.ids.uids.munin;
home = "/var/lib/munin";
}];
};
users.groups = [{
name = "munin";
users.groups.munin = {
gid = config.ids.gids.munin;
}];
};
}) (mkIf nodeCfg.enable {

6
nixos/modules/services/monitoring/nagios.nix
View File

@ -184,11 +184,7 @@ in
# This isn't needed, it's just so that the user can type "nagiostats
# -c /etc/nagios.cfg".
environment.etc = [
{ source = nagiosCfgFile;
target = "nagios.cfg";
}
];
environment.etc."nagios.cfg".source = nagiosCfgFile;
environment.systemPackages = [ pkgs.nagios ];
systemd.services.nagios = {

11
nixos/modules/services/monitoring/netdata.nix
View File

@ -179,13 +179,14 @@ in {
{ domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; }
];
users.users = optional (cfg.user == defaultUser) {
name = defaultUser;
isSystemUser = true;
users.users = optionalAttrs (cfg.user == defaultUser) {
${defaultUser} = {
isSystemUser = true;
};
};
users.groups = optional (cfg.group == defaultUser) {
name = defaultUser;
users.groups = optionalAttrs (cfg.group == defaultUser) {
${defaultUser} = { };
};
};

3
nixos/modules/services/monitoring/statsd.nix
View File

@ -125,8 +125,7 @@ in
message = "Only builtin backends (graphite, console, repeater) or backends enumerated in `pkgs.nodePackages` are allowed!";
}) cfg.backends;
users.users = singleton {
name = "statsd";
users.use.statsdrs = {
uid = config.ids.uids.statsd;
description = "Statsd daemon user";
};

5
nixos/modules/services/monitoring/telegraf.nix
View File

@ -63,10 +63,9 @@ in {
};
};
users.users = [{
name = "telegraf";
users.users.telegraf = {
uid = config.ids.uids.telegraf;
description = "telegraf daemon user";
}];
};
};
}

43
nixos/modules/services/monitoring/ups.nix
View File

@ -214,14 +214,12 @@ in
environment.NUT_STATEPATH = "/var/lib/nut/";
};
environment.etc = [
{ source = pkgs.writeText "nut.conf"
environment.etc = {
"nut/nut.conf".source = pkgs.writeText "nut.conf"
''
MODE = ${cfg.mode}
'';
target = "nut/nut.conf";
}
{ source = pkgs.writeText "ups.conf"
"nut/ups.conf".source = pkgs.writeText "ups.conf"
''
maxstartdelay = ${toString cfg.maxStartDelay}
@ -229,25 +227,15 @@ in
"}
'';
target = "nut/ups.conf";
}
{ source = cfg.schedulerRules;
target = "nut/upssched.conf";
}
"nut/upssched.conf".source = cfg.schedulerRules;
# These file are containing private informations and thus should not
# be stored inside the Nix store.
/*
{ source = ;
target = "nut/upsd.conf";
}
{ source = ;
target = "nut/upsd.users";
}
{ source = ;
target = "nut/upsmon.conf;
}
"nut/upsd.conf".source = "";
"nut/upsd.users".source = "";
"nut/upsmon.conf".source = "";
*/
];
};
power.ups.schedulerRules = mkDefault "${pkgs.nut}/etc/upssched.conf.sample";
@ -259,21 +247,16 @@ in
/*
users.users = [
{ name = "nut";
uid = 84;
users.users.nut =
{ uid = 84;
home = "/var/lib/nut";
createHome = true;
group = "nut";
description = "UPnP A/V Media Server user";
}
];
};
users.groups = [
{ name = "nut";
gid = 84;
}
];
users.groups."nut" =
{ gid = 84; };
*/
};

7
nixos/modules/services/network-filesystems/ceph.nix
View File

@ -371,15 +371,14 @@ in
in
generators.toINI {} totalConfig;
users.users = singleton {
name = "ceph";
users.users.ceph = {
uid = config.ids.uids.ceph;
description = "Ceph daemon user";
group = "ceph";
extraGroups = [ "disk" ];
};
users.groups = singleton {
name = "ceph";
users.groups.ceph = {
gid = config.ids.gids.ceph;
};

23
nixos/modules/services/network-filesystems/davfs2.nix
View File

@ -57,18 +57,19 @@ in
environment.systemPackages = [ pkgs.davfs2 ];
environment.etc."davfs2/davfs2.conf".source = cfgFile;
users.groups = optionalAttrs (cfg.davGroup == "davfs2") (singleton {
name = "davfs2";
gid = config.ids.gids.davfs2;
});
users.groups = optionalAttrs (cfg.davGroup == "davfs2") {
davfs2.gid = config.ids.gids.davfs2;
};
users.users = optionalAttrs (cfg.davUser == "davfs2") {
davfs2 = {
createHome = false;
group = cfg.davGroup;
uid = config.ids.uids.davfs2;
description = "davfs2 user";
};
};
users.users = optionalAttrs (cfg.davUser == "davfs2") (singleton {
name = "davfs2";
createHome = false;
group = cfg.davGroup;
uid = config.ids.uids.davfs2;
description = "davfs2 user";
});
};
}

6
nixos/modules/services/network-filesystems/drbd.nix
View File

@ -47,10 +47,8 @@ let cfg = config.services.drbd; in
options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
'';
environment.etc = singleton
{ source = pkgs.writeText "drbd.conf" cfg.config;
target = "drbd.conf";
};
environment.etc.drbd.conf =
{ source = pkgs.writeText "drbd.conf" cfg.config; };
systemd.services.drbd = {
after = [ "systemd-udev.settle.service" "network.target" ];

5
nixos/modules/services/networking/bind.nix
View File

@ -178,9 +178,8 @@ in
networking.resolvconf.useLocalResolver = mkDefault true;
users.users = singleton
{ name = bindUser;
uid = config.ids.uids.bind;
users.users.${bindUser} =
{ uid = config.ids.uids.bind;
description = "BIND daemon user";
};

3
nixos/modules/services/networking/bitlbee.nix
View File

@ -161,8 +161,7 @@ in
config = mkMerge [
(mkIf config.services.bitlbee.enable {
users.users = singleton {
name = "bitlbee";
users.users.bitlbee = {
uid = bitlbeeUid;
description = "BitlBee user";
home = "/var/lib/bitlbee";

6
nixos/modules/services/networking/charybdis.nix
View File

@ -71,15 +71,13 @@ in
config = mkIf cfg.enable (lib.mkMerge [
{
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "Charybdis IRC daemon user";
uid = config.ids.uids.ircd;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.ircd;
};

14
nixos/modules/services/networking/coturn.nix
View File

@ -294,16 +294,14 @@ in {
};
config = mkIf cfg.enable {
users.users = [
{ name = "turnserver";
uid = config.ids.uids.turnserver;
users.users.turnserver =
{ uid = config.ids.uids.turnserver;
description = "coturn TURN server user";
} ];
users.groups = [
{ name = "turnserver";
gid = config.ids.gids.turnserver;
};
users.groups.turnserver =
{ gid = config.ids.gids.turnserver;
members = [ "turnserver" ];
} ];
};
systemd.services.coturn = {
description = "coturn TURN server";

6
nixos/modules/services/networking/dhcpcd.nix
View File

@ -185,11 +185,7 @@ in
environment.systemPackages = [ dhcpcd ];
environment.etc =
[ { source = exitHook;
target = "dhcpcd.exit-hook";
}
];
environment.etc."dhcpcd.exit-hook".source = exitHook;
powerManagement.resumeCommands = mkIf config.systemd.services.dhcpcd.enable
''

3
nixos/modules/services/networking/dnschain.nix
View File

@ -147,8 +147,7 @@ in
'';
};
users.users = singleton {
name = username;
users.users.${username} = {
description = "DNSChain daemon user";
home = dataDir;
createHome = true;

3
nixos/modules/services/networking/dnsmasq.nix
View File

@ -86,8 +86,7 @@ in
services.dbus.packages = [ dnsmasq ];
users.users = singleton {
name = "dnsmasq";
users.users.dnsmasq = {
uid = config.ids.uids.dnsmasq;
description = "Dnsmasq daemon user";
};

14
nixos/modules/services/networking/ejabberd.nix
View File

@ -94,18 +94,18 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
users.users = optionalAttrs (cfg.user == "ejabberd") (singleton
{ name = "ejabberd";
users.users = optionalAttrs (cfg.user == "ejabberd") {
ejabberd = {
group = cfg.group;
home = cfg.spoolDir;
createHome = true;
uid = config.ids.uids.ejabberd;
});
};
};
users.groups = optionalAttrs (cfg.group == "ejabberd") (singleton
{ name = "ejabberd";
gid = config.ids.gids.ejabberd;
});
users.groups = optionalAttrs (cfg.group == "ejabberd") {
ejabberd.gid = config.ids.gids.ejabberd;
};
systemd.services.ejabberd = {
description = "ejabberd server";

5
nixos/modules/services/networking/gale.nix
View File

@ -104,14 +104,13 @@ in
systemPackages = [ pkgs.gale ];
};
users.users = [{
name = cfg.user;
users.users.${cfg.user} = {
description = "Gale daemon";
uid = config.ids.uids.gale;
group = cfg.group;
home = home;
createHome = true;
}];
};
users.groups = [{
name = cfg.group;

12
nixos/modules/services/networking/git-daemon.nix
View File

@ -104,16 +104,16 @@ in
config = mkIf cfg.enable {
users.users = if cfg.user != "git" then {} else singleton
{ name = "git";
users.users = optionalAttrs (cfg.user != "git") {
git = {
uid = config.ids.uids.git;
description = "Git daemon user";
};
};
users.groups = if cfg.group != "git" then {} else singleton
{ name = "git";
gid = config.ids.gids.git;
};
users.groups = optionalAttrs (cfg.group != "git") {
git.gid = config.ids.gids.git;
};
systemd.services.git-daemon = {
after = [ "network.target" ];

3
nixos/modules/services/networking/hans.nix
View File

@ -135,8 +135,7 @@ in
};
};
users.users = singleton {
name = hansUser;
users.users.${hansUser} = {
description = "Hans daemon user";
isSystemUser = true;
};

18
nixos/modules/services/networking/i2pd.nix
View File

@ -158,10 +158,10 @@ let
(sec "addressbook")
(strOpt "defaulturl" cfg.addressbook.defaulturl)
] ++ (optionalEmptyList "subscriptions" cfg.addressbook.subscriptions)
++ (flip map
(collect (proto: proto ? port && proto ? address && proto ? name) cfg.proto)
++ (flip mapAttrs
(collect (name: proto: proto ? port && proto ? address && proto ? name) cfg.proto)
(proto: let protoOpts = [
(sec proto.name)
(sec name)
(boolOpt "enabled" proto.enable)
(strOpt "address" proto.address)
(intOpt "port" proto.port)
@ -181,10 +181,10 @@ let
tunnelConf = let opts = [
notice
(flip map
(collect (tun: tun ? port && tun ? destination) cfg.outTunnels)
(flip mapAttrs
(collect (name: tun: tun ? port && tun ? destination) cfg.outTunnels)
(tun: let outTunOpts = [
(sec tun.name)
(sec name)
"type = client"
(intOpt "port" tun.port)
(strOpt "destination" tun.destination)
@ -204,10 +204,10 @@ let
++ (if tun ? crypto.tagsToSend then
optionalNullInt "crypto.tagstosend" tun.crypto.tagsToSend else []);
in concatStringsSep "\n" outTunOpts))
(flip map
(collect (tun: tun ? port && tun ? address) cfg.inTunnels)
(flip mapAttrs
(collect (name: tun: tun ? port && tun ? address) cfg.inTunnels)
(tun: let inTunOpts = [
(sec tun.name)
(sec name)
"type = server"
(intOpt "port" tun.port)
(strOpt "host" tun.address)

3
nixos/modules/services/networking/iodine.nix
View File

@ -147,8 +147,7 @@ in
};
};
users.users = singleton {
name = iodinedUser;
users.users.${iodinedUser} = {
uid = config.ids.uids.iodined;
description = "Iodine daemon user";
};

5
nixos/modules/services/networking/ircd-hybrid/default.nix
View File

@ -112,9 +112,8 @@ in
config = mkIf config.services.ircdHybrid.enable {
users.users = singleton
{ name = "ircd";
description = "IRCD owner";
users.users.ircd =
{ description = "IRCD owner";
group = "ircd";
uid = config.ids.uids.ircd;
};

Some files were not shown because too many files have changed in this diff Show More