JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:NixOS/nixpkgs into update/jetbrains-2019.4

Browse Source
This commit is contained in:
kolaente 2019-12-25 11:07:24 +01:00
commit 246cfe4f57
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
2045 changed files with 60383 additions and 23327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/CONTRIBUTING.md vendored
View File

@ -6,9 +6,8 @@ under the terms of [COPYING](../COPYING), which is an MIT-like license.
## Opening issues
* Make sure you have a [GitHub account](https://github.com/signup/free)
* [Submit an issue](https://github.com/NixOS/nixpkgs/issues) - assuming one does not already exist.
* Clearly describe the issue including steps to reproduce when it is a bug.
* Include information what version of nixpkgs and Nix are you using (nixos-version or git revision).
* Make sure there is no open issue on the topic
* [Submit a new issue](https://github.com/NixOS/nixpkgs/issues/new/choose) by choosing the kind of topic and fill out the template
## Submitting changes

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -12,7 +12,7 @@
- [ ] macOS
- [ ] other Linux distributions
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
- [ ] Ensured that relevant documentation is up to date

11
doc/builders/fetchers.xml
View File

@ -105,6 +105,17 @@ stdenv.mkDerivation {
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromGitiles</literal>
</term>
<listitem>
<para>
This is used with Gitiles repositories. The arguments expected
are similar to fetchgit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>fetchFromBitbucket</literal>

6
doc/builders/images/dockertools.xml
View File

@ -8,12 +8,6 @@
<varname>pkgs.dockerTools</varname> is a set of functions for creating and manipulating Docker images according to the <link xlink:href="https://github.com/moby/moby/blob/master/image/spec/v1.2.md#docker-image-specification-v120"> Docker Image Specification v1.2.0 </link>. Docker itself is not used to perform any of the operations done by these functions.
</para>
<warning>
<para>
The <varname>dockerTools</varname> API is unstable and may be subject to backwards-incompatible changes in the future.
</para>
</warning>
<section xml:id="ssec-pkgs-dockerTools-buildImage">
<title>buildImage</title>

21
doc/builders/trivial-builders.xml
View File

@ -7,7 +7,7 @@
Nixpkgs provides a couple of functions that help with building derivations. The most important one, <function>stdenv.mkDerivation</function>, has already been documented above. The following functions wrap <function>stdenv.mkDerivation</function>, making it easier to use in certain cases.
</para>
<variablelist>
<varlistentry>
<varlistentry xml:id="trivial-builder-runCommand">
<term>
<literal>runCommand</literal>
</term>
@ -40,7 +40,7 @@
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="trivial-builder-runCommandCC">
<term>
<literal>runCommandCC</literal>
</term>
@ -50,7 +50,20 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="trivial-builder-runCommandLocal">
<term>
<literal>runCommandLocal</literal>
</term>
<listitem>
<para>
Variant of <literal>runCommand</literal> that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (&lt;1s execution time). It saves on the network roundrip and can speed up a build.
</para>
<note><para>
This sets <link xlink:href="https://nixos.org/nix/manual/#adv-attr-allowSubstitutes"><literal>allowSubstitutes</literal> to <literal>false</literal></link>, so only use <literal>runCommandLocal</literal> if you are certain the user will always have a builder for the <literal>system</literal> of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the <literal>system</literal> is usually the same as <literal>builtins.currentSystem</literal>.
</para></note>
</listitem>
</varlistentry>
<varlistentry xml:id="trivial-builder-writeText">
<term>
<literal>writeTextFile</literal>, <literal>writeText</literal>, <literal>writeTextDir</literal>, <literal>writeScript</literal>, <literal>writeScriptBin</literal>
</term>
@ -63,7 +76,7 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry xml:id="trivial-builder-symlinkJoin">
<term>
<literal>symlinkJoin</literal>
</term>

21
doc/contributing/coding-conventions.xml
View File

@ -620,6 +620,16 @@ args.stdenv.mkDerivation (args // {
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
If its an <emphasis>icon theme</emphasis>:
</term>
<listitem>
<para>
<filename>data/icons</filename>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
If its related to <emphasis>SGML/XML processing</emphasis>:
@ -652,6 +662,17 @@ args.stdenv.mkDerivation (args // {
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term>
If its a <emphasis>theme</emphasis> for a <emphasis>desktop environment</emphasis>,
a <emphasis>window manager</emphasis> or a <emphasis>display manager</emphasis>:
</term>
<listitem>
<para>
<filename>data/themes</filename>
</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>

4
doc/contributing/reviewing-contributions.xml
View File

@ -141,10 +141,10 @@
</listitem>
<listitem>
<para>
The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
The <link xlink:href="https://github.com/Mic92/nixpkgs-review">nixpkgs-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
</para>
<screen>
<prompt>$ </prompt>nix-shell -p nix-review --run "nix-review pr PRNUMBER"
<prompt>$ </prompt>nix-shell -p nixpkgs-review --run "nixpkgs-review pr PRNUMBER"
</screen>
</listitem>
</itemizedlist>

22
doc/contributing/submitting-changes.xml
View File

@ -317,25 +317,25 @@ Additional information.
</section>
<section xml:id="submitting-changes-tested-compilation">
<title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>
<title>Tested compilation of all pkgs that depend on this change using <command>nixpkgs-review</command></title>
<para>
If you are updating a package's version, you can use nix-review to make sure all packages that depend on the updated package still compile correctly. The <command>nix-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
If you are updating a package's version, you can use nixpkgs-review to make sure all packages that depend on the updated package still compile correctly. The <command>nixpkgs-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
</para>
<para>
review changes from pull request number 12345:
<screen>nix run nixpkgs.nix-review -c nix-review pr 12345</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review pr 12345</screen>
</para>
<para>
review uncommitted changes:
<screen>nix run nixpkgs.nix-review -c nix-review wip</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review wip</screen>
</para>
<para>
review changes from last commit:
<screen>nix run nixpkgs.nix-review -c nix-review rev HEAD</screen>
<screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review rev HEAD</screen>
</para>
</section>
@ -408,7 +408,7 @@ Additional information.
<section xml:id="submitting-changes-master-branch">
<title>Master branch</title>
<para>
The <literal>master</literal> branch is the main development branch.
The <literal>master</literal> branch is the main development branch.
It should only see non-breaking commits that do not cause mass rebuilds.
</para>
</section>
@ -416,8 +416,8 @@ Additional information.
<section xml:id="submitting-changes-staging-branch">
<title>Staging branch</title>
<para>
The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
It should only see non-breaking mass-rebuild commits.
The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
It should only see non-breaking mass-rebuild commits.
That means it is not to be used for testing, and changes must have been well tested already.
If the branch is already in a broken state, please refrain from adding extra new breakages.
</para>
@ -426,10 +426,10 @@ Additional information.
<section xml:id="submitting-changes-staging-next-branch">
<title>Staging-next branch</title>
<para>
The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
Mass-rebuilds should go via the <literal>staging</literal> branch.
The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
Mass-rebuilds should go via the <literal>staging</literal> branch.
It should only see non-breaking commits that are fixing issues blocking it from being merged into the <literal>master </literal> branch.
</para>
</para>
<para>
If the branch is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days and then merge into master.
</para>

12
doc/languages-frameworks/gnome.xml
View File

@ -199,9 +199,9 @@ python3.pkgs.buildPythonApplication {
dontWrapGApps = true;
# Arguments to be passed to `makeWrapper`, only used by buildPython*
makeWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
}
</programlisting>
And for a QT app like:
@ -219,9 +219,9 @@ mkDerivation {
dontWrapGApps = true;
# Arguments to be passed to `makeWrapper`, only used by qt5s mkDerivation
qtWrapperArgs = [
"\${gappsWrapperArgs[@]}"
];
preFixup = ''
qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
}
</programlisting>
</para>

4
doc/languages-frameworks/go.xml
View File

@ -26,7 +26,7 @@
<title>buildGoModule</title>
<programlisting>
pet = buildGoModule rec {
name = "pet-${version}";
pname = "pet";
version = "0.3.4";
src = fetchFromGitHub {
@ -79,7 +79,7 @@ pet = buildGoModule rec {
<title>buildGoPackage</title>
<programlisting>
deis = buildGoPackage rec {
name = "deis-${version}";
pname = "deis";
version = "1.13.0";
goPackagePath = "github.com/deis/deis"; <co xml:id='ex-buildGoPackage-1' />

13
doc/languages-frameworks/python.section.md
View File

@ -1034,7 +1034,10 @@ Create this `default.nix` file, together with a `requirements.txt` and simply ex
```nix
with import <nixpkgs> {};
with python27Packages;
let
pythonPackages = python27Packages;
in
stdenv.mkDerivation {
name = "impurePythonEnv";
@ -1044,9 +1047,8 @@ stdenv.mkDerivation {
buildInputs = [
# these packages are required for virtualenv and pip to work:
#
python27Full
python27Packages.virtualenv
python27Packages.pip
pythonPackages.virtualenv
pythonPackages.pip
# the following packages are related to the dependencies of your python
# project.
# In this particular example the python modules listed in the
@ -1059,14 +1061,13 @@ stdenv.mkDerivation {
libxml2
libxslt
libzip
stdenv
zlib
];
shellHook = ''
# set SOURCE_DATE_EPOCH so that we can use python wheels
SOURCE_DATE_EPOCH=$(date +%s)
virtualenv --no-setuptools venv
virtualenv --python=${pythonPackages.python.interpreter} --no-setuptools venv
export PATH=$PWD/venv/bin:$PATH
pip install -r requirements.txt
'';

91
doc/languages-frameworks/texlive.xml
View File

@ -59,6 +59,97 @@ nix-repl> texlive.collection-<TAB>
</itemizedlist>
</section>
<section xml:id="sec-language-texlive-custom-packages">
<title>Custom packages</title>
<para>
You may find that you need to use an external TeX package. A derivation for such package has to provide contents of the "texmf" directory in its output and provide the <varname>tlType</varname> attribute. Here is a (very verbose) example:
<programlisting><![CDATA[
with import <nixpkgs> {};
let
foiltex_run = stdenvNoCC.mkDerivation {
pname = "latex-foiltex";
version = "2.1.4b";
passthru.tlType = "run";
srcs = [
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.dtx";
sha256 = "07frz0krpz7kkcwlayrwrj2a2pixmv0icbngyw92srp9fp23cqpz";
})
(fetchurl {
url = "http://mirrors.ctan.org/macros/latex/contrib/foiltex/foiltex.ins";
sha256 = "09wkyidxk3n3zvqxfs61wlypmbhi1pxmjdi1kns9n2ky8ykbff99";
})
];
unpackPhase = ''
runHook preUnpack
for _src in $srcs; do
cp "$_src" $(stripHash "$_src")
done
runHook postUnpack
'';
nativeBuildInputs = [ texlive.combined.scheme-small ];
dontConfigure = true;
buildPhase = ''
runHook preBuild
# Generate the style files
latex foiltex.ins
runHook postBuild
'';
installPhase = ''
runHook preInstall
path="$out/tex/latex/foiltex"
mkdir -p "$path"
cp *.{cls,def,clo} "$path/"
runHook postInstall
'';
meta = with lib; {
description = "A LaTeX2e class for overhead transparencies";
license = licenses.unfreeRedistributable;
maintainers = with maintainers; [ veprbl ];
platforms = platforms.all;
};
};
foiltex = { pkgs = [ foiltex_run ]; };
latex_with_foiltex = texlive.combine {
inherit (texlive) scheme-small;
inherit foiltex;
};
in
runCommand "test.pdf" {
nativeBuildInputs = [ latex_with_foiltex ];
} ''
cat >test.tex <<EOF
\documentclass{foils}
\title{Presentation title}
\date{}
\begin{document}
\maketitle
\end{document}
EOF
pdflatex test.tex
cp test.pdf $out
''
]]></programlisting>
</para>
</section>
<section xml:id="sec-language-texlive-known-problems">
<title>Known problems</title>

10
doc/stdenv/stdenv.xml
View File

@ -1123,6 +1123,16 @@ preBuild = ''
<variablelist>
<title>Variables controlling the install phase</title>
<varlistentry>
<term>
<varname>dontInstall</varname>
</term>
<listitem>
<para>
Set to true to skip the install phase.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>makeFlags</varname> / <varname>makeFlagsArray</varname> / <varname>makefile</varname>

121
maintainers/maintainer-list.nix
View File

@ -316,6 +316,7 @@
alexbakker = {
email = "ab@alexbakker.me";
github = "alexbakker";
githubId = 2387841;
name = "Alexander Bakker";
};
alexchapman = {
@ -1110,6 +1111,12 @@
githubId = 5555066;
name = "Andrew Cann";
};
cap = {
name = "cap";
email = "nixos_xasenw9@digitalpostkasten.de";
github = "scaredmushroom";
githubId = 45340040;
};
carlosdagos = {
email = "m@cdagostino.io";
github = "carlosdagos";
@ -1426,7 +1433,7 @@
craigem = {
email = "craige@mcwhirter.io";
github = "craigem";
githubId = "6470493";
githubId = 6470493;
name = "Craige McWhirter";
};
cransom = {
@ -1472,7 +1479,7 @@
};
cypherpunk2140 = {
email = "stefan.mihaila@pm.me";
github = "cypherpunk2140";
github = "stefan-mihaila";
githubId = 2217136;
name = "Ștefan D. Mihăilă";
keys = [
@ -2081,6 +2088,12 @@
githubId = 1365692;
name = "Will Fancher";
};
elyhaka = {
email = "elyhaka@protonmail.com";
github = "Elyhaka";
githubId = 57923898;
name = "Elyhaka";
};
emmanuelrosa = {
email = "emmanuel_rosa@aol.com";
github = "emmanuelrosa";
@ -2182,6 +2195,12 @@
githubId = 1583484;
name = "Andrey Golovizin";
};
ersin = {
email = "me@ersinakinci.com";
github = "earksiinni";
githubId = 5427394;
name = "Ersin Akinci";
};
ertes = {
email = "esz@posteo.de";
github = "ertes";
@ -2326,7 +2345,7 @@
Flakebi = {
email = "flakebi@t-online.de";
github = "Flakebi";
githubId = "Flakebi";
githubId = 6499211;
name = "Sebastian Neubauer";
keys = [{
longkeyid = "rsa4096/0xECC755EE583C1672";
@ -2490,6 +2509,12 @@
githubId = 40521440;
name = "Haruka Akiyama";
};
fuzen = {
email = "me@fuzen.cafe";
github = "fuzen-py";
githubId = 17859309;
name = "Fuzen";
};
fuzzy-id = {
email = "hacking+nixos@babibo.de";
name = "Thomas Bach";
@ -2512,6 +2537,12 @@
githubId = 7047019;
name = "Florent Becker";
};
gamb = {
email = "adam.gamble@pm.me";
github = "gamb";
githubId = 293586;
name = "Adam Gamble";
};
garbas = {
email = "rok@garbas.si";
github = "garbas";
@ -2856,6 +2887,12 @@
githubId = 69209;
name = "Ian Duncan";
};
ianmjones = {
email = "ian@ianmjones.com";
github = "ianmjones";
githubId = 4710;
name = "Ian M. Jones";
};
ianwookim = {
email = "ianwookim@gmail.com";
github = "wavewave";
@ -3005,7 +3042,8 @@
jacg = {
name = "Jacek Generowicz";
email = "jacg@my-post-office.net";
githubId = "2570854";
github = "jacg";
githubId = 2570854;
};
jasoncarr = {
email = "jcarr250@gmail.com";
@ -3108,6 +3146,7 @@
jdanek = {
email = "jdanek@redhat.com";
github = "jdanekrh";
githubId = 17877663;
keys = [{
longkeyid = "ed25519/0x69275CADF15D872E";
fingerprint = "D4A6 F051 AD58 2E7C BCED 5439 6927 5CAD F15D 872E";
@ -3225,6 +3264,12 @@
githubId = 2195834;
name = "Jaakko Luttinen";
};
jm2dev = {
email = "jomarcar@gmail.com";
github = "jm2dev";
githubId = 474643;
name = "José Miguel Martínez Carrasco";
};
jmagnusj = {
email = "jmagnusj@gmail.com";
github = "magnusjonsson";
@ -3272,6 +3317,7 @@
joesalisbury = {
email = "salisbury.joseph@gmail.com";
github = "JosephSalisbury";
githubId = 297653;
name = "Joe Salisbury";
};
johanot = {
@ -3554,6 +3600,7 @@
kim0 = {
email = "email.ahmedkamal@googlemail.com";
github = "kim0";
githubId = 59667;
name = "Ahmed Kamal";
};
kimburgess = {
@ -3577,6 +3624,7 @@
kirikaza = {
email = "k@kirikaza.ru";
github = "kirikaza";
githubId = 804677;
name = "Kirill Kazakov";
};
kisonecat = {
@ -3709,6 +3757,7 @@
ktor = {
email = "kruszewsky@gmail.com";
github = "ktor";
githubId = 99639;
name = "Pawel Kruszewski";
};
ktosiek = {
@ -3765,8 +3814,15 @@
};
lattfein = {
email = "lattfein@gmail.com";
github = "lattfein";
githubId = 53550838;
# Their GitHub account was deleted.
#
# See: https://github.com/NixOS/nixpkgs/pull/69007 where this
# was added but is now owned by a ghost.
#
# Possibly the username lattfein (currently github ID 56827487) is
# owned by the same person, but we should confirm before adding
# the GitHub name or ID back.
# github = "lattfein";
name = "Koki Yasuno";
};
layus = {
@ -3872,6 +3928,7 @@
lightbulbjim = {
email = "chris@killred.net";
github = "lightbulbjim";
githubId = 4312404;
name = "Chris Rendle-Short";
};
lightdiscord = {
@ -4534,6 +4591,16 @@
githubId = 22477669;
name = "Mark K Gardner";
};
mkg20001 = {
email = "mkg20001+nix@gmail.com";
github = "mkg20001";
githubId = 7735145;
name = "Maciej Krüger";
keys = [{
longkeyid = "rsa4096/0x0D948CE19CF49C5F";
fingerprint = "E90C BA34 55B3 6236 740C 038F 0D94 8CE1 9CF4 9C5F";
}];
};
mlieberman85 = {
email = "mlieberman85@gmail.com";
github = "mlieberman85";
@ -4715,6 +4782,12 @@
githubId = 437005;
name = "Mikkel Christiansen";
};
mschuwalow = {
github = "mschuwalow";
githubId = 16665913;
name = "Maxim Schuwalow";
email = "maxim.schuwalow@gmail.com";
};
msiedlarek = {
email = "mikolaj@siedlarek.pl";
github = "msiedlarek";
@ -4961,6 +5034,12 @@
githubId = 2946283;
name = "Brian Cohen";
};
novoxudonoser = {
email = "radnovox@gmail.com";
github = "novoxudonoser";
githubId = 6052922;
name = "Kirill Struokov";
};
np = {
email = "np.nix@nicolaspouillard.fr";
github = "np";
@ -5181,6 +5260,12 @@
githubId = 20792;
name = "Sebastian Galkin";
};
pashashocky = {
email = "pashashocky@gmail.com";
github = "pashashocky";
githubId = 673857;
name = "Pash Shocky";
};
pashev = {
email = "pashev.igor@gmail.com";
github = "ip1981";
@ -6121,6 +6206,16 @@
githubId = 307899;
name = "Gurkan Gur";
};
servalcatty = {
email = "servalcat@pm.me";
github = "servalcatty";
githubid = 51969817;
name = "Serval";
keys = [{
longkeyid = "rsa4096/0x4A2AAAA382F8294C";
fingerprint = "A317 37B3 693C 921B 480C C629 4A2A AAA3 82F8 294C";
}];
};
sfrijters = {
email = "sfrijters@gmail.com";
github = "sfrijters";
@ -6335,6 +6430,12 @@
githubId = 1437166;
name = "Xia Bin";
};
softinio = {
email = "code@softinio.com";
github = "softinio";
githubId = 3371635;
name = "Salar Rahmanian";
};
solson = {
email = "scott@solson.me";
github = "solson";
@ -6770,7 +6871,7 @@
thefenriswolf = {
email = "stefan.rohrbacher97@gmail.com";
github = "thefenriswolf";
githubId = "8547242";
githubId = 8547242;
name = "Stefan Rohrbacher";
};
thesola10 = {
@ -7652,6 +7753,12 @@
githubId = 1986844;
name = "Daniel Wheeler";
};
misuzu = {
email = "bakalolka@gmail.com";
github = "misuzu";
githubId = 248143;
name = "misuzu";
};
zokrezyl = {
email = "zokrezyl@gmail.com";
github = "zokrezyl";

2
maintainers/scripts/update.nix
View File

@ -105,7 +105,7 @@ let
to run all update scripts for all packages that lists \`garbas\` as a maintainer
and have \`updateScript\` defined, or:
% nix-shell maintainers/scripts/update.nix --argstr package garbas
% nix-shell maintainers/scripts/update.nix --argstr package gnome3.nautilus
to run update script for specific package, or

3
nixos/doc/manual/configuration/x-windows.xml
View File

@ -83,8 +83,7 @@
desktop environment. If you wanted no desktop environment and i3 as your your
window manager, you'd define:
<programlisting>
<xref linkend="opt-services.xserver.desktopManager.default"/> = "none";
<xref linkend="opt-services.xserver.windowManager.default"/> = "i3";
<xref linkend="opt-services.xserver.displayManager.defaultSession"/> = "none+i3";
</programlisting>
And, finally, to enable auto-login for a user <literal>johndoe</literal>:
<programlisting>

5
nixos/doc/manual/configuration/xfce.xml
View File

@ -7,9 +7,8 @@
<para>
To enable the Xfce Desktop Environment, set
<programlisting>
<link linkend="opt-services.xserver.desktopManager.default">services.xserver.desktopManager</link> = {
<link linkend="opt-services.xserver.desktopManager.xfce.enable">xfce.enable</link> = true;
<link linkend="opt-services.xserver.desktopManager.default">default</link> = "xfce";
<xref linkend="opt-services.xserver.desktopManager.xfce.enable" /> = true;
<xref linkend="opt-services.xserver.displayManager.defaultSession" /> = "xfce";
};
</programlisting>
</para>

19
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -419,4 +419,23 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
<literal>wait_for_unit</literal>, <literal>start_job</literal> and
<literal>stop_job</literal>.
</para>
<para>
For faster dev cycles it's also possible to disable the code-linters (this shouldn't
be commited though):
<programlisting>
import ./make-test-python.nix {
skipLint = true;
machine =
{ config, pkgs, ... }:
{ <replaceable>configuration…</replaceable>
};
testScript =
''
<replaceable>Python code…</replaceable>
'';
}
</programlisting>
</para>
</section>

7
nixos/doc/manual/installation/installing.xml
View File

@ -380,7 +380,10 @@
</para>
<para>
If you need to configure networking for your machine the configuration
options are described in <xref linkend="sec-networking"/>.
options are described in <xref linkend="sec-networking"/>. In particular,
while wifi is supported on the installation image, it is not enabled by
default in the configuration generated by
<command>nixos-generate-config</command>.
</para>
<para>
Another critical option is <option>fileSystems</option>, specifying the
@ -475,7 +478,7 @@ Retype new UNIX password: ***</screen>
shows what packages are available, and
<screen>
<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -iA w3m</screen>
install the <literal>w3m</literal> browser.
installs the <literal>w3m</literal> browser.
</para>
</listitem>
</orderedlist>

9
nixos/doc/manual/man-nixos-option.xml
View File

@ -119,4 +119,13 @@ Defined by:
bug, please report to Nicolas Pierron.
</para>
</refsection>
<refsection>
<title>See also</title>
<para>
<citerefentry>
<refentrytitle>configuration.nix</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
</para>
</refsection>
</refentry>

153
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -55,6 +55,19 @@
and adding a <option>--all</option> option which prints all options and their values.
</para>
</listitem>
<listitem>
<para>
<option>services.xserver.desktopManager.default</option> and <option>services.xserver.windowManager.default</option> options were replaced by a single <xref linkend="opt-services.xserver.displayManager.defaultSession"/> option to improve support for upstream session files. If you used something like:
<programlisting>
services.xserver.desktopManager.default = "xfce";
services.xserver.windowManager.default = "icewm";
</programlisting>
you should change it to:
<programlisting>
services.xserver.displayManager.defaultSession = "xfce+icewm";
</programlisting>
</para>
</listitem>
</itemizedlist>
</section>
@ -77,6 +90,12 @@
be set if the hostname of the node should be non default.
</para>
</listitem>
<listitem>
<para>
UPower's configuration is now managed by NixOS and can be customized
via <option>services.upower</option>.
</para>
</listitem>
</itemizedlist>
</section>
@ -121,18 +140,18 @@
</listitem>
<listitem>
<para>
The <literal>99-main.network</literal> file was removed. Maching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
The <literal>99-main.network</literal> file was removed. Maching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
</para>
<para>
We already don't support the global <link linkend="opt-networking.useDHCP">networking.useDHCP</link>,
<link linkend="opt-networking.defaultGateway">networking.defaultGateway</link> and
<link linkend="opt-networking.defaultGateway6">networking.defaultGateway6</link> options
if <link linkend="opt-networking.useNetworkd">networking.useNetworkd</link> is enabled,
but direct users to configure the per-device
<link linkend="opt-networking.interfaces">networking.interfaces.&lt;name&gt;.…</link> options.
We already don't support the global <link linkend="opt-networking.useDHCP">networking.useDHCP</link>,
<link linkend="opt-networking.defaultGateway">networking.defaultGateway</link> and
<link linkend="opt-networking.defaultGateway6">networking.defaultGateway6</link> options
if <link linkend="opt-networking.useNetworkd">networking.useNetworkd</link> is enabled,
but direct users to configure the per-device
<link linkend="opt-networking.interfaces">networking.interfaces.&lt;name&gt;.…</link> options.
</para>
</listitem>
<listitem>
@ -198,11 +217,19 @@
The <literal>buildRustCrate</literal> infrastructure now produces <literal>lib</literal> outputs in addition to the <literal>out</literal> output.
This has led to drastically reduced closed sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
</para>
</listitem>
<listitem>
<para>
Pango was upgraded to 1.44, which no longer uses freetype for font loading. This means that type1
and bitmap fonts are no longer supported in applications relying on Pango for font rendering
(notably, GTK application). See <link xlink:href="https://gitlab.gnome.org/GNOME/pango/issues/386">
upstream issue</link> for more information.
</para>
</listitem>
<listitem>
<para>
The packages <literal>openobex</literal> and <literal>obexftp</literal>
are no loger installed when enabling bluetooth via
are no longer installed when enabling Bluetooth via
<option>hardware.bluetooth.enable</option>.
</para>
</listitem>
@ -214,6 +241,92 @@
in conjunction with an external webserver to replace this functionality.
</para>
</listitem>
<listitem>
<para>
The fourStore and fourStoreEndpoint modules have been removed.
</para>
</listitem>
<listitem>
<para>
Polkit no longer has the user of uid 0 (root) as an admin identity.
We now follow the upstream default of only having every member of the wheel
group admin privileged. Before it was root and members of wheel.
The positive outcome of this is pkexec GUI popups or terminal prompts
will no longer require the user to choose between two essentially equivalent
choices (whether to perform the action as themselves with wheel permissions, or as the root user).
</para>
</listitem>
<listitem>
<para>
NixOS containers no longer build NixOS manual by default. This saves evaluation time,
especially if there are many declarative containers defined. Note that this is already done
when <literal>&lt;nixos/modules/profiles/minimal.nix&gt;</literal> module is included
in container config.
</para>
</listitem>
<listitem>
<para>
Virtual console options have been reorganized and can be found under
a single top-level attribute: <literal>console</literal>.
The full set of changes is as follows:
</para>
<itemizedlist>
<listitem>
<para>
<literal>i18n.consoleFont</literal> renamed to
<link linkend="opt-console.font">console.font</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleKeyMap</literal> renamed to
<link linkend="opt-console.keyMap">console.keyMap</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleColors</literal> renamed to
<link linkend="opt-console.colors">console.colors</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consolePackages</literal> renamed to
<link linkend="opt-console.packages">console.packages</link>
</para>
</listitem>
<listitem>
<para>
<literal>i18n.consoleUseXkbConfig</literal> renamed to
<link linkend="opt-console.useXkbConfig">console.useXkbConfig</link>
</para>
</listitem>
<listitem>
<para>
<literal>boot.earlyVconsoleSetup</literal> renamed to
<link linkend="opt-console.earlySetup">console.earlySetup</link>
</para>
</listitem>
<listitem>
<para>
<literal>boot.extraTTYs</literal> renamed to
<link linkend="opt-console.extraTTYs">console.extraTTYs</link>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.awstats">awstats</link> module has been rewritten
to serve stats via static html pages, updated on a timer, over <link linkend="opt-services.nginx.virtualHosts">nginx</link>,
instead of dynamic cgi pages over <link linkend="opt-services.httpd">apache</link>.
</para>
<para>
Minor changes will be required to migrate existing configurations. Details of the
required changes can seen by looking through the <link linkend="opt-services.awstats">awstats</link>
module.
</para>
</listitem>
</itemizedlist>
</section>
@ -228,6 +341,18 @@
<listitem>
<para>SD images are now compressed by default using <literal>bzip2</literal>.</para>
</listitem>
<listitem>
<para>
The nginx web server previously started its master process as root
privileged, then ran worker processes as a less privileged identity user.
This was changed to start all of nginx as a less privileged user (defined by
<literal>services.nginx.user</literal> and
<literal>services.nginx.group</literal>). As a consequence, all files that
are needed for nginx to run (included configuration fragments, SSL
certificates and keys, etc.) must now be readable by this less privileged
user/group.
</para>
</listitem>
<listitem>
<para>
OpenSSH has been upgraded from 7.9 to 8.1, improving security and adding features
@ -236,6 +361,12 @@
release announcement</link> for more information.
</para>
</listitem>
<listitem>
<para>
<literal>PRETTY_NAME</literal> in <literal>/etc/os-release</literal>
now uses the short rather than full version string.
</para>
</listitem>
</itemizedlist>
</section>
</section>

44
nixos/lib/make-ext4-fs.nix
View File

@ -4,8 +4,11 @@
# generated image is sized to only fit its contents, with the expectation
# that a script resizes the filesystem at boot time.
{ pkgs
, lib
# List of derivations to be included
, storePaths
# Whether or not to compress the resulting image with zstd
, compressImage ? false, zstd
# Shell commands to populate the ./files directory.
# All files in that directory are copied to the root of the FS.
, populateImageCommands ? ""
@ -20,18 +23,20 @@
let
sdClosureInfo = pkgs.buildPackages.closureInfo { rootPaths = storePaths; };
in
pkgs.stdenv.mkDerivation {
name = "ext4-fs.img";
name = "ext4-fs.img${lib.optionalString compressImage ".zst"}";
nativeBuildInputs = [e2fsprogs.bin libfaketime perl lkl];
nativeBuildInputs = [ e2fsprogs.bin libfaketime perl lkl ]
++ lib.optional compressImage zstd;
buildCommand =
''
${if compressImage then "img=temp.img" else "img=$out"}
(
mkdir -p ./files
${populateImageCommands}
)
# Add the closures of the top-level store objects.
storePaths=$(cat ${sdClosureInfo}/store-paths)
@ -42,28 +47,26 @@ pkgs.stdenv.mkDerivation {
bytes=$((2 * 4096 * $numInodes + 4096 * $numDataBlocks))
echo "Creating an EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks)"
truncate -s $bytes $out
faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U ${uuid} $out
truncate -s $bytes $img
faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U ${uuid} $img
# Also include a manifest of the closures in a format suitable for nix-store --load-db.
cp ${sdClosureInfo}/registration nix-path-registration
cptofs -t ext4 -i $out nix-path-registration /
cptofs -t ext4 -i $img nix-path-registration /
# Create nix/store before copying paths
faketime -f "1970-01-01 00:00:01" mkdir -p nix/store
cptofs -t ext4 -i $out nix /
cptofs -t ext4 -i $img nix /
echo "copying store paths to image..."
cptofs -t ext4 -i $out $storePaths /nix/store/
cptofs -t ext4 -i $img $storePaths /nix/store/
(
echo "copying files to image..."
cd ./files
cptofs -t ext4 -i $out ./* /
)
cptofs -t ext4 -i $img ./files/* /
# I have ended up with corrupted images sometimes, I suspect that happens when the build machine's disk gets full during the build.
if ! fsck.ext4 -n -f $out; then
if ! fsck.ext4 -n -f $img; then
echo "--- Fsck failed for EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks) ---"
cat errorlog
return 1
@ -71,9 +74,9 @@ pkgs.stdenv.mkDerivation {
(
# Resizes **snugly** to its actual limits (or closer to)
free=$(dumpe2fs $out | grep '^Free blocks:')
blocksize=$(dumpe2fs $out | grep '^Block size:')
blocks=$(dumpe2fs $out | grep '^Block count:')
free=$(dumpe2fs $img | grep '^Free blocks:')
blocksize=$(dumpe2fs $img | grep '^Block size:')
blocks=$(dumpe2fs $img | grep '^Block count:')
blocks=$((''${blocks##*:})) # format the number.
blocksize=$((''${blocksize##*:})) # format the number.
# System can't boot with 0 blocks free.
@ -82,10 +85,15 @@ pkgs.stdenv.mkDerivation {
size=$(( blocks - ''${free##*:} + fudge ))
echo "Resizing from $blocks blocks to $size blocks. (~ $((size*blocksize/1024/1024))MiB)"
EXT2FS_NO_MTAB_OK=yes resize2fs $out -f $size
EXT2FS_NO_MTAB_OK=yes resize2fs $img -f $size
)
# And a final fsck, because of the previous truncating.
fsck.ext4 -n -f $out
fsck.ext4 -n -f $img
if [ ${builtins.toString compressImage} ]; then
echo "Compressing image"
zstd -v --no-progress ./$img -o $out
fi
'';
}

108
nixos/lib/test-driver/test-driver.py
View File

@ -312,8 +312,13 @@ class Machine:
self.monitor.send(message)
return self.wait_for_monitor_prompt()
def wait_for_unit(self, unit: str, user: Optional[str] = None) -> bool:
while True:
def wait_for_unit(self, unit: str, user: Optional[str] = None) -> None:
"""Wait for a systemd unit to get into "active" state.
Throws exceptions on "failed" and "inactive" states as well as
after timing out.
"""
def check_active(_: Any) -> bool:
info = self.get_unit_info(unit, user)
state = info["ActiveState"]
if state == "failed":
@ -329,8 +334,10 @@ class Machine:
'unit "{}" is inactive and there ' "are no pending jobs"
).format(unit)
)
if state == "active":
return True
return state == "active"
retry(check_active)
def get_unit_info(self, unit: str, user: Optional[str] = None) -> Dict[str, str]:
status, lines = self.systemctl('--no-pager show "{}"'.format(unit), user)
@ -421,18 +428,34 @@ class Machine:
)
def wait_until_succeeds(self, command: str) -> str:
"""Wait until a command returns success and return its output.
Throws an exception on timeout.
"""
output = ""
def check_success(_: Any) -> bool:
nonlocal output
status, output = self.execute(command)
return status == 0
with self.nested("waiting for success: {}".format(command)):
while True:
status, output = self.execute(command)
if status == 0:
return output
retry(check_success)
return output
def wait_until_fails(self, command: str) -> str:
"""Wait until a command returns failure.
Throws an exception on timeout.
"""
output = ""
def check_failure(_: Any) -> bool:
nonlocal output
status, output = self.execute(command)
return status != 0
with self.nested("waiting for failure: {}".format(command)):
while True:
status, output = self.execute(command)
if status != 0:
return output
retry(check_failure)
return output
def wait_for_shutdown(self) -> None:
if not self.booted:
@ -453,25 +476,38 @@ class Machine:
)
return output
def wait_until_tty_matches(self, tty: str, regexp: str) -> bool:
def wait_until_tty_matches(self, tty: str, regexp: str) -> None:
"""Wait until the visible output on the chosen TTY matches regular
expression. Throws an exception on timeout.
"""
matcher = re.compile(regexp)
def tty_matches(last: bool) -> bool:
text = self.get_tty_text(tty)
if last:
self.log(
f"Last chance to match /{regexp}/ on TTY{tty}, "
f"which currently contains: {text}"
)
return len(matcher.findall(text)) > 0
with self.nested("waiting for {} to appear on tty {}".format(regexp, tty)):
while True:
text = self.get_tty_text(tty)
if len(matcher.findall(text)) > 0:
return True
retry(tty_matches)
def send_chars(self, chars: List[str]) -> None:
with self.nested("sending keys {}".format(chars)):
for char in chars:
self.send_key(char)
def wait_for_file(self, filename: str) -> bool:
def wait_for_file(self, filename: str) -> None:
"""Waits until the file exists in machine's file system."""
def check_file(_: Any) -> bool:
status, _ = self.execute("test -e {}".format(filename))
return status == 0
with self.nested("waiting for file {}".format(filename)):
while True:
status, _ = self.execute("test -e {}".format(filename))
if status == 0:
return True
retry(check_file)
def wait_for_open_port(self, port: int) -> None:
def port_is_open(_: Any) -> bool:
@ -494,8 +530,8 @@ class Machine:
def stop_job(self, jobname: str, user: Optional[str] = None) -> Tuple[int, str]:
return self.systemctl("stop {}".format(jobname), user)
def wait_for_job(self, jobname: str) -> bool:
return self.wait_for_unit(jobname)
def wait_for_job(self, jobname: str) -> None:
self.wait_for_unit(jobname)
def connect(self) -> None:
if self.connected:
@ -700,18 +736,20 @@ class Machine:
"""Wait until it is possible to connect to the X server. Note that
testing the existence of /tmp/.X11-unix/X0 is insufficient.
"""
def check_x(_: Any) -> bool:
cmd = (
"journalctl -b SYSLOG_IDENTIFIER=systemd | "
+ 'grep "Reached target Current graphical"'
)
status, _ = self.execute(cmd)
if status != 0:
return False
status, _ = self.execute("[ -e /tmp/.X11-unix/X0 ]")
return status == 0
with self.nested("waiting for the X11 server"):
while True:
cmd = (
"journalctl -b SYSLOG_IDENTIFIER=systemd | "
+ 'grep "Reached target Current graphical"'
)
status, _ = self.execute(cmd)
if status != 0:
continue
status, _ = self.execute("[ -e /tmp/.X11-unix/X0 ]")
if status == 0:
return
retry(check_x)
def get_window_names(self) -> List[str]:
return self.succeed(

13
nixos/lib/testing-python.nix
View File

@ -95,6 +95,8 @@ in rec {
, makeCoverageReport ? false
, enableOCR ? false
, name ? "unnamed"
# Skip linting (mainly intended for faster dev cycles)
, skipLint ? false
, ...
} @ t:
@ -133,7 +135,7 @@ in rec {
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand testDriverName
driver = let warn = if skipLint then lib.warn "Linting is disabled!" else lib.id; in warn (runCommand testDriverName
{ buildInputs = [ makeWrapper];
testScript = testScript';
preferLocalBuild = true;
@ -143,7 +145,9 @@ in rec {
mkdir -p $out/bin
echo -n "$testScript" > $out/test-script
${python3Packages.black}/bin/black --check --diff $out/test-script
${lib.optionalString (!skipLint) ''
${python3Packages.black}/bin/black --check --diff $out/test-script
''}
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
@ -160,7 +164,7 @@ in rec {
--set tests 'start_all(); join_all();' \
--set VLANS '${toString vlans}' \
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
''; # "
''); # "
passMeta = drv: drv // lib.optionalAttrs (t ? meta) {
meta = (drv.meta or {}) // t.meta;
@ -262,9 +266,8 @@ in rec {
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.auto.enable = true;
services.xserver.windowManager.default = "icewm";
services.xserver.displayManager.defaultSession = "none+icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
};
in
runInMachine ({

3
nixos/lib/testing.nix
View File

@ -249,9 +249,8 @@ in rec {
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.auto.enable = true;
services.xserver.windowManager.default = "icewm";
services.xserver.displayManager.defaultSession = "none+icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
};
in
runInMachine ({

203
nixos/modules/config/console.nix Normal file
View File

@ -0,0 +1,203 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.console;
makeColor = i: concatMapStringsSep "," (x: "0x" + substring (2*i) 2 x);
isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
optimizedKeymap = pkgs.runCommand "keymap" {
nativeBuildInputs = [ pkgs.buildPackages.kbd ];
LOADKEYS_KEYMAP_PATH = "${consoleEnv}/share/keymaps/**";
preferLocalBuild = true;
} ''
loadkeys -b ${optionalString isUnicode "-u"} "${cfg.keyMap}" > $out
'';
# Sadly, systemd-vconsole-setup doesn't support binary keymaps.
vconsoleConf = pkgs.writeText "vconsole.conf" ''
KEYMAP=${cfg.keyMap}
FONT=${cfg.font}
'';
consoleEnv = pkgs.buildEnv {
name = "console-env";
paths = [ pkgs.kbd ] ++ cfg.packages;
pathsToLink = [
"/share/consolefonts"
"/share/consoletrans"
"/share/keymaps"
"/share/unimaps"
];
};
setVconsole = !config.boot.isContainer;
in
{
###### interface
options.console = {
font = mkOption {
type = types.str;
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
'';
};
keyMap = mkOption {
type = with types; either str path;
default = "us";
example = "fr";
description = ''
The keyboard mapping table for the virtual consoles.
'';
};
colors = mkOption {
type = types.listOf types.str;
default = [];
example = [
"002b36" "dc322f" "859900" "b58900"
"268bd2" "d33682" "2aa198" "eee8d5"
"002b36" "cb4b16" "586e75" "657b83"
"839496" "6c71c4" "93a1a1" "fdf6e3"
];
description = ''
The 16 colors palette used by the virtual consoles.
Leave empty to use the default colors.
Colors must be in hexadecimal format and listed in
order from color 0 to color 15.
'';
};
packages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
description = ''
List of additional packages that provide console fonts, keymaps and
other resources for virtual consoles use.
'';
};
extraTTYs = mkOption {
default = [];
type = types.listOf types.str;
example = ["tty8" "tty9"];
description = ''
TTY (virtual console) devices, in addition to the consoles on
which mingetty and syslogd run, that must be initialised.
Only useful if you have some program that you want to run on
some fixed console. For example, the NixOS installation CD
opens the manual in a web browser on console 7, so it sets
<option>console.extraTTYs</option> to <literal>["tty7"]</literal>.
'';
};
useXkbConfig = mkOption {
type = types.bool;
default = false;
description = ''
If set, configure the virtual console keymap from the xserver
keyboard settings.
'';
};
earlySetup = mkOption {
default = false;
type = types.bool;
description = ''
Enable setting virtual console options as early as possible (in initrd).
'';
};
};
###### implementation
config = mkMerge [
{ console.keyMap = with config.services.xserver;
mkIf cfg.useXkbConfig
(pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
'${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
'');
}
(mkIf (!setVconsole) {
systemd.services.systemd-vconsole-setup.enable = false;
})
(mkIf setVconsole (mkMerge [
{ environment.systemPackages = [ pkgs.kbd ];
# Let systemd-vconsole-setup.service do the work of setting up the
# virtual consoles.
environment.etc."vconsole.conf".source = vconsoleConf;
# Provide kbd with additional packages.
environment.etc.kbd.source = "${consoleEnv}/share";
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
${optionalString cfg.earlySetup ''
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
''}
'';
systemd.services.systemd-vconsole-setup =
{ before = [ "display-manager.service" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf consoleEnv ];
};
}
(mkIf (cfg.colors != []) {
boot.kernelParams = [
"vt.default_red=${makeColor 0 cfg.colors}"
"vt.default_grn=${makeColor 1 cfg.colors}"
"vt.default_blu=${makeColor 2 cfg.colors}"
];
})
(mkIf cfg.earlySetup {
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/share/consolefonts
${if substring 0 1 cfg.font == "/" then ''
font="${cfg.font}"
'' else ''
font="$(echo ${consoleEnv}/share/consolefonts/${cfg.font}.*)"
''}
if [[ $font == *.gz ]]; then
gzip -cd $font > $out/share/consolefonts/font.psf
else
cp -L $font $out/share/consolefonts/font.psf
fi
'';
})
]))
];
imports = [
(mkRenamedOptionModule [ "i18n" "consoleFont" ] [ "console" "font" ])
(mkRenamedOptionModule [ "i18n" "consoleKeyMap" ] [ "console" "keyMap" ])
(mkRenamedOptionModule [ "i18n" "consoleColors" ] [ "console" "colors" ])
(mkRenamedOptionModule [ "i18n" "consolePackages" ] [ "console" "packages" ])
(mkRenamedOptionModule [ "i18n" "consoleUseXkbConfig" ] [ "console" "useXkbConfig" ])
(mkRenamedOptionModule [ "boot" "earlyVconsoleSetup" ] [ "console" "earlySetup" ])
(mkRenamedOptionModule [ "boot" "extraTTYs" ] [ "console" "extraTTYs" ])
];
}

10
nixos/modules/config/fonts/fontconfig.nix
View File

@ -264,6 +264,16 @@ let
};
in
{
imports = [
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowType1" ] [ "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
(mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
];
options = {

3
nixos/modules/config/fonts/fonts.nix
View File

@ -3,6 +3,9 @@
with lib;
{
imports = [
(mkRemovedOptionModule [ "fonts" "enableCoreFonts" ] "Use fonts.fonts = [ pkgs.corefonts ]; instead.")
];
options = {

63
nixos/modules/config/i18n.nix
View File

@ -58,62 +58,6 @@ with lib;
'';
};
consolePackages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
description = ''
List of additional packages that provide console fonts, keymaps and
other resources.
'';
};
consoleFont = mkOption {
type = types.str;
default = "Lat2-Terminus16";
example = "LatArCyrHeb-16";
description = ''
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
'';
};
consoleUseXkbConfig = mkOption {
type = types.bool;
default = false;
description = ''
If set, configure the console keymap from the xserver keyboard
settings.
'';
};
consoleKeyMap = mkOption {
type = with types; either str path;
default = "us";
example = "fr";
description = ''
The keyboard mapping table for the virtual consoles.
'';
};
consoleColors = mkOption {
type = types.listOf types.str;
default = [];
example = [
"002b36" "dc322f" "859900" "b58900"
"268bd2" "d33682" "2aa198" "eee8d5"
"002b36" "cb4b16" "586e75" "657b83"
"839496" "6c71c4" "93a1a1" "fdf6e3"
];
description = ''
The 16 colors palette used by the virtual consoles.
Leave empty to use the default colors.
Colors must be in hexadecimal format and listed in
order from color 0 to color 15.
'';
};
};
};
@ -123,13 +67,6 @@ with lib;
config = {
i18n.consoleKeyMap = with config.services.xserver;
mkIf config.i18n.consoleUseXkbConfig
(pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
'${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
'');
environment.systemPackages =
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;

20
nixos/modules/config/networking.nix
View File

@ -16,6 +16,9 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "networking" "hostConf" ] "Use environment.etc.\"host.conf\" instead.")
];
options = {
@ -41,19 +44,6 @@ in
'';
};
networking.hostConf = lib.mkOption {
type = types.lines;
default = "multi on";
example = ''
multi on
reorder on
trim lan
'';
description = ''
The contents of <filename>/etc/host.conf</filename>. See also <citerefentry><refentrytitle>host.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
'';
};
networking.timeServers = mkOption {
default = [
"0.nixos.pool.ntp.org"
@ -186,7 +176,9 @@ in
'';
# /etc/host.conf: resolver configuration file
"host.conf".text = cfg.hostConf;
"host.conf".text = ''
multi on
'';
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
# /etc/rpc: RPC program numbers.

6
nixos/modules/config/resolvconf.nix
View File

@ -33,6 +33,12 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "networking" "dnsSingleRequest" ] [ "networking" "resolvconf" "dnsSingleRequest" ])
(mkRenamedOptionModule [ "networking" "dnsExtensionMechanism" ] [ "networking" "resolvconf" "dnsExtensionMechanism" ])
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
];
options = {

4
nixos/modules/config/users-groups.nix
View File

@ -403,6 +403,10 @@ let
filter types.shellPackage.check shells;
in {
imports = [
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
(mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
];
###### interface

4
nixos/modules/config/xdg/portal.nix
View File

@ -3,6 +3,10 @@
with lib;
{
imports = [
(mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ])
];
options.xdg.portal = {
enable =
mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>"//{

8
nixos/modules/hardware/all-firmware.nix
View File

@ -6,6 +6,14 @@ let
cfg = config.hardware;
in {
imports = [
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
];
###### interface
options = {

5
nixos/modules/hardware/ckb-next.nix
View File

@ -7,6 +7,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
];
options.hardware.ckb-next = {
enable = mkEnableOption "the Corsair keyboard/mouse driver";

4
nixos/modules/hardware/ksm.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.hardware.ksm;
in {
imports = [
(mkRenamedOptionModule [ "hardware" "enableKSM" ] [ "hardware" "ksm" "enable" ])
];
options.hardware.ksm = {
enable = mkEnableOption "Kernel Same-Page Merging";
sleep = mkOption {

5
nixos/modules/hardware/opengl.nix
View File

@ -31,6 +31,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
];
options = {
hardware.opengl = {

14
nixos/modules/i18n/input-method/ibus.nix
View File

@ -27,6 +27,10 @@ let
};
in
{
imports = [
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
];
options = {
i18n.inputMethod.ibus = {
engines = mkOption {
@ -53,9 +57,15 @@ in
config = mkIf (config.i18n.inputMethod.enabled == "ibus") {
i18n.inputMethod.package = ibusPackage;
environment.systemPackages = [
ibusAutostart
];
# Without dconf enabled it is impossible to use IBus
environment.systemPackages = with pkgs; [
dconf ibusAutostart
programs.dconf.enable = true;
services.dbus.packages = [
ibusAutostart
];
environment.variables = {

11
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -603,9 +603,6 @@ in
{ source = config.system.build.squashfsStore;
target = "/nix-store.squashfs";
}
{ source = config.isoImage.efiSplashImage;
target = "/EFI/boot/efi-background.png";
}
{ source = config.isoImage.splashImage;
target = "/isolinux/background.png";
}
@ -630,8 +627,8 @@ in
{ source = "${efiDir}/EFI";
target = "/EFI";
}
{ source = pkgs.writeText "loopback.cfg" "source /EFI/boot/grub.cfg";
target = "/boot/grub/loopback.cfg";
{ source = (pkgs.writeTextDir "grub/loopback.cfg" "source /EFI/boot/grub.cfg") + "/grub";
target = "/boot/grub";
}
] ++ optionals (config.boot.loader.grub.memtest86.enable && canx86BiosBoot) [
{ source = "${pkgs.memtest86plus}/memtest.bin";
@ -641,6 +638,10 @@ in
{ source = config.isoImage.grubTheme;
target = "/EFI/boot/grub-theme";
}
] ++ [
{ source = config.isoImage.efiSplashImage;
target = "/EFI/boot/efi-background.png";
}
];
boot.loader.timeout = 10;

13
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -18,6 +18,7 @@ with lib;
let
rootfsImage = pkgs.callPackage ../../../lib/make-ext4-fs.nix ({
inherit (config.sdImage) storePaths;
compressImage = true;
populateImageCommands = config.sdImage.populateRootCommands;
volumeLabel = "NIXOS_SD";
} // optionalAttrs (config.sdImage.rootPartitionUUID != null) {
@ -128,10 +129,11 @@ in
sdImage.storePaths = [ config.system.build.toplevel ];
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs, mtools, libfaketime, utillinux, bzip2 }: stdenv.mkDerivation {
system.build.sdImage = pkgs.callPackage ({ stdenv, dosfstools, e2fsprogs,
mtools, libfaketime, utillinux, bzip2, zstd }: stdenv.mkDerivation {
name = config.sdImage.imageName;
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux bzip2 ];
nativeBuildInputs = [ dosfstools e2fsprogs mtools libfaketime utillinux bzip2 zstd ];
inherit (config.sdImage) compressImage;
@ -146,11 +148,14 @@ in
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
fi
echo "Decompressing rootfs image"
zstd -d --no-progress "${rootfsImage}" -o ./root-fs.img
# Gap in front of the first partition, in MiB
gap=8
# Create the image file sized to fit /boot/firmware and /, plus slack for the gap.
rootSizeBlocks=$(du -B 512 --apparent-size ${rootfsImage} | awk '{ print $1 }')
rootSizeBlocks=$(du -B 512 --apparent-size ./root-fs.img | awk '{ print $1 }')
firmwareSizeBlocks=$((${toString config.sdImage.firmwareSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + firmwareSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
@ -168,7 +173,7 @@ in
# Copy the rootfs into the SD image
eval $(partx $img -o START,SECTORS --nr 2 --pairs)
dd conv=notrunc if=${rootfsImage} of=$img seek=$START count=$SECTORS
dd conv=notrunc if=./root-fs.img of=$img seek=$START count=$SECTORS
# Create a FAT32 /boot/firmware partition of suitable size into firmware_part.img
eval $(partx $img -o START,SECTORS --nr 1 --pairs)

3
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -335,6 +335,9 @@ if (@swaps) {
next unless -e $swapFilename;
my $dev = findStableDevPath $swapFilename;
if ($swapType =~ "partition") {
# zram devices are more likely created by configuration.nix, so
# ignore them here
next if ($swapFilename =~ /^\/dev\/zram/);
push @swapDevices, "{ device = \"$dev\"; }";
} elsif ($swapType =~ "file") {
# swap *files* are more likely specified in configuration.nix, so

5
nixos/modules/misc/documentation.nix
View File

@ -67,6 +67,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
(mkRenamedOptionModule [ "services" "nixosManual" "enable" ] [ "documentation" "nixos" "enable" ])
];
options = {

4
nixos/modules/misc/ids.nix
View File

@ -80,8 +80,8 @@ in
#kdm = 39; # dropped in 17.03
#ghostone = 40; # dropped in 18.03
git = 41;
fourstore = 42;
fourstorehttp = 43;
#fourstore = 42; # dropped in 20.03
#fourstorehttp = 43; # dropped in 20.03
virtuoso = 44;
rtkit = 45;
dovecot2 = 46;

5
nixos/modules/misc/locate.nix
View File

@ -7,6 +7,11 @@ let
isMLocate = hasPrefix "mlocate" cfg.locate.name;
isFindutils = hasPrefix "findutils" cfg.locate.name;
in {
imports = [
(mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])
(mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" )
];
options.services.locate = with types; {
enable = mkOption {
type = bool;

8
nixos/modules/misc/version.nix
View File

@ -10,6 +10,12 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
(mkRenamedOptionModule [ "system" "nixosVersionSuffix" ] [ "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "system" "nixosRevision" ] [ "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "system" "nixosLabel" ] [ "system" "nixos" "label" ])
];
options.system = {
@ -92,7 +98,7 @@ in
VERSION="${cfg.version} (${cfg.codeName})"
VERSION_CODENAME=${toLower cfg.codeName}
VERSION_ID="${cfg.version}"
PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})"
PRETTY_NAME="NixOS ${cfg.release} (${cfg.codeName})"
LOGO="nix-snowflake"
HOME_URL="https://nixos.org/"
DOCUMENTATION_URL="https://nixos.org/nixos/manual/index.html"

10
nixos/modules/module-list.nix
View File

@ -11,6 +11,7 @@
./config/xdg/mime.nix
./config/xdg/portal.nix
./config/appstream.nix
./config/console.nix
./config/xdg/sounds.nix
./config/gtk/gtk-icon-cache.nix
./config/gnu.nix
@ -254,8 +255,6 @@
./services/continuous-integration/jenkins/default.nix
./services/continuous-integration/jenkins/job-builder.nix
./services/continuous-integration/jenkins/slave.nix
./services/databases/4store-endpoint.nix
./services/databases/4store.nix
./services/databases/aerospike.nix
./services/databases/cassandra.nix
./services/databases/clickhouse.nix
@ -445,6 +444,7 @@
./services/misc/logkeys.nix
./services/misc/leaps.nix
./services/misc/lidarr.nix
./services/misc/mame.nix
./services/misc/mathics.nix
./services/misc/matrix-synapse.nix
./services/misc/mbpfan.nix
@ -558,6 +558,7 @@
./services/network-filesystems/yandex-disk.nix
./services/network-filesystems/xtreemfs.nix
./services/network-filesystems/ceph.nix
./services/networking/3proxy.nix
./services/networking/amuled.nix
./services/networking/aria2.nix
./services/networking/asterisk.nix
@ -694,6 +695,7 @@
./services/networking/sniproxy.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
./services/networking/spacecookie.nix
./services/networking/spiped.nix
./services/networking/squid.nix
./services/networking/sslh.nix
@ -722,6 +724,7 @@
./services/networking/tvheadend.nix
./services/networking/unbound.nix
./services/networking/unifi.nix
./services/networking/v2ray.nix
./services/networking/vsftpd.nix
./services/networking/wakeonlan.nix
./services/networking/websockify.nix
@ -813,6 +816,7 @@
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix
./services/web-apps/trilium.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
@ -867,6 +871,7 @@
./services/x11/hardware/digimend.nix
./services/x11/hardware/cmt.nix
./services/x11/gdk-pixbuf.nix
./services/x11/imwheel.nix
./services/x11/redshift.nix
./services/x11/urxvtd.nix
./services/x11/window-managers/awesome.nix
@ -937,7 +942,6 @@
./tasks/filesystems/vfat.nix
./tasks/filesystems/xfs.nix
./tasks/filesystems/zfs.nix
./tasks/kbd.nix
./tasks/lvm.nix
./tasks/network-interfaces.nix
./tasks/network-interfaces-systemd.nix

4
nixos/modules/programs/bash/bash.nix
View File

@ -40,6 +40,10 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
];
options = {
programs.bash = {

2
nixos/modules/programs/nm-applet.nix
View File

@ -10,5 +10,7 @@
partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${pkgs.networkmanagerapplet}/bin/nm-applet";
};
services.dbus.packages = [ pkgs.gcr ];
};
}

171
nixos/modules/programs/oblogout.nix
View File

@ -1,176 +1,11 @@
# Global configuration for oblogout.
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.programs.oblogout;
in
{
###### interface
options = {
imports = [
(mkRemovedOptionModule [ "programs" "oblogout" ] "programs.oblogout has been removed from NixOS. This is because the oblogout repository has been archived upstream.")
];
programs.oblogout = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to install OBLogout and create <filename>/etc/oblogout.conf</filename>.
See <filename>${pkgs.oblogout}/share/doc/README</filename>.
'';
};
opacity = mkOption {
type = types.int;
default = 70;
description = ''
Opacity percentage of Cairo rendered backgrounds.
'';
};
bgcolor = mkOption {
type = types.str;
default = "black";
description = ''
Colour name or hex code (#ffffff) of the background color.
'';
};
buttontheme = mkOption {
type = types.str;
default = "simplistic";
description = ''
Icon theme for the buttons, must be in the themes folder of
the package, or in
<filename>~/.themes/&lt;name&gt;/oblogout/</filename>.
'';
};
buttons = mkOption {
type = types.str;
default = "cancel, logout, restart, shutdown, suspend, hibernate";
description = ''
List and order of buttons to show.
'';
};
cancel = mkOption {
type = types.str;
default = "Escape";
description = ''
Cancel logout/shutdown shortcut.
'';
};
shutdown = mkOption {
type = types.str;
default = "S";
description = ''
Shutdown shortcut.
'';
};
restart = mkOption {
type = types.str;
default = "R";
description = ''
Restart shortcut.
'';
};
suspend = mkOption {
type = types.str;
default = "U";
description = ''
Suspend shortcut.
'';
};
logout = mkOption {
type = types.str;
default = "L";
description = ''
Logout shortcut.
'';
};
lock = mkOption {
type = types.str;
default = "K";
description = ''
Lock session shortcut.
'';
};
hibernate = mkOption {
type = types.str;
default = "H";
description = ''
Hibernate shortcut.
'';
};
clogout = mkOption {
type = types.str;
default = "openbox --exit";
description = ''
Command to logout.
'';
};
clock = mkOption {
type = types.str;
default = "";
description = ''
Command to lock screen.
'';
};
cswitchuser = mkOption {
type = types.str;
default = "";
description = ''
Command to switch user.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.oblogout ];
environment.etc."oblogout.conf".text = ''
[settings]
usehal = false
[looks]
opacity = ${toString cfg.opacity}
bgcolor = ${cfg.bgcolor}
buttontheme = ${cfg.buttontheme}
buttons = ${cfg.buttons}
[shortcuts]
cancel = ${cfg.cancel}
shutdown = ${cfg.shutdown}
restart = ${cfg.restart}
suspend = ${cfg.suspend}
logout = ${cfg.logout}
lock = ${cfg.lock}
hibernate = ${cfg.hibernate}
[commands]
shutdown = systemctl poweroff
restart = systemctl reboot
suspend = systemctl suspend
hibernate = systemctl hibernate
logout = ${cfg.clogout}
lock = ${cfg.clock}
switchuser = ${cfg.cswitchuser}
'';
};
}

5
nixos/modules/programs/ssmtp.nix
View File

@ -13,6 +13,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "networking" "defaultMailServer" ] [ "services" "ssmtp" ])
(mkRenamedOptionModule [ "services" "ssmtp" "directDelivery" ] [ "services" "ssmtp" "enable" ])
];
options = {
services.ssmtp = {

66
nixos/modules/programs/sway.nix
View File

@ -4,26 +4,32 @@ with lib;
let
cfg = config.programs.sway;
swayPackage = pkgs.sway;
swayWrapped = pkgs.writeShellScriptBin "sway" ''
set -o errexit
wrapperOptions = types.submodule {
options =
let
mkWrapperFeature = default: description: mkOption {
type = types.bool;
inherit default;
example = !default;
description = "Whether to make use of the ${description}";
};
in {
base = mkWrapperFeature true ''
base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
'';
gtk = mkWrapperFeature false ''
wrapGAppsHook wrapper to execute sway with required environment
variables for GTK applications.
'';
};
};
if [ ! "$_SWAY_WRAPPER_ALREADY_EXECUTED" ]; then
export _SWAY_WRAPPER_ALREADY_EXECUTED=1
${cfg.extraSessionCommands}
fi
if [ "$DBUS_SESSION_BUS_ADDRESS" ]; then
export DBUS_SESSION_BUS_ADDRESS
exec ${swayPackage}/bin/sway "$@"
else
exec ${pkgs.dbus}/bin/dbus-run-session ${swayPackage}/bin/sway "$@"
fi
'';
swayJoined = pkgs.symlinkJoin {
name = "sway-joined";
paths = [ swayWrapped swayPackage ];
swayPackage = pkgs.sway.override {
extraSessionCommands = cfg.extraSessionCommands;
withBaseWrapper = cfg.wrapperFeatures.base;
withGtkWrapper = cfg.wrapperFeatures.gtk;
};
in {
options.programs.sway = {
@ -35,6 +41,15 @@ in {
Please have a look at the "extraSessionCommands" example for running
programs natively under Wayland'';
wrapperFeatures = mkOption {
type = wrapperOptions;
default = { };
example = { gtk = true; };
description = ''
Attribute set of features to enable in the wrapper.
'';
};
extraSessionCommands = mkOption {
type = types.lines;
default = "";
@ -55,7 +70,7 @@ in {
extraPackages = mkOption {
type = with types; listOf package;
default = with pkgs; [
swaylock swayidle swaybg
swaylock swayidle
xwayland rxvt_unicode dmenu
];
defaultText = literalExample ''
@ -75,8 +90,17 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.extraSessionCommands != "" -> cfg.wrapperFeatures.base;
message = ''
The extraSessionCommands for Sway will not be run if
wrapperFeatures.base is disabled.
'';
}
];
environment = {
systemPackages = [ swayJoined ] ++ cfg.extraPackages;
systemPackages = [ swayPackage ] ++ cfg.extraPackages;
etc = {
"sway/config".source = mkOptionDefault "${swayPackage}/etc/sway/config";
#"sway/security.d".source = mkOptionDefault "${swayPackage}/etc/sway/security.d/";
@ -87,6 +111,8 @@ in {
hardware.opengl.enable = mkDefault true;
fonts.enableDefaultFonts = mkDefault true;
programs.dconf.enable = mkDefault true;
# To make a Sway session available if a display manager like SDDM is enabled:
services.xserver.displayManager.sessionPackages = [ swayPackage ];
};
meta.maintainers = with lib.maintainers; [ gnidorah primeos colemickens ];

7
nixos/modules/programs/zsh/oh-my-zsh.nix
View File

@ -29,6 +29,13 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "enable" ] [ "programs" "zsh" "ohMyZsh" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "theme" ] [ "programs" "zsh" "ohMyZsh" "theme" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "custom" ] [ "programs" "zsh" "ohMyZsh" "custom" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "plugins" ] [ "programs" "zsh" "ohMyZsh" "plugins" ])
];
options = {
programs.zsh.ohMyZsh = {
enable = mkOption {

4
nixos/modules/programs/zsh/zsh-autosuggestions.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.programs.zsh.autosuggestions;
in
{
imports = [
(mkRenamedOptionModule [ "programs" "zsh" "enableAutosuggestions" ] [ "programs" "zsh" "autosuggestions" "enable" ])
];
options.programs.zsh.autosuggestions = {
enable = mkEnableOption "zsh-autosuggestions";

7
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View File

@ -6,6 +6,13 @@ let
cfg = config.programs.zsh.syntaxHighlighting;
in
{
imports = [
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "enable" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "highlighters" ] [ "programs" "zsh" "syntaxHighlighting" "highlighters" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "patterns" ] [ "programs" "zsh" "syntaxHighlighting" "patterns" ])
];
options = {
programs.zsh.syntaxHighlighting = {
enable = mkEnableOption "zsh-syntax-highlighting";

309
nixos/modules/rename.nix
View File

@ -4,313 +4,30 @@ with lib;
{
imports = [
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkRenamedOptionModule [ "networking" "connman" ] [ "services" "connman" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" ] [ "services" "ssmtp" ])
(mkRenamedOptionModule [ "services" "ssmtp" "directDelivery" ] [ "services" "ssmtp" "enable" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
in if enabled then [ pkgs.gutenprint ] else [ ]))
(mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ]
(config:
let value = getAttrFromPath [ "services" "ddclient" "domain" ] config;
in if value != "" then [ value ] else []))
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ])
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "port" ] ["services" "kubernetes" "apiserver" "insecurePort"])
(mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
(mkRenamedOptionModule [ "services" "kubernetes" "controllerManager" "address" ] ["services" "kubernetes" "controllerManager" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "controllerManager" "port" ] ["services" "kubernetes" "controllerManager" "insecurePort"])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "servers" ] [ "services" "kubernetes" "apiserver" "etcd" "servers" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "keyFile" ] [ "services" "kubernetes" "apiserver" "etcd" "keyFile" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "certFile" ] [ "services" "kubernetes" "apiserver" "etcd" "certFile" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "caFile" ] [ "services" "kubernetes" "apiserver" "etcd" "caFile" ])
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "applyManifests" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ])
(mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ])
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "configFile" ] "The configuration of nzbget is now managed by users through the web interface.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "dataDir" ] "The data directory for nzbget is now /var/lib/nzbget.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanagerURL" ] ''
Due to incompatibility, the alertmanagerURL option has been removed,
please use 'services.prometheus2.alertmanagers' instead.
'')
(mkRenamedOptionModule [ "services" "prometheus2" ] [ "services" "prometheus" ])
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
/*
This file defines some renaming/removing options for backwards compatibility
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "")
(mkRenamedOptionModule [ "services" "clamav" "updater" "config" ] [ "services" "clamav" "updater" "extraConfig" ])
(mkRemovedOptionModule [ "services" "pykms" "verbose" ] "Use services.pykms.logLevel instead")
(mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead")
(mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead")
(mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ])
# PAM
(mkRenamedOptionModule [ "security" "pam" "enableU2F" ] [ "security" "pam" "u2f" "enable" ])
# rmilter/rspamd
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")
# Xsession script
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "xserver" "displayManager" "job" "logToFile" ])
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ])
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "loader" "grub" "timeout" ] [ "boot" "loader" "timeout" ])
(mkRenamedOptionModule [ "boot" "loader" "gummiboot" "timeout" ] [ "boot" "loader" "timeout" ])
# OpenSSH
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
# libvirtd
(mkRemovedOptionModule [ "virtualisation" "libvirtd" "enableKVM" ]
"Set the option `virtualisation.libvirtd.qemuPackage' instead.")
# ibus
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
# sandboxing
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
It should ONLY be used when the relevant module can't define these imports
itself, such as when the module was removed completely.
See https://github.com/NixOS/nixpkgs/pull/61570 for explanation
*/
# This alias module can't be where _module.check is defined because it would
# be added to submodules as well there
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
# opendkim
(mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ])
# Enlightenment
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])
# Iodine
(mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ])
(mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ])
(mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ])
(mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ])
(mkRemovedOptionModule [ "services" "iodined" "client" ] "")
# Unity3D
(mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ])
# murmur
(mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
(mkRemovedOptionModule [ "services" "murmur" "pidfile" ] "Hardcoded to /run/murmur/murmurd.pid now")
# parsoid
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] "Use services.parsoid.wikis instead")
# plexpy / tautulli
(mkRenamedOptionModule [ "services" "plexpy" ] [ "services" "tautulli" ])
# piwik was renamed to matomo
(mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
(mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
(mkRemovedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools.<name>.settings")
(mkRemovedOptionModule [ "services" "matomo" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools.<name>.settings")
(mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])
# tarsnap
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")
# alsa
(mkRenamedOptionModule [ "sound" "enableMediaKeys" ] [ "sound" "mediaKeys" "enable" ])
# postgrey
(mkMergedOptionModule [ [ "services" "postgrey" "inetAddr" ] [ "services" "postgrey" "inetPort" ] ] [ "services" "postgrey" "socket" ] (config: let
value = p: getAttrFromPath p config;
inetAddr = [ "services" "postgrey" "inetAddr" ];
inetPort = [ "services" "postgrey" "inetPort" ];
in
if value inetAddr == null
then { path = "/run/postgrey.sock"; }
else { addr = value inetAddr; port = value inetPort; }
))
# dhcpd
(mkRenamedOptionModule [ "services" "dhcpd" ] [ "services" "dhcpd4" ])
# locate
(mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])
(mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" )
# nfs
(mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ])
(mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ])
# KDE Plasma 5
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "kde5" ] [ "services" "xserver" "desktopManager" "plasma5" ])
# Fontconfig
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "allowType1" ] [ "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
# postgresqlBackup
(mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] ''
A systemd timer is now used instead of cron.
The starting time can be configured via <literal>services.postgresqlBackup.startAt</literal>.
'')
# phpfpm
(mkRemovedOptionModule [ "services" "phpfpm" "poolConfigs" ] "Use services.phpfpm.pools instead.")
# zabbixServer
(mkRenamedOptionModule [ "services" "zabbixServer" "dbServer" ] [ "services" "zabbixServer" "database" "host" ])
# Profile splitting
(mkRenamedOptionModule [ "virtualisation" "growPartition" ] [ "boot" "growPartition" ])
# misc/version.nix
(mkRenamedOptionModule [ "system" "nixosVersion" ] [ "system" "nixos" "version" ])
(mkRenamedOptionModule [ "system" "nixosVersionSuffix" ] [ "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "system" "nixosRevision" ] [ "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "system" "nixosLabel" ] [ "system" "nixos" "label" ])
# Users
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
(mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
# Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ] "")
(mkRemovedOptionModule [ "ec2" "metadata" ] "")
(mkRemovedOptionModule [ "services" "openvpn" "enable" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "")
(mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
(mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]
"See the 16.09 release notes for more information.")
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
# Completely removed modules
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "")
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ]
"Set the option `services.xserver.displayManager.sddm.package' instead.")
(mkRemovedOptionModule [ "services" "xserver" "desktopManager" "xfce" "screenLock" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
(mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.")
(mkRemovedOptionModule [ "services" "logstash" "enableWeb" ] "The web interface was removed from logstash")
(mkRemovedOptionModule [ "boot" "zfs" "enableLegacyCrypto" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
(mkRemovedOptionModule [ "fonts" "enableCoreFonts" ] "Use fonts.fonts = [ pkgs.corefonts ]; instead.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "enable" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "highlighters" ] [ "programs" "zsh" "syntaxHighlighting" "highlighters" ])
(mkRenamedOptionModule [ "programs" "zsh" "syntax-highlighting" "patterns" ] [ "programs" "zsh" "syntaxHighlighting" "patterns" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "enable" ] [ "programs" "zsh" "ohMyZsh" "enable" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "theme" ] [ "programs" "zsh" "ohMyZsh" "theme" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "custom" ] [ "programs" "zsh" "ohMyZsh" "custom" ])
(mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "plugins" ] [ "programs" "zsh" "ohMyZsh" "plugins" ])
(mkRenamedOptionModule [ "programs" "zsh" "enableAutosuggestions" ] [ "programs" "zsh" "autosuggestions" "enable" ])
# Xen
(mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ])
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
(mkRenamedOptionModule [ "services" "nixosManual" "enable" ] [ "documentation" "nixos" "enable" ])
# ckb
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
# ACME
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
# KSM
(mkRenamedOptionModule [ "hardware" "enableKSM" ] [ "hardware" "ksm" "enable" ])
# resolvconf
(mkRenamedOptionModule [ "networking" "dnsSingleRequest" ] [ "networking" "resolvconf" "dnsSingleRequest" ])
(mkRenamedOptionModule [ "networking" "dnsExtensionMechanism" ] [ "networking" "resolvconf" "dnsExtensionMechanism" ])
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
# BLCR
(mkRemovedOptionModule [ "environment.blcr.enable" ] "The BLCR module has been removed")
# beegfs
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
# osquery
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services.fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services.fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]
(opt: mkRemovedOptionModule [ "services" "prometheus" "${opt}" ] ''
The prometheus exporters are now configured using `services.prometheus.exporters'.
See the 18.03 release notes for more information.
'' ))
++ (forEach [ "enable" "substitutions" "preset" ]
(opt: mkRemovedOptionModule [ "fonts" "fontconfig" "ultimate" "${opt}" ] ''
The fonts.fontconfig.ultimate module and configuration is obsolete.
The repository has since been archived and activity has ceased.
https://github.com/bohoomil/fontconfig-ultimate/issues/171.
No action should be needed for font configuration, as the fonts.fontconfig
module is already used by default.
'' ));
# Do NOT add any option renames here, see top of the file
];
}

7
nixos/modules/security/acme.nix
View File

@ -127,6 +127,9 @@ in
"https://acme-staging-v02.api.letsencrypt.org/directory".
''
)
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
];
options = {
security.acme = {
@ -238,9 +241,9 @@ in
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
ExecStopPost =
ExecStartPost =
let
script = pkgs.writeScript "acme-post-stop" ''
script = pkgs.writeScript "acme-post-start" ''
#!${pkgs.runtimeShell} -e
${data.postRun}
'';

3
nixos/modules/security/apparmor-suid.nix
View File

@ -4,6 +4,9 @@ let
in
with lib;
{
imports = [
(mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ])
];
options.security.apparmor.confineSUIDApplications = mkOption {
default = true;

4
nixos/modules/security/chromium-suid-sandbox.nix
View File

@ -7,6 +7,10 @@ let
sandbox = pkgs.chromium.sandbox;
in
{
imports = [
(mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ])
];
options.security.chromiumSuidSandbox.enable = mkOption {
type = types.bool;
default = false;

6
nixos/modules/security/pam.nix
View File

@ -484,6 +484,10 @@ in
{
imports = [
(mkRenamedOptionModule [ "security" "pam" "enableU2F" ] [ "security" "pam" "u2f" "enable" ])
];
###### interface
options = {
@ -707,7 +711,7 @@ in
Use "challenge-response" for offline validation using YubiKeys with HMAC-SHA-1
Challenge-Response configurations. See the man-page ykpamcfg(1) for further
details on how to configure offline Challenge-Response validation.
details on how to configure offline Challenge-Response validation.
More information can be found <link
xlink:href="https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html">here</link>.

5
nixos/modules/security/polkit.nix
View File

@ -42,15 +42,14 @@ in
security.polkit.adminIdentities = mkOption {
type = types.listOf types.str;
default = [ "unix-user:0" "unix-group:wheel" ];
default = [ "unix-group:wheel" ];
example = [ "unix-user:alice" "unix-group:admin" ];
description =
''
Specifies which users are considered administrators, for those
actions that require the user to authenticate as an
administrator (i.e. have an <literal>auth_admin</literal>
value). By default, this is the <literal>root</literal>
user and all users in the <literal>wheel</literal> group.
value). By default, this is all users in the <literal>wheel</literal> group.
'';
};

4
nixos/modules/security/wrappers/default.nix
View File

@ -94,6 +94,10 @@ let
) programs;
in
{
imports = [
(lib.mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead")
(lib.mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead")
];
###### interface

1
nixos/modules/services/admin/oxidized.nix
View File

@ -111,6 +111,7 @@ in
Restart = "always";
WorkingDirectory = cfg.dataDir;
KillSignal = "SIGKILL";
PIDFile = "${cfg.dataDir}.config/oxidized/pid";
};
};
};

3
nixos/modules/services/audio/alsa.nix
View File

@ -12,6 +12,9 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "sound" "enableMediaKeys" ] [ "sound" "mediaKeys" "enable" ])
];
###### interface

166
nixos/modules/services/backup/bacula.nix
View File

@ -44,7 +44,17 @@ let
Pid Directory = "/run";
${sd_cfg.extraStorageConfig}
}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Autochanger {
Name = "${name}";
Device = ${concatStringsSep ", " (map (a: "\"${a}\"") value.devices)};
Changer Device = "${value.changerDevice}";
Changer Command = "${value.changerCommand}";
${value.extraAutochangerConfig}
}
'') sd_cfg.autochanger)}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Device {
Name = "${name}";
@ -103,7 +113,19 @@ let
password = mkOption {
# TODO: required?
description = ''
Specifies the password that must be supplied for a Director to b
Specifies the password that must be supplied for the default Bacula
Console to be authorized. The same password must appear in the
Director resource of the Console configuration file. For added
security, the password is never passed across the network but instead
a challenge response hash code created with the password. This
directive is required. If you have either /dev/random or bc on your
machine, Bacula will generate a random password during the
configuration process, otherwise it will be left blank and you must
manually supply it.
The password is plain text. It is not generated through any special
process but as noted above, it is better to use random text for
security reasons.
'';
};
@ -111,26 +133,133 @@ let
default = "no";
example = "yes";
description = ''
If Monitor is set to no (default), this director will have full
If Monitor is set to <literal>no</literal>, this director will have
full access to this Storage daemon. If Monitor is set to
<literal>yes</literal>, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we
highly recommend to set this directive to yes to avoid serious
security problems.
'';
};
};
};
autochangerOptions = {...}:
{
options = {
changerDevice = mkOption {
description = ''
The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource. This generic SCSI device name
should be specified if you have an autochanger or if you have a
standard tape drive and want to use the Alert Command (see below).
For example, on Linux systems, for an Archive Device name of
<literal>/dev/nst0</literal>, you would specify
<literal>/dev/sg0</literal> for the Changer Device name. Depending
on your exact configuration, and the number of autochangers or the
type of autochanger, what you specify here can vary. This directive
is optional. See the Using AutochangersAutochangersChapter chapter of
this manual for more details of using this and the following
autochanger directives.
'';
};
changerCommand = mkOption {
description = ''
The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula. Normally, this
directive will be specified only in the AutoChanger resource, which
is then used for all devices. However, you may also specify the
different Changer Command in each Device resource. Most frequently,
you will specify the Bacula supplied mtx-changer script as follows:
<literal>"/path/mtx-changer %c %o %S %a %d"</literal>
and you will install the mtx on your system (found in the depkgs
release). An example of this command is in the default bacula-sd.conf
file. For more details on the substitution characters that may be
specified to configure your autochanger please see the
AutochangersAutochangersChapter chapter of this manual. For FreeBSD
users, you might want to see one of the several chio scripts in
examples/autochangers.
'';
default = "/etc/bacula/mtx-changer %c %o %S %a %d";
};
devices = mkOption {
description = ''
'';
};
extraAutochangerConfig = mkOption {
default = "";
description = ''
Extra configuration to be passed in Autochanger directive.
'';
example = ''
'';
};
};
};
deviceOptions = {...}:
{
options = {
archiveDevice = mkOption {
# TODO: required?
description = ''
The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.
The specified name-string gives the system file name of the storage
device managed by this storage daemon. This will usually be the
device file name of a removable storage device (tape drive), for
example <literal>/dev/nst0</literal> or
<literal>/dev/rmt/0mbn</literal>. For a DVD-writer, it will be for
example <literal>/dev/hdc</literal>. It may also be a directory name
if you are archiving to disk storage. In this case, you must supply
the full absolute path to the directory. When specifying a tape
device, it is preferable that the "non-rewind" variant of the device
file name be given.
'';
};
mediaType = mkOption {
# TODO: required?
description = ''
The specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
The specified name-string names the type of media supported by this
device, for example, <literal>DLT7000</literal>. Media type names are
arbitrary in that you set them to anything you want, but they must be
known to the volume database to keep track of which storage daemons
can read which volumes. In general, each different storage type
should have a unique Media Type associated with it. The same
name-string must appear in the appropriate Storage resource
definition in the Director's configuration file.
Even though the names you assign are arbitrary (i.e. you choose the
name you want), you should take care in specifying them because the
Media Type is used to determine which storage device Bacula will
select during restore. Thus you should probably use the same Media
Type specification for all drives where the Media can be freely
interchanged. This is not generally an issue if you have a single
Storage daemon, but it is with multiple Storage daemons, especially
if they have incompatible media.
For example, if you specify a Media Type of <literal>DDS-4</literal>
then during the restore, Bacula will be able to choose any Storage
Daemon that handles <literal>DDS-4</literal>. If you have an
autochanger, you might want to name the Media Type in a way that is
unique to the autochanger, unless you wish to possibly use the
Volumes in other drives. You should also ensure to have unique Media
Type names if the Media is not compatible between drives. This
specification is required for all devices.
In addition, if you are using disk storage, each Device resource will
generally have a different mount point or directory. In order for
Bacula to select the correct Device resource, each one must have a
unique Media Type.
'';
};
@ -166,8 +295,8 @@ in {
default = "${config.networking.hostName}-fd";
description = ''
The client name that must be used by the Director when connecting.
Generally, it is a good idea to use a name related to the machine
so that error messages can be easily identified if you have multiple
Generally, it is a good idea to use a name related to the machine so
that error messages can be easily identified if you have multiple
Clients. This directive is required.
'';
};
@ -232,7 +361,8 @@ in {
default = 9103;
type = types.int;
description = ''
Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.
Specifies port number on which the Storage daemon listens for
Director connections.
'';
};
@ -251,7 +381,15 @@ in {
'';
type = with types; attrsOf (submodule deviceOptions);
};
autochanger = mkOption {
default = {};
description = ''
This option defines Autochanger resources in Bacula Storage Daemon.
'';
type = with types; attrsOf (submodule autochangerOptions);
};
extraStorageConfig = mkOption {
default = "";
description = ''
@ -287,7 +425,8 @@ in {
name = mkOption {
default = "${config.networking.hostName}-dir";
description = ''
The director name used by the system administrator. This directive is required.
The director name used by the system administrator. This directive is
required.
'';
};
@ -295,7 +434,12 @@ in {
default = 9101;
type = types.int;
description = ''
Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Specify the port (a positive integer) on which the Director daemon
will listen for Bacula Console connections. This same port number
must be specified in the Director resource of the Console
configuration file. The default is 9101, so normally this directive
need not be specified. This directive should not be used if you
specify DirAddresses (N.B plural) directive.
'';
};

9
nixos/modules/services/backup/postgresql-backup.nix
View File

@ -35,6 +35,13 @@ let
in {
imports = [
(mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] ''
A systemd timer is now used instead of cron.
The starting time can be configured via <literal>services.postgresqlBackup.startAt</literal>.
'')
];
options = {
services.postgresqlBackup = {
enable = mkOption {
@ -82,7 +89,7 @@ in {
pgdumpOptions = mkOption {
type = types.separatedString " ";
default = "-Cbo";
default = "-C";
description = ''
Command line options for pg_dump. This options is not used
if <literal>config.services.postgresqlBackup.backupAll</literal> is enabled.

4
nixos/modules/services/backup/tarsnap.nix
View File

@ -23,6 +23,10 @@ let
'';
in
{
imports = [
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")
];
options = {
services.tarsnap = {
enable = mkOption {

4
nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
View File

@ -5,6 +5,10 @@ with lib;
let
cfg = config.services.kubernetes.addons.dashboard;
in {
imports = [
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
];
options.services.kubernetes.addons.dashboard = {
enable = mkEnableOption "kubernetes dashboard addon";

12
nixos/modules/services/cluster/kubernetes/apiserver.nix
View File

@ -13,6 +13,18 @@ let
)) + ".1");
in
{
imports = [
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "port" ] ["services" "kubernetes" "apiserver" "insecurePort"])
(mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "servers" ] [ "services" "kubernetes" "apiserver" "etcd" "servers" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "keyFile" ] [ "services" "kubernetes" "apiserver" "etcd" "keyFile" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "certFile" ] [ "services" "kubernetes" "apiserver" "etcd" "certFile" ])
(mkRenamedOptionModule [ "services" "kubernetes" "etcd" "caFile" ] [ "services" "kubernetes" "apiserver" "etcd" "caFile" ])
];
###### interface
options.services.kubernetes.apiserver = with lib.types; {

5
nixos/modules/services/cluster/kubernetes/controller-manager.nix
View File

@ -7,6 +7,11 @@ let
cfg = top.controllerManager;
in
{
imports = [
(mkRenamedOptionModule [ "services" "kubernetes" "controllerManager" "address" ] ["services" "kubernetes" "controllerManager" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "controllerManager" "port" ] ["services" "kubernetes" "controllerManager" "insecurePort"])
];
###### interface
options.services.kubernetes.controllerManager = with lib.types; {

4
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -74,6 +74,10 @@ let
};
in {
imports = [
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
];
###### interface
options.services.kubernetes = {

6
nixos/modules/services/cluster/kubernetes/kubelet.nix
View File

@ -52,6 +52,12 @@ let
taints = concatMapStringsSep "," (v: "${v.key}=${v.value}:${v.effect}") (mapAttrsToList (n: v: v) cfg.taints);
in
{
imports = [
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "applyManifests" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "allowPrivileged" ] "")
];
###### interface
options.services.kubernetes.kubelet = with lib.types; {

3
nixos/modules/services/cluster/kubernetes/proxy.nix
View File

@ -7,6 +7,9 @@ let
cfg = top.proxy;
in
{
imports = [
(mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
];
###### interface
options.services.kubernetes.proxy = with lib.types; {

74
nixos/modules/services/databases/4store-endpoint.nix
View File

@ -1,74 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.fourStoreEndpoint;
endpointUser = "fourstorehttp";
run = "${pkgs.su}/bin/su -s ${pkgs.runtimeShell} ${endpointUser} -c";
in
with lib;
{
###### interface
options = {
services.fourStoreEndpoint = {
enable = mkOption {
default = false;
description = "Whether to enable 4Store SPARQL endpoint.";
};
database = mkOption {
default = config.services.fourStore.database;
description = "RDF database name to expose via the endpoint. Defaults to local 4Store database name.";
};
listenAddress = mkOption {
default = null;
description = "IP address to listen on.";
};
port = mkOption {
default = 8080;
description = "port to listen on.";
};
options = mkOption {
default = "";
description = "Extra CLI options to pass to 4Store's 4s-httpd process.";
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = singleton
{ assertion = cfg.enable -> cfg.database != "";
message = "Must specify 4Store database name";
};
users.users = singleton
{ name = endpointUser;
uid = config.ids.uids.fourstorehttp;
description = "4Store SPARQL endpoint user";
};
services.avahi.enable = true;
systemd.services."4store-endpoint" = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = ''
${run} '${pkgs.rdf4store}/bin/4s-httpd -D ${cfg.options} ${if cfg.listenAddress!=null then "-H ${cfg.listenAddress}" else "" } -p ${toString cfg.port} ${cfg.database}'
'';
};
};
}

72
nixos/modules/services/databases/4store.nix
View File

@ -1,72 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.fourStore;
stateDir = "/var/lib/4store";
fourStoreUser = "fourstore";
run = "${pkgs.su}/bin/su -s ${pkgs.runtimeShell} ${fourStoreUser}";
in
with lib;
{
###### interface
options = {
services.fourStore = {
enable = mkOption {
default = false;
description = "Whether to enable 4Store RDF database server.";
};
database = mkOption {
default = "";
description = "RDF database name. If it doesn't exist, it will be created. Databases are stored in ${stateDir}.";
};
options = mkOption {
default = "";
description = "Extra CLI options to pass to 4Store.";
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = singleton
{ assertion = cfg.enable -> cfg.database != "";
message = "Must specify 4Store database name.";
};
users.users = singleton
{ name = fourStoreUser;
uid = config.ids.uids.fourstore;
description = "4Store database user";
home = stateDir;
};
services.avahi.enable = true;
systemd.services."4store" = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${stateDir}/
chown ${fourStoreUser} ${stateDir}
if ! test -e "${stateDir}/${cfg.database}"; then
${run} -c '${pkgs.rdf4store}/bin/4s-backend-setup ${cfg.database}'
fi
'';
script = ''
${run} -c '${pkgs.rdf4store}/bin/4s-backend -D ${cfg.options} ${cfg.database}'
'';
};
};
}

4
nixos/modules/services/databases/mysql.nix
View File

@ -24,6 +24,10 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
];
###### interface

12
nixos/modules/services/databases/neo4j.nix
View File

@ -103,6 +103,18 @@ let
in {
imports = [
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ])
(mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ])
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
];
###### interface
options.services.neo4j = {

4
nixos/modules/services/databases/postgresql.nix
View File

@ -339,9 +339,9 @@ in
'') cfg.ensureDatabases}
'' + ''
${concatMapStrings (user: ''
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc "CREATE USER ${user.name}"
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
$PSQL -tAc 'GRANT ${permission} ON ${database} TO ${user.name}'
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"'
'') user.ensurePermissions)}
'') cfg.ensureUsers}
'';

7
nixos/modules/services/databases/redis.nix
View File

@ -32,6 +32,13 @@ let
'';
in
{
imports = [
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
];
###### interface

25
nixos/modules/services/desktops/pantheon/contractor.nix
View File

@ -6,35 +6,12 @@ with lib;
{
meta.maintainers = pkgs.pantheon.maintainers;
###### interface
options = {
services.pantheon.contractor = {
enable = mkEnableOption "contractor, a desktop-wide extension service used by pantheon";
};
};
###### implementation
config = mkIf config.services.pantheon.contractor.enable {
environment.systemPackages = with pkgs.pantheon; [
contractor
extra-elementary-contracts
];
services.dbus.packages = [ pkgs.pantheon.contractor ];
environment.pathsToLink = [
"/share/contractor"
];
};

31
nixos/modules/services/desktops/pantheon/files.nix
View File

@ -6,33 +6,8 @@ with lib;
{
meta.maintainers = pkgs.pantheon.maintainers;
###### interface
options = {
services.pantheon.files = {
enable = mkEnableOption "pantheon files daemon";
};
};
###### implementation
config = mkIf config.services.pantheon.files.enable {
environment.systemPackages = [
pkgs.pantheon.elementary-files
];
services.dbus.packages = [
pkgs.pantheon.elementary-files
];
};
imports = [
(mkRemovedOptionModule [ "services" "pantheon" "files" "enable" ] "Use `environment.systemPackages [ pkgs.pantheon.elementary-files ];`")
];
}

2
nixos/modules/services/development/lorri.nix
View File

@ -32,7 +32,7 @@ in {
description = "Lorri Daemon";
requires = [ "lorri.socket" ];
after = [ "lorri.socket" ];
path = with pkgs; [ config.nix.package gnutar gzip ];
path = with pkgs; [ config.nix.package git gnutar gzip ];
serviceConfig = {
ExecStart = "${pkgs.lorri}/bin/lorri daemon";
PrivateTmp = true;

181
nixos/modules/services/hardware/upower.nix
View File

@ -37,6 +37,172 @@ in
'';
};
enableWattsUpPro = mkOption {
type = types.bool;
default = false;
description = ''
Enable the Watts Up Pro device.
The Watts Up Pro contains a generic FTDI USB device without a specific
vendor and product ID. When we probe for WUP devices, we can cause
the user to get a perplexing "Device or resource busy" error when
attempting to use their non-WUP device.
The generic FTDI device is known to also be used on:
<itemizedlist>
<listitem><para>Sparkfun FT232 breakout board</para></listitem>
<listitem><para>Parallax Propeller</para></listitem>
</itemizedlist>
'';
};
noPollBatteries = mkOption {
type = types.bool;
default = false;
description = ''
Don't poll the kernel for battery level changes.
Some hardware will send us battery level changes through
events, rather than us having to poll for it. This option
allows disabling polling for hardware that sends out events.
'';
};
ignoreLid = mkOption {
type = types.bool;
default = false;
description = ''
Do we ignore the lid state
Some laptops are broken. The lid state is either inverted, or stuck
on or off. We can't do much to fix these problems, but this is a way
for users to make the laptop panel vanish, a state that might be used
by a couple of user-space daemons. On Linux systems, see also
logind.conf(5).
'';
};
usePercentageForPolicy = mkOption {
type = types.bool;
default = true;
description = ''
Policy for warnings and action based on battery levels
Whether battery percentage based policy should be used. The default
is to use the percentage, which
should work around broken firmwares. It is also more reliable than
the time left (frantically saving all your files is going to use more
battery than letting it rest for example).
'';
};
percentageLow = mkOption {
type = types.ints.unsigned;
default = 10;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>true</literal>, the levels at which UPower will consider the
battery low.
This will also be used for batteries which don't have time information
such as that of peripherals.
If any value (of <literal>percentageLow</literal>,
<literal>percentageCritical</literal> and
<literal>percentageAction</literal>) is invalid, or not in descending
order, the defaults will be used.
'';
};
percentageCritical = mkOption {
type = types.ints.unsigned;
default = 3;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>true</literal>, the levels at which UPower will consider the
battery critical.
This will also be used for batteries which don't have time information
such as that of peripherals.
If any value (of <literal>percentageLow</literal>,
<literal>percentageCritical</literal> and
<literal>percentageAction</literal>) is invalid, or not in descending
order, the defaults will be used.
'';
};
percentageAction = mkOption {
type = types.ints.unsigned;
default = 2;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>true</literal>, the levels at which UPower will take action
for the critical battery level.
This will also be used for batteries which don't have time information
such as that of peripherals.
If any value (of <literal>percentageLow</literal>,
<literal>percentageCritical</literal> and
<literal>percentageAction</literal>) is invalid, or not in descending
order, the defaults will be used.
'';
};
timeLow = mkOption {
type = types.ints.unsigned;
default = 1200;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>false</literal>, the time remaining at which UPower will
consider the battery low.
If any value (of <literal>timeLow</literal>,
<literal>timeCritical</literal> and <literal>timeAction</literal>) is
invalid, or not in descending order, the defaults will be used.
'';
};
timeCritical = mkOption {
type = types.ints.unsigned;
default = 300;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>false</literal>, the time remaining at which UPower will
consider the battery critical.
If any value (of <literal>timeLow</literal>,
<literal>timeCritical</literal> and <literal>timeAction</literal>) is
invalid, or not in descending order, the defaults will be used.
'';
};
timeAction = mkOption {
type = types.ints.unsigned;
default = 120;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>false</literal>, the time remaining at which UPower will
take action for the critical battery level.
If any value (of <literal>timeLow</literal>,
<literal>timeCritical</literal> and <literal>timeAction</literal>) is
invalid, or not in descending order, the defaults will be used.
'';
};
criticalPowerAction = mkOption {
type = types.enum [ "PowerOff" "Hibernate" "HybridSleep" ];
default = "HybridSleep";
description = ''
The action to take when <literal>timeAction</literal> or
<literal>percentageAction</literal> has been reached for the batteries
(UPS or laptop batteries) supplying the computer
'';
};
};
};
@ -54,6 +220,21 @@ in
systemd.packages = [ cfg.package ];
environment.etc."UPower/UPower.conf".text = generators.toINI {} {
UPower = {
EnableWattsUpPro = cfg.enableWattsUpPro;
NoPollBatteries = cfg.noPollBatteries;
IgnoreLid = cfg.ignoreLid;
UsePercentageForPolicy = cfg.usePercentageForPolicy;
PercentageLow = cfg.percentageLow;
PercentageCritical = cfg.percentageCritical;
PercentageAction = cfg.percentageAction;
TimeLow = cfg.timeLow;
TimeCritical = cfg.timeCritical;
TimeAction = cfg.timeAction;
CriticalPowerAction = cfg.criticalPowerAction;
};
};
};
}

299
nixos/modules/services/logging/awstats.nix
View File

@ -4,31 +4,116 @@ with lib;
let
cfg = config.services.awstats;
httpd = config.services.httpd;
package = pkgs.awstats;
in
configOpts = {name, config, ...}: {
options = {
type = mkOption{
type = types.enum [ "mail" "web" ];
default = "web";
example = "mail";
description = ''
The type of log being collected.
'';
};
domain = mkOption {
type = types.str;
default = name;
description = "The domain name to collect stats for.";
example = "example.com";
};
{
options.services.awstats = {
enable = mkOption {
type = types.bool;
default = cfg.service.enable;
description = ''
Enable the awstats program (but not service).
Currently only simple httpd (Apache) configs are supported,
and awstats plugins may not work correctly.
'';
logFile = mkOption {
type = types.str;
example = "/var/spool/nginx/logs/access.log";
description = ''
The log file to be scanned.
For mail, set this to
<literal>
journalctl $OLD_CURSOR -u postfix.service | ''${pkgs.perl}/bin/perl ''${pkgs.awstats.out}/share/awstats/tools/maillogconvert.pl standard |
</literal>
'';
};
logFormat = mkOption {
type = types.str;
default = "1";
description = ''
The log format being used.
For mail, set this to
<literal>
%time2 %email %email_r %host %host_r %method %url %code %bytesd
</literal>
'';
};
hostAliases = mkOption {
type = types.listOf types.str;
default = [];
example = "[ \"www.example.org\" ]";
description = ''
List of aliases the site has.
'';
};
extraConfig = mkOption {
type = types.attrsOf types.str;
default = {};
example = literalExample ''
{
"ValidHTTPCodes" = "404";
}
'';
};
webService = {
enable = mkEnableOption "awstats web service";
hostname = mkOption {
type = types.str;
default = config.domain;
description = "The hostname the web service appears under.";
};
urlPrefix = mkOption {
type = types.str;
default = "/awstats";
description = "The URL prefix under which the awstats pages appear.";
};
};
};
vardir = mkOption {
};
webServices = filterAttrs (name: value: value.webService.enable) cfg.configs;
in
{
imports = [
(mkRemovedOptionModule [ "services" "awstats" "service" "enable" ] "Please enable per domain with `services.awstats.configs.<name>.webService.enable`")
(mkRemovedOptionModule [ "services" "awstats" "service" "urlPrefix" ] "Please set per domain with `services.awstats.configs.<name>.webService.urlPrefix`")
(mkRenamedOptionModule [ "services" "awstats" "vardir" ] [ "services" "awstats" "dataDir" ])
];
options.services.awstats = {
enable = mkEnableOption "awstats";
dataDir = mkOption {
type = types.path;
default = "/var/lib/awstats";
description = "The directory where variable awstats data will be stored.";
description = "The directory where awstats data will be stored.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration to be appendend to awstats.conf.";
configs = mkOption {
type = types.attrsOf (types.submodule configOpts);
default = {};
example = literalExample ''
{
"mysite" = {
domain = "example.com";
logFile = "/var/spool/nginx/logs/access.log";
};
}
'';
description = "Attribute set of domains to collect stats for.";
};
updateAt = mkOption {
@ -42,75 +127,129 @@ in
<manvolnum>7</manvolnum></citerefentry>)
'';
};
service = {
enable = mkOption {
type = types.bool;
default = false;
description = ''Enable the awstats web service. This switches on httpd.'';
};
urlPrefix = mkOption {
type = types.str;
default = "/awstats";
description = "The URL prefix under which the awstats service appears.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ package.bin ];
/* TODO:
- heed config.services.httpd.logPerVirtualHost, etc.
- Can't AllowToUpdateStatsFromBrowser, as CGI scripts don't have permission
to read the logs, and our httpd config apparently doesn't an option for that.
*/
environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf"
environment.etc = mapAttrs' (name: opts:
nameValuePair "awstats/awstats.${name}.conf" {
source = pkgs.runCommand "awstats.${name}.conf"
{ preferLocalBuild = true; }
( let
logFormat =
if httpd.logFormat == "combined" then "1" else
if httpd.logFormat == "common" then "4" else
throw "awstats service doesn't support Apache log format `${httpd.logFormat}`";
in
(''
sed \
''
# set up mail stats
+ optionalString (opts.type == "mail")
''
-e 's|^\(LogType\)=.*$|\1=M|' \
-e 's|^\(LevelForBrowsersDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForOSDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForRefererAnalyze\)=.*$|\1=0|' \
-e 's|^\(LevelForRobotsDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForSearchEnginesDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForFileTypesDetection\)=.*$|\1=0|' \
-e 's|^\(LevelForWormsDetection\)=.*$|\1=0|' \
-e 's|^\(ShowMenu\)=.*$|\1=1|' \
-e 's|^\(ShowSummary\)=.*$|\1=HB|' \
-e 's|^\(ShowMonthStats\)=.*$|\1=HB|' \
-e 's|^\(ShowDaysOfMonthStats\)=.*$|\1=HB|' \
-e 's|^\(ShowDaysOfWeekStats\)=.*$|\1=HB|' \
-e 's|^\(ShowHoursStats\)=.*$|\1=HB|' \
-e 's|^\(ShowDomainsStats\)=.*$|\1=0|' \
-e 's|^\(ShowHostsStats\)=.*$|\1=HB|' \
-e 's|^\(ShowAuthenticatedUsers\)=.*$|\1=0|' \
-e 's|^\(ShowRobotsStats\)=.*$|\1=0|' \
-e 's|^\(ShowEMailSenders\)=.*$|\1=HBML|' \
-e 's|^\(ShowEMailReceivers\)=.*$|\1=HBML|' \
-e 's|^\(ShowSessionsStats\)=.*$|\1=0|' \
-e 's|^\(ShowPagesStats\)=.*$|\1=0|' \
-e 's|^\(ShowFileTypesStats\)=.*$|\1=0|' \
-e 's|^\(ShowFileSizesStats\)=.*$|\1=0|' \
-e 's|^\(ShowBrowsersStats\)=.*$|\1=0|' \
-e 's|^\(ShowOSStats\)=.*$|\1=0|' \
-e 's|^\(ShowOriginStats\)=.*$|\1=0|' \
-e 's|^\(ShowKeyphrasesStats\)=.*$|\1=0|' \
-e 's|^\(ShowKeywordsStats\)=.*$|\1=0|' \
-e 's|^\(ShowMiscStats\)=.*$|\1=0|' \
-e 's|^\(ShowHTTPErrorsStats\)=.*$|\1=0|' \
-e 's|^\(ShowSMTPErrorsStats\)=.*$|\1=1|' \
''
+
# common options
''
-e 's|^\(DirData\)=.*$|\1="${cfg.dataDir}/${name}"|' \
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
-e 's|^\(SiteDomain\)=.*$|\1="${name}"|' \
-e 's|^\(LogFile\)=.*$|\1="${opts.logFile}"|' \
-e 's|^\(LogFormat\)=.*$|\1="${opts.logFormat}"|' \
''
+
# extra config
concatStringsSep "\n" (mapAttrsToList (n: v: ''
-e 's|^\(${n}\)=.*$|\1="${v}"|' \
'') opts.extraConfig)
+
''
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
'');
}) cfg.configs;
# create data directory with the correct permissions
systemd.tmpfiles.rules =
[ "d '${cfg.dataDir}' 755 root root - -" ] ++
mapAttrsToList (name: opts: "d '${cfg.dataDir}/${name}' 755 root root - -") cfg.configs ++
[ "Z '${cfg.dataDir}' 755 root root - -" ];
# nginx options
services.nginx.virtualHosts = mapAttrs'(name: opts: {
name = opts.webService.hostname;
value = {
locations = {
"${opts.webService.urlPrefix}/css/" = {
alias = "${package.out}/wwwroot/css/";
};
"${opts.webService.urlPrefix}/icons/" = {
alias = "${package.out}/wwwroot/icon/";
};
"${opts.webService.urlPrefix}/" = {
alias = "${cfg.dataDir}/${name}/";
extraConfig = ''
autoindex on;
'';
};
};
};
}) webServices;
# update awstats
systemd.services = mkIf (cfg.updateAt != null) (mapAttrs' (name: opts:
nameValuePair "awstats-${name}-update" {
description = "update awstats for ${name}";
script = optionalString (opts.type == "mail")
''
sed \
-e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
-e 's|^\(SiteDomain\)=.*$|\1="${httpd.hostName}"|' \
-e 's|^\(LogFile\)=.*$|\1="${httpd.logDir}/access_log"|' \
-e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
echo '${cfg.extraConfig}' >> "$out"
'');
systemd.tmpfiles.rules = optionals cfg.service.enable [
"d '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
"Z '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
];
# The httpd sub-service showing awstats.
services.httpd = optionalAttrs cfg.service.enable {
enable = true;
extraConfig = ''
Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/"
Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/"
Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/"
ScriptAlias ${cfg.service.urlPrefix}/ "${package.out}/wwwroot/cgi-bin/"
<Directory "${package.out}/wwwroot">
Options None
Require all granted
</Directory>
'';
};
systemd.services.awstats-update = mkIf (cfg.updateAt != null) {
description = "awstats log collector";
script = "exec '${package.bin}/bin/awstats' -update -config=awstats.conf";
startAt = cfg.updateAt;
};
if [[ -f "${cfg.dataDir}/${name}-cursor" ]]; then
CURSOR="$(cat "${cfg.dataDir}/${name}-cursor" | tr -d '\n')"
if [[ -n "$CURSOR" ]]; then
echo "Using cursor: $CURSOR"
export OLD_CURSOR="--cursor $CURSOR"
fi
fi
NEW_CURSOR="$(journalctl $OLD_CURSOR -u postfix.service --show-cursor | tail -n 1 | tr -d '\n' | sed -e 's#^-- cursor: \(.*\)#\1#')"
echo "New cursor: $NEW_CURSOR"
${package.bin}/bin/awstats -update -config=${name}
if [ -n "$NEW_CURSOR" ]; then
echo -n "$NEW_CURSOR" > ${cfg.dataDir}/${name}-cursor
fi
'' + ''
${package.out}/share/awstats/tools/awstats_buildstaticpages.pl \
-config=${name} -update -dir=${cfg.dataDir}/${name} \
-awstatsprog=${package.bin}/bin/awstats
'';
startAt = cfg.updateAt;
}) cfg.configs);
};
}

5
nixos/modules/services/logging/logstash.nix
View File

@ -37,6 +37,11 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRemovedOptionModule [ "services" "logstash" "enableWeb" ] "The web interface was removed from logstash")
];
###### interface
options = {

4
nixos/modules/services/logging/syslog-ng.nix
View File

@ -25,6 +25,10 @@ let
];
in {
imports = [
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ] "")
];
options = {

5
nixos/modules/services/mail/dovecot.nix
View File

@ -86,7 +86,7 @@ let
}
plugin {
quota_rule = *:storage=${cfg.quotaGlobalPerUser}
quota_rule = *:storage=${cfg.quotaGlobalPerUser}
quota = maildir:User quota # per virtual mail user quota # BUG/FIXME broken, we couldn't get this working
quota_status_success = DUNNO
quota_status_nouser = DUNNO
@ -133,6 +133,9 @@ let
};
in
{
imports = [
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
];
options.services.dovecot2 = {
enable = mkEnableOption "Dovecot 2.x POP3/IMAP server";

3
nixos/modules/services/mail/opendkim.nix
View File

@ -18,6 +18,9 @@ let
] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ];
in {
imports = [
(mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ])
];
###### interface

11
nixos/modules/services/mail/postgrey.nix
View File

@ -42,6 +42,17 @@ with lib; let
};
in {
imports = [
(mkMergedOptionModule [ [ "services" "postgrey" "inetAddr" ] [ "services" "postgrey" "inetPort" ] ] [ "services" "postgrey" "socket" ] (config: let
value = p: getAttrFromPath p config;
inetAddr = [ "services" "postgrey" "inetAddr" ];
inetPort = [ "services" "postgrey" "inetPort" ];
in
if value inetAddr == null
then { path = "/run/postgrey.sock"; }
else { addr = value inetAddr; port = value inetPort; }
))
];
options = {
services.postgrey = with types; {

2
nixos/modules/services/mail/rspamd.nix
View File

@ -220,7 +220,6 @@ let
in
{
###### interface
options = {
@ -414,5 +413,6 @@ in
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
(mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service")
];
}

2
nixos/modules/services/misc/apache-kafka.nix
View File

@ -131,7 +131,7 @@ in {
home = head cfg.logDirs;
};
systemd.tmpfiles.rules = map (logDir: "d '${logDir} 0700 apache-kafka - - -") cfg.logDirs;
systemd.tmpfiles.rules = map (logDir: "d '${logDir}' 0700 apache-kafka - - -") cfg.logDirs;
systemd.services.apache-kafka = {
description = "Apache Kafka Daemon";

5
nixos/modules/services/misc/gitea.nix
View File

@ -396,9 +396,7 @@ in
Restart = "always";
# Filesystem
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
@ -413,7 +411,7 @@ in
PrivateMounts = true;
PrivateUsers = true;
MemoryDenyWriteExecute = true;
SystemCallFilter = "~@chown @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
};
@ -475,4 +473,5 @@ in
timerConfig.OnCalendar = cfg.dump.interval;
};
};
meta.maintainers = with lib.maintainers; [ srhb ];
}

5
nixos/modules/services/misc/gitlab.nix
View File

@ -189,6 +189,11 @@ let
in {
imports = [
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "")
];
options = {
services.gitlab = {
enable = mkOption {

67
nixos/modules/services/misc/mame.nix Normal file
View File

@ -0,0 +1,67 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mame;
mame = "mame${lib.optionalString pkgs.stdenv.is64bit "64"}";
in
{
options = {
services.mame = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to setup TUN/TAP Ethernet interface for MAME emulator.
'';
};
user = mkOption {
type = types.str;
description = ''
User from which you run MAME binary.
'';
};
hostAddr = mkOption {
type = types.str;
description = ''
IP address of the host system. Usually an address of the main network
adapter or the adapter through which you get an internet connection.
'';
example = "192.168.31.156";
};
emuAddr = mkOption {
type = types.str;
description = ''
IP address of the guest system. The same you set inside guest OS under
MAME. Should be on the same subnet as <option>services.mame.hostAddr</option>.
'';
example = "192.168.31.155";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.mame ];
security.wrappers."${mame}" = {
source = "${pkgs.mame}/bin/${mame}";
capabilities = "cap_net_admin,cap_net_raw+eip";
};
systemd.services.mame = {
description = "MAME TUN/TAP Ethernet interface";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.iproute ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.mame}/bin/taputil.sh -c ${cfg.user} ${cfg.emuAddr} ${cfg.hostAddr} -";
ExecStop = "${pkgs.mame}/bin/taputil.sh -d ${cfg.user}";
};
};
};
meta.maintainers = with lib.maintainers; [ gnidorah ];
}

31
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -671,43 +671,30 @@ in {
gid = config.ids.gids.matrix-synapse;
} ];
services.postgresql.enable = mkIf usePostgresql (mkDefault true);
services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
enable = mkDefault true;
ensureDatabases = [ cfg.database_name ];
ensureUsers = [{
name = cfg.database_user;
ensurePermissions = { "DATABASE \"${cfg.database_name}\"" = "ALL PRIVILEGES"; };
}];
};
systemd.services.matrix-synapse = {
description = "Synapse Matrix homeserver";
after = [ "network.target" "postgresql.service" ];
after = [ "network.target" ] ++ lib.optional config.services.postgresql.enable "postgresql.service" ;
wantedBy = [ "multi-user.target" ];
preStart = ''
${cfg.package}/bin/homeserver \
--config-path ${configFile} \
--keys-directory ${cfg.dataDir} \
--generate-keys
'' + optionalString (usePostgresql && cfg.create_local_database) ''
if ! test -e "${cfg.dataDir}/db-created"; then
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createuser \
--login \
--no-createdb \
--no-createrole \
--encrypted \
${cfg.database_user}
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database_user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database_name}
touch "${cfg.dataDir}/db-created"
fi
'';
serviceConfig = {
Type = "notify";
User = "matrix-synapse";
Group = "matrix-synapse";
WorkingDirectory = cfg.dataDir;
PermissionsStartOnly = true;
ExecStart = ''
${cfg.package}/bin/homeserver \
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }

4
nixos/modules/services/misc/nix-daemon.nix
View File

@ -68,6 +68,10 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
];
###### interface

6
nixos/modules/services/misc/nzbget.nix
View File

@ -27,6 +27,12 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "services" "misc" "nzbget" "configFile" ] "The configuration of nzbget is now managed by users through the web interface.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "dataDir" ] "The data directory for nzbget is now /var/lib/nzbget.")
(mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.")
];
# interface
options = {

4
nixos/modules/services/misc/parsoid.nix
View File

@ -26,6 +26,10 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] "Use services.parsoid.wikis instead")
];
##### interface
options = {

4
nixos/modules/services/misc/pykms.nix
View File

@ -9,6 +9,10 @@ let
in {
meta.maintainers = with lib.maintainers; [ peterhoeg ];
imports = [
(mkRemovedOptionModule [ "services" "pykms" "verbose" ] "Use services.pykms.logLevel instead")
];
options = {
services.pykms = {
enable = mkOption {

4
nixos/modules/services/misc/tautulli.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.services.tautulli;
in
{
imports = [
(mkRenamedOptionModule [ "services" "plexpy" ] [ "services" "tautulli" ])
];
options = {
services.tautulli = {
enable = mkEnableOption "Tautulli Plex Monitor";

9
nixos/modules/services/monitoring/prometheus/alertmanager.nix
View File

@ -27,6 +27,15 @@ let
"--log.format ${cfg.logFormat}"
);
in {
imports = [
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanagerURL" ] ''
Due to incompatibility, the alertmanagerURL option has been removed,
please use 'services.prometheus2.alertmanagers' instead.
'')
];
options = {
services.prometheus.alertmanager = {
enable = mkEnableOption "Prometheus Alertmanager";

Some files were not shown because too many files have changed in this diff Show More