Merge branch 'staging' into staging-next

This commit is contained in:
Vladimír Čunát 2019-09-03 09:01:51 +02:00
commit 2c5835b09a
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
2590 changed files with 9545 additions and 6708 deletions

View File

@ -14,10 +14,10 @@ let
builtins.map
(subsetname: {
subsetname = subsetname;
functions = libDefPos toplib."${subsetname}";
functions = libDefPos toplib.${subsetname};
})
(builtins.filter
(name: builtins.isAttrs toplib."${name}")
(name: builtins.isAttrs toplib.${name})
(builtins.attrNames toplib));
nixpkgsLib = pkgs.lib;

View File

@ -47,7 +47,7 @@ rec {
/* `makeOverridable` takes a function from attribute set to attribute set and
injects `override` attibute which can be used to override arguments of
injects `override` attribute which can be used to override arguments of
the function.
nix-repl> x = {a, b}: { result = a + b; }

View File

@ -24,7 +24,7 @@ rec {
let arg = (merger init (defaultMergeArg init x));
# now add the function with composed args already applied to the final attrs
base = (setAttrMerge "passthru" {} (f arg)
( z: z // rec {
( z: z // {
function = foldArgs merger f arg;
args = (lib.attrByPath ["passthru" "args"] {} z) // x;
} ));

View File

@ -1,7 +1,7 @@
{ lib, version }:
with lib;
rec {
{
# Common patterns/legacy
whenAtLeast = ver: mkIf (versionAtLeast version ver);
whenOlder = ver: mkIf (versionOlder version ver);

View File

@ -7,7 +7,7 @@ let
in
lib.mapAttrs (n: v: v // { shortName = n; }) rec {
lib.mapAttrs (n: v: v // { shortName = n; }) {
/* License identifiers from spdx.org where possible.
* If you cannot find your license here, then look for a similar license or
* add it to this list. The URL mentioned above is a good source for inspiration.

View File

@ -459,11 +459,11 @@ rec {
if length list < 2
then # finish
{ result = list; }
else if dfsthis ? "cycle"
else if dfsthis ? cycle
then # there's a cycle, starting from the current vertex, return it
{ cycle = reverseList ([ dfsthis.cycle ] ++ dfsthis.visited);
inherit (dfsthis) loops; }
else if toporest ? "cycle"
else if toporest ? cycle
then # there's a cycle somewhere else in the graph, return it
toporest
# Slow, but short. Can be made a bit faster with an explicit stack.

View File

@ -58,13 +58,13 @@ rec {
uname = {
# uname -s
system = {
"linux" = "Linux";
"windows" = "Windows";
"darwin" = "Darwin";
"netbsd" = "NetBSD";
"freebsd" = "FreeBSD";
"openbsd" = "OpenBSD";
"wasi" = "Wasi";
linux = "Linux";
windows = "Windows";
darwin = "Darwin";
netbsd = "NetBSD";
freebsd = "FreeBSD";
openbsd = "OpenBSD";
wasi = "Wasi";
}.${final.parsed.kernel.name} or null;
# uname -p
@ -86,10 +86,10 @@ rec {
else if final.isx86_64 then "x86_64"
else if final.isx86 then "i386"
else {
"powerpc" = "ppc";
"powerpcle" = "ppc";
"powerpc64" = "ppc64";
"powerpc64le" = "ppc64le";
powerpc = "ppc";
powerpcle = "ppc";
powerpc64 = "ppc64";
powerpc64le = "ppc64le";
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
emulator = pkgs: let

View File

@ -33,7 +33,7 @@ let
filterDoubles = f: map parse.doubleFromSystem (lists.filter f allParsed);
in rec {
in {
inherit all;
none = [];

View File

@ -24,27 +24,27 @@ rec {
platform = platforms.powernv;
};
sheevaplug = rec {
sheevaplug = {
config = "armv5tel-unknown-linux-gnueabi";
platform = platforms.sheevaplug;
};
raspberryPi = rec {
raspberryPi = {
config = "armv6l-unknown-linux-gnueabihf";
platform = platforms.raspberrypi;
};
armv7l-hf-multiplatform = rec {
armv7l-hf-multiplatform = {
config = "armv7l-unknown-linux-gnueabihf";
platform = platforms.armv7l-hf-multiplatform;
};
aarch64-multiplatform = rec {
aarch64-multiplatform = {
config = "aarch64-unknown-linux-gnu";
platform = platforms.aarch64-multiplatform;
};
armv7a-android-prebuilt = rec {
armv7a-android-prebuilt = {
config = "armv7a-unknown-linux-androideabi";
sdkVer = "24";
ndkVer = "18b";
@ -52,7 +52,7 @@ rec {
useAndroidPrebuilt = true;
};
aarch64-android-prebuilt = rec {
aarch64-android-prebuilt = {
config = "aarch64-unknown-linux-android";
sdkVer = "24";
ndkVer = "18b";
@ -65,17 +65,17 @@ rec {
inherit (platform.gcc) fpu;
};
pogoplug4 = rec {
pogoplug4 = {
config = "armv5tel-unknown-linux-gnueabi";
platform = platforms.pogoplug4;
};
ben-nanonote = rec {
ben-nanonote = {
config = "mipsel-unknown-linux-uclibc";
platform = platforms.ben_nanonote;
};
fuloongminipc = rec {
fuloongminipc = {
config = "mipsel-unknown-linux-gnu";
platform = platforms.fuloong2f_n32;
};
@ -236,4 +236,9 @@ rec {
useLLVM = true;
};
# Ghcjs
ghcjs = {
config = "js-unknown-ghcjs";
platform = {};
};
}

View File

@ -12,7 +12,7 @@ rec {
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
isPowerPC = { cpu = cpuTypes.powerpc; };
isPower = { cpu = { family = "power"; }; };
isPower = { cpu = { family = "power"; }; };
isx86 = { cpu = { family = "x86"; }; };
isAarch32 = { cpu = { family = "arm"; bits = 32; }; };
isAarch64 = { cpu = { family = "arm"; bits = 64; }; };
@ -23,6 +23,7 @@ rec {
isMsp430 = { cpu = { family = "msp430"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isJavaScript = { cpu = cpuTypes.js; };
is32bit = { cpu = { bits = 32; }; };
is64bit = { cpu = { bits = 64; }; };
@ -44,6 +45,7 @@ rec {
isCygwin = { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
isWasi = { kernel = kernels.wasi; };
isGhcjs = { kernel = kernels.ghcjs; };
isNone = { kernel = kernels.none; };
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];

View File

@ -106,11 +106,13 @@ rec {
wasm32 = { bits = 32; significantByte = littleEndian; family = "wasm"; };
wasm64 = { bits = 64; significantByte = littleEndian; family = "wasm"; };
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};
# Determine where two CPUs are compatible with each other. That is,
@ -271,6 +273,7 @@ rec {
solaris = { execFormat = elf; families = { }; };
wasi = { execFormat = wasm; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
} // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
@ -384,6 +387,8 @@ rec {
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "ghcjs")
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}
@ -403,7 +408,7 @@ rec {
getKernel = name: kernels.${name} or (throw "Unknown kernel: ${name}");
getAbi = name: abis.${name} or (throw "Unknown ABI: ${name}");
parsed = rec {
parsed = {
cpu = getCpu args.cpu;
vendor =
/**/ if args ? vendor then getVendor args.vendor

View File

@ -456,16 +456,16 @@ rec {
};
selectBySystem = system: {
"i486-linux" = pc32;
"i586-linux" = pc32;
"i686-linux" = pc32;
"x86_64-linux" = pc64;
"armv5tel-linux" = sheevaplug;
"armv6l-linux" = raspberrypi;
"armv7a-linux" = armv7l-hf-multiplatform;
"armv7l-linux" = armv7l-hf-multiplatform;
"aarch64-linux" = aarch64-multiplatform;
"mipsel-linux" = fuloong2f_n32;
"powerpc64le-linux" = powernv;
i486-linux = pc32;
i586-linux = pc32;
i686-linux = pc32;
x86_64-linux = pc64;
armv5tel-linux = sheevaplug;
armv6l-linux = raspberrypi;
armv7a-linux = armv7l-hf-multiplatform;
armv7l-linux = armv7l-hf-multiplatform;
aarch64-linux = aarch64-multiplatform;
mipsel-linux = fuloong2f_n32;
powerpc64le-linux = powernv;
}.${system} or pcBase;
}

View File

@ -42,7 +42,7 @@ rec {
# Default type functor
defaultFunctor = name: {
inherit name;
type = types."${name}" or null;
type = types.${name} or null;
wrapped = null;
payload = null;
binOp = a: b: null;
@ -107,7 +107,7 @@ rec {
merge = mergeEqualOption;
};
int = mkOptionType rec {
int = mkOptionType {
name = "int";
description = "signed integer";
check = isInt;
@ -136,7 +136,7 @@ rec {
sign = bit: range: ign (0 - (range / 2)) (range / 2 - 1)
"signedInt${toString bit}" "${toString bit} bit signed integer";
in rec {
in {
/* An int with a fixed range.
*
* Example:
@ -172,7 +172,7 @@ rec {
# Alias of u16 for a port number
port = ints.u16;
float = mkOptionType rec {
float = mkOptionType {
name = "float";
description = "floating point number";
check = isFloat;
@ -217,7 +217,8 @@ rec {
# Deprecated; should not be used because it quietly concatenates
# strings, which is usually not what you want.
string = separatedString "";
string = warn "types.string is deprecated because it quietly concatenates strings"
(separatedString "");
attrs = mkOptionType {
name = "attrs";

View File

@ -7,7 +7,7 @@ let
in
rec {
{
/* Get the major version string from a string.

View File

@ -2091,7 +2091,7 @@
githubId = 2817965;
name = "f--t";
};
f-breidenstein = {
fleaz = {
email = "mail@felixbreidenstein.de";
github = "fleaz";
githubId = 2489598;
@ -5095,6 +5095,12 @@
githubId = 9568176;
name = "Piotr Halama";
};
puckipedia = {
email = "puck@puckipedia.com";
github = "puckipedia";
githubId = 488734;
name = "Puck Meerburg";
};
puffnfresh = {
email = "brian@brianmckenna.org";
github = "puffnfresh";

View File

@ -16,6 +16,6 @@
On images where the installation media also becomes an installation target,
copying over <literal>configuration.nix</literal> should be disabled by
setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
This is already done in <literal>sd-image.nix</literal>.
For example, this is done in <literal>sd-image-aarch64.nix</literal>.
</para>
</section>

View File

@ -57,6 +57,64 @@
and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
</para>
</listitem>
<listitem>
<para>
The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages
like games.
<itemizedlist>
<para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para>
<listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem>
</itemizedlist>
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually
disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications.
<option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option>
in the GNOME 3 module.
</para>
</listitem>
<listitem>
<para>
Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications
to match as close as possible to a default reference GNOME 3 experience.
</para>
<bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead>
<itemizedlist>
<title>Applications removed from defaults:</title>
<listitem><para><literal>accerciser</literal></para></listitem>
<listitem><para><literal>dconf-editor</literal></para></listitem>
<listitem><para><literal>evolution</literal></para></listitem>
<listitem><para><literal>gnome-documents</literal></para></listitem>
<listitem><para><literal>gnome-nettool</literal></para></listitem>
<listitem><para><literal>gnome-power-manager</literal></para></listitem>
<listitem><para><literal>gnome-todo</literal></para></listitem>
<listitem><para><literal>gnome-tweaks</literal></para></listitem>
<listitem><para><literal>gnome-usage</literal></para></listitem>
<listitem><para><literal>gucharmap</literal></para></listitem>
<listitem><para><literal>nautilus-sendto</literal></para></listitem>
<listitem><para><literal>vinagre</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<title>Applications added to defaults:</title>
<listitem><para><literal>cheese</literal></para></listitem>
<listitem><para><literal>geary</literal></para></listitem>
</itemizedlist>
<bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead>
<itemizedlist>
<title>Applications added to defaults:</title>
<listitem><para><literal>gnome-color-manager</literal></para></listitem>
<listitem><para><literal>orca</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<title>Services enabled:</title>
<listitem><para><option>services.avahi.enable</option></para></listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
@ -348,6 +406,12 @@
What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
</para>
</listitem>
<listitem>
<para>
<option>services.xserver.desktopManager.xterm</option> is now disabled by default.
It was not useful except for debugging purposes and was confusingly set as default in some circumstances.
</para>
</listitem>
</itemizedlist>
</section>
@ -547,8 +611,8 @@
</para>
</listitem>
</itemizedlist>
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
and restricts the SysRq key combinations to the sync command only.
These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
(which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
@ -591,6 +655,51 @@
The defaults from fontconfig are sufficient.
</para>
</listitem>
<listitem>
<para>
The <literal>crashplan</literal> package and the
<literal>crashplan</literal> service have been removed from nixpkgs due to
crashplan shutting down the service, while the <literal>crashplansb</literal>
package and <literal>crashplan-small-business</literal> service have been
removed from nixpkgs due to lack of maintainer.
</para>
<para>
The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user,
<filename class="directory">/run/redis</filename> as runtime directory and
<filename class="directory">/var/lib/redis</filename> as state directory.
Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
</para>
</listitem>
<listitem>
<para>
Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>.
<itemizedlist>
<para>Users of the following options will have this enabled by default:</para>
<listitem>
<para><option>services.xserver.enable</option></para>
</listitem>
<listitem>
<para><option>programs.sway.enable</option></para>
</listitem>
<listitem>
<para><option>programs.way-cooler.enable</option></para>
</listitem>
<listitem>
<para><option>services.xrdp.enable</option></para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <literal>altcoins</literal> categorization of packages has
been removed. You now access these packages at the top level,
ie. <literal>nix-shell -p dogecoin</literal> instead of
<literal>nix-shell -p altcoins.dogecoin</literal>, etc.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View File

@ -126,7 +126,7 @@ let
}
'';
in rec {
in {
inherit optionsNix;
optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix);

View File

@ -17,9 +17,9 @@ in
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
qemuBinary = qemuPkg: {
"x86_64-linux" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
"armv7l-linux" = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
"aarch64-linux" = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
"x86_64-darwin" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
}.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm";
}

View File

@ -1,6 +1,6 @@
pkgs: with pkgs.lib;
rec {
{
# Check whenever fileSystem is needed for boot
fsNeededForBoot = fs: fs.neededForBoot

View File

@ -35,8 +35,8 @@ let
then "fontconfig"
else "fontconfig_${version}";
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
cache = makeCache pkgs."${fcPackage}";
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
cache = makeCache pkgs.${fcPackage};
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
in
pkgs.writeText "fc-00-nixos-cache.conf" ''
<?xml version='1.0'?>

View File

@ -79,7 +79,7 @@ in
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
fonts.fontconfig.confPackages = [ confPkg ];
environment.variables."INFINALITY_FT" = cfg.preset;
environment.variables.INFINALITY_FT = cfg.preset;
};

View File

@ -116,7 +116,7 @@ let
defaultFontsConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
<alias binding="same">
<family>${name}</family>
<prefer>
${concatStringsSep ""
@ -139,6 +139,8 @@ let
${genDefault cfg.defaultFonts.monospace "monospace"}
${genDefault cfg.defaultFonts.emoji "emoji"}
</fontconfig>
'';
@ -344,6 +346,21 @@ in
in case multiple languages must be supported.
'';
};
emoji = mkOption {
type = types.listOf types.str;
default = ["Noto Color Emoji"];
description = ''
System-wide default emoji font(s). Multiple fonts may be listed
in case a font does not support all emoji.
Note that fontconfig matches color emoji fonts preferentially,
so if you want to use a black and white font while having
a color font installed (eg. Noto Color Emoji installed alongside
Noto Emoji), fontconfig will still choose the color font even
when it is later in the list.
'';
};
};
hinting = {

View File

@ -43,6 +43,7 @@ with lib;
pkgs.xorg.fontmiscmisc
pkgs.xorg.fontcursormisc
pkgs.unifont
pkgs.noto-fonts-emoji
];
};

View File

@ -15,7 +15,7 @@ let
realms = optionalAttrs (lib.all (value: value != null) [
cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
]) {
"${cfg.defaultRealm}" = {
${cfg.defaultRealm} = {
kdc = cfg.kdc;
admin_server = cfg.kerberosAdminServer;
};
@ -25,7 +25,7 @@ let
cfg.domainRealm cfg.defaultRealm
]) {
".${cfg.domainRealm}" = cfg.defaultRealm;
"${cfg.domainRealm}" = cfg.defaultRealm;
${cfg.domainRealm} = cfg.defaultRealm;
};
};

View File

@ -6,7 +6,7 @@ let
# The set of alternative malloc(3) providers.
providers = {
"graphene-hardened" = rec {
graphene-hardened = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = ''
An allocator designed to mitigate memory corruption attacks, such as
@ -14,7 +14,7 @@ let
'';
};
"jemalloc" = {
jemalloc = {
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
description = ''
A general purpose allocator that emphasizes fragmentation avoidance
@ -22,7 +22,7 @@ let
'';
};
"scudo" = {
scudo = {
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
@ -32,7 +32,7 @@ let
};
};
providerConf = providers."${cfg.provider}";
providerConf = providers.${cfg.provider};
# An output that contains only the shared library, to avoid
# needlessly bloating the system closure

View File

@ -171,13 +171,13 @@ in
environment.etc =
{ # /etc/services: TCP/UDP port assignments.
"services".source = pkgs.iana-etc + "/etc/services";
services.source = pkgs.iana-etc + "/etc/services";
# /etc/protocols: IP protocol numbers.
"protocols".source = pkgs.iana-etc + "/etc/protocols";
protocols.source = pkgs.iana-etc + "/etc/protocols";
# /etc/hosts: Hostname-to-IP mappings.
"hosts".text = let
hosts.text = let
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
in ''
@ -190,7 +190,7 @@ in
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
# /etc/rpc: RPC program numbers.
"rpc".source = pkgs.glibc.out + "/etc/rpc";
rpc.source = pkgs.glibc.out + "/etc/rpc";
};
networking.proxy.envVars =

View File

@ -78,7 +78,7 @@ in
};
# Service executed before suspending/hibernating.
systemd.services."pre-sleep" =
systemd.services.pre-sleep =
{ description = "Pre-Sleep Actions";
wantedBy = [ "sleep.target" ];
before = [ "sleep.target" ];
@ -89,7 +89,7 @@ in
serviceConfig.Type = "oneshot";
};
systemd.services."post-resume" =
systemd.services.post-resume =
{ description = "Post-Resume Actions";
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
script =

View File

@ -163,7 +163,7 @@ in
l = "ls -alh";
};
environment.etc."shells".text =
environment.etc.shells.text =
''
${concatStringsSep "\n" (map utils.toShellPath cfg.shells)}
/bin/sh
@ -171,7 +171,7 @@ in
# For resetting environment with `. /etc/set-environment` when needed
# and discoverability (see motivation of #30418).
environment.etc."set-environment".source = config.system.build.setEnvironment;
environment.etc.set-environment.source = config.system.build.setEnvironment;
system.build.setEnvironment = pkgs.writeText "set-environment"
''

View File

@ -8,7 +8,7 @@
"/share/terminfo"
];
environment.etc."terminfo" = {
environment.etc.terminfo = {
source = "${config.system.path}/share/terminfo";
};

View File

@ -181,7 +181,7 @@ let
};
hashedPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the hashed password for the user.
@ -191,7 +191,7 @@ let
};
password = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the (clear text) password for the user.
@ -203,7 +203,7 @@ let
};
passwordFile = mkOption {
type = with types; uniq (nullOr string);
type = with types; nullOr str;
default = null;
description = ''
The full path to a file that contains the user's password. The password
@ -215,7 +215,7 @@ let
};
initialHashedPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the initial hashed password for the user, i.e. the
@ -230,7 +230,7 @@ let
};
initialPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the initial password for the user, i.e. the
@ -304,7 +304,7 @@ let
};
members = mkOption {
type = with types; listOf string;
type = with types; listOf str;
default = [];
description = ''
The user names of the group members, added to the
@ -546,11 +546,11 @@ in {
environment.systemPackages = systemShells;
environment.etc = {
"subuid" = {
subuid = {
text = subuidFile;
mode = "0644";
};
"subgid" = {
subgid = {
text = subgidFile;
mode = "0644";
};

View File

@ -36,6 +36,6 @@ in
{ inherit (cfg) group; }
))
];
users.groups."${cfg.group}" = {};
users.groups.${cfg.group} = {};
};
}

View File

@ -33,7 +33,7 @@ in
boot.blacklistedKernelModules = [ "radeon" ];
environment.etc."ati".source = "${ati_x11}/etc/ati";
environment.etc.ati.source = "${ati_x11}/etc/ati";
};

View File

@ -88,7 +88,7 @@ in
};
hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
default = "";
example = "PCI:1:0:0";
description = ''
@ -98,7 +98,7 @@ in
};
hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
default = "";
example = "PCI:0:2:0";
description = ''

View File

@ -59,4 +59,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View File

@ -56,4 +56,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View File

@ -45,4 +45,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

View File

@ -54,7 +54,7 @@ in
};
firmwarePartitionID = mkOption {
type = types.string;
type = types.str;
default = "0x2178694e";
description = ''
Volume ID for the /boot/firmware partition on the SD card. This value
@ -63,7 +63,7 @@ in
};
rootPartitionUUID = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = ''
@ -194,9 +194,5 @@ in
rm -f /nix-path-registration
fi
'';
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
};
}

View File

@ -129,7 +129,7 @@ in
];
nixpkgs.config = {
packageOverrides = p: rec {
packageOverrides = p: {
linux_3_4 = p.linux_3_4.override {
extraConfig = ''
# Enable drivers in kernel for most NICs.

View File

@ -18,7 +18,7 @@ with lib;
};
config = rec {
config = {
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;

View File

@ -85,7 +85,7 @@ in
# Generate /etc/os-release. See
# https://www.freedesktop.org/software/systemd/man/os-release.html for the
# format.
environment.etc."os-release".text =
environment.etc.os-release.text =
''
NAME=NixOS
ID=nixos

View File

@ -138,6 +138,7 @@
./programs/qt5ct.nix
./programs/screen.nix
./programs/sedutil.nix
./programs/seahorse.nix
./programs/slock.nix
./programs/shadow.nix
./programs/shell.nix
@ -216,8 +217,6 @@
./services/backup/bacula.nix
./services/backup/borgbackup.nix
./services/backup/duplicati.nix
./services/backup/crashplan.nix
./services/backup/crashplan-small-business.nix
./services/backup/duplicity.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
@ -303,7 +302,6 @@
./services/desktops/gnome3/gnome-settings-daemon.nix
./services/desktops/gnome3/gnome-user-share.nix
./services/desktops/gnome3/rygel.nix
./services/desktops/gnome3/seahorse.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/gnome3/tracker.nix
./services/desktops/gnome3/tracker-miners.nix

View File

@ -30,7 +30,7 @@ in
};
config = mkIf (cfg.settings != {}) {
environment.etc."atoprc".text =
environment.etc.atoprc.text =
concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
};
}

View File

@ -159,7 +159,7 @@ in
};
environment.etc."profile".text =
environment.etc.profile.text =
''
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
@ -184,7 +184,7 @@ in
fi
'';
environment.etc."bashrc".text =
environment.etc.bashrc.text =
''
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
@ -212,7 +212,7 @@ in
# Configuration for readline in bash. We use "option default"
# priority to allow user override using both .text and .source.
environment.etc."inputrc".source = mkOptionDefault ./inputrc;
environment.etc.inputrc.source = mkOptionDefault ./inputrc;
users.defaultUserShell = mkDefault pkgs.bashInteractive;

View File

@ -5,7 +5,7 @@ with lib;
let
cfg = config.programs.firejail;
wrappedBins = pkgs.stdenv.mkDerivation rec {
wrappedBins = pkgs.stdenv.mkDerivation {
name = "firejail-wrapped-binaries";
nativeBuildInputs = with pkgs; [ makeWrapper ];
buildCommand = ''

View File

@ -54,8 +54,8 @@ in
type = types.attrsOf types.str;
default = {};
example = {
"h" = "noaction 5\e(";
"l" = "noaction 5\e)";
h = "noaction 5\e(";
l = "noaction 5\e)";
};
description = "Defines new command keys.";
};
@ -74,7 +74,7 @@ in
type = types.attrsOf types.str;
default = {};
example = {
"\e" = "abort";
e = "abort";
};
description = "Defines new line-editing keys.";
};
@ -111,11 +111,11 @@ in
environment.systemPackages = [ pkgs.less ];
environment.variables = {
"LESSKEY_SYSTEM" = toString lessKey;
LESSKEY_SYSTEM = toString lessKey;
} // optionalAttrs (cfg.lessopen != null) {
"LESSOPEN" = cfg.lessopen;
LESSOPEN = cfg.lessopen;
} // optionalAttrs (cfg.lessclose != null) {
"LESSCLOSE" = cfg.lessclose;
LESSCLOSE = cfg.lessclose;
};
warnings = optional (

View File

@ -35,7 +35,7 @@ in
###### implementation
config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
environment.etc."nanorc".text = lib.concatStrings [ cfg.nanorc
environment.etc.nanorc.text = lib.concatStrings [ cfg.nanorc
(lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
};

View File

@ -36,7 +36,7 @@ in
###### implementation
config = lib.mkIf cfg.enable {
environment.etc."npmrc".text = cfg.npmrc;
environment.etc.npmrc.text = cfg.npmrc;
environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";

View File

@ -24,7 +24,7 @@ in
###### implementation
config = mkIf (cfg.screenrc != "") {
environment.etc."screenrc".text = cfg.screenrc;
environment.etc.screenrc.text = cfg.screenrc;
environment.systemPackages = [ pkgs.screen ];
};

View File

@ -0,0 +1,44 @@
# Seahorse.
{ config, pkgs, lib, ... }:
with lib;
{
# Added 2019-08-27
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "seahorse" "enable" ]
[ "programs" "seahorse" "enable" ])
];
###### interface
options = {
programs.seahorse = {
enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring";
};
};
###### implementation
config = mkIf config.programs.seahorse.enable {
environment.systemPackages = [
pkgs.gnome3.seahorse
];
services.dbus.packages = [
pkgs.gnome3.seahorse
];
};
}

View File

@ -17,7 +17,7 @@ in
alias = mkOption {
default = "fuck";
type = types.string;
type = types.str;
description = ''
`thefuck` needs an alias to be configured.

View File

@ -61,7 +61,7 @@ in
description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.";
example = {
"projname" = {
projname = {
id = 50;
path = "/xfsprojects/projname";
sizeHardLimit = "50g";

View File

@ -45,7 +45,7 @@ in
config = mkIf cfg.enable {
environment.etc."xonshrc".text = cfg.config;
environment.etc.xonshrc.text = cfg.config;
environment.systemPackages = [ cfg.package ];

View File

@ -12,7 +12,7 @@ in
lockerCommand = mkOption {
default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
type = types.string;
type = types.separatedString " ";
description = "Locker to be used with xsslock";
};

View File

@ -76,7 +76,7 @@ in
font = mkOption {
default = "sans bold 9";
example = "Droid Sans, FontAwesome Bold 9";
type = types.string;
type = types.str;
description = ''
The font that will be used to draw the status bar.
@ -95,7 +95,7 @@ in
extra = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
description = ''
An attribute set which contains further attributes of a bar.
@ -107,7 +107,7 @@ in
type = types.attrsOf(types.submodule {
options.exec = mkOption {
example = "YABAR_DATE";
type = types.string;
type = types.str;
description = ''
The type of the indicator to be executed.
'';
@ -125,7 +125,7 @@ in
options.extra = mkOption {
default = {};
type = types.attrsOf (types.either types.string types.int);
type = types.attrsOf (types.either types.str types.int);
description = ''
An attribute set which contains further attributes of a indicator.

View File

@ -33,7 +33,7 @@ in
patterns = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
example = literalExample ''
{
@ -50,7 +50,7 @@ in
};
styles = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
example = literalExample ''
{

View File

@ -133,7 +133,7 @@ in
programs.zsh.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
environment.etc."zshenv".text =
environment.etc.zshenv.text =
''
# /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
# This file is read for all shells.
@ -157,7 +157,7 @@ in
fi
'';
environment.etc."zprofile".text =
environment.etc.zprofile.text =
''
# /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
@ -176,7 +176,7 @@ in
fi
'';
environment.etc."zshrc".text =
environment.etc.zshrc.text =
''
# /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
# This file is read for interactive shells.
@ -225,7 +225,7 @@ in
fi
'';
environment.etc."zinputrc".source = ./zinputrc;
environment.etc.zinputrc.source = ./zinputrc;
environment.systemPackages = [ pkgs.zsh ]
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;

View File

@ -256,7 +256,7 @@ with lib;
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
# ACME
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
@ -285,6 +285,13 @@ with lib;
throw "services.redshift.longitude is set to null, you can remove this"
else builtins.fromJSON value))
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]

View File

@ -213,7 +213,7 @@ in
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
ExecStopPost =
ExecStopPost =
let
script = pkgs.writeScript "acme-post-stop" ''
#!${pkgs.runtimeShell} -e
@ -298,6 +298,9 @@ in
};
})
);
systemd.targets.acme-selfsigned-certificates = mkIf cfg.preliminarySelfsigned {};
systemd.targets.acme-certificates = {};
})
];

View File

@ -6,6 +6,10 @@ with lib;
options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
config = mkIf config.security.auditd.enable {
boot.kernelParams = [ "audit=1" ];
environment.systemPackages = [ pkgs.audit ];
systemd.services.auditd = {
description = "Linux Audit daemon";
wantedBy = [ "basic.target" ];

View File

@ -24,6 +24,6 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ sandbox ];
security.wrappers."${sandbox.passthru.sandboxExecutableName}".source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
security.wrappers.${sandbox.passthru.sandboxExecutableName}.source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
};
}

View File

@ -685,7 +685,7 @@ in
};
id = mkOption {
example = "42";
type = types.string;
type = types.str;
description = "client id";
};

View File

@ -85,7 +85,7 @@ in
security.wrappers = {
pkexec.source = "${pkgs.polkit.bin}/bin/pkexec";
"polkit-agent-helper-1".source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
polkit-agent-helper-1.source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
};
systemd.tmpfiles.rules = [

View File

@ -4,7 +4,7 @@ with lib;
let
cfg = config.services.prey;
myPrey = pkgs."prey-bash-client".override {
myPrey = pkgs.prey-bash-client.override {
apiKey = cfg.apiKey;
deviceKey = cfg.deviceKey;
};

View File

@ -91,7 +91,7 @@ in
type = with types; listOf (submodule {
options = {
users = mkOption {
type = with types; listOf (either string int);
type = with types; listOf (either str int);
description = ''
The usernames / UIDs this rule should apply for.
'';
@ -99,7 +99,7 @@ in
};
groups = mkOption {
type = with types; listOf (either string int);
type = with types; listOf (either str int);
description = ''
The groups / GIDs this rule should apply for.
'';
@ -107,7 +107,7 @@ in
};
host = mkOption {
type = types.string;
type = types.str;
default = "ALL";
description = ''
For what host this rule should apply.
@ -115,7 +115,7 @@ in
};
runAs = mkOption {
type = with types; string;
type = with types; str;
default = "ALL:ALL";
description = ''
Under which user/group the specified command is allowed to run.
@ -130,11 +130,11 @@ in
description = ''
The commands for which the rule should apply.
'';
type = with types; listOf (either string (submodule {
type = with types; listOf (either str (submodule {
options = {
command = mkOption {
type = with types; string;
type = with types; str;
description = ''
A command being either just a path to a binary to allow any arguments,
the full command with arguments pre-set or with <code>""</code> used as the argument,

View File

@ -7,7 +7,7 @@ let
programs =
(lib.mapAttrsToList
(n: v: (if v ? "program" then v else v // {program=n;}))
(n: v: (if v ? program then v else v // {program=n;}))
wrappers);
securityWrapper = pkgs.stdenv.mkDerivation {
@ -74,15 +74,15 @@ let
mkWrappedPrograms =
builtins.map
(s: if (s ? "capabilities")
(s: if (s ? capabilities)
then mkSetcapProgram
({ owner = "root";
group = "root";
} // s)
else if
(s ? "setuid" && s.setuid) ||
(s ? "setgid" && s.setgid) ||
(s ? "permissions")
(s ? setuid && s.setuid) ||
(s ? setgid && s.setgid) ||
(s ? permissions)
then mkSetuidProgram s
else mkSetuidProgram
({ owner = "root";

View File

@ -40,7 +40,7 @@ in {
'';
};
configurationURI = mkOption {
type = types.string;
type = types.str;
default = "xbean:activemq.xml";
description = ''
The URI that is passed along to the BrokerFactory to
@ -51,7 +51,7 @@ in {
'';
};
baseDir = mkOption {
type = types.string;
type = types.str;
default = "/var/activemq";
description = ''
The base directory where ActiveMQ stores its persistent data and logs.
@ -81,7 +81,7 @@ in {
'';
};
extraJavaOptions = mkOption {
type = types.string;
type = types.separatedString " ";
default = "";
example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M";
description = ''

View File

@ -64,7 +64,7 @@ in
};
volumeStep = mkOption {
type = types.string;
type = types.str;
default = "1";
example = "1%";
description = ''
@ -99,7 +99,7 @@ in
boot.kernelModules = optional config.sound.enableOSSEmulation "snd_pcm_oss";
systemd.services."alsa-store" =
systemd.services.alsa-store =
{ description = "Store Sound Card State";
wantedBy = [ "multi-user.target" ];
unitConfig.RequiresMountsFor = "/var/lib/alsa";

View File

@ -23,7 +23,7 @@ in {
mpd = {
host = mkOption {
type = types.string;
type = types.str;
default = "localhost";
description = "The host where MPD is listening.";
example = "localhost";

View File

@ -1,73 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.crashplansb;
crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; };
in
with lib;
{
options = {
services.crashplansb = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Starts crashplan for small business background service.
'';
};
maxRam = mkOption {
default = "1024m";
example = "2G";
type = types.str;
description = ''
Maximum amount of ram that the crashplan engine should use.
'';
};
openPorts = mkOption {
description = "Open ports in the firewall for crashplan.";
default = true;
type = types.bool;
};
ports = mkOption {
# https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform
# used ports can also be checked in the desktop app console using the command connection.info
description = "which ports to open.";
default = [ 4242 4243 4244 4247 ];
type = types.listOf types.int;
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ crashplansb ];
networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports;
systemd.services.crashplansb = {
description = "CrashPlan Backup Engine";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
preStart = ''
install -d -m 755 ${crashplansb.vardir}
install -d -m 700 ${crashplansb.vardir}/conf
install -d -m 700 ${crashplansb.manifestdir}
install -d -m 700 ${crashplansb.vardir}/cache
install -d -m 700 ${crashplansb.vardir}/backupArchives
install -d -m 777 ${crashplansb.vardir}/log
cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf
'';
serviceConfig = {
Type = "forking";
EnvironmentFile = "${crashplansb}/bin/run.conf";
ExecStart = "${crashplansb}/bin/CrashPlanEngine start";
ExecStop = "${crashplansb}/bin/CrashPlanEngine stop";
PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid";
WorkingDirectory = crashplansb;
};
};
};
}

View File

@ -1,67 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.crashplan;
crashplan = pkgs.crashplan;
in
with lib;
{
options = {
services.crashplan = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Starts crashplan background service.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ crashplan ];
systemd.services.crashplan = {
description = "CrashPlan Backup Engine";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
preStart = ''
ensureDir() {
dir=$1
mode=$2
if ! test -e $dir; then
${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
${pkgs.coreutils}/bin/chmod $mode $dir
fi
}
ensureDir ${crashplan.vardir} 755
ensureDir ${crashplan.vardir}/conf 700
ensureDir ${crashplan.manifestdir} 700
ensureDir ${crashplan.vardir}/cache 700
ensureDir ${crashplan.vardir}/backupArchives 700
ensureDir ${crashplan.vardir}/log 777
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do
rm -f ${crashplan.vardir}/$x;
ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
done
'';
serviceConfig = {
Type = "forking";
EnvironmentFile = "${crashplan}/bin/run.conf";
ExecStart = "${crashplan}/bin/CrashPlanEngine start";
ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
WorkingDirectory = crashplan;
};
};
};
}

View File

@ -103,7 +103,7 @@ in
}];
systemd = {
timers."mysql-backup" = {
timers.mysql-backup = {
description = "Mysql backup timer";
wantedBy = [ "timers.target" ];
timerConfig = {
@ -112,7 +112,7 @@ in
Unit = "mysql-backup.service";
};
};
services."mysql-backup" = {
services.mysql-backup = {
description = "Mysql backup service";
enable = true;
serviceConfig = {

View File

@ -81,7 +81,7 @@ in {
};
pgdumpOptions = mkOption {
type = types.string;
type = types.separatedString " ";
default = "-Cbo";
description = ''
Command line options for pg_dump. This options is not used

View File

@ -2,7 +2,7 @@
with lib;
let
let
cfg = config.services.rsnapshot;
cfgfile = pkgs.writeText "rsnapshot.conf" ''
config_version 1.2
@ -52,7 +52,7 @@ in
cronIntervals = mkOption {
default = {};
example = { hourly = "0 * * * *"; daily = "50 21 * * *"; };
type = types.attrsOf types.string;
type = types.attrsOf types.str;
description = ''
Periodicity at which intervals should be run by cron.
Note that the intervals also have to exist in configuration

View File

@ -78,7 +78,7 @@ in
config = mkIf cfg.enable {
inherit assertions;
programs.tsmClient.enable = true;
programs.tsmClient.servers."${cfg.servername}".passwdDir =
programs.tsmClient.servers.${cfg.servername}.passwdDir =
mkDefault "/var/lib/tsm-backup/password";
systemd.services.tsm-backup = {
description = "IBM Spectrum Protect (Tivoli Storage Manager) Backup";

View File

@ -60,7 +60,7 @@ in {
pkgs.lz4
];
systemd.services."zfs-replication" = {
systemd.services.zfs-replication = {
after = [
"zfs-snapshot-daily.service"
"zfs-snapshot-frequent.service"

View File

@ -361,7 +361,7 @@ in
environment.systemPackages = [ pkgs.znapzend ];
systemd.services = {
"znapzend" = {
znapzend = {
description = "ZnapZend - ZFS Backup System";
wantedBy = [ "zfs.target" ];
after = [ "zfs.target" ];

View File

@ -24,7 +24,7 @@ with lib;
config = mkMerge [
(mkIf cfg.hdfs.namenode.enabled {
systemd.services."hdfs-namenode" = {
systemd.services.hdfs-namenode = {
description = "Hadoop HDFS NameNode";
wantedBy = [ "multi-user.target" ];
@ -44,7 +44,7 @@ with lib;
};
})
(mkIf cfg.hdfs.datanode.enabled {
systemd.services."hdfs-datanode" = {
systemd.services.hdfs-datanode = {
description = "Hadoop HDFS DataNode";
wantedBy = [ "multi-user.target" ];

View File

@ -35,7 +35,7 @@ with lib;
})
(mkIf cfg.yarn.resourcemanager.enabled {
systemd.services."yarn-resourcemanager" = {
systemd.services.yarn-resourcemanager = {
description = "Hadoop YARN ResourceManager";
wantedBy = [ "multi-user.target" ];
@ -53,7 +53,7 @@ with lib;
})
(mkIf cfg.yarn.nodemanager.enabled {
systemd.services."yarn-nodemanager" = {
systemd.services.yarn-nodemanager = {
description = "Hadoop YARN NodeManager";
wantedBy = [ "multi-user.target" ];

View File

@ -74,7 +74,7 @@ in {
spec = {
replicas = 1;
revisionHistoryLimit = 10;
selector.matchLabels."k8s-app" = "kubernetes-dashboard";
selector.matchLabels.k8s-app = "kubernetes-dashboard";
template = {
metadata = {
labels = {

View File

@ -73,7 +73,7 @@ in {
metadata = {
labels = {
"addonmanager.kubernetes.io/mode" = "Reconcile";
"k8s-app" = "kube-dns";
k8s-app = "kube-dns";
"kubernetes.io/cluster-service" = "true";
"kubernetes.io/bootstrapping" = "rbac-defaults";
};
@ -102,7 +102,7 @@ in {
};
labels = {
"addonmanager.kubernetes.io/mode" = "Reconcile";
"k8s-app" = "kube-dns";
k8s-app = "kube-dns";
"kubernetes.io/cluster-service" = "true";
"kubernetes.io/bootstrapping" = "rbac-defaults";
};
@ -130,7 +130,7 @@ in {
metadata = {
labels = {
"addonmanager.kubernetes.io/mode" = "Reconcile";
"k8s-app" = "kube-dns";
k8s-app = "kube-dns";
"kubernetes.io/cluster-service" = "true";
};
name = "coredns";
@ -144,7 +144,7 @@ in {
metadata = {
labels = {
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
"k8s-app" = "kube-dns";
k8s-app = "kube-dns";
"kubernetes.io/cluster-service" = "true";
};
name = "coredns";
@ -175,7 +175,7 @@ in {
metadata = {
labels = {
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
"k8s-app" = "kube-dns";
k8s-app = "kube-dns";
"kubernetes.io/cluster-service" = "true";
"kubernetes.io/name" = "CoreDNS";
};
@ -301,7 +301,7 @@ in {
};
labels = {
"addonmanager.kubernetes.io/mode" = "Reconcile";
"k8s-app" = "kube-dns";
k8s-app = "kube-dns";
"kubernetes.io/cluster-service" = "true";
"kubernetes.io/name" = "CoreDNS";
};

View File

@ -261,7 +261,7 @@ in {
before = [ "kubernetes.target" ];
};
systemd.services.kube-control-plane-online = rec {
systemd.services.kube-control-plane-online = {
description = "Kubernetes control plane is online";
wantedBy = [ "kube-control-plane-online.target" ];
after = [ "kube-scheduler.service" "kube-controller-manager.service" ];

View File

@ -111,7 +111,7 @@ in
systemd.services.boinc = {
description = "BOINC Client";
after = ["network.target" "local-fs.target"];
after = ["network.target"];
wantedBy = ["multi-user.target"];
script = ''
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}

View File

@ -43,7 +43,7 @@ in
###### interface
options = {
services.hydra = rec {
services.hydra = {
enable = mkOption {
type = types.bool;

View File

@ -259,7 +259,7 @@ in {
'';
};
incrementalRepairOptions = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "--partitioner-range" ];
description = ''
@ -267,7 +267,7 @@ in {
'';
};
maxHeapSize = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "4G";
description = ''
@ -287,7 +287,7 @@ in {
'';
};
heapNewSize = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "800M";
description = ''
@ -352,11 +352,11 @@ in {
type = types.listOf (types.submodule {
options = {
username = mkOption {
type = types.string;
type = types.str;
description = "Username for JMX";
};
password = mkOption {
type = types.string;
type = types.str;
description = "Password for JMX";
};
};
@ -397,14 +397,14 @@ in {
}
];
users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" =
extraUsers.${defaultUser} =
{ group = cfg.group;
home = cfg.homeDir;
createHome = true;
uid = config.ids.uids.cassandra;
description = "Cassandra service user";
};
extraGroups."${defaultUser}".gid = config.ids.gids.cassandra;
extraGroups.${defaultUser}.gid = config.ids.gids.cassandra;
};
systemd.services.cassandra =

View File

@ -56,7 +56,7 @@ in {
user = mkOption {
type = types.string;
type = types.str;
default = "couchdb";
description = ''
User account under which couchdb runs.
@ -64,7 +64,7 @@ in {
};
group = mkOption {
type = types.string;
type = types.str;
default = "couchdb";
description = ''
Group account under which couchdb runs.
@ -106,7 +106,7 @@ in {
};
bindAddress = mkOption {
type = types.string;
type = types.str;
default = "127.0.0.1";
description = ''
Defines the IP address by which CouchDB will be accessible.
@ -138,7 +138,7 @@ in {
};
configFile = mkOption {
type = types.string;
type = types.path;
description = ''
Configuration file for persisting runtime changes. File
needs to be readable and writable from couchdb user/group.

View File

@ -140,7 +140,7 @@ in
};
logSize = mkOption {
type = types.string;
type = types.str;
default = "10MiB";
description = ''
Roll over to a new log file after the current log file
@ -149,7 +149,7 @@ in
};
maxLogSize = mkOption {
type = types.string;
type = types.str;
default = "100MiB";
description = ''
Delete the oldest log file when the total size of all log
@ -171,7 +171,7 @@ in
};
memory = mkOption {
type = types.string;
type = types.str;
default = "8GiB";
description = ''
Maximum memory used by the process. The default value is
@ -193,7 +193,7 @@ in
};
storageMemory = mkOption {
type = types.string;
type = types.str;
default = "1GiB";
description = ''
Maximum memory used for data storage. The default value is

View File

@ -53,7 +53,7 @@ in {
user = mkOption {
type = types.string;
type = types.str;
default = "hbase";
description = ''
User account under which HBase runs.
@ -61,7 +61,7 @@ in {
};
group = mkOption {
type = types.string;
type = types.str;
default = "hbase";
description = ''
Group account under which HBase runs.

View File

@ -129,13 +129,13 @@ in
user = mkOption {
default = "influxdb";
description = "User account under which influxdb runs";
type = types.string;
type = types.str;
};
group = mkOption {
default = "influxdb";
description = "Group under which influxdb runs";
type = types.string;
type = types.str;
};
dataDir = mkOption {

View File

@ -65,9 +65,9 @@ in
default = false;
description = "Enable client authentication. Creates a default superuser with username root!";
};
initialRootPassword = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = "Password for the root user if auth is enabled.";
};

View File

@ -47,26 +47,26 @@ in
};
user = mkOption {
type = types.string;
type = types.str;
default = "openldap";
description = "User account under which slapd runs.";
};
group = mkOption {
type = types.string;
type = types.str;
default = "openldap";
description = "Group account under which slapd runs.";
};
urlList = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ "ldap:///" ];
description = "URL list slapd should listen on.";
example = [ "ldaps:///" ];
};
dataDir = mkOption {
type = types.string;
type = types.path;
default = "/var/db/openldap";
description = "The database directory.";
};

View File

@ -34,7 +34,7 @@ in {
};
user = mkOption {
type = types.string;
type = types.str;
default = "opentsdb";
description = ''
User account under which OpenTSDB runs.
@ -42,7 +42,7 @@ in {
};
group = mkOption {
type = types.string;
type = types.str;
default = "opentsdb";
description = ''
Group account under which OpenTSDB runs.

View File

@ -59,8 +59,8 @@ in {
type = types.attrsOf types.str;
default = {};
example = {
"nuc-server" = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
"mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
};
description = ''
pgmanage requires at least one PostgreSQL server be defined.
@ -192,13 +192,13 @@ in {
};
};
users = {
users."${pgmanage}" = {
users.${pgmanage} = {
name = pgmanage;
group = pgmanage;
home = cfg.sqlRoot;
createHome = true;
};
groups."${pgmanage}" = {
groups.${pgmanage} = {
name = pgmanage;
};
};

View File

@ -8,17 +8,19 @@ let
condOption = name: value: if value != null then "${name} ${toString value}" else "";
redisConfig = pkgs.writeText "redis.conf" ''
pidfile ${cfg.pidFile}
port ${toString cfg.port}
${condOption "bind" cfg.bind}
${condOption "unixsocket" cfg.unixSocket}
daemonize yes
supervised systemd
loglevel ${cfg.logLevel}
logfile ${cfg.logfile}
syslog-enabled ${redisBool cfg.syslog}
pidfile /run/redis/redis.pid
databases ${toString cfg.databases}
${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save}
dbfilename ${cfg.dbFilename}
dir ${toString cfg.dbpath}
dbfilename dump.rdb
dir /var/lib/redis
${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""}
${condOption "masterauth" cfg.masterAuth}
${condOption "requirepass" cfg.requirePass}
@ -40,7 +42,12 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Redis server.";
description = ''
Whether to enable the Redis server. Note that the NixOS module for
Redis disables kernel support for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
'';
};
package = mkOption {
@ -50,18 +57,6 @@ in
description = "Which Redis derivation to use.";
};
user = mkOption {
type = types.str;
default = "redis";
description = "User account under which Redis runs.";
};
pidFile = mkOption {
type = types.path;
default = "/var/lib/redis/redis.pid";
description = "";
};
port = mkOption {
type = types.int;
default = 6379;
@ -95,7 +90,7 @@ in
type = with types; nullOr path;
default = null;
description = "The path to the socket to bind to.";
example = "/run/redis.sock";
example = "/run/redis/redis.sock";
};
logLevel = mkOption {
@ -131,18 +126,6 @@ in
example = [ [900 1] [300 10] [60 10000] ];
};
dbFilename = mkOption {
type = types.str;
default = "dump.rdb";
description = "The filename where to dump the DB.";
};
dbpath = mkOption {
type = types.path;
default = "/var/lib/redis";
description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
};
slaveOf = mkOption {
default = null; # { ip, port }
description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave.";
@ -170,12 +153,6 @@ in
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
};
appendOnlyFilename = mkOption {
type = types.str;
default = "appendonly.aof";
description = "Filename for the append-only file (stored inside of dbpath)";
};
appendFsync = mkOption {
type = types.str;
default = "everysec"; # no, always, everysec
@ -217,27 +194,30 @@ in
allowedTCPPorts = [ cfg.port ];
};
users.users.redis =
{ name = cfg.user;
description = "Redis database user";
};
users.users.redis.description = "Redis database user";
environment.systemPackages = [ cfg.package ];
systemd.services.disable-transparent-huge-pages = {
description = "Disable Transparent Huge Pages (required by Redis)";
before = [ "redis.service" ];
wantedBy = [ "redis.service" ];
script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled";
serviceConfig.Type = "oneshot";
};
systemd.services.redis =
{ description = "Redis Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
install -d -m0700 -o ${cfg.user} ${cfg.dbpath}
chown -R ${cfg.user} ${cfg.dbpath}
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}";
User = cfg.user;
RuntimeDirectory = "redis";
StateDirectory = "redis";
Type = "notify";
User = "redis";
};
};

View File

@ -29,7 +29,7 @@ in
};
nodeName = mkOption {
type = types.string;
type = types.str;
default = "riak@127.0.0.1";
description = ''
Name of the Erlang node.
@ -37,7 +37,7 @@ in
};
distributedCookie = mkOption {
type = types.string;
type = types.str;
default = "riak";
description = ''
Cookie for distributed node communication. All nodes in the

View File

@ -202,14 +202,14 @@ in
];
# restart geoclue service when the configuration changes
systemd.services."geoclue".restartTriggers = [
systemd.services.geoclue.restartTriggers = [
config.environment.etc."geoclue/geoclue.conf".source
];
# this needs to run as a user service, since it's associated with the
# user who is making the requests
systemd.user.services = mkIf cfg.enableDemoAgent {
"geoclue-agent" = {
geoclue-agent = {
description = "Geoclue agent";
script = "${package}/libexec/geoclue-2.0/demos/agent";
# this should really be `partOf = [ "geoclue.service" ]`, but
@ -219,12 +219,12 @@ in
};
};
services.geoclue2.appConfig."epiphany" = {
services.geoclue2.appConfig.epiphany = {
isAllowed = true;
isSystem = false;
};
services.geoclue2.appConfig."firefox" = {
services.geoclue2.appConfig.firefox = {
isAllowed = true;
isSystem = false;
};

View File

@ -1,38 +0,0 @@
# Seahorse daemon.
{ config, pkgs, lib, ... }:
with lib;
{
###### interface
options = {
services.gnome3.seahorse = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Seahorse search provider for the GNOME Shell activity search.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.seahorse.enable {
environment.systemPackages = [ pkgs.gnome3.seahorse pkgs.gnome3.dconf ];
services.dbus.packages = [ pkgs.gnome3.seahorse ];
};
}

View File

@ -34,7 +34,7 @@ in {
psd = {
enable = true;
description = "Profile Sync daemon";
wants = [ "psd-resync.service" "local-fs.target" ];
wants = [ "psd-resync.service" ];
wantedBy = [ "default.target" ];
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
unitConfig = {

View File

@ -55,7 +55,7 @@ in
'';
};
saveName = mkOption {
type = types.string;
type = types.str;
default = "default";
description = ''
The name of the savegame that will be used by the server.
@ -81,7 +81,7 @@ in
'';
};
stateDirName = mkOption {
type = types.string;
type = types.str;
default = "factorio";
description = ''
Name of the directory under /var/lib holding the server's data.
@ -102,14 +102,14 @@ in
'';
};
game-name = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = "Factorio Game";
description = ''
Name of the game as it will appear in the game listing.
'';
};
description = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = "";
description = ''
Description of the game that will appear in the listing.
@ -130,28 +130,28 @@ in
'';
};
username = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Your factorio.com login credentials. Required for games with visibility public.
'';
};
password = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Your factorio.com login credentials. Required for games with visibility public.
'';
};
token = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Authentication token. May be used instead of 'password' above.
'';
};
game-password = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Game password.

View File

@ -4,7 +4,7 @@ with lib;
let
cfg = config.services.terraria;
worldSizeMap = { "small" = 1; "medium" = 2; "large" = 3; };
worldSizeMap = { small = 1; medium = 2; large = 3; };
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
boolFlag = name: val: optionalString val "-${name}";
flags = [

Some files were not shown because too many files have changed in this diff Show More