Merge branch 'staging' into staging-next
This commit is contained in:
commit
2c5835b09a
@ -14,10 +14,10 @@ let
|
||||
builtins.map
|
||||
(subsetname: {
|
||||
subsetname = subsetname;
|
||||
functions = libDefPos toplib."${subsetname}";
|
||||
functions = libDefPos toplib.${subsetname};
|
||||
})
|
||||
(builtins.filter
|
||||
(name: builtins.isAttrs toplib."${name}")
|
||||
(name: builtins.isAttrs toplib.${name})
|
||||
(builtins.attrNames toplib));
|
||||
|
||||
nixpkgsLib = pkgs.lib;
|
||||
|
@ -47,7 +47,7 @@ rec {
|
||||
|
||||
|
||||
/* `makeOverridable` takes a function from attribute set to attribute set and
|
||||
injects `override` attibute which can be used to override arguments of
|
||||
injects `override` attribute which can be used to override arguments of
|
||||
the function.
|
||||
|
||||
nix-repl> x = {a, b}: { result = a + b; }
|
||||
|
@ -24,7 +24,7 @@ rec {
|
||||
let arg = (merger init (defaultMergeArg init x));
|
||||
# now add the function with composed args already applied to the final attrs
|
||||
base = (setAttrMerge "passthru" {} (f arg)
|
||||
( z: z // rec {
|
||||
( z: z // {
|
||||
function = foldArgs merger f arg;
|
||||
args = (lib.attrByPath ["passthru" "args"] {} z) // x;
|
||||
} ));
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ lib, version }:
|
||||
|
||||
with lib;
|
||||
rec {
|
||||
{
|
||||
# Common patterns/legacy
|
||||
whenAtLeast = ver: mkIf (versionAtLeast version ver);
|
||||
whenOlder = ver: mkIf (versionOlder version ver);
|
||||
|
@ -7,7 +7,7 @@ let
|
||||
|
||||
in
|
||||
|
||||
lib.mapAttrs (n: v: v // { shortName = n; }) rec {
|
||||
lib.mapAttrs (n: v: v // { shortName = n; }) {
|
||||
/* License identifiers from spdx.org where possible.
|
||||
* If you cannot find your license here, then look for a similar license or
|
||||
* add it to this list. The URL mentioned above is a good source for inspiration.
|
||||
|
@ -459,11 +459,11 @@ rec {
|
||||
if length list < 2
|
||||
then # finish
|
||||
{ result = list; }
|
||||
else if dfsthis ? "cycle"
|
||||
else if dfsthis ? cycle
|
||||
then # there's a cycle, starting from the current vertex, return it
|
||||
{ cycle = reverseList ([ dfsthis.cycle ] ++ dfsthis.visited);
|
||||
inherit (dfsthis) loops; }
|
||||
else if toporest ? "cycle"
|
||||
else if toporest ? cycle
|
||||
then # there's a cycle somewhere else in the graph, return it
|
||||
toporest
|
||||
# Slow, but short. Can be made a bit faster with an explicit stack.
|
||||
|
@ -58,13 +58,13 @@ rec {
|
||||
uname = {
|
||||
# uname -s
|
||||
system = {
|
||||
"linux" = "Linux";
|
||||
"windows" = "Windows";
|
||||
"darwin" = "Darwin";
|
||||
"netbsd" = "NetBSD";
|
||||
"freebsd" = "FreeBSD";
|
||||
"openbsd" = "OpenBSD";
|
||||
"wasi" = "Wasi";
|
||||
linux = "Linux";
|
||||
windows = "Windows";
|
||||
darwin = "Darwin";
|
||||
netbsd = "NetBSD";
|
||||
freebsd = "FreeBSD";
|
||||
openbsd = "OpenBSD";
|
||||
wasi = "Wasi";
|
||||
}.${final.parsed.kernel.name} or null;
|
||||
|
||||
# uname -p
|
||||
@ -86,10 +86,10 @@ rec {
|
||||
else if final.isx86_64 then "x86_64"
|
||||
else if final.isx86 then "i386"
|
||||
else {
|
||||
"powerpc" = "ppc";
|
||||
"powerpcle" = "ppc";
|
||||
"powerpc64" = "ppc64";
|
||||
"powerpc64le" = "ppc64le";
|
||||
powerpc = "ppc";
|
||||
powerpcle = "ppc";
|
||||
powerpc64 = "ppc64";
|
||||
powerpc64le = "ppc64le";
|
||||
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
|
||||
|
||||
emulator = pkgs: let
|
||||
|
@ -33,7 +33,7 @@ let
|
||||
|
||||
filterDoubles = f: map parse.doubleFromSystem (lists.filter f allParsed);
|
||||
|
||||
in rec {
|
||||
in {
|
||||
inherit all;
|
||||
|
||||
none = [];
|
||||
|
@ -24,27 +24,27 @@ rec {
|
||||
platform = platforms.powernv;
|
||||
};
|
||||
|
||||
sheevaplug = rec {
|
||||
sheevaplug = {
|
||||
config = "armv5tel-unknown-linux-gnueabi";
|
||||
platform = platforms.sheevaplug;
|
||||
};
|
||||
|
||||
raspberryPi = rec {
|
||||
raspberryPi = {
|
||||
config = "armv6l-unknown-linux-gnueabihf";
|
||||
platform = platforms.raspberrypi;
|
||||
};
|
||||
|
||||
armv7l-hf-multiplatform = rec {
|
||||
armv7l-hf-multiplatform = {
|
||||
config = "armv7l-unknown-linux-gnueabihf";
|
||||
platform = platforms.armv7l-hf-multiplatform;
|
||||
};
|
||||
|
||||
aarch64-multiplatform = rec {
|
||||
aarch64-multiplatform = {
|
||||
config = "aarch64-unknown-linux-gnu";
|
||||
platform = platforms.aarch64-multiplatform;
|
||||
};
|
||||
|
||||
armv7a-android-prebuilt = rec {
|
||||
armv7a-android-prebuilt = {
|
||||
config = "armv7a-unknown-linux-androideabi";
|
||||
sdkVer = "24";
|
||||
ndkVer = "18b";
|
||||
@ -52,7 +52,7 @@ rec {
|
||||
useAndroidPrebuilt = true;
|
||||
};
|
||||
|
||||
aarch64-android-prebuilt = rec {
|
||||
aarch64-android-prebuilt = {
|
||||
config = "aarch64-unknown-linux-android";
|
||||
sdkVer = "24";
|
||||
ndkVer = "18b";
|
||||
@ -65,17 +65,17 @@ rec {
|
||||
inherit (platform.gcc) fpu;
|
||||
};
|
||||
|
||||
pogoplug4 = rec {
|
||||
pogoplug4 = {
|
||||
config = "armv5tel-unknown-linux-gnueabi";
|
||||
platform = platforms.pogoplug4;
|
||||
};
|
||||
|
||||
ben-nanonote = rec {
|
||||
ben-nanonote = {
|
||||
config = "mipsel-unknown-linux-uclibc";
|
||||
platform = platforms.ben_nanonote;
|
||||
};
|
||||
|
||||
fuloongminipc = rec {
|
||||
fuloongminipc = {
|
||||
config = "mipsel-unknown-linux-gnu";
|
||||
platform = platforms.fuloong2f_n32;
|
||||
};
|
||||
@ -236,4 +236,9 @@ rec {
|
||||
useLLVM = true;
|
||||
};
|
||||
|
||||
# Ghcjs
|
||||
ghcjs = {
|
||||
config = "js-unknown-ghcjs";
|
||||
platform = {};
|
||||
};
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ rec {
|
||||
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
|
||||
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
|
||||
isPowerPC = { cpu = cpuTypes.powerpc; };
|
||||
isPower = { cpu = { family = "power"; }; };
|
||||
isPower = { cpu = { family = "power"; }; };
|
||||
isx86 = { cpu = { family = "x86"; }; };
|
||||
isAarch32 = { cpu = { family = "arm"; bits = 32; }; };
|
||||
isAarch64 = { cpu = { family = "arm"; bits = 64; }; };
|
||||
@ -23,6 +23,7 @@ rec {
|
||||
isMsp430 = { cpu = { family = "msp430"; }; };
|
||||
isAvr = { cpu = { family = "avr"; }; };
|
||||
isAlpha = { cpu = { family = "alpha"; }; };
|
||||
isJavaScript = { cpu = cpuTypes.js; };
|
||||
|
||||
is32bit = { cpu = { bits = 32; }; };
|
||||
is64bit = { cpu = { bits = 64; }; };
|
||||
@ -44,6 +45,7 @@ rec {
|
||||
isCygwin = { kernel = kernels.windows; abi = abis.cygnus; };
|
||||
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
|
||||
isWasi = { kernel = kernels.wasi; };
|
||||
isGhcjs = { kernel = kernels.ghcjs; };
|
||||
isNone = { kernel = kernels.none; };
|
||||
|
||||
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];
|
||||
|
@ -106,11 +106,13 @@ rec {
|
||||
|
||||
wasm32 = { bits = 32; significantByte = littleEndian; family = "wasm"; };
|
||||
wasm64 = { bits = 64; significantByte = littleEndian; family = "wasm"; };
|
||||
|
||||
|
||||
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
|
||||
|
||||
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
|
||||
avr = { bits = 8; family = "avr"; };
|
||||
|
||||
js = { bits = 32; significantByte = littleEndian; family = "js"; };
|
||||
};
|
||||
|
||||
# Determine where two CPUs are compatible with each other. That is,
|
||||
@ -271,6 +273,7 @@ rec {
|
||||
solaris = { execFormat = elf; families = { }; };
|
||||
wasi = { execFormat = wasm; families = { }; };
|
||||
windows = { execFormat = pe; families = { }; };
|
||||
ghcjs = { execFormat = unknown; families = { }; };
|
||||
} // { # aliases
|
||||
# 'darwin' is the kernel for all of them. We choose macOS by default.
|
||||
darwin = kernels.macos;
|
||||
@ -384,6 +387,8 @@ rec {
|
||||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
|
||||
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
|
||||
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
|
||||
else if (elemAt l 2 == "ghcjs")
|
||||
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
|
||||
else throw "Target specification with 3 components is ambiguous";
|
||||
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
|
||||
}.${toString (length l)}
|
||||
@ -403,7 +408,7 @@ rec {
|
||||
getKernel = name: kernels.${name} or (throw "Unknown kernel: ${name}");
|
||||
getAbi = name: abis.${name} or (throw "Unknown ABI: ${name}");
|
||||
|
||||
parsed = rec {
|
||||
parsed = {
|
||||
cpu = getCpu args.cpu;
|
||||
vendor =
|
||||
/**/ if args ? vendor then getVendor args.vendor
|
||||
|
@ -456,16 +456,16 @@ rec {
|
||||
};
|
||||
|
||||
selectBySystem = system: {
|
||||
"i486-linux" = pc32;
|
||||
"i586-linux" = pc32;
|
||||
"i686-linux" = pc32;
|
||||
"x86_64-linux" = pc64;
|
||||
"armv5tel-linux" = sheevaplug;
|
||||
"armv6l-linux" = raspberrypi;
|
||||
"armv7a-linux" = armv7l-hf-multiplatform;
|
||||
"armv7l-linux" = armv7l-hf-multiplatform;
|
||||
"aarch64-linux" = aarch64-multiplatform;
|
||||
"mipsel-linux" = fuloong2f_n32;
|
||||
"powerpc64le-linux" = powernv;
|
||||
i486-linux = pc32;
|
||||
i586-linux = pc32;
|
||||
i686-linux = pc32;
|
||||
x86_64-linux = pc64;
|
||||
armv5tel-linux = sheevaplug;
|
||||
armv6l-linux = raspberrypi;
|
||||
armv7a-linux = armv7l-hf-multiplatform;
|
||||
armv7l-linux = armv7l-hf-multiplatform;
|
||||
aarch64-linux = aarch64-multiplatform;
|
||||
mipsel-linux = fuloong2f_n32;
|
||||
powerpc64le-linux = powernv;
|
||||
}.${system} or pcBase;
|
||||
}
|
||||
|
@ -42,7 +42,7 @@ rec {
|
||||
# Default type functor
|
||||
defaultFunctor = name: {
|
||||
inherit name;
|
||||
type = types."${name}" or null;
|
||||
type = types.${name} or null;
|
||||
wrapped = null;
|
||||
payload = null;
|
||||
binOp = a: b: null;
|
||||
@ -107,7 +107,7 @@ rec {
|
||||
merge = mergeEqualOption;
|
||||
};
|
||||
|
||||
int = mkOptionType rec {
|
||||
int = mkOptionType {
|
||||
name = "int";
|
||||
description = "signed integer";
|
||||
check = isInt;
|
||||
@ -136,7 +136,7 @@ rec {
|
||||
sign = bit: range: ign (0 - (range / 2)) (range / 2 - 1)
|
||||
"signedInt${toString bit}" "${toString bit} bit signed integer";
|
||||
|
||||
in rec {
|
||||
in {
|
||||
/* An int with a fixed range.
|
||||
*
|
||||
* Example:
|
||||
@ -172,7 +172,7 @@ rec {
|
||||
# Alias of u16 for a port number
|
||||
port = ints.u16;
|
||||
|
||||
float = mkOptionType rec {
|
||||
float = mkOptionType {
|
||||
name = "float";
|
||||
description = "floating point number";
|
||||
check = isFloat;
|
||||
@ -217,7 +217,8 @@ rec {
|
||||
|
||||
# Deprecated; should not be used because it quietly concatenates
|
||||
# strings, which is usually not what you want.
|
||||
string = separatedString "";
|
||||
string = warn "types.string is deprecated because it quietly concatenates strings"
|
||||
(separatedString "");
|
||||
|
||||
attrs = mkOptionType {
|
||||
name = "attrs";
|
||||
|
@ -7,7 +7,7 @@ let
|
||||
|
||||
in
|
||||
|
||||
rec {
|
||||
{
|
||||
|
||||
/* Get the major version string from a string.
|
||||
|
||||
|
@ -2091,7 +2091,7 @@
|
||||
githubId = 2817965;
|
||||
name = "f--t";
|
||||
};
|
||||
f-breidenstein = {
|
||||
fleaz = {
|
||||
email = "mail@felixbreidenstein.de";
|
||||
github = "fleaz";
|
||||
githubId = 2489598;
|
||||
@ -5095,6 +5095,12 @@
|
||||
githubId = 9568176;
|
||||
name = "Piotr Halama";
|
||||
};
|
||||
puckipedia = {
|
||||
email = "puck@puckipedia.com";
|
||||
github = "puckipedia";
|
||||
githubId = 488734;
|
||||
name = "Puck Meerburg";
|
||||
};
|
||||
puffnfresh = {
|
||||
email = "brian@brianmckenna.org";
|
||||
github = "puffnfresh";
|
||||
|
@ -16,6 +16,6 @@
|
||||
On images where the installation media also becomes an installation target,
|
||||
copying over <literal>configuration.nix</literal> should be disabled by
|
||||
setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
|
||||
This is already done in <literal>sd-image.nix</literal>.
|
||||
For example, this is done in <literal>sd-image-aarch64.nix</literal>.
|
||||
</para>
|
||||
</section>
|
||||
|
@ -57,6 +57,64 @@
|
||||
and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages
|
||||
like games.
|
||||
<itemizedlist>
|
||||
<para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para>
|
||||
<listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem>
|
||||
<listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem>
|
||||
<listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem>
|
||||
<listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem>
|
||||
</itemizedlist>
|
||||
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually
|
||||
disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications.
|
||||
<option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option>
|
||||
in the GNOME 3 module.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications
|
||||
to match as close as possible to a default reference GNOME 3 experience.
|
||||
</para>
|
||||
|
||||
<bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead>
|
||||
|
||||
<itemizedlist>
|
||||
<title>Applications removed from defaults:</title>
|
||||
<listitem><para><literal>accerciser</literal></para></listitem>
|
||||
<listitem><para><literal>dconf-editor</literal></para></listitem>
|
||||
<listitem><para><literal>evolution</literal></para></listitem>
|
||||
<listitem><para><literal>gnome-documents</literal></para></listitem>
|
||||
<listitem><para><literal>gnome-nettool</literal></para></listitem>
|
||||
<listitem><para><literal>gnome-power-manager</literal></para></listitem>
|
||||
<listitem><para><literal>gnome-todo</literal></para></listitem>
|
||||
<listitem><para><literal>gnome-tweaks</literal></para></listitem>
|
||||
<listitem><para><literal>gnome-usage</literal></para></listitem>
|
||||
<listitem><para><literal>gucharmap</literal></para></listitem>
|
||||
<listitem><para><literal>nautilus-sendto</literal></para></listitem>
|
||||
<listitem><para><literal>vinagre</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
<itemizedlist>
|
||||
<title>Applications added to defaults:</title>
|
||||
<listitem><para><literal>cheese</literal></para></listitem>
|
||||
<listitem><para><literal>geary</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead>
|
||||
|
||||
<itemizedlist>
|
||||
<title>Applications added to defaults:</title>
|
||||
<listitem><para><literal>gnome-color-manager</literal></para></listitem>
|
||||
<listitem><para><literal>orca</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
<itemizedlist>
|
||||
<title>Services enabled:</title>
|
||||
<listitem><para><option>services.avahi.enable</option></para></listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
@ -348,6 +406,12 @@
|
||||
What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<option>services.xserver.desktopManager.xterm</option> is now disabled by default.
|
||||
It was not useful except for debugging purposes and was confusingly set as default in some circumstances.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
</section>
|
||||
@ -547,8 +611,8 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
|
||||
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
|
||||
and restricts the SysRq key combinations to the sync command only.
|
||||
These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
|
||||
and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
|
||||
(which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
|
||||
@ -591,6 +655,51 @@
|
||||
The defaults from fontconfig are sufficient.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>crashplan</literal> package and the
|
||||
<literal>crashplan</literal> service have been removed from nixpkgs due to
|
||||
crashplan shutting down the service, while the <literal>crashplansb</literal>
|
||||
package and <literal>crashplan-small-business</literal> service have been
|
||||
removed from nixpkgs due to lack of maintainer.
|
||||
</para>
|
||||
<para>
|
||||
The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user,
|
||||
<filename class="directory">/run/redis</filename> as runtime directory and
|
||||
<filename class="directory">/var/lib/redis</filename> as state directory.
|
||||
Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP),
|
||||
because this features causes major performance problems for Redis,
|
||||
e.g. (https://redis.io/topics/latency).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>.
|
||||
<itemizedlist>
|
||||
<para>Users of the following options will have this enabled by default:</para>
|
||||
<listitem>
|
||||
<para><option>services.xserver.enable</option></para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para><option>programs.sway.enable</option></para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para><option>programs.way-cooler.enable</option></para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para><option>services.xrdp.enable</option></para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>altcoins</literal> categorization of packages has
|
||||
been removed. You now access these packages at the top level,
|
||||
ie. <literal>nix-shell -p dogecoin</literal> instead of
|
||||
<literal>nix-shell -p altcoins.dogecoin</literal>, etc.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -126,7 +126,7 @@ let
|
||||
}
|
||||
'';
|
||||
|
||||
in rec {
|
||||
in {
|
||||
inherit optionsNix;
|
||||
|
||||
optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix);
|
||||
|
@ -17,9 +17,9 @@ in
|
||||
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
|
||||
|
||||
qemuBinary = qemuPkg: {
|
||||
"x86_64-linux" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
||||
"armv7l-linux" = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
|
||||
"aarch64-linux" = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
|
||||
"x86_64-darwin" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
||||
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
||||
armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
|
||||
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
|
||||
x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
||||
}.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm";
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
pkgs: with pkgs.lib;
|
||||
|
||||
rec {
|
||||
{
|
||||
|
||||
# Check whenever fileSystem is needed for boot
|
||||
fsNeededForBoot = fs: fs.neededForBoot
|
||||
|
@ -35,8 +35,8 @@ let
|
||||
then "fontconfig"
|
||||
else "fontconfig_${version}";
|
||||
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
|
||||
cache = makeCache pkgs."${fcPackage}";
|
||||
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
|
||||
cache = makeCache pkgs.${fcPackage};
|
||||
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
|
||||
in
|
||||
pkgs.writeText "fc-00-nixos-cache.conf" ''
|
||||
<?xml version='1.0'?>
|
||||
|
@ -79,7 +79,7 @@ in
|
||||
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
|
||||
|
||||
fonts.fontconfig.confPackages = [ confPkg ];
|
||||
environment.variables."INFINALITY_FT" = cfg.preset;
|
||||
environment.variables.INFINALITY_FT = cfg.preset;
|
||||
|
||||
};
|
||||
|
||||
|
@ -116,7 +116,7 @@ let
|
||||
defaultFontsConf =
|
||||
let genDefault = fonts: name:
|
||||
optionalString (fonts != []) ''
|
||||
<alias>
|
||||
<alias binding="same">
|
||||
<family>${name}</family>
|
||||
<prefer>
|
||||
${concatStringsSep ""
|
||||
@ -139,6 +139,8 @@ let
|
||||
|
||||
${genDefault cfg.defaultFonts.monospace "monospace"}
|
||||
|
||||
${genDefault cfg.defaultFonts.emoji "emoji"}
|
||||
|
||||
</fontconfig>
|
||||
'';
|
||||
|
||||
@ -344,6 +346,21 @@ in
|
||||
in case multiple languages must be supported.
|
||||
'';
|
||||
};
|
||||
|
||||
emoji = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = ["Noto Color Emoji"];
|
||||
description = ''
|
||||
System-wide default emoji font(s). Multiple fonts may be listed
|
||||
in case a font does not support all emoji.
|
||||
|
||||
Note that fontconfig matches color emoji fonts preferentially,
|
||||
so if you want to use a black and white font while having
|
||||
a color font installed (eg. Noto Color Emoji installed alongside
|
||||
Noto Emoji), fontconfig will still choose the color font even
|
||||
when it is later in the list.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
hinting = {
|
||||
|
@ -43,6 +43,7 @@ with lib;
|
||||
pkgs.xorg.fontmiscmisc
|
||||
pkgs.xorg.fontcursormisc
|
||||
pkgs.unifont
|
||||
pkgs.noto-fonts-emoji
|
||||
];
|
||||
|
||||
};
|
||||
|
@ -15,7 +15,7 @@ let
|
||||
realms = optionalAttrs (lib.all (value: value != null) [
|
||||
cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
|
||||
]) {
|
||||
"${cfg.defaultRealm}" = {
|
||||
${cfg.defaultRealm} = {
|
||||
kdc = cfg.kdc;
|
||||
admin_server = cfg.kerberosAdminServer;
|
||||
};
|
||||
@ -25,7 +25,7 @@ let
|
||||
cfg.domainRealm cfg.defaultRealm
|
||||
]) {
|
||||
".${cfg.domainRealm}" = cfg.defaultRealm;
|
||||
"${cfg.domainRealm}" = cfg.defaultRealm;
|
||||
${cfg.domainRealm} = cfg.defaultRealm;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -6,7 +6,7 @@ let
|
||||
|
||||
# The set of alternative malloc(3) providers.
|
||||
providers = {
|
||||
"graphene-hardened" = rec {
|
||||
graphene-hardened = {
|
||||
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
||||
description = ''
|
||||
An allocator designed to mitigate memory corruption attacks, such as
|
||||
@ -14,7 +14,7 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
"jemalloc" = {
|
||||
jemalloc = {
|
||||
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
description = ''
|
||||
A general purpose allocator that emphasizes fragmentation avoidance
|
||||
@ -22,7 +22,7 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
"scudo" = {
|
||||
scudo = {
|
||||
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
|
||||
description = ''
|
||||
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
||||
@ -32,7 +32,7 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
providerConf = providers."${cfg.provider}";
|
||||
providerConf = providers.${cfg.provider};
|
||||
|
||||
# An output that contains only the shared library, to avoid
|
||||
# needlessly bloating the system closure
|
||||
|
@ -171,13 +171,13 @@ in
|
||||
|
||||
environment.etc =
|
||||
{ # /etc/services: TCP/UDP port assignments.
|
||||
"services".source = pkgs.iana-etc + "/etc/services";
|
||||
services.source = pkgs.iana-etc + "/etc/services";
|
||||
|
||||
# /etc/protocols: IP protocol numbers.
|
||||
"protocols".source = pkgs.iana-etc + "/etc/protocols";
|
||||
protocols.source = pkgs.iana-etc + "/etc/protocols";
|
||||
|
||||
# /etc/hosts: Hostname-to-IP mappings.
|
||||
"hosts".text = let
|
||||
hosts.text = let
|
||||
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
|
||||
allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
|
||||
in ''
|
||||
@ -190,7 +190,7 @@ in
|
||||
|
||||
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
|
||||
# /etc/rpc: RPC program numbers.
|
||||
"rpc".source = pkgs.glibc.out + "/etc/rpc";
|
||||
rpc.source = pkgs.glibc.out + "/etc/rpc";
|
||||
};
|
||||
|
||||
networking.proxy.envVars =
|
||||
|
@ -78,7 +78,7 @@ in
|
||||
};
|
||||
|
||||
# Service executed before suspending/hibernating.
|
||||
systemd.services."pre-sleep" =
|
||||
systemd.services.pre-sleep =
|
||||
{ description = "Pre-Sleep Actions";
|
||||
wantedBy = [ "sleep.target" ];
|
||||
before = [ "sleep.target" ];
|
||||
@ -89,7 +89,7 @@ in
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
|
||||
systemd.services."post-resume" =
|
||||
systemd.services.post-resume =
|
||||
{ description = "Post-Resume Actions";
|
||||
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
|
||||
script =
|
||||
|
@ -163,7 +163,7 @@ in
|
||||
l = "ls -alh";
|
||||
};
|
||||
|
||||
environment.etc."shells".text =
|
||||
environment.etc.shells.text =
|
||||
''
|
||||
${concatStringsSep "\n" (map utils.toShellPath cfg.shells)}
|
||||
/bin/sh
|
||||
@ -171,7 +171,7 @@ in
|
||||
|
||||
# For resetting environment with `. /etc/set-environment` when needed
|
||||
# and discoverability (see motivation of #30418).
|
||||
environment.etc."set-environment".source = config.system.build.setEnvironment;
|
||||
environment.etc.set-environment.source = config.system.build.setEnvironment;
|
||||
|
||||
system.build.setEnvironment = pkgs.writeText "set-environment"
|
||||
''
|
||||
|
@ -8,7 +8,7 @@
|
||||
"/share/terminfo"
|
||||
];
|
||||
|
||||
environment.etc."terminfo" = {
|
||||
environment.etc.terminfo = {
|
||||
source = "${config.system.path}/share/terminfo";
|
||||
};
|
||||
|
||||
|
@ -181,7 +181,7 @@ let
|
||||
};
|
||||
|
||||
hashedPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the hashed password for the user.
|
||||
@ -191,7 +191,7 @@ let
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the (clear text) password for the user.
|
||||
@ -203,7 +203,7 @@ let
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = with types; uniq (nullOr string);
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
The full path to a file that contains the user's password. The password
|
||||
@ -215,7 +215,7 @@ let
|
||||
};
|
||||
|
||||
initialHashedPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the initial hashed password for the user, i.e. the
|
||||
@ -230,7 +230,7 @@ let
|
||||
};
|
||||
|
||||
initialPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the initial password for the user, i.e. the
|
||||
@ -304,7 +304,7 @@ let
|
||||
};
|
||||
|
||||
members = mkOption {
|
||||
type = with types; listOf string;
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
description = ''
|
||||
The user names of the group members, added to the
|
||||
@ -546,11 +546,11 @@ in {
|
||||
environment.systemPackages = systemShells;
|
||||
|
||||
environment.etc = {
|
||||
"subuid" = {
|
||||
subuid = {
|
||||
text = subuidFile;
|
||||
mode = "0644";
|
||||
};
|
||||
"subgid" = {
|
||||
subgid = {
|
||||
text = subgidFile;
|
||||
mode = "0644";
|
||||
};
|
||||
|
@ -36,6 +36,6 @@ in
|
||||
{ inherit (cfg) group; }
|
||||
))
|
||||
];
|
||||
users.groups."${cfg.group}" = {};
|
||||
users.groups.${cfg.group} = {};
|
||||
};
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ in
|
||||
|
||||
boot.blacklistedKernelModules = [ "radeon" ];
|
||||
|
||||
environment.etc."ati".source = "${ati_x11}/etc/ati";
|
||||
environment.etc.ati.source = "${ati_x11}/etc/ati";
|
||||
|
||||
};
|
||||
|
||||
|
@ -88,7 +88,7 @@ in
|
||||
};
|
||||
|
||||
hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
|
||||
type = lib.types.string;
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
example = "PCI:1:0:0";
|
||||
description = ''
|
||||
@ -98,7 +98,7 @@ in
|
||||
};
|
||||
|
||||
hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
|
||||
type = lib.types.string;
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
example = "PCI:0:2:0";
|
||||
description = ''
|
||||
|
@ -59,4 +59,8 @@ in
|
||||
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
|
||||
'';
|
||||
};
|
||||
|
||||
# the installation media is also the installation target,
|
||||
# so we don't want to provide the installation configuration.nix.
|
||||
installer.cloneConfig = false;
|
||||
}
|
||||
|
@ -56,4 +56,8 @@ in
|
||||
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
|
||||
'';
|
||||
};
|
||||
|
||||
# the installation media is also the installation target,
|
||||
# so we don't want to provide the installation configuration.nix.
|
||||
installer.cloneConfig = false;
|
||||
}
|
||||
|
@ -45,4 +45,8 @@ in
|
||||
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
|
||||
'';
|
||||
};
|
||||
|
||||
# the installation media is also the installation target,
|
||||
# so we don't want to provide the installation configuration.nix.
|
||||
installer.cloneConfig = false;
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ in
|
||||
};
|
||||
|
||||
firmwarePartitionID = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "0x2178694e";
|
||||
description = ''
|
||||
Volume ID for the /boot/firmware partition on the SD card. This value
|
||||
@ -63,7 +63,7 @@ in
|
||||
};
|
||||
|
||||
rootPartitionUUID = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
|
||||
description = ''
|
||||
@ -194,9 +194,5 @@ in
|
||||
rm -f /nix-path-registration
|
||||
fi
|
||||
'';
|
||||
|
||||
# the installation media is also the installation target,
|
||||
# so we don't want to provide the installation configuration.nix.
|
||||
installer.cloneConfig = false;
|
||||
};
|
||||
}
|
||||
|
@ -129,7 +129,7 @@ in
|
||||
];
|
||||
|
||||
nixpkgs.config = {
|
||||
packageOverrides = p: rec {
|
||||
packageOverrides = p: {
|
||||
linux_3_4 = p.linux_3_4.override {
|
||||
extraConfig = ''
|
||||
# Enable drivers in kernel for most NICs.
|
||||
|
@ -18,7 +18,7 @@ with lib;
|
||||
|
||||
};
|
||||
|
||||
config = rec {
|
||||
config = {
|
||||
# Don't build the GRUB menu builder script, since we don't need it
|
||||
# here and it causes a cyclic dependency.
|
||||
boot.loader.grub.enable = false;
|
||||
|
@ -85,7 +85,7 @@ in
|
||||
# Generate /etc/os-release. See
|
||||
# https://www.freedesktop.org/software/systemd/man/os-release.html for the
|
||||
# format.
|
||||
environment.etc."os-release".text =
|
||||
environment.etc.os-release.text =
|
||||
''
|
||||
NAME=NixOS
|
||||
ID=nixos
|
||||
|
@ -138,6 +138,7 @@
|
||||
./programs/qt5ct.nix
|
||||
./programs/screen.nix
|
||||
./programs/sedutil.nix
|
||||
./programs/seahorse.nix
|
||||
./programs/slock.nix
|
||||
./programs/shadow.nix
|
||||
./programs/shell.nix
|
||||
@ -216,8 +217,6 @@
|
||||
./services/backup/bacula.nix
|
||||
./services/backup/borgbackup.nix
|
||||
./services/backup/duplicati.nix
|
||||
./services/backup/crashplan.nix
|
||||
./services/backup/crashplan-small-business.nix
|
||||
./services/backup/duplicity.nix
|
||||
./services/backup/mysql-backup.nix
|
||||
./services/backup/postgresql-backup.nix
|
||||
@ -303,7 +302,6 @@
|
||||
./services/desktops/gnome3/gnome-settings-daemon.nix
|
||||
./services/desktops/gnome3/gnome-user-share.nix
|
||||
./services/desktops/gnome3/rygel.nix
|
||||
./services/desktops/gnome3/seahorse.nix
|
||||
./services/desktops/gnome3/sushi.nix
|
||||
./services/desktops/gnome3/tracker.nix
|
||||
./services/desktops/gnome3/tracker-miners.nix
|
||||
|
@ -30,7 +30,7 @@ in
|
||||
};
|
||||
|
||||
config = mkIf (cfg.settings != {}) {
|
||||
environment.etc."atoprc".text =
|
||||
environment.etc.atoprc.text =
|
||||
concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
|
||||
};
|
||||
}
|
||||
|
@ -159,7 +159,7 @@ in
|
||||
|
||||
};
|
||||
|
||||
environment.etc."profile".text =
|
||||
environment.etc.profile.text =
|
||||
''
|
||||
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
|
||||
# This file is read for login shells.
|
||||
@ -184,7 +184,7 @@ in
|
||||
fi
|
||||
'';
|
||||
|
||||
environment.etc."bashrc".text =
|
||||
environment.etc.bashrc.text =
|
||||
''
|
||||
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
|
||||
|
||||
@ -212,7 +212,7 @@ in
|
||||
|
||||
# Configuration for readline in bash. We use "option default"
|
||||
# priority to allow user override using both .text and .source.
|
||||
environment.etc."inputrc".source = mkOptionDefault ./inputrc;
|
||||
environment.etc.inputrc.source = mkOptionDefault ./inputrc;
|
||||
|
||||
users.defaultUserShell = mkDefault pkgs.bashInteractive;
|
||||
|
||||
|
@ -5,7 +5,7 @@ with lib;
|
||||
let
|
||||
cfg = config.programs.firejail;
|
||||
|
||||
wrappedBins = pkgs.stdenv.mkDerivation rec {
|
||||
wrappedBins = pkgs.stdenv.mkDerivation {
|
||||
name = "firejail-wrapped-binaries";
|
||||
nativeBuildInputs = with pkgs; [ makeWrapper ];
|
||||
buildCommand = ''
|
||||
|
@ -54,8 +54,8 @@ in
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
example = {
|
||||
"h" = "noaction 5\e(";
|
||||
"l" = "noaction 5\e)";
|
||||
h = "noaction 5\e(";
|
||||
l = "noaction 5\e)";
|
||||
};
|
||||
description = "Defines new command keys.";
|
||||
};
|
||||
@ -74,7 +74,7 @@ in
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
example = {
|
||||
"\e" = "abort";
|
||||
e = "abort";
|
||||
};
|
||||
description = "Defines new line-editing keys.";
|
||||
};
|
||||
@ -111,11 +111,11 @@ in
|
||||
environment.systemPackages = [ pkgs.less ];
|
||||
|
||||
environment.variables = {
|
||||
"LESSKEY_SYSTEM" = toString lessKey;
|
||||
LESSKEY_SYSTEM = toString lessKey;
|
||||
} // optionalAttrs (cfg.lessopen != null) {
|
||||
"LESSOPEN" = cfg.lessopen;
|
||||
LESSOPEN = cfg.lessopen;
|
||||
} // optionalAttrs (cfg.lessclose != null) {
|
||||
"LESSCLOSE" = cfg.lessclose;
|
||||
LESSCLOSE = cfg.lessclose;
|
||||
};
|
||||
|
||||
warnings = optional (
|
||||
|
@ -35,7 +35,7 @@ in
|
||||
###### implementation
|
||||
|
||||
config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
|
||||
environment.etc."nanorc".text = lib.concatStrings [ cfg.nanorc
|
||||
environment.etc.nanorc.text = lib.concatStrings [ cfg.nanorc
|
||||
(lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
|
||||
};
|
||||
|
||||
|
@ -36,7 +36,7 @@ in
|
||||
###### implementation
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.etc."npmrc".text = cfg.npmrc;
|
||||
environment.etc.npmrc.text = cfg.npmrc;
|
||||
|
||||
environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";
|
||||
|
||||
|
@ -24,7 +24,7 @@ in
|
||||
###### implementation
|
||||
|
||||
config = mkIf (cfg.screenrc != "") {
|
||||
environment.etc."screenrc".text = cfg.screenrc;
|
||||
environment.etc.screenrc.text = cfg.screenrc;
|
||||
|
||||
environment.systemPackages = [ pkgs.screen ];
|
||||
};
|
||||
|
44
nixos/modules/programs/seahorse.nix
Normal file
44
nixos/modules/programs/seahorse.nix
Normal file
@ -0,0 +1,44 @@
|
||||
# Seahorse.
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
# Added 2019-08-27
|
||||
imports = [
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "gnome3" "seahorse" "enable" ]
|
||||
[ "programs" "seahorse" "enable" ])
|
||||
];
|
||||
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
programs.seahorse = {
|
||||
|
||||
enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring";
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.programs.seahorse.enable {
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.gnome3.seahorse
|
||||
];
|
||||
|
||||
services.dbus.packages = [
|
||||
pkgs.gnome3.seahorse
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -17,7 +17,7 @@ in
|
||||
|
||||
alias = mkOption {
|
||||
default = "fuck";
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
|
||||
description = ''
|
||||
`thefuck` needs an alias to be configured.
|
||||
|
@ -61,7 +61,7 @@ in
|
||||
description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.";
|
||||
|
||||
example = {
|
||||
"projname" = {
|
||||
projname = {
|
||||
id = 50;
|
||||
path = "/xfsprojects/projname";
|
||||
sizeHardLimit = "50g";
|
||||
|
@ -45,7 +45,7 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.etc."xonshrc".text = cfg.config;
|
||||
environment.etc.xonshrc.text = cfg.config;
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
|
@ -12,7 +12,7 @@ in
|
||||
lockerCommand = mkOption {
|
||||
default = "${pkgs.i3lock}/bin/i3lock";
|
||||
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
|
||||
type = types.string;
|
||||
type = types.separatedString " ";
|
||||
description = "Locker to be used with xsslock";
|
||||
};
|
||||
|
||||
|
@ -76,7 +76,7 @@ in
|
||||
font = mkOption {
|
||||
default = "sans bold 9";
|
||||
example = "Droid Sans, FontAwesome Bold 9";
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
|
||||
description = ''
|
||||
The font that will be used to draw the status bar.
|
||||
@ -95,7 +95,7 @@ in
|
||||
|
||||
extra = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf types.string;
|
||||
type = types.attrsOf types.str;
|
||||
|
||||
description = ''
|
||||
An attribute set which contains further attributes of a bar.
|
||||
@ -107,7 +107,7 @@ in
|
||||
type = types.attrsOf(types.submodule {
|
||||
options.exec = mkOption {
|
||||
example = "YABAR_DATE";
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
description = ''
|
||||
The type of the indicator to be executed.
|
||||
'';
|
||||
@ -125,7 +125,7 @@ in
|
||||
|
||||
options.extra = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf (types.either types.string types.int);
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
|
||||
description = ''
|
||||
An attribute set which contains further attributes of a indicator.
|
||||
|
@ -33,7 +33,7 @@ in
|
||||
|
||||
patterns = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf types.string;
|
||||
type = types.attrsOf types.str;
|
||||
|
||||
example = literalExample ''
|
||||
{
|
||||
@ -50,7 +50,7 @@ in
|
||||
};
|
||||
styles = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf types.string;
|
||||
type = types.attrsOf types.str;
|
||||
|
||||
example = literalExample ''
|
||||
{
|
||||
|
@ -133,7 +133,7 @@ in
|
||||
|
||||
programs.zsh.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
|
||||
|
||||
environment.etc."zshenv".text =
|
||||
environment.etc.zshenv.text =
|
||||
''
|
||||
# /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
|
||||
# This file is read for all shells.
|
||||
@ -157,7 +157,7 @@ in
|
||||
fi
|
||||
'';
|
||||
|
||||
environment.etc."zprofile".text =
|
||||
environment.etc.zprofile.text =
|
||||
''
|
||||
# /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
|
||||
# This file is read for login shells.
|
||||
@ -176,7 +176,7 @@ in
|
||||
fi
|
||||
'';
|
||||
|
||||
environment.etc."zshrc".text =
|
||||
environment.etc.zshrc.text =
|
||||
''
|
||||
# /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
|
||||
# This file is read for interactive shells.
|
||||
@ -225,7 +225,7 @@ in
|
||||
fi
|
||||
'';
|
||||
|
||||
environment.etc."zinputrc".source = ./zinputrc;
|
||||
environment.etc.zinputrc.source = ./zinputrc;
|
||||
|
||||
environment.systemPackages = [ pkgs.zsh ]
|
||||
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
|
||||
|
@ -256,7 +256,7 @@ with lib;
|
||||
|
||||
# binfmt
|
||||
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
|
||||
|
||||
|
||||
# ACME
|
||||
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
|
||||
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
|
||||
@ -285,6 +285,13 @@ with lib;
|
||||
throw "services.redshift.longitude is set to null, you can remove this"
|
||||
else builtins.fromJSON value))
|
||||
|
||||
# Redis
|
||||
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
|
||||
|
||||
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
|
||||
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
|
||||
"snmpExporter" "unifiExporter" "varnishExporter" ]
|
||||
|
@ -213,7 +213,7 @@ in
|
||||
StateDirectoryMode = rights;
|
||||
WorkingDirectory = "/var/lib/${lpath}";
|
||||
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
|
||||
ExecStopPost =
|
||||
ExecStopPost =
|
||||
let
|
||||
script = pkgs.writeScript "acme-post-stop" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
@ -298,6 +298,9 @@ in
|
||||
};
|
||||
})
|
||||
);
|
||||
|
||||
systemd.targets.acme-selfsigned-certificates = mkIf cfg.preliminarySelfsigned {};
|
||||
systemd.targets.acme-certificates = {};
|
||||
})
|
||||
|
||||
];
|
||||
|
@ -6,6 +6,10 @@ with lib;
|
||||
options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
|
||||
|
||||
config = mkIf config.security.auditd.enable {
|
||||
boot.kernelParams = [ "audit=1" ];
|
||||
|
||||
environment.systemPackages = [ pkgs.audit ];
|
||||
|
||||
systemd.services.auditd = {
|
||||
description = "Linux Audit daemon";
|
||||
wantedBy = [ "basic.target" ];
|
||||
|
@ -24,6 +24,6 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ sandbox ];
|
||||
security.wrappers."${sandbox.passthru.sandboxExecutableName}".source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
|
||||
security.wrappers.${sandbox.passthru.sandboxExecutableName}.source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
|
||||
};
|
||||
}
|
||||
|
@ -685,7 +685,7 @@ in
|
||||
};
|
||||
id = mkOption {
|
||||
example = "42";
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
description = "client id";
|
||||
};
|
||||
|
||||
|
@ -85,7 +85,7 @@ in
|
||||
|
||||
security.wrappers = {
|
||||
pkexec.source = "${pkgs.polkit.bin}/bin/pkexec";
|
||||
"polkit-agent-helper-1".source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
|
||||
polkit-agent-helper-1.source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
@ -4,7 +4,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prey;
|
||||
myPrey = pkgs."prey-bash-client".override {
|
||||
myPrey = pkgs.prey-bash-client.override {
|
||||
apiKey = cfg.apiKey;
|
||||
deviceKey = cfg.deviceKey;
|
||||
};
|
||||
|
@ -91,7 +91,7 @@ in
|
||||
type = with types; listOf (submodule {
|
||||
options = {
|
||||
users = mkOption {
|
||||
type = with types; listOf (either string int);
|
||||
type = with types; listOf (either str int);
|
||||
description = ''
|
||||
The usernames / UIDs this rule should apply for.
|
||||
'';
|
||||
@ -99,7 +99,7 @@ in
|
||||
};
|
||||
|
||||
groups = mkOption {
|
||||
type = with types; listOf (either string int);
|
||||
type = with types; listOf (either str int);
|
||||
description = ''
|
||||
The groups / GIDs this rule should apply for.
|
||||
'';
|
||||
@ -107,7 +107,7 @@ in
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "ALL";
|
||||
description = ''
|
||||
For what host this rule should apply.
|
||||
@ -115,7 +115,7 @@ in
|
||||
};
|
||||
|
||||
runAs = mkOption {
|
||||
type = with types; string;
|
||||
type = with types; str;
|
||||
default = "ALL:ALL";
|
||||
description = ''
|
||||
Under which user/group the specified command is allowed to run.
|
||||
@ -130,11 +130,11 @@ in
|
||||
description = ''
|
||||
The commands for which the rule should apply.
|
||||
'';
|
||||
type = with types; listOf (either string (submodule {
|
||||
type = with types; listOf (either str (submodule {
|
||||
|
||||
options = {
|
||||
command = mkOption {
|
||||
type = with types; string;
|
||||
type = with types; str;
|
||||
description = ''
|
||||
A command being either just a path to a binary to allow any arguments,
|
||||
the full command with arguments pre-set or with <code>""</code> used as the argument,
|
||||
|
@ -7,7 +7,7 @@ let
|
||||
|
||||
programs =
|
||||
(lib.mapAttrsToList
|
||||
(n: v: (if v ? "program" then v else v // {program=n;}))
|
||||
(n: v: (if v ? program then v else v // {program=n;}))
|
||||
wrappers);
|
||||
|
||||
securityWrapper = pkgs.stdenv.mkDerivation {
|
||||
@ -74,15 +74,15 @@ let
|
||||
|
||||
mkWrappedPrograms =
|
||||
builtins.map
|
||||
(s: if (s ? "capabilities")
|
||||
(s: if (s ? capabilities)
|
||||
then mkSetcapProgram
|
||||
({ owner = "root";
|
||||
group = "root";
|
||||
} // s)
|
||||
else if
|
||||
(s ? "setuid" && s.setuid) ||
|
||||
(s ? "setgid" && s.setgid) ||
|
||||
(s ? "permissions")
|
||||
(s ? setuid && s.setuid) ||
|
||||
(s ? setgid && s.setgid) ||
|
||||
(s ? permissions)
|
||||
then mkSetuidProgram s
|
||||
else mkSetuidProgram
|
||||
({ owner = "root";
|
||||
|
@ -40,7 +40,7 @@ in {
|
||||
'';
|
||||
};
|
||||
configurationURI = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "xbean:activemq.xml";
|
||||
description = ''
|
||||
The URI that is passed along to the BrokerFactory to
|
||||
@ -51,7 +51,7 @@ in {
|
||||
'';
|
||||
};
|
||||
baseDir = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "/var/activemq";
|
||||
description = ''
|
||||
The base directory where ActiveMQ stores its persistent data and logs.
|
||||
@ -81,7 +81,7 @@ in {
|
||||
'';
|
||||
};
|
||||
extraJavaOptions = mkOption {
|
||||
type = types.string;
|
||||
type = types.separatedString " ";
|
||||
default = "";
|
||||
example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M";
|
||||
description = ''
|
||||
|
@ -64,7 +64,7 @@ in
|
||||
};
|
||||
|
||||
volumeStep = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "1";
|
||||
example = "1%";
|
||||
description = ''
|
||||
@ -99,7 +99,7 @@ in
|
||||
|
||||
boot.kernelModules = optional config.sound.enableOSSEmulation "snd_pcm_oss";
|
||||
|
||||
systemd.services."alsa-store" =
|
||||
systemd.services.alsa-store =
|
||||
{ description = "Store Sound Card State";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
unitConfig.RequiresMountsFor = "/var/lib/alsa";
|
||||
|
@ -23,7 +23,7 @@ in {
|
||||
|
||||
mpd = {
|
||||
host = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "The host where MPD is listening.";
|
||||
example = "localhost";
|
||||
|
@ -1,73 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.crashplansb;
|
||||
crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; };
|
||||
in
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
services.crashplansb = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Starts crashplan for small business background service.
|
||||
'';
|
||||
};
|
||||
maxRam = mkOption {
|
||||
default = "1024m";
|
||||
example = "2G";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Maximum amount of ram that the crashplan engine should use.
|
||||
'';
|
||||
};
|
||||
openPorts = mkOption {
|
||||
description = "Open ports in the firewall for crashplan.";
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
ports = mkOption {
|
||||
# https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform
|
||||
# used ports can also be checked in the desktop app console using the command connection.info
|
||||
description = "which ports to open.";
|
||||
default = [ 4242 4243 4244 4247 ];
|
||||
type = types.listOf types.int;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ crashplansb ];
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports;
|
||||
|
||||
systemd.services.crashplansb = {
|
||||
description = "CrashPlan Backup Engine";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" "local-fs.target" ];
|
||||
|
||||
preStart = ''
|
||||
install -d -m 755 ${crashplansb.vardir}
|
||||
install -d -m 700 ${crashplansb.vardir}/conf
|
||||
install -d -m 700 ${crashplansb.manifestdir}
|
||||
install -d -m 700 ${crashplansb.vardir}/cache
|
||||
install -d -m 700 ${crashplansb.vardir}/backupArchives
|
||||
install -d -m 777 ${crashplansb.vardir}/log
|
||||
cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
EnvironmentFile = "${crashplansb}/bin/run.conf";
|
||||
ExecStart = "${crashplansb}/bin/CrashPlanEngine start";
|
||||
ExecStop = "${crashplansb}/bin/CrashPlanEngine stop";
|
||||
PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid";
|
||||
WorkingDirectory = crashplansb;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,67 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.crashplan;
|
||||
crashplan = pkgs.crashplan;
|
||||
in
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
services.crashplan = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Starts crashplan background service.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ crashplan ];
|
||||
|
||||
systemd.services.crashplan = {
|
||||
description = "CrashPlan Backup Engine";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" "local-fs.target" ];
|
||||
|
||||
preStart = ''
|
||||
ensureDir() {
|
||||
dir=$1
|
||||
mode=$2
|
||||
|
||||
if ! test -e $dir; then
|
||||
${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
|
||||
elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
|
||||
${pkgs.coreutils}/bin/chmod $mode $dir
|
||||
fi
|
||||
}
|
||||
|
||||
ensureDir ${crashplan.vardir} 755
|
||||
ensureDir ${crashplan.vardir}/conf 700
|
||||
ensureDir ${crashplan.manifestdir} 700
|
||||
ensureDir ${crashplan.vardir}/cache 700
|
||||
ensureDir ${crashplan.vardir}/backupArchives 700
|
||||
ensureDir ${crashplan.vardir}/log 777
|
||||
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
|
||||
for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do
|
||||
rm -f ${crashplan.vardir}/$x;
|
||||
ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
|
||||
done
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
EnvironmentFile = "${crashplan}/bin/run.conf";
|
||||
ExecStart = "${crashplan}/bin/CrashPlanEngine start";
|
||||
ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
|
||||
PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
|
||||
WorkingDirectory = crashplan;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -103,7 +103,7 @@ in
|
||||
}];
|
||||
|
||||
systemd = {
|
||||
timers."mysql-backup" = {
|
||||
timers.mysql-backup = {
|
||||
description = "Mysql backup timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
@ -112,7 +112,7 @@ in
|
||||
Unit = "mysql-backup.service";
|
||||
};
|
||||
};
|
||||
services."mysql-backup" = {
|
||||
services.mysql-backup = {
|
||||
description = "Mysql backup service";
|
||||
enable = true;
|
||||
serviceConfig = {
|
||||
|
@ -81,7 +81,7 @@ in {
|
||||
};
|
||||
|
||||
pgdumpOptions = mkOption {
|
||||
type = types.string;
|
||||
type = types.separatedString " ";
|
||||
default = "-Cbo";
|
||||
description = ''
|
||||
Command line options for pg_dump. This options is not used
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
let
|
||||
cfg = config.services.rsnapshot;
|
||||
cfgfile = pkgs.writeText "rsnapshot.conf" ''
|
||||
config_version 1.2
|
||||
@ -52,7 +52,7 @@ in
|
||||
cronIntervals = mkOption {
|
||||
default = {};
|
||||
example = { hourly = "0 * * * *"; daily = "50 21 * * *"; };
|
||||
type = types.attrsOf types.string;
|
||||
type = types.attrsOf types.str;
|
||||
description = ''
|
||||
Periodicity at which intervals should be run by cron.
|
||||
Note that the intervals also have to exist in configuration
|
||||
|
@ -78,7 +78,7 @@ in
|
||||
config = mkIf cfg.enable {
|
||||
inherit assertions;
|
||||
programs.tsmClient.enable = true;
|
||||
programs.tsmClient.servers."${cfg.servername}".passwdDir =
|
||||
programs.tsmClient.servers.${cfg.servername}.passwdDir =
|
||||
mkDefault "/var/lib/tsm-backup/password";
|
||||
systemd.services.tsm-backup = {
|
||||
description = "IBM Spectrum Protect (Tivoli Storage Manager) Backup";
|
||||
|
@ -60,7 +60,7 @@ in {
|
||||
pkgs.lz4
|
||||
];
|
||||
|
||||
systemd.services."zfs-replication" = {
|
||||
systemd.services.zfs-replication = {
|
||||
after = [
|
||||
"zfs-snapshot-daily.service"
|
||||
"zfs-snapshot-frequent.service"
|
||||
|
@ -361,7 +361,7 @@ in
|
||||
environment.systemPackages = [ pkgs.znapzend ];
|
||||
|
||||
systemd.services = {
|
||||
"znapzend" = {
|
||||
znapzend = {
|
||||
description = "ZnapZend - ZFS Backup System";
|
||||
wantedBy = [ "zfs.target" ];
|
||||
after = [ "zfs.target" ];
|
||||
|
@ -24,7 +24,7 @@ with lib;
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.hdfs.namenode.enabled {
|
||||
systemd.services."hdfs-namenode" = {
|
||||
systemd.services.hdfs-namenode = {
|
||||
description = "Hadoop HDFS NameNode";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
@ -44,7 +44,7 @@ with lib;
|
||||
};
|
||||
})
|
||||
(mkIf cfg.hdfs.datanode.enabled {
|
||||
systemd.services."hdfs-datanode" = {
|
||||
systemd.services.hdfs-datanode = {
|
||||
description = "Hadoop HDFS DataNode";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
@ -35,7 +35,7 @@ with lib;
|
||||
})
|
||||
|
||||
(mkIf cfg.yarn.resourcemanager.enabled {
|
||||
systemd.services."yarn-resourcemanager" = {
|
||||
systemd.services.yarn-resourcemanager = {
|
||||
description = "Hadoop YARN ResourceManager";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
@ -53,7 +53,7 @@ with lib;
|
||||
})
|
||||
|
||||
(mkIf cfg.yarn.nodemanager.enabled {
|
||||
systemd.services."yarn-nodemanager" = {
|
||||
systemd.services.yarn-nodemanager = {
|
||||
description = "Hadoop YARN NodeManager";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
@ -74,7 +74,7 @@ in {
|
||||
spec = {
|
||||
replicas = 1;
|
||||
revisionHistoryLimit = 10;
|
||||
selector.matchLabels."k8s-app" = "kubernetes-dashboard";
|
||||
selector.matchLabels.k8s-app = "kubernetes-dashboard";
|
||||
template = {
|
||||
metadata = {
|
||||
labels = {
|
||||
|
@ -73,7 +73,7 @@ in {
|
||||
metadata = {
|
||||
labels = {
|
||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||
"k8s-app" = "kube-dns";
|
||||
k8s-app = "kube-dns";
|
||||
"kubernetes.io/cluster-service" = "true";
|
||||
"kubernetes.io/bootstrapping" = "rbac-defaults";
|
||||
};
|
||||
@ -102,7 +102,7 @@ in {
|
||||
};
|
||||
labels = {
|
||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||
"k8s-app" = "kube-dns";
|
||||
k8s-app = "kube-dns";
|
||||
"kubernetes.io/cluster-service" = "true";
|
||||
"kubernetes.io/bootstrapping" = "rbac-defaults";
|
||||
};
|
||||
@ -130,7 +130,7 @@ in {
|
||||
metadata = {
|
||||
labels = {
|
||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||
"k8s-app" = "kube-dns";
|
||||
k8s-app = "kube-dns";
|
||||
"kubernetes.io/cluster-service" = "true";
|
||||
};
|
||||
name = "coredns";
|
||||
@ -144,7 +144,7 @@ in {
|
||||
metadata = {
|
||||
labels = {
|
||||
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
|
||||
"k8s-app" = "kube-dns";
|
||||
k8s-app = "kube-dns";
|
||||
"kubernetes.io/cluster-service" = "true";
|
||||
};
|
||||
name = "coredns";
|
||||
@ -175,7 +175,7 @@ in {
|
||||
metadata = {
|
||||
labels = {
|
||||
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
|
||||
"k8s-app" = "kube-dns";
|
||||
k8s-app = "kube-dns";
|
||||
"kubernetes.io/cluster-service" = "true";
|
||||
"kubernetes.io/name" = "CoreDNS";
|
||||
};
|
||||
@ -301,7 +301,7 @@ in {
|
||||
};
|
||||
labels = {
|
||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||
"k8s-app" = "kube-dns";
|
||||
k8s-app = "kube-dns";
|
||||
"kubernetes.io/cluster-service" = "true";
|
||||
"kubernetes.io/name" = "CoreDNS";
|
||||
};
|
||||
|
@ -261,7 +261,7 @@ in {
|
||||
before = [ "kubernetes.target" ];
|
||||
};
|
||||
|
||||
systemd.services.kube-control-plane-online = rec {
|
||||
systemd.services.kube-control-plane-online = {
|
||||
description = "Kubernetes control plane is online";
|
||||
wantedBy = [ "kube-control-plane-online.target" ];
|
||||
after = [ "kube-scheduler.service" "kube-controller-manager.service" ];
|
||||
|
@ -111,7 +111,7 @@ in
|
||||
|
||||
systemd.services.boinc = {
|
||||
description = "BOINC Client";
|
||||
after = ["network.target" "local-fs.target"];
|
||||
after = ["network.target"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
script = ''
|
||||
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
|
||||
|
@ -43,7 +43,7 @@ in
|
||||
###### interface
|
||||
options = {
|
||||
|
||||
services.hydra = rec {
|
||||
services.hydra = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -259,7 +259,7 @@ in {
|
||||
'';
|
||||
};
|
||||
incrementalRepairOptions = mkOption {
|
||||
type = types.listOf types.string;
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "--partitioner-range" ];
|
||||
description = ''
|
||||
@ -267,7 +267,7 @@ in {
|
||||
'';
|
||||
};
|
||||
maxHeapSize = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "4G";
|
||||
description = ''
|
||||
@ -287,7 +287,7 @@ in {
|
||||
'';
|
||||
};
|
||||
heapNewSize = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "800M";
|
||||
description = ''
|
||||
@ -352,11 +352,11 @@ in {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
username = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
description = "Username for JMX";
|
||||
};
|
||||
password = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
description = "Password for JMX";
|
||||
};
|
||||
};
|
||||
@ -397,14 +397,14 @@ in {
|
||||
}
|
||||
];
|
||||
users = mkIf (cfg.user == defaultUser) {
|
||||
extraUsers."${defaultUser}" =
|
||||
extraUsers.${defaultUser} =
|
||||
{ group = cfg.group;
|
||||
home = cfg.homeDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.cassandra;
|
||||
description = "Cassandra service user";
|
||||
};
|
||||
extraGroups."${defaultUser}".gid = config.ids.gids.cassandra;
|
||||
extraGroups.${defaultUser}.gid = config.ids.gids.cassandra;
|
||||
};
|
||||
|
||||
systemd.services.cassandra =
|
||||
|
@ -56,7 +56,7 @@ in {
|
||||
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "couchdb";
|
||||
description = ''
|
||||
User account under which couchdb runs.
|
||||
@ -64,7 +64,7 @@ in {
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "couchdb";
|
||||
description = ''
|
||||
Group account under which couchdb runs.
|
||||
@ -106,7 +106,7 @@ in {
|
||||
};
|
||||
|
||||
bindAddress = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
Defines the IP address by which CouchDB will be accessible.
|
||||
@ -138,7 +138,7 @@ in {
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.string;
|
||||
type = types.path;
|
||||
description = ''
|
||||
Configuration file for persisting runtime changes. File
|
||||
needs to be readable and writable from couchdb user/group.
|
||||
|
@ -140,7 +140,7 @@ in
|
||||
};
|
||||
|
||||
logSize = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "10MiB";
|
||||
description = ''
|
||||
Roll over to a new log file after the current log file
|
||||
@ -149,7 +149,7 @@ in
|
||||
};
|
||||
|
||||
maxLogSize = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "100MiB";
|
||||
description = ''
|
||||
Delete the oldest log file when the total size of all log
|
||||
@ -171,7 +171,7 @@ in
|
||||
};
|
||||
|
||||
memory = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "8GiB";
|
||||
description = ''
|
||||
Maximum memory used by the process. The default value is
|
||||
@ -193,7 +193,7 @@ in
|
||||
};
|
||||
|
||||
storageMemory = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "1GiB";
|
||||
description = ''
|
||||
Maximum memory used for data storage. The default value is
|
||||
|
@ -53,7 +53,7 @@ in {
|
||||
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "hbase";
|
||||
description = ''
|
||||
User account under which HBase runs.
|
||||
@ -61,7 +61,7 @@ in {
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "hbase";
|
||||
description = ''
|
||||
Group account under which HBase runs.
|
||||
|
@ -129,13 +129,13 @@ in
|
||||
user = mkOption {
|
||||
default = "influxdb";
|
||||
description = "User account under which influxdb runs";
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
default = "influxdb";
|
||||
description = "Group under which influxdb runs";
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
|
@ -65,9 +65,9 @@ in
|
||||
default = false;
|
||||
description = "Enable client authentication. Creates a default superuser with username root!";
|
||||
};
|
||||
|
||||
|
||||
initialRootPassword = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "Password for the root user if auth is enabled.";
|
||||
};
|
||||
|
@ -47,26 +47,26 @@ in
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "openldap";
|
||||
description = "User account under which slapd runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "openldap";
|
||||
description = "Group account under which slapd runs.";
|
||||
};
|
||||
|
||||
urlList = mkOption {
|
||||
type = types.listOf types.string;
|
||||
type = types.listOf types.str;
|
||||
default = [ "ldap:///" ];
|
||||
description = "URL list slapd should listen on.";
|
||||
example = [ "ldaps:///" ];
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.string;
|
||||
type = types.path;
|
||||
default = "/var/db/openldap";
|
||||
description = "The database directory.";
|
||||
};
|
||||
|
@ -34,7 +34,7 @@ in {
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "opentsdb";
|
||||
description = ''
|
||||
User account under which OpenTSDB runs.
|
||||
@ -42,7 +42,7 @@ in {
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "opentsdb";
|
||||
description = ''
|
||||
Group account under which OpenTSDB runs.
|
||||
|
@ -59,8 +59,8 @@ in {
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
example = {
|
||||
"nuc-server" = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
|
||||
"mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
|
||||
nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
|
||||
mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
|
||||
};
|
||||
description = ''
|
||||
pgmanage requires at least one PostgreSQL server be defined.
|
||||
@ -192,13 +192,13 @@ in {
|
||||
};
|
||||
};
|
||||
users = {
|
||||
users."${pgmanage}" = {
|
||||
users.${pgmanage} = {
|
||||
name = pgmanage;
|
||||
group = pgmanage;
|
||||
home = cfg.sqlRoot;
|
||||
createHome = true;
|
||||
};
|
||||
groups."${pgmanage}" = {
|
||||
groups.${pgmanage} = {
|
||||
name = pgmanage;
|
||||
};
|
||||
};
|
||||
|
@ -8,17 +8,19 @@ let
|
||||
condOption = name: value: if value != null then "${name} ${toString value}" else "";
|
||||
|
||||
redisConfig = pkgs.writeText "redis.conf" ''
|
||||
pidfile ${cfg.pidFile}
|
||||
port ${toString cfg.port}
|
||||
${condOption "bind" cfg.bind}
|
||||
${condOption "unixsocket" cfg.unixSocket}
|
||||
daemonize yes
|
||||
supervised systemd
|
||||
loglevel ${cfg.logLevel}
|
||||
logfile ${cfg.logfile}
|
||||
syslog-enabled ${redisBool cfg.syslog}
|
||||
pidfile /run/redis/redis.pid
|
||||
databases ${toString cfg.databases}
|
||||
${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save}
|
||||
dbfilename ${cfg.dbFilename}
|
||||
dir ${toString cfg.dbpath}
|
||||
dbfilename dump.rdb
|
||||
dir /var/lib/redis
|
||||
${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""}
|
||||
${condOption "masterauth" cfg.masterAuth}
|
||||
${condOption "requirepass" cfg.requirePass}
|
||||
@ -40,7 +42,12 @@ in
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable the Redis server.";
|
||||
description = ''
|
||||
Whether to enable the Redis server. Note that the NixOS module for
|
||||
Redis disables kernel support for Transparent Huge Pages (THP),
|
||||
because this features causes major performance problems for Redis,
|
||||
e.g. (https://redis.io/topics/latency).
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
@ -50,18 +57,6 @@ in
|
||||
description = "Which Redis derivation to use.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "redis";
|
||||
description = "User account under which Redis runs.";
|
||||
};
|
||||
|
||||
pidFile = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/redis/redis.pid";
|
||||
description = "";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 6379;
|
||||
@ -95,7 +90,7 @@ in
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
description = "The path to the socket to bind to.";
|
||||
example = "/run/redis.sock";
|
||||
example = "/run/redis/redis.sock";
|
||||
};
|
||||
|
||||
logLevel = mkOption {
|
||||
@ -131,18 +126,6 @@ in
|
||||
example = [ [900 1] [300 10] [60 10000] ];
|
||||
};
|
||||
|
||||
dbFilename = mkOption {
|
||||
type = types.str;
|
||||
default = "dump.rdb";
|
||||
description = "The filename where to dump the DB.";
|
||||
};
|
||||
|
||||
dbpath = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/redis";
|
||||
description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
|
||||
};
|
||||
|
||||
slaveOf = mkOption {
|
||||
default = null; # { ip, port }
|
||||
description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave.";
|
||||
@ -170,12 +153,6 @@ in
|
||||
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
|
||||
};
|
||||
|
||||
appendOnlyFilename = mkOption {
|
||||
type = types.str;
|
||||
default = "appendonly.aof";
|
||||
description = "Filename for the append-only file (stored inside of dbpath)";
|
||||
};
|
||||
|
||||
appendFsync = mkOption {
|
||||
type = types.str;
|
||||
default = "everysec"; # no, always, everysec
|
||||
@ -217,27 +194,30 @@ in
|
||||
allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
|
||||
users.users.redis =
|
||||
{ name = cfg.user;
|
||||
description = "Redis database user";
|
||||
};
|
||||
users.users.redis.description = "Redis database user";
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.disable-transparent-huge-pages = {
|
||||
description = "Disable Transparent Huge Pages (required by Redis)";
|
||||
before = [ "redis.service" ];
|
||||
wantedBy = [ "redis.service" ];
|
||||
script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled";
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
|
||||
systemd.services.redis =
|
||||
{ description = "Redis Server";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
preStart = ''
|
||||
install -d -m0700 -o ${cfg.user} ${cfg.dbpath}
|
||||
chown -R ${cfg.user} ${cfg.dbpath}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}";
|
||||
User = cfg.user;
|
||||
RuntimeDirectory = "redis";
|
||||
StateDirectory = "redis";
|
||||
Type = "notify";
|
||||
User = "redis";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -29,7 +29,7 @@ in
|
||||
};
|
||||
|
||||
nodeName = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "riak@127.0.0.1";
|
||||
description = ''
|
||||
Name of the Erlang node.
|
||||
@ -37,7 +37,7 @@ in
|
||||
};
|
||||
|
||||
distributedCookie = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "riak";
|
||||
description = ''
|
||||
Cookie for distributed node communication. All nodes in the
|
||||
|
@ -202,14 +202,14 @@ in
|
||||
];
|
||||
|
||||
# restart geoclue service when the configuration changes
|
||||
systemd.services."geoclue".restartTriggers = [
|
||||
systemd.services.geoclue.restartTriggers = [
|
||||
config.environment.etc."geoclue/geoclue.conf".source
|
||||
];
|
||||
|
||||
# this needs to run as a user service, since it's associated with the
|
||||
# user who is making the requests
|
||||
systemd.user.services = mkIf cfg.enableDemoAgent {
|
||||
"geoclue-agent" = {
|
||||
geoclue-agent = {
|
||||
description = "Geoclue agent";
|
||||
script = "${package}/libexec/geoclue-2.0/demos/agent";
|
||||
# this should really be `partOf = [ "geoclue.service" ]`, but
|
||||
@ -219,12 +219,12 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.geoclue2.appConfig."epiphany" = {
|
||||
services.geoclue2.appConfig.epiphany = {
|
||||
isAllowed = true;
|
||||
isSystem = false;
|
||||
};
|
||||
|
||||
services.geoclue2.appConfig."firefox" = {
|
||||
services.geoclue2.appConfig.firefox = {
|
||||
isAllowed = true;
|
||||
isSystem = false;
|
||||
};
|
||||
|
@ -1,38 +0,0 @@
|
||||
# Seahorse daemon.
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gnome3.seahorse = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable Seahorse search provider for the GNOME Shell activity search.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.gnome3.seahorse.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.gnome3.seahorse pkgs.gnome3.dconf ];
|
||||
|
||||
services.dbus.packages = [ pkgs.gnome3.seahorse ];
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -34,7 +34,7 @@ in {
|
||||
psd = {
|
||||
enable = true;
|
||||
description = "Profile Sync daemon";
|
||||
wants = [ "psd-resync.service" "local-fs.target" ];
|
||||
wants = [ "psd-resync.service" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
|
||||
unitConfig = {
|
||||
|
@ -55,7 +55,7 @@ in
|
||||
'';
|
||||
};
|
||||
saveName = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "default";
|
||||
description = ''
|
||||
The name of the savegame that will be used by the server.
|
||||
@ -81,7 +81,7 @@ in
|
||||
'';
|
||||
};
|
||||
stateDirName = mkOption {
|
||||
type = types.string;
|
||||
type = types.str;
|
||||
default = "factorio";
|
||||
description = ''
|
||||
Name of the directory under /var/lib holding the server's data.
|
||||
@ -102,14 +102,14 @@ in
|
||||
'';
|
||||
};
|
||||
game-name = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = "Factorio Game";
|
||||
description = ''
|
||||
Name of the game as it will appear in the game listing.
|
||||
'';
|
||||
};
|
||||
description = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Description of the game that will appear in the listing.
|
||||
@ -130,28 +130,28 @@ in
|
||||
'';
|
||||
};
|
||||
username = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Your factorio.com login credentials. Required for games with visibility public.
|
||||
'';
|
||||
};
|
||||
password = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Your factorio.com login credentials. Required for games with visibility public.
|
||||
'';
|
||||
};
|
||||
token = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Authentication token. May be used instead of 'password' above.
|
||||
'';
|
||||
};
|
||||
game-password = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Game password.
|
||||
|
@ -4,7 +4,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.terraria;
|
||||
worldSizeMap = { "small" = 1; "medium" = 2; "large" = 3; };
|
||||
worldSizeMap = { small = 1; medium = 2; large = 3; };
|
||||
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
|
||||
boolFlag = name: val: optionalString val "-${name}";
|
||||
flags = [
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user