treewide: remove redundant quotes
This commit is contained in:
parent
fe9c9f719d
commit
35d68ef143
@ -14,10 +14,10 @@ let
|
|||||||
builtins.map
|
builtins.map
|
||||||
(subsetname: {
|
(subsetname: {
|
||||||
subsetname = subsetname;
|
subsetname = subsetname;
|
||||||
functions = libDefPos toplib."${subsetname}";
|
functions = libDefPos toplib.${subsetname};
|
||||||
})
|
})
|
||||||
(builtins.filter
|
(builtins.filter
|
||||||
(name: builtins.isAttrs toplib."${name}")
|
(name: builtins.isAttrs toplib.${name})
|
||||||
(builtins.attrNames toplib));
|
(builtins.attrNames toplib));
|
||||||
|
|
||||||
nixpkgsLib = pkgs.lib;
|
nixpkgsLib = pkgs.lib;
|
||||||
|
@ -446,11 +446,11 @@ rec {
|
|||||||
if length list < 2
|
if length list < 2
|
||||||
then # finish
|
then # finish
|
||||||
{ result = list; }
|
{ result = list; }
|
||||||
else if dfsthis ? "cycle"
|
else if dfsthis ? cycle
|
||||||
then # there's a cycle, starting from the current vertex, return it
|
then # there's a cycle, starting from the current vertex, return it
|
||||||
{ cycle = reverseList ([ dfsthis.cycle ] ++ dfsthis.visited);
|
{ cycle = reverseList ([ dfsthis.cycle ] ++ dfsthis.visited);
|
||||||
inherit (dfsthis) loops; }
|
inherit (dfsthis) loops; }
|
||||||
else if toporest ? "cycle"
|
else if toporest ? cycle
|
||||||
then # there's a cycle somewhere else in the graph, return it
|
then # there's a cycle somewhere else in the graph, return it
|
||||||
toporest
|
toporest
|
||||||
# Slow, but short. Can be made a bit faster with an explicit stack.
|
# Slow, but short. Can be made a bit faster with an explicit stack.
|
||||||
|
@ -58,13 +58,13 @@ rec {
|
|||||||
uname = {
|
uname = {
|
||||||
# uname -s
|
# uname -s
|
||||||
system = {
|
system = {
|
||||||
"linux" = "Linux";
|
linux = "Linux";
|
||||||
"windows" = "Windows";
|
windows = "Windows";
|
||||||
"darwin" = "Darwin";
|
darwin = "Darwin";
|
||||||
"netbsd" = "NetBSD";
|
netbsd = "NetBSD";
|
||||||
"freebsd" = "FreeBSD";
|
freebsd = "FreeBSD";
|
||||||
"openbsd" = "OpenBSD";
|
openbsd = "OpenBSD";
|
||||||
"wasi" = "Wasi";
|
wasi = "Wasi";
|
||||||
}.${final.parsed.kernel.name} or null;
|
}.${final.parsed.kernel.name} or null;
|
||||||
|
|
||||||
# uname -p
|
# uname -p
|
||||||
@ -86,10 +86,10 @@ rec {
|
|||||||
else if final.isx86_64 then "x86_64"
|
else if final.isx86_64 then "x86_64"
|
||||||
else if final.isx86 then "i386"
|
else if final.isx86 then "i386"
|
||||||
else {
|
else {
|
||||||
"powerpc" = "ppc";
|
powerpc = "ppc";
|
||||||
"powerpcle" = "ppc";
|
powerpcle = "ppc";
|
||||||
"powerpc64" = "ppc64";
|
powerpc64 = "ppc64";
|
||||||
"powerpc64le" = "ppc64le";
|
powerpc64le = "ppc64le";
|
||||||
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
|
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
|
||||||
|
|
||||||
emulator = pkgs: let
|
emulator = pkgs: let
|
||||||
|
@ -456,16 +456,16 @@ rec {
|
|||||||
};
|
};
|
||||||
|
|
||||||
selectBySystem = system: {
|
selectBySystem = system: {
|
||||||
"i486-linux" = pc32;
|
i486-linux = pc32;
|
||||||
"i586-linux" = pc32;
|
i586-linux = pc32;
|
||||||
"i686-linux" = pc32;
|
i686-linux = pc32;
|
||||||
"x86_64-linux" = pc64;
|
x86_64-linux = pc64;
|
||||||
"armv5tel-linux" = sheevaplug;
|
armv5tel-linux = sheevaplug;
|
||||||
"armv6l-linux" = raspberrypi;
|
armv6l-linux = raspberrypi;
|
||||||
"armv7a-linux" = armv7l-hf-multiplatform;
|
armv7a-linux = armv7l-hf-multiplatform;
|
||||||
"armv7l-linux" = armv7l-hf-multiplatform;
|
armv7l-linux = armv7l-hf-multiplatform;
|
||||||
"aarch64-linux" = aarch64-multiplatform;
|
aarch64-linux = aarch64-multiplatform;
|
||||||
"mipsel-linux" = fuloong2f_n32;
|
mipsel-linux = fuloong2f_n32;
|
||||||
"powerpc64le-linux" = powernv;
|
powerpc64le-linux = powernv;
|
||||||
}.${system} or pcBase;
|
}.${system} or pcBase;
|
||||||
}
|
}
|
||||||
|
@ -42,7 +42,7 @@ rec {
|
|||||||
# Default type functor
|
# Default type functor
|
||||||
defaultFunctor = name: {
|
defaultFunctor = name: {
|
||||||
inherit name;
|
inherit name;
|
||||||
type = types."${name}" or null;
|
type = types.${name} or null;
|
||||||
wrapped = null;
|
wrapped = null;
|
||||||
payload = null;
|
payload = null;
|
||||||
binOp = a: b: null;
|
binOp = a: b: null;
|
||||||
|
@ -17,9 +17,9 @@ in
|
|||||||
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
|
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
|
||||||
|
|
||||||
qemuBinary = qemuPkg: {
|
qemuBinary = qemuPkg: {
|
||||||
"x86_64-linux" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
||||||
"armv7l-linux" = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
|
armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
|
||||||
"aarch64-linux" = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
|
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
|
||||||
"x86_64-darwin" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
|
||||||
}.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm";
|
}.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm";
|
||||||
}
|
}
|
||||||
|
@ -35,8 +35,8 @@ let
|
|||||||
then "fontconfig"
|
then "fontconfig"
|
||||||
else "fontconfig_${version}";
|
else "fontconfig_${version}";
|
||||||
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
|
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
|
||||||
cache = makeCache pkgs."${fcPackage}";
|
cache = makeCache pkgs.${fcPackage};
|
||||||
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
|
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
|
||||||
in
|
in
|
||||||
pkgs.writeText "fc-00-nixos-cache.conf" ''
|
pkgs.writeText "fc-00-nixos-cache.conf" ''
|
||||||
<?xml version='1.0'?>
|
<?xml version='1.0'?>
|
||||||
|
@ -79,7 +79,7 @@ in
|
|||||||
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
|
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
|
||||||
|
|
||||||
fonts.fontconfig.confPackages = [ confPkg ];
|
fonts.fontconfig.confPackages = [ confPkg ];
|
||||||
environment.variables."INFINALITY_FT" = cfg.preset;
|
environment.variables.INFINALITY_FT = cfg.preset;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -50,8 +50,8 @@ let cfg = config.fonts.fontconfig;
|
|||||||
then "fontconfig"
|
then "fontconfig"
|
||||||
else "fontconfig_${version}";
|
else "fontconfig_${version}";
|
||||||
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
|
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
|
||||||
cache = makeCache pkgs."${fcPackage}";
|
cache = makeCache pkgs.${fcPackage};
|
||||||
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
|
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
|
||||||
in
|
in
|
||||||
pkgs.writeText "fc-00-nixos-cache.conf" ''
|
pkgs.writeText "fc-00-nixos-cache.conf" ''
|
||||||
<?xml version='1.0'?>
|
<?xml version='1.0'?>
|
||||||
|
@ -15,7 +15,7 @@ let
|
|||||||
realms = optionalAttrs (lib.all (value: value != null) [
|
realms = optionalAttrs (lib.all (value: value != null) [
|
||||||
cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
|
cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
|
||||||
]) {
|
]) {
|
||||||
"${cfg.defaultRealm}" = {
|
${cfg.defaultRealm} = {
|
||||||
kdc = cfg.kdc;
|
kdc = cfg.kdc;
|
||||||
admin_server = cfg.kerberosAdminServer;
|
admin_server = cfg.kerberosAdminServer;
|
||||||
};
|
};
|
||||||
@ -25,7 +25,7 @@ let
|
|||||||
cfg.domainRealm cfg.defaultRealm
|
cfg.domainRealm cfg.defaultRealm
|
||||||
]) {
|
]) {
|
||||||
".${cfg.domainRealm}" = cfg.defaultRealm;
|
".${cfg.domainRealm}" = cfg.defaultRealm;
|
||||||
"${cfg.domainRealm}" = cfg.defaultRealm;
|
${cfg.domainRealm} = cfg.defaultRealm;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ let
|
|||||||
|
|
||||||
# The set of alternative malloc(3) providers.
|
# The set of alternative malloc(3) providers.
|
||||||
providers = {
|
providers = {
|
||||||
"graphene-hardened" = rec {
|
graphene-hardened = rec {
|
||||||
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
||||||
description = ''
|
description = ''
|
||||||
An allocator designed to mitigate memory corruption attacks, such as
|
An allocator designed to mitigate memory corruption attacks, such as
|
||||||
@ -14,7 +14,7 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
"jemalloc" = {
|
jemalloc = {
|
||||||
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||||
description = ''
|
description = ''
|
||||||
A general purpose allocator that emphasizes fragmentation avoidance
|
A general purpose allocator that emphasizes fragmentation avoidance
|
||||||
@ -22,7 +22,7 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
"scudo" = {
|
scudo = {
|
||||||
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
|
libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
|
||||||
description = ''
|
description = ''
|
||||||
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
||||||
@ -32,7 +32,7 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
providerConf = providers."${cfg.provider}";
|
providerConf = providers.${cfg.provider};
|
||||||
|
|
||||||
# An output that contains only the shared library, to avoid
|
# An output that contains only the shared library, to avoid
|
||||||
# needlessly bloating the system closure
|
# needlessly bloating the system closure
|
||||||
|
@ -171,13 +171,13 @@ in
|
|||||||
|
|
||||||
environment.etc =
|
environment.etc =
|
||||||
{ # /etc/services: TCP/UDP port assignments.
|
{ # /etc/services: TCP/UDP port assignments.
|
||||||
"services".source = pkgs.iana-etc + "/etc/services";
|
services.source = pkgs.iana-etc + "/etc/services";
|
||||||
|
|
||||||
# /etc/protocols: IP protocol numbers.
|
# /etc/protocols: IP protocol numbers.
|
||||||
"protocols".source = pkgs.iana-etc + "/etc/protocols";
|
protocols.source = pkgs.iana-etc + "/etc/protocols";
|
||||||
|
|
||||||
# /etc/hosts: Hostname-to-IP mappings.
|
# /etc/hosts: Hostname-to-IP mappings.
|
||||||
"hosts".text = let
|
hosts.text = let
|
||||||
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
|
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
|
||||||
allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
|
allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
|
||||||
in ''
|
in ''
|
||||||
@ -190,7 +190,7 @@ in
|
|||||||
|
|
||||||
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
|
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
|
||||||
# /etc/rpc: RPC program numbers.
|
# /etc/rpc: RPC program numbers.
|
||||||
"rpc".source = pkgs.glibc.out + "/etc/rpc";
|
rpc.source = pkgs.glibc.out + "/etc/rpc";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.proxy.envVars =
|
networking.proxy.envVars =
|
||||||
|
@ -78,7 +78,7 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Service executed before suspending/hibernating.
|
# Service executed before suspending/hibernating.
|
||||||
systemd.services."pre-sleep" =
|
systemd.services.pre-sleep =
|
||||||
{ description = "Pre-Sleep Actions";
|
{ description = "Pre-Sleep Actions";
|
||||||
wantedBy = [ "sleep.target" ];
|
wantedBy = [ "sleep.target" ];
|
||||||
before = [ "sleep.target" ];
|
before = [ "sleep.target" ];
|
||||||
@ -89,7 +89,7 @@ in
|
|||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."post-resume" =
|
systemd.services.post-resume =
|
||||||
{ description = "Post-Resume Actions";
|
{ description = "Post-Resume Actions";
|
||||||
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
|
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
|
||||||
script =
|
script =
|
||||||
|
@ -163,7 +163,7 @@ in
|
|||||||
l = "ls -alh";
|
l = "ls -alh";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc."shells".text =
|
environment.etc.shells.text =
|
||||||
''
|
''
|
||||||
${concatStringsSep "\n" (map utils.toShellPath cfg.shells)}
|
${concatStringsSep "\n" (map utils.toShellPath cfg.shells)}
|
||||||
/bin/sh
|
/bin/sh
|
||||||
@ -171,7 +171,7 @@ in
|
|||||||
|
|
||||||
# For resetting environment with `. /etc/set-environment` when needed
|
# For resetting environment with `. /etc/set-environment` when needed
|
||||||
# and discoverability (see motivation of #30418).
|
# and discoverability (see motivation of #30418).
|
||||||
environment.etc."set-environment".source = config.system.build.setEnvironment;
|
environment.etc.set-environment.source = config.system.build.setEnvironment;
|
||||||
|
|
||||||
system.build.setEnvironment = pkgs.writeText "set-environment"
|
system.build.setEnvironment = pkgs.writeText "set-environment"
|
||||||
''
|
''
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
"/share/terminfo"
|
"/share/terminfo"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.etc."terminfo" = {
|
environment.etc.terminfo = {
|
||||||
source = "${config.system.path}/share/terminfo";
|
source = "${config.system.path}/share/terminfo";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -546,11 +546,11 @@ in {
|
|||||||
environment.systemPackages = systemShells;
|
environment.systemPackages = systemShells;
|
||||||
|
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"subuid" = {
|
subuid = {
|
||||||
text = subuidFile;
|
text = subuidFile;
|
||||||
mode = "0644";
|
mode = "0644";
|
||||||
};
|
};
|
||||||
"subgid" = {
|
subgid = {
|
||||||
text = subgidFile;
|
text = subgidFile;
|
||||||
mode = "0644";
|
mode = "0644";
|
||||||
};
|
};
|
||||||
|
@ -36,6 +36,6 @@ in
|
|||||||
{ inherit (cfg) group; }
|
{ inherit (cfg) group; }
|
||||||
))
|
))
|
||||||
];
|
];
|
||||||
users.groups."${cfg.group}" = {};
|
users.groups.${cfg.group} = {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -33,7 +33,7 @@ in
|
|||||||
|
|
||||||
boot.blacklistedKernelModules = [ "radeon" ];
|
boot.blacklistedKernelModules = [ "radeon" ];
|
||||||
|
|
||||||
environment.etc."ati".source = "${ati_x11}/etc/ati";
|
environment.etc.ati.source = "${ati_x11}/etc/ati";
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ in
|
|||||||
# Generate /etc/os-release. See
|
# Generate /etc/os-release. See
|
||||||
# https://www.freedesktop.org/software/systemd/man/os-release.html for the
|
# https://www.freedesktop.org/software/systemd/man/os-release.html for the
|
||||||
# format.
|
# format.
|
||||||
environment.etc."os-release".text =
|
environment.etc.os-release.text =
|
||||||
''
|
''
|
||||||
NAME=NixOS
|
NAME=NixOS
|
||||||
ID=nixos
|
ID=nixos
|
||||||
|
@ -30,7 +30,7 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (cfg.settings != {}) {
|
config = mkIf (cfg.settings != {}) {
|
||||||
environment.etc."atoprc".text =
|
environment.etc.atoprc.text =
|
||||||
concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
|
concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -159,7 +159,7 @@ in
|
|||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc."profile".text =
|
environment.etc.profile.text =
|
||||||
''
|
''
|
||||||
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
|
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
|
||||||
# This file is read for login shells.
|
# This file is read for login shells.
|
||||||
@ -184,7 +184,7 @@ in
|
|||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.etc."bashrc".text =
|
environment.etc.bashrc.text =
|
||||||
''
|
''
|
||||||
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
|
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
|
||||||
|
|
||||||
@ -212,7 +212,7 @@ in
|
|||||||
|
|
||||||
# Configuration for readline in bash. We use "option default"
|
# Configuration for readline in bash. We use "option default"
|
||||||
# priority to allow user override using both .text and .source.
|
# priority to allow user override using both .text and .source.
|
||||||
environment.etc."inputrc".source = mkOptionDefault ./inputrc;
|
environment.etc.inputrc.source = mkOptionDefault ./inputrc;
|
||||||
|
|
||||||
users.defaultUserShell = mkDefault pkgs.bashInteractive;
|
users.defaultUserShell = mkDefault pkgs.bashInteractive;
|
||||||
|
|
||||||
|
@ -54,8 +54,8 @@ in
|
|||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
default = {};
|
default = {};
|
||||||
example = {
|
example = {
|
||||||
"h" = "noaction 5\e(";
|
h = "noaction 5\e(";
|
||||||
"l" = "noaction 5\e)";
|
l = "noaction 5\e)";
|
||||||
};
|
};
|
||||||
description = "Defines new command keys.";
|
description = "Defines new command keys.";
|
||||||
};
|
};
|
||||||
@ -74,7 +74,7 @@ in
|
|||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
default = {};
|
default = {};
|
||||||
example = {
|
example = {
|
||||||
"\e" = "abort";
|
e = "abort";
|
||||||
};
|
};
|
||||||
description = "Defines new line-editing keys.";
|
description = "Defines new line-editing keys.";
|
||||||
};
|
};
|
||||||
@ -111,11 +111,11 @@ in
|
|||||||
environment.systemPackages = [ pkgs.less ];
|
environment.systemPackages = [ pkgs.less ];
|
||||||
|
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
"LESSKEY_SYSTEM" = toString lessKey;
|
LESSKEY_SYSTEM = toString lessKey;
|
||||||
} // optionalAttrs (cfg.lessopen != null) {
|
} // optionalAttrs (cfg.lessopen != null) {
|
||||||
"LESSOPEN" = cfg.lessopen;
|
LESSOPEN = cfg.lessopen;
|
||||||
} // optionalAttrs (cfg.lessclose != null) {
|
} // optionalAttrs (cfg.lessclose != null) {
|
||||||
"LESSCLOSE" = cfg.lessclose;
|
LESSCLOSE = cfg.lessclose;
|
||||||
};
|
};
|
||||||
|
|
||||||
warnings = optional (
|
warnings = optional (
|
||||||
|
@ -35,7 +35,7 @@ in
|
|||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
|
config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
|
||||||
environment.etc."nanorc".text = lib.concatStrings [ cfg.nanorc
|
environment.etc.nanorc.text = lib.concatStrings [ cfg.nanorc
|
||||||
(lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
|
(lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ in
|
|||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
environment.etc."npmrc".text = cfg.npmrc;
|
environment.etc.npmrc.text = cfg.npmrc;
|
||||||
|
|
||||||
environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";
|
environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ in
|
|||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf (cfg.screenrc != "") {
|
config = mkIf (cfg.screenrc != "") {
|
||||||
environment.etc."screenrc".text = cfg.screenrc;
|
environment.etc.screenrc.text = cfg.screenrc;
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.screen ];
|
environment.systemPackages = [ pkgs.screen ];
|
||||||
};
|
};
|
||||||
|
@ -61,7 +61,7 @@ in
|
|||||||
description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.";
|
description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.";
|
||||||
|
|
||||||
example = {
|
example = {
|
||||||
"projname" = {
|
projname = {
|
||||||
id = 50;
|
id = 50;
|
||||||
path = "/xfsprojects/projname";
|
path = "/xfsprojects/projname";
|
||||||
sizeHardLimit = "50g";
|
sizeHardLimit = "50g";
|
||||||
|
@ -45,7 +45,7 @@ in
|
|||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
environment.etc."xonshrc".text = cfg.config;
|
environment.etc.xonshrc.text = cfg.config;
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
@ -135,7 +135,7 @@ in
|
|||||||
|
|
||||||
programs.zsh.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
|
programs.zsh.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
|
||||||
|
|
||||||
environment.etc."zshenv".text =
|
environment.etc.zshenv.text =
|
||||||
''
|
''
|
||||||
# /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
|
# /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
|
||||||
# This file is read for all shells.
|
# This file is read for all shells.
|
||||||
@ -159,7 +159,7 @@ in
|
|||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.etc."zprofile".text =
|
environment.etc.zprofile.text =
|
||||||
''
|
''
|
||||||
# /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
|
# /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
|
||||||
# This file is read for login shells.
|
# This file is read for login shells.
|
||||||
@ -178,7 +178,7 @@ in
|
|||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.etc."zshrc".text =
|
environment.etc.zshrc.text =
|
||||||
''
|
''
|
||||||
# /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
|
# /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
|
||||||
# This file is read for interactive shells.
|
# This file is read for interactive shells.
|
||||||
@ -219,7 +219,7 @@ in
|
|||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.etc."zinputrc".source = ./zinputrc;
|
environment.etc.zinputrc.source = ./zinputrc;
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.zsh ]
|
environment.systemPackages = [ pkgs.zsh ]
|
||||||
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
|
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
|
||||||
|
@ -378,8 +378,8 @@ in
|
|||||||
})
|
})
|
||||||
);
|
);
|
||||||
|
|
||||||
systemd.targets."acme-selfsigned-certificates" = mkIf cfg.preliminarySelfsigned {};
|
systemd.targets.acme-selfsigned-certificates = mkIf cfg.preliminarySelfsigned {};
|
||||||
systemd.targets."acme-certificates" = {};
|
systemd.targets.acme-certificates = {};
|
||||||
})
|
})
|
||||||
|
|
||||||
];
|
];
|
||||||
|
@ -24,6 +24,6 @@ in
|
|||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ sandbox ];
|
environment.systemPackages = [ sandbox ];
|
||||||
security.wrappers."${sandbox.passthru.sandboxExecutableName}".source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
|
security.wrappers.${sandbox.passthru.sandboxExecutableName}.source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -85,7 +85,7 @@ in
|
|||||||
|
|
||||||
security.wrappers = {
|
security.wrappers = {
|
||||||
pkexec.source = "${pkgs.polkit.bin}/bin/pkexec";
|
pkexec.source = "${pkgs.polkit.bin}/bin/pkexec";
|
||||||
"polkit-agent-helper-1".source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
|
polkit-agent-helper-1.source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
|
@ -4,7 +4,7 @@ with lib;
|
|||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.prey;
|
cfg = config.services.prey;
|
||||||
myPrey = pkgs."prey-bash-client".override {
|
myPrey = pkgs.prey-bash-client.override {
|
||||||
apiKey = cfg.apiKey;
|
apiKey = cfg.apiKey;
|
||||||
deviceKey = cfg.deviceKey;
|
deviceKey = cfg.deviceKey;
|
||||||
};
|
};
|
||||||
|
@ -7,7 +7,7 @@ let
|
|||||||
|
|
||||||
programs =
|
programs =
|
||||||
(lib.mapAttrsToList
|
(lib.mapAttrsToList
|
||||||
(n: v: (if v ? "program" then v else v // {program=n;}))
|
(n: v: (if v ? program then v else v // {program=n;}))
|
||||||
wrappers);
|
wrappers);
|
||||||
|
|
||||||
securityWrapper = pkgs.stdenv.mkDerivation {
|
securityWrapper = pkgs.stdenv.mkDerivation {
|
||||||
@ -74,15 +74,15 @@ let
|
|||||||
|
|
||||||
mkWrappedPrograms =
|
mkWrappedPrograms =
|
||||||
builtins.map
|
builtins.map
|
||||||
(s: if (s ? "capabilities")
|
(s: if (s ? capabilities)
|
||||||
then mkSetcapProgram
|
then mkSetcapProgram
|
||||||
({ owner = "root";
|
({ owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
} // s)
|
} // s)
|
||||||
else if
|
else if
|
||||||
(s ? "setuid" && s.setuid) ||
|
(s ? setuid && s.setuid) ||
|
||||||
(s ? "setgid" && s.setgid) ||
|
(s ? setgid && s.setgid) ||
|
||||||
(s ? "permissions")
|
(s ? permissions)
|
||||||
then mkSetuidProgram s
|
then mkSetuidProgram s
|
||||||
else mkSetuidProgram
|
else mkSetuidProgram
|
||||||
({ owner = "root";
|
({ owner = "root";
|
||||||
|
@ -99,7 +99,7 @@ in
|
|||||||
|
|
||||||
boot.kernelModules = optional config.sound.enableOSSEmulation "snd_pcm_oss";
|
boot.kernelModules = optional config.sound.enableOSSEmulation "snd_pcm_oss";
|
||||||
|
|
||||||
systemd.services."alsa-store" =
|
systemd.services.alsa-store =
|
||||||
{ description = "Store Sound Card State";
|
{ description = "Store Sound Card State";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
unitConfig.RequiresMountsFor = "/var/lib/alsa";
|
unitConfig.RequiresMountsFor = "/var/lib/alsa";
|
||||||
|
@ -103,7 +103,7 @@ in
|
|||||||
}];
|
}];
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
timers."mysql-backup" = {
|
timers.mysql-backup = {
|
||||||
description = "Mysql backup timer";
|
description = "Mysql backup timer";
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
@ -112,7 +112,7 @@ in
|
|||||||
Unit = "mysql-backup.service";
|
Unit = "mysql-backup.service";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services."mysql-backup" = {
|
services.mysql-backup = {
|
||||||
description = "Mysql backup service";
|
description = "Mysql backup service";
|
||||||
enable = true;
|
enable = true;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -78,7 +78,7 @@ in
|
|||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
inherit assertions;
|
inherit assertions;
|
||||||
programs.tsmClient.enable = true;
|
programs.tsmClient.enable = true;
|
||||||
programs.tsmClient.servers."${cfg.servername}".passwdDir =
|
programs.tsmClient.servers.${cfg.servername}.passwdDir =
|
||||||
mkDefault "/var/lib/tsm-backup/password";
|
mkDefault "/var/lib/tsm-backup/password";
|
||||||
systemd.services.tsm-backup = {
|
systemd.services.tsm-backup = {
|
||||||
description = "IBM Spectrum Protect (Tivoli Storage Manager) Backup";
|
description = "IBM Spectrum Protect (Tivoli Storage Manager) Backup";
|
||||||
|
@ -60,7 +60,7 @@ in {
|
|||||||
pkgs.lz4
|
pkgs.lz4
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services."zfs-replication" = {
|
systemd.services.zfs-replication = {
|
||||||
after = [
|
after = [
|
||||||
"zfs-snapshot-daily.service"
|
"zfs-snapshot-daily.service"
|
||||||
"zfs-snapshot-frequent.service"
|
"zfs-snapshot-frequent.service"
|
||||||
|
@ -361,7 +361,7 @@ in
|
|||||||
environment.systemPackages = [ pkgs.znapzend ];
|
environment.systemPackages = [ pkgs.znapzend ];
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
"znapzend" = {
|
znapzend = {
|
||||||
description = "ZnapZend - ZFS Backup System";
|
description = "ZnapZend - ZFS Backup System";
|
||||||
wantedBy = [ "zfs.target" ];
|
wantedBy = [ "zfs.target" ];
|
||||||
after = [ "zfs.target" ];
|
after = [ "zfs.target" ];
|
||||||
|
@ -24,7 +24,7 @@ with lib;
|
|||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf cfg.hdfs.namenode.enabled {
|
(mkIf cfg.hdfs.namenode.enabled {
|
||||||
systemd.services."hdfs-namenode" = {
|
systemd.services.hdfs-namenode = {
|
||||||
description = "Hadoop HDFS NameNode";
|
description = "Hadoop HDFS NameNode";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
@ -44,7 +44,7 @@ with lib;
|
|||||||
};
|
};
|
||||||
})
|
})
|
||||||
(mkIf cfg.hdfs.datanode.enabled {
|
(mkIf cfg.hdfs.datanode.enabled {
|
||||||
systemd.services."hdfs-datanode" = {
|
systemd.services.hdfs-datanode = {
|
||||||
description = "Hadoop HDFS DataNode";
|
description = "Hadoop HDFS DataNode";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@ with lib;
|
|||||||
})
|
})
|
||||||
|
|
||||||
(mkIf cfg.yarn.resourcemanager.enabled {
|
(mkIf cfg.yarn.resourcemanager.enabled {
|
||||||
systemd.services."yarn-resourcemanager" = {
|
systemd.services.yarn-resourcemanager = {
|
||||||
description = "Hadoop YARN ResourceManager";
|
description = "Hadoop YARN ResourceManager";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
@ -53,7 +53,7 @@ with lib;
|
|||||||
})
|
})
|
||||||
|
|
||||||
(mkIf cfg.yarn.nodemanager.enabled {
|
(mkIf cfg.yarn.nodemanager.enabled {
|
||||||
systemd.services."yarn-nodemanager" = {
|
systemd.services.yarn-nodemanager = {
|
||||||
description = "Hadoop YARN NodeManager";
|
description = "Hadoop YARN NodeManager";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ in {
|
|||||||
spec = {
|
spec = {
|
||||||
replicas = 1;
|
replicas = 1;
|
||||||
revisionHistoryLimit = 10;
|
revisionHistoryLimit = 10;
|
||||||
selector.matchLabels."k8s-app" = "kubernetes-dashboard";
|
selector.matchLabels.k8s-app = "kubernetes-dashboard";
|
||||||
template = {
|
template = {
|
||||||
metadata = {
|
metadata = {
|
||||||
labels = {
|
labels = {
|
||||||
|
@ -73,7 +73,7 @@ in {
|
|||||||
metadata = {
|
metadata = {
|
||||||
labels = {
|
labels = {
|
||||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||||
"k8s-app" = "kube-dns";
|
k8s-app = "kube-dns";
|
||||||
"kubernetes.io/cluster-service" = "true";
|
"kubernetes.io/cluster-service" = "true";
|
||||||
"kubernetes.io/bootstrapping" = "rbac-defaults";
|
"kubernetes.io/bootstrapping" = "rbac-defaults";
|
||||||
};
|
};
|
||||||
@ -102,7 +102,7 @@ in {
|
|||||||
};
|
};
|
||||||
labels = {
|
labels = {
|
||||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||||
"k8s-app" = "kube-dns";
|
k8s-app = "kube-dns";
|
||||||
"kubernetes.io/cluster-service" = "true";
|
"kubernetes.io/cluster-service" = "true";
|
||||||
"kubernetes.io/bootstrapping" = "rbac-defaults";
|
"kubernetes.io/bootstrapping" = "rbac-defaults";
|
||||||
};
|
};
|
||||||
@ -130,7 +130,7 @@ in {
|
|||||||
metadata = {
|
metadata = {
|
||||||
labels = {
|
labels = {
|
||||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||||
"k8s-app" = "kube-dns";
|
k8s-app = "kube-dns";
|
||||||
"kubernetes.io/cluster-service" = "true";
|
"kubernetes.io/cluster-service" = "true";
|
||||||
};
|
};
|
||||||
name = "coredns";
|
name = "coredns";
|
||||||
@ -144,7 +144,7 @@ in {
|
|||||||
metadata = {
|
metadata = {
|
||||||
labels = {
|
labels = {
|
||||||
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
|
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
|
||||||
"k8s-app" = "kube-dns";
|
k8s-app = "kube-dns";
|
||||||
"kubernetes.io/cluster-service" = "true";
|
"kubernetes.io/cluster-service" = "true";
|
||||||
};
|
};
|
||||||
name = "coredns";
|
name = "coredns";
|
||||||
@ -175,7 +175,7 @@ in {
|
|||||||
metadata = {
|
metadata = {
|
||||||
labels = {
|
labels = {
|
||||||
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
|
"addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
|
||||||
"k8s-app" = "kube-dns";
|
k8s-app = "kube-dns";
|
||||||
"kubernetes.io/cluster-service" = "true";
|
"kubernetes.io/cluster-service" = "true";
|
||||||
"kubernetes.io/name" = "CoreDNS";
|
"kubernetes.io/name" = "CoreDNS";
|
||||||
};
|
};
|
||||||
@ -301,7 +301,7 @@ in {
|
|||||||
};
|
};
|
||||||
labels = {
|
labels = {
|
||||||
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
||||||
"k8s-app" = "kube-dns";
|
k8s-app = "kube-dns";
|
||||||
"kubernetes.io/cluster-service" = "true";
|
"kubernetes.io/cluster-service" = "true";
|
||||||
"kubernetes.io/name" = "CoreDNS";
|
"kubernetes.io/name" = "CoreDNS";
|
||||||
};
|
};
|
||||||
|
@ -397,14 +397,14 @@ in {
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
users = mkIf (cfg.user == defaultUser) {
|
users = mkIf (cfg.user == defaultUser) {
|
||||||
extraUsers."${defaultUser}" =
|
extraUsers.${defaultUser} =
|
||||||
{ group = cfg.group;
|
{ group = cfg.group;
|
||||||
home = cfg.homeDir;
|
home = cfg.homeDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
uid = config.ids.uids.cassandra;
|
uid = config.ids.uids.cassandra;
|
||||||
description = "Cassandra service user";
|
description = "Cassandra service user";
|
||||||
};
|
};
|
||||||
extraGroups."${defaultUser}".gid = config.ids.gids.cassandra;
|
extraGroups.${defaultUser}.gid = config.ids.gids.cassandra;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.cassandra =
|
systemd.services.cassandra =
|
||||||
|
@ -59,8 +59,8 @@ in {
|
|||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
default = {};
|
default = {};
|
||||||
example = {
|
example = {
|
||||||
"nuc-server" = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
|
nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
|
||||||
"mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
|
mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
|
||||||
};
|
};
|
||||||
description = ''
|
description = ''
|
||||||
pgmanage requires at least one PostgreSQL server be defined.
|
pgmanage requires at least one PostgreSQL server be defined.
|
||||||
@ -192,13 +192,13 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
users."${pgmanage}" = {
|
users.${pgmanage} = {
|
||||||
name = pgmanage;
|
name = pgmanage;
|
||||||
group = pgmanage;
|
group = pgmanage;
|
||||||
home = cfg.sqlRoot;
|
home = cfg.sqlRoot;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
groups."${pgmanage}" = {
|
groups.${pgmanage} = {
|
||||||
name = pgmanage;
|
name = pgmanage;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -202,14 +202,14 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
# restart geoclue service when the configuration changes
|
# restart geoclue service when the configuration changes
|
||||||
systemd.services."geoclue".restartTriggers = [
|
systemd.services.geoclue.restartTriggers = [
|
||||||
config.environment.etc."geoclue/geoclue.conf".source
|
config.environment.etc."geoclue/geoclue.conf".source
|
||||||
];
|
];
|
||||||
|
|
||||||
# this needs to run as a user service, since it's associated with the
|
# this needs to run as a user service, since it's associated with the
|
||||||
# user who is making the requests
|
# user who is making the requests
|
||||||
systemd.user.services = mkIf cfg.enableDemoAgent {
|
systemd.user.services = mkIf cfg.enableDemoAgent {
|
||||||
"geoclue-agent" = {
|
geoclue-agent = {
|
||||||
description = "Geoclue agent";
|
description = "Geoclue agent";
|
||||||
script = "${package}/libexec/geoclue-2.0/demos/agent";
|
script = "${package}/libexec/geoclue-2.0/demos/agent";
|
||||||
# this should really be `partOf = [ "geoclue.service" ]`, but
|
# this should really be `partOf = [ "geoclue.service" ]`, but
|
||||||
@ -219,12 +219,12 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.geoclue2.appConfig."epiphany" = {
|
services.geoclue2.appConfig.epiphany = {
|
||||||
isAllowed = true;
|
isAllowed = true;
|
||||||
isSystem = false;
|
isSystem = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.geoclue2.appConfig."firefox" = {
|
services.geoclue2.appConfig.firefox = {
|
||||||
isAllowed = true;
|
isAllowed = true;
|
||||||
isSystem = false;
|
isSystem = false;
|
||||||
};
|
};
|
||||||
|
@ -4,7 +4,7 @@ with lib;
|
|||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.terraria;
|
cfg = config.services.terraria;
|
||||||
worldSizeMap = { "small" = 1; "medium" = 2; "large" = 3; };
|
worldSizeMap = { small = 1; medium = 2; large = 3; };
|
||||||
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
|
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
|
||||||
boolFlag = name: val: optionalString val "-${name}";
|
boolFlag = name: val: optionalString val "-${name}";
|
||||||
flags = [
|
flags = [
|
||||||
|
@ -124,7 +124,7 @@ in
|
|||||||
environment.sessionVariables = env;
|
environment.sessionVariables = env;
|
||||||
services.udev.packages = backends;
|
services.udev.packages = backends;
|
||||||
|
|
||||||
users.groups."scanner".gid = config.ids.gids.scanner;
|
users.groups.scanner.gid = config.ids.gids.scanner;
|
||||||
})
|
})
|
||||||
|
|
||||||
(mkIf config.services.saned.enable {
|
(mkIf config.services.saned.enable {
|
||||||
@ -152,7 +152,7 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users."scanner" = {
|
users.users.scanner = {
|
||||||
uid = config.ids.uids.scanner;
|
uid = config.ids.uids.scanner;
|
||||||
group = "scanner";
|
group = "scanner";
|
||||||
};
|
};
|
||||||
|
@ -20,7 +20,7 @@ in {
|
|||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.packages = [ pkgs.throttled ];
|
systemd.packages = [ pkgs.throttled ];
|
||||||
# The upstream package has this in Install, but that's not enough, see the NixOS manual
|
# The upstream package has this in Install, but that's not enough, see the NixOS manual
|
||||||
systemd.services."lenovo_fix".wantedBy = [ "multi-user.target" ];
|
systemd.services.lenovo_fix.wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
environment.etc."lenovo_fix.conf".source =
|
environment.etc."lenovo_fix.conf".source =
|
||||||
if cfg.extraConfig != ""
|
if cfg.extraConfig != ""
|
||||||
|
@ -60,11 +60,11 @@ in
|
|||||||
powerManagement.cpufreq.max = null;
|
powerManagement.cpufreq.max = null;
|
||||||
powerManagement.cpufreq.min = null;
|
powerManagement.cpufreq.min = null;
|
||||||
|
|
||||||
systemd.sockets."systemd-rfkill".enable = false;
|
systemd.sockets.systemd-rfkill.enable = false;
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
"systemd-rfkill@".enable = false;
|
"systemd-rfkill@".enable = false;
|
||||||
"systemd-rfkill".enable = false;
|
systemd-rfkill.enable = false;
|
||||||
|
|
||||||
tlp = {
|
tlp = {
|
||||||
description = "TLP system startup/shutdown";
|
description = "TLP system startup/shutdown";
|
||||||
|
@ -23,9 +23,9 @@ let
|
|||||||
flags = "-r ${rulesDir} -c ${configFile} -L ${logFiles} -${levelFlag} -m ${cfg.mailTo}";
|
flags = "-r ${rulesDir} -c ${configFile} -L ${logFiles} -${levelFlag} -m ${cfg.mailTo}";
|
||||||
|
|
||||||
levelFlag = getAttrFromPath [cfg.level]
|
levelFlag = getAttrFromPath [cfg.level]
|
||||||
{ "paranoid" = "p";
|
{ paranoid = "p";
|
||||||
"server" = "s";
|
server = "s";
|
||||||
"workstation" = "w";
|
workstation = "w";
|
||||||
};
|
};
|
||||||
|
|
||||||
cronJob = ''
|
cronJob = ''
|
||||||
|
@ -137,7 +137,7 @@ in
|
|||||||
${pkgs.postfix}/bin/postmap ${stateDir}/transports
|
${pkgs.postfix}/bin/postmap ${stateDir}/transports
|
||||||
'';
|
'';
|
||||||
|
|
||||||
systemd.services."mlmmj-maintd" = {
|
systemd.services.mlmmj-maintd = {
|
||||||
description = "mlmmj maintenance daemon";
|
description = "mlmmj maintenance daemon";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
@ -146,7 +146,7 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers."mlmmj-maintd" = {
|
systemd.timers.mlmmj-maintd = {
|
||||||
description = "mlmmj maintenance timer";
|
description = "mlmmj maintenance timer";
|
||||||
timerConfig.OnUnitActiveSec = cfg.maintInterval;
|
timerConfig.OnUnitActiveSec = cfg.maintInterval;
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
|
@ -40,7 +40,7 @@ with lib;
|
|||||||
systemPackages = [ pkgs.pfixtools ];
|
systemPackages = [ pkgs.pfixtools ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."pfix-srsd" = {
|
systemd.services.pfix-srsd = {
|
||||||
description = "Postfix sender rewriting scheme daemon";
|
description = "Postfix sender rewriting scheme daemon";
|
||||||
before = [ "postfix.service" ];
|
before = [ "postfix.service" ];
|
||||||
#note that we use requires rather than wants because postfix
|
#note that we use requires rather than wants because postfix
|
||||||
|
@ -877,22 +877,22 @@ in
|
|||||||
}
|
}
|
||||||
|
|
||||||
(mkIf haveAliases {
|
(mkIf haveAliases {
|
||||||
services.postfix.aliasFiles."aliases" = aliasesFile;
|
services.postfix.aliasFiles.aliases = aliasesFile;
|
||||||
})
|
})
|
||||||
(mkIf haveTransport {
|
(mkIf haveTransport {
|
||||||
services.postfix.mapFiles."transport" = transportFile;
|
services.postfix.mapFiles.transport = transportFile;
|
||||||
})
|
})
|
||||||
(mkIf haveVirtual {
|
(mkIf haveVirtual {
|
||||||
services.postfix.mapFiles."virtual" = virtualFile;
|
services.postfix.mapFiles.virtual = virtualFile;
|
||||||
})
|
})
|
||||||
(mkIf haveLocalRecipients {
|
(mkIf haveLocalRecipients {
|
||||||
services.postfix.mapFiles."local_recipients" = localRecipientMapFile;
|
services.postfix.mapFiles.local_recipients = localRecipientMapFile;
|
||||||
})
|
})
|
||||||
(mkIf cfg.enableHeaderChecks {
|
(mkIf cfg.enableHeaderChecks {
|
||||||
services.postfix.mapFiles."header_checks" = headerChecksFile;
|
services.postfix.mapFiles.header_checks = headerChecksFile;
|
||||||
})
|
})
|
||||||
(mkIf (cfg.dnsBlacklists != []) {
|
(mkIf (cfg.dnsBlacklists != []) {
|
||||||
services.postfix.mapFiles."client_access" = checkClientAccessFile;
|
services.postfix.mapFiles.client_access = checkClientAccessFile;
|
||||||
})
|
})
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
@ -7,7 +7,7 @@ with lib; let
|
|||||||
natural = with types; addCheck int (x: x >= 0);
|
natural = with types; addCheck int (x: x >= 0);
|
||||||
natural' = with types; addCheck int (x: x > 0);
|
natural' = with types; addCheck int (x: x > 0);
|
||||||
|
|
||||||
socket = with types; addCheck (either (submodule unixSocket) (submodule inetSocket)) (x: x ? "path" || x ? "port");
|
socket = with types; addCheck (either (submodule unixSocket) (submodule inetSocket)) (x: x ? path || x ? port);
|
||||||
|
|
||||||
inetSocket = with types; {
|
inetSocket = with types; {
|
||||||
options = {
|
options = {
|
||||||
@ -151,7 +151,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.postgrey = let
|
systemd.services.postgrey = let
|
||||||
bind-flag = if cfg.socket ? "path" then
|
bind-flag = if cfg.socket ? path then
|
||||||
''--unix=${cfg.socket.path} --socketmode=${cfg.socket.mode}''
|
''--unix=${cfg.socket.path} --socketmode=${cfg.socket.mode}''
|
||||||
else
|
else
|
||||||
''--inet=${optionalString (cfg.socket.addr != null) (cfg.socket.addr + ":")}${toString cfg.socket.port}'';
|
''--inet=${optionalString (cfg.socket.addr != null) (cfg.socket.addr + ":")}${toString cfg.socket.port}'';
|
||||||
|
@ -387,7 +387,7 @@ in
|
|||||||
gid = config.ids.gids.rspamd;
|
gid = config.ids.gids.rspamd;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc."rspamd".source = rspamdDir;
|
environment.etc.rspamd.source = rspamdDir;
|
||||||
|
|
||||||
systemd.services.rspamd = {
|
systemd.services.rspamd = {
|
||||||
description = "Rspamd Service";
|
description = "Rspamd Service";
|
||||||
|
@ -138,8 +138,8 @@ in {
|
|||||||
|
|
||||||
services.nginx = mkIf (cfg.virtualHost != null) {
|
services.nginx = mkIf (cfg.virtualHost != null) {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${cfg.virtualHost}" = {
|
virtualHosts.${cfg.virtualHost} = {
|
||||||
locations."${cfg.contextPath}".proxyPass = "http://${cfg.listenAddress}:${toString cfg.port}";
|
locations.${cfg.contextPath}.proxyPass = "http://${cfg.listenAddress}:${toString cfg.port}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -8,9 +8,9 @@ let
|
|||||||
printProperties = properties:
|
printProperties = properties:
|
||||||
concatMapStrings (propertyName:
|
concatMapStrings (propertyName:
|
||||||
let
|
let
|
||||||
property = properties."${propertyName}";
|
property = properties.${propertyName};
|
||||||
in
|
in
|
||||||
if isList property then "${propertyName}=(${lib.concatMapStrings (elem: "\"${toString elem}\" ") (properties."${propertyName}")})\n"
|
if isList property then "${propertyName}=(${lib.concatMapStrings (elem: "\"${toString elem}\" ") (properties.${propertyName})})\n"
|
||||||
else "${propertyName}=\"${toString property}\"\n"
|
else "${propertyName}=\"${toString property}\"\n"
|
||||||
) (builtins.attrNames properties);
|
) (builtins.attrNames properties);
|
||||||
|
|
||||||
@ -31,7 +31,7 @@ let
|
|||||||
|
|
||||||
${concatMapStrings (containerName:
|
${concatMapStrings (containerName:
|
||||||
let
|
let
|
||||||
containerProperties = cfg.containers."${containerName}";
|
containerProperties = cfg.containers.${containerName};
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
cat > ${containerName} <<EOF
|
cat > ${containerName} <<EOF
|
||||||
@ -49,10 +49,10 @@ let
|
|||||||
|
|
||||||
${concatMapStrings (componentName:
|
${concatMapStrings (componentName:
|
||||||
let
|
let
|
||||||
component = cfg.components."${containerName}"."${componentName}";
|
component = cfg.components.${containerName}.${componentName};
|
||||||
in
|
in
|
||||||
"ln -s ${component} ${containerName}/${componentName}\n"
|
"ln -s ${component} ${containerName}/${componentName}\n"
|
||||||
) (builtins.attrNames (cfg.components."${containerName}" or {}))}
|
) (builtins.attrNames (cfg.components.${containerName} or {}))}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
componentsDir = pkgs.stdenv.mkDerivation {
|
componentsDir = pkgs.stdenv.mkDerivation {
|
||||||
|
@ -58,7 +58,7 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
cliOptions = concatStringsSep " " (mapAttrsToList (k: v: "--${k} ${v}") (filterAttrs (k: v: v != null && v != "") (cliOptionsCommon //
|
cliOptions = concatStringsSep " " (mapAttrsToList (k: v: "--${k} ${v}") (filterAttrs (k: v: v != null && v != "") (cliOptionsCommon //
|
||||||
cliOptionsPerConfig."${cfg.configType}" //
|
cliOptionsPerConfig.${cfg.configType} //
|
||||||
s3CommonOptions //
|
s3CommonOptions //
|
||||||
optionalAttrs cfg.s3Backup { s3backup = "true"; } //
|
optionalAttrs cfg.s3Backup { s3backup = "true"; } //
|
||||||
optionalAttrs cfg.fileSystemBackup { filesystembackup = "true"; }
|
optionalAttrs cfg.fileSystemBackup { filesystembackup = "true"; }
|
||||||
|
@ -147,7 +147,7 @@ in
|
|||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
users.groups."${cfg.group}".gid = config.ids.gids.gitolite;
|
users.groups.${cfg.group}.gid = config.ids.gids.gitolite;
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d '${cfg.dataDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
"d '${cfg.dataDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
@ -157,7 +157,7 @@ in
|
|||||||
"Z ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -"
|
"Z ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services."gitolite-init" = {
|
systemd.services.gitolite-init = {
|
||||||
description = "Gitolite initialization";
|
description = "Gitolite initialization";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
unitConfig.RequiresMountsFor = cfg.dataDir;
|
unitConfig.RequiresMountsFor = cfg.dataDir;
|
||||||
|
@ -374,7 +374,7 @@ in {
|
|||||||
user = cfg.database_user;
|
user = cfg.database_user;
|
||||||
database = cfg.database_name;
|
database = cfg.database_name;
|
||||||
};
|
};
|
||||||
}."${cfg.database_type}";
|
}.${cfg.database_type};
|
||||||
description = ''
|
description = ''
|
||||||
Arguments to pass to the engine.
|
Arguments to pass to the engine.
|
||||||
'';
|
'';
|
||||||
|
@ -495,12 +495,12 @@ in
|
|||||||
optionals (pkgs.stdenv.isx86_64 && pkgs.hostPlatform.platform ? gcc.arch) (
|
optionals (pkgs.stdenv.isx86_64 && pkgs.hostPlatform.platform ? gcc.arch) (
|
||||||
# a x86_64 builder can run code for `platform.gcc.arch` and minor architectures:
|
# a x86_64 builder can run code for `platform.gcc.arch` and minor architectures:
|
||||||
[ "gccarch-${pkgs.hostPlatform.platform.gcc.arch}" ] ++ {
|
[ "gccarch-${pkgs.hostPlatform.platform.gcc.arch}" ] ++ {
|
||||||
"sandybridge" = [ "gccarch-westmere" ];
|
sandybridge = [ "gccarch-westmere" ];
|
||||||
"ivybridge" = [ "gccarch-westmere" "gccarch-sandybridge" ];
|
ivybridge = [ "gccarch-westmere" "gccarch-sandybridge" ];
|
||||||
"haswell" = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" ];
|
haswell = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" ];
|
||||||
"broadwell" = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" "gccarch-haswell" ];
|
broadwell = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" "gccarch-haswell" ];
|
||||||
"skylake" = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" "gccarch-haswell" "gccarch-broadwell" ];
|
skylake = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" "gccarch-haswell" "gccarch-broadwell" ];
|
||||||
"skylake-avx512" = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" "gccarch-haswell" "gccarch-broadwell" "gccarch-skylake" ];
|
skylake-avx512 = [ "gccarch-westmere" "gccarch-sandybridge" "gccarch-ivybridge" "gccarch-haswell" "gccarch-broadwell" "gccarch-skylake" ];
|
||||||
}.${pkgs.hostPlatform.platform.gcc.arch} or []
|
}.${pkgs.hostPlatform.platform.gcc.arch} or []
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
@ -54,7 +54,7 @@ in
|
|||||||
(mkIf (cfg.showManual && cfgd.enable && cfgd.nixos.enable) {
|
(mkIf (cfg.showManual && cfgd.enable && cfgd.nixos.enable) {
|
||||||
boot.extraTTYs = [ "tty${toString cfg.ttyNumber}" ];
|
boot.extraTTYs = [ "tty${toString cfg.ttyNumber}" ];
|
||||||
|
|
||||||
systemd.services."nixos-manual" = {
|
systemd.services.nixos-manual = {
|
||||||
description = "NixOS Manual";
|
description = "NixOS Manual";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -44,7 +44,7 @@ in
|
|||||||
configs = mkOption {
|
configs = mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
example = literalExample {
|
example = literalExample {
|
||||||
"home" = {
|
home = {
|
||||||
subvolume = "/home";
|
subvolume = "/home";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
ALLOW_USERS="alice"
|
ALLOW_USERS="alice"
|
||||||
|
@ -83,7 +83,7 @@ in
|
|||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf cfgC.enable {
|
(mkIf cfgC.enable {
|
||||||
systemd.user.services."synergy-client" = {
|
systemd.user.services.synergy-client = {
|
||||||
after = [ "network.target" "graphical-session.target" ];
|
after = [ "network.target" "graphical-session.target" ];
|
||||||
description = "Synergy client";
|
description = "Synergy client";
|
||||||
wantedBy = optional cfgC.autoStart "graphical-session.target";
|
wantedBy = optional cfgC.autoStart "graphical-session.target";
|
||||||
@ -93,7 +93,7 @@ in
|
|||||||
};
|
};
|
||||||
})
|
})
|
||||||
(mkIf cfgS.enable {
|
(mkIf cfgS.enable {
|
||||||
systemd.user.services."synergy-server" = {
|
systemd.user.services.synergy-server = {
|
||||||
after = [ "network.target" "graphical-session.target" ];
|
after = [ "network.target" "graphical-session.target" ];
|
||||||
description = "Synergy server";
|
description = "Synergy server";
|
||||||
wantedBy = optional cfgS.autoStart "graphical-session.target";
|
wantedBy = optional cfgS.autoStart "graphical-session.target";
|
||||||
|
@ -10,7 +10,7 @@ let
|
|||||||
group = {
|
group = {
|
||||||
nginx = config.services.nginx.group;
|
nginx = config.services.nginx.group;
|
||||||
none = user;
|
none = user;
|
||||||
}."${cfg.webserver}";
|
}.${cfg.webserver};
|
||||||
|
|
||||||
useNginx = cfg.webserver == "nginx";
|
useNginx = cfg.webserver == "nginx";
|
||||||
|
|
||||||
@ -223,7 +223,7 @@ in {
|
|||||||
nginx = lib.mkIf useNginx {
|
nginx = lib.mkIf useNginx {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"${cfg.hostname}" = {
|
${cfg.hostname} = {
|
||||||
default = true;
|
default = true;
|
||||||
root = "${pkg}/share/zoneminder/www";
|
root = "${pkg}/share/zoneminder/www";
|
||||||
listen = [ { addr = "0.0.0.0"; inherit (cfg) port; } ];
|
listen = [ { addr = "0.0.0.0"; inherit (cfg) port; } ];
|
||||||
@ -357,11 +357,11 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups."${user}" = {
|
users.groups.${user} = {
|
||||||
gid = config.ids.gids.zoneminder;
|
gid = config.ids.gids.zoneminder;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users."${user}" = {
|
users.users.${user} = {
|
||||||
uid = config.ids.uids.zoneminder;
|
uid = config.ids.uids.zoneminder;
|
||||||
group = user;
|
group = user;
|
||||||
inherit home;
|
inherit home;
|
||||||
|
@ -185,7 +185,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ pkgs."dd-agent" pkgs.sysstat pkgs.procps ];
|
environment.systemPackages = [ pkgs.dd-agent pkgs.sysstat pkgs.procps ];
|
||||||
|
|
||||||
users.users.datadog = {
|
users.users.datadog = {
|
||||||
description = "Datadog Agent User";
|
description = "Datadog Agent User";
|
||||||
|
@ -51,7 +51,7 @@ in {
|
|||||||
description = "FusionInventory user";
|
description = "FusionInventory user";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."fusion-inventory" = {
|
systemd.services.fusion-inventory = {
|
||||||
description = "Fusion Inventory Agent";
|
description = "Fusion Inventory Agent";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ in
|
|||||||
|
|
||||||
environment.systemPackages = [ pkgs.monit ];
|
environment.systemPackages = [ pkgs.monit ];
|
||||||
|
|
||||||
environment.etc."monitrc" = {
|
environment.etc.monitrc = {
|
||||||
text = cfg.config;
|
text = cfg.config;
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
};
|
};
|
||||||
@ -39,7 +39,7 @@ in
|
|||||||
KillMode = "process";
|
KillMode = "process";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
restartTriggers = [ config.environment.etc."monitrc".source ];
|
restartTriggers = [ config.environment.etc.monitrc.source ];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -70,14 +70,14 @@ let
|
|||||||
} ''json2yaml -i $json -o $out'';
|
} ''json2yaml -i $json -o $out'';
|
||||||
|
|
||||||
thanos = cmd: "${cfg.package}/bin/thanos ${cmd}" +
|
thanos = cmd: "${cfg.package}/bin/thanos ${cmd}" +
|
||||||
(let args = cfg."${cmd}".arguments;
|
(let args = cfg.${cmd}.arguments;
|
||||||
in optionalString (length args != 0) (" \\\n " +
|
in optionalString (length args != 0) (" \\\n " +
|
||||||
concatStringsSep " \\\n " args));
|
concatStringsSep " \\\n " args));
|
||||||
|
|
||||||
argumentsOf = cmd: concatLists (collect isList
|
argumentsOf = cmd: concatLists (collect isList
|
||||||
(flip mapParamsRecursive params."${cmd}" (path: param:
|
(flip mapParamsRecursive params.${cmd} (path: param:
|
||||||
let opt = concatStringsSep "." path;
|
let opt = concatStringsSep "." path;
|
||||||
v = getAttrFromPath path cfg."${cmd}";
|
v = getAttrFromPath path cfg.${cmd};
|
||||||
in param.toArgs opt v)));
|
in param.toArgs opt v)));
|
||||||
|
|
||||||
mkArgumentsOption = cmd: mkOption {
|
mkArgumentsOption = cmd: mkOption {
|
||||||
@ -95,7 +95,7 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
mapParamsRecursive =
|
mapParamsRecursive =
|
||||||
let noParam = attr: !(attr ? "toArgs" && attr ? "option");
|
let noParam = attr: !(attr ? toArgs && attr ? option);
|
||||||
in mapAttrsRecursiveCond noParam;
|
in mapAttrsRecursiveCond noParam;
|
||||||
|
|
||||||
paramsToOptions = mapParamsRecursive (_path: param: param.option);
|
paramsToOptions = mapParamsRecursive (_path: param: param.option);
|
||||||
@ -607,7 +607,7 @@ let
|
|||||||
assertRelativeStateDir = cmd: {
|
assertRelativeStateDir = cmd: {
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = !hasPrefix "/" cfg."${cmd}".stateDir;
|
assertion = !hasPrefix "/" cfg.${cmd}.stateDir;
|
||||||
message =
|
message =
|
||||||
"The option services.thanos.${cmd}.stateDir should not be an absolute directory." +
|
"The option services.thanos.${cmd}.stateDir should not be an absolute directory." +
|
||||||
" It should be a directory relative to /var/lib.";
|
" It should be a directory relative to /var/lib.";
|
||||||
|
@ -135,7 +135,7 @@ in
|
|||||||
|
|
||||||
users.groups.${group} = { };
|
users.groups.${group} = { };
|
||||||
|
|
||||||
systemd.services."zabbix-agent" = {
|
systemd.services.zabbix-agent = {
|
||||||
description = "Zabbix Agent";
|
description = "Zabbix Agent";
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -252,7 +252,7 @@ in
|
|||||||
fping.source = "${pkgs.fping}/bin/fping";
|
fping.source = "${pkgs.fping}/bin/fping";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."zabbix-proxy" = {
|
systemd.services.zabbix-proxy = {
|
||||||
description = "Zabbix Proxy";
|
description = "Zabbix Proxy";
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -237,7 +237,7 @@ in
|
|||||||
fping.source = "${pkgs.fping}/bin/fping";
|
fping.source = "${pkgs.fping}/bin/fping";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."zabbix-server" = {
|
systemd.services.zabbix-server = {
|
||||||
description = "Zabbix Server";
|
description = "Zabbix Server";
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -69,7 +69,7 @@ let
|
|||||||
# functions to generate systemd.service entries
|
# functions to generate systemd.service entries
|
||||||
|
|
||||||
systemdEntry = service: cfgFile: (mapAttrs' ( name: cfg:
|
systemdEntry = service: cfgFile: (mapAttrs' ( name: cfg:
|
||||||
(nameValuePair "beegfs-${service}-${name}" (mkIf cfg."${service}".enable {
|
(nameValuePair "beegfs-${service}-${name}" (mkIf cfg.${service}.enable {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
|
@ -324,10 +324,10 @@ in
|
|||||||
# Remove all name-value pairs with null values from the attribute set to avoid making empty sections in the ceph.conf
|
# Remove all name-value pairs with null values from the attribute set to avoid making empty sections in the ceph.conf
|
||||||
globalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) (filterAttrs (name: value: value != null) globalAndMgrConfig);
|
globalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) (filterAttrs (name: value: value != null) globalAndMgrConfig);
|
||||||
totalConfig = {
|
totalConfig = {
|
||||||
"global" = globalConfig;
|
global = globalConfig;
|
||||||
} // optionalAttrs (cfg.mon.enable && cfg.mon.extraConfig != {}) { "mon" = cfg.mon.extraConfig; }
|
} // optionalAttrs (cfg.mon.enable && cfg.mon.extraConfig != {}) { mon = cfg.mon.extraConfig; }
|
||||||
// optionalAttrs (cfg.mds.enable && cfg.mds.extraConfig != {}) { "mds" = cfg.mds.extraConfig; }
|
// optionalAttrs (cfg.mds.enable && cfg.mds.extraConfig != {}) { mds = cfg.mds.extraConfig; }
|
||||||
// optionalAttrs (cfg.osd.enable && cfg.osd.extraConfig != {}) { "osd" = cfg.osd.extraConfig; }
|
// optionalAttrs (cfg.osd.enable && cfg.osd.extraConfig != {}) { osd = cfg.osd.extraConfig; }
|
||||||
// optionalAttrs (cfg.client.enable && cfg.client.extraConfig != {}) cfg.client.extraConfig;
|
// optionalAttrs (cfg.client.enable && cfg.client.extraConfig != {}) cfg.client.extraConfig;
|
||||||
in
|
in
|
||||||
generators.toINI {} totalConfig;
|
generators.toINI {} totalConfig;
|
||||||
@ -355,7 +355,7 @@ in
|
|||||||
|
|
||||||
systemd.targets = let
|
systemd.targets = let
|
||||||
targets = [
|
targets = [
|
||||||
{ "ceph" = { description = "Ceph target allowing to start/stop all ceph service instances at once"; }; }
|
{ ceph = { description = "Ceph target allowing to start/stop all ceph service instances at once"; }; }
|
||||||
] ++ optional cfg.mon.enable (generateTargetFile "mon")
|
] ++ optional cfg.mon.enable (generateTargetFile "mon")
|
||||||
++ optional cfg.mds.enable (generateTargetFile "mds")
|
++ optional cfg.mds.enable (generateTargetFile "mds")
|
||||||
++ optional cfg.osd.enable (generateTargetFile "osd")
|
++ optional cfg.osd.enable (generateTargetFile "osd")
|
||||||
|
@ -234,10 +234,10 @@ in
|
|||||||
# Refer to https://github.com/samba-team/samba/tree/master/packaging/systemd
|
# Refer to https://github.com/samba-team/samba/tree/master/packaging/systemd
|
||||||
# for correct use with systemd
|
# for correct use with systemd
|
||||||
services = {
|
services = {
|
||||||
"samba-smbd" = daemonService "smbd" "";
|
samba-smbd = daemonService "smbd" "";
|
||||||
"samba-nmbd" = mkIf cfg.enableNmbd (daemonService "nmbd" "");
|
samba-nmbd = mkIf cfg.enableNmbd (daemonService "nmbd" "");
|
||||||
"samba-winbindd" = mkIf cfg.enableWinbindd (daemonService "winbindd" "");
|
samba-winbindd = mkIf cfg.enableWinbindd (daemonService "winbindd" "");
|
||||||
"samba-setup" = {
|
samba-setup = {
|
||||||
description = "Samba Setup Task";
|
description = "Samba Setup Task";
|
||||||
script = setupScript;
|
script = setupScript;
|
||||||
unitConfig.RequiresMountsFor = "/var/lib/samba";
|
unitConfig.RequiresMountsFor = "/var/lib/samba";
|
||||||
|
@ -52,7 +52,7 @@ in
|
|||||||
example =
|
example =
|
||||||
{
|
{
|
||||||
type = "tunnel";
|
type = "tunnel";
|
||||||
"split-horizon" = true;
|
split-horizon = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -66,8 +66,8 @@ in
|
|||||||
example =
|
example =
|
||||||
{ enp0s2 =
|
{ enp0s2 =
|
||||||
{ type = "wired";
|
{ type = "wired";
|
||||||
"hello-interval" = 5;
|
hello-interval = 5;
|
||||||
"split-horizon" = "auto";
|
split-horizon = "auto";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -82,7 +82,7 @@ in {
|
|||||||
|
|
||||||
environment.systemPackages = [ connman ];
|
environment.systemPackages = [ connman ];
|
||||||
|
|
||||||
systemd.services."connman" = {
|
systemd.services.connman = {
|
||||||
description = "Connection service";
|
description = "Connection service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "syslog.target" ];
|
after = [ "syslog.target" ];
|
||||||
@ -95,7 +95,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."connman-vpn" = mkIf cfg.enableVPN {
|
systemd.services.connman-vpn = mkIf cfg.enableVPN {
|
||||||
description = "ConnMan VPN service";
|
description = "ConnMan VPN service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "syslog.target" ];
|
after = [ "syslog.target" ];
|
||||||
@ -108,7 +108,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."net-connman-vpn" = mkIf cfg.enableVPN {
|
systemd.services.net-connman-vpn = mkIf cfg.enableVPN {
|
||||||
description = "D-BUS Service";
|
description = "D-BUS Service";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Name = "net.connman.vpn";
|
Name = "net.connman.vpn";
|
||||||
|
@ -156,7 +156,7 @@ in
|
|||||||
config = mkIf cfg.enable (
|
config = mkIf cfg.enable (
|
||||||
mkMerge [{
|
mkMerge [{
|
||||||
|
|
||||||
users.users."consul" = {
|
users.users.consul = {
|
||||||
description = "Consul agent daemon user";
|
description = "Consul agent daemon user";
|
||||||
uid = config.ids.uids.consul;
|
uid = config.ids.uids.consul;
|
||||||
# The shell is needed for health checks
|
# The shell is needed for health checks
|
||||||
|
@ -58,7 +58,7 @@ let
|
|||||||
${text}
|
${text}
|
||||||
''; in "${dir}/bin/${name}";
|
''; in "${dir}/bin/${name}";
|
||||||
|
|
||||||
defaultInterface = { default = mapAttrs (name: value: cfg."${name}") commonOptions; };
|
defaultInterface = { default = mapAttrs (name: value: cfg.${name}) commonOptions; };
|
||||||
allInterfaces = defaultInterface // cfg.interfaces;
|
allInterfaces = defaultInterface // cfg.interfaces;
|
||||||
|
|
||||||
startScript = writeShScript "firewall-start" ''
|
startScript = writeShScript "firewall-start" ''
|
||||||
|
@ -115,7 +115,7 @@ in
|
|||||||
gid = config.ids.gids.git;
|
gid = config.ids.gids.git;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."git-daemon" = {
|
systemd.services.git-daemon = {
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
script = "${pkgs.git}/bin/git daemon --reuseaddr "
|
script = "${pkgs.git}/bin/git daemon --reuseaddr "
|
||||||
|
@ -68,7 +68,7 @@ let
|
|||||||
inherit (cfg) spoolAreaPath;
|
inherit (cfg) spoolAreaPath;
|
||||||
};
|
};
|
||||||
|
|
||||||
sockets."hylafax-hfaxd" = {
|
sockets.hylafax-hfaxd = {
|
||||||
description = "HylaFAX server socket";
|
description = "HylaFAX server socket";
|
||||||
documentation = [ "man:hfaxd(8)" ];
|
documentation = [ "man:hfaxd(8)" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
@ -77,7 +77,7 @@ let
|
|||||||
socketConfig.Accept = true;
|
socketConfig.Accept = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
paths."hylafax-faxq" = {
|
paths.hylafax-faxq = {
|
||||||
description = "HylaFAX queue manager sendq watch";
|
description = "HylaFAX queue manager sendq watch";
|
||||||
documentation = [ "man:faxq(8)" "man:sendq(5)" ];
|
documentation = [ "man:faxq(8)" "man:sendq(5)" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
@ -87,11 +87,11 @@ let
|
|||||||
timers = mkMerge [
|
timers = mkMerge [
|
||||||
(
|
(
|
||||||
mkIf (cfg.faxcron.enable.frequency!=null)
|
mkIf (cfg.faxcron.enable.frequency!=null)
|
||||||
{ "hylafax-faxcron".timerConfig.Persistent = true; }
|
{ hylafax-faxcron.timerConfig.Persistent = true; }
|
||||||
)
|
)
|
||||||
(
|
(
|
||||||
mkIf (cfg.faxqclean.enable.frequency!=null)
|
mkIf (cfg.faxqclean.enable.frequency!=null)
|
||||||
{ "hylafax-faxqclean".timerConfig.Persistent = true; }
|
{ hylafax-faxqclean.timerConfig.Persistent = true; }
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
||||||
@ -121,7 +121,7 @@ let
|
|||||||
in
|
in
|
||||||
service: service // { serviceConfig = apply service; };
|
service: service // { serviceConfig = apply service; };
|
||||||
|
|
||||||
services."hylafax-spool" = {
|
services.hylafax-spool = {
|
||||||
description = "HylaFAX spool area preparation";
|
description = "HylaFAX spool area preparation";
|
||||||
documentation = [ "man:hylafax-server(4)" ];
|
documentation = [ "man:hylafax-server(4)" ];
|
||||||
script = ''
|
script = ''
|
||||||
@ -140,7 +140,7 @@ let
|
|||||||
unitConfig.RequiresMountsFor = [ cfg.spoolAreaPath ];
|
unitConfig.RequiresMountsFor = [ cfg.spoolAreaPath ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services."hylafax-faxq" = {
|
services.hylafax-faxq = {
|
||||||
description = "HylaFAX queue manager";
|
description = "HylaFAX queue manager";
|
||||||
documentation = [ "man:faxq(8)" ];
|
documentation = [ "man:faxq(8)" ];
|
||||||
requires = [ "hylafax-spool.service" ];
|
requires = [ "hylafax-spool.service" ];
|
||||||
@ -178,7 +178,7 @@ let
|
|||||||
serviceConfig.PrivateNetwork = null;
|
serviceConfig.PrivateNetwork = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
services."hylafax-faxcron" = rec {
|
services.hylafax-faxcron = rec {
|
||||||
description = "HylaFAX spool area maintenance";
|
description = "HylaFAX spool area maintenance";
|
||||||
documentation = [ "man:faxcron(8)" ];
|
documentation = [ "man:faxcron(8)" ];
|
||||||
after = [ "hylafax-spool.service" ];
|
after = [ "hylafax-spool.service" ];
|
||||||
@ -194,7 +194,7 @@ let
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services."hylafax-faxqclean" = rec {
|
services.hylafax-faxqclean = rec {
|
||||||
description = "HylaFAX spool area queue cleaner";
|
description = "HylaFAX spool area queue cleaner";
|
||||||
documentation = [ "man:faxqclean(8)" ];
|
documentation = [ "man:faxqclean(8)" ];
|
||||||
after = [ "hylafax-spool.service" ];
|
after = [ "hylafax-spool.service" ];
|
||||||
|
@ -121,7 +121,7 @@ in
|
|||||||
|
|
||||||
users.groups.ircd.gid = config.ids.gids.ircd;
|
users.groups.ircd.gid = config.ids.gids.ircd;
|
||||||
|
|
||||||
systemd.services."ircd-hybrid" = {
|
systemd.services.ircd-hybrid = {
|
||||||
description = "IRCD Hybrid server";
|
description = "IRCD Hybrid server";
|
||||||
after = [ "started networking" ];
|
after = [ "started networking" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -50,8 +50,8 @@ in
|
|||||||
users = mkOption {
|
users = mkOption {
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
example = {
|
example = {
|
||||||
"tg" = "00000000000000000000000000000000";
|
tg = "00000000000000000000000000000000";
|
||||||
"tg2" = "0123456789abcdef0123456789abcdef";
|
tg2 = "0123456789abcdef0123456789abcdef";
|
||||||
};
|
};
|
||||||
description = ''
|
description = ''
|
||||||
Allowed users and their secrets. A secret is a 32 characters long hex string.
|
Allowed users and their secrets. A secret is a 32 characters long hex string.
|
||||||
@ -80,7 +80,7 @@ in
|
|||||||
type = types.attrs;
|
type = types.attrs;
|
||||||
default = {};
|
default = {};
|
||||||
example = {
|
example = {
|
||||||
"STATS_PRINT_PERIOD" = 600;
|
STATS_PRINT_PERIOD = 600;
|
||||||
};
|
};
|
||||||
description = ''
|
description = ''
|
||||||
Extra configuration options for mtprotoproxy.
|
Extra configuration options for mtprotoproxy.
|
||||||
|
@ -142,7 +142,7 @@ in {
|
|||||||
messages, and respond to them according to a set of rules.
|
messages, and respond to them according to a set of rules.
|
||||||
'';
|
'';
|
||||||
default = {};
|
default = {};
|
||||||
example = { "eth0".rules."1111::/64" = {}; };
|
example = { eth0.rules."1111::/64" = {}; };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -153,7 +153,7 @@ in {
|
|||||||
'' ];
|
'' ];
|
||||||
|
|
||||||
services.ndppd.proxies = mkIf (cfg.interface != null && cfg.network != null) {
|
services.ndppd.proxies = mkIf (cfg.interface != null && cfg.network != null) {
|
||||||
"${cfg.interface}".rules."${cfg.network}" = {};
|
${cfg.interface}.rules.${cfg.network} = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.ndppd = {
|
systemd.services.ndppd = {
|
||||||
|
@ -81,9 +81,9 @@ let
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
dispatcherTypesSubdirMap = {
|
dispatcherTypesSubdirMap = {
|
||||||
"basic" = "";
|
basic = "";
|
||||||
"pre-up" = "pre-up.d/";
|
pre-up = "pre-up.d/";
|
||||||
"pre-down" = "pre-down.d/";
|
pre-down = "pre-down.d/";
|
||||||
};
|
};
|
||||||
|
|
||||||
macAddressOpt = mkOption {
|
macAddressOpt = mkOption {
|
||||||
@ -453,7 +453,7 @@ in {
|
|||||||
|
|
||||||
systemd.packages = cfg.packages;
|
systemd.packages = cfg.packages;
|
||||||
|
|
||||||
systemd.services."NetworkManager" = {
|
systemd.services.NetworkManager = {
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
restartTriggers = [ configFile ];
|
restartTriggers = [ configFile ];
|
||||||
|
|
||||||
@ -483,7 +483,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."NetworkManager-dispatcher" = {
|
systemd.services.NetworkManager-dispatcher = {
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
restartTriggers = [ configFile ];
|
restartTriggers = [ configFile ];
|
||||||
|
|
||||||
|
@ -955,7 +955,7 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers."nsd-dnssec" = mkIf dnssec {
|
systemd.timers.nsd-dnssec = mkIf dnssec {
|
||||||
description = "Automatic DNSSEC key rollover";
|
description = "Automatic DNSSEC key rollover";
|
||||||
|
|
||||||
wantedBy = [ "nsd.service" ];
|
wantedBy = [ "nsd.service" ];
|
||||||
@ -966,7 +966,7 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."nsd-dnssec" = mkIf dnssec {
|
systemd.services.nsd-dnssec = mkIf dnssec {
|
||||||
description = "DNSSEC key rollover";
|
description = "DNSSEC key rollover";
|
||||||
|
|
||||||
wantedBy = [ "nsd.service" ];
|
wantedBy = [ "nsd.service" ];
|
||||||
|
@ -128,7 +128,7 @@ in {
|
|||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
users.users."${username}" = {
|
users.users.${username} = {
|
||||||
home = dataDir;
|
home = dataDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
uid = config.ids.uids.pdns-recursor;
|
uid = config.ids.uids.pdns-recursor;
|
||||||
|
@ -93,18 +93,18 @@ with lib;
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
environment = {
|
environment = {
|
||||||
"INTERFACE" = name;
|
INTERFACE = name;
|
||||||
"TUN_MODE" = toString qtcfg.tunMode;
|
TUN_MODE = toString qtcfg.tunMode;
|
||||||
"REMOTE_ADDRESS" = qtcfg.remoteAddress;
|
REMOTE_ADDRESS = qtcfg.remoteAddress;
|
||||||
"LOCAL_ADDRESS" = qtcfg.localAddress;
|
LOCAL_ADDRESS = qtcfg.localAddress;
|
||||||
"LOCAL_PORT" = toString qtcfg.localPort;
|
LOCAL_PORT = toString qtcfg.localPort;
|
||||||
"REMOTE_PORT" = toString qtcfg.remotePort;
|
REMOTE_PORT = toString qtcfg.remotePort;
|
||||||
"REMOTE_FLOAT" = toString qtcfg.remoteFloat;
|
REMOTE_FLOAT = toString qtcfg.remoteFloat;
|
||||||
"PRIVATE_KEY" = qtcfg.privateKey;
|
PRIVATE_KEY = qtcfg.privateKey;
|
||||||
"PUBLIC_KEY" = qtcfg.publicKey;
|
PUBLIC_KEY = qtcfg.publicKey;
|
||||||
"TIME_WINDOW" = toString qtcfg.timeWindow;
|
TIME_WINDOW = toString qtcfg.timeWindow;
|
||||||
"TUN_UP_SCRIPT" = pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript;
|
TUN_UP_SCRIPT = pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript;
|
||||||
"SUID" = "nobody";
|
SUID = "nobody";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
|
@ -275,7 +275,7 @@ in
|
|||||||
];
|
];
|
||||||
security.wrappers = {
|
security.wrappers = {
|
||||||
fping.source = "${pkgs.fping}/bin/fping";
|
fping.source = "${pkgs.fping}/bin/fping";
|
||||||
"fping6".source = "${pkgs.fping}/bin/fping6";
|
fping6.source = "${pkgs.fping}/bin/fping6";
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ pkgs.fping ];
|
environment.systemPackages = [ pkgs.fping ];
|
||||||
users.users = singleton {
|
users.users = singleton {
|
||||||
|
@ -68,7 +68,7 @@ in
|
|||||||
mkMerge [{
|
mkMerge [{
|
||||||
environment.systemPackages = [ package ];
|
environment.systemPackages = [ package ];
|
||||||
|
|
||||||
systemd.services."softether-init" = {
|
systemd.services.softether-init = {
|
||||||
description = "SoftEther VPN services initial task";
|
description = "SoftEther VPN services initial task";
|
||||||
after = [ "keys.target" ];
|
after = [ "keys.target" ];
|
||||||
wants = [ "keys.target" ];
|
wants = [ "keys.target" ];
|
||||||
|
@ -63,7 +63,7 @@ rec {
|
|||||||
StrongSwan default: <literal><![CDATA[${builtins.toJSON strongswanDefault}]]></literal>
|
StrongSwan default: <literal><![CDATA[${builtins.toJSON strongswanDefault}]]></literal>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
single = f: name: value: { "${name}" = f value; };
|
single = f: name: value: { ${name} = f value; };
|
||||||
|
|
||||||
mkStrParam = mkParamOfType types.str;
|
mkStrParam = mkParamOfType types.str;
|
||||||
mkOptionalStrParam = mkStrParam null;
|
mkOptionalStrParam = mkStrParam null;
|
||||||
|
@ -21,7 +21,7 @@ rec {
|
|||||||
mkConf = indent : ps :
|
mkConf = indent : ps :
|
||||||
concatMapStringsSep "\n"
|
concatMapStringsSep "\n"
|
||||||
(name:
|
(name:
|
||||||
let value = ps."${name}";
|
let value = ps.${name};
|
||||||
indentation = replicate indent " ";
|
indentation = replicate indent " ";
|
||||||
in
|
in
|
||||||
indentation + (
|
indentation + (
|
||||||
@ -58,7 +58,7 @@ rec {
|
|||||||
) set);
|
) set);
|
||||||
|
|
||||||
# Recursively map over every parameter in the given attribute set.
|
# Recursively map over every parameter in the given attribute set.
|
||||||
mapParamsRecursive = mapAttrsRecursiveCond' (as: (!(as ? "_type" && as._type == "param")));
|
mapParamsRecursive = mapAttrsRecursiveCond' (as: (!(as ? _type && as._type == "param")));
|
||||||
|
|
||||||
mapAttrsRecursiveCond' = cond: f: set:
|
mapAttrsRecursiveCond' = cond: f: set:
|
||||||
let
|
let
|
||||||
@ -67,7 +67,7 @@ rec {
|
|||||||
g =
|
g =
|
||||||
name: value:
|
name: value:
|
||||||
if isAttrs value && cond value
|
if isAttrs value && cond value
|
||||||
then { "${name}" = recurse (path ++ [name]) value; }
|
then { ${name} = recurse (path ++ [name]) value; }
|
||||||
else f (path ++ [name]) name value;
|
else f (path ++ [name]) name value;
|
||||||
in mapAttrs'' g set;
|
in mapAttrs'' g set;
|
||||||
in recurse [] set;
|
in recurse [] set;
|
||||||
@ -77,6 +77,6 @@ rec {
|
|||||||
|
|
||||||
# Extract the options from the given set of parameters.
|
# Extract the options from the given set of parameters.
|
||||||
paramsToOptions = ps :
|
paramsToOptions = ps :
|
||||||
mapParamsRecursive (_path: name: param: { "${name}" = param.option; }) ps;
|
mapParamsRecursive (_path: name: param: { ${name} = param.option; }) ps;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -373,7 +373,7 @@ in {
|
|||||||
systemd.packages = [ pkgs.syncthing ];
|
systemd.packages = [ pkgs.syncthing ];
|
||||||
|
|
||||||
users.users = mkIf (cfg.systemService && cfg.user == defaultUser) {
|
users.users = mkIf (cfg.systemService && cfg.user == defaultUser) {
|
||||||
"${defaultUser}" =
|
${defaultUser} =
|
||||||
{ group = cfg.group;
|
{ group = cfg.group;
|
||||||
home = cfg.dataDir;
|
home = cfg.dataDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
@ -383,7 +383,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
users.groups = mkIf (cfg.systemService && cfg.group == defaultUser) {
|
users.groups = mkIf (cfg.systemService && cfg.group == defaultUser) {
|
||||||
"${defaultUser}".gid =
|
${defaultUser}.gid =
|
||||||
config.ids.gids.syncthing;
|
config.ids.gids.syncthing;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -44,9 +44,9 @@ let cfg = config.services.networking.websockify; in {
|
|||||||
scriptArgs = "%i";
|
scriptArgs = "%i";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.targets."default-websockify" = {
|
systemd.targets.default-websockify = {
|
||||||
description = "Target to start all default websockify@ services";
|
description = "Target to start all default websockify@ services";
|
||||||
unitConfig."X-StopOnReconfiguration" = true;
|
unitConfig.X-StopOnReconfiguration = true;
|
||||||
wants = mapAttrsToList (name: value: "websockify@${name}:${toString value}.service") cfg.portMap;
|
wants = mapAttrsToList (name: value: "websockify@${name}:${toString value}.service") cfg.portMap;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
||||||
|
@ -74,7 +74,7 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (cfg.enable) {
|
config = mkIf (cfg.enable) {
|
||||||
users.users."${cfg.user}" =
|
users.users.${cfg.user} =
|
||||||
if cfg.user == "zerobin" then {
|
if cfg.user == "zerobin" then {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
@ -82,7 +82,7 @@ in
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
}
|
}
|
||||||
else {};
|
else {};
|
||||||
users.groups."${cfg.group}" = {};
|
users.groups.${cfg.group} = {};
|
||||||
|
|
||||||
systemd.services.zerobin = {
|
systemd.services.zerobin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -287,7 +287,7 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ cups.out ] ++ optional polkitEnabled cups-pk-helper;
|
environment.systemPackages = [ cups.out ] ++ optional polkitEnabled cups-pk-helper;
|
||||||
environment.etc."cups".source = "/var/lib/cups";
|
environment.etc.cups.source = "/var/lib/cups";
|
||||||
|
|
||||||
services.dbus.packages = [ cups.out ] ++ optional polkitEnabled cups-pk-helper;
|
services.dbus.packages = [ cups.out ] ++ optional polkitEnabled cups-pk-helper;
|
||||||
|
|
||||||
|
@ -67,7 +67,7 @@ in {
|
|||||||
|
|
||||||
services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
|
services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
|
||||||
|
|
||||||
systemd.services."fprot-updater" = {
|
systemd.services.fprot-updater = {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = false;
|
RemainAfterExit = false;
|
||||||
|
@ -99,7 +99,7 @@ in
|
|||||||
# for physlock -l and physlock -L
|
# for physlock -l and physlock -L
|
||||||
environment.systemPackages = [ pkgs.physlock ];
|
environment.systemPackages = [ pkgs.physlock ];
|
||||||
|
|
||||||
systemd.services."physlock" = {
|
systemd.services.physlock = {
|
||||||
enable = true;
|
enable = true;
|
||||||
description = "Physlock";
|
description = "Physlock";
|
||||||
wantedBy = optional cfg.lockOn.suspend "suspend.target"
|
wantedBy = optional cfg.lockOn.suspend "suspend.target"
|
||||||
|
@ -108,7 +108,7 @@ in {
|
|||||||
hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ;
|
hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ;
|
||||||
hkpPort = builtins.toString cfg.hkpPort;
|
hkpPort = builtins.toString cfg.hkpPort;
|
||||||
in {
|
in {
|
||||||
"sks-db" = {
|
sks-db = {
|
||||||
description = "SKS database server";
|
description = "SKS database server";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -22,7 +22,7 @@ in {
|
|||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.geoclue2 = {
|
services.geoclue2 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
appConfig."localtime" = {
|
appConfig.localtime = {
|
||||||
isAllowed = true;
|
isAllowed = true;
|
||||||
isSystem = true;
|
isSystem = true;
|
||||||
};
|
};
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user