Merge remote-tracking branch 'upstream/master' into vim-plugins
This commit is contained in:
commit
8294b9bde6
27
.github/ISSUE_TEMPLATE/security.md
vendored
27
.github/ISSUE_TEMPLATE/security.md
vendored
@ -1,27 +0,0 @@
|
||||
---
|
||||
name: Security report
|
||||
about: Report security issues
|
||||
title: ''
|
||||
labels: '1.severity: security'
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
To privately report a security issue with NixOS, Nix, and its ecosystem,
|
||||
please email a member of the NixOS Security Team and we will ensure the issue
|
||||
is handled. Our responses will be signed with our GPG keys:
|
||||
https://nixos.org/nixos/security.html
|
||||
|
||||
**Report**
|
||||
|
||||
CVE:
|
||||
|
||||
**Metadata**
|
||||
|
||||
Maintainer information:
|
||||
```yaml
|
||||
# a list of nixpkgs attributes affected by the problem
|
||||
attribute:
|
||||
# a list of nixos modules affected by the problem
|
||||
module:
|
||||
```
|
4
.github/PULL_REQUEST_TEMPLATE.md
vendored
4
.github/PULL_REQUEST_TEMPLATE.md
vendored
@ -18,4 +18,6 @@
|
||||
- [ ] Ensured that relevant documentation is up to date
|
||||
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
|
||||
|
||||
---
|
||||
###### Notify maintainers
|
||||
|
||||
cc @
|
||||
|
@ -124,3 +124,21 @@ in another file (say `default.nix`) to be able to build it with
|
||||
```
|
||||
$ nix-build -A yaml
|
||||
```
|
||||
|
||||
## Passing options to `idris` commands
|
||||
|
||||
The `build-idris-package` function provides also optional input values to set additional options for the used `idris` commands.
|
||||
|
||||
Specifically, you can set `idrisBuildOptions`, `idrisTestOptions`, `idrisInstallOptions` and `idrisDocOptions` to provide additional options to the `idris` command respectively when building, testing, installing and generating docs for your package.
|
||||
|
||||
For example you could set
|
||||
|
||||
```
|
||||
build-idris-package {
|
||||
idrisBuildOptions = [ "--log" "1" "--verbose" ]
|
||||
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
to require verbose output during `idris` build phase.
|
||||
|
@ -603,6 +603,7 @@ All parameters from `stdenv.mkDerivation` function are still supported. The foll
|
||||
* `preShellHook`: Hook to execute commands before `shellHook`.
|
||||
* `postShellHook`: Hook to execute commands after `shellHook`.
|
||||
* `removeBinByteCode ? true`: Remove bytecode from `/bin`. Bytecode is only created when the filenames end with `.py`.
|
||||
* `setupPyGlobalFlags ? []`: List of flags passed to `setup.py` command.
|
||||
* `setupPyBuildFlags ? []`: List of flags passed to `setup.py build_ext` command.
|
||||
|
||||
The `stdenv.mkDerivation` function accepts various parameters for describing build inputs (see "Specifying dependencies"). The following are of special
|
||||
|
@ -113,6 +113,15 @@ mkDerivation {
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
<literal>wrapQtAppsHook</literal> ignores files that are non-ELF executables.
|
||||
This means that scripts won't be automatically wrapped so you'll need to manually
|
||||
wrap them as previously mentioned. An example of when you'd always need to do this
|
||||
is with Python applications that use PyQT.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
Libraries are built with every available version of Qt. Use the <literal>meta.broken</literal>
|
||||
attribute to disable the package for unsupported Qt versions:
|
||||
|
@ -21,7 +21,7 @@ At the moment we support three different methods for managing plugins:
|
||||
|
||||
Adding custom .vimrc lines can be done using the following code:
|
||||
|
||||
```
|
||||
```nix
|
||||
vim_configurable.customize {
|
||||
# `name` specifies the name of the executable and package
|
||||
name = "vim-with-plugins";
|
||||
@ -32,11 +32,11 @@ vim_configurable.customize {
|
||||
}
|
||||
```
|
||||
|
||||
This configuration is used when vim is invoked with the command specified as name, in this case `vim-with-plugins`.
|
||||
This configuration is used when Vim is invoked with the command specified as name, in this case `vim-with-plugins`.
|
||||
|
||||
For Neovim the `configure` argument can be overridden to achieve the same:
|
||||
|
||||
```
|
||||
```nix
|
||||
neovim.override {
|
||||
configure = {
|
||||
customRC = ''
|
||||
@ -46,10 +46,10 @@ neovim.override {
|
||||
}
|
||||
```
|
||||
|
||||
If you want to use `neovim-qt` as a graphical editor, you can configure it by overriding neovim in an overlay
|
||||
or passing it an overridden neovimn:
|
||||
If you want to use `neovim-qt` as a graphical editor, you can configure it by overriding Neovim in an overlay
|
||||
or passing it an overridden Neovimn:
|
||||
|
||||
```
|
||||
```nix
|
||||
neovim-qt.override {
|
||||
neovim = neovim.override {
|
||||
configure = {
|
||||
@ -63,16 +63,16 @@ neovim-qt.override {
|
||||
|
||||
## Managing plugins with Vim packages
|
||||
|
||||
To store you plugins in Vim packages (the native vim plugin manager, see `:help packages`) the following example can be used:
|
||||
To store you plugins in Vim packages (the native Vim plugin manager, see `:help packages`) the following example can be used:
|
||||
|
||||
```
|
||||
```nix
|
||||
vim_configurable.customize {
|
||||
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
|
||||
# loaded on launch
|
||||
start = [ youcompleteme fugitive ];
|
||||
# manually loadable by calling `:packadd $plugin-name`
|
||||
# however, if a vim plugin has a dependency that is not explicitly listed in
|
||||
# opt that dependency will always be added to start to avoid confusion.
|
||||
# however, if a Vim plugin has a dependency that is not explicitly listed in
|
||||
# opt that dependency will always be added to start to avoid confusion.
|
||||
opt = [ phpCompletion elm-vim ];
|
||||
# To automatically load a plugin when opening a filetype, add vimrc lines like:
|
||||
# autocmd FileType php :packadd phpCompletion
|
||||
@ -83,7 +83,7 @@ vim_configurable.customize {
|
||||
`myVimPackage` is an arbitrary name for the generated package. You can choose any name you like.
|
||||
For Neovim the syntax is:
|
||||
|
||||
```
|
||||
```nix
|
||||
neovim.override {
|
||||
configure = {
|
||||
customRC = ''
|
||||
@ -92,7 +92,7 @@ neovim.override {
|
||||
packages.myVimPackage = with pkgs.vimPlugins; {
|
||||
# see examples below how to use custom packages
|
||||
start = [ ];
|
||||
# If a vim plugin has a dependency that is not explicitly listed in
|
||||
# If a Vim plugin has a dependency that is not explicitly listed in
|
||||
# opt that dependency will always be added to start to avoid confusion.
|
||||
opt = [ ];
|
||||
};
|
||||
@ -102,7 +102,7 @@ neovim.override {
|
||||
|
||||
The resulting package can be added to `packageOverrides` in `~/.nixpkgs/config.nix` to make it installable:
|
||||
|
||||
```
|
||||
```nix
|
||||
{
|
||||
packageOverrides = pkgs: with pkgs; {
|
||||
myVim = vim_configurable.customize {
|
||||
@ -126,7 +126,7 @@ After that you can install your special grafted `myVim` or `myNeovim` packages.
|
||||
To use [vim-plug](https://github.com/junegunn/vim-plug) to manage your Vim
|
||||
plugins the following example can be used:
|
||||
|
||||
```
|
||||
```nix
|
||||
vim_configurable.customize {
|
||||
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
|
||||
# loaded on launch
|
||||
@ -137,7 +137,7 @@ vim_configurable.customize {
|
||||
|
||||
For Neovim the syntax is:
|
||||
|
||||
```
|
||||
```nix
|
||||
neovim.override {
|
||||
configure = {
|
||||
customRC = ''
|
||||
@ -161,89 +161,112 @@ assuming that "using latest version" is ok most of the time.
|
||||
|
||||
First create a vim-scripts file having one plugin name per line. Example:
|
||||
|
||||
"tlib"
|
||||
{'name': 'vim-addon-sql'}
|
||||
{'filetype_regex': '\%(vim)$', 'names': ['reload', 'vim-dev-plugin']}
|
||||
```
|
||||
"tlib"
|
||||
{'name': 'vim-addon-sql'}
|
||||
{'filetype_regex': '\%(vim)$', 'names': ['reload', 'vim-dev-plugin']}
|
||||
```
|
||||
|
||||
Such vim-scripts file can be read by VAM as well like this:
|
||||
|
||||
call vam#Scripts(expand('~/.vim-scripts'), {})
|
||||
```vim
|
||||
call vam#Scripts(expand('~/.vim-scripts'), {})
|
||||
```
|
||||
|
||||
Create a default.nix file:
|
||||
|
||||
{ nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
|
||||
nixpkgs.vim_configurable.customize { name = "vim"; vimrcConfig.vam.pluginDictionaries = [ "vim-addon-vim2nix" ]; }
|
||||
```nix
|
||||
{ nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
|
||||
nixpkgs.vim_configurable.customize { name = "vim"; vimrcConfig.vam.pluginDictionaries = [ "vim-addon-vim2nix" ]; }
|
||||
```
|
||||
|
||||
Create a generate.vim file:
|
||||
|
||||
ActivateAddons vim-addon-vim2nix
|
||||
let vim_scripts = "vim-scripts"
|
||||
call nix#ExportPluginsForNix({
|
||||
\ 'path_to_nixpkgs': eval('{"'.substitute(substitute(substitute($NIX_PATH, ':', ',', 'g'), '=',':', 'g'), '\([:,]\)', '"\1"',"g").'"}')["nixpkgs"],
|
||||
\ 'cache_file': '/tmp/vim2nix-cache',
|
||||
\ 'try_catch': 0,
|
||||
\ 'plugin_dictionaries': ["vim-addon-manager"]+map(readfile(vim_scripts), 'eval(v:val)')
|
||||
\ })
|
||||
```vim
|
||||
ActivateAddons vim-addon-vim2nix
|
||||
let vim_scripts = "vim-scripts"
|
||||
call nix#ExportPluginsForNix({
|
||||
\ 'path_to_nixpkgs': eval('{"'.substitute(substitute(substitute($NIX_PATH, ':', ',', 'g'), '=',':', 'g'), '\([:,]\)', '"\1"',"g").'"}')["nixpkgs"],
|
||||
\ 'cache_file': '/tmp/vim2nix-cache',
|
||||
\ 'try_catch': 0,
|
||||
\ 'plugin_dictionaries': ["vim-addon-manager"]+map(readfile(vim_scripts), 'eval(v:val)')
|
||||
\ })
|
||||
```
|
||||
|
||||
Then run
|
||||
|
||||
nix-shell -p vimUtils.vim_with_vim2nix --command "vim -c 'source generate.vim'"
|
||||
```bash
|
||||
nix-shell -p vimUtils.vim_with_vim2nix --command "vim -c 'source generate.vim'"
|
||||
```
|
||||
|
||||
You should get a Vim buffer with the nix derivations (output1) and vam.pluginDictionaries (output2).
|
||||
You can add your vim to your system's configuration file like this and start it by "vim-my":
|
||||
You can add your Vim to your system's configuration file like this and start it by "vim-my":
|
||||
|
||||
my-vim =
|
||||
let plugins = let inherit (vimUtils) buildVimPluginFrom2Nix; in {
|
||||
copy paste output1 here
|
||||
}; in vim_configurable.customize {
|
||||
name = "vim-my";
|
||||
```
|
||||
my-vim =
|
||||
let plugins = let inherit (vimUtils) buildVimPluginFrom2Nix; in {
|
||||
copy paste output1 here
|
||||
}; in vim_configurable.customize {
|
||||
name = "vim-my";
|
||||
|
||||
vimrcConfig.vam.knownPlugins = plugins; # optional
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
copy paste output2 here
|
||||
];
|
||||
|
||||
# Pathogen would be
|
||||
# vimrcConfig.pathogen.knownPlugins = plugins; # plugins
|
||||
# vimrcConfig.pathogen.pluginNames = ["tlib"];
|
||||
};
|
||||
vimrcConfig.vam.knownPlugins = plugins; # optional
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
copy paste output2 here
|
||||
];
|
||||
|
||||
# Pathogen would be
|
||||
# vimrcConfig.pathogen.knownPlugins = plugins; # plugins
|
||||
# vimrcConfig.pathogen.pluginNames = ["tlib"];
|
||||
};
|
||||
```
|
||||
|
||||
Sample output1:
|
||||
|
||||
"reload" = buildVimPluginFrom2Nix { # created by nix#NixDerivation
|
||||
name = "reload";
|
||||
src = fetchgit {
|
||||
url = "git://github.com/xolox/vim-reload";
|
||||
rev = "0a601a668727f5b675cb1ddc19f6861f3f7ab9e1";
|
||||
sha256 = "0vb832l9yxj919f5hfg6qj6bn9ni57gnjd3bj7zpq7d4iv2s4wdh";
|
||||
};
|
||||
dependencies = ["nim-misc"];
|
||||
```
|
||||
"reload" = buildVimPluginFrom2Nix { # created by nix#NixDerivation
|
||||
name = "reload";
|
||||
src = fetchgit {
|
||||
url = "git://github.com/xolox/vim-reload";
|
||||
rev = "0a601a668727f5b675cb1ddc19f6861f3f7ab9e1";
|
||||
sha256 = "0vb832l9yxj919f5hfg6qj6bn9ni57gnjd3bj7zpq7d4iv2s4wdh";
|
||||
};
|
||||
dependencies = ["nim-misc"];
|
||||
|
||||
};
|
||||
[...]
|
||||
};
|
||||
[...]
|
||||
```
|
||||
|
||||
Sample output2:
|
||||
|
||||
[
|
||||
''vim-addon-manager''
|
||||
''tlib''
|
||||
{ "name" = ''vim-addon-sql''; }
|
||||
{ "filetype_regex" = ''\%(vim)$$''; "names" = [ ''reload'' ''vim-dev-plugin'' ]; }
|
||||
]
|
||||
|
||||
```nix
|
||||
[
|
||||
''vim-addon-manager''
|
||||
''tlib''
|
||||
{ "name" = ''vim-addon-sql''; }
|
||||
{ "filetype_regex" = ''\%(vim)$$''; "names" = [ ''reload'' ''vim-dev-plugin'' ]; }
|
||||
]
|
||||
```
|
||||
|
||||
## Adding new plugins to nixpkgs
|
||||
|
||||
In `pkgs/misc/vim-plugins/vim-plugin-names` we store the plugin names
|
||||
for all vim plugins we automatically generate plugins for.
|
||||
The format of this file `github username/github repository`:
|
||||
For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`.
|
||||
After adding your plugin to this file run the `./update.py` in the same folder.
|
||||
This will updated a file called `generated.nix` and make your plugin accessible in the
|
||||
`vimPlugins` attribute set (`vimPlugins.nerdtree` in our example).
|
||||
If additional steps to the build process of the plugin are required, add an
|
||||
override to the `pkgs/misc/vim-plugins/default.nix` in the same directory.
|
||||
Nix expressions for Vim plugins are stored in [pkgs/misc/vim-plugins](/pkgs/misc/vim-plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](/pkgs/misc/vim-plugins/update.py). This creates a [generated.nix](/pkgs/misc/vim-plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](/pkgs/misc/vim-plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`.
|
||||
|
||||
Some plugins require overrides in order to function properly. Overrides are placed in [overrides.nix](/pkgs/misc/vim-plugins/overrides.nix). Overrides are most often required when a plugin requires some dependencies, or extra steps are required during the build process. For example `deoplete-fish` requires both `deoplete-nvim` and `vim-fish`, and so the following override was added:
|
||||
|
||||
```
|
||||
deoplete-fish = super.deoplete-fish.overrideAttrs(old: {
|
||||
dependencies = with super; [ deoplete-nvim vim-fish ];
|
||||
});
|
||||
```
|
||||
|
||||
Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`.
|
||||
|
||||
To add a new plugin:
|
||||
|
||||
1. run `./update.py` and create a commit named "vimPlugins: Update",
|
||||
2. add the new plugin to [vim-plugin-names](/pkgs/misc/vim-plugins/vim-plugin-names) and add overrides if required to [overrides.nix](/pkgs/misc/vim-plugins/overrides.nix),
|
||||
3. run `./update.py` again and create a commit named "vimPlugins.[name]: init at [version]" (where `name` and `version` can be found in [generated.nix](/pkgs/misc/vim-plugins/generated.nix)), and
|
||||
4. create a pull request.
|
||||
|
||||
## Important repositories
|
||||
|
||||
@ -252,4 +275,3 @@ override to the `pkgs/misc/vim-plugins/default.nix` in the same directory.
|
||||
|
||||
- [vim2nix](https://github.com/MarcWeber/vim-addon-vim2nix) which generates the
|
||||
.nix code
|
||||
|
||||
|
@ -786,7 +786,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
|
||||
set, the default value is used, which is <literal>$prePhases
|
||||
unpackPhase patchPhase $preConfigurePhases configurePhase
|
||||
$preBuildPhases buildPhase checkPhase $preInstallPhases installPhase
|
||||
fixupPhase $preDistPhases distPhase $postPhases</literal>.
|
||||
fixupPhase installCheckPhase $preDistPhases distPhase $postPhases</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Usually, if you just want to add a few phases, it’s more convenient
|
||||
@ -1599,6 +1599,16 @@ installTargets = "install-bin install-doc";</programlisting>
|
||||
|
||||
<variablelist>
|
||||
<title>Variables controlling the fixup phase</title>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>dontFixup</varname>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Set to true to skip the fixup phase.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>dontStrip</varname>
|
||||
|
@ -53,12 +53,16 @@ rec {
|
||||
# Filter sources by a list of regular expressions.
|
||||
#
|
||||
# E.g. `src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]`
|
||||
sourceByRegex = src: regexes: cleanSourceWith {
|
||||
filter = (path: type:
|
||||
let relPath = lib.removePrefix (toString src + "/") (toString path);
|
||||
in lib.any (re: builtins.match re relPath != null) regexes);
|
||||
inherit src;
|
||||
};
|
||||
sourceByRegex = src: regexes:
|
||||
let
|
||||
isFiltered = src ? _isLibCleanSourceWith;
|
||||
origSrc = if isFiltered then src.origSrc else src;
|
||||
in lib.cleanSourceWith {
|
||||
filter = (path: type:
|
||||
let relPath = lib.removePrefix (toString origSrc + "/") (toString path);
|
||||
in lib.any (re: builtins.match re relPath != null) regexes);
|
||||
inherit src;
|
||||
};
|
||||
|
||||
# Get all files ending with the specified suffices from the given
|
||||
# directory or its descendants. E.g. `sourceFilesBySuffices ./dir
|
||||
|
@ -26,7 +26,7 @@ let
|
||||
|
||||
"riscv32-linux" "riscv64-linux"
|
||||
|
||||
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none"
|
||||
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none"
|
||||
];
|
||||
|
||||
allParsed = map parse.mkSystemFromString all;
|
||||
|
@ -97,6 +97,18 @@ rec {
|
||||
riscv64 = riscv "64";
|
||||
riscv32 = riscv "32";
|
||||
|
||||
riscv64-embedded = {
|
||||
config = "riscv64-none-elf";
|
||||
libc = "newlib";
|
||||
platform = platforms.riscv-multiplatform "64";
|
||||
};
|
||||
|
||||
riscv32-embedded = {
|
||||
config = "riscv32-none-elf";
|
||||
libc = "newlib";
|
||||
platform = platforms.riscv-multiplatform "32";
|
||||
};
|
||||
|
||||
msp430 = {
|
||||
config = "msp430-elf";
|
||||
libc = "newlib";
|
||||
|
@ -71,6 +71,15 @@ checkConfigError 'The option value .* in .* is not of type.*positive integer.*'
|
||||
checkConfigOutput "42" config.value ./declare-int-between-value.nix ./define-value-int-positive.nix
|
||||
checkConfigError 'The option value .* in .* is not of type.*between.*-21 and 43.*inclusive.*' config.value ./declare-int-between-value.nix ./define-value-int-negative.nix
|
||||
|
||||
# Check either types
|
||||
# types.either
|
||||
checkConfigOutput "42" config.value ./declare-either.nix ./define-value-int-positive.nix
|
||||
checkConfigOutput "\"24\"" config.value ./declare-either.nix ./define-value-string.nix
|
||||
# types.oneOf
|
||||
checkConfigOutput "42" config.value ./declare-oneOf.nix ./define-value-int-positive.nix
|
||||
checkConfigOutput "[ ]" config.value ./declare-oneOf.nix ./define-value-list.nix
|
||||
checkConfigOutput "\"24\"" config.value ./declare-oneOf.nix ./define-value-string.nix
|
||||
|
||||
# Check mkForce without submodules.
|
||||
set -- config.enable ./declare-enable.nix ./define-enable.nix
|
||||
checkConfigOutput "true" "$@"
|
||||
|
5
lib/tests/modules/declare-either.nix
Normal file
5
lib/tests/modules/declare-either.nix
Normal file
@ -0,0 +1,5 @@
|
||||
{ lib, ... }: {
|
||||
options.value = lib.mkOption {
|
||||
type = lib.types.either lib.types.int lib.types.str;
|
||||
};
|
||||
}
|
9
lib/tests/modules/declare-oneOf.nix
Normal file
9
lib/tests/modules/declare-oneOf.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ lib, ... }: {
|
||||
options.value = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.int
|
||||
(lib.types.listOf lib.types.int)
|
||||
lib.types.str
|
||||
];
|
||||
};
|
||||
}
|
@ -111,7 +111,7 @@ rec {
|
||||
name = "int";
|
||||
description = "signed integer";
|
||||
check = isInt;
|
||||
merge = mergeOneOption;
|
||||
merge = mergeEqualOption;
|
||||
};
|
||||
|
||||
# Specialized subdomains of int
|
||||
@ -176,14 +176,14 @@ rec {
|
||||
name = "float";
|
||||
description = "floating point number";
|
||||
check = isFloat;
|
||||
merge = mergeOneOption;
|
||||
merge = mergeEqualOption;
|
||||
};
|
||||
|
||||
str = mkOptionType {
|
||||
name = "str";
|
||||
description = "string";
|
||||
check = isString;
|
||||
merge = mergeOneOption;
|
||||
merge = mergeEqualOption;
|
||||
};
|
||||
|
||||
strMatching = pattern: mkOptionType {
|
||||
@ -243,7 +243,7 @@ rec {
|
||||
name = "path";
|
||||
# Hacky: there is no ‘isPath’ primop.
|
||||
check = x: builtins.substring 0 1 (toString x) == "/";
|
||||
merge = mergeOneOption;
|
||||
merge = mergeEqualOption;
|
||||
};
|
||||
|
||||
# drop this in the future:
|
||||
@ -415,7 +415,7 @@ rec {
|
||||
name = "enum";
|
||||
description = "one of ${concatMapStringsSep ", " show values}";
|
||||
check = flip elem values;
|
||||
merge = mergeOneOption;
|
||||
merge = mergeEqualOption;
|
||||
functor = (defaultFunctor name) // { payload = values; binOp = a: b: unique (a ++ b); };
|
||||
};
|
||||
|
||||
@ -443,6 +443,13 @@ rec {
|
||||
functor = (defaultFunctor name) // { wrapped = [ t1 t2 ]; };
|
||||
};
|
||||
|
||||
# Any of the types in the given list
|
||||
oneOf = ts:
|
||||
let
|
||||
head' = if ts == [] then throw "types.oneOf needs to get at least one type in its argument" else head ts;
|
||||
tail' = tail ts;
|
||||
in foldl' either head' tail';
|
||||
|
||||
# Either value of type `finalType` or `coercedType`, the latter is
|
||||
# converted to `finalType` using `coerceFunc`.
|
||||
coercedTo = coercedType: coerceFunc: finalType:
|
||||
|
@ -66,14 +66,6 @@
|
||||
email = "aaron@ajanse.me";
|
||||
github = "aaronjanse";
|
||||
name = "Aaron Janse";
|
||||
keys = [
|
||||
{ longkeyid = "rsa2048/0x651BD4B37D75E234"; # Email only
|
||||
fingerprint = "490F 5009 34E7 20BD 4C53 96C2 651B D4B3 7D75 E234";
|
||||
}
|
||||
{ longkeyid = "rsa4096/0xBE6C92145BFF4A34"; # Git, etc
|
||||
fingerprint = "CED9 6DF4 63D7 B86A 1C4B 1322 BE6C 9214 5BFF 4A34";
|
||||
}
|
||||
];
|
||||
};
|
||||
aaronschif = {
|
||||
email = "aaronschif@gmail.com";
|
||||
@ -85,6 +77,15 @@
|
||||
github = "baldo";
|
||||
name = "Andreas Baldeau";
|
||||
};
|
||||
abbe = {
|
||||
email = "ashish.is@lostca.se";
|
||||
github = "wahjava";
|
||||
name = "Ashish SHUKLA";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0xC746CFA9E74FA4B0";
|
||||
fingerprint = "F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0";
|
||||
}];
|
||||
};
|
||||
abbradar = {
|
||||
email = "ab@fmap.me";
|
||||
github = "abbradar";
|
||||
@ -393,6 +394,11 @@
|
||||
github = "aneeshusa";
|
||||
name = "Aneesh Agrawal";
|
||||
};
|
||||
angristan = {
|
||||
email = "angristan@pm.me";
|
||||
github = "angristan";
|
||||
name = "Stanislas Lange";
|
||||
};
|
||||
ankhers = {
|
||||
email = "justin.k.wood@gmail.com";
|
||||
github = "ankhers";
|
||||
@ -1078,6 +1084,11 @@
|
||||
github = "codyopel";
|
||||
name = "Cody Opel";
|
||||
};
|
||||
cohencyril = {
|
||||
email = "cyril.cohen@inria.fr";
|
||||
github = "CohenCyril";
|
||||
name = "Cyril Cohen";
|
||||
};
|
||||
colemickens = {
|
||||
email = "cole.mickens@gmail.com";
|
||||
github = "colemickens";
|
||||
@ -1508,6 +1519,11 @@
|
||||
github = "liclac";
|
||||
name = "embr";
|
||||
};
|
||||
emily = {
|
||||
email = "nixpkgs@emily.moe";
|
||||
github = "emilazy";
|
||||
name = "Emily";
|
||||
};
|
||||
ederoyd46 = {
|
||||
email = "matt@ederoyd.co.uk";
|
||||
github = "ederoyd46";
|
||||
@ -1693,6 +1709,11 @@
|
||||
fingerprint = "67FE 98F2 8C44 CF22 1828 E12F D57E FA62 5C9A 925F";
|
||||
}];
|
||||
};
|
||||
evanjs = {
|
||||
email = "evanjsx@gmail.com";
|
||||
github = "evanjs";
|
||||
name = "Evan Stoll";
|
||||
};
|
||||
evck = {
|
||||
email = "eric@evenchick.com";
|
||||
github = "ericevenchick";
|
||||
@ -1748,6 +1769,11 @@
|
||||
github = "fare";
|
||||
name = "Francois-Rene Rideau";
|
||||
};
|
||||
farlion = {
|
||||
email = "florian.peter@gmx.at";
|
||||
github = "workflow";
|
||||
name = "Florian Peter";
|
||||
};
|
||||
fdns = {
|
||||
email = "fdns02@gmail.com";
|
||||
github = "fdns";
|
||||
@ -2156,6 +2182,11 @@
|
||||
github = "hlolli";
|
||||
name = "Hlodver Sigurdsson";
|
||||
};
|
||||
hugoreeves = {
|
||||
email = "hugolreeves@gmail.com";
|
||||
github = "hugoreeves";
|
||||
name = "Hugo Reeves";
|
||||
};
|
||||
hodapp = {
|
||||
email = "hodapp87@gmail.com";
|
||||
github = "Hodapp87";
|
||||
@ -2601,6 +2632,11 @@
|
||||
github = "jraygauthier";
|
||||
name = "Raymond Gauthier";
|
||||
};
|
||||
jtobin = {
|
||||
email = "jared@jtobin.io";
|
||||
github = "jtobin";
|
||||
name = "Jared Tobin";
|
||||
};
|
||||
jtojnar = {
|
||||
email = "jtojnar@gmail.com";
|
||||
github = "jtojnar";
|
||||
@ -4204,9 +4240,13 @@
|
||||
name = "Ben Hamlin";
|
||||
};
|
||||
prusnak = {
|
||||
email = "stick@gk2.sk";
|
||||
email = "pavol@rusnak.io";
|
||||
github = "prusnak";
|
||||
name = "Pavol Rusnak";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0x91F3B339B9A02A3D";
|
||||
fingerprint = "86E6 792F C27B FD47 8860 C110 91F3 B339 B9A0 2A3D";
|
||||
}];
|
||||
};
|
||||
pshendry = {
|
||||
email = "paul@pshendry.com";
|
||||
@ -4996,6 +5036,15 @@
|
||||
github = "sternenseemann";
|
||||
name = "Lukas Epple";
|
||||
};
|
||||
steshaw = {
|
||||
name = "Steven Shaw";
|
||||
email = "steven@steshaw.org";
|
||||
github = "steshaw";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0x1D9A17DFD23DCB91";
|
||||
fingerprint = "0AFE 77F7 474D 1596 EE55 7A29 1D9A 17DF D23D CB91";
|
||||
}];
|
||||
};
|
||||
stesie = {
|
||||
email = "stesie@brokenpipe.de";
|
||||
github = "stesie";
|
||||
@ -5571,6 +5620,11 @@
|
||||
github = "viric";
|
||||
name = "Lluís Batlle i Rossell";
|
||||
};
|
||||
virusdave = {
|
||||
email = "dave.nicponski@gmail.com";
|
||||
github = "virusdave";
|
||||
name = "Dave Nicponski";
|
||||
};
|
||||
vizanto = {
|
||||
email = "danny@prime.vc";
|
||||
github = "vizanto";
|
||||
@ -5921,4 +5975,9 @@
|
||||
github = "mattmelling";
|
||||
name = "Matt Melling";
|
||||
};
|
||||
wd15 = {
|
||||
email = "daniel.wheeler2@gmail.com";
|
||||
github = "wd15";
|
||||
name = "Daniel Wheeler";
|
||||
};
|
||||
}
|
||||
|
@ -95,7 +95,7 @@ in {
|
||||
|
||||
# forward all Matrix API calls to the synapse Matrix homeserver
|
||||
locations."/_matrix" = {
|
||||
proxyPass = "http://[::1]:8008/_matrix";
|
||||
proxyPass = "http://[::1]:8008"; # without a trailing /
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -125,10 +125,12 @@
|
||||
You will need to reboot after enabling this driver to prevent a clash with
|
||||
other kernel modules.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
Note: for recent AMD GPUs you most likely want to keep either the defaults
|
||||
For recent AMD GPUs you most likely want to keep either the defaults
|
||||
or <literal>"amdgpu"</literal> (both free).
|
||||
</para>
|
||||
</note>
|
||||
</simplesect>
|
||||
<simplesect xml:id="sec-x11-touchpads">
|
||||
<title>Touchpads</title>
|
||||
@ -157,4 +159,134 @@
|
||||
versions.
|
||||
</para>
|
||||
</simplesect>
|
||||
<simplesect xml:id="custom-xkb-layouts">
|
||||
<title>Custom XKB layouts</title>
|
||||
<para>
|
||||
It is possible to install custom
|
||||
<link xlink:href="https://en.wikipedia.org/wiki/X_keyboard_extension">
|
||||
XKB
|
||||
</link>
|
||||
keyboard layouts using the option
|
||||
<option>
|
||||
<link linkend="opt-services.xserver.extraLayouts">
|
||||
services.xserver.extraLayouts
|
||||
</link>
|
||||
</option>.
|
||||
As a first example, we are going to create a layout based on the basic US
|
||||
layout, with an additional layer to type some greek symbols by pressing the
|
||||
right-alt key.
|
||||
</para>
|
||||
<para>
|
||||
To do this we are going to create a <literal>us-greek</literal> file
|
||||
with a <literal>xkb_symbols</literal> section.
|
||||
</para>
|
||||
<programlisting>
|
||||
xkb_symbols "us-greek"
|
||||
{
|
||||
include "us(basic)" // includes the base US keys
|
||||
include "level3(ralt_switch)" // configures right alt as a third level switch
|
||||
|
||||
key <LatA> { [ a, A, Greek_alpha ] };
|
||||
key <LatB> { [ b, B, Greek_beta ] };
|
||||
key <LatG> { [ g, G, Greek_gamma ] };
|
||||
key <LatD> { [ d, D, Greek_delta ] };
|
||||
key <LatZ> { [ z, Z, Greek_zeta ] };
|
||||
};
|
||||
</programlisting>
|
||||
<para>
|
||||
To install the layout, the filepath, a description and the list of
|
||||
languages must be given:
|
||||
</para>
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.xserver.extraLayouts"/>.us-greek = {
|
||||
description = "US layout with alt-gr greek";
|
||||
languages = [ "eng" ];
|
||||
symbolsFile = /path/to/us-greek;
|
||||
}
|
||||
</programlisting>
|
||||
<note>
|
||||
<para>
|
||||
The name should match the one given to the
|
||||
<literal>xkb_symbols</literal> block.
|
||||
</para>
|
||||
</note>
|
||||
<para>
|
||||
The layout should now be installed and ready to use: try it by
|
||||
running <literal>setxkbmap us-greek</literal> and type
|
||||
<literal><alt>+a</literal>. To change the default the usual
|
||||
<option>
|
||||
<link linkend="opt-services.xserver.layout">
|
||||
services.xserver.layout
|
||||
</link>
|
||||
</option>
|
||||
option can still be used.
|
||||
</para>
|
||||
<para>
|
||||
A layout can have several other components besides
|
||||
<literal>xkb_symbols</literal>, for example we will define new
|
||||
keycodes for some multimedia key and bind these to some symbol.
|
||||
</para>
|
||||
<para>
|
||||
Use the <emphasis>xev</emphasis> utility from
|
||||
<literal>pkgs.xorg.xev</literal> to find the codes of the keys of
|
||||
interest, then create a <literal>media-key</literal> file to hold
|
||||
the keycodes definitions
|
||||
</para>
|
||||
<programlisting>
|
||||
xkb_keycodes "media"
|
||||
{
|
||||
<volUp> = 123;
|
||||
<volDown> = 456;
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
Now use the newly define keycodes in <literal>media-sym</literal>:
|
||||
</para>
|
||||
<programlisting>
|
||||
xkb_symbols "media"
|
||||
{
|
||||
key.type = "ONE_LEVEL";
|
||||
key <volUp> { [ XF86AudioLowerVolume ] };
|
||||
key <volDown> { [ XF86AudioRaiseVolume ] };
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
As before, to install the layout do
|
||||
</para>
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.xserver.extraLayouts"/>.media = {
|
||||
description = "Multimedia keys remapping";
|
||||
languages = [ "eng" ];
|
||||
symbolsFile = /path/to/media-key;
|
||||
keycodesFile = /path/to/media-sym;
|
||||
};
|
||||
</programlisting>
|
||||
<note>
|
||||
<para>
|
||||
The function <literal>pkgs.writeText <filename> <content>
|
||||
</literal> can be useful if you prefer to keep the layout definitions
|
||||
inside the NixOS configuration.
|
||||
</para>
|
||||
</note>
|
||||
<para>
|
||||
Unfortunately, the Xorg server does not (currently) support setting a
|
||||
keymap directly but relies instead on XKB rules to select the matching
|
||||
components (keycodes, types, ...) of a layout. This means that components
|
||||
other than symbols won't be loaded by default. As a workaround, you
|
||||
can set the keymap using <literal>setxkbmap</literal> at the start of the
|
||||
session with:
|
||||
</para>
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.xserver.displayManager.sessionCommands"/> = "setxkbmap -keycodes media";
|
||||
</programlisting>
|
||||
<para>
|
||||
To learn how to write layouts take a look at the XKB
|
||||
<link xlink:href="https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts">
|
||||
documentation
|
||||
</link>. More example layouts can also be found
|
||||
<link xlink:href="https://wiki.archlinux.org/index.php/X_KeyBoard_extension#Basic_examples">
|
||||
here
|
||||
</link>.
|
||||
</para>
|
||||
</simplesect>
|
||||
</chapter>
|
||||
|
@ -5,55 +5,6 @@ with pkgs;
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
|
||||
# Remove invisible and internal options.
|
||||
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
|
||||
|
||||
# Replace functions by the string <function>
|
||||
substFunction = x:
|
||||
if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x
|
||||
else if builtins.isList x then map substFunction x
|
||||
else if lib.isFunction x then "<function>"
|
||||
else x;
|
||||
|
||||
# Generate DocBook documentation for a list of packages. This is
|
||||
# what `relatedPackages` option of `mkOption` from
|
||||
# ../../../lib/options.nix influences.
|
||||
#
|
||||
# Each element of `relatedPackages` can be either
|
||||
# - a string: that will be interpreted as an attribute name from `pkgs`,
|
||||
# - a list: that will be interpreted as an attribute path from `pkgs`,
|
||||
# - an attrset: that can specify `name`, `path`, `package`, `comment`
|
||||
# (either of `name`, `path` is required, the rest are optional).
|
||||
genRelatedPackages = packages:
|
||||
let
|
||||
unpack = p: if lib.isString p then { name = p; }
|
||||
else if lib.isList p then { path = p; }
|
||||
else p;
|
||||
describe = args:
|
||||
let
|
||||
title = args.title or null;
|
||||
name = args.name or (lib.concatStringsSep "." args.path);
|
||||
path = args.path or [ args.name ];
|
||||
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs);
|
||||
in "<listitem>"
|
||||
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
|
||||
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"
|
||||
+ ": ${package.meta.description or "???"}.</para>"
|
||||
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
|
||||
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
|
||||
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
|
||||
+ "</listitem>";
|
||||
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
|
||||
|
||||
optionsListDesc = lib.flip map optionsListVisible (opt: opt // {
|
||||
# Clean up declaration sites to not refer to the NixOS source tree.
|
||||
declarations = map stripAnyPrefixes opt.declarations;
|
||||
}
|
||||
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
|
||||
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
|
||||
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
|
||||
// lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; });
|
||||
|
||||
# We need to strip references to /nix/store/* from options,
|
||||
# including any `extraSources` if some modules came from elsewhere,
|
||||
# or else the build will fail.
|
||||
@ -63,37 +14,13 @@ let
|
||||
prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources);
|
||||
stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) prefixesToStrip;
|
||||
|
||||
# Custom "less" that pushes up all the things ending in ".enable*"
|
||||
# and ".package*"
|
||||
optionLess = a: b:
|
||||
let
|
||||
ise = lib.hasPrefix "enable";
|
||||
isp = lib.hasPrefix "package";
|
||||
cmp = lib.splitByAndCompare ise lib.compare
|
||||
(lib.splitByAndCompare isp lib.compare lib.compare);
|
||||
in lib.compareLists cmp a.loc b.loc < 0;
|
||||
|
||||
# Customly sort option list for the man page.
|
||||
optionsList = lib.sort optionLess optionsListDesc;
|
||||
|
||||
# Convert the list of options into an XML file.
|
||||
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
|
||||
|
||||
optionsDocBook = runCommand "options-db.xml" {} ''
|
||||
optionsXML=${optionsXML}
|
||||
if grep /nixpkgs/nixos/modules $optionsXML; then
|
||||
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
|
||||
echo "since this prevents sharing via the NixOS channel. This is typically"
|
||||
echo "caused by an option default that refers to a relative path (see above"
|
||||
echo "for hints about the offending path)."
|
||||
exit 1
|
||||
fi
|
||||
${buildPackages.libxslt.bin}/bin/xsltproc \
|
||||
--stringparam revision '${revision}' \
|
||||
-o intermediate.xml ${./options-to-docbook.xsl} $optionsXML
|
||||
${buildPackages.libxslt.bin}/bin/xsltproc \
|
||||
-o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml
|
||||
'';
|
||||
optionsDoc = buildPackages.nixosOptionsDoc {
|
||||
inherit options revision;
|
||||
transformOptions = opt: opt // {
|
||||
# Clean up declaration sites to not refer to the NixOS source tree.
|
||||
declarations = map stripAnyPrefixes opt.declarations;
|
||||
};
|
||||
};
|
||||
|
||||
sources = lib.sourceFilesBySuffices ./. [".xml"];
|
||||
|
||||
@ -108,7 +35,7 @@ let
|
||||
generatedSources = runCommand "generated-docbook" {} ''
|
||||
mkdir $out
|
||||
ln -s ${modulesDoc} $out/modules.xml
|
||||
ln -s ${optionsDocBook} $out/options-db.xml
|
||||
ln -s ${optionsDoc.optionsDocBook} $out/options-db.xml
|
||||
printf "%s" "${version}" > $out/version
|
||||
'';
|
||||
|
||||
@ -234,22 +161,7 @@ let
|
||||
in rec {
|
||||
inherit generatedSources;
|
||||
|
||||
# The NixOS options in JSON format.
|
||||
optionsJSON = runCommand "options-json"
|
||||
{ meta.description = "List of NixOS options in JSON format";
|
||||
}
|
||||
''
|
||||
# Export list of options in different format.
|
||||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
|
||||
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON
|
||||
(builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList))))
|
||||
} $dst/options.json
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
|
||||
''; # */
|
||||
inherit (optionsDoc) optionsJSON optionsXML optionsDocBook;
|
||||
|
||||
# Generate the NixOS manual.
|
||||
manualHTML = runCommand "nixos-manual-html"
|
||||
|
@ -346,6 +346,18 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>types.oneOf</varname> [ <replaceable>t1</replaceable> <replaceable>t2</replaceable> ... ]
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Type <replaceable>t1</replaceable> or type <replaceable>t2</replaceable> and so forth,
|
||||
e.g. <literal>with types; oneOf [ int str bool ]</literal>. Multiple definitions
|
||||
cannot be merged.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>types.coercedTo</varname> <replaceable>from</replaceable> <replaceable>f</replaceable> <replaceable>to</replaceable>
|
||||
|
@ -98,6 +98,16 @@
|
||||
<literal>stableBranch</literal> set to false.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Remove attributes that we know we will not be able to support,
|
||||
especially if there is a stable alternative. E.g. Check that our
|
||||
Linux kernels'
|
||||
<link xlink:href="https://www.kernel.org/category/releases.html">
|
||||
projected end-of-life</link> are after our release projected
|
||||
end-of-life
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Edit changelog at
|
||||
|
@ -14,6 +14,13 @@
|
||||
to build the new configuration, make it the default configuration for
|
||||
booting, and try to realise the configuration in the running system (e.g., by
|
||||
restarting system services).
|
||||
<warning>
|
||||
<para>
|
||||
This command doesn't start/stop <link linkend="opt-systemd.user.services">user
|
||||
services</link> automatically. <command>nixos-rebuild</command> only runs a
|
||||
<literal>daemon-reload</literal> for each user with running user services.
|
||||
</para>
|
||||
</warning>
|
||||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
|
@ -29,13 +29,14 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You are logged-in automatically as <literal>root</literal>. (The
|
||||
<literal>root</literal> user account has an empty password.)
|
||||
You are logged-in automatically as <literal>nixos</literal>.
|
||||
The <literal>nixos</literal> user account has an empty password so you
|
||||
can use <command>sudo</command> without a password.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you downloaded the graphical ISO image, you can run <command>systemctl
|
||||
start display-manager</command> to start KDE. If you want to continue on the
|
||||
start display-manager</command> to start the desktop environment. If you want to continue on the
|
||||
terminal, you can use <command>loadkeys</command> to switch to your
|
||||
preferred keyboard layout. (We even provide neo2 via <command>loadkeys de
|
||||
neo</command>!)
|
||||
@ -65,9 +66,9 @@
|
||||
|
||||
<para>
|
||||
If you would like to continue the installation from a different machine you
|
||||
need to activate the SSH daemon via <literal>systemctl start
|
||||
sshd</literal>. In order to be able to login you also need to set a
|
||||
password for <literal>root</literal> using <literal>passwd</literal>.
|
||||
need to activate the SSH daemon via <command>systemctl start
|
||||
sshd</command>. You then must set a password for either <literal>root</literal> or
|
||||
<literal>nixos</literal> with <command>passwd></command> to be able to login.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -34,6 +34,12 @@
|
||||
</arg>
|
||||
<replaceable>shell-command</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
<option>--silent</option>
|
||||
</arg>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<arg choice='plain'>
|
||||
@ -100,6 +106,16 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--silent</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Suppresses all output from the activation script of the target system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--</option>
|
||||
|
@ -90,6 +90,35 @@
|
||||
<arg>
|
||||
<option>--show-trace</option>
|
||||
</arg>
|
||||
<arg>
|
||||
<option>-I</option>
|
||||
<replaceable>path</replaceable>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--verbose</option></arg>
|
||||
<arg choice='plain'><option>-v</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--max-jobs</option></arg>
|
||||
<arg choice='plain'><option>-j</option></arg>
|
||||
</group>
|
||||
<replaceable>number</replaceable>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--keep-failed</option></arg>
|
||||
<arg choice='plain'><option>-K</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
<arg>
|
||||
<group choice='req'>
|
||||
<arg choice='plain'><option>--keep-going</option></arg>
|
||||
<arg choice='plain'><option>-k</option></arg>
|
||||
</group>
|
||||
</arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection>
|
||||
@ -101,7 +130,8 @@
|
||||
NixOS module, you must run <command>nixos-rebuild</command> to make the
|
||||
changes take effect. It builds the new system in
|
||||
<filename>/nix/store</filename>, runs its activation script, and stop and
|
||||
(re)starts any system services if needed.
|
||||
(re)starts any system services if needed. Please note that user services need
|
||||
to be started manually as they aren't detected by the activation script at the moment.
|
||||
</para>
|
||||
<para>
|
||||
This command has one required argument, which specifies the desired
|
||||
|
@ -6,7 +6,7 @@
|
||||
<author><personname><firstname>Eelco</firstname><surname>Dolstra</surname></personname>
|
||||
<contrib>Author</contrib>
|
||||
</author>
|
||||
<copyright><year>2007-2018</year><holder>Eelco Dolstra</holder>
|
||||
<copyright><year>2007-2019</year><holder>Eelco Dolstra</holder>
|
||||
</copyright>
|
||||
</info>
|
||||
<xi:include href="man-configuration.xml" />
|
||||
|
@ -33,6 +33,21 @@
|
||||
PHP 7.1 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 19.09 release.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The binfmt module is now easier to use. Additional systems can
|
||||
be added through <option>boot.binfmt.emulatedSystems</option>.
|
||||
For instance, <literal>boot.binfmt.emulatedSystems = [
|
||||
"wasm32-wasi" "x86_64-windows" "aarch64-linux" ];</literal> will
|
||||
set up binfmt interpreters for each of those listed systems.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The installer now uses a less privileged <literal>nixos</literal> user whereas before we logged in as root.
|
||||
To gain root privileges use <literal>sudo -i</literal> without a password.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
@ -47,6 +62,13 @@
|
||||
The following new services were added since the last release:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>./programs/dwm-status.nix</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
@ -163,7 +185,8 @@
|
||||
Most of the httpd subservices packaged with NixOS have been replaced with
|
||||
full NixOS modules including LimeSurvey, WordPress, and Zabbix. These
|
||||
modules can be enabled using the <option>services.limesurvey.enable</option>,
|
||||
<option>services.wordpress.enable</option>, and <option>services.zabbixWeb.enable</option> options.
|
||||
<option>services.mediawiki.enable</option>, <option>services.wordpress.enable</option>,
|
||||
and <option>services.zabbixWeb.enable</option> options.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
@ -213,6 +236,33 @@
|
||||
have a look at the <link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official repo</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
By default, prometheus exporters are now run with <literal>DynamicUser</literal> enabled.
|
||||
Exporters that need a real user, now run under a seperate user and group which follow the pattern <literal><exporter-name>-exporter</literal>, instead of the previous default <literal>nobody</literal> and <literal>nogroup</literal>.
|
||||
Only some exporters are affected by the latter, namely the exporters <literal>dovecot</literal>, <literal>node</literal>, <literal>postfix</literal> and <literal>varnish</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>ibus-qt</literal> package is not installed by default anymore when <xref linkend="opt-i18n.inputMethod.enabled" /> is set to <literal>ibus</literal>.
|
||||
If IBus support in Qt 4.x applications is required, add the <literal>ibus-qt</literal> package to your <xref linkend="opt-environment.systemPackages" /> manually.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The CUPS Printing service now uses socket-based activation by
|
||||
default, only starting when needed. The previous behavior can
|
||||
be restored by setting
|
||||
<option>services.cups.startWhenNeeded</option> to
|
||||
<literal>false</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -67,7 +67,7 @@ rec {
|
||||
in
|
||||
{ key = "ip-address";
|
||||
config =
|
||||
{ networking.hostName = m.fst;
|
||||
{ networking.hostName = mkDefault m.fst;
|
||||
|
||||
networking.interfaces = listToAttrs interfaces;
|
||||
|
||||
|
164
nixos/lib/make-options-doc/default.nix
Normal file
164
nixos/lib/make-options-doc/default.nix
Normal file
@ -0,0 +1,164 @@
|
||||
/* Generate JSON, XML and DocBook documentation for given NixOS options.
|
||||
|
||||
Minimal example:
|
||||
|
||||
{ pkgs, }:
|
||||
|
||||
let
|
||||
eval = import (pkgs.path + "/nixos/lib/eval-config.nix") {
|
||||
baseModules = [
|
||||
../module.nix
|
||||
];
|
||||
modules = [];
|
||||
};
|
||||
in pkgs.nixosOptionsDoc {
|
||||
options = eval.options;
|
||||
}
|
||||
|
||||
*/
|
||||
{ pkgs
|
||||
, lib
|
||||
, options
|
||||
, transformOptions ? lib.id # function for additional tranformations of the options
|
||||
, revision ? "" # Specify revision for the options
|
||||
}:
|
||||
|
||||
let
|
||||
# Replace functions by the string <function>
|
||||
substFunction = x:
|
||||
if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x
|
||||
else if builtins.isList x then map substFunction x
|
||||
else if lib.isFunction x then "<function>"
|
||||
else x;
|
||||
|
||||
optionsListDesc = lib.flip map optionsListVisible
|
||||
(opt: transformOptions opt
|
||||
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
|
||||
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
|
||||
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
|
||||
// lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; }
|
||||
);
|
||||
|
||||
# Generate DocBook documentation for a list of packages. This is
|
||||
# what `relatedPackages` option of `mkOption` from
|
||||
# ../../../lib/options.nix influences.
|
||||
#
|
||||
# Each element of `relatedPackages` can be either
|
||||
# - a string: that will be interpreted as an attribute name from `pkgs`,
|
||||
# - a list: that will be interpreted as an attribute path from `pkgs`,
|
||||
# - an attrset: that can specify `name`, `path`, `package`, `comment`
|
||||
# (either of `name`, `path` is required, the rest are optional).
|
||||
genRelatedPackages = packages:
|
||||
let
|
||||
unpack = p: if lib.isString p then { name = p; }
|
||||
else if lib.isList p then { path = p; }
|
||||
else p;
|
||||
describe = args:
|
||||
let
|
||||
title = args.title or null;
|
||||
name = args.name or (lib.concatStringsSep "." args.path);
|
||||
path = args.path or [ args.name ];
|
||||
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs);
|
||||
in "<listitem>"
|
||||
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
|
||||
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"
|
||||
+ ": ${package.meta.description or "???"}.</para>"
|
||||
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
|
||||
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
|
||||
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
|
||||
+ "</listitem>";
|
||||
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
|
||||
|
||||
# Custom "less" that pushes up all the things ending in ".enable*"
|
||||
# and ".package*"
|
||||
optionLess = a: b:
|
||||
let
|
||||
ise = lib.hasPrefix "enable";
|
||||
isp = lib.hasPrefix "package";
|
||||
cmp = lib.splitByAndCompare ise lib.compare
|
||||
(lib.splitByAndCompare isp lib.compare lib.compare);
|
||||
in lib.compareLists cmp a.loc b.loc < 0;
|
||||
|
||||
# Remove invisible and internal options.
|
||||
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
|
||||
|
||||
# Customly sort option list for the man page.
|
||||
optionsList = lib.sort optionLess optionsListDesc;
|
||||
|
||||
# Convert the list of options into an XML file.
|
||||
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
|
||||
|
||||
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);
|
||||
|
||||
# TODO: declarations: link to github
|
||||
singleAsciiDoc = name: value: ''
|
||||
== ${name}
|
||||
|
||||
${value.description}
|
||||
|
||||
[discrete]
|
||||
=== details
|
||||
|
||||
Type:: ${value.type}
|
||||
${ if lib.hasAttr "default" value
|
||||
then ''
|
||||
Default::
|
||||
+
|
||||
----
|
||||
${builtins.toJSON value.default}
|
||||
----
|
||||
''
|
||||
else "No Default:: {blank}"
|
||||
}
|
||||
${ if value.readOnly
|
||||
then "Read Only:: {blank}"
|
||||
else ""
|
||||
}
|
||||
${ if lib.hasAttr "example" value
|
||||
then ''
|
||||
Example::
|
||||
+
|
||||
----
|
||||
${builtins.toJSON value.example}
|
||||
----
|
||||
''
|
||||
else "No Example:: {blank}"
|
||||
}
|
||||
'';
|
||||
|
||||
in rec {
|
||||
inherit optionsNix;
|
||||
|
||||
optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix);
|
||||
|
||||
optionsJSON = pkgs.runCommand "options.json"
|
||||
{ meta.description = "List of NixOS options in JSON format";
|
||||
}
|
||||
''
|
||||
# Export list of options in different format.
|
||||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
|
||||
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
|
||||
''; # */
|
||||
|
||||
optionsDocBook = pkgs.runCommand "options-docbook.xml" {} ''
|
||||
optionsXML=${optionsXML}
|
||||
if grep /nixpkgs/nixos/modules $optionsXML; then
|
||||
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
|
||||
echo "since this prevents sharing via the NixOS channel. This is typically"
|
||||
echo "caused by an option default that refers to a relative path (see above"
|
||||
echo "for hints about the offending path)."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
${pkgs.libxslt.bin}/bin/xsltproc \
|
||||
--stringparam revision '${revision}' \
|
||||
-o intermediate.xml ${./options-to-docbook.xsl} $optionsXML
|
||||
${pkgs.libxslt.bin}/bin/xsltproc \
|
||||
-o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml
|
||||
'';
|
||||
}
|
@ -9,6 +9,8 @@ let
|
||||
timezone = types.nullOr (types.addCheck types.str nospace)
|
||||
// { description = "null or string without spaces"; };
|
||||
|
||||
lcfg = config.location;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
@ -37,12 +39,45 @@ in
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
location = {
|
||||
|
||||
latitude = mkOption {
|
||||
type = types.float;
|
||||
description = ''
|
||||
Your current latitude, between
|
||||
<literal>-90.0</literal> and <literal>90.0</literal>. Must be provided
|
||||
along with longitude.
|
||||
'';
|
||||
};
|
||||
|
||||
longitude = mkOption {
|
||||
type = types.float;
|
||||
description = ''
|
||||
Your current longitude, between
|
||||
between <literal>-180.0</literal> and <literal>180.0</literal>. Must be
|
||||
provided along with latitude.
|
||||
'';
|
||||
};
|
||||
|
||||
provider = mkOption {
|
||||
type = types.enum [ "manual" "geoclue2" ];
|
||||
default = "manual";
|
||||
description = ''
|
||||
The location provider to use for determining your location. If set to
|
||||
<literal>manual</literal> you must also provide latitude/longitude.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
environment.sessionVariables.TZDIR = "/etc/zoneinfo";
|
||||
|
||||
services.geoclue2.enable = mkIf (lcfg.provider == "geoclue2") true;
|
||||
|
||||
# This way services are restarted when tzdata changes.
|
||||
systemd.globalEnvironment.TZDIR = tzdir;
|
||||
|
@ -34,7 +34,7 @@ with lib;
|
||||
networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; };
|
||||
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
|
||||
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
|
||||
pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt = null; };
|
||||
pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt4 = null; qt5 = null; };
|
||||
gobject-introspection = super.gobject-introspection.override { x11Support = false; };
|
||||
}));
|
||||
};
|
||||
|
@ -564,7 +564,10 @@ in {
|
||||
};
|
||||
}) (filterAttrs (_: u: u.packages != []) cfg.users));
|
||||
|
||||
environment.profiles = [ "/etc/profiles/per-user/$USER" ];
|
||||
environment.profiles = [
|
||||
"$HOME/.nix-profile"
|
||||
"/etc/profiles/per-user/$USER"
|
||||
];
|
||||
|
||||
assertions = [
|
||||
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
|
||||
|
@ -1,10 +1,12 @@
|
||||
{ config, pkgs ,lib ,... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options.xdg.portal = {
|
||||
enable =
|
||||
mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>"//{
|
||||
default = config.services.xserver.enable;
|
||||
default = false;
|
||||
};
|
||||
|
||||
extraPortals = mkOption {
|
||||
@ -19,6 +21,17 @@ with lib;
|
||||
environments you probably want to add them yourself.
|
||||
'';
|
||||
};
|
||||
|
||||
gtkUsePortal = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Sets environment variable <literal>GTK_USE_PORTAL</literal> to <literal>1</literal>.
|
||||
This is needed for packages ran outside Flatpak to respect and use XDG Desktop Portals.
|
||||
For example, you'd need to set this for non-flatpak Firefox to use native filechoosers.
|
||||
Defaults to <literal>false</literal> to respect its opt-in nature.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
@ -28,10 +41,17 @@ with lib;
|
||||
|
||||
in mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = (cfg.gtkUsePortal -> cfg.extraPortals != []);
|
||||
message = "Setting xdg.portal.gtkUsePortal to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde.";
|
||||
}
|
||||
];
|
||||
|
||||
services.dbus.packages = packages;
|
||||
systemd.packages = packages;
|
||||
|
||||
environment.variables = {
|
||||
GTK_USE_PORTAL = "1";
|
||||
GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
|
||||
XDG_DESKTOP_PORTAL_PATH = map (p: "${p}/share/xdg-desktop-portal/portals") cfg.extraPortals;
|
||||
};
|
||||
};
|
||||
|
@ -55,7 +55,7 @@ in
|
||||
|
||||
# Without dconf enabled it is impossible to use IBus
|
||||
environment.systemPackages = with pkgs; [
|
||||
ibus-qt gnome3.dconf ibusAutostart
|
||||
gnome3.dconf ibusAutostart
|
||||
];
|
||||
|
||||
environment.variables = {
|
||||
|
@ -8,16 +8,30 @@ with lib;
|
||||
{
|
||||
imports = [ ./installation-cd-base.nix ];
|
||||
|
||||
# Whitelist wheel users to do anything
|
||||
# This is useful for things like pkexec
|
||||
#
|
||||
# WARNING: this is dangerous for systems
|
||||
# outside the installation-cd and shouldn't
|
||||
# be used anywhere else.
|
||||
security.polkit.extraConfig = ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (subject.isInGroup("wheel")) {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
});
|
||||
'';
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
# Don't start the X server by default.
|
||||
autorun = mkForce false;
|
||||
|
||||
# Automatically login as root.
|
||||
# Automatically login as nixos.
|
||||
displayManager.slim = {
|
||||
enable = true;
|
||||
defaultUser = "root";
|
||||
defaultUser = "nixos";
|
||||
autoLogin = true;
|
||||
};
|
||||
|
||||
@ -33,7 +47,6 @@ with lib;
|
||||
|
||||
# Enable sound in graphical iso's.
|
||||
hardware.pulseaudio.enable = true;
|
||||
hardware.pulseaudio.systemWide = true; # Needed since we run plasma as root.
|
||||
|
||||
environment.systemPackages = [
|
||||
# Include gparted for partitioning disks.
|
||||
|
@ -1,5 +1,5 @@
|
||||
# This module defines a NixOS installation CD that contains X11 and
|
||||
# Plasma5.
|
||||
# Plasma 5.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
@ -30,15 +30,20 @@ with lib;
|
||||
Version=1.0
|
||||
Type=Application
|
||||
Name=NixOS Manual
|
||||
Exec=firefox ${config.system.build.manual.manualHTMLIndex}
|
||||
Exec=firefox ${config.system.build.manual.manual}/share/doc/nixos/index.html
|
||||
Icon=text-html
|
||||
'';
|
||||
|
||||
homeDir = "/home/nixos/";
|
||||
desktopDir = homeDir + "Desktop/";
|
||||
|
||||
in ''
|
||||
mkdir -p /root/Desktop
|
||||
ln -sfT ${manualDesktopFile} /root/Desktop/nixos-manual.desktop
|
||||
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop
|
||||
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
|
||||
mkdir -p ${desktopDir}
|
||||
chown nixos ${homeDir} ${desktopDir}
|
||||
|
||||
ln -sfT ${manualDesktopFile} ${desktopDir + "nixos-manual.desktop"}
|
||||
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop ${desktopDir + "gparted.desktop"}
|
||||
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop ${desktopDir + "org.kde.konsole.desktop"}
|
||||
'';
|
||||
|
||||
}
|
||||
|
@ -16,7 +16,8 @@ fi
|
||||
|
||||
mountPoint=/mnt
|
||||
system=/nix/var/nix/profiles/system
|
||||
command=($system/sw/bin/bash "--login")
|
||||
command=("$system/sw/bin/bash" "--login")
|
||||
silent=0
|
||||
|
||||
while [ "$#" -gt 0 ]; do
|
||||
i="$1"; shift 1
|
||||
@ -32,9 +33,12 @@ while [ "$#" -gt 0 ]; do
|
||||
exit 1
|
||||
;;
|
||||
--command|-c)
|
||||
command=($system/sw/bin/bash "-c" "$1")
|
||||
command=("$system/sw/bin/bash" "-c" "$1")
|
||||
shift 1
|
||||
;;
|
||||
--silent)
|
||||
silent=1
|
||||
;;
|
||||
--)
|
||||
command=("$@")
|
||||
break
|
||||
@ -51,11 +55,20 @@ if [[ ! -e $mountPoint/etc/NIXOS ]]; then
|
||||
exit 126
|
||||
fi
|
||||
|
||||
mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/sys"
|
||||
mkdir -p "$mountPoint/dev" "$mountPoint/sys"
|
||||
chmod 0755 "$mountPoint/dev" "$mountPoint/sys"
|
||||
mount --rbind /dev "$mountPoint/dev"
|
||||
mount --rbind /sys "$mountPoint/sys"
|
||||
|
||||
# If silent, write both stdout and stderr of activation script to /dev/null
|
||||
# otherwise, write both streams to stderr of this process
|
||||
if [ "$silent" -eq 0 ]; then
|
||||
PIPE_TARGET="/dev/stderr"
|
||||
else
|
||||
PIPE_TARGET="/dev/null"
|
||||
fi
|
||||
|
||||
# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings.
|
||||
LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 || true
|
||||
LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" chroot "$mountPoint" "$system/activate" >>$PIPE_TARGET 2>&1 || true
|
||||
|
||||
exec chroot "$mountPoint" "${command[@]}"
|
||||
|
@ -607,90 +607,7 @@ EOF
|
||||
}
|
||||
|
||||
write_file($fn, <<EOF);
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
$bootLoaderConfig
|
||||
# networking.hostName = "nixos"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password\@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
# consoleFont = "Lat2-Terminus16";
|
||||
# consoleKeyMap = "us";
|
||||
# defaultLocale = "en_US.UTF-8";
|
||||
# };
|
||||
|
||||
# Set your time zone.
|
||||
# time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# \$ nix search wget
|
||||
# environment.systemPackages = with pkgs; [
|
||||
# wget vim
|
||||
# ];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
# services.openssh.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable sound.
|
||||
# sound.enable = true;
|
||||
# hardware.pulseaudio.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
# services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable touchpad support.
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
# users.users.jane = {
|
||||
# isNormalUser = true;
|
||||
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
# };
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "${\(qw(@release@))}"; # Did you read the comment?
|
||||
|
||||
}
|
||||
@configuration@
|
||||
EOF
|
||||
} else {
|
||||
print STDERR "warning: not overwriting existing $fn\n";
|
||||
|
@ -38,7 +38,7 @@ let
|
||||
src = ./nixos-generate-config.pl;
|
||||
path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ];
|
||||
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/${pkgs.perl.libPrefix}";
|
||||
inherit (config.system.nixos) release;
|
||||
inherit (config.system.nixos-generate-config) configuration;
|
||||
};
|
||||
|
||||
nixos-option = makeProg {
|
||||
@ -61,8 +61,111 @@ in
|
||||
|
||||
{
|
||||
|
||||
options.system.nixos-generate-config.configuration = mkOption {
|
||||
internal = true;
|
||||
type = types.str;
|
||||
description = ''
|
||||
The NixOS module that <literal>nixos-generate-config</literal>
|
||||
saves to <literal>/etc/nixos/configuration.nix</literal>.
|
||||
|
||||
This is an internal option. No backward compatibility is guaranteed.
|
||||
Use at your own risk!
|
||||
|
||||
Note that this string gets spliced into a Perl script. The perl
|
||||
variable <literal>$bootLoaderConfig</literal> can be used to
|
||||
splice in the boot loader configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
system.nixos-generate-config.configuration = mkDefault ''
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
$bootLoaderConfig
|
||||
# networking.hostName = "nixos"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password\@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
# consoleFont = "Lat2-Terminus16";
|
||||
# consoleKeyMap = "us";
|
||||
# defaultLocale = "en_US.UTF-8";
|
||||
# };
|
||||
|
||||
# Set your time zone.
|
||||
# time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# \$ nix search wget
|
||||
# environment.systemPackages = with pkgs; [
|
||||
# wget vim
|
||||
# ];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
# services.openssh.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable sound.
|
||||
# sound.enable = true;
|
||||
# hardware.pulseaudio.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
# services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable touchpad support.
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
# users.users.jane = {
|
||||
# isNormalUser = true;
|
||||
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
# };
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "${config.system.nixos.release}"; # Did you read the comment?
|
||||
|
||||
}
|
||||
'';
|
||||
|
||||
environment.systemPackages =
|
||||
[ nixos-build-vms
|
||||
nixos-install
|
||||
|
@ -58,7 +58,6 @@ in
|
||||
"crashkernel=${crashdump.reservedMemory}"
|
||||
"nmi_watchdog=panic"
|
||||
"softlockup_panic=1"
|
||||
"idle=poll"
|
||||
];
|
||||
kernelPatches = [ {
|
||||
name = "crashdump-config";
|
||||
|
@ -19,7 +19,7 @@ let
|
||||
lhs = optCall lhs_ { inherit pkgs; };
|
||||
rhs = optCall rhs_ { inherit pkgs; };
|
||||
in
|
||||
lhs // rhs //
|
||||
recursiveUpdate lhs rhs //
|
||||
optionalAttrs (lhs ? packageOverrides) {
|
||||
packageOverrides = pkgs:
|
||||
optCall lhs.packageOverrides pkgs //
|
||||
|
@ -20,6 +20,7 @@
|
||||
./config/iproute2.nix
|
||||
./config/krb5/default.nix
|
||||
./config/ldap.nix
|
||||
./config/locale.nix
|
||||
./config/malloc.nix
|
||||
./config/networking.nix
|
||||
./config/no-x-libs.nix
|
||||
@ -33,7 +34,6 @@
|
||||
./config/system-environment.nix
|
||||
./config/system-path.nix
|
||||
./config/terminfo.nix
|
||||
./config/timezone.nix
|
||||
./config/unix-odbc-drivers.nix
|
||||
./config/users-groups.nix
|
||||
./config/vpnc.nix
|
||||
@ -106,9 +106,15 @@
|
||||
./programs/digitalbitbox/default.nix
|
||||
./programs/dmrconfig.nix
|
||||
./programs/environment.nix
|
||||
./programs/evince.nix
|
||||
./programs/file-roller.nix
|
||||
./programs/firejail.nix
|
||||
./programs/fish.nix
|
||||
./programs/freetds.nix
|
||||
./programs/fuse.nix
|
||||
./programs/gnome-disks.nix
|
||||
./programs/gnome-documents.nix
|
||||
./programs/gpaste.nix
|
||||
./programs/gnupg.nix
|
||||
./programs/gphoto2.nix
|
||||
./programs/iftop.nix
|
||||
@ -209,6 +215,7 @@
|
||||
./services/backup/duplicity.nix
|
||||
./services/backup/mysql-backup.nix
|
||||
./services/backup/postgresql-backup.nix
|
||||
./services/backup/postgresql-wal-receiver.nix
|
||||
./services/backup/restic.nix
|
||||
./services/backup/restic-rest-server.nix
|
||||
./services/backup/rsnapshot.nix
|
||||
@ -280,12 +287,8 @@
|
||||
./services/desktops/pipewire.nix
|
||||
./services/desktops/gnome3/at-spi2-core.nix
|
||||
./services/desktops/gnome3/chrome-gnome-shell.nix
|
||||
./services/desktops/gnome3/evince.nix
|
||||
./services/desktops/gnome3/evolution-data-server.nix
|
||||
./services/desktops/gnome3/file-roller.nix
|
||||
./services/desktops/gnome3/glib-networking.nix
|
||||
./services/desktops/gnome3/gnome-disks.nix
|
||||
./services/desktops/gnome3/gnome-documents.nix
|
||||
./services/desktops/gnome3/gnome-keyring.nix
|
||||
./services/desktops/gnome3/gnome-online-accounts.nix
|
||||
./services/desktops/gnome3/gnome-remote-desktop.nix
|
||||
@ -293,7 +296,6 @@
|
||||
./services/desktops/gnome3/gnome-settings-daemon.nix
|
||||
./services/desktops/gnome3/gnome-terminal-server.nix
|
||||
./services/desktops/gnome3/gnome-user-share.nix
|
||||
./services/desktops/gnome3/gpaste.nix
|
||||
./services/desktops/gnome3/gvfs.nix
|
||||
./services/desktops/gnome3/rygel.nix
|
||||
./services/desktops/gnome3/seahorse.nix
|
||||
@ -402,6 +404,7 @@
|
||||
./services/misc/couchpotato.nix
|
||||
./services/misc/devmon.nix
|
||||
./services/misc/dictd.nix
|
||||
./services/misc/dwm-status.nix
|
||||
./services/misc/dysnomia.nix
|
||||
./services/misc/disnix.nix
|
||||
./services/misc/docker-registry.nix
|
||||
@ -519,6 +522,7 @@
|
||||
./services/monitoring/systemhealth.nix
|
||||
./services/monitoring/teamviewer.nix
|
||||
./services/monitoring/telegraf.nix
|
||||
./services/monitoring/thanos.nix
|
||||
./services/monitoring/ups.nix
|
||||
./services/monitoring/uptime.nix
|
||||
./services/monitoring/vnstat.nix
|
||||
@ -780,6 +784,7 @@
|
||||
./services/web-apps/icingaweb2/module-monitoring.nix
|
||||
./services/web-apps/limesurvey.nix
|
||||
./services/web-apps/mattermost.nix
|
||||
./services/web-apps/mediawiki.nix
|
||||
./services/web-apps/miniflux.nix
|
||||
./services/web-apps/nextcloud.nix
|
||||
./services/web-apps/nexus.nix
|
||||
@ -815,6 +820,8 @@
|
||||
./services/web-servers/uwsgi.nix
|
||||
./services/web-servers/varnish/default.nix
|
||||
./services/web-servers/zope2.nix
|
||||
./services/x11/extra-layouts.nix
|
||||
./services/x11/clight.nix
|
||||
./services/x11/colord.nix
|
||||
./services/x11/compton.nix
|
||||
./services/x11/unclutter.nix
|
||||
|
@ -26,6 +26,8 @@ with lib;
|
||||
|
||||
security.allowSimultaneousMultithreading = mkDefault false;
|
||||
|
||||
security.forcePageTableIsolation = mkDefault true;
|
||||
|
||||
security.virtualisation.flushL1DataCache = mkDefault "always";
|
||||
|
||||
security.apparmor.enable = mkDefault true;
|
||||
@ -42,9 +44,6 @@ with lib;
|
||||
|
||||
# Disable legacy virtual syscalls
|
||||
"vsyscall=none"
|
||||
|
||||
# Enable PTI even if CPU claims to be safe from meltdown
|
||||
"pti=on"
|
||||
];
|
||||
|
||||
boot.blacklistedKernelModules = [
|
||||
|
@ -32,19 +32,35 @@ with lib;
|
||||
#services.rogue.enable = true;
|
||||
|
||||
# Disable some other stuff we don't need.
|
||||
security.sudo.enable = mkDefault false;
|
||||
services.udisks2.enable = mkDefault false;
|
||||
|
||||
# Use less privileged nixos user
|
||||
users.users.nixos = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "networkmanager" "video" ];
|
||||
# Allow the graphical user to login without password
|
||||
initialHashedPassword = "";
|
||||
};
|
||||
|
||||
# Allow the user to log in as root without a password.
|
||||
users.users.root.initialHashedPassword = "";
|
||||
|
||||
# Allow passwordless sudo from nixos user
|
||||
security.sudo = {
|
||||
enable = mkDefault true;
|
||||
wheelNeedsPassword = mkForce false;
|
||||
};
|
||||
|
||||
# Automatically log in at the virtual consoles.
|
||||
services.mingetty.autologinUser = "root";
|
||||
services.mingetty.autologinUser = "nixos";
|
||||
|
||||
# Some more help text.
|
||||
services.mingetty.helpLine =
|
||||
''
|
||||
|
||||
The "root" account has an empty password. ${
|
||||
The "nixos" and "root" account have empty passwords. ${
|
||||
optionalString config.services.xserver.enable
|
||||
"Type `systemctl start display-manager' to\nstart the graphical user interface."}
|
||||
"Type `sudo systemctl start display-manager' to\nstart the graphical user interface."}
|
||||
'';
|
||||
|
||||
# Allow sshd to be started manually through "systemctl start sshd".
|
||||
@ -86,8 +102,5 @@ with lib;
|
||||
# because we have the firewall enabled. This makes installs from the
|
||||
# console less cumbersome if the machine has a public IP.
|
||||
networking.firewall.logRefusedConnections = mkDefault false;
|
||||
|
||||
# Allow the user to log in as root without a password.
|
||||
users.users.root.initialHashedPassword = "";
|
||||
};
|
||||
}
|
||||
|
@ -23,9 +23,8 @@ in
|
||||
XCURSOR_PATH = [ "$HOME/.icons" ];
|
||||
};
|
||||
|
||||
environment.profiles =
|
||||
[ "$HOME/.nix-profile"
|
||||
"/nix/var/nix/profiles/default"
|
||||
environment.profiles = mkAfter
|
||||
[ "/nix/var/nix/profiles/default"
|
||||
"/run/current-system/sw"
|
||||
];
|
||||
|
||||
|
@ -6,14 +6,21 @@ with lib;
|
||||
|
||||
{
|
||||
|
||||
# Added 2019-08-09
|
||||
imports = [
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "gnome3" "evince" "enable" ]
|
||||
[ "programs" "evince" "enable" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gnome3.evince = {
|
||||
programs.evince = {
|
||||
|
||||
enable = mkEnableOption
|
||||
"systemd and dbus services for Evince, the GNOME document viewer";
|
||||
"Evince, the GNOME document viewer";
|
||||
|
||||
};
|
||||
|
||||
@ -22,7 +29,7 @@ with lib;
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.gnome3.evince.enable {
|
||||
config = mkIf config.programs.evince.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.evince ];
|
||||
|
@ -6,11 +6,18 @@ with lib;
|
||||
|
||||
{
|
||||
|
||||
# Added 2019-08-09
|
||||
imports = [
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "gnome3" "file-roller" "enable" ]
|
||||
[ "programs" "file-roller" "enable" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gnome3.file-roller = {
|
||||
programs.file-roller = {
|
||||
|
||||
enable = mkEnableOption "File Roller, an archive manager for GNOME";
|
||||
|
||||
@ -21,7 +28,7 @@ with lib;
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.gnome3.file-roller.enable {
|
||||
config = mkIf config.programs.file-roller.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.gnome3.file-roller ];
|
||||
|
37
nixos/modules/programs/fuse.nix
Normal file
37
nixos/modules/programs/fuse.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.fuse;
|
||||
in {
|
||||
meta.maintainers = with maintainers; [ primeos ];
|
||||
|
||||
options.programs.fuse = {
|
||||
mountMax = mkOption {
|
||||
# In the C code it's an "int" (i.e. signed and at least 16 bit), but
|
||||
# negative numbers obviously make no sense:
|
||||
type = types.ints.between 0 32767; # 2^15 - 1
|
||||
default = 1000;
|
||||
description = ''
|
||||
Set the maximum number of FUSE mounts allowed to non-root users.
|
||||
'';
|
||||
};
|
||||
|
||||
userAllowOther = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allow non-root users to specify the allow_other or allow_root mount
|
||||
options, see mount.fuse3(8).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
environment.etc."fuse.conf".text = ''
|
||||
${optionalString (!cfg.userAllowOther) "#"}user_allow_other
|
||||
mount_max = ${toString cfg.mountMax}
|
||||
'';
|
||||
};
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
# GNOME Disks daemon.
|
||||
# GNOME Disks.
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
@ -6,17 +6,24 @@ with lib;
|
||||
|
||||
{
|
||||
|
||||
# Added 2019-08-09
|
||||
imports = [
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "gnome3" "gnome-disks" "enable" ]
|
||||
[ "programs" "gnome-disks" "enable" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gnome3.gnome-disks = {
|
||||
programs.gnome-disks = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable GNOME Disks daemon, a service designed to
|
||||
Whether to enable GNOME Disks daemon, a program designed to
|
||||
be a UDisks2 graphical front-end.
|
||||
'';
|
||||
};
|
||||
@ -28,7 +35,7 @@ with lib;
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.gnome3.gnome-disks.enable {
|
||||
config = mkIf config.programs.gnome-disks.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.gnome3.gnome-disk-utility ];
|
||||
|
@ -1,4 +1,4 @@
|
||||
# GNOME Documents daemon.
|
||||
# GNOME Documents.
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
@ -6,17 +6,24 @@ with lib;
|
||||
|
||||
{
|
||||
|
||||
# Added 2019-08-09
|
||||
imports = [
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "gnome3" "gnome-documents" "enable" ]
|
||||
[ "programs" "gnome-documents" "enable" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gnome3.gnome-documents = {
|
||||
programs.gnome-documents = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable GNOME Documents services, a document
|
||||
Whether to enable GNOME Documents, a document
|
||||
manager application for GNOME.
|
||||
'';
|
||||
};
|
||||
@ -28,7 +35,7 @@ with lib;
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.gnome3.gnome-documents.enable {
|
||||
config = mkIf config.programs.gnome-documents.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.gnome3.gnome-documents ];
|
||||
|
@ -1,12 +1,20 @@
|
||||
# GPaste daemon.
|
||||
# GPaste.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
# Added 2019-08-09
|
||||
imports = [
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "gnome3" "gpaste" "enable" ]
|
||||
[ "programs" "gpaste" "enable" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
options = {
|
||||
services.gnome3.gpaste = {
|
||||
programs.gpaste = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -18,10 +26,9 @@ with lib;
|
||||
};
|
||||
|
||||
###### implementation
|
||||
config = mkIf config.services.gnome3.gpaste.enable {
|
||||
config = mkIf config.programs.gpaste.enable {
|
||||
environment.systemPackages = [ pkgs.gnome3.gpaste ];
|
||||
services.dbus.packages = [ pkgs.gnome3.gpaste ];
|
||||
services.xserver.desktopManager.gnome3.sessionPath = [ pkgs.gnome3.gpaste ];
|
||||
systemd.packages = [ pkgs.gnome3.gpaste ];
|
||||
};
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.nylas-mail;
|
||||
in {
|
||||
###### interface
|
||||
options = {
|
||||
services.nylas-mail = {
|
||||
|
||||
enable = mkEnableOption ''
|
||||
nylas-mail - Open-source mail client built on the modern web with Electron, React, and Flux
|
||||
'';
|
||||
|
||||
gnome3-keyring = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable gnome3 keyring for nylas-mail.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.nylas-mail-bin ];
|
||||
|
||||
services.gnome3.gnome-keyring = mkIf cfg.gnome3-keyring {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
@ -12,7 +12,7 @@ with lib;
|
||||
''
|
||||
# Set up the per-user profile.
|
||||
mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
|
||||
if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
|
||||
if [ "$(stat -c '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
|
||||
echo "WARNING: the per-user profile dir $NIX_USER_PROFILE_DIR should belong to user id $(id -u)" >&2
|
||||
fi
|
||||
|
||||
@ -34,7 +34,7 @@ with lib;
|
||||
# Create the per-user garbage collector roots directory.
|
||||
NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
|
||||
mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
|
||||
if [ "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
|
||||
if [ "$(stat -c '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
|
||||
echo "WARNING: the per-user gcroots dir $NIX_USER_GCROOTS_DIR should belong to user id $(id -u)" >&2
|
||||
fi
|
||||
|
||||
|
@ -21,7 +21,7 @@ let
|
||||
|
||||
knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
|
||||
(h: assert h.hostNames != [];
|
||||
concatStringsSep "," h.hostNames + " "
|
||||
optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
|
||||
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
|
||||
)) + "\n";
|
||||
|
||||
@ -128,6 +128,14 @@ in
|
||||
default = {};
|
||||
type = types.loaOf (types.submodule ({ name, ... }: {
|
||||
options = {
|
||||
certAuthority = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
This public key is an SSH certificate authority, rather than an
|
||||
individual host's key.
|
||||
'';
|
||||
};
|
||||
hostNames = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
@ -227,6 +235,7 @@ in
|
||||
systemd.user.services.ssh-agent = mkIf cfg.startAgent
|
||||
{ description = "SSH Agent";
|
||||
wantedBy = [ "default.target" ];
|
||||
unitConfig.ConditionUser = "!@system";
|
||||
serviceConfig =
|
||||
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
||||
ExecStart =
|
||||
|
@ -26,6 +26,7 @@ in
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.xonsh;
|
||||
example = literalExample "pkgs.xonsh.override { configFile = \"/path/to/xonshrc\"; }";
|
||||
description = ''
|
||||
xonsh package to use.
|
||||
@ -46,11 +47,11 @@ in
|
||||
|
||||
environment.etc."xonshrc".text = cfg.config;
|
||||
|
||||
environment.systemPackages = [ pkgs.xonsh ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
environment.shells =
|
||||
[ "/run/current-system/sw/bin/xonsh"
|
||||
"${pkgs.xonsh}/bin/xonsh"
|
||||
"${cfg.package}/bin/xonsh"
|
||||
];
|
||||
|
||||
};
|
||||
|
@ -51,6 +51,10 @@ with lib;
|
||||
(mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.")
|
||||
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
|
||||
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
|
||||
(mkRemovedOptionModule [ "services" "prometheus2" "alertmanagerURL" ] ''
|
||||
Due to incompatibility, the alertmanagerURL option has been removed,
|
||||
please use 'services.prometheus2.alertmanagers' instead.
|
||||
'')
|
||||
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
|
||||
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
|
||||
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
|
||||
@ -257,6 +261,20 @@ with lib;
|
||||
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
|
||||
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
|
||||
|
||||
# Redshift
|
||||
(mkChangedOptionModule [ "services" "redshift" "latitude" ] [ "location" "latitude" ]
|
||||
(config:
|
||||
let value = getAttrFromPath [ "services" "redshift" "latitude" ] config;
|
||||
in if value == null then
|
||||
throw "services.redshift.latitude is set to null, you can remove this"
|
||||
else builtins.fromJSON value))
|
||||
(mkChangedOptionModule [ "services" "redshift" "longitude" ] [ "location" "longitude" ]
|
||||
(config:
|
||||
let value = getAttrFromPath [ "services" "redshift" "longitude" ] config;
|
||||
in if value == null then
|
||||
throw "services.redshift.longitude is set to null, you can remove this"
|
||||
else builtins.fromJSON value))
|
||||
|
||||
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
|
||||
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
|
||||
"snmpExporter" "unifiExporter" "varnishExporter" ]
|
||||
|
@ -54,6 +54,18 @@ with lib;
|
||||
'';
|
||||
};
|
||||
|
||||
security.forcePageTableIsolation = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to force-enable the Page Table Isolation (PTI) Linux kernel
|
||||
feature even on CPU models that claim to be safe from Meltdown.
|
||||
|
||||
This hardening feature is most beneficial to systems that run untrusted
|
||||
workloads that rely on address space isolation for security.
|
||||
'';
|
||||
};
|
||||
|
||||
security.virtualisation.flushL1DataCache = mkOption {
|
||||
type = types.nullOr (types.enum [ "never" "cond" "always" ]);
|
||||
default = null;
|
||||
@ -114,6 +126,10 @@ with lib;
|
||||
boot.kernelParams = [ "nosmt" ];
|
||||
})
|
||||
|
||||
(mkIf config.security.forcePageTableIsolation {
|
||||
boot.kernelParams = [ "pti=on" ];
|
||||
})
|
||||
|
||||
(mkIf (config.security.virtualisation.flushL1DataCache != null) {
|
||||
boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualisation.flushL1DataCache}" ];
|
||||
})
|
||||
|
@ -97,8 +97,8 @@ in
|
||||
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.dataDir}/.config/oxidized
|
||||
cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
|
||||
cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
|
||||
ln -f -s ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
|
||||
ln -f -s ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -41,7 +41,7 @@ in
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = with types; attrsOf (either (either str (either int bool)) (listOf str));
|
||||
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
|
||||
default = {};
|
||||
description = ''
|
||||
automysqlbackup configuration. Refer to
|
||||
|
203
nixos/modules/services/backup/postgresql-wal-receiver.nix
Normal file
203
nixos/modules/services/backup/postgresql-wal-receiver.nix
Normal file
@ -0,0 +1,203 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
receiverSubmodule = {
|
||||
options = {
|
||||
postgresqlPackage = mkOption {
|
||||
type = types.package;
|
||||
example = literalExample "pkgs.postgresql_11";
|
||||
description = ''
|
||||
PostgreSQL package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
directory = mkOption {
|
||||
type = types.path;
|
||||
example = literalExample "/mnt/pg_wal/main/";
|
||||
description = ''
|
||||
Directory to write the output to.
|
||||
'';
|
||||
};
|
||||
|
||||
statusInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 10;
|
||||
description = ''
|
||||
Specifies the number of seconds between status packets sent back to the server.
|
||||
This allows for easier monitoring of the progress from server.
|
||||
A value of zero disables the periodic status updates completely,
|
||||
although an update will still be sent when requested by the server, to avoid timeout disconnect.
|
||||
'';
|
||||
};
|
||||
|
||||
slot = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "some_slot_name";
|
||||
description = ''
|
||||
Require <command>pg_receivewal</command> to use an existing replication slot (see
|
||||
<link xlink:href="https://www.postgresql.org/docs/current/warm-standby.html#STREAMING-REPLICATION-SLOTS">Section 26.2.6 of the PostgreSQL manual</link>).
|
||||
When this option is used, <command>pg_receivewal</command> will report a flush position to the server,
|
||||
indicating when each segment has been synchronized to disk so that the server can remove that segment if it is not otherwise needed.
|
||||
|
||||
When the replication client of <command>pg_receivewal</command> is configured on the server as a synchronous standby,
|
||||
then using a replication slot will report the flush position to the server, but only when a WAL file is closed.
|
||||
Therefore, that configuration will cause transactions on the primary to wait for a long time and effectively not work satisfactorily.
|
||||
The option <option>synchronous</option> must be specified in addition to make this work correctly.
|
||||
'';
|
||||
};
|
||||
|
||||
synchronous = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Flush the WAL data to disk immediately after it has been received.
|
||||
Also send a status packet back to the server immediately after flushing, regardless of <option>statusInterval</option>.
|
||||
|
||||
This option should be specified if the replication client of <command>pg_receivewal</command> is configured on the server as a synchronous standby,
|
||||
to ensure that timely feedback is sent to the server.
|
||||
'';
|
||||
};
|
||||
|
||||
compress = mkOption {
|
||||
type = types.ints.between 0 9;
|
||||
default = 0;
|
||||
description = ''
|
||||
Enables gzip compression of write-ahead logs, and specifies the compression level
|
||||
(<literal>0</literal> through <literal>9</literal>, <literal>0</literal> being no compression and <literal>9</literal> being best compression).
|
||||
The suffix <literal>.gz</literal> will automatically be added to all filenames.
|
||||
|
||||
This option requires PostgreSQL >= 10.
|
||||
'';
|
||||
};
|
||||
|
||||
connection = mkOption {
|
||||
type = types.str;
|
||||
example = "postgresql://user@somehost";
|
||||
description = ''
|
||||
Specifies parameters used to connect to the server, as a connection string.
|
||||
See <link xlink:href="https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING">Section 34.1.1 of the PostgreSQL manual</link> for more information.
|
||||
|
||||
Because <command>pg_receivewal</command> doesn't connect to any particular database in the cluster,
|
||||
database name in the connection string will be ignored.
|
||||
'';
|
||||
};
|
||||
|
||||
extraArgs = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ ];
|
||||
example = literalExample ''
|
||||
[
|
||||
"--no-sync"
|
||||
]
|
||||
'';
|
||||
description = ''
|
||||
A list of extra arguments to pass to the <command>pg_receivewal</command> command.
|
||||
'';
|
||||
};
|
||||
|
||||
environment = mkOption {
|
||||
type = with types; attrsOf str;
|
||||
default = { };
|
||||
example = literalExample ''
|
||||
{
|
||||
PGPASSFILE = "/private/passfile";
|
||||
PGSSLMODE = "require";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Environment variables passed to the service.
|
||||
Usable parameters are listed in <link xlink:href="https://www.postgresql.org/docs/current/libpq-envars.html">Section 34.14 of the PostgreSQL manual</link>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
options = {
|
||||
services.postgresqlWalReceiver = {
|
||||
receivers = mkOption {
|
||||
type = with types; attrsOf (submodule receiverSubmodule);
|
||||
default = { };
|
||||
example = literalExample ''
|
||||
{
|
||||
main = {
|
||||
postgresqlPackage = pkgs.postgresql_11;
|
||||
directory = /mnt/pg_wal/main/;
|
||||
slot = "main_wal_receiver";
|
||||
connection = "postgresql://user@somehost";
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
PostgreSQL WAL receivers.
|
||||
Stream write-ahead logs from a PostgreSQL server using <command>pg_receivewal</command> (formerly <command>pg_receivexlog</command>).
|
||||
See <link xlink:href="https://www.postgresql.org/docs/current/app-pgreceivewal.html">the man page</link> for more information.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = let
|
||||
receivers = config.services.postgresqlWalReceiver.receivers;
|
||||
in mkIf (receivers != { }) {
|
||||
users = {
|
||||
users.postgres = {
|
||||
uid = config.ids.uids.postgres;
|
||||
group = "postgres";
|
||||
description = "PostgreSQL server user";
|
||||
};
|
||||
|
||||
groups.postgres = {
|
||||
gid = config.ids.gids.postgres;
|
||||
};
|
||||
};
|
||||
|
||||
assertions = concatLists (attrsets.mapAttrsToList (name: config: [
|
||||
{
|
||||
assertion = config.compress > 0 -> versionAtLeast config.postgresqlPackage.version "10";
|
||||
message = "Invalid configuration for WAL receiver \"${name}\": compress requires PostgreSQL version >= 10.";
|
||||
}
|
||||
]) receivers);
|
||||
|
||||
systemd.tmpfiles.rules = mapAttrsToList (name: config: ''
|
||||
d ${escapeShellArg config.directory} 0750 postgres postgres - -
|
||||
'') receivers;
|
||||
|
||||
systemd.services = with attrsets; mapAttrs' (name: config: nameValuePair "postgresql-wal-receiver-${name}" {
|
||||
description = "PostgreSQL WAL receiver (${name})";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "postgres";
|
||||
Group = "postgres";
|
||||
KillSignal = "SIGINT";
|
||||
Restart = "always";
|
||||
RestartSec = 30;
|
||||
};
|
||||
|
||||
inherit (config) environment;
|
||||
|
||||
script = let
|
||||
receiverCommand = postgresqlPackage:
|
||||
if (versionAtLeast postgresqlPackage.version "10")
|
||||
then "${postgresqlPackage}/bin/pg_receivewal"
|
||||
else "${postgresqlPackage}/bin/pg_receivexlog";
|
||||
in ''
|
||||
${receiverCommand config.postgresqlPackage} \
|
||||
--no-password \
|
||||
--directory=${escapeShellArg config.directory} \
|
||||
--status-interval=${toString config.statusInterval} \
|
||||
--dbname=${escapeShellArg config.connection} \
|
||||
${optionalString (config.compress > 0) "--compress=${toString config.compress}"} \
|
||||
${optionalString (config.slot != "") "--slot=${escapeShellArg config.slot}"} \
|
||||
${optionalString config.synchronous "--synchronous"} \
|
||||
${concatStringsSep " " config.extraArgs}
|
||||
'';
|
||||
}) receivers;
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ pacien ];
|
||||
}
|
90
nixos/modules/services/backup/zfs-replication.nix
Normal file
90
nixos/modules/services/backup/zfs-replication.nix
Normal file
@ -0,0 +1,90 @@
|
||||
{ lib, pkgs, config, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.zfs.autoReplication;
|
||||
recursive = optionalString cfg.recursive " --recursive";
|
||||
followDelete = optionalString cfg.followDelete " --follow-delete";
|
||||
in {
|
||||
options = {
|
||||
services.zfs.autoReplication = {
|
||||
enable = mkEnableOption "ZFS snapshot replication.";
|
||||
|
||||
followDelete = mkOption {
|
||||
description = "Remove remote snapshots that don't have a local correspondant.";
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
description = "Remote host where snapshots should be sent.";
|
||||
example = "example.com";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
identityFilePath = mkOption {
|
||||
description = "Path to SSH key used to login to host.";
|
||||
example = "/home/username/.ssh/id_rsa";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
localFilesystem = mkOption {
|
||||
description = "Local ZFS fileystem from which snapshots should be sent. Defaults to the attribute name.";
|
||||
example = "pool/file/path";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
remoteFilesystem = mkOption {
|
||||
description = "Remote ZFS filesystem where snapshots should be sent.";
|
||||
example = "pool/file/path";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
recursive = mkOption {
|
||||
description = "Recursively discover snapshots to send.";
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
username = mkOption {
|
||||
description = "Username used by SSH to login to remote host.";
|
||||
example = "username";
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
pkgs.lz4
|
||||
];
|
||||
|
||||
systemd.services."zfs-replication" = {
|
||||
after = [
|
||||
"zfs-snapshot-daily.service"
|
||||
"zfs-snapshot-frequent.service"
|
||||
"zfs-snapshot-hourly.service"
|
||||
"zfs-snapshot-monthly.service"
|
||||
"zfs-snapshot-weekly.service"
|
||||
];
|
||||
description = "ZFS Snapshot Replication";
|
||||
documentation = [
|
||||
"https://github.com/alunduil/zfs-replicate"
|
||||
];
|
||||
restartIfChanged = false;
|
||||
serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${escapeShellArg cfg.username} -i ${escapeShellArg cfg.identityFilePath}${followDelete} ${escapeShellArg cfg.host} ${escapeShellArg cfg.remoteFilesystem} ${escapeShellArg cfg.localFilesystem}";
|
||||
wantedBy = [
|
||||
"zfs-snapshot-daily.service"
|
||||
"zfs-snapshot-frequent.service"
|
||||
"zfs-snapshot-hourly.service"
|
||||
"zfs-snapshot-monthly.service"
|
||||
"zfs-snapshot-weekly.service"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ alunduil ];
|
||||
};
|
||||
}
|
@ -160,7 +160,7 @@ in {
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${dirOf cfg.uriFile}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${dirOf cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
|
||||
"f '${cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.databaseDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.viewIndexDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
@ -169,11 +169,9 @@ in {
|
||||
description = "CouchDB Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart =
|
||||
''
|
||||
preStart = ''
|
||||
touch ${cfg.configFile}
|
||||
touch -a ${cfg.logFile}
|
||||
'';
|
||||
'';
|
||||
|
||||
environment = mkIf useVersion2 {
|
||||
# we are actually specifying 4 configuration files:
|
||||
|
@ -86,7 +86,25 @@ in
|
||||
in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
|
||||
|
||||
User = cfg.user;
|
||||
|
||||
# Filesystem access
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
RuntimeDirectory = "memcached";
|
||||
# Caps
|
||||
CapabilityBoundingSet = "";
|
||||
NoNewPrivileges = true;
|
||||
# Misc.
|
||||
LockPersonality = true;
|
||||
RestrictRealtime = true;
|
||||
PrivateMounts = true;
|
||||
PrivateUsers = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -251,6 +251,10 @@ in
|
||||
|
||||
environment.systemPackages = [ postgresql ];
|
||||
|
||||
environment.pathsToLink = [
|
||||
"/share/postgresql"
|
||||
];
|
||||
|
||||
systemd.services.postgresql =
|
||||
{ description = "PostgreSQL Server";
|
||||
|
||||
@ -326,13 +330,13 @@ in
|
||||
fi
|
||||
'' + optionalString (cfg.ensureDatabases != []) ''
|
||||
${concatMapStrings (database: ''
|
||||
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc "CREATE DATABASE ${database}"
|
||||
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"'
|
||||
'') cfg.ensureDatabases}
|
||||
'' + ''
|
||||
${concatMapStrings (user: ''
|
||||
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc "CREATE USER ${user.name}"
|
||||
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
|
||||
$PSQL -tAc "GRANT ${permission} ON ${database} TO ${user.name}"
|
||||
$PSQL -tAc 'GRANT ${permission} ON ${database} TO ${user.name}'
|
||||
'') user.ensurePermissions)}
|
||||
'') cfg.ensureUsers}
|
||||
'';
|
||||
|
@ -22,6 +22,12 @@ in {
|
||||
###### implementation
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = (config.xdg.portal.enable == true);
|
||||
message = "To use Flatpak you must enable XDG Desktop Portals with xdg.portal.enable.";
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.flatpak ];
|
||||
|
||||
services.dbus.packages = [ pkgs.flatpak ];
|
||||
|
@ -9,6 +9,20 @@ let
|
||||
in {
|
||||
|
||||
options.services.bloop = {
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
example = [
|
||||
"-J-Xmx2G"
|
||||
"-J-XX:MaxInlineLevel=20"
|
||||
"-J-XX:+UseParallelGC"
|
||||
];
|
||||
description = ''
|
||||
Specifies additional command line argument to pass to bloop
|
||||
java process.
|
||||
'';
|
||||
};
|
||||
|
||||
install = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -25,10 +39,13 @@ in {
|
||||
systemd.user.services.bloop = {
|
||||
description = "Bloop Scala build server";
|
||||
|
||||
environment = {
|
||||
PATH = mkForce "${makeBinPath [ config.programs.java.package ]}";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = ''${pkgs.bloop}/bin/blp-server'';
|
||||
Restart = "always";
|
||||
Type = "simple";
|
||||
ExecStart = ''${pkgs.bloop}/bin/bloop server'';
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -118,7 +118,7 @@ in {
|
||||
};
|
||||
|
||||
serverProperties = mkOption {
|
||||
type = with types; attrsOf (either bool (either int str));
|
||||
type = with types; attrsOf (oneOf [ bool int str ]);
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
|
@ -8,6 +8,12 @@ in {
|
||||
options = {
|
||||
services.throttled = {
|
||||
enable = mkEnableOption "fix for Intel CPU throttling";
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Alternative configuration";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -16,6 +22,9 @@ in {
|
||||
# The upstream package has this in Install, but that's not enough, see the NixOS manual
|
||||
systemd.services."lenovo_fix".wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment.etc."lenovo_fix.conf".source = "${pkgs.throttled}/etc/lenovo_fix.conf";
|
||||
environment.etc."lenovo_fix.conf".source =
|
||||
if cfg.extraConfig != ""
|
||||
then pkgs.writeText "lenovo_fix.conf" cfg.extraConfig
|
||||
else "${pkgs.throttled}/etc/lenovo_fix.conf";
|
||||
};
|
||||
}
|
||||
|
@ -7,7 +7,7 @@ let
|
||||
cfg = config.services.davmail;
|
||||
|
||||
configType = with types;
|
||||
either (either (attrsOf configType) str) (either int bool) // {
|
||||
oneOf [ (attrsOf configType) str int bool ] // {
|
||||
description = "davmail config type (str, int, bool or attribute set thereof)";
|
||||
};
|
||||
|
||||
|
@ -447,7 +447,7 @@ in
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = with types; attrsOf (either bool (either str (listOf str)));
|
||||
type = with types; attrsOf (oneOf [ bool str (listOf str) ]);
|
||||
description = ''
|
||||
The main.cf configuration file as key value set.
|
||||
'';
|
||||
|
@ -331,7 +331,7 @@ in
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = with types; attrsOf (either bool (either str (listOf str)));
|
||||
type = with types; attrsOf (oneOf [ bool str (listOf str) ]);
|
||||
description = ''
|
||||
Addon to postfix configuration
|
||||
'';
|
||||
|
@ -30,7 +30,7 @@ in {
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = with types; attrsOf (either str (either int bool));
|
||||
type = with types; attrsOf (oneOf [ str int bool ]);
|
||||
default = {};
|
||||
description = ''
|
||||
The configuration to give rss2email.
|
||||
|
73
nixos/modules/services/misc/dwm-status.nix
Normal file
73
nixos/modules/services/misc/dwm-status.nix
Normal file
@ -0,0 +1,73 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.dwm-status;
|
||||
|
||||
order = concatMapStringsSep "," (feature: ''"${feature}"'') cfg.order;
|
||||
|
||||
configFile = pkgs.writeText "dwm-status.toml" ''
|
||||
order = [${order}]
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.dwm-status = {
|
||||
|
||||
enable = mkEnableOption "dwm-status user service";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.dwm-status;
|
||||
defaultText = "pkgs.dwm-status";
|
||||
example = "pkgs.dwm-status.override { enableAlsaUtils = false; }";
|
||||
description = ''
|
||||
Which dwm-status package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
order = mkOption {
|
||||
type = types.listOf (types.enum [ "audio" "backlight" "battery" "cpu_load" "network" "time" ]);
|
||||
description = ''
|
||||
List of enabled features in order.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra config in TOML format.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.upower.enable = elem "battery" cfg.order;
|
||||
|
||||
systemd.user.services.dwm-status = {
|
||||
description = "Highly performant and configurable DWM status service";
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
partOf = [ "graphical-session.target" ];
|
||||
|
||||
serviceConfig.ExecStart = "${cfg.package}/bin/dwm-status ${configFile}";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -502,6 +502,7 @@ in {
|
||||
"d ${cfg.statePath} 0750 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -"
|
||||
"D ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -"
|
||||
|
@ -143,21 +143,37 @@ in
|
||||
users.users.${cfg.user} = {
|
||||
description = "Gitolite user";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.gitolite;
|
||||
group = cfg.group;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
users.groups."${cfg.group}".gid = config.ids.gids.gitolite;
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0750 ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.dataDir}'/.gitolite - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.dataDir}'/.gitolite/logs - ${cfg.user} ${cfg.group} - -"
|
||||
|
||||
"Z ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services."gitolite-init" = {
|
||||
description = "Gitolite initialization";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
unitConfig.RequiresMountsFor = cfg.dataDir;
|
||||
|
||||
serviceConfig.User = "${cfg.user}";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
environment = {
|
||||
GITOLITE_RC = ".gitolite.rc";
|
||||
GITOLITE_RC_DEFAULT = "${rcDir}/gitolite.rc.default";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
WorkingDirectory = "~";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.diffutils config.programs.ssh.package ];
|
||||
script =
|
||||
@ -187,11 +203,6 @@ in
|
||||
'';
|
||||
in
|
||||
''
|
||||
cd ${cfg.dataDir}
|
||||
mkdir -p .gitolite/logs
|
||||
|
||||
GITOLITE_RC=.gitolite.rc
|
||||
GITOLITE_RC_DEFAULT=${rcDir}/gitolite.rc.default
|
||||
if ( [[ ! -e "$GITOLITE_RC" ]] && [[ ! -L "$GITOLITE_RC" ]] ) ||
|
||||
( [[ -f "$GITOLITE_RC" ]] && diff -q "$GITOLITE_RC" "$GITOLITE_RC_DEFAULT" >/dev/null ) ||
|
||||
( [[ -L "$GITOLITE_RC" ]] && [[ "$(readlink "$GITOLITE_RC")" =~ ^/nix/store/ ]] )
|
||||
|
@ -467,7 +467,7 @@ in
|
||||
fi
|
||||
'';
|
||||
|
||||
nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs);
|
||||
nix.nrBuildUsers = mkDefault (lib.max 32 (if cfg.maxJobs == "auto" then 0 else cfg.maxJobs));
|
||||
|
||||
users.users = nixbldUsers;
|
||||
|
||||
|
@ -411,7 +411,7 @@ in {
|
||||
} else {
|
||||
cert = "${cfg.pki.manual.server.cert}";
|
||||
key = "${cfg.pki.manual.server.key}";
|
||||
crl = "${cfg.pki.manual.server.crl}";
|
||||
${mapNullable (_: "crl") cfg.pki.manual.server.crl} = "${cfg.pki.manual.server.crl}";
|
||||
});
|
||||
|
||||
ca.cert = if needToCreateCA then "${cfg.dataDir}/keys/ca.cert"
|
||||
|
@ -42,9 +42,9 @@ let
|
||||
# Apply the configured extraIntegrations to the provided agent
|
||||
# package. See the documentation of `dd-agent/integrations-core.nix`
|
||||
# for detailed information on this.
|
||||
datadogPkg = cfg.package.overrideAttrs(_: {
|
||||
python = (pkgs.datadog-integrations-core cfg.extraIntegrations).python;
|
||||
});
|
||||
datadogPkg = cfg.package.override {
|
||||
pythonPackages = pkgs.datadog-integrations-core cfg.extraIntegrations;
|
||||
};
|
||||
in {
|
||||
options.services.datadog-agent = {
|
||||
enable = mkOption {
|
||||
@ -60,7 +60,7 @@ in {
|
||||
defaultText = "pkgs.datadog-agent";
|
||||
description = ''
|
||||
Which DataDog v6 agent package to use. Note that the provided
|
||||
package is expected to have an overridable `python`-attribute
|
||||
package is expected to have an overridable `pythonPackages`-attribute
|
||||
which configures the Python environment with the Datadog
|
||||
checks.
|
||||
'';
|
||||
|
@ -503,12 +503,12 @@ in {
|
||||
message = "Cannot set both adminPassword and adminPasswordFile";
|
||||
}
|
||||
{
|
||||
assertion = cfg.security.secretKeyFile != opt.security.secretKeyFile.default -> cfg.security.secretKeyFile == null;
|
||||
assertion = cfg.security.secretKey != opt.security.secretKey.default -> cfg.security.secretKeyFile == null;
|
||||
message = "Cannot set both secretKey and secretKeyFile";
|
||||
}
|
||||
{
|
||||
assertion = cfg.smtp.password != opt.smtp.password.default -> cfg.smtp.passwordFile == null;
|
||||
message = "Cannot set both password and secretKeyFile";
|
||||
message = "Cannot set both password and passwordFile";
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -79,12 +79,8 @@ let
|
||||
(pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg2.rules))
|
||||
]);
|
||||
scrape_configs = filterValidPrometheus cfg2.scrapeConfigs;
|
||||
alerting = optionalAttrs (cfg2.alertmanagerURL != []) {
|
||||
alertmanagers = [{
|
||||
static_configs = [{
|
||||
targets = cfg2.alertmanagerURL;
|
||||
}];
|
||||
}];
|
||||
alerting = {
|
||||
inherit (cfg2) alertmanagers;
|
||||
};
|
||||
};
|
||||
|
||||
@ -738,11 +734,23 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
alertmanagerURL = mkOption {
|
||||
type = types.listOf types.str;
|
||||
alertmanagers = mkOption {
|
||||
type = types.listOf types.attrs;
|
||||
example = literalExample ''
|
||||
[ {
|
||||
scheme = "https";
|
||||
path_prefix = "/alertmanager";
|
||||
static_configs = [ {
|
||||
targets = [
|
||||
"prometheus.domain.tld"
|
||||
];
|
||||
} ];
|
||||
} ]
|
||||
'';
|
||||
default = [];
|
||||
description = ''
|
||||
List of Alertmanager URLs to send notifications to.
|
||||
A list of alertmanagers to send alerts to.
|
||||
See <link xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config">the official documentation</link> for more information.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -28,10 +28,12 @@ let
|
||||
"dovecot"
|
||||
"fritzbox"
|
||||
"json"
|
||||
"mail"
|
||||
"minio"
|
||||
"nginx"
|
||||
"node"
|
||||
"postfix"
|
||||
"postgres"
|
||||
"snmp"
|
||||
"surfboard"
|
||||
"tor"
|
||||
@ -86,7 +88,7 @@ let
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "nobody";
|
||||
default = "${name}-exporter";
|
||||
description = ''
|
||||
User name under which the ${name} exporter shall be run.
|
||||
Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
|
||||
@ -94,7 +96,7 @@ let
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "nobody";
|
||||
default = "${name}-exporter";
|
||||
description = ''
|
||||
Group under which the ${name} exporter shall be run.
|
||||
Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
|
||||
@ -125,8 +127,23 @@ let
|
||||
);
|
||||
|
||||
mkExporterConf = { name, conf, serviceOpts }:
|
||||
let
|
||||
enableDynamicUser = serviceOpts.serviceConfig.DynamicUser or true;
|
||||
in
|
||||
mkIf conf.enable {
|
||||
warnings = conf.warnings or [];
|
||||
users.users = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) {
|
||||
"${name}-exporter" = {
|
||||
description = ''
|
||||
Prometheus ${name} exporter service user
|
||||
'';
|
||||
isSystemUser = true;
|
||||
inherit (conf) group;
|
||||
};
|
||||
});
|
||||
users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) {
|
||||
"${name}-exporter" = {};
|
||||
});
|
||||
networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [
|
||||
"ip46tables -A nixos-fw ${conf.firewallFilter} "
|
||||
"-m comment --comment ${name}-exporter -j nixos-fw-accept"
|
||||
@ -137,7 +154,8 @@ let
|
||||
serviceConfig.Restart = mkDefault "always";
|
||||
serviceConfig.PrivateTmp = mkDefault true;
|
||||
serviceConfig.WorkingDirectory = mkDefault /tmp;
|
||||
} serviceOpts ] ++ optional (!(serviceOpts.serviceConfig.DynamicUser or false)) {
|
||||
serviceConfig.DynamicUser = mkDefault enableDynamicUser;
|
||||
} serviceOpts ] ++ optional (!enableDynamicUser) {
|
||||
serviceConfig.User = conf.user;
|
||||
serviceConfig.Group = conf.group;
|
||||
});
|
||||
@ -162,13 +180,19 @@ in
|
||||
};
|
||||
|
||||
config = mkMerge ([{
|
||||
assertions = [{
|
||||
assertions = [ {
|
||||
assertion = (cfg.snmp.configurationPath == null) != (cfg.snmp.configuration == null);
|
||||
message = ''
|
||||
Please ensure you have either `services.prometheus.exporters.snmp.configuration'
|
||||
or `services.prometheus.exporters.snmp.configurationPath' set!
|
||||
'';
|
||||
}];
|
||||
} {
|
||||
assertion = (cfg.mail.configFile == null) != (cfg.mail.configuration == {});
|
||||
message = ''
|
||||
Please specify either 'services.prometheus.exporters.mail.configuration'
|
||||
or 'services.prometheus.exporters.mail.configFile'.
|
||||
'';
|
||||
} ];
|
||||
}] ++ [(mkIf config.services.minio.enable {
|
||||
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";
|
||||
services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey;
|
||||
|
@ -159,8 +159,10 @@ in
|
||||
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
|
||||
# has to be specified here. This will be merged with the default
|
||||
# service confiuration.
|
||||
# Note that by default 'DynamicUser' is 'true'.
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = false;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -39,7 +39,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-bind-exporter}/bin/bind_exporter \
|
||||
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -4,6 +4,13 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.blackbox;
|
||||
|
||||
checkConfig = file: pkgs.runCommand "checked-blackbox-exporter.conf" {
|
||||
preferLocalBuild = true;
|
||||
buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; } ''
|
||||
ln -s ${file} $out
|
||||
blackbox_exporter --config.check --config.file $out
|
||||
'';
|
||||
in
|
||||
{
|
||||
port = 9115;
|
||||
@ -18,11 +25,10 @@ in
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--config.file ${cfg.configFile} \
|
||||
--config.file ${checkConfig cfg.configFile} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
|
@ -64,7 +64,6 @@ in
|
||||
'' else "";
|
||||
in {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \
|
||||
-log.format ${cfg.logFormat} \
|
||||
|
@ -26,7 +26,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-dnsmasq-exporter}/bin/dnsmasq_exporter \
|
||||
--listen ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -39,8 +39,8 @@ in
|
||||
mail_plugins = $mail_plugins old_stats
|
||||
service old-stats {
|
||||
unix_listener old-stats {
|
||||
user = nobody
|
||||
group = nobody
|
||||
user = dovecot-exporter
|
||||
group = dovecot-exporter
|
||||
}
|
||||
}
|
||||
''';
|
||||
@ -59,6 +59,7 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = false;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -26,7 +26,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-fritzbox-exporter}/bin/exporter \
|
||||
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -24,7 +24,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \
|
||||
--port ${toString cfg.port} \
|
||||
|
157
nixos/modules/services/monitoring/prometheus/exporters/mail.nix
Normal file
157
nixos/modules/services/monitoring/prometheus/exporters/mail.nix
Normal file
@ -0,0 +1,157 @@
|
||||
{ config, lib, pkgs, options }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.mail;
|
||||
|
||||
configurationFile = pkgs.writeText "prometheus-mail-exporter.conf" (builtins.toJSON (
|
||||
# removes the _module attribute, null values and converts attrNames to lowercase
|
||||
mapAttrs' (name: value:
|
||||
if name == "servers"
|
||||
then nameValuePair (toLower name)
|
||||
((map (srv: (mapAttrs' (n: v: nameValuePair (toLower n) v)
|
||||
(filterAttrs (n: v: !(n == "_module" || v == null)) srv)
|
||||
))) value)
|
||||
else nameValuePair (toLower name) value
|
||||
) (filterAttrs (n: _: !(n == "_module")) cfg.configuration)
|
||||
));
|
||||
|
||||
serverOptions.options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Value for label 'configname' which will be added to all metrics.
|
||||
'';
|
||||
};
|
||||
server = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Hostname of the server that should be probed.
|
||||
'';
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
example = 587;
|
||||
description = ''
|
||||
Port to use for SMTP.
|
||||
'';
|
||||
};
|
||||
from = mkOption {
|
||||
type = types.str;
|
||||
example = "exporteruser@domain.tld";
|
||||
description = ''
|
||||
Content of 'From' Header for probing mails.
|
||||
'';
|
||||
};
|
||||
to = mkOption {
|
||||
type = types.str;
|
||||
example = "exporteruser@domain.tld";
|
||||
description = ''
|
||||
Content of 'To' Header for probing mails.
|
||||
'';
|
||||
};
|
||||
detectionDir = mkOption {
|
||||
type = types.path;
|
||||
example = "/var/spool/mail/exporteruser/new";
|
||||
description = ''
|
||||
Directory in which new mails for the exporter user are placed.
|
||||
Note that this needs to exist when the exporter starts.
|
||||
'';
|
||||
};
|
||||
login = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "exporteruser@domain.tld";
|
||||
description = ''
|
||||
Username to use for SMTP authentication.
|
||||
'';
|
||||
};
|
||||
passphrase = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password to use for SMTP authentication.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
exporterOptions.options = {
|
||||
monitoringInterval = mkOption {
|
||||
type = types.str;
|
||||
example = "10s";
|
||||
description = ''
|
||||
Time interval between two probe attempts.
|
||||
'';
|
||||
};
|
||||
mailCheckTimeout = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Timeout until mails are considered "didn't make it".
|
||||
'';
|
||||
};
|
||||
disableFileDelition = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Disables the exporter's function to delete probing mails.
|
||||
'';
|
||||
};
|
||||
servers = mkOption {
|
||||
type = types.listOf (types.submodule serverOptions);
|
||||
default = [];
|
||||
example = literalExample ''
|
||||
[ {
|
||||
name = "testserver";
|
||||
server = "smtp.domain.tld";
|
||||
port = 587;
|
||||
from = "exporteruser@domain.tld";
|
||||
to = "exporteruser@domain.tld";
|
||||
detectionDir = "/path/to/Maildir/new";
|
||||
} ]
|
||||
'';
|
||||
description = ''
|
||||
List of servers that should be probed.
|
||||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
port = 9225;
|
||||
extraOpts = {
|
||||
configFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Specify the mailexporter configuration file to use.
|
||||
'';
|
||||
};
|
||||
configuration = mkOption {
|
||||
type = types.submodule exporterOptions;
|
||||
default = {};
|
||||
description = ''
|
||||
Specify the mailexporter configuration file to use.
|
||||
'';
|
||||
};
|
||||
telemetryPath = mkOption {
|
||||
type = types.str;
|
||||
default = "/metrics";
|
||||
description = ''
|
||||
Path under which to expose metrics.
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = false;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-mail-exporter}/bin/mailexporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--config.file ${
|
||||
if cfg.configuration != {} then configurationFile else cfg.configFile
|
||||
} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -50,7 +50,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-minio-exporter}/bin/minio-exporter \
|
||||
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -34,7 +34,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-nginx-exporter}/bin/nginx-prometheus-exporter \
|
||||
--nginx.scrape-uri '${cfg.scrapeUri}' \
|
||||
|
@ -27,6 +27,7 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = false;
|
||||
RuntimeDirectory = "prometheus-node-exporter";
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-node-exporter}/bin/node_exporter \
|
||||
|
@ -62,6 +62,7 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = false;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -0,0 +1,47 @@
|
||||
{ config, lib, pkgs, options }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.postgres;
|
||||
in
|
||||
{
|
||||
port = 9187;
|
||||
extraOpts = {
|
||||
telemetryPath = mkOption {
|
||||
type = types.str;
|
||||
default = "/metrics";
|
||||
description = ''
|
||||
Path under which to expose metrics.
|
||||
'';
|
||||
};
|
||||
dataSourceName = mkOption {
|
||||
type = types.str;
|
||||
default = "user=postgres database=postgres host=/run/postgresql sslmode=disable";
|
||||
example = "postgresql://username:password@localhost:5432/postgres?sslmode=disable";
|
||||
description = ''
|
||||
Accepts PostgreSQL URI form and key=value form arguments.
|
||||
'';
|
||||
};
|
||||
runAsLocalSuperUser = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run the exporter as the local 'postgres' super user.
|
||||
'';
|
||||
};
|
||||
};
|
||||
serviceOpts = {
|
||||
environment.DATA_SOURCE_NAME = cfg.dataSourceName;
|
||||
serviceConfig = {
|
||||
DynamicUser = false;
|
||||
User = mkIf cfg.runAsLocalSuperUser (mkForce "postgres");
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-postgres-exporter}/bin/postgres_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--web.telemetry-path ${cfg.telemetryPath} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -57,7 +57,6 @@ in
|
||||
else "${pkgs.writeText "snmp-eporter-conf.yml" (builtins.toJSON cfg.configuration)}";
|
||||
in {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \
|
||||
--config.file=${configFile} \
|
||||
|
@ -20,7 +20,6 @@ in
|
||||
description = "Prometheus exporter for surfboard cable modem";
|
||||
unitConfig.Documentation = "https://github.com/ipstatic/surfboard_exporter";
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-surfboard-exporter}/bin/surfboard_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
@ -26,7 +26,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-tor-exporter}/bin/prometheus-tor-exporter \
|
||||
-b ${cfg.listenAddress} \
|
||||
|
@ -51,7 +51,6 @@ in
|
||||
};
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \
|
||||
-telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user