Merge remote-tracking branch 'upstream/master' into HEAD

5 files changed, 89 insertions, 6 deletions

diff --git a/nixos/modules/services/hardware/tlp.nix b/nixos/modules/services/hardware/tlp.nix
index 3b108c87edd2..68425822a884 100644
--- a/nixos/modules/services/hardware/tlp.nix
+++ b/nixos/modules/services/hardware/tlp.nix
@@ -57,6 +57,8 @@ in
     powerManagement.scsiLinkPolicy = null;
     powerManagement.cpuFreqGovernor = null;
 
+    systemd.sockets."systemd-rfkill".enable = false;
+
     systemd.services = {
       "systemd-rfkill@".enable = false;
       "systemd-rfkill".enable = false;
diff --git a/nixos/modules/services/networking/firefox/sync-server.nix b/nixos/modules/services/networking/firefox/sync-server.nix
index c1a14931429a..a9f3fd65d76b 100644
--- a/nixos/modules/services/networking/firefox/sync-server.nix
+++ b/nixos/modules/services/networking/firefox/sync-server.nix
@@ -4,6 +4,10 @@ with lib;
 
 let
   cfg = config.services.firefox.syncserver;
+
+  defaultDbLocation = "/var/db/firefox-sync-server/firefox-sync-server.db";
+  defaultSqlUri = "sqlite:///${defaultDbLocation}";
+
   syncServerIni = pkgs.writeText "syncserver.ini" ''
     [DEFAULT]
     overrides = ${cfg.privateConfig}
@@ -25,6 +29,7 @@ let
     backend = tokenserver.verifiers.LocalVerifier
     audiences = ${removeSuffix "/" cfg.publicUrl}
   '';
+
 in
 
 {
@@ -65,6 +70,18 @@ in
         '';
       };
 
+      user = mkOption {
+        type = types.str;
+        default = "syncserver";
+        description = "User account under which syncserver runs.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "syncserver";
+        description = "Group account under which syncserver runs.";
+      };
+
       publicUrl = mkOption {
         type = types.str;
         default = "http://localhost:5000/";
@@ -85,7 +102,7 @@ in
 
       sqlUri = mkOption {
         type = types.str;
-        default = "sqlite:////var/db/firefox-sync-server.db";
+        default = defaultSqlUri;
         example = "postgresql://scott:tiger@localhost/test";
         description = ''
           The location of the database. This URL is composed of
@@ -126,16 +143,45 @@ in
       description = "Firefox Sync Server";
       wantedBy = [ "multi-user.target" ];
       path = [ pkgs.coreutils syncServerEnv ];
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        PermissionsStartOnly = true;
+      };
+
       preStart = ''
         if ! test -e ${cfg.privateConfig}; then
-          umask u=rwx,g=x,o=x
-          mkdir -p $(dirname ${cfg.privateConfig})
+          mkdir -m 700 -p $(dirname ${cfg.privateConfig})
           echo  > ${cfg.privateConfig} '[syncserver]'
           echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
         fi
+        chown ${cfg.user}:${cfg.group} ${cfg.privateConfig}
+      '' + optionalString (cfg.sqlUri == defaultSqlUri) ''
+        if ! test -e $(dirname ${defaultDbLocation}); then
+          mkdir -m 700 -p $(dirname ${defaultDbLocation})
+          chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation})
+        fi
+        # Move previous database file if it exists
+        oldDb="/var/db/firefox-sync-server.db"
+        if test -f $oldDb; then
+          mv $oldDb ${defaultDbLocation}
+          chown ${cfg.user}:${cfg.group} ${defaultDbLocation}
+        fi
       '';
       serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}";
     };
 
+    users.extraUsers = optionalAttrs (cfg.user == "syncserver")
+      (singleton {
+        name = "syncserver";
+        group = cfg.group;
+        isSystemUser = true;
+      });
+
+    users.extraGroups = optionalAttrs (cfg.group == "syncserver")
+      (singleton {
+        name = "syncserver";
+      });
   };
 }
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix
index ee32a1c86d4d..d8efa24bc6d5 100644
--- a/nixos/modules/services/web-servers/caddy.nix
+++ b/nixos/modules/services/web-servers/caddy.nix
@@ -5,12 +5,22 @@ with lib;
 let
   cfg = config.services.caddy;
   configFile = pkgs.writeText "Caddyfile" cfg.config;
-in
-{
+in {
   options.services.caddy = {
     enable = mkEnableOption "Caddy web server";
 
     config = mkOption {
+      default = "";
+      example = ''
+        example.com {
+        gzip
+        minify
+        log syslog
+
+        root /srv/http
+        }
+      '';
+      type = types.lines;
       description = "Verbatim Caddyfile to use";
     };
 
diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix
index c207aab5de0a..4b57d9641f50 100644
--- a/nixos/modules/services/x11/desktop-managers/default.nix
+++ b/nixos/modules/services/x11/desktop-managers/default.nix
@@ -19,7 +19,7 @@ in
   # E.g., if Plasma 5 is enabled, it supersedes xterm.
   imports = [
     ./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix
-    ./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix
+    ./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix ./maxx.nix
   ];
 
   options = {
diff --git a/nixos/modules/services/x11/desktop-managers/maxx.nix b/nixos/modules/services/x11/desktop-managers/maxx.nix
new file mode 100644
index 000000000000..d7bd2fc5eb0c
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/maxx.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  xcfg = config.services.xserver;
+  cfg = xcfg.desktopManager.maxx;
+in {
+  options.services.xserver.desktopManager.maxx = {
+    enable = mkEnableOption "MaXX desktop environment";
+  };
+
+  config = mkIf (xcfg.enable && cfg.enable) {
+    environment.systemPackages = [ pkgs.maxx ];
+
+    services.xserver.desktopManager.session = [
+    { name = "MaXX";
+      start = ''
+        exec ${pkgs.maxx}/opt/MaXX/etc/skel/Xsession.dt
+      '';
+    }];
+  };
+
+  meta.maintainers = [ maintainers.gnidorah ];
+}