diff options
author | Peter Hoeg <peter@hoeg.com> | 2018-10-05 10:08:56 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-05 10:08:56 +0800 |
commit | c81d370bb96a834f176f5ded3eb3a56d19b07426 (patch) | |
tree | 7325df02c333ebf602d9553e7176f6baac82852d /nixos/modules | |
parent | 4dada63a174331151251cf8be093cd8fcdf28c12 (diff) | |
parent | 8a4a732e997201bc02d4b5b16756e81b83df797e (diff) | |
download | nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.tar nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.tar.gz nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.tar.bz2 nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.tar.lz nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.tar.xz nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.tar.zst nixlib-c81d370bb96a834f176f5ded3eb3a56d19b07426.zip |
Merge branch 'master' into f/activation
Diffstat (limited to 'nixos/modules')
27 files changed, 793 insertions, 78 deletions
diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index b371af353cf9..46d06d71333a 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -129,17 +129,17 @@ in message = "Option driSupport32Bit only makes sense on a 64-bit system."; }; - system.activationScripts.setup-opengl = - '' - ln -sfn ${package} /run/opengl-driver - ${if pkgs.stdenv.isi686 then '' - ln -sfn opengl-driver /run/opengl-driver-32 - '' else if cfg.driSupport32Bit then '' - ln -sfn ${package32} /run/opengl-driver-32 - '' else '' - rm -f /run/opengl-driver-32 - ''} - ''; + systemd.tmpfiles.rules = [ + "L+ /run/opengl-driver - - - - ${package}" + ( + if pkgs.stdenv.isi686 then + "L+ /run/opengl-driver-32 - - - - opengl-driver" + else if cfg.driSupport32Bit then + "L+ /run/opengl-driver-32 - - - - ${package32}" + else + "r /run/opengl-driver-32" + ) + ]; environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ] ++ optional cfg.driSupport32Bit "/run/opengl-driver-32/lib"; diff --git a/nixos/modules/hardware/steam-hardware.nix b/nixos/modules/hardware/steam-hardware.nix new file mode 100644 index 000000000000..378aeffe71b5 --- /dev/null +++ b/nixos/modules/hardware/steam-hardware.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.hardware.steam-hardware; + +in + +{ + options.hardware.steam-hardware = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive"; + }; + }; + + config = mkIf cfg.enable { + services.udev.packages = [ + pkgs.steamPackages.steam + ]; + }; +} diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index eb1952280331..6944d1a4f76b 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -26,9 +26,73 @@ let nvidia_libs32 = (nvidiaForKernel pkgs_i686.linuxPackages).override { libsOnly = true; kernel = null; }; enabled = nvidia_x11 != null; + + cfg = config.hardware.nvidia; + optimusCfg = cfg.optimus_prime; in { + options = { + hardware.nvidia.modesetting.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable kernel modesetting when using the NVIDIA proprietary driver. + + Enabling this fixes screen tearing when using Optimus via PRIME (see + <option>hardware.nvidia.optimus_prime.enable</option>. This is not enabled + by default because it is not officially supported by NVIDIA and would not + work with SLI. + ''; + }; + + hardware.nvidia.optimus_prime.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. + If enabled, the NVIDIA GPU will be always on and used for all rendering, + while enabling output to displays attached only to the integrated Intel GPU + without a multiplexer. + + Note that this option only has any effect if the "nvidia" driver is specified + in <option>services.xserver.videoDrivers</option>, and it should preferably + be the only driver there. + + If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be + specified (<option>hardware.nvidia.optimus_prime.nvidiaBusId</option> and + <option>hardware.nvidia.optimus_prime.intelBusId</option>). + + If you enable this, you may want to also enable kernel modesetting for the + NVIDIA driver (<option>hardware.nvidia.modesetting.enable</option>) in order + to prevent tearing. + + Note that this configuration will only be successful when a display manager + for which the <option>services.xserver.displayManager.setupCommands</option> + option is supported is used; notably, SLiM is not supported. + ''; + }; + + hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption { + type = lib.types.string; + default = ""; + example = "PCI:1:0:0"; + description = '' + Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci + shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0". + ''; + }; + + hardware.nvidia.optimus_prime.intelBusId = lib.mkOption { + type = lib.types.string; + default = ""; + example = "PCI:0:2:0"; + description = '' + Bus ID of the Intel GPU. You can find it using lspci; for example if lspci + shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0". + ''; + }; + }; config = mkIf enabled { assertions = [ @@ -36,16 +100,62 @@ in assertion = config.services.xserver.displayManager.gdm.wayland; message = "NVidia drivers don't support wayland"; } + { + assertion = !optimusCfg.enable || + (optimusCfg.nvidiaBusId != "" && optimusCfg.intelBusId != ""); + message = '' + When NVIDIA Optimus via PRIME is enabled, the GPU bus IDs must configured. + ''; + } ]; - services.xserver.drivers = singleton - { name = "nvidia"; modules = [ nvidia_x11.bin ]; libPath = [ nvidia_x11 ]; }; + # If Optimus/PRIME is enabled, we: + # - Specify the configured NVIDIA GPU bus ID in the Device section for the + # "nvidia" driver. + # - Add the AllowEmptyInitialConfiguration option to the Screen section for the + # "nvidia" driver, in order to allow the X server to start without any outputs. + # - Add a separate Device section for the Intel GPU, using the "modesetting" + # driver and with the configured BusID. + # - Reference that Device section from the ServerLayout section as an inactive + # device. + # - Configure the display manager to run specific `xrandr` commands which will + # configure/enable displays connected to the Intel GPU. + + services.xserver.drivers = singleton { + name = "nvidia"; + modules = [ nvidia_x11.bin ]; + libPath = [ nvidia_x11 ]; + deviceSection = optionalString optimusCfg.enable + '' + BusID "${optimusCfg.nvidiaBusId}" + ''; + screenSection = + '' + Option "RandRRotation" "on" + ${optionalString optimusCfg.enable "Option \"AllowEmptyInitialConfiguration\""} + ''; + }; - services.xserver.screenSection = + services.xserver.extraConfig = optionalString optimusCfg.enable + '' + Section "Device" + Identifier "nvidia-optimus-intel" + Driver "modesetting" + BusID "${optimusCfg.intelBusId}" + Option "AccelMethod" "none" + EndSection + ''; + services.xserver.serverLayoutSection = optionalString optimusCfg.enable '' - Option "RandRRotation" "on" + Inactive "nvidia-optimus-intel" ''; + services.xserver.displayManager.setupCommands = optionalString optimusCfg.enable '' + # Added by nvidia configuration module for Optimus/PRIME. + ${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource modesetting NVIDIA-0 + ${pkgs.xorg.xrandr}/bin/xrandr --auto + ''; + environment.etc."nvidia/nvidia-application-profiles-rc" = mkIf nvidia_x11.useProfiles { source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc"; }; @@ -62,6 +172,8 @@ in boot.kernelModules = [ "nvidia-uvm" ] ++ lib.optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ]; + # If requested enable modesetting via kernel parameter. + boot.kernelParams = optional cfg.modesetting.enable "nvidia-drm.modeset=1"; # Create /dev/nvidia-uvm when the nvidia-uvm module is loaded. services.udev.extraRules = diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix index adde237c07c9..1cfc8ff8612e 100644 --- a/nixos/modules/installer/tools/nix-fallback-paths.nix +++ b/nixos/modules/installer/tools/nix-fallback-paths.nix @@ -1,6 +1,6 @@ { - x86_64-linux = "/nix/store/mxg4bbblxfns96yrz0nalxyiyjl7gj98-nix-2.1.2"; - i686-linux = "/nix/store/bgjgmbwirx63mwwychpikd7yc4k4lbjv-nix-2.1.2"; - aarch64-linux = "/nix/store/yi18azn4nwrcwvaiag04jnxc1qs38fy5-nix-2.1.2"; - x86_64-darwin = "/nix/store/fpivmcck2qpw5plrp599iraw2x9jp18k-nix-2.1.2"; + x86_64-linux = "/nix/store/cdcia67siabmj6li7vyffgv2cry86fq8-nix-2.1.3"; + i686-linux = "/nix/store/6q3xi6y5qnsv7d62b8n00hqfxi8rs2xs-nix-2.1.3"; + aarch64-linux = "/nix/store/2v93d0vimlm28jg0ms6v1i6lc0fq13pn-nix-2.1.3"; + x86_64-darwin = "/nix/store/dkjlfkrknmxbjmpfk3dg4q3nmb7m3zvk-nix-2.1.3"; } diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 359caad89a72..b70faa380e54 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -277,8 +277,7 @@ if ($virt eq "qemu" || $virt eq "kvm" || $virt eq "bochs") { # Also for Hyper-V. if ($virt eq "microsoft") { - push @initrdAvailableKernelModules, "hv_storvsc"; - $videoDriver = "fbdev"; + push @attrs, "virtualisation.hypervGuest.enable = true;" } diff --git a/nixos/modules/installer/tools/nixos-option.sh b/nixos/modules/installer/tools/nixos-option.sh index 3f1e591b97b0..327e3e6989f7 100644 --- a/nixos/modules/installer/tools/nixos-option.sh +++ b/nixos/modules/installer/tools/nixos-option.sh @@ -82,7 +82,7 @@ evalNix(){ set -e if test $exit_code -eq 0; then - cat <<EOF + sed '/^warning: Nix search path/d' <<EOF $result EOF return 0; @@ -90,7 +90,7 @@ EOF sed -n ' /^error/ { s/, at (string):[0-9]*:[0-9]*//; p; }; /^warning: Nix search path/ { p; }; -' <<EOF +' >&2 <<EOF $result EOF exit_code=1 diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f4c7cf601bf1..af630178a919 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -46,6 +46,7 @@ ./hardware/opengl.nix ./hardware/pcmcia.nix ./hardware/raid/hpsa.nix + ./hardware/steam-hardware.nix ./hardware/usb-wwan.nix ./hardware/onlykey.nix ./hardware/video/amdgpu.nix @@ -689,6 +690,7 @@ ./services/web-apps/codimd.nix ./services/web-apps/frab.nix ./services/web-apps/mattermost.nix + ./services/web-apps/nextcloud.nix ./services/web-apps/nexus.nix ./services/web-apps/pgpkeyserver-lite.nix ./services/web-apps/matomo.nix diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index bef10b4fe614..926c6d77d3bb 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -548,6 +548,13 @@ in environment.etc = mapAttrsToList (n: v: makePAMService v) config.security.pam.services; + systemd.tmpfiles.rules = optionals + (any (s: s.updateWtmp) (attrValues config.security.pam.services)) + [ + "f /var/log/wtmp" + "f /var/log/lastlog" + ]; + security.pam.services = { other.text = '' diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index 04685f2c9ea1..7f1de81d5b70 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -88,11 +88,11 @@ in "polkit-agent-helper-1".source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1"; }; - system.activationScripts.polkit = - '' - # Probably no more needed, clean up - rm -rf /var/lib/{polkit-1,PolicyKit} - ''; + systemd.tmpfiles.rules = [ + # Probably no more needed, clean up + "R /var/lib/polkit-1" + "R /var/lib/PolicyKit" + ]; users.users.polkituser = { description = "PolKit daemon"; diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix index 392a8d5c2e7c..46e3b7457610 100644 --- a/nixos/modules/services/networking/bitlbee.nix +++ b/nixos/modules/services/networking/bitlbee.nix @@ -7,9 +7,10 @@ let cfg = config.services.bitlbee; bitlbeeUid = config.ids.uids.bitlbee; - bitlbeePkg = if cfg.libpurple_plugins == [] - then pkgs.bitlbee - else pkgs.bitlbee.override { enableLibPurple = true; }; + bitlbeePkg = pkgs.bitlbee.override { + enableLibPurple = cfg.libpurple_plugins != []; + enablePam = cfg.authBackend == "pam"; + }; bitlbeeConfig = pkgs.writeText "bitlbee.conf" '' @@ -20,6 +21,7 @@ let DaemonInterface = ${cfg.interface} DaemonPort = ${toString cfg.portNumber} AuthMode = ${cfg.authMode} + AuthBackend = ${cfg.authBackend} Plugindir = ${pkgs.bitlbee-plugins cfg.plugins}/lib/bitlbee ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"} ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"} @@ -70,6 +72,16 @@ in ''; }; + authBackend = mkOption { + default = "storage"; + type = types.enum [ "storage" "pam" ]; + description = '' + How users are authenticated + storage -- save passwords internally + pam -- Linux PAM authentication + ''; + }; + authMode = mkOption { default = "Open"; type = types.enum [ "Open" "Closed" "Registered" ]; @@ -147,23 +159,22 @@ in ###### implementation - config = mkIf config.services.bitlbee.enable { - - users.users = singleton - { name = "bitlbee"; + config = mkMerge [ + (mkIf config.services.bitlbee.enable { + users.users = singleton { + name = "bitlbee"; uid = bitlbeeUid; description = "BitlBee user"; home = "/var/lib/bitlbee"; createHome = true; }; - users.groups = singleton - { name = "bitlbee"; + users.groups = singleton { + name = "bitlbee"; gid = config.ids.gids.bitlbee; }; - systemd.services.bitlbee = - { + systemd.services.bitlbee = { environment.PURPLE_PLUGIN_PATH = purple_plugin_path; description = "BitlBee IRC to other chat networks gateway"; after = [ "network.target" ]; @@ -172,8 +183,12 @@ in serviceConfig.ExecStart = "${bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}"; }; - environment.systemPackages = [ bitlbeePkg ]; + environment.systemPackages = [ bitlbeePkg ]; - }; + }) + (mkIf (config.services.bitlbee.authBackend == "pam") { + security.pam.services.bitlbee = {}; + }) + ]; } diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix index 9ad0095252de..04b433f8f2bf 100644 --- a/nixos/modules/services/security/clamav.nix +++ b/nixos/modules/services/security/clamav.nix @@ -95,7 +95,7 @@ in environment.etc."clamav/freshclam.conf".source = freshclamConfigFile; environment.etc."clamav/clamd.conf".source = clamdConfigFile; - systemd.services.clamav-daemon = optionalAttrs cfg.daemon.enable { + systemd.services.clamav-daemon = mkIf cfg.daemon.enable { description = "ClamAV daemon (clamd)"; after = optional cfg.updater.enable "clamav-freshclam.service"; requires = optional cfg.updater.enable "clamav-freshclam.service"; @@ -116,7 +116,7 @@ in }; }; - systemd.timers.clamav-freshclam = optionalAttrs cfg.updater.enable { + systemd.timers.clamav-freshclam = mkIf cfg.updater.enable { description = "Timer for ClamAV virus database updater (freshclam)"; wantedBy = [ "timers.target" ]; timerConfig = { @@ -125,7 +125,7 @@ in }; }; - systemd.services.clamav-freshclam = optionalAttrs cfg.updater.enable { + systemd.services.clamav-freshclam = mkIf cfg.updater.enable { description = "ClamAV virus database updater (freshclam)"; restartTriggers = [ freshclamConfigFile ]; @@ -137,6 +137,7 @@ in serviceConfig = { Type = "oneshot"; ExecStart = "${pkg}/bin/freshclam"; + SuccessExitStatus = "1"; # if databases are up to date PrivateTmp = "yes"; PrivateDevices = "yes"; }; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix new file mode 100644 index 000000000000..44c3df1d057b --- /dev/null +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -0,0 +1,463 @@ +{ config, lib, pkgs, ... }@args: + +with lib; + +let + cfg = config.services.nextcloud; + + toKeyValue = generators.toKeyValue { + mkKeyValue = generators.mkKeyValueDefault {} " = "; + }; + + phpOptionsExtensions = '' + ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} + ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} + ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} + zend_extension = opcache.so + opcache.enable = 1 + ''; + phpOptions = { + upload_max_filesize = cfg.maxUploadSize; + post_max_size = cfg.maxUploadSize; + memory_limit = cfg.maxUploadSize; + } // cfg.phpOptions; + phpOptionsStr = phpOptionsExtensions + (toKeyValue phpOptions); + + occ = pkgs.writeScriptBin "nextcloud-occ" '' + #! ${pkgs.stdenv.shell} + cd ${pkgs.nextcloud} + exec /run/wrappers/bin/sudo -u nextcloud \ + NEXTCLOUD_CONFIG_DIR="${cfg.home}/config" \ + ${config.services.phpfpm.phpPackage}/bin/php \ + -c ${pkgs.writeText "php.ini" phpOptionsStr}\ + occ $* + ''; + +in { + options.services.nextcloud = { + enable = mkEnableOption "nextcloud"; + hostName = mkOption { + type = types.str; + description = "FQDN for the nextcloud instance."; + }; + home = mkOption { + type = types.str; + default = "/var/lib/nextcloud"; + description = "Storage path of nextcloud."; + }; + https = mkOption { + type = types.bool; + default = false; + description = "Enable if there is a TLS terminating proxy in front of nextcloud."; + }; + + maxUploadSize = mkOption { + default = "512M"; + type = types.str; + description = '' + Defines the upload limit for files. This changes the relevant options + in php.ini and nginx if enabled. + ''; + }; + + skeletonDirectory = mkOption { + default = ""; + type = types.str; + description = '' + The directory where the skeleton files are located. These files will be + copied to the data directory of new users. Leave empty to not copy any + skeleton files. + ''; + }; + + nginx.enable = mkEnableOption "nginx vhost management"; + + webfinger = mkOption { + type = types.bool; + default = false; + description = '' + Enable this option if you plan on using the webfinger plugin. + The appropriate nginx rewrite rules will be added to your configuration. + ''; + }; + + phpPackages = mkOption { + type = types.attrs; + default = pkgs.php71Packages; + defaultText = "pkgs.php71Packages"; + description = '' + Overridable attribute of the PHP packages set to use. If any caching + module is enabled, it will be taken from here. Therefore it should + match the version of PHP given to + <literal>services.phpfpm.phpPackage</literal>. + ''; + }; + + phpOptions = mkOption { + type = types.attrsOf types.str; + default = { + "short_open_tag" = "Off"; + "expose_php" = "Off"; + "error_reporting" = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; + "display_errors" = "stderr"; + "opcache.enable_cli" = "1"; + "opcache.interned_strings_buffer" = "8"; + "opcache.max_accelerated_files" = "10000"; + "opcache.memory_consumption" = "128"; + "opcache.revalidate_freq" = "1"; + "opcache.fast_shutdown" = "1"; + "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; + "catch_workers_output" = "yes"; + }; + description = '' + Options for PHP's php.ini file for nextcloud. + ''; + }; + + config = { + dbtype = mkOption { + type = types.enum [ "sqlite" "pgsql" "mysql" ]; + default = "sqlite"; + description = "Database type."; + }; + dbname = mkOption { + type = types.nullOr types.str; + default = "nextcloud"; + description = "Database name."; + }; + dbuser = mkOption { + type = types.nullOr types.str; + default = "nextcloud"; + description = "Database user."; + }; + dbpass = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Database password. Use <literal>dbpassFile</literal> to avoid this + being world-readable in the <literal>/nix/store</literal>. + ''; + }; + dbpassFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The full path to a file that contains the database password. + ''; + }; + dbhost = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host."; + }; + dbport = mkOption { + type = with types; nullOr (either int str); + default = null; + description = "Database port."; + }; + dbtableprefix = mkOption { + type = types.nullOr types.str; + default = null; + description = "Table prefix in Nextcloud database."; + }; + adminuser = mkOption { + type = types.str; + default = "root"; + description = "Admin username."; + }; + adminpass = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Database password. Use <literal>adminpassFile</literal> to avoid this + being world-readable in the <literal>/nix/store</literal>. + ''; + }; + adminpassFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The full path to a file that contains the admin's password. + ''; + }; + + extraTrustedDomains = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Trusted domains, from which the nextcloud installation will be + acessible. You don't need to add + <literal>services.nextcloud.hostname</literal> here. + ''; + }; + }; + + caching = { + apcu = mkOption { + type = types.bool; + default = true; + description = '' + Whether to load the APCu module into PHP. + ''; + }; + redis = mkOption { + type = types.bool; + default = false; + description = '' + Whether to load the Redis module into PHP. + You still need to enable Redis in your config.php. + See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html + ''; + }; + memcached = mkOption { + type = types.bool; + default = false; + description = '' + Whether to load the Memcached module into PHP. + You still need to enable Memcached in your config.php. + See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html + ''; + }; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { assertions = let acfg = cfg.config; in [ + { assertion = !(acfg.dbpass != null && acfg.dbpassFile != null); + message = "Please specify no more than one of dbpass or dbpassFile"; + } + { assertion = ((acfg.adminpass != null || acfg.adminpassFile != null) + && !(acfg.adminpass != null && acfg.adminpassFile != null)); + message = "Please specify exactly one of adminpass or adminpassFile"; + } + ]; + } + + { systemd.timers."nextcloud-cron" = { + wantedBy = [ "timers.target" ]; + timerConfig.OnBootSec = "5m"; + timerConfig.OnUnitActiveSec = "15m"; + timerConfig.Unit = "nextcloud-cron.service"; + }; + + systemd.services = { + "nextcloud-setup" = let + overrideConfig = pkgs.writeText "nextcloud-config.php" '' + <?php + $CONFIG = [ + 'apps_paths' => [ + [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], + [ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ], + ], + 'datadirectory' => '${cfg.home}/data', + 'skeletondirectory' => '${cfg.skeletonDirectory}', + ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} + 'log_type' => 'syslog', + ]; + ''; + occInstallCmd = let + c = cfg.config; + adminpass = if c.adminpassFile != null + then ''"$(<"${toString c.adminpassFile}")"'' + else ''"${toString c.adminpass}"''; + dbpass = if c.dbpassFile != null + then ''"$(<"${toString c.dbpassFile}")"'' + else if c.dbpass != null + then ''"${toString c.dbpass}"'' + else null; + installFlags = concatStringsSep " \\\n " + (mapAttrsToList (k: v: "${k} ${toString v}") { + "--database" = ''"${c.dbtype}"''; + # The following attributes are optional depending on the type of + # database. Those that evaluate to null on the left hand side + # will be omitted. + ${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"''; + ${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"''; + ${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"''; + ${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"''; + ${if (any (x: x != null) [c.dbpass c.dbpassFile]) + then "--database-pass" else null} = dbpass; + ${if c.dbtableprefix != null + then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"''; + "--admin-user" = ''"${c.adminuser}"''; + "--admin-pass" = adminpass; + "--data-dir" = ''"${cfg.home}/data"''; + }); + in '' + ${occ}/bin/nextcloud-occ maintenance:install \ + ${installFlags} + ''; + occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 + (i: v: '' + ${occ}/bin/nextcloud-occ config:system:set trusted_domains \ + ${toString i} --value="${toString v}" + '') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains)); + + in { + wantedBy = [ "multi-user.target" ]; + before = [ "phpfpm-nextcloud.service" ]; + script = '' + chmod og+x ${cfg.home} + ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/ + mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps + ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php + + chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps + + # Do not install if already installed + if [[ ! -e ${cfg.home}/config/config.php ]]; then + ${occInstallCmd} + fi + + ${occ}/bin/nextcloud-occ upgrade + + ${occ}/bin/nextcloud-occ config:system:delete trusted_domains + ${occSetTrustedDomainsCmd} + ''; + serviceConfig.Type = "oneshot"; + }; + "nextcloud-cron" = { + environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; + serviceConfig.Type = "oneshot"; + serviceConfig.User = "nextcloud"; + serviceConfig.ExecStart = "${pkgs.php}/bin/php -f ${pkgs.nextcloud}/cron.php"; + }; + }; + + services.phpfpm = { + phpOptions = phpOptionsExtensions; + phpPackage = pkgs.php71; + pools.nextcloud = let + phpAdminValues = (toKeyValue + (foldr (a: b: a // b) {} + (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) + phpOptions))); + in { + listen = "/run/phpfpm/nextcloud"; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + user = nextcloud + group = nginx + pm = dynamic + pm.max_children = 32 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 4 + env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config + env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin + ${phpAdminValues} + ''; + }; + }; + + users.extraUsers.nextcloud = { + home = "${cfg.home}"; + group = "nginx"; + createHome = true; + }; + + environment.systemPackages = [ occ ]; + } + + (mkIf cfg.nginx.enable { + services.nginx = { + enable = true; + virtualHosts = { + "${cfg.hostName}" = { + root = pkgs.nextcloud; + locations = { + "= /robots.txt" = { + priority = 100; + extraConfig = '' + allow all; + log_not_found off; + access_log off; + ''; + }; + "/" = { + priority = 200; + extraConfig = "rewrite ^ /index.php$uri;"; + }; + "~ ^/store-apps" = { + priority = 201; + extraConfig = "root ${cfg.home};"; + }; + "= /.well-known/carddav" = { + priority = 210; + extraConfig = "return 301 $scheme://$host/remote.php/dav;"; + }; + "= /.well-known/caldav" = { + priority = 210; + extraConfig = "return 301 $scheme://$host/remote.php/dav;"; + }; + "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/" = { + priority = 300; + extraConfig = "deny all;"; + }; + "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { + priority = 300; + extraConfig = "deny all;"; + }; + "~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\\.php(?:$|/)" = { + priority = 500; + extraConfig = '' + include ${pkgs.nginxMainline}/conf/fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS ${if cfg.https then "on" else "off"}; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/run/phpfpm/nextcloud; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 120s; + ''; + }; + "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + try_files $uri/ =404; + index index.php; + ''; + "~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + access_log off; + ''; + "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' + try_files $uri /index.php$uri$is_args$args; + access_log off; + ''; + }; + extraConfig = '' + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + client_max_body_size ${cfg.maxUploadSize}; + fastcgi_buffers 64 4K; + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + ${optionalString cfg.webfinger '' + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + ''} + ''; + }; + }; + }; + }) + ]); +} diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index b231ee5a3f01..508398f03ace 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -245,8 +245,8 @@ let } '' ) virtualHosts); - mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: '' - location ${location} { + mkLocations = locations: concatStringsSep "\n" (map (config: '' + location ${config.location} { ${optionalString (config.proxyPass != null && !cfg.proxyResolveWhileRunning) "proxy_pass ${config.proxyPass};" } @@ -266,7 +266,18 @@ let ${config.extraConfig} ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} } - '') locations); + '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); + mkBasicAuth = vhostName: authDef: let + htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" ( + concatStringsSep "\n" (mapAttrsToList (user: password: '' + ${user}:{PLAIN}${password} + '') authDef) + ); + in '' + auth_basic secured; + auth_basic_user_file ${htpasswdFile}; + ''; + mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" ( concatStringsSep "\n" (mapAttrsToList (user: password: '' ${user}:{PLAIN}${password} diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 4c772734a749..9b44433d3845 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -71,6 +71,16 @@ with lib; These lines go to the end of the location verbatim. ''; }; + + priority = mkOption { + type = types.int; + default = 1000; + description = '' + Order of this location block in relation to the others in the vhost. + The semantics are the same as with `lib.mkOrder`. Smaller values have + a greater priority. + ''; + }; }; } diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 706555921454..11c1aa4315a8 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -64,7 +64,7 @@ in }; security.wrappers = { - kcheckpass.source = "${lib.getBin plasma5.plasma-workspace}/lib/libexec/kcheckpass"; + kcheckpass.source = "${lib.getBin plasma5.kscreenlocker}/lib/libexec/kcheckpass"; "start_kdeinit".source = "${lib.getBin pkgs.kinit}/lib/libexec/kf5/start_kdeinit"; kwin_wayland = { source = "${lib.getBin plasma5.kwin}/bin/kwin_wayland"; diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 357fa8ce8f36..26b79730dd38 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -222,6 +222,17 @@ in description = "List of arguments for the X server."; }; + setupCommands = mkOption { + type = types.lines; + default = ""; + description = '' + Shell commands executed just after the X server has started. + + This option is only effective for display managers for which this feature + is supported; currently these are LightDM, GDM and SDDM. + ''; + }; + sessionCommands = mkOption { type = types.lines; default = ""; diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index a775dd0f0e04..6cc30b218f4a 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -7,6 +7,13 @@ let cfg = config.services.xserver.displayManager; gdm = pkgs.gnome3.gdm; + xSessionWrapper = if (cfg.setupCommands == "") then null else + pkgs.writeScript "gdm-x-session-wrapper" '' + #!${pkgs.bash}/bin/bash + ${cfg.setupCommands} + exec "$@" + ''; + in { @@ -112,6 +119,11 @@ in GDM_SESSIONS_DIR = "${cfg.session.desktops}/share/xsessions"; # Find the mouse XCURSOR_PATH = "~/.icons:${pkgs.gnome3.adwaita-icon-theme}/share/icons"; + } // optionalAttrs (xSessionWrapper != null) { + # Make GDM use this wrapper before running the session, which runs the + # configured setupCommands. This relies on a patched GDM which supports + # this environment variable. + GDM_X_SESSION_WRAPPER = "${xSessionWrapper}"; }; execCmd = "exec ${gdm}/bin/gdm"; }; @@ -142,7 +154,10 @@ in systemd.user.services.dbus.wantedBy = [ "default.target" ]; - programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm"; + programs.dconf.profiles.gdm = pkgs.writeText "dconf-gdm-profile" '' + system-db:local + ${gdm}/share/dconf/profile/gdm + ''; # Use AutomaticLogin if delay is zero, because it's immediate. # Otherwise with TimedLogin with zero seconds the prompt is still diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 8078b93a7574..16f1ddea1a75 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -46,6 +46,7 @@ let greeters-directory = ${cfg.greeter.package} ''} sessions-directory = ${dmcfg.session.desktops}/share/xsessions + ${cfg.extraConfig} [Seat:*] xserver-command = ${xserverWrapper} @@ -61,6 +62,12 @@ let ${optionalString hasDefaultUserSession '' user-session=${defaultSessionName} ''} + ${optionalString (dmcfg.setupCommands != "") '' + display-setup-script=${pkgs.writeScript "lightdm-display-setup" '' + #!${pkgs.bash}/bin/bash + ${dmcfg.setupCommands} + ''} + ''} ${cfg.extraSeatDefaults} ''; @@ -113,6 +120,15 @@ in }; }; + extraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + user-authority-in-system-dir = true + ''; + description = "Extra lines to append to LightDM section."; + }; + background = mkOption { type = types.str; default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png"; diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 2a9826177737..522a0dc92d6f 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -20,6 +20,7 @@ let Xsetup = pkgs.writeScript "Xsetup" '' #!/bin/sh ${cfg.setupScript} + ${dmcfg.setupCommands} ''; Xstop = pkgs.writeScript "Xstop" '' @@ -137,7 +138,8 @@ in xrandr --auto ''; description = '' - A script to execute when starting the display server. + A script to execute when starting the display server. DEPRECATED, please + use <option>services.xserver.displayManager.setupCommands</option>. ''; }; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 75bfeaac1fa3..297e36311656 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -374,6 +374,12 @@ in description = "Contents of the first Monitor section of the X server configuration file."; }; + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Additional contents (sections) included in the X server configuration file"; + }; + xrandrHeads = mkOption { default = []; example = [ @@ -754,6 +760,7 @@ in Driver "${driver.driverName or driver.name}" ${if cfg.useGlamor then ''Option "AccelMethod" "glamor"'' else ""} ${cfg.deviceSection} + ${driver.deviceSection or ""} ${xrandrDeviceSection} EndSection @@ -765,6 +772,7 @@ in ''} ${cfg.screenSection} + ${driver.screenSection or ""} ${optionalString (cfg.defaultDepth != 0) '' DefaultDepth ${toString cfg.defaultDepth} @@ -794,6 +802,8 @@ in '')} ${xrandrMonitorSections} + + ${cfg.extraConfig} ''; fonts.enableDefaultFonts = mkDefault true; diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 5a87a2ec7623..b1eaf0189562 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -174,14 +174,6 @@ in '' # Various log/runtime directories. - mkdir -m 0755 -p /run/nix/current-load # for distributed builds - mkdir -m 0700 -p /run/nix/remote-stores - - mkdir -m 0755 -p /var/log - - touch /var/log/wtmp /var/log/lastlog # must exist - chmod 644 /var/log/wtmp /var/log/lastlog - mkdir -m 1777 -p /var/tmp # Empty, immutable home directory of many system accounts. diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index a9824649e387..397b308b7311 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -419,8 +419,8 @@ while (my $f = <$listActiveUsers>) { my ($uid, $name) = ($+{uid}, $+{user}); print STDERR "reloading user units for $name...\n"; - system("su", "-s", "@shell@", "-l", $name, "-c", "XDG_RUNTIME_DIR=/run/user/$uid @systemd@/bin/systemctl --user daemon-reload"); - system("su", "-s", "@shell@", "-l", $name, "-c", "XDG_RUNTIME_DIR=/run/user/$uid @systemd@/bin/systemctl --user start nixos-activation.service"); + system("@su@", "-s", "@shell@", "-l", $name, "-c", "XDG_RUNTIME_DIR=/run/user/$uid @systemd@/bin/systemctl --user daemon-reload"); + system("@su@", "-s", "@shell@", "-l", $name, "-c", "XDG_RUNTIME_DIR=/run/user/$uid @systemd@/bin/systemctl --user start nixos-activation.service"); } close $listActiveUsers; diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 413543df88c6..a560af5ce96d 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -109,6 +109,7 @@ let inherit (pkgs) utillinux coreutils; systemd = config.systemd.package; shell = "${pkgs.bash}/bin/sh"; + su = "${pkgs.shadow.su}/bin/su"; inherit children; kernelParams = config.boot.kernelParams; diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 49764b75a557..03daafa1ce4f 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -152,6 +152,14 @@ ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system @shell@ @postBootCommands@ +# Ensure systemd doesn't try to populate /etc, by forcing its first-boot +# heuristic off. It doesn't matter what's in /etc/machine-id for this purpose, +# and systemd will immediately fill in the file when it starts, so just +# creating it is enough. This `: >>` pattern avoids forking and avoids changing +# the mtime if the file already exists. +: >> /etc/machine-id + + # Reset the logging file descriptors. exec 1>&$logOutFd 2>&$logErrFd exec {logOutFd}>&- {logErrFd}>&- diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix index 2cff25a8c854..5f2bec5c34ae 100644 --- a/nixos/modules/system/boot/systemd-unit-options.nix +++ b/nixos/modules/system/boot/systemd-unit-options.nix @@ -394,7 +394,7 @@ in rec { Each attribute in this set specifies an option in the <literal>[Timer]</literal> section of the unit. See <citerefentry><refentrytitle>systemd.timer</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> and + <manvolnum>5</manvolnum></citerefentry> and <citerefentry><refentrytitle>systemd.time</refentrytitle> <manvolnum>7</manvolnum></citerefentry> for details. ''; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 3ac4c02b61f5..a1412bc32904 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -747,6 +747,7 @@ in "systemd/journald.conf".text = '' [Journal] + Storage=persistent RateLimitInterval=${config.services.journald.rateLimitInterval} RateLimitBurst=${toString config.services.journald.rateLimitBurst} ${optionalString (config.services.journald.console != "") '' @@ -783,19 +784,6 @@ in services.dbus.enable = true; - system.activationScripts.systemd = stringAfter [ "groups" ] - '' - mkdir -m 0755 -p /var/lib/udev - - if ! [ -e /etc/machine-id ]; then - ${systemd}/bin/systemd-machine-id-setup - fi - - # Keep a persistent journal. Note that systemd-tmpfiles will - # set proper ownership/permissions. - mkdir -m 0700 -p /var/log/journal - ''; - users.users.systemd-network.uid = config.ids.uids.systemd-network; users.groups.systemd-network.gid = config.ids.gids.systemd-network; users.users.systemd-resolve.uid = config.ids.uids.systemd-resolve; diff --git a/nixos/modules/virtualisation/hyperv-guest.nix b/nixos/modules/virtualisation/hyperv-guest.nix index ecd2a8117710..0f1f052880c5 100644 --- a/nixos/modules/virtualisation/hyperv-guest.nix +++ b/nixos/modules/virtualisation/hyperv-guest.nix @@ -9,20 +9,47 @@ in { options = { virtualisation.hypervGuest = { enable = mkEnableOption "Hyper-V Guest Support"; + + videoMode = mkOption { + type = types.str; + default = "1152x864"; + example = "1024x768"; + description = '' + Resolution at which to initialize the video adapter. + + Supports screen resolution up to Full HD 1920x1080 with 32 bit color + on Windows Server 2012, and 1600x1200 with 16 bit color on Windows + Server 2008 R2 or earlier. + ''; + }; }; }; config = mkIf cfg.enable { + boot = { + initrd.kernelModules = [ + "hv_balloon" "hv_netvsc" "hv_storvsc" "hv_utils" "hv_vmbus" + ]; + + kernelParams = [ + "video=hyperv_fb:${cfg.videoMode}" + ]; + }; + environment.systemPackages = [ config.boot.kernelPackages.hyperv-daemons.bin ]; security.rngd.enable = false; - # enable hotadding memory + # enable hotadding cpu/memory services.udev.packages = lib.singleton (pkgs.writeTextFile { - name = "hyperv-memory-hotadd-udev-rules"; - destination = "/etc/udev/rules.d/99-hyperv-memory-hotadd.rules"; + name = "hyperv-cpu-and-memory-hotadd-udev-rules"; + destination = "/etc/udev/rules.d/99-hyperv-cpu-and-memory-hotadd.rules"; text = '' - ACTION="add", SUBSYSTEM=="memory", ATTR{state}="online" + # Memory hotadd + SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}="online" + + # CPU hotadd + SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}="1" ''; }); |