diff options
| author | Thomas Tuegel <ttuegel@secure.mailbox.org> | 2017-03-10 07:30:14 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-10 07:30:14 -0600 |
| commit | 64b88c3017089c55bbf7fb272696f62a4369a187 (patch) | |
| tree | 450ea7af379fe6405fc59fc9e7f98ccc9bdc48bc /nixos | |
| parent | edd43351cfa861a5e641a4c25666bbd3bc181f67 (diff) | |
| parent | 7dcc40b674e98ef9216262a969888ca9342728de (diff) | |
| download | nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.tar nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.tar.gz nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.tar.bz2 nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.tar.lz nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.tar.xz nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.tar.zst nixlib-64b88c3017089c55bbf7fb272696f62a4369a187.zip | |
Merge branch 'master' into phonon-gstreamer
Diffstat (limited to 'nixos')
42 files changed, 937 insertions, 402 deletions
diff --git a/nixos/default.nix b/nixos/default.nix index 5f3e2ae081cc..0e45a1cd75e2 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -37,7 +37,4 @@ in vm = vmConfig.system.build.vm; vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm; - - # The following are used by nixos-rebuild. - nixFallback = pkgs.nixUnstable.out; } diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index af6278e9c920..21c7a85e19cc 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -9,10 +9,10 @@ <para> To enable the Xfce Desktop Environment, set <programlisting> - services.xserver.desktopManager = { - xfce.enable = true; - default = "xfce"; - }; +services.xserver.desktopManager = { + xfce.enable = true; + default = "xfce"; +}; </programlisting> </para> @@ -20,13 +20,13 @@ Optionally, <emphasis>compton</emphasis> can be enabled for nice graphical effects, some example settings: <programlisting> - services.compton = { - enable = true; - fade = true; - inactiveOpacity = "0.9"; - shadow = true; - fadeDelta = 4; - }; +services.compton = { + enable = true; + fade = true; + inactiveOpacity = "0.9"; + shadow = true; + fadeDelta = 4; +}; </programlisting> </para> @@ -34,16 +34,16 @@ Some Xfce programs are not installed automatically. To install them manually (system wide), put them into your <literal>environment.systemPackages</literal>. - </para> + </para> <para> - NixOS’s default <emphasis>display manager</emphasis>is SLiM. - (DM is the program that provides a graphical login prompt - and manages the X server.) - You can, for example, select KDE’s + NixOS’s default <emphasis>display manager</emphasis> is SLiM. + (DM is the program that provides a graphical login prompt + and manages the X server.) + You can, for example, select KDE’s <command>sddm</command> instead: <programlisting> - services.xserver.displayManager.sddm.enable = true; +services.xserver.displayManager.sddm.enable = true; </programlisting> </para> @@ -55,7 +55,7 @@ <emphasis>Thunar</emphasis> volume support, put <programlisting> - services.xserver.desktopManager.xfce.enable = true; +services.xserver.desktopManager.xfce.enable = true; </programlisting> into your <emphasis>configuration.nix</emphasis>. </para> @@ -84,10 +84,10 @@ Thunar and/or the desktop takes time to show up. Thunar will spit out this kind of message on start - (look at journalctl --user -b). + (look at <command>journalctl --user -b</command>). <programlisting> - Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported +Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported </programlisting> This is caused by some needed GNOME services not running. @@ -95,7 +95,7 @@ the Advanced tab of the Session and Startup settings panel. Alternatively, you can run this command to do the same thing. <programlisting> - $ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true +$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true </programlisting> A log-out and re-log will be needed for this to take effect. </para> diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index f40b03ec9b99..fda46217144c 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -271,16 +271,6 @@ following incompatible changes:</para> </para> </listitem> - <listitem> - <para> - Modules can now be disabled by using <link - xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules"> - disabledModules</link>, allowing another to take it's place. This can be - used to import a set of modules from another channel while keeping the - rest of the system on a stable release. - </para> - </listitem> - </itemizedlist> diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index b99ce3964616..3705fd468f61 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -39,10 +39,17 @@ following incompatible changes:</para> <para>Other notable improvements:</para> <itemizedlist> + <listitem> <para> + Modules can now be disabled by using <link + xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules"> + disabledModules</link>, allowing another to take it's place. This can be + used to import a set of modules from another channel while keeping the + rest of the system on a stable release. </para> </listitem> + </itemizedlist> </section> diff --git a/nixos/modules/config/fonts/fontconfig-ultimate.nix b/nixos/modules/config/fonts/fontconfig-ultimate.nix index a3f52fbd9199..ed6429dda085 100644 --- a/nixos/modules/config/fonts/fontconfig-ultimate.nix +++ b/nixos/modules/config/fonts/fontconfig-ultimate.nix @@ -8,61 +8,6 @@ let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>"; latestVersion = pkgs.fontconfig.configVersion; - # fontconfig ultimate main configuration file - # priority 52 - fontconfigUltimateConf = pkgs.writeText "fc-52-fontconfig-ultimate.conf" '' - <?xml version="1.0"?> - <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> - <fontconfig> - - ${optionalString (!cfg.allowBitmaps) '' - <!-- Reject bitmap fonts --> - <selectfont> - <rejectfont> - <pattern> - <patelt name="scalable"><bool>false</bool></patelt> - </pattern> - </rejectfont> - </selectfont> - ''} - - ${optionalString cfg.allowType1 '' - <!-- Reject Type 1 fonts --> - <selectfont> - <rejectfont> - <pattern> - <patelt name="fontformat"> - <string>Type 1</string> - </patelt> - </pattern> - </rejectfont> - </selectfont> - ''} - - <!-- Use embedded bitmaps in fonts like Calibri? --> - <match target="font"> - <edit name="embeddedbitmap" mode="assign"> - ${fcBool cfg.useEmbeddedBitmaps} - </edit> - </match> - - <!-- Force autohint always --> - <match target="font"> - <edit name="force_autohint" mode="assign"> - ${fcBool cfg.forceAutohint} - </edit> - </match> - - <!-- Render some monospace TTF fonts as bitmaps --> - <match target="pattern"> - <edit name="bitmap_monospace" mode="assign"> - ${fcBool cfg.renderMonoTTFAsBitmap} - </edit> - </match> - - </fontconfig> - ''; - # The configuration to be included in /etc/font/ confPkg = pkgs.runCommand "font-ultimate-conf" {} '' support_folder=$out/etc/fonts/conf.d @@ -71,12 +16,6 @@ let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>"; mkdir -p $support_folder mkdir -p $latest_folder - # 52-fontconfig-ultimate.conf - ln -s ${fontconfigUltimateConf} \ - $support_folder/52-fontconfig-ultimate.conf - ln -s ${fontconfigUltimateConf} \ - $latest_folder/52-fontconfig-ultimate.conf - # fontconfig ultimate substitutions ${optionalString (cfg.substitutions != "none") '' ln -s ${pkgs.fontconfig-ultimate}/etc/fonts/presets/${cfg.substitutions}/*.conf \ @@ -113,45 +52,6 @@ in ''; }; - allowBitmaps = mkOption { - type = types.bool; - default = true; - description = '' - Allow bitmap fonts. Set to <literal>false</literal> to ban all - bitmap fonts. - ''; - }; - - allowType1 = mkOption { - type = types.bool; - default = false; - description = '' - Allow Type-1 fonts. Default is <literal>false</literal> because of - poor rendering. - ''; - }; - - useEmbeddedBitmaps = mkOption { - type = types.bool; - default = false; - description = ''Use embedded bitmaps in fonts like Calibri.''; - }; - - forceAutohint = mkOption { - type = types.bool; - default = false; - description = '' - Force use of the TrueType Autohinter. Useful for debugging or - free-software purists. - ''; - }; - - renderMonoTTFAsBitmap = mkOption { - type = types.bool; - default = false; - description = ''Render some monospace TTF fonts as bitmaps.''; - }; - substitutions = mkOption { type = types.nullOr (types.enum ["free" "combi" "ms"]); default = "free"; diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index 52ad1e714fb9..5648b7b1d027 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -41,11 +41,11 @@ let cfg = config.fonts.fontconfig; # priority 0 cacheConfSupport = makeCacheConf { version = supportVersion; }; cacheConfLatest = makeCacheConf {}; - + # generate the font cache setting file for a fontconfig version # use latest when no version is passed makeCacheConf = { version ? null }: - let + let fcPackage = if builtins.isNull version then "fontconfig" else "fontconfig_${version}"; @@ -104,6 +104,13 @@ let cfg = config.fonts.fontconfig; </match> ''} + <!-- Force autohint always --> + <match target="font"> + <edit name="force_autohint" mode="assign"> + ${fcBool cfg.forceAutohint} + </edit> + </match> + </fontconfig> ''; @@ -113,7 +120,7 @@ let cfg = config.fonts.fontconfig; # default fonts configuration file # priority 52 - defaultFontsConf = + defaultFontsConf = let genDefault = fonts: name: optionalString (fonts != []) '' <alias> @@ -142,7 +149,61 @@ let cfg = config.fonts.fontconfig; </fontconfig> ''; - # fontconfig configuration package + # bitmap font options + # priority 53 + rejectBitmaps = pkgs.writeText "fc-53-nixos-bitmaps.conf" '' + <?xml version="1.0"?> + <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + <fontconfig> + + ${optionalString (!cfg.allowBitmaps) '' + <!-- Reject bitmap fonts --> + <selectfont> + <rejectfont> + <pattern> + <patelt name="scalable"><bool>false</bool></patelt> + </pattern> + </rejectfont> + </selectfont> + ''} + + <!-- Use embedded bitmaps in fonts like Calibri? --> + <match target="font"> + <edit name="embeddedbitmap" mode="assign"> + ${fcBool cfg.useEmbeddedBitmaps} + </edit> + </match> + + <!-- Render some monospace TTF fonts as bitmaps --> + <match target="pattern"> + <edit name="bitmap_monospace" mode="assign"> + ${fcBool cfg.renderMonoTTFAsBitmap} + </edit> + </match> + + </fontconfig> + ''; + + # reject Type 1 fonts + # priority 53 + rejectType1 = pkgs.writeText "fc-53-nixos-reject-type1.conf" '' + <?xml version="1.0"?> + <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + <fontconfig> + + <!-- Reject Type 1 fonts --> + <selectfont> + <rejectfont> + <pattern> + <patelt name="fontformat"><string>Type 1</string></patelt> + </pattern> + </rejectfont> + </selectfont> + + </fontconfig> + ''; + + # fontconfig configuration package confPkg = pkgs.runCommand "fontconfig-conf" {} '' support_folder=$out/etc/fonts latest_folder=$out/etc/fonts/${latestVersion} @@ -166,7 +227,7 @@ let cfg = config.fonts.fontconfig; substitute ${latestPkg.out}/etc/fonts/conf.d/51-local.conf \ $latest_folder/conf.d/51-local.conf \ - --replace local.conf /etc/fonts/${latestVersion}/local.conf + --replace local.conf /etc/fonts/${latestVersion}/local.conf # 00-nixos-cache.conf ln -s ${cacheConfSupport} \ @@ -192,6 +253,16 @@ let cfg = config.fonts.fontconfig; # 52-nixos-default-fonts.conf ln -s ${defaultFontsConf} $support_folder/conf.d/52-nixos-default-fonts.conf ln -s ${defaultFontsConf} $latest_folder/conf.d/52-nixos-default-fonts.conf + + # 53-nixos-bitmaps.conf + ln -s ${rejectBitmaps} $support_folder/conf.d/53-nixos-bitmaps.conf + ln -s ${rejectBitmaps} $latest_folder/conf.d/53-nixos-bitmaps.conf + + ${optionalString (! cfg.allowType1) '' + # 53-nixos-reject-type1.conf + ln -s ${rejectType1} $support_folder/conf.d/53-nixos-reject-type1.conf + ln -s ${rejectType1} $latest_folder/conf.d/53-nixos-reject-type1.conf + ''} ''; # Package with configuration files @@ -349,6 +420,45 @@ in ''; }; + allowBitmaps = mkOption { + type = types.bool; + default = true; + description = '' + Allow bitmap fonts. Set to <literal>false</literal> to ban all + bitmap fonts. + ''; + }; + + allowType1 = mkOption { + type = types.bool; + default = false; + description = '' + Allow Type-1 fonts. Default is <literal>false</literal> because of + poor rendering. + ''; + }; + + useEmbeddedBitmaps = mkOption { + type = types.bool; + default = false; + description = ''Use embedded bitmaps in fonts like Calibri.''; + }; + + forceAutohint = mkOption { + type = types.bool; + default = false; + description = '' + Force use of the TrueType Autohinter. Useful for debugging or + free-software purists. + ''; + }; + + renderMonoTTFAsBitmap = mkOption { + type = types.bool; + default = false; + description = ''Render some monospace TTF fonts as bitmaps.''; + }; + }; }; diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index eee8db376c84..bf66994b5022 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -274,6 +274,8 @@ in { RestartSec = "500ms"; }; }; + + environment.variables.PULSE_COOKIE = "${stateDir}/.config/pulse/cookie"; }) ]; diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index 93dba0d882b8..85163305c1ef 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -280,7 +280,7 @@ in options = [ "allow_other" "cow" "nonempty" "chroot=/mnt-root" "max_files=32768" "hide_meta_files" "dirs=/nix/.rw-store=rw:/nix/.ro-store=ro" ]; }; - boot.initrd.availableKernelModules = [ "squashfs" "iso9660" "usb-storage" ]; + boot.initrd.availableKernelModules = [ "squashfs" "iso9660" "usb-storage" "uas" ]; boot.blacklistedKernelModules = [ "nouveau" ]; diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh index 4f73865dad6a..4b5e7b3230c8 100644 --- a/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixos/modules/installer/tools/nixos-rebuild.sh @@ -278,24 +278,22 @@ if [ -n "$buildNix" ]; then echo "building Nix..." >&2 nixDrv= if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then - if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then - if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then - nixStorePath="$(prebuiltNix "$(uname -m)")" - if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \ - --option extra-binary-caches https://cache.nixos.org/; then + if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then + nixStorePath="$(prebuiltNix "$(uname -m)")" + if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \ + --option extra-binary-caches https://cache.nixos.org/; then + echo "warning: don't know how to get latest Nix" >&2 + fi + # Older version of nix-store -r don't support --add-root. + [ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix + if [ -n "$buildHost" ]; then + remoteNixStorePath="$(prebuiltNix "$(buildHostCmd uname -m)")" + remoteNix="$remoteNixStorePath/bin" + if ! buildHostCmd nix-store -r $remoteNixStorePath \ + --option extra-binary-caches https://cache.nixos.org/ >/dev/null; then + remoteNix= echo "warning: don't know how to get latest Nix" >&2 fi - # Older version of nix-store -r don't support --add-root. - [ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix - if [ -n "$buildHost" ]; then - remoteNixStorePath="$(prebuiltNix "$(buildHostCmd uname -m)")" - remoteNix="$remoteNixStorePath/bin" - if ! buildHostCmd nix-store -r $remoteNixStorePath \ - --option extra-binary-caches https://cache.nixos.org/ >/dev/null; then - remoteNix= - echo "warning: don't know how to get latest Nix" >&2 - fi - fi fi fi fi diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index d51b29b99dae..feecee3225be 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -288,6 +288,7 @@ kresd = 270; rpc = 271; geoip = 272; + fcron = 273; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -545,6 +546,7 @@ kresd = 270; #rpc = 271; # unused #geoip = 272; # unused + fcron = 273; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ca4b04be7ad8..7d2ae4a571c4 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -571,6 +571,7 @@ ./services/x11/display-managers/lightdm.nix ./services/x11/display-managers/sddm.nix ./services/x11/display-managers/slim.nix + ./services/x11/display-managers/xpra.nix ./services/x11/hardware/libinput.nix ./services/x11/hardware/multitouch.nix ./services/x11/hardware/synaptics.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index ff3654737afd..0b609287f63a 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -181,6 +181,13 @@ with lib; # KDE Plasma 5 (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "kde5" ] [ "services" "xserver" "desktopManager" "plasma5" ]) + # Fontconfig + (mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "config" "fonts" "fontconfig" "allowBitmaps" ]) + (mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowType1" ] [ "config" "fonts" "fontconfig" "allowType1" ]) + (mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "config" "fonts" "fontconfig" "useEmbeddedBitmaps" ]) + (mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "config" "fonts" "fontconfig" "forceAutohint" ]) + (mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "config" "fonts" "fontconfig" "renderMonoTTFAsBitmap" ]) + # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") (mkRemovedOptionModule [ "programs" "bash" "enable" ] "") diff --git a/nixos/modules/security/grsecurity.xml b/nixos/modules/security/grsecurity.xml index ef0aab4a3f13..07a61919ab42 100644 --- a/nixos/modules/security/grsecurity.xml +++ b/nixos/modules/security/grsecurity.xml @@ -214,8 +214,8 @@ GRKERNSEC_CONFIG_SERVER y GRKERNSEC_CONFIG_SECURITY y ''; - }; - } + }; + }; </programlisting> </para> diff --git a/nixos/modules/services/cluster/kubernetes.nix b/nixos/modules/services/cluster/kubernetes.nix index a82802c32662..9ccc7295019a 100644 --- a/nixos/modules/services/cluster/kubernetes.nix +++ b/nixos/modules/services/cluster/kubernetes.nix @@ -76,6 +76,7 @@ in { description = "Kubernetes package to use."; type = types.package; default = pkgs.kubernetes; + defaultText = "pkgs.kubernetes"; }; verbose = mkOption { diff --git a/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixos/modules/services/continuous-integration/buildbot/master.nix index f638cf4bae3b..533751734fa5 100644 --- a/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -28,7 +28,7 @@ let ${cfg.extraConfig} '' - else pkgs.writeText "master.cfg" cfg.masterCfg; + else cfg.masterCfg; in { options = { @@ -66,13 +66,10 @@ in { }; masterCfg = mkOption { - type = types.nullOr types.str; - description = '' - Optionally pass raw master.cfg file as string. - Other options in this configuration will be ignored. - ''; + type = types.nullOr types.path; + description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = null; - example = "BuildmasterConfig = c = {}"; + example = "/etc/nixos/buildbot/master.cfg"; }; schedulers = mkOption { @@ -88,7 +85,7 @@ in { type = types.listOf types.str; description = "List of Builders."; default = [ - "util.BuilderConfig(name='runtests',workernames=['default-worker'],factory=factory)" + "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]; }; @@ -121,7 +118,7 @@ in { extraGroups = mkOption { type = types.listOf types.str; - default = [ "nixbld" ]; + default = []; description = "List of extra groups that the buildbot user should be a part of."; }; @@ -183,16 +180,14 @@ in { package = mkOption { type = types.package; default = pkgs.buildbot-ui; - description = '' - Package to use for buildbot. - <literal>buildbot-full</literal> is required in order to use local workers. - ''; - example = pkgs.buildbot-full; + defaultText = "pkgs.buildbot-ui"; + description = "Package to use for buildbot."; + example = literalExample "pkgs.buildbot-full"; }; packages = mkOption { default = [ ]; - example = [ pkgs.git ]; + example = literalExample "[ pkgs.git ]"; type = types.listOf types.package; description = "Packages to add to PATH for the buildbot process."; }; @@ -222,11 +217,11 @@ in { path = cfg.packages; serviceConfig = { - Type = "forking"; + Type = "simple"; User = cfg.user; Group = cfg.group; WorkingDirectory = cfg.home; - ExecStart = "${cfg.package}/bin/buildbot start ${cfg.buildbotDir}"; + ExecStart = "${cfg.package}/bin/buildbot start --nodaemon ${cfg.buildbotDir}"; }; preStart = '' diff --git a/nixos/modules/services/continuous-integration/buildbot/worker.nix b/nixos/modules/services/continuous-integration/buildbot/worker.nix index 430fd4e53f1c..e4ee4dd861ef 100644 --- a/nixos/modules/services/continuous-integration/buildbot/worker.nix +++ b/nixos/modules/services/continuous-integration/buildbot/worker.nix @@ -31,7 +31,7 @@ in { extraGroups = mkOption { type = types.listOf types.str; - default = [ "nixbld" ]; + default = []; description = "List of extra groups that the Buildbot Worker user should be a part of."; }; @@ -68,13 +68,14 @@ in { package = mkOption { type = types.package; default = pkgs.buildbot-worker; + defaultText = "pkgs.buildbot-worker"; description = "Package to use for buildbot worker."; - example = pkgs.buildbot-worker; + example = literalExample "pkgs.buildbot-worker"; }; packages = mkOption { default = [ ]; - example = [ pkgs.git ]; + example = literalExample "[ pkgs.git ]"; type = types.listOf types.package; description = "Packages to add to PATH for the buildbot process."; }; @@ -100,24 +101,21 @@ in { systemd.services.buildbot-worker = { description = "Buildbot Worker."; - after = [ "network.target" ]; + after = [ "network.target" "buildbot-master.service" ]; wantedBy = [ "multi-user.target" ]; - wants = [ "buildbot-master.service" ]; path = cfg.packages; preStart = '' - # NOTE: ensure master has time to start in case running on localhost - ${pkgs.coreutils}/bin/sleep 4 ${pkgs.coreutils}/bin/mkdir -vp ${cfg.buildbotDir} ${cfg.package}/bin/buildbot-worker create-worker ${cfg.buildbotDir} ${cfg.masterUrl} ${cfg.workerUser} ${cfg.workerPass} ''; serviceConfig = { - Type = "forking"; + Type = "simple"; User = cfg.user; Group = cfg.group; WorkingDirectory = cfg.home; - ExecStart = "${cfg.package}/bin/buildbot-worker start ${cfg.buildbotDir}"; + ExecStart = "${cfg.package}/bin/buildbot-worker start --nodaemon ${cfg.buildbotDir}"; }; }; diff --git a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index 7b1fe6269fe9..861b46a2d642 100644 --- a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -29,6 +29,22 @@ in { ''; }; + accessUser = mkOption { + default = ""; + type = types.str; + description = '' + User id in Jenkins used to reload config. + ''; + }; + + accessToken = mkOption { + default = ""; + type = types.str; + description = '' + User token in Jenkins used to reload config. + ''; + }; + yamlJobs = mkOption { default = ""; type = types.lines; @@ -110,6 +126,11 @@ in { # Stamp file is placed in $JENKINS_HOME/jobs/$JOB_NAME/ to indicate # ownership. Enables tracking and removal of stale jobs. ownerStamp = ".config-xml-managed-by-nixos-jenkins-job-builder"; + reloadScript = '' + echo "Asking Jenkins to reload config" + CRUMB=$(curl -s 'http://${cfg.accessUser}:${cfg.accessToken}@${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') + curl --silent -X POST -H "$CRUMB" http://${cfg.accessUser}:${cfg.accessToken}@${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/reload + ''; in '' rm -rf ${jobBuilderOutputDir} @@ -142,10 +163,7 @@ in { echo "Deleting stale job \"$jobname\"" rm -rf "$jobdir" done - - echo "Asking Jenkins to reload config" - curl --silent -X POST http://${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/reload - ''; + '' + (if cfg.accessUser != "" then reloadScript else ""); serviceConfig = { User = jenkinsCfg.user; RuntimeDirectory = "jenkins-job-builder"; diff --git a/nixos/modules/services/logging/fluentd.nix b/nixos/modules/services/logging/fluentd.nix index e56a9a4e9afb..9fbec2457371 100644 --- a/nixos/modules/services/logging/fluentd.nix +++ b/nixos/modules/services/logging/fluentd.nix @@ -25,6 +25,7 @@ in { package = mkOption { type = types.path; default = pkgs.fluentd; + defaultText = "pkgs.fluentd"; description = "The fluentd package to use."; }; }; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 3027dd1c3d0e..5088c4e60691 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -164,22 +164,23 @@ in buildMachines = mkOption { type = types.listOf types.attrs; default = []; - example = [ - { hostName = "voila.labs.cs.uu.nl"; - sshUser = "nix"; - sshKey = "/root/.ssh/id_buildfarm"; - system = "powerpc-darwin"; - maxJobs = 1; - } - { hostName = "linux64.example.org"; - sshUser = "buildfarm"; - sshKey = "/root/.ssh/id_buildfarm"; - system = "x86_64-linux"; - maxJobs = 2; - supportedFeatures = [ "kvm" ]; - mandatoryFeatures = [ "perf" ]; - } - ]; + example = literalExample '' + [ { hostName = "voila.labs.cs.uu.nl"; + sshUser = "nix"; + sshKey = "/root/.ssh/id_buildfarm"; + system = "powerpc-darwin"; + maxJobs = 1; + } + { hostName = "linux64.example.org"; + sshUser = "buildfarm"; + sshKey = "/root/.ssh/id_buildfarm"; + system = "x86_64-linux"; + maxJobs = 2; + supportedFeatures = [ "kvm" ]; + mandatoryFeatures = [ "perf" ]; + } + ] + ''; description = '' This option lists the machines to be used if distributed builds are enabled (see diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix index b04959a9686a..c1e1f0903539 100644 --- a/nixos/modules/services/misc/ssm-agent.nix +++ b/nixos/modules/services/misc/ssm-agent.nix @@ -23,6 +23,7 @@ in { type = types.path; description = "The SSM agent package to use"; default = pkgs.ssm-agent; + defaultText = "pkgs.ssm-agent"; }; }; diff --git a/nixos/modules/services/monitoring/das_watchdog.nix b/nixos/modules/services/monitoring/das_watchdog.nix index 6e2653836d5e..88ca3a9227d2 100644 --- a/nixos/modules/services/monitoring/das_watchdog.nix +++ b/nixos/modules/services/monitoring/das_watchdog.nix @@ -25,7 +25,7 @@ in { wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "root"; - Type = "oneshot"; + Type = "simple"; ExecStart = "${das_watchdog}/bin/das_watchdog"; RemainAfterExit = true; }; diff --git a/nixos/modules/services/networking/btsync.nix b/nixos/modules/services/networking/btsync.nix index 572a7387316b..92e9fa7be419 100644 --- a/nixos/modules/services/networking/btsync.nix +++ b/nixos/modules/services/networking/btsync.nix @@ -208,7 +208,6 @@ in storagePath = mkOption { type = types.path; default = "/var/lib/btsync/"; - example = "/var/lib/btsync/"; description = '' Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 5928203368d2..28c96a9baefc 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -7,7 +7,7 @@ let stateDir = "/var/spool/ddclient"; ddclientUser = "ddclient"; - ddclientFlags = "-foreground -verbose -noquiet -file ${config.services.ddclient.configFile}"; + ddclientFlags = "-foreground -file ${config.services.ddclient.configFile}"; ddclientPIDFile = "${stateDir}/ddclient.pid"; in @@ -102,6 +102,22 @@ in Method to determine the IP address to send to the dynamic DNS provider. ''; }; + + verbose = mkOption { + default = true; + type = bool; + description = '' + Print verbose information. + ''; + }; + + quiet = mkOption { + default = false; + type = bool; + description = '' + Print no messages for unnecessary updates. + ''; + }; }; }; @@ -136,6 +152,8 @@ in lib.optionalString (server != "") "server=${server}"} ssl=${if config.services.ddclient.ssl then "yes" else "no"} wildcard=YES + quiet=${if config.services.ddclient.quiet then "yes" else "no"} + verbose=${if config.services.ddclient.verbose then "yes" else "no"} ${config.services.ddclient.domain} ${config.services.ddclient.extraConfig} ''; diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 462039803f80..8e9747b29667 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -155,15 +155,59 @@ in }; }; - config = mkIf cfg.enable { - + config = mkIf cfg.enable (mkMerge [{ assertions = [ { assertion = (cfg.customResolver != null) || (cfg.resolverName != null); message = "please configure upstream DNSCrypt resolver"; } ]; - security.apparmor.profiles = optional apparmorEnabled (pkgs.writeText "apparmor-dnscrypt-proxy" '' + users.users.dnscrypt-proxy = { + description = "dnscrypt-proxy daemon user"; + isSystemUser = true; + group = "dnscrypt-proxy"; + }; + users.groups.dnscrypt-proxy = {}; + + systemd.sockets.dnscrypt-proxy = { + description = "dnscrypt-proxy listening socket"; + documentation = [ "man:dnscrypt-proxy(8)" ]; + + wantedBy = [ "sockets.target" ]; + + socketConfig = { + ListenStream = localAddress; + ListenDatagram = localAddress; + }; + }; + + systemd.services.dnscrypt-proxy = { + description = "dnscrypt-proxy daemon"; + documentation = [ "man:dnscrypt-proxy(8)" ]; + + before = [ "nss-lookup.target" ]; + + after = [ "network.target" ] + ++ optional apparmorEnabled "apparmor.service"; + + requires = [ "dnscrypt-proxy.socket "] + ++ optional apparmorEnabled "apparmor.service"; + + serviceConfig = { + NonBlocking = "true"; + ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; + + User = "dnscrypt-proxy"; + + PrivateTmp = true; + PrivateDevices = true; + ProtectHome = true; + }; + }; + } + + (mkIf apparmorEnabled { + security.apparmor.profiles = singleton (pkgs.writeText "apparmor-dnscrypt-proxy" '' ${dnscrypt-proxy}/bin/dnscrypt-proxy { /dev/null rw, /dev/urandom r, @@ -188,102 +232,78 @@ in ${getLib pkgs.libgpgerror}/lib/libgpg-error.so.* mr, ${getLib pkgs.libcap}/lib/libcap.so.* mr, ${getLib pkgs.lz4}/lib/liblz4.so.* mr, - ${getLib pkgs.attr}/lib/libattr.so.* mr, + ${getLib pkgs.attr}/lib/libattr.so.* mr, # */ ${resolverList} r, } ''); + }) - users.users.dnscrypt-proxy = { - description = "dnscrypt-proxy daemon user"; - isSystemUser = true; - group = "dnscrypt-proxy"; - }; - users.groups.dnscrypt-proxy = {}; - - systemd.services.init-dnscrypt-proxy-statedir = optionalAttrs useUpstreamResolverList { + (mkIf useUpstreamResolverList { + systemd.services.init-dnscrypt-proxy-statedir = { description = "Initialize dnscrypt-proxy state directory"; + + wantedBy = [ "dnscrypt-proxy.service" ]; + before = [ "dnscrypt-proxy.service" ]; + script = '' mkdir -pv ${stateDirectory} chown -c dnscrypt-proxy:dnscrypt-proxy ${stateDirectory} - cp --preserve=timestamps -uv \ + cp -uv \ ${pkgs.dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv \ ${stateDirectory} ''; + serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; }; - systemd.services.update-dnscrypt-resolvers = optionalAttrs useUpstreamResolverList { + systemd.services.update-dnscrypt-resolvers = { description = "Update list of DNSCrypt resolvers"; requires = [ "init-dnscrypt-proxy-statedir.service" ]; after = [ "init-dnscrypt-proxy-statedir.service" ]; - path = with pkgs; [ curl minisign ]; + path = with pkgs; [ curl diffutils dnscrypt-proxy minisign ]; script = '' cd ${stateDirectory} - curl -fSsL -o dnscrypt-resolvers.csv.tmp \ - https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv - curl -fSsL -o dnscrypt-resolvers.csv.minisig.tmp \ - https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv.minisig + domain=download.dnscrypt.org + get="curl -fSs --resolve $domain:443:$(hostip -r 8.8.8.8 $domain | head -1)" + $get -o dnscrypt-resolvers.csv.tmp \ + https://$domain/dnscrypt-proxy/dnscrypt-resolvers.csv + $get -o dnscrypt-resolvers.csv.minisig.tmp \ + https://$domain/dnscrypt-proxy/dnscrypt-resolvers.csv.minisig mv dnscrypt-resolvers.csv.minisig{.tmp,} minisign -q -V -p ${upstreamResolverListPubKey} \ -m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig + [[ -f dnscrypt-resolvers.csv ]] && mv dnscrypt-resolvers.csv{,.old} mv dnscrypt-resolvers.csv{.tmp,} + if cmp dnscrypt-resolvers.csv{,.old} ; then + echo "no change" + else + echo "resolver list updated" + fi ''; serviceConfig = { PrivateTmp = true; PrivateDevices = true; ProtectHome = true; - ProtectSystem = true; + ProtectSystem = "strict"; + ReadWritePaths = "${dirOf stateDirectory} ${stateDirectory}"; + SystemCallFilter = "~@mount"; }; }; - systemd.timers.update-dnscrypt-resolvers = optionalAttrs useUpstreamResolverList { + systemd.timers.update-dnscrypt-resolvers = { + wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "5min"; OnUnitActiveSec = "6h"; }; - wantedBy = [ "timers.target" ]; }; - - systemd.sockets.dnscrypt-proxy = { - description = "dnscrypt-proxy listening socket"; - socketConfig = { - ListenStream = localAddress; - ListenDatagram = localAddress; - }; - wantedBy = [ "sockets.target" ]; - }; - - systemd.services.dnscrypt-proxy = { - description = "dnscrypt-proxy daemon"; - - before = [ "nss-lookup.target" ]; - - after = [ "network.target" ] - ++ optional apparmorEnabled "apparmor.service" - ++ optional useUpstreamResolverList "init-dnscrypt-proxy-statedir.service"; - - requires = [ "dnscrypt-proxy.socket "] - ++ optional apparmorEnabled "apparmor.service" - ++ optional useUpstreamResolverList "init-dnscrypt-proxy-statedir.service"; - - serviceConfig = { - Type = "simple"; - NonBlocking = "true"; - ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; - - User = "dnscrypt-proxy"; - - PrivateTmp = true; - PrivateDevices = true; - ProtectHome = true; - }; - }; - }; + }) + ]); } diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index c11d4434c206..7255ffc5af4b 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -24,6 +24,8 @@ let [connection] ipv6.ip6-privacy=2 + ethernet.cloned-mac-address=${cfg.ethernet.macAddress} + wifi.cloned-mac-address=${cfg.wifi.macAddress} ''; /* @@ -73,6 +75,19 @@ let "pre-down" = "pre-down.d/"; }; + macAddressOpt = mkOption { + type = types.either types.str (types.enum ["permanent" "preserve" "random" "stable"]); + default = "preserve"; + example = "00:11:22:33:44:55"; + description = '' + "XX:XX:XX:XX:XX:XX": MAC address of the interface. + <literal>permanent</literal>: use the permanent MAC address of the device. + <literal>preserve</literal>: don’t change the MAC address of the device upon activation. + <literal>random</literal>: generate a randomized value upon each connect. + <literal>stable</literal>: generate a stable, hashed MAC address. + ''; + }; + in { ###### interface @@ -140,6 +155,9 @@ in { ''; }; + ethernet.macAddress = macAddressOpt; + wifi.macAddress = macAddressOpt; + dispatcherScripts = mkOption { type = types.listOf (types.submodule { options = { @@ -229,6 +247,7 @@ in { systemd.services."network-manager" = { wantedBy = [ "network.target" ]; + restartTriggers = [ configFile ]; preStart = '' mkdir -m 700 -p /etc/NetworkManager/system-connections diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index b852e4e6dc86..3520c6d3f7da 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -19,6 +19,7 @@ in services.searx = { enable = mkOption { + type = types.bool; default = false; description = " Whether to enable the Searx server. See https://github.com/asciimoo/searx @@ -26,6 +27,7 @@ in }; configFile = mkOption { + type = types.path; default = ""; description = " The path of the Searx server configuration file. If no file @@ -35,7 +37,9 @@ in }; package = mkOption { + type = types.package; default = pkgs.pythonPackages.searx; + defaultText = "pkgs.pythonPackages.searx"; description = "searx package to use."; }; diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix index e4ada2768715..bd1ecb40969b 100644 --- a/nixos/modules/services/scheduling/fcron.nix +++ b/nixos/modules/services/scheduling/fcron.nix @@ -23,7 +23,8 @@ let allowdeny = target: users: { source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users); target = "fcron.${target}"; - mode = "600"; # fcron has some security issues.. So I guess this is most safe + mode = "644"; + gid = config.ids.gids.fcron; }; in @@ -89,7 +90,7 @@ in [ (allowdeny "allow" (cfg.allow)) (allowdeny "deny" cfg.deny) # see man 5 fcron.conf - { source = pkgs.writeText "fcon.conf" '' + { source = pkgs.writeText "fcron.conf" '' fcrontabs = /var/spool/fcron pidfile = /var/run/fcron.pid fifofile = /var/run/fcron.fifo @@ -97,16 +98,40 @@ in fcrondeny = /etc/fcron.deny shell = /bin/sh sendmail = /run/wrappers/bin/sendmail - editor = /run/current-system/sw/bin/vi + editor = ${pkgs.vim}/bin/vim ''; target = "fcron.conf"; - mode = "0600"; # max allowed is 644 + gid = config.ids.gids.fcron; + mode = "0644"; } ]; environment.systemPackages = [ pkgs.fcron ]; - - security.wrappers.fcrontab.source = "${pkgs.fcron.out}/bin/fcrontab"; + users.extraUsers.fcron = { + uid = config.ids.uids.fcron; + home = "/var/spool/fcron"; + group = "fcron"; + }; + users.groups.fcron.gid = config.ids.gids.fcron; + + security.wrappers = { + fcrontab = { + source = "${pkgs.fcron}/bin/fcrontab"; + owner = "fcron"; + group = "fcron"; + setgid = true; + }; + fcrondyn = { + source = "${pkgs.fcron}/bin/fcrondyn"; + owner = "fcron"; + group = "fcron"; + setgid = true; + }; + fcronsighup = { + source = "${pkgs.fcron}/bin/fcronsighup"; + group = "fcron"; + }; + }; systemd.services.fcron = { description = "fcron daemon"; after = [ "local-fs.target" ]; @@ -118,14 +143,17 @@ in }; preStart = '' - ${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/spool/fcron + ${pkgs.coreutils}/bin/mkdir -m 0770 -p /var/spool/fcron + ${pkgs.coreutils}/bin/chown -R fcron:fcron /var/spool/fcron # load system crontab file - ${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab} + set -x + #${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab} ''; - serviceConfig.Type = "forking"; - - script = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}"; + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}"; + }; }; }; } diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 488bd3fe0ef1..846dfbb587f5 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -29,7 +29,7 @@ let inherit (cfg) phpPackage phpOptions; passAsFile = [ "phpOptions" ]; } '' - cat $phpPackage/etc/php.ini $phpOptionsFile > $out + cat $phpPackage/etc/php.ini $phpOptionsPath > $out ''; in { diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 4afd8a58d643..bc6e728169b4 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -186,6 +186,11 @@ in }; fonts.fonts = with pkgs; [ noto-fonts hack-font ]; + fonts.fontconfig.defaultFonts = { + monospace = [ "Hack" "Noto Mono" ]; + sansSerif = [ "Noto Sans" ]; + serif = [ "Noto Serif" ]; + }; programs.ssh.askPassword = "${plasma5.ksshaskpass.out}/bin/ksshaskpass"; diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index 37523feb4140..9c42dc8781b9 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -47,6 +47,12 @@ in default = true; description = "Enable the XFWM (default) window manager."; }; + + screenLock = mkOption { + type = types.enum [ "xscreensaver" "xlockmore" "slock" ]; + default = "xlockmore"; + description = "Application used by XFCE to lock the screen."; + }; }; }; @@ -80,6 +86,7 @@ in pkgs.tango-icon-theme pkgs.shared_mime_info pkgs.which # Needed by the xfce's xinitrc script. + pkgs."${cfg.screenLock}" pkgs.xfce.exo pkgs.xfce.gtk_xfce_engine pkgs.xfce.mousepad diff --git a/nixos/modules/services/x11/display-managers/xpra.nix b/nixos/modules/services/x11/display-managers/xpra.nix new file mode 100644 index 000000000000..e60dd8765264 --- /dev/null +++ b/nixos/modules/services/x11/display-managers/xpra.nix @@ -0,0 +1,249 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.xserver.displayManager.xpra; + dmcfg = config.services.xserver.displayManager; + +in + +{ + ###### interface + + options = { + services.xserver.displayManager.xpra = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable xpra as display manager."; + }; + + bindTcp = mkOption { + default = "127.0.0.1:10000"; + example = "0.0.0.0:10000"; + type = types.nullOr types.str; + description = "Bind xpra to TCP"; + }; + + auth = mkOption { + type = types.str; + default = "pam"; + example = "password:value=mysecret"; + description = "Authentication to use when connecting to xpra"; + }; + + pulseaudio = mkEnableOption "pulseaudio audio streaming."; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + services.xserver.videoDrivers = ["dummy"]; + + services.xserver.monitorSection = '' + HorizSync 1.0 - 2000.0 + VertRefresh 1.0 - 200.0 + #To add your own modes here, use a modeline calculator, like: + # cvt: + # http://www.x.org/archive/X11R7.5/doc/man/man1/cvt.1.html + # xtiming: + # http://xtiming.sourceforge.net/cgi-bin/xtiming.pl + # gtf: + # http://gtf.sourceforge.net/ + #This can be used to get a specific DPI, but only for the default resolution: + #DisplaySize 508 317 + #NOTE: the highest modes will not work without increasing the VideoRam + # for the dummy video card. + #Modeline "16000x15000" 300.00 16000 16408 18000 20000 15000 15003 15013 15016 + #Modeline "15000x15000" 281.25 15000 15376 16872 18744 15000 15003 15013 15016 + #Modeline "16384x8192" 167.75 16384 16800 18432 20480 8192 8195 8205 8208 + #Modeline "15360x8640" 249.00 15360 15752 17280 19200 8640 8643 8648 8651 + Modeline "8192x4096" 193.35 8192 8224 8952 8984 4096 4196 4200 4301 + Modeline "7680x4320" 208.00 7680 7880 8640 9600 4320 4323 4328 4335 + Modeline "6400x4096" 151.38 6400 6432 7000 7032 4096 4196 4200 4301 + Modeline "6400x2560" 91.59 6400 6432 6776 6808 2560 2623 2626 2689 + Modeline "6400x2160" 160.51 6400 6432 7040 7072 2160 2212 2216 2269 + Modeline "5760x2160" 149.50 5760 5768 6320 6880 2160 2161 2164 2173 + Modeline "5680x1440" 142.66 5680 5712 6248 6280 1440 1474 1478 1513 + Modeline "5496x1200" 199.13 5496 5528 6280 6312 1200 1228 1233 1261 + Modeline "5280x2560" 75.72 5280 5312 5592 5624 2560 2623 2626 2689 + Modeline "5280x1920" 56.04 5280 5312 5520 5552 1920 1967 1969 2017 + Modeline "5280x1200" 191.40 5280 5312 6032 6064 1200 1228 1233 1261 + Modeline "5280x1080" 169.96 5280 5312 5952 5984 1080 1105 1110 1135 + Modeline "5120x3200" 199.75 5120 5152 5904 5936 3200 3277 3283 3361 + Modeline "5120x2560" 73.45 5120 5152 5424 5456 2560 2623 2626 2689 + Modeline "5120x2880" 185.50 5120 5256 5760 6400 2880 2883 2888 2899 + Modeline "4800x1200" 64.42 4800 4832 5072 5104 1200 1229 1231 1261 + Modeline "4720x3840" 227.86 4720 4752 5616 5648 3840 3933 3940 4033 + Modeline "4400x2560" 133.70 4400 4432 4936 4968 2560 2622 2627 2689 + Modeline "4480x1440" 72.94 4480 4512 4784 4816 1440 1475 1478 1513 + Modeline "4240x1440" 69.09 4240 4272 4528 4560 1440 1475 1478 1513 + Modeline "4160x1440" 67.81 4160 4192 4448 4480 1440 1475 1478 1513 + Modeline "4096x2304" 249.25 4096 4296 4720 5344 2304 2307 2312 2333 + Modeline "4096x2160" 111.25 4096 4200 4608 5120 2160 2163 2173 2176 + Modeline "4000x1660" 170.32 4000 4128 4536 5072 1660 1661 1664 1679 + Modeline "4000x1440" 145.00 4000 4088 4488 4976 1440 1441 1444 1457 + Modeline "3904x1440" 63.70 3904 3936 4176 4208 1440 1475 1478 1513 + Modeline "3840x2880" 133.43 3840 3872 4376 4408 2880 2950 2955 3025 + Modeline "3840x2560" 116.93 3840 3872 4312 4344 2560 2622 2627 2689 + Modeline "3840x2160" 104.25 3840 3944 4320 4800 2160 2163 2168 2175 + Modeline "3840x2048" 91.45 3840 3872 4216 4248 2048 2097 2101 2151 + Modeline "3840x1200" 108.89 3840 3872 4280 4312 1200 1228 1232 1261 + Modeline "3840x1080" 100.38 3840 3848 4216 4592 1080 1081 1084 1093 + Modeline "3864x1050" 94.58 3864 3896 4248 4280 1050 1074 1078 1103 + Modeline "3600x1200" 106.06 3600 3632 3984 4368 1200 1201 1204 1214 + Modeline "3600x1080" 91.02 3600 3632 3976 4008 1080 1105 1109 1135 + Modeline "3520x1196" 99.53 3520 3552 3928 3960 1196 1224 1228 1256 + Modeline "3360x2560" 102.55 3360 3392 3776 3808 2560 2622 2627 2689 + Modeline "3360x1050" 293.75 3360 3576 3928 4496 1050 1053 1063 1089 + Modeline "3288x1080" 39.76 3288 3320 3464 3496 1080 1106 1108 1135 + Modeline "3200x1800" 233.00 3200 3384 3720 4240 1800 1803 1808 1834 + Modeline "3200x1080" 236.16 3200 3232 4128 4160 1080 1103 1112 1135 + Modeline "3120x2560" 95.36 3120 3152 3512 3544 2560 2622 2627 2689 + Modeline "3120x1050" 272.75 3120 3320 3648 4176 1050 1053 1063 1089 + Modeline "3072x2560" 93.92 3072 3104 3456 3488 2560 2622 2627 2689 + Modeline "3008x1692" 130.93 3008 3112 3416 3824 1692 1693 1696 1712 + Modeline "3000x2560" 91.77 3000 3032 3376 3408 2560 2622 2627 2689 + Modeline "2880x1620" 396.25 2880 3096 3408 3936 1620 1623 1628 1679 + Modeline "2728x1680" 148.02 2728 2760 3320 3352 1680 1719 1726 1765 + Modeline "2560x2240" 151.55 2560 2688 2952 3344 2240 2241 2244 2266 + Modeline "2560x1600" 47.12 2560 2592 2768 2800 1600 1639 1642 1681 + Modeline "2560x1440" 42.12 2560 2592 2752 2784 1440 1475 1478 1513 + Modeline "2560x1400" 267.86 2560 2592 3608 3640 1400 1429 1441 1471 + Modeline "2048x2048" 49.47 2048 2080 2264 2296 2048 2097 2101 2151 + Modeline "2048x1536" 80.06 2048 2104 2312 2576 1536 1537 1540 1554 + Modeline "2048x1152" 197.97 2048 2184 2408 2768 1152 1153 1156 1192 + Modeline "2048x1152" 165.92 2048 2080 2704 2736 1152 1176 1186 1210 + Modeline "1920x1440" 69.47 1920 1960 2152 2384 1440 1441 1444 1457 + Modeline "1920x1200" 26.28 1920 1952 2048 2080 1200 1229 1231 1261 + Modeline "1920x1080" 23.53 1920 1952 2040 2072 1080 1106 1108 1135 + Modeline "1728x1520" 205.42 1728 1760 2536 2568 1520 1552 1564 1597 + Modeline "1680x1050" 20.08 1680 1712 1784 1816 1050 1075 1077 1103 + Modeline "1600x1200" 22.04 1600 1632 1712 1744 1200 1229 1231 1261 + Modeline "1600x900" 33.92 1600 1632 1760 1792 900 921 924 946 + Modeline "1440x900" 30.66 1440 1472 1584 1616 900 921 924 946 + Modeline "1400x900" 103.50 1400 1480 1624 1848 900 903 913 934 + ModeLine "1366x768" 72.00 1366 1414 1446 1494 768 771 777 803 + Modeline "1360x768" 24.49 1360 1392 1480 1512 768 786 789 807 + Modeline "1280x1024" 31.50 1280 1312 1424 1456 1024 1048 1052 1076 + Modeline "1280x800" 24.15 1280 1312 1400 1432 800 819 822 841 + Modeline "1280x768" 23.11 1280 1312 1392 1424 768 786 789 807 + Modeline "1280x720" 59.42 1280 1312 1536 1568 720 735 741 757 + Modeline "1024x768" 18.71 1024 1056 1120 1152 768 786 789 807 + Modeline "1024x640" 41.98 1024 1056 1208 1240 640 653 659 673 + Modeline "1024x576" 46.50 1024 1064 1160 1296 576 579 584 599 + Modeline "768x1024" 19.50 768 800 872 904 1024 1048 1052 1076 + Modeline "960x540" 40.75 960 992 1088 1216 540 543 548 562 + Modeline "864x486" 32.50 864 888 968 1072 486 489 494 506 + Modeline "720x405" 22.50 720 744 808 896 405 408 413 422 + Modeline "640x360" 14.75 640 664 720 800 360 363 368 374 + #common resolutions for android devices (both orientations): + Modeline "800x1280" 25.89 800 832 928 960 1280 1310 1315 1345 + Modeline "1280x800" 24.15 1280 1312 1400 1432 800 819 822 841 + Modeline "720x1280" 30.22 720 752 864 896 1280 1309 1315 1345 + Modeline "1280x720" 27.41 1280 1312 1416 1448 720 737 740 757 + Modeline "768x1024" 24.93 768 800 888 920 1024 1047 1052 1076 + Modeline "1024x768" 23.77 1024 1056 1144 1176 768 785 789 807 + Modeline "600x1024" 19.90 600 632 704 736 1024 1047 1052 1076 + Modeline "1024x600" 18.26 1024 1056 1120 1152 600 614 617 631 + Modeline "536x960" 16.74 536 568 624 656 960 982 986 1009 + Modeline "960x536" 15.23 960 992 1048 1080 536 548 551 563 + Modeline "600x800" 15.17 600 632 688 720 800 818 822 841 + Modeline "800x600" 14.50 800 832 880 912 600 614 617 631 + Modeline "480x854" 13.34 480 512 560 592 854 873 877 897 + Modeline "848x480" 12.09 848 880 920 952 480 491 493 505 + Modeline "480x800" 12.43 480 512 552 584 800 818 822 841 + Modeline "800x480" 11.46 800 832 872 904 480 491 493 505 + #resolutions for android devices (both orientations) + #minus the status bar + #38px status bar (and width rounded up) + Modeline "800x1242" 25.03 800 832 920 952 1242 1271 1275 1305 + Modeline "1280x762" 22.93 1280 1312 1392 1424 762 780 783 801 + Modeline "720x1242" 29.20 720 752 856 888 1242 1271 1276 1305 + Modeline "1280x682" 25.85 1280 1312 1408 1440 682 698 701 717 + Modeline "768x986" 23.90 768 800 888 920 986 1009 1013 1036 + Modeline "1024x730" 22.50 1024 1056 1136 1168 730 747 750 767 + Modeline "600x986" 19.07 600 632 704 736 986 1009 1013 1036 + Modeline "1024x562" 17.03 1024 1056 1120 1152 562 575 578 591 + Modeline "536x922" 16.01 536 568 624 656 922 943 947 969 + Modeline "960x498" 14.09 960 992 1040 1072 498 509 511 523 + Modeline "600x762" 14.39 600 632 680 712 762 779 783 801 + Modeline "800x562" 13.52 800 832 880 912 562 575 578 591 + Modeline "480x810" 12.59 480 512 552 584 810 828 832 851 + Modeline "848x442" 11.09 848 880 920 952 442 452 454 465 + Modeline "480x762" 11.79 480 512 552 584 762 779 783 801 + ''; + + services.xserver.resolutions = [ + {x="8192"; y="4096";} + {x="5120"; y="3200";} + {x="3840"; y="2880";} + {x="3840"; y="2560";} + {x="3840"; y="2048";} + {x="3840"; y="2160";} + {x="2048"; y="2048";} + {x="2560"; y="1600";} + {x="1920"; y="1440";} + {x="1920"; y="1200";} + {x="1920"; y="1080";} + {x="1600"; y="1200";} + {x="1680"; y="1050";} + {x="1600"; y="900";} + {x="1400"; y="1050";} + {x="1440"; y="900";} + {x="1280"; y="1024";} + {x="1366"; y="768";} + {x="1280"; y="800";} + {x="1024"; y="768";} + {x="1024"; y="600";} + {x="800"; y="600";} + {x="320"; y="200";} + ]; + + services.xserver.serverFlagsSection = '' + Option "DontVTSwitch" "true" + Option "PciForceNone" "true" + Option "AutoEnableDevices" "false" + Option "AutoAddDevices" "false" + ''; + + services.xserver.deviceSection = '' + VideoRam 192000 + ''; + + services.xserver.displayManager.job = { + logsXsession = true; + + execCmd = '' + ${optionalString (cfg.pulseaudio) + "export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie"} + exec ${pkgs.xpra}/bin/xpra start \ + --daemon=off \ + --log-dir=/var/log \ + --log-file=xpra.log \ + --opengl=on \ + --clipboard=on \ + --notifications=on \ + --speaker=yes \ + --mdns=no \ + --pulseaudio=no \ + ${optionalString (cfg.pulseaudio) "--sound-source=pulse"} \ + --socket-dirs=/var/run/xpra \ + --xvfb="xpra_Xdummy ${concatStringsSep " " dmcfg.xserverArgs}" \ + ${optionalString (cfg.bindTcp != null) "--bind-tcp=${cfg.bindTcp}"} \ + --auth=${cfg.auth} + ''; + }; + + services.xserver.terminateOnReset = false; + + environment.systemPackages = [pkgs.xpra]; + + virtualisation.virtualbox.guest.x11 = false; + hardware.pulseaudio.enable = mkDefault cfg.pulseaudio; + hardware.pulseaudio.systemWide = mkDefault cfg.pulseaudio; + }; + +} diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 7ac776571a01..8438e6dcc702 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -435,6 +435,14 @@ in by default. ''; }; + + terminateOnReset = mkOption { + type = types.bool; + default = true; + description = '' + Whether to terminate X upon server reset. + ''; + }; }; }; @@ -550,8 +558,7 @@ in }; services.xserver.displayManager.xserverArgs = - [ "-terminate" - "-config ${configFile}" + [ "-config ${configFile}" "-xkbdir" "${cfg.xkbDir}" # Log at the default verbosity level to stderr rather than /var/log/X.*.log. "-verbose" "3" "-logfile" "/dev/null" @@ -560,7 +567,8 @@ in ++ optional (cfg.dpi != null) "-dpi ${toString cfg.dpi}" ++ optional (!cfg.enableTCP) "-nolisten tcp" ++ optional (cfg.autoRepeatDelay != null) "-ardelay ${toString cfg.autoRepeatDelay}" - ++ optional (cfg.autoRepeatInterval != null) "-arinterval ${toString cfg.autoRepeatInterval}"; + ++ optional (cfg.autoRepeatInterval != null) "-arinterval ${toString cfg.autoRepeatInterval}" + ++ optional cfg.terminateOnReset "-terminate"; services.xserver.modules = concatLists (catAttrs "modules" cfg.drivers) ++ diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 045cbeb7cff8..c8fa6c21a4f6 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -13,12 +13,14 @@ let cfgZfs = config.boot.zfs; cfgSnapshots = config.services.zfs.autoSnapshot; cfgSnapFlags = cfgSnapshots.flags; + cfgScrub = config.services.zfs.autoScrub; inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems; inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems; enableAutoSnapshots = cfgSnapshots.enable; - enableZfs = inInitrd || inSystem || enableAutoSnapshots; + enableAutoScrub = cfgScrub.enable; + enableZfs = inInitrd || inSystem || enableAutoSnapshots || enableAutoScrub; kernel = config.boot.kernelPackages; @@ -217,6 +219,37 @@ in ''; }; }; + + services.zfs.autoScrub = { + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enables periodic scrubbing of ZFS pools. + ''; + }; + + interval = mkOption { + default = "Sun, 02:00"; + type = types.str; + example = "daily"; + description = '' + Systemd calendar expression when to scrub ZFS pools. See + <citerefentry><refentrytitle>systemd.time</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. + ''; + }; + + pools = mkOption { + default = []; + type = types.listOf types.str; + example = [ "tank" ]; + description = '' + List of ZFS pools to periodically scrub. If empty, all pools + will be scrubbed. + ''; + }; + }; }; ###### implementation @@ -282,7 +315,7 @@ in zfsSupport = true; }; - environment.etc."zfs/zed.d".source = "${packages.zfsUser}/etc/zfs/zed.d/*"; + environment.etc."zfs/zed.d".source = "${packages.zfsUser}/etc/zfs/zed.d/"; system.fsPackages = [ packages.zfsUser ]; # XXX: needed? zfs doesn't have (need) a fsck environment.systemPackages = [ packages.zfsUser ] @@ -391,5 +424,31 @@ in }; }) snapshotNames); }) + + (mkIf enableAutoScrub { + systemd.services.zfs-scrub = { + description = "ZFS pools scrubbing"; + after = [ "zfs-import.target" ]; + serviceConfig = { + Type = "oneshot"; + }; + script = '' + ${packages.zfsUser}/bin/zpool scrub ${ + if cfgScrub.pools != [] then + (concatStringsSep " " cfgScrub.pools) + else + "$(${packages.zfsUser}/bin/zpool list -H -o name)" + } + ''; + }; + + systemd.timers.zfs-scrub = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = cfgScrub.interval; + Persistent = "yes"; + }; + }; + }) ]; } diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 179300ef1667..3571e00d04ec 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -220,7 +220,7 @@ let wantedBy = [ "network-setup.service" (subsystemDevice n) ]; bindsTo = deps ++ optional v.rstp "mstpd.service"; partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service"; - after = [ "network-pre.target" "mstpd.service" ] ++ deps + after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service" ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; before = [ "network-setup.service" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 42a1a5a2332d..6467259766ea 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -560,101 +560,102 @@ in }; - networking.bonds = mkOption { - default = { }; - example = literalExample { - bond0 = { - interfaces = [ "eth0" "wlan0" ]; - miimon = 100; + networking.bonds = + let + driverOptionsExample = { + miimon = "100"; mode = "active-backup"; }; - fatpipe.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ]; - }; - description = '' - This option allows you to define bond devices that aggregate multiple, - underlying networking interfaces together. The value of this option is - an attribute set. Each attribute specifies a bond, with the attribute - name specifying the name of the bond's network interface - ''; + in mkOption { + default = { }; + example = literalExample { + bond0 = { + interfaces = [ "eth0" "wlan0" ]; + driverOptions = driverOptionsExample; + }; + anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ]; + }; + description = '' + This option allows you to define bond devices that aggregate multiple, + underlying networking interfaces together. The value of this option is + an attribute set. Each attribute specifies a bond, with the attribute + name specifying the name of the bond's network interface + ''; - type = with types; attrsOf (submodule { + type = with types; attrsOf (submodule { - options = { + options = { - interfaces = mkOption { - example = [ "enp4s0f0" "enp4s0f1" "wlan0" ]; - type = types.listOf types.str; - description = "The interfaces to bond together"; - }; + interfaces = mkOption { + example = [ "enp4s0f0" "enp4s0f1" "wlan0" ]; + type = types.listOf types.str; + description = "The interfaces to bond together"; + }; + + driverOptions = mkOption { + type = types.attrsOf types.str; + default = {}; + example = literalExample driverOptionsExample; + description = '' + Options for the bonding driver. + Documentation can be found in + <link xlink:href="https://www.kernel.org/doc/Documentation/networking/bonding.txt" /> + ''; - driverOptions = mkOption { - type = types.attrsOf types.str; - default = {}; - example = literalExample { - interfaces = [ "eth0" "wlan0" ]; - miimon = 100; - mode = "active-backup"; }; - description = '' - Options for the bonding driver. - Documentation can be found in - <link xlink:href="https://www.kernel.org/doc/Documentation/networking/bonding.txt" /> - ''; - }; + lacp_rate = mkOption { + default = null; + example = "fast"; + type = types.nullOr types.str; + description = '' + DEPRECATED, use `driverOptions`. + Option specifying the rate in which we'll ask our link partner + to transmit LACPDU packets in 802.3ad mode. + ''; + }; - lacp_rate = mkOption { - default = null; - example = "fast"; - type = types.nullOr types.str; - description = '' - DEPRECATED, use `driverOptions`. - Option specifying the rate in which we'll ask our link partner - to transmit LACPDU packets in 802.3ad mode. - ''; - }; + miimon = mkOption { + default = null; + example = 100; + type = types.nullOr types.int; + description = '' + DEPRECATED, use `driverOptions`. + Miimon is the number of millisecond in between each round of polling + by the device driver for failed links. By default polling is not + enabled and the driver is trusted to properly detect and handle + failure scenarios. + ''; + }; - miimon = mkOption { - default = null; - example = 100; - type = types.nullOr types.int; - description = '' - DEPRECATED, use `driverOptions`. - Miimon is the number of millisecond in between each round of polling - by the device driver for failed links. By default polling is not - enabled and the driver is trusted to properly detect and handle - failure scenarios. - ''; - }; + mode = mkOption { + default = null; + example = "active-backup"; + type = types.nullOr types.str; + description = '' + DEPRECATED, use `driverOptions`. + The mode which the bond will be running. The default mode for + the bonding driver is balance-rr, optimizing for throughput. + More information about valid modes can be found at + https://www.kernel.org/doc/Documentation/networking/bonding.txt + ''; + }; - mode = mkOption { - default = null; - example = "active-backup"; - type = types.nullOr types.str; - description = '' - DEPRECATED, use `driverOptions`. - The mode which the bond will be running. The default mode for - the bonding driver is balance-rr, optimizing for throughput. - More information about valid modes can be found at - https://www.kernel.org/doc/Documentation/networking/bonding.txt - ''; - }; + xmit_hash_policy = mkOption { + default = null; + example = "layer2+3"; + type = types.nullOr types.str; + description = '' + DEPRECATED, use `driverOptions`. + Selects the transmit hash policy to use for slave selection in + balance-xor, 802.3ad, and tlb modes. + ''; + }; - xmit_hash_policy = mkOption { - default = null; - example = "layer2+3"; - type = types.nullOr types.str; - description = '' - DEPRECATED, use `driverOptions`. - Selects the transmit hash policy to use for slave selection in - balance-xor, 802.3ad, and tlb modes. - ''; }; - }; - - }); - }; + }); + }; networking.macvlans = mkOption { default = { }; diff --git a/nixos/modules/virtualisation/ecs-agent.nix b/nixos/modules/virtualisation/ecs-agent.nix index 18e45e0b8457..fc51b159579e 100644 --- a/nixos/modules/virtualisation/ecs-agent.nix +++ b/nixos/modules/virtualisation/ecs-agent.nix @@ -12,6 +12,7 @@ in { type = types.path; description = "The ECS agent package to use"; default = pkgs.ecs-agent; + defaultText = "pkgs.ecs-agent"; }; extra-environment = mkOption { diff --git a/nixos/modules/virtualisation/openstack/glance.nix b/nixos/modules/virtualisation/openstack/glance.nix index 4d85718e369c..7862409a65ec 100644 --- a/nixos/modules/virtualisation/openstack/glance.nix +++ b/nixos/modules/virtualisation/openstack/glance.nix @@ -43,7 +43,7 @@ in { package = mkOption { type = types.package; default = pkgs.glance; - example = literalExample "pkgs.glance"; + defaultText = "pkgs.glance"; description = '' Glance package to use. ''; diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index d253e9eab62b..5da4b7e3bafd 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -15,18 +15,27 @@ in ###### interface - options.virtualisation.virtualbox.guest.enable = mkOption { - default = false; - description = "Whether to enable the VirtualBox service and other guest additions."; + options.virtualisation.virtualbox.guest = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to enable the VirtualBox service and other guest additions."; + }; + + x11 = mkOption { + default = true; + type = types.bool; + description = "Whether to enable x11 graphics"; + }; }; ###### implementation - config = mkIf cfg.enable { - assertions = [ { + config = mkIf cfg.enable (mkMerge [{ + assertions = [{ assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; message = "Virtualbox not currently supported on ${pkgs.stdenv.system}"; - } ]; + }]; environment.systemPackages = [ kernel.virtualboxGuestAdditions ]; @@ -49,6 +58,16 @@ in serviceConfig.ExecStart = "@${kernel.virtualboxGuestAdditions}/bin/VBoxService VBoxService --foreground"; }; + services.udev.extraRules = + '' + # /dev/vboxuser is necessary for VBoxClient to work. Maybe we + # should restrict this to logged-in users. + KERNEL=="vboxuser", OWNER="root", GROUP="root", MODE="0666" + + # Allow systemd dependencies on vboxguest. + SUBSYSTEM=="misc", KERNEL=="vboxguest", TAG+="systemd" + ''; + } (mkIf cfg.x11 { services.xserver.videoDrivers = mkOverride 50 [ "virtualbox" "modesetting" ]; services.xserver.config = @@ -69,16 +88,6 @@ in PATH=${makeBinPath [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver.out ]}:$PATH \ ${kernel.virtualboxGuestAdditions}/bin/VBoxClient-all ''; - - services.udev.extraRules = - '' - # /dev/vboxuser is necessary for VBoxClient to work. Maybe we - # should restrict this to logged-in users. - KERNEL=="vboxuser", OWNER="root", GROUP="root", MODE="0666" - - # Allow systemd dependencies on vboxguest. - SUBSYSTEM=="misc", KERNEL=="vboxguest", TAG+="systemd" - ''; - }; + })]); } diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index 67eef0ec1e4c..a80b2e1f3b04 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -27,6 +27,36 @@ in ''; }; + virtualisation.xen.package = mkOption { + type = types.package; + default = pkgs.xen; + defaultText = "pkgs.xen"; + example = literalExample "pkgs.xen-light"; + description = '' + The package used for Xen binary. + ''; + }; + + virtualisation.xen.qemu = mkOption { + type = types.path; + default = "${pkgs.xen}/lib/xen/bin/qemu-system-i386"; + defaultText = "''${pkgs.xen}/lib/xen/bin/qemu-system-i386"; + example = literalExample "''${pkgs.qemu_xen-light}/bin/qemu-system-i386"; + description = '' + The qemu binary to use for Dom-0 backend. + ''; + }; + + virtualisation.xen.qemu-package = mkOption { + type = types.package; + default = pkgs.xen; + defaultText = "pkgs.xen"; + example = literalExample "pkgs.qemu_xen-light"; + description = '' + The package with qemu binaries for xendomains. + ''; + }; + virtualisation.xen.bootParams = mkOption { default = ""; @@ -106,9 +136,9 @@ in message = "Xen currently does not support EFI boot"; } ]; - virtualisation.xen.stored = mkDefault "${pkgs.xen}/bin/oxenstored"; + virtualisation.xen.stored = mkDefault "${cfg.package}/bin/oxenstored"; - environment.systemPackages = [ pkgs.xen ]; + environment.systemPackages = [ cfg.package ]; # Make sure Domain 0 gets the required configuration #boot.kernelPackages = pkgs.boot.kernelPackages.override { features={xen_dom0=true;}; }; @@ -144,7 +174,7 @@ in system.extraSystemBuilderCmds = '' - ln -s ${pkgs.xen}/boot/xen.gz $out/xen.gz + ln -s ${cfg.package}/boot/xen.gz $out/xen.gz echo "${toString cfg.bootParams}" > $out/xen-params ''; @@ -180,19 +210,19 @@ in environment.etc = - [ { source = "${pkgs.xen}/etc/xen/xl.conf"; + [ { source = "${cfg.package}/etc/xen/xl.conf"; target = "xen/xl.conf"; } - { source = "${pkgs.xen}/etc/xen/scripts"; + { source = "${cfg.package}/etc/xen/scripts"; target = "xen/scripts"; } - { source = "${pkgs.xen}/etc/default/xendomains"; + { source = "${cfg.package}/etc/default/xendomains"; target = "default/xendomains"; } ]; # Xen provides udev rules. - services.udev.packages = [ pkgs.xen ]; + services.udev.packages = [ cfg.package ]; services.udev.path = [ pkgs.bridge-utils pkgs.iproute ]; @@ -217,7 +247,7 @@ in time=0 timeout=30 # Wait for xenstored to actually come up, timing out after 30 seconds - while [ $time -lt $timeout ] && ! `${pkgs.xen}/bin/xenstore-read -s / >/dev/null 2>&1` ; do + while [ $time -lt $timeout ] && ! `${cfg.package}/bin/xenstore-read -s / >/dev/null 2>&1` ; do time=$(($time+1)) sleep 1 done @@ -228,8 +258,8 @@ in exit 1 fi - ${pkgs.xen}/bin/xenstore-write "/local/domain/0/name" "Domain-0" - ${pkgs.xen}/bin/xenstore-write "/local/domain/0/domid" 0 + ${cfg.package}/bin/xenstore-write "/local/domain/0/name" "Domain-0" + ${cfg.package}/bin/xenstore-write "/local/domain/0/domid" 0 ''; }; @@ -256,7 +286,7 @@ in ''; serviceConfig = { ExecStart = '' - ${pkgs.xen}/bin/xenconsoled${optionalString cfg.trace " --log=all --log-dir=/var/log/xen"} + ${cfg.package}/bin/xenconsoled${optionalString cfg.trace " --log=all --log-dir=/var/log/xen"} ''; }; }; @@ -267,8 +297,8 @@ in wantedBy = [ "multi-user.target" ]; after = [ "xen-console.service" ]; serviceConfig.ExecStart = '' - ${pkgs.xen}/lib/xen/bin/qemu-system-i386 -xen-domid 0 -xen-attach -name dom0 -nographic -M xenpv \ - -monitor /dev/null -serial /dev/null -parallel /dev/null + ${cfg.qemu} -xen-attach -xen-domid 0 -name dom0 -M xenpv \ + -nographic -monitor /dev/null -serial /dev/null -parallel /dev/null ''; }; @@ -277,7 +307,7 @@ in description = "Xen Watchdog Daemon"; wantedBy = [ "multi-user.target" ]; after = [ "xen-qemu.service" ]; - serviceConfig.ExecStart = "${pkgs.xen}/bin/xenwatchdogd 30 15"; + serviceConfig.ExecStart = "${cfg.package}/bin/xenwatchdogd 30 15"; serviceConfig.Type = "forking"; serviceConfig.RestartSec = "1"; serviceConfig.Restart = "on-failure"; @@ -366,11 +396,11 @@ in before = [ "dhcpd.service" ]; restartIfChanged = false; serviceConfig.RemainAfterExit = "yes"; - path = [ pkgs.xen ]; - environment.XENDOM_CONFIG = "${pkgs.xen}/etc/sysconfig/xendomains"; + path = [ cfg.package cfg.qemu-package ]; + environment.XENDOM_CONFIG = "${cfg.package}/etc/sysconfig/xendomains"; preStart = "mkdir -p /var/lock/subsys -m 755"; - serviceConfig.ExecStart = "${pkgs.xen}/etc/init.d/xendomains start"; - serviceConfig.ExecStop = "${pkgs.xen}/etc/init.d/xendomains stop"; + serviceConfig.ExecStart = "${cfg.package}/etc/init.d/xendomains start"; + serviceConfig.ExecStop = "${cfg.package}/etc/init.d/xendomains stop"; }; }; diff --git a/nixos/tests/buildbot.nix b/nixos/tests/buildbot.nix new file mode 100644 index 000000000000..13a162e6c6e8 --- /dev/null +++ b/nixos/tests/buildbot.nix @@ -0,0 +1,46 @@ +# Test ensures buildbot master comes up correctly and workers can connect + +import ./make-test.nix ({ pkgs, ... } : { + name = "buildbot"; + + nodes = { + bbmaster = { config, pkgs, nodes, ... }: { + services.buildbot-master = { + enable = true; + factorySteps = [ + "steps.Git(repourl='git://github.com/buildbot/pyflakes.git', mode='incremental')" + "steps.ShellCommand(command=['trial', 'pyflakes'])" + ]; + changeSource = [ + "changes.GitPoller('git://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)" + ]; + }; + networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + }; + + bbworker = { config, pkgs, ... }: { + services.buildbot-worker = { + enable = true; + masterUrl = "bbmaster:9989"; + }; + }; + }; + + testScript = '' + + $bbmaster->waitForUnit("network.target"); + $bbworker->waitForUnit("network.target"); + + # Additional tests to be added + #$bbmaster->waitForUnit("buildbot-master.service"); + #$bbmaster->waitUntilSucceeds("curl -s --head http://bbmaster:8010") =~ /200 OK/ or die; + #$bbworker->waitForUnit("buildbot-worker.service"); + #$bbworker->waitUntilSucceeds("tail -10 /home/bbworker/worker/twistd.log") =~ /success/ or die; + + ''; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nand0p ]; + }; + +}) diff --git a/nixos/tests/leaps.nix b/nixos/tests/leaps.nix index 3c390e1a1691..6163fed56b6f 100644 --- a/nixos/tests/leaps.nix +++ b/nixos/tests/leaps.nix @@ -24,6 +24,7 @@ import ./make-test.nix ({ pkgs, ... }: '' startAll; $server->waitForOpenPort(6666); - $client->succeed("curl http://server:6666/leaps/ | grep -i 'leaps'"); + $client->waitForUnit("network.target"); + $client->succeed("${pkgs.curl}/bin/curl http://server:6666/leaps/ | grep -i 'leaps'"); ''; }) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 17b04c8db151..6a7e628d8ef1 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -1,4 +1,6 @@ -{ system ? builtins.currentSystem, networkd }: +{ system ? builtins.currentSystem +# bool: whether to use networkd in the tests +, networkd }: with import ../lib/testing.nix { inherit system; }; with pkgs.lib; |