diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2017-08-25 19:39:41 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2017-08-25 19:39:41 +0200 |
commit | 665d3939192e8c44207dcb1ee95f25addd4c3d38 (patch) | |
tree | e0f42905fbb0e28d963a4a23d01b88a3fba3701f /nixos | |
parent | 656e14f64fa48222907dd631d68c600f18f126d7 (diff) | |
parent | 58c0d63100244211f5a898d5c26a76aca038698c (diff) | |
download | nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.tar nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.tar.gz nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.tar.bz2 nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.tar.lz nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.tar.xz nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.tar.zst nixlib-665d3939192e8c44207dcb1ee95f25addd4c3d38.zip |
Merge remote-tracking branch 'upstream/master' into HEAD
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1709.xml | 8 | ||||
-rw-r--r-- | nixos/modules/programs/oblogout.nix | 16 | ||||
-rw-r--r-- | nixos/modules/programs/zsh/zsh.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/hardware/tlp.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/firefox/sync-server.nix | 52 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/caddy.nix | 14 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/maxx.nix | 25 | ||||
-rw-r--r-- | nixos/modules/virtualisation/containers.nix | 1 |
9 files changed, 118 insertions, 12 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index 0cd9e9571882..fc7fd49907ea 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -154,6 +154,14 @@ rmdir /var/lib/ipfs/.ipfs variables as parameters. </para> </listitem> + <listitem> + <para> + <literal>services.firefox.syncserver</literal> now runs by default as a + non-root user. To accomodate this change, the default sqlite database + location has also been changed. Migration should work automatically. + Refer to the description of the options for more details. + </para> + </listitem> </itemizedlist> <para>Other notable improvements:</para> diff --git a/nixos/modules/programs/oblogout.nix b/nixos/modules/programs/oblogout.nix index 79a8ddb7ce37..720c29b1eaee 100644 --- a/nixos/modules/programs/oblogout.nix +++ b/nixos/modules/programs/oblogout.nix @@ -27,6 +27,7 @@ in type = types.int; default = 70; description = '' + Opacity percentage of Cairo rendered backgrounds. ''; }; @@ -34,6 +35,7 @@ in type = types.str; default = "black"; description = '' + Colour name or hex code (#ffffff) of the background color. ''; }; @@ -41,6 +43,9 @@ in type = types.str; default = "simplistic"; description = '' + Icon theme for the buttons, must be in the themes folder of + the package, or in + <filename>~/.themes/<name>/oblogout/</filename>. ''; }; @@ -48,6 +53,7 @@ in type = types.str; default = "cancel, logout, restart, shutdown, suspend, hibernate"; description = '' + List and order of buttons to show. ''; }; @@ -55,6 +61,7 @@ in type = types.str; default = "Escape"; description = '' + Cancel logout/shutdown shortcut. ''; }; @@ -62,6 +69,7 @@ in type = types.str; default = "S"; description = '' + Shutdown shortcut. ''; }; @@ -69,6 +77,7 @@ in type = types.str; default = "R"; description = '' + Restart shortcut. ''; }; @@ -76,6 +85,7 @@ in type = types.str; default = "U"; description = '' + Suspend shortcut. ''; }; @@ -83,6 +93,7 @@ in type = types.str; default = "L"; description = '' + Logout shortcut. ''; }; @@ -90,6 +101,7 @@ in type = types.str; default = "K"; description = '' + Lock session shortcut. ''; }; @@ -97,6 +109,7 @@ in type = types.str; default = "H"; description = '' + Hibernate shortcut. ''; }; @@ -104,6 +117,7 @@ in type = types.str; default = "openbox --exit"; description = '' + Command to logout. ''; }; @@ -111,6 +125,7 @@ in type = types.str; default = ""; description = '' + Command to lock screen. ''; }; @@ -118,6 +133,7 @@ in type = types.str; default = ""; description = '' + Command to switch user. ''; }; }; diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix index a055291282c9..ee61e2d2382c 100644 --- a/nixos/modules/programs/zsh/zsh.nix +++ b/nixos/modules/programs/zsh/zsh.nix @@ -158,6 +158,11 @@ in HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help" + # Tell zsh how to find installed completions + for p in ''${(z)NIX_PROFILES}; do + fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) + done + ${optionalString cfg.enableCompletion "autoload -U compinit && compinit"} ${optionalString (cfg.enableAutosuggestions) @@ -172,11 +177,6 @@ in ${cfg.promptInit} - # Tell zsh how to find installed completions - for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) - done - # Read system-wide modifications. if test -f /etc/zshrc.local; then . /etc/zshrc.local diff --git a/nixos/modules/services/hardware/tlp.nix b/nixos/modules/services/hardware/tlp.nix index 3b108c87edd2..68425822a884 100644 --- a/nixos/modules/services/hardware/tlp.nix +++ b/nixos/modules/services/hardware/tlp.nix @@ -57,6 +57,8 @@ in powerManagement.scsiLinkPolicy = null; powerManagement.cpuFreqGovernor = null; + systemd.sockets."systemd-rfkill".enable = false; + systemd.services = { "systemd-rfkill@".enable = false; "systemd-rfkill".enable = false; diff --git a/nixos/modules/services/networking/firefox/sync-server.nix b/nixos/modules/services/networking/firefox/sync-server.nix index c1a14931429a..a9f3fd65d76b 100644 --- a/nixos/modules/services/networking/firefox/sync-server.nix +++ b/nixos/modules/services/networking/firefox/sync-server.nix @@ -4,6 +4,10 @@ with lib; let cfg = config.services.firefox.syncserver; + + defaultDbLocation = "/var/db/firefox-sync-server/firefox-sync-server.db"; + defaultSqlUri = "sqlite:///${defaultDbLocation}"; + syncServerIni = pkgs.writeText "syncserver.ini" '' [DEFAULT] overrides = ${cfg.privateConfig} @@ -25,6 +29,7 @@ let backend = tokenserver.verifiers.LocalVerifier audiences = ${removeSuffix "/" cfg.publicUrl} ''; + in { @@ -65,6 +70,18 @@ in ''; }; + user = mkOption { + type = types.str; + default = "syncserver"; + description = "User account under which syncserver runs."; + }; + + group = mkOption { + type = types.str; + default = "syncserver"; + description = "Group account under which syncserver runs."; + }; + publicUrl = mkOption { type = types.str; default = "http://localhost:5000/"; @@ -85,7 +102,7 @@ in sqlUri = mkOption { type = types.str; - default = "sqlite:////var/db/firefox-sync-server.db"; + default = defaultSqlUri; example = "postgresql://scott:tiger@localhost/test"; description = '' The location of the database. This URL is composed of @@ -126,16 +143,45 @@ in description = "Firefox Sync Server"; wantedBy = [ "multi-user.target" ]; path = [ pkgs.coreutils syncServerEnv ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = true; + }; + preStart = '' if ! test -e ${cfg.privateConfig}; then - umask u=rwx,g=x,o=x - mkdir -p $(dirname ${cfg.privateConfig}) + mkdir -m 700 -p $(dirname ${cfg.privateConfig}) echo > ${cfg.privateConfig} '[syncserver]' echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')" fi + chown ${cfg.user}:${cfg.group} ${cfg.privateConfig} + '' + optionalString (cfg.sqlUri == defaultSqlUri) '' + if ! test -e $(dirname ${defaultDbLocation}); then + mkdir -m 700 -p $(dirname ${defaultDbLocation}) + chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation}) + fi + # Move previous database file if it exists + oldDb="/var/db/firefox-sync-server.db" + if test -f $oldDb; then + mv $oldDb ${defaultDbLocation} + chown ${cfg.user}:${cfg.group} ${defaultDbLocation} + fi ''; serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}"; }; + users.extraUsers = optionalAttrs (cfg.user == "syncserver") + (singleton { + name = "syncserver"; + group = cfg.group; + isSystemUser = true; + }); + + users.extraGroups = optionalAttrs (cfg.group == "syncserver") + (singleton { + name = "syncserver"; + }); }; } diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index ee32a1c86d4d..d8efa24bc6d5 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -5,12 +5,22 @@ with lib; let cfg = config.services.caddy; configFile = pkgs.writeText "Caddyfile" cfg.config; -in -{ +in { options.services.caddy = { enable = mkEnableOption "Caddy web server"; config = mkOption { + default = ""; + example = '' + example.com { + gzip + minify + log syslog + + root /srv/http + } + ''; + type = types.lines; description = "Verbatim Caddyfile to use"; }; diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix index c207aab5de0a..4b57d9641f50 100644 --- a/nixos/modules/services/x11/desktop-managers/default.nix +++ b/nixos/modules/services/x11/desktop-managers/default.nix @@ -19,7 +19,7 @@ in # E.g., if Plasma 5 is enabled, it supersedes xterm. imports = [ ./none.nix ./xterm.nix ./xfce.nix ./plasma5.nix ./lumina.nix - ./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix + ./lxqt.nix ./enlightenment.nix ./gnome3.nix ./kodi.nix ./maxx.nix ]; options = { diff --git a/nixos/modules/services/x11/desktop-managers/maxx.nix b/nixos/modules/services/x11/desktop-managers/maxx.nix new file mode 100644 index 000000000000..d7bd2fc5eb0c --- /dev/null +++ b/nixos/modules/services/x11/desktop-managers/maxx.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + xcfg = config.services.xserver; + cfg = xcfg.desktopManager.maxx; +in { + options.services.xserver.desktopManager.maxx = { + enable = mkEnableOption "MaXX desktop environment"; + }; + + config = mkIf (xcfg.enable && cfg.enable) { + environment.systemPackages = [ pkgs.maxx ]; + + services.xserver.desktopManager.session = [ + { name = "MaXX"; + start = '' + exec ${pkgs.maxx}/opt/MaXX/etc/skel/Xsession.dt + ''; + }]; + }; + + meta.maintainers = [ maintainers.gnidorah ]; +} diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 6adb2c1681a2..001c6473a98e 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -120,7 +120,6 @@ let # Run systemd-nspawn without startup notification (we'll # wait for the container systemd to signal readiness). - EXIT_ON_REBOOT=1 \ exec ${config.systemd.package}/bin/systemd-nspawn \ --keep-unit \ -M "$INSTANCE" -D "$root" $extraFlags \ |