diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-08-22 13:47:37 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-08-22 18:22:22 +0000 |
commit | 1b9a13c4689af7e088eb7af5589f8c811282846a (patch) | |
tree | 3ed032953008280fb94ef894c869ff3e2a2f7865 /nixpkgs/nixos/modules/services | |
parent | 4999a38db7c5de0ea9f514a12ecd4133cce647f3 (diff) | |
parent | 1412af4b2cfae71d447164097d960d426e9752c0 (diff) | |
download | nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.tar nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.tar.gz nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.tar.bz2 nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.tar.lz nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.tar.xz nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.tar.zst nixlib-1b9a13c4689af7e088eb7af5589f8c811282846a.zip |
Merge remote-tracking branch 'channels/nixos-unstable'
Diffstat (limited to 'nixpkgs/nixos/modules/services')
36 files changed, 236 insertions, 57 deletions
diff --git a/nixpkgs/nixos/modules/services/admin/oxidized.nix b/nixpkgs/nixos/modules/services/admin/oxidized.nix index 687cdfb5ba57..39112c3970d5 100644 --- a/nixpkgs/nixos/modules/services/admin/oxidized.nix +++ b/nixpkgs/nixos/modules/services/admin/oxidized.nix @@ -97,8 +97,8 @@ in preStart = '' mkdir -p ${cfg.dataDir}/.config/oxidized - cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db - cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config + ln -f -s ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db + ln -f -s ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config ''; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix b/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix index b845f370fb70..1884f3536a97 100644 --- a/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix +++ b/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix @@ -41,7 +41,7 @@ in }; config = mkOption { - type = with types; attrsOf (either (either str (either int bool)) (listOf str)); + type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); default = {}; description = '' automysqlbackup configuration. Refer to diff --git a/nixpkgs/nixos/modules/services/databases/memcached.nix b/nixpkgs/nixos/modules/services/databases/memcached.nix index 052ff1f308eb..f9e403dfc0c2 100644 --- a/nixpkgs/nixos/modules/services/databases/memcached.nix +++ b/nixpkgs/nixos/modules/services/databases/memcached.nix @@ -86,7 +86,25 @@ in in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}"; User = cfg.user; + + # Filesystem access + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; RuntimeDirectory = "memcached"; + # Caps + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + # Misc. + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + MemoryDenyWriteExecute = true; }; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/flatpak.nix b/nixpkgs/nixos/modules/services/desktops/flatpak.nix index 1492d855aa03..7fb0024f37dc 100644 --- a/nixpkgs/nixos/modules/services/desktops/flatpak.nix +++ b/nixpkgs/nixos/modules/services/desktops/flatpak.nix @@ -38,5 +38,16 @@ in { "$HOME/.local/share/flatpak/exports" "/var/lib/flatpak/exports" ]; + + # It has been possible since https://github.com/flatpak/flatpak/releases/tag/1.3.2 + # to build a SELinux policy module. + + users.users.flatpak = { + description = "Flatpak system helper"; + group = "flatpak"; + isSystemUser = true; + }; + + users.groups.flatpak = { }; }; } diff --git a/nixpkgs/nixos/modules/services/editors/emacs.xml b/nixpkgs/nixos/modules/services/editors/emacs.xml index a3041ae22e78..acd69f18376c 100644 --- a/nixpkgs/nixos/modules/services/editors/emacs.xml +++ b/nixpkgs/nixos/modules/services/editors/emacs.xml @@ -552,7 +552,7 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal <xref linkend="opt-environment.systemPackages"/> (<link linkend="sec-declarative-package-mgmt">NixOS</link>), or run - <literal>nix-env -i pkgs.docbook5</literal> + <literal>nix-env -f '<nixpkgs>' -iA docbook5</literal> (<link linkend="sec-ad-hoc-packages">Nix</link>). </para> diff --git a/nixpkgs/nixos/modules/services/games/minecraft-server.nix b/nixpkgs/nixos/modules/services/games/minecraft-server.nix index 39a68f4b5536..eb9288fca586 100644 --- a/nixpkgs/nixos/modules/services/games/minecraft-server.nix +++ b/nixpkgs/nixos/modules/services/games/minecraft-server.nix @@ -118,7 +118,7 @@ in { }; serverProperties = mkOption { - type = with types; attrsOf (either bool (either int str)); + type = with types; attrsOf (oneOf [ bool int str ]); default = {}; example = literalExample '' { diff --git a/nixpkgs/nixos/modules/services/mail/davmail.nix b/nixpkgs/nixos/modules/services/mail/davmail.nix index 5b5cc294e5c7..374a3dd75c1c 100644 --- a/nixpkgs/nixos/modules/services/mail/davmail.nix +++ b/nixpkgs/nixos/modules/services/mail/davmail.nix @@ -7,7 +7,7 @@ let cfg = config.services.davmail; configType = with types; - either (either (attrsOf configType) str) (either int bool) // { + oneOf [ (attrsOf configType) str int bool ] // { description = "davmail config type (str, int, bool or attribute set thereof)"; }; diff --git a/nixpkgs/nixos/modules/services/mail/postfix.nix b/nixpkgs/nixos/modules/services/mail/postfix.nix index dab1b29aa4be..2b08ab1e6aa6 100644 --- a/nixpkgs/nixos/modules/services/mail/postfix.nix +++ b/nixpkgs/nixos/modules/services/mail/postfix.nix @@ -447,7 +447,7 @@ in }; config = mkOption { - type = with types; attrsOf (either bool (either str (listOf str))); + type = with types; attrsOf (oneOf [ bool str (listOf str) ]); description = '' The main.cf configuration file as key value set. ''; diff --git a/nixpkgs/nixos/modules/services/mail/rspamd.nix b/nixpkgs/nixos/modules/services/mail/rspamd.nix index 5541b8b79b7e..e59d5715de05 100644 --- a/nixpkgs/nixos/modules/services/mail/rspamd.nix +++ b/nixpkgs/nixos/modules/services/mail/rspamd.nix @@ -331,7 +331,7 @@ in }; config = mkOption { - type = with types; attrsOf (either bool (either str (listOf str))); + type = with types; attrsOf (oneOf [ bool str (listOf str) ]); description = '' Addon to postfix configuration ''; diff --git a/nixpkgs/nixos/modules/services/mail/rss2email.nix b/nixpkgs/nixos/modules/services/mail/rss2email.nix index a123736005ab..df454abc8267 100644 --- a/nixpkgs/nixos/modules/services/mail/rss2email.nix +++ b/nixpkgs/nixos/modules/services/mail/rss2email.nix @@ -30,7 +30,7 @@ in { }; config = mkOption { - type = with types; attrsOf (either str (either int bool)); + type = with types; attrsOf (oneOf [ str int bool ]); default = {}; description = '' The configuration to give rss2email. diff --git a/nixpkgs/nixos/modules/services/misc/gitlab.nix b/nixpkgs/nixos/modules/services/misc/gitlab.nix index 087630f21776..09c3a89d6a68 100644 --- a/nixpkgs/nixos/modules/services/misc/gitlab.nix +++ b/nixpkgs/nixos/modules/services/misc/gitlab.nix @@ -659,7 +659,7 @@ in { fi # We remove potentially broken links to old gitlab-shell versions - rm -f ${cfg.statePath}/repositories/**/*.git/hooks + rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${pkgs.git}/bin/git config --global core.autocrlf "input" ''; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix index 00c8e7408030..3eb649b08a2f 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix @@ -684,7 +684,7 @@ in { fi ''; serviceConfig = { - Type = "simple"; + Type = "notify"; User = "matrix-synapse"; Group = "matrix-synapse"; WorkingDirectory = cfg.dataDir; diff --git a/nixpkgs/nixos/modules/services/misc/metabase.nix b/nixpkgs/nixos/modules/services/misc/metabase.nix new file mode 100644 index 000000000000..e78100a046a2 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/metabase.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.metabase; + + inherit (lib) mkEnableOption mkIf mkOption; + inherit (lib) optional optionalAttrs types; + + dataDir = "/var/lib/metabase"; + +in { + + options = { + + services.metabase = { + enable = mkEnableOption "Metabase service"; + + listen = { + ip = mkOption { + type = types.str; + default = "0.0.0.0"; + description = '' + IP address that Metabase should listen on. + ''; + }; + + port = mkOption { + type = types.port; + default = 3000; + description = '' + Listen port for Metabase. + ''; + }; + }; + + ssl = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable SSL (https) support. + ''; + }; + + port = mkOption { + type = types.port; + default = 8443; + description = '' + Listen port over SSL (https) for Metabase. + ''; + }; + + keystore = mkOption { + type = types.nullOr types.path; + default = "${dataDir}/metabase.jks"; + example = "/etc/secrets/keystore.jks"; + description = '' + <link xlink:href="https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores">Java KeyStore</link> file containing the certificates. + ''; + }; + + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open ports in the firewall for Metabase. + ''; + }; + }; + + }; + + config = mkIf cfg.enable { + + systemd.services.metabase = { + description = "Metabase server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + environment = { + MB_PLUGINS_DIR = "${dataDir}/plugins"; + MB_DB_FILE = "${dataDir}/metabase.db"; + MB_JETTY_HOST = cfg.listen.ip; + MB_JETTY_PORT = toString cfg.listen.port; + } // optionalAttrs (cfg.ssl.enable) { + MB_JETTY_SSL = true; + MB_JETTY_SSL_PORT = toString cfg.ssl.port; + MB_JETTY_SSL_KEYSTORE = cfg.ssl.keystore; + }; + serviceConfig = { + DynamicUser = true; + StateDirectory = baseNameOf dataDir; + ExecStart = "${pkgs.metabase}/bin/metabase"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.listen.port ] ++ optional cfg.ssl.enable cfg.ssl.port; + }; + + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix b/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix index 6ca420a05b23..695a8c42e85e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix +++ b/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix @@ -84,6 +84,16 @@ in { type = types.bool; description = "Cadvisor storage driver, enable secure communication."; }; + + extraOptions = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Additional cadvisor options. + + See <link xlink:href='https://github.com/google/cadvisor/blob/master/docs/runtime_options.md'/> for available options. + ''; + }; }; }; @@ -112,6 +122,7 @@ in { -logtostderr=true \ -listen_ip="${cfg.listenAddress}" \ -port="${toString cfg.port}" \ + ${escapeShellArgs cfg.extraOptions} \ ${optionalString (cfg.storageDriver != null) '' -storage_driver "${cfg.storageDriver}" \ -storage_driver_user "${cfg.storageDriverHost}" \ diff --git a/nixpkgs/nixos/modules/services/monitoring/loki.nix b/nixpkgs/nixos/modules/services/monitoring/loki.nix index 4d11360d07e9..f4eec7e0d284 100644 --- a/nixpkgs/nixos/modules/services/monitoring/loki.nix +++ b/nixpkgs/nixos/modules/services/monitoring/loki.nix @@ -103,7 +103,7 @@ in { PrivateTmp = true; ProtectHome = true; ProtectSystem = "full"; - DecvicePolicy = "closed"; + DevicePolicy = "closed"; NoNewPrivileges = true; WorkingDirectory = cfg.dataDir; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix b/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix index 9c400a1e3e46..2b647b6b1ade 100644 --- a/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix +++ b/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix @@ -11,7 +11,7 @@ let healthLauncher = writeScriptBin "riemann-health" '' #!/bin/sh - exec ${pkgs.riemann-tools}/bin/riemann-health --host ${riemannHost} + exec ${pkgs.riemann-tools}/bin/riemann-health ${builtins.concatStringsSep " " cfg.extraArgs} --host ${riemannHost} ''; @@ -34,8 +34,16 @@ in { Address of the host riemann node. Defaults to localhost. ''; }; + extraArgs = mkOption { + type = types.listOf types.string; + default = []; + description = '' + A list of commandline-switches forwarded to a riemann-tool. + See for example `riemann-health --help` for available options. + ''; + example = ["-p 5555" "--timeout=30" "--attribute=myattribute=42"]; + }; }; - }; config = mkIf cfg.enableHealth { diff --git a/nixpkgs/nixos/modules/services/monitoring/ups.nix b/nixpkgs/nixos/modules/services/monitoring/ups.nix index bc755612fd9b..429b40227d47 100644 --- a/nixpkgs/nixos/modules/services/monitoring/ups.nix +++ b/nixpkgs/nixos/modules/services/monitoring/ups.nix @@ -225,7 +225,7 @@ in '' maxstartdelay = ${toString cfg.maxStartDelay} - ${flip concatStringsSep (flip map (attrValues cfg.ups) (ups: ups.summary)) " + ${flip concatStringsSep (forEach (attrValues cfg.ups) (ups: ups.summary)) " "} ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix index 9cfcd1697c11..90abed30db5d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix @@ -120,7 +120,8 @@ in name = mkOption { type = types.str; - default = "zabbix"; + default = if cfg.database.type == "sqlite" then "${stateDir}/zabbix.db" else "zabbix"; + defaultText = "zabbix"; description = "Database name."; }; @@ -261,17 +262,17 @@ in preStart = optionalString pgsqlLocal '' if ! test -e "${stateDir}/db-created"; then cat ${cfg.package}/share/zabbix/database/postgresql/schema.sql | ${pgsql.package}/bin/psql ${cfg.database.name} - cat ${cfg.package}/share/zabbix/database/postgresql/images.sql | ${pgsql.package}/bin/psql ${cfg.database.name} - cat ${cfg.package}/share/zabbix/database/postgresql/data.sql | ${pgsql.package}/bin/psql ${cfg.database.name} touch "${stateDir}/db-created" fi '' + optionalString mysqlLocal '' if ! test -e "${stateDir}/db-created"; then cat ${cfg.package}/share/zabbix/database/mysql/schema.sql | ${mysql.package}/bin/mysql ${cfg.database.name} - cat ${cfg.package}/share/zabbix/database/mysql/images.sql | ${mysql.package}/bin/mysql ${cfg.database.name} - cat ${cfg.package}/share/zabbix/database/mysql/data.sql | ${mysql.package}/bin/mysql ${cfg.database.name} touch "${stateDir}/db-created" fi + '' + optionalString (cfg.database.type == "sqlite") '' + if ! test -e "${cfg.database.name}"; then + ${pkgs.sqlite}/bin/sqlite3 "${cfg.database.name}" < ${cfg.package}/share/zabbix/database/sqlite3/schema.sql + fi '' + optionalString (cfg.database.passwordFile != null) '' # create a copy of the supplied password file in a format zabbix can consume touch ${passwordFile} diff --git a/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix index f19bf9d81396..bbbfcf6a4738 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix @@ -208,9 +208,9 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ wrapped ]; - environment.etc."fuse.conf" = mkIf cfg.autoMount { text = '' - user_allow_other - ''; }; + programs.fuse = mkIf cfg.autoMount { + userAllowOther = true; + }; users.users = mkIf (cfg.user == "ipfs") { ipfs = { diff --git a/nixpkgs/nixos/modules/services/networking/cjdns.nix b/nixpkgs/nixos/modules/services/networking/cjdns.nix index c40962f4aa82..3fb85b16cbe2 100644 --- a/nixpkgs/nixos/modules/services/networking/cjdns.nix +++ b/nixpkgs/nixos/modules/services/networking/cjdns.nix @@ -44,9 +44,7 @@ let parseModules = x: x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; - # would be nice to merge 'cfg' with a //, - # but the json nesting is wacky. - cjdrouteConf = builtins.toJSON ( { + cjdrouteConf = builtins.toJSON ( recursiveUpdate { admin = { bind = cfg.admin.bind; password = "@CJDNS_ADMIN_PASSWORD@"; @@ -71,7 +69,7 @@ let security = [ { exemptAngel = 1; setuser = "nobody"; } ]; - }); + } cfg.extraConfig); in @@ -91,6 +89,16 @@ in ''; }; + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { router.interface.tunDevice = "tun10"; }; + description = '' + Extra configuration, given as attrs, that will be merged recursively + with the rest of the JSON generated by this module, at the root node. + ''; + }; + confFile = mkOption { type = types.nullOr types.path; default = null; @@ -246,7 +254,10 @@ in if cfg.confFile != null then "${pkg}/bin/cjdroute < ${cfg.confFile}" else '' source /etc/cjdns.keys - echo '${cjdrouteConf}' | sed \ + (cat <<'EOF' + ${cjdrouteConf} + EOF + ) | sed \ -e "s/@CJDNS_ADMIN_PASSWORD@/$CJDNS_ADMIN_PASSWORD/g" \ -e "s/@CJDNS_PRIVATE_KEY@/$CJDNS_PRIVATE_KEY/g" \ | ${pkg}/bin/cjdroute diff --git a/nixpkgs/nixos/modules/services/networking/consul.nix b/nixpkgs/nixos/modules/services/networking/consul.nix index 3a92a883fbf8..f080f12eaccd 100644 --- a/nixpkgs/nixos/modules/services/networking/consul.nix +++ b/nixpkgs/nixos/modules/services/networking/consul.nix @@ -15,7 +15,7 @@ let ++ cfg.extraConfigFiles; devices = attrValues (filterAttrs (_: i: i != null) cfg.interface); - systemdDevices = flip map devices + systemdDevices = forEach devices (i: "sys-subsystem-net-devices-${utils.escapeSystemdPath i}.device"); in { diff --git a/nixpkgs/nixos/modules/services/networking/hylafax/systemd.nix b/nixpkgs/nixos/modules/services/networking/hylafax/systemd.nix index ef177e4be345..0c6602e7f8ab 100644 --- a/nixpkgs/nixos/modules/services/networking/hylafax/systemd.nix +++ b/nixpkgs/nixos/modules/services/networking/hylafax/systemd.nix @@ -7,7 +7,7 @@ let inherit (lib) concatStringsSep optionalString; cfg = config.services.hylafax; - mapModems = lib.flip map (lib.attrValues cfg.modems); + mapModems = lib.forEach (lib.attrValues cfg.modems); mkConfigFile = name: conf: # creates hylafax config file, diff --git a/nixpkgs/nixos/modules/services/networking/shadowsocks.nix b/nixpkgs/nixos/modules/services/networking/shadowsocks.nix index fe6d65a5f963..af12db590f00 100644 --- a/nixpkgs/nixos/modules/services/networking/shadowsocks.nix +++ b/nixpkgs/nixos/modules/services/networking/shadowsocks.nix @@ -35,10 +35,10 @@ in }; localAddress = mkOption { - type = types.str; - default = "0.0.0.0"; + type = types.coercedTo types.str singleton (types.listOf types.str); + default = [ "[::0]" "0.0.0.0" ]; description = '' - Local address to which the server binds. + Local addresses to which the server binds. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix index 0f9d2420903b..91fc7d72bc6d 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix @@ -502,7 +502,7 @@ in assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; message = "cannot enable X11 forwarding without setting xauth location";}] - ++ flip map cfg.listenAddresses ({ addr, ... }: { + ++ forEach cfg.listenAddresses ({ addr, ... }: { assertion = addr != null; message = "addr must be specified in each listenAddresses entry"; }); diff --git a/nixpkgs/nixos/modules/services/networking/znc/default.nix b/nixpkgs/nixos/modules/services/networking/znc/default.nix index 46bff6954cdd..05f97bfa539f 100644 --- a/nixpkgs/nixos/modules/services/networking/znc/default.nix +++ b/nixpkgs/nixos/modules/services/networking/znc/default.nix @@ -62,9 +62,9 @@ let concatStringsSep "\n" (toLines cfg.config); semanticTypes = with types; rec { - zncAtom = nullOr (either (either int bool) str); + zncAtom = nullOr (oneOf [ int bool str ]); zncAttr = attrsOf (nullOr zncConf); - zncAll = either (either zncAtom (listOf zncAtom)) zncAttr; + zncAll = oneOf [ zncAtom (listOf zncAtom) zncAttr ]; zncConf = attrsOf (zncAll // { # Since this is a recursive type and the description by default contains # the description of its subtypes, infinite recursion would occur without diff --git a/nixpkgs/nixos/modules/services/printing/cupsd.nix b/nixpkgs/nixos/modules/services/printing/cupsd.nix index 86b0c8d69beb..42c1b9482cb2 100644 --- a/nixpkgs/nixos/modules/services/printing/cupsd.nix +++ b/nixpkgs/nixos/modules/services/printing/cupsd.nix @@ -127,7 +127,7 @@ in startWhenNeeded = mkOption { type = types.bool; - default = false; + default = true; description = '' If set, CUPS is socket-activated; that is, instead of having it permanently running as a daemon, @@ -296,11 +296,16 @@ in # gets loaded, and then cups cannot access the printers. boot.blacklistedKernelModules = [ "usblp" ]; + # Some programs like print-manager rely on this value to get + # printer test pages. + environment.sessionVariables.CUPS_DATADIR = "${bindir}/share/cups"; + systemd.packages = [ cups.out ]; systemd.sockets.cups = mkIf cfg.startWhenNeeded { wantedBy = [ "sockets.target" ]; - listenStreams = map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses; + listenStreams = [ "/run/cups/cups.sock" ] + ++ map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses; }; systemd.services.cups = @@ -362,10 +367,10 @@ in { description = "CUPS Remote Printer Discovery"; wantedBy = [ "multi-user.target" ]; - wants = [ "cups.service" "avahi-daemon.service" ]; - bindsTo = [ "cups.service" "avahi-daemon.service" ]; - partOf = [ "cups.service" "avahi-daemon.service" ]; - after = [ "cups.service" "avahi-daemon.service" ]; + wants = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service"; + bindsTo = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service"; + partOf = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service"; + after = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service"; path = [ cups ]; @@ -421,4 +426,7 @@ in security.pam.services.cups = {}; }; + + meta.maintainers = with lib.maintainers; [ matthewbauer ]; + } diff --git a/nixpkgs/nixos/modules/services/search/elasticsearch.nix b/nixpkgs/nixos/modules/services/search/elasticsearch.nix index 6b688c640d59..91d8f544e16b 100644 --- a/nixpkgs/nixos/modules/services/search/elasticsearch.nix +++ b/nixpkgs/nixos/modules/services/search/elasticsearch.nix @@ -131,6 +131,7 @@ in { description = "Extra elasticsearch plugins"; default = []; type = types.listOf types.package; + example = lib.literalExample "[ pkgs.elasticsearchPlugins.discovery-ec2 ]"; }; }; diff --git a/nixpkgs/nixos/modules/services/security/bitwarden_rs/default.nix b/nixpkgs/nixos/modules/services/security/bitwarden_rs/default.nix index bb036ee020f4..80fd65891ff8 100644 --- a/nixpkgs/nixos/modules/services/security/bitwarden_rs/default.nix +++ b/nixpkgs/nixos/modules/services/security/bitwarden_rs/default.nix @@ -36,7 +36,7 @@ in { }; config = mkOption { - type = attrsOf (nullOr (either (either bool int) str)); + type = attrsOf (nullOr (oneOf [ bool int str ])); default = {}; example = literalExample '' { diff --git a/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix b/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix index 5b2f3875aaa9..84a94fc446e5 100644 --- a/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix @@ -14,7 +14,7 @@ let pkg = pkgs.limesurvey; - configType = with types; either (either (attrsOf configType) str) (either int bool) // { + configType = with types; oneOf [ (attrsOf configType) str int bool ] // { description = "limesurvey config type (str, int, bool or attribute set thereof)"; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix index ea9476a7c915..12200c879beb 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -336,7 +336,7 @@ let ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } ++ concatMap (svc: svc.extraModules) allSubservices ++ extraForeignModules; - in concatMapStrings load allModules + in concatMapStrings load (unique allModules) } AddHandler type-map var diff --git a/nixpkgs/nixos/modules/services/web-servers/caddy.nix b/nixpkgs/nixos/modules/services/web-servers/caddy.nix index d0b936cb019f..6a1db6087840 100644 --- a/nixpkgs/nixos/modules/services/web-servers/caddy.nix +++ b/nixpkgs/nixos/modules/services/web-servers/caddy.nix @@ -70,7 +70,7 @@ in { { CADDYPATH = cfg.dataDir; }; serviceConfig = { ExecStart = '' - ${cfg.package.bin}/bin/caddy -root=/var/tmp -conf=${configFile} \ + ${cfg.package}/bin/caddy -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} ''; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; diff --git a/nixpkgs/nixos/modules/services/x11/compton.nix b/nixpkgs/nixos/modules/services/x11/compton.nix index c02c9bfd94e8..a94a76ff0c0f 100644 --- a/nixpkgs/nixos/modules/services/x11/compton.nix +++ b/nixpkgs/nixos/modules/services/x11/compton.nix @@ -215,7 +215,7 @@ in { }; settings = let - configTypes = with types; either bool (either int (either float str)); + configTypes = with types; oneOf [ bool int float str ]; # types.loaOf converts lists to sets loaOf = t: with types; either (listOf t) (attrsOf t); in mkOption { diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix index 5e1e652a5089..cbfd2d3c2ea2 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -15,12 +15,16 @@ let ''; }; - nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; } + nixos-gsettings-desktop-schemas = let + defaultPackages = with pkgs; [ gsettings-desktop-schemas gnome3.gnome-shell ]; + in + pkgs.runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; } '' mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas - cp -rf ${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas - ${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages} + ${concatMapStrings + (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") + (defaultPackages ++ cfg.extraGSettingsOverridePackages)} chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF @@ -30,6 +34,9 @@ let [org.gnome.desktop.screensaver] picture-uri='${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png' + [org.gnome.shell] + favorite-apps=[ 'org.gnome.Epiphany.desktop', 'evolution.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ] + ${cfg.extraGSettingsOverrides} EOF diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index 8e1272f3c92b..f0cafc377585 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -123,11 +123,9 @@ in ]; services.pantheon.contractor.enable = mkDefault true; services.gnome3.at-spi2-core.enable = true; - services.gnome3.evince.enable = mkDefault true; services.gnome3.evolution-data-server.enable = true; - services.gnome3.file-roller.enable = mkDefault true; - # TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully services.gnome3.glib-networking.enable = true; + # TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-settings-daemon.enable = true; services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon; @@ -140,7 +138,6 @@ in services.xserver.libinput.enable = mkDefault true; services.xserver.updateDbusEnvironment = true; services.zeitgeist.enable = mkDefault true; - services.geoclue2.enable = mkDefault true; # pantheon has pantheon-agent-geoclue2 services.geoclue2.enableDemoAgent = false; @@ -149,6 +146,9 @@ in isSystem = true; }; + programs.evince.enable = mkDefault true; + programs.file-roller.enable = mkDefault true; + networking.networkmanager.enable = mkDefault true; networking.networkmanager.basePackages = { inherit (pkgs) networkmanager modemmanager wpa_supplicant crda; diff --git a/nixpkgs/nixos/modules/services/x11/xautolock.nix b/nixpkgs/nixos/modules/services/x11/xautolock.nix index cbe000058dc6..10eef8aefbcd 100644 --- a/nixpkgs/nixos/modules/services/x11/xautolock.nix +++ b/nixpkgs/nixos/modules/services/x11/xautolock.nix @@ -129,7 +129,7 @@ in assertion = cfg.killer != null -> cfg.killtime >= 10; message = "killtime has to be at least 10 minutes according to `man xautolock`"; } - ] ++ (lib.flip map [ "locker" "notifier" "nowlocker" "killer" ] + ] ++ (lib.forEach [ "locker" "notifier" "nowlocker" "killer" ] (option: { assertion = cfg."${option}" != null -> builtins.substring 0 1 cfg."${option}" == "/"; diff --git a/nixpkgs/nixos/modules/services/x11/xserver.nix b/nixpkgs/nixos/modules/services/x11/xserver.nix index b1a316706976..c94a06438315 100644 --- a/nixpkgs/nixos/modules/services/x11/xserver.nix +++ b/nixpkgs/nixos/modules/services/x11/xserver.nix @@ -78,7 +78,7 @@ let in imap1 mkHead cfg.xrandrHeads; xrandrDeviceSection = let - monitors = flip map xrandrHeads (h: '' + monitors = forEach xrandrHeads (h: '' Option "monitor-${h.config.output}" "${h.name}" ''); # First option is indented through the space in the config but any @@ -714,7 +714,7 @@ in nativeBuildInputs = [ pkgs.xkbvalidate ]; preferLocalBuild = true; } '' - validate "$xkbModel" "$layout" "$xkbVariant" "$xkbOptions" + xkbvalidate "$xkbModel" "$layout" "$xkbVariant" "$xkbOptions" touch "$out" ''); |