diff options
| author | Alyssa Ross <hi@alyssa.is> | 2021-10-19 14:40:23 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2022-01-07 10:22:32 +0000 |
| commit | cc62bcb55359ba8c5e0fe3a48e778444c89060d8 (patch) | |
| tree | ca0e21d44eaf8837b687395e614445f7761d7bbd /nixpkgs/nixos | |
| parent | d6625e8d25efd829c3cfa227d025ca4e606ae4b7 (diff) | |
| parent | a323570a264da96a0b0bcc1c9aa017794acdc752 (diff) | |
| download | nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.tar nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.tar.gz nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.tar.bz2 nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.tar.lz nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.tar.xz nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.tar.zst nixlib-cc62bcb55359ba8c5e0fe3a48e778444c89060d8.zip | |
Merge commit 'a323570a264da96a0b0bcc1c9aa017794acdc752'
Diffstat (limited to 'nixpkgs/nixos')
685 files changed, 7477 insertions, 2920 deletions
diff --git a/nixpkgs/nixos/doc/manual/development/option-declarations.section.md b/nixpkgs/nixos/doc/manual/development/option-declarations.section.md index 819c23684cdf..be56529992ab 100644 --- a/nixpkgs/nixos/doc/manual/development/option-declarations.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-declarations.section.md @@ -38,9 +38,19 @@ The function `mkOption` accepts the following arguments. of the module will have to define the value of the option, otherwise an error will be thrown. +`defaultText` + +: A textual representation of the default value to be rendered verbatim in + the manual. Useful if the default value is a complex expression or depends + on other values or packages. + Use `lib.literalExpression` for a Nix expression, `lib.literalDocBook` for + a plain English description in DocBook format. + `example` : An example value that will be shown in the NixOS manual. + You can use `lib.literalExpression` and `lib.literalDocBook` in the same way + as in `defaultText`. `description` diff --git a/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml b/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml index 85a59a543d14..2845e37659b1 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml @@ -59,11 +59,29 @@ options = { </varlistentry> <varlistentry> <term> + <literal>defaultText</literal> + </term> + <listitem> + <para> + A textual representation of the default value to be rendered + verbatim in the manual. Useful if the default value is a + complex expression or depends on other values or packages. Use + <literal>lib.literalExpression</literal> for a Nix expression, + <literal>lib.literalDocBook</literal> for a plain English + description in DocBook format. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <literal>example</literal> </term> <listitem> <para> - An example value that will be shown in the NixOS manual. + An example value that will be shown in the NixOS manual. You + can use <literal>lib.literalExpression</literal> and + <literal>lib.literalDocBook</literal> in the same way as in + <literal>defaultText</literal>. </para> </listitem> </varlistentry> diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 8af8f1dd6437..f3a5db5fb1c8 100644 --- a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -57,6 +57,11 @@ </listitem> <listitem> <para> + KDE Plasma now finally works on Wayland. + </para> + </listitem> + <listitem> + <para> bash now defaults to major version 5. </para> </listitem> @@ -81,6 +86,13 @@ 6</link> for more details. </para> </listitem> + <listitem> + <para> + GNOME has been upgraded to 41. Please take a look at their + <link xlink:href="https://help.gnome.org/misc/release-notes/41.0/">Release + Notes</link> for details. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-new-services"> @@ -99,7 +111,15 @@ <para> <link xlink:href="https://github.com/xrelkd/clipcat/">clipcat</link>, an X11 clipboard manager written in Rust. Available at - [services.clipcat](options.html#o pt-services.clipcat.enable). + <link xlink:href="options.html#opt-services.clipcat.enable">services.clipcat</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/dexidp/dex">dex</link>, + an OpenID Connect (OIDC) identity and OAuth 2.0 provider. + Available at + <link xlink:href="options.html#opt-services.dex.enable">services.dex</link>. </para> </listitem> <listitem> @@ -263,6 +283,14 @@ </listitem> <listitem> <para> + <link xlink:href="https://wiki.servarr.com/prowlarr">prowlarr</link>, + an indexer manager/proxy built on the popular arr .net/reactjs + base stack + <link linkend="opt-services.prowlarr.enable">services.prowlarr</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a user-friendly IRC bouncer. Available as <link xlink:href="options.html#opt-services.soju.enable">services.soju</link>. @@ -313,6 +341,21 @@ <link linkend="opt-programs.pantheon-tweaks.enable">programs.pantheon-tweaks</link>. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/DanielOgorchock/joycond">joycond</link>, + a service that uses <literal>hid-nintendo</literal> to provide + nintendo joycond pairing and better nintendo switch pro + controller support. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/opensvc/multipath-tools">multipath</link>, + the device mapper multipath (DM-MP) daemon. Available as + <link linkend="opt-services.multipath.enable">services.multipath</link>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-incompatibilities"> @@ -320,6 +363,13 @@ <itemizedlist> <listitem> <para> + The <literal>services.wakeonlan</literal> option was removed, + and replaced with + <literal>networking.interfaces.<name>.wakeOnLan</literal>. + </para> + </listitem> + <listitem> + <para> The <literal>security.wrappers</literal> option now requires to always specify an owner, group and whether the setuid/setgid bit should be set. This is motivated by the fact @@ -994,8 +1044,8 @@ Superuser created successfully. <listitem> <para> The <literal>varnish</literal> package was upgraded from 6.3.x - to 6.5.x. <literal>varnish60</literal> for the last LTS - release is also still available. + to 7.x. <literal>varnish60</literal> for the last LTS release + is also still available. </para> </listitem> <listitem> @@ -1051,6 +1101,33 @@ Superuser created successfully. changelog</link>. </para> </listitem> + <listitem> + <para> + <literal>opencv2</literal> no longer includes the non-free + libraries by default, and consequently + <literal>pfstools</literal> no longer includes OpenCV support + by default. Both packages now support an + <literal>enableUnfree</literal> option to re-enable this + functionality. + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.displayManager.defaultSession = "plasma5"</literal> + does not work anymore, instead use either + <literal>"plasma"</literal> for the Plasma X11 + session or <literal>"plasmawayland"</literal> for + the Plasma Wayland sesison. + </para> + </listitem> + <listitem> + <para> + <literal>boot.kernelParams</literal> now only accepts one + command line parameter per string. This change is aimed to + reduce common mistakes like <quote>param = 12</quote>, which + would be parsed as 3 parameters. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-notable-changes"> @@ -1072,6 +1149,40 @@ Superuser created successfully. </listitem> <listitem> <para> + In NixOS virtual machines (QEMU), the + <literal>virtualisation</literal> module has been updated with + new options to configure: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + IPv4 port forwarding + (<link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>virtualisation.forwardPorts</literal></link>), + </para> + </listitem> + <listitem> + <para> + shared host directories + (<link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>virtualisation.sharedDirectories</literal></link>), + </para> + </listitem> + <listitem> + <para> + screen resolution + (<link xlink:href="options.html#opt-virtualisation.resolution"><literal>virtualisation.resolution</literal></link>). + </para> + </listitem> + </itemizedlist> + <para> + In addition, the default + <link xlink:href="options.html#opt-virtualisation.msize"><literal>msize</literal></link> + parameter in 9P filesystems (including /nix/store and all + shared directories) has been increased to 16K for improved + performance. + </para> + </listitem> + <listitem> + <para> The setting <link xlink:href="options.html#opt-services.openssh.logLevel"><literal>services.openssh.logLevel</literal></link> <literal>"VERBOSE"</literal> @@ -1238,6 +1349,73 @@ Superuser created successfully. <listitem> <para> The + <link xlink:href="options.html#opt-networking.wireless.enable">networking.wireless</link> + module (based on wpa_supplicant) has been heavily reworked, + solving a number of issues and adding useful features: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + The automatic discovery of wireless interfaces at boot has + been made reliable again (issues + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/101963">#101963</link>, + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/23196">#23196</link>). + </para> + </listitem> + <listitem> + <para> + WPA3 and Fast BSS Transition (802.11r) are now enabled by + default for all networks. + </para> + </listitem> + <listitem> + <para> + Secrets like pre-shared keys and passwords can now be + handled safely, meaning without including them in a + world-readable file + (<literal>wpa_supplicant.conf</literal> under /nix/store). + This is achieved by storing the secrets in a secured + <link xlink:href="options.html#opt-networking.wireless.environmentFile">environmentFile</link> + and referring to them though environment variables that + are expanded inside the configuration. + </para> + </listitem> + <listitem> + <para> + With multiple interfaces declared, independent + wpa_supplicant daemons are started, one for each interface + (the services are named + <literal>wpa_supplicant-wlan0</literal>, + <literal>wpa_supplicant-wlan1</literal>, etc.). + </para> + </listitem> + <listitem> + <para> + The generated <literal>wpa_supplicant.conf</literal> file + is now formatted for easier reading. + </para> + </listitem> + <listitem> + <para> + A new + <link xlink:href="options.html#opt-networking.wireless.scanOnLowSignal">scanOnLowSignal</link> + option has been added to facilitate fast roaming between + access points (enabled by default). + </para> + </listitem> + <listitem> + <para> + A new + <link xlink:href="options.html#opt-networking.wireless.networks._name_.authProtocols">networks.<name>.authProtocols</link> + option has been added to change the authentication + protocols used when connecting to a network. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The <link xlink:href="options.html#opt-networking.wireless.iwd.enable">networking.wireless.iwd</link> module has a new <link xlink:href="options.html#opt-networking.wireless.iwd.settings">networking.wireless.iwd.settings</link> @@ -1350,6 +1528,73 @@ Superuser created successfully. <literal>/etc/xdg/mimeapps.list</literal>. </para> </listitem> + <listitem> + <para> + Kopia was upgraded from 0.8.x to 0.9.x. Please read the + <link xlink:href="https://github.com/kopia/kopia/releases/tag/v0.9.0">upstream + release notes</link> for changes and upgrade instructions. + </para> + </listitem> + <listitem> + <para> + The <literal>systemd.network</literal> module has gained + support for the FooOverUDP link type. + </para> + </listitem> + <listitem> + <para> + The <literal>networking</literal> module has a new + <literal>networking.fooOverUDP</literal> option to configure + Foo-over-UDP encapsulations. + </para> + </listitem> + <listitem> + <para> + <literal>networking.sits</literal> now supports Foo-over-UDP + encapsulation. + </para> + </listitem> + <listitem> + <para> + Changing systemd <literal>.socket</literal> units now restarts + them and stops the service that is activated by them. + Additionally, services with + <literal>stopOnChange = false</literal> don’t break anymore + when they are socket-activated. + </para> + </listitem> + <listitem> + <para> + The <literal>virtualisation.libvirtd</literal> module has been + refactored and updated with new options: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>virtualisation.libvirtd.qemu*</literal> options + (e.g.: + <literal>virtualisation.libvirtd.qemuRunAsRoot</literal>) + were moved to + <link xlink:href="options.html#opt-virtualisation.libvirtd.qemu"><literal>virtualisation.libvirtd.qemu</literal></link> + submodule, + </para> + </listitem> + <listitem> + <para> + software TPM1/TPM2 support (e.g.: Windows 11 guests) + (<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.swtpm"><literal>virtualisation.libvirtd.qemu.swtpm</literal></link>), + </para> + </listitem> + <listitem> + <para> + custom OVMF package (e.g.: + <literal>pkgs.OVMFFull</literal> with HTTP, CSM and Secure + Boot support) + (<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.ovmf.package"><literal>virtualisation.libvirtd.qemu.ovmf.package</literal></link>). + </para> + </listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> </section> diff --git a/nixpkgs/nixos/doc/manual/md-to-db.sh b/nixpkgs/nixos/doc/manual/md-to-db.sh index 6dd4b8c6e419..e0274f5619c7 100755 --- a/nixpkgs/nixos/doc/manual/md-to-db.sh +++ b/nixpkgs/nixos/doc/manual/md-to-db.sh @@ -6,7 +6,7 @@ # into DocBook files in the from_md folder. DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -pushd $DIR +pushd "$DIR" # NOTE: Keep in sync with Nixpkgs manual (/doc/Makefile). # TODO: Remove raw-attribute when we can get rid of DocBook altogether. @@ -29,7 +29,7 @@ mapfile -t MD_FILES < <(find . -type f -regex '.*\.md$') for mf in ${MD_FILES[*]}; do if [ "${mf: -11}" == ".section.md" ]; then - mkdir -p $(dirname "$OUT/$mf") + mkdir -p "$(dirname "$OUT/$mf")" OUTFILE="$OUT/${mf%".section.md"}.section.xml" pandoc "$mf" "${pandoc_flags[@]}" \ -o "$OUTFILE" @@ -37,7 +37,7 @@ for mf in ${MD_FILES[*]}; do fi if [ "${mf: -11}" == ".chapter.md" ]; then - mkdir -p $(dirname "$OUT/$mf") + mkdir -p "$(dirname "$OUT/$mf")" OUTFILE="$OUT/${mf%".chapter.md"}.chapter.xml" pandoc "$mf" "${pandoc_flags[@]}" \ --top-level-division=chapter \ diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md index f22a532972be..c1958b3a6bd4 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md @@ -20,6 +20,8 @@ In addition to numerous new and upgraded packages, this release has the followin This allows activation scripts to output what they would change if the activation was really run. The users/modules activation script supports this and outputs some of is actions. +- KDE Plasma now finally works on Wayland. + - bash now defaults to major version 5. - Systemd was updated to version 249 (from 247). @@ -28,12 +30,15 @@ In addition to numerous new and upgraded packages, this release has the followin - `kubernetes-helm` now defaults to 3.7.0, which introduced some breaking changes to the experimental OCI manifest format. See [HIP 6](https://github.com/helm/community/blob/main/hips/hip-0006.md) for more details. +- GNOME has been upgraded to 41. Please take a look at their [Release Notes](https://help.gnome.org/misc/release-notes/41.0/) for details. + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). -- [clipcat](https://github.com/xrelkd/clipcat/), an X11 clipboard manager written in Rust. Available at [services.clipcat](options.html#o - pt-services.clipcat.enable). +- [clipcat](https://github.com/xrelkd/clipcat/), an X11 clipboard manager written in Rust. Available at [services.clipcat](options.html#opt-services.clipcat.enable). + +- [dex](https://github.com/dexidp/dex), an OpenID Connect (OIDC) identity and OAuth 2.0 provider. Available at [services.dex](options.html#opt-services.dex.enable). - [geoipupdate](https://github.com/maxmind/geoipupdate), a GeoIP database updater from MaxMind. Available as [services.geoipupdate](options.html#opt-services.geoipupdate.enable). @@ -81,6 +86,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [postfixadmin](https://postfixadmin.sourceforge.io/), a web based virtual user administration interface for Postfix mail servers. Available as [postfixadmin](#opt-services.postfixadmin.enable). +- [prowlarr](https://wiki.servarr.com/prowlarr), an indexer manager/proxy built on the popular arr .net/reactjs base stack [services.prowlarr](#opt-services.prowlarr.enable). + - [soju](https://sr.ht/~emersion/soju), a user-friendly IRC bouncer. Available as [services.soju](options.html#opt-services.soju.enable). - [nats](https://nats.io/), a high performance cloud and edge messaging system. Available as [services.nats](#opt-services.nats.enable). @@ -98,8 +105,14 @@ In addition to numerous new and upgraded packages, this release has the followin - [pantheon-tweaks](https://github.com/pantheon-tweaks/pantheon-tweaks), an unofficial system settings panel for Pantheon. Available as [programs.pantheon-tweaks](#opt-programs.pantheon-tweaks.enable). +- [joycond](https://github.com/DanielOgorchock/joycond), a service that uses `hid-nintendo` to provide nintendo joycond pairing and better nintendo switch pro controller support. + +- [multipath](https://github.com/opensvc/multipath-tools), the device mapper multipath (DM-MP) daemon. Available as [services.multipath](#opt-services.multipath.enable). + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} +- The `services.wakeonlan` option was removed, and replaced with `networking.interfaces.<name>.wakeOnLan`. + - The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set. This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe. @@ -309,7 +322,7 @@ In addition to numerous new and upgraded packages, this release has the followin configures the address and port the web UI is listening, it defaults to `:9001`. To be able to access the web UI this port needs to be opened in the firewall. -- The `varnish` package was upgraded from 6.3.x to 6.5.x. `varnish60` for the last LTS release is also still available. +- The `varnish` package was upgraded from 6.3.x to 7.x. `varnish60` for the last LTS release is also still available. - The `kubernetes` package was upgraded to 1.22. The `kubernetes.apiserver.kubeletHttps` option was removed and HTTPS is always used. @@ -330,11 +343,24 @@ In addition to numerous new and upgraded packages, this release has the followin respectively. As a result `services.datadog-agent` has had breaking changes to the configuration file. For details, see the [upstream changelog](https://github.com/DataDog/datadog-agent/blob/main/CHANGELOG.rst). +- `opencv2` no longer includes the non-free libraries by default, and consequently `pfstools` no longer includes OpenCV support by default. Both packages now support an `enableUnfree` option to re-enable this functionality. +- `services.xserver.displayManager.defaultSession = "plasma5"` does not work anymore, instead use either `"plasma"` for the Plasma X11 session or `"plasmawayland"` for the Plasma Wayland sesison. + +- `boot.kernelParams` now only accepts one command line parameter per string. This change is aimed to reduce common mistakes like "param = 12", which would be parsed as 3 parameters. + ## Other Notable Changes {#sec-release-21.11-notable-changes} + - The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set. In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched. +- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options to configure: + - IPv4 port forwarding ([`virtualisation.forwardPorts`](options.html#opt-virtualisation.forwardPorts)), + - shared host directories ([`virtualisation.sharedDirectories`](options.html#opt-virtualisation.sharedDirectories)), + - screen resolution ([`virtualisation.resolution`](options.html#opt-virtualisation.resolution)). + + In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance. + - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs. @@ -381,6 +407,16 @@ In addition to numerous new and upgraded packages, this release has the followin `myhostname`, but before `dns` should use the default priority - NSS modules which should come after `dns` should use mkAfter. +- The [networking.wireless](options.html#opt-networking.wireless.enable) module (based on wpa_supplicant) has been heavily reworked, solving a number of issues and adding useful features: + - The automatic discovery of wireless interfaces at boot has been made reliable again (issues [#101963](https://github.com/NixOS/nixpkgs/issues/101963), [#23196](https://github.com/NixOS/nixpkgs/issues/23196)). + - WPA3 and Fast BSS Transition (802.11r) are now enabled by default for all networks. + - Secrets like pre-shared keys and passwords can now be handled safely, meaning without including them in a world-readable file (`wpa_supplicant.conf` under /nix/store). + This is achieved by storing the secrets in a secured [environmentFile](options.html#opt-networking.wireless.environmentFile) and referring to them though environment variables that are expanded inside the configuration. + - With multiple interfaces declared, independent wpa_supplicant daemons are started, one for each interface (the services are named `wpa_supplicant-wlan0`, `wpa_supplicant-wlan1`, etc.). + - The generated `wpa_supplicant.conf` file is now formatted for easier reading. + - A new [scanOnLowSignal](options.html#opt-networking.wireless.scanOnLowSignal) option has been added to facilitate fast roaming between access points (enabled by default). + - A new [networks.<name>.authProtocols](options.html#opt-networking.wireless.networks._name_.authProtocols) option has been added to change the authentication protocols used when connecting to a network. + - The [networking.wireless.iwd](options.html#opt-networking.wireless.iwd.enable) module has a new [networking.wireless.iwd.settings](options.html#opt-networking.wireless.iwd.settings) option. - The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up. @@ -405,3 +441,18 @@ In addition to numerous new and upgraded packages, this release has the followin directories, thus increasing the purity of the build. - Three new options, [xdg.mime.addedAssociations](#opt-xdg.mime.addedAssociations), [xdg.mime.defaultApplications](#opt-xdg.mime.defaultApplications), and [xdg.mime.removedAssociations](#opt-xdg.mime.removedAssociations) have been added to the [xdg.mime](#opt-xdg.mime.enable) module to allow the configuration of `/etc/xdg/mimeapps.list`. + +- Kopia was upgraded from 0.8.x to 0.9.x. Please read the [upstream release notes](https://github.com/kopia/kopia/releases/tag/v0.9.0) for changes and upgrade instructions. + +- The `systemd.network` module has gained support for the FooOverUDP link type. + +- The `networking` module has a new `networking.fooOverUDP` option to configure Foo-over-UDP encapsulations. + +- `networking.sits` now supports Foo-over-UDP encapsulation. + +- Changing systemd `.socket` units now restarts them and stops the service that is activated by them. Additionally, services with `stopOnChange = false` don't break anymore when they are socket-activated. + +- The `virtualisation.libvirtd` module has been refactored and updated with new options: + - `virtualisation.libvirtd.qemu*` options (e.g.: `virtualisation.libvirtd.qemuRunAsRoot`) were moved to [`virtualisation.libvirtd.qemu`](options.html#opt-virtualisation.libvirtd.qemu) submodule, + - software TPM1/TPM2 support (e.g.: Windows 11 guests) ([`virtualisation.libvirtd.qemu.swtpm`](options.html#opt-virtualisation.libvirtd.qemu.swtpm)), + - custom OVMF package (e.g.: `pkgs.OVMFFull` with HTTP, CSM and Secure Boot support) ([`virtualisation.libvirtd.qemu.ovmf.package`](options.html#opt-virtualisation.libvirtd.qemu.ovmf.package)). diff --git a/nixpkgs/nixos/lib/build-vms.nix b/nixpkgs/nixos/lib/build-vms.nix index f0a58628c68a..05d9ce89dbdc 100644 --- a/nixpkgs/nixos/lib/build-vms.nix +++ b/nixpkgs/nixos/lib/build-vms.nix @@ -4,15 +4,14 @@ , # Ignored config ? null , # Nixpkgs, for qemu, lib and more - pkgs + pkgs, lib , # !!! See comment about args in lib/modules.nix specialArgs ? {} , # NixOS configuration to add to the VMs extraConfigurations ? [] }: -with pkgs.lib; -with import ../lib/qemu-flags.nix { inherit pkgs; }; +with lib; rec { @@ -69,9 +68,8 @@ rec { prefixLength = 24; } ]; }); - in - { key = "ip-address"; - config = + + networkConfig = { networking.hostName = mkDefault m.fst; networking.interfaces = listToAttrs interfaces; @@ -93,10 +91,19 @@ rec { "${config.networking.hostName}\n")); virtualisation.qemu.options = - forEach interfacesNumbered - ({ fst, snd }: qemuNICFlags snd fst m.snd); + let qemu-common = import ../lib/qemu-common.nix { inherit lib pkgs; }; + in flip concatMap interfacesNumbered + ({ fst, snd }: qemu-common.qemuNICFlags snd fst m.snd); }; - } + + in + { key = "ip-address"; + config = networkConfig // { + # Expose the networkConfig items for tests like nixops + # that need to recreate the network config. + system.build.networkConfig = networkConfig; + }; + } ) (getAttr m.fst nodes) ] ); diff --git a/nixpkgs/nixos/lib/make-options-doc/default.nix b/nixpkgs/nixos/lib/make-options-doc/default.nix index 14015ab64abb..e058e70f3888 100644 --- a/nixpkgs/nixos/lib/make-options-doc/default.nix +++ b/nixpkgs/nixos/lib/make-options-doc/default.nix @@ -83,10 +83,13 @@ let optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options); # Customly sort option list for the man page. + # Always ensure that the sort order matches sortXML.py! optionsList = lib.sort optionLess optionsListDesc; # Convert the list of options into an XML file. - optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList); + # This file is *not* sorted sorted to save on eval time, since the docbook XML + # and the manpage depend on it and thus we evaluate this on every system rebuild. + optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsListDesc); optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList); @@ -185,9 +188,10 @@ in { exit 1 fi + ${pkgs.python3Minimal}/bin/python ${./sortXML.py} $optionsXML sorted.xml ${pkgs.libxslt.bin}/bin/xsltproc \ --stringparam revision '${revision}' \ - -o intermediate.xml ${./options-to-docbook.xsl} $optionsXML + -o intermediate.xml ${./options-to-docbook.xsl} sorted.xml ${pkgs.libxslt.bin}/bin/xsltproc \ -o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml ''; diff --git a/nixpkgs/nixos/lib/make-options-doc/options-to-docbook.xsl b/nixpkgs/nixos/lib/make-options-doc/options-to-docbook.xsl index 18d19fddaca2..da4cd164bf20 100644 --- a/nixpkgs/nixos/lib/make-options-doc/options-to-docbook.xsl +++ b/nixpkgs/nixos/lib/make-options-doc/options-to-docbook.xsl @@ -54,7 +54,7 @@ <para> <emphasis>Default:</emphasis> <xsl:text> </xsl:text> - <xsl:apply-templates select="attr[@name = 'default']" mode="top" /> + <xsl:apply-templates select="attr[@name = 'default']/*" mode="top" /> </para> </xsl:if> @@ -62,14 +62,7 @@ <para> <emphasis>Example:</emphasis> <xsl:text> </xsl:text> - <xsl:choose> - <xsl:when test="attr[@name = 'example']/attrs[attr[@name = '_type' and string[@value = 'literalExample']]]"> - <programlisting><xsl:value-of select="attr[@name = 'example']/attrs/attr[@name = 'text']/string/@value" /></programlisting> - </xsl:when> - <xsl:otherwise> - <xsl:apply-templates select="attr[@name = 'example']" mode="top" /> - </xsl:otherwise> - </xsl:choose> + <xsl:apply-templates select="attr[@name = 'example']/*" mode="top" /> </para> </xsl:if> @@ -107,20 +100,37 @@ </xsl:template> - <xsl:template match="*" mode="top"> + <xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExpression']]]" mode = "top"> <xsl:choose> - <xsl:when test="string[contains(@value, '
')]"> -<programlisting> -<xsl:text>'' -</xsl:text><xsl:value-of select='str:replace(string/@value, "${", "''${")' /><xsl:text>''</xsl:text></programlisting> + <xsl:when test="contains(attr[@name = 'text']/string/@value, '
')"> + <programlisting><xsl:value-of select="attr[@name = 'text']/string/@value" /></programlisting> </xsl:when> <xsl:otherwise> - <literal><xsl:apply-templates /></literal> + <literal><xsl:value-of select="attr[@name = 'text']/string/@value" /></literal> </xsl:otherwise> </xsl:choose> </xsl:template> + <xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalDocBook']]]" mode = "top"> + <xsl:value-of disable-output-escaping="yes" select="attr[@name = 'text']/string/@value" /> + </xsl:template> + + + <xsl:template match="string[contains(@value, '
')]" mode="top"> + <programlisting> + <xsl:text>''
</xsl:text> + <xsl:value-of select='str:replace(str:replace(@value, "''", "'''"), "${", "''${")' /> + <xsl:text>''</xsl:text> + </programlisting> + </xsl:template> + + + <xsl:template match="*" mode="top"> + <literal><xsl:apply-templates select="." /></literal> + </xsl:template> + + <xsl:template match="null"> <xsl:text>null</xsl:text> </xsl:template> @@ -129,10 +139,10 @@ <xsl:template match="string"> <xsl:choose> <xsl:when test="(contains(@value, '"') or contains(@value, '\')) and not(contains(@value, '
'))"> - <xsl:text>''</xsl:text><xsl:value-of select='str:replace(@value, "${", "''${")' /><xsl:text>''</xsl:text> + <xsl:text>''</xsl:text><xsl:value-of select='str:replace(str:replace(@value, "''", "'''"), "${", "''${")' /><xsl:text>''</xsl:text> </xsl:when> <xsl:otherwise> - <xsl:text>"</xsl:text><xsl:value-of select="str:replace(str:replace(str:replace(str:replace(@value, '\', '\\'), '"', '\"'), '
', '\n'), '$', '\$')" /><xsl:text>"</xsl:text> + <xsl:text>"</xsl:text><xsl:value-of select="str:replace(str:replace(str:replace(str:replace(@value, '\', '\\'), '"', '\"'), '
', '\n'), '${', '\${')" /><xsl:text>"</xsl:text> </xsl:otherwise> </xsl:choose> </xsl:template> @@ -163,7 +173,7 @@ </xsl:template> - <xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExample']]]"> + <xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExpression']]]"> <xsl:value-of select="attr[@name = 'text']/string/@value" /> </xsl:template> diff --git a/nixpkgs/nixos/lib/make-options-doc/sortXML.py b/nixpkgs/nixos/lib/make-options-doc/sortXML.py new file mode 100644 index 000000000000..717820788c94 --- /dev/null +++ b/nixpkgs/nixos/lib/make-options-doc/sortXML.py @@ -0,0 +1,28 @@ +import xml.etree.ElementTree as ET +import sys + +tree = ET.parse(sys.argv[1]) +# the xml tree is of the form +# <expr><list> {all options, each an attrs} </list></expr> +options = list(tree.getroot().find('list')) + +def sortKey(opt): + def order(s): + if s.startswith("enable"): + return 0 + if s.startswith("package"): + return 1 + return 2 + + return [ + (order(p.attrib['value']), p.attrib['value']) + for p in opt.findall('attr[@name="loc"]/list/string') + ] + +# always ensure that the sort order matches the order used in the nix expression! +options.sort(key=sortKey) + +doc = ET.Element("expr") +newOptions = ET.SubElement(doc, "list") +newOptions.extend(options) +ET.ElementTree(doc).write(sys.argv[2], encoding='utf-8') diff --git a/nixpkgs/nixos/lib/qemu-flags.nix b/nixpkgs/nixos/lib/qemu-common.nix index f786745ba324..84f9060acd63 100644 --- a/nixpkgs/nixos/lib/qemu-flags.nix +++ b/nixpkgs/nixos/lib/qemu-common.nix @@ -1,12 +1,12 @@ -# QEMU flags shared between various Nix expressions. -{ pkgs }: +# QEMU-related utilities shared between various Nix expressions. +{ lib, pkgs }: let zeroPad = n: - pkgs.lib.optionalString (n < 16) "0" + + lib.optionalString (n < 16) "0" + (if n > 255 then throw "Can't have more than 255 nets or nodes!" - else pkgs.lib.toHexString n); + else lib.toHexString n); in rec { @@ -14,7 +14,7 @@ rec { qemuNICFlags = nic: net: machine: [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}" - "-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}" + ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"'' ]; qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" diff --git a/nixpkgs/nixos/lib/test-driver/test-driver.py b/nixpkgs/nixos/lib/test-driver/test-driver.py index f8502188bde8..e659b0c04f50 100755 --- a/nixpkgs/nixos/lib/test-driver/test-driver.py +++ b/nixpkgs/nixos/lib/test-driver/test-driver.py @@ -21,7 +21,6 @@ import shutil import socket import subprocess import sys -import telnetlib import tempfile import time import unicodedata @@ -89,55 +88,6 @@ CHAR_TO_KEY = { ")": "shift-0x0B", } -global log, machines, test_script - - -def eprint(*args: object, **kwargs: Any) -> None: - print(*args, file=sys.stderr, **kwargs) - - -def make_command(args: list) -> str: - return " ".join(map(shlex.quote, (map(str, args)))) - - -def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]: - log.log("starting VDE switch for network {}".format(vlan_nr)) - vde_socket = tempfile.mkdtemp( - prefix="nixos-test-vde-", suffix="-vde{}.ctl".format(vlan_nr) - ) - pty_master, pty_slave = pty.openpty() - vde_process = subprocess.Popen( - ["vde_switch", "-s", vde_socket, "--dirmode", "0700"], - stdin=pty_slave, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - shell=False, - ) - fd = os.fdopen(pty_master, "w") - fd.write("version\n") - # TODO: perl version checks if this can be read from - # an if not, dies. we could hang here forever. Fix it. - assert vde_process.stdout is not None - vde_process.stdout.readline() - if not os.path.exists(os.path.join(vde_socket, "ctl")): - raise Exception("cannot start vde_switch") - - return (vlan_nr, vde_socket, vde_process, fd) - - -def retry(fn: Callable, timeout: int = 900) -> None: - """Call the given function repeatedly, with 1 second intervals, - until it returns True or a timeout is reached. - """ - - for _ in range(timeout): - if fn(False): - return - time.sleep(1) - - if not fn(True): - raise Exception(f"action timed out after {timeout} seconds") - class Logger: def __init__(self) -> None: @@ -151,6 +101,10 @@ class Logger: self._print_serial_logs = True + @staticmethod + def _eprint(*args: object, **kwargs: Any) -> None: + print(*args, file=sys.stderr, **kwargs) + def close(self) -> None: self.xml.endElement("logfile") self.xml.endDocument() @@ -169,15 +123,27 @@ class Logger: self.xml.characters(message) self.xml.endElement("line") + def info(self, *args, **kwargs) -> None: # type: ignore + self.log(*args, **kwargs) + + def warning(self, *args, **kwargs) -> None: # type: ignore + self.log(*args, **kwargs) + + def error(self, *args, **kwargs) -> None: # type: ignore + self.log(*args, **kwargs) + sys.exit(1) + def log(self, message: str, attributes: Dict[str, str] = {}) -> None: - eprint(self.maybe_prefix(message, attributes)) + self._eprint(self.maybe_prefix(message, attributes)) self.drain_log_queue() self.log_line(message, attributes) def log_serial(self, message: str, machine: str) -> None: self.enqueue({"msg": message, "machine": machine, "type": "serial"}) if self._print_serial_logs: - eprint(Style.DIM + "{} # {}".format(machine, message) + Style.RESET_ALL) + self._eprint( + Style.DIM + "{} # {}".format(machine, message) + Style.RESET_ALL + ) def enqueue(self, item: Dict[str, str]) -> None: self.queue.put(item) @@ -194,7 +160,7 @@ class Logger: @contextmanager def nested(self, message: str, attributes: Dict[str, str] = {}) -> Iterator[None]: - eprint(self.maybe_prefix(message, attributes)) + self._eprint(self.maybe_prefix(message, attributes)) self.xml.startElement("nest", attrs={}) self.xml.startElement("head", attributes) @@ -211,6 +177,27 @@ class Logger: self.xml.endElement("nest") +rootlog = Logger() + + +def make_command(args: list) -> str: + return " ".join(map(shlex.quote, (map(str, args)))) + + +def retry(fn: Callable, timeout: int = 900) -> None: + """Call the given function repeatedly, with 1 second intervals, + until it returns True or a timeout is reached. + """ + + for _ in range(timeout): + if fn(False): + return + time.sleep(1) + + if not fn(True): + raise Exception(f"action timed out after {timeout} seconds") + + def _perform_ocr_on_screenshot( screenshot_path: str, model_ids: Iterable[int] ) -> List[str]: @@ -242,113 +229,256 @@ def _perform_ocr_on_screenshot( return model_results -class Machine: - def __repr__(self) -> str: - return f"<Machine '{self.name}'>" - - def __init__(self, args: Dict[str, Any]) -> None: - if "name" in args: - self.name = args["name"] - else: - self.name = "machine" - cmd = args.get("startCommand", None) - if cmd: - match = re.search("run-(.+)-vm$", cmd) - if match: - self.name = match.group(1) - self.logger = args["log"] - self.script = args.get("startCommand", self.create_startcommand(args)) - - tmp_dir = os.environ.get("TMPDIR", tempfile.gettempdir()) - - def create_dir(name: str) -> str: - path = os.path.join(tmp_dir, name) - os.makedirs(path, mode=0o700, exist_ok=True) - return path +class StartCommand: + """The Base Start Command knows how to append the necesary + runtime qemu options as determined by a particular test driver + run. Any such start command is expected to happily receive and + append additional qemu args. + """ - self.state_dir = os.path.join(tmp_dir, f"vm-state-{self.name}") - if not args.get("keepVmState", False): - self.cleanup_statedir() - os.makedirs(self.state_dir, mode=0o700, exist_ok=True) - self.shared_dir = create_dir("shared-xchg") + _cmd: str - self.booted = False - self.connected = False - self.pid: Optional[int] = None - self.socket = None - self.monitor: Optional[socket.socket] = None - self.allow_reboot = args.get("allowReboot", False) + def cmd( + self, + monitor_socket_path: pathlib.Path, + shell_socket_path: pathlib.Path, + allow_reboot: bool = False, # TODO: unused, legacy? + ) -> str: + display_opts = "" + display_available = any(x in os.environ for x in ["DISPLAY", "WAYLAND_DISPLAY"]) + if not display_available: + display_opts += " -nographic" + + # qemu options + qemu_opts = "" + qemu_opts += ( + "" + if allow_reboot + else " -no-reboot" + " -device virtio-serial" + " -device virtconsole,chardev=shell" + " -device virtio-rng-pci" + " -serial stdio" + ) + # TODO: qemu script already catpures this env variable, legacy? + qemu_opts += " " + os.environ.get("QEMU_OPTS", "") + + return ( + f"{self._cmd}" + f" -monitor unix:{monitor_socket_path}" + f" -chardev socket,id=shell,path={shell_socket_path}" + f"{qemu_opts}" + f"{display_opts}" + ) @staticmethod - def create_startcommand(args: Dict[str, str]) -> str: - net_backend = "-netdev user,id=net0" - net_frontend = "-device virtio-net-pci,netdev=net0" + def build_environment( + state_dir: pathlib.Path, + shared_dir: pathlib.Path, + ) -> dict: + # We make a copy to not update the current environment + env = dict(os.environ) + env.update( + { + "TMPDIR": str(state_dir), + "SHARED_DIR": str(shared_dir), + "USE_TMPDIR": "1", + } + ) + return env + + def run( + self, + state_dir: pathlib.Path, + shared_dir: pathlib.Path, + monitor_socket_path: pathlib.Path, + shell_socket_path: pathlib.Path, + ) -> subprocess.Popen: + return subprocess.Popen( + self.cmd(monitor_socket_path, shell_socket_path), + stdin=subprocess.DEVNULL, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + shell=True, + cwd=state_dir, + env=self.build_environment(state_dir, shared_dir), + ) - if "netBackendArgs" in args: - net_backend += "," + args["netBackendArgs"] - if "netFrontendArgs" in args: - net_frontend += "," + args["netFrontendArgs"] +class NixStartScript(StartCommand): + """A start script from nixos/modules/virtualiation/qemu-vm.nix + that also satisfies the requirement of the BaseStartCommand. + These Nix commands have the particular charactersitic that the + machine name can be extracted out of them via a regex match. + (Admittedly a _very_ implicit contract, evtl. TODO fix) + """ - start_command = ( - args.get("qemuBinary", "qemu-kvm") - + " -m 384 " - + net_backend - + " " - + net_frontend - + " $QEMU_OPTS " - ) + def __init__(self, script: str): + self._cmd = script + + @property + def machine_name(self) -> str: + match = re.search("run-(.+)-vm$", self._cmd) + name = "machine" + if match: + name = match.group(1) + return name + + +class LegacyStartCommand(StartCommand): + """Used in some places to create an ad-hoc machine instead of + using nix test instrumentation + module system for that purpose. + Legacy. + """ - if "hda" in args: - hda_path = os.path.abspath(args["hda"]) - if args.get("hdaInterface", "") == "scsi": - start_command += ( - "-drive id=hda,file=" - + hda_path - + ",werror=report,if=none " - + "-device scsi-hd,drive=hda " + def __init__( + self, + netBackendArgs: Optional[str] = None, + netFrontendArgs: Optional[str] = None, + hda: Optional[Tuple[pathlib.Path, str]] = None, + cdrom: Optional[str] = None, + usb: Optional[str] = None, + bios: Optional[str] = None, + qemuFlags: Optional[str] = None, + ): + self._cmd = "qemu-kvm -m 384" + + # networking + net_backend = "-netdev user,id=net0" + net_frontend = "-device virtio-net-pci,netdev=net0" + if netBackendArgs is not None: + net_backend += "," + netBackendArgs + if netFrontendArgs is not None: + net_frontend += "," + netFrontendArgs + self._cmd += f" {net_backend} {net_frontend}" + + # hda + hda_cmd = "" + if hda is not None: + hda_path = hda[0].resolve() + hda_interface = hda[1] + if hda_interface == "scsi": + hda_cmd += ( + f" -drive id=hda,file={hda_path},werror=report,if=none" + " -device scsi-hd,drive=hda" ) else: - start_command += ( - "-drive file=" - + hda_path - + ",if=" - + args["hdaInterface"] - + ",werror=report " - ) + hda_cmd += f" -drive file={hda_path},if={hda_interface},werror=report" + self._cmd += hda_cmd - if "cdrom" in args: - start_command += "-cdrom " + args["cdrom"] + " " + # cdrom + if cdrom is not None: + self._cmd += f" -cdrom {cdrom}" - if "usb" in args: + # usb + usb_cmd = "" + if usb is not None: # https://github.com/qemu/qemu/blob/master/docs/usb2.txt - start_command += ( - "-device usb-ehci -drive " - + "id=usbdisk,file=" - + args["usb"] - + ",if=none,readonly " - + "-device usb-storage,drive=usbdisk " + usb_cmd += ( + " -device usb-ehci" + f" -drive id=usbdisk,file={usb},if=none,readonly" + " -device usb-storage,drive=usbdisk " ) - if "bios" in args: - start_command += "-bios " + args["bios"] + " " + self._cmd += usb_cmd + + # bios + if bios is not None: + self._cmd += f" -bios {bios}" - start_command += args.get("qemuFlags", "") + # qemu flags + if qemuFlags is not None: + self._cmd += f" {qemuFlags}" - return start_command + +class Machine: + """A handle to the machine with this name, that also knows how to manage + the machine lifecycle with the help of a start script / command.""" + + name: str + tmp_dir: pathlib.Path + shared_dir: pathlib.Path + state_dir: pathlib.Path + monitor_path: pathlib.Path + shell_path: pathlib.Path + + start_command: StartCommand + keep_vm_state: bool + allow_reboot: bool + + process: Optional[subprocess.Popen] = None + pid: Optional[int] = None + monitor: Optional[socket.socket] = None + shell: Optional[socket.socket] = None + + booted: bool = False + connected: bool = False + # Store last serial console lines for use + # of wait_for_console_text + last_lines: Queue = Queue() + + def __repr__(self) -> str: + return f"<Machine '{self.name}'>" + + def __init__( + self, + tmp_dir: pathlib.Path, + start_command: StartCommand, + name: str = "machine", + keep_vm_state: bool = False, + allow_reboot: bool = False, + ) -> None: + self.tmp_dir = tmp_dir + self.keep_vm_state = keep_vm_state + self.allow_reboot = allow_reboot + self.name = name + self.start_command = start_command + + # set up directories + self.shared_dir = self.tmp_dir / "shared-xchg" + self.shared_dir.mkdir(mode=0o700, exist_ok=True) + + self.state_dir = self.tmp_dir / f"vm-state-{self.name}" + self.monitor_path = self.state_dir / "monitor" + self.shell_path = self.state_dir / "shell" + if (not self.keep_vm_state) and self.state_dir.exists(): + self.cleanup_statedir() + self.state_dir.mkdir(mode=0o700, exist_ok=True) + + @staticmethod + def create_startcommand(args: Dict[str, str]) -> StartCommand: + rootlog.warning( + "Using legacy create_startcommand()," + "please use proper nix test vm instrumentation, instead" + "to generate the appropriate nixos test vm qemu startup script" + ) + hda = None + if args.get("hda"): + hda_arg: str = args.get("hda", "") + hda_arg_path: pathlib.Path = pathlib.Path(hda_arg) + hda = (hda_arg_path, args.get("hdaInterface", "")) + return LegacyStartCommand( + netBackendArgs=args.get("netBackendArgs"), + netFrontendArgs=args.get("netFrontendArgs"), + hda=hda, + cdrom=args.get("cdrom"), + usb=args.get("usb"), + bios=args.get("bios"), + qemuFlags=args.get("qemuFlags"), + ) def is_up(self) -> bool: return self.booted and self.connected def log(self, msg: str) -> None: - self.logger.log(msg, {"machine": self.name}) + rootlog.log(msg, {"machine": self.name}) def log_serial(self, msg: str) -> None: - self.logger.log_serial(msg, self.name) + rootlog.log_serial(msg, self.name) def nested(self, msg: str, attrs: Dict[str, str] = {}) -> _GeneratorContextManager: my_attrs = {"machine": self.name} my_attrs.update(attrs) - return self.logger.nested(msg, my_attrs) + return rootlog.nested(msg, my_attrs) def wait_for_monitor_prompt(self) -> str: assert self.monitor is not None @@ -446,6 +576,7 @@ class Machine: self.connect() out_command = "( set -euo pipefail; {} ); echo '|!=EOF' $?\n".format(command) + assert self.shell self.shell.send(out_command.encode()) output = "" @@ -466,6 +597,8 @@ class Machine: Should only be used during test development, not in the production test.""" self.connect() self.log("Terminal is ready (there is no prompt):") + + assert self.shell subprocess.run( ["socat", "READLINE", f"FD:{self.shell.fileno()}"], pass_fds=[self.shell.fileno()], @@ -534,6 +667,7 @@ class Machine: with self.nested("waiting for the VM to power off"): sys.stdout.flush() + assert self.process self.process.wait() self.pid = None @@ -611,6 +745,8 @@ class Machine: with self.nested("waiting for the VM to finish booting"): self.start() + assert self.shell + tic = time.time() self.shell.recv(1024) # TODO: Timeout @@ -750,65 +886,35 @@ class Machine: self.log("starting vm") - def create_socket(path: str) -> socket.socket: - if os.path.exists(path): - os.unlink(path) + def clear(path: pathlib.Path) -> pathlib.Path: + if path.exists(): + path.unlink() + return path + + def create_socket(path: pathlib.Path) -> socket.socket: s = socket.socket(family=socket.AF_UNIX, type=socket.SOCK_STREAM) - s.bind(path) + s.bind(str(path)) s.listen(1) return s - monitor_path = os.path.join(self.state_dir, "monitor") - self.monitor_socket = create_socket(monitor_path) - - shell_path = os.path.join(self.state_dir, "shell") - self.shell_socket = create_socket(shell_path) - - display_available = any(x in os.environ for x in ["DISPLAY", "WAYLAND_DISPLAY"]) - qemu_options = ( - " ".join( - [ - "" if self.allow_reboot else "-no-reboot", - "-monitor unix:{}".format(monitor_path), - "-chardev socket,id=shell,path={}".format(shell_path), - "-device virtio-serial", - "-device virtconsole,chardev=shell", - "-device virtio-rng-pci", - "-serial stdio" if display_available else "-nographic", - ] - ) - + " " - + os.environ.get("QEMU_OPTS", "") - ) - - environment = dict(os.environ) - environment.update( - { - "TMPDIR": self.state_dir, - "SHARED_DIR": self.shared_dir, - "USE_TMPDIR": "1", - "QEMU_OPTS": qemu_options, - } - ) - - self.process = subprocess.Popen( - self.script, - stdin=subprocess.DEVNULL, - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - shell=True, - cwd=self.state_dir, - env=environment, + monitor_socket = create_socket(clear(self.monitor_path)) + shell_socket = create_socket(clear(self.shell_path)) + self.process = self.start_command.run( + self.state_dir, + self.shared_dir, + self.monitor_path, + self.shell_path, ) - self.monitor, _ = self.monitor_socket.accept() - self.shell, _ = self.shell_socket.accept() + self.monitor, _ = monitor_socket.accept() + self.shell, _ = shell_socket.accept() # Store last serial console lines for use # of wait_for_console_text self.last_lines: Queue = Queue() def process_serial_output() -> None: - assert self.process.stdout is not None + assert self.process + assert self.process.stdout for _line in self.process.stdout: # Ignore undecodable bytes that may occur in boot menus line = _line.decode(errors="ignore").replace("\r", "").rstrip() @@ -825,15 +931,15 @@ class Machine: self.log("QEMU running (pid {})".format(self.pid)) def cleanup_statedir(self) -> None: - if os.path.isdir(self.state_dir): - shutil.rmtree(self.state_dir) - self.logger.log(f"deleting VM state directory {self.state_dir}") - self.logger.log("if you want to keep the VM state, pass --keep-vm-state") + shutil.rmtree(self.state_dir) + rootlog.log(f"deleting VM state directory {self.state_dir}") + rootlog.log("if you want to keep the VM state, pass --keep-vm-state") def shutdown(self) -> None: if not self.booted: return + assert self.shell self.shell.send("poweroff\n".encode()) self.wait_for_shutdown() @@ -908,41 +1014,215 @@ class Machine: """Make the machine reachable.""" self.send_monitor_command("set_link virtio-net-pci.1 on") + def release(self) -> None: + if self.pid is None: + return + rootlog.info(f"kill machine (pid {self.pid})") + assert self.process + assert self.shell + assert self.monitor + self.process.terminate() + self.shell.close() + self.monitor.close() + + +class VLan: + """This class handles a VLAN that the run-vm scripts identify via its + number handles. The network's lifetime equals the object's lifetime. + """ -def create_machine(args: Dict[str, Any]) -> Machine: - args["log"] = log - return Machine(args) + nr: int + socket_dir: pathlib.Path + process: subprocess.Popen + pid: int + fd: io.TextIOBase -def start_all() -> None: - with log.nested("starting all VMs"): - for machine in machines: - machine.start() + def __repr__(self) -> str: + return f"<Vlan Nr. {self.nr}>" + def __init__(self, nr: int, tmp_dir: pathlib.Path): + self.nr = nr + self.socket_dir = tmp_dir / f"vde{self.nr}.ctl" -def join_all() -> None: - with log.nested("waiting for all VMs to finish"): - for machine in machines: - machine.wait_for_shutdown() + # TODO: don't side-effect environment here + os.environ[f"QEMU_VDE_SOCKET_{self.nr}"] = str(self.socket_dir) + rootlog.info("start vlan") + pty_master, pty_slave = pty.openpty() -def run_tests(interactive: bool = False) -> None: - if interactive: - ptpython.repl.embed(test_symbols(), {}) - else: - test_script() + self.process = subprocess.Popen( + ["vde_switch", "-s", self.socket_dir, "--dirmode", "0700"], + stdin=pty_slave, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + shell=False, + ) + self.pid = self.process.pid + self.fd = os.fdopen(pty_master, "w") + self.fd.write("version\n") + + # TODO: perl version checks if this can be read from + # an if not, dies. we could hang here forever. Fix it. + assert self.process.stdout is not None + self.process.stdout.readline() + if not (self.socket_dir / "ctl").exists(): + rootlog.error("cannot start vde_switch") + + rootlog.info(f"running vlan (pid {self.pid})") + + def __del__(self) -> None: + rootlog.info(f"kill vlan (pid {self.pid})") + self.fd.close() + self.process.terminate() + + +class Driver: + """A handle to the driver that sets up the environment + and runs the tests""" + + tests: str + vlans: List[VLan] + machines: List[Machine] + + def __init__( + self, + start_scripts: List[str], + vlans: List[int], + tests: str, + keep_vm_state: bool = False, + ): + self.tests = tests + + tmp_dir = pathlib.Path(os.environ.get("TMPDIR", tempfile.gettempdir())) + tmp_dir.mkdir(mode=0o700, exist_ok=True) + + with rootlog.nested("start all VLans"): + self.vlans = [VLan(nr, tmp_dir) for nr in vlans] + + def cmd(scripts: List[str]) -> Iterator[NixStartScript]: + for s in scripts: + yield NixStartScript(s) + + self.machines = [ + Machine( + start_command=cmd, + keep_vm_state=keep_vm_state, + name=cmd.machine_name, + tmp_dir=tmp_dir, + ) + for cmd in cmd(start_scripts) + ] + + @atexit.register + def clean_up() -> None: + with rootlog.nested("clean up"): + for machine in self.machines: + machine.release() + + def subtest(self, name: str) -> Iterator[None]: + """Group logs under a given test name""" + with rootlog.nested(name): + try: + yield + return True + except Exception as e: + rootlog.error(f'Test "{name}" failed with error: "{e}"') + raise e + + def test_symbols(self) -> Dict[str, Any]: + @contextmanager + def subtest(name: str) -> Iterator[None]: + return self.subtest(name) + + general_symbols = dict( + start_all=self.start_all, + test_script=self.test_script, + machines=self.machines, + vlans=self.vlans, + driver=self, + log=rootlog, + os=os, + create_machine=self.create_machine, + subtest=subtest, + run_tests=self.run_tests, + join_all=self.join_all, + retry=retry, + serial_stdout_off=self.serial_stdout_off, + serial_stdout_on=self.serial_stdout_on, + Machine=Machine, # for typing + ) + machine_symbols = { + m.name: self.machines[idx] for idx, m in enumerate(self.machines) + } + vlan_symbols = { + f"vlan{v.nr}": self.vlans[idx] for idx, v in enumerate(self.vlans) + } + print( + "additionally exposed symbols:\n " + + ", ".join(map(lambda m: m.name, self.machines)) + + ",\n " + + ", ".join(map(lambda v: f"vlan{v.nr}", self.vlans)) + + ",\n " + + ", ".join(list(general_symbols.keys())) + ) + return {**general_symbols, **machine_symbols, **vlan_symbols} + + def test_script(self) -> None: + """Run the test script""" + with rootlog.nested("run the VM test script"): + symbols = self.test_symbols() # call eagerly + exec(self.tests, symbols, None) + + def run_tests(self) -> None: + """Run the test script (for non-interactive test runs)""" + self.test_script() # TODO: Collect coverage data - for machine in machines: + for machine in self.machines: if machine.is_up(): machine.execute("sync") + def start_all(self) -> None: + """Start all machines""" + with rootlog.nested("start all VMs"): + for machine in self.machines: + machine.start() + + def join_all(self) -> None: + """Wait for all machines to shut down""" + with rootlog.nested("wait for all VMs to finish"): + for machine in self.machines: + machine.wait_for_shutdown() + + def create_machine(self, args: Dict[str, Any]) -> Machine: + rootlog.warning( + "Using legacy create_machine(), please instantiate the" + "Machine class directly, instead" + ) + tmp_dir = pathlib.Path(os.environ.get("TMPDIR", tempfile.gettempdir())) + tmp_dir.mkdir(mode=0o700, exist_ok=True) -def serial_stdout_on() -> None: - log._print_serial_logs = True + if args.get("startCommand"): + start_command: str = args.get("startCommand", "") + cmd = NixStartScript(start_command) + name = args.get("name", cmd.machine_name) + else: + cmd = Machine.create_startcommand(args) # type: ignore + name = args.get("name", "machine") + + return Machine( + tmp_dir=tmp_dir, + start_command=cmd, + name=name, + keep_vm_state=args.get("keep_vm_state", False), + allow_reboot=args.get("allow_reboot", False), + ) + def serial_stdout_on(self) -> None: + rootlog._print_serial_logs = True -def serial_stdout_off() -> None: - log._print_serial_logs = False + def serial_stdout_off(self) -> None: + rootlog._print_serial_logs = False class EnvDefault(argparse.Action): @@ -970,52 +1250,6 @@ class EnvDefault(argparse.Action): setattr(namespace, self.dest, values) -@contextmanager -def subtest(name: str) -> Iterator[None]: - with log.nested(name): - try: - yield - return True - except Exception as e: - log.log(f'Test "{name}" failed with error: "{e}"') - raise e - - return False - - -def _test_symbols() -> Dict[str, Any]: - general_symbols = dict( - start_all=start_all, - test_script=globals().get("test_script"), # same - machines=globals().get("machines"), # without being initialized - log=globals().get("log"), # extracting those symbol keys - os=os, - create_machine=create_machine, - subtest=subtest, - run_tests=run_tests, - join_all=join_all, - retry=retry, - serial_stdout_off=serial_stdout_off, - serial_stdout_on=serial_stdout_on, - Machine=Machine, # for typing - ) - return general_symbols - - -def test_symbols() -> Dict[str, Any]: - - general_symbols = _test_symbols() - - machine_symbols = {m.name: machines[idx] for idx, m in enumerate(machines)} - print( - "additionally exposed symbols:\n " - + ", ".join(map(lambda m: m.name, machines)) - + ",\n " - + ", ".join(list(general_symbols.keys())) - ) - return {**general_symbols, **machine_symbols} - - if __name__ == "__main__": arg_parser = argparse.ArgumentParser(prog="nixos-test-driver") arg_parser.add_argument( @@ -1055,44 +1289,18 @@ if __name__ == "__main__": ) args = arg_parser.parse_args() - testscript = pathlib.Path(args.testscript).read_text() - - global log, machines, test_script - - log = Logger() - - vde_sockets = [create_vlan(v) for v in args.vlans] - for nr, vde_socket, _, _ in vde_sockets: - os.environ["QEMU_VDE_SOCKET_{}".format(nr)] = vde_socket - - machines = [ - create_machine({"startCommand": s, "keepVmState": args.keep_vm_state}) - for s in args.start_scripts - ] - machine_eval = [ - "{0} = machines[{1}]".format(m.name, idx) for idx, m in enumerate(machines) - ] - exec("\n".join(machine_eval)) - - @atexit.register - def clean_up() -> None: - with log.nested("cleaning up"): - for machine in machines: - if machine.pid is None: - continue - log.log("killing {} (pid {})".format(machine.name, machine.pid)) - machine.process.kill() - for _, _, process, _ in vde_sockets: - process.terminate() - log.close() - - def test_script() -> None: - with log.nested("running the VM test script"): - symbols = test_symbols() # call eagerly - exec(testscript, symbols, None) - - interactive = args.interactive or (not bool(testscript)) - tic = time.time() - run_tests(interactive) - toc = time.time() - print("test script finished in {:.2f}s".format(toc - tic)) + + if not args.keep_vm_state: + rootlog.info("Machine state will be reset. To keep it, pass --keep-vm-state") + + driver = Driver( + args.start_scripts, args.vlans, args.testscript.read_text(), args.keep_vm_state + ) + + if args.interactive: + ptpython.repl.embed(driver.test_symbols(), {}) + else: + tic = time.time() + driver.run_tests() + toc = time.time() + rootlog.info(f"test script finished in {(toc-tic):.2f}s") diff --git a/nixpkgs/nixos/lib/testing-python.nix b/nixpkgs/nixos/lib/testing-python.nix index 7c8c64211f18..dbba9e4c4452 100644 --- a/nixpkgs/nixos/lib/testing-python.nix +++ b/nixpkgs/nixos/lib/testing-python.nix @@ -43,7 +43,8 @@ rec { from pydoc import importfile with open('driver-symbols', 'w') as fp: t = importfile('${testDriverScript}') - test_symbols = t._test_symbols() + d = t.Driver([],[],"") + test_symbols = d.test_symbols() fp.write(','.join(test_symbols.keys())) EOF ''; @@ -188,14 +189,6 @@ rec { --set startScripts "''${vmStartScripts[*]}" \ --set testScript "$out/test-script" \ --set vlans '${toString vlans}' - - ${lib.optionalString (testScript == "") '' - ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms - wrapProgram $out/bin/nixos-run-vms \ - --set startScripts "''${vmStartScripts[*]}" \ - --set testScript "${pkgs.writeText "start-all" "start_all(); join_all();"}" \ - --set vlans '${toString vlans}' - ''} ''); # Make a full-blown test @@ -217,7 +210,7 @@ rec { nodes = qemu_pkg: let build-vms = import ./build-vms.nix { - inherit system pkgs minimal specialArgs; + inherit system lib pkgs minimal specialArgs; extraConfigurations = extraConfigurations ++ [( { virtualisation.qemu.package = qemu_pkg; @@ -257,7 +250,6 @@ rec { inherit test driver driverInteractive nodes; }; - abortForFunction = functionName: abort ''The ${functionName} function was removed because it is not an essential part of the NixOS testing infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated diff --git a/nixpkgs/nixos/lib/utils.nix b/nixpkgs/nixos/lib/utils.nix index 7fe812424f85..439b627dc385 100644 --- a/nixpkgs/nixos/lib/utils.nix +++ b/nixpkgs/nixos/lib/utils.nix @@ -10,7 +10,7 @@ rec { # Check whenever fileSystem is needed for boot. NOTE: Make sure # pathsNeededForBoot is closed under the parent relationship, i.e. if /a/b/c # is in the list, put /a and /a/b in as well. - pathsNeededForBoot = [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]; + pathsNeededForBoot = [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/var/lib/nixos" "/etc" ]; fsNeededForBoot = fs: fs.neededForBoot || elem fs.mountPoint pathsNeededForBoot; # Check whenever `b` depends on `a` as a fileSystem diff --git a/nixpkgs/nixos/maintainers/scripts/azure-new/examples/basic/image.nix b/nixpkgs/nixos/maintainers/scripts/azure-new/examples/basic/image.nix index ad62dcd14a0b..310eba3621a6 100644 --- a/nixpkgs/nixos/maintainers/scripts/azure-new/examples/basic/image.nix +++ b/nixpkgs/nixos/maintainers/scripts/azure-new/examples/basic/image.nix @@ -1,6 +1,6 @@ let pkgs = (import ../../../../../../default.nix {}); - machine = import "${pkgs.path}/nixos/lib/eval-config.nix" { + machine = import (pkgs.path + "/nixos/lib/eval-config.nix") { system = "x86_64-linux"; modules = [ ({config, ...}: { imports = [ ./system.nix ]; }) diff --git a/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix b/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix index 6942b58f236e..fcb369e87ff9 100644 --- a/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix +++ b/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix @@ -27,7 +27,7 @@ in { }; contents = mkOption { - example = literalExample '' + example = literalExpression '' [ { source = pkgs.memtest86 + "/memtest.bin"; target = "boot/memtest.bin"; } @@ -104,8 +104,8 @@ in { ${pkgs.jq}/bin/jq -n \ --arg system_label ${lib.escapeShellArg config.system.nixos.label} \ --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ - --arg root_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ - --arg boot_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ + --arg root_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ + --arg boot_logical_bytes "$(${pkgs.qemu}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ --arg root "$rootDisk" \ --arg boot "$bootDisk" \ '{} diff --git a/nixpkgs/nixos/maintainers/scripts/ec2/create-amis.sh b/nixpkgs/nixos/maintainers/scripts/ec2/create-amis.sh index 691d7fcfcba4..712d9b548ff0 100755 --- a/nixpkgs/nixos/maintainers/scripts/ec2/create-amis.sh +++ b/nixpkgs/nixos/maintainers/scripts/ec2/create-amis.sh @@ -15,18 +15,22 @@ # set -x set -euo pipefail +var () { true; } + # configuration -state_dir=$HOME/amis/ec2-images -home_region=eu-west-1 -bucket=nixos-amis -service_role_name=vmimport +var ${state_dir:=$HOME/amis/ec2-images} +var ${home_region:=eu-west-1} +var ${bucket:=nixos-amis} +var ${service_role_name:=vmimport} -regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1 +var ${regions:=eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1 us-east-1 us-east-2 us-west-1 us-west-2 ca-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 ap-south-1 ap-east-1 - sa-east-1) + sa-east-1} + +regions=($regions) log() { echo "$@" >&2 @@ -60,10 +64,16 @@ read_image_info() { # We handle a single image per invocation, store all attributes in # globals for convenience. -image_label=$(read_image_info .label) +zfs_disks=$(read_image_info .disks) +image_label="$(read_image_info .label)${zfs_disks:+-ZFS}" image_system=$(read_image_info .system) -image_file=$(read_image_info .file) -image_logical_bytes=$(read_image_info .logical_bytes) +image_files=( $(read_image_info "${zfs_disks:+.disks.root}.file") ) + +image_logical_bytes=$(read_image_info "${zfs_disks:+.disks.boot}.logical_bytes") + +if [[ -n "$zfs_disks" ]]; then + image_files+=( $(read_image_info .disks.boot.file) ) +fi # Derived attributes @@ -113,11 +123,11 @@ wait_for_import() { local state snapshot_id log "Waiting for import task $task_id to be completed" while true; do - read -r state progress snapshot_id < <( + read -r state message snapshot_id < <( aws ec2 describe-import-snapshot-tasks --region "$region" --import-task-ids "$task_id" | \ - jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail | "\(.Status) \(.Progress) \(.SnapshotId)"' + jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail | "\(.Status) \(.StatusMessage) \(.SnapshotId)"' ) - log " ... state=$state progress=$progress snapshot_id=$snapshot_id" + log " ... state=$state message=$message snapshot_id=$snapshot_id" case "$state" in active) sleep 10 @@ -179,41 +189,48 @@ make_image_public() { upload_image() { local region=$1 - local aws_path=${image_file#/} + for image_file in "${image_files[@]}"; do + local aws_path=${image_file#/} - local state_key="$region.$image_label.$image_system" - local task_id - task_id=$(read_state "$state_key" task_id) - local snapshot_id - snapshot_id=$(read_state "$state_key" snapshot_id) - local ami_id - ami_id=$(read_state "$state_key" ami_id) - - if [ -z "$task_id" ]; then - log "Checking for image on S3" - if ! aws s3 ls --region "$region" "s3://${bucket}/${aws_path}" >&2; then - log "Image missing from aws, uploading" - aws s3 cp --region "$region" "$image_file" "s3://${bucket}/${aws_path}" >&2 + if [[ -n "$zfs_disks" ]]; then + local suffix=${image_file%.*} + suffix=${suffix##*.} fi - log "Importing image from S3 path s3://$bucket/$aws_path" - - task_id=$(aws ec2 import-snapshot --role-name "$service_role_name" --disk-container "{ - \"Description\": \"nixos-image-${image_label}-${image_system}\", - \"Format\": \"vhd\", - \"UserBucket\": { - \"S3Bucket\": \"$bucket\", - \"S3Key\": \"$aws_path\" - } - }" --region "$region" | jq -r '.ImportTaskId') - - write_state "$state_key" task_id "$task_id" - fi + local state_key="$region.$image_label${suffix:+.${suffix}}.$image_system" + local task_id + task_id=$(read_state "$state_key" task_id) + local snapshot_id + snapshot_id=$(read_state "$state_key" snapshot_id) + local ami_id + ami_id=$(read_state "$state_key" ami_id) + + if [ -z "$task_id" ]; then + log "Checking for image on S3" + if ! aws s3 ls --region "$region" "s3://${bucket}/${aws_path}" >&2; then + log "Image missing from aws, uploading" + aws s3 cp --region "$region" "$image_file" "s3://${bucket}/${aws_path}" >&2 + fi + + log "Importing image from S3 path s3://$bucket/$aws_path" + + task_id=$(aws ec2 import-snapshot --role-name "$service_role_name" --disk-container "{ + \"Description\": \"nixos-image-${image_label}-${image_system}\", + \"Format\": \"vhd\", + \"UserBucket\": { + \"S3Bucket\": \"$bucket\", + \"S3Key\": \"$aws_path\" + } + }" --region "$region" | jq -r '.ImportTaskId') + + write_state "$state_key" task_id "$task_id" + fi - if [ -z "$snapshot_id" ]; then - snapshot_id=$(wait_for_import "$region" "$task_id") - write_state "$state_key" snapshot_id "$snapshot_id" - fi + if [ -z "$snapshot_id" ]; then + snapshot_id=$(wait_for_import "$region" "$task_id") + write_state "$state_key" snapshot_id "$snapshot_id" + fi + done if [ -z "$ami_id" ]; then log "Registering snapshot $snapshot_id as AMI" @@ -222,6 +239,18 @@ upload_image() { "DeviceName=/dev/xvda,Ebs={SnapshotId=$snapshot_id,VolumeSize=$image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp3}" ) + if [[ -n "$zfs_disks" ]]; then + local root_snapshot_id=$(read_state "$region.$image_label.root.$image_system" snapshot_id) + + local root_image_logical_bytes=$(read_image_info ".disks.root.logical_bytes") + local root_image_logical_gigabytes=$(((root_image_logical_bytes-1)/1024/1024/1024+1)) # Round to the next GB + + block_device_mappings+=( + "DeviceName=/dev/xvdb,Ebs={SnapshotId=$root_snapshot_id,VolumeSize=$root_image_logical_gigabytes,DeleteOnTermination=true,VolumeType=gp3}" + ) + fi + + local extra_flags=( --root-device-name /dev/xvda --sriov-net-support simple @@ -248,7 +277,7 @@ upload_image() { write_state "$state_key" ami_id "$ami_id" fi - make_image_public "$region" "$ami_id" + [[ -v PRIVATE ]] || make_image_public "$region" "$ami_id" echo "$ami_id" } @@ -276,7 +305,7 @@ copy_to_region() { write_state "$state_key" ami_id "$ami_id" fi - make_image_public "$region" "$ami_id" + [[ -v PRIVATE ]] || make_image_public "$region" "$ami_id" echo "$ami_id" } diff --git a/nixpkgs/nixos/modules/config/fonts/fontdir.nix b/nixpkgs/nixos/modules/config/fonts/fontdir.nix index c4bd3a077d33..db4b6c638ab4 100644 --- a/nixpkgs/nixos/modules/config/fonts/fontdir.nix +++ b/nixpkgs/nixos/modules/config/fonts/fontdir.nix @@ -50,9 +50,8 @@ in config = mkIf cfg.enable { - # This is enough to make a symlink because the xserver - # module already links all /share/X11 paths. environment.systemPackages = [ x11Fonts ]; + environment.pathsToLink = [ "/share/X11/fonts" ]; services.xserver.filesSection = '' FontPath "${x11Fonts}/share/X11/fonts" diff --git a/nixpkgs/nixos/modules/config/fonts/fonts.nix b/nixpkgs/nixos/modules/config/fonts/fonts.nix index f87e61e3ef9f..04952898cb76 100644 --- a/nixpkgs/nixos/modules/config/fonts/fonts.nix +++ b/nixpkgs/nixos/modules/config/fonts/fonts.nix @@ -61,7 +61,7 @@ in fonts = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ pkgs.dejavu_fonts ]"; + example = literalExpression "[ pkgs.dejavu_fonts ]"; description = "List of primary font paths."; }; diff --git a/nixpkgs/nixos/modules/config/i18n.nix b/nixpkgs/nixos/modules/config/i18n.nix index 991b449d80b5..545d4a3dca61 100644 --- a/nixpkgs/nixos/modules/config/i18n.nix +++ b/nixpkgs/nixos/modules/config/i18n.nix @@ -14,7 +14,7 @@ with lib; allLocales = any (x: x == "all") config.i18n.supportedLocales; locales = config.i18n.supportedLocales; }; - example = literalExample "pkgs.glibcLocales"; + example = literalExpression "pkgs.glibcLocales"; description = '' Customized pkg.glibcLocales package. diff --git a/nixpkgs/nixos/modules/config/krb5/default.nix b/nixpkgs/nixos/modules/config/krb5/default.nix index 6db2a7e40391..911c5b629a9a 100644 --- a/nixpkgs/nixos/modules/config/krb5/default.nix +++ b/nixpkgs/nixos/modules/config/krb5/default.nix @@ -83,8 +83,8 @@ in { kerberos = mkOption { type = types.package; default = pkgs.krb5Full; - defaultText = "pkgs.krb5Full"; - example = literalExample "pkgs.heimdal"; + defaultText = literalExpression "pkgs.krb5Full"; + example = literalExpression "pkgs.heimdal"; description = '' The Kerberos implementation that will be present in <literal>environment.systemPackages</literal> after enabling this @@ -96,7 +96,7 @@ in { type = with types; either attrs lines; default = {}; apply = attrs: filterEmbeddedMetadata attrs; - example = literalExample '' + example = literalExpression '' { default_realm = "ATHENA.MIT.EDU"; }; @@ -109,7 +109,7 @@ in { realms = mkOption { type = with types; either attrs lines; default = {}; - example = literalExample '' + example = literalExpression '' { "ATHENA.MIT.EDU" = { admin_server = "athena.mit.edu"; @@ -127,7 +127,7 @@ in { domain_realm = mkOption { type = with types; either attrs lines; default = {}; - example = literalExample '' + example = literalExpression '' { "example.com" = "EXAMPLE.COM"; ".example.com" = "EXAMPLE.COM"; @@ -142,7 +142,7 @@ in { capaths = mkOption { type = with types; either attrs lines; default = {}; - example = literalExample '' + example = literalExpression '' { "ATHENA.MIT.EDU" = { "EXAMPLE.COM" = "."; @@ -161,7 +161,7 @@ in { appdefaults = mkOption { type = with types; either attrs lines; default = {}; - example = literalExample '' + example = literalExpression '' { pam = { debug = false; @@ -182,7 +182,7 @@ in { plugins = mkOption { type = with types; either attrs lines; default = {}; - example = literalExample '' + example = literalExpression '' { ccselect = { disable = "k5identity"; diff --git a/nixpkgs/nixos/modules/config/networking.nix b/nixpkgs/nixos/modules/config/networking.nix index 8c4eec510e5d..11307e331200 100644 --- a/nixpkgs/nixos/modules/config/networking.nix +++ b/nixpkgs/nixos/modules/config/networking.nix @@ -21,7 +21,7 @@ in networking.hosts = lib.mkOption { type = types.attrsOf (types.listOf types.str); - example = literalExample '' + example = literalExpression '' { "127.0.0.1" = [ "foo.bar.baz" ]; "192.168.0.2" = [ "fileserver.local" "nameserver.local" ]; @@ -34,8 +34,8 @@ in networking.hostFiles = lib.mkOption { type = types.listOf types.path; - defaultText = lib.literalExample "Hosts from `networking.hosts` and `networking.extraHosts`"; - example = lib.literalExample ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]''; + defaultText = literalDocBook "Hosts from <option>networking.hosts</option> and <option>networking.extraHosts</option>"; + example = literalExpression ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]''; description = '' Files that should be concatenated together to form <filename>/etc/hosts</filename>. ''; diff --git a/nixpkgs/nixos/modules/config/power-management.nix b/nixpkgs/nixos/modules/config/power-management.nix index cc0ff732ffa5..710842e1503b 100644 --- a/nixpkgs/nixos/modules/config/power-management.nix +++ b/nixpkgs/nixos/modules/config/power-management.nix @@ -35,7 +35,7 @@ in powerUpCommands = mkOption { type = types.lines; default = ""; - example = literalExample '' + example = literalExpression '' "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda" ''; description = @@ -49,7 +49,7 @@ in powerDownCommands = mkOption { type = types.lines; default = ""; - example = literalExample '' + example = literalExpression '' "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda" ''; description = diff --git a/nixpkgs/nixos/modules/config/pulseaudio.nix b/nixpkgs/nixos/modules/config/pulseaudio.nix index 3f7ae109e8c2..01555d28b73f 100644 --- a/nixpkgs/nixos/modules/config/pulseaudio.nix +++ b/nixpkgs/nixos/modules/config/pulseaudio.nix @@ -149,8 +149,8 @@ in { default = if config.services.jack.jackd.enable then pkgs.pulseaudioFull else pkgs.pulseaudio; - defaultText = "pkgs.pulseaudio"; - example = literalExample "pkgs.pulseaudioFull"; + defaultText = literalExpression "pkgs.pulseaudio"; + example = literalExpression "pkgs.pulseaudioFull"; description = '' The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the @@ -161,7 +161,7 @@ in { extraModules = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.pulseaudio-modules-bt ]"; + example = literalExpression "[ pkgs.pulseaudio-modules-bt ]"; description = '' Extra pulseaudio modules to use. This is intended for out-of-tree pulseaudio modules like extra bluetooth codecs. @@ -184,7 +184,7 @@ in { type = types.attrsOf types.unspecified; default = {}; description = "Config of the pulse daemon. See <literal>man pulse-daemon.conf</literal>."; - example = literalExample ''{ realtime-scheduling = "yes"; }''; + example = literalExpression ''{ realtime-scheduling = "yes"; }''; }; }; @@ -204,7 +204,7 @@ in { allowedIpRanges = mkOption { type = types.listOf types.str; default = []; - example = literalExample ''[ "127.0.0.1" "192.168.1.0/24" ]''; + example = literalExpression ''[ "127.0.0.1" "192.168.1.0/24" ]''; description = '' A list of IP subnets that are allowed to stream to the server. ''; diff --git a/nixpkgs/nixos/modules/config/shells-environment.nix b/nixpkgs/nixos/modules/config/shells-environment.nix index 34e558d8603d..ae3f618e273c 100644 --- a/nixpkgs/nixos/modules/config/shells-environment.nix +++ b/nixpkgs/nixos/modules/config/shells-environment.nix @@ -136,10 +136,8 @@ in environment.binsh = mkOption { default = "${config.system.build.binsh}/bin/sh"; - defaultText = "\${config.system.build.binsh}/bin/sh"; - example = literalExample '' - "''${pkgs.dash}/bin/dash" - ''; + defaultText = literalExpression ''"''${config.system.build.binsh}/bin/sh"''; + example = literalExpression ''"''${pkgs.dash}/bin/dash"''; type = types.path; visible = false; description = '' @@ -152,7 +150,7 @@ in environment.shells = mkOption { default = []; - example = literalExample "[ pkgs.bashInteractive pkgs.zsh ]"; + example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; description = '' A list of permissible login shells for user accounts. No need to mention <literal>/bin/sh</literal> diff --git a/nixpkgs/nixos/modules/config/sysctl.nix b/nixpkgs/nixos/modules/config/sysctl.nix index e59c7a32c287..db1f5284f504 100644 --- a/nixpkgs/nixos/modules/config/sysctl.nix +++ b/nixpkgs/nixos/modules/config/sysctl.nix @@ -22,7 +22,7 @@ in boot.kernel.sysctl = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } ''; type = types.attrsOf sysctlOption; diff --git a/nixpkgs/nixos/modules/config/system-path.nix b/nixpkgs/nixos/modules/config/system-path.nix index 1292c3008c6f..6ff4ec2921cf 100644 --- a/nixpkgs/nixos/modules/config/system-path.nix +++ b/nixpkgs/nixos/modules/config/system-path.nix @@ -58,7 +58,7 @@ in systemPackages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.firefox pkgs.thunderbird ]"; + example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; description = '' The set of packages that appear in /run/current-system/sw. These packages are @@ -73,9 +73,9 @@ in defaultPackages = mkOption { type = types.listOf types.package; default = defaultPackages; - example = literalExample "[]"; + example = []; description = '' - Set of default packages that aren't strictly neccessary + Set of default packages that aren't strictly necessary for a running system, entries can be removed for a more minimal NixOS installation. diff --git a/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix b/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix index abc12a627d6f..055c3b2364e6 100644 --- a/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix +++ b/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix @@ -19,7 +19,7 @@ in { environment.unixODBCDrivers = mkOption { type = types.listOf types.package; default = []; - example = literalExample "with pkgs.unixODBCDrivers; [ sqlite psql ]"; + example = literalExpression "with pkgs.unixODBCDrivers; [ sqlite psql ]"; description = '' Specifies Unix ODBC drivers to be registered in <filename>/etc/odbcinst.ini</filename>. You may also want to diff --git a/nixpkgs/nixos/modules/config/users-groups.nix b/nixpkgs/nixos/modules/config/users-groups.nix index 8e2db9107a11..629905e60955 100644 --- a/nixpkgs/nixos/modules/config/users-groups.nix +++ b/nixpkgs/nixos/modules/config/users-groups.nix @@ -165,8 +165,8 @@ let shell = mkOption { type = types.nullOr (types.either types.shellPackage (passwdEntry types.path)); default = pkgs.shadow; - defaultText = "pkgs.shadow"; - example = literalExample "pkgs.bashInteractive"; + defaultText = literalExpression "pkgs.shadow"; + example = literalExpression "pkgs.bashInteractive"; description = '' The path to the user's shell. Can use shell derivations, like <literal>pkgs.bashInteractive</literal>. Don’t @@ -291,7 +291,7 @@ let packages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.firefox pkgs.thunderbird ]"; + example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; description = '' The set of packages that should be made available to the user. This is in contrast to <option>environment.systemPackages</option>, diff --git a/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix b/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix index 55baab0026b2..aba1d8dbc00e 100644 --- a/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix +++ b/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix @@ -37,7 +37,7 @@ in default = { }; # Example taken from the manpage - example = literalExample '' + example = literalExpression '' { screencast = { output_name = "HDMI-A-1"; diff --git a/nixpkgs/nixos/modules/hardware/ckb-next.nix b/nixpkgs/nixos/modules/hardware/ckb-next.nix index 6932be1c54ca..b2bbd77c9d7f 100644 --- a/nixpkgs/nixos/modules/hardware/ckb-next.nix +++ b/nixpkgs/nixos/modules/hardware/ckb-next.nix @@ -27,7 +27,7 @@ in package = mkOption { type = types.package; default = pkgs.ckb-next; - defaultText = "pkgs.ckb-next"; + defaultText = literalExpression "pkgs.ckb-next"; description = '' The package implementing the Corsair keyboard/mouse driver. ''; diff --git a/nixpkgs/nixos/modules/hardware/device-tree.nix b/nixpkgs/nixos/modules/hardware/device-tree.nix index 4aa1d6369d1b..be67116ad507 100644 --- a/nixpkgs/nixos/modules/hardware/device-tree.nix +++ b/nixpkgs/nixos/modules/hardware/device-tree.nix @@ -21,7 +21,7 @@ let each .dtb file matching "compatible" of the overlay. ''; default = null; - example = literalExample "./dts/overlays.dts"; + example = literalExpression "./dts/overlays.dts"; }; dtsText = mkOption { @@ -31,7 +31,7 @@ let Literal DTS contents, overlay is applied to each .dtb file matching "compatible" of the overlay. ''; - example = literalExample '' + example = '' /dts-v1/; /plugin/; / { @@ -125,8 +125,8 @@ in kernelPackage = mkOption { default = config.boot.kernelPackages.kernel; - defaultText = "config.boot.kernelPackages.kernel"; - example = literalExample "pkgs.linux_latest"; + defaultText = literalExpression "config.boot.kernelPackages.kernel"; + example = literalExpression "pkgs.linux_latest"; type = types.path; description = '' Kernel package containing the base device-tree (.dtb) to boot. Uses @@ -156,7 +156,7 @@ in overlays = mkOption { default = []; - example = literalExample '' + example = literalExpression '' [ { name = "pps"; dtsFile = ./dts/pps.dts; } { name = "spi"; diff --git a/nixpkgs/nixos/modules/hardware/digitalbitbox.nix b/nixpkgs/nixos/modules/hardware/digitalbitbox.nix index 0888cfbef2a8..097448a74f4d 100644 --- a/nixpkgs/nixos/modules/hardware/digitalbitbox.nix +++ b/nixpkgs/nixos/modules/hardware/digitalbitbox.nix @@ -19,7 +19,7 @@ in package = mkOption { type = types.package; default = pkgs.digitalbitbox; - defaultText = "pkgs.digitalbitbox"; + defaultText = literalExpression "pkgs.digitalbitbox"; description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults."; }; }; diff --git a/nixpkgs/nixos/modules/hardware/opengl.nix b/nixpkgs/nixos/modules/hardware/opengl.nix index a50b5d32c358..0d8aaf734591 100644 --- a/nixpkgs/nixos/modules/hardware/opengl.nix +++ b/nixpkgs/nixos/modules/hardware/opengl.nix @@ -89,7 +89,7 @@ in extraPackages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]"; + example = literalExpression "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]"; description = '' Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. @@ -99,7 +99,7 @@ in extraPackages32 = mkOption { type = types.listOf types.package; default = []; - example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; + example = literalExpression "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; description = '' Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when <option>driSupport32Bit</option> is diff --git a/nixpkgs/nixos/modules/hardware/opentabletdriver.nix b/nixpkgs/nixos/modules/hardware/opentabletdriver.nix index 295e23e6164f..caba934ebe77 100644 --- a/nixpkgs/nixos/modules/hardware/opentabletdriver.nix +++ b/nixpkgs/nixos/modules/hardware/opentabletdriver.nix @@ -29,7 +29,7 @@ in package = mkOption { type = types.package; default = pkgs.opentabletdriver; - defaultText = "pkgs.opentabletdriver"; + defaultText = literalExpression "pkgs.opentabletdriver"; description = '' OpenTabletDriver derivation to use. ''; diff --git a/nixpkgs/nixos/modules/hardware/printers.nix b/nixpkgs/nixos/modules/hardware/printers.nix index c587076dcd18..7bab4f7038d9 100644 --- a/nixpkgs/nixos/modules/hardware/printers.nix +++ b/nixpkgs/nixos/modules/hardware/printers.nix @@ -72,10 +72,10 @@ in { }; deviceUri = mkOption { type = types.str; - example = [ + example = literalExpression '' "ipp://printserver.local/printers/BrotherHL_Workroom" "usb://HP/DESKJET%20940C?serial=CN16E6C364BH" - ]; + ''; description = '' How to reach the printer. <command>lpinfo -v</command> shows a list of supported device URIs and schemes. @@ -83,8 +83,8 @@ in { }; model = mkOption { type = types.str; - example = literalExample '' - gutenprint.''${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert + example = literalExpression '' + "gutenprint.''${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert" ''; description = '' Location of the ppd driver file for the printer. diff --git a/nixpkgs/nixos/modules/hardware/sata.nix b/nixpkgs/nixos/modules/hardware/sata.nix index 541897527a8d..81592997d6e3 100644 --- a/nixpkgs/nixos/modules/hardware/sata.nix +++ b/nixpkgs/nixos/modules/hardware/sata.nix @@ -39,7 +39,7 @@ in enable = mkEnableOption "SATA drive timeouts"; deciSeconds = mkOption { - example = "70"; + example = 70; type = types.int; description = '' Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations. diff --git a/nixpkgs/nixos/modules/hardware/video/nvidia.nix b/nixpkgs/nixos/modules/hardware/video/nvidia.nix index cf87ca5377dd..8f6b5c22ea4f 100644 --- a/nixpkgs/nixos/modules/hardware/video/nvidia.nix +++ b/nixpkgs/nixos/modules/hardware/video/nvidia.nix @@ -165,11 +165,11 @@ in hardware.nvidia.package = lib.mkOption { type = lib.types.package; default = config.boot.kernelPackages.nvidiaPackages.stable; - defaultText = "config.boot.kernelPackages.nvidiaPackages.stable"; + defaultText = literalExpression "config.boot.kernelPackages.nvidiaPackages.stable"; description = '' The NVIDIA X11 derivation to use. ''; - example = "config.boot.kernelPackages.nvidiaPackages.legacy_340"; + example = literalExpression "config.boot.kernelPackages.nvidiaPackages.legacy_340"; }; }; @@ -213,7 +213,7 @@ in } { - assertion = cfg.powerManagement.enable -> offloadCfg.enable; + assertion = cfg.powerManagement.finegrained -> offloadCfg.enable; message = "Fine-grained power management requires offload to be enabled."; } diff --git a/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix b/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix index cf6aa052abb0..338062cf69b7 100644 --- a/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix +++ b/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix @@ -33,7 +33,7 @@ in packages = mkOption { type = types.listOf types.path; - example = literalExample "[ pkgs.tiscamera ]"; + example = literalExpression "[ pkgs.tiscamera ]"; description = '' List of packages containing <command>uvcvideo</command> dynamic controls rules. All files found in diff --git a/nixpkgs/nixos/modules/i18n/input-method/fcitx.nix b/nixpkgs/nixos/modules/i18n/input-method/fcitx.nix index 440f13b41522..57960cc365b6 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/fcitx.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/fcitx.nix @@ -17,7 +17,7 @@ in engines = mkOption { type = with types; listOf fcitxEngine; default = []; - example = literalExample "with pkgs.fcitx-engines; [ mozc hangul ]"; + example = literalExpression "with pkgs.fcitx-engines; [ mozc hangul ]"; description = let enginesDrv = filterAttrs (const isDerivation) pkgs.fcitx-engines; diff --git a/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix b/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix index eecbe32fea49..414aabbbaa73 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix @@ -12,7 +12,7 @@ in { addons = mkOption { type = with types; listOf package; default = []; - example = with pkgs; [ fcitx5-rime ]; + example = literalExpression "with pkgs; [ fcitx5-rime ]"; description = '' Enabled Fcitx5 addons. ''; diff --git a/nixpkgs/nixos/modules/i18n/input-method/ibus.nix b/nixpkgs/nixos/modules/i18n/input-method/ibus.nix index 1aaa5a952bea..92f8c64338a4 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/ibus.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/ibus.nix @@ -36,7 +36,7 @@ in engines = mkOption { type = with types; listOf ibusEngine; default = []; - example = literalExample "with pkgs.ibus-engines; [ mozc hangul ]"; + example = literalExpression "with pkgs.ibus-engines; [ mozc hangul ]"; description = let enginesDrv = filterAttrs (const isDerivation) pkgs.ibus-engines; @@ -48,7 +48,7 @@ in panel = mkOption { type = with types; nullOr path; default = null; - example = literalExample "''${pkgs.plasma5Packages.plasma-desktop}/lib/libexec/kimpanel-ibus-panel"; + example = literalExpression ''"''${pkgs.plasma5Packages.plasma-desktop}/lib/libexec/kimpanel-ibus-panel"''; description = "Replace the IBus panel with another panel."; }; }; diff --git a/nixpkgs/nixos/modules/i18n/input-method/kime.nix b/nixpkgs/nixos/modules/i18n/input-method/kime.nix index 2a73cb3f4605..e462cae2437b 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/kime.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/kime.nix @@ -10,7 +10,7 @@ in config = mkOption { type = yamlFormat.type; default = { }; - example = literalExample '' + example = literalExpression '' { daemon = { modules = ["Xim" "Indicator"]; diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix b/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix index 78cbf14bbaf6..4812cacabaf3 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix @@ -528,7 +528,7 @@ in }; isoImage.contents = mkOption { - example = literalExample '' + example = literalExpression '' [ { source = pkgs.memtest86 + "/memtest.bin"; target = "boot/memtest.bin"; } @@ -541,7 +541,7 @@ in }; isoImage.storeContents = mkOption { - example = literalExample "[ pkgs.stdenv ]"; + example = literalExpression "[ pkgs.stdenv ]"; description = '' This option lists additional derivations to be included in the Nix store in the generated ISO image. diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/system-tarball.nix b/nixpkgs/nixos/modules/installer/cd-dvd/system-tarball.nix index 58098c45535d..362c555cc53e 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/system-tarball.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/system-tarball.nix @@ -15,7 +15,7 @@ in { options = { tarball.contents = mkOption { - example = literalExample '' + example = literalExpression '' [ { source = pkgs.memtest86 + "/memtest.bin"; target = "boot/memtest.bin"; } @@ -28,7 +28,7 @@ in }; tarball.storeContents = mkOption { - example = literalExample "[ pkgs.stdenv ]"; + example = literalExpression "[ pkgs.stdenv ]"; description = '' This option lists additional derivations to be included in the Nix store in the generated ISO image. diff --git a/nixpkgs/nixos/modules/installer/netboot/netboot.nix b/nixpkgs/nixos/modules/installer/netboot/netboot.nix index 28b6c39b29df..145f71b5d0c7 100644 --- a/nixpkgs/nixos/modules/installer/netboot/netboot.nix +++ b/nixpkgs/nixos/modules/installer/netboot/netboot.nix @@ -9,7 +9,7 @@ with lib; options = { netboot.storeContents = mkOption { - example = literalExample "[ pkgs.stdenv ]"; + example = literalExpression "[ pkgs.stdenv ]"; description = '' This option lists additional derivations to be included in the Nix store in the generated netboot image. diff --git a/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix b/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix index 2a10a77300e8..a964cf2d6f85 100644 --- a/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix +++ b/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix @@ -49,7 +49,7 @@ in storePaths = mkOption { type = with types; listOf package; - example = literalExample "[ pkgs.stdenv ]"; + example = literalExpression "[ pkgs.stdenv ]"; description = '' Derivations to be included in the Nix store in the generated SD image. ''; @@ -107,7 +107,7 @@ in }; populateFirmwareCommands = mkOption { - example = literalExample "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''"; + example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''"; description = '' Shell commands to populate the ./firmware directory. All files in that directory are copied to the @@ -116,7 +116,7 @@ in }; populateRootCommands = mkOption { - example = literalExample "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''"; + example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''"; description = '' Shell commands to populate the ./files directory. All files in that directory are copied to the @@ -126,7 +126,7 @@ in }; postBuildCommands = mkOption { - example = literalExample "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''"; + example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''"; default = ""; description = '' Shell commands to run after the image is built. diff --git a/nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix index 15c76287e34e..cb509b7340bd 100644 --- a/nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix +++ b/nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix @@ -1,7 +1,7 @@ { - x86_64-linux = "/nix/store/jhbxh1jwjc3hjhzs9y2hifdn0rmnfwaj-nix-2.3.15"; - i686-linux = "/nix/store/9pspwnkdrgzma1l4xlv7arhwa56y16di-nix-2.3.15"; - aarch64-linux = "/nix/store/72aqi5g7f4fhgvgafbcqwcpqjgnczj48-nix-2.3.15"; - x86_64-darwin = "/nix/store/6p6qwp73dgfkqhynmxrzbx1lcfgfpqal-nix-2.3.15"; - aarch64-darwin = "/nix/store/dmq2vksdhssgfl822shd0ky3x5x0klh4-nix-2.3.15"; + x86_64-linux = "/nix/store/nzp4m3cmm7wawk031byh8jg4cdzjq212-nix-2.3.16"; + i686-linux = "/nix/store/zsaza9pwim617ak15fsc31lv65b9w3in-nix-2.3.16"; + aarch64-linux = "/nix/store/7f6z40gyd405yd50qkyzwilnqw106bx8-nix-2.3.16"; + x86_64-darwin = "/nix/store/c43kyri67ia8mibs0id5ara7gqwlkybf-nix-2.3.16"; + aarch64-darwin = "/nix/store/6jwhak3cvsgnbqs540n27g8pxnk427fr-nix-2.3.16"; } diff --git a/nixpkgs/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix b/nixpkgs/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix index e49ceba24245..8aedce2fb49c 100644 --- a/nixpkgs/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix +++ b/nixpkgs/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix @@ -8,11 +8,21 @@ let _file = "${networkExpr}@node-${vm}"; imports = [ module ]; }) (import networkExpr); -in -with import ../../../../lib/testing-python.nix { - inherit system; pkgs = import ../../../../.. { inherit system config; }; -}; -(makeTest { inherit nodes; testScript = ""; }).driverInteractive + testing = import ../../../../lib/testing-python.nix { + inherit system pkgs; + }; + + interactiveDriver = (testing.makeTest { inherit nodes; testScript = "start_all(); join_all();"; }).driverInteractive; +in + + +pkgs.runCommand "nixos-build-vms" { nativeBuildInputs = [ pkgs.makeWrapper ]; } '' + mkdir -p $out/bin + ln -s ${interactiveDriver}/bin/nixos-test-driver $out/bin/nixos-test-driver + ln -s ${interactiveDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms + wrapProgram $out/bin/nixos-test-driver \ + --add-flags "--interactive" +'' diff --git a/nixpkgs/nixos/modules/misc/documentation.nix b/nixpkgs/nixos/modules/misc/documentation.nix index 233332e2d414..e32e49dcd88e 100644 --- a/nixpkgs/nixos/modules/misc/documentation.nix +++ b/nixpkgs/nixos/modules/misc/documentation.nix @@ -6,7 +6,11 @@ let cfg = config.documentation; - manualModules = baseModules ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); + manualModules = + baseModules + # Modules for which to show options even when not imported + ++ [ ../virtualisation/qemu-vm.nix ] + ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); /* For the purpose of generating docs, evaluate options with each derivation in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}". @@ -138,7 +142,7 @@ in extraOutputsToInstall = ["man"]; ignoreCollisions = true; }; - defaultText = "all man pages in config.environment.systemPackages"; + defaultText = literalDocBook "all man pages in <option>config.environment.systemPackages</option>"; description = '' The manual pages to generate caches for if <option>generateCaches</option> is enabled. Must be a path to a directory with man pages under @@ -216,7 +220,7 @@ in Which extra NixOS module paths the generated NixOS's documentation should strip from options. ''; - example = literalExample '' + example = literalExpression '' # e.g. with options from modules in ''${pkgs.customModules}/nix: [ pkgs.customModules ] ''; diff --git a/nixpkgs/nixos/modules/misc/ids.nix b/nixpkgs/nixos/modules/misc/ids.nix index a3e491a38329..08da55df2dc2 100644 --- a/nixpkgs/nixos/modules/misc/ids.nix +++ b/nixpkgs/nixos/modules/misc/ids.nix @@ -48,7 +48,7 @@ in #disk = 6; # unused #vsftpd = 7; # dynamically allocated ass of 2021-09-14 ftp = 8; - bitlbee = 9; + # bitlbee = 9; # removed 2021-10-05 #139765 #avahi = 10; # removed 2019-05-22 nagios = 11; atd = 12; @@ -144,7 +144,7 @@ in dictd = 105; couchdb = 106; #searx = 107; # dynamically allocated as of 2020-10-27 - kippo = 108; + #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused @@ -368,7 +368,7 @@ in disk = 6; #vsftpd = 7; # dynamically allocated as of 2021-09-14 ftp = 8; - bitlbee = 9; + # bitlbee = 9; # removed 2021-10-05 #139765 #avahi = 10; # removed 2019-05-22 #nagios = 11; # unused atd = 12; @@ -462,7 +462,7 @@ in dictd = 105; couchdb = 106; #searx = 107; # dynamically allocated as of 2020-10-27 - kippo = 108; + #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused diff --git a/nixpkgs/nixos/modules/misc/locate.nix b/nixpkgs/nixos/modules/misc/locate.nix index 1d2bc8c72813..2f2986c2fec5 100644 --- a/nixpkgs/nixos/modules/misc/locate.nix +++ b/nixpkgs/nixos/modules/misc/locate.nix @@ -25,8 +25,8 @@ in { locate = mkOption { type = package; default = pkgs.findutils; - defaultText = "pkgs.findutils"; - example = "pkgs.mlocate"; + defaultText = literalExpression "pkgs.findutils"; + example = literalExpression "pkgs.mlocate"; description = '' The locate implementation to use ''; @@ -43,6 +43,9 @@ in { The format is described in <citerefentry><refentrytitle>systemd.time</refentrytitle> <manvolnum>7</manvolnum></citerefentry>. + + To disable automatic updates, set to <literal>"never"</literal> + and run <command>updatedb</command> manually. ''; }; @@ -192,6 +195,18 @@ in { { LOCATE_PATH = cfg.output; }; + environment.etc = { + # write /etc/updatedb.conf for manual calls to `updatedb` + "updatedb.conf" = { + text = '' + PRUNEFS="${lib.concatStringsSep " " cfg.pruneFS}" + PRUNENAMES="${lib.concatStringsSep " " cfg.pruneNames}" + PRUNEPATHS="${lib.concatStringsSep " " cfg.prunePaths}" + PRUNE_BIND_MOUNTSFR="${lib.boolToString cfg.pruneBindMounts}" + ''; + }; + }; + warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support the services.locate.localuser option; updatedb will run as root. (Silence with services.locate.localuser = null.)" ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; @@ -238,7 +253,7 @@ in { serviceConfig.ReadWritePaths = dirOf cfg.output; }; - systemd.timers.update-locatedb = + systemd.timers.update-locatedb = mkIf (cfg.interval != "never") { description = "Update timer for locate database"; partOf = [ "update-locatedb.service" ]; wantedBy = [ "timers.target" ]; diff --git a/nixpkgs/nixos/modules/misc/nixpkgs.nix b/nixpkgs/nixos/modules/misc/nixpkgs.nix index a2ac5c58528a..08bc4398555b 100644 --- a/nixpkgs/nixos/modules/misc/nixpkgs.nix +++ b/nixpkgs/nixos/modules/misc/nixpkgs.nix @@ -67,13 +67,13 @@ in options.nixpkgs = { pkgs = mkOption { - defaultText = literalExample - ''import "''${nixos}/.." { - inherit (cfg) config overlays localSystem crossSystem; - } - ''; + defaultText = literalExpression '' + import "''${nixos}/.." { + inherit (cfg) config overlays localSystem crossSystem; + } + ''; type = pkgsType; - example = literalExample "import <nixpkgs> {}"; + example = literalExpression "import <nixpkgs> {}"; description = '' If set, the pkgs argument to all NixOS modules is the value of this option, extended with <code>nixpkgs.overlays</code>, if @@ -109,7 +109,7 @@ in config = mkOption { default = {}; - example = literalExample + example = literalExpression '' { allowBroken = true; allowUnfree = true; } ''; @@ -125,7 +125,7 @@ in overlays = mkOption { default = []; - example = literalExample + example = literalExpression '' [ (self: super: { @@ -158,7 +158,7 @@ in # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExample + defaultText = literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Specifies the platform on which NixOS should be built. When diff --git a/nixpkgs/nixos/modules/module-list.nix b/nixpkgs/nixos/modules/module-list.nix index 4bd6fc030fc8..2f01b04a0215 100644 --- a/nixpkgs/nixos/modules/module-list.nix +++ b/nixpkgs/nixos/modules/module-list.nix @@ -135,6 +135,7 @@ ./programs/droidcam.nix ./programs/environment.nix ./programs/evince.nix + ./programs/extra-container.nix ./programs/feedbackd.nix ./programs/file-roller.nix ./programs/firejail.nix @@ -153,6 +154,7 @@ ./programs/gnupg.nix ./programs/gphoto2.nix ./programs/hamster.nix + ./programs/htop.nix ./programs/iftop.nix ./programs/iotop.nix ./programs/java.nix @@ -411,6 +413,7 @@ ./services/hardware/illum.nix ./services/hardware/interception-tools.nix ./services/hardware/irqbalance.nix + ./services/hardware/joycond.nix ./services/hardware/lcd.nix ./services/hardware/lirc.nix ./services/hardware/nvidia-optimus.nix @@ -543,6 +546,7 @@ ./services/misc/matrix-appservice-discord.nix ./services/misc/matrix-appservice-irc.nix ./services/misc/matrix-synapse.nix + ./services/misc/mautrix-facebook.nix ./services/misc/mautrix-telegram.nix ./services/misc/mbpfan.nix ./services/misc/mediatomb.nix @@ -569,6 +573,7 @@ ./services/misc/plex.nix ./services/misc/plikd.nix ./services/misc/podgrab.nix + ./services/misc/prowlarr.nix ./services/misc/tautulli.nix ./services/misc/pinnwand.nix ./services/misc/pykms.nix @@ -594,6 +599,7 @@ ./services/misc/sysprof.nix ./services/misc/taskserver ./services/misc/tiddlywiki.nix + ./services/misc/tp-auto-kbbl.nix ./services/misc/tzupdate.nix ./services/misc/uhub.nix ./services/misc/weechat.nix @@ -756,7 +762,6 @@ ./services/networking/kea.nix ./services/networking/keepalived/default.nix ./services/networking/keybase.nix - ./services/networking/kippo.nix ./services/networking/knot.nix ./services/networking/kresd.nix ./services/networking/lambdabot.nix @@ -776,6 +781,7 @@ ./services/networking/mstpd.nix ./services/networking/mtprotoproxy.nix ./services/networking/mullvad-vpn.nix + ./services/networking/multipath.nix ./services/networking/murmur.nix ./services/networking/mxisd.nix ./services/networking/namecoind.nix @@ -880,7 +886,6 @@ ./services/video/unifi-video.nix ./services/networking/v2ray.nix ./services/networking/vsftpd.nix - ./services/networking/wakeonlan.nix ./services/networking/wasabibackend.nix ./services/networking/websockify.nix ./services/networking/wg-quick.nix @@ -965,6 +970,7 @@ ./services/web-apps/calibre-web.nix ./services/web-apps/convos.nix ./services/web-apps/cryptpad.nix + ./services/web-apps/dex.nix ./services/web-apps/discourse.nix ./services/web-apps/documize.nix ./services/web-apps/dokuwiki.nix @@ -983,6 +989,7 @@ ./services/web-apps/jirafeau.nix ./services/web-apps/jitsi-meet.nix ./services/web-apps/keycloak.nix + ./services/web-apps/lemmy.nix ./services/web-apps/limesurvey.nix ./services/web-apps/mastodon.nix ./services/web-apps/mattermost.nix @@ -992,6 +999,7 @@ ./services/web-apps/nextcloud.nix ./services/web-apps/nexus.nix ./services/web-apps/node-red.nix + ./services/web-apps/pict-rs.nix ./services/web-apps/plantuml-server.nix ./services/web-apps/plausible.nix ./services/web-apps/pgpkeyserver-lite.nix diff --git a/nixpkgs/nixos/modules/programs/atop.nix b/nixpkgs/nixos/modules/programs/atop.nix index 918c228b3f52..ad75ab27666c 100644 --- a/nixpkgs/nixos/modules/programs/atop.nix +++ b/nixpkgs/nixos/modules/programs/atop.nix @@ -19,7 +19,7 @@ in package = mkOption { type = types.package; default = pkgs.atop; - defaultText = "pkgs.atop"; + defaultText = literalExpression "pkgs.atop"; description = '' Which package to use for Atop. ''; @@ -37,7 +37,7 @@ in package = mkOption { type = types.package; default = config.boot.kernelPackages.netatop; - defaultText = "config.boot.kernelPackages.netatop"; + defaultText = literalExpression "config.boot.kernelPackages.netatop"; description = '' Which package to use for netatop. ''; diff --git a/nixpkgs/nixos/modules/programs/captive-browser.nix b/nixpkgs/nixos/modules/programs/captive-browser.nix index 4e8abdeecf0b..0f5d087e8d87 100644 --- a/nixpkgs/nixos/modules/programs/captive-browser.nix +++ b/nixpkgs/nixos/modules/programs/captive-browser.nix @@ -14,7 +14,7 @@ in package = mkOption { type = types.package; default = pkgs.captive-browser; - defaultText = "pkgs.captive-browser"; + defaultText = literalExpression "pkgs.captive-browser"; description = "Which package to use for captive-browser"; }; diff --git a/nixpkgs/nixos/modules/programs/ccache.nix b/nixpkgs/nixos/modules/programs/ccache.nix index 35a4373f6128..0f7fd0a3683c 100644 --- a/nixpkgs/nixos/modules/programs/ccache.nix +++ b/nixpkgs/nixos/modules/programs/ccache.nix @@ -28,7 +28,7 @@ in { # "nix-ccache --show-stats" and "nix-ccache --clear" security.wrappers.nix-ccache = { - owner = "nobody"; + owner = "root"; group = "nixbld"; setuid = false; setgid = true; diff --git a/nixpkgs/nixos/modules/programs/chromium.nix b/nixpkgs/nixos/modules/programs/chromium.nix index b727f850a949..602253a321d7 100644 --- a/nixpkgs/nixos/modules/programs/chromium.nix +++ b/nixpkgs/nixos/modules/programs/chromium.nix @@ -33,7 +33,7 @@ in for additional details. ''; default = []; - example = literalExample '' + example = literalExpression '' [ "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot @@ -75,7 +75,7 @@ in Make sure the selected policy is supported on Linux and your browser version. ''; default = {}; - example = literalExample '' + example = literalExpression '' { "BrowserSignin" = 0; "SyncDisabled" = true; diff --git a/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.pl b/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.pl index 6e275bcc8be6..220d057b7f4f 100644 --- a/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.pl +++ b/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.pl @@ -25,14 +25,7 @@ if (!defined $res || scalar @$res == 0) { print STDERR "$program: command not found\n"; } elsif (scalar @$res == 1) { my $package = @$res[0]->{package}; - if ($ENV{"NIX_AUTO_INSTALL"} // "") { - print STDERR <<EOF; -The program '$program' is currently not installed. It is provided by -the package '$package', which I will now install for you. -EOF - ; - exit 126 if system("nix-env", "-iA", "nixos.$package") == 0; - } elsif ($ENV{"NIX_AUTO_RUN"} // "") { + if ($ENV{"NIX_AUTO_RUN"} // "") { exec("nix-shell", "-p", $package, "--run", shell_quote("exec", @ARGV)); } else { print STDERR <<EOF; diff --git a/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix b/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix index 2fe0a14412c5..cabdf260cda3 100644 --- a/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix @@ -19,7 +19,7 @@ in package = mkOption { type = types.package; default = pkgs.digitalbitbox; - defaultText = "pkgs.digitalbitbox"; + defaultText = literalExpression "pkgs.digitalbitbox"; description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults."; }; }; diff --git a/nixpkgs/nixos/modules/programs/dmrconfig.nix b/nixpkgs/nixos/modules/programs/dmrconfig.nix index e48a4f318370..d2a5117c48ef 100644 --- a/nixpkgs/nixos/modules/programs/dmrconfig.nix +++ b/nixpkgs/nixos/modules/programs/dmrconfig.nix @@ -24,7 +24,7 @@ in { package = mkOption { default = pkgs.dmrconfig; type = types.package; - defaultText = "pkgs.dmrconfig"; + defaultText = literalExpression "pkgs.dmrconfig"; description = "dmrconfig derivation to use"; }; }; diff --git a/nixpkgs/nixos/modules/programs/environment.nix b/nixpkgs/nixos/modules/programs/environment.nix index 39010323f61e..d552c751afd7 100644 --- a/nixpkgs/nixos/modules/programs/environment.nix +++ b/nixpkgs/nixos/modules/programs/environment.nix @@ -18,12 +18,16 @@ in environment.variables = { NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; + # note: many programs exec() this directly, so default options for less must not + # be specified here; do so in the default value of programs.less.envVariables instead PAGER = mkDefault "less"; - LESS = mkDefault "-R"; EDITOR = mkDefault "nano"; XDG_CONFIG_DIRS = [ "/etc/xdg" ]; # needs to be before profile-relative paths to allow changes through environment.etc }; + # since we set PAGER to this above, make sure it's installed + programs.less.enable = true; + environment.profiles = mkAfter [ "/nix/var/nix/profiles/default" "/run/current-system/sw" diff --git a/nixpkgs/nixos/modules/programs/evince.nix b/nixpkgs/nixos/modules/programs/evince.nix index 473fddb09d02..c033230afb10 100644 --- a/nixpkgs/nixos/modules/programs/evince.nix +++ b/nixpkgs/nixos/modules/programs/evince.nix @@ -4,7 +4,9 @@ with lib; -{ +let cfg = config.programs.evince; + +in { # Added 2019-08-09 imports = [ @@ -22,6 +24,13 @@ with lib; enable = mkEnableOption "Evince, the GNOME document viewer"; + package = mkOption { + type = types.package; + default = pkgs.evince; + defaultText = literalExpression "pkgs.evince"; + description = "Evince derivation to use."; + }; + }; }; @@ -31,11 +40,11 @@ with lib; config = mkIf config.programs.evince.enable { - environment.systemPackages = [ pkgs.evince ]; + environment.systemPackages = [ cfg.package ]; - services.dbus.packages = [ pkgs.evince ]; + services.dbus.packages = [ cfg.package ]; - systemd.packages = [ pkgs.evince ]; + systemd.packages = [ cfg.package ]; }; diff --git a/nixpkgs/nixos/modules/programs/extra-container.nix b/nixpkgs/nixos/modules/programs/extra-container.nix new file mode 100644 index 000000000000..c10ccd769168 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/extra-container.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.programs.extra-container; +in { + options = { + programs.extra-container.enable = mkEnableOption '' + extra-container, a tool for running declarative NixOS containers + without host system rebuilds + ''; + }; + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.extra-container ]; + boot.extraSystemdUnitPaths = [ "/etc/systemd-mutable/system" ]; + }; +} diff --git a/nixpkgs/nixos/modules/programs/feedbackd.nix b/nixpkgs/nixos/modules/programs/feedbackd.nix index bb14489a6f4d..4194080c8a73 100644 --- a/nixpkgs/nixos/modules/programs/feedbackd.nix +++ b/nixpkgs/nixos/modules/programs/feedbackd.nix @@ -18,6 +18,7 @@ in { ''; type = types.package; default = pkgs.feedbackd; + defaultText = literalExpression "pkgs.feedbackd"; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/firejail.nix b/nixpkgs/nixos/modules/programs/firejail.nix index 9384b01b3674..41db4f0136ef 100644 --- a/nixpkgs/nixos/modules/programs/firejail.nix +++ b/nixpkgs/nixos/modules/programs/firejail.nix @@ -40,13 +40,13 @@ in { executable = mkOption { type = types.path; description = "Executable to run sandboxed"; - example = literalExample "''${lib.getBin pkgs.firefox}/bin/firefox"; + example = literalExpression ''"''${lib.getBin pkgs.firefox}/bin/firefox"''; }; profile = mkOption { type = types.nullOr types.path; default = null; description = "Profile to use"; - example = literalExample "''${pkgs.firejail}/etc/firejail/firefox.profile"; + example = literalExpression ''"''${pkgs.firejail}/etc/firejail/firefox.profile"''; }; extraArgs = mkOption { type = types.listOf types.str; @@ -57,7 +57,7 @@ in { }; })); default = {}; - example = literalExample '' + example = literalExpression '' { firefox = { executable = "''${lib.getBin pkgs.firefox}/bin/firefox"; diff --git a/nixpkgs/nixos/modules/programs/flexoptix-app.nix b/nixpkgs/nixos/modules/programs/flexoptix-app.nix index 93dcdfeb5147..5e169be2d893 100644 --- a/nixpkgs/nixos/modules/programs/flexoptix-app.nix +++ b/nixpkgs/nixos/modules/programs/flexoptix-app.nix @@ -13,7 +13,7 @@ in { description = "FLEXOPTIX app package to use"; type = types.package; default = pkgs.flexoptix-app; - defaultText = "\${pkgs.flexoptix-app}"; + defaultText = literalExpression "pkgs.flexoptix-app"; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/freetds.nix b/nixpkgs/nixos/modules/programs/freetds.nix index b4b657e391bf..d95c44d756af 100644 --- a/nixpkgs/nixos/modules/programs/freetds.nix +++ b/nixpkgs/nixos/modules/programs/freetds.nix @@ -17,7 +17,7 @@ in environment.freetds = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { MYDATABASE = ''' host = 10.0.2.100 port = 1433 diff --git a/nixpkgs/nixos/modules/programs/gamemode.nix b/nixpkgs/nixos/modules/programs/gamemode.nix index 102788f5b019..a377a1619aa0 100644 --- a/nixpkgs/nixos/modules/programs/gamemode.nix +++ b/nixpkgs/nixos/modules/programs/gamemode.nix @@ -23,7 +23,7 @@ in System-wide configuration for GameMode (/etc/gamemode.ini). See gamemoded(8) man page for available settings. ''; - example = literalExample '' + example = literalExpression '' { general = { renice = 10; diff --git a/nixpkgs/nixos/modules/programs/git.nix b/nixpkgs/nixos/modules/programs/git.nix index 4e06b576f896..06ce374b1992 100644 --- a/nixpkgs/nixos/modules/programs/git.nix +++ b/nixpkgs/nixos/modules/programs/git.nix @@ -14,13 +14,13 @@ in package = mkOption { type = types.package; default = pkgs.git; - defaultText = "pkgs.git"; - example = literalExample "pkgs.gitFull"; + defaultText = literalExpression "pkgs.git"; + example = literalExpression "pkgs.gitFull"; description = "The git package to use"; }; config = mkOption { - type = types.attrs; + type = with types; attrsOf (attrsOf anything); default = { }; example = { init.defaultBranch = "main"; @@ -31,15 +31,39 @@ in section of git-config(1) for more information. ''; }; - }; - }; - config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; - environment.etc.gitconfig = mkIf (cfg.config != {}) { - text = generators.toGitINI cfg.config; + lfs = { + enable = mkEnableOption "git-lfs"; + + package = mkOption { + type = types.package; + default = pkgs.git-lfs; + defaultText = literalExpression "pkgs.git-lfs"; + description = "The git-lfs package to use"; + }; + }; }; }; + config = mkMerge [ + (mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + environment.etc.gitconfig = mkIf (cfg.config != {}) { + text = generators.toGitINI cfg.config; + }; + }) + (mkIf (cfg.enable && cfg.lfs.enable) { + environment.systemPackages = [ cfg.lfs.package ]; + programs.git.config = { + filter.lfs = { + clean = "git-lfs clean -- %f"; + smudge = "git-lfs smudge -- %f"; + process = "git-lfs filter-process"; + required = true; + }; + }; + }) + ]; + meta.maintainers = with maintainers; [ figsoda ]; } diff --git a/nixpkgs/nixos/modules/programs/gnupg.nix b/nixpkgs/nixos/modules/programs/gnupg.nix index ce8799b21d69..06f49182e4df 100644 --- a/nixpkgs/nixos/modules/programs/gnupg.nix +++ b/nixpkgs/nixos/modules/programs/gnupg.nix @@ -27,7 +27,7 @@ in package = mkOption { type = types.package; default = pkgs.gnupg; - defaultText = "pkgs.gnupg"; + defaultText = literalExpression "pkgs.gnupg"; description = '' The gpg package that should be used. ''; diff --git a/nixpkgs/nixos/modules/programs/htop.nix b/nixpkgs/nixos/modules/programs/htop.nix new file mode 100644 index 000000000000..5c197838e47c --- /dev/null +++ b/nixpkgs/nixos/modules/programs/htop.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.programs.htop; + + fmt = value: + if isList value then concatStringsSep " " (map fmt value) else + if isString value then value else + if isBool value || isInt value then toString value else + throw "Unrecognized type ${typeOf value} in htop settings"; + +in + +{ + + options.programs.htop = { + package = mkOption { + type = types.package; + default = pkgs.htop; + defaultText = "pkgs.htop"; + description = '' + The htop package that should be used. + ''; + }; + + enable = mkEnableOption "htop process monitor"; + + settings = mkOption { + type = with types; attrsOf (oneOf [ str int bool (listOf (oneOf [ str int bool ])) ]); + default = {}; + example = { + hide_kernel_threads = true; + hide_userland_threads = true; + }; + description = '' + Extra global default configuration for htop + which is read on first startup only. + Htop subsequently uses ~/.config/htop/htoprc + as configuration source. + ''; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ + cfg.package + ]; + + environment.etc."htoprc".text = '' + # Global htop configuration + # To change set: programs.htop.settings.KEY = VALUE; + '' + concatStringsSep "\n" (mapAttrsToList (key: value: "${key}=${fmt value}") cfg.settings); + }; + +} diff --git a/nixpkgs/nixos/modules/programs/java.nix b/nixpkgs/nixos/modules/programs/java.nix index d31698c3b392..4e4e0629e5d9 100644 --- a/nixpkgs/nixos/modules/programs/java.nix +++ b/nixpkgs/nixos/modules/programs/java.nix @@ -34,7 +34,7 @@ in package = mkOption { default = pkgs.jdk; - defaultText = "pkgs.jdk"; + defaultText = literalExpression "pkgs.jdk"; description = '' Java package to install. Typical values are pkgs.jdk or pkgs.jre. ''; diff --git a/nixpkgs/nixos/modules/programs/kdeconnect.nix b/nixpkgs/nixos/modules/programs/kdeconnect.nix index 673449b9f633..df698e84dd70 100644 --- a/nixpkgs/nixos/modules/programs/kdeconnect.nix +++ b/nixpkgs/nixos/modules/programs/kdeconnect.nix @@ -13,9 +13,9 @@ with lib; ''; package = mkOption { default = pkgs.kdeconnect; - defaultText = "pkgs.kdeconnect"; + defaultText = literalExpression "pkgs.kdeconnect"; type = types.package; - example = literalExample "pkgs.gnomeExtensions.gsconnect"; + example = literalExpression "pkgs.gnomeExtensions.gsconnect"; description = '' The package providing the implementation for kdeconnect. ''; diff --git a/nixpkgs/nixos/modules/programs/less.nix b/nixpkgs/nixos/modules/programs/less.nix index 09cb6030e661..794146b19faf 100644 --- a/nixpkgs/nixos/modules/programs/less.nix +++ b/nixpkgs/nixos/modules/programs/less.nix @@ -24,9 +24,7 @@ let } ''; - lessKey = pkgs.runCommand "lesskey" - { src = pkgs.writeText "lessconfig" configText; preferLocalBuild = true; } - "${pkgs.less}/bin/lesskey -o $out $src"; + lessKey = pkgs.writeText "lessconfig" configText; in @@ -35,12 +33,14 @@ in programs.less = { + # note that environment.nix sets PAGER=less, and + # therefore also enables this module enable = mkEnableOption "less"; configFile = mkOption { type = types.nullOr types.path; default = null; - example = literalExample "\${pkgs.my-configs}/lesskey"; + example = literalExpression ''"''${pkgs.my-configs}/lesskey"''; description = '' Path to lesskey configuration file. @@ -81,7 +81,9 @@ in envVariables = mkOption { type = types.attrsOf types.str; - default = {}; + default = { + LESS = "-R"; + }; example = { LESS = "--quit-if-one-screen"; }; @@ -91,6 +93,7 @@ in lessopen = mkOption { type = types.nullOr types.str; default = "|${pkgs.lesspipe}/bin/lesspipe.sh %s"; + defaultText = literalExpression ''"|''${pkgs.lesspipe}/bin/lesspipe.sh %s"''; description = '' Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed. ''; @@ -111,7 +114,7 @@ in environment.systemPackages = [ pkgs.less ]; environment.variables = { - LESSKEY_SYSTEM = toString lessKey; + LESSKEYIN_SYSTEM = toString lessKey; } // optionalAttrs (cfg.lessopen != null) { LESSOPEN = cfg.lessopen; } // optionalAttrs (cfg.lessclose != null) { diff --git a/nixpkgs/nixos/modules/programs/mosh.nix b/nixpkgs/nixos/modules/programs/mosh.nix index 359fe23e0ecd..e08099e21a00 100644 --- a/nixpkgs/nixos/modules/programs/mosh.nix +++ b/nixpkgs/nixos/modules/programs/mosh.nix @@ -33,7 +33,7 @@ in security.wrappers = mkIf cfg.withUtempter { utempter = { source = "${pkgs.libutempter}/lib/utempter/utempter"; - owner = "nobody"; + owner = "root"; group = "utmp"; setuid = false; setgid = true; diff --git a/nixpkgs/nixos/modules/programs/mtr.nix b/nixpkgs/nixos/modules/programs/mtr.nix index 63516c58440e..3cffe0fd8b2f 100644 --- a/nixpkgs/nixos/modules/programs/mtr.nix +++ b/nixpkgs/nixos/modules/programs/mtr.nix @@ -20,6 +20,7 @@ in { package = mkOption { type = types.package; default = pkgs.mtr; + defaultText = literalExpression "pkgs.mtr"; description = '' The package to use. ''; diff --git a/nixpkgs/nixos/modules/programs/neovim.nix b/nixpkgs/nixos/modules/programs/neovim.nix index 781c31d2b0ce..97b77ae98fe2 100644 --- a/nixpkgs/nixos/modules/programs/neovim.nix +++ b/nixpkgs/nixos/modules/programs/neovim.nix @@ -47,18 +47,18 @@ in { configure = mkOption { type = types.attrs; default = {}; - example = literalExample '' - configure = { - customRC = $'''' + example = literalExpression '' + { + customRC = ''' " here your custom configuration goes! - $''''; - packages.myVimPackage = with pkgs.vimPlugins; { - # loaded on launch - start = [ fugitive ]; - # manually loadable by calling `:packadd $plugin-name` - opt = [ ]; - }; + '''; + packages.myVimPackage = with pkgs.vimPlugins; { + # loaded on launch + start = [ fugitive ]; + # manually loadable by calling `:packadd $plugin-name` + opt = [ ]; }; + } ''; description = '' Generate your init file from your list of plugins and custom commands. @@ -69,7 +69,7 @@ in { package = mkOption { type = types.package; default = pkgs.neovim-unwrapped; - defaultText = literalExample "pkgs.neovim-unwrapped"; + defaultText = literalExpression "pkgs.neovim-unwrapped"; description = "The package to use for the neovim binary."; }; @@ -82,8 +82,8 @@ in { runtime = mkOption { default = {}; - example = literalExample '' - runtime."ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; + example = literalExpression '' + { "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; } ''; description = '' Set of files that have to be linked in <filename>runtime</filename>. diff --git a/nixpkgs/nixos/modules/programs/noisetorch.nix b/nixpkgs/nixos/modules/programs/noisetorch.nix index bca68b0064c0..f76555289f1a 100644 --- a/nixpkgs/nixos/modules/programs/noisetorch.nix +++ b/nixpkgs/nixos/modules/programs/noisetorch.nix @@ -10,6 +10,7 @@ in { package = mkOption { type = types.package; default = pkgs.noisetorch; + defaultText = literalExpression "pkgs.noisetorch"; description = '' The noisetorch package to use. ''; diff --git a/nixpkgs/nixos/modules/programs/npm.nix b/nixpkgs/nixos/modules/programs/npm.nix index f101a44587a1..d79c6c734000 100644 --- a/nixpkgs/nixos/modules/programs/npm.nix +++ b/nixpkgs/nixos/modules/programs/npm.nix @@ -14,10 +14,11 @@ in enable = mkEnableOption "<command>npm</command> global config"; package = mkOption { - type = types.path; + type = types.package; description = "The npm package version / flavor to use"; default = pkgs.nodePackages.npm; - example = literalExample "pkgs.nodePackages_13_x.npm"; + defaultText = literalExpression "pkgs.nodePackages.npm"; + example = literalExpression "pkgs.nodePackages_13_x.npm"; }; npmrc = mkOption { diff --git a/nixpkgs/nixos/modules/programs/proxychains.nix b/nixpkgs/nixos/modules/programs/proxychains.nix index 7743f79c1c0a..3f44e23a93ef 100644 --- a/nixpkgs/nixos/modules/programs/proxychains.nix +++ b/nixpkgs/nixos/modules/programs/proxychains.nix @@ -120,7 +120,7 @@ in { Proxies to be used by proxychains. ''; - example = literalExample '' + example = literalExpression '' { myproxy = { type = "socks4"; host = "127.0.0.1"; diff --git a/nixpkgs/nixos/modules/programs/shadow.nix b/nixpkgs/nixos/modules/programs/shadow.nix index e021f184179d..963cd8853dbb 100644 --- a/nixpkgs/nixos/modules/programs/shadow.nix +++ b/nixpkgs/nixos/modules/programs/shadow.nix @@ -66,7 +66,7 @@ in This must not be a store path, since the path is used outside the store (in particular in /etc/passwd). ''; - example = literalExample "pkgs.zsh"; + example = literalExpression "pkgs.zsh"; type = types.either types.path types.shellPackage; }; diff --git a/nixpkgs/nixos/modules/programs/spacefm.nix b/nixpkgs/nixos/modules/programs/spacefm.nix index 6d03608402fc..822fca3ecec7 100644 --- a/nixpkgs/nixos/modules/programs/spacefm.nix +++ b/nixpkgs/nixos/modules/programs/spacefm.nix @@ -29,11 +29,13 @@ in terminal_su = "${pkgs.sudo}/bin/sudo"; graphical_su = "${pkgs.gksu}/bin/gksu"; }; - example = literalExample ''{ - tmp_dir = "/tmp"; - terminal_su = "''${pkgs.sudo}/bin/sudo"; - graphical_su = "''${pkgs.gksu}/bin/gksu"; - }''; + defaultText = literalExpression '' + { + tmp_dir = "/tmp"; + terminal_su = "''${pkgs.sudo}/bin/sudo"; + graphical_su = "''${pkgs.gksu}/bin/gksu"; + } + ''; description = '' The system-wide spacefm configuration. Parameters to be written to <filename>/etc/spacefm/spacefm.conf</filename>. diff --git a/nixpkgs/nixos/modules/programs/ssh.nix b/nixpkgs/nixos/modules/programs/ssh.nix index 795f1a9f7b44..5da15b68cf7d 100644 --- a/nixpkgs/nixos/modules/programs/ssh.nix +++ b/nixpkgs/nixos/modules/programs/ssh.nix @@ -36,6 +36,7 @@ in askPassword = mkOption { type = types.str; default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; + defaultText = literalExpression ''"''${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"''; description = "Program used by SSH to ask for passwords."; }; @@ -113,7 +114,7 @@ in agentPKCS11Whitelist = mkOption { type = types.nullOr types.str; default = null; - example = "\${pkgs.opensc}/lib/opensc-pkcs11.so"; + example = literalExpression ''"''${pkgs.opensc}/lib/opensc-pkcs11.so"''; description = '' A pattern-list of acceptable paths for PKCS#11 shared libraries that may be used with the -s option to ssh-add. @@ -123,7 +124,7 @@ in package = mkOption { type = types.package; default = pkgs.openssh; - defaultText = "pkgs.openssh"; + defaultText = literalExpression "pkgs.openssh"; description = '' The package used for the openssh client and daemon. ''; @@ -180,7 +181,7 @@ in description = '' The set of system-wide known SSH hosts. ''; - example = literalExample '' + example = literalExpression '' { myhost = { hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ]; diff --git a/nixpkgs/nixos/modules/programs/ssmtp.nix b/nixpkgs/nixos/modules/programs/ssmtp.nix index e28a14538ecd..b454bf35229e 100644 --- a/nixpkgs/nixos/modules/programs/ssmtp.nix +++ b/nixpkgs/nixos/modules/programs/ssmtp.nix @@ -54,7 +54,7 @@ in <citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { Debug = true; FromLineOverride = false; diff --git a/nixpkgs/nixos/modules/programs/sway.nix b/nixpkgs/nixos/modules/programs/sway.nix index d5819a08e8f2..caf329c2536a 100644 --- a/nixpkgs/nixos/modules/programs/sway.nix +++ b/nixpkgs/nixos/modules/programs/sway.nix @@ -92,10 +92,10 @@ in { default = with pkgs; [ swaylock swayidle alacritty dmenu ]; - defaultText = literalExample '' + defaultText = literalExpression '' with pkgs; [ swaylock swayidle alacritty dmenu ]; ''; - example = literalExample '' + example = literalExpression '' with pkgs; [ i3status i3status-rust termite rofi light diff --git a/nixpkgs/nixos/modules/programs/tsm-client.nix b/nixpkgs/nixos/modules/programs/tsm-client.nix index 7ac4086d5f09..65d4db7834ff 100644 --- a/nixpkgs/nixos/modules/programs/tsm-client.nix +++ b/nixpkgs/nixos/modules/programs/tsm-client.nix @@ -5,7 +5,7 @@ let inherit (builtins) length map; inherit (lib.attrsets) attrNames filterAttrs hasAttr mapAttrs mapAttrsToList optionalAttrs; inherit (lib.modules) mkDefault mkIf; - inherit (lib.options) literalExample mkEnableOption mkOption; + inherit (lib.options) literalExpression mkEnableOption mkOption; inherit (lib.strings) concatStringsSep optionalString toLower; inherit (lib.types) addCheck attrsOf lines nullOr package path port str strMatching submodule; @@ -123,7 +123,7 @@ let }; options.text = mkOption { type = lines; - example = literalExample + example = literalExpression ''lib.modules.mkAfter "compression no"''; description = '' Additional text lines for the server stanza. @@ -218,8 +218,8 @@ let package = mkOption { type = package; default = pkgs.tsm-client; - defaultText = "pkgs.tsm-client"; - example = literalExample "pkgs.tsm-client-withGui"; + defaultText = literalExpression "pkgs.tsm-client"; + example = literalExpression "pkgs.tsm-client-withGui"; description = '' The TSM client derivation to be added to the system environment. diff --git a/nixpkgs/nixos/modules/programs/vim.nix b/nixpkgs/nixos/modules/programs/vim.nix index 9f46dff2a293..1695bc994732 100644 --- a/nixpkgs/nixos/modules/programs/vim.nix +++ b/nixpkgs/nixos/modules/programs/vim.nix @@ -18,8 +18,8 @@ in { package = mkOption { type = types.package; default = pkgs.vim; - defaultText = "pkgs.vim"; - example = "pkgs.vimHugeX"; + defaultText = literalExpression "pkgs.vim"; + example = literalExpression "pkgs.vimHugeX"; description = '' vim package to use. ''; diff --git a/nixpkgs/nixos/modules/programs/wireshark.nix b/nixpkgs/nixos/modules/programs/wireshark.nix index 819f15b98a05..f7b0727cb2b3 100644 --- a/nixpkgs/nixos/modules/programs/wireshark.nix +++ b/nixpkgs/nixos/modules/programs/wireshark.nix @@ -19,7 +19,7 @@ in { package = mkOption { type = types.package; default = pkgs.wireshark-cli; - defaultText = "pkgs.wireshark-cli"; + defaultText = literalExpression "pkgs.wireshark-cli"; description = '' Which Wireshark package to install in the global environment. ''; diff --git a/nixpkgs/nixos/modules/programs/xonsh.nix b/nixpkgs/nixos/modules/programs/xonsh.nix index c06fd1655c20..6e40db51cdb2 100644 --- a/nixpkgs/nixos/modules/programs/xonsh.nix +++ b/nixpkgs/nixos/modules/programs/xonsh.nix @@ -27,7 +27,8 @@ in package = mkOption { type = types.package; default = pkgs.xonsh; - example = literalExample "pkgs.xonsh.override { configFile = \"/path/to/xonshrc\"; }"; + defaultText = literalExpression "pkgs.xonsh"; + example = literalExpression "pkgs.xonsh.override { configFile = \"/path/to/xonshrc\"; }"; description = '' xonsh package to use. ''; diff --git a/nixpkgs/nixos/modules/programs/xss-lock.nix b/nixpkgs/nixos/modules/programs/xss-lock.nix index ceb7259b3d77..aba76133e5e3 100644 --- a/nixpkgs/nixos/modules/programs/xss-lock.nix +++ b/nixpkgs/nixos/modules/programs/xss-lock.nix @@ -11,7 +11,8 @@ in lockerCommand = mkOption { default = "${pkgs.i3lock}/bin/i3lock"; - example = literalExample "\${pkgs.i3lock-fancy}/bin/i3lock-fancy"; + defaultText = literalExpression ''"''${pkgs.i3lock}/bin/i3lock"''; + example = literalExpression ''"''${pkgs.i3lock-fancy}/bin/i3lock-fancy"''; type = types.separatedString " "; description = "Locker to be used with xsslock"; }; diff --git a/nixpkgs/nixos/modules/programs/xwayland.nix b/nixpkgs/nixos/modules/programs/xwayland.nix index cb3c9c5b156c..3a8080fa4c4d 100644 --- a/nixpkgs/nixos/modules/programs/xwayland.nix +++ b/nixpkgs/nixos/modules/programs/xwayland.nix @@ -16,9 +16,8 @@ in type = types.str; default = optionalString config.fonts.fontDir.enable "/run/current-system/sw/share/X11/fonts"; - defaultText = literalExample '' - optionalString config.fonts.fontDir.enable - "/run/current-system/sw/share/X11/fonts"; + defaultText = literalExpression '' + optionalString config.fonts.fontDir.enable "/run/current-system/sw/share/X11/fonts" ''; description = '' Default font path. Setting this option causes Xwayland to be rebuilt. @@ -30,10 +29,10 @@ in default = pkgs.xwayland.override (oldArgs: { inherit (cfg) defaultFontPath; }); - defaultText = literalExample '' + defaultText = literalExpression '' pkgs.xwayland.override (oldArgs: { inherit (config.programs.xwayland) defaultFontPath; - }); + }) ''; description = "The Xwayland package to use."; }; diff --git a/nixpkgs/nixos/modules/programs/yabar.nix b/nixpkgs/nixos/modules/programs/yabar.nix index 5de9331ac520..a8fac41e899c 100644 --- a/nixpkgs/nixos/modules/programs/yabar.nix +++ b/nixpkgs/nixos/modules/programs/yabar.nix @@ -45,7 +45,8 @@ in package = mkOption { default = pkgs.yabar-unstable; - example = literalExample "pkgs.yabar"; + defaultText = literalExpression "pkgs.yabar-unstable"; + example = literalExpression "pkgs.yabar"; type = types.package; # `yabar-stable` segfaults under certain conditions. diff --git a/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix b/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix index f24842a47919..9d7622bd3287 100644 --- a/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix +++ b/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix @@ -48,7 +48,7 @@ in package = mkOption { default = pkgs.oh-my-zsh; - defaultText = "pkgs.oh-my-zsh"; + defaultText = literalExpression "pkgs.oh-my-zsh"; description = '' Package to install for `oh-my-zsh` usage. ''; diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix b/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix index 630114bcda9f..62f497a45dd0 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix @@ -10,7 +10,7 @@ in { enable = mkEnableOption "zsh-autoenv"; package = mkOption { default = pkgs.zsh-autoenv; - defaultText = "pkgs.zsh-autoenv"; + defaultText = literalExpression "pkgs.zsh-autoenv"; description = '' Package to install for `zsh-autoenv` usage. ''; diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix b/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix index 037888fdc5a8..a8fcfff95e59 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix @@ -40,7 +40,7 @@ in type = with types; attrsOf str; default = {}; description = "Attribute set with additional configuration values"; - example = literalExample '' + example = literalExpression '' { "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20"; } diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix b/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix index 927a904369d5..1eb53ccae52b 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix @@ -42,7 +42,7 @@ in default = {}; type = types.attrsOf types.str; - example = literalExample '' + example = literalExpression '' { "rm -rf *" = "fg=white,bold,bg=red"; } @@ -59,7 +59,7 @@ in default = {}; type = types.attrsOf types.str; - example = literalExample '' + example = literalExpression '' { "alias" = "fg=magenta,bold"; } diff --git a/nixpkgs/nixos/modules/rename.nix b/nixpkgs/nixos/modules/rename.nix index 4db6efb75d82..8e1d6f7bc4a5 100644 --- a/nixpkgs/nixos/modules/rename.nix +++ b/nixpkgs/nixos/modules/rename.nix @@ -79,6 +79,9 @@ with lib; The hidepid module was removed, since the underlying machinery is broken when using cgroups-v2. '') + (mkRemovedOptionModule ["services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan") + + (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.") # Do NOT add any option renames here, see top of the file ]; diff --git a/nixpkgs/nixos/modules/security/acme.nix b/nixpkgs/nixos/modules/security/acme.nix index bcbd17d8e10e..f522b7c4128b 100644 --- a/nixpkgs/nixos/modules/security/acme.nix +++ b/nixpkgs/nixos/modules/security/acme.nix @@ -486,7 +486,7 @@ let extraDomainNames = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ "example.org" "mydomain.org" @@ -656,7 +656,7 @@ in { to those units if they rely on the certificates being present, or trigger restarts of the service if certificates get renewed. ''; - example = literalExample '' + example = literalExpression '' { "example.com" = { webroot = "/var/lib/acme/acme-challenge/"; diff --git a/nixpkgs/nixos/modules/security/ca.nix b/nixpkgs/nixos/modules/security/ca.nix index 7df86e71423f..83c15f90f92e 100644 --- a/nixpkgs/nixos/modules/security/ca.nix +++ b/nixpkgs/nixos/modules/security/ca.nix @@ -24,7 +24,7 @@ in security.pki.certificateFiles = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]"; + example = literalExpression ''[ "''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]''; description = '' A list of files containing trusted root certificates in PEM format. These are concatenated to form @@ -37,7 +37,7 @@ in security.pki.certificates = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ ''' NixOS.org ========= diff --git a/nixpkgs/nixos/modules/security/dhparams.nix b/nixpkgs/nixos/modules/security/dhparams.nix index 62a499ea624d..012be2887d89 100644 --- a/nixpkgs/nixos/modules/security/dhparams.nix +++ b/nixpkgs/nixos/modules/security/dhparams.nix @@ -53,7 +53,7 @@ in { coerce = bits: { inherit bits; }; in attrsOf (coercedTo int coerce (submodule paramsSubmodule)); default = {}; - example = lib.literalExample "{ nginx.bits = 3072; }"; + example = lib.literalExpression "{ nginx.bits = 3072; }"; description = '' Diffie-Hellman parameters to generate. diff --git a/nixpkgs/nixos/modules/security/doas.nix b/nixpkgs/nixos/modules/security/doas.nix index 35f618b03e8e..9a3daf4f504c 100644 --- a/nixpkgs/nixos/modules/security/doas.nix +++ b/nixpkgs/nixos/modules/security/doas.nix @@ -77,7 +77,7 @@ in You can use <code>mkBefore</code> and/or <code>mkAfter</code> to ensure this is the case when configuration options are merged. ''; - example = literalExample '' + example = literalExpression '' [ # Allow execution of any command by any user in group doas, requiring # a password and keeping any previously-defined environment variables. diff --git a/nixpkgs/nixos/modules/security/pam.nix b/nixpkgs/nixos/modules/security/pam.nix index 8b1f653d4e2c..4c18fa8cc67f 100644 --- a/nixpkgs/nixos/modules/security/pam.nix +++ b/nixpkgs/nixos/modules/security/pam.nix @@ -586,7 +586,7 @@ in }; security.pam.services = mkOption { - default = []; + default = {}; type = with types; attrsOf (submodule pamOpts); description = '' diff --git a/nixpkgs/nixos/modules/security/pam_mount.nix b/nixpkgs/nixos/modules/security/pam_mount.nix index e25ace38f57f..462b7f89e2f4 100644 --- a/nixpkgs/nixos/modules/security/pam_mount.nix +++ b/nixpkgs/nixos/modules/security/pam_mount.nix @@ -33,7 +33,7 @@ in additionalSearchPaths = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.bindfs ]"; + example = literalExpression "[ pkgs.bindfs ]"; description = '' Additional programs to include in the search path of pam_mount. Useful for example if you want to use some FUSE filesystems like bindfs. @@ -43,7 +43,7 @@ in fuseMountOptions = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ] ''; description = '' diff --git a/nixpkgs/nixos/modules/security/sudo.nix b/nixpkgs/nixos/modules/security/sudo.nix index 2e73f8f4f311..99e578f8adae 100644 --- a/nixpkgs/nixos/modules/security/sudo.nix +++ b/nixpkgs/nixos/modules/security/sudo.nix @@ -45,7 +45,7 @@ in security.sudo.package = mkOption { type = types.package; default = pkgs.sudo; - defaultText = "pkgs.sudo"; + defaultText = literalExpression "pkgs.sudo"; description = '' Which package to use for `sudo`. ''; @@ -91,7 +91,7 @@ in this is the case when configuration options are merged. ''; default = []; - example = literalExample '' + example = literalExpression '' [ # Allow execution of any command by all users in group sudo, # requiring a password. diff --git a/nixpkgs/nixos/modules/security/systemd-confinement.nix b/nixpkgs/nixos/modules/security/systemd-confinement.nix index 0a09a755e93c..d859c45c74f7 100644 --- a/nixpkgs/nixos/modules/security/systemd-confinement.nix +++ b/nixpkgs/nixos/modules/security/systemd-confinement.nix @@ -62,8 +62,8 @@ in { options.confinement.binSh = lib.mkOption { type = types.nullOr types.path; default = toplevelConfig.environment.binsh; - defaultText = "config.environment.binsh"; - example = lib.literalExample "\${pkgs.dash}/bin/dash"; + defaultText = lib.literalExpression "config.environment.binsh"; + example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; description = '' The program to make available as <filename>/bin/sh</filename> inside the chroot. If this is set to <literal>null</literal>, no diff --git a/nixpkgs/nixos/modules/security/tpm2.nix b/nixpkgs/nixos/modules/security/tpm2.nix index d37425166f88..be85fd246e3c 100644 --- a/nixpkgs/nixos/modules/security/tpm2.nix +++ b/nixpkgs/nixos/modules/security/tpm2.nix @@ -26,8 +26,7 @@ in { ''; type = lib.types.nullOr lib.types.str; default = if cfg.abrmd.enable then "tss" else "root"; - defaultText = ''"tss" when using the userspace resource manager,'' + - ''"root" otherwise''; + defaultText = lib.literalExpression ''if config.security.tpm2.abrmd.enable then "tss" else "root"''; }; tssGroup = lib.mkOption { @@ -57,7 +56,7 @@ in { description = "tpm2-abrmd package to use"; type = lib.types.package; default = pkgs.tpm2-abrmd; - defaultText = "pkgs.tpm2-abrmd"; + defaultText = lib.literalExpression "pkgs.tpm2-abrmd"; }; }; @@ -71,7 +70,7 @@ in { description = "tpm2-pkcs11 package to use"; type = lib.types.package; default = pkgs.tpm2-pkcs11; - defaultText = "pkgs.tpm2-pkcs11"; + defaultText = lib.literalExpression "pkgs.tpm2-pkcs11"; }; }; diff --git a/nixpkgs/nixos/modules/security/wrappers/default.nix b/nixpkgs/nixos/modules/security/wrappers/default.nix index 2697ab0bde8f..a47de7e04f7a 100644 --- a/nixpkgs/nixos/modules/security/wrappers/default.nix +++ b/nixpkgs/nixos/modules/security/wrappers/default.nix @@ -152,7 +152,7 @@ in security.wrappers = lib.mkOption { type = lib.types.attrsOf wrapperType; default = {}; - example = lib.literalExample + example = lib.literalExpression '' { # a setuid root program diff --git a/nixpkgs/nixos/modules/services/admin/meshcentral.nix b/nixpkgs/nixos/modules/services/admin/meshcentral.nix index ae7b6edda7d5..92762d2037c3 100644 --- a/nixpkgs/nixos/modules/services/admin/meshcentral.nix +++ b/nixpkgs/nixos/modules/services/admin/meshcentral.nix @@ -10,7 +10,7 @@ in with lib; { description = "MeshCentral package to use. Replacing this may be necessary to add dependencies for extra functionality."; type = types.package; default = pkgs.meshcentral; - defaultText = "pkgs.meshcentral"; + defaultText = literalExpression "pkgs.meshcentral"; }; settings = mkOption { description = '' diff --git a/nixpkgs/nixos/modules/services/admin/oxidized.nix b/nixpkgs/nixos/modules/services/admin/oxidized.nix index 94b44630ba6c..49ea3ced76a4 100644 --- a/nixpkgs/nixos/modules/services/admin/oxidized.nix +++ b/nixpkgs/nixos/modules/services/admin/oxidized.nix @@ -33,7 +33,7 @@ in configFile = mkOption { type = types.path; - example = literalExample '' + example = literalExpression '' pkgs.writeText "oxidized-config.yml" ''' --- debug: true @@ -69,7 +69,7 @@ in routerDB = mkOption { type = types.path; - example = literalExample '' + example = literalExpression '' pkgs.writeText "oxidized-router.db" ''' hostname-sw1:powerconnect:username1:password2 hostname-sw2:procurve:username2:password2 diff --git a/nixpkgs/nixos/modules/services/amqp/activemq/default.nix b/nixpkgs/nixos/modules/services/amqp/activemq/default.nix index 178b2f6e144b..47669b05aa91 100644 --- a/nixpkgs/nixos/modules/services/amqp/activemq/default.nix +++ b/nixpkgs/nixos/modules/services/amqp/activemq/default.nix @@ -33,6 +33,7 @@ in { }; configurationDir = mkOption { default = "${activemq}/conf"; + defaultText = literalExpression ''"''${pkgs.activemq}/conf"''; type = types.str; description = '' The base directory for ActiveMQ's configuration. @@ -64,7 +65,7 @@ in { javaProperties = mkOption { type = types.attrs; default = { }; - example = literalExample '' + example = literalExpression '' { "java.net.preferIPv4Stack" = "true"; } diff --git a/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix b/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix index dabd80312d9d..3255942fe438 100644 --- a/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix +++ b/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix @@ -29,7 +29,7 @@ in package = mkOption { default = pkgs.rabbitmq-server; type = types.package; - defaultText = "pkgs.rabbitmq-server"; + defaultText = literalExpression "pkgs.rabbitmq-server"; description = '' Which rabbitmq package to use. ''; @@ -82,7 +82,7 @@ in configItems = mkOption { default = { }; type = types.attrsOf types.str; - example = literalExample '' + example = literalExpression '' { "auth_backends.1.authn" = "rabbit_auth_backend_ldap"; "auth_backends.1.authz" = "rabbit_auth_backend_internal"; diff --git a/nixpkgs/nixos/modules/services/audio/botamusique.nix b/nixpkgs/nixos/modules/services/audio/botamusique.nix index 14614d2dd161..f4fa0ead4f05 100644 --- a/nixpkgs/nixos/modules/services/audio/botamusique.nix +++ b/nixpkgs/nixos/modules/services/audio/botamusique.nix @@ -17,6 +17,7 @@ in package = mkOption { type = types.package; default = pkgs.botamusique; + defaultText = literalExpression "pkgs.botamusique"; description = "The botamusique package to use."; }; diff --git a/nixpkgs/nixos/modules/services/audio/hqplayerd.nix b/nixpkgs/nixos/modules/services/audio/hqplayerd.nix index d549ac77e0e5..416d12ce2172 100644 --- a/nixpkgs/nixos/modules/services/audio/hqplayerd.nix +++ b/nixpkgs/nixos/modules/services/audio/hqplayerd.nix @@ -63,7 +63,7 @@ in description = '' HQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml. - Refer to ${pkg}/share/doc/hqplayerd/readme.txt for possible values. + Refer to share/doc/hqplayerd/readme.txt in the hqplayerd derivation for possible values. ''; }; }; diff --git a/nixpkgs/nixos/modules/services/audio/jack.nix b/nixpkgs/nixos/modules/services/audio/jack.nix index d0a95b87ee1b..84fc9957b879 100644 --- a/nixpkgs/nixos/modules/services/audio/jack.nix +++ b/nixpkgs/nixos/modules/services/audio/jack.nix @@ -25,8 +25,8 @@ in { internal = true; type = types.package; default = pkgs.jack2; - defaultText = "pkgs.jack2"; - example = literalExample "pkgs.jack1"; + defaultText = literalExpression "pkgs.jack2"; + example = literalExpression "pkgs.jack1"; description = '' The JACK package to use. ''; @@ -37,7 +37,7 @@ in { default = [ "-dalsa" ]; - example = literalExample '' + example = literalExpression '' [ "-dalsa" "--device" "hw:1" ]; ''; description = '' diff --git a/nixpkgs/nixos/modules/services/audio/liquidsoap.nix b/nixpkgs/nixos/modules/services/audio/liquidsoap.nix index 3a047d10a631..ffeefc0f988e 100644 --- a/nixpkgs/nixos/modules/services/audio/liquidsoap.nix +++ b/nixpkgs/nixos/modules/services/audio/liquidsoap.nix @@ -39,9 +39,9 @@ in default = {}; example = { - myStream1 = literalExample "\"/etc/liquidsoap/myStream1.liq\""; - myStream2 = literalExample "./myStream2.liq"; - myStream3 = literalExample "\"out(playlist(\\\"/srv/music/\\\"))\""; + myStream1 = "/etc/liquidsoap/myStream1.liq"; + myStream2 = literalExpression "./myStream2.liq"; + myStream3 = "out(playlist(\"/srv/music/\"))"; }; type = types.attrsOf (types.either types.path types.str); diff --git a/nixpkgs/nixos/modules/services/audio/mopidy.nix b/nixpkgs/nixos/modules/services/audio/mopidy.nix index 6fd7eae5b892..9937feadaeb6 100644 --- a/nixpkgs/nixos/modules/services/audio/mopidy.nix +++ b/nixpkgs/nixos/modules/services/audio/mopidy.nix @@ -39,7 +39,7 @@ in { extensionPackages = mkOption { default = []; type = types.listOf types.package; - example = literalExample "[ pkgs.mopidy-spotify ]"; + example = literalExpression "[ pkgs.mopidy-spotify ]"; description = '' Mopidy extensions that should be loaded by the service. ''; diff --git a/nixpkgs/nixos/modules/services/audio/mpd.nix b/nixpkgs/nixos/modules/services/audio/mpd.nix index e33e860d883d..560264e249d0 100644 --- a/nixpkgs/nixos/modules/services/audio/mpd.nix +++ b/nixpkgs/nixos/modules/services/audio/mpd.nix @@ -74,7 +74,7 @@ in { musicDirectory = mkOption { type = with types; either path (strMatching "(http|https|nfs|smb)://.+"); default = "${cfg.dataDir}/music"; - defaultText = "\${dataDir}/music"; + defaultText = literalExpression ''"''${dataDir}/music"''; description = '' The directory or NFS/SMB network share where MPD reads music from. If left as the default value this directory will automatically be created before @@ -86,7 +86,7 @@ in { playlistDirectory = mkOption { type = types.path; default = "${cfg.dataDir}/playlists"; - defaultText = "\${dataDir}/playlists"; + defaultText = literalExpression ''"''${dataDir}/playlists"''; description = '' The directory where MPD stores playlists. If left as the default value this directory will automatically be created before the MPD server starts, @@ -155,7 +155,7 @@ in { dbFile = mkOption { type = types.nullOr types.str; default = "${cfg.dataDir}/tag_cache"; - defaultText = "\${dataDir}/tag_cache"; + defaultText = literalExpression ''"''${dataDir}/tag_cache"''; description = '' The path to MPD's database. If set to <literal>null</literal> the parameter is omitted from the configuration. diff --git a/nixpkgs/nixos/modules/services/audio/slimserver.nix b/nixpkgs/nixos/modules/services/audio/slimserver.nix index 21632919699c..ecd265284990 100644 --- a/nixpkgs/nixos/modules/services/audio/slimserver.nix +++ b/nixpkgs/nixos/modules/services/audio/slimserver.nix @@ -22,7 +22,7 @@ in { package = mkOption { type = types.package; default = pkgs.slimserver; - defaultText = "pkgs.slimserver"; + defaultText = literalExpression "pkgs.slimserver"; description = "Slimserver package to use."; }; diff --git a/nixpkgs/nixos/modules/services/audio/snapserver.nix b/nixpkgs/nixos/modules/services/audio/snapserver.nix index f96b5f3e1942..d3e97719f357 100644 --- a/nixpkgs/nixos/modules/services/audio/snapserver.nix +++ b/nixpkgs/nixos/modules/services/audio/snapserver.nix @@ -206,7 +206,7 @@ in { For type <literal>meta</literal>, a list of stream names in the form <literal>/one/two/...</literal>. Don't forget the leading slash. For type <literal>alsa</literal>, use an empty string. ''; - example = literalExample '' + example = literalExpression '' "/path/to/pipe" "/path/to/librespot" "192.168.1.2:4444" @@ -226,7 +226,7 @@ in { description = '' Key-value pairs that convey additional parameters about a stream. ''; - example = literalExample '' + example = literalExpression '' # for type == "pipe": { mode = "create"; @@ -254,7 +254,7 @@ in { description = '' The definition for an input source. ''; - example = literalExample '' + example = literalExpression '' { mpd = { type = "pipe"; diff --git a/nixpkgs/nixos/modules/services/audio/ympd.nix b/nixpkgs/nixos/modules/services/audio/ympd.nix index 551bd941fe68..36c5527027ff 100644 --- a/nixpkgs/nixos/modules/services/audio/ympd.nix +++ b/nixpkgs/nixos/modules/services/audio/ympd.nix @@ -26,7 +26,6 @@ in { type = types.str; default = "localhost"; description = "The host where MPD is listening."; - example = "localhost"; }; port = mkOption { diff --git a/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix b/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix index 4fcaf9eb9301..fd2764a40ad2 100644 --- a/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix +++ b/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix @@ -2,7 +2,7 @@ let - inherit (lib) concatMapStringsSep concatStringsSep isInt isList literalExample; + inherit (lib) concatMapStringsSep concatStringsSep isInt isList literalExpression; inherit (lib) mapAttrs mapAttrsToList mkDefault mkEnableOption mkIf mkOption optional types; cfg = config.services.automysqlbackup; @@ -48,7 +48,7 @@ in <filename>''${pkgs.automysqlbackup}/etc/automysqlbackup.conf</filename> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { db_names = [ "nextcloud" "matomo" ]; table_exclude = [ "nextcloud.oc_users" "nextcloud.oc_whats_new" ]; diff --git a/nixpkgs/nixos/modules/services/backup/borgbackup.nix b/nixpkgs/nixos/modules/services/backup/borgbackup.nix index c4174286fc0b..5461dbaf0bd0 100644 --- a/nixpkgs/nixos/modules/services/backup/borgbackup.nix +++ b/nixpkgs/nixos/modules/services/backup/borgbackup.nix @@ -203,7 +203,7 @@ in { See also the chapter about BorgBackup in the NixOS manual. ''; default = { }; - example = literalExample '' + example = literalExpression '' { # for a local backup rootBackup = { paths = "/"; @@ -260,7 +260,7 @@ in { archiveBaseName = mkOption { type = types.strMatching "[^/{}]+"; default = "${globalConfig.networking.hostName}-${name}"; - defaultText = "\${config.networking.hostName}-<name>"; + defaultText = literalExpression ''"''${config.networking.hostName}-<name>"''; description = '' How to name the created archives. A timestamp, whose format is determined by <option>dateFormat</option>, will be appended. The full @@ -326,10 +326,7 @@ in { you to specify a <option>passCommand</option> or a <option>passphrase</option>. ''; - example = '' - encryption.mode = "repokey-blake2" ; - encryption.passphrase = "mySecretPassphrase" ; - ''; + example = "repokey-blake2"; }; encryption.passCommand = mkOption { @@ -437,7 +434,7 @@ in { for the available options. ''; default = { }; - example = literalExample '' + example = literalExpression '' { within = "1d"; # Keep all archives from the last day daily = 7; @@ -455,7 +452,7 @@ in { Use <literal>""</literal> to consider all archives. ''; default = config.archiveBaseName; - defaultText = "\${archiveBaseName}"; + defaultText = literalExpression "archiveBaseName"; }; environment = mkOption { diff --git a/nixpkgs/nixos/modules/services/backup/btrbk.nix b/nixpkgs/nixos/modules/services/backup/btrbk.nix index a8ff71f609a5..0c00b9344050 100644 --- a/nixpkgs/nixos/modules/services/backup/btrbk.nix +++ b/nixpkgs/nixos/modules/services/backup/btrbk.nix @@ -57,7 +57,7 @@ in description = "Extra packages for btrbk, like compression utilities for <literal>stream_compress</literal>"; type = lib.types.listOf lib.types.package; default = [ ]; - example = lib.literalExample "[ pkgs.xz ]"; + example = lib.literalExpression "[ pkgs.xz ]"; }; niceness = lib.mkOption { description = "Niceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive."; diff --git a/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix b/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix index bcc135005e16..562458eb4571 100644 --- a/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix @@ -85,7 +85,7 @@ in { backupAll = mkOption { default = cfg.databases == []; - defaultText = "services.postgresqlBackup.databases == []"; + defaultText = literalExpression "services.postgresqlBackup.databases == []"; type = lib.types.bool; description = '' Backup all databases using pg_dumpall. diff --git a/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix b/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix index 3d9869d53431..32643adfdaea 100644 --- a/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix +++ b/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix @@ -7,7 +7,7 @@ let options = { postgresqlPackage = mkOption { type = types.package; - example = literalExample "pkgs.postgresql_11"; + example = literalExpression "pkgs.postgresql_11"; description = '' PostgreSQL package to use. ''; @@ -15,7 +15,7 @@ let directory = mkOption { type = types.path; - example = literalExample "/mnt/pg_wal/main/"; + example = literalExpression "/mnt/pg_wal/main/"; description = '' Directory to write the output to. ''; @@ -88,7 +88,7 @@ let extraArgs = mkOption { type = with types; listOf str; default = [ ]; - example = literalExample '' + example = literalExpression '' [ "--no-sync" ] @@ -101,7 +101,7 @@ let environment = mkOption { type = with types; attrsOf str; default = { }; - example = literalExample '' + example = literalExpression '' { PGPASSFILE = "/private/passfile"; PGSSLMODE = "require"; @@ -121,7 +121,7 @@ in { receivers = mkOption { type = with types; attrsOf (submodule receiverSubmodule); default = { }; - example = literalExample '' + example = literalExpression '' { main = { postgresqlPackage = pkgs.postgresql_11; diff --git a/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix b/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix index d1b775f150dc..86744637f85d 100644 --- a/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix +++ b/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix @@ -59,7 +59,7 @@ in package = mkOption { default = pkgs.restic-rest-server; - defaultText = "pkgs.restic-rest-server"; + defaultText = literalExpression "pkgs.restic-rest-server"; type = types.package; description = "Restic REST server package to use."; }; diff --git a/nixpkgs/nixos/modules/services/backup/syncoid.nix b/nixpkgs/nixos/modules/services/backup/syncoid.nix index 3ad8d279a36d..4df10f5ee02b 100644 --- a/nixpkgs/nixos/modules/services/backup/syncoid.nix +++ b/nixpkgs/nixos/modules/services/backup/syncoid.nix @@ -16,16 +16,67 @@ let lib.concatMapStrings (s: if lib.isList s then "-" else s) (builtins.split "[^a-zA-Z0-9_.\\-]+" name); - # Function to build "zfs allow" and "zfs unallow" commands for the - # filesystems we've delegated permissions to. - buildAllowCommand = zfsAction: permissions: dataset: lib.escapeShellArgs [ - # Here we explicitly use the booted system to guarantee the stable API needed by ZFS - "-+/run/booted-system/sw/bin/zfs" - zfsAction - cfg.user - (concatStringsSep "," permissions) - dataset - ]; + # Function to build "zfs allow" commands for the filesystems we've + # delegated permissions to. It also checks if the target dataset + # exists before delegating permissions, if it doesn't exist we + # delegate it to the parent dataset. This should solve the case of + # provisoning new datasets. + buildAllowCommand = permissions: dataset: ( + "-+${pkgs.writeShellScript "zfs-allow-${dataset}" '' + # Here we explicitly use the booted system to guarantee the stable API needed by ZFS + + # Run a ZFS list on the dataset to check if it exists + if ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "list" + dataset + ]} 2> /dev/null; then + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "allow" + cfg.user + (concatStringsSep "," permissions) + dataset + ]} + else + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "allow" + cfg.user + (concatStringsSep "," permissions) + # Remove the last part of the path + (builtins.dirOf dataset) + ]} + fi + ''}" + ); + + # Function to build "zfs unallow" commands for the filesystems we've + # delegated permissions to. Here we unallow both the target but also + # on the parent dataset because at this stage we have no way of + # knowing if the allow command did execute on the parent dataset or + # not in the pre-hook. We can't run the same if in the post hook + # since the dataset should have been created at this point. + buildUnallowCommand = permissions: dataset: ( + "-+${pkgs.writeShellScript "zfs-unallow-${dataset}" '' + # Here we explicitly use the booted system to guarantee the stable API needed by ZFS + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "unallow" + cfg.user + (concatStringsSep "," permissions) + dataset + ]} + ${lib.escapeShellArgs [ + "/run/booted-system/sw/bin/zfs" + "unallow" + cfg.user + (concatStringsSep "," permissions) + # Remove the last part of the path + (builtins.dirOf dataset) + ]} + ''}" + ); in { @@ -235,7 +286,7 @@ in }; })); default = { }; - example = literalExample '' + example = literalExpression '' { "pool/test".target = "root@target:pool/test"; } @@ -274,11 +325,11 @@ in path = [ "/run/booted-system/sw/bin/" ]; serviceConfig = { ExecStartPre = - (map (buildAllowCommand "allow" c.localSourceAllow) (localDatasetName c.source)) ++ - (map (buildAllowCommand "allow" c.localTargetAllow) (localDatasetName c.target)); + (map (buildAllowCommand c.localSourceAllow) (localDatasetName c.source)) ++ + (map (buildAllowCommand c.localTargetAllow) (localDatasetName c.target)); ExecStopPost = - (map (buildAllowCommand "unallow" c.localSourceAllow) (localDatasetName c.source)) ++ - (map (buildAllowCommand "unallow" c.localTargetAllow) (localDatasetName c.target)); + (map (buildUnallowCommand c.localSourceAllow) (localDatasetName c.source)) ++ + (map (buildUnallowCommand c.localTargetAllow) (localDatasetName c.target)); ExecStart = lib.escapeShellArgs ([ "${pkgs.sanoid}/bin/syncoid" ] ++ optionals c.useCommonArgs cfg.commonArgs ++ optional c.recursive "-r" diff --git a/nixpkgs/nixos/modules/services/backup/tarsnap.nix b/nixpkgs/nixos/modules/services/backup/tarsnap.nix index 8187042b4b80..9cce86836612 100644 --- a/nixpkgs/nixos/modules/services/backup/tarsnap.nix +++ b/nixpkgs/nixos/modules/services/backup/tarsnap.nix @@ -214,7 +214,7 @@ in maxbwRateUp = mkOption { type = types.nullOr types.int; default = null; - example = literalExample "25 * 1000"; + example = literalExpression "25 * 1000"; description = '' Upload bandwidth rate limit in bytes. ''; @@ -223,7 +223,7 @@ in maxbwRateDown = mkOption { type = types.nullOr types.int; default = null; - example = literalExample "50 * 1000"; + example = literalExpression "50 * 1000"; description = '' Download bandwidth rate limit in bytes. ''; @@ -256,7 +256,7 @@ in default = {}; - example = literalExample '' + example = literalExpression '' { nixos = { directories = [ "/home" "/root/ssl" ]; @@ -310,7 +310,7 @@ in # the service - therefore we sleep in a loop until we can ping the # endpoint. preStart = '' - while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done + while ! ping -4 -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done ''; script = let diff --git a/nixpkgs/nixos/modules/services/backup/znapzend.nix b/nixpkgs/nixos/modules/services/backup/znapzend.nix index 1fccc7cd6076..09e60177c390 100644 --- a/nixpkgs/nixos/modules/services/backup/znapzend.nix +++ b/nixpkgs/nixos/modules/services/backup/znapzend.nix @@ -166,8 +166,8 @@ let <option>postsnap</option>. ''; default = null; - example = literalExample '' - ''${pkgs.mariadb}/bin/mysql -e "set autocommit=0;flush tables with read lock;\\! ''${pkgs.coreutils}/bin/sleep 600" & ''${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10 + example = literalExpression '' + '''''${pkgs.mariadb}/bin/mysql -e "set autocommit=0;flush tables with read lock;\\! ''${pkgs.coreutils}/bin/sleep 600" & ''${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10''' ''; }; @@ -178,8 +178,8 @@ let e.g. for database unlocking. See also <option>presnap</option>. ''; default = null; - example = literalExample '' - ''${pkgs.coreutils}/bin/kill `''${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;''${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid + example = literalExpression '' + "''${pkgs.coreutils}/bin/kill `''${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;''${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid" ''; }; @@ -223,7 +223,7 @@ let type = attrsOf (destType config); description = "Additional destinations."; default = {}; - example = literalExample '' + example = literalExpression '' { local = { dataset = "btank/backup"; @@ -331,7 +331,7 @@ in type = attrsOf srcType; description = "Znapzend configuration."; default = {}; - example = literalExample '' + example = literalExpression '' { "tank/home" = { # Make snapshots of tank/home every hour, keep those for 1 day, diff --git a/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix b/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix index 6c2df95886e7..bf2cf1edd4d8 100644 --- a/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix +++ b/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix @@ -108,6 +108,7 @@ let package = mkOption { default = pkgs.go-ethereum.geth; + defaultText = literalExpression "pkgs.go-ethereum.geth"; type = types.package; description = "Package to use as Go Ethereum node."; }; diff --git a/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix b/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix index 41ac46e538e3..a165f619dc0c 100644 --- a/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix @@ -8,7 +8,7 @@ with lib; coreSite = mkOption { default = {}; type = types.attrsOf types.anything; - example = literalExample '' + example = literalExpression '' { "fs.defaultFS" = "hdfs://localhost"; } @@ -19,7 +19,7 @@ with lib; hdfsSite = mkOption { default = {}; type = types.attrsOf types.anything; - example = literalExample '' + example = literalExpression '' { "dfs.nameservices" = "namenode1"; } @@ -30,7 +30,7 @@ with lib; mapredSite = mkOption { default = {}; type = types.attrsOf types.anything; - example = literalExample '' + example = literalExpression '' { "mapreduce.map.cpu.vcores" = "1"; } @@ -41,7 +41,7 @@ with lib; yarnSite = mkOption { default = {}; type = types.attrsOf types.anything; - example = literalExample '' + example = literalExpression '' { "yarn.resourcemanager.ha.id" = "resourcemanager1"; } @@ -52,8 +52,7 @@ with lib; package = mkOption { type = types.package; default = pkgs.hadoop; - defaultText = "pkgs.hadoop"; - example = literalExample "pkgs.hadoop"; + defaultText = literalExpression "pkgs.hadoop"; description = ""; }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/k3s/default.nix b/nixpkgs/nixos/modules/services/cluster/k3s/default.nix index e5c51441690a..50b6780bbe66 100644 --- a/nixpkgs/nixos/modules/services/cluster/k3s/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/k3s/default.nix @@ -12,8 +12,7 @@ in package = mkOption { type = types.package; default = pkgs.k3s; - defaultText = "pkgs.k3s"; - example = literalExample "pkgs.k3s"; + defaultText = literalExpression "pkgs.k3s"; description = "Package that should be used for k3s"; }; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix index 821f1aa54604..3d988dc2479a 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix @@ -27,7 +27,7 @@ in ''; default = { }; type = attrsOf attrs; - example = literalExample '' + example = literalExpression '' { "my-service" = { "apiVersion" = "v1"; @@ -46,7 +46,7 @@ in description = "Kubernetes addons (any kind of Kubernetes resource can be an addon)."; default = { }; type = attrsOf (either attrs (listOf attrs)); - example = literalExample '' + example = literalExpression '' { "my-service" = { "apiVersion" = "v1"; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix index 8f937a13231b..34943fddd3d1 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -83,21 +83,24 @@ in { reload loadbalance }''; - defaultText = '' - .:${toString ports.dns} { - errors - health :${toString ports.health} - kubernetes ''${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa + defaultText = literalExpression '' + ''' + .:${toString ports.dns} { + errors + health :${toString ports.health} + kubernetes ''${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + } + prometheus :${toString ports.metrics} + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance } - prometheus :${toString ports.metrics} - forward . /etc/resolv.conf - cache 30 - loop - reload - loadbalance - }''; + ''' + ''; }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix index 08b214181806..433adf4d488c 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix @@ -126,7 +126,7 @@ in { description = "Kubernetes package to use."; type = types.package; default = pkgs.kubernetes; - defaultText = "pkgs.kubernetes"; + defaultText = literalExpression "pkgs.kubernetes"; }; kubeconfig = mkKubeConfigOptions "Default kubeconfig"; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix index 51b2b5f6eb0d..3a2a0ed363d6 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -96,7 +96,7 @@ in description = "Kubernetes CNI configuration."; type = listOf attrs; default = []; - example = literalExample '' + example = literalExpression '' [{ "cniVersion": "0.3.1", "name": "mynet", diff --git a/nixpkgs/nixos/modules/services/cluster/spark/default.nix b/nixpkgs/nixos/modules/services/cluster/spark/default.nix index bbfe0489f115..e6b44e130a3e 100644 --- a/nixpkgs/nixos/modules/services/cluster/spark/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/spark/default.nix @@ -70,7 +70,7 @@ with lib; type = types.path; description = "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory."; default = "${cfg.package}/lib/${cfg.package.untarDir}/conf"; - defaultText = literalExample "\${cfg.package}/lib/\${cfg.package.untarDir}/conf"; + defaultText = literalExpression ''"''${package}/lib/''${package.untarDir}/conf"''; }; logDir = mkOption { type = types.path; @@ -81,8 +81,8 @@ with lib; type = types.package; description = "Spark package."; default = pkgs.spark; - defaultText = "pkgs.spark"; - example = literalExample ''pkgs.spark.overrideAttrs (super: rec { + defaultText = literalExpression "pkgs.spark"; + example = literalExpression ''pkgs.spark.overrideAttrs (super: rec { pname = "spark"; version = "2.4.4"; diff --git a/nixpkgs/nixos/modules/services/computing/boinc/client.nix b/nixpkgs/nixos/modules/services/computing/boinc/client.nix index 7becf6240710..52249455fd45 100644 --- a/nixpkgs/nixos/modules/services/computing/boinc/client.nix +++ b/nixpkgs/nixos/modules/services/computing/boinc/client.nix @@ -30,7 +30,7 @@ in package = mkOption { type = types.package; default = pkgs.boinc; - defaultText = "pkgs.boinc"; + defaultText = literalExpression "pkgs.boinc"; description = '' Which BOINC package to use. ''; @@ -60,7 +60,7 @@ in extraEnvPackages = mkOption { type = types.listOf types.package; default = []; - example = "[ pkgs.virtualbox ]"; + example = literalExpression "[ pkgs.virtualbox ]"; description = '' Additional packages to make available in the environment in which BOINC will run. Common choices are: diff --git a/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix b/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix index fbef6a04b16d..aa9d0a5218fa 100644 --- a/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix +++ b/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix @@ -23,7 +23,7 @@ in package = mkOption { type = types.package; default = pkgs.fahclient; - defaultText = "pkgs.fahclient"; + defaultText = literalExpression "pkgs.fahclient"; description = '' Which Folding@home client to use. ''; diff --git a/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix b/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix index a3dee94e2dc5..0c96f3231329 100644 --- a/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix @@ -132,8 +132,8 @@ in package = mkOption { type = types.package; default = pkgs.slurm.override { enableX11 = ! cfg.enableSrunX11; }; - defaultText = "pkgs.slurm"; - example = literalExample "pkgs.slurm-full"; + defaultText = literalExpression "pkgs.slurm"; + example = literalExpression "pkgs.slurm-full"; description = '' The package to use for slurm binaries. ''; @@ -172,7 +172,7 @@ in nodeName = mkOption { type = types.listOf types.str; default = []; - example = literalExample ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; + example = literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; description = '' Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" @@ -183,7 +183,7 @@ in partitionName = mkOption { type = types.listOf types.str; default = []; - example = literalExample ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; + example = literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; description = '' Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name. diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix index f668e69e5df7..2dc61c21ac71 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -93,6 +93,7 @@ in { type = types.path; description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = defaultMasterCfg; + defaultText = literalDocBook ''generated configuration file''; example = "/etc/nixos/buildbot/master.cfg"; }; @@ -210,14 +211,14 @@ in { package = mkOption { type = types.package; default = pkgs.python3Packages.buildbot-full; - defaultText = "pkgs.python3Packages.buildbot-full"; + defaultText = literalExpression "pkgs.python3Packages.buildbot-full"; description = "Package to use for buildbot."; - example = literalExample "pkgs.python3Packages.buildbot"; + example = literalExpression "pkgs.python3Packages.buildbot"; }; packages = mkOption { default = [ pkgs.git ]; - example = literalExample "[ pkgs.git ]"; + defaultText = literalExpression "[ pkgs.git ]"; type = types.listOf types.package; description = "Packages to add to PATH for the buildbot process."; }; @@ -225,9 +226,9 @@ in { pythonPackages = mkOption { type = types.functionTo (types.listOf types.package); default = pythonPackages: with pythonPackages; [ ]; - defaultText = "pythonPackages: with pythonPackages; [ ]"; + defaultText = literalExpression "pythonPackages: with pythonPackages; [ ]"; description = "Packages to add the to the PYTHONPATH of the buildbot process."; - example = literalExample "pythonPackages: with pythonPackages; [ requests ]"; + example = literalExpression "pythonPackages: with pythonPackages; [ requests ]"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix index 708b3e1cc182..dd4f4a4a74a9 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix @@ -128,14 +128,14 @@ in { package = mkOption { type = types.package; default = pkgs.python3Packages.buildbot-worker; - defaultText = "pkgs.python3Packages.buildbot-worker"; + defaultText = literalExpression "pkgs.python3Packages.buildbot-worker"; description = "Package to use for buildbot worker."; - example = literalExample "pkgs.python2Packages.buildbot-worker"; + example = literalExpression "pkgs.python2Packages.buildbot-worker"; }; packages = mkOption { default = with pkgs; [ git ]; - example = literalExample "[ pkgs.git ]"; + defaultText = literalExpression "[ pkgs.git ]"; type = types.listOf types.package; description = "Packages to add to PATH for the buildbot process."; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix index b8982d757db9..1872567c9f12 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix @@ -39,7 +39,7 @@ let package = mkOption { default = pkgs.buildkite-agent; - defaultText = "pkgs.buildkite-agent"; + defaultText = literalExpression "pkgs.buildkite-agent"; description = "Which buildkite-agent derivation to use"; type = types.package; }; @@ -52,7 +52,7 @@ let runtimePackages = mkOption { default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]; - defaultText = "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"; + defaultText = literalExpression "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"; description = "Add programs to the buildkite-agent environment"; type = types.listOf types.package; }; @@ -168,7 +168,7 @@ let hooksPath = mkOption { type = types.path; default = hooksDir config; - defaultText = "generated from services.buildkite-agents.<name>.hooks"; + defaultText = literalDocBook "generated from <option>services.buildkite-agents.<name>.hooks</option>"; description = '' Path to the directory storing the hooks. Consider using <option>services.buildkite-agents.<name>.hooks.<name></option> @@ -179,6 +179,7 @@ let shell = mkOption { type = types.str; default = "${pkgs.bash}/bin/bash -e -c"; + defaultText = literalExpression ''"''${pkgs.bash}/bin/bash -e -c"''; description = '' Command that buildkite-agent 3 will execute when it spawns a shell. ''; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix b/nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix index f951c1553235..943c1e4598df 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix @@ -77,7 +77,7 @@ in Changing this option triggers a new runner registration. ''; - example = literalExample ''[ "nixos" ]''; + example = literalExpression ''[ "nixos" ]''; default = [ ]; }; @@ -105,6 +105,7 @@ in Which github-runner derivation to use. ''; default = pkgs.github-runner; + defaultText = literalExpression "pkgs.github-runner"; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix index 15c37c2bc76d..d4b8541c6a1b 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -136,7 +136,7 @@ in checkInterval = mkOption { type = types.int; default = 0; - example = literalExample "with lib; (length (attrNames config.services.gitlab-runner.services)) * 3"; + example = literalExpression "with lib; (length (attrNames config.services.gitlab-runner.services)) * 3"; description = '' Defines the interval length, in seconds, between new jobs check. The default value is 3; @@ -147,7 +147,7 @@ in concurrent = mkOption { type = types.int; default = 1; - example = literalExample "config.nix.maxJobs"; + example = literalExpression "config.nix.maxJobs"; description = '' Limits how many jobs globally can be run concurrently. The most upper limit of jobs using all defined runners. @@ -203,7 +203,7 @@ in }; }; default = { }; - example = literalExample '' + example = literalExpression '' { listenAddress = "0.0.0.0:8093"; } @@ -234,8 +234,8 @@ in package = mkOption { type = types.package; default = pkgs.gitlab-runner; - defaultText = "pkgs.gitlab-runner"; - example = literalExample "pkgs.gitlab-runner_1_11"; + defaultText = literalExpression "pkgs.gitlab-runner"; + example = literalExpression "pkgs.gitlab-runner_1_11"; description = "Gitlab Runner package to use."; }; extraPackages = mkOption { @@ -248,7 +248,7 @@ in services = mkOption { description = "GitLab Runner services."; default = { }; - example = literalExample '' + example = literalExpression '' { # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix index 8cae08bf1fa0..acc3fb12484a 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix @@ -37,7 +37,7 @@ in { packages = mkOption { default = [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]; - defaultText = "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; + defaultText = literalExpression "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; description = '' Packages to add to PATH for the Go.CD agent process. diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix index 4c829664a0a5..646bf13ac67a 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix @@ -69,7 +69,7 @@ in { packages = mkOption { default = [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]; - defaultText = "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; + defaultText = literalExpression "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; description = '' Packages to add to PATH for the Go.CD server's process. diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hail.nix b/nixpkgs/nixos/modules/services/continuous-integration/hail.nix index 5d0c3f7b4ab3..4070a3425c4f 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/hail.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/hail.nix @@ -35,7 +35,7 @@ in { package = mkOption { type = types.package; default = pkgs.haskellPackages.hail; - defaultText = "pkgs.haskellPackages.hail"; + defaultText = literalExpression "pkgs.haskellPackages.hail"; description = "Hail package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix index 70d85a97f3b7..d53d68bdcf97 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix @@ -10,7 +10,8 @@ Platform-specific code is in the respective default.nix files. let inherit (lib) filterAttrs - literalExample + literalDocBook + literalExpression mkIf mkOption mkRemovedOptionModule @@ -60,7 +61,7 @@ let ''; type = types.path; default = config.baseDirectory + "/work"; - defaultText = literalExample ''baseDirectory + "/work"''; + defaultText = literalExpression ''baseDirectory + "/work"''; }; staticSecretsDirectory = mkOption { description = '' @@ -68,7 +69,7 @@ let ''; type = types.path; default = config.baseDirectory + "/secrets"; - defaultText = literalExample ''baseDirectory + "/secrets"''; + defaultText = literalExpression ''baseDirectory + "/secrets"''; }; clusterJoinTokenPath = mkOption { description = '' @@ -76,7 +77,7 @@ let ''; type = types.path; default = config.staticSecretsDirectory + "/cluster-join-token.key"; - defaultText = literalExample ''staticSecretsDirectory + "/cluster-join-token.key"''; + defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"''; # internal: It's a bit too detailed to show by default in the docs, # but useful to define explicitly to allow reuse by other modules. internal = true; @@ -87,7 +88,7 @@ let ''; type = types.path; default = config.staticSecretsDirectory + "/binary-caches.json"; - defaultText = literalExample ''staticSecretsDirectory + "/binary-caches.json"''; + defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"''; # internal: It's a bit too detailed to show by default in the docs, # but useful to define explicitly to allow reuse by other modules. internal = true; @@ -158,7 +159,7 @@ in ''; type = types.package; default = pkgs.hercules-ci-agent; - defaultText = literalExample "pkgs.hercules-ci-agent"; + defaultText = literalExpression "pkgs.hercules-ci-agent"; }; settings = mkOption { description = '' @@ -180,7 +181,7 @@ in tomlFile = mkOption { type = types.path; internal = true; - defaultText = "generated hercules-ci-agent.toml"; + defaultText = literalDocBook "generated <literal>hercules-ci-agent.toml</literal>"; description = '' The fully assembled config file. ''; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix index 0103cd723d2f..d6cde77c0a3f 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix @@ -100,7 +100,7 @@ in package = mkOption { type = types.package; default = pkgs.hydra-unstable; - defaultText = "pkgs.hydra-unstable"; + defaultText = literalExpression "pkgs.hydra-unstable"; description = "The Hydra package."; }; @@ -155,7 +155,7 @@ in smtpHost = mkOption { type = types.nullOr types.str; default = null; - example = ["localhost"]; + example = "localhost"; description = '' Hostname of the SMTP server to use to send email. ''; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix index 98ef1e2c691b..d37dcb5519d2 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -81,14 +81,14 @@ in { package = mkOption { default = pkgs.jenkins; - defaultText = "pkgs.jenkins"; + defaultText = literalExpression "pkgs.jenkins"; type = types.package; description = "Jenkins package to use."; }; packages = mkOption { default = [ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]; - defaultText = "[ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]"; + defaultText = literalExpression "[ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; description = '' Packages to add to PATH for the jenkins process. @@ -120,7 +120,7 @@ in { <literal>null</literal>. You can generate this set with a tool such as <literal>jenkinsPlugins2nix</literal>. ''; - example = literalExample '' + example = literalExpression '' import path/to/jenkinsPlugins2nix-generated-plugins.nix { inherit (pkgs) fetchurl stdenv; } ''; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index 536d394b3fd4..3ca1542c18f2 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -74,7 +74,7 @@ in { jsonJobs = mkOption { default = [ ]; type = types.listOf types.str; - example = literalExample '' + example = literalExpression '' [ ''' [ { "job": @@ -94,7 +94,7 @@ in { nixJobs = mkOption { default = [ ]; type = types.listOf types.attrs; - example = literalExample '' + example = literalExpression '' [ { job = { name = "jenkins-job-test-3"; builders = [ diff --git a/nixpkgs/nixos/modules/services/databases/aerospike.nix b/nixpkgs/nixos/modules/services/databases/aerospike.nix index 4b905f90529d..8109762aea78 100644 --- a/nixpkgs/nixos/modules/services/databases/aerospike.nix +++ b/nixpkgs/nixos/modules/services/databases/aerospike.nix @@ -43,7 +43,7 @@ in package = mkOption { default = pkgs.aerospike; - defaultText = "pkgs.aerospike"; + defaultText = literalExpression "pkgs.aerospike"; type = types.package; description = "Which Aerospike derivation to use"; }; diff --git a/nixpkgs/nixos/modules/services/databases/cassandra.nix b/nixpkgs/nixos/modules/services/databases/cassandra.nix index 820be5085de9..b36cac35e7c2 100644 --- a/nixpkgs/nixos/modules/services/databases/cassandra.nix +++ b/nixpkgs/nixos/modules/services/databases/cassandra.nix @@ -4,7 +4,8 @@ let inherit (lib) concatStringsSep flip - literalExample + literalDocBook + literalExpression optionalAttrs optionals recursiveUpdate @@ -136,8 +137,8 @@ in package = mkOption { type = types.package; default = pkgs.cassandra; - defaultText = "pkgs.cassandra"; - example = literalExample "pkgs.cassandra_3_11"; + defaultText = literalExpression "pkgs.cassandra"; + example = literalExpression "pkgs.cassandra_3_11"; description = '' The Apache Cassandra package to use. ''; @@ -276,7 +277,7 @@ in extraEnvSh = mkOption { type = types.lines; default = ""; - example = "CLASSPATH=$CLASSPATH:\${extraJar}"; + example = literalExpression ''"CLASSPATH=$CLASSPATH:''${extraJar}"''; description = '' Extra shell lines to be appended onto cassandra-env.sh. ''; @@ -436,6 +437,7 @@ in if versionAtLeast cfg.package.version "3.11" then pkgs.writeText "jmx-roles-file" defaultJmxRolesFile else null; + defaultText = literalDocBook ''generated configuration file if version is at least 3.11, otherwise <literal>null</literal>''; example = "/var/lib/cassandra/jmx.password"; description = '' Specify your own jmx roles file. diff --git a/nixpkgs/nixos/modules/services/databases/cockroachdb.nix b/nixpkgs/nixos/modules/services/databases/cockroachdb.nix index 35fb46d69d8e..eb061af92621 100644 --- a/nixpkgs/nixos/modules/services/databases/cockroachdb.nix +++ b/nixpkgs/nixos/modules/services/databases/cockroachdb.nix @@ -150,7 +150,7 @@ in package = mkOption { type = types.package; default = pkgs.cockroachdb; - defaultText = "pkgs.cockroachdb"; + defaultText = literalExpression "pkgs.cockroachdb"; description = '' The CockroachDB derivation to use for running the service. diff --git a/nixpkgs/nixos/modules/services/databases/couchdb.nix b/nixpkgs/nixos/modules/services/databases/couchdb.nix index 6cc29cd717ec..16dd64f2373e 100644 --- a/nixpkgs/nixos/modules/services/databases/couchdb.nix +++ b/nixpkgs/nixos/modules/services/databases/couchdb.nix @@ -44,8 +44,7 @@ in { package = mkOption { type = types.package; default = pkgs.couchdb; - defaultText = "pkgs.couchdb"; - example = literalExample "pkgs.couchdb"; + defaultText = literalExpression "pkgs.couchdb"; description = '' CouchDB package to use. ''; diff --git a/nixpkgs/nixos/modules/services/databases/firebird.nix b/nixpkgs/nixos/modules/services/databases/firebird.nix index 0815487d4a1f..4e3130bea22f 100644 --- a/nixpkgs/nixos/modules/services/databases/firebird.nix +++ b/nixpkgs/nixos/modules/services/databases/firebird.nix @@ -44,11 +44,9 @@ in package = mkOption { default = pkgs.firebird; - defaultText = "pkgs.firebird"; + defaultText = literalExpression "pkgs.firebird"; type = types.package; - example = '' - <code>package = pkgs.firebird_3;</code> - ''; + example = literalExpression "pkgs.firebird_3"; description = '' Which Firebird package to be installed: <code>pkgs.firebird_3</code> For SuperServer use override: <code>pkgs.firebird_3.override { superServer = true; };</code> @@ -56,7 +54,7 @@ in }; port = mkOption { - default = "3050"; + default = 3050; type = types.port; description = '' Port Firebird uses. diff --git a/nixpkgs/nixos/modules/services/databases/hbase.nix b/nixpkgs/nixos/modules/services/databases/hbase.nix index 2d1a47bbaa31..9132b7ed3569 100644 --- a/nixpkgs/nixos/modules/services/databases/hbase.nix +++ b/nixpkgs/nixos/modules/services/databases/hbase.nix @@ -44,8 +44,7 @@ in { package = mkOption { type = types.package; default = pkgs.hbase; - defaultText = "pkgs.hbase"; - example = literalExample "pkgs.hbase"; + defaultText = literalExpression "pkgs.hbase"; description = '' HBase package to use. ''; diff --git a/nixpkgs/nixos/modules/services/databases/influxdb.nix b/nixpkgs/nixos/modules/services/databases/influxdb.nix index 3b8c00929ba9..f7383b2023a4 100644 --- a/nixpkgs/nixos/modules/services/databases/influxdb.nix +++ b/nixpkgs/nixos/modules/services/databases/influxdb.nix @@ -96,9 +96,8 @@ let }; } cfg.extraConfig; - configFile = pkgs.runCommand "config.toml" { - buildInputs = [ pkgs.remarshal ]; - preferLocalBuild = true; + configFile = pkgs.runCommandLocal "config.toml" { + nativeBuildInputs = [ pkgs.remarshal ]; } '' remarshal -if json -of toml \ < ${pkgs.writeText "config.json" (builtins.toJSON configOptions)} \ @@ -121,7 +120,7 @@ in package = mkOption { default = pkgs.influxdb; - defaultText = "pkgs.influxdb"; + defaultText = literalExpression "pkgs.influxdb"; description = "Which influxdb derivation to use"; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/databases/influxdb2.nix b/nixpkgs/nixos/modules/services/databases/influxdb2.nix index df7bac4261b5..01b9c4934847 100644 --- a/nixpkgs/nixos/modules/services/databases/influxdb2.nix +++ b/nixpkgs/nixos/modules/services/databases/influxdb2.nix @@ -11,7 +11,7 @@ in enable = mkEnableOption "the influxdb2 server"; package = mkOption { default = pkgs.influxdb2; - defaultText = "pkgs.influxdb2"; + defaultText = literalExpression "pkgs.influxdb2"; description = "influxdb2 derivation to use."; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/databases/monetdb.nix b/nixpkgs/nixos/modules/services/databases/monetdb.nix index 5c66fc7b2e36..52a2ef041f8b 100644 --- a/nixpkgs/nixos/modules/services/databases/monetdb.nix +++ b/nixpkgs/nixos/modules/services/databases/monetdb.nix @@ -17,7 +17,7 @@ in { package = mkOption { type = types.package; default = pkgs.monetdb; - defaultText = "pkgs.monetdb"; + defaultText = literalExpression "pkgs.monetdb"; description = "MonetDB package to use."; }; diff --git a/nixpkgs/nixos/modules/services/databases/mongodb.nix b/nixpkgs/nixos/modules/services/databases/mongodb.nix index 5121e0415db1..fccf85d482e0 100644 --- a/nixpkgs/nixos/modules/services/databases/mongodb.nix +++ b/nixpkgs/nixos/modules/services/databases/mongodb.nix @@ -33,7 +33,7 @@ in package = mkOption { default = pkgs.mongodb; - defaultText = "pkgs.mongodb"; + defaultText = literalExpression "pkgs.mongodb"; type = types.package; description = " Which MongoDB derivation to use. diff --git a/nixpkgs/nixos/modules/services/databases/mysql.nix b/nixpkgs/nixos/modules/services/databases/mysql.nix index b801b5cce635..a9d9a6d80588 100644 --- a/nixpkgs/nixos/modules/services/databases/mysql.nix +++ b/nixpkgs/nixos/modules/services/databases/mysql.nix @@ -34,7 +34,7 @@ in package = mkOption { type = types.package; - example = literalExample "pkgs.mariadb"; + example = literalExpression "pkgs.mariadb"; description = " Which MySQL derivation to use. MariaDB packages are supported too. "; @@ -43,7 +43,7 @@ in bind = mkOption { type = types.nullOr types.str; default = null; - example = literalExample "0.0.0.0"; + example = "0.0.0.0"; description = "Address to bind to. The default is to bind to all addresses."; }; @@ -74,12 +74,12 @@ in configFile = mkOption { type = types.path; default = settingsFile; - defaultText = "settingsFile"; + defaultText = literalExpression "settingsFile"; description = '' Override the configuration file used by MySQL. By default, NixOS generates one automatically from <option>services.mysql.settings</option>. ''; - example = literalExample '' + example = literalExpression '' pkgs.writeText "my.cnf" ''' [mysqld] datadir = /var/lib/mysql @@ -109,7 +109,7 @@ in </para> </note> ''; - example = literalExample '' + example = literalExpression '' { mysqld = { key_buffer_size = "6G"; @@ -167,7 +167,7 @@ in of MySQL. The schema attribute is optional: If not specified, an empty database is created. ''; example = [ - { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; } + { name = "foodatabase"; schema = literalExpression "./foodatabase.sql"; } { name = "bardatabase"; } ]; }; @@ -217,7 +217,7 @@ in <link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>. The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>. ''; - example = literalExample '' + example = literalExpression '' { "database.*" = "ALL PRIVILEGES"; "*.*" = "SELECT, LOCK TABLES"; @@ -235,7 +235,7 @@ in option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually. ''; - example = literalExample '' + example = literalExpression '' [ { name = "nextcloud"; diff --git a/nixpkgs/nixos/modules/services/databases/neo4j.nix b/nixpkgs/nixos/modules/services/databases/neo4j.nix index 2a30923538db..f37e5ad16939 100644 --- a/nixpkgs/nixos/modules/services/databases/neo4j.nix +++ b/nixpkgs/nixos/modules/services/databases/neo4j.nix @@ -179,7 +179,7 @@ in { package = mkOption { type = types.package; default = pkgs.neo4j; - defaultText = "pkgs.neo4j"; + defaultText = literalExpression "pkgs.neo4j"; description = '' Neo4j package to use. ''; diff --git a/nixpkgs/nixos/modules/services/databases/openldap.nix b/nixpkgs/nixos/modules/services/databases/openldap.nix index f0efc659cff7..2c1e25d43084 100644 --- a/nixpkgs/nixos/modules/services/databases/openldap.nix +++ b/nixpkgs/nixos/modules/services/databases/openldap.nix @@ -34,7 +34,7 @@ let in types.attrsOf (types.submodule { options = hiddenOptions; }); default = {}; description = "Child entries of the current entry, with recursively the same structure."; - example = lib.literalExample '' + example = lib.literalExpression '' { "cn=schema" = { # The attribute used in the DN must be defined @@ -127,6 +127,7 @@ in { package = mkOption { type = types.package; default = pkgs.openldap; + defaultText = literalExpression "pkgs.openldap"; description = '' OpenLDAP package to use. @@ -158,14 +159,14 @@ in { settings = mkOption { type = ldapAttrsType; description = "Configuration for OpenLDAP, in OLC format"; - example = lib.literalExample '' + example = lib.literalExpression '' { attrs.olcLogLevel = [ "stats" ]; children = { "cn=schema".includes = [ - "\${pkgs.openldap}/etc/schema/core.ldif" - "\${pkgs.openldap}/etc/schema/cosine.ldif" - "\${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "''${pkgs.openldap}/etc/schema/core.ldif" + "''${pkgs.openldap}/etc/schema/cosine.ldif" + "''${pkgs.openldap}/etc/schema/inetorgperson.ldif" ]; "olcDatabase={-1}frontend" = { attrs = { @@ -225,7 +226,7 @@ in { rebuilt on each server startup, so this will slow down server startup, especially with large databases. ''; - example = lib.literalExample '' + example = lib.literalExpression '' { "dc=example,dc=org" = ''' dn= dn: dc=example,dc=org diff --git a/nixpkgs/nixos/modules/services/databases/opentsdb.nix b/nixpkgs/nixos/modules/services/databases/opentsdb.nix index c4bd71f3d60e..e873b2f70115 100644 --- a/nixpkgs/nixos/modules/services/databases/opentsdb.nix +++ b/nixpkgs/nixos/modules/services/databases/opentsdb.nix @@ -26,8 +26,7 @@ in { package = mkOption { type = types.package; default = pkgs.opentsdb; - defaultText = "pkgs.opentsdb"; - example = literalExample "pkgs.opentsdb"; + defaultText = literalExpression "pkgs.opentsdb"; description = '' OpenTSDB package to use. ''; diff --git a/nixpkgs/nixos/modules/services/databases/pgmanage.nix b/nixpkgs/nixos/modules/services/databases/pgmanage.nix index 8508e76b5cd6..f30f71866afd 100644 --- a/nixpkgs/nixos/modules/services/databases/pgmanage.nix +++ b/nixpkgs/nixos/modules/services/databases/pgmanage.nix @@ -49,7 +49,7 @@ in { package = mkOption { type = types.package; default = pkgs.pgmanage; - defaultText = "pkgs.pgmanage"; + defaultText = literalExpression "pkgs.pgmanage"; description = '' The pgmanage package to use. ''; diff --git a/nixpkgs/nixos/modules/services/databases/postgresql.nix b/nixpkgs/nixos/modules/services/databases/postgresql.nix index fd4a195787f3..d49cb4c51a72 100644 --- a/nixpkgs/nixos/modules/services/databases/postgresql.nix +++ b/nixpkgs/nixos/modules/services/databases/postgresql.nix @@ -44,7 +44,7 @@ in package = mkOption { type = types.package; - example = literalExample "pkgs.postgresql_11"; + example = literalExpression "pkgs.postgresql_11"; description = '' PostgreSQL package to use. ''; @@ -66,7 +66,7 @@ in dataDir = mkOption { type = types.path; - defaultText = "/var/lib/postgresql/\${config.services.postgresql.package.psqlSchema}"; + defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.postgresql.package.psqlSchema}"''; example = "/var/lib/postgresql/11"; description = '' The data directory for PostgreSQL. If left as the default value @@ -161,7 +161,7 @@ in <link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>. The attributes are used as <code>GRANT ''${attrValue} ON ''${attrName}</code>. ''; - example = literalExample '' + example = literalExpression '' { "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; @@ -179,7 +179,7 @@ in option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually. ''; - example = literalExample '' + example = literalExpression '' [ { name = "nextcloud"; @@ -221,7 +221,7 @@ in extraPlugins = mkOption { type = types.listOf types.path; default = []; - example = literalExample "with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]"; + example = literalExpression "with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]"; description = '' List of PostgreSQL plugins. PostgreSQL version for each plugin should match version for <literal>services.postgresql.package</literal> value. @@ -241,7 +241,7 @@ in escaped with two single quotes as described by the upstream documentation linked above. </para></note> ''; - example = literalExample '' + example = literalExpression '' { log_connections = true; log_statement = "all"; diff --git a/nixpkgs/nixos/modules/services/databases/redis.nix b/nixpkgs/nixos/modules/services/databases/redis.nix index 1b9358c81a12..578d9d9ec8d7 100644 --- a/nixpkgs/nixos/modules/services/databases/redis.nix +++ b/nixpkgs/nixos/modules/services/databases/redis.nix @@ -47,7 +47,7 @@ in { package = mkOption { type = types.package; default = pkgs.redis; - defaultText = "pkgs.redis"; + defaultText = literalExpression "pkgs.redis"; description = "Which Redis derivation to use."; }; @@ -133,7 +133,6 @@ in { type = with types; listOf (listOf int); default = [ [900 1] [300 10] [60 10000] ]; description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes."; - example = [ [900 1] [300 10] [60 10000] ]; }; slaveOf = mkOption { @@ -217,7 +216,7 @@ in { <link xlink:href="https://redis.io/topics/config"/> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ]; } diff --git a/nixpkgs/nixos/modules/services/databases/riak.nix b/nixpkgs/nixos/modules/services/databases/riak.nix index 657eeea87bf4..cc4237d038cd 100644 --- a/nixpkgs/nixos/modules/services/databases/riak.nix +++ b/nixpkgs/nixos/modules/services/databases/riak.nix @@ -21,8 +21,7 @@ in package = mkOption { type = types.package; default = pkgs.riak; - defaultText = "pkgs.riak"; - example = literalExample "pkgs.riak"; + defaultText = literalExpression "pkgs.riak"; description = '' Riak package to use. ''; diff --git a/nixpkgs/nixos/modules/services/databases/victoriametrics.nix b/nixpkgs/nixos/modules/services/databases/victoriametrics.nix index 9e2c79e61a39..0513dcff172b 100644 --- a/nixpkgs/nixos/modules/services/databases/victoriametrics.nix +++ b/nixpkgs/nixos/modules/services/databases/victoriametrics.nix @@ -6,7 +6,7 @@ let cfg = config.services.victoriametrics; in package = mkOption { type = types.package; default = pkgs.victoriametrics; - defaultText = "pkgs.victoriametrics"; + defaultText = literalExpression "pkgs.victoriametrics"; description = '' The VictoriaMetrics distribution to use. ''; diff --git a/nixpkgs/nixos/modules/services/desktops/geoclue2.nix b/nixpkgs/nixos/modules/services/desktops/geoclue2.nix index cb5c948ecf78..60a34dd65631 100644 --- a/nixpkgs/nixos/modules/services/desktops/geoclue2.nix +++ b/nixpkgs/nixos/modules/services/desktops/geoclue2.nix @@ -21,7 +21,6 @@ let isAllowed = mkOption { type = types.bool; - default = null; description = '' Whether the application will be allowed access to location information. ''; @@ -29,7 +28,6 @@ let isSystem = mkOption { type = types.bool; - default = null; description = '' Whether the application is a system component or not. ''; @@ -162,7 +160,7 @@ in appConfig = mkOption { type = types.attrsOf appConfigModule; default = {}; - example = literalExample '' + example = literalExpression '' "com.github.app" = { isAllowed = true; isSystem = true; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix b/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix index ef5ad797c278..bd2242d98182 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix @@ -39,7 +39,7 @@ with lib; plugins = mkOption { type = types.listOf types.package; default = [ ]; - example = literalExample "[ pkgs.evolution-ews ]"; + example = literalExpression "[ pkgs.evolution-ews ]"; description = "Plugins for Evolution."; }; diff --git a/nixpkgs/nixos/modules/services/desktops/gvfs.nix b/nixpkgs/nixos/modules/services/desktops/gvfs.nix index 966a4d38662b..b6a27279bdf8 100644 --- a/nixpkgs/nixos/modules/services/desktops/gvfs.nix +++ b/nixpkgs/nixos/modules/services/desktops/gvfs.nix @@ -35,6 +35,7 @@ in package = mkOption { type = types.package; default = pkgs.gnome.gvfs; + defaultText = literalExpression "pkgs.gnome.gvfs"; description = "Which GVfs package to use."; }; diff --git a/nixpkgs/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json b/nixpkgs/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json deleted file mode 100644 index e5e7517e38d4..000000000000 --- a/nixpkgs/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json +++ /dev/null @@ -1,250 +0,0 @@ -{ - "bluez5.features.device": [ - { - "name": "Air 1 Plus", - "no-features": [ - "hw-volume-mic" - ] - }, - { - "name": "AirPods", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "name": "AirPods Pro", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "name": "AXLOIE Goin", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "name": "BAA 100", - "no-features": [ - "hw-volume" - ] - }, - { - "name": "D50s", - "address": "~^00:13:ef:", - "no-features": [ - "hw-volume" - ] - }, - { - "name": "JBL Endurance RUN BT", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl", - "sbc-xq" - ] - }, - { - "name": "JBL LIVE650BTNC" - }, - { - "name": "Motorola DC800", - "no-features": [ - "sbc-xq" - ] - }, - { - "name": "Motorola S305", - "no-features": [ - "sbc-xq" - ] - }, - { - "name": "Soundcore Life P2-L", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "name": "Urbanista Stockholm Plus", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "address": "~^94:16:25:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^9c:64:8b:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^a0:e9:db:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^0c:a6:94:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^00:14:02:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^44:5e:f3:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^d4:9c:28:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^00:18:6b:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^b8:ad:3e:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^a0:e9:db:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^00:24:1c:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^00:11:b1:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^a4:15:66:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^00:14:f1:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^00:26:7e:", - "no-features": [ - "hw-volume" - ] - }, - { - "address": "~^90:03:b7:", - "no-features": [ - "hw-volume" - ] - } - ], - "bluez5.features.adapter": [ - { - "bus-type": "usb", - "vendor-id": "usb:0bda" - }, - { - "bus-type": "usb", - "no-features": [ - "msbc-alt1-rtl" - ] - }, - { - "no-features": [ - "msbc-alt1-rtl" - ] - } - ], - "bluez5.features.kernel": [ - { - "sysname": "Linux", - "release": "~^[0-4]\\.", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "sysname": "Linux", - "release": "~^5\\.[1-7]\\.", - "no-features": [ - "msbc-alt1", - "msbc-alt1-rtl" - ] - }, - { - "sysname": "Linux", - "release": "~^5\\.(8|9)\\.", - "no-features": [ - "msbc-alt1" - ] - }, - { - "sysname": "Linux", - "release": "~^5\\.10\\.(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|51|52|53|54|55|56|57|58|59|60|61)($|[^0-9])", - "no-features": [ - "msbc-alt1" - ] - }, - { - "sysname": "Linux", - "release": "~^5\\.12\\.(18|19)($|[^0-9])", - "no-features": [ - "msbc-alt1" - ] - }, - { - "sysname": "Linux", - "release": "~^5\\.13\\.(3|4|5|6|7|8|9|10|11|12|13)($|[^0-9])", - "no-features": [ - "msbc-alt1" - ] - }, - { - "sysname": "Linux", - "release": "~^5\\.14($|[^0-9])", - "no-features": [ - "msbc-alt1" - ] - }, - { - "no-features": [] - } - ] -} diff --git a/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix b/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix index 41ab995e3292..4ae6aab29cdb 100644 --- a/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix +++ b/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix @@ -15,7 +15,6 @@ let defaults = { alsa-monitor = (builtins.fromJSON (builtins.readFile ./alsa-monitor.conf.json)); bluez-monitor = (builtins.fromJSON (builtins.readFile ./bluez-monitor.conf.json)); - bluez-hardware = (builtins.fromJSON (builtins.readFile ./bluez-hardware.conf.json)); media-session = (builtins.fromJSON (builtins.readFile ./media-session.conf.json)); v4l2-monitor = (builtins.fromJSON (builtins.readFile ./v4l2-monitor.conf.json)); }; @@ -23,7 +22,6 @@ let configs = { alsa-monitor = recursiveUpdate defaults.alsa-monitor cfg.config.alsa-monitor; bluez-monitor = recursiveUpdate defaults.bluez-monitor cfg.config.bluez-monitor; - bluez-hardware = defaults.bluez-hardware; media-session = recursiveUpdate defaults.media-session cfg.config.media-session; v4l2-monitor = recursiveUpdate defaults.v4l2-monitor cfg.config.v4l2-monitor; }; @@ -39,14 +37,14 @@ in { enable = mkOption { type = types.bool; default = config.services.pipewire.enable; - defaultText = "config.services.pipewire.enable"; + defaultText = literalExpression "config.services.pipewire.enable"; description = "Example pipewire session manager"; }; package = mkOption { type = types.package; default = pkgs.pipewire.mediaSession; - example = literalExample "pkgs.pipewire.mediaSession"; + defaultText = literalExpression "pkgs.pipewire.mediaSession"; description = '' The pipewire-media-session derivation to use. ''; @@ -122,10 +120,6 @@ in { mkIf config.services.pipewire.pulse.enable { source = json.generate "bluez-monitor.conf" configs.bluez-monitor; }; - environment.etc."pipewire/media-session.d/bluez-hardware.conf" = - mkIf config.services.pipewire.pulse.enable { - source = json.generate "bluez-hardware.conf" configs.bluez-hardware; - }; environment.etc."pipewire/media-session.d/with-jack" = mkIf config.services.pipewire.jack.enable { diff --git a/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix b/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix index bc75aa2717a9..604645b2b18a 100644 --- a/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix +++ b/nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix @@ -51,8 +51,7 @@ in { package = mkOption { type = types.package; default = pkgs.pipewire; - defaultText = "pkgs.pipewire"; - example = literalExample "pkgs.pipewire"; + defaultText = literalExpression "pkgs.pipewire"; description = '' The pipewire derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/development/distccd.nix b/nixpkgs/nixos/modules/services/development/distccd.nix index 8790ea08d0c1..9f6d5c813c45 100644 --- a/nixpkgs/nixos/modules/services/development/distccd.nix +++ b/nixpkgs/nixos/modules/services/development/distccd.nix @@ -69,7 +69,7 @@ in package = mkOption { type = types.package; default = pkgs.distcc; - example = "pkgs.distcc"; + defaultText = literalExpression "pkgs.distcc"; description = '' The distcc package to use. ''; diff --git a/nixpkgs/nixos/modules/services/development/hoogle.nix b/nixpkgs/nixos/modules/services/development/hoogle.nix index a6693013b73c..7c635f7a5b8d 100644 --- a/nixpkgs/nixos/modules/services/development/hoogle.nix +++ b/nixpkgs/nixos/modules/services/development/hoogle.nix @@ -27,8 +27,8 @@ in { packages = mkOption { type = types.functionTo (types.listOf types.package); default = hp: []; - defaultText = "hp: []"; - example = "hp: with hp; [ text lens ]"; + defaultText = literalExpression "hp: []"; + example = literalExpression "hp: with hp; [ text lens ]"; description = '' The Haskell packages to generate documentation for. @@ -41,7 +41,7 @@ in { haskellPackages = mkOption { description = "Which haskell package set to use."; default = pkgs.haskellPackages; - defaultText = "pkgs.haskellPackages"; + defaultText = literalExpression "pkgs.haskellPackages"; }; home = mkOption { diff --git a/nixpkgs/nixos/modules/services/development/jupyter/default.nix b/nixpkgs/nixos/modules/services/development/jupyter/default.nix index 21b84b3bcdaa..bebb3c3f13f0 100644 --- a/nixpkgs/nixos/modules/services/development/jupyter/default.nix +++ b/nixpkgs/nixos/modules/services/development/jupyter/default.nix @@ -40,6 +40,7 @@ in { # want to pass in JUPYTER_PATH but use .environment instead, # saving a rebuild. default = pkgs.python3.pkgs.notebook; + defaultText = literalExpression "pkgs.python3.pkgs.notebook"; description = '' Jupyter package to use. ''; @@ -105,10 +106,7 @@ in { "open('/path/secret_file', 'r', encoding='utf8').read().strip()" It will be interpreted at the end of the notebookConfig. ''; - example = [ - "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'" - "open('/path/secret_file', 'r', encoding='utf8').read().strip()" - ]; + example = "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'"; }; notebookConfig = mkOption { @@ -125,7 +123,7 @@ in { }))); default = null; - example = literalExample '' + example = literalExpression '' { python3 = let env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ diff --git a/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix b/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix index 03547637449a..348a8b44b382 100644 --- a/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix +++ b/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix @@ -9,10 +9,10 @@ with lib; displayName = mkOption { type = types.str; default = ""; - example = [ + example = literalExpression '' "Python 3" "Python 3 for Data Science" - ]; + ''; description = '' Name that will be shown to the user. ''; @@ -43,7 +43,7 @@ with lib; logo32 = mkOption { type = types.nullOr types.path; default = null; - example = "{env.sitePackages}/ipykernel/resources/logo-32x32.png"; + example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"''; description = '' Path to 32x32 logo png. ''; @@ -51,7 +51,7 @@ with lib; logo64 = mkOption { type = types.nullOr types.path; default = null; - example = "{env.sitePackages}/ipykernel/resources/logo-64x64.png"; + example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"''; description = '' Path to 64x64 logo png. ''; diff --git a/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix b/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix index a1df4468cfff..fa6b3be960ab 100644 --- a/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix +++ b/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix @@ -66,18 +66,24 @@ in { defaults for configuration but you can override anything since this is a python file. ''; - example = literalExample '' - c.SystemdSpawner.mem_limit = '8G' - c.SystemdSpawner.cpu_limit = 2.0 + example = '' + c.SystemdSpawner.mem_limit = '8G' + c.SystemdSpawner.cpu_limit = 2.0 ''; }; jupyterhubEnv = mkOption { type = types.package; - default = (pkgs.python3.withPackages (p: with p; [ + default = pkgs.python3.withPackages (p: with p; [ jupyterhub jupyterhub-systemdspawner - ])); + ]); + defaultText = literalExpression '' + pkgs.python3.withPackages (p: with p; [ + jupyterhub + jupyterhub-systemdspawner + ]) + ''; description = '' Python environment to run jupyterhub @@ -90,10 +96,16 @@ in { jupyterlabEnv = mkOption { type = types.package; - default = (pkgs.python3.withPackages (p: with p; [ + default = pkgs.python3.withPackages (p: with p; [ jupyterhub jupyterlab - ])); + ]); + defaultText = literalExpression '' + pkgs.python3.withPackages (p: with p; [ + jupyterhub + jupyterlab + ]) + ''; description = '' Python environment to run jupyterlab @@ -111,7 +123,7 @@ in { }))); default = null; - example = literalExample '' + example = literalExpression '' { python3 = let env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ diff --git a/nixpkgs/nixos/modules/services/development/lorri.nix b/nixpkgs/nixos/modules/services/development/lorri.nix index fc576e4c18ba..bda63518bfd9 100644 --- a/nixpkgs/nixos/modules/services/development/lorri.nix +++ b/nixpkgs/nixos/modules/services/development/lorri.nix @@ -21,8 +21,7 @@ in { description = '' The lorri package to use. ''; - defaultText = lib.literalExample "pkgs.lorri"; - example = lib.literalExample "pkgs.lorri"; + defaultText = lib.literalExpression "pkgs.lorri"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/display-managers/greetd.nix b/nixpkgs/nixos/modules/services/display-managers/greetd.nix index d4f5dc267d09..895961707d36 100644 --- a/nixpkgs/nixos/modules/services/display-managers/greetd.nix +++ b/nixpkgs/nixos/modules/services/display-managers/greetd.nix @@ -13,13 +13,13 @@ in package = mkOption { type = types.package; default = pkgs.greetd.greetd; - defaultText = "pkgs.greetd.greetd"; + defaultText = literalExpression "pkgs.greetd.greetd"; description = "The greetd package that should be used."; }; settings = mkOption { type = settingsFormat.type; - example = literalExample '' + example = literalExpression '' { default_session = { command = "''${pkgs.greetd.greetd}/bin/agreety --cmd sway"; @@ -43,7 +43,7 @@ in restart = mkOption { type = types.bool; default = !(cfg.settings ? initial_session); - defaultText = "!(config.services.greetd.settings ? initial_session)"; + defaultText = literalExpression "!(config.services.greetd.settings ? initial_session)"; description = '' Wether to restart greetd when it terminates (e.g. on failure). This is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin), diff --git a/nixpkgs/nixos/modules/services/editors/emacs.nix b/nixpkgs/nixos/modules/services/editors/emacs.nix index 00d9eaad9eb9..e2bbd27f6e56 100644 --- a/nixpkgs/nixos/modules/services/editors/emacs.nix +++ b/nixpkgs/nixos/modules/services/editors/emacs.nix @@ -66,7 +66,7 @@ in package = mkOption { type = types.package; default = pkgs.emacs; - defaultText = "pkgs.emacs"; + defaultText = literalExpression "pkgs.emacs"; description = '' emacs derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/editors/infinoted.nix b/nixpkgs/nixos/modules/services/editors/infinoted.nix index 3eb0753194dd..16fe52a232bd 100644 --- a/nixpkgs/nixos/modules/services/editors/infinoted.nix +++ b/nixpkgs/nixos/modules/services/editors/infinoted.nix @@ -11,7 +11,7 @@ in { package = mkOption { type = types.package; default = pkgs.libinfinity; - defaultText = "pkgs.libinfinity"; + defaultText = literalExpression "pkgs.libinfinity"; description = '' Package providing infinoted ''; diff --git a/nixpkgs/nixos/modules/services/games/crossfire-server.nix b/nixpkgs/nixos/modules/services/games/crossfire-server.nix index 974aea0cd671..a33025e0c3e1 100644 --- a/nixpkgs/nixos/modules/services/games/crossfire-server.nix +++ b/nixpkgs/nixos/modules/services/games/crossfire-server.nix @@ -18,7 +18,7 @@ in { package = mkOption { type = types.package; default = pkgs.crossfire-server; - defaultText = "pkgs.crossfire-server"; + defaultText = literalExpression "pkgs.crossfire-server"; description = '' The package to use for the Crossfire server (and map/arch data, if you don't change dataDir). @@ -28,7 +28,7 @@ in { dataDir = mkOption { type = types.str; default = "${cfg.package}/share/crossfire"; - defaultText = "\${config.services.crossfire.package}/share/crossfire"; + defaultText = literalExpression ''"''${config.services.crossfire.package}/share/crossfire"''; description = '' Where to load readonly data from -- maps, archetypes, treasure tables, and the like. If you plan to edit the data on the live server (rather @@ -72,30 +72,32 @@ in { overwrite the example files that come with the server, rather than being appended to them as the other configuration files are. ''; - example = literalExample '' - dm_file = ''' - admin:secret_password:localhost - jane:xyzzy:* - '''; - ban_file = ''' - # Bob is a jerk - bob@* - # So is everyone on 192.168.86.255/24 - *@192.168.86. - '''; - metaserver2 = ''' - metaserver2_notification on - localhostname crossfire.example.net - '''; - motd = "Welcome to CrossFire!"; - news = "No news yet."; - rules = "Don't be a jerk."; - settings = ''' - # be nicer to newbies and harsher to experienced players - balanced_stat_loss true - # don't let players pick up and use admin-created items - real_wiz false - '''; + example = literalExpression '' + { + dm_file = ''' + admin:secret_password:localhost + jane:xyzzy:* + '''; + ban_file = ''' + # Bob is a jerk + bob@* + # So is everyone on 192.168.86.255/24 + *@192.168.86. + '''; + metaserver2 = ''' + metaserver2_notification on + localhostname crossfire.example.net + '''; + motd = "Welcome to CrossFire!"; + news = "No news yet."; + rules = "Don't be a jerk."; + settings = ''' + # be nicer to newbies and harsher to experienced players + balanced_stat_loss true + # don't let players pick up and use admin-created items + real_wiz false + '''; + } ''; default = {}; }; diff --git a/nixpkgs/nixos/modules/services/games/deliantra-server.nix b/nixpkgs/nixos/modules/services/games/deliantra-server.nix index 36bf60417626..b7011f4c3542 100644 --- a/nixpkgs/nixos/modules/services/games/deliantra-server.nix +++ b/nixpkgs/nixos/modules/services/games/deliantra-server.nix @@ -18,7 +18,7 @@ in { package = mkOption { type = types.package; default = pkgs.deliantra-server; - defaultText = "pkgs.deliantra-server"; + defaultText = literalExpression "pkgs.deliantra-server"; description = '' The package to use for the Deliantra server (and map/arch data, if you don't change dataDir). @@ -28,7 +28,7 @@ in { dataDir = mkOption { type = types.str; default = "${pkgs.deliantra-data}"; - defaultText = "\${pkgs.deliantra-data}"; + defaultText = literalExpression ''"''${pkgs.deliantra-data}"''; description = '' Where to store readonly data (maps, archetypes, sprites, etc). Note that if you plan to use the live map editor (rather than editing @@ -69,22 +69,24 @@ in { The example here is not comprehensive. See the files in /etc/deliantra-server after enabling this module for full documentation. ''; - example = literalExample '' - dm_file = ''' - admin:secret_password:localhost - jane:xyzzy:* - '''; - motd = "Welcome to Deliantra!"; - settings = ''' - # Settings for game mechanics. - stat_loss_on_death true - armor_max_enchant 7 - '''; - config = ''' - # Settings for the server daemon. - hiscore_url https://deliantra.example.net/scores/ - max_map_reset 86400 - '''; + example = literalExpression '' + { + dm_file = ''' + admin:secret_password:localhost + jane:xyzzy:* + '''; + motd = "Welcome to Deliantra!"; + settings = ''' + # Settings for game mechanics. + stat_loss_on_death true + armor_max_enchant 7 + '''; + config = ''' + # Settings for the server daemon. + hiscore_url https://deliantra.example.net/scores/ + max_map_reset 86400 + '''; + } ''; default = { motd = ""; diff --git a/nixpkgs/nixos/modules/services/games/factorio.nix b/nixpkgs/nixos/modules/services/games/factorio.nix index 3cb142757927..0e8860a02819 100644 --- a/nixpkgs/nixos/modules/services/games/factorio.nix +++ b/nixpkgs/nixos/modules/services/games/factorio.nix @@ -86,7 +86,7 @@ in configFile = mkOption { type = types.path; default = configFile; - defaultText = "configFile"; + defaultText = literalExpression "configFile"; description = '' The server's configuration file. @@ -162,8 +162,8 @@ in package = mkOption { type = types.package; default = pkgs.factorio-headless; - defaultText = "pkgs.factorio-headless"; - example = "pkgs.factorio-headless-experimental"; + defaultText = literalExpression "pkgs.factorio-headless"; + example = literalExpression "pkgs.factorio-headless-experimental"; description = '' Factorio version to use. This defaults to the stable channel. ''; diff --git a/nixpkgs/nixos/modules/services/games/minecraft-server.nix b/nixpkgs/nixos/modules/services/games/minecraft-server.nix index 458e57fef846..ddbe9508a4dc 100644 --- a/nixpkgs/nixos/modules/services/games/minecraft-server.nix +++ b/nixpkgs/nixos/modules/services/games/minecraft-server.nix @@ -109,7 +109,7 @@ in { You can use <link xlink:href="https://mcuuid.net/"/> to get a Minecraft UUID for a username. ''; - example = literalExample '' + example = literalExpression '' { username1 = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; username2 = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"; @@ -120,7 +120,7 @@ in { serverProperties = mkOption { type = with types; attrsOf (oneOf [ bool int str ]); default = {}; - example = literalExample '' + example = literalExpression '' { server-port = 43000; difficulty = 3; @@ -144,8 +144,8 @@ in { package = mkOption { type = types.package; default = pkgs.minecraft-server; - defaultText = "pkgs.minecraft-server"; - example = literalExample "pkgs.minecraft-server_1_12_2"; + defaultText = literalExpression "pkgs.minecraft-server"; + example = literalExpression "pkgs.minecraft-server_1_12_2"; description = "Version of minecraft-server to run."; }; diff --git a/nixpkgs/nixos/modules/services/hardware/acpid.nix b/nixpkgs/nixos/modules/services/hardware/acpid.nix index 3e619fe32ef1..883ef0830037 100644 --- a/nixpkgs/nixos/modules/services/hardware/acpid.nix +++ b/nixpkgs/nixos/modules/services/hardware/acpid.nix @@ -61,7 +61,7 @@ in options = { event = mkOption { type = types.str; - example = [ "button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*" ]; + example = literalExpression ''"button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*"''; description = "Event type."; }; diff --git a/nixpkgs/nixos/modules/services/hardware/actkbd.nix b/nixpkgs/nixos/modules/services/hardware/actkbd.nix index f7770f85da33..b499de97b2c3 100644 --- a/nixpkgs/nixos/modules/services/hardware/actkbd.nix +++ b/nixpkgs/nixos/modules/services/hardware/actkbd.nix @@ -74,7 +74,7 @@ in bindings = mkOption { type = types.listOf (types.submodule bindingCfg); default = []; - example = lib.literalExample '' + example = lib.literalExpression '' [ { keys = [ 113 ]; events = [ "key" ]; command = "''${pkgs.alsa-utils}/bin/amixer -q set Master toggle"; } ] ''; diff --git a/nixpkgs/nixos/modules/services/hardware/bluetooth.nix b/nixpkgs/nixos/modules/services/hardware/bluetooth.nix index 08ad90126b1d..7f75ac272d40 100644 --- a/nixpkgs/nixos/modules/services/hardware/bluetooth.nix +++ b/nixpkgs/nixos/modules/services/hardware/bluetooth.nix @@ -6,7 +6,7 @@ let inherit (lib) mkDefault mkEnableOption mkIf mkOption mkRenamedOptionModule mkRemovedOptionModule - concatStringsSep escapeShellArgs + concatStringsSep escapeShellArgs literalExpression optional optionals optionalAttrs recursiveUpdate types; cfgFmt = pkgs.formats.ini { }; @@ -53,8 +53,8 @@ in package = mkOption { type = types.package; default = pkgs.bluez; - defaultText = "pkgs.bluez"; - example = "pkgs.bluezFull"; + defaultText = literalExpression "pkgs.bluez"; + example = literalExpression "pkgs.bluezFull"; description = '' Which BlueZ package to use. diff --git a/nixpkgs/nixos/modules/services/hardware/freefall.nix b/nixpkgs/nixos/modules/services/hardware/freefall.nix index 83f1e8c84f28..3f7b15924496 100644 --- a/nixpkgs/nixos/modules/services/hardware/freefall.nix +++ b/nixpkgs/nixos/modules/services/hardware/freefall.nix @@ -21,7 +21,7 @@ in { package = mkOption { type = types.package; default = pkgs.freefall; - defaultText = "pkgs.freefall"; + defaultText = literalExpression "pkgs.freefall"; description = '' freefall derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/fwupd.nix b/nixpkgs/nixos/modules/services/hardware/fwupd.nix index 51eca19dca32..e0506416ffa3 100644 --- a/nixpkgs/nixos/modules/services/hardware/fwupd.nix +++ b/nixpkgs/nixos/modules/services/hardware/fwupd.nix @@ -80,7 +80,7 @@ in { extraTrustedKeys = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ /etc/nixos/fwupd/myfirmware.pem ]"; + example = literalExpression "[ /etc/nixos/fwupd/myfirmware.pem ]"; description = '' Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default. ''; @@ -98,6 +98,7 @@ in { package = mkOption { type = types.package; default = pkgs.fwupd; + defaultText = literalExpression "pkgs.fwupd"; description = '' Which fwupd package to use. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/interception-tools.nix b/nixpkgs/nixos/modules/services/hardware/interception-tools.nix index fadcb19a016f..e69c05841ee0 100644 --- a/nixpkgs/nixos/modules/services/hardware/interception-tools.nix +++ b/nixpkgs/nixos/modules/services/hardware/interception-tools.nix @@ -15,6 +15,7 @@ in { plugins = mkOption { type = types.listOf types.package; default = [ pkgs.interception-tools-plugins.caps2esc ]; + defaultText = literalExpression "[ pkgs.interception-tools-plugins.caps2esc ]"; description = '' A list of interception tools plugins that will be made available to use inside the udevmon configuration. diff --git a/nixpkgs/nixos/modules/services/hardware/joycond.nix b/nixpkgs/nixos/modules/services/hardware/joycond.nix new file mode 100644 index 000000000000..ffef4f8a4e18 --- /dev/null +++ b/nixpkgs/nixos/modules/services/hardware/joycond.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.joycond; + kernelPackages = config.boot.kernelPackages; +in + +with lib; + +{ + options.services.joycond = { + enable = mkEnableOption "support for Nintendo Pro Controllers and Joycons"; + + package = mkOption { + type = types.package; + default = pkgs.joycond; + defaultText = "pkgs.joycond"; + description = '' + The joycond package to use. + ''; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ + kernelPackages.hid-nintendo + cfg.package + ]; + + boot.extraModulePackages = [ kernelPackages.hid-nintendo ]; + boot.kernelModules = [ "hid_nintendo" ]; + + services.udev.packages = [ cfg.package ]; + + systemd.packages = [ cfg.package ]; + + # Workaround for https://github.com/NixOS/nixpkgs/issues/81138 + systemd.services.joycond.wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/nixpkgs/nixos/modules/services/hardware/lirc.nix b/nixpkgs/nixos/modules/services/hardware/lirc.nix index 826e512c75d1..f970b0a095c3 100644 --- a/nixpkgs/nixos/modules/services/hardware/lirc.nix +++ b/nixpkgs/nixos/modules/services/hardware/lirc.nix @@ -65,7 +65,7 @@ in { unitConfig.Documentation = [ "man:lircd(8)" ]; serviceConfig = { - RuntimeDirectory = "lirc"; + RuntimeDirectory = ["lirc" "lirc/lock"]; # Service runtime directory and socket share same folder. # Following hacks are necessary to get everything right: diff --git a/nixpkgs/nixos/modules/services/hardware/pcscd.nix b/nixpkgs/nixos/modules/services/hardware/pcscd.nix index 4fc1e351f503..b1a5c680a022 100644 --- a/nixpkgs/nixos/modules/services/hardware/pcscd.nix +++ b/nixpkgs/nixos/modules/services/hardware/pcscd.nix @@ -21,8 +21,8 @@ in plugins = mkOption { type = types.listOf types.package; default = [ pkgs.ccid ]; - defaultText = "[ pkgs.ccid ]"; - example = literalExample "[ pkgs.pcsc-cyberjack ]"; + defaultText = literalExpression "[ pkgs.ccid ]"; + example = literalExpression "[ pkgs.pcsc-cyberjack ]"; description = "Plugin packages to be used for PCSC-Lite."; }; diff --git a/nixpkgs/nixos/modules/services/hardware/sane.nix b/nixpkgs/nixos/modules/services/hardware/sane.nix index ccf726bd182b..caf232e234eb 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane.nix @@ -73,7 +73,7 @@ in The example contains the package for HP scanners. </para></note> ''; - example = literalExample "[ pkgs.hplipWithPlugin ]"; + example = literalExpression "[ pkgs.hplipWithPlugin ]"; }; hardware.sane.disabledDefaultBackends = mkOption { @@ -115,6 +115,7 @@ in hardware.sane.drivers.scanSnap.package = mkOption { type = types.package; default = pkgs.sane-drivers.epjitsu; + defaultText = literalExpression "pkgs.sane-drivers.epjitsu"; description = '' Epjitsu driver package to use. Useful if you want to extract the driver files yourself. diff --git a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix index a6afa01dd812..8f9998108406 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix @@ -20,7 +20,7 @@ let the name of attribute will be used. ''; - example = literalExample "office1"; + example = "office1"; }; model = mkOption { @@ -29,7 +29,7 @@ let The model of the network device. ''; - example = literalExample "MFC-7860DW"; + example = "MFC-7860DW"; }; ip = mkOption { @@ -40,7 +40,7 @@ let provide a nodename. ''; - example = literalExample "192.168.1.2"; + example = "192.168.1.2"; }; nodename = mkOption { @@ -51,7 +51,7 @@ let provide an ip. ''; - example = literalExample "BRW0080927AFBCE"; + example = "BRW0080927AFBCE"; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix index 89b5ff0e0282..2e4ad8cc3ba0 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix @@ -20,7 +20,7 @@ let the name of attribute will be used. ''; - example = literalExample "office1"; + example = "office1"; }; model = mkOption { @@ -29,7 +29,7 @@ let The model of the network device. ''; - example = literalExample "ADS-1200"; + example = "ADS-1200"; }; ip = mkOption { @@ -40,7 +40,7 @@ let provide a nodename. ''; - example = literalExample "192.168.1.2"; + example = "192.168.1.2"; }; nodename = mkOption { @@ -51,7 +51,7 @@ let provide an ip. ''; - example = literalExample "BRW0080927AFBCE"; + example = "BRW0080927AFBCE"; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/thermald.nix b/nixpkgs/nixos/modules/services/hardware/thermald.nix index aa936ac09d1d..3b495d00df07 100644 --- a/nixpkgs/nixos/modules/services/hardware/thermald.nix +++ b/nixpkgs/nixos/modules/services/hardware/thermald.nix @@ -27,7 +27,7 @@ in { package = mkOption { type = types.package; default = pkgs.thermald; - defaultText = "pkgs.thermald"; + defaultText = literalExpression "pkgs.thermald"; description = "Which thermald package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix b/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix index f9f5234bdc3f..4e979c4d8fa1 100644 --- a/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix @@ -69,7 +69,7 @@ in bindings = mkOption { type = types.listOf (types.submodule bindingCfg); default = []; - example = lib.literalExample '' + example = lib.literalExpression '' [ { keys = ["PLAYPAUSE"]; cmd = "''${pkgs.mpc_cli}/bin/mpc -q toggle"; } ] ''; description = '' diff --git a/nixpkgs/nixos/modules/services/hardware/undervolt.nix b/nixpkgs/nixos/modules/services/hardware/undervolt.nix index 9c2f78a755dd..212c0227c0d0 100644 --- a/nixpkgs/nixos/modules/services/hardware/undervolt.nix +++ b/nixpkgs/nixos/modules/services/hardware/undervolt.nix @@ -50,7 +50,7 @@ in package = mkOption { type = types.package; default = pkgs.undervolt; - defaultText = "pkgs.undervolt"; + defaultText = literalExpression "pkgs.undervolt"; description = '' undervolt derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/upower.nix b/nixpkgs/nixos/modules/services/hardware/upower.nix index 449810b53150..92c060147bfc 100644 --- a/nixpkgs/nixos/modules/services/hardware/upower.nix +++ b/nixpkgs/nixos/modules/services/hardware/upower.nix @@ -30,8 +30,7 @@ in package = mkOption { type = types.package; default = pkgs.upower; - defaultText = "pkgs.upower"; - example = lib.literalExample "pkgs.upower"; + defaultText = literalExpression "pkgs.upower"; description = '' Which upower package to use. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/vdr.nix b/nixpkgs/nixos/modules/services/hardware/vdr.nix index 8a6cde51b06f..5ec222b805c8 100644 --- a/nixpkgs/nixos/modules/services/hardware/vdr.nix +++ b/nixpkgs/nixos/modules/services/hardware/vdr.nix @@ -17,8 +17,8 @@ in { package = mkOption { type = types.package; default = pkgs.vdr; - defaultText = "pkgs.vdr"; - example = literalExample "pkgs.wrapVdr.override { plugins = with pkgs.vdrPlugins; [ hello ]; }"; + defaultText = literalExpression "pkgs.vdr"; + example = literalExpression "pkgs.wrapVdr.override { plugins = with pkgs.vdrPlugins; [ hello ]; }"; description = "Package to use."; }; diff --git a/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix b/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix index f26aef7262ba..f28ecab8ac23 100644 --- a/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix +++ b/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix @@ -36,6 +36,7 @@ in package = mkOption { type = types.package; default = pkgs.systemd-journal2gelf; + defaultText = literalExpression "pkgs.systemd-journal2gelf"; description = '' SystemdJournal2Gelf package to use. ''; diff --git a/nixpkgs/nixos/modules/services/logging/awstats.nix b/nixpkgs/nixos/modules/services/logging/awstats.nix index 896f52302ff3..df0124380ff0 100644 --- a/nixpkgs/nixos/modules/services/logging/awstats.nix +++ b/nixpkgs/nixos/modules/services/logging/awstats.nix @@ -51,7 +51,7 @@ let hostAliases = mkOption { type = types.listOf types.str; default = []; - example = "[ \"www.example.org\" ]"; + example = [ "www.example.org" ]; description = '' List of aliases the site has. ''; @@ -60,12 +60,12 @@ let extraConfig = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { "ValidHTTPCodes" = "404"; } ''; - description = "Extra configuration to be appendend to awstats.\${name}.conf."; + description = "Extra configuration to be appended to awstats.\${name}.conf."; }; webService = { @@ -106,7 +106,7 @@ in configs = mkOption { type = types.attrsOf (types.submodule configOpts); default = {}; - example = literalExample '' + example = literalExpression '' { "mysite" = { domain = "example.com"; diff --git a/nixpkgs/nixos/modules/services/logging/fluentd.nix b/nixpkgs/nixos/modules/services/logging/fluentd.nix index 95825705d9d7..dd19617a13ff 100644 --- a/nixpkgs/nixos/modules/services/logging/fluentd.nix +++ b/nixpkgs/nixos/modules/services/logging/fluentd.nix @@ -27,7 +27,7 @@ in { package = mkOption { type = types.path; default = pkgs.fluentd; - defaultText = "pkgs.fluentd"; + defaultText = literalExpression "pkgs.fluentd"; description = "The fluentd package to use."; }; diff --git a/nixpkgs/nixos/modules/services/logging/graylog.nix b/nixpkgs/nixos/modules/services/logging/graylog.nix index 5e20a10f2490..e6a23233ba28 100644 --- a/nixpkgs/nixos/modules/services/logging/graylog.nix +++ b/nixpkgs/nixos/modules/services/logging/graylog.nix @@ -38,14 +38,13 @@ in package = mkOption { type = types.package; default = pkgs.graylog; - defaultText = "pkgs.graylog"; + defaultText = literalExpression "pkgs.graylog"; description = "Graylog package to use."; }; user = mkOption { type = types.str; default = "graylog"; - example = literalExample "graylog"; description = "User account under which graylog runs"; }; @@ -90,7 +89,7 @@ in elasticsearchHosts = mkOption { type = types.listOf types.str; - example = literalExample ''[ "http://node1:9200" "http://user:password@node2:19200" ]''; + example = literalExpression ''[ "http://node1:9200" "http://user:password@node2:19200" ]''; description = "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication"; }; diff --git a/nixpkgs/nixos/modules/services/logging/journalbeat.nix b/nixpkgs/nixos/modules/services/logging/journalbeat.nix index 89f53b1b2454..2d98598c1bee 100644 --- a/nixpkgs/nixos/modules/services/logging/journalbeat.nix +++ b/nixpkgs/nixos/modules/services/logging/journalbeat.nix @@ -27,8 +27,8 @@ in package = mkOption { type = types.package; default = pkgs.journalbeat; - defaultText = "pkgs.journalbeat"; - example = literalExample "pkgs.journalbeat7"; + defaultText = literalExpression "pkgs.journalbeat"; + example = literalExpression "pkgs.journalbeat7"; description = '' The journalbeat package to use ''; diff --git a/nixpkgs/nixos/modules/services/logging/logcheck.nix b/nixpkgs/nixos/modules/services/logging/logcheck.nix index 348ed8adf903..c8738b734f9a 100644 --- a/nixpkgs/nixos/modules/services/logging/logcheck.nix +++ b/nixpkgs/nixos/modules/services/logging/logcheck.nix @@ -172,7 +172,7 @@ in extraRulesDirs = mkOption { default = []; - example = "/etc/logcheck"; + example = [ "/etc/logcheck" ]; type = types.listOf types.path; description = '' Directories with extra rules. diff --git a/nixpkgs/nixos/modules/services/logging/logrotate.nix b/nixpkgs/nixos/modules/services/logging/logrotate.nix index 7d6102b82557..624b6cfb1215 100644 --- a/nixpkgs/nixos/modules/services/logging/logrotate.nix +++ b/nixpkgs/nixos/modules/services/logging/logrotate.nix @@ -111,7 +111,7 @@ in can be controlled by the <link linkend="opt-services.logrotate.paths._name_.priority">priority</link> option using the same semantics as `lib.mkOrder`. Smaller values have a greater priority. ''; - example = literalExample '' + example = literalExpression '' { httpd = { path = "/var/log/httpd/*.log"; diff --git a/nixpkgs/nixos/modules/services/logging/logstash.nix b/nixpkgs/nixos/modules/services/logging/logstash.nix index 7a2f5681612c..044d5330231e 100644 --- a/nixpkgs/nixos/modules/services/logging/logstash.nix +++ b/nixpkgs/nixos/modules/services/logging/logstash.nix @@ -53,15 +53,14 @@ in package = mkOption { type = types.package; default = pkgs.logstash; - defaultText = "pkgs.logstash"; - example = literalExample "pkgs.logstash"; + defaultText = literalExpression "pkgs.logstash"; description = "Logstash package to use."; }; plugins = mkOption { type = types.listOf types.path; default = [ ]; - example = literalExample "[ pkgs.logstash-contrib ]"; + example = literalExpression "[ pkgs.logstash-contrib ]"; description = "The paths to find other logstash plugins in."; }; @@ -102,12 +101,14 @@ in type = types.lines; default = "generator { }"; description = "Logstash input configuration."; - example = '' - # Read from journal - pipe { - command => "''${pkgs.systemd}/bin/journalctl -f -o json" - type => "syslog" codec => json {} - } + example = literalExpression '' + ''' + # Read from journal + pipe { + command => "''${pkgs.systemd}/bin/journalctl -f -o json" + type => "syslog" codec => json {} + } + ''' ''; }; diff --git a/nixpkgs/nixos/modules/services/logging/syslog-ng.nix b/nixpkgs/nixos/modules/services/logging/syslog-ng.nix index 35055311680b..0a57bf20bd07 100644 --- a/nixpkgs/nixos/modules/services/logging/syslog-ng.nix +++ b/nixpkgs/nixos/modules/services/logging/syslog-ng.nix @@ -43,7 +43,7 @@ in { package = mkOption { type = types.package; default = pkgs.syslogng; - defaultText = "pkgs.syslogng"; + defaultText = literalExpression "pkgs.syslogng"; description = '' The package providing syslog-ng binaries. ''; @@ -51,7 +51,7 @@ in { extraModulePaths = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ "''${pkgs.syslogng_incubator}/lib/syslog-ng" ] ''; description = '' diff --git a/nixpkgs/nixos/modules/services/mail/davmail.nix b/nixpkgs/nixos/modules/services/mail/davmail.nix index 374a3dd75c1c..e9f31e6fb390 100644 --- a/nixpkgs/nixos/modules/services/mail/davmail.nix +++ b/nixpkgs/nixos/modules/services/mail/davmail.nix @@ -42,7 +42,7 @@ in and <link xlink:href="http://davmail.sourceforge.net/advanced.html"/> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { davmail.allowRemote = true; davmail.imapPort = 55555; diff --git a/nixpkgs/nixos/modules/services/mail/dovecot.nix b/nixpkgs/nixos/modules/services/mail/dovecot.nix index f3500f46e355..223f3bef77db 100644 --- a/nixpkgs/nixos/modules/services/mail/dovecot.nix +++ b/nixpkgs/nixos/modules/services/mail/dovecot.nix @@ -289,7 +289,7 @@ in modules = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.dovecot_pigeonhole ]"; + example = literalExpression "[ pkgs.dovecot_pigeonhole ]"; description = '' Symlinks the contents of lib/dovecot of every given package into /etc/dovecot/modules. This will make the given modules available @@ -339,7 +339,7 @@ in (list: listToAttrs (map (entry: { name = entry.name; value = removeAttrs entry ["name"]; }) list)) (attrsOf (submodule mailboxes)); default = {}; - example = literalExample '' + example = literalExpression '' { Spam = { specialUse = "Junk"; auto = "create"; }; } diff --git a/nixpkgs/nixos/modules/services/mail/exim.nix b/nixpkgs/nixos/modules/services/mail/exim.nix index 25b533578c94..7356db2b6a62 100644 --- a/nixpkgs/nixos/modules/services/mail/exim.nix +++ b/nixpkgs/nixos/modules/services/mail/exim.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf mkOption singleton types; + inherit (lib) literalExpression mkIf mkOption singleton types; inherit (pkgs) coreutils; cfg = config.services.exim; in @@ -60,7 +60,7 @@ in package = mkOption { type = types.package; default = pkgs.exim; - defaultText = "pkgs.exim"; + defaultText = literalExpression "pkgs.exim"; description = '' The Exim derivation to use. This can be used to enable features such as LDAP or PAM support. diff --git a/nixpkgs/nixos/modules/services/mail/mailman.nix b/nixpkgs/nixos/modules/services/mail/mailman.nix index da967714e6b6..901f29631936 100644 --- a/nixpkgs/nixos/modules/services/mail/mailman.nix +++ b/nixpkgs/nixos/modules/services/mail/mailman.nix @@ -82,8 +82,8 @@ in { package = mkOption { type = types.package; default = pkgs.mailman; - defaultText = "pkgs.mailman"; - example = literalExample "pkgs.mailman.override { archivers = []; }"; + defaultText = literalExpression "pkgs.mailman"; + example = literalExpression "pkgs.mailman.override { archivers = []; }"; description = "Mailman package to use"; }; diff --git a/nixpkgs/nixos/modules/services/mail/offlineimap.nix b/nixpkgs/nixos/modules/services/mail/offlineimap.nix index 294e3806f94a..451477581190 100644 --- a/nixpkgs/nixos/modules/services/mail/offlineimap.nix +++ b/nixpkgs/nixos/modules/services/mail/offlineimap.nix @@ -25,14 +25,14 @@ in { package = mkOption { type = types.package; default = pkgs.offlineimap; - defaultText = "pkgs.offlineimap"; + defaultText = literalExpression "pkgs.offlineimap"; description = "Offlineimap derivation to use."; }; path = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; + example = literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; description = "List of derivations to put in Offlineimap's path."; }; diff --git a/nixpkgs/nixos/modules/services/mail/opensmtpd.nix b/nixpkgs/nixos/modules/services/mail/opensmtpd.nix index ef7d53e7d927..e7632be28045 100644 --- a/nixpkgs/nixos/modules/services/mail/opensmtpd.nix +++ b/nixpkgs/nixos/modules/services/mail/opensmtpd.nix @@ -34,7 +34,7 @@ in { package = mkOption { type = types.package; default = pkgs.opensmtpd; - defaultText = "pkgs.opensmtpd"; + defaultText = literalExpression "pkgs.opensmtpd"; description = "The OpenSMTPD package to use."; }; @@ -103,7 +103,7 @@ in { }; security.wrappers.smtpctl = { - owner = "nobody"; + owner = "root"; group = "smtpq"; setuid = false; setgid = true; diff --git a/nixpkgs/nixos/modules/services/mail/postfix.nix b/nixpkgs/nixos/modules/services/mail/postfix.nix index 2b8edb9c51f8..6fc09682e0c0 100644 --- a/nixpkgs/nixos/modules/services/mail/postfix.nix +++ b/nixpkgs/nixos/modules/services/mail/postfix.nix @@ -505,6 +505,7 @@ in tlsTrustedAuthorities = mkOption { type = types.str; default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + defaultText = literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"''; description = '' File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery. This basically sets smtp_tls_CAfile and enables opportunistic tls. Defaults to NixOS trusted certification authorities. ''; @@ -544,7 +545,7 @@ in type = types.lines; default = ""; description = " - Entries for the virtual alias map, cf. man-page virtual(8). + Entries for the virtual alias map, cf. man-page virtual(5). "; }; @@ -673,7 +674,7 @@ in services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -682,7 +683,7 @@ in security.wrappers.mailq = { program = "mailq"; source = "${pkgs.postfix}/bin/mailq"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -691,7 +692,7 @@ in security.wrappers.postqueue = { program = "postqueue"; source = "${pkgs.postfix}/bin/postqueue"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -700,7 +701,7 @@ in security.wrappers.postdrop = { program = "postdrop"; source = "${pkgs.postfix}/bin/postdrop"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; diff --git a/nixpkgs/nixos/modules/services/mail/roundcube.nix b/nixpkgs/nixos/modules/services/mail/roundcube.nix index f9b63000473c..bf5abc7ba556 100644 --- a/nixpkgs/nixos/modules/services/mail/roundcube.nix +++ b/nixpkgs/nixos/modules/services/mail/roundcube.nix @@ -32,8 +32,9 @@ in package = mkOption { type = types.package; default = pkgs.roundcube; + defaultText = literalExpression "pkgs.roundcube"; - example = literalExample '' + example = literalExpression '' roundcube.withPlugins (plugins: [ plugins.persistent_login ]) ''; @@ -89,7 +90,7 @@ in dicts = mkOption { type = types.listOf types.package; default = []; - example = literalExample "with pkgs.aspellDicts; [ en fr de ]"; + example = literalExpression "with pkgs.aspellDicts; [ en fr de ]"; description = '' List of aspell dictionnaries for spell checking. If empty, spell checking is disabled. ''; diff --git a/nixpkgs/nixos/modules/services/mail/rspamd.nix b/nixpkgs/nixos/modules/services/mail/rspamd.nix index c78f464235aa..50208cbeb00a 100644 --- a/nixpkgs/nixos/modules/services/mail/rspamd.nix +++ b/nixpkgs/nixos/modules/services/mail/rspamd.nix @@ -240,7 +240,7 @@ in description = '' Local configuration files, written into <filename>/etc/rspamd/local.d/{name}</filename>. ''; - example = literalExample '' + example = literalExpression '' { "redis.conf".source = "/nix/store/.../etc/dir/redis.conf"; "arc.conf".text = "allow_envfrom_empty = true;"; } @@ -253,7 +253,7 @@ in description = '' Overridden configuration files, written into <filename>/etc/rspamd/override.d/{name}</filename>. ''; - example = literalExample '' + example = literalExpression '' { "redis.conf".source = "/nix/store/.../etc/dir/redis.conf"; "arc.conf".text = "allow_envfrom_empty = true;"; } @@ -278,7 +278,7 @@ in normal = {}; controller = {}; }; - example = literalExample '' + example = literalExpression '' { normal = { includes = [ "$CONFDIR/worker-normal.inc" ]; @@ -338,10 +338,6 @@ in smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"]; non_smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"]; }; - example = { - smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"]; - non_smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"]; - }; }; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/sympa.nix b/nixpkgs/nixos/modules/services/mail/sympa.nix index 491b6dba9aa4..f3578bef96ea 100644 --- a/nixpkgs/nixos/modules/services/mail/sympa.nix +++ b/nixpkgs/nixos/modules/services/mail/sympa.nix @@ -153,7 +153,7 @@ in Email domains handled by this instance. There have to be MX records for keys of this attribute set. ''; - example = literalExample '' + example = literalExpression '' { "lists.example.org" = { webHost = "lists.example.org"; @@ -200,7 +200,7 @@ in name = mkOption { type = str; default = if cfg.database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa"; - defaultText = ''if database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa"''; + defaultText = literalExpression ''if database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa"''; description = '' Database name. When using SQLite this must be an absolute path to the database file. @@ -279,7 +279,7 @@ in settings = mkOption { type = attrsOf (oneOf [ str int bool ]); default = {}; - example = literalExample '' + example = literalExpression '' { default_home = "lists"; viewlogs_page_size = 50; @@ -314,7 +314,7 @@ in config.source = mkIf (config.text != null) (mkDefault (pkgs.writeText "sympa-${baseNameOf name}" config.text)); })); default = {}; - example = literalExample '' + example = literalExpression '' { "list_data/lists.example.org/help" = { text = "subject This list provides help to users"; diff --git a/nixpkgs/nixos/modules/services/misc/airsonic.nix b/nixpkgs/nixos/modules/services/misc/airsonic.nix index c1ce515750b0..533a3d367a32 100644 --- a/nixpkgs/nixos/modules/services/misc/airsonic.nix +++ b/nixpkgs/nixos/modules/services/misc/airsonic.nix @@ -74,7 +74,7 @@ in { transcoders = mkOption { type = types.listOf types.path; default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; - defaultText= [ "\${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; + defaultText = literalExpression ''[ "''${pkgs.ffmpeg.bin}/bin/ffmpeg" ]''; description = '' List of paths to transcoder executables that should be accessible from Airsonic. Symlinks will be created to each executable inside @@ -85,7 +85,7 @@ in { jre = mkOption { type = types.package; default = pkgs.jre8; - defaultText = literalExample "pkgs.jre8"; + defaultText = literalExpression "pkgs.jre8"; description = '' JRE package to use. @@ -97,7 +97,7 @@ in { war = mkOption { type = types.path; default = "${pkgs.airsonic}/webapps/airsonic.war"; - defaultText = "\${pkgs.airsonic}/webapps/airsonic.war"; + defaultText = literalExpression ''"''${pkgs.airsonic}/webapps/airsonic.war"''; description = "Airsonic war file to use."; }; diff --git a/nixpkgs/nixos/modules/services/misc/ankisyncd.nix b/nixpkgs/nixos/modules/services/misc/ankisyncd.nix index 5fc19649d3d9..69e471f4f577 100644 --- a/nixpkgs/nixos/modules/services/misc/ankisyncd.nix +++ b/nixpkgs/nixos/modules/services/misc/ankisyncd.nix @@ -33,7 +33,7 @@ in package = mkOption { type = types.package; default = pkgs.ankisyncd; - defaultText = literalExample "pkgs.ankisyncd"; + defaultText = literalExpression "pkgs.ankisyncd"; description = "The package to use for the ankisyncd command."; }; diff --git a/nixpkgs/nixos/modules/services/misc/apache-kafka.nix b/nixpkgs/nixos/modules/services/misc/apache-kafka.nix index 8bc307311a42..d1856fff4aa4 100644 --- a/nixpkgs/nixos/modules/services/misc/apache-kafka.nix +++ b/nixpkgs/nixos/modules/services/misc/apache-kafka.nix @@ -102,14 +102,14 @@ in { package = mkOption { description = "The kafka package to use"; default = pkgs.apacheKafka; - defaultText = "pkgs.apacheKafka"; + defaultText = literalExpression "pkgs.apacheKafka"; type = types.package; }; jre = mkOption { description = "The JRE with which to run Kafka"; default = cfg.package.passthru.jre; - defaultText = "pkgs.apacheKafka.passthru.jre"; + defaultText = literalExpression "pkgs.apacheKafka.passthru.jre"; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/misc/autofs.nix b/nixpkgs/nixos/modules/services/misc/autofs.nix index 541f0d2db19f..5fce990afece 100644 --- a/nixpkgs/nixos/modules/services/misc/autofs.nix +++ b/nixpkgs/nixos/modules/services/misc/autofs.nix @@ -29,7 +29,7 @@ in autoMaster = mkOption { type = types.str; - example = literalExample '' + example = literalExpression '' let mapConf = pkgs.writeText "auto" ''' kernel -ro,soft,intr ftp.kernel.org:/pub/linux diff --git a/nixpkgs/nixos/modules/services/misc/bees.nix b/nixpkgs/nixos/modules/services/misc/bees.nix index 6b8cae84642f..cb97a86b8592 100644 --- a/nixpkgs/nixos/modules/services/misc/bees.nix +++ b/nixpkgs/nixos/modules/services/misc/bees.nix @@ -61,7 +61,7 @@ let description = '' Extra command-line options passed to the daemon. See upstream bees documentation. ''; - example = literalExample '' + example = literalExpression '' [ "--thread-count" "4" ] ''; }; @@ -75,7 +75,7 @@ in type = with types; attrsOf (submodule fsOptions); description = "BTRFS filesystems to run block-level deduplication on."; default = { }; - example = literalExample '' + example = literalExpression '' { root = { spec = "LABEL=root"; diff --git a/nixpkgs/nixos/modules/services/misc/cfdyndns.nix b/nixpkgs/nixos/modules/services/misc/cfdyndns.nix index 15af1f50da1d..5885617d7429 100644 --- a/nixpkgs/nixos/modules/services/misc/cfdyndns.nix +++ b/nixpkgs/nixos/modules/services/misc/cfdyndns.nix @@ -48,7 +48,7 @@ in description = "CloudFlare Dynamic DNS Client"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - startAt = "5 minutes"; + startAt = "*:0/5"; serviceConfig = { Type = "simple"; User = config.ids.uids.cfdyndns; diff --git a/nixpkgs/nixos/modules/services/misc/cgminer.nix b/nixpkgs/nixos/modules/services/misc/cgminer.nix index 5afc1546efa9..60f75530723b 100644 --- a/nixpkgs/nixos/modules/services/misc/cgminer.nix +++ b/nixpkgs/nixos/modules/services/misc/cgminer.nix @@ -35,7 +35,7 @@ in package = mkOption { default = pkgs.cgminer; - defaultText = "pkgs.cgminer"; + defaultText = literalExpression "pkgs.cgminer"; description = "Which cgminer derivation to use."; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/misc/clipcat.nix b/nixpkgs/nixos/modules/services/misc/clipcat.nix index 128bb9a89d69..8b749aa72896 100644 --- a/nixpkgs/nixos/modules/services/misc/clipcat.nix +++ b/nixpkgs/nixos/modules/services/misc/clipcat.nix @@ -12,7 +12,7 @@ in { package = mkOption { type = types.package; default = pkgs.clipcat; - defaultText = "pkgs.clipcat"; + defaultText = literalExpression "pkgs.clipcat"; description = "clipcat derivation to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/clipmenu.nix b/nixpkgs/nixos/modules/services/misc/clipmenu.nix index 3ba050044cac..ef95985f8d8a 100644 --- a/nixpkgs/nixos/modules/services/misc/clipmenu.nix +++ b/nixpkgs/nixos/modules/services/misc/clipmenu.nix @@ -12,7 +12,7 @@ in { package = mkOption { type = types.package; default = pkgs.clipmenu; - defaultText = "pkgs.clipmenu"; + defaultText = literalExpression "pkgs.clipmenu"; description = "clipmenu derivation to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/confd.nix b/nixpkgs/nixos/modules/services/misc/confd.nix index c1ebdb3dde91..6c66786524ba 100755 --- a/nixpkgs/nixos/modules/services/misc/confd.nix +++ b/nixpkgs/nixos/modules/services/misc/confd.nix @@ -64,7 +64,7 @@ in { package = mkOption { description = "Confd package to use."; default = pkgs.confd; - defaultText = "pkgs.confd"; + defaultText = literalExpression "pkgs.confd"; type = types.package; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/dictd.nix b/nixpkgs/nixos/modules/services/misc/dictd.nix index 12583bb5b6c6..8cb51bb0b7a7 100644 --- a/nixpkgs/nixos/modules/services/misc/dictd.nix +++ b/nixpkgs/nixos/modules/services/misc/dictd.nix @@ -25,8 +25,8 @@ in DBs = mkOption { type = types.listOf types.package; default = with pkgs.dictdDBs; [ wiktionary wordnet ]; - defaultText = "with pkgs.dictdDBs; [ wiktionary wordnet ]"; - example = literalExample "[ pkgs.dictdDBs.nld2eng ]"; + defaultText = literalExpression "with pkgs.dictdDBs; [ wiktionary wordnet ]"; + example = literalExpression "[ pkgs.dictdDBs.nld2eng ]"; description = "List of databases to make available."; }; diff --git a/nixpkgs/nixos/modules/services/misc/disnix.nix b/nixpkgs/nixos/modules/services/misc/disnix.nix index 24a259bb4d2b..07c0613336aa 100644 --- a/nixpkgs/nixos/modules/services/misc/disnix.nix +++ b/nixpkgs/nixos/modules/services/misc/disnix.nix @@ -31,7 +31,7 @@ in type = types.path; description = "The Disnix package"; default = pkgs.disnix; - defaultText = "pkgs.disnix"; + defaultText = literalExpression "pkgs.disnix"; }; enableProfilePath = mkEnableOption "exposing the Disnix profiles in the system's PATH"; @@ -39,7 +39,6 @@ in profiles = mkOption { type = types.listOf types.str; default = [ "default" ]; - example = [ "default" ]; description = "Names of the Disnix profiles to expose in the system's PATH"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/dwm-status.nix b/nixpkgs/nixos/modules/services/misc/dwm-status.nix index b98a42e6a6d2..5f591b3c5d41 100644 --- a/nixpkgs/nixos/modules/services/misc/dwm-status.nix +++ b/nixpkgs/nixos/modules/services/misc/dwm-status.nix @@ -27,8 +27,8 @@ in package = mkOption { type = types.package; default = pkgs.dwm-status; - defaultText = "pkgs.dwm-status"; - example = "pkgs.dwm-status.override { enableAlsaUtils = false; }"; + defaultText = literalExpression "pkgs.dwm-status"; + example = literalExpression "pkgs.dwm-status.override { enableAlsaUtils = false; }"; description = '' Which dwm-status package to use. ''; diff --git a/nixpkgs/nixos/modules/services/misc/etcd.nix b/nixpkgs/nixos/modules/services/misc/etcd.nix index 2b667fab6b04..c4ea091a0380 100644 --- a/nixpkgs/nixos/modules/services/misc/etcd.nix +++ b/nixpkgs/nixos/modules/services/misc/etcd.nix @@ -123,7 +123,7 @@ in { ''; type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { "CORS" = "*"; "NAME" = "default-name"; diff --git a/nixpkgs/nixos/modules/services/misc/etebase-server.nix b/nixpkgs/nixos/modules/services/misc/etebase-server.nix index b6bd6e9fd37b..dd84ac37b0d5 100644 --- a/nixpkgs/nixos/modules/services/misc/etebase-server.nix +++ b/nixpkgs/nixos/modules/services/misc/etebase-server.nix @@ -97,13 +97,13 @@ in static_root = mkOption { type = types.str; default = "${cfg.dataDir}/static"; - defaultText = "\${config.services.etebase-server.dataDir}/static"; + defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/static"''; description = "The directory for static files."; }; media_root = mkOption { type = types.str; default = "${cfg.dataDir}/media"; - defaultText = "\${config.services.etebase-server.dataDir}/media"; + defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/media"''; description = "The media directory."; }; }; @@ -126,7 +126,7 @@ in name = mkOption { type = types.str; default = "${cfg.dataDir}/db.sqlite3"; - defaultText = "\${config.services.etebase-server.dataDir}/db.sqlite3"; + defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/db.sqlite3"''; description = "The database name."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/felix.nix b/nixpkgs/nixos/modules/services/misc/felix.nix index 8d438bb9eb19..0283de128afe 100644 --- a/nixpkgs/nixos/modules/services/misc/felix.nix +++ b/nixpkgs/nixos/modules/services/misc/felix.nix @@ -22,7 +22,7 @@ in bundles = mkOption { type = types.listOf types.package; default = [ pkgs.felix_remoteshell ]; - defaultText = "[ pkgs.felix_remoteshell ]"; + defaultText = literalExpression "[ pkgs.felix_remoteshell ]"; description = "List of bundles that should be activated on startup"; }; diff --git a/nixpkgs/nixos/modules/services/misc/freeswitch.nix b/nixpkgs/nixos/modules/services/misc/freeswitch.nix index b42f36e86637..472b0b73ff69 100644 --- a/nixpkgs/nixos/modules/services/misc/freeswitch.nix +++ b/nixpkgs/nixos/modules/services/misc/freeswitch.nix @@ -32,8 +32,8 @@ in { configTemplate = mkOption { type = types.path; default = "${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"; - defaultText = literalExample "\${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"; - example = literalExample "\${config.services.freeswitch.package}/share/freeswitch/conf/minimal"; + defaultText = literalExpression ''"''${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"''; + example = literalExpression ''"''${config.services.freeswitch.package}/share/freeswitch/conf/minimal"''; description = '' Configuration template to use. See available templates in <link xlink:href="https://github.com/signalwire/freeswitch/tree/master/conf">FreeSWITCH repository</link>. @@ -43,7 +43,7 @@ in { configDir = mkOption { type = with types; attrsOf path; default = { }; - example = literalExample '' + example = literalExpression '' { "freeswitch.xml" = ./freeswitch.xml; "dialplan/default.xml" = pkgs.writeText "dialplan-default.xml" ''' @@ -61,8 +61,7 @@ in { package = mkOption { type = types.package; default = pkgs.freeswitch; - defaultText = literalExample "pkgs.freeswitch"; - example = literalExample "pkgs.freeswitch"; + defaultText = literalExpression "pkgs.freeswitch"; description = '' FreeSWITCH package. ''; diff --git a/nixpkgs/nixos/modules/services/misc/gitea.nix b/nixpkgs/nixos/modules/services/misc/gitea.nix index 8322b7c09022..c0f7661c5698 100644 --- a/nixpkgs/nixos/modules/services/misc/gitea.nix +++ b/nixpkgs/nixos/modules/services/misc/gitea.nix @@ -32,7 +32,7 @@ in package = mkOption { default = pkgs.gitea; type = types.package; - defaultText = "pkgs.gitea"; + defaultText = literalExpression "pkgs.gitea"; description = "gitea derivation to use"; }; @@ -55,7 +55,7 @@ in description = "Root path for log files."; }; level = mkOption { - default = "Trace"; + default = "Info"; type = types.enum [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ]; description = "General log level."; }; @@ -122,7 +122,7 @@ in socket = mkOption { type = types.nullOr types.path; default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null; - defaultText = "null"; + defaultText = literalExpression "null"; example = "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; @@ -255,8 +255,9 @@ in }; staticRootPath = mkOption { - type = types.str; - default = "${gitea.data}"; + type = types.either types.str types.path; + default = gitea.data; + defaultText = literalExpression "package.data"; example = "/var/lib/gitea/data"; description = "Upper level of template and static files path."; }; @@ -287,7 +288,7 @@ in Gitea configuration. Refer to <link xlink:href="https://docs.gitea.io/en-us/config-cheat-sheet/"/> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { "cron.sync_external_users" = { RUN_AT_START = true; @@ -348,7 +349,7 @@ in server = mkMerge [ { DOMAIN = cfg.domain; - STATIC_ROOT_PATH = cfg.staticRootPath; + STATIC_ROOT_PATH = toString cfg.staticRootPath; LFS_JWT_SECRET = "#lfsjwtsecret#"; ROOT_URL = cfg.rootUrl; } diff --git a/nixpkgs/nixos/modules/services/misc/gitit.nix b/nixpkgs/nixos/modules/services/misc/gitit.nix index f09565283f3c..ceb186c0f049 100644 --- a/nixpkgs/nixos/modules/services/misc/gitit.nix +++ b/nixpkgs/nixos/modules/services/misc/gitit.nix @@ -36,15 +36,15 @@ let haskellPackages = mkOption { default = pkgs.haskellPackages; - defaultText = "pkgs.haskellPackages"; - example = literalExample "pkgs.haskell.packages.ghc784"; + defaultText = literalExpression "pkgs.haskellPackages"; + example = literalExpression "pkgs.haskell.packages.ghc784"; description = "haskellPackages used to build gitit and plugins."; }; extraPackages = mkOption { type = types.functionTo (types.listOf types.package); default = self: []; - example = literalExample '' + example = literalExpression '' haskellPackages: [ haskellPackages.wreq ] @@ -665,9 +665,9 @@ in wantedBy = [ "multi-user.target" ]; path = with pkgs; [ curl ] ++ optional cfg.pdfExport texlive.combined.scheme-basic - ++ optional (cfg.repositoryType == "darcs") darcs - ++ optional (cfg.repositoryType == "mercurial") mercurial - ++ optional (cfg.repositoryType == "git") git; + ++ optional (cfg.repositoryType == "darcs") darcs + ++ optional (cfg.repositoryType == "mercurial") mercurial + ++ optional (cfg.repositoryType == "git") git; preStart = let gm = "gitit@${config.networking.hostName}"; @@ -684,35 +684,35 @@ in fi done cd ${repositoryPath} - ${ - if repositoryType == "darcs" then - '' - if [ ! -d _darcs ] - then - ${pkgs.darcs}/bin/darcs initialize - echo "${gm}" > _darcs/prefs/email - '' - else if repositoryType == "mercurial" then - '' - if [ ! -d .hg ] - then - ${pkgs.mercurial}/bin/hg init - cat >> .hg/hgrc <<NAMED + ${ + if repositoryType == "darcs" then + '' + if [ ! -d _darcs ] + then + ${pkgs.darcs}/bin/darcs initialize + echo "${gm}" > _darcs/prefs/email + '' + else if repositoryType == "mercurial" then + '' + if [ ! -d .hg ] + then + ${pkgs.mercurial}/bin/hg init + cat >> .hg/hgrc <<NAMED [ui] username = gitit ${gm} NAMED - '' - else - '' - if [ ! -d .git ] + '' + else + '' + if [ ! -d .git ] then ${pkgs.git}/bin/git init ${pkgs.git}/bin/git config user.email "${gm}" ${pkgs.git}/bin/git config user.name "gitit" - ''} + ''} chown ${uid}:${gid} -R ${repositoryPath} fi - cd - + cd - ''; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/misc/gitlab.nix b/nixpkgs/nixos/modules/services/misc/gitlab.nix index c1a1491b3cee..b2abe70627d0 100644 --- a/nixpkgs/nixos/modules/services/misc/gitlab.nix +++ b/nixpkgs/nixos/modules/services/misc/gitlab.nix @@ -239,36 +239,36 @@ in { packages.gitlab = mkOption { type = types.package; default = pkgs.gitlab; - defaultText = "pkgs.gitlab"; + defaultText = literalExpression "pkgs.gitlab"; description = "Reference to the gitlab package"; - example = "pkgs.gitlab-ee"; + example = literalExpression "pkgs.gitlab-ee"; }; packages.gitlab-shell = mkOption { type = types.package; default = pkgs.gitlab-shell; - defaultText = "pkgs.gitlab-shell"; + defaultText = literalExpression "pkgs.gitlab-shell"; description = "Reference to the gitlab-shell package"; }; packages.gitlab-workhorse = mkOption { type = types.package; default = pkgs.gitlab-workhorse; - defaultText = "pkgs.gitlab-workhorse"; + defaultText = literalExpression "pkgs.gitlab-workhorse"; description = "Reference to the gitlab-workhorse package"; }; packages.gitaly = mkOption { type = types.package; default = pkgs.gitaly; - defaultText = "pkgs.gitaly"; + defaultText = literalExpression "pkgs.gitaly"; description = "Reference to the gitaly package"; }; packages.pages = mkOption { type = types.package; default = pkgs.gitlab-pages; - defaultText = "pkgs.gitlab-pages"; + defaultText = literalExpression "pkgs.gitlab-pages"; description = "Reference to the gitlab-pages package"; }; @@ -356,7 +356,7 @@ in { backup.uploadOptions = mkOption { type = types.attrs; default = {}; - example = literalExample '' + example = literalExpression '' { # Fog storage connection settings, see http://fog.io/storage/ connection = { @@ -543,12 +543,10 @@ in { }; certFile = mkOption { type = types.path; - default = null; description = "Path to GitLab container registry certificate."; }; keyFile = mkOption { type = types.path; - default = null; description = "Path to GitLab container registry certificate-key."; }; defaultForProjects = mkOption { @@ -858,7 +856,7 @@ in { extraConfig = mkOption { type = types.attrs; default = {}; - example = literalExample '' + example = literalExpression '' { gitlab = { default_projects_features = { diff --git a/nixpkgs/nixos/modules/services/misc/gitolite.nix b/nixpkgs/nixos/modules/services/misc/gitolite.nix index 190ea9212d2a..810ef1f21b9c 100644 --- a/nixpkgs/nixos/modules/services/misc/gitolite.nix +++ b/nixpkgs/nixos/modules/services/misc/gitolite.nix @@ -64,11 +64,13 @@ in extraGitoliteRc = mkOption { type = types.lines; default = ""; - example = literalExample '' - $RC{UMASK} = 0027; - $RC{SITE_INFO} = 'This is our private repository host'; - push( @{$RC{ENABLE}}, 'Kindergarten' ); # enable the command/feature - @{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature + example = literalExpression '' + ''' + $RC{UMASK} = 0027; + $RC{SITE_INFO} = 'This is our private repository host'; + push( @{$RC{ENABLE}}, 'Kindergarten' ); # enable the command/feature + @{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature + ''' ''; description = '' Extra configuration to append to the default <literal>~/.gitolite.rc</literal>. diff --git a/nixpkgs/nixos/modules/services/misc/greenclip.nix b/nixpkgs/nixos/modules/services/misc/greenclip.nix index 9152a782d7f0..32e8d746cb5c 100644 --- a/nixpkgs/nixos/modules/services/misc/greenclip.nix +++ b/nixpkgs/nixos/modules/services/misc/greenclip.nix @@ -12,7 +12,7 @@ in { package = mkOption { type = types.package; default = pkgs.haskellPackages.greenclip; - defaultText = "pkgs.haskellPackages.greenclip"; + defaultText = literalExpression "pkgs.haskellPackages.greenclip"; description = "greenclip derivation to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/home-assistant.nix b/nixpkgs/nixos/modules/services/misc/home-assistant.nix index 800bea4ff571..8279d075bafb 100644 --- a/nixpkgs/nixos/modules/services/misc/home-assistant.nix +++ b/nixpkgs/nixos/modules/services/misc/home-assistant.nix @@ -112,7 +112,7 @@ in { emptyValue.value = {}; }; in valueType; - example = literalExample '' + example = literalExpression '' { homeassistant = { name = "Home"; @@ -152,7 +152,7 @@ in { default = null; type = with types; nullOr attrs; # from https://www.home-assistant.io/lovelace/yaml-mode/ - example = literalExample '' + example = literalExpression '' { title = "My Awesome Home"; views = [ { @@ -188,13 +188,13 @@ in { default = pkgs.home-assistant.overrideAttrs (oldAttrs: { doInstallCheck = false; }); - defaultText = literalExample '' + defaultText = literalExpression '' pkgs.home-assistant.overrideAttrs (oldAttrs: { doInstallCheck = false; }) ''; type = types.package; - example = literalExample '' + example = literalExpression '' pkgs.home-assistant.override { extraPackages = ps: with ps; [ colorlog ]; } diff --git a/nixpkgs/nixos/modules/services/misc/ihaskell.nix b/nixpkgs/nixos/modules/services/misc/ihaskell.nix index c7332b87803a..9978e8a46534 100644 --- a/nixpkgs/nixos/modules/services/misc/ihaskell.nix +++ b/nixpkgs/nixos/modules/services/misc/ihaskell.nix @@ -6,7 +6,7 @@ let cfg = config.services.ihaskell; ihaskell = pkgs.ihaskell.override { - packages = self: cfg.extraPackages self; + packages = cfg.extraPackages; }; in @@ -22,8 +22,9 @@ in extraPackages = mkOption { type = types.functionTo (types.listOf types.package); - default = self: []; - example = literalExample '' + default = haskellPackages: []; + defaultText = literalExpression "haskellPackages: []"; + example = literalExpression '' haskellPackages: [ haskellPackages.wreq haskellPackages.lens diff --git a/nixpkgs/nixos/modules/services/misc/jackett.nix b/nixpkgs/nixos/modules/services/misc/jackett.nix index f2dc6635df93..c2144d4a9a9f 100644 --- a/nixpkgs/nixos/modules/services/misc/jackett.nix +++ b/nixpkgs/nixos/modules/services/misc/jackett.nix @@ -38,7 +38,7 @@ in package = mkOption { type = types.package; default = pkgs.jackett; - defaultText = "pkgs.jackett"; + defaultText = literalExpression "pkgs.jackett"; description = "Jackett package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/jellyfin.nix b/nixpkgs/nixos/modules/services/misc/jellyfin.nix index 6d64acc02910..b9d54f27edc2 100644 --- a/nixpkgs/nixos/modules/services/misc/jellyfin.nix +++ b/nixpkgs/nixos/modules/services/misc/jellyfin.nix @@ -19,7 +19,7 @@ in package = mkOption { type = types.package; default = pkgs.jellyfin; - example = literalExample "pkgs.jellyfin"; + defaultText = literalExpression "pkgs.jellyfin"; description = '' Jellyfin package to use. ''; diff --git a/nixpkgs/nixos/modules/services/misc/klipper.nix b/nixpkgs/nixos/modules/services/misc/klipper.nix index e6b9dd234a9b..7b3780b5cc9f 100644 --- a/nixpkgs/nixos/modules/services/misc/klipper.nix +++ b/nixpkgs/nixos/modules/services/misc/klipper.nix @@ -19,6 +19,7 @@ in package = mkOption { type = types.package; default = pkgs.klipper; + defaultText = literalExpression "pkgs.klipper"; description = "The Klipper package."; }; diff --git a/nixpkgs/nixos/modules/services/misc/lidarr.nix b/nixpkgs/nixos/modules/services/misc/lidarr.nix index 8ff1adadcf23..20153c7e61a6 100644 --- a/nixpkgs/nixos/modules/services/misc/lidarr.nix +++ b/nixpkgs/nixos/modules/services/misc/lidarr.nix @@ -19,7 +19,7 @@ in package = mkOption { type = types.package; default = pkgs.lidarr; - defaultText = "pkgs.lidarr"; + defaultText = literalExpression "pkgs.lidarr"; description = "The Lidarr package to use"; }; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix b/nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix index 71d1227f4ff7..c448614eca32 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix +++ b/nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix @@ -31,7 +31,7 @@ in { botToken = ""; }; }; - example = literalExample '' + example = literalExpression '' { bridge = { domain = "public-domain.tld"; diff --git a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix index e150a1aaaad1..950c72c6e589 100644 --- a/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixpkgs/nixos/modules/services/misc/matrix-synapse.nix @@ -122,10 +122,18 @@ in { options = { services.matrix-synapse = { enable = mkEnableOption "matrix.org synapse"; + configFile = mkOption { + type = types.str; + readOnly = true; + description = '' + Path to the configuration file on the target system. Useful to configure e.g. workers + that also need this. + ''; + }; package = mkOption { type = types.package; default = pkgs.matrix-synapse; - defaultText = "pkgs.matrix-synapse"; + defaultText = literalExpression "pkgs.matrix-synapse"; description = '' Overridable attribute of the matrix synapse server package to use. ''; @@ -133,7 +141,7 @@ in { plugins = mkOption { type = types.listOf types.package; default = [ ]; - example = literalExample '' + example = literalExpression '' with config.services.matrix-synapse.package.plugins; [ matrix-synapse-ldap3 matrix-synapse-pam @@ -706,6 +714,8 @@ in { } ]; + services.matrix-synapse.configFile = "${configFile}"; + users.users.matrix-synapse = { group = "matrix-synapse"; home = cfg.dataDir; diff --git a/nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix b/nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix new file mode 100644 index 000000000000..e046c791ac01 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix @@ -0,0 +1,195 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.mautrix-facebook; + settingsFormat = pkgs.formats.json {}; + settingsFile = settingsFormat.generate "mautrix-facebook-config.json" cfg.settings; + + puppetRegex = concatStringsSep + ".*" + (map + escapeRegex + (splitString + "{userid}" + cfg.settings.bridge.username_template)); +in { + options = { + services.mautrix-facebook = { + enable = mkEnableOption "Mautrix-Facebook, a Matrix-Facebook hybrid puppeting/relaybot bridge"; + + settings = mkOption rec { + apply = recursiveUpdate default; + type = settingsFormat.type; + default = { + homeserver = { + address = "http://localhost:8008"; + }; + + appservice = rec { + address = "http://${hostname}:${toString port}"; + hostname = "localhost"; + port = 29319; + + database = "postgresql://"; + + bot_username = "facebookbot"; + }; + + metrics.enabled = false; + manhole.enabled = false; + + bridge = { + encryption = { + allow = true; + default = true; + }; + username_template = "facebook_{userid}"; + }; + + logging = { + version = 1; + formatters.journal_fmt.format = "%(name)s: %(message)s"; + handlers.journal = { + class = "systemd.journal.JournalHandler"; + formatter = "journal_fmt"; + SYSLOG_IDENTIFIER = "mautrix-facebook"; + }; + root = { + level = "INFO"; + handlers = ["journal"]; + }; + }; + }; + example = literalExpression '' + { + homeserver = { + address = "http://localhost:8008"; + domain = "mydomain.example"; + }; + + bridge.permissions = { + "@admin:mydomain.example" = "admin"; + "mydomain.example" = "user"; + }; + } + ''; + description = '' + <filename>config.yaml</filename> configuration as a Nix attribute set. + Configuration options should match those described in + <link xlink:href="https://github.com/mautrix/facebook/blob/master/mautrix_facebook/example-config.yaml"> + example-config.yaml</link>. + </para> + + <para> + Secret tokens should be specified using <option>environmentFile</option> + instead of this world-readable attribute set. + ''; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + File containing environment variables to be passed to the mautrix-telegram service. + + Any config variable can be overridden by setting <literal>MAUTRIX_FACEBOOK_SOME_KEY</literal> to override the <literal>some.key</literal> variable. + ''; + }; + + configurePostgresql = mkOption { + type = types.bool; + default = true; + description = '' + Enable PostgreSQL and create a user and database for mautrix-facebook. The default <literal>settings</literal> reference this database, if you disable this option you must provide a database URL. + ''; + }; + + registrationData = mkOption { + type = types.attrs; + default = {}; + description = '' + Output data for appservice registration. Simply make any desired changes and serialize to JSON. Note that this data contains secrets so think twice before putting it into the nix store. + + Currently <literal>as_token</literal> and <literal>hs_token</literal> need to be added as they are not known to this module. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users.mautrix-facebook = { + group = "mautrix-facebook"; + isSystemUser = true; + }; + + services.postgresql = mkIf cfg.configurePostgresql { + ensureDatabases = ["mautrix-facebook"]; + ensureUsers = [{ + name = "mautrix-facebook"; + ensurePermissions = { + "DATABASE \"mautrix-facebook\"" = "ALL PRIVILEGES"; + }; + }]; + }; + + systemd.services.mautrix-facebook = rec { + wantedBy = [ "multi-user.target" ]; + wants = [ + "network-online.target" + ] ++ optional config.services.matrix-synapse.enable "matrix-synapse.service" + ++ optional cfg.configurePostgresql "postgresql.service"; + after = wants; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + + User = "mautrix-facebook"; + + ProtectSystem = "strict"; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + PrivateTmp = true; + + EnvironmentFile = cfg.environmentFile; + + ExecStart = '' + ${pkgs.mautrix-facebook}/bin/mautrix-facebook --config=${settingsFile} + ''; + }; + }; + + services.mautrix-facebook = { + registrationData = { + id = "mautrix-facebook"; + + namespaces = { + users = [ + { + exclusive = true; + regex = escapeRegex "@${cfg.settings.appservice.bot_username}:${cfg.settings.homeserver.domain}"; + } + { + exclusive = true; + regex = "@${puppetRegex}:${escapeRegex cfg.settings.homeserver.domain}"; + } + ]; + aliases = []; + }; + + url = cfg.settings.appservice.address; + sender_localpart = "mautrix-facebook-sender"; + + rate_limited = false; + "de.sorunome.msc2409.push_ephemeral" = true; + push_ephemeral = true; + }; + }; + }; + + meta.maintainers = with maintainers; [ kevincox ]; +} diff --git a/nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix b/nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix index 717cf7936ead..59d0b6824090 100644 --- a/nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix +++ b/nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix @@ -60,7 +60,7 @@ in { }; }; }; - example = literalExample '' + example = literalExpression '' { homeserver = { address = "http://localhost:8008"; diff --git a/nixpkgs/nixos/modules/services/misc/mbpfan.nix b/nixpkgs/nixos/modules/services/misc/mbpfan.nix index e22d1ed61f99..d80b6fafc2cf 100644 --- a/nixpkgs/nixos/modules/services/misc/mbpfan.nix +++ b/nixpkgs/nixos/modules/services/misc/mbpfan.nix @@ -13,7 +13,7 @@ in { package = mkOption { type = types.package; default = pkgs.mbpfan; - defaultText = "pkgs.mbpfan"; + defaultText = literalExpression "pkgs.mbpfan"; description = '' The package used for the mbpfan daemon. ''; diff --git a/nixpkgs/nixos/modules/services/misc/mediatomb.nix b/nixpkgs/nixos/modules/services/misc/mediatomb.nix index a19b73889ce4..383090575b22 100644 --- a/nixpkgs/nixos/modules/services/misc/mediatomb.nix +++ b/nixpkgs/nixos/modules/services/misc/mediatomb.nix @@ -216,10 +216,11 @@ in { package = mkOption { type = types.package; - example = literalExample "pkgs.mediatomb"; + example = literalExpression "pkgs.mediatomb"; default = pkgs.gerbera; + defaultText = literalExpression "pkgs.gerbera"; description = '' - Underlying package to be used with the module (default: pkgs.gerbera). + Underlying package to be used with the module. ''; }; @@ -325,7 +326,7 @@ in { mediaDirectories = mkOption { type = with types; listOf (submodule mediaDirectory); - default = {}; + default = []; description = '' Declare media directories to index. ''; diff --git a/nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix b/nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix index 11116f7c3489..c34803f97223 100644 --- a/nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix +++ b/nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix @@ -45,7 +45,7 @@ in { lineDateFormat = "MMM-D HH:mm:ss.SSS"; }; }; - example = literalExample '' + example = literalExpression '' { bridge = { bindAddress = "localhost"; diff --git a/nixpkgs/nixos/modules/services/misc/n8n.nix b/nixpkgs/nixos/modules/services/misc/n8n.nix index 516d0f70ef0b..27616e5f8226 100644 --- a/nixpkgs/nixos/modules/services/misc/n8n.nix +++ b/nixpkgs/nixos/modules/services/misc/n8n.nix @@ -66,7 +66,7 @@ in RestrictNamespaces = "yes"; RestrictRealtime = "yes"; RestrictSUIDSGID = "yes"; - MemoryDenyWriteExecute = "yes"; + MemoryDenyWriteExecute = "no"; # v8 JIT requires memory segments to be Writable-Executable. LockPersonality = "yes"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/nitter.nix b/nixpkgs/nixos/modules/services/misc/nitter.nix index 301af76c336a..0c562343d85d 100644 --- a/nixpkgs/nixos/modules/services/misc/nitter.nix +++ b/nixpkgs/nixos/modules/services/misc/nitter.nix @@ -79,7 +79,7 @@ in staticDir = mkOption { type = types.path; default = "${pkgs.nitter}/share/nitter/public"; - defaultText = "\${pkgs.nitter}/share/nitter/public"; + defaultText = literalExpression ''"''${pkgs.nitter}/share/nitter/public"''; description = "Path to the static files directory."; }; diff --git a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix index 70b27b7d3d09..d04937004777 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix @@ -82,10 +82,19 @@ in nix = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable Nix. + Disabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself. + ''; + }; + package = mkOption { type = types.package; default = pkgs.nix; - defaultText = "pkgs.nix"; + defaultText = literalExpression "pkgs.nix"; description = '' This option specifies the Nix package instance to use throughout the system. ''; @@ -180,7 +189,19 @@ in default = 0; description = '' Nix daemon process priority. This priority propagates to build processes. - 0 is the default Unix process priority, 19 is the lowest. + 0 is the default Unix process priority, 19 is the lowest. Note that nix + bypasses nix-daemon when running as root and this option does not have + any effect in such a case. + + Please note that if used on a recent Linux kernel with group scheduling, + setting the nice level will only have an effect relative to other threads + in the same task group. Therefore this option is only useful if + autogrouping has been disabled (see the kernel.sched_autogroup_enabled + sysctl) and no systemd unit uses any of the per-service CPU accounting + features of systemd. Otherwise the Nix daemon process may be placed in a + separate task group and the nice level setting will have no effect. + Refer to the man pages sched(7) and systemd.resource-control(5) for + details. ''; }; @@ -460,7 +481,7 @@ in flake = mkOption { type = types.nullOr types.attrs; default = null; - example = literalExample "nixpkgs"; + example = literalExpression "nixpkgs"; description = '' The flake input to which <option>from></option> is to be rewritten. ''; @@ -499,7 +520,7 @@ in ###### implementation - config = { + config = mkIf cfg.enable { nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; nix.binaryCaches = [ "https://cache.nixos.org/" ]; @@ -534,6 +555,22 @@ in + "\n" ) cfg.buildMachines; }; + assertions = + let badMachine = m: m.system == null && m.systems == []; + in [ + { + assertion = !(builtins.any badMachine cfg.buildMachines); + message = '' + At least one system type (via <varname>system</varname> or + <varname>systems</varname>) must be set for every build machine. + Invalid machine specifications: + '' + " " + + (builtins.concatStringsSep "\n " + (builtins.map (m: m.hostName) + (builtins.filter (badMachine) cfg.buildMachines))); + } + ]; + systemd.packages = [ nix ]; diff --git a/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix b/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix index c396b4b8f6e9..500c40f117dd 100644 --- a/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix +++ b/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix @@ -25,7 +25,7 @@ in { package = mkOption { type = types.package; default = pkgs.nzbhydra2; - defaultText = "pkgs.nzbhydra2"; + defaultText = literalExpression "pkgs.nzbhydra2"; description = "NZBHydra2 package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/octoprint.nix b/nixpkgs/nixos/modules/services/misc/octoprint.nix index 7129ac69527f..cd846d3f268d 100644 --- a/nixpkgs/nixos/modules/services/misc/octoprint.nix +++ b/nixpkgs/nixos/modules/services/misc/octoprint.nix @@ -68,8 +68,8 @@ in plugins = mkOption { type = types.functionTo (types.listOf types.package); default = plugins: []; - defaultText = "plugins: []"; - example = literalExample "plugins: with plugins; [ themeify stlviewer ]"; + defaultText = literalExpression "plugins: []"; + example = literalExpression "plugins: with plugins; [ themeify stlviewer ]"; description = "Additional plugins to be used. Available plugins are passed through the plugins input."; }; diff --git a/nixpkgs/nixos/modules/services/misc/paperless-ng.nix b/nixpkgs/nixos/modules/services/misc/paperless-ng.nix index 4b7087e17f96..db8082f072c3 100644 --- a/nixpkgs/nixos/modules/services/misc/paperless-ng.nix +++ b/nixpkgs/nixos/modules/services/misc/paperless-ng.nix @@ -107,14 +107,14 @@ in mediaDir = mkOption { type = types.str; default = "${cfg.dataDir}/media"; - defaultText = "\${dataDir}/consume"; + defaultText = literalExpression ''"''${dataDir}/media"''; description = "Directory to store the Paperless documents."; }; consumptionDir = mkOption { type = types.str; default = "${cfg.dataDir}/consume"; - defaultText = "\${dataDir}/consume"; + defaultText = literalExpression ''"''${dataDir}/consume"''; description = "Directory from which new documents are imported."; }; @@ -167,7 +167,7 @@ in See <link xlink:href="https://paperless-ng.readthedocs.io/en/latest/configuration.html">the documentation</link> for available options. ''; - example = literalExample '' + example = literalExpression '' { PAPERLESS_OCR_LANGUAGE = "deu+eng"; } @@ -183,7 +183,7 @@ in package = mkOption { type = types.package; default = pkgs.paperless-ng; - defaultText = "pkgs.paperless-ng"; + defaultText = literalExpression "pkgs.paperless-ng"; description = "The Paperless package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/plex.nix b/nixpkgs/nixos/modules/services/misc/plex.nix index 7efadf1b9bb1..5f99ee866a50 100644 --- a/nixpkgs/nixos/modules/services/misc/plex.nix +++ b/nixpkgs/nixos/modules/services/misc/plex.nix @@ -68,7 +68,7 @@ in package = mkOption { type = types.package; default = pkgs.plex; - defaultText = "pkgs.plex"; + defaultText = literalExpression "pkgs.plex"; description = '' The Plex package to use. Plex subscribers may wish to use their own package here, pointing to subscriber-only server versions. diff --git a/nixpkgs/nixos/modules/services/misc/prowlarr.nix b/nixpkgs/nixos/modules/services/misc/prowlarr.nix new file mode 100644 index 000000000000..ef820b4022d5 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/prowlarr.nix @@ -0,0 +1,41 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.prowlarr; + +in +{ + options = { + services.prowlarr = { + enable = mkEnableOption "Prowlarr"; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the Prowlarr web interface."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.prowlarr = { + description = "Prowlarr"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + DynamicUser = true; + StateDirectory = "prowlarr"; + ExecStart = "${pkgs.prowlarr}/bin/Prowlarr -nobrowser -data=/var/lib/prowlarr"; + Restart = "on-failure"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ 9696 ]; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/misc/redmine.nix b/nixpkgs/nixos/modules/services/misc/redmine.nix index 66c8e558fb04..696b8d1a25d9 100644 --- a/nixpkgs/nixos/modules/services/misc/redmine.nix +++ b/nixpkgs/nixos/modules/services/misc/redmine.nix @@ -2,7 +2,7 @@ let inherit (lib) mkBefore mkDefault mkEnableOption mkIf mkOption mkRemovedOptionModule types; - inherit (lib) concatStringsSep literalExample mapAttrsToList; + inherit (lib) concatStringsSep literalExpression mapAttrsToList; inherit (lib) optional optionalAttrs optionalString; cfg = config.services.redmine; @@ -54,8 +54,9 @@ in package = mkOption { type = types.package; default = pkgs.redmine; + defaultText = literalExpression "pkgs.redmine"; description = "Which Redmine package to use."; - example = "pkgs.redmine.override { ruby = pkgs.ruby_2_7; }"; + example = literalExpression "pkgs.redmine.override { ruby = pkgs.ruby_2_7; }"; }; user = mkOption { @@ -90,7 +91,7 @@ in <link xlink:href="https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration"/> for details. ''; - example = literalExample '' + example = literalExpression '' { email_delivery = { delivery_method = "smtp"; @@ -112,7 +113,7 @@ in See <link xlink:href="https://svn.redmine.org/redmine/trunk/config/additional_environment.rb.example"/> for details. ''; - example = literalExample '' + example = '' config.logger.level = Logger::DEBUG ''; }; @@ -121,7 +122,7 @@ in type = types.attrsOf types.path; default = {}; description = "Set of themes."; - example = literalExample '' + example = literalExpression '' { dkuk-redmine_alex_skin = builtins.fetchurl { url = "https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip"; @@ -135,7 +136,7 @@ in type = types.attrsOf types.path; default = {}; description = "Set of plugins."; - example = literalExample '' + example = literalExpression '' { redmine_env_auth = builtins.fetchurl { url = "https://github.com/Intera/redmine_env_auth/archive/0.6.zip"; @@ -162,7 +163,7 @@ in port = mkOption { type = types.int; default = if cfg.database.type == "postgresql" then 5432 else 3306; - defaultText = "3306"; + defaultText = literalExpression "3306"; description = "Database host port."; }; @@ -194,7 +195,7 @@ in if mysqlLocal then "/run/mysqld/mysqld.sock" else if pgsqlLocal then "/run/postgresql" else null; - defaultText = "/run/mysqld/mysqld.sock"; + defaultText = literalExpression "/run/mysqld/mysqld.sock"; example = "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; diff --git a/nixpkgs/nixos/modules/services/misc/rippled.nix b/nixpkgs/nixos/modules/services/misc/rippled.nix index 8cdfe0875d89..9c66df2fce1c 100644 --- a/nixpkgs/nixos/modules/services/misc/rippled.nix +++ b/nixpkgs/nixos/modules/services/misc/rippled.nix @@ -210,7 +210,7 @@ in description = "Which rippled package to use."; type = types.package; default = pkgs.rippled; - defaultText = "pkgs.rippled"; + defaultText = literalExpression "pkgs.rippled"; }; ports = mkOption { diff --git a/nixpkgs/nixos/modules/services/misc/sickbeard.nix b/nixpkgs/nixos/modules/services/misc/sickbeard.nix index a32dbfa3108f..8e871309c98e 100644 --- a/nixpkgs/nixos/modules/services/misc/sickbeard.nix +++ b/nixpkgs/nixos/modules/services/misc/sickbeard.nix @@ -24,7 +24,8 @@ in package = mkOption { type = types.package; default = pkgs.sickbeard; - example = literalExample "pkgs.sickrage"; + defaultText = literalExpression "pkgs.sickbeard"; + example = literalExpression "pkgs.sickrage"; description ='' Enable <literal>pkgs.sickrage</literal> or <literal>pkgs.sickgear</literal> as an alternative to SickBeard @@ -85,7 +86,7 @@ in serviceConfig = { User = cfg.user; Group = cfg.group; - ExecStart = "${sickbeard}/SickBeard.py --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port}"; + ExecStart = "${sickbeard}/bin/${sickbeard.pname} --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port}"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/snapper.nix b/nixpkgs/nixos/modules/services/misc/snapper.nix index a821b9b6bf65..3c3f6c4d641b 100644 --- a/nixpkgs/nixos/modules/services/misc/snapper.nix +++ b/nixpkgs/nixos/modules/services/misc/snapper.nix @@ -9,6 +9,14 @@ in { options.services.snapper = { + snapshotRootOnBoot = mkOption { + type = types.bool; + default = false; + description = '' + Whether to snapshot root on boot + ''; + }; + snapshotInterval = mkOption { type = types.str; default = "hourly"; @@ -43,16 +51,18 @@ in configs = mkOption { default = { }; - example = literalExample { - home = { - subvolume = "/home"; - extraConfig = '' - ALLOW_USERS="alice" - TIMELINE_CREATE=yes - TIMELINE_CLEANUP=yes - ''; - }; - }; + example = literalExpression '' + { + home = { + subvolume = "/home"; + extraConfig = ''' + ALLOW_USERS="alice" + TIMELINE_CREATE=yes + TIMELINE_CLEANUP=yes + '''; + }; + } + ''; description = '' Subvolume configuration @@ -130,20 +140,22 @@ in Type = "dbus"; BusName = "org.opensuse.Snapper"; ExecStart = "${pkgs.snapper}/bin/snapperd"; + CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE"; + LockPersonality = true; + NoNewPrivileges = false; + PrivateNetwork = true; + ProtectHostname = true; + RestrictAddressFamilies = "AF_UNIX"; + RestrictRealtime = true; }; }; systemd.services.snapper-timeline = { description = "Timeline of Snapper Snapshots"; inherit documentation; + requires = [ "local-fs.target" ]; serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --timeline"; - }; - - systemd.timers.snapper-timeline = { - description = "Timeline of Snapper Snapshots"; - inherit documentation; - wantedBy = [ "basic.target" ]; - timerConfig.OnCalendar = cfg.snapshotInterval; + startAt = cfg.snapshotInterval; }; systemd.services.snapper-cleanup = { @@ -155,10 +167,21 @@ in systemd.timers.snapper-cleanup = { description = "Cleanup of Snapper Snapshots"; inherit documentation; - wantedBy = [ "basic.target" ]; + wantedBy = [ "timers.target" ]; + requires = [ "local-fs.target" ]; timerConfig.OnBootSec = "10m"; timerConfig.OnUnitActiveSec = cfg.cleanupInterval; }; + + systemd.services.snapper-boot = lib.optionalAttrs cfg.snapshotRootOnBoot { + description = "Take snapper snapshot of root on boot"; + inherit documentation; + serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot"; + serviceConfig.type = "oneshot"; + requires = [ "local-fs.target" ]; + wantedBy = [ "multi-user.target" ]; + unitConfig.ConditionPathExists = "/etc/snapper/configs/root"; + }; + }); } - diff --git a/nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix b/nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix index e446f08284f7..f806e8c51b99 100644 --- a/nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix +++ b/nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix @@ -54,7 +54,7 @@ in images = mkOption { type = types.attrsOf (types.attrsOf (types.attrsOf types.package)); default = { }; - example = lib.literalExample ''(let + example = lib.literalExpression ''(let # Pinning unstable to allow usage with flakes and limit rebuilds. pkgs_unstable = builtins.fetchGit { url = "https://github.com/NixOS/nixpkgs"; diff --git a/nixpkgs/nixos/modules/services/misc/sourcehut/git.nix b/nixpkgs/nixos/modules/services/misc/sourcehut/git.nix index 99b9aec06123..2653d77876dc 100644 --- a/nixpkgs/nixos/modules/services/misc/sourcehut/git.nix +++ b/nixpkgs/nixos/modules/services/misc/sourcehut/git.nix @@ -49,7 +49,8 @@ in package = mkOption { type = types.package; default = pkgs.git; - example = literalExample "pkgs.gitFull"; + defaultText = literalExpression "pkgs.git"; + example = literalExpression "pkgs.gitFull"; description = '' Git package for git.sr.ht. This can help silence collisions. ''; diff --git a/nixpkgs/nixos/modules/services/misc/ssm-agent.nix b/nixpkgs/nixos/modules/services/misc/ssm-agent.nix index c29d03d199bf..4ae596ade174 100644 --- a/nixpkgs/nixos/modules/services/misc/ssm-agent.nix +++ b/nixpkgs/nixos/modules/services/misc/ssm-agent.nix @@ -23,7 +23,7 @@ in { type = types.path; description = "The SSM agent package to use"; default = pkgs.ssm-agent.override { overrideEtc = false; }; - defaultText = "pkgs.ssm-agent.override { overrideEtc = false; }"; + defaultText = literalExpression "pkgs.ssm-agent.override { overrideEtc = false; }"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/subsonic.nix b/nixpkgs/nixos/modules/services/misc/subsonic.nix index e17a98a5e1de..98b85918ad18 100644 --- a/nixpkgs/nixos/modules/services/misc/subsonic.nix +++ b/nixpkgs/nixos/modules/services/misc/subsonic.nix @@ -93,6 +93,7 @@ let cfg = config.services.subsonic; in { transcoders = mkOption { type = types.listOf types.path; default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; + defaultText = literalExpression ''[ "''${pkgs.ffmpeg.bin}/bin/ffmpeg" ]''; description = '' List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside @@ -108,7 +109,7 @@ let cfg = config.services.subsonic; in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; script = '' - ${pkgs.jre}/bin/java -Xmx${toString cfg.maxMemory}m \ + ${pkgs.jre8}/bin/java -Xmx${toString cfg.maxMemory}m \ -Dsubsonic.home=${cfg.home} \ -Dsubsonic.host=${cfg.listenAddress} \ -Dsubsonic.port=${toString cfg.port} \ diff --git a/nixpkgs/nixos/modules/services/misc/tautulli.nix b/nixpkgs/nixos/modules/services/misc/tautulli.nix index aded33629f1c..9a972b291225 100644 --- a/nixpkgs/nixos/modules/services/misc/tautulli.nix +++ b/nixpkgs/nixos/modules/services/misc/tautulli.nix @@ -47,7 +47,7 @@ in package = mkOption { type = types.package; default = pkgs.tautulli; - defaultText = "pkgs.tautulli"; + defaultText = literalExpression "pkgs.tautulli"; description = '' The Tautulli package to use. ''; diff --git a/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix b/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix new file mode 100644 index 000000000000..59018f7f81ff --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let cfg = config.services.tp-auto-kbbl; + +in { + meta.maintainers = with maintainers; [ sebtm ]; + + options = { + services.tp-auto-kbbl = { + enable = mkEnableOption "Auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux"; + + package = mkOption { + type = types.package; + default = pkgs.tp-auto-kbbl; + defaultText = literalExpression "pkgs.tp-auto-kbbl"; + description = "Package providing <command>tp-auto-kbbl</command>."; + }; + + arguments = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + List of arguments appended to <literal>./tp-auto-kbbl --device [device] [arguments]</literal> + ''; + }; + + device = mkOption { + type = types.str; + default = "/dev/input/event0"; + description = "Device watched for activities."; + }; + + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + systemd.services.tp-auto-kbbl = { + serviceConfig = { + ExecStart = concatStringsSep " " + ([ "${cfg.package}/bin/tp-auto-kbbl" "--device ${cfg.device}" ] ++ cfg.arguments); + Restart = "always"; + Type = "simple"; + }; + + unitConfig = { + Description = "Auto toggle keyboard backlight"; + Documentation = "https://github.com/saibotd/tp-auto-kbbl"; + After = [ "dbus.service" ]; + }; + + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/misc/uhub.nix b/nixpkgs/nixos/modules/services/misc/uhub.nix index da2613e6db17..0d0a8c2a4cb8 100644 --- a/nixpkgs/nixos/modules/services/misc/uhub.nix +++ b/nixpkgs/nixos/modules/services/misc/uhub.nix @@ -50,7 +50,7 @@ in { options = { plugin = mkOption { type = path; - example = literalExample + example = literalExpression "$${pkgs.uhub}/plugins/mod_auth_sqlite.so"; description = "Path to plugin file."; }; diff --git a/nixpkgs/nixos/modules/services/misc/weechat.nix b/nixpkgs/nixos/modules/services/misc/weechat.nix index 9ac2b0ea490c..7a4c4dca2ac9 100644 --- a/nixpkgs/nixos/modules/services/misc/weechat.nix +++ b/nixpkgs/nixos/modules/services/misc/weechat.nix @@ -21,11 +21,10 @@ in }; binary = mkOption { type = types.path; - description = "Binary to execute (by default \${weechat}/bin/weechat)."; - example = literalExample '' - ''${pkgs.weechat}/bin/weechat-headless - ''; + description = "Binary to execute."; default = "${pkgs.weechat}/bin/weechat"; + defaultText = literalExpression ''"''${pkgs.weechat}/bin/weechat"''; + example = literalExpression ''"''${pkgs.weechat}/bin/weechat-headless"''; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/xmr-stak.nix b/nixpkgs/nixos/modules/services/misc/xmr-stak.nix index a87878c31e0d..9256e9ae01cb 100644 --- a/nixpkgs/nixos/modules/services/misc/xmr-stak.nix +++ b/nixpkgs/nixos/modules/services/misc/xmr-stak.nix @@ -29,7 +29,7 @@ in configFiles = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { "config.txt" = ''' "verbose_level" : 4, diff --git a/nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix b/nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix index 4458da1346b7..b378d9f362fe 100644 --- a/nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix +++ b/nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix @@ -25,7 +25,7 @@ in default = pkgs.zigbee2mqtt.override { dataDir = cfg.dataDir; }; - defaultText = literalExample '' + defaultText = literalExpression '' pkgs.zigbee2mqtt { dataDir = services.zigbee2mqtt.dataDir } @@ -42,7 +42,7 @@ in settings = mkOption { type = format.type; default = {}; - example = literalExample '' + example = literalExpression '' { homeassistant = config.services.home-assistant.enable; permit_join = true; diff --git a/nixpkgs/nixos/modules/services/misc/zoneminder.nix b/nixpkgs/nixos/modules/services/misc/zoneminder.nix index d9d34b7fac9b..378da7b87442 100644 --- a/nixpkgs/nixos/modules/services/misc/zoneminder.nix +++ b/nixpkgs/nixos/modules/services/misc/zoneminder.nix @@ -366,5 +366,5 @@ in { }; }; - meta.maintainers = with lib.maintainers; [ peterhoeg ]; + meta.maintainers = with lib.maintainers; [ ]; } diff --git a/nixpkgs/nixos/modules/services/misc/zookeeper.nix b/nixpkgs/nixos/modules/services/misc/zookeeper.nix index 0e5880983e44..3809a93a61e1 100644 --- a/nixpkgs/nixos/modules/services/misc/zookeeper.nix +++ b/nixpkgs/nixos/modules/services/misc/zookeeper.nix @@ -110,7 +110,7 @@ in { package = mkOption { description = "The zookeeper package to use"; default = pkgs.zookeeper; - defaultText = "pkgs.zookeeper"; + defaultText = literalExpression "pkgs.zookeeper"; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/alerta.nix b/nixpkgs/nixos/modules/services/monitoring/alerta.nix index 7c6eff713cb1..a73d94001f71 100644 --- a/nixpkgs/nixos/modules/services/monitoring/alerta.nix +++ b/nixpkgs/nixos/modules/services/monitoring/alerta.nix @@ -32,7 +32,6 @@ in bind = mkOption { type = types.str; default = "0.0.0.0"; - example = literalExample "0.0.0.0"; description = "Address to bind to. The default is to bind to all addresses"; }; @@ -46,20 +45,17 @@ in type = types.str; description = "URL of the MongoDB or PostgreSQL database to connect to"; default = "mongodb://localhost"; - example = "mongodb://localhost"; }; databaseName = mkOption { type = types.str; description = "Name of the database instance to connect to"; default = "monitoring"; - example = "monitoring"; }; corsOrigins = mkOption { type = types.listOf types.str; description = "List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)"; - example = [ "http://localhost" "http://localhost:5000" ]; default = [ "http://localhost" "http://localhost:5000" ]; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/arbtt.nix b/nixpkgs/nixos/modules/services/monitoring/arbtt.nix index b41a3c7b5016..94eead220aed 100644 --- a/nixpkgs/nixos/modules/services/monitoring/arbtt.nix +++ b/nixpkgs/nixos/modules/services/monitoring/arbtt.nix @@ -18,8 +18,7 @@ in { package = mkOption { type = types.package; default = pkgs.haskellPackages.arbtt; - defaultText = "pkgs.haskellPackages.arbtt"; - example = literalExample "pkgs.haskellPackages.arbtt"; + defaultText = literalExpression "pkgs.haskellPackages.arbtt"; description = '' The package to use for the arbtt binaries. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/bosun.nix b/nixpkgs/nixos/modules/services/monitoring/bosun.nix index 04e9da1c81a3..4b278b9c200b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/bosun.nix +++ b/nixpkgs/nixos/modules/services/monitoring/bosun.nix @@ -33,8 +33,7 @@ in { package = mkOption { type = types.package; default = pkgs.bosun; - defaultText = "pkgs.bosun"; - example = literalExample "pkgs.bosun"; + defaultText = literalExpression "pkgs.bosun"; description = '' bosun binary to use. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/collectd.nix b/nixpkgs/nixos/modules/services/monitoring/collectd.nix index ef3663c62e04..ad0cf4735ad4 100644 --- a/nixpkgs/nixos/modules/services/monitoring/collectd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/collectd.nix @@ -45,7 +45,7 @@ in { package = mkOption { default = pkgs.collectd; - defaultText = "pkgs.collectd"; + defaultText = literalExpression "pkgs.collectd"; description = '' Which collectd package to use. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix b/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix index ea9eca180902..6d9d1ef973a4 100644 --- a/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix @@ -59,7 +59,7 @@ in { package = mkOption { default = pkgs.datadog-agent; - defaultText = "pkgs.datadog-agent"; + defaultText = literalExpression "pkgs.datadog-agent"; description = '' Which DataDog v7 agent package to use. Note that the provided package is expected to have an overridable `pythonPackages`-attribute @@ -135,9 +135,11 @@ in { package set must be provided. ''; - example = { - ntp = (pythonPackages: [ pythonPackages.ntplib ]); - }; + example = literalExpression '' + { + ntp = pythonPackages: [ pythonPackages.ntplib ]; + } + ''; }; extraConfig = mkOption { diff --git a/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix b/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix index 893c15d568bd..e40d78f538fa 100644 --- a/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix +++ b/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix @@ -41,8 +41,9 @@ in { templateDir = mkOption { description = "Optional template directory to use custom tex templates"; - default = "${pkgs.grafana_reporter}"; - type = types.str; + default = pkgs.grafana_reporter; + defaultText = literalExpression "pkgs.grafana_reporter"; + type = types.either types.str types.path; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/grafana.nix b/nixpkgs/nixos/modules/services/monitoring/grafana.nix index d46e38e82af1..9b21dc78b19d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/grafana.nix +++ b/nixpkgs/nixos/modules/services/monitoring/grafana.nix @@ -330,13 +330,14 @@ in { staticRootPath = mkOption { description = "Root path for static assets."; default = "${cfg.package}/share/grafana/public"; + defaultText = literalExpression ''"''${package}/share/grafana/public"''; type = types.str; }; package = mkOption { description = "Package to use."; default = pkgs.grafana; - defaultText = "pkgs.grafana"; + defaultText = literalExpression "pkgs.grafana"; type = types.package; }; @@ -344,7 +345,7 @@ in { type = with types; nullOr (listOf path); default = null; description = "If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed."; - example = literalExample "with pkgs.grafanaPlugins; [ grafana-piechart-panel ]"; + example = literalExpression "with pkgs.grafanaPlugins; [ grafana-piechart-panel ]"; # Make sure each plugin is added only once; otherwise building # the link farm fails, since the same path is added multiple # times. diff --git a/nixpkgs/nixos/modules/services/monitoring/graphite.nix b/nixpkgs/nixos/modules/services/monitoring/graphite.nix index 502afce5233b..4690a252c925 100644 --- a/nixpkgs/nixos/modules/services/monitoring/graphite.nix +++ b/nixpkgs/nixos/modules/services/monitoring/graphite.nix @@ -132,7 +132,7 @@ in { finders = mkOption { description = "List of finder plugins to load."; default = []; - example = literalExample "[ pkgs.python3Packages.influxgraph ]"; + example = literalExpression "[ pkgs.python3Packages.influxgraph ]"; type = types.listOf types.package; }; @@ -160,7 +160,7 @@ in { package = mkOption { description = "Package to use for graphite api."; default = pkgs.python3Packages.graphite_api; - defaultText = "pkgs.python3Packages.graphite_api"; + defaultText = literalExpression "pkgs.python3Packages.graphite_api"; type = types.package; }; @@ -335,7 +335,7 @@ in { <link xlink:href='https://github.com/scobal/seyren#config' /> ''; type = types.attrsOf types.str; - example = literalExample '' + example = literalExpression '' { GRAPHITE_USERNAME = "user"; GRAPHITE_PASSWORD = "pass"; diff --git a/nixpkgs/nixos/modules/services/monitoring/heapster.nix b/nixpkgs/nixos/modules/services/monitoring/heapster.nix index 1bf7203d6823..44f53e1890ac 100644 --- a/nixpkgs/nixos/modules/services/monitoring/heapster.nix +++ b/nixpkgs/nixos/modules/services/monitoring/heapster.nix @@ -33,7 +33,7 @@ in { package = mkOption { description = "Package to use by heapster"; default = pkgs.heapster; - defaultText = "pkgs.heapster"; + defaultText = literalExpression "pkgs.heapster"; type = types.package; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/incron.nix b/nixpkgs/nixos/modules/services/monitoring/incron.nix index 255e1d9e30ba..2681c35d6a01 100644 --- a/nixpkgs/nixos/modules/services/monitoring/incron.nix +++ b/nixpkgs/nixos/modules/services/monitoring/incron.nix @@ -56,7 +56,7 @@ in extraPackages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.rsync ]"; + example = literalExpression "[ pkgs.rsync ]"; description = "Extra packages available to the system incrontab."; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix b/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix index 9b4ff3c56124..a79c647becfc 100644 --- a/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix +++ b/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix @@ -61,7 +61,6 @@ in dataDir = mkOption { type = types.path; - example = "/var/lib/kapacitor"; default = "/var/lib/kapacitor"; description = "Location where Kapacitor stores its state"; }; @@ -75,7 +74,7 @@ in bind = mkOption { type = types.str; default = ""; - example = literalExample "0.0.0.0"; + example = "0.0.0.0"; description = "Address to bind to. The default is to bind to all addresses"; }; @@ -101,7 +100,6 @@ in type = types.str; description = "Specifies how often to snapshot the task state (in InfluxDB time units)"; default = "1m0s"; - example = "1m0s"; }; loadDirectory = mkOption { @@ -136,7 +134,6 @@ in url = mkOption { description = "The URL to the Alerta REST API"; default = "http://localhost:5000"; - example = "http://localhost:5000"; type = types.str; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/loki.nix b/nixpkgs/nixos/modules/services/monitoring/loki.nix index 51cabaa274a3..ebac70c30c22 100644 --- a/nixpkgs/nixos/modules/services/monitoring/loki.nix +++ b/nixpkgs/nixos/modules/services/monitoring/loki.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) escapeShellArgs literalExample mkEnableOption mkIf mkOption types; + inherit (lib) escapeShellArgs mkEnableOption mkIf mkOption types; cfg = config.services.loki; @@ -57,7 +57,7 @@ in { extraFlags = mkOption { type = types.listOf types.str; default = []; - example = literalExample [ "--server.http-listen-port=3101" ]; + example = [ "--server.http-listen-port=3101" ]; description = '' Specify a list of additional command line flags, which get escaped and are then passed to Loki. diff --git a/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix b/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix index 7046de9d403c..aeb6247abd8b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix @@ -19,7 +19,6 @@ in { apiKeyFile = mkOption { type = types.path; - default = ""; example = "/run/keys/mackerel-api-key"; description = '' Path to file containing the Mackerel API key. The file should contain a diff --git a/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix b/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix index b285559eaa9b..e75039daa107 100644 --- a/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix +++ b/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix @@ -3,7 +3,7 @@ let inherit (lib) attrValues - literalExample + literalExpression mkEnableOption mkIf mkOption @@ -24,8 +24,8 @@ in package = mkOption { type = types.package; default = pkgs.metricbeat; - defaultText = literalExample "pkgs.metricbeat"; - example = literalExample "pkgs.metricbeat7"; + defaultText = literalExpression "pkgs.metricbeat"; + example = literalExpression "pkgs.metricbeat7"; description = '' The metricbeat package to use ''; @@ -51,7 +51,6 @@ in module = mkOption { type = types.str; default = name; - defaultText = literalExample ''<name>''; description = '' The name of the module. diff --git a/nixpkgs/nixos/modules/services/monitoring/munin.nix b/nixpkgs/nixos/modules/services/monitoring/munin.nix index 1ebf7ee6a761..4fddb1e37e2e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/munin.nix +++ b/nixpkgs/nixos/modules/services/monitoring/munin.nix @@ -189,7 +189,7 @@ in <literal>/bin</literal>, <literal>/usr/bin</literal>, <literal>/sbin</literal>, and <literal>/usr/sbin</literal>. ''; - example = literalExample '' + example = literalExpression '' { zfs_usage_bigpool = /src/munin-contrib/plugins/zfs/zfs_usage_; zfs_usage_smallpool = /src/munin-contrib/plugins/zfs/zfs_usage_; @@ -220,7 +220,7 @@ in <literal>/bin</literal>, <literal>/usr/bin</literal>, <literal>/sbin</literal>, and <literal>/usr/sbin</literal>. ''; - example = literalExample '' + example = literalExpression '' [ /src/munin-contrib/plugins/zfs /src/munin-contrib/plugins/ssh @@ -285,9 +285,11 @@ in host for cron to succeed. See <link xlink:href='http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html' /> ''; - example = '' - [''${config.networking.hostName}] - address localhost + example = literalExpression '' + ''' + [''${config.networking.hostName}] + address localhost + ''' ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/nagios.nix b/nixpkgs/nixos/modules/services/monitoring/nagios.nix index 280a9a001b5b..83020d52fc82 100644 --- a/nixpkgs/nixos/modules/services/monitoring/nagios.nix +++ b/nixpkgs/nixos/modules/services/monitoring/nagios.nix @@ -97,13 +97,13 @@ in network that you want Nagios to monitor. "; type = types.listOf types.path; - example = literalExample "[ ./objects.cfg ]"; + example = literalExpression "[ ./objects.cfg ]"; }; plugins = mkOption { type = types.listOf types.package; default = with pkgs; [ monitoring-plugins ssmtp mailutils ]; - defaultText = "[pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]"; + defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]"; description = " Packages to be added to the Nagios <envar>PATH</envar>. Typically used to add plugins, but can be anything. @@ -137,7 +137,7 @@ in cgiConfigFile = mkOption { type = types.package; default = nagiosCGICfgFile; - defaultText = "nagiosCGICfgFile"; + defaultText = literalExpression "nagiosCGICfgFile"; description = " Derivation for the configuration file of Nagios CGI scripts that can be used in web servers for running the Nagios web interface. @@ -155,7 +155,7 @@ in virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); - example = literalExample '' + example = literalExpression '' { hostName = "example.org"; adminAddr = "webmaster@example.org"; enableSSL = true; diff --git a/nixpkgs/nixos/modules/services/monitoring/netdata.nix b/nixpkgs/nixos/modules/services/monitoring/netdata.nix index 3ea84ca815f4..00bdd9fcda0d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/netdata.nix +++ b/nixpkgs/nixos/modules/services/monitoring/netdata.nix @@ -45,7 +45,7 @@ in { package = mkOption { type = types.package; default = pkgs.netdata; - defaultText = "pkgs.netdata"; + defaultText = literalExpression "pkgs.netdata"; description = "Netdata package to use."; }; @@ -84,8 +84,8 @@ in { extraPackages = mkOption { type = types.functionTo (types.listOf types.package); default = ps: []; - defaultText = "ps: []"; - example = literalExample '' + defaultText = literalExpression "ps: []"; + example = literalExpression '' ps: [ ps.psycopg2 ps.docker @@ -102,7 +102,7 @@ in { extraPluginPaths = mkOption { type = types.listOf types.path; default = [ ]; - example = literalExample '' + example = literalExpression '' [ "/path/to/plugins.d" ] ''; description = '' @@ -121,7 +121,7 @@ in { type = types.attrsOf types.attrs; default = {}; description = "netdata.conf configuration as nix attributes. cannot be combined with configText."; - example = literalExample '' + example = literalExpression '' global = { "debug log" = "syslog"; "access log" = "syslog"; diff --git a/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix b/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix index e6a72dea0260..eeee04b4400c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix @@ -39,7 +39,7 @@ in hostname = lib.mkOption { type = lib.types.str; default = config.networking.fqdn; - defaultText = "config.networking.fqdn"; + defaultText = lib.literalExpression "config.networking.fqdn"; example = "monitoring.example.com"; description = '' The hostname to use when configuring Postfix. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix index 1b02ebf37045..1f396634ae01 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -45,7 +45,7 @@ in { package = mkOption { type = types.package; default = pkgs.prometheus-alertmanager; - defaultText = "pkgs.alertmanager"; + defaultText = literalExpression "pkgs.alertmanager"; description = '' Package that should be used for alertmanager. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix index 1161d18ab14b..d2b37cf688bf 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix @@ -692,7 +692,7 @@ in { package = mkOption { type = types.package; default = pkgs.prometheus; - defaultText = "pkgs.prometheus"; + defaultText = literalExpression "pkgs.prometheus"; description = '' The prometheus package that should be used. ''; @@ -833,7 +833,7 @@ in { alertmanagers = mkOption { type = types.listOf types.attrs; - example = literalExample '' + example = literalExpression '' [ { scheme = "https"; path_prefix = "/alertmanager"; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index 9182c2f2ed87..62e90232e114 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, options, ... }: let - inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers + inherit (lib) concatStrings foldl foldl' genAttrs literalExpression maintainers mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption optional types mkOptionDefault flip attrNames; @@ -32,6 +32,7 @@ let "dnsmasq" "domain" "dovecot" + "fastly" "fritzbox" "influxdb" "json" @@ -108,7 +109,7 @@ let firewallFilter = mkOption { type = types.nullOr types.str; default = null; - example = literalExample '' + example = literalExpression '' "-i eth0 -p tcp -m tcp --dport ${toString port}" ''; description = '' @@ -184,6 +185,28 @@ let serviceConfig.DynamicUser = mkDefault enableDynamicUser; serviceConfig.User = mkDefault conf.user; serviceConfig.Group = conf.group; + # Hardening + serviceConfig.CapabilityBoundingSet = mkDefault [ "" ]; + serviceConfig.DeviceAllow = [ "" ]; + serviceConfig.LockPersonality = true; + serviceConfig.MemoryDenyWriteExecute = true; + serviceConfig.NoNewPrivileges = true; + serviceConfig.PrivateDevices = true; + serviceConfig.ProtectClock = mkDefault true; + serviceConfig.ProtectControlGroups = true; + serviceConfig.ProtectHome = true; + serviceConfig.ProtectHostname = true; + serviceConfig.ProtectKernelLogs = true; + serviceConfig.ProtectKernelModules = true; + serviceConfig.ProtectKernelTunables = true; + serviceConfig.ProtectSystem = mkDefault "strict"; + serviceConfig.RemoveIPC = true; + serviceConfig.RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + serviceConfig.RestrictNamespaces = true; + serviceConfig.RestrictRealtime = true; + serviceConfig.RestrictSUIDSGID = true; + serviceConfig.SystemCallArchitectures = "native"; + serviceConfig.UMask = "0077"; } serviceOpts ]); }; in @@ -203,7 +226,7 @@ in }; description = "Prometheus exporter configuration"; default = {}; - example = literalExample '' + example = literalExpression '' { node = { enable = true; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix index d8a526eafcea..1ef264fc86e5 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix @@ -41,6 +41,10 @@ in -format.new=${if cfg.newMetricFormat then "true" else "false"} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix index 7557480ac062..e9be39608fcb 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix @@ -36,7 +36,7 @@ in queues = mkOption { type = with types; nullOr (listOf str); default = null; - example = literalExample ''[ "my-queue1" "my-queue2" ]''; + example = literalExpression ''[ "my-queue1" "my-queue2" ]''; description = '' Which specific queues to process. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix index 472652fe8a7a..092ac6fea7d7 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix @@ -83,6 +83,10 @@ in --dovecot.scopes ${concatStringsSep "," cfg.scopes} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix new file mode 100644 index 000000000000..5b35bb29a301 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, options }: + +with lib; + +let cfg = config.services.prometheus.exporters.fastly; +in +{ + port = 9118; + extraOpts = { + debug = mkEnableOption "Debug logging mode for fastly-exporter"; + + configFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path to a fastly-exporter configuration file. + Example one can be generated with <literal>fastly-exporter --config-file-example</literal>. + ''; + example = "./fastly-exporter-config.txt"; + }; + + tokenPath = mkOption { + type = types.nullOr types.path; + apply = final: if final == null then null else toString final; + description = '' + A run-time path to the token file, which is supposed to be provisioned + outside of Nix store. + ''; + }; + }; + serviceOpts = { + script = '' + ${optionalString (cfg.tokenPath != null) + "export FASTLY_API_TOKEN=$(cat ${toString cfg.tokenPath})"} + ${pkgs.fastly-exporter}/bin/fastly-exporter \ + -endpoint http://${cfg.listenAddress}:${cfg.port}/metrics + ${optionalString cfg.debug "-debug true"} \ + ${optionalString cfg.configFile "-config-file ${cfg.configFile}"} + ''; + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix index 6a35f46308fe..b85e5461f218 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix @@ -9,7 +9,7 @@ in { extraOpts = { brokers = mkOption { type = types.listOf types.str; - example = literalExample ''[ "kafka.example.org:19092" ]''; + example = literalExpression ''[ "kafka.example.org:19092" ]''; description = "List of Kafka brokers to connect to."; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix index 9677281f8772..27aeb9096243 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix @@ -13,7 +13,7 @@ in { extraOpts = { controlSocketPaths = mkOption { type = types.listOf types.str; - example = literalExample '' + example = literalExpression '' [ "/run/kea/kea-dhcp4.socket" "/run/kea/kea-dhcp6.socket" @@ -34,6 +34,10 @@ in { ${concatStringsSep " \\n" cfg.controlSocketPaths} ''; SupplementaryGroups = [ "kea" ]; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix index 46c28fe0a578..29e543f1013b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix @@ -10,7 +10,7 @@ in { knotLibraryPath = mkOption { type = types.str; default = "${pkgs.knot-dns.out}/lib/libknot.so"; - defaultText = "\${pkgs.knot-dns}/lib/libknot.so"; + defaultText = literalExpression ''"''${pkgs.knot-dns.out}/lib/libknot.so"''; description = '' Path to the library of <package>knot-dns</package>. ''; @@ -45,6 +45,10 @@ in { ${concatStringsSep " \\\n " cfg.extraFlags} ''; SupplementaryGroups = [ "knot" ]; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix index 7e196149fbb3..956bd96aa454 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix @@ -100,7 +100,7 @@ let servers = mkOption { type = types.listOf (types.submodule serverOptions); default = []; - example = literalExample '' + example = literalExpression '' [ { name = "testserver"; server = "smtp.domain.tld"; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix index 62c2cc568476..8f9536b702a5 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix @@ -15,7 +15,7 @@ in Path to a mikrotik exporter configuration file. Mutually exclusive with <option>configuration</option> option. ''; - example = literalExample "./mikrotik.yml"; + example = literalExpression "./mikrotik.yml"; }; configuration = mkOption { @@ -28,7 +28,7 @@ in See <link xlink:href="https://github.com/nshttpd/mikrotik-exporter/blob/master/README.md"/> for the description of the configuration file format. ''; - example = literalExample '' + example = literalExpression '' { devices = [ { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix index 86ea98b94e4c..afd03f6c270e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix @@ -28,6 +28,10 @@ in -rate ${cfg.refreshRate} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix index adc2abe0b91c..baac21b050f5 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -11,7 +11,7 @@ in enabledCollectors = mkOption { type = types.listOf types.str; default = []; - example = ''[ "systemd" ]''; + example = [ "systemd" ]; description = '' Collectors to enable. The collectors listed here are enabled in addition to the default ones. ''; @@ -19,7 +19,7 @@ in disabledCollectors = mkOption { type = types.listOf types.str; default = []; - example = ''[ "timex" ]''; + example = [ "timex" ]; description = '' Collectors to disable which are enabled by default. ''; @@ -35,6 +35,10 @@ in ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags} ''; + # The systemd collector needs AF_UNIX + RestrictAddressFamilies = lib.optional (lib.any (x: x == "systemd") cfg.enabledCollectors) "AF_UNIX"; + # The timex collector needs to access clock APIs + ProtectClock = lib.any (x: x == "timex") cfg.disabledCollectors; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix index 21c2e5eab4ca..4bc27ebc32f8 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix @@ -42,8 +42,8 @@ in }; piholePort = mkOption { type = types.port; - default = "80"; - example = "443"; + default = 80; + example = 443; description = '' The port pihole webinterface is reachable on ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix index dd3bec8ec16c..3f9a32ef3995 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix @@ -79,6 +79,10 @@ in --web.telemetry-path ${cfg.telemetryPath} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix index e3b3d18367fd..1e9c402fb55b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix @@ -11,14 +11,12 @@ in extraOpts = { settings.process_names = mkOption { type = types.listOf types.anything; - default = {}; - example = literalExample '' - { - process_names = [ - # Remove nix store path from process name - { name = "{{.Matches.Wrapped}} {{ .Matches.Args }}"; cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ]; } - ]; - } + default = []; + example = literalExpression '' + [ + # Remove nix store path from process name + { name = "{{.Matches.Wrapped}} {{ .Matches.Args }}"; cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ]; } + ] ''; description = '' All settings expressed as an Nix attrset. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix index 994670a376e7..ed985751e428 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix @@ -62,8 +62,8 @@ in default = { host = config.networking.hostName; }; - defaultText = "{ host = config.networking.hostName; }"; - example = literalExample '' + defaultText = literalExpression "{ host = config.networking.hostName; }"; + example = literalExpression '' { host = config.networking.hostName; custom_label = "some_value"; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix index 01e420db3897..ef829a1b7d02 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix @@ -61,6 +61,11 @@ in serviceConfig = { # rtl-sdr udev rules make supported USB devices +rw by plugdev. SupplementaryGroups = "plugdev"; + # rtl_433 needs rw access to the USB radio. + PrivateDevices = lib.mkForce false; + DeviceAllow = lib.mkForce "char-usb_device rw"; + RestrictAddressFamilies = [ "AF_NETLINK" ]; + ExecStart = let matchers = (map (m: "--channel_matcher '${m.name},${toString m.channel},${m.location}'" diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix index 104ab859f2ee..a805a0ad335d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix @@ -30,7 +30,7 @@ in }; }; }); - example = literalExample '' + example = literalExpression '' { scripts = [ { name = "sleep"; script = "sleep 5"; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix index 0a7bb9c27be2..0181c341a7ef 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix @@ -45,6 +45,7 @@ in serviceOpts = { serviceConfig = { AmbientCapabilities = [ "CAP_NET_RAW" ]; + CapabilityBoundingSet = [ "CAP_NET_RAW" ]; ExecStart = '' ${pkgs.prometheus-smokeping-prober}/bin/smokeping_prober \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index 01276366e97b..de42663e67f4 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -14,7 +14,7 @@ in description = '' Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option. ''; - example = "./snmp.yml"; + example = literalExpression "./snmp.yml"; }; configuration = mkOption { @@ -23,16 +23,14 @@ in description = '' Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option. ''; - example = '' - { - "default" = { - "version" = 2; - "auth" = { - "community" = "public"; - }; + example = { + "default" = { + "version" = 2; + "auth" = { + "community" = "public"; }; }; - ''; + }; }; logFormat = mkOption { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix index d9be724ebc03..3496fd9541f3 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix @@ -99,6 +99,10 @@ in -config.file ${configFile} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix index 0514469b8a61..c0a50f07d717 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix @@ -13,6 +13,10 @@ in { ${pkgs.prometheus-systemd-exporter}/bin/systemd_exporter \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix index 56a559531c14..cf0efddd340a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix @@ -49,6 +49,10 @@ in ${optionalString (cfg.controlInterface != null) "--control-interface ${cfg.controlInterface}"} \ ${toString cfg.extraFlags} ''; + RestrictAddressFamilies = [ + # Need AF_UNIX to collect data + "AF_UNIX" + ]; }; }] ++ [ (mkIf config.services.unbound.enable { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index 04421fc2d25a..d4aa69629ec8 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -52,6 +52,7 @@ in { serviceConfig = { AmbientCapabilities = [ "CAP_NET_ADMIN" ]; + CapabilityBoundingSet = [ "CAP_NET_ADMIN" ]; ExecStart = '' ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \ -p ${toString cfg.port} \ @@ -61,6 +62,10 @@ in { ${optionalString cfg.withRemoteIp "-r"} \ ${optionalString (cfg.wireguardConfig != null) "-n ${escapeShellArg cfg.wireguardConfig}"} ''; + RestrictAddressFamilies = [ + # Need AF_NETLINK to collect data + "AF_NETLINK" + ]; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix index f8fcc3eb97ef..01b993762436 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix @@ -26,7 +26,7 @@ in { package = mkOption { type = types.package; default = pkgs.prometheus-pushgateway; - defaultText = "pkgs.prometheus-pushgateway"; + defaultText = literalExpression "pkgs.prometheus-pushgateway"; description = '' Package that should be used for the prometheus pushgateway. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/scollector.nix b/nixpkgs/nixos/modules/services/monitoring/scollector.nix index ef535585e9be..6a6fe110f940 100644 --- a/nixpkgs/nixos/modules/services/monitoring/scollector.nix +++ b/nixpkgs/nixos/modules/services/monitoring/scollector.nix @@ -43,8 +43,7 @@ in { package = mkOption { type = types.package; default = pkgs.scollector; - defaultText = "pkgs.scollector"; - example = literalExample "pkgs.scollector"; + defaultText = literalExpression "pkgs.scollector"; description = '' scollector binary to use. ''; @@ -78,7 +77,7 @@ in { collectors = mkOption { type = with types; attrsOf (listOf path); default = {}; - example = literalExample "{ \"0\" = [ \"\${postgresStats}/bin/collect-stats\" ]; }"; + example = literalExpression ''{ "0" = [ "''${postgresStats}/bin/collect-stats" ]; }''; description = '' An attribute set mapping the frequency of collection to a list of binaries that should be executed at that frequency. You can use "0" diff --git a/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix b/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix index ce9e57a187cd..e2271e571c40 100644 --- a/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix +++ b/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix @@ -24,18 +24,21 @@ in environment.systemPackages = [ pkgs.teamviewer ]; + services.dbus.packages = [ pkgs.teamviewer ]; + systemd.services.teamviewerd = { description = "TeamViewer remote control daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "NetworkManager-wait-online.service" "network.target" ]; + after = [ "NetworkManager-wait-online.service" "network.target" "dbus.service" ]; + requires = [ "dbus.service" ]; preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer"; startLimitIntervalSec = 60; startLimitBurst = 10; serviceConfig = { - Type = "forking"; - ExecStart = "${pkgs.teamviewer}/bin/teamviewerd -d"; + Type = "simple"; + ExecStart = "${pkgs.teamviewer}/bin/teamviewerd -f"; PIDFile = "/run/teamviewerd.pid"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "on-abort"; diff --git a/nixpkgs/nixos/modules/services/monitoring/telegraf.nix b/nixpkgs/nixos/modules/services/monitoring/telegraf.nix index 4046260c1649..13aae58d0f37 100644 --- a/nixpkgs/nixos/modules/services/monitoring/telegraf.nix +++ b/nixpkgs/nixos/modules/services/monitoring/telegraf.nix @@ -15,7 +15,7 @@ in { package = mkOption { default = pkgs.telegraf; - defaultText = "pkgs.telegraf"; + defaultText = literalExpression "pkgs.telegraf"; description = "Which telegraf derivation to use"; type = types.package; }; @@ -23,7 +23,7 @@ in { environmentFiles = mkOption { type = types.listOf types.path; default = []; - example = "/run/keys/telegraf.env"; + example = [ "/run/keys/telegraf.env" ]; description = '' File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this diff --git a/nixpkgs/nixos/modules/services/monitoring/thanos.nix b/nixpkgs/nixos/modules/services/monitoring/thanos.nix index 96addf392bd7..da626788d827 100644 --- a/nixpkgs/nixos/modules/services/monitoring/thanos.nix +++ b/nixpkgs/nixos/modules/services/monitoring/thanos.nix @@ -120,7 +120,7 @@ let type = with types; nullOr str; default = if cfg.tracing.config == null then null else toString (toYAML "tracing.yaml" cfg.tracing.config); - defaultText = '' + defaultText = literalExpression '' if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config); ''; @@ -185,7 +185,7 @@ let type = with types; nullOr str; default = if cfg.objstore.config == null then null else toString (toYAML "objstore.yaml" cfg.objstore.config); - defaultText = '' + defaultText = literalExpression '' if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config); ''; @@ -227,7 +227,7 @@ let option = mkOption { type = types.str; default = "/var/lib/${config.services.prometheus.stateDir}/data"; - defaultText = "/var/lib/\${config.services.prometheus.stateDir}/data"; + defaultText = literalExpression ''"/var/lib/''${config.services.prometheus.stateDir}/data"''; description = '' Data directory of TSDB. ''; @@ -656,7 +656,7 @@ in { package = mkOption { type = types.package; default = pkgs.thanos; - defaultText = "pkgs.thanos"; + defaultText = literalExpression "pkgs.thanos"; description = '' The thanos package that should be used. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix b/nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix index 208f5e4875b4..81a7b408bcc4 100644 --- a/nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix +++ b/nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix @@ -87,7 +87,7 @@ in { pass = mkOption { type = types.path; default = pkgs.writeText "unifi-poller-influxdb-default.password" "unifipoller"; - defaultText = "unifi-poller-influxdb-default.password"; + defaultText = literalExpression "unifi-poller-influxdb-default.password"; description = '' Path of a file containing the password for influxdb. This file needs to be readable by the unifi-poller user. @@ -130,7 +130,7 @@ in { pass = mkOption { type = types.path; default = pkgs.writeText "unifi-poller-unifi-default.password" "unifi"; - defaultText = "unifi-poller-unifi-default.password"; + defaultText = literalExpression "unifi-poller-unifi-default.password"; description = '' Path of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user. diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix index 7eb6449e384d..c48b973f1ef7 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix @@ -4,7 +4,7 @@ let cfg = config.services.zabbixAgent; inherit (lib) mkDefault mkEnableOption mkIf mkMerge mkOption; - inherit (lib) attrValues concatMapStringsSep literalExample optionalString types; + inherit (lib) attrValues concatMapStringsSep literalExpression optionalString types; inherit (lib.generators) toKeyValue; user = "zabbix-agent"; @@ -34,15 +34,15 @@ in package = mkOption { type = types.package; default = pkgs.zabbix.agent; - defaultText = "pkgs.zabbix.agent"; + defaultText = literalExpression "pkgs.zabbix.agent"; description = "The Zabbix package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = with pkgs; [ nettools ]; - defaultText = "[ nettools ]"; - example = "[ nettools mysql ]"; + defaultText = literalExpression "with pkgs; [ nettools ]"; + example = literalExpression "with pkgs; [ nettools mysql ]"; description = '' Packages to be added to the Zabbix <envar>PATH</envar>. Typically used to add executables for scripts, but can be anything. @@ -53,7 +53,7 @@ in type = types.attrsOf types.package; description = "A set of modules to load."; default = {}; - example = literalExample '' + example = literalExpression '' { "dummy.so" = pkgs.stdenv.mkDerivation { name = "zabbix-dummy-module-''${cfg.package.version}"; diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix index 8c7a2970e9b3..b5009f47f175 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix @@ -6,7 +6,7 @@ let mysql = config.services.mysql; inherit (lib) mkAfter mkDefault mkEnableOption mkIf mkMerge mkOption; - inherit (lib) attrValues concatMapStringsSep getName literalExample optional optionalAttrs optionalString types; + inherit (lib) attrValues concatMapStringsSep getName literalExpression optional optionalAttrs optionalString types; inherit (lib.generators) toKeyValue; user = "zabbix"; @@ -52,14 +52,14 @@ in if cfg.database.type == "mysql" then pkgs.zabbix.proxy-mysql else if cfg.database.type == "pgsql" then pkgs.zabbix.proxy-pgsql else pkgs.zabbix.proxy-sqlite; - defaultText = "pkgs.zabbix.proxy-pgsql"; + defaultText = literalExpression "pkgs.zabbix.proxy-pgsql"; description = "The Zabbix package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = with pkgs; [ nettools nmap traceroute ]; - defaultText = "[ nettools nmap traceroute ]"; + defaultText = literalExpression "[ nettools nmap traceroute ]"; description = '' Packages to be added to the Zabbix <envar>PATH</envar>. Typically used to add executables for scripts, but can be anything. @@ -70,7 +70,7 @@ in type = types.attrsOf types.package; description = "A set of modules to load."; default = {}; - example = literalExample '' + example = literalExpression '' { "dummy.so" = pkgs.stdenv.mkDerivation { name = "zabbix-dummy-module-''${cfg.package.version}"; @@ -109,7 +109,7 @@ in name = mkOption { type = types.str; default = if cfg.database.type == "sqlite" then "${stateDir}/zabbix.db" else "zabbix"; - defaultText = "zabbix"; + defaultText = literalExpression "zabbix"; description = "Database name."; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix index c8658634ecb6..9b0fd9dbff13 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix @@ -6,7 +6,7 @@ let mysql = config.services.mysql; inherit (lib) mkAfter mkDefault mkEnableOption mkIf mkMerge mkOption; - inherit (lib) attrValues concatMapStringsSep getName literalExample optional optionalAttrs optionalString types; + inherit (lib) attrValues concatMapStringsSep getName literalExpression optional optionalAttrs optionalString types; inherit (lib.generators) toKeyValue; user = "zabbix"; @@ -44,14 +44,14 @@ in package = mkOption { type = types.package; default = if cfg.database.type == "mysql" then pkgs.zabbix.server-mysql else pkgs.zabbix.server-pgsql; - defaultText = "pkgs.zabbix.server-pgsql"; + defaultText = literalExpression "pkgs.zabbix.server-pgsql"; description = "The Zabbix package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = with pkgs; [ nettools nmap traceroute ]; - defaultText = "[ nettools nmap traceroute ]"; + defaultText = literalExpression "[ nettools nmap traceroute ]"; description = '' Packages to be added to the Zabbix <envar>PATH</envar>. Typically used to add executables for scripts, but can be anything. @@ -62,7 +62,7 @@ in type = types.attrsOf types.package; description = "A set of modules to load."; default = {}; - example = literalExample '' + example = literalExpression '' { "dummy.so" = pkgs.stdenv.mkDerivation { name = "zabbix-dummy-module-''${cfg.package.version}"; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix b/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix index d833062c4737..e313589134f1 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix @@ -97,6 +97,7 @@ in mgrModulePath = mkOption { type = types.path; default = "${pkgs.ceph.lib}/lib/ceph/mgr"; + defaultText = literalExpression ''"''${pkgs.ceph.lib}/lib/ceph/mgr"''; description = '' Path at which to find ceph-mgr modules. ''; @@ -181,6 +182,7 @@ in rgwMimeTypesFile = mkOption { type = with types; nullOr path; default = "${pkgs.mime-types}/etc/mime.types"; + defaultText = literalExpression ''"''${pkgs.mime-types}/etc/mime.types"''; description = '' Path to mime types used by radosgw. ''; @@ -190,11 +192,9 @@ in extraConfig = mkOption { type = with types; attrsOf str; default = {}; - example = '' - { - "ms bind ipv6" = "true"; - }; - ''; + example = { + "ms bind ipv6" = "true"; + }; description = '' Extra configuration to add to the global section. Use for setting values that are common for all daemons in the cluster. ''; @@ -205,9 +205,7 @@ in daemons = mkOption { type = with types; listOf str; default = []; - example = '' - [ "name1" "name2" ]; - ''; + example = [ "name1" "name2" ]; description = '' A list of names for manager daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mgr.name1 @@ -227,9 +225,7 @@ in daemons = mkOption { type = with types; listOf str; default = []; - example = '' - [ "name1" "name2" ]; - ''; + example = [ "name1" "name2" ]; description = '' A list of monitor daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mon.name1 @@ -249,9 +245,7 @@ in daemons = mkOption { type = with types; listOf str; default = []; - example = '' - [ "name1" "name2" ]; - ''; + example = [ "name1" "name2" ]; description = '' A list of OSD daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in osd.name1 @@ -279,9 +273,7 @@ in daemons = mkOption { type = with types; listOf str; default = []; - example = '' - [ "name1" "name2" ]; - ''; + example = [ "name1" "name2" ]; description = '' A list of metadata service daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mds.name1 @@ -301,9 +293,7 @@ in daemons = mkOption { type = with types; listOf str; default = []; - example = '' - [ "name1" "name2" ]; - ''; + example = [ "name1" "name2" ]; description = '' A list of rados gateway daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons @@ -318,7 +308,7 @@ in extraConfig = mkOption { type = with types; attrsOf (attrsOf str); default = {}; - example = '' + example = literalExpression '' { # This would create a section for a radosgw daemon named node0 and related # configuration for it diff --git a/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix index d70092999f67..bc8be05ca8cb 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix @@ -113,19 +113,16 @@ in type = types.nullOr (types.submodule { options = { tlsKeyPath = mkOption { - default = null; type = types.str; description = "Path to the private key used for TLS."; }; tlsPem = mkOption { - default = null; type = types.path; description = "Path to the certificate used for TLS."; }; caCert = mkOption { - default = null; type = types.path; description = "Path certificate authority used to sign the cluster certificates."; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix index faa515835b67..36b72ca48b2c 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix @@ -57,7 +57,7 @@ in package = mkOption { type = types.package; default = pkgs.ipfs; - defaultText = "pkgs.ipfs"; + defaultText = literalExpression "pkgs.ipfs"; description = "Which IPFS package to use."; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix b/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix index f1806c5af0a9..51eb920d778d 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix @@ -13,7 +13,7 @@ in package = mkOption { description = "Package to use."; default = pkgs.litestream; - defaultText = "pkgs.litestream"; + defaultText = literalExpression "pkgs.litestream"; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix b/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix index 03884cb72976..c8cc5052c2ac 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix @@ -4,7 +4,7 @@ with import ./lib.nix { inherit config lib pkgs; }; let - inherit (lib) getBin mkOption mkIf optionalString singleton types; + inherit (lib) getBin literalExpression mkOption mkIf optionalString singleton types; cfg = config.services.openafsClient; @@ -57,11 +57,10 @@ in CellServDB. See CellServDB(5) man page for syntax. Ignored when <literal>afsdb</literal> is set to <literal>true</literal>. ''; - example = '' - [ { ip = "1.2.3.4"; dnsname = "first.afsdb.server.dns.fqdn.org"; } - { ip = "2.3.4.5"; dnsname = "second.afsdb.server.dns.fqdn.org"; } - ] - ''; + example = [ + { ip = "1.2.3.4"; dnsname = "first.afsdb.server.dns.fqdn.org"; } + { ip = "2.3.4.5"; dnsname = "second.afsdb.server.dns.fqdn.org"; } + ]; }; cache = { @@ -149,13 +148,13 @@ in packages = { module = mkOption { default = config.boot.kernelPackages.openafs; - defaultText = "config.boot.kernelPackages.openafs"; + defaultText = literalExpression "config.boot.kernelPackages.openafs"; type = types.package; description = "OpenAFS kernel module package. MUST match the userland package!"; }; programs = mkOption { default = getBin pkgs.openafs; - defaultText = "getBin pkgs.openafs"; + defaultText = literalExpression "getBin pkgs.openafs"; type = types.package; description = "OpenAFS programs package. MUST match the kernel module package!"; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix b/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix index 4fce650b0133..c1bf83be77b9 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix @@ -4,7 +4,7 @@ with import ./lib.nix { inherit config lib pkgs; }; let - inherit (lib) concatStringsSep mkIf mkOption optionalString types; + inherit (lib) concatStringsSep literalExpression mkIf mkOption optionalString types; bosConfig = pkgs.writeText "BosConfig" ('' restrictmode 1 @@ -81,7 +81,7 @@ in { package = mkOption { default = pkgs.openafs.server or pkgs.openafs; - defaultText = "pkgs.openafs.server or pkgs.openafs"; + defaultText = literalExpression "pkgs.openafs.server or pkgs.openafs"; type = types.package; description = "OpenAFS package for the server binaries"; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix index b69d9e713c3d..36ea5af2168d 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix @@ -47,7 +47,6 @@ in { target = mkOption { type = types.str; - default = null; example = "tcp://server:3334/orangefs"; description = "Target URL"; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix index 8c55ccf5ffb0..621c2fe8f78d 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix @@ -118,12 +118,10 @@ in { servers = mkOption { type = with types; attrsOf types.str; default = {}; - example = '' - { - node1="tcp://node1:3334"; - node2="tcp://node2:3334"; - } - ''; + example = { + node1 = "tcp://node1:3334"; + node2 = "tcp://node2:3334"; + }; description = "URLs for storage server including port. The attribute names define the server alias."; }; @@ -132,8 +130,7 @@ in { These options will create the <literal><FileSystem></literal> sections of config file. ''; default = { orangefs = {}; }; - defaultText = literalExample "{ orangefs = {}; }"; - example = literalExample '' + example = literalExpression '' { fs1 = { id = 101; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/samba.nix b/nixpkgs/nixos/modules/services/network-filesystems/samba.nix index 78ea245cb351..9ed755d0465c 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/samba.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/samba.nix @@ -87,13 +87,20 @@ in <note> <para>If you use the firewall consider adding the following:</para> <programlisting> - networking.firewall.allowedTCPPorts = [ 139 445 ]; - networking.firewall.allowedUDPPorts = [ 137 138 ]; + services.samba.openFirewall = true; </programlisting> </note> ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to automatically open the necessary ports in the firewall. + ''; + }; + enableNmbd = mkOption { type = types.bool; default = true; @@ -117,8 +124,8 @@ in package = mkOption { type = types.package; default = pkgs.samba; - defaultText = "pkgs.samba"; - example = literalExample "pkgs.samba4Full"; + defaultText = literalExpression "pkgs.samba"; + example = literalExpression "pkgs.samba4Full"; description = '' Defines which package should be used for the samba server. ''; @@ -176,7 +183,7 @@ in See <command>man smb.conf</command> for options. ''; type = types.attrsOf (types.attrsOf types.unspecified); - example = literalExample '' + example = literalExpression '' { public = { path = "/srv/public"; "read only" = true; @@ -235,7 +242,10 @@ in }; security.pam.services.samba = {}; - environment.systemPackages = [ config.services.samba.package ]; + environment.systemPackages = [ cfg.package ]; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ]; + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ]; }) ]; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix b/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix index 7d75eb286106..5426463dffac 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix @@ -34,9 +34,8 @@ in }; package = mkOption { default = pkgs.tahoelafs; - defaultText = "pkgs.tahoelafs"; + defaultText = literalExpression "pkgs.tahoelafs"; type = types.package; - example = literalExample "pkgs.tahoelafs"; description = '' The package to use for the Tahoe LAFS daemon. ''; @@ -179,9 +178,8 @@ in }; package = mkOption { default = pkgs.tahoelafs; - defaultText = "pkgs.tahoelafs"; + defaultText = literalExpression "pkgs.tahoelafs"; type = types.package; - example = literalExample "pkgs.tahoelafs"; description = '' The package to use for the Tahoe LAFS daemon. ''; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix index 6cc8a05ee00b..fc0723115787 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -142,7 +142,7 @@ in ''; }; syncMode = mkOption { - type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "ASYNC" ]; + type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; default = "FSYNC"; example = "FDATASYNC"; description = '' @@ -268,7 +268,7 @@ in }; syncMode = mkOption { default = "FSYNC"; - type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "ASYNC" ]; + type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; example = "FDATASYNC"; description = '' The sync mode influences how operations are committed to the disk diff --git a/nixpkgs/nixos/modules/services/networking/3proxy.nix b/nixpkgs/nixos/modules/services/networking/3proxy.nix index 37a48657c1cc..326a8671fcca 100644 --- a/nixpkgs/nixos/modules/services/networking/3proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/3proxy.nix @@ -205,7 +205,7 @@ in { }; }); default = [ ]; - example = literalExample '' + example = literalExpression '' [ { rule = "allow"; @@ -244,7 +244,7 @@ in { }; }); default = [ ]; - example = literalExample '' + example = literalExpression '' [ { type = "proxy"; @@ -290,17 +290,6 @@ in { "::1" "fc00::/7" ]; - example = [ - "0.0.0.0/8" - "127.0.0.0/8" - "10.0.0.0/8" - "100.64.0.0/10" - "172.16.0.0/12" - "192.168.0.0/16" - "::" - "::1" - "fc00::/7" - ]; description = '' What IP ranges to deny access when denyPrivate is set tu true. ''; @@ -322,19 +311,17 @@ in { nscache = mkOption { type = types.int; default = 65535; - example = 65535; description = "Set name cache size for IPv4."; }; nscache6 = mkOption { type = types.int; default = 65535; - example = 65535; description = "Set name cache size for IPv6."; }; nsrecord = mkOption { type = types.attrsOf types.str; default = { }; - example = literalExample '' + example = literalExpression '' { "files.local" = "192.168.1.12"; "site.local" = "192.168.1.43"; diff --git a/nixpkgs/nixos/modules/services/networking/asterisk.nix b/nixpkgs/nixos/modules/services/networking/asterisk.nix index 03a2544b9a7e..af091d55c01b 100644 --- a/nixpkgs/nixos/modules/services/networking/asterisk.nix +++ b/nixpkgs/nixos/modules/services/networking/asterisk.nix @@ -115,7 +115,7 @@ in confFiles = mkOption { default = {}; type = types.attrsOf types.str; - example = literalExample + example = literalExpression '' { "extensions.conf" = ''' @@ -200,7 +200,7 @@ in package = mkOption { type = types.package; default = pkgs.asterisk; - defaultText = "pkgs.asterisk"; + defaultText = literalExpression "pkgs.asterisk"; description = "The Asterisk package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/atftpd.nix b/nixpkgs/nixos/modules/services/networking/atftpd.nix index e7fd48c99a85..da5e305201f8 100644 --- a/nixpkgs/nixos/modules/services/networking/atftpd.nix +++ b/nixpkgs/nixos/modules/services/networking/atftpd.nix @@ -28,7 +28,7 @@ in extraOptions = mkOption { default = []; type = types.listOf types.str; - example = literalExample '' + example = literalExpression '' [ "--bind-address 192.168.9.1" "--verbose=7" ] diff --git a/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix b/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix index 020a817f2596..50c4ffdedce8 100644 --- a/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix @@ -54,7 +54,7 @@ in hostName = mkOption { type = types.str; default = config.networking.hostName; - defaultText = literalExample "config.networking.hostName"; + defaultText = literalExpression "config.networking.hostName"; description = '' Host name advertised on the LAN. If not set, avahi will use the value of <option>config.networking.hostName</option>. @@ -87,7 +87,7 @@ in ipv6 = mkOption { type = types.bool; default = config.networking.enableIPv6; - defaultText = "config.networking.enableIPv6"; + defaultText = literalExpression "config.networking.enableIPv6"; description = "Whether to use IPv6."; }; @@ -134,7 +134,7 @@ in extraServiceFiles = mkOption { type = with types; attrsOf (either str path); default = {}; - example = literalExample '' + example = literalExpression '' { ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; smb = ''' diff --git a/nixpkgs/nixos/modules/services/networking/bee.nix b/nixpkgs/nixos/modules/services/networking/bee.nix index 8a77ce23ab4d..d6efade0630f 100644 --- a/nixpkgs/nixos/modules/services/networking/bee.nix +++ b/nixpkgs/nixos/modules/services/networking/bee.nix @@ -20,8 +20,8 @@ in { package = mkOption { type = types.package; default = pkgs.bee; - defaultText = "pkgs.bee"; - example = "pkgs.bee-unstable"; + defaultText = literalExpression "pkgs.bee"; + example = literalExpression "pkgs.bee-unstable"; description = "The package providing the bee binary for the service."; }; diff --git a/nixpkgs/nixos/modules/services/networking/biboumi.nix b/nixpkgs/nixos/modules/services/networking/biboumi.nix index 66ddca93d818..3f46b95eaf0c 100644 --- a/nixpkgs/nixos/modules/services/networking/biboumi.nix +++ b/nixpkgs/nixos/modules/services/networking/biboumi.nix @@ -107,6 +107,7 @@ in options.policy_directory = mkOption { type = types.path; default = "${pkgs.biboumi}/etc/biboumi"; + defaultText = literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; description = '' A directory that should contain the policy files, used to customize Botan’s behaviour diff --git a/nixpkgs/nixos/modules/services/networking/bind.nix b/nixpkgs/nixos/modules/services/networking/bind.nix index 0c23fb7e40f0..f2b2e4c4d5d4 100644 --- a/nixpkgs/nixos/modules/services/networking/bind.nix +++ b/nixpkgs/nixos/modules/services/networking/bind.nix @@ -110,7 +110,7 @@ in package = mkOption { type = types.package; default = pkgs.bind; - defaultText = "pkgs.bind"; + defaultText = literalExpression "pkgs.bind"; description = "The BIND package to use."; }; @@ -209,7 +209,7 @@ in configFile = mkOption { type = types.path; default = confFile; - defaultText = "confFile"; + defaultText = literalExpression "confFile"; description = " Overridable config file to use for named. By default, that generated by nixos. diff --git a/nixpkgs/nixos/modules/services/networking/bitcoind.nix b/nixpkgs/nixos/modules/services/networking/bitcoind.nix index bc9aa53f49aa..80033d958609 100644 --- a/nixpkgs/nixos/modules/services/networking/bitcoind.nix +++ b/nixpkgs/nixos/modules/services/networking/bitcoind.nix @@ -40,7 +40,7 @@ let package = mkOption { type = types.package; default = pkgs.bitcoind; - defaultText = "pkgs.bitcoind"; + defaultText = literalExpression "pkgs.bitcoind"; description = "The package providing bitcoin binaries."; }; @@ -88,7 +88,7 @@ let }; users = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { alice.passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"; bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99"; diff --git a/nixpkgs/nixos/modules/services/networking/bitlbee.nix b/nixpkgs/nixos/modules/services/networking/bitlbee.nix index ff6a0b426399..8bf04e3a1a23 100644 --- a/nixpkgs/nixos/modules/services/networking/bitlbee.nix +++ b/nixpkgs/nixos/modules/services/networking/bitlbee.nix @@ -16,7 +16,6 @@ let '' [settings] RunMode = Daemon - User = bitlbee ConfigDir = ${cfg.configDir} DaemonInterface = ${cfg.interface} DaemonPort = ${toString cfg.portNumber} @@ -109,7 +108,7 @@ in plugins = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.bitlbee-facebook ]"; + example = literalExpression "[ pkgs.bitlbee-facebook ]"; description = '' The list of bitlbee plugins to install. ''; @@ -118,7 +117,7 @@ in libpurple_plugins = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.purple-matrix ]"; + example = literalExpression "[ pkgs.purple-matrix ]"; description = '' The list of libpurple plugins to install. ''; @@ -166,25 +165,17 @@ in config = mkMerge [ (mkIf config.services.bitlbee.enable { - users.users.bitlbee = { - uid = bitlbeeUid; - group = "bitlbee"; - description = "BitlBee user"; - home = "/var/lib/bitlbee"; - createHome = true; - }; - - users.groups.bitlbee = { - gid = config.ids.gids.bitlbee; - }; - systemd.services.bitlbee = { environment.PURPLE_PLUGIN_PATH = purple_plugin_path; description = "BitlBee IRC to other chat networks gateway"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig.User = "bitlbee"; - serviceConfig.ExecStart = "${bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}"; + + serviceConfig = { + DynamicUser = true; + StateDirectory = "bitlbee"; + ExecStart = "${bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}"; + }; }; environment.systemPackages = [ bitlbeePkg ]; diff --git a/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix b/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix index ca323e495ec1..eeea521c8d51 100644 --- a/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix +++ b/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix @@ -15,6 +15,7 @@ let package = mkOption { type = types.package; default = pkgs.blockbook; + defaultText = literalExpression "pkgs.blockbook"; description = "Which blockbook package to use."; }; @@ -50,7 +51,6 @@ let coinName = mkOption { type = types.str; default = "Bitcoin"; - example = "Bitcoin"; description = '' See <link xlink:href="https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61"/> for current of coins supported in master (Note: may differ from release). @@ -60,7 +60,8 @@ let cssDir = mkOption { type = types.path; default = "${config.package}/share/css/"; - example = "${config.dataDir}/static/css/"; + defaultText = literalExpression ''"''${package}/share/css/"''; + example = literalExpression ''"''${dataDir}/static/css/"''; description = '' Location of the dir with <filename>main.css</filename> CSS file. By default, the one shipped with the package is used. @@ -82,21 +83,18 @@ let internal = mkOption { type = types.nullOr types.str; default = ":9030"; - example = ":9030"; description = "Internal http server binding <literal>[address]:port</literal>."; }; messageQueueBinding = mkOption { type = types.str; default = "tcp://127.0.0.1:38330"; - example = "tcp://127.0.0.1:38330"; description = "Message Queue Binding <literal>address:port</literal>."; }; public = mkOption { type = types.nullOr types.str; default = ":9130"; - example = ":9130"; description = "Public http server binding <literal>[address]:port</literal>."; }; @@ -116,14 +114,12 @@ let user = mkOption { type = types.str; default = "rpc"; - example = "rpc"; description = "Username for JSON-RPC connections."; }; password = mkOption { type = types.str; default = "rpc"; - example = "rpc"; description = '' RPC password for JSON-RPC connections. Warning: this is stored in cleartext in the Nix store!!! @@ -150,14 +146,15 @@ let templateDir = mkOption { type = types.path; default = "${config.package}/share/templates/"; - example = "${config.dataDir}/templates/static/"; + defaultText = literalExpression ''"''${package}/share/templates/"''; + example = literalExpression ''"''${dataDir}/templates/static/"''; description = "Location of the HTML templates. By default, ones shipped with the package are used."; }; extraConfig = mkOption { type = types.attrs; default = {}; - example = literalExample '' { + example = literalExpression '' { "alternative_estimate_fee" = "whatthefee-disabled"; "alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}"; "fiat_rates" = "coingecko"; diff --git a/nixpkgs/nixos/modules/services/networking/cjdns.nix b/nixpkgs/nixos/modules/services/networking/cjdns.nix index ca95d00c2ff8..0d97d379e907 100644 --- a/nixpkgs/nixos/modules/services/networking/cjdns.nix +++ b/nixpkgs/nixos/modules/services/networking/cjdns.nix @@ -150,7 +150,7 @@ in connectTo = mkOption { type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); default = { }; - example = literalExample '' + example = literalExpression '' { "192.168.1.1:27313" = { hostname = "homer.hype"; @@ -197,7 +197,7 @@ in connectTo = mkOption { type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); default = { }; - example = literalExample '' + example = literalExpression '' { "01:02:03:04:05:06" = { hostname = "homer.hype"; diff --git a/nixpkgs/nixos/modules/services/networking/connman.nix b/nixpkgs/nixos/modules/services/networking/connman.nix index 608672c6446c..8886e7a30f1f 100644 --- a/nixpkgs/nixos/modules/services/networking/connman.nix +++ b/nixpkgs/nixos/modules/services/networking/connman.nix @@ -77,10 +77,11 @@ in { }; package = mkOption { - type = types.path; + type = types.package; description = "The connman package / build flavor"; default = connman; - example = literalExample "pkgs.connmanFull"; + defaultText = literalExpression "pkgs.connman"; + example = literalExpression "pkgs.connmanFull"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/consul.nix b/nixpkgs/nixos/modules/services/networking/consul.nix index 476ca738dd1b..792b2e7f5dfe 100644 --- a/nixpkgs/nixos/modules/services/networking/consul.nix +++ b/nixpkgs/nixos/modules/services/networking/consul.nix @@ -34,7 +34,7 @@ in package = mkOption { type = types.package; default = pkgs.consul; - defaultText = "pkgs.consul"; + defaultText = literalExpression "pkgs.consul"; description = '' The package used for the Consul agent and CLI. ''; @@ -121,7 +121,7 @@ in package = mkOption { description = "Package to use for consul-alerts."; default = pkgs.consul-alerts; - defaultText = "pkgs.consul-alerts"; + defaultText = literalExpression "pkgs.consul-alerts"; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/networking/coredns.nix b/nixpkgs/nixos/modules/services/networking/coredns.nix index afb2b547a465..88615d8e610f 100644 --- a/nixpkgs/nixos/modules/services/networking/coredns.nix +++ b/nixpkgs/nixos/modules/services/networking/coredns.nix @@ -22,7 +22,7 @@ in { package = mkOption { default = pkgs.coredns; - defaultText = "pkgs.coredns"; + defaultText = literalExpression "pkgs.coredns"; type = types.package; description = "Coredns package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/corerad.nix b/nixpkgs/nixos/modules/services/networking/corerad.nix index e76ba9a2d00d..9d79d5d7686b 100644 --- a/nixpkgs/nixos/modules/services/networking/corerad.nix +++ b/nixpkgs/nixos/modules/services/networking/corerad.nix @@ -14,7 +14,7 @@ in { settings = mkOption { type = settingsFormat.type; - example = literalExample '' + example = literalExpression '' { interfaces = [ # eth0 is an upstream interface monitoring for IPv6 router advertisements. @@ -44,13 +44,13 @@ in { configFile = mkOption { type = types.path; - example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\""; + example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; description = "Path to CoreRAD TOML configuration file."; }; package = mkOption { default = pkgs.corerad; - defaultText = literalExample "pkgs.corerad"; + defaultText = literalExpression "pkgs.corerad"; type = types.package; description = "CoreRAD package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/coturn.nix b/nixpkgs/nixos/modules/services/networking/coturn.nix index 12098ec6d338..610754e9bd39 100644 --- a/nixpkgs/nixos/modules/services/networking/coturn.nix +++ b/nixpkgs/nixos/modules/services/networking/coturn.nix @@ -68,7 +68,7 @@ in { alt-listening-port = mkOption { type = types.int; default = cfg.listening-port + 1; - defaultText = "listening-port + 1"; + defaultText = literalExpression "listening-port + 1"; description = '' Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". @@ -83,7 +83,7 @@ in { alt-tls-listening-port = mkOption { type = types.int; default = cfg.tls-listening-port + 1; - defaultText = "tls-listening-port + 1"; + defaultText = literalExpression "tls-listening-port + 1"; description = '' Alternative listening port for TLS and DTLS protocols. ''; diff --git a/nixpkgs/nixos/modules/services/networking/dnscache.nix b/nixpkgs/nixos/modules/services/networking/dnscache.nix index d06032daecc7..7452210de47f 100644 --- a/nixpkgs/nixos/modules/services/networking/dnscache.nix +++ b/nixpkgs/nixos/modules/services/networking/dnscache.nix @@ -61,7 +61,7 @@ in { Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used. ''; - example = literalExample '' + example = literalExpression '' { "@" = ["8.8.8.8" "8.8.4.4"]; "example.com" = ["192.168.100.100"]; diff --git a/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix b/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix index 72965c267a86..dc6a019e9b77 100644 --- a/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix +++ b/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix @@ -13,7 +13,7 @@ in Attrset that is converted and passed as TOML config file. For available params, see: <link xlink:href="https://github.com/DNSCrypt/dnscrypt-proxy/blob/${pkgs.dnscrypt-proxy2.version}/dnscrypt-proxy/example-dnscrypt-proxy.toml"/> ''; - example = literalExample '' + example = literalExpression '' { sources.public-resolvers = { urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ]; @@ -29,7 +29,7 @@ in upstreamDefaults = mkOption { description = '' - Whether to base the config declared in <literal>services.dnscrypt-proxy2.settings</literal> on the upstream example config (<link xlink:href="https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml"/>) + Whether to base the config declared in <option>services.dnscrypt-proxy2.settings</option> on the upstream example config (<link xlink:href="https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml"/>) Disable this if you want to declare your dnscrypt config from scratch. ''; @@ -56,7 +56,7 @@ in ''} ${pkgs.remarshal}/bin/json2toml < config.json > $out ''; - defaultText = literalExample "TOML file generated from services.dnscrypt-proxy2.settings"; + defaultText = literalDocBook "TOML file generated from <option>services.dnscrypt-proxy2.settings</option>"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix b/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix index 0e55bc386653..efd492e23f8c 100644 --- a/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix +++ b/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix @@ -15,7 +15,7 @@ in { flags = mkOption { type = types.listOf types.str; default = []; - example = literalExample [ "--server-address=9.9.9.9:53" ]; + example = [ "--server-address=9.9.9.9:53" ]; description = '' A list of command-line flags to pass to doh-proxy. For details on the available options, see <link xlink:href="https://github.com/jedisct1/doh-server#usage"/>. diff --git a/nixpkgs/nixos/modules/services/networking/ejabberd.nix b/nixpkgs/nixos/modules/services/networking/ejabberd.nix index a5af25b983b9..daf8d5c42475 100644 --- a/nixpkgs/nixos/modules/services/networking/ejabberd.nix +++ b/nixpkgs/nixos/modules/services/networking/ejabberd.nix @@ -32,7 +32,7 @@ in { package = mkOption { type = types.package; default = pkgs.ejabberd; - defaultText = "pkgs.ejabberd"; + defaultText = literalExpression "pkgs.ejabberd"; description = "ejabberd server package to use"; }; @@ -76,7 +76,7 @@ in { type = types.listOf types.path; default = []; description = "Configuration dumps that should be loaded on the first startup"; - example = literalExample "[ ./myejabberd.dump ]"; + example = literalExpression "[ ./myejabberd.dump ]"; }; imagemagick = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/epmd.nix b/nixpkgs/nixos/modules/services/networking/epmd.nix index 3899d164f16a..75d78476e578 100644 --- a/nixpkgs/nixos/modules/services/networking/epmd.nix +++ b/nixpkgs/nixos/modules/services/networking/epmd.nix @@ -20,6 +20,7 @@ in package = mkOption { type = types.package; default = pkgs.erlang; + defaultText = literalExpression "pkgs.erlang"; description = '' The Erlang package to use to get epmd binary. That way you can re-use an Erlang runtime that is already installed for other purposes. diff --git a/nixpkgs/nixos/modules/services/networking/ferm.nix b/nixpkgs/nixos/modules/services/networking/ferm.nix index 07338ccf4d9c..8e03f30efc00 100644 --- a/nixpkgs/nixos/modules/services/networking/ferm.nix +++ b/nixpkgs/nixos/modules/services/networking/ferm.nix @@ -30,14 +30,14 @@ in { config = mkOption { description = "Verbatim ferm.conf configuration."; default = ""; - defaultText = "empty firewall, allows any traffic"; + defaultText = literalDocBook "empty firewall, allows any traffic"; type = types.lines; }; package = mkOption { description = "The ferm package."; type = types.package; default = pkgs.ferm; - defaultText = "pkgs.ferm"; + defaultText = literalExpression "pkgs.ferm"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/firewall.nix b/nixpkgs/nixos/modules/services/networking/firewall.nix index f982621e2328..b5b46fe6042c 100644 --- a/nixpkgs/nixos/modules/services/networking/firewall.nix +++ b/nixpkgs/nixos/modules/services/networking/firewall.nix @@ -325,8 +325,8 @@ in package = mkOption { type = types.package; default = pkgs.iptables; - defaultText = "pkgs.iptables"; - example = literalExample "pkgs.iptables-nftables-compat"; + defaultText = literalExpression "pkgs.iptables"; + example = literalExpression "pkgs.iptables-nftables-compat"; description = '' The iptables package to use for running the firewall service." @@ -500,7 +500,7 @@ in extraPackages = mkOption { type = types.listOf types.package; default = [ ]; - example = literalExample "[ pkgs.ipset ]"; + example = literalExpression "[ pkgs.ipset ]"; description = '' Additional packages to be included in the environment of the system diff --git a/nixpkgs/nixos/modules/services/networking/flannel.nix b/nixpkgs/nixos/modules/services/networking/flannel.nix index 2d67a2a2ad22..b15339870ee2 100644 --- a/nixpkgs/nixos/modules/services/networking/flannel.nix +++ b/nixpkgs/nixos/modules/services/networking/flannel.nix @@ -20,7 +20,7 @@ in { description = "Package to use for flannel"; type = types.package; default = pkgs.flannel; - defaultText = "pkgs.flannel"; + defaultText = literalExpression "pkgs.flannel"; }; publicIp = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/ghostunnel.nix b/nixpkgs/nixos/modules/services/networking/ghostunnel.nix index 58a51df6cca2..7a62d378e2c6 100644 --- a/nixpkgs/nixos/modules/services/networking/ghostunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/ghostunnel.nix @@ -5,7 +5,7 @@ let concatMap concatStringsSep escapeShellArg - literalExample + literalExpression mapAttrs' mkDefault mkEnableOption @@ -219,7 +219,7 @@ in description = "The ghostunnel package to use."; type = types.package; default = pkgs.ghostunnel; - defaultText = literalExample ''pkgs.ghostunnel''; + defaultText = literalExpression "pkgs.ghostunnel"; }; services.ghostunnel.servers = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix b/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix index 367a42687e13..976fdf2b962a 100644 --- a/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix +++ b/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix @@ -21,7 +21,7 @@ in as described at <link xlink:href="https://www.infradead.org/openconnect/hip.html" /> ''; default = null; - example = literalExample "\${pkgs.openconnect}/libexec/openconnect/hipreport.sh"; + example = literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; type = types.nullOr types.path; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/gnunet.nix b/nixpkgs/nixos/modules/services/networking/gnunet.nix index cf3d1841a979..5c41967d279b 100644 --- a/nixpkgs/nixos/modules/services/networking/gnunet.nix +++ b/nixpkgs/nixos/modules/services/networking/gnunet.nix @@ -115,9 +115,9 @@ in package = mkOption { type = types.package; default = pkgs.gnunet; - defaultText = "pkgs.gnunet"; + defaultText = literalExpression "pkgs.gnunet"; description = "Overridable attribute of the gnunet package to use."; - example = literalExample "pkgs.gnunet_git"; + example = literalExpression "pkgs.gnunet_git"; }; extraOptions = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/gobgpd.nix b/nixpkgs/nixos/modules/services/networking/gobgpd.nix index d3b03471f4eb..29ef9a5cf1e3 100644 --- a/nixpkgs/nixos/modules/services/networking/gobgpd.nix +++ b/nixpkgs/nixos/modules/services/networking/gobgpd.nix @@ -18,7 +18,7 @@ in { <link xlink:href="https://github.com/osrg/gobgp#documentation"/> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { global = { config = { diff --git a/nixpkgs/nixos/modules/services/networking/hans.nix b/nixpkgs/nixos/modules/services/networking/hans.nix index 84147db00f61..2639b4b68001 100644 --- a/nixpkgs/nixos/modules/services/networking/hans.nix +++ b/nixpkgs/nixos/modules/services/networking/hans.nix @@ -27,7 +27,7 @@ in where <replaceable>name</replaceable> is the name of the corresponding attribute name. ''; - example = literalExample '' + example = literalExpression '' { foo = { server = "192.0.2.1"; diff --git a/nixpkgs/nixos/modules/services/networking/hylafax/options.nix b/nixpkgs/nixos/modules/services/networking/hylafax/options.nix index 74960e69b9ac..8e59c68054d2 100644 --- a/nixpkgs/nixos/modules/services/networking/hylafax/options.nix +++ b/nixpkgs/nixos/modules/services/networking/hylafax/options.nix @@ -2,7 +2,7 @@ let - inherit (lib.options) literalExample mkEnableOption mkOption; + inherit (lib.options) literalExpression mkEnableOption mkOption; inherit (lib.types) bool enum ints lines attrsOf nullOr path str submodule; inherit (lib.modules) mkDefault mkIf mkMerge; @@ -197,7 +197,7 @@ in sendmailPath = mkOption { type = path; - example = literalExample "''${pkgs.postfix}/bin/sendmail"; + example = literalExpression ''"''${pkgs.postfix}/bin/sendmail"''; # '' ; # fix vim description = '' Path to <filename>sendmail</filename> program. @@ -344,7 +344,7 @@ in faxqclean.doneqMinutes = mkOption { type = ints.positive; default = 15; - example = literalExample "24*60"; + example = literalExpression "24*60"; description = '' Set the job age threshold (in minutes) that controls how long @@ -354,7 +354,7 @@ in faxqclean.docqMinutes = mkOption { type = ints.positive; default = 60; - example = literalExample "24*60"; + example = literalExpression "24*60"; description = '' Set the document age threshold (in minutes) that controls how long diff --git a/nixpkgs/nixos/modules/services/networking/i2pd.nix b/nixpkgs/nixos/modules/services/networking/i2pd.nix index fba0d817006e..17828ca44ff2 100644 --- a/nixpkgs/nixos/modules/services/networking/i2pd.nix +++ b/nixpkgs/nixos/modules/services/networking/i2pd.nix @@ -481,7 +481,7 @@ in exploratory.inbound = i2cpOpts "exploratory"; exploratory.outbound = i2cpOpts "exploratory"; - ntcp2.enable = mkEnableTrueOption "NTCP2."; + ntcp2.enable = mkEnableTrueOption "NTCP2"; ntcp2.published = mkEnableOption "NTCP2 publication"; ntcp2.port = mkOption { type = types.int; diff --git a/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix b/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix index 2975696f9c24..8593c94e34dc 100644 --- a/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix @@ -101,7 +101,7 @@ in { package = mkOption { default = pkgs.icecream; - defaultText = "pkgs.icecream"; + defaultText = literalExpression "pkgs.icecream"; type = types.package; description = "Icecream package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix b/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix index 4ccbf27015d7..14fbc966b989 100644 --- a/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix +++ b/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix @@ -56,7 +56,7 @@ in { package = mkOption { default = pkgs.icecream; - defaultText = "pkgs.icecream"; + defaultText = literalExpression "pkgs.icecream"; type = types.package; description = "Icecream package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/inspircd.nix b/nixpkgs/nixos/modules/services/networking/inspircd.nix index 8cb2b406ee28..81c367ec8f7d 100644 --- a/nixpkgs/nixos/modules/services/networking/inspircd.nix +++ b/nixpkgs/nixos/modules/services/networking/inspircd.nix @@ -17,8 +17,8 @@ in { package = lib.mkOption { type = lib.types.package; default = pkgs.inspircd; - defaultText = lib.literalExample "pkgs.inspircd"; - example = lib.literalExample "pkgs.inspircdMinimal"; + defaultText = lib.literalExpression "pkgs.inspircd"; + example = lib.literalExpression "pkgs.inspircdMinimal"; description = '' The InspIRCd package to use. This is mainly useful to specify an overridden version of the diff --git a/nixpkgs/nixos/modules/services/networking/iodine.nix b/nixpkgs/nixos/modules/services/networking/iodine.nix index f67e2d9a5e71..e241afe3269b 100644 --- a/nixpkgs/nixos/modules/services/networking/iodine.nix +++ b/nixpkgs/nixos/modules/services/networking/iodine.nix @@ -36,7 +36,7 @@ in where <replaceable>name</replaceable> is the name of the corresponding attribute name. ''; - example = literalExample '' + example = literalExpression '' { foo = { server = "tunnel.mdomain.com"; diff --git a/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix b/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix index 1f5636e4e3a9..f659f3f3e8c1 100644 --- a/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix +++ b/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix @@ -64,7 +64,7 @@ in rsaKey = mkOption { default = null; - example = literalExample "/root/certificates/irc.key"; + example = literalExpression "/root/certificates/irc.key"; type = types.nullOr types.path; description = " IRCD server RSA key. @@ -73,7 +73,7 @@ in certificate = mkOption { default = null; - example = literalExample "/root/certificates/irc.pem"; + example = literalExpression "/root/certificates/irc.pem"; type = types.nullOr types.path; description = " IRCD server SSL certificate. There are some limitations - read manual. diff --git a/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix b/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix index cbc919a2f76c..051c9c7bff3c 100644 --- a/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix +++ b/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix @@ -23,7 +23,7 @@ in type = package; description = "openiscsi package to use"; default = pkgs.openiscsi; - defaultText = "pkgs.openiscsi"; + defaultText = literalExpression "pkgs.openiscsi"; }; extraConfig = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix b/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix index 3274878c4fae..c12aca1bc24d 100644 --- a/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix +++ b/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix @@ -64,6 +64,12 @@ in default = false; }; + extraIscsiCommands = mkOption { + description = "Extra iscsi commands to run in the initrd."; + default = ""; + type = lines; + }; + extraConfig = mkOption { description = "Extra lines to append to /etc/iscsid.conf"; default = null; @@ -162,6 +168,9 @@ in '' else '' iscsiadm --mode node --targetname ${escapeShellArg cfg.target} --login ''} + + ${cfg.extraIscsiCommands} + pkill -9 iscsid ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/jicofo.nix b/nixpkgs/nixos/modules/services/networking/jicofo.nix index 160a5fea91a0..647119b9039e 100644 --- a/nixpkgs/nixos/modules/services/networking/jicofo.nix +++ b/nixpkgs/nixos/modules/services/networking/jicofo.nix @@ -70,7 +70,7 @@ in config = mkOption { type = attrsOf str; default = { }; - example = literalExample '' + example = literalExpression '' { "org.jitsi.jicofo.auth.URL" = "XMPP:jitsi-meet.example.com"; } diff --git a/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix b/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix index 80f35d56e2db..dd06ad98a973 100644 --- a/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix +++ b/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix @@ -56,7 +56,7 @@ in config = mkOption { type = attrs; default = { }; - example = literalExample '' + example = literalExpression '' { videobridge = { ice.udp.port = 5000; @@ -82,7 +82,7 @@ in See <link xlink:href="https://github.com/jitsi/jitsi-videobridge/blob/master/doc/muc.md" /> for more information. ''; default = { }; - example = literalExample '' + example = literalExpression '' { "localhost" = { hostName = "localhost"; @@ -199,7 +199,7 @@ in Needed for monitoring jitsi. ''; default = []; - example = literalExample "[ \"colibri\" \"rest\" ]"; + example = literalExpression "[ \"colibri\" \"rest\" ]"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix index 85b9bc337726..e96dde5fa89f 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix @@ -102,9 +102,7 @@ with lib; inherit lib; })); default = []; - example = literalExample '' - TODO: Example - ''; + # TODO: example description = "Declarative vhost config"; }; diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix index a3f794c40a89..df7a89cff8cd 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix @@ -7,7 +7,7 @@ with lib.types; script = mkOption { type = str; - example = "\${pkgs.curl} -f http://localhost:80"; + example = literalExpression ''"''${pkgs.curl} -f http://localhost:80"''; description = "(Path of) Script command to execute followed by args, i.e. cmd [args]..."; }; diff --git a/nixpkgs/nixos/modules/services/networking/kippo.nix b/nixpkgs/nixos/modules/services/networking/kippo.nix deleted file mode 100644 index 6fedb0a270f4..000000000000 --- a/nixpkgs/nixos/modules/services/networking/kippo.nix +++ /dev/null @@ -1,117 +0,0 @@ -# NixOS module for kippo honeypot ssh server -# See all the options for configuration details. -# -# Default port is 2222. Recommend using something like this for port redirection to default SSH port: -# networking.firewall.extraCommands = '' -# iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222''; -# -# Lastly: use this service at your own risk. I am working on a way to run this inside a VM. -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.services.kippo; -in -{ - options = { - services.kippo = { - enable = mkOption { - default = false; - type = types.bool; - description = "Enable the kippo honeypot ssh server."; - }; - port = mkOption { - default = 2222; - type = types.int; - description = "TCP port number for kippo to bind to."; - }; - hostname = mkOption { - default = "nas3"; - type = types.str; - description = "Hostname for kippo to present to SSH login"; - }; - varPath = mkOption { - default = "/var/lib/kippo"; - type = types.path; - description = "Path of read/write files needed for operation and configuration."; - }; - logPath = mkOption { - default = "/var/log/kippo"; - type = types.path; - description = "Path of log files needed for operation and configuration."; - }; - pidPath = mkOption { - default = "/run/kippo"; - type = types.path; - description = "Path of pid files needed for operation."; - }; - extraConfig = mkOption { - default = ""; - type = types.lines; - description = "Extra verbatim configuration added to the end of kippo.cfg."; - }; - }; - - }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs.pythonPackages; [ - python pkgs.kippo.twisted pycrypto pyasn1 ]; - - environment.etc."kippo.cfg".text = '' - # Automatically generated by NixOS. - # See ${pkgs.kippo}/src/kippo.cfg for details. - [honeypot] - log_path = ${cfg.logPath} - download_path = ${cfg.logPath}/dl - filesystem_file = ${cfg.varPath}/honeyfs - filesystem_file = ${cfg.varPath}/fs.pickle - data_path = ${cfg.varPath}/data - txtcmds_path = ${cfg.varPath}/txtcmds - public_key = ${cfg.varPath}/keys/public.key - private_key = ${cfg.varPath}/keys/private.key - ssh_port = ${toString cfg.port} - hostname = ${cfg.hostname} - ${cfg.extraConfig} - ''; - - users.users.kippo = { - description = "kippo web server privilege separation user"; - uid = 108; # why does config.ids.uids.kippo give an error? - }; - users.groups.kippo.gid = 108; - - systemd.services.kippo = with pkgs; { - description = "Kippo Web Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment.PYTHONPATH = "${pkgs.kippo}/src/:${pkgs.pythonPackages.pycrypto}/lib/python2.7/site-packages/:${pkgs.pythonPackages.pyasn1}/lib/python2.7/site-packages/:${pkgs.pythonPackages.python}/lib/python2.7/site-packages/:${pkgs.kippo.twisted}/lib/python2.7/site-packages/:."; - preStart = '' - if [ ! -d ${cfg.varPath}/ ] ; then - mkdir -p ${cfg.logPath}/tty - mkdir -p ${cfg.logPath}/dl - mkdir -p ${cfg.varPath}/keys - cp ${pkgs.kippo}/src/honeyfs ${cfg.varPath} -r - cp ${pkgs.kippo}/src/fs.pickle ${cfg.varPath}/fs.pickle - cp ${pkgs.kippo}/src/data ${cfg.varPath} -r - cp ${pkgs.kippo}/src/txtcmds ${cfg.varPath} -r - - chmod u+rw ${cfg.varPath} -R - chown kippo.kippo ${cfg.varPath} -R - chown kippo.kippo ${cfg.logPath} -R - chmod u+rw ${cfg.logPath} -R - fi - if [ ! -d ${cfg.pidPath}/ ] ; then - mkdir -p ${cfg.pidPath} - chmod u+rw ${cfg.pidPath} - chown kippo.kippo ${cfg.pidPath} - fi - ''; - - serviceConfig.ExecStart = "${pkgs.kippo.twisted}/bin/twistd -y ${pkgs.kippo}/src/kippo.tac --syslog --rundir=${cfg.varPath}/ --pidfile=${cfg.pidPath}/kippo.pid --prefix=kippo -n"; - serviceConfig.PermissionsStartOnly = true; - serviceConfig.User = "kippo"; - serviceConfig.Group = "kippo"; - }; -}; -} - - diff --git a/nixpkgs/nixos/modules/services/networking/knot.nix b/nixpkgs/nixos/modules/services/networking/knot.nix index 12ff89fe8492..67eadbd76702 100644 --- a/nixpkgs/nixos/modules/services/networking/knot.nix +++ b/nixpkgs/nixos/modules/services/networking/knot.nix @@ -71,7 +71,7 @@ in { package = mkOption { type = types.package; default = pkgs.knot-dns; - defaultText = "pkgs.knot-dns"; + defaultText = literalExpression "pkgs.knot-dns"; description = '' Which Knot DNS package to use ''; diff --git a/nixpkgs/nixos/modules/services/networking/kresd.nix b/nixpkgs/nixos/modules/services/networking/kresd.nix index 6882a315f616..3a36ac7e6670 100644 --- a/nixpkgs/nixos/modules/services/networking/kresd.nix +++ b/nixpkgs/nixos/modules/services/networking/kresd.nix @@ -62,8 +62,8 @@ in { knot-resolver package to use. "; default = pkgs.knot-resolver; - defaultText = "pkgs.knot-resolver"; - example = literalExample "pkgs.knot-resolver.override { extraFeatures = true; }"; + defaultText = literalExpression "pkgs.knot-resolver"; + example = literalExpression "pkgs.knot-resolver.override { extraFeatures = true; }"; }; extraConfig = mkOption { type = types.lines; diff --git a/nixpkgs/nixos/modules/services/networking/lambdabot.nix b/nixpkgs/nixos/modules/services/networking/lambdabot.nix index b7c8bd008fe1..3005e5824554 100644 --- a/nixpkgs/nixos/modules/services/networking/lambdabot.nix +++ b/nixpkgs/nixos/modules/services/networking/lambdabot.nix @@ -27,7 +27,7 @@ in package = mkOption { type = types.package; default = pkgs.lambdabot; - defaultText = "pkgs.lambdabot"; + defaultText = literalExpression "pkgs.lambdabot"; description = "Used lambdabot package"; }; diff --git a/nixpkgs/nixos/modules/services/networking/libreswan.nix b/nixpkgs/nixos/modules/services/networking/libreswan.nix index 1f0423ac3d84..429167aed9d7 100644 --- a/nixpkgs/nixos/modules/services/networking/libreswan.nix +++ b/nixpkgs/nixos/modules/services/networking/libreswan.nix @@ -66,7 +66,7 @@ in connections = mkOption { type = types.attrsOf types.lines; default = {}; - example = literalExample '' + example = literalExpression '' { myconnection = ''' auto=add left=%defaultroute @@ -85,7 +85,7 @@ in policies = mkOption { type = types.attrsOf types.lines; default = {}; - example = literalExample '' + example = literalExpression '' { private-or-clear = ''' # Attempt opportunistic IPsec for the entire Internet 0.0.0.0/0 diff --git a/nixpkgs/nixos/modules/services/networking/minidlna.nix b/nixpkgs/nixos/modules/services/networking/minidlna.nix index c580ba47dad3..c860f63efa67 100644 --- a/nixpkgs/nixos/modules/services/networking/minidlna.nix +++ b/nixpkgs/nixos/modules/services/networking/minidlna.nix @@ -39,7 +39,7 @@ in services.minidlna.friendlyName = mkOption { type = types.str; default = "${config.networking.hostName} MiniDLNA"; - defaultText = "$HOSTNAME MiniDLNA"; + defaultText = literalExpression ''"''${config.networking.hostName} MiniDLNA"''; example = "rpi3"; description = '' diff --git a/nixpkgs/nixos/modules/services/networking/miredo.nix b/nixpkgs/nixos/modules/services/networking/miredo.nix index 2c8393fb5b41..b7f657efb712 100644 --- a/nixpkgs/nixos/modules/services/networking/miredo.nix +++ b/nixpkgs/nixos/modules/services/networking/miredo.nix @@ -25,7 +25,7 @@ in package = mkOption { type = types.package; default = pkgs.miredo; - defaultText = "pkgs.miredo"; + defaultText = literalExpression "pkgs.miredo"; description = '' The package to use for the miredo daemon's binary. ''; diff --git a/nixpkgs/nixos/modules/services/networking/morty.nix b/nixpkgs/nixos/modules/services/networking/morty.nix index c627feb527b6..dff2f482ca6b 100644 --- a/nixpkgs/nixos/modules/services/networking/morty.nix +++ b/nixpkgs/nixos/modules/services/networking/morty.nix @@ -23,7 +23,6 @@ in type = types.bool; default = true; description = "Allow IPv6 HTTP requests?"; - defaultText = "Allow IPv6 HTTP requests."; }; key = mkOption { @@ -33,21 +32,20 @@ in HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can submit proxy requests. Leave blank to disable. + Generate with <literal>printf %s somevalue | openssl dgst -sha1 -hmac somekey</literal> ''; - defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey"; }; timeout = mkOption { type = types.int; default = 2; description = "Request timeout in seconds."; - defaultText = "A resource now gets 2 seconds to respond."; }; package = mkOption { type = types.package; default = pkgs.morty; - defaultText = "pkgs.morty"; + defaultText = literalExpression "pkgs.morty"; description = "morty package to use."; }; @@ -61,7 +59,6 @@ in type = types.str; default = "127.0.0.1"; description = "The address on which the service listens"; - defaultText = "127.0.0.1 (localhost)"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/mosquitto.nix b/nixpkgs/nixos/modules/services/networking/mosquitto.nix index 8e814ffd0b9b..b0fbfc194083 100644 --- a/nixpkgs/nixos/modules/services/networking/mosquitto.nix +++ b/nixpkgs/nixos/modules/services/networking/mosquitto.nix @@ -56,7 +56,6 @@ in port = mkOption { default = 1883; - example = 1883; type = types.int; description = '' Port on which to listen without SSL. @@ -95,7 +94,6 @@ in port = mkOption { default = 8883; - example = 8883; type = types.int; description = '' Port on which to listen with SSL. diff --git a/nixpkgs/nixos/modules/services/networking/multipath.nix b/nixpkgs/nixos/modules/services/networking/multipath.nix new file mode 100644 index 000000000000..1cc2ad1fc849 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/multipath.nix @@ -0,0 +1,572 @@ +{ config, lib, pkgs, ... }: with lib; + +# See http://christophe.varoqui.free.fr/usage.html and +# https://github.com/opensvc/multipath-tools/blob/master/multipath/multipath.conf.5 + +let + cfg = config.services.multipath; + + indentLines = n: str: concatStringsSep "\n" ( + map (line: "${fixedWidthString n " " " "}${line}") ( + filter ( x: x != "" ) ( splitString "\n" str ) + ) + ); + + addCheckDesc = desc: elemType: check: types.addCheck elemType check + // { description = "${elemType.description} (with check: ${desc})"; }; + hexChars = stringToCharacters "0123456789abcdef"; + isHexString = s: all (c: elem c hexChars) (stringToCharacters (toLower s)); + hexStr = addCheckDesc "hexadecimal string" types.str isHexString; + +in { + + options.services.multipath = with types; { + + enable = mkEnableOption "the device mapper multipath (DM-MP) daemon"; + + package = mkOption { + type = package; + description = "multipath-tools package to use"; + default = pkgs.multipath-tools; + defaultText = "pkgs.multipath-tools"; + }; + + devices = mkOption { + default = [ ]; + example = literalExpression '' + [ + { + vendor = "\"COMPELNT\""; + product = "\"Compellent Vol\""; + path_checker = "tur"; + no_path_retry = "queue"; + max_sectors_kb = 256; + }, ... + ] + ''; + description = '' + This option allows you to define arrays for use in multipath + groups. + ''; + type = listOf (submodule { + options = { + + vendor = mkOption { + type = str; + example = "COMPELNT"; + description = "Regular expression to match the vendor name"; + }; + + product = mkOption { + type = str; + example = "Compellent Vol"; + description = "Regular expression to match the product name"; + }; + + revision = mkOption { + type = nullOr str; + default = null; + description = "Regular expression to match the product revision"; + }; + + product_blacklist = mkOption { + type = nullOr str; + default = null; + description = "Products with the given vendor matching this string are blacklisted"; + }; + + alias_prefix = mkOption { + type = nullOr str; + default = null; + description = "The user_friendly_names prefix to use for this device type, instead of the default mpath"; + }; + + vpd_vendor = mkOption { + type = nullOr str; + default = null; + description = "The vendor specific vpd page information, using the vpd page abbreviation"; + }; + + hardware_handler = mkOption { + type = nullOr (enum [ "emc" "rdac" "hp_sw" "alua" "ana" ]); + default = null; + description = "The hardware handler to use for this device type"; + }; + + # Optional arguments + path_grouping_policy = mkOption { + type = nullOr (enum [ "failover" "multibus" "group_by_serial" "group_by_prio" "group_by_node_name" ]); + default = null; # real default: "failover" + description = "The default path grouping policy to apply to unspecified multipaths"; + }; + + uid_attribute = mkOption { + type = nullOr str; + default = null; + description = "The udev attribute providing a unique path identifier (WWID)"; + }; + + getuid_callout = mkOption { + type = nullOr str; + default = null; + description = '' + (Superseded by uid_attribute) The default program and args to callout + to obtain a unique path identifier. Should be specified with an absolute path. + ''; + }; + + path_selector = mkOption { + type = nullOr (enum [ + ''"round-robin 0"'' + ''"queue-length 0"'' + ''"service-time 0"'' + ''"historical-service-time 0"'' + ]); + default = null; # real default: "service-time 0" + description = "The default path selector algorithm to use; they are offered by the kernel multipath target"; + }; + + path_checker = mkOption { + type = enum [ "readsector0" "tur" "emc_clariion" "hp_sw" "rdac" "directio" "cciss_tur" "none" ]; + default = "tur"; + description = "The default method used to determine the paths state"; + }; + + prio = mkOption { + type = nullOr (enum [ + "none" "const" "sysfs" "emc" "alua" "ontap" "rdac" "hp_sw" "hds" + "random" "weightedpath" "path_latency" "ana" "datacore" "iet" + ]); + default = null; # real default: "const" + description = "The name of the path priority routine"; + }; + + prio_args = mkOption { + type = nullOr str; + default = null; + description = "Arguments to pass to to the prio function"; + }; + + features = mkOption { + type = nullOr str; + default = null; + description = "Specify any device-mapper features to be used"; + }; + + failback = mkOption { + type = nullOr str; + default = null; # real default: "manual" + description = "Tell multipathd how to manage path group failback. Quote integers as strings"; + }; + + rr_weight = mkOption { + type = nullOr (enum [ "priorities" "uniform" ]); + default = null; # real default: "uniform" + description = '' + If set to priorities the multipath configurator will assign path weights + as "path prio * rr_min_io". + ''; + }; + + no_path_retry = mkOption { + type = nullOr str; + default = null; # real default: "fail" + description = "Specify what to do when all paths are down. Quote integers as strings"; + }; + + rr_min_io = mkOption { + type = nullOr int; + default = null; # real default: 1000 + description = '' + Number of I/O requests to route to a path before switching to the next in the + same path group. This is only for Block I/O (BIO) based multipath and + only apply to round-robin path_selector. + ''; + }; + + rr_min_io_rq = mkOption { + type = nullOr int; + default = null; # real default: 1 + description = '' + Number of I/O requests to route to a path before switching to the next in the + same path group. This is only for Request based multipath and + only apply to round-robin path_selector. + ''; + }; + + fast_io_fail_tmo = mkOption { + type = nullOr str; + default = null; # real default: 5 + description = '' + Specify the number of seconds the SCSI layer will wait after a problem has been + detected on a FC remote port before failing I/O to devices on that remote port. + This should be smaller than dev_loss_tmo. Setting this to "off" will disable + the timeout. Quote integers as strings. + ''; + }; + + dev_loss_tmo = mkOption { + type = nullOr str; + default = null; # real default: 600 + description = '' + Specify the number of seconds the SCSI layer will wait after a problem has + been detected on a FC remote port before removing it from the system. This + can be set to "infinity" which sets it to the max value of 2147483647 + seconds, or 68 years. It will be automatically adjusted to the overall + retry interval no_path_retry * polling_interval + if a number of retries is given with no_path_retry and the + overall retry interval is longer than the specified dev_loss_tmo value. + The Linux kernel will cap this value to 600 if fast_io_fail_tmo + is not set. + ''; + }; + + flush_on_last_del = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "no" + description = '' + If set to "yes" multipathd will disable queueing when the last path to a + device has been deleted. + ''; + }; + + user_friendly_names = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "no" + description = '' + If set to "yes", using the bindings file /etc/multipath/bindings + to assign a persistent and unique alias to the multipath, in the + form of mpath. If set to "no" use the WWID as the alias. In either + case this be will be overridden by any specific aliases in the + multipaths section. + ''; + }; + + retain_attached_hw_handler = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "yes" + description = '' + (Obsolete for kernels >= 4.3) If set to "yes" and the SCSI layer has + already attached a hardware_handler to the device, multipath will not + force the device to use the hardware_handler specified by mutipath.conf. + If the SCSI layer has not attached a hardware handler, multipath will + continue to use its configured hardware handler. + + Important Note: Linux kernel 4.3 or newer always behaves as if + "retain_attached_hw_handler yes" was set. + ''; + }; + + detect_prio = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "yes" + description = '' + If set to "yes", multipath will try to detect if the device supports + SCSI-3 ALUA. If so, the device will automatically use the sysfs + prioritizer if the required sysf attributes access_state and + preferred_path are supported, or the alua prioritizer if not. If set + to "no", the prioritizer will be selected as usual. + ''; + }; + + detect_checker = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "yes" + description = '' + If set to "yes", multipath will try to detect if the device supports + SCSI-3 ALUA. If so, the device will automatically use the tur checker. + If set to "no", the checker will be selected as usual. + ''; + }; + + deferred_remove = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "no" + description = '' + If set to "yes", multipathd will do a deferred remove instead of a + regular remove when the last path device has been deleted. This means + that if the multipath device is still in use, it will be freed when + the last user closes it. If path is added to the multipath device + before the last user closes it, the deferred remove will be canceled. + ''; + }; + + san_path_err_threshold = mkOption { + type = nullOr str; + default = null; + description = '' + If set to a value greater than 0, multipathd will watch paths and check + how many times a path has been failed due to errors.If the number of + failures on a particular path is greater then the san_path_err_threshold, + then the path will not reinstate till san_path_err_recovery_time. These + path failures should occur within a san_path_err_forget_rate checks, if + not we will consider the path is good enough to reinstantate. + ''; + }; + + san_path_err_forget_rate = mkOption { + type = nullOr str; + default = null; + description = '' + If set to a value greater than 0, multipathd will check whether the path + failures has exceeded the san_path_err_threshold within this many checks + i.e san_path_err_forget_rate. If so we will not reinstante the path till + san_path_err_recovery_time. + ''; + }; + + san_path_err_recovery_time = mkOption { + type = nullOr str; + default = null; + description = '' + If set to a value greater than 0, multipathd will make sure that when + path failures has exceeded the san_path_err_threshold within + san_path_err_forget_rate then the path will be placed in failed state + for san_path_err_recovery_time duration. Once san_path_err_recovery_time + has timeout we will reinstante the failed path. san_path_err_recovery_time + value should be in secs. + ''; + }; + + marginal_path_err_sample_time = mkOption { + type = nullOr int; + default = null; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + }; + + marginal_path_err_rate_threshold = mkOption { + type = nullOr int; + default = null; + description = "The error rate threshold as a permillage (1/1000)"; + }; + + marginal_path_err_recheck_gap_time = mkOption { + type = nullOr str; + default = null; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + }; + + marginal_path_double_failed_time = mkOption { + type = nullOr str; + default = null; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + }; + + delay_watch_checks = mkOption { + type = nullOr str; + default = null; + description = "This option is deprecated, and mapped to san_path_err_forget_rate"; + }; + + delay_wait_checks = mkOption { + type = nullOr str; + default = null; + description = "This option is deprecated, and mapped to san_path_err_recovery_time"; + }; + + skip_kpartx = mkOption { + type = nullOr (enum [ "yes" "no" ]); + default = null; # real default: "no" + description = "If set to yes, kpartx will not automatically create partitions on the device"; + }; + + max_sectors_kb = mkOption { + type = nullOr int; + default = null; + description = "Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value"; + }; + + ghost_delay = mkOption { + type = nullOr int; + default = null; + description = "Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd"; + }; + + all_tg_pt = mkOption { + type = nullOr str; + default = null; + description = "Set the 'all targets ports' flag when registering keys with mpathpersist"; + }; + + }; + }); + }; + + defaults = mkOption { + type = nullOr str; + default = null; + description = '' + This section defines default values for attributes which are used + whenever no values are given in the appropriate device or multipath + sections. + ''; + }; + + blacklist = mkOption { + type = nullOr str; + default = null; + description = '' + This section defines which devices should be excluded from the + multipath topology discovery. + ''; + }; + + blacklist_exceptions = mkOption { + type = nullOr str; + default = null; + description = '' + This section defines which devices should be included in the + multipath topology discovery, despite being listed in the + blacklist section. + ''; + }; + + overrides = mkOption { + type = nullOr str; + default = null; + description = '' + This section defines values for attributes that should override the + device-specific settings for all devices. + ''; + }; + + extraConfig = mkOption { + type = nullOr str; + default = null; + description = "Lines to append to default multipath.conf"; + }; + + extraConfigFile = mkOption { + type = nullOr str; + default = null; + description = "Append an additional file's contents to /etc/multipath.conf"; + }; + + pathGroups = mkOption { + example = literalExpression '' + [ + { + wwid = "360080e500043b35c0123456789abcdef"; + alias = 10001234; + array = "bigarray.example.com"; + fsType = "zfs"; # optional + options = "ro"; # optional + }, ... + ] + ''; + description = '' + This option allows you to define multipath groups as described + in http://christophe.varoqui.free.fr/usage.html. + ''; + type = listOf (submodule { + options = { + + alias = mkOption { + type = int; + example = 1001234; + description = "The name of the multipath device"; + }; + + wwid = mkOption { + type = hexStr; + example = "360080e500043b35c0123456789abcdef"; + description = "The identifier for the multipath device"; + }; + + array = mkOption { + type = str; + default = null; + example = "bigarray.example.com"; + description = "The DNS name of the storage array"; + }; + + fsType = mkOption { + type = nullOr str; + default = null; + example = "zfs"; + description = "Type of the filesystem"; + }; + + options = mkOption { + type = nullOr str; + default = null; + example = "ro"; + description = "Options used to mount the file system"; + }; + + }; + }); + }; + + }; + + config = mkIf cfg.enable { + environment.etc."multipath.conf".text = + let + inherit (cfg) defaults blacklist blacklist_exceptions overrides; + + mkDeviceBlock = cfg: let + nonNullCfg = lib.filterAttrs (k: v: v != null) cfg; + attrs = lib.mapAttrsToList (name: value: " ${name} ${toString value}") nonNullCfg; + in '' + device { + ${lib.concatStringsSep "\n" attrs} + } + ''; + devices = lib.concatMapStringsSep "\n" mkDeviceBlock cfg.devices; + + mkMultipathBlock = m: '' + multipath { + wwid ${m.wwid} + alias ${toString m.alias} + } + ''; + multipaths = lib.concatMapStringsSep "\n" mkMultipathBlock cfg.pathGroups; + + in '' + devices { + ${indentLines 2 devices} + } + + ${optionalString (!isNull defaults) '' + defaults { + ${indentLines 2 defaults} + multipath_dir ${cfg.package}/lib/multipath + } + ''} + ${optionalString (!isNull blacklist) '' + blacklist { + ${indentLines 2 blacklist} + } + ''} + ${optionalString (!isNull blacklist_exceptions) '' + blacklist_exceptions { + ${indentLines 2 blacklist_exceptions} + } + ''} + ${optionalString (!isNull overrides) '' + overrides { + ${indentLines 2 overrides} + } + ''} + multipaths { + ${indentLines 2 multipaths} + } + ''; + + systemd.packages = [ cfg.package ]; + + environment.systemPackages = [ cfg.package ]; + boot.kernelModules = [ "dm-multipath" "dm-service-time" ]; + + # We do not have systemd in stage-1 boot so must invoke `multipathd` + # with the `-1` argument which disables systemd calls. Invoke `multipath` + # to display the multipath mappings in the output of `journalctl -b`. + boot.initrd.kernelModules = [ "dm-multipath" "dm-service-time" ]; + boot.initrd.postDeviceCommands = '' + modprobe -a dm-multipath dm-service-time + multipathd -s + (set -x && sleep 1 && multipath -ll) + ''; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/murmur.nix b/nixpkgs/nixos/modules/services/networking/murmur.nix index f8bb878ec65d..bbbe1e181bba 100644 --- a/nixpkgs/nixos/modules/services/networking/murmur.nix +++ b/nixpkgs/nixos/modules/services/networking/murmur.nix @@ -112,7 +112,7 @@ in package = mkOption { type = types.package; default = pkgs.murmur; - defaultText = "pkgs.murmur"; + defaultText = literalExpression "pkgs.murmur"; description = "Overridable attribute of the murmur package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/mxisd.nix b/nixpkgs/nixos/modules/services/networking/mxisd.nix index f29d190c6262..803f0689d1fd 100644 --- a/nixpkgs/nixos/modules/services/networking/mxisd.nix +++ b/nixpkgs/nixos/modules/services/networking/mxisd.nix @@ -42,7 +42,7 @@ in { package = mkOption { type = types.package; default = pkgs.ma1sd; - defaultText = "pkgs.ma1sd"; + defaultText = literalExpression "pkgs.ma1sd"; description = "The mxisd/ma1sd package to use"; }; diff --git a/nixpkgs/nixos/modules/services/networking/nat.nix b/nixpkgs/nixos/modules/services/networking/nat.nix index 45eb500fe8ce..2e58cd699b25 100644 --- a/nixpkgs/nixos/modules/services/networking/nat.nix +++ b/nixpkgs/nixos/modules/services/networking/nat.nix @@ -247,7 +247,7 @@ in loopbackIPs = mkOption { type = types.listOf types.str; default = []; - example = literalExample ''[ "55.1.2.3" ]''; + example = literalExpression ''[ "55.1.2.3" ]''; description = "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort' from the host itself and from other hosts behind NAT"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/nats.nix b/nixpkgs/nixos/modules/services/networking/nats.nix index eb0c65bc6561..3e86a4f07bc7 100644 --- a/nixpkgs/nixos/modules/services/networking/nats.nix +++ b/nixpkgs/nixos/modules/services/networking/nats.nix @@ -43,7 +43,6 @@ in { port = mkOption { default = 4222; - example = 4222; type = types.port; description = '' Port on which to listen. @@ -67,7 +66,7 @@ in { settings = mkOption { default = { }; type = format.type; - example = literalExample '' + example = literalExpression '' { jetstream = { max_mem = "1G"; diff --git a/nixpkgs/nixos/modules/services/networking/ncdns.nix b/nixpkgs/nixos/modules/services/networking/ncdns.nix index c5ea5d950573..af17fc0814b2 100644 --- a/nixpkgs/nixos/modules/services/networking/ncdns.nix +++ b/nixpkgs/nixos/modules/services/networking/ncdns.nix @@ -164,7 +164,7 @@ in settings = mkOption { type = configType; default = { }; - example = literalExample '' + example = literalExpression '' { # enable webserver ncdns.httplistenaddr = ":8202"; diff --git a/nixpkgs/nixos/modules/services/networking/ndppd.nix b/nixpkgs/nixos/modules/services/networking/ndppd.nix index 77e979a8a424..6046ac860cfa 100644 --- a/nixpkgs/nixos/modules/services/networking/ndppd.nix +++ b/nixpkgs/nixos/modules/services/networking/ndppd.nix @@ -142,7 +142,7 @@ in { messages, and respond to them according to a set of rules. ''; default = {}; - example = literalExample '' + example = literalExpression '' { eth0.rules."1111::/64" = {}; } diff --git a/nixpkgs/nixos/modules/services/networking/nebula.nix b/nixpkgs/nixos/modules/services/networking/nebula.nix index e7ebfe1b4db7..de4439415cf6 100644 --- a/nixpkgs/nixos/modules/services/networking/nebula.nix +++ b/nixpkgs/nixos/modules/services/networking/nebula.nix @@ -30,7 +30,7 @@ in package = mkOption { type = types.package; default = pkgs.nebula; - defaultText = "pkgs.nebula"; + defaultText = literalExpression "pkgs.nebula"; description = "Nebula derivation to use."; }; @@ -59,9 +59,7 @@ in The static host map defines a set of hosts with fixed IP addresses on the internet (or any network). A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel. ''; - example = literalExample '' - { "192.168.100.1" = [ "100.64.22.11:4242" ]; } - ''; + example = { "192.168.100.1" = [ "100.64.22.11:4242" ]; }; }; isLighthouse = mkOption { @@ -77,7 +75,7 @@ in List of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse nodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs. ''; - example = ''[ "192.168.100.1" ]''; + example = [ "192.168.100.1" ]; }; listen.host = mkOption { @@ -110,14 +108,14 @@ in type = types.listOf types.attrs; default = []; description = "Firewall rules for outbound traffic."; - example = ''[ { port = "any"; proto = "any"; host = "any"; } ]''; + example = [ { port = "any"; proto = "any"; host = "any"; } ]; }; firewall.inbound = mkOption { type = types.listOf types.attrs; default = []; description = "Firewall rules for inbound traffic."; - example = ''[ { port = "any"; proto = "any"; host = "any"; } ]''; + example = [ { port = "any"; proto = "any"; host = "any"; } ]; }; settings = mkOption { @@ -128,7 +126,7 @@ in <link xlink:href="https://github.com/slackhq/nebula/blob/master/examples/config.yml"/> for details on supported values. ''; - example = literalExample '' + example = literalExpression '' { lighthouse.dns = { host = "0.0.0.0"; diff --git a/nixpkgs/nixos/modules/services/networking/networkmanager.nix b/nixpkgs/nixos/modules/services/networking/networkmanager.nix index ba13f575c39e..2a826e0f0870 100644 --- a/nixpkgs/nixos/modules/services/networking/networkmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/networkmanager.nix @@ -353,7 +353,7 @@ in { }; }); default = []; - example = literalExample '' + example = literalExpression '' [ { source = pkgs.writeText "upHook" ''' diff --git a/nixpkgs/nixos/modules/services/networking/nftables.nix b/nixpkgs/nixos/modules/services/networking/nftables.nix index 72f37c32253e..eb74d373b0af 100644 --- a/nixpkgs/nixos/modules/services/networking/nftables.nix +++ b/nixpkgs/nixos/modules/services/networking/nftables.nix @@ -32,6 +32,7 @@ in }; networking.nftables.ruleset = mkOption { type = types.lines; + default = ""; example = '' # Check out https://wiki.nftables.org/ for better documentation. # Table for both IPv4 and IPv6. @@ -86,6 +87,7 @@ in name = "nftables-rules"; text = cfg.ruleset; }; + defaultText = literalDocBook ''a file with the contents of <option>networking.nftables.ruleset</option>''; description = '' The ruleset file to be used with nftables. Should be in a format that diff --git a/nixpkgs/nixos/modules/services/networking/ngircd.nix b/nixpkgs/nixos/modules/services/networking/ngircd.nix index 1b631de3b025..c0b9c98fb4bf 100644 --- a/nixpkgs/nixos/modules/services/networking/ngircd.nix +++ b/nixpkgs/nixos/modules/services/networking/ngircd.nix @@ -34,7 +34,7 @@ in { type = types.package; default = pkgs.ngircd; - defaultText = "pkgs.ngircd"; + defaultText = literalExpression "pkgs.ngircd"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/nixops-dns.nix b/nixpkgs/nixos/modules/services/networking/nixops-dns.nix index 2bb1263b7fa2..5e33d872ea45 100644 --- a/nixpkgs/nixos/modules/services/networking/nixops-dns.nix +++ b/nixpkgs/nixos/modules/services/networking/nixops-dns.nix @@ -34,7 +34,6 @@ in For example "ops" will resolve "vm.ops". ''; - example = "ops"; default = "ops"; }; diff --git a/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix b/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix index 0083990cff5a..a5973cd59334 100644 --- a/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix @@ -159,7 +159,6 @@ in options = { username = mkOption { type = types.str; - default = null; description = '' Username ''; @@ -167,7 +166,6 @@ in passwordHash = mkOption { type = types.str; - default = null; example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"; description = '' SHA-512 password hash (can be generated by @@ -189,15 +187,17 @@ in ''; default = {}; - example = literalExample '' - "user1" = { - passwordHash = "$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0"; - maxConnections = 5; - }; - "anotheruser" = { - passwordHash = "$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0"; - maxConnections = 7; - }; + example = literalExpression '' + { + "user1" = { + passwordHash = "$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0"; + maxConnections = 5; + }; + "anotheruser" = { + passwordHash = "$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0"; + maxConnections = 7; + }; + } ''; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/nomad.nix b/nixpkgs/nixos/modules/services/networking/nomad.nix index 48689f1195c5..3bd15bd5c808 100644 --- a/nixpkgs/nixos/modules/services/networking/nomad.nix +++ b/nixpkgs/nixos/modules/services/networking/nomad.nix @@ -13,7 +13,7 @@ in package = mkOption { type = types.package; default = pkgs.nomad; - defaultText = "pkgs.nomad"; + defaultText = literalExpression "pkgs.nomad"; description = '' The package used for the Nomad agent and CLI. ''; @@ -25,7 +25,7 @@ in description = '' Extra packages to add to <envar>PATH</envar> for the Nomad agent process. ''; - example = literalExample '' + example = literalExpression '' with pkgs; [ cni-plugins ] ''; }; @@ -55,7 +55,7 @@ in description = '' Additional settings paths used to configure nomad. These can be files or directories. ''; - example = literalExample '' + example = literalExpression '' [ "/etc/nomad-mutable.json" "/run/keys/nomad-with-secrets.json" "/etc/nomad/config.d" ] ''; }; @@ -81,7 +81,7 @@ in the <literal>DynamicUser</literal> feature of systemd which directly manages and operates on <literal>StateDirectory</literal>. ''; - example = literalExample '' + example = literalExpression '' { # A minimal config example: server = { diff --git a/nixpkgs/nixos/modules/services/networking/nsd.nix b/nixpkgs/nixos/modules/services/networking/nsd.nix index 2ac0a8c7922e..893995165b9e 100644 --- a/nixpkgs/nixos/modules/services/networking/nsd.nix +++ b/nixpkgs/nixos/modules/services/networking/nsd.nix @@ -260,7 +260,6 @@ let data = mkOption { type = types.lines; default = ""; - example = ""; description = '' The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file. @@ -397,7 +396,6 @@ let requestXFR = mkOption { type = types.listOf types.str; default = []; - example = []; description = '' Format: <code>[AXFR|UDP] <ip-address> <key-name | NOKEY></code> ''; @@ -726,7 +724,7 @@ in }; }); default = {}; - example = literalExample '' + example = literalExpression '' { "tsig.example.org" = { algorithm = "hmac-md5"; keyFile = "/path/to/my/key"; @@ -861,7 +859,7 @@ in zones = mkOption { type = types.attrsOf zoneOptions; default = {}; - example = literalExample '' + example = literalExpression '' { "serverGroup1" = { provideXFR = [ "10.1.2.3 NOKEY" ]; children = { diff --git a/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix b/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix index ed61c178c685..d414936a2c2b 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix @@ -44,7 +44,7 @@ in package = mkOption { type = types.package; default = pkgs.chrony; - defaultText = "pkgs.chrony"; + defaultText = literalExpression "pkgs.chrony"; description = '' Which chrony package to use. ''; diff --git a/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix b/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix index 1dffbd78bbe4..ce4802ce0245 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix @@ -97,7 +97,7 @@ in extraFlags = mkOption { type = types.listOf types.str; description = "Extra flags passed to the ntpd command."; - example = literalExample ''[ "--interface=eth0" ]''; + example = literalExpression ''[ "--interface=eth0" ]''; default = []; }; diff --git a/nixpkgs/nixos/modules/services/networking/ofono.nix b/nixpkgs/nixos/modules/services/networking/ofono.nix index 40ef9433de0f..460b06443c41 100644 --- a/nixpkgs/nixos/modules/services/networking/ofono.nix +++ b/nixpkgs/nixos/modules/services/networking/ofono.nix @@ -24,7 +24,7 @@ in plugins = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.modem-manager-gui ]"; + example = literalExpression "[ pkgs.modem-manager-gui ]"; description = '' The list of plugins to install. ''; diff --git a/nixpkgs/nixos/modules/services/networking/onedrive.nix b/nixpkgs/nixos/modules/services/networking/onedrive.nix index c52f920bae25..0256a6a41115 100644 --- a/nixpkgs/nixos/modules/services/networking/onedrive.nix +++ b/nixpkgs/nixos/modules/services/networking/onedrive.nix @@ -35,8 +35,7 @@ in { package = lib.mkOption { type = lib.types.package; default = pkgs.onedrive; - defaultText = "pkgs.onedrive"; - example = lib.literalExample "pkgs.onedrive"; + defaultText = lib.literalExpression "pkgs.onedrive"; description = '' OneDrive package to use. ''; diff --git a/nixpkgs/nixos/modules/services/networking/openvpn.nix b/nixpkgs/nixos/modules/services/networking/openvpn.nix index b4c2c944b6e6..cf3f79fc578f 100644 --- a/nixpkgs/nixos/modules/services/networking/openvpn.nix +++ b/nixpkgs/nixos/modules/services/networking/openvpn.nix @@ -84,7 +84,7 @@ in services.openvpn.servers = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { server = { config = ''' diff --git a/nixpkgs/nixos/modules/services/networking/ostinato.nix b/nixpkgs/nixos/modules/services/networking/ostinato.nix index 5e8cce5b89aa..4da11984b9fc 100644 --- a/nixpkgs/nixos/modules/services/networking/ostinato.nix +++ b/nixpkgs/nixos/modules/services/networking/ostinato.nix @@ -65,7 +65,7 @@ in include = mkOption { type = types.listOf types.str; default = []; - example = ''[ "eth*" "lo*" ]''; + example = [ "eth*" "lo*" ]; description = '' For a port to pass the filter and appear on the port list managed by drone, it be allowed by this include list. @@ -74,7 +74,7 @@ in exclude = mkOption { type = types.listOf types.str; default = []; - example = ''[ "usbmon*" "eth0" ]''; + example = [ "usbmon*" "eth0" ]; description = '' A list of ports does not appear on the port list managed by drone. ''; diff --git a/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix b/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix index a326eccfd65d..0579d314a9ba 100644 --- a/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix @@ -127,7 +127,7 @@ in { settings = mkOption { type = configType; default = { }; - example = literalExample '' + example = literalExpression '' { loglevel = 8; log-common-errors = true; diff --git a/nixpkgs/nixos/modules/services/networking/pleroma.nix b/nixpkgs/nixos/modules/services/networking/pleroma.nix index 93ab29b71e5c..2f32faf387ca 100644 --- a/nixpkgs/nixos/modules/services/networking/pleroma.nix +++ b/nixpkgs/nixos/modules/services/networking/pleroma.nix @@ -9,6 +9,7 @@ in { package = mkOption { type = types.package; default = pkgs.pleroma; + defaultText = literalExpression "pkgs.pleroma"; description = "Pleroma package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/pppd.nix b/nixpkgs/nixos/modules/services/networking/pppd.nix index 37f44f07ac46..d1ed25b0238f 100644 --- a/nixpkgs/nixos/modules/services/networking/pppd.nix +++ b/nixpkgs/nixos/modules/services/networking/pppd.nix @@ -16,7 +16,7 @@ in package = mkOption { default = pkgs.ppp; - defaultText = "pkgs.ppp"; + defaultText = literalExpression "pkgs.ppp"; type = types.package; description = "pppd package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/privoxy.nix b/nixpkgs/nixos/modules/services/networking/privoxy.nix index df818baa465d..7bc964d5f34a 100644 --- a/nixpkgs/nixos/modules/services/networking/privoxy.nix +++ b/nixpkgs/nixos/modules/services/networking/privoxy.nix @@ -164,7 +164,7 @@ in }; }; default = {}; - example = literalExample '' + example = literalExpression '' { # Listen on IPv6 only listen-address = "[::]:8118"; diff --git a/nixpkgs/nixos/modules/services/networking/prosody.nix b/nixpkgs/nixos/modules/services/networking/prosody.nix index e7a7aa700be6..42596ccfefd9 100644 --- a/nixpkgs/nixos/modules/services/networking/prosody.nix +++ b/nixpkgs/nixos/modules/services/networking/prosody.nix @@ -500,8 +500,8 @@ in type = types.package; description = "Prosody package to use"; default = pkgs.prosody; - defaultText = "pkgs.prosody"; - example = literalExample '' + defaultText = literalExpression "pkgs.prosody"; + example = literalExpression '' pkgs.prosody.override { withExtraLibs = [ pkgs.luaPackages.lpty ]; withCommunityModules = [ "auth_external" ]; diff --git a/nixpkgs/nixos/modules/services/networking/quassel.nix b/nixpkgs/nixos/modules/services/networking/quassel.nix index bfbd3b46ab4d..22940ef7a13a 100644 --- a/nixpkgs/nixos/modules/services/networking/quassel.nix +++ b/nixpkgs/nixos/modules/services/networking/quassel.nix @@ -37,11 +37,10 @@ in package = mkOption { type = types.package; default = pkgs.quasselDaemon; - defaultText = "pkgs.quasselDaemon"; + defaultText = literalExpression "pkgs.quasselDaemon"; description = '' The package of the quassel daemon. ''; - example = literalExample "pkgs.quasselDaemon"; }; interfaces = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/quorum.nix b/nixpkgs/nixos/modules/services/networking/quorum.nix index 2f612c9db686..50148dc314da 100644 --- a/nixpkgs/nixos/modules/services/networking/quorum.nix +++ b/nixpkgs/nixos/modules/services/networking/quorum.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (lib) mkEnableOption mkIf mkOption literalExample types optionalString; + inherit (lib) mkEnableOption mkIf mkOption literalExpression types optionalString; cfg = config.services.quorum; dataDir = "/var/lib/quorum"; @@ -130,7 +130,7 @@ in { genesis = mkOption { type = types.nullOr types.attrs; default = null; - example = literalExample '' { + example = literalExpression '' { alloc = { a47385db68718bdcbddc2d2bb7c54018066ec111 = { balance = "1000000000000000000000000000"; diff --git a/nixpkgs/nixos/modules/services/networking/radicale.nix b/nixpkgs/nixos/modules/services/networking/radicale.nix index 368259b5b0bf..c121008d5294 100644 --- a/nixpkgs/nixos/modules/services/networking/radicale.nix +++ b/nixpkgs/nixos/modules/services/networking/radicale.nix @@ -33,7 +33,7 @@ in { # warnings about incompatible configuration and storage formats. type = with types; nullOr package // { inherit (package) description; }; default = null; - defaultText = "pkgs.radicale"; + defaultText = literalExpression "pkgs.radicale"; }; config = mkOption { @@ -55,7 +55,7 @@ in { <link xlink:href="https://radicale.org/3.0.html#documentation/configuration" />. This option is mutually exclusive with <option>config</option>. ''; - example = literalExample '' + example = literalExpression '' server = { hosts = [ "0.0.0.0:5232" "[::]:5232" ]; }; @@ -80,7 +80,7 @@ in { <option>settings.rights.file</option> to approriate values. ''; default = { }; - example = literalExample '' + example = literalExpression '' root = { user = ".+"; collection = ""; diff --git a/nixpkgs/nixos/modules/services/networking/searx.nix b/nixpkgs/nixos/modules/services/networking/searx.nix index 04f7d7e31f46..9fb06af7442e 100644 --- a/nixpkgs/nixos/modules/services/networking/searx.nix +++ b/nixpkgs/nixos/modules/services/networking/searx.nix @@ -68,7 +68,7 @@ in settings = mkOption { type = types.attrsOf settingType; default = { }; - example = literalExample '' + example = literalExpression '' { server.port = 8080; server.bind_address = "0.0.0.0"; server.secret_key = "@SEARX_SECRET_KEY@"; @@ -116,7 +116,7 @@ in package = mkOption { type = types.package; default = pkgs.searx; - defaultText = "pkgs.searx"; + defaultText = literalExpression "pkgs.searx"; description = "searx package to use."; }; @@ -138,7 +138,7 @@ in uwsgiConfig = mkOption { type = options.services.uwsgi.instance.type; default = { http = ":8080"; }; - example = literalExample '' + example = literalExpression '' { disable-logging = true; http = ":8080"; # serve via HTTP... diff --git a/nixpkgs/nixos/modules/services/networking/shadowsocks.nix b/nixpkgs/nixos/modules/services/networking/shadowsocks.nix index d2541f9a6dff..7bea269a9ed0 100644 --- a/nixpkgs/nixos/modules/services/networking/shadowsocks.nix +++ b/nixpkgs/nixos/modules/services/networking/shadowsocks.nix @@ -98,7 +98,7 @@ in plugin = mkOption { type = types.nullOr types.str; default = null; - example = "\${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"; + example = literalExpression ''"''${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"''; description = '' SIP003 plugin for shadowsocks ''; @@ -116,11 +116,9 @@ in extraConfig = mkOption { type = types.attrs; default = {}; - example = '' - { - nameserver = "8.8.8.8"; - } - ''; + example = { + nameserver = "8.8.8.8"; + }; description = '' Additional configuration for shadowsocks that is not covered by the provided options. The provided attrset will be serialized to JSON and diff --git a/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix b/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix index 4ce4b8250bc3..a45ef148544f 100644 --- a/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix +++ b/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix @@ -23,7 +23,7 @@ in { package = mkOption { type = types.package; default = pkgs.shellhub-agent; - defaultText = "pkgs.shellhub-agent"; + defaultText = literalExpression "pkgs.shellhub-agent"; description = '' Which ShellHub Agent package to use. ''; diff --git a/nixpkgs/nixos/modules/services/networking/shorewall.nix b/nixpkgs/nixos/modules/services/networking/shorewall.nix index 16383be2530f..ac732d4b12e4 100644 --- a/nixpkgs/nixos/modules/services/networking/shorewall.nix +++ b/nixpkgs/nixos/modules/services/networking/shorewall.nix @@ -22,7 +22,7 @@ in { package = lib.mkOption { type = types.package; default = pkgs.shorewall; - defaultText = "pkgs.shorewall"; + defaultText = lib.literalExpression "pkgs.shorewall"; description = "The shorewall package to use."; }; configs = lib.mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/shorewall6.nix b/nixpkgs/nixos/modules/services/networking/shorewall6.nix index e081aedc6c34..4235c74a3f80 100644 --- a/nixpkgs/nixos/modules/services/networking/shorewall6.nix +++ b/nixpkgs/nixos/modules/services/networking/shorewall6.nix @@ -22,7 +22,7 @@ in { package = lib.mkOption { type = types.package; default = pkgs.shorewall; - defaultText = "pkgs.shorewall"; + defaultText = lib.literalExpression "pkgs.shorewall"; description = "The shorewall package to use."; }; configs = lib.mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/skydns.nix b/nixpkgs/nixos/modules/services/networking/skydns.nix index ea466de93275..c4e959b57bbe 100644 --- a/nixpkgs/nixos/modules/services/networking/skydns.nix +++ b/nixpkgs/nixos/modules/services/networking/skydns.nix @@ -56,7 +56,7 @@ in { package = mkOption { default = pkgs.skydns; - defaultText = "pkgs.skydns"; + defaultText = literalExpression "pkgs.skydns"; type = types.package; description = "Skydns package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/smartdns.nix b/nixpkgs/nixos/modules/services/networking/smartdns.nix index f84c727f0343..7f9df42ce9c1 100644 --- a/nixpkgs/nixos/modules/services/networking/smartdns.nix +++ b/nixpkgs/nixos/modules/services/networking/smartdns.nix @@ -32,7 +32,7 @@ in { type = let atom = oneOf [ str int bool ]; in attrsOf (coercedTo atom toList (listOf atom)); - example = literalExample '' + example = literalExpression '' { bind = ":5353 -no-rule -group example"; cache-size = 4096; diff --git a/nixpkgs/nixos/modules/services/networking/smokeping.nix b/nixpkgs/nixos/modules/services/networking/smokeping.nix index 0f123fd18776..021368488a3f 100644 --- a/nixpkgs/nixos/modules/services/networking/smokeping.nix +++ b/nixpkgs/nixos/modules/services/networking/smokeping.nix @@ -60,7 +60,7 @@ in to = root@localhost from = smokeping@localhost ''; - example = literalExample '' + example = '' to = alertee@address.somewhere from = smokealert@company.xy @@ -75,7 +75,7 @@ in cgiUrl = mkOption { type = types.str; default = "http://${cfg.hostName}:${toString cfg.port}/smokeping.cgi"; - defaultText = "http://\${hostName}:\${toString port}/smokeping.cgi"; + defaultText = literalExpression ''"http://''${hostName}:''${toString port}/smokeping.cgi"''; example = "https://somewhere.example.com/smokeping.cgi"; description = "URL to the smokeping cgi."; }; @@ -100,7 +100,7 @@ in MIN 0.5 144 720 ''; - example = literalExample '' + example = '' # near constant pings. step = 30 pings = 20 @@ -125,14 +125,14 @@ in hostName = mkOption { type = types.str; default = config.networking.fqdn; - defaultText = "\${config.networking.fqdn}"; + defaultText = literalExpression "config.networking.fqdn"; example = "somewhere.example.com"; description = "DNS name for the urls generated in the cgi."; }; imgUrl = mkOption { type = types.str; default = "http://${cfg.hostName}:${toString cfg.port}/cache"; - defaultText = "http://\${hostName}:\${toString port}/cache"; + defaultText = literalExpression ''"http://''${hostName}:''${toString port}/cache"''; example = "https://somewhere.example.com/cache"; description = "Base url for images generated in the cgi."; }; @@ -157,20 +157,19 @@ in ownerEmail = mkOption { type = types.str; default = "no-reply@${cfg.hostName}"; - defaultText = "no-reply@\${hostName}"; + defaultText = literalExpression ''"no-reply@''${hostName}"''; example = "no-reply@yourdomain.com"; description = "Email contact for owner"; }; package = mkOption { type = types.package; default = pkgs.smokeping; - defaultText = "pkgs.smokeping"; + defaultText = literalExpression "pkgs.smokeping"; description = "Specify a custom smokeping package"; }; port = mkOption { type = types.int; default = 8081; - example = 8081; description = "TCP port to use for the web server."; }; presentationConfig = mkOption { @@ -217,6 +216,7 @@ in presentationTemplate = mkOption { type = types.str; default = "${pkgs.smokeping}/etc/basepage.html.dist"; + defaultText = literalExpression ''"''${pkgs.smokeping}/etc/basepage.html.dist"''; description = "Default page layout for the web UI."; }; probeConfig = mkOption { @@ -236,6 +236,7 @@ in smokeMailTemplate = mkOption { type = types.str; default = "${cfg.package}/etc/smokemail.dist"; + defaultText = literalExpression ''"''${package}/etc/smokemail.dist"''; description = "Specify the smokemail template for alerts."; }; targetConfig = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/sniproxy.nix b/nixpkgs/nixos/modules/services/networking/sniproxy.nix index 0345c12d3afe..28c201f0565e 100644 --- a/nixpkgs/nixos/modules/services/networking/sniproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/sniproxy.nix @@ -34,7 +34,7 @@ in type = types.lines; default = ""; description = "sniproxy.conf configuration excluding the daemon username and pid file."; - example = literalExample '' + example = '' error_log { filename /var/log/sniproxy/error.log } @@ -47,7 +47,7 @@ in table { example.com 192.0.2.10 example.net 192.0.2.20 - } + } ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/softether.nix b/nixpkgs/nixos/modules/services/networking/softether.nix index 2dc73d81b258..5405f56871e9 100644 --- a/nixpkgs/nixos/modules/services/networking/softether.nix +++ b/nixpkgs/nixos/modules/services/networking/softether.nix @@ -21,7 +21,7 @@ in package = mkOption { type = types.package; default = pkgs.softether; - defaultText = "pkgs.softether"; + defaultText = literalExpression "pkgs.softether"; description = '' softether derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/networking/spacecookie.nix b/nixpkgs/nixos/modules/services/networking/spacecookie.nix index e0bef9e9628d..400f3e26cc9a 100644 --- a/nixpkgs/nixos/modules/services/networking/spacecookie.nix +++ b/nixpkgs/nixos/modules/services/networking/spacecookie.nix @@ -30,8 +30,8 @@ in { package = mkOption { type = types.package; default = pkgs.spacecookie; - defaultText = literalExample "pkgs.spacecookie"; - example = literalExample "pkgs.haskellPackages.spacecookie"; + defaultText = literalExpression "pkgs.spacecookie"; + example = literalExpression "pkgs.haskellPackages.spacecookie"; description = '' The spacecookie derivation to use. This can be used to override the used package or to use another version. diff --git a/nixpkgs/nixos/modules/services/networking/spiped.nix b/nixpkgs/nixos/modules/services/networking/spiped.nix index e60d9abf42a6..3c229ecfc72e 100644 --- a/nixpkgs/nixos/modules/services/networking/spiped.nix +++ b/nixpkgs/nixos/modules/services/networking/spiped.nix @@ -138,7 +138,7 @@ in default = {}; - example = literalExample '' + example = literalExpression '' { pipe1 = { keyfile = "/var/lib/spiped/pipe1.key"; diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix index 311fd5abccad..f39c5928e265 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix @@ -449,7 +449,7 @@ in mkdir -m 0755 -p /etc/ssh ${flip concatMapStrings cfg.hostKeys (k: '' - if ! [ -f "${k.path}" ]; then + if ! [ -s "${k.path}" ]; then ssh-keygen \ -t "${k.type}" \ ${if k ? bits then "-b ${toString k.bits}" else ""} \ diff --git a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix index 6e619f22546f..9287943fcde3 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix @@ -13,7 +13,7 @@ in { package = mkOption { type = types.package; default = pkgs.strongswan; - defaultText = "pkgs.strongswan"; + defaultText = literalExpression "pkgs.strongswan"; description = '' The strongswan derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/networking/strongswan.nix b/nixpkgs/nixos/modules/services/networking/strongswan.nix index 401f7be40288..e3a97207be7f 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan.nix @@ -4,7 +4,7 @@ let inherit (builtins) toFile; inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList - mkIf mkEnableOption mkOption types literalExample; + mkIf mkEnableOption mkOption types literalExpression; cfg = config.services.strongswan; @@ -79,7 +79,7 @@ in connections = mkOption { type = types.attrsOf (types.attrsOf types.str); default = {}; - example = literalExample '' + example = literalExpression '' { "%default" = { keyexchange = "ikev2"; diff --git a/nixpkgs/nixos/modules/services/networking/stunnel.nix b/nixpkgs/nixos/modules/services/networking/stunnel.nix index fe1616f411f0..70d0a7d3c12e 100644 --- a/nixpkgs/nixos/modules/services/networking/stunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/stunnel.nix @@ -69,6 +69,7 @@ let CAFile = mkOption { type = types.nullOr types.path; default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + defaultText = literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"''; description = "Path to a file containing certificates to validate against."; }; diff --git a/nixpkgs/nixos/modules/services/networking/supplicant.nix b/nixpkgs/nixos/modules/services/networking/supplicant.nix index 4f4b5cef3741..eb24130e519a 100644 --- a/nixpkgs/nixos/modules/services/networking/supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/supplicant.nix @@ -73,7 +73,7 @@ in path = mkOption { type = types.nullOr types.path; default = null; - example = literalExample "/etc/wpa_supplicant.conf"; + example = literalExpression "/etc/wpa_supplicant.conf"; description = '' External <literal>wpa_supplicant.conf</literal> configuration file. The configuration options defined declaratively within <literal>networking.supplicant</literal> have @@ -170,7 +170,7 @@ in default = { }; - example = literalExample '' + example = literalExpression '' { "wlan0 wlan1" = { configFile.path = "/etc/wpa_supplicant.conf"; userControlled.group = "network"; diff --git a/nixpkgs/nixos/modules/services/networking/supybot.nix b/nixpkgs/nixos/modules/services/networking/supybot.nix index 332c3ced06f0..94b79c7e247f 100644 --- a/nixpkgs/nixos/modules/services/networking/supybot.nix +++ b/nixpkgs/nixos/modules/services/networking/supybot.nix @@ -24,7 +24,7 @@ in default = if versionAtLeast config.system.stateVersion "20.09" then "/var/lib/supybot" else "/home/supybot"; - defaultText = "/var/lib/supybot"; + defaultText = literalExpression "/var/lib/supybot"; description = "The root directory, logs and plugins are stored here"; }; @@ -49,7 +49,7 @@ in Please note that you still need to add the plugins to the config file (or with <literal>!load</literal>) using their attribute name. ''; - example = literalExample '' + example = literalExpression '' let plugins = pkgs.fetchzip { url = "https://github.com/ProgVal/Supybot-plugins/archive/57c2450c.zip"; @@ -66,12 +66,13 @@ in extraPackages = mkOption { type = types.functionTo (types.listOf types.package); default = p: []; + defaultText = literalExpression "p: []"; description = '' Extra Python packages available to supybot plugins. The value must be a function which receives the attrset defined in <varname>python3Packages</varname> as the sole argument. ''; - example = literalExample "p: [ p.lxml p.requests ]"; + example = literalExpression "p: [ p.lxml p.requests ]"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/syncthing.nix b/nixpkgs/nixos/modules/services/networking/syncthing.nix index ebe4d89a0e7f..8c44687a3822 100644 --- a/nixpkgs/nixos/modules/services/networking/syncthing.nix +++ b/nixpkgs/nixos/modules/services/networking/syncthing.nix @@ -182,7 +182,7 @@ in { will be reverted on restart if <link linkend="opt-services.syncthing.overrideDevices">overrideDevices</link> is enabled. ''; - example = literalExample '' + example = literalExpression '' { "/home/user/sync" = { id = "syncme"; @@ -243,7 +243,7 @@ in { There are 4 different types of versioning with different parameters. See <link xlink:href="https://docs.syncthing.net/users/versioning.html"/>. ''; - example = literalExample '' + example = literalExpression '' [ { versioning = { @@ -430,8 +430,8 @@ in { description = '' The path where the settings and keys will exist. ''; - default = cfg.dataDir + (optionalString cond "/.config/syncthing"); - defaultText = literalExample "dataDir${optionalString cond " + \"/.config/syncthing\""}"; + default = cfg.dataDir + optionalString cond "/.config/syncthing"; + defaultText = literalExpression "dataDir${optionalString cond " + \"/.config/syncthing\""}"; }; extraFlags = mkOption { @@ -461,7 +461,7 @@ in { package = mkOption { type = types.package; default = pkgs.syncthing; - defaultText = literalExample "pkgs.syncthing"; + defaultText = literalExpression "pkgs.syncthing"; description = '' The Syncthing package to use. ''; diff --git a/nixpkgs/nixos/modules/services/networking/tailscale.nix b/nixpkgs/nixos/modules/services/networking/tailscale.nix index 3f88ff53dff0..3f41646bf01e 100644 --- a/nixpkgs/nixos/modules/services/networking/tailscale.nix +++ b/nixpkgs/nixos/modules/services/networking/tailscale.nix @@ -24,7 +24,7 @@ in { package = mkOption { type = types.package; default = pkgs.tailscale; - defaultText = "pkgs.tailscale"; + defaultText = literalExpression "pkgs.tailscale"; description = "The package to use for tailscale"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/tedicross.nix b/nixpkgs/nixos/modules/services/networking/tedicross.nix index 0716975f594a..c7830289dca0 100644 --- a/nixpkgs/nixos/modules/services/networking/tedicross.nix +++ b/nixpkgs/nixos/modules/services/networking/tedicross.nix @@ -18,7 +18,7 @@ in { config = mkOption { type = types.attrs; # from https://github.com/TediCross/TediCross/blob/master/example.settings.yaml - example = literalExample '' + example = literalExpression '' { telegram = { useFirstNameInsteadOfUsername = false; diff --git a/nixpkgs/nixos/modules/services/networking/thelounge.nix b/nixpkgs/nixos/modules/services/networking/thelounge.nix index a1b06703484b..b94491639163 100644 --- a/nixpkgs/nixos/modules/services/networking/thelounge.nix +++ b/nixpkgs/nixos/modules/services/networking/thelounge.nix @@ -32,7 +32,7 @@ in { extraConfig = mkOption { default = {}; type = types.attrs; - example = literalExample ''{ + example = literalExpression ''{ reverseProxy = true; defaults = { name = "Your Network"; diff --git a/nixpkgs/nixos/modules/services/networking/tinc.nix b/nixpkgs/nixos/modules/services/networking/tinc.nix index 22caf9f4ec56..1d77503d68bc 100644 --- a/nixpkgs/nixos/modules/services/networking/tinc.nix +++ b/nixpkgs/nixos/modules/services/networking/tinc.nix @@ -226,7 +226,7 @@ in hostSettings = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { host1 = { addresses = [ @@ -282,7 +282,7 @@ in package = mkOption { type = types.package; default = pkgs.tinc_pre; - defaultText = "pkgs.tinc_pre"; + defaultText = literalExpression "pkgs.tinc_pre"; description = '' The package to use for the tinc daemon's binary. ''; @@ -302,7 +302,7 @@ in settings = mkOption { default = { }; type = types.submodule { freeformType = tincConfType; }; - example = literalExample '' + example = literalExpression '' { Interface = "custom.interface"; DirectOnly = true; diff --git a/nixpkgs/nixos/modules/services/networking/toxvpn.nix b/nixpkgs/nixos/modules/services/networking/toxvpn.nix index 1765ef3ea2d9..18cf7672d5f4 100644 --- a/nixpkgs/nixos/modules/services/networking/toxvpn.nix +++ b/nixpkgs/nixos/modules/services/networking/toxvpn.nix @@ -22,7 +22,7 @@ with lib; auto_add_peers = mkOption { type = types.listOf types.str; default = []; - example = ''[ "toxid1" "toxid2" ]''; + example = [ "toxid1" "toxid2" ]; description = "peers to automatically connect to on startup"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/trickster.nix b/nixpkgs/nixos/modules/services/networking/trickster.nix index 49c945adb80f..e48bba8fa587 100644 --- a/nixpkgs/nixos/modules/services/networking/trickster.nix +++ b/nixpkgs/nixos/modules/services/networking/trickster.nix @@ -20,7 +20,7 @@ in package = mkOption { type = types.package; default = pkgs.trickster; - defaultText = "pkgs.trickster"; + defaultText = literalExpression "pkgs.trickster"; description = '' Package that should be used for trickster. ''; diff --git a/nixpkgs/nixos/modules/services/networking/ucarp.nix b/nixpkgs/nixos/modules/services/networking/ucarp.nix index 9b19a19687bc..189e4f99cefe 100644 --- a/nixpkgs/nixos/modules/services/networking/ucarp.nix +++ b/nixpkgs/nixos/modules/services/networking/ucarp.nix @@ -91,10 +91,10 @@ in { Command to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments. ''; - example = '' + example = literalExpression '' pkgs.writeScript "upscript" ''' #!/bin/sh - $\{pkgs.iproute2\}/bin/ip addr add "$2"/24 dev "$1" + ''${pkgs.iproute2}/bin/ip addr add "$2"/24 dev "$1" '''; ''; }; @@ -105,10 +105,10 @@ in { Command to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments. ''; - example = '' + example = literalExpression '' pkgs.writeScript "downscript" ''' #!/bin/sh - $\{pkgs.iproute2\}/bin/ip addr del "$2"/24 dev "$1" + ''${pkgs.iproute2}/bin/ip addr del "$2"/24 dev "$1" '''; ''; }; @@ -152,7 +152,7 @@ in { upstream updates for a long time and can be considered as unmaintained. ''; default = pkgs.ucarp; - defaultText = "pkgs.ucarp"; + defaultText = literalExpression "pkgs.ucarp"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/unbound.nix b/nixpkgs/nixos/modules/services/networking/unbound.nix index 6d7178047ea8..f6e963490924 100644 --- a/nixpkgs/nixos/modules/services/networking/unbound.nix +++ b/nixpkgs/nixos/modules/services/networking/unbound.nix @@ -45,7 +45,7 @@ in { package = mkOption { type = types.package; default = pkgs.unbound-with-systemd; - defaultText = "pkgs.unbound-with-systemd"; + defaultText = literalExpression "pkgs.unbound-with-systemd"; description = "The unbound package to use"; }; @@ -128,7 +128,7 @@ in { }; }; }; - example = literalExample '' + example = literalExpression '' { server = { interface = [ "127.0.0.1" ]; diff --git a/nixpkgs/nixos/modules/services/networking/unifi.nix b/nixpkgs/nixos/modules/services/networking/unifi.nix index 73170ebfc903..caf89c84397f 100644 --- a/nixpkgs/nixos/modules/services/networking/unifi.nix +++ b/nixpkgs/nixos/modules/services/networking/unifi.nix @@ -44,7 +44,7 @@ in services.unifi.jrePackage = mkOption { type = types.package; default = pkgs.jre8; - defaultText = "pkgs.jre8"; + defaultText = literalExpression "pkgs.jre8"; description = '' The JRE package to use. Check the release notes to ensure it is supported. ''; @@ -53,7 +53,7 @@ in services.unifi.unifiPackage = mkOption { type = types.package; default = pkgs.unifiLTS; - defaultText = "pkgs.unifiLTS"; + defaultText = literalExpression "pkgs.unifiLTS"; description = '' The unifi package to use. ''; @@ -62,7 +62,7 @@ in services.unifi.mongodbPackage = mkOption { type = types.package; default = pkgs.mongodb; - defaultText = "pkgs.mongodb"; + defaultText = literalExpression "pkgs.mongodb"; description = '' The mongodb package to use. ''; @@ -172,9 +172,15 @@ in ExecStart = "${(removeSuffix "\n" cmd)} start"; ExecStop = "${(removeSuffix "\n" cmd)} stop"; Restart = "on-failure"; + TimeoutSec = "5min"; User = "unifi"; UMask = "0077"; WorkingDirectory = "${stateDir}"; + # the stop command exits while the main process is still running, and unifi + # wants to manage its own child processes. this means we have to set KillSignal + # to something the main process ignores, otherwise every stop will have unifi.service + # fail with SIGTERM status. + KillSignal = "SIGCONT"; # Hardening AmbientCapabilities = ""; @@ -215,5 +221,5 @@ in }; - meta.maintainers = with lib.maintainers; [ erictapen ]; + meta.maintainers = with lib.maintainers; [ erictapen pennae ]; } diff --git a/nixpkgs/nixos/modules/services/networking/v2ray.nix b/nixpkgs/nixos/modules/services/networking/v2ray.nix index 0b8b5b56e25b..95e8761ba5cc 100644 --- a/nixpkgs/nixos/modules/services/networking/v2ray.nix +++ b/nixpkgs/nixos/modules/services/networking/v2ray.nix @@ -16,6 +16,15 @@ with lib; ''; }; + package = mkOption { + type = types.package; + default = pkgs.v2ray; + defaultText = literalExpression "pkgs.v2ray"; + description = '' + Which v2ray package to use. + ''; + }; + configFile = mkOption { type = types.nullOr types.str; default = null; @@ -62,7 +71,7 @@ with lib; name = "v2ray.json"; text = builtins.toJSON cfg.config; checkPhase = '' - ${pkgs.v2ray}/bin/v2ray -test -config $out + ${cfg.package}/bin/v2ray -test -config $out ''; }; @@ -78,10 +87,9 @@ with lib; description = "v2ray Daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.v2ray ]; - script = '' - exec v2ray -config ${configFile} - ''; + serviceConfig = { + ExecStart = "${cfg.package}/bin/v2ray -config ${configFile}"; + }; }; }; } diff --git a/nixpkgs/nixos/modules/services/networking/vsftpd.nix b/nixpkgs/nixos/modules/services/networking/vsftpd.nix index 5489f74bf032..710c2d9ca17b 100644 --- a/nixpkgs/nixos/modules/services/networking/vsftpd.nix +++ b/nixpkgs/nixos/modules/services/networking/vsftpd.nix @@ -159,7 +159,7 @@ in userlistFile = mkOption { type = types.path; default = pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist); - defaultText = "pkgs.writeText \"userlist\" (concatMapStrings (x: \"\${x}\n\") cfg.userlist)"; + defaultText = literalExpression ''pkgs.writeText "userlist" (concatMapStrings (x: "''${x}\n") cfg.userlist)''; description = '' Newline separated list of names to be allowed/denied if <option>userlistEnable</option> is <literal>true</literal>. Meaning see <option>userlistDeny</option>. diff --git a/nixpkgs/nixos/modules/services/networking/wakeonlan.nix b/nixpkgs/nixos/modules/services/networking/wakeonlan.nix deleted file mode 100644 index c6291366b0f1..000000000000 --- a/nixpkgs/nixos/modules/services/networking/wakeonlan.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - interfaces = config.services.wakeonlan.interfaces; - - ethtool = "${pkgs.ethtool}/sbin/ethtool"; - - passwordParameter = password : if (password == "") then "" else - "sopass ${password}"; - - methodParameter = {method, password} : - if method == "magicpacket" then "wol g" - else if method == "password" then "wol s so ${passwordParameter password}" - else throw "Wake-On-Lan method not supported"; - - line = { interface, method ? "magicpacket", password ? "" }: '' - ${ethtool} -s ${interface} ${methodParameter {inherit method password;}} - ''; - - concatStrings = foldr (x: y: x + y) ""; - lines = concatStrings (map (l: line l) interfaces); - -in -{ - - ###### interface - - options = { - - services.wakeonlan.interfaces = mkOption { - default = [ ]; - type = types.listOf (types.submodule { options = { - interface = mkOption { - type = types.str; - description = "Interface to enable for Wake-On-Lan."; - }; - method = mkOption { - type = types.enum [ "magicpacket" "password"]; - description = "Wake-On-Lan method for this interface."; - }; - password = mkOption { - type = types.strMatching "[a-fA-F0-9]{2}:([a-fA-F0-9]{2}:){4}[a-fA-F0-9]{2}"; - description = "The password has the shape of six bytes in hexadecimal separated by a colon each."; - }; - };}); - example = [ - { - interface = "eth0"; - method = "password"; - password = "00:11:22:33:44:55"; - } - ]; - description = '' - Interfaces where to enable Wake-On-LAN, and how. Two methods available: - "magicpacket" and "password". The password has the shape of six bytes - in hexadecimal separated by a colon each. For more information, - check the ethtool manual. - ''; - }; - - }; - - - ###### implementation - - config.powerManagement.powerUpCommands = lines; - -} diff --git a/nixpkgs/nixos/modules/services/networking/websockify.nix b/nixpkgs/nixos/modules/services/networking/websockify.nix index 27cb47be12f7..f7e014e03efb 100644 --- a/nixpkgs/nixos/modules/services/networking/websockify.nix +++ b/nixpkgs/nixos/modules/services/networking/websockify.nix @@ -21,7 +21,7 @@ let cfg = config.services.networking.websockify; in { sslKey = mkOption { description = "Path to the SSL key."; default = cfg.sslCert; - defaultText = "config.services.networking.websockify.sslCert"; + defaultText = literalExpression "config.services.networking.websockify.sslCert"; type = types.path; }; diff --git a/nixpkgs/nixos/modules/services/networking/wg-quick.nix b/nixpkgs/nixos/modules/services/networking/wg-quick.nix index 3b76de58548f..414775fc3577 100644 --- a/nixpkgs/nixos/modules/services/networking/wg-quick.nix +++ b/nixpkgs/nixos/modules/services/networking/wg-quick.nix @@ -56,9 +56,7 @@ let }; preUp = mkOption { - example = literalExample '' - ${pkgs.iproute2}/bin/ip netns add foo - ''; + example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; description = '' @@ -67,9 +65,7 @@ let }; preDown = mkOption { - example = literalExample '' - ${pkgs.iproute2}/bin/ip netns del foo - ''; + example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns del foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; description = '' @@ -78,9 +74,7 @@ let }; postUp = mkOption { - example = literalExample '' - ${pkgs.iproute2}/bin/ip netns add foo - ''; + example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; description = '' @@ -89,9 +83,7 @@ let }; postDown = mkOption { - example = literalExample '' - ${pkgs.iproute2}/bin/ip netns del foo - ''; + example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns del foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; description = '' diff --git a/nixpkgs/nixos/modules/services/networking/wireguard.nix b/nixpkgs/nixos/modules/services/networking/wireguard.nix index 2b51770a5aa1..55b84935b6cb 100644 --- a/nixpkgs/nixos/modules/services/networking/wireguard.nix +++ b/nixpkgs/nixos/modules/services/networking/wireguard.nix @@ -62,9 +62,7 @@ let }; preSetup = mkOption { - example = literalExample '' - ${pkgs.iproute2}/bin/ip netns add foo - ''; + example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; description = '' @@ -73,8 +71,8 @@ let }; postSetup = mkOption { - example = literalExample '' - printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 + example = literalExpression '' + '''printf "nameserver 10.200.100.1" | ''${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0''' ''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; @@ -82,7 +80,7 @@ let }; postShutdown = mkOption { - example = literalExample "${pkgs.openresolv}/bin/resolvconf -d wg0"; + example = literalExpression ''"''${pkgs.openresolv}/bin/resolvconf -d wg0"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; description = "Commands called after shutting down the interface."; diff --git a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix index 155c6fdd0ab0..4aa350d21a2b 100644 --- a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix @@ -20,10 +20,16 @@ let ++ optional cfg.scanOnLowSignal ''bgscan="simple:30:-70:3600"'' ++ optional (cfg.extraConfig != "") cfg.extraConfig); + configIsGenerated = with cfg; + networks != {} || extraConfig != "" || userControlled.enable; + + # the original configuration file configFile = - if cfg.networks != {} || cfg.extraConfig != "" || cfg.userControlled.enable + if configIsGenerated then pkgs.writeText "wpa_supplicant.conf" generatedConfig else "/etc/wpa_supplicant.conf"; + # the config file with environment variables replaced + finalConfig = ''"$RUNTIME_DIRECTORY"/wpa_supplicant.conf''; # Creates a network block for wpa_supplicant.conf mkNetwork = ssid: opts: @@ -56,8 +62,8 @@ let let deviceUnit = optional (iface != null) "sys-subsystem-net-devices-${utils.escapeSystemdPath iface}.device"; configStr = if cfg.allowAuxiliaryImperativeNetworks - then "-c /etc/wpa_supplicant.conf -I ${configFile}" - else "-c ${configFile}"; + then "-c /etc/wpa_supplicant.conf -I ${finalConfig}" + else "-c ${finalConfig}"; in { description = "WPA Supplicant instance" + optionalString (iface != null) " for interface ${iface}"; @@ -69,12 +75,25 @@ let stopIfChanged = false; path = [ package ]; + serviceConfig.RuntimeDirectory = "wpa_supplicant"; + serviceConfig.RuntimeDirectoryMode = "700"; + serviceConfig.EnvironmentFile = mkIf (cfg.environmentFile != null) + (builtins.toString cfg.environmentFile); script = '' - if [ -f /etc/wpa_supplicant.conf -a "/etc/wpa_supplicant.conf" != "${configFile}" ]; then - echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead." - fi + ${optionalString configIsGenerated '' + if [ -f /etc/wpa_supplicant.conf ]; then + echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead." + fi + ''} + + # substitute environment variables + ${pkgs.gawk}/bin/awk '{ + for(varname in ENVIRON) + gsub("@"varname"@", ENVIRON[varname]) + print + }' "${configFile}" > "${finalConfig}" iface_args="-s ${optionalString cfg.dbusControlled "-u"} -D${cfg.driver} ${configStr}" @@ -155,6 +174,44 @@ in { ''; }; + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/secrets/wireless.env"; + description = '' + File consisting of lines of the form <literal>varname=value</literal> + to define variables for the wireless configuration. + + See section "EnvironmentFile=" in <citerefentry> + <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> for a syntax reference. + + Secrets (PSKs, passwords, etc.) can be provided without adding them to + the world-readable Nix store by defining them in the environment file and + referring to them in option <option>networking.wireless.networks</option> + with the syntax <literal>@varname@</literal>. Example: + + <programlisting> + # content of /run/secrets/wireless.env + PSK_HOME=mypassword + PASS_WORK=myworkpassword + </programlisting> + + <programlisting> + # wireless-related configuration + networking.wireless.environmentFile = "/run/secrets/wireless.env"; + networking.wireless.networks = { + home.psk = "@PSK_HOME@"; + work.auth = ''' + eap=PEAP + identity="my-user@example.com" + password="@PASS_WORK@" + '''; + }; + </programlisting> + ''; + }; + networks = mkOption { type = types.attrsOf (types.submodule { options = { @@ -165,10 +222,14 @@ in { The network's pre-shared key in plaintext defaulting to being a network without any authentication. - Be aware that these will be written to the nix store - in plaintext! + <warning><para> + Be aware that this will be written to the nix store + in plaintext! Use an environment variable instead. + </para></warning> - Mutually exclusive with <varname>pskRaw</varname>. + <note><para> + Mutually exclusive with <varname>pskRaw</varname>. + </para></note> ''; }; @@ -179,7 +240,14 @@ in { The network's pre-shared key in hex defaulting to being a network without any authentication. - Mutually exclusive with <varname>psk</varname>. + <warning><para> + Be aware that this will be written to the nix store + in plaintext! Use an environment variable instead. + </para></warning> + + <note><para> + Mutually exclusive with <varname>psk</varname>. + </para></note> ''; }; @@ -231,7 +299,7 @@ in { example = '' eap=PEAP identity="user@example.com" - password="secret" + password="@EXAMPLE_PASSWORD@" ''; description = '' Use this option to configure advanced authentication methods like EAP. @@ -242,7 +310,15 @@ in { </citerefentry> for example configurations. - Mutually exclusive with <varname>psk</varname> and <varname>pskRaw</varname>. + <warning><para> + Be aware that this will be written to the nix store + in plaintext! Use an environment variable for secrets. + </para></warning> + + <note><para> + Mutually exclusive with <varname>psk</varname> and + <varname>pskRaw</varname>. + </para></note> ''; }; @@ -252,7 +328,7 @@ in { description = '' Set this to <literal>true</literal> if the SSID of the network is hidden. ''; - example = literalExample '' + example = literalExpression '' { echelon = { hidden = true; psk = "abcdefgh"; @@ -301,13 +377,19 @@ in { /etc/wpa_supplicant.conf as the configuration file. ''; default = {}; - example = literalExample '' + example = literalExpression '' { echelon = { # SSID with no spaces or special characters - psk = "abcdefgh"; + psk = "abcdefgh"; # (password will be written to /nix/store!) }; + + echelon = { # safe version of the above: read PSK from the + psk = "@PSK_ECHELON@"; # variable PSK_ECHELON, defined in environmentFile, + }; # this won't leak into /nix/store + "echelon's AP" = { # SSID with spaces and/or special characters - psk = "ijklmnop"; + psk = "ijklmnop"; # (password will be written to /nix/store!) }; + "free.wifi" = {}; # Public wireless network } ''; diff --git a/nixpkgs/nixos/modules/services/networking/x2goserver.nix b/nixpkgs/nixos/modules/services/networking/x2goserver.nix index 554e51f9d4ff..d4adf6c5650e 100644 --- a/nixpkgs/nixos/modules/services/networking/x2goserver.nix +++ b/nixpkgs/nixos/modules/services/networking/x2goserver.nix @@ -42,7 +42,6 @@ in { nxagentDefaultOptions = mkOption { type = types.listOf types.str; default = [ "-extension GLX" "-nolisten tcp" ]; - example = [ "-extension GLX" "-nolisten tcp" ]; description = '' List of default nx agent options. ''; @@ -55,12 +54,14 @@ in { x2goserver.conf ini configuration as nix attributes. See `x2goserver.conf(5)` for details ''; - example = literalExample '' - superenicer = { - "enable" = "yes"; - "idle-nice-level" = 19; - }; - telekinesis = { "enable" = "no"; }; + example = literalExpression '' + { + superenicer = { + "enable" = "yes"; + "idle-nice-level" = 19; + }; + telekinesis = { "enable" = "no"; }; + } ''; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/xandikos.nix b/nixpkgs/nixos/modules/services/networking/xandikos.nix index 3c40bb956f57..4bd45a76e673 100644 --- a/nixpkgs/nixos/modules/services/networking/xandikos.nix +++ b/nixpkgs/nixos/modules/services/networking/xandikos.nix @@ -14,7 +14,7 @@ in package = mkOption { type = types.package; default = pkgs.xandikos; - defaultText = "pkgs.xandikos"; + defaultText = literalExpression "pkgs.xandikos"; description = "The Xandikos package to use."; }; @@ -45,7 +45,7 @@ in extraOptions = mkOption { default = []; type = types.listOf types.str; - example = literalExample '' + example = literalExpression '' [ "--autocreate" "--defaults" "--current-user-principal user" diff --git a/nixpkgs/nixos/modules/services/networking/xrdp.nix b/nixpkgs/nixos/modules/services/networking/xrdp.nix index 9be7c3233e26..c4f828f3c5a6 100644 --- a/nixpkgs/nixos/modules/services/networking/xrdp.nix +++ b/nixpkgs/nixos/modules/services/networking/xrdp.nix @@ -47,7 +47,7 @@ in package = mkOption { type = types.package; default = pkgs.xrdp; - defaultText = "pkgs.xrdp"; + defaultText = literalExpression "pkgs.xrdp"; description = '' The package to use for the xrdp daemon's binary. ''; diff --git a/nixpkgs/nixos/modules/services/networking/yggdrasil.nix b/nixpkgs/nixos/modules/services/networking/yggdrasil.nix index 47a7152f6fe6..99c18ae6919e 100644 --- a/nixpkgs/nixos/modules/services/networking/yggdrasil.nix +++ b/nixpkgs/nixos/modules/services/networking/yggdrasil.nix @@ -99,7 +99,7 @@ in { package = mkOption { type = package; default = pkgs.yggdrasil; - defaultText = "pkgs.yggdrasil"; + defaultText = literalExpression "pkgs.yggdrasil"; description = "Yggdrasil package to use."; }; diff --git a/nixpkgs/nixos/modules/services/networking/zeronet.nix b/nixpkgs/nixos/modules/services/networking/zeronet.nix index a34b2d871541..3370390a4c62 100644 --- a/nixpkgs/nixos/modules/services/networking/zeronet.nix +++ b/nixpkgs/nixos/modules/services/networking/zeronet.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) generators literalExample mkEnableOption mkIf mkOption recursiveUpdate types; + inherit (lib) generators literalExpression mkEnableOption mkIf mkOption recursiveUpdate types; cfg = config.services.zeronet; dataDir = "/var/lib/zeronet"; configFile = pkgs.writeText "zeronet.conf" (generators.toINI {} (recursiveUpdate defaultSettings cfg.settings)); @@ -22,7 +22,7 @@ in with lib; { settings = mkOption { type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); default = {}; - example = literalExample "global.tor = enable;"; + example = literalExpression "{ global.tor = enable; }"; description = '' <filename>zeronet.conf</filename> configuration. Refer to @@ -34,7 +34,6 @@ in with lib; { port = mkOption { type = types.port; default = 43110; - example = 43110; description = "Optional zeronet web UI port."; }; @@ -43,7 +42,6 @@ in with lib; { # read-only config file and crashes type = types.port; default = 12261; - example = 12261; description = "Zeronet fileserver port."; }; diff --git a/nixpkgs/nixos/modules/services/networking/zerotierone.nix b/nixpkgs/nixos/modules/services/networking/zerotierone.nix index cf39ed065a76..3bc7d3ac0db5 100644 --- a/nixpkgs/nixos/modules/services/networking/zerotierone.nix +++ b/nixpkgs/nixos/modules/services/networking/zerotierone.nix @@ -19,7 +19,6 @@ in options.services.zerotierone.port = mkOption { default = 9993; - example = 9993; type = types.int; description = '' Network port used by ZeroTier. @@ -28,7 +27,7 @@ in options.services.zerotierone.package = mkOption { default = pkgs.zerotierone; - defaultText = "pkgs.zerotierone"; + defaultText = literalExpression "pkgs.zerotierone"; type = types.package; description = '' ZeroTier One package to use. diff --git a/nixpkgs/nixos/modules/services/networking/znc/default.nix b/nixpkgs/nixos/modules/services/networking/znc/default.nix index b872b99976ce..a98f92d2d710 100644 --- a/nixpkgs/nixos/modules/services/networking/znc/default.nix +++ b/nixpkgs/nixos/modules/services/networking/znc/default.nix @@ -125,7 +125,7 @@ in config = mkOption { type = semanticTypes.zncConf; default = {}; - example = literalExample '' + example = literalExpression '' { LoadModule = [ "webadmin" "adminlog" ]; User.paul = { @@ -180,7 +180,7 @@ in configFile = mkOption { type = types.path; - example = "~/.znc/configs/znc.conf"; + example = literalExpression "~/.znc/configs/znc.conf"; description = '' Configuration file for ZNC. It is recommended to use the <option>config</option> option instead. @@ -195,7 +195,7 @@ in modulePackages = mkOption { type = types.listOf types.package; default = [ ]; - example = literalExample "[ pkgs.zncModules.fish pkgs.zncModules.push ]"; + example = literalExpression "[ pkgs.zncModules.fish pkgs.zncModules.push ]"; description = '' A list of global znc module packages to add to znc. ''; diff --git a/nixpkgs/nixos/modules/services/networking/znc/options.nix b/nixpkgs/nixos/modules/services/networking/znc/options.nix index be9dc78c86d9..0db051126e86 100644 --- a/nixpkgs/nixos/modules/services/networking/znc/options.nix +++ b/nixpkgs/nixos/modules/services/networking/znc/options.nix @@ -44,7 +44,7 @@ let modules = mkOption { type = types.listOf types.str; default = [ "simple_away" ]; - example = literalExample ''[ "simple_away" "sasl" ]''; + example = literalExpression ''[ "simple_away" "sasl" ]''; description = '' ZNC network modules to load. ''; @@ -148,7 +148,7 @@ in description = '' IRC networks to connect the user to. ''; - example = literalExample '' + example = literalExpression '' { "libera" = { server = "irc.libera.chat"; @@ -170,7 +170,7 @@ in }; passBlock = mkOption { - example = literalExample '' + example = '' <Pass password> Method = sha256 Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93 diff --git a/nixpkgs/nixos/modules/services/printing/cupsd.nix b/nixpkgs/nixos/modules/services/printing/cupsd.nix index d2b36d9e7541..53091d8e2a0e 100644 --- a/nixpkgs/nixos/modules/services/printing/cupsd.nix +++ b/nixpkgs/nixos/modules/services/printing/cupsd.nix @@ -270,7 +270,7 @@ in drivers = mkOption { type = types.listOf types.path; default = []; - example = literalExample "with pkgs; [ gutenprint hplip splix ]"; + example = literalExpression "with pkgs; [ gutenprint hplip splix ]"; description = '' CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript and Samba are added unconditionally. If this list contains diff --git a/nixpkgs/nixos/modules/services/scheduling/cron.nix b/nixpkgs/nixos/modules/services/scheduling/cron.nix index c28956b3bfeb..1fac54003cbb 100644 --- a/nixpkgs/nixos/modules/services/scheduling/cron.nix +++ b/nixpkgs/nixos/modules/services/scheduling/cron.nix @@ -52,7 +52,7 @@ in systemCronJobs = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ] diff --git a/nixpkgs/nixos/modules/services/search/elasticsearch.nix b/nixpkgs/nixos/modules/services/search/elasticsearch.nix index 40ebe29c9a60..6df147be0c49 100644 --- a/nixpkgs/nixos/modules/services/search/elasticsearch.nix +++ b/nixpkgs/nixos/modules/services/search/elasticsearch.nix @@ -53,7 +53,7 @@ in package = mkOption { description = "Elasticsearch package to use."; default = pkgs.elasticsearch; - defaultText = "pkgs.elasticsearch"; + defaultText = literalExpression "pkgs.elasticsearch"; type = types.package; }; @@ -140,7 +140,7 @@ in description = "Extra elasticsearch plugins"; default = [ ]; type = types.listOf types.package; - example = lib.literalExample "[ pkgs.elasticsearchPlugins.discovery-ec2 ]"; + example = lib.literalExpression "[ pkgs.elasticsearchPlugins.discovery-ec2 ]"; }; }; diff --git a/nixpkgs/nixos/modules/services/search/hound.nix b/nixpkgs/nixos/modules/services/search/hound.nix index 7a44489efe61..ef62175b0a3e 100644 --- a/nixpkgs/nixos/modules/services/search/hound.nix +++ b/nixpkgs/nixos/modules/services/search/hound.nix @@ -50,7 +50,7 @@ in { package = mkOption { default = pkgs.hound; - defaultText = "pkgs.hound"; + defaultText = literalExpression "pkgs.hound"; type = types.package; description = '' Package for running hound. @@ -63,16 +63,18 @@ in { The full configuration of the Hound daemon. Note the dbpath should be an absolute path to a writable location on disk. ''; - example = '' - { - "max-concurrent-indexers" : 2, - "dbpath" : "''${services.hound.home}/data", - "repos" : { - "nixpkgs": { - "url" : "https://www.github.com/NixOS/nixpkgs.git" - } - } - } + example = literalExpression '' + ''' + { + "max-concurrent-indexers" : 2, + "dbpath" : "''${services.hound.home}/data", + "repos" : { + "nixpkgs": { + "url" : "https://www.github.com/NixOS/nixpkgs.git" + } + } + } + ''' ''; }; diff --git a/nixpkgs/nixos/modules/services/search/kibana.nix b/nixpkgs/nixos/modules/services/search/kibana.nix index b3093abfa5c5..381f5156ceb6 100644 --- a/nixpkgs/nixos/modules/services/search/kibana.nix +++ b/nixpkgs/nixos/modules/services/search/kibana.nix @@ -149,8 +149,7 @@ in { package = mkOption { description = "Kibana package to use"; default = pkgs.kibana; - defaultText = "pkgs.kibana"; - example = "pkgs.kibana"; + defaultText = literalExpression "pkgs.kibana"; type = types.package; }; diff --git a/nixpkgs/nixos/modules/services/search/solr.nix b/nixpkgs/nixos/modules/services/search/solr.nix index a8615a20a1cf..ea76bfc9298f 100644 --- a/nixpkgs/nixos/modules/services/search/solr.nix +++ b/nixpkgs/nixos/modules/services/search/solr.nix @@ -16,7 +16,7 @@ in package = mkOption { type = types.package; default = pkgs.solr; - defaultText = "pkgs.solr"; + defaultText = literalExpression "pkgs.solr"; description = "Which Solr package to use."; }; diff --git a/nixpkgs/nixos/modules/services/security/certmgr.nix b/nixpkgs/nixos/modules/services/security/certmgr.nix index 94c0ba141179..d302a4e00020 100644 --- a/nixpkgs/nixos/modules/services/security/certmgr.nix +++ b/nixpkgs/nixos/modules/services/security/certmgr.nix @@ -40,7 +40,7 @@ in package = mkOption { type = types.package; default = pkgs.certmgr; - defaultText = "pkgs.certmgr"; + defaultText = literalExpression "pkgs.certmgr"; description = "Which certmgr package to use in the service."; }; @@ -76,7 +76,7 @@ in specs = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { exampleCert = let diff --git a/nixpkgs/nixos/modules/services/security/cfssl.nix b/nixpkgs/nixos/modules/services/security/cfssl.nix index ee6d5d91fe15..e5bed0a9987c 100644 --- a/nixpkgs/nixos/modules/services/security/cfssl.nix +++ b/nixpkgs/nixos/modules/services/security/cfssl.nix @@ -27,13 +27,13 @@ in { }; ca = mkOption { - defaultText = "\${cfg.dataDir}/ca.pem"; + defaultText = literalExpression ''"''${cfg.dataDir}/ca.pem"''; type = types.str; description = "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'."; }; caKey = mkOption { - defaultText = "file:\${cfg.dataDir}/ca-key.pem"; + defaultText = literalExpression ''"file:''${cfg.dataDir}/ca-key.pem"''; type = types.str; description = "CA private key -- accepts '[file:]fname' or 'env:varname'."; }; diff --git a/nixpkgs/nixos/modules/services/security/fail2ban.nix b/nixpkgs/nixos/modules/services/security/fail2ban.nix index 499d34667509..67e1026dcef4 100644 --- a/nixpkgs/nixos/modules/services/security/fail2ban.nix +++ b/nixpkgs/nixos/modules/services/security/fail2ban.nix @@ -55,22 +55,24 @@ in package = mkOption { default = pkgs.fail2ban; + defaultText = literalExpression "pkgs.fail2ban"; type = types.package; - example = "pkgs.fail2ban_0_11"; + example = literalExpression "pkgs.fail2ban_0_11"; description = "The fail2ban package to use for running the fail2ban service."; }; packageFirewall = mkOption { default = pkgs.iptables; + defaultText = literalExpression "pkgs.iptables"; type = types.package; - example = "pkgs.nftables"; + example = literalExpression "pkgs.nftables"; description = "The firewall package used by fail2ban service."; }; extraPackages = mkOption { default = []; type = types.listOf types.package; - example = lib.literalExample "[ pkgs.ipset ]"; + example = lib.literalExpression "[ pkgs.ipset ]"; description = '' Extra packages to be made available to the fail2ban service. The example contains the packages needed by the `iptables-ipset-proto6` action. @@ -202,7 +204,7 @@ in jails = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { apache-nohome-iptables = ''' # Block an IP address if it accesses a non-existent # home directory more than 5 times in 10 minutes, diff --git a/nixpkgs/nixos/modules/services/security/fprintd.nix b/nixpkgs/nixos/modules/services/security/fprintd.nix index fe0fba5b45d7..87c3f1f6f9e4 100644 --- a/nixpkgs/nixos/modules/services/security/fprintd.nix +++ b/nixpkgs/nixos/modules/services/security/fprintd.nix @@ -23,7 +23,7 @@ in package = mkOption { type = types.package; default = fprintdPkg; - defaultText = "if cfg.tod.enable then pkgs.fprintd-tod else pkgs.fprintd"; + defaultText = literalExpression "if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd"; description = '' fprintd package to use. ''; @@ -35,7 +35,7 @@ in driver = mkOption { type = types.package; - example = literalExample "pkgs.libfprint-2-tod1-goodix"; + example = literalExpression "pkgs.libfprint-2-tod1-goodix"; description = '' Touch OEM Drivers (TOD) package to use. ''; diff --git a/nixpkgs/nixos/modules/services/security/haka.nix b/nixpkgs/nixos/modules/services/security/haka.nix index 618e689924fd..2cfc05f3033b 100644 --- a/nixpkgs/nixos/modules/services/security/haka.nix +++ b/nixpkgs/nixos/modules/services/security/haka.nix @@ -59,7 +59,7 @@ in package = mkOption { default = pkgs.haka; - defaultText = "pkgs.haka"; + defaultText = literalExpression "pkgs.haka"; type = types.package; description = " Which Haka derivation to use. diff --git a/nixpkgs/nixos/modules/services/security/hockeypuck.nix b/nixpkgs/nixos/modules/services/security/hockeypuck.nix index 2e98624bb2ee..d0e152934f50 100644 --- a/nixpkgs/nixos/modules/services/security/hockeypuck.nix +++ b/nixpkgs/nixos/modules/services/security/hockeypuck.nix @@ -18,7 +18,7 @@ in { settings = lib.mkOption { type = settingsFormat.type; default = { }; - example = lib.literalExample '' + example = lib.literalExpression '' { hockeypuck = { loglevel = "INFO"; diff --git a/nixpkgs/nixos/modules/services/security/nginx-sso.nix b/nixpkgs/nixos/modules/services/security/nginx-sso.nix index 50d250fc4d76..b4de1d36edd8 100644 --- a/nixpkgs/nixos/modules/services/security/nginx-sso.nix +++ b/nixpkgs/nixos/modules/services/security/nginx-sso.nix @@ -13,7 +13,7 @@ in { package = mkOption { type = types.package; default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; + defaultText = literalExpression "pkgs.nginx-sso"; description = '' The nginx-sso package that should be used. ''; @@ -22,7 +22,7 @@ in { configuration = mkOption { type = types.attrsOf types.unspecified; default = {}; - example = literalExample '' + example = literalExpression '' { listen = { addr = "127.0.0.1"; port = 8080; }; diff --git a/nixpkgs/nixos/modules/services/security/oauth2_proxy.nix b/nixpkgs/nixos/modules/services/security/oauth2_proxy.nix index e85fd4b75df4..4d3562424170 100644 --- a/nixpkgs/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixpkgs/nixos/modules/services/security/oauth2_proxy.nix @@ -91,7 +91,7 @@ in package = mkOption { type = types.package; default = pkgs.oauth2-proxy; - defaultText = "pkgs.oauth2-proxy"; + defaultText = literalExpression "pkgs.oauth2-proxy"; description = '' The package that provides oauth2-proxy. ''; diff --git a/nixpkgs/nixos/modules/services/security/privacyidea.nix b/nixpkgs/nixos/modules/services/security/privacyidea.nix index 5f894d0fa691..05f4995cc416 100644 --- a/nixpkgs/nixos/modules/services/security/privacyidea.nix +++ b/nixpkgs/nixos/modules/services/security/privacyidea.nix @@ -169,7 +169,6 @@ in configFile = mkOption { type = types.path; - default = ""; description = '' Path to PrivacyIDEA LDAP Proxy configuration (proxy.ini). ''; @@ -273,7 +272,7 @@ in (mkIf cfg.ldap-proxy.enable { systemd.services.privacyidea-ldap-proxy = let - ldap-proxy-env = pkgs.python2.withPackages (ps: [ ps.privacyidea-ldap-proxy ]); + ldap-proxy-env = pkgs.python3.withPackages (ps: [ ps.privacyidea-ldap-proxy ]); in { description = "privacyIDEA LDAP proxy"; wantedBy = [ "multi-user.target" ]; diff --git a/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix b/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix index 5908f727d535..fea2a855e20f 100644 --- a/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix +++ b/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix @@ -14,7 +14,7 @@ in { configFile = mkOption { type = types.path; - example = "${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"; + example = literalExpression ''"''${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"''; description = "Path to shibboleth config file"; }; diff --git a/nixpkgs/nixos/modules/services/security/sks.nix b/nixpkgs/nixos/modules/services/security/sks.nix index a91060dc659a..f4911597564b 100644 --- a/nixpkgs/nixos/modules/services/security/sks.nix +++ b/nixpkgs/nixos/modules/services/security/sks.nix @@ -23,7 +23,7 @@ in { package = mkOption { default = pkgs.sks; - defaultText = "pkgs.sks"; + defaultText = literalExpression "pkgs.sks"; type = types.package; description = "Which SKS derivation to use."; }; @@ -74,7 +74,7 @@ in { webroot = mkOption { type = types.nullOr types.path; default = "${sksPkg.webSamples}/OpenPKG"; - defaultText = "\${pkgs.sks.webSamples}/OpenPKG"; + defaultText = literalExpression ''"''${package.webSamples}/OpenPKG"''; description = '' Source directory (will be symlinked, if not null) for the files the built-in webserver should serve. SKS (''${pkgs.sks.webSamples}) diff --git a/nixpkgs/nixos/modules/services/security/step-ca.nix b/nixpkgs/nixos/modules/services/security/step-ca.nix index 64eee11f5880..2eccc30e4056 100644 --- a/nixpkgs/nixos/modules/services/security/step-ca.nix +++ b/nixpkgs/nixos/modules/services/security/step-ca.nix @@ -13,6 +13,7 @@ in package = lib.mkOption { type = lib.types.package; default = pkgs.step-ca; + defaultText = lib.literalExpression "pkgs.step-ca"; description = "Which step-ca package to use."; }; address = lib.mkOption { diff --git a/nixpkgs/nixos/modules/services/security/tor.nix b/nixpkgs/nixos/modules/services/security/tor.nix index 1e1f443905d4..c94b248d5f10 100644 --- a/nixpkgs/nixos/modules/services/security/tor.nix +++ b/nixpkgs/nixos/modules/services/security/tor.nix @@ -232,8 +232,7 @@ in package = mkOption { type = types.package; default = pkgs.tor; - defaultText = "pkgs.tor"; - example = literalExample "pkgs.tor"; + defaultText = literalExpression "pkgs.tor"; description = "Tor package to use."; }; diff --git a/nixpkgs/nixos/modules/services/security/usbguard.nix b/nixpkgs/nixos/modules/services/security/usbguard.nix index 4cdb3a041b59..201b37f17ba5 100644 --- a/nixpkgs/nixos/modules/services/security/usbguard.nix +++ b/nixpkgs/nixos/modules/services/security/usbguard.nix @@ -44,7 +44,7 @@ in package = mkOption { type = types.package; default = pkgs.usbguard; - defaultText = "pkgs.usbguard"; + defaultText = literalExpression "pkgs.usbguard"; description = '' The usbguard package to use. If you do not need the Qt GUI, use <literal>pkgs.usbguard-nox</literal> to save disk space. diff --git a/nixpkgs/nixos/modules/services/security/vault.nix b/nixpkgs/nixos/modules/services/security/vault.nix index 5a20f6413b1b..b0ade62d97c9 100644 --- a/nixpkgs/nixos/modules/services/security/vault.nix +++ b/nixpkgs/nixos/modules/services/security/vault.nix @@ -42,7 +42,7 @@ in package = mkOption { type = types.package; default = pkgs.vault; - defaultText = "pkgs.vault"; + defaultText = literalExpression "pkgs.vault"; description = "This option specifies the vault package to use."; }; diff --git a/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix b/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix index d28ea61e66aa..5b951bc85ec0 100644 --- a/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix @@ -60,7 +60,7 @@ in { config = mkOption { type = attrsOf (nullOr (oneOf [ bool int str ])); default = {}; - example = literalExample '' + example = literalExpression '' { domain = "https://bw.domain.tld:8443"; signupsAllowed = true; @@ -106,14 +106,14 @@ in { package = mkOption { type = package; default = pkgs.vaultwarden; - defaultText = "pkgs.vaultwarden"; + defaultText = literalExpression "pkgs.vaultwarden"; description = "Vaultwarden package to use."; }; webVaultPackage = mkOption { type = package; default = pkgs.vaultwarden-vault; - defaultText = "pkgs.vaultwarden-vault"; + defaultText = literalExpression "pkgs.vaultwarden-vault"; description = "Web vault package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/security/yubikey-agent.nix b/nixpkgs/nixos/modules/services/security/yubikey-agent.nix index 2972c64a3641..8a2f98d0412d 100644 --- a/nixpkgs/nixos/modules/services/security/yubikey-agent.nix +++ b/nixpkgs/nixos/modules/services/security/yubikey-agent.nix @@ -33,7 +33,7 @@ in package = mkOption { type = types.package; default = pkgs.yubikey-agent; - defaultText = "pkgs.yubikey-agent"; + defaultText = literalExpression "pkgs.yubikey-agent"; description = '' The package used for the yubikey-agent daemon. ''; diff --git a/nixpkgs/nixos/modules/services/system/earlyoom.nix b/nixpkgs/nixos/modules/services/system/earlyoom.nix index e29bdbe264cc..452efc736439 100644 --- a/nixpkgs/nixos/modules/services/system/earlyoom.nix +++ b/nixpkgs/nixos/modules/services/system/earlyoom.nix @@ -106,6 +106,7 @@ in path = optional ecfg.enableNotifications pkgs.dbus; serviceConfig = { StandardOutput = "null"; + StandardError = "journal"; ExecStart = '' ${pkgs.earlyoom}/bin/earlyoom \ -m ${toString ecfg.freeMemThreshold} \ diff --git a/nixpkgs/nixos/modules/services/system/saslauthd.nix b/nixpkgs/nixos/modules/services/system/saslauthd.nix index 8fcf4fb91fc4..466b0ca60a7e 100644 --- a/nixpkgs/nixos/modules/services/system/saslauthd.nix +++ b/nixpkgs/nixos/modules/services/system/saslauthd.nix @@ -20,7 +20,7 @@ in package = mkOption { default = pkgs.cyrus_sasl.bin; - defaultText = "pkgs.cyrus_sasl.bin"; + defaultText = literalExpression "pkgs.cyrus_sasl.bin"; type = types.package; description = "Cyrus SASL package to use."; }; diff --git a/nixpkgs/nixos/modules/services/torrent/deluge.nix b/nixpkgs/nixos/modules/services/torrent/deluge.nix index 151a1dd638d1..cb0da9e83b42 100644 --- a/nixpkgs/nixos/modules/services/torrent/deluge.nix +++ b/nixpkgs/nixos/modules/services/torrent/deluge.nix @@ -50,7 +50,7 @@ in { config = mkOption { type = types.attrs; default = {}; - example = literalExample '' + example = literalExpression '' { download_location = "/srv/torrents/"; max_upload_speed = "1000.0"; @@ -149,7 +149,7 @@ in { package = mkOption { type = types.package; - example = literalExample "pkgs.deluge-2_x"; + example = literalExpression "pkgs.deluge-2_x"; description = '' Deluge package to use. ''; diff --git a/nixpkgs/nixos/modules/services/torrent/flexget.nix b/nixpkgs/nixos/modules/services/torrent/flexget.nix index 6ac85f8fa178..e500e02d861b 100644 --- a/nixpkgs/nixos/modules/services/torrent/flexget.nix +++ b/nixpkgs/nixos/modules/services/torrent/flexget.nix @@ -39,7 +39,7 @@ in { systemScheduler = mkOption { default = true; - example = "false"; + example = false; type = types.bool; description = "When true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file."; }; diff --git a/nixpkgs/nixos/modules/services/torrent/magnetico.nix b/nixpkgs/nixos/modules/services/torrent/magnetico.nix index ada6f9b1e3a9..3dd7b1ece768 100644 --- a/nixpkgs/nixos/modules/services/torrent/magnetico.nix +++ b/nixpkgs/nixos/modules/services/torrent/magnetico.nix @@ -111,7 +111,7 @@ in { web.credentials = mkOption { type = types.attrsOf types.str; default = {}; - example = lib.literalExample '' + example = lib.literalExpression '' { myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG"; } diff --git a/nixpkgs/nixos/modules/services/torrent/opentracker.nix b/nixpkgs/nixos/modules/services/torrent/opentracker.nix index 74f443381d92..d76d61dfe859 100644 --- a/nixpkgs/nixos/modules/services/torrent/opentracker.nix +++ b/nixpkgs/nixos/modules/services/torrent/opentracker.nix @@ -13,7 +13,7 @@ in { opentracker package to use ''; default = pkgs.opentracker; - defaultText = "pkgs.opentracker"; + defaultText = literalExpression "pkgs.opentracker"; }; extraOptions = mkOption { diff --git a/nixpkgs/nixos/modules/services/torrent/rtorrent.nix b/nixpkgs/nixos/modules/services/torrent/rtorrent.nix index be57c03b1721..dd7df623c739 100644 --- a/nixpkgs/nixos/modules/services/torrent/rtorrent.nix +++ b/nixpkgs/nixos/modules/services/torrent/rtorrent.nix @@ -45,7 +45,7 @@ in { package = mkOption { type = types.package; default = pkgs.rtorrent; - defaultText = "pkgs.rtorrent"; + defaultText = literalExpression "pkgs.rtorrent"; description = '' The rtorrent package to use. ''; diff --git a/nixpkgs/nixos/modules/services/torrent/transmission.nix b/nixpkgs/nixos/modules/services/torrent/transmission.nix index 34a5219c9594..b8cfcf391215 100644 --- a/nixpkgs/nixos/modules/services/torrent/transmission.nix +++ b/nixpkgs/nixos/modules/services/torrent/transmission.nix @@ -152,6 +152,8 @@ in install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.download-dir}' '' + optionalString cfg.settings.incomplete-dir-enabled '' install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.incomplete-dir}' + '' + optionalString cfg.settings.watch-dir-enabled '' + install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.watch-dir}' ''; assertions = [ diff --git a/nixpkgs/nixos/modules/services/ttys/getty.nix b/nixpkgs/nixos/modules/services/ttys/getty.nix index eb966c37ce7f..8c5b6e5e0cbc 100644 --- a/nixpkgs/nixos/modules/services/ttys/getty.nix +++ b/nixpkgs/nixos/modules/services/ttys/getty.nix @@ -42,6 +42,7 @@ in loginProgram = mkOption { type = types.path; default = "${pkgs.shadow}/bin/login"; + defaultText = literalExpression ''"''${pkgs.shadow}/bin/login"''; description = '' Path to the login binary executed by agetty. ''; diff --git a/nixpkgs/nixos/modules/services/video/epgstation/default.nix b/nixpkgs/nixos/modules/services/video/epgstation/default.nix index b13393c8983a..e34b6e0510a5 100644 --- a/nixpkgs/nixos/modules/services/video/epgstation/default.nix +++ b/nixpkgs/nixos/modules/services/video/epgstation/default.nix @@ -126,6 +126,7 @@ in passwordFile = mkOption { type = types.path; default = pkgs.writeText "epgstation-password" defaultPassword; + defaultText = literalDocBook ''a file containing <literal>${defaultPassword}</literal>''; example = "/run/keys/epgstation-password"; description = '' A file containing the password for <option>basicAuth.user</option>. @@ -145,6 +146,7 @@ in passwordFile = mkOption { type = types.path; default = pkgs.writeText "epgstation-db-password" defaultPassword; + defaultText = literalDocBook ''a file containing <literal>${defaultPassword}</literal>''; example = "/run/keys/epgstation-db-password"; description = '' A file containing the password for the database named @@ -189,14 +191,33 @@ in type = with types; listOf attrs; description = "Encoding presets for recorded videos."; default = [ - { name = "H264"; + { + name = "H264"; cmd = "${pkgs.epgstation}/libexec/enc.sh main"; suffix = ".mp4"; - default = true; } - { name = "H264-sub"; + default = true; + } + { + name = "H264-sub"; cmd = "${pkgs.epgstation}/libexec/enc.sh sub"; - suffix = "-sub.mp4"; } + suffix = "-sub.mp4"; + } ]; + defaultText = literalExpression '' + [ + { + name = "H264"; + cmd = "''${pkgs.epgstation}/libexec/enc.sh main"; + suffix = ".mp4"; + default = true; + } + { + name = "H264-sub"; + cmd = "''${pkgs.epgstation}/libexec/enc.sh sub"; + suffix = "-sub.mp4"; + } + ] + ''; }; }; }; diff --git a/nixpkgs/nixos/modules/services/video/mirakurun.nix b/nixpkgs/nixos/modules/services/video/mirakurun.nix index 1a99d1c97692..16efb56cfd61 100644 --- a/nixpkgs/nixos/modules/services/video/mirakurun.nix +++ b/nixpkgs/nixos/modules/services/video/mirakurun.nix @@ -72,7 +72,7 @@ in serverSettings = mkOption { type = settingsFmt.type; default = {}; - example = literalExample '' + example = literalExpression '' { highWaterMark = 25165824; overflowTimeLimit = 30000; @@ -89,7 +89,7 @@ in tunerSettings = mkOption { type = with types; nullOr settingsFmt.type; default = null; - example = literalExample '' + example = literalExpression '' [ { name = "tuner-name"; @@ -110,7 +110,7 @@ in channelSettings = mkOption { type = with types; nullOr settingsFmt.type; default = null; - example = literalExample '' + example = literalExpression '' [ { name = "channel"; diff --git a/nixpkgs/nixos/modules/services/video/replay-sorcery.nix b/nixpkgs/nixos/modules/services/video/replay-sorcery.nix index 7ce5be8a5a1c..abe7202a4a86 100644 --- a/nixpkgs/nixos/modules/services/video/replay-sorcery.nix +++ b/nixpkgs/nixos/modules/services/video/replay-sorcery.nix @@ -26,7 +26,7 @@ in type = attrsOf (oneOf [ str int ]); default = {}; description = "System-wide configuration for ReplaySorcery (/etc/replay-sorcery.conf)."; - example = literalExample '' + example = literalExpression '' { videoInput = "hwaccel"; # requires `services.replay-sorcery.enableSysAdminCapability = true` videoFramerate = 60; diff --git a/nixpkgs/nixos/modules/services/video/unifi-video.nix b/nixpkgs/nixos/modules/services/video/unifi-video.nix index d4c0268ed66c..17971b23db82 100644 --- a/nixpkgs/nixos/modules/services/video/unifi-video.nix +++ b/nixpkgs/nixos/modules/services/video/unifi-video.nix @@ -104,7 +104,7 @@ in jrePackage = mkOption { type = types.package; default = pkgs.jre8; - defaultText = "pkgs.jre8"; + defaultText = literalExpression "pkgs.jre8"; description = '' The JRE package to use. Check the release notes to ensure it is supported. ''; @@ -113,7 +113,7 @@ in unifiVideoPackage = mkOption { type = types.package; default = pkgs.unifi-video; - defaultText = "pkgs.unifi-video"; + defaultText = literalExpression "pkgs.unifi-video"; description = '' The unifi-video package to use. ''; @@ -122,7 +122,7 @@ in mongodbPackage = mkOption { type = types.package; default = pkgs.mongodb-4_0; - defaultText = "pkgs.mongodb"; + defaultText = literalExpression "pkgs.mongodb"; description = '' The mongodb package to use. ''; diff --git a/nixpkgs/nixos/modules/services/wayland/cage.nix b/nixpkgs/nixos/modules/services/wayland/cage.nix index bd97a674eb86..273693a3b2fe 100644 --- a/nixpkgs/nixos/modules/services/wayland/cage.nix +++ b/nixpkgs/nixos/modules/services/wayland/cage.nix @@ -18,7 +18,7 @@ in { options.services.cage.extraArguments = mkOption { type = types.listOf types.str; default = []; - defaultText = "[]"; + defaultText = literalExpression "[]"; description = "Additional command line arguments to pass to Cage."; example = ["-d"]; }; @@ -26,6 +26,7 @@ in { options.services.cage.program = mkOption { type = types.path; default = "${pkgs.xterm}/bin/xterm"; + defaultText = literalExpression ''"''${pkgs.xterm}/bin/xterm"''; description = '' Program to run in cage. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix b/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix index 59185fdbd36f..2d809c17ff09 100644 --- a/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix +++ b/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix @@ -128,14 +128,14 @@ in package = mkOption { type = types.package; default = pkgs.atlassian-confluence; - defaultText = "pkgs.atlassian-confluence"; + defaultText = literalExpression "pkgs.atlassian-confluence"; description = "Atlassian Confluence package to use."; }; jrePackage = mkOption { type = types.package; default = pkgs.oraclejre8; - defaultText = "pkgs.oraclejre8"; + defaultText = literalExpression "pkgs.oraclejre8"; description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152)."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix b/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix index ceab656b15e8..a8b2482d5a9c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix +++ b/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix @@ -96,14 +96,14 @@ in package = mkOption { type = types.package; default = pkgs.atlassian-crowd; - defaultText = "pkgs.atlassian-crowd"; + defaultText = literalExpression "pkgs.atlassian-crowd"; description = "Atlassian Crowd package to use."; }; jrePackage = mkOption { type = types.package; default = pkgs.oraclejre8; - defaultText = "pkgs.oraclejre8"; + defaultText = literalExpression "pkgs.oraclejre8"; description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152)."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix b/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix index ce04982e8a9e..d7a26838d6f8 100644 --- a/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix +++ b/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix @@ -134,14 +134,14 @@ in package = mkOption { type = types.package; default = pkgs.atlassian-jira; - defaultText = "pkgs.atlassian-jira"; + defaultText = literalExpression "pkgs.atlassian-jira"; description = "Atlassian JIRA package to use."; }; jrePackage = mkOption { type = types.package; default = pkgs.oraclejre8; - defaultText = "pkgs.oraclejre8"; + defaultText = literalExpression "pkgs.oraclejre8"; description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152)."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/bookstack.nix b/nixpkgs/nixos/modules/services/web-apps/bookstack.nix index 34a31af9c9da..74eeb2faa4a3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/bookstack.nix +++ b/nixpkgs/nixos/modules/services/web-apps/bookstack.nix @@ -91,7 +91,7 @@ in { user = mkOption { type = types.str; default = user; - defaultText = "\${user}"; + defaultText = literalExpression "user"; description = "Database username."; }; passwordFile = mkOption { @@ -187,14 +187,16 @@ in { (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {} ); default = {}; - example = { - serverAliases = [ - "bookstack.\${config.networking.domain}" - ]; - # To enable encryption and let let's encrypt take care of certificate - forceSSL = true; - enableACME = true; - }; + example = literalExpression '' + { + serverAliases = [ + "bookstack.''${config.networking.domain}" + ]; + # To enable encryption and let let's encrypt take care of certificate + forceSSL = true; + enableACME = true; + } + ''; description = '' With this option, you can customize the nginx virtualHost settings. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/cryptpad.nix b/nixpkgs/nixos/modules/services/web-apps/cryptpad.nix index 69a89107d310..e6772de768e0 100644 --- a/nixpkgs/nixos/modules/services/web-apps/cryptpad.nix +++ b/nixpkgs/nixos/modules/services/web-apps/cryptpad.nix @@ -11,7 +11,7 @@ in package = mkOption { default = pkgs.cryptpad; - defaultText = "pkgs.cryptpad"; + defaultText = literalExpression "pkgs.cryptpad"; type = types.package; description = " Cryptpad package to use. @@ -21,7 +21,7 @@ in configFile = mkOption { type = types.path; default = "${cfg.package}/lib/node_modules/cryptpad/config/config.example.js"; - defaultText = "\${cfg.package}/lib/node_modules/cryptpad/config/config.example.js"; + defaultText = literalExpression ''"''${package}/lib/node_modules/cryptpad/config/config.example.js"''; description = '' Path to the JavaScript configuration file. diff --git a/nixpkgs/nixos/modules/services/web-apps/dex.nix b/nixpkgs/nixos/modules/services/web-apps/dex.nix new file mode 100644 index 000000000000..f08dd65bdb0f --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/dex.nix @@ -0,0 +1,115 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dex; + fixClient = client: if client ? secretFile then ((builtins.removeAttrs client [ "secretFile" ]) // { secret = client.secretFile; }) else client; + filteredSettings = mapAttrs (n: v: if n == "staticClients" then (builtins.map fixClient v) else v) cfg.settings; + secretFiles = flatten (builtins.map (c: if c ? secretFile then [ c.secretFile ] else []) (cfg.settings.staticClients or [])); + + settingsFormat = pkgs.formats.yaml {}; + configFile = settingsFormat.generate "config.yaml" filteredSettings; + + startPreScript = pkgs.writeShellScript "dex-start-pre" ('' + '' + (concatStringsSep "\n" (builtins.map (file: '' + ${pkgs.replace-secret}/bin/replace-secret '${file}' '${file}' /run/dex/config.yaml + '') secretFiles))); +in +{ + options.services.dex = { + enable = mkEnableOption "the OpenID Connect and OAuth2 identity provider"; + + settings = mkOption { + type = settingsFormat.type; + default = {}; + example = literalExpression '' + { + # External url + issuer = "http://127.0.0.1:5556/dex"; + storage = { + type = "postgres"; + config.host = "/var/run/postgres"; + }; + web = { + http = "127.0.0.1:5556"; + }; + enablePasswordDB = true; + staticClients = [ + { + id = "oidcclient"; + name = "Client"; + redirectURIs = [ "https://example.com/callback" ]; + secretFile = "/etc/dex/oidcclient"; # The content of `secretFile` will be written into to the config as `secret`. + } + ]; + } + ''; + description = '' + The available options can be found in + <link xlink:href="https://github.com/dexidp/dex/blob/v${pkgs.dex.version}/config.yaml.dist">the example configuration</link>. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.dex = { + description = "dex identity provider"; + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" ] ++ (optional (cfg.settings.storage.type == "postgres") "postgresql.service"); + + serviceConfig = { + ExecStart = "${pkgs.dex-oidc}/bin/dex serve /run/dex/config.yaml"; + ExecStartPre = [ + "${pkgs.coreutils}/bin/install -m 600 ${configFile} /run/dex/config.yaml" + "+${startPreScript}" + ]; + RuntimeDirectory = "dex"; + + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + "-/etc/dex" + ]; + BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql"; + CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; + # ProtectClock= adds DeviceAllow=char-rtc r + DeviceAllow = ""; + DynamicUser = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + # Port needs to be exposed to the host network + #PrivateNetwork = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectHome = true; + ProtectHostname = true; + # Would re-mount paths ignored by temporary root + #ProtectSystem = "strict"; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; + TemporaryFileSystem = "/:ro"; + # Does not work well with the temporary root + #UMask = "0066"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/discourse.nix b/nixpkgs/nixos/modules/services/web-apps/discourse.nix index b28e3cf0deb2..c4fb7e2b316f 100644 --- a/nixpkgs/nixos/modules/services/web-apps/discourse.nix +++ b/nixpkgs/nixos/modules/services/web-apps/discourse.nix @@ -33,7 +33,7 @@ in apply = p: p.override { plugins = lib.unique (p.enabledPlugins ++ cfg.plugins); }; - defaultText = "pkgs.discourse"; + defaultText = lib.literalExpression "pkgs.discourse"; description = '' The discourse package to use. ''; @@ -45,7 +45,7 @@ in config.networking.fqdn else config.networking.hostName; - defaultText = "config.networking.fqdn"; + defaultText = lib.literalExpression "config.networking.fqdn"; example = "discourse.example.com"; description = '' The hostname to serve Discourse on. @@ -99,7 +99,10 @@ in enableACME = lib.mkOption { type = lib.types.bool; default = cfg.sslCertificate == null && cfg.sslCertificateKey == null; - defaultText = "true, unless services.discourse.sslCertificate and services.discourse.sslCertificateKey are set."; + defaultText = lib.literalDocBook '' + <literal>true</literal>, unless <option>services.discourse.sslCertificate</option> + and <option>services.discourse.sslCertificateKey</option> are set. + ''; description = '' Whether an ACME certificate should be used to secure connections to the server. @@ -109,7 +112,7 @@ in backendSettings = lib.mkOption { type = with lib.types; attrsOf (nullOr (oneOf [ str int bool float ])); default = {}; - example = lib.literalExample '' + example = lib.literalExpression '' { max_reqs_per_ip_per_minute = 300; max_reqs_per_ip_per_10_seconds = 60; @@ -134,7 +137,7 @@ in siteSettings = lib.mkOption { type = json.type; default = {}; - example = lib.literalExample '' + example = lib.literalExpression '' { required = { title = "My Cats"; @@ -334,10 +337,8 @@ in notificationEmailAddress = lib.mkOption { type = lib.types.str; default = "${if cfg.mail.incoming.enable then "notifications" else "noreply"}@${cfg.hostname}"; - defaultText = '' - "notifications@`config.services.discourse.hostname`" if - config.services.discourse.mail.incoming.enable is "true", - otherwise "noreply`config.services.discourse.hostname`" + defaultText = lib.literalExpression '' + "''${if config.services.discourse.mail.incoming.enable then "notifications" else "noreply"}@''${config.services.discourse.hostname}" ''; description = '' The <literal>from:</literal> email address used when @@ -448,7 +449,7 @@ in replyEmailAddress = lib.mkOption { type = lib.types.str; default = "%{reply_key}@${cfg.hostname}"; - defaultText = "%{reply_key}@`config.services.discourse.hostname`"; + defaultText = lib.literalExpression ''"%{reply_key}@''${config.services.discourse.hostname}"''; description = '' Template for reply by email incoming email address, for example: %{reply_key}@reply.example.com or @@ -459,7 +460,7 @@ in mailReceiverPackage = lib.mkOption { type = lib.types.package; default = pkgs.discourse-mail-receiver; - defaultText = "pkgs.discourse-mail-receiver"; + defaultText = lib.literalExpression "pkgs.discourse-mail-receiver"; description = '' The discourse-mail-receiver package to use. ''; @@ -484,7 +485,7 @@ in plugins = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; - example = lib.literalExample '' + example = lib.literalExpression '' with config.services.discourse.package.plugins; [ discourse-canned-replies discourse-github diff --git a/nixpkgs/nixos/modules/services/web-apps/documize.nix b/nixpkgs/nixos/modules/services/web-apps/documize.nix index a5f48e744fdc..7f2ed82ee33e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/documize.nix +++ b/nixpkgs/nixos/modules/services/web-apps/documize.nix @@ -26,6 +26,7 @@ in { package = mkOption { type = types.package; default = pkgs.documize-community; + defaultText = literalExpression "pkgs.documize-community"; description = '' Which package to use for documize. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix b/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix index 964fef23addf..bc5b1a8be545 100644 --- a/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix @@ -2,7 +2,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types maintainers recursiveUpdate; - inherit (lib) any attrValues concatMapStrings concatMapStringsSep flatten literalExample; + inherit (lib) any attrValues concatMapStrings concatMapStringsSep flatten literalExpression; inherit (lib) filterAttrs mapAttrs mapAttrs' mapAttrsToList nameValuePair optional optionalAttrs optionalString; cfg = migrateOldAttrs config.services.dokuwiki; @@ -69,6 +69,7 @@ let package = mkOption { type = types.package; default = pkgs.dokuwiki; + defaultText = literalExpression "pkgs.dokuwiki"; description = "Which DokuWiki package to use."; }; @@ -167,24 +168,24 @@ let List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. <note><para>These plugins need to be packaged before use, see example.</para></note> ''; - example = '' - # Let's package the icalevents plugin - plugin-icalevents = pkgs.stdenv.mkDerivation { - name = "icalevents"; - # Download the plugin from the dokuwiki site - src = pkgs.fetchurl { - url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; - sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; + example = literalExpression '' + let + # Let's package the icalevents plugin + plugin-icalevents = pkgs.stdenv.mkDerivation { + name = "icalevents"; + # Download the plugin from the dokuwiki site + src = pkgs.fetchurl { + url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; + sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; + }; + sourceRoot = "."; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; }; - sourceRoot = "."; - # We need unzip to build this package - buildInputs = [ pkgs.unzip ]; - # Installing simply means copying all files to the output directory - installPhase = "mkdir -p $out; cp -R * $out/"; - }; - # And then pass this theme to the plugin list like this: - plugins = [ plugin-icalevents ]; + in [ plugin-icalevents ] ''; }; @@ -195,23 +196,23 @@ let List of path(s) to respective template(s) which are copied from the 'tpl' directory. <note><para>These templates need to be packaged before use, see example.</para></note> ''; - example = '' - # Let's package the bootstrap3 theme - template-bootstrap3 = pkgs.stdenv.mkDerivation { - name = "bootstrap3"; - # Download the theme from the dokuwiki site - src = pkgs.fetchurl { - url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; - sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; + example = literalExpression '' + let + # Let's package the bootstrap3 theme + template-bootstrap3 = pkgs.stdenv.mkDerivation { + name = "bootstrap3"; + # Download the theme from the dokuwiki site + src = pkgs.fetchurl { + url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; + sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; + }; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; }; - # We need unzip to build this package - buildInputs = [ pkgs.unzip ]; - # Installing simply means copying all files to the output directory - installPhase = "mkdir -p $out; cp -R * $out/"; - }; - # And then pass this theme to the template list like this: - templates = [ template-bootstrap3 ]; + in [ template-bootstrap3 ] ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix b/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix index b87fecae65f2..06c3c6dfc3d7 100644 --- a/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix +++ b/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, utils, ... }: let - inherit (lib) mkDefault mkEnableOption mkIf mkOption types literalExample; + inherit (lib) mkDefault mkEnableOption mkIf mkOption types literalExpression; cfg = config.services.engelsystem; in { options = { @@ -24,9 +24,9 @@ in { package = mkOption { type = types.package; - example = literalExample "pkgs.engelsystem"; description = "Engelsystem package used for the service."; default = pkgs.engelsystem; + defaultText = literalExpression "pkgs.engelsystem"; }; createDatabase = mkOption { diff --git a/nixpkgs/nixos/modules/services/web-apps/fluidd.nix b/nixpkgs/nixos/modules/services/web-apps/fluidd.nix index c632b8ff7199..6ac1acc9d036 100644 --- a/nixpkgs/nixos/modules/services/web-apps/fluidd.nix +++ b/nixpkgs/nixos/modules/services/web-apps/fluidd.nix @@ -12,7 +12,7 @@ in type = types.package; description = "Fluidd package to be used in the module"; default = pkgs.fluidd; - defaultText = "pkgs.fluidd"; + defaultText = literalExpression "pkgs.fluidd"; }; hostName = mkOption { @@ -25,9 +25,11 @@ in type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }); default = { }; - example = { - serverAliases = [ "fluidd.\${config.networking.domain}" ]; - }; + example = literalExpression '' + { + serverAliases = [ "fluidd.''${config.networking.domain}" ]; + } + ''; description = "Extra configuration for the nginx virtual host of fluidd."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/galene.nix b/nixpkgs/nixos/modules/services/web-apps/galene.nix index dd63857a55c8..db9dfeb47499 100644 --- a/nixpkgs/nixos/modules/services/web-apps/galene.nix +++ b/nixpkgs/nixos/modules/services/web-apps/galene.nix @@ -80,6 +80,7 @@ in staticDir = mkOption { type = types.str; default = "${cfg.package.static}/static"; + defaultText = literalExpression ''"''${package.static}/static"''; example = "/var/lib/galene/static"; description = "Web server directory."; }; @@ -107,7 +108,7 @@ in package = mkOption { default = pkgs.galene; - defaultText = "pkgs.galene"; + defaultText = literalExpression "pkgs.galene"; type = types.package; description = '' Package for running Galene. diff --git a/nixpkgs/nixos/modules/services/web-apps/gerrit.nix b/nixpkgs/nixos/modules/services/web-apps/gerrit.nix index 864587aea565..9ee9dbf1aa49 100644 --- a/nixpkgs/nixos/modules/services/web-apps/gerrit.nix +++ b/nixpkgs/nixos/modules/services/web-apps/gerrit.nix @@ -64,13 +64,14 @@ in package = mkOption { type = types.package; default = pkgs.gerrit; + defaultText = literalExpression "pkgs.gerrit"; description = "Gerrit package to use"; }; jvmPackage = mkOption { type = types.package; default = pkgs.jre_headless; - defaultText = "pkgs.jre_headless"; + defaultText = literalExpression "pkgs.jre_headless"; description = "Java Runtime Environment package to use"; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix b/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix index d940f3d3daec..b434f16e9bdc 100644 --- a/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix +++ b/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix @@ -73,7 +73,7 @@ in port = mkOption { type = types.int; default = 3000; - example = "80"; + example = 80; description = '' Port to listen on. ''; @@ -135,7 +135,7 @@ in csp = mkOption { type = types.nullOr types.attrs; default = null; - example = literalExample '' + example = literalExpression '' { enable = true; directives = { @@ -222,7 +222,7 @@ in db = mkOption { type = types.attrs; default = {}; - example = literalExample '' + example = literalExpression '' { dialect = "sqlite"; storage = "/var/lib/${name}/db.${name}.sqlite"; @@ -313,7 +313,7 @@ in errorPath = mkOption { type = types.nullOr types.str; default = null; - defaultText = "./public/views/error.ejs"; + defaultText = literalExpression "./public/views/error.ejs"; description = '' Path to the error template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -322,7 +322,7 @@ in prettyPath = mkOption { type = types.nullOr types.str; default = null; - defaultText = "./public/views/pretty.ejs"; + defaultText = literalExpression "./public/views/pretty.ejs"; description = '' Path to the pretty template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -331,7 +331,7 @@ in slidePath = mkOption { type = types.nullOr types.str; default = null; - defaultText = "./public/views/slide.hbs"; + defaultText = literalExpression "./public/views/slide.hbs"; description = '' Path to the slide template file. (Non-canonical paths are relative to HedgeDoc's base directory) @@ -340,7 +340,7 @@ in uploadsPath = mkOption { type = types.str; default = "${cfg.workDir}/uploads"; - defaultText = "/var/lib/${name}/uploads"; + defaultText = literalExpression "/var/lib/${name}/uploads"; description = '' Path under which uploaded files are saved. ''; @@ -925,6 +925,7 @@ in package = mkOption { type = types.package; default = pkgs.hedgedoc; + defaultText = literalExpression "pkgs.hedgedoc"; description = '' Package that provides HedgeDoc. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix b/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix index a69767194c33..9c66589dffd1 100644 --- a/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix +++ b/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix @@ -20,7 +20,7 @@ in { port = mkOption { type = types.port; default = 5000; - example = "80"; + example = 80; description = '' Port to listen on. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index f8f0854f1bcb..b9761061aaae 100644 --- a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -59,7 +59,7 @@ in { modulePackages = mkOption { type = attrsOf package; default = {}; - example = literalExample '' + example = literalExpression '' { "snow" = icingaweb2Modules.theme-snow; } diff --git a/nixpkgs/nixos/modules/services/web-apps/isso.nix b/nixpkgs/nixos/modules/services/web-apps/isso.nix index d05a99a3eedc..4c01781a6a2b 100644 --- a/nixpkgs/nixos/modules/services/web-apps/isso.nix +++ b/nixpkgs/nixos/modules/services/web-apps/isso.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkEnableOption mkIf mkOption types literalExample; + inherit (lib) mkEnableOption mkIf mkOption types literalExpression; cfg = config.services.isso; @@ -31,7 +31,7 @@ in { freeformType = settingsFormat.type; }; - example = literalExample '' + example = literalExpression '' { general = { host = "http://localhost"; diff --git a/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix b/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix index 4f181257ef7c..83cf224f7d27 100644 --- a/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix +++ b/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix @@ -84,18 +84,19 @@ in type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }); default = {}; - example = { - serverAliases = [ "wiki.\${config.networking.domain}" ]; - }; + example = literalExpression '' + { + serverAliases = [ "wiki.''${config.networking.domain}" ]; + } + ''; description = "Extra configuration for the nginx virtual host of Jirafeau."; }; package = mkOption { type = types.package; default = pkgs.jirafeau; - defaultText = "pkgs.jirafeau"; + defaultText = literalExpression "pkgs.jirafeau"; description = "Jirafeau package to use"; - example = "pkgs.jirafeau"; }; poolConfig = mkOption { diff --git a/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix b/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix index 997604754e42..2eacd87ae6fd 100644 --- a/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix @@ -37,6 +37,7 @@ let focus = "focus.${cfg.hostName}"; }; bosh = "//${cfg.hostName}/http-bind"; + websocket = "wss://${cfg.hostName}/xmpp-websocket"; }; in { @@ -54,7 +55,7 @@ in config = mkOption { type = attrs; default = { }; - example = literalExample '' + example = literalExpression '' { enableWelcomePage = false; defaultLang = "fi"; @@ -81,7 +82,7 @@ in interfaceConfig = mkOption { type = attrs; default = { }; - example = literalExample '' + example = literalExpression '' { SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; @@ -143,6 +144,8 @@ in ''; }; + caddy.enable = mkEnableOption "Whether to enablle caddy reverse proxy to expose jitsi-meet"; + prosody.enable = mkOption { type = bool; default = true; @@ -163,7 +166,9 @@ in ping = mkDefault true; roster = mkDefault true; saslauth = mkDefault true; + smacks = mkDefault true; tls = mkDefault true; + websocket = mkDefault true; }; muc = [ { @@ -185,12 +190,17 @@ in #-- muc_room_cache_size = 1000 } ]; - extraModules = [ "pubsub" ]; + extraModules = [ "pubsub" "smacks" ]; extraPluginPaths = [ "${pkgs.jitsi-meet-prosody}/share/prosody-plugins" ]; - extraConfig = mkAfter '' + extraConfig = lib.mkMerge [ (mkAfter '' Component "focus.${cfg.hostName}" "client_proxy" target_address = "focus@auth.${cfg.hostName}" - ''; + '') + (mkBefore '' + cross_domain_websocket = true; + consider_websocket_secure = true; + '') + ]; virtualHosts.${cfg.hostName} = { enabled = true; domain = cfg.hostName; @@ -198,6 +208,10 @@ in authentication = "anonymous" c2s_require_encryption = false admins = { "focus@auth.${cfg.hostName}" } + smacks_max_unacked_stanzas = 5 + smacks_hibernation_time = 60 + smacks_max_hibernated_sessions = 1 + smacks_max_old_sessions = 1 ''; ssl = { cert = "/var/lib/jitsi-meet/jitsi-meet.crt"; @@ -286,6 +300,11 @@ in rewrite ^/(.*)$ / break; ''; locations."~ ^/([^/\\?&:'\"]+)$".tryFiles = "$uri @root_path"; + locations."^~ /xmpp-websocket" = { + priority = 100; + proxyPass = "http://localhost:5280/xmpp-websocket"; + proxyWebsockets = true; + }; locations."=/http-bind" = { proxyPass = "http://localhost:5280/http-bind"; extraConfig = '' @@ -305,6 +324,42 @@ in }; }; + services.caddy = mkIf cfg.caddy.enable { + enable = mkDefault true; + virtualHosts.${cfg.hostName} = { + extraConfig = + let + templatedJitsiMeet = pkgs.runCommand "templated-jitsi-meet" {} '' + cp -R ${pkgs.jitsi-meet}/* . + for file in *.html **/*.html ; do + ${pkgs.sd}/bin/sd '<!--#include virtual="(.*)" -->' '{{ include "$1" }}' $file + done + rm config.js + rm interface_config.js + cp -R . $out + cp ${overrideJs "${pkgs.jitsi-meet}/config.js" "config" (recursiveUpdate defaultCfg cfg.config) cfg.extraConfig} $out/config.js + cp ${overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig ""} $out/interface_config.js + cp ./libs/external_api.min.js $out/external_api.js + ''; + in '' + handle /http-bind { + header Host ${cfg.hostName} + reverse_proxy 127.0.0.1:5280 + } + handle /xmpp-websocket { + reverse_proxy 127.0.0.1:5280 + } + handle { + templates + root * ${templatedJitsiMeet} + try_files {path} {path} + try_files {path} /index.html + file_server + } + ''; + }; + }; + services.jitsi-videobridge = mkIf cfg.videobridge.enable { enable = true; xmppConfigs."localhost" = { diff --git a/nixpkgs/nixos/modules/services/web-apps/keycloak.nix b/nixpkgs/nixos/modules/services/web-apps/keycloak.nix index b1bea222c7f7..df8c7114102f 100644 --- a/nixpkgs/nixos/modules/services/web-apps/keycloak.nix +++ b/nixpkgs/nixos/modules/services/web-apps/keycloak.nix @@ -210,6 +210,7 @@ in package = lib.mkOption { type = lib.types.package; default = pkgs.keycloak; + defaultText = lib.literalExpression "pkgs.keycloak"; description = '' Keycloak package to use. ''; @@ -228,7 +229,7 @@ in extraConfig = lib.mkOption { type = lib.types.attrs; default = { }; - example = lib.literalExample '' + example = lib.literalExpression '' { "subsystem=keycloak-server" = { "spi=hostname" = { diff --git a/nixpkgs/nixos/modules/services/web-apps/lemmy.md b/nixpkgs/nixos/modules/services/web-apps/lemmy.md new file mode 100644 index 000000000000..e6599cd843e3 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/lemmy.md @@ -0,0 +1,34 @@ +# Lemmy {#module-services-lemmy} + +Lemmy is a federated alternative to reddit in rust. + +## Quickstart {#module-services-lemmy-quickstart} + +the minimum to start lemmy is + +```nix +services.lemmy = { + enable = true; + settings = { + hostname = "lemmy.union.rocks"; + database.createLocally = true; + }; + jwtSecretPath = "/run/secrets/lemmyJwt"; + caddy.enable = true; +} +``` + +(note that you can use something like agenix to get your secret jwt to the specified path) + +this will start the backend on port 8536 and the frontend on port 1234. +It will expose your instance with a caddy reverse proxy to the hostname you've provided. +Postgres will be initialized on that same instance automatically. + +## Usage {#module-services-lemmy-usage} + +On first connection you will be asked to define an admin user. + +## Missing {#module-services-lemmy-missing} + +- Exposing with nginx is not implemented yet. +- This has been tested using a local database with a unix socket connection. Using different database settings will likely require modifications diff --git a/nixpkgs/nixos/modules/services/web-apps/lemmy.nix b/nixpkgs/nixos/modules/services/web-apps/lemmy.nix new file mode 100644 index 000000000000..ae7d0d02c894 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/lemmy.nix @@ -0,0 +1,238 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.services.lemmy; + settingsFormat = pkgs.formats.json { }; +in +{ + meta.maintainers = with maintainers; [ happysalada ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml` + meta.doc = ./lemmy.xml; + + options.services.lemmy = { + + enable = mkEnableOption "lemmy a federated alternative to reddit in rust"; + + jwtSecretPath = mkOption { + type = types.path; + description = "Path to read the jwt secret from."; + }; + + ui = { + port = mkOption { + type = types.port; + default = 1234; + description = "Port where lemmy-ui should listen for incoming requests."; + }; + }; + + caddy.enable = mkEnableOption "exposing lemmy with the caddy reverse proxy"; + + settings = mkOption { + default = { }; + description = "Lemmy configuration"; + + type = types.submodule { + freeformType = settingsFormat.type; + + options.hostname = mkOption { + type = types.str; + default = null; + description = "The domain name of your instance (eg 'lemmy.ml')."; + }; + + options.port = mkOption { + type = types.port; + default = 8536; + description = "Port where lemmy should listen for incoming requests."; + }; + + options.federation = { + enabled = mkEnableOption "activitypub federation"; + }; + + options.captcha = { + enabled = mkOption { + type = types.bool; + default = true; + description = "Enable Captcha."; + }; + difficulty = mkOption { + type = types.enum [ "easy" "medium" "hard" ]; + default = "medium"; + description = "The difficultly of the captcha to solve."; + }; + }; + + options.database.createLocally = mkEnableOption "creation of database on the instance"; + + }; + }; + + }; + + config = + let + localPostgres = (cfg.settings.database.host == "localhost" || cfg.settings.database.host == "/run/postgresql"); + in + lib.mkIf cfg.enable { + services.lemmy.settings = (mapAttrs (name: mkDefault) + { + bind = "127.0.0.1"; + tls_enabled = true; + pictrs_url = with config.services.pict-rs; "http://${address}:${toString port}"; + actor_name_max_length = 20; + + rate_limit.message = 180; + rate_limit.message_per_second = 60; + rate_limit.post = 6; + rate_limit.post_per_second = 600; + rate_limit.register = 3; + rate_limit.register_per_second = 3600; + rate_limit.image = 6; + rate_limit.image_per_second = 3600; + } // { + database = mapAttrs (name: mkDefault) { + user = "lemmy"; + host = "/run/postgresql"; + port = 5432; + database = "lemmy"; + pool_size = 5; + }; + }); + + services.postgresql = mkIf localPostgres { + enable = mkDefault true; + }; + + services.pict-rs.enable = true; + + services.caddy = mkIf cfg.caddy.enable { + enable = mkDefault true; + virtualHosts."${cfg.settings.hostname}" = { + extraConfig = '' + handle_path /static/* { + root * ${pkgs.lemmy-ui}/dist + file_server + } + @for_backend { + path /api/* /pictrs/* feeds/* nodeinfo/* + } + handle @for_backend { + reverse_proxy 127.0.0.1:${toString cfg.settings.port} + } + @post { + method POST + } + handle @post { + reverse_proxy 127.0.0.1:${toString cfg.settings.port} + } + @jsonld { + header Accept "application/activity+json" + header Accept "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"" + } + handle @jsonld { + reverse_proxy 127.0.0.1:${toString cfg.settings.port} + } + handle { + reverse_proxy 127.0.0.1:${toString cfg.ui.port} + } + ''; + }; + }; + + assertions = [{ + assertion = cfg.settings.database.createLocally -> localPostgres; + message = "if you want to create the database locally, you need to use a local database"; + }]; + + systemd.services.lemmy = { + description = "Lemmy server"; + + environment = { + LEMMY_CONFIG_LOCATION = "/run/lemmy/config.hjson"; + + # Verify how this is used, and don't put the password in the nix store + LEMMY_DATABASE_URL = with cfg.settings.database;"postgres:///${database}?host=${host}"; + }; + + documentation = [ + "https://join-lemmy.org/docs/en/administration/from_scratch.html" + "https://join-lemmy.org/docs" + ]; + + wantedBy = [ "multi-user.target" ]; + + after = [ "pict-rs.service " ] ++ lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ]; + + requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ]; + + # script is needed here since loadcredential is not accessible on ExecPreStart + script = '' + ${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson + jwtSecret="$(< $CREDENTIALS_DIRECTORY/jwt_secret )" + ${pkgs.jq}/bin/jq ".jwt_secret = \"$jwtSecret\"" /run/lemmy/config.hjson | ${pkgs.moreutils}/bin/sponge /run/lemmy/config.hjson + ${pkgs.lemmy-server}/bin/lemmy_server + ''; + + serviceConfig = { + DynamicUser = true; + RuntimeDirectory = "lemmy"; + LoadCredential = "jwt_secret:${cfg.jwtSecretPath}"; + }; + }; + + systemd.services.lemmy-ui = { + description = "Lemmy ui"; + + environment = { + LEMMY_UI_HOST = "127.0.0.1:${toString cfg.ui.port}"; + LEMMY_INTERNAL_HOST = "127.0.0.1:${toString cfg.settings.port}"; + LEMMY_EXTERNAL_HOST = cfg.settings.hostname; + LEMMY_HTTPS = "false"; + }; + + documentation = [ + "https://join-lemmy.org/docs/en/administration/from_scratch.html" + "https://join-lemmy.org/docs" + ]; + + wantedBy = [ "multi-user.target" ]; + + after = [ "lemmy.service" ]; + + requires = [ "lemmy.service" ]; + + serviceConfig = { + DynamicUser = true; + WorkingDirectory = "${pkgs.lemmy-ui}"; + ExecStart = "${pkgs.nodejs}/bin/node ${pkgs.lemmy-ui}/dist/js/server.js"; + }; + }; + + systemd.services.lemmy-postgresql = mkIf cfg.settings.database.createLocally { + description = "Lemmy postgresql db"; + after = [ "postgresql.service" ]; + bindsTo = [ "postgresql.service" ]; + requiredBy = [ "lemmy.service" ]; + partOf = [ "lemmy.service" ]; + script = with cfg.settings.database; '' + PSQL() { + ${config.services.postgresql.package}/bin/psql --port=${toString cfg.settings.database.port} "$@" + } + # check if the database already exists + if ! PSQL -lqt | ${pkgs.coreutils}/bin/cut -d \| -f 1 | ${pkgs.gnugrep}/bin/grep -qw ${database} ; then + PSQL -tAc "CREATE ROLE ${user} WITH LOGIN;" + PSQL -tAc "CREATE DATABASE ${database} WITH OWNER ${user};" + fi + ''; + serviceConfig = { + User = config.services.postgresql.superUser; + Type = "oneshot"; + RemainAfterExit = true; + }; + }; + }; + +} diff --git a/nixpkgs/nixos/modules/services/web-apps/lemmy.xml b/nixpkgs/nixos/modules/services/web-apps/lemmy.xml new file mode 100644 index 000000000000..0be9fb8aefa9 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/lemmy.xml @@ -0,0 +1,56 @@ +<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-lemmy"> + <title>Lemmy</title> + <para> + Lemmy is a federated alternative to reddit in rust. + </para> + <section xml:id="module-services-lemmy-quickstart"> + <title>Quickstart</title> + <para> + the minimum to start lemmy is + </para> + <programlisting language="bash"> +services.lemmy = { + enable = true; + settings = { + hostname = "lemmy.union.rocks"; + database.createLocally = true; + }; + jwtSecretPath = "/run/secrets/lemmyJwt"; + caddy.enable = true; +} +</programlisting> + <para> + (note that you can use something like agenix to get your secret + jwt to the specified path) + </para> + <para> + this will start the backend on port 8536 and the frontend on port + 1234. It will expose your instance with a caddy reverse proxy to + the hostname you’ve provided. Postgres will be initialized on that + same instance automatically. + </para> + </section> + <section xml:id="module-services-lemmy-usage"> + <title>Usage</title> + <para> + On first connection you will be asked to define an admin user. + </para> + </section> + <section xml:id="module-services-lemmy-missing"> + <title>Missing</title> + <itemizedlist spacing="compact"> + <listitem> + <para> + Exposing with nginx is not implemented yet. + </para> + </listitem> + <listitem> + <para> + This has been tested using a local database with a unix socket + connection. Using different database settings will likely + require modifications + </para> + </listitem> + </itemizedlist> + </section> +</chapter> diff --git a/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix b/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix index 56265e80957e..5ccd742a303b 100644 --- a/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix @@ -3,7 +3,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; - inherit (lib) literalExample mapAttrs optional optionalString types; + inherit (lib) literalExpression mapAttrs optional optionalString types; cfg = config.services.limesurvey; fpm = config.services.phpfpm.pools.limesurvey; @@ -51,7 +51,7 @@ in port = mkOption { type = types.int; default = if cfg.database.type == "pgsql" then 5442 else 3306; - defaultText = "3306"; + defaultText = literalExpression "3306"; description = "Database host port."; }; @@ -84,14 +84,14 @@ in else if pgsqlLocal then "/run/postgresql" else null ; - defaultText = "/run/mysqld/mysqld.sock"; + defaultText = literalExpression "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = cfg.database.type == "mysql"; - defaultText = "true"; + defaultText = literalExpression "true"; description = '' Create the database and database user locally. This currently only applies if database type "mysql" is selected. @@ -101,7 +101,7 @@ in virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); - example = literalExample '' + example = literalExpression '' { hostName = "survey.example.org"; adminAddr = "webmaster@example.org"; diff --git a/nixpkgs/nixos/modules/services/web-apps/mastodon.nix b/nixpkgs/nixos/modules/services/web-apps/mastodon.nix index 5bda7d5a5dd2..d3790d8b1760 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mastodon.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mastodon.nix @@ -399,7 +399,7 @@ in { package = lib.mkOption { type = lib.types.package; default = pkgs.mastodon; - defaultText = "pkgs.mastodon"; + defaultText = lib.literalExpression "pkgs.mastodon"; description = "Mastodon package to use."; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/matomo.nix b/nixpkgs/nixos/modules/services/web-apps/matomo.nix index 79a0354e22b4..b0d281cfb6ed 100644 --- a/nixpkgs/nixos/modules/services/web-apps/matomo.nix +++ b/nixpkgs/nixos/modules/services/web-apps/matomo.nix @@ -48,7 +48,7 @@ in { as they don't get backported if they are not security-relevant. ''; default = pkgs.matomo; - defaultText = "pkgs.matomo"; + defaultText = literalExpression "pkgs.matomo"; }; webServerUser = mkOption { @@ -100,13 +100,15 @@ in { ) ); default = null; - example = { - serverAliases = [ - "matomo.\${config.networking.domain}" - "stats.\${config.networking.domain}" - ]; - enableACME = false; - }; + example = literalExpression '' + { + serverAliases = [ + "matomo.''${config.networking.domain}" + "stats.''${config.networking.domain}" + ]; + enableACME = false; + } + ''; description = '' With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo. Either this option or the webServerUser option is mandatory. diff --git a/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix b/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix index 1db1652022a3..977b6f60b230 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix @@ -3,7 +3,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; - inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types; + inherit (lib) concatStringsSep literalExpression mapAttrsToList optional optionals optionalString types; cfg = config.services.mediawiki; fpm = config.services.phpfpm.pools.mediawiki; @@ -176,6 +176,7 @@ in package = mkOption { type = types.package; default = pkgs.mediawiki; + defaultText = literalExpression "pkgs.mediawiki"; description = "Which MediaWiki package to use."; }; @@ -219,7 +220,7 @@ in Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki. ''; - example = literalExample '' + example = literalExpression '' { Matomo = pkgs.fetchzip { url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz"; @@ -286,14 +287,14 @@ in socket = mkOption { type = types.nullOr types.path; default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null; - defaultText = "/run/mysqld/mysqld.sock"; + defaultText = literalExpression "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = cfg.database.type == "mysql"; - defaultText = "true"; + defaultText = literalExpression "true"; description = '' Create the database and database user locally. This currently only applies if database type "mysql" is selected. @@ -303,7 +304,7 @@ in virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); - example = literalExample '' + example = literalExpression '' { hostName = "mediawiki.example.org"; adminAddr = "webmaster@example.org"; diff --git a/nixpkgs/nixos/modules/services/web-apps/miniflux.nix b/nixpkgs/nixos/modules/services/web-apps/miniflux.nix index 1bbadafa2078..026bde2a92df 100644 --- a/nixpkgs/nixos/modules/services/web-apps/miniflux.nix +++ b/nixpkgs/nixos/modules/services/web-apps/miniflux.nix @@ -35,7 +35,7 @@ in config = mkOption { type = types.attrsOf types.str; - example = literalExample '' + example = literalExpression '' { CLEANUP_FREQUENCY = "48"; LISTEN_ADDR = "localhost:8080"; diff --git a/nixpkgs/nixos/modules/services/web-apps/moinmoin.nix b/nixpkgs/nixos/modules/services/web-apps/moinmoin.nix index 7a54255a46ef..efb73124a237 100644 --- a/nixpkgs/nixos/modules/services/web-apps/moinmoin.nix +++ b/nixpkgs/nixos/modules/services/web-apps/moinmoin.nix @@ -151,7 +151,7 @@ in webHost = mkDefault name; }; })); - example = literalExample '' + example = literalExpression '' { "mywiki" = { siteName = "Example Wiki"; diff --git a/nixpkgs/nixos/modules/services/web-apps/moodle.nix b/nixpkgs/nixos/modules/services/web-apps/moodle.nix index c854e084e14d..6f5cfa2e3481 100644 --- a/nixpkgs/nixos/modules/services/web-apps/moodle.nix +++ b/nixpkgs/nixos/modules/services/web-apps/moodle.nix @@ -2,7 +2,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types; - inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionalString; + inherit (lib) concatStringsSep literalExpression mapAttrsToList optional optionalString; cfg = config.services.moodle; fpm = config.services.phpfpm.pools.moodle; @@ -67,7 +67,7 @@ in package = mkOption { type = types.package; default = pkgs.moodle; - defaultText = "pkgs.moodle"; + defaultText = literalExpression "pkgs.moodle"; description = "The Moodle package to use."; }; @@ -100,7 +100,7 @@ in mysql = 3306; pgsql = 5432; }.${cfg.database.type}; - defaultText = "3306"; + defaultText = literalExpression "3306"; }; name = mkOption { @@ -131,7 +131,7 @@ in if mysqlLocal then "/run/mysqld/mysqld.sock" else if pgsqlLocal then "/run/postgresql" else null; - defaultText = "/run/mysqld/mysqld.sock"; + defaultText = literalExpression "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; @@ -144,7 +144,7 @@ in virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); - example = literalExample '' + example = literalExpression '' { hostName = "moodle.example.org"; adminAddr = "webmaster@example.org"; diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix index ba5f6582cbec..62ae763b69bc 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix @@ -6,7 +6,9 @@ let cfg = config.services.nextcloud; fpm = config.services.phpfpm.pools.nextcloud; - phpPackage = pkgs.php74.buildEnv { + inherit (cfg) datadir; + + phpPackage = cfg.phpPackage.buildEnv { extensions = { enabled, all }: (with all; enabled @@ -40,7 +42,7 @@ let if [[ "$USER" != nextcloud ]]; then sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' fi - export NEXTCLOUD_CONFIG_DIR="${cfg.home}/config" + export NEXTCLOUD_CONFIG_DIR="${datadir}/config" $sudo \ ${phpPackage}/bin/php \ occ "$@" @@ -51,6 +53,12 @@ let in { imports = [ + (mkRemovedOptionModule [ "services" "nextcloud" "config" "adminpass" ] '' + Please use `services.nextcloud.config.adminpassFile' instead! + '') + (mkRemovedOptionModule [ "services" "nextcloud" "config" "dbpass" ] '' + Please use `services.nextcloud.config.dbpassFile' instead! + '') (mkRemovedOptionModule [ "services" "nextcloud" "nginx" "enable" ] '' The nextcloud module supports `nginx` as reverse-proxy by default and doesn't support other reverse-proxies officially. @@ -79,6 +87,59 @@ in { default = "/var/lib/nextcloud"; description = "Storage path of nextcloud."; }; + datadir = mkOption { + type = types.str; + defaultText = "config.services.nextcloud.home"; + description = '' + Data storage path of nextcloud. Will be <xref linkend="opt-services.nextcloud.home" /> by default. + This folder will be populated with a config.php and data folder which contains the state of the instance (excl the database)."; + ''; + example = "/mnt/nextcloud-file"; + }; + extraApps = mkOption { + type = types.attrsOf types.package; + default = { }; + description = '' + Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp. + The appid must be identical to the "id" value in the apps appinfo/info.xml. + Using this will disable the appstore to prevent Nextcloud from updating these apps (see <xref linkend="opt-services.nextcloud.appstoreEnable" />). + ''; + example = literalExpression '' + { + maps = pkgs.fetchNextcloudApp { + name = "maps"; + sha256 = "007y80idqg6b6zk6kjxg4vgw0z8fsxs9lajnv49vv1zjy6jx2i1i"; + url = "https://github.com/nextcloud/maps/releases/download/v0.1.9/maps-0.1.9.tar.gz"; + version = "0.1.9"; + }; + phonetrack = pkgs.fetchNextcloudApp { + name = "phonetrack"; + sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc"; + url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz"; + version = "0.6.9"; + }; + } + ''; + }; + extraAppsEnable = mkOption { + type = types.bool; + default = true; + description = '' + Automatically enable the apps in <xref linkend="opt-services.nextcloud.extraApps" /> every time nextcloud starts. + If set to false, apps need to be enabled in the Nextcloud user interface or with nextcloud-occ app:enable. + ''; + }; + appstoreEnable = mkOption { + type = types.nullOr types.bool; + default = null; + example = true; + description = '' + Allow the installation of apps and app updates from the store. + Enabled by default unless there are packages in <xref linkend="opt-services.nextcloud.extraApps" />. + Set to true to force enable the store even if <xref linkend="opt-services.nextcloud.extraApps" /> is used. + Set to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting. + ''; + }; logLevel = mkOption { type = types.ints.between 0 4; default = 2; @@ -94,6 +155,14 @@ in { description = "Which package to use for the Nextcloud instance."; relatedPackages = [ "nextcloud20" "nextcloud21" "nextcloud22" ]; }; + phpPackage = mkOption { + type = types.package; + relatedPackages = [ "php74" "php80" ]; + defaultText = "pkgs.php"; + description = '' + PHP package to use for Nextcloud. + ''; + }; maxUploadSize = mkOption { default = "512M"; @@ -126,14 +195,14 @@ in { phpExtraExtensions = mkOption { type = with types; functionTo (listOf package); default = all: []; - defaultText = "all: []"; + defaultText = literalExpression "all: []"; description = '' Additional PHP extensions to use for nextcloud. By default, only extensions necessary for a vanilla nextcloud installation are enabled, but you may choose from the list of available extensions and add further ones. This is sometimes necessary to be able to install a certain nextcloud app that has additional requirements. ''; - example = literalExample '' + example = literalExpression '' all: [ all.pdlib all.bz2 ] ''; }; @@ -198,14 +267,6 @@ in { default = "nextcloud"; description = "Database user."; }; - dbpass = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Database password. Use <literal>dbpassFile</literal> to avoid this - being world-readable in the <literal>/nix/store</literal>. - ''; - }; dbpassFile = mkOption { type = types.nullOr types.str; default = null; @@ -238,17 +299,8 @@ in { default = "root"; description = "Admin username."; }; - adminpass = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Admin password. Use <literal>adminpassFile</literal> to avoid this - being world-readable in the <literal>/nix/store</literal>. - ''; - }; adminpassFile = mkOption { - type = types.nullOr types.str; - default = null; + type = types.str; description = '' The full path to a file that contains the admin's password. Must be readable by user <literal>nextcloud</literal>. @@ -304,14 +356,98 @@ in { phone-numbers. ''; }; + + objectstore = { + s3 = { + enable = mkEnableOption '' + S3 object storage as primary storage. + + This mounts a bucket on an Amazon S3 object storage or compatible + implementation into the virtual filesystem. + + Further details about this feature can be found in the + <link xlink:href="https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html">upstream documentation</link>. + ''; + bucket = mkOption { + type = types.str; + example = "nextcloud"; + description = '' + The name of the S3 bucket. + ''; + }; + autocreate = mkOption { + type = types.bool; + description = '' + Create the objectstore if it does not exist. + ''; + }; + key = mkOption { + type = types.str; + example = "EJ39ITYZEUH5BGWDRUFY"; + description = '' + The access key for the S3 bucket. + ''; + }; + secretFile = mkOption { + type = types.str; + example = "/var/nextcloud-objectstore-s3-secret"; + description = '' + The full path to a file that contains the access secret. Must be + readable by user <literal>nextcloud</literal>. + ''; + }; + hostname = mkOption { + type = types.nullOr types.str; + default = null; + example = "example.com"; + description = '' + Required for some non-Amazon implementations. + ''; + }; + port = mkOption { + type = types.nullOr types.port; + default = null; + description = '' + Required for some non-Amazon implementations. + ''; + }; + useSsl = mkOption { + type = types.bool; + default = true; + description = '' + Use SSL for objectstore access. + ''; + }; + region = mkOption { + type = types.nullOr types.str; + default = null; + example = "REGION"; + description = '' + Required for some non-Amazon implementations. + ''; + }; + usePathStyle = mkOption { + type = types.bool; + default = false; + description = '' + Required for some non-Amazon S3 implementations. + + Ordinarily, requests will be made with + <literal>http://bucket.hostname.domain/</literal>, but with path style + enabled requests are made with + <literal>http://hostname.domain/bucket</literal> instead. + ''; + }; + }; + }; }; enableImagemagick = mkEnableOption '' - Whether to load the ImageMagick module into PHP. + the ImageMagick module for PHP. This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). You may want to disable it for increased security. In that case, previews will still be available for some images (e.g. JPEG and PNG). - See https://github.com/nextcloud/server/issues/13099 + See <link xlink:href="https://github.com/nextcloud/server/issues/13099" />. '' // { default = true; }; @@ -372,13 +508,6 @@ in { config = mkIf cfg.enable (mkMerge [ { assertions = let acfg = cfg.config; in [ - { assertion = !(acfg.dbpass != null && acfg.dbpassFile != null); - message = "Please specify no more than one of dbpass or dbpassFile"; - } - { assertion = ((acfg.adminpass != null || acfg.adminpassFile != null) - && !(acfg.adminpass != null && acfg.adminpassFile != null)); - message = "Please specify exactly one of adminpass or adminpassFile"; - } { assertion = versionOlder cfg.package.version "21" -> cfg.config.defaultPhoneRegion == null; message = "The `defaultPhoneRegion'-setting is only supported for Nextcloud >=21!"; } @@ -399,13 +528,39 @@ in { The package can be upgraded by explicitly declaring the service-option `services.nextcloud.package`. ''; + + # FIXME(@Ma27) remove as soon as nextcloud properly supports + # mariadb >=10.6. + isUnsupportedMariadb = + # All currently supported Nextcloud versions are affected. + (versionOlder cfg.package.version "23") + # This module uses mysql + && (cfg.config.dbtype == "mysql") + # MySQL is managed via NixOS + && config.services.mysql.enable + # We're using MariaDB + && (getName config.services.mysql.package) == "mariadb-server" + # MariaDB is at least 10.6 and thus not supported + && (versionAtLeast (getVersion config.services.mysql.package) "10.6"); + in (optional (cfg.poolConfig != null) '' Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.nextcloud.poolSettings. '') ++ (optional (versionOlder cfg.package.version "20") (upgradeWarning 19 "21.05")) ++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05")) - ++ (optional (versionOlder cfg.package.version "22") (upgradeWarning 21 "21.11")); + ++ (optional (versionOlder cfg.package.version "22") (upgradeWarning 21 "21.11")) + ++ (optional isUnsupportedMariadb '' + You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)! + Please note that this isn't supported officially by Nextcloud. You can either + + * Switch to `pkgs.mysql` + * Downgrade MariaDB to at least 10.5 + * Work around Nextcloud's problems by specifying `innodb_read_only_compressed=0` + + For further context, please read + https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/15 + ''); services.nextcloud.package = with pkgs; mkDefault ( @@ -423,6 +578,12 @@ in { else if versionOlder stateVersion "21.11" then nextcloud21 else nextcloud22 ); + + services.nextcloud.datadir = mkOptionDefault config.services.nextcloud.home; + + services.nextcloud.phpPackage = + if versionOlder cfg.package.version "21" then pkgs.php74 + else pkgs.php80; } { systemd.timers.nextcloud-cron = { @@ -441,14 +602,39 @@ in { nextcloud-setup = let c = cfg.config; writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; + requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; + objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable '' + 'objectstore' => [ + 'class' => '\\OC\\Files\\ObjectStore\\S3', + 'arguments' => [ + 'bucket' => '${s3.bucket}', + 'autocreate' => ${boolToString s3.autocreate}, + 'key' => '${s3.key}', + 'secret' => nix_read_secret('${s3.secretFile}'), + ${optionalString (s3.hostname != null) "'hostname' => '${s3.hostname}',"} + ${optionalString (s3.port != null) "'port' => ${toString s3.port},"} + 'use_ssl' => ${boolToString s3.useSsl}, + ${optionalString (s3.region != null) "'region' => '${s3.region}',"} + 'use_path_style' => ${boolToString s3.usePathStyle}, + ], + ] + ''; + + showAppStoreSetting = cfg.appstoreEnable != null || cfg.extraApps != {}; + renderedAppStoreSetting = + let + x = cfg.appstoreEnable; + in + if x == null then "false" + else boolToString x; + overrideConfig = pkgs.writeText "nextcloud-config.php" '' <?php - ${optionalString (c.dbpassFile != null) '' - function nix_read_pwd() { - $file = "${c.dbpassFile}"; + ${optionalString requiresReadSecretFunction '' + function nix_read_secret($file) { if (!file_exists($file)) { throw new \RuntimeException(sprintf( - "Cannot start Nextcloud, dbpass file %s set by NixOS doesn't seem to " + "Cannot start Nextcloud, secret file %s set by NixOS doesn't seem to " . "exist! Please make sure that the file exists and has appropriate " . "permissions for user & group 'nextcloud'!", $file @@ -460,10 +646,12 @@ in { ''} $CONFIG = [ 'apps_paths' => [ + ${optionalString (cfg.extraApps != { }) "[ 'path' => '${cfg.home}/nix-apps', 'url' => '/nix-apps', 'writable' => false ],"} [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], [ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ], ], - 'datadirectory' => '${cfg.home}/data', + ${optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"} + 'datadirectory' => '${datadir}/data', 'skeletondirectory' => '${cfg.skeletonDirectory}', ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} 'log_type' => 'syslog', @@ -474,23 +662,26 @@ in { ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"} ${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"} ${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"} - ${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"} - ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"} + ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_secret('${c.dbpassFile}'),"} 'dbtype' => '${c.dbtype}', 'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)}, 'trusted_proxies' => ${writePhpArrary (c.trustedProxies)}, ${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"} + ${objectstoreConfig} ]; ''; occInstallCmd = let - dbpass = if c.dbpassFile != null - then ''"$(<"${toString c.dbpassFile}")"'' - else if c.dbpass != null - then ''"${toString c.dbpass}"'' - else ''""''; - adminpass = if c.adminpassFile != null - then ''"$(<"${toString c.adminpassFile}")"'' - else ''"${toString c.adminpass}"''; + mkExport = { arg, value }: "export ${arg}=${value}"; + dbpass = { + arg = "DBPASS"; + value = if c.dbpassFile != null + then ''"$(<"${toString c.dbpassFile}")"'' + else ''""''; + }; + adminpass = { + arg = "ADMINPASS"; + value = ''"$(<"${toString c.adminpassFile}")"''; + }; installFlags = concatStringsSep " \\\n " (mapAttrsToList (k: v: "${k} ${toString v}") { "--database" = ''"${c.dbtype}"''; @@ -501,12 +692,14 @@ in { ${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"''; ${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"''; ${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"''; - "--database-pass" = dbpass; + "--database-pass" = "\$${dbpass.arg}"; "--admin-user" = ''"${c.adminuser}"''; - "--admin-pass" = adminpass; - "--data-dir" = ''"${cfg.home}/data"''; + "--admin-pass" = "\$${adminpass.arg}"; + "--data-dir" = ''"${datadir}/data"''; }); in '' + ${mkExport dbpass} + ${mkExport adminpass} ${occ}/bin/nextcloud-occ maintenance:install \ ${installFlags} ''; @@ -533,22 +726,26 @@ in { exit 1 fi ''} - ${optionalString (c.adminpassFile != null) '' - if [ ! -r "${c.adminpassFile}" ]; then - echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..." - exit 1 - fi - if [ -z "$(<${c.adminpassFile})" ]; then - echo "adminpassFile ${c.adminpassFile} is empty!" - exit 1 - fi - ''} + if [ ! -r "${c.adminpassFile}" ]; then + echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..." + exit 1 + fi + if [ -z "$(<${c.adminpassFile})" ]; then + echo "adminpassFile ${c.adminpassFile} is empty!" + exit 1 + fi ln -sf ${cfg.package}/apps ${cfg.home}/ + # Install extra apps + ln -sfT \ + ${pkgs.linkFarm "nix-apps" + (mapAttrsToList (name: path: { inherit name path; }) cfg.extraApps)} \ + ${cfg.home}/nix-apps + # create nextcloud directories. # if the directories exist already with wrong permissions, we fix that - for dir in ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps; do + for dir in ${datadir}/config ${datadir}/data ${cfg.home}/store-apps ${cfg.home}/nix-apps; do if [ ! -e $dir ]; then install -o nextcloud -g nextcloud -d $dir elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then @@ -556,23 +753,29 @@ in { fi done - ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php + ln -sf ${overrideConfig} ${datadir}/config/override.config.php # Do not install if already installed - if [[ ! -e ${cfg.home}/config/config.php ]]; then + if [[ ! -e ${datadir}/config/config.php ]]; then ${occInstallCmd} fi ${occ}/bin/nextcloud-occ upgrade ${occ}/bin/nextcloud-occ config:system:delete trusted_domains + + ${optionalString (cfg.extraAppsEnable && cfg.extraApps != { }) '' + # Try to enable apps (don't fail when one of them cannot be enabled , eg. due to incompatible version) + ${occ}/bin/nextcloud-occ app:enable ${concatStringsSep " " (attrNames cfg.extraApps)} + ''} + ${occSetTrustedDomainsCmd} ''; serviceConfig.Type = "oneshot"; serviceConfig.User = "nextcloud"; }; nextcloud-cron = { - environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; + environment.NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; serviceConfig.Type = "oneshot"; serviceConfig.User = "nextcloud"; serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${cfg.package}/cron.php"; @@ -591,7 +794,7 @@ in { group = "nextcloud"; phpPackage = phpPackage; phpEnv = { - NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; + NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; }; settings = mapAttrs (name: mkDefault) { @@ -641,6 +844,10 @@ in { priority = 201; extraConfig = "root ${cfg.home};"; }; + "~ ^/nix-apps" = { + priority = 201; + extraConfig = "root ${cfg.home};"; + }; "^~ /.well-known" = { priority = 210; extraConfig = '' diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.xml b/nixpkgs/nixos/modules/services/web-apps/nextcloud.xml index ed84487d233a..9d9cb8dfb3f2 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.xml @@ -237,6 +237,12 @@ Some apps may require extra PHP extensions to be installed. This can be configured with the <xref linkend="opt-services.nextcloud.phpExtraExtensions" /> setting. </para> + + <para> + Alternatively, extra apps can also be declared with the <xref linkend="opt-services.nextcloud.extraApps" /> setting. + When using this setting, apps can no longer be managed statefully because this can lead to Nextcloud updating apps + that are managed by Nix. If you want automatic updates it is recommended that you use web interface to install apps. + </para> </section> <section xml:id="module-services-nextcloud-maintainer-info"> diff --git a/nixpkgs/nixos/modules/services/web-apps/nexus.nix b/nixpkgs/nixos/modules/services/web-apps/nexus.nix index d4d507362c97..dc50a06705f3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nexus.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nexus.nix @@ -16,6 +16,7 @@ in package = mkOption { type = types.package; default = pkgs.nexus; + defaultText = literalExpression "pkgs.nexus"; description = "Package which runs Nexus3"; }; @@ -70,6 +71,27 @@ in -Dkaraf.startLocalConsole=false -Djava.endorsed.dirs=${cfg.package}/lib/endorsed ''; + defaultText = literalExpression '' + ''' + -Xms1200M + -Xmx1200M + -XX:MaxDirectMemorySize=2G + -XX:+UnlockDiagnosticVMOptions + -XX:+UnsyncloadClass + -XX:+LogVMOutput + -XX:LogFile=''${home}/nexus3/log/jvm.log + -XX:-OmitStackTraceInFastThrow + -Djava.net.preferIPv4Stack=true + -Dkaraf.home=''${package} + -Dkaraf.base=''${package} + -Dkaraf.etc=''${package}/etc/karaf + -Djava.util.logging.config.file=''${package}/etc/karaf/java.util.logging.properties + -Dkaraf.data=''${home}/nexus3 + -Djava.io.tmpdir=''${home}/nexus3/tmp + -Dkaraf.startLocalConsole=false + -Djava.endorsed.dirs=''${package}/lib/endorsed + ''' + ''; description = '' Options for the JVM written to `nexus.jvmopts`. diff --git a/nixpkgs/nixos/modules/services/web-apps/node-red.nix b/nixpkgs/nixos/modules/services/web-apps/node-red.nix index 400790576d67..4512907f027b 100644 --- a/nixpkgs/nixos/modules/services/web-apps/node-red.nix +++ b/nixpkgs/nixos/modules/services/web-apps/node-red.nix @@ -21,7 +21,7 @@ in package = mkOption { default = pkgs.nodePackages.node-red; - defaultText = "pkgs.nodePackages.node-red"; + defaultText = literalExpression "pkgs.nodePackages.node-red"; type = types.package; description = "Node-RED package to use."; }; @@ -46,7 +46,7 @@ in configFile = mkOption { type = types.path; default = "${cfg.package}/lib/node_modules/node-red/settings.js"; - defaultText = "\${cfg.package}/lib/node_modules/node-red/settings.js"; + defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/settings.js"''; description = '' Path to the JavaScript configuration file. See <link @@ -102,7 +102,7 @@ in type = types.attrs; default = {}; description = "List of settings.js overrides to pass via -D to Node-RED."; - example = literalExample '' + example = literalExpression '' { "logging.console.level" = "trace"; } diff --git a/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix b/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix index 838fd19ad294..5642627d397d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix +++ b/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix @@ -21,7 +21,7 @@ in package = mkOption { default = pkgs.pgpkeyserver-lite; - defaultText = "pkgs.pgpkeyserver-lite"; + defaultText = literalExpression "pkgs.pgpkeyserver-lite"; type = types.package; description = " Which webgui derivation to use. diff --git a/nixpkgs/nixos/modules/services/web-apps/pict-rs.md b/nixpkgs/nixos/modules/services/web-apps/pict-rs.md new file mode 100644 index 000000000000..4b622049909d --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/pict-rs.md @@ -0,0 +1,88 @@ +# Pict-rs {#module-services-pict-rs} + +pict-rs is a a simple image hosting service. + +## Quickstart {#module-services-pict-rs-quickstart} + +the minimum to start pict-rs is + +```nix +services.pict-rs.enable = true; +``` + +this will start the http server on port 8080 by default. + +## Usage {#module-services-pict-rs-usage} + +pict-rs offers the following endpoints: +- `POST /image` for uploading an image. Uploaded content must be valid multipart/form-data with an + image array located within the `images[]` key + + This endpoint returns the following JSON structure on success with a 201 Created status + ```json + { + "files": [ + { + "delete_token": "JFvFhqJA98", + "file": "lkWZDRvugm.jpg" + }, + { + "delete_token": "kAYy9nk2WK", + "file": "8qFS0QooAn.jpg" + }, + { + "delete_token": "OxRpM3sf0Y", + "file": "1hJaYfGE01.jpg" + } + ], + "msg": "ok" + } + ``` +- `GET /image/download?url=...` Download an image from a remote server, returning the same JSON + payload as the `POST` endpoint +- `GET /image/original/{file}` for getting a full-resolution image. `file` here is the `file` key from the + `/image` endpoint's JSON +- `GET /image/details/original/{file}` for getting the details of a full-resolution image. + The returned JSON is structured like so: + ```json + { + "width": 800, + "height": 537, + "content_type": "image/webp", + "created_at": [ + 2020, + 345, + 67376, + 394363487 + ] + } + ``` +- `GET /image/process.{ext}?src={file}&...` get a file with transformations applied. + existing transformations include + - `identity=true`: apply no changes + - `blur={float}`: apply a gaussian blur to the file + - `thumbnail={int}`: produce a thumbnail of the image fitting inside an `{int}` by `{int}` + square using raw pixel sampling + - `resize={int}`: produce a thumbnail of the image fitting inside an `{int}` by `{int}` square + using a Lanczos2 filter. This is slower than sampling but looks a bit better in some cases + - `crop={int-w}x{int-h}`: produce a cropped version of the image with an `{int-w}` by `{int-h}` + aspect ratio. The resulting crop will be centered on the image. Either the width or height + of the image will remain full-size, depending on the image's aspect ratio and the requested + aspect ratio. For example, a 1600x900 image cropped with a 1x1 aspect ratio will become 900x900. A + 1600x1100 image cropped with a 16x9 aspect ratio will become 1600x900. + + Supported `ext` file extensions include `png`, `jpg`, and `webp` + + An example of usage could be + ``` + GET /image/process.jpg?src=asdf.png&thumbnail=256&blur=3.0 + ``` + which would create a 256x256px JPEG thumbnail and blur it +- `GET /image/details/process.{ext}?src={file}&...` for getting the details of a processed image. + The returned JSON is the same format as listed for the full-resolution details endpoint. +- `DELETE /image/delete/{delete_token}/{file}` or `GET /image/delete/{delete_token}/{file}` to + delete a file, where `delete_token` and `file` are from the `/image` endpoint's JSON + +## Missing {#module-services-pict-rs-missing} + +- Configuring the secure-api-key is not included yet. The envisioned basic use case is consumption on localhost by other services without exposing the service to the internet. diff --git a/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix b/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix new file mode 100644 index 000000000000..e1847fbd5314 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix @@ -0,0 +1,50 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.services.pict-rs; +in +{ + meta.maintainers = with maintainers; [ happysalada ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc pict-rs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > pict-rs.xml` + meta.doc = ./pict-rs.xml; + + options.services.pict-rs = { + enable = mkEnableOption "pict-rs server"; + dataDir = mkOption { + type = types.path; + default = "/var/lib/pict-rs"; + description = '' + The directory where to store the uploaded images. + ''; + }; + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + The IPv4 address to deploy the service to. + ''; + }; + port = mkOption { + type = types.port; + default = 8080; + description = '' + The port which to bind the service to. + ''; + }; + }; + config = lib.mkIf cfg.enable { + systemd.services.pict-rs = { + environment = { + PICTRS_PATH = cfg.dataDir; + PICTRS_ADDR = "${cfg.address}:${toString cfg.port}"; + }; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + StateDirectory = "pict-rs"; + ExecStart = "${pkgs.pict-rs}/bin/pict-rs"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/pict-rs.xml b/nixpkgs/nixos/modules/services/web-apps/pict-rs.xml new file mode 100644 index 000000000000..bf129f5cc2ac --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/pict-rs.xml @@ -0,0 +1,162 @@ +<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-pict-rs"> + <title>Pict-rs</title> + <para> + pict-rs is a a simple image hosting service. + </para> + <section xml:id="module-services-pict-rs-quickstart"> + <title>Quickstart</title> + <para> + the minimum to start pict-rs is + </para> + <programlisting language="bash"> +services.pict-rs.enable = true; +</programlisting> + <para> + this will start the http server on port 8080 by default. + </para> + </section> + <section xml:id="module-services-pict-rs-usage"> + <title>Usage</title> + <para> + pict-rs offers the following endpoints: - + <literal>POST /image</literal> for uploading an image. Uploaded + content must be valid multipart/form-data with an image array + located within the <literal>images[]</literal> key + </para> + <programlisting> +This endpoint returns the following JSON structure on success with a 201 Created status +```json +{ + "files": [ + { + "delete_token": "JFvFhqJA98", + "file": "lkWZDRvugm.jpg" + }, + { + "delete_token": "kAYy9nk2WK", + "file": "8qFS0QooAn.jpg" + }, + { + "delete_token": "OxRpM3sf0Y", + "file": "1hJaYfGE01.jpg" + } + ], + "msg": "ok" +} +``` +</programlisting> + <itemizedlist> + <listitem> + <para> + <literal>GET /image/download?url=...</literal> Download an + image from a remote server, returning the same JSON payload as + the <literal>POST</literal> endpoint + </para> + </listitem> + <listitem> + <para> + <literal>GET /image/original/{file}</literal> for getting a + full-resolution image. <literal>file</literal> here is the + <literal>file</literal> key from the <literal>/image</literal> + endpoint’s JSON + </para> + </listitem> + <listitem> + <para> + <literal>GET /image/details/original/{file}</literal> for + getting the details of a full-resolution image. The returned + JSON is structured like so: + <literal>json { "width": 800, "height": 537, "content_type": "image/webp", "created_at": [ 2020, 345, 67376, 394363487 ] }</literal> + </para> + </listitem> + <listitem> + <para> + <literal>GET /image/process.{ext}?src={file}&...</literal> + get a file with transformations applied. existing + transformations include + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>identity=true</literal>: apply no changes + </para> + </listitem> + <listitem> + <para> + <literal>blur={float}</literal>: apply a gaussian blur to + the file + </para> + </listitem> + <listitem> + <para> + <literal>thumbnail={int}</literal>: produce a thumbnail of + the image fitting inside an <literal>{int}</literal> by + <literal>{int}</literal> square using raw pixel sampling + </para> + </listitem> + <listitem> + <para> + <literal>resize={int}</literal>: produce a thumbnail of + the image fitting inside an <literal>{int}</literal> by + <literal>{int}</literal> square using a Lanczos2 filter. + This is slower than sampling but looks a bit better in + some cases + </para> + </listitem> + <listitem> + <para> + <literal>crop={int-w}x{int-h}</literal>: produce a cropped + version of the image with an <literal>{int-w}</literal> by + <literal>{int-h}</literal> aspect ratio. The resulting + crop will be centered on the image. Either the width or + height of the image will remain full-size, depending on + the image’s aspect ratio and the requested aspect ratio. + For example, a 1600x900 image cropped with a 1x1 aspect + ratio will become 900x900. A 1600x1100 image cropped with + a 16x9 aspect ratio will become 1600x900. + </para> + </listitem> + </itemizedlist> + <para> + Supported <literal>ext</literal> file extensions include + <literal>png</literal>, <literal>jpg</literal>, and + <literal>webp</literal> + </para> + <para> + An example of usage could be + <literal>GET /image/process.jpg?src=asdf.png&thumbnail=256&blur=3.0</literal> + which would create a 256x256px JPEG thumbnail and blur it + </para> + </listitem> + <listitem> + <para> + <literal>GET /image/details/process.{ext}?src={file}&...</literal> + for getting the details of a processed image. The returned + JSON is the same format as listed for the full-resolution + details endpoint. + </para> + </listitem> + <listitem> + <para> + <literal>DELETE /image/delete/{delete_token}/{file}</literal> + or <literal>GET /image/delete/{delete_token}/{file}</literal> + to delete a file, where <literal>delete_token</literal> and + <literal>file</literal> are from the <literal>/image</literal> + endpoint’s JSON + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="module-services-pict-rs-missing"> + <title>Missing</title> + <itemizedlist spacing="compact"> + <listitem> + <para> + Configuring the secure-api-key is not included yet. The + envisioned basic use case is consumption on localhost by other + services without exposing the service to the internet. + </para> + </listitem> + </itemizedlist> + </section> +</chapter> diff --git a/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix b/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix index a39f594c274c..5ac3bc5226b2 100644 --- a/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix @@ -16,6 +16,7 @@ in package = mkOption { type = types.package; default = pkgs.plantuml-server; + defaultText = literalExpression "pkgs.plantuml-server"; description = "PlantUML server package to use"; }; @@ -58,6 +59,7 @@ in graphvizPackage = mkOption { type = types.package; default = pkgs.graphviz_2_32; + defaultText = literalExpression "pkgs.graphviz_2_32"; description = "Package containing the dot executable."; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/restya-board.nix b/nixpkgs/nixos/modules/services/web-apps/restya-board.nix index 9d0a3f65253e..fd97ab76a5f6 100644 --- a/nixpkgs/nixos/modules/services/web-apps/restya-board.nix +++ b/nixpkgs/nixos/modules/services/web-apps/restya-board.nix @@ -30,7 +30,6 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/restya-board"; - example = "/var/lib/restya-board"; description = '' Data of the application. ''; @@ -39,7 +38,6 @@ in user = mkOption { type = types.str; default = "restya-board"; - example = "restya-board"; description = '' User account under which the web-application runs. ''; @@ -48,7 +46,6 @@ in group = mkOption { type = types.str; default = "nginx"; - example = "nginx"; description = '' Group account under which the web-application runs. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix b/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix index f1d5b7660f32..456ca00416fe 100644 --- a/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix +++ b/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix @@ -16,7 +16,6 @@ in user = mkOption { type = types.str; default = "nginx"; - example = "nginx"; description = '' User account under which both the service and the web-application run. ''; @@ -25,7 +24,6 @@ in group = mkOption { type = types.str; default = "nginx"; - example = "nginx"; description = '' Group under which the web-application run. ''; @@ -61,7 +59,7 @@ in whitelist = mkOption { type = types.listOf types.str; default = []; - example = options.literalExample '' + example = options.literalExpression '' [ "Facebook" "Instagram" diff --git a/nixpkgs/nixos/modules/services/web-apps/selfoss.nix b/nixpkgs/nixos/modules/services/web-apps/selfoss.nix index d5a660ebf289..899976ac696c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/selfoss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/selfoss.nix @@ -35,7 +35,6 @@ in user = mkOption { type = types.str; default = "nginx"; - example = "nginx"; description = '' User account under which both the service and the web-application run. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/shiori.nix b/nixpkgs/nixos/modules/services/web-apps/shiori.nix index a15bb9744a9c..bb2fc684e83b 100644 --- a/nixpkgs/nixos/modules/services/web-apps/shiori.nix +++ b/nixpkgs/nixos/modules/services/web-apps/shiori.nix @@ -11,7 +11,7 @@ in { package = mkOption { type = types.package; default = pkgs.shiori; - defaultText = "pkgs.shiori"; + defaultText = literalExpression "pkgs.shiori"; description = "The Shiori package to use."; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix index bc18c824f394..08356cee1dfe 100644 --- a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix @@ -126,7 +126,6 @@ let root = mkOption { type = types.path; default = "/var/lib/tt-rss"; - example = "/var/lib/tt-rss"; description = '' Root of the application. ''; @@ -135,7 +134,6 @@ let user = mkOption { type = types.str; default = "tt_rss"; - example = "tt_rss"; description = '' User account under which both the update daemon and the web-application run. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/vikunja.nix b/nixpkgs/nixos/modules/services/web-apps/vikunja.nix index b0b6eb6df17e..7575e96ca815 100644 --- a/nixpkgs/nixos/modules/services/web-apps/vikunja.nix +++ b/nixpkgs/nixos/modules/services/web-apps/vikunja.nix @@ -14,13 +14,13 @@ in { package-api = mkOption { default = pkgs.vikunja-api; type = types.package; - defaultText = "pkgs.vikunja-api"; + defaultText = literalExpression "pkgs.vikunja-api"; description = "vikunja-api derivation to use."; }; package-frontend = mkOption { default = pkgs.vikunja-frontend; type = types.package; - defaultText = "pkgs.vikunja-frontend"; + defaultText = literalExpression "pkgs.vikunja-frontend"; description = "vikunja-frontend derivation to use."; }; environmentFiles = mkOption { @@ -34,7 +34,7 @@ in { setupNginx = mkOption { type = types.bool; default = config.services.nginx.enable; - defaultText = "config.services.nginx.enable"; + defaultText = literalExpression "config.services.nginx.enable"; description = '' Whether to setup NGINX. Further nginx configuration can be done by changing diff --git a/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix b/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix index b265296d5c1e..f9db6fe379b0 100644 --- a/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix +++ b/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix @@ -11,7 +11,7 @@ in { package = mkOption { default = pkgs.whitebophir; - defaultText = "pkgs.whitebophir"; + defaultText = literalExpression "pkgs.whitebophir"; type = types.package; description = "Whitebophir package to use."; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/wordpress.nix b/nixpkgs/nixos/modules/services/web-apps/wordpress.nix index eb91256045cc..8ebb72296627 100644 --- a/nixpkgs/nixos/modules/services/web-apps/wordpress.nix +++ b/nixpkgs/nixos/modules/services/web-apps/wordpress.nix @@ -2,7 +2,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types; - inherit (lib) any attrValues concatMapStringsSep flatten literalExample; + inherit (lib) any attrValues concatMapStringsSep flatten literalExpression; inherit (lib) filterAttrs mapAttrs mapAttrs' mapAttrsToList nameValuePair optional optionalAttrs optionalString; cfg = migrateOldAttrs config.services.wordpress; @@ -87,6 +87,7 @@ let package = mkOption { type = types.package; default = pkgs.wordpress; + defaultText = literalExpression "pkgs.wordpress"; description = "Which WordPress package to use."; }; @@ -106,23 +107,23 @@ let List of path(s) to respective plugin(s) which are copied from the 'plugins' directory. <note><para>These plugins need to be packaged before use, see example.</para></note> ''; - example = '' - # Wordpress plugin 'embed-pdf-viewer' installation example - embedPdfViewerPlugin = pkgs.stdenv.mkDerivation { - name = "embed-pdf-viewer-plugin"; - # Download the theme from the wordpress site - src = pkgs.fetchurl { - url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip"; - sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd"; + example = literalExpression '' + let + # Wordpress plugin 'embed-pdf-viewer' installation example + embedPdfViewerPlugin = pkgs.stdenv.mkDerivation { + name = "embed-pdf-viewer-plugin"; + # Download the theme from the wordpress site + src = pkgs.fetchurl { + url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip"; + sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd"; + }; + # We need unzip to build this package + nativeBuildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; }; - # We need unzip to build this package - nativeBuildInputs = [ pkgs.unzip ]; - # Installing simply means copying all files to the output directory - installPhase = "mkdir -p $out; cp -R * $out/"; - }; - - And then pass this theme to the themes list like this: - plugins = [ embedPdfViewerPlugin ]; + # And then pass this theme to the themes list like this: + in [ embedPdfViewerPlugin ] ''; }; @@ -133,23 +134,23 @@ let List of path(s) to respective theme(s) which are copied from the 'theme' directory. <note><para>These themes need to be packaged before use, see example.</para></note> ''; - example = '' - # Let's package the responsive theme - responsiveTheme = pkgs.stdenv.mkDerivation { - name = "responsive-theme"; - # Download the theme from the wordpress site - src = pkgs.fetchurl { - url = "https://downloads.wordpress.org/theme/responsive.3.14.zip"; - sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3"; + example = literalExpression '' + let + # Let's package the responsive theme + responsiveTheme = pkgs.stdenv.mkDerivation { + name = "responsive-theme"; + # Download the theme from the wordpress site + src = pkgs.fetchurl { + url = "https://downloads.wordpress.org/theme/responsive.3.14.zip"; + sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3"; + }; + # We need unzip to build this package + nativeBuildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; }; - # We need unzip to build this package - nativeBuildInputs = [ pkgs.unzip ]; - # Installing simply means copying all files to the output directory - installPhase = "mkdir -p $out; cp -R * $out/"; - }; - - And then pass this theme to the themes list like this: - themes = [ responsiveTheme ]; + # And then pass this theme to the themes list like this: + in [ responsiveTheme ] ''; }; @@ -204,7 +205,7 @@ let socket = mkOption { type = types.nullOr types.path; default = null; - defaultText = "/run/mysqld/mysqld.sock"; + defaultText = literalExpression "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; @@ -217,7 +218,7 @@ let virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); - example = literalExample '' + example = literalExpression '' { adminAddr = "webmaster@example.org"; forceSSL = true; diff --git a/nixpkgs/nixos/modules/services/web-apps/youtrack.nix b/nixpkgs/nixos/modules/services/web-apps/youtrack.nix index b4d653d2d77e..7a70ae6cd523 100644 --- a/nixpkgs/nixos/modules/services/web-apps/youtrack.nix +++ b/nixpkgs/nixos/modules/services/web-apps/youtrack.nix @@ -46,7 +46,7 @@ in https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html for more information. ''; - example = literalExample '' + example = literalExpression '' { "jetbrains.youtrack.overrideRootPassword" = "tortuga"; } @@ -60,7 +60,7 @@ in ''; type = types.package; default = pkgs.youtrack; - defaultText = "pkgs.youtrack"; + defaultText = literalExpression "pkgs.youtrack"; }; port = mkOption { diff --git a/nixpkgs/nixos/modules/services/web-apps/zabbix.nix b/nixpkgs/nixos/modules/services/web-apps/zabbix.nix index e94861a90b5a..21567896a89e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/zabbix.nix +++ b/nixpkgs/nixos/modules/services/web-apps/zabbix.nix @@ -3,7 +3,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types; - inherit (lib) literalExample mapAttrs optionalString versionAtLeast; + inherit (lib) literalExpression mapAttrs optionalString versionAtLeast; cfg = config.services.zabbixWeb; fpm = config.services.phpfpm.pools.zabbix; @@ -43,7 +43,7 @@ in package = mkOption { type = types.package; default = pkgs.zabbix.web; - defaultText = "zabbix.web"; + defaultText = literalExpression "zabbix.web"; description = "Which Zabbix package to use."; }; @@ -116,7 +116,7 @@ in virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); - example = literalExample '' + example = literalExpression '' { hostName = "zabbix.example.org"; adminAddr = "webmaster@example.org"; diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix index ceb199870975..992a58875e43 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -407,7 +407,7 @@ in package = mkOption { type = types.package; default = pkgs.apacheHttpd; - defaultText = "pkgs.apacheHttpd"; + defaultText = literalExpression "pkgs.apacheHttpd"; description = '' Overridable attribute of the Apache HTTP Server package to use. ''; @@ -416,8 +416,8 @@ in configFile = mkOption { type = types.path; default = confFile; - defaultText = "confFile"; - example = literalExample ''pkgs.writeText "httpd.conf" "# my custom config file ..."''; + defaultText = literalExpression "confFile"; + example = literalExpression ''pkgs.writeText "httpd.conf" "# my custom config file ..."''; description = '' Override the configuration file used by Apache. By default, NixOS generates one automatically. @@ -437,7 +437,7 @@ in extraModules = mkOption { type = types.listOf types.unspecified; default = []; - example = literalExample '' + example = literalExpression '' [ "proxy_connect" { name = "jk"; path = "''${pkgs.tomcat_connectors}/modules/mod_jk.so"; } @@ -516,7 +516,14 @@ in documentRoot = "${pkg}/htdocs"; }; }; - example = literalExample '' + defaultText = literalExpression '' + { + localhost = { + documentRoot = "''${package.out}/htdocs"; + }; + } + ''; + example = literalExpression '' { "foo.example.com" = { forceSSL = true; @@ -550,7 +557,7 @@ in phpPackage = mkOption { type = types.package; default = pkgs.php; - defaultText = "pkgs.php"; + defaultText = literalExpression "pkgs.php"; description = '' Overridable attribute of the PHP package to use. ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix index 3f732a5c9f33..8bb7e91ec9cd 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix @@ -1,6 +1,6 @@ { config, lib, name, ... }: let - inherit (lib) literalExample mkOption nameValuePair types; + inherit (lib) literalExpression mkOption nameValuePair types; in { options = { @@ -266,7 +266,7 @@ in locations = mkOption { type = with types; attrsOf (submodule (import ./location-options.nix)); default = {}; - example = literalExample '' + example = literalExpression '' { "/" = { proxyPass = "http://localhost:3000"; diff --git a/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix b/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix index fd7102096343..cef27e2e59f3 100644 --- a/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix @@ -83,7 +83,7 @@ in inherit config lib; })); default = { }; - example = literalExample '' + example = literalExpression '' { "hydra.example.com" = { serverAliases = [ "www.hydra.example.com" ]; @@ -162,8 +162,7 @@ in package = mkOption { default = pkgs.caddy; - defaultText = "pkgs.caddy"; - example = "pkgs.caddy"; + defaultText = literalExpression "pkgs.caddy"; type = types.package; description = '' Caddy package to use. diff --git a/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix index 9f25dc34f3f0..8cd6d020940b 100644 --- a/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -41,11 +41,13 @@ in configText = mkOption { default = ""; - example = '' - source-filter=''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=''${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - cache-size=1000 - scan-path=/srv/git + example = literalExpression '' + ''' + source-filter=''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=''${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + cache-size=1000 + scan-path=/srv/git + ''' ''; type = types.lines; description = '' diff --git a/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix index 7a691aa78915..05e897c8cc94 100644 --- a/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix @@ -38,10 +38,13 @@ let "mod_rrdtool" "mod_accesslog" # Remaining list of modules, order assumed to be unimportant. + "mod_authn_dbi" "mod_authn_file" "mod_authn_gssapi" "mod_authn_ldap" "mod_authn_mysql" + "mod_authn_pam" + "mod_authn_sasl" "mod_cml" "mod_deflate" "mod_evasive" @@ -132,6 +135,15 @@ in ''; }; + package = mkOption { + default = pkgs.lighttpd; + defaultText = "pkgs.lighttpd"; + type = types.package; + description = '' + lighttpd package to use. + ''; + }; + port = mkOption { default = 80; type = types.port; @@ -240,7 +252,7 @@ in description = "Lighttpd Web Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.lighttpd}/sbin/lighttpd -D -f ${configFile}"; + serviceConfig.ExecStart = "${cfg.package}/sbin/lighttpd -D -f ${configFile}"; # SIGINT => graceful shutdown serviceConfig.KillSignal = "SIGINT"; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/minio.nix b/nixpkgs/nixos/modules/services/web-servers/minio.nix index 6b10afad4991..c345e3f2467b 100644 --- a/nixpkgs/nixos/modules/services/web-servers/minio.nix +++ b/nixpkgs/nixos/modules/services/web-servers/minio.nix @@ -87,7 +87,7 @@ in package = mkOption { default = pkgs.minio; - defaultText = "pkgs.minio"; + defaultText = literalExpression "pkgs.minio"; type = types.package; description = "Minio package to use."; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix b/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix index 58db9b9beda0..0bd8b3316cb3 100644 --- a/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix +++ b/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix @@ -22,8 +22,8 @@ in { hostName = mkOption { type = types.str; - example = literalExample "config.networking.hostName"; default = config.networking.hostName; + defaultText = literalExpression "config.networking.hostName"; description = '' The hostname to respond to requests for. Requests for URLs with other hosts will result in a status 53 (PROXY REQUEST REFUSED) diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix index 6682472fdb8e..d5486be65ee7 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix @@ -425,7 +425,7 @@ in package = mkOption { default = pkgs.nginxStable; - defaultText = "pkgs.nginxStable"; + defaultText = literalExpression "pkgs.nginxStable"; type = types.package; apply = p: p.override { modules = p.modules ++ cfg.additionalModules; @@ -440,7 +440,7 @@ in additionalModules = mkOption { default = []; type = types.listOf (types.attrsOf types.anything); - example = literalExample "[ pkgs.nginxModules.brotli ]"; + example = literalExpression "[ pkgs.nginxModules.brotli ]"; description = '' Additional <link xlink:href="https://www.nginx.com/resources/wiki/modules/">third-party nginx modules</link> to install. Packaged modules are available in @@ -674,7 +674,7 @@ in addresses = mkOption { type = types.listOf types.str; default = []; - example = literalExample ''[ "[::1]" "127.0.0.1:5353" ]''; + example = literalExpression ''[ "[::1]" "127.0.0.1:5353" ]''; description = "List of resolvers to use"; }; valid = mkOption { @@ -738,7 +738,7 @@ in Defines a group of servers to use as proxy target. ''; default = {}; - example = literalExample '' + example = literalExpression '' "backend_server" = { servers = { "127.0.0.1:8000" = {}; }; extraConfig = '''' @@ -755,7 +755,7 @@ in default = { localhost = {}; }; - example = literalExample '' + example = literalExpression '' { "hydra.example.com" = { forceSSL = true; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix index d8c976f202fd..56a5381e05c8 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix @@ -12,7 +12,7 @@ with lib; basicAuth = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { user = "password"; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix index 94645e927f86..7ee041d37211 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -162,7 +162,7 @@ with lib; sslTrustedCertificate = mkOption { type = types.nullOr types.path; default = null; - example = "\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + example = literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"''; description = "Path to root SSL certificate for stapling and client certificates."; }; @@ -231,7 +231,7 @@ with lib; basicAuth = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' + example = literalExpression '' { user = "password"; }; @@ -261,7 +261,7 @@ with lib; inherit lib; })); default = {}; - example = literalExample '' + example = literalExpression '' { "/" = { proxyPass = "http://localhost:3000"; diff --git a/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix b/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix index 4d302299f5f0..87c68fa074a1 100644 --- a/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix @@ -59,7 +59,7 @@ let phpPackage = mkOption { type = types.package; default = cfg.phpPackage; - defaultText = "config.services.phpfpm.phpPackage"; + defaultText = literalExpression "config.services.phpfpm.phpPackage"; description = '' The PHP package to use for running this PHP-FPM pool. ''; @@ -78,7 +78,7 @@ let description = '' Environment variables used for this PHP-FPM pool. ''; - example = literalExample '' + example = literalExpression '' { HOSTNAME = "$HOSTNAME"; TMP = "/tmp"; @@ -107,7 +107,7 @@ let for details. Note that settings names must be enclosed in quotes (e.g. <literal>"pm.max_children"</literal> instead of <literal>pm.max_children</literal>). ''; - example = literalExample '' + example = literalExpression '' { "pm" = "dynamic"; "pm.max_children" = 75; @@ -179,7 +179,7 @@ in { phpPackage = mkOption { type = types.package; default = pkgs.php; - defaultText = "pkgs.php"; + defaultText = literalExpression "pkgs.php"; description = '' The PHP package to use for running the PHP-FPM service. ''; @@ -200,7 +200,7 @@ in { pools = mkOption { type = types.attrsOf (types.submodule poolOpts); default = {}; - example = literalExample '' + example = literalExpression '' { mypool = { user = "php"; diff --git a/nixpkgs/nixos/modules/services/web-servers/tomcat.nix b/nixpkgs/nixos/modules/services/web-servers/tomcat.nix index 13fe98402c60..f9446fe125a3 100644 --- a/nixpkgs/nixos/modules/services/web-servers/tomcat.nix +++ b/nixpkgs/nixos/modules/services/web-servers/tomcat.nix @@ -24,8 +24,8 @@ in package = mkOption { type = types.package; default = pkgs.tomcat85; - defaultText = "pkgs.tomcat85"; - example = lib.literalExample "pkgs.tomcat9"; + defaultText = literalExpression "pkgs.tomcat85"; + example = lib.literalExpression "pkgs.tomcat9"; description = '' Which tomcat package to use. ''; @@ -127,7 +127,7 @@ in webapps = mkOption { type = types.listOf types.path; default = [ tomcat.webapps ]; - defaultText = "[ pkgs.tomcat85.webapps ]"; + defaultText = literalExpression "[ pkgs.tomcat85.webapps ]"; description = "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat"; }; @@ -166,7 +166,7 @@ in jdk = mkOption { type = types.package; default = pkgs.jdk; - defaultText = "pkgs.jdk"; + defaultText = literalExpression "pkgs.jdk"; description = "Which JDK to use."; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/traefik.nix b/nixpkgs/nixos/modules/services/web-servers/traefik.nix index 3d29199dd454..eb7fd0995de0 100644 --- a/nixpkgs/nixos/modules/services/web-servers/traefik.nix +++ b/nixpkgs/nixos/modules/services/web-servers/traefik.nix @@ -54,7 +54,7 @@ in { staticConfigFile = mkOption { default = null; - example = literalExample "/path/to/static_config.toml"; + example = literalExpression "/path/to/static_config.toml"; type = types.nullOr types.path; description = '' Path to traefik's static configuration to use. @@ -78,7 +78,7 @@ in { dynamicConfigFile = mkOption { default = null; - example = literalExample "/path/to/dynamic_config.toml"; + example = literalExpression "/path/to/dynamic_config.toml"; type = types.nullOr types.path; description = '' Path to traefik's dynamic configuration to use. @@ -123,7 +123,7 @@ in { package = mkOption { default = pkgs.traefik; - defaultText = "pkgs.traefik"; + defaultText = literalExpression "pkgs.traefik"; type = types.package; description = "Traefik package to use."; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix b/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix index 341e8b13976a..706ea5bfefba 100644 --- a/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix @@ -62,15 +62,17 @@ in ipAllow = mkOption { type = types.nullOr yaml.type; default = builtins.fromJSON (builtins.readFile ./ip_allow.json); - defaultText = "upstream defaults"; - example = literalExample { - ip_allow = [{ - apply = "in"; - ip_addrs = "127.0.0.1"; - action = "allow"; - methods = "ALL"; - }]; - }; + defaultText = literalDocBook "upstream defaults"; + example = literalExpression '' + { + ip_allow = [{ + apply = "in"; + ip_addrs = "127.0.0.1"; + action = "allow"; + methods = "ALL"; + }]; + } + ''; description = '' Control client access to Traffic Server and Traffic Server connections to upstream servers. @@ -83,8 +85,8 @@ in logging = mkOption { type = types.nullOr yaml.type; default = builtins.fromJSON (builtins.readFile ./logging.json); - defaultText = "upstream defaults"; - example = literalExample { }; + defaultText = literalDocBook "upstream defaults"; + example = { }; description = '' Configure logs. @@ -145,7 +147,7 @@ in in valueType; default = { }; - example = literalExample { proxy.config.proxy_name = "my_server"; }; + example = { proxy.config.proxy_name = "my_server"; }; description = '' List of configurable variables used by Traffic Server. @@ -197,12 +199,14 @@ in sni = mkOption { type = types.nullOr yaml.type; default = null; - example = literalExample { - sni = [{ - fqdn = "no-http2.example.com"; - https = "off"; - }]; - }; + example = literalExpression '' + { + sni = [{ + fqdn = "no-http2.example.com"; + https = "off"; + }]; + } + ''; description = '' Configure aspects of TLS connection handling for both inbound and outbound connections. diff --git a/nixpkgs/nixos/modules/services/web-servers/ttyd.nix b/nixpkgs/nixos/modules/services/web-servers/ttyd.nix index 68d55ee6ffd2..431509f7fd56 100644 --- a/nixpkgs/nixos/modules/services/web-servers/ttyd.nix +++ b/nixpkgs/nixos/modules/services/web-servers/ttyd.nix @@ -78,7 +78,7 @@ in clientOptions = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample ''{ + example = literalExpression ''{ fontSize = "16"; fontFamily = "Fira Code"; diff --git a/nixpkgs/nixos/modules/services/web-servers/unit/default.nix b/nixpkgs/nixos/modules/services/web-servers/unit/default.nix index 2a264bf2e9a6..b2eecdbb53ee 100644 --- a/nixpkgs/nixos/modules/services/web-servers/unit/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/unit/default.nix @@ -14,7 +14,7 @@ in { package = mkOption { type = types.package; default = pkgs.unit; - defaultText = "pkgs.unit"; + defaultText = literalExpression "pkgs.unit"; description = "Unit package to use."; }; user = mkOption { @@ -45,7 +45,7 @@ in { "applications": {} } ''; - example = literalExample '' + example = '' { "listeners": { "*:8300": { diff --git a/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix b/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix index 86c18ad791b4..3411b89cf6d5 100644 --- a/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix @@ -114,7 +114,7 @@ in { default = { type = "normal"; }; - example = literalExample '' + example = literalExpression '' { type = "emperor"; vassals = { @@ -163,7 +163,7 @@ in { type = types.listOf types.str; apply = caps: caps ++ optionals isEmperor imperialPowers; default = [ ]; - example = literalExample '' + example = literalExpression '' [ "CAP_NET_BIND_SERVICE" # bind on ports <1024 "CAP_NET_RAW" # open raw sockets diff --git a/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix b/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix index 01fe3d12917a..0ebf58eb9f61 100644 --- a/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix @@ -13,10 +13,12 @@ in services.varnish = { enable = mkEnableOption "Varnish Server"; + enableConfigCheck = mkEnableOption "checking the config during build time" // { default = true; }; + package = mkOption { type = types.package; default = pkgs.varnish; - defaultText = "pkgs.varnish"; + defaultText = literalExpression "pkgs.varnish"; description = '' The package to use ''; @@ -48,7 +50,7 @@ in extraModules = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.varnishPackages.geoip ]"; + example = literalExpression "[ pkgs.varnishPackages.geoip ]"; description = " Varnish modules (except 'std'). "; @@ -96,11 +98,10 @@ in environment.systemPackages = [ cfg.package ]; # check .vcl syntax at compile time (e.g. before nixops deployment) - system.extraDependencies = [ - (pkgs.stdenv.mkDerivation { - name = "check-varnish-syntax"; - buildCommand = "${cfg.package}/sbin/varnishd -C ${commandLine} 2> $out || (cat $out; exit 1)"; - }) + system.extraDependencies = mkIf cfg.enableConfigCheck [ + (pkgs.runCommand "check-varnish-syntax" {} '' + ${cfg.package}/bin/varnishd -C ${commandLine} 2> $out || (cat $out; exit 1) + '') ]; users.users.varnish = { diff --git a/nixpkgs/nixos/modules/services/web-servers/zope2.nix b/nixpkgs/nixos/modules/services/web-servers/zope2.nix index ab12e87502eb..922109160228 100644 --- a/nixpkgs/nixos/modules/services/web-servers/zope2.nix +++ b/nixpkgs/nixos/modules/services/web-servers/zope2.nix @@ -75,7 +75,7 @@ in services.zope2.instances = mkOption { default = {}; type = with types; attrsOf (submodule zope2Opts); - example = literalExample '' + example = literalExpression '' { plone01 = { http_address = "127.0.0.1:8080"; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix index 24ca82fca796..6c7105729cfd 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix @@ -14,7 +14,7 @@ in { default = with pkgs.xorg; [ xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud ]; - example = literalExample '' + defaultText = literalExpression '' with pkgs.xorg; [ xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud ] @@ -50,7 +50,7 @@ in { security.wrappers = { dtmail = { setgid = true; - owner = "nobody"; + owner = "root"; group = "mail"; source = "${pkgs.cdesktopenv}/bin/dtmail"; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix index d201c1a5334b..a0a5873f72fe 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix @@ -26,7 +26,7 @@ in sessionPath = mkOption { default = []; type = types.listOf types.package; - example = literalExample "[ pkgs.gnome.gpaste ]"; + example = literalExpression "[ pkgs.gnome.gpaste ]"; description = '' Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart. @@ -50,7 +50,7 @@ in environment.cinnamon.excludePackages = mkOption { default = []; - example = literalExample "[ pkgs.cinnamon.blueberry ]"; + example = literalExpression "[ pkgs.cinnamon.blueberry ]"; type = types.listOf types.package; description = "Which packages cinnamon should exclude from the default environment"; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix index 9bb671adbecf..1e316c379f5b 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -186,7 +186,7 @@ in sessionPath = mkOption { default = []; type = types.listOf types.package; - example = literalExample "[ pkgs.gnome.gpaste ]"; + example = literalExpression "[ pkgs.gnome.gpaste ]"; description = '' Additional list of packages to be added to the session search path. Useful for GNOME Shell extensions or GSettings-conditional autostart. @@ -200,9 +200,11 @@ in internal = true; # this is messy default = defaultFavoriteAppsOverride; type = types.lines; - example = literalExample '' - [org.gnome.shell] - favorite-apps=[ 'firefox.desktop', 'org.gnome.Calendar.desktop' ] + example = literalExpression '' + ''' + [org.gnome.shell] + favorite-apps=[ 'firefox.desktop', 'org.gnome.Calendar.desktop' ] + ''' ''; description = "List of desktop files to put as favorite apps into gnome-shell. These need to be installed somehow globally."; }; @@ -242,13 +244,13 @@ in wmCommand = mkOption { type = types.str; description = "The executable of the window manager to use."; - example = "\${pkgs.haskellPackages.xmonad}/bin/xmonad"; + example = literalExpression ''"''${pkgs.haskellPackages.xmonad}/bin/xmonad"''; }; enableGnomePanel = mkOption { type = types.bool; default = true; - example = "false"; + example = false; description = "Whether to enable the GNOME panel in this session."; }; }; @@ -259,20 +261,20 @@ in panelModulePackages = mkOption { default = [ pkgs.gnome.gnome-applets ]; + defaultText = literalExpression "[ pkgs.gnome.gnome-applets ]"; type = types.listOf types.path; description = '' Packages containing modules that should be made available to <literal>gnome-panel</literal> (usually for applets). If you're packaging something to use here, please install the modules in <literal>$out/lib/gnome-panel/modules</literal>. ''; - example = literalExample "[ pkgs.gnome.gnome-applets ]"; }; }; }; environment.gnome.excludePackages = mkOption { default = []; - example = literalExample "[ pkgs.gnome.totem ]"; + example = literalExpression "[ pkgs.gnome.totem ]"; type = types.listOf types.package; description = "Which packages gnome should exclude from the default environment"; }; @@ -370,7 +372,13 @@ in services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center xdg.portal.enable = true; - xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + xdg.portal.extraPortals = [ + pkgs.xdg-desktop-portal-gnome + (pkgs.xdg-desktop-portal-gtk.override { + # Do not build portals that we already have. + buildPortalsInGnome = false; + }) + ]; # Harmonize Qt5 application style and also make them use the portal for file chooser dialog. qt5 = { diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix index af303d6fb279..b853c94d6fd4 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix @@ -18,8 +18,8 @@ in package = mkOption { type = types.package; default = pkgs.kodi; - defaultText = "pkgs.kodi"; - example = "pkgs.kodi.withPackages (p: with p; [ jellyfin pvr-iptvsimple vfs-sftp ])"; + defaultText = literalExpression "pkgs.kodi"; + example = literalExpression "pkgs.kodi.withPackages (p: with p; [ jellyfin pvr-iptvsimple vfs-sftp ])"; description = '' Package that should be used for Kodi. ''; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix index 71dfad5c7ca0..720985ba0d94 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix @@ -19,7 +19,7 @@ in environment.lxqt.excludePackages = mkOption { default = []; - example = literalExample "[ pkgs.lxqt.qterminal ]"; + example = literalExpression "[ pkgs.lxqt.qterminal ]"; type = types.listOf types.package; description = "Which LXQt packages to exclude from the default environment"; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix index 19ab9edb7324..f8f47a061452 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix @@ -35,7 +35,7 @@ in environment.mate.excludePackages = mkOption { default = []; - example = literalExample "[ pkgs.mate.mate-terminal pkgs.mate.pluma ]"; + example = literalExpression "[ pkgs.mate.mate-terminal pkgs.mate.pluma ]"; type = types.listOf types.package; description = "Which MATE packages to exclude from the default environment"; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index 887d6c91e83b..112f493b811c 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -43,7 +43,7 @@ in sessionPath = mkOption { default = []; type = types.listOf types.package; - example = literalExample "[ pkgs.gnome.gpaste ]"; + example = literalExpression "[ pkgs.gnome.gpaste ]"; description = '' Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart. @@ -86,7 +86,7 @@ in environment.pantheon.excludePackages = mkOption { default = []; - example = literalExample "[ pkgs.pantheon.elementary-camera ]"; + example = literalExpression "[ pkgs.pantheon.elementary-camera ]"; type = types.listOf types.package; description = "Which packages pantheon should exclude from the default environment"; }; @@ -219,6 +219,7 @@ in ] config.environment.pantheon.excludePackages); programs.evince.enable = mkDefault true; + programs.evince.package = pkgs.pantheon.evince; programs.file-roller.enable = mkDefault true; # Settings from elementary-default-settings diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix index d8dc2675f068..11cb4d3b8a95 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -13,7 +13,6 @@ let pulseaudio = config.hardware.pulseaudio; pactl = "${getBin pulseaudio.package}/bin/pactl"; - startplasma-x11 = "${getBin plasma5.plasma-workspace}/bin/startplasma-x11"; sed = "${getBin pkgs.gnused}/bin/sed"; gtkrc2 = writeText "gtkrc-2.0" '' @@ -136,9 +135,6 @@ let fi fi - '' - + '' - exec "${startplasma-x11}" ''; in @@ -172,6 +168,12 @@ in disabled by default. ''; }; + + useQtScaling = mkOption { + type = types.bool; + default = false; + description = "Enable HiDPI scaling in Qt."; + }; }; }; @@ -183,6 +185,7 @@ in config = mkMerge [ (mkIf cfg.enable { + # Seed our configuration into nixos-generate-config system.nixos-generate-config.desktopConfiguration = ['' # Enable the Plasma 5 Desktop Environment. @@ -190,11 +193,7 @@ in services.xserver.desktopManager.plasma5.enable = true; '']; - services.xserver.desktopManager.session = singleton { - name = "plasma5"; - bgSupport = true; - start = startplasma; - }; + services.xserver.displayManager.sessionPackages = [ pkgs.libsForQt5.plasma5.plasma-workspace ]; security.wrappers = { kcheckpass = @@ -264,6 +263,7 @@ in kwallet-pam kwalletmanager kwayland + kwayland-integration kwidgetsaddons kxmlgui kxmlrpcclient @@ -319,6 +319,10 @@ in qtvirtualkeyboard pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ + + elisa + gwenview + okular ] # Phonon audio backend @@ -342,6 +346,8 @@ in environment.etc."X11/xkb".source = xcfg.xkbDir; + environment.sessionVariables.PLASMA_USE_QT_SCALING = mkIf cfg.useQtScaling "1"; + # Enable GTK applications to load SVG icons services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ]; @@ -384,6 +390,7 @@ in # Update the start menu for each user that is currently logged in system.userActivationScripts.plasmaSetup = activationScript; + services.xserver.displayManager.setupCommands = startplasma; nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true; }) diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix index 9aeb0bbd2a88..4b5a04f988ba 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix @@ -50,6 +50,7 @@ in { defaultWwwUri = mkOption { type = types.str; default = "${pkgs.surf-display}/share/surf-display/empty-page.html"; + defaultText = literalExpression ''"''${pkgs.surf-display}/share/surf-display/empty-page.html"''; example = "https://www.example.com/"; description = "Default URI to display."; }; @@ -57,7 +58,7 @@ in { inactivityInterval = mkOption { type = types.int; default = 300; - example = "0"; + example = 0; description = '' Setting for internal inactivity timer to restart surf-display if the user goes inactive/idle to get a fresh session for the next user of diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix index bbfdea2225b5..25276e1d649e 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -49,7 +49,7 @@ in thunarPlugins = mkOption { default = []; type = types.listOf types.package; - example = literalExample "[ pkgs.xfce.thunar-archive-plugin ]"; + example = literalExpression "[ pkgs.xfce.thunar-archive-plugin ]"; description = '' A list of plugin that should be installed with Thunar. ''; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix index f76db278a927..3424ee1b0e11 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix @@ -14,8 +14,8 @@ in services.xserver.desktopManager.xterm.enable = mkOption { type = types.bool; - default = (versionOlder config.system.stateVersion "19.09") && xSessionEnabled; - defaultText = if versionOlder config.system.stateVersion "19.09" then "config.services.xserver.enable" else "false"; + default = versionOlder config.system.stateVersion "19.09" && xSessionEnabled; + defaultText = literalExpression ''versionOlder config.system.stateVersion "19.09" && config.services.xserver.enable;''; description = "Enable a xterm terminal as a desktop manager."; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/default.nix b/nixpkgs/nixos/modules/services/x11/display-managers/default.nix index 584dfb63c4dc..7fc8db95a485 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/default.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/default.nix @@ -217,7 +217,7 @@ in session = mkOption { default = []; - example = literalExample + example = literalExpression '' [ { manage = "desktop"; name = "xterm"; @@ -305,9 +305,7 @@ in execCmd = mkOption { type = types.str; - example = literalExample '' - "''${pkgs.lightdm}/bin/lightdm" - ''; + example = literalExpression ''"''${pkgs.lightdm}/bin/lightdm"''; description = "Command to start the display manager."; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix index 3df576038a9f..e036c684c886 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix @@ -6,6 +6,8 @@ let cfg = config.services.xserver.displayManager; gdm = pkgs.gnome.gdm; + settingsFormat = pkgs.formats.ini { }; + configFile = settingsFormat.generate "custom.conf" cfg.gdm.settings; xSessionWrapper = if (cfg.setupCommands == "") then null else pkgs.writeScript "gdm-x-session-wrapper" '' @@ -24,7 +26,6 @@ let load-module module-udev-detect load-module module-native-protocol-unix load-module module-default-device-restore - load-module module-rescue-streams load-module module-always-sink load-module module-intended-roles load-module module-suspend-on-idle @@ -105,6 +106,18 @@ in type = types.bool; }; + settings = mkOption { + type = settingsFormat.type; + default = { }; + example = { + debug.enable = true; + }; + description = '' + Options passed to the gdm daemon. + See <link xlink:href="https://help.gnome.org/admin/gdm/stable/configuration.html.en#daemonconfig">here</link> for supported options. + ''; + }; + }; }; @@ -270,31 +283,26 @@ in # Use AutomaticLogin if delay is zero, because it's immediate. # Otherwise with TimedLogin with zero seconds the prompt is still # presented and there's a little delay. - environment.etc."gdm/custom.conf".text = '' - [daemon] - WaylandEnable=${boolToString cfg.gdm.wayland} - ${optionalString cfg.autoLogin.enable ( - if cfg.gdm.autoLogin.delay > 0 then '' - TimedLoginEnable=true - TimedLogin=${cfg.autoLogin.user} - TimedLoginDelay=${toString cfg.gdm.autoLogin.delay} - '' else '' - AutomaticLoginEnable=true - AutomaticLogin=${cfg.autoLogin.user} - '') - } - - [security] - - [xdmcp] - - [greeter] - - [chooser] - - [debug] - ${optionalString cfg.gdm.debug "Enable=true"} - ''; + services.xserver.displayManager.gdm.settings = { + daemon = mkMerge [ + { WaylandEnable = cfg.gdm.wayland; } + # nested if else didn't work + (mkIf (cfg.autoLogin.enable && cfg.gdm.autoLogin.delay != 0 ) { + TimedLoginEnable = true; + TimedLogin = cfg.autoLogin.user; + TimedLoginDelay = cfg.gdm.autoLogin.delay; + }) + (mkIf (cfg.autoLogin.enable && cfg.gdm.autoLogin.delay == 0 ) { + AutomaticLoginEnable = true; + AutomaticLogin = cfg.autoLogin.user; + }) + ]; + debug = mkIf cfg.gdm.debug { + Enable = true; + }; + }; + + environment.etc."gdm/custom.conf".source = configFile; environment.etc."gdm/Xsession".source = config.services.xserver.displayManager.sessionData.wrapper; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix index ecd46a9ee6d2..930ee96b384d 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix @@ -35,7 +35,7 @@ in { package = mkOption { type = types.package; default = pkgs.gnome.gnome-themes-extra; - defaultText = "pkgs.gnome.gnome-themes-extra"; + defaultText = literalExpression "pkgs.gnome.gnome-themes-extra"; description = '' The package path that contains the theme given in the name option. ''; @@ -54,7 +54,7 @@ in { package = mkOption { type = types.package; default = pkgs.papirus-icon-theme; - defaultText = "pkgs.papirus-icon-theme"; + defaultText = literalExpression "pkgs.papirus-icon-theme"; description = '' The package path that contains the icon theme given in the name option. ''; @@ -73,7 +73,7 @@ in { package = mkOption { type = types.package; default = pkgs.capitaine-cursors; - defaultText = "pkgs.capitaine-cursors"; + defaultText = literalExpression "pkgs.capitaine-cursors"; description = '' The package path that contains the cursor theme given in the name option. ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index fe5a16bc60f1..debd4b568bf6 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -48,7 +48,7 @@ in package = mkOption { type = types.package; default = pkgs.gnome.gnome-themes-extra; - defaultText = "pkgs.gnome.gnome-themes-extra"; + defaultText = literalExpression "pkgs.gnome.gnome-themes-extra"; description = '' The package path that contains the theme given in the name option. ''; @@ -69,7 +69,7 @@ in package = mkOption { type = types.package; default = pkgs.gnome.adwaita-icon-theme; - defaultText = "pkgs.gnome.adwaita-icon-theme"; + defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; description = '' The package path that contains the icon theme given in the name option. ''; @@ -90,7 +90,7 @@ in package = mkOption { type = types.package; default = pkgs.gnome.adwaita-icon-theme; - defaultText = "pkgs.gnome.adwaita-icon-theme"; + defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; description = '' The package path that contains the cursor theme given in the name option. ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix index 41c1b635f5d6..1c9a5f978c54 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix @@ -148,7 +148,7 @@ in background = mkOption { type = types.path; # Manual cannot depend on packages, we are actually setting the default in config below. - defaultText = "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath"; + defaultText = literalExpression "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath"; description = '' The background image or color to use. ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix index d79b3cda2fcc..5a4fad9c4cb1 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix @@ -113,14 +113,12 @@ in settings = mkOption { type = iniFmt.type; default = { }; - example = '' - { - Autologin = { - User = "john"; - Session = "plasma.desktop"; - }; - } - ''; + example = { + Autologin = { + User = "john"; + Session = "plasma.desktop"; + }; + }; description = '' Extra settings merged in and overwritting defaults in sddm.conf. ''; diff --git a/nixpkgs/nixos/modules/services/x11/extra-layouts.nix b/nixpkgs/nixos/modules/services/x11/extra-layouts.nix index b1c4e04975f9..159bed63e137 100644 --- a/nixpkgs/nixos/modules/services/x11/extra-layouts.nix +++ b/nixpkgs/nixos/modules/services/x11/extra-layouts.nix @@ -93,7 +93,7 @@ in extraLayouts = mkOption { type = types.attrsOf (types.submodule layoutOpts); default = {}; - example = literalExample + example = literalExpression '' { mine = { diff --git a/nixpkgs/nixos/modules/services/x11/imwheel.nix b/nixpkgs/nixos/modules/services/x11/imwheel.nix index 51f72dadbd43..ae990141a502 100644 --- a/nixpkgs/nixos/modules/services/x11/imwheel.nix +++ b/nixpkgs/nixos/modules/services/x11/imwheel.nix @@ -21,15 +21,17 @@ in rules = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample '' - ".*" = ''' - None, Up, Button4, 8 - None, Down, Button5, 8 - Shift_L, Up, Shift_L|Button4, 4 - Shift_L, Down, Shift_L|Button5, 4 - Control_L, Up, Control_L|Button4 - Control_L, Down, Control_L|Button5 - '''; + example = literalExpression '' + { + ".*" = ''' + None, Up, Button4, 8 + None, Down, Button5, 8 + Shift_L, Up, Shift_L|Button4, 4 + Shift_L, Down, Shift_L|Button5, 4 + Control_L, Up, Control_L|Button4 + Control_L, Down, Control_L|Button5 + '''; + } ''; description = '' Window class translation rules. diff --git a/nixpkgs/nixos/modules/services/x11/picom.nix b/nixpkgs/nixos/modules/services/x11/picom.nix index 977d0fea2192..dbd4b1cefef1 100644 --- a/nixpkgs/nixos/modules/services/x11/picom.nix +++ b/nixpkgs/nixos/modules/services/x11/picom.nix @@ -254,7 +254,7 @@ in { in mkOption { type = topLevel; default = { }; - example = literalExample '' + example = literalExpression '' blur = { method = "gaussian"; size = 10; diff --git a/nixpkgs/nixos/modules/services/x11/redshift.nix b/nixpkgs/nixos/modules/services/x11/redshift.nix index 60d80a28762b..cc9f964754f3 100644 --- a/nixpkgs/nixos/modules/services/x11/redshift.nix +++ b/nixpkgs/nixos/modules/services/x11/redshift.nix @@ -76,7 +76,7 @@ in { package = mkOption { type = types.package; default = pkgs.redshift; - defaultText = "pkgs.redshift"; + defaultText = literalExpression "pkgs.redshift"; description = '' redshift derivation to use. ''; diff --git a/nixpkgs/nixos/modules/services/x11/touchegg.nix b/nixpkgs/nixos/modules/services/x11/touchegg.nix index fab7fac3f017..9d3678e7696d 100644 --- a/nixpkgs/nixos/modules/services/x11/touchegg.nix +++ b/nixpkgs/nixos/modules/services/x11/touchegg.nix @@ -16,7 +16,7 @@ in { package = mkOption { type = types.package; default = pkgs.touchegg; - defaultText = "pkgs.touchegg"; + defaultText = literalExpression "pkgs.touchegg"; description = "touchegg derivation to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix b/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix index 71262431b685..0b4d06f640d2 100644 --- a/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix +++ b/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix @@ -17,7 +17,7 @@ in { description = "unclutter-xfixes derivation to use."; type = types.package; default = pkgs.unclutter-xfixes; - defaultText = "pkgs.unclutter-xfixes"; + defaultText = literalExpression "pkgs.unclutter-xfixes"; }; timeout = mkOption { diff --git a/nixpkgs/nixos/modules/services/x11/unclutter.nix b/nixpkgs/nixos/modules/services/x11/unclutter.nix index 56e30c79d1f1..bdb5fa7b50cd 100644 --- a/nixpkgs/nixos/modules/services/x11/unclutter.nix +++ b/nixpkgs/nixos/modules/services/x11/unclutter.nix @@ -16,7 +16,7 @@ in { package = mkOption { type = types.package; default = pkgs.unclutter; - defaultText = "pkgs.unclutter"; + defaultText = literalExpression "pkgs.unclutter"; description = "unclutter derivation to use."; }; diff --git a/nixpkgs/nixos/modules/services/x11/urxvtd.nix b/nixpkgs/nixos/modules/services/x11/urxvtd.nix index 867ac38a944f..0a0df447f4e1 100644 --- a/nixpkgs/nixos/modules/services/x11/urxvtd.nix +++ b/nixpkgs/nixos/modules/services/x11/urxvtd.nix @@ -19,7 +19,7 @@ in { package = mkOption { default = pkgs.rxvt-unicode; - defaultText = "pkgs.rxvt-unicode"; + defaultText = literalExpression "pkgs.rxvt-unicode"; description = '' Package to install. Usually pkgs.rxvt-unicode. ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix b/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix index 37a14e34f57e..c6c0c934f9ae 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix @@ -27,7 +27,7 @@ in default = []; type = types.listOf types.package; description = "List of lua packages available for being used in the Awesome configuration."; - example = literalExample "[ pkgs.luaPackages.vicious ]"; + example = literalExpression "[ pkgs.luaPackages.vicious ]"; }; package = mkOption { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix index 23cd4f6529a6..ade24061a069 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix @@ -14,15 +14,15 @@ in package = mkOption { type = types.package; default = pkgs.bspwm; - defaultText = "pkgs.bspwm"; - example = "pkgs.bspwm-unstable"; + defaultText = literalExpression "pkgs.bspwm"; + example = literalExpression "pkgs.bspwm-unstable"; description = '' bspwm package to use. ''; }; configFile = mkOption { type = with types; nullOr path; - example = "${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc"; + example = literalExpression ''"''${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc"''; default = null; description = '' Path to the bspwm configuration file. @@ -34,15 +34,15 @@ in package = mkOption { type = types.package; default = pkgs.sxhkd; - defaultText = "pkgs.sxhkd"; - example = "pkgs.sxhkd-unstable"; + defaultText = literalExpression "pkgs.sxhkd"; + example = literalExpression "pkgs.sxhkd-unstable"; description = '' sxhkd package to use. ''; }; configFile = mkOption { type = with types; nullOr path; - example = "${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc"; + example = literalExpression ''"''${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc"''; default = null; description = '' Path to the sxhkd configuration file. diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix index 5015852db69f..78772c799744 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix @@ -13,7 +13,7 @@ in package = mkOption { type = types.package; default = pkgs.lispPackages.clfswm; - defaultText = "pkgs.lispPackages.clfswm"; + defaultText = literalExpression "pkgs.lispPackages.clfswm"; description = '' clfswm package to use. ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix index 4b707d398496..b505f720f04c 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix @@ -22,7 +22,7 @@ in loadScript = mkOption { default = "(require 'exwm)"; type = types.lines; - example = literalExample '' + example = '' (require 'exwm) (exwm-enable) ''; @@ -39,8 +39,9 @@ in }; extraPackages = mkOption { type = types.functionTo (types.listOf types.package); - default = self: []; - example = literalExample '' + default = epkgs: []; + defaultText = literalExpression "epkgs: []"; + example = literalExpression '' epkgs: [ epkgs.emms epkgs.magit diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix index 548097a412d2..354d70c695cb 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix @@ -14,7 +14,7 @@ in package = mkOption { type = types.package; default = pkgs.herbstluftwm; - defaultText = "pkgs.herbstluftwm"; + defaultText = literalExpression "pkgs.herbstluftwm"; description = '' Herbstluftwm package to use. ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix b/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix index 0ef55d5f2c03..99f9997024fe 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix @@ -30,8 +30,8 @@ in package = mkOption { type = types.package; default = pkgs.i3; - defaultText = "pkgs.i3"; - example = "pkgs.i3-gaps"; + defaultText = literalExpression "pkgs.i3"; + example = literalExpression "pkgs.i3-gaps"; description = '' i3 package to use. ''; @@ -40,7 +40,7 @@ in extraPackages = mkOption { type = with types; listOf package; default = with pkgs; [ dmenu i3status i3lock ]; - example = literalExample '' + defaultText = literalExpression '' with pkgs; [ dmenu i3status diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix b/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix index a6864a827719..56b692209651 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix @@ -28,7 +28,7 @@ in feh rxvt-unicode ]; - example = literalExample '' + defaultText = literalExpression '' with pkgs; [ rofi dunst diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix b/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix index fe8ed3812511..6aa0d5f76f26 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix @@ -2,7 +2,7 @@ with lib; let - inherit (lib) mkOption mkIf optionals literalExample; + inherit (lib) mkOption mkIf optionals literalExpression; cfg = config.services.xserver.windowManager.xmonad; ghcWithPackages = cfg.haskellPackages.ghcWithPackages; @@ -42,8 +42,8 @@ in { enable = mkEnableOption "xmonad"; haskellPackages = mkOption { default = pkgs.haskellPackages; - defaultText = "pkgs.haskellPackages"; - example = literalExample "pkgs.haskell.packages.ghc784"; + defaultText = literalExpression "pkgs.haskellPackages"; + example = literalExpression "pkgs.haskell.packages.ghc784"; description = '' haskellPackages used to build Xmonad and other packages. This can be used to change the GHC version used to build @@ -55,8 +55,8 @@ in { extraPackages = mkOption { type = types.functionTo (types.listOf types.package); default = self: []; - defaultText = "self: []"; - example = literalExample '' + defaultText = literalExpression "self: []"; + example = literalExpression '' haskellPackages: [ haskellPackages.xmonad-contrib haskellPackages.monad-logger diff --git a/nixpkgs/nixos/modules/services/x11/xautolock.nix b/nixpkgs/nixos/modules/services/x11/xautolock.nix index 5ce08fce7c43..947d8f4edfb5 100644 --- a/nixpkgs/nixos/modules/services/x11/xautolock.nix +++ b/nixpkgs/nixos/modules/services/x11/xautolock.nix @@ -27,7 +27,8 @@ in locker = mkOption { default = "${pkgs.xlockmore}/bin/xlock"; # default according to `man xautolock` - example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img"; + defaultText = literalExpression ''"''${pkgs.xlockmore}/bin/xlock"''; + example = literalExpression ''"''${pkgs.i3lock}/bin/i3lock -i /path/to/img"''; type = types.str; description = '' @@ -37,7 +38,7 @@ in nowlocker = mkOption { default = null; - example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img"; + example = literalExpression ''"''${pkgs.i3lock}/bin/i3lock -i /path/to/img"''; type = types.nullOr types.str; description = '' @@ -56,7 +57,7 @@ in notifier = mkOption { default = null; - example = "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\""; + example = literalExpression ''"''${pkgs.libnotify}/bin/notify-send 'Locking in 10 seconds'"''; type = types.nullOr types.str; description = '' diff --git a/nixpkgs/nixos/modules/services/x11/xserver.nix b/nixpkgs/nixos/modules/services/x11/xserver.nix index ee190ac3cc44..cb620f10b13f 100644 --- a/nixpkgs/nixos/modules/services/x11/xserver.nix +++ b/nixpkgs/nixos/modules/services/x11/xserver.nix @@ -217,7 +217,7 @@ in inputClassSections = mkOption { type = types.listOf types.lines; default = []; - example = literalExample '' + example = literalExpression '' [ ''' Identifier "Trackpoint Wheel Emulation" MatchProduct "ThinkPad USB Keyboard with TrackPoint" @@ -233,7 +233,7 @@ in modules = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ pkgs.xf86_input_wacom ]"; + example = literalExpression "[ pkgs.xf86_input_wacom ]"; description = "Packages to be added to the module search path of the X server."; }; @@ -351,6 +351,7 @@ in xkbDir = mkOption { type = types.path; default = "${pkgs.xkeyboard_config}/etc/X11/xkb"; + defaultText = literalExpression ''"''${pkgs.xkeyboard_config}/etc/X11/xkb"''; description = '' Path used for -xkbdir xserver parameter. ''; diff --git a/nixpkgs/nixos/modules/system/activation/activation-script.nix b/nixpkgs/nixos/modules/system/activation/activation-script.nix index 704fc15fe207..8dbfe393f109 100644 --- a/nixpkgs/nixos/modules/system/activation/activation-script.nix +++ b/nixpkgs/nixos/modules/system/activation/activation-script.nix @@ -110,7 +110,7 @@ in system.activationScripts = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { stdio.text = ''' # Needed by some programs. @@ -147,7 +147,7 @@ in system.userActivationScripts = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { plasmaSetup = { text = ''' ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5" @@ -193,9 +193,8 @@ in environment.usrbinenv = mkOption { default = "${pkgs.coreutils}/bin/env"; - example = literalExample '' - "''${pkgs.busybox}/bin/env" - ''; + defaultText = literalExpression ''"''${pkgs.coreutils}/bin/env"''; + example = literalExpression ''"''${pkgs.busybox}/bin/env"''; type = types.nullOr types.path; visible = false; description = '' diff --git a/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl b/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl index b7a062755296..e105502cf3a4 100644 --- a/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl @@ -2,6 +2,7 @@ use strict; use warnings; +use File::Path qw(make_path); use File::Basename; use File::Slurp; use Net::DBus; @@ -10,13 +11,23 @@ use Cwd 'abs_path'; my $out = "@out@"; -# FIXME: maybe we should use /proc/1/exe to get the current systemd. my $curSystemd = abs_path("/run/current-system/sw/bin"); # To be robust against interruption, record what units need to be started etc. -my $startListFile = "/run/systemd/start-list"; -my $restartListFile = "/run/systemd/restart-list"; -my $reloadListFile = "/run/systemd/reload-list"; +my $startListFile = "/run/nixos/start-list"; +my $restartListFile = "/run/nixos/restart-list"; +my $reloadListFile = "/run/nixos/reload-list"; + +# Parse restart/reload requests by the activation script. +# Activation scripts may write newline-separated units to this +# file and switch-to-configuration will handle them. While +# `stopIfChanged = true` is ignored, switch-to-configuration will +# handle `restartIfChanged = false` and `reloadIfChanged = true`. +# This also works for socket-activated units. +my $restartByActivationFile = "/run/nixos/activation-restart-list"; +my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list"; + +make_path("/run/nixos", { mode => oct(755) }); my $action = shift @ARGV; @@ -138,6 +149,92 @@ sub fingerprintUnit { return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : ""); } +sub handleModifiedUnit { + my ($unit, $baseName, $newUnitFile, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_; + + if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.slice$/ || $unit =~ /\.path$/) { + # Do nothing. These cannot be restarted directly. + # Slices and Paths don't have to be restarted since + # properties (resource limits and inotify watches) + # seem to get applied on daemon-reload. + } elsif ($unit =~ /\.mount$/) { + # Reload the changed mount unit to force a remount. + $unitsToReload->{$unit} = 1; + recordUnit($reloadListFile, $unit); + } else { + my $unitInfo = parseUnit($newUnitFile); + if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) { + $unitsToReload->{$unit} = 1; + recordUnit($reloadListFile, $unit); + } + elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) { + $unitsToSkip->{$unit} = 1; + } else { + # If this unit is socket-activated, then stop it instead + # of restarting it to make sure the new version of it is + # socket-activated. + my $socketActivated = 0; + if ($unit =~ /\.service$/) { + my @sockets = split / /, ($unitInfo->{Sockets} // ""); + if (scalar @sockets == 0) { + @sockets = ("$baseName.socket"); + } + foreach my $socket (@sockets) { + if (-e "$out/etc/systemd/system/$socket") { + $socketActivated = 1; + $unitsToStop->{$unit} = 1; + # If the socket was not running previously, + # start it now. + if (not defined $activePrev->{$socket}) { + $unitsToStart->{$socket} = 1; + } + } + } + } + + # Don't do the rest of this for socket-activated units + # because we handled these above where we stop the unit. + # Since only services can be socket-activated, the + # following condition always evaluates to `true` for + # non-service units. + if ($socketActivated) { + return; + } + + # If we are restarting a socket, also stop the corresponding + # service. This is required because restarting a socket + # when the service is already activated fails. + if ($unit =~ /\.socket$/) { + my $service = $unitInfo->{Service} // ""; + if ($service eq "") { + $service = "$baseName.service"; + } + if (defined $activePrev->{$service}) { + $unitsToStop->{$service} = 1; + } + $unitsToRestart->{$unit} = 1; + recordUnit($restartListFile, $unit); + } else { + # Always restart non-services instead of stopping and starting them + # because it doesn't make sense to stop them with a config from + # the old evaluation. + if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) { + # This unit should be restarted instead of + # stopped and started. + $unitsToRestart->{$unit} = 1; + recordUnit($restartListFile, $unit); + } else { + # We write to a file to ensure that the + # service gets restarted if we're interrupted. + $unitsToStart->{$unit} = 1; + recordUnit($startListFile, $unit); + $unitsToStop->{$unit} = 1; + } + } + } + } +} + # Figure out what units need to be stopped, started, restarted or reloaded. my (%unitsToStop, %unitsToSkip, %unitsToStart, %unitsToRestart, %unitsToReload); @@ -150,7 +247,7 @@ $unitsToRestart{$_} = 1 foreach split('\n', read_file($restartListFile, err_mode => 'quiet') // ""); $unitsToReload{$_} = 1 foreach - split '\n', read_file($reloadListFile, err_mode => 'quiet') // ""; + split('\n', read_file($reloadListFile, err_mode => 'quiet') // ""); my $activePrev = getActiveUnits; while (my ($unit, $state) = each %{$activePrev}) { @@ -210,65 +307,7 @@ while (my ($unit, $state) = each %{$activePrev}) { } elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) { - if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") { - # Do nothing. These cannot be restarted directly. - } elsif ($unit =~ /\.mount$/) { - # Reload the changed mount unit to force a remount. - $unitsToReload{$unit} = 1; - recordUnit($reloadListFile, $unit); - } elsif ($unit =~ /\.socket$/ || $unit =~ /\.path$/ || $unit =~ /\.slice$/) { - # FIXME: do something? - } else { - my $unitInfo = parseUnit($newUnitFile); - if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) { - $unitsToReload{$unit} = 1; - recordUnit($reloadListFile, $unit); - } - elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) { - $unitsToSkip{$unit} = 1; - } else { - if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes")) { - # This unit should be restarted instead of - # stopped and started. - $unitsToRestart{$unit} = 1; - recordUnit($restartListFile, $unit); - } else { - # If this unit is socket-activated, then stop the - # socket unit(s) as well, and restart the - # socket(s) instead of the service. - my $socketActivated = 0; - if ($unit =~ /\.service$/) { - my @sockets = split / /, ($unitInfo->{Sockets} // ""); - if (scalar @sockets == 0) { - @sockets = ("$baseName.socket"); - } - foreach my $socket (@sockets) { - if (defined $activePrev->{$socket}) { - $unitsToStop{$socket} = 1; - # Only restart sockets that actually - # exist in new configuration: - if (-e "$out/etc/systemd/system/$socket") { - $unitsToStart{$socket} = 1; - recordUnit($startListFile, $socket); - $socketActivated = 1; - } - } - } - } - - # If the unit is not socket-activated, record - # that this unit needs to be started below. - # We write this to a file to ensure that the - # service gets restarted if we're interrupted. - if (!$socketActivated) { - $unitsToStart{$unit} = 1; - recordUnit($startListFile, $unit); - } - - $unitsToStop{$unit} = 1; - } - } - } + handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToSkip); } } } @@ -353,8 +392,6 @@ sub filterUnits { } my @unitsToStopFiltered = filterUnits(\%unitsToStop); -my @unitsToStartFiltered = filterUnits(\%unitsToStart); - # Show dry-run actions. if ($action eq "dry-activate") { @@ -366,13 +403,44 @@ if ($action eq "dry-activate") { print STDERR "would activate the configuration...\n"; system("$out/dry-activate", "$out"); + # Handle the activation script requesting the restart or reload of a unit. + my %unitsToAlsoStop; + my %unitsToAlsoSkip; + foreach (split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "")) { + my $unit = $_; + my $baseUnit = $unit; + my $newUnitFile = "$out/etc/systemd/system/$baseUnit"; + + # Detect template instances. + if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) { + $baseUnit = "$1\@.$2"; + $newUnitFile = "$out/etc/systemd/system/$baseUnit"; + } + + my $baseName = $baseUnit; + $baseName =~ s/\.[a-z]*$//; + + handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToAlsoStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToAlsoSkip); + } + unlink($dryRestartByActivationFile); + + my @unitsToAlsoStopFiltered = filterUnits(\%unitsToAlsoStop); + if (scalar(keys %unitsToAlsoStop) > 0) { + print STDERR "would stop the following units as well: ", join(", ", @unitsToAlsoStopFiltered), "\n" + if scalar @unitsToAlsoStopFiltered; + } + + print STDERR "would NOT restart the following changed units as well: ", join(", ", sort(keys %unitsToAlsoSkip)), "\n" + if scalar(keys %unitsToAlsoSkip) > 0; + print STDERR "would restart systemd\n" if $restartSystemd; + print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" + if scalar(keys %unitsToReload) > 0; print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n" if scalar(keys %unitsToRestart) > 0; + my @unitsToStartFiltered = filterUnits(\%unitsToStart); print STDERR "would start the following units: ", join(", ", @unitsToStartFiltered), "\n" if scalar @unitsToStartFiltered; - print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" - if scalar(keys %unitsToReload) > 0; exit 0; } @@ -383,7 +451,7 @@ if (scalar (keys %unitsToStop) > 0) { print STDERR "stopping the following units: ", join(", ", @unitsToStopFiltered), "\n" if scalar @unitsToStopFiltered; # Use current version of systemctl binary before daemon is reexeced. - system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToStop)); # FIXME: ignore errors? + system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToStop)); } print STDERR "NOT restarting the following changed units: ", join(", ", sort(keys %unitsToSkip)), "\n" @@ -395,6 +463,41 @@ my $res = 0; print STDERR "activating the configuration...\n"; system("$out/activate", "$out") == 0 or $res = 2; +# Handle the activation script requesting the restart or reload of a unit. +# We can only restart and reload (not stop/start) because the units to be +# stopped are already stopped before the activation script is run. We do however +# make an exception for services that are socket-activated and that have to be stopped +# instead of being restarted. +my %unitsToAlsoStop; +my %unitsToAlsoSkip; +foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "")) { + my $unit = $_; + my $baseUnit = $unit; + my $newUnitFile = "$out/etc/systemd/system/$baseUnit"; + + # Detect template instances. + if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) { + $baseUnit = "$1\@.$2"; + $newUnitFile = "$out/etc/systemd/system/$baseUnit"; + } + + my $baseName = $baseUnit; + $baseName =~ s/\.[a-z]*$//; + + handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToAlsoStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToAlsoSkip); +} +unlink($restartByActivationFile); + +my @unitsToAlsoStopFiltered = filterUnits(\%unitsToAlsoStop); +if (scalar(keys %unitsToAlsoStop) > 0) { + print STDERR "stopping the following units as well: ", join(", ", @unitsToAlsoStopFiltered), "\n" + if scalar @unitsToAlsoStopFiltered; + system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToAlsoStop)); +} + +print STDERR "NOT restarting the following changed units as well: ", join(", ", sort(keys %unitsToAlsoSkip)), "\n" + if scalar(keys %unitsToAlsoSkip) > 0; + # Restart systemd if necessary. Note that this is done using the # current version of systemd, just in case the new one has trouble # communicating with the running pid 1. @@ -440,8 +543,36 @@ if (scalar(keys %unitsToReload) > 0) { # than stopped and started). if (scalar(keys %unitsToRestart) > 0) { print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"; - system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4; + + # We split the units to be restarted into sockets and non-sockets. + # This is because restarting sockets may fail which is not bad by + # itself but which will prevent changes on the sockets. We usually + # restart the socket and stop the service before that. Restarting + # the socket will fail however when the service was re-activated + # in the meantime. There is no proper way to prevent that from happening. + my @unitsWithErrorHandling = grep { $_ !~ /\.socket$/ } sort(keys %unitsToRestart); + my @unitsWithoutErrorHandling = grep { $_ =~ /\.socket$/ } sort(keys %unitsToRestart); + + if (scalar(@unitsWithErrorHandling) > 0) { + system("@systemd@/bin/systemctl", "restart", "--", @unitsWithErrorHandling) == 0 or $res = 4; + } + if (scalar(@unitsWithoutErrorHandling) > 0) { + # Don't print warnings from systemctl + no warnings 'once'; + open(OLDERR, ">&", \*STDERR); + close(STDERR); + + my $ret = system("@systemd@/bin/systemctl", "restart", "--", @unitsWithoutErrorHandling); + + # Print stderr again + open(STDERR, ">&OLDERR"); + + if ($ret ne 0) { + print STDERR "warning: some sockets failed to restart. Please check your journal (journalctl -eb) and act accordingly.\n"; + } + } unlink($restartListFile); + unlink($restartByActivationFile); } # Start all active targets, as well as changed units we stopped above. @@ -450,6 +581,7 @@ if (scalar(keys %unitsToRestart) > 0) { # that are symlinks to other units. We shouldn't start both at the # same time because we'll get a "Failed to add path to set" error from # systemd. +my @unitsToStartFiltered = filterUnits(\%unitsToStart); print STDERR "starting the following units: ", join(", ", @unitsToStartFiltered), "\n" if scalar @unitsToStartFiltered; system("@systemd@/bin/systemctl", "start", "--", sort(keys %unitsToStart)) == 0 or $res = 4; @@ -457,7 +589,7 @@ unlink($startListFile); # Print failed and new units. -my (@failed, @new, @restarting); +my (@failed, @new); my $activeNew = getActiveUnits; while (my ($unit, $state) = each %{$activeNew}) { if ($state->{state} eq "failed") { @@ -473,7 +605,9 @@ while (my ($unit, $state) = each %{$activeNew}) { push @failed, $unit; } } - elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit}) { + # Ignore scopes since they are not managed by this script but rather + # created and managed by third-party services via the systemd dbus API. + elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/) { push @new, $unit; } } diff --git a/nixpkgs/nixos/modules/system/activation/top-level.nix b/nixpkgs/nixos/modules/system/activation/top-level.nix index dad9acba91af..68da910d29cc 100644 --- a/nixpkgs/nixos/modules/system/activation/top-level.nix +++ b/nixpkgs/nixos/modules/system/activation/top-level.nix @@ -84,6 +84,13 @@ let export localeArchive="${config.i18n.glibcLocales}/lib/locale/locale-archive" substituteAll ${./switch-to-configuration.pl} $out/bin/switch-to-configuration chmod +x $out/bin/switch-to-configuration + ${optionalString (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) '' + if ! output=$($perl/bin/perl -c $out/bin/switch-to-configuration 2>&1); then + echo "switch-to-configuration syntax is not valid:" + echo "$output" + exit 1 + fi + ''} echo -n "${toString config.system.extraDependencies}" > $out/extra-dependencies @@ -155,7 +162,7 @@ in specialisation = mkOption { default = {}; - example = lib.literalExample "{ fewJobsManyCores.configuration = { nix.buildCores = 0; nix.maxJobs = 1; }; }"; + example = lib.literalExpression "{ fewJobsManyCores.configuration = { nix.buildCores = 0; nix.maxJobs = 1; }; }"; description = '' Additional configurations to build. If <literal>inheritParentConfig</literal> is true, the system @@ -243,7 +250,7 @@ in system.replaceRuntimeDependencies = mkOption { default = []; - example = lib.literalExample "[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]"; + example = lib.literalExpression "[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]"; type = types.listOf (types.submodule ( { ... }: { options.original = mkOption { @@ -274,7 +281,11 @@ in if config.networking.hostName == "" then "unnamed" else config.networking.hostName; - defaultText = '''networking.hostName' if non empty else "unnamed"''; + defaultText = literalExpression '' + if config.networking.hostName == "" + then "unnamed" + else config.networking.hostName; + ''; description = '' The name of the system used in the <option>system.build.toplevel</option> derivation. </para><para> diff --git a/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix b/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix index b35fb0b57c05..9b52d4bbdb1e 100644 --- a/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix +++ b/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix @@ -35,7 +35,7 @@ in </para> </warning> ''; - example = "./configuration.ovpn"; + example = literalExpression "./configuration.ovpn"; }; }; diff --git a/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix b/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix index 00ac83a18972..0999142de86e 100644 --- a/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix @@ -78,7 +78,7 @@ in authorizedKeys = mkOption { type = types.listOf types.str; default = config.users.users.root.openssh.authorizedKeys.keys; - defaultText = "config.users.users.root.openssh.authorizedKeys.keys"; + defaultText = literalExpression "config.users.users.root.openssh.authorizedKeys.keys"; description = '' Authorized keys for the root user on initrd. ''; diff --git a/nixpkgs/nixos/modules/system/boot/kernel.nix b/nixpkgs/nixos/modules/system/boot/kernel.nix index 15a5fd236092..4a9da9394519 100644 --- a/nixpkgs/nixos/modules/system/boot/kernel.nix +++ b/nixpkgs/nixos/modules/system/boot/kernel.nix @@ -23,7 +23,7 @@ in boot.kernel.features = mkOption { default = {}; - example = literalExample "{ debug = true; }"; + example = literalExpression "{ debug = true; }"; internal = true; description = '' This option allows to enable or disable certain kernel features. @@ -46,8 +46,8 @@ in }); # We don't want to evaluate all of linuxPackages for the manual # - some of it might not even evaluate correctly. - defaultText = "pkgs.linuxPackages"; - example = literalExample "pkgs.linuxKernel.packages.linux_5_10"; + defaultText = literalExpression "pkgs.linuxPackages"; + example = literalExpression "pkgs.linuxKernel.packages.linux_5_10"; description = '' This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are @@ -65,7 +65,7 @@ in boot.kernelPatches = mkOption { type = types.listOf types.attrs; default = []; - example = literalExample "[ pkgs.kernelPatches.ubuntu_fan_4_4 ]"; + example = literalExpression "[ pkgs.kernelPatches.ubuntu_fan_4_4 ]"; description = "A list of additional patches to apply to the kernel."; }; @@ -83,7 +83,10 @@ in }; boot.kernelParams = mkOption { - type = types.listOf types.str; + type = types.listOf (types.strMatching ''([^"[:space:]]|"[^"]*")+'' // { + name = "kernelParam"; + description = "string, with spaces inside double quotes"; + }); default = [ ]; description = "Parameters added to the kernel command line."; }; @@ -113,7 +116,7 @@ in boot.extraModulePackages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ config.boot.kernelPackages.nvidia_x11 ]"; + example = literalExpression "[ config.boot.kernelPackages.nvidia_x11 ]"; description = "A list of additional packages supplying kernel modules."; }; @@ -181,7 +184,7 @@ in system.requiredKernelConfig = mkOption { default = []; - example = literalExample '' + example = literalExpression '' with config.lib.kernelConfig; [ (isYes "MODULES") (isEnabled "FB_CON_DECOR") diff --git a/nixpkgs/nixos/modules/system/boot/kernel_config.nix b/nixpkgs/nixos/modules/system/boot/kernel_config.nix index 5d9534024b06..495fe74bc21e 100644 --- a/nixpkgs/nixos/modules/system/boot/kernel_config.nix +++ b/nixpkgs/nixos/modules/system/boot/kernel_config.nix @@ -100,7 +100,7 @@ in settings = mkOption { type = types.attrsOf kernelItem; - example = literalExample '' with lib.kernel; { + example = literalExpression '' with lib.kernel; { "9P_NET" = yes; USB = option yes; MMC_BLOCK_MINORS = freeform "32"; diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix index 1be663670384..fa8500dd42bd 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix @@ -329,7 +329,7 @@ in extraInstallCommands = mkOption { default = ""; - example = literalExample '' + example = '' # the example below generates detached signatures that GRUB can verify # https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures ''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete @@ -392,7 +392,7 @@ in extraFiles = mkOption { type = types.attrsOf types.path; default = {}; - example = literalExample '' + example = literalExpression '' { "memtest.bin" = "''${pkgs.memtest86plus}/memtest.bin"; } ''; description = '' @@ -413,7 +413,7 @@ in splashImage = mkOption { type = types.nullOr types.path; - example = literalExample "./my-background.png"; + example = literalExpression "./my-background.png"; description = '' Background image used for GRUB. Set to <literal>null</literal> to run GRUB in text mode. @@ -449,7 +449,7 @@ in theme = mkOption { type = types.nullOr types.path; - example = literalExample "pkgs.nixos-grub2-theme"; + example = literalExpression "pkgs.nixos-grub2-theme"; default = null; description = '' Grub theme to be used. @@ -475,7 +475,7 @@ in font = mkOption { type = types.nullOr types.path; default = "${realGrub}/share/grub/unicode.pf2"; - defaultText = ''"''${pkgs.grub2}/share/grub/unicode.pf2"''; + defaultText = literalExpression ''"''${pkgs.grub2}/share/grub/unicode.pf2"''; description = '' Path to a TrueType, OpenType, or pf2 font to be used by Grub. ''; @@ -483,7 +483,7 @@ in fontSize = mkOption { type = types.nullOr types.int; - example = literalExample 16; + example = 16; default = null; description = '' Font size for the grub menu. Ignored unless <literal>font</literal> diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix index 249c2761934d..ef8595592f41 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix @@ -33,7 +33,7 @@ in booting from the GRUB boot menu. ''; default = { }; - example = literalExample '' + example = literalExpression '' { demo = ''' #!ipxe dhcp diff --git a/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py index 7134b4321630..6c26b4e0f87a 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -208,10 +208,15 @@ def main() -> None: if os.path.exists("@efiSysMountPoint@/loader/loader.conf"): os.unlink("@efiSysMountPoint@/loader/loader.conf") - if "@canTouchEfiVariables@" == "1": - subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"]) - else: - subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"]) + flags = [] + + if "@canTouchEfiVariables@" != "1": + flags.append("--no-variables") + + if "@graceful@" == "1": + flags.append("--graceful") + + subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@"] + flags + ["install"]) else: # Update bootloader to latest if needed systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1] diff --git a/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index ff304f570d35..0f76d7d6b24a 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -24,7 +24,7 @@ let configurationLimit = if cfg.configurationLimit == null then 0 else cfg.configurationLimit; - inherit (cfg) consoleMode; + inherit (cfg) consoleMode graceful; inherit (efi) efiSysMountPoint canTouchEfiVariables; @@ -126,6 +126,22 @@ in { ''; }; }; + + graceful = mkOption { + default = false; + + type = types.bool; + + description = '' + Invoke <literal>bootctl install</literal> with the <literal>--graceful</literal> option, + which ignores errors when EFI variables cannot be written or when the EFI System Partition + cannot be found. Currently only applies to random seed operations. + + Only enable this option if <literal>systemd-boot</literal> otherwise fails to install, as the + scope or implication of the <literal>--graceful</literal> option may change in the future. + ''; + }; + }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/system/boot/luksroot.nix b/nixpkgs/nixos/modules/system/boot/luksroot.nix index f87d3b07a360..fb5269e43d08 100644 --- a/nixpkgs/nixos/modules/system/boot/luksroot.nix +++ b/nixpkgs/nixos/modules/system/boot/luksroot.nix @@ -663,13 +663,11 @@ in }; encryptedPass = mkOption { - default = ""; type = types.path; description = "Path to the GPG encrypted passphrase."; }; publicKey = mkOption { - default = ""; type = types.path; description = "Path to the Public Key."; }; diff --git a/nixpkgs/nixos/modules/system/boot/networkd.nix b/nixpkgs/nixos/modules/system/boot/networkd.nix index bf254be1341b..662dfe2db989 100644 --- a/nixpkgs/nixos/modules/system/boot/networkd.nix +++ b/nixpkgs/nixos/modules/system/boot/networkd.nix @@ -250,6 +250,16 @@ let (assertRange "ERSPANIndex" 1 1048575) ]; + sectionFooOverUDP = checkUnitConfig "FooOverUDP" [ + (assertOnlyFields [ + "Port" + "Encapsulation" + "Protocol" + ]) + (assertPort "Port") + (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) + ]; + sectionPeer = checkUnitConfig "Peer" [ (assertOnlyFields [ "Name" @@ -668,6 +678,9 @@ let "SendOption" "UserClass" "VendorClass" + "DUIDType" + "DUIDRawData" + "IAID" ]) (assertValueOneOf "UseAddress" boolValues) (assertValueOneOf "UseDNS" boolValues) @@ -677,6 +690,7 @@ let (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) (assertValueOneOf "WithoutRA" ["solicit" "information-request"]) (assertRange "SendOption" 1 65536) + (assertInt "IAID") ]; sectionDHCPv6PrefixDelegation = checkUnitConfig "DHCPv6PrefixDelegation" [ @@ -844,7 +858,6 @@ let options = { wireguardPeerConfig = mkOption { default = {}; - example = { }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer; description = '' Each attribute in this set specifies an option in the @@ -859,7 +872,6 @@ let netdevOptions = commonNetworkOptions // { netdevConfig = mkOption { - default = {}; example = { Name = "mybridge"; Kind = "bridge"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; description = '' @@ -896,7 +908,6 @@ let vxlanConfig = mkOption { default = {}; - example = { Id = "4"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; description = '' Each attribute in this set specifies an option in the @@ -918,6 +929,18 @@ let ''; }; + fooOverUDPConfig = mkOption { + default = { }; + example = { Port = 9001; }; + type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; + description = '' + Each attribute in this set specifies an option in the + <literal>[FooOverUDP]</literal> section of the unit. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + ''; + }; + peerConfig = mkOption { default = {}; example = { Name = "veth2"; }; @@ -959,7 +982,7 @@ let example = { PrivateKeyFile = "/etc/wireguard/secret.key"; ListenPort = 51820; - FwMark = 42; + FirewallMark = 42; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; description = '' @@ -1038,7 +1061,6 @@ let addressOptions = { options = { addressConfig = mkOption { - default = {}; example = { Address = "192.168.0.100/24"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress; description = '' @@ -1055,7 +1077,7 @@ let options = { routingPolicyRuleConfig = mkOption { default = { }; - example = { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ;}; + example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule; description = '' Each attribute in this set specifies an option in the @@ -1146,7 +1168,7 @@ let dhcpV6Config = mkOption { default = {}; - example = { UseDNS = true; UseRoutes = true; }; + example = { UseDNS = true; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; description = '' Each attribute in this set specifies an option in the @@ -1213,7 +1235,7 @@ let ipv6Prefixes = mkOption { default = []; - example = { AddressAutoconfiguration = true; OnLink = true; }; + example = [ { AddressAutoconfiguration = true; OnLink = true; } ]; type = with types; listOf (submodule ipv6PrefixOptions); description = '' A list of ipv6Prefix sections to be added to the unit. See @@ -1449,6 +1471,10 @@ let [Tunnel] ${attrsToSection def.tunnelConfig} '' + + optionalString (def.fooOverUDPConfig != { }) '' + [FooOverUDP] + ${attrsToSection def.fooOverUDPConfig} + '' + optionalString (def.peerConfig != { }) '' [Peer] ${attrsToSection def.peerConfig} diff --git a/nixpkgs/nixos/modules/system/boot/plymouth.nix b/nixpkgs/nixos/modules/system/boot/plymouth.nix index 2a545e552513..4b8194d2f85c 100644 --- a/nixpkgs/nixos/modules/system/boot/plymouth.nix +++ b/nixpkgs/nixos/modules/system/boot/plymouth.nix @@ -62,6 +62,7 @@ in font = mkOption { default = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"; + defaultText = literalExpression ''"''${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"''; type = types.path; description = '' Font file made available for displaying text on the splash screen. @@ -88,7 +89,7 @@ in type = types.path; # Dimensions are 48x48 to match GDM logo default = "${nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png"; - defaultText = ''pkgs.fetchurl { + defaultText = literalExpression ''pkgs.fetchurl { url = "https://nixos.org/logo/nixos-hires.png"; sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; }''; diff --git a/nixpkgs/nixos/modules/system/boot/stage-1.nix b/nixpkgs/nixos/modules/system/boot/stage-1.nix index 03133fa1bc43..adbed9d8d58e 100644 --- a/nixpkgs/nixos/modules/system/boot/stage-1.nix +++ b/nixpkgs/nixos/modules/system/boot/stage-1.nix @@ -137,6 +137,14 @@ let copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/resize2fs ''} + # Copy multipath. + ${optionalString config.services.multipath.enable '' + copy_bin_and_libs ${config.services.multipath.package}/bin/multipath + copy_bin_and_libs ${config.services.multipath.package}/bin/multipathd + # Copy lib/multipath manually. + cp -rpv ${config.services.multipath.package}/lib/multipath $out/lib + ''} + # Copy secrets if needed. # # TODO: move out to a separate script; see #85000. @@ -199,6 +207,10 @@ let $out/bin/dmsetup --version 2>&1 | tee -a log | grep -q "version:" LVM_SYSTEM_DIR=$out $out/bin/lvm version 2>&1 | tee -a log | grep -q "LVM" $out/bin/mdadm --version + ${optionalString config.services.multipath.enable '' + ($out/bin/multipath || true) 2>&1 | grep -q 'need to be root' + ($out/bin/multipathd || true) 2>&1 | grep -q 'need to be root' + ''} ${config.boot.initrd.extraUtilsCommandsTest} fi @@ -338,7 +350,26 @@ let { object = pkgs.kmod-debian-aliases; symlink = "/etc/modprobe.d/debian.conf"; } - ]; + ] ++ lib.optionals config.services.multipath.enable [ + { object = pkgs.runCommand "multipath.conf" { + src = config.environment.etc."multipath.conf".text; + preferLocalBuild = true; + } '' + target=$out + printf "$src" > $out + substituteInPlace $out \ + --replace ${config.services.multipath.package}/lib ${extraUtils}/lib + ''; + symlink = "/etc/multipath.conf"; + } + ] ++ (lib.mapAttrsToList + (symlink: options: + { + inherit symlink; + object = options.source; + } + ) + config.boot.initrd.extraFiles); }; # Script to add secret files to the initrd at bootloader update time @@ -411,7 +442,7 @@ in boot.initrd.enable = mkOption { type = types.bool; default = !config.boot.isContainer; - defaultText = "!config.boot.isContainer"; + defaultText = literalExpression "!config.boot.isContainer"; description = '' Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting @@ -419,6 +450,22 @@ in ''; }; + boot.initrd.extraFiles = mkOption { + default = { }; + type = types.attrsOf + (types.submodule { + options = { + source = mkOption { + type = types.package; + description = "The object to make available inside the initrd."; + }; + }; + }); + description = '' + Extra files to link and copy in to the initrd. + ''; + }; + boot.initrd.prepend = mkOption { default = [ ]; type = types.listOf types.str; @@ -527,7 +574,7 @@ in then "zstd" else "gzip" ); - defaultText = "zstd if the kernel supports it (5.9+), gzip if not."; + defaultText = literalDocBook "<literal>zstd</literal> if the kernel supports it (5.9+), <literal>gzip</literal> if not"; type = types.unspecified; # We don't have a function type... description = '' The compressor to use on the initrd image. May be any of: @@ -559,7 +606,7 @@ in is the path it should be copied from (or null for the same path inside and out). ''; - example = literalExample + example = literalExpression '' { "/etc/dropbear/dropbear_rsa_host_key" = ./secret-dropbear-key; diff --git a/nixpkgs/nixos/modules/system/boot/systemd.nix b/nixpkgs/nixos/modules/system/boot/systemd.nix index f4413188187e..a2b9da2f72e5 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd.nix @@ -426,7 +426,7 @@ in systemd.package = mkOption { default = pkgs.systemd; - defaultText = "pkgs.systemd"; + defaultText = literalExpression "pkgs.systemd"; type = types.package; description = "The systemd package."; }; @@ -446,7 +446,7 @@ in systemd.packages = mkOption { default = []; type = types.listOf types.package; - example = literalExample "[ pkgs.systemd-cryptsetup-generator ]"; + example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]"; description = "Packages providing systemd units and hooks."; }; @@ -663,7 +663,7 @@ in services.journald.forwardToSyslog = mkOption { default = config.services.rsyslogd.enable || config.services.syslog-ng.enable; - defaultText = "services.rsyslogd.enable || services.syslog-ng.enable"; + defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable"; type = types.bool; description = '' Whether to forward log messages to syslog. @@ -722,7 +722,7 @@ in services.logind.lidSwitchExternalPower = mkOption { default = config.services.logind.lidSwitch; - defaultText = "services.logind.lidSwitch"; + defaultText = literalExpression "services.logind.lidSwitch"; example = "ignore"; type = logindHandlerType; @@ -768,7 +768,7 @@ in systemd.tmpfiles.packages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.lvm2 ]"; + example = literalExpression "[ pkgs.lvm2 ]"; apply = map getLib; description = '' List of packages containing <command>systemd-tmpfiles</command> rules. diff --git a/nixpkgs/nixos/modules/system/etc/etc.nix b/nixpkgs/nixos/modules/system/etc/etc.nix index 84468ea31f74..8f14f04a1f64 100644 --- a/nixpkgs/nixos/modules/system/etc/etc.nix +++ b/nixpkgs/nixos/modules/system/etc/etc.nix @@ -6,9 +6,7 @@ with lib; let - # if the source is a local file, it should be imported to the store - localToStore = mapAttrs (name: value: if name == "source" then "${value}" else value); - etc' = map localToStore (filter (f: f.enable) (attrValues config.environment.etc)); + etc' = filter (f: f.enable) (attrValues config.environment.etc); etc = pkgs.runCommandLocal "etc" { # This is needed for the systemd module @@ -55,7 +53,8 @@ let mkdir -p "$out/etc" ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [ "makeEtcEntry" - etcEntry.source + # Force local source paths to be added to the store + "${etcEntry.source}" etcEntry.target etcEntry.mode etcEntry.user @@ -73,7 +72,7 @@ in environment.etc = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { example-configuration-file = { source = "/nix/store/.../etc/dir/file.conf.example"; mode = "0440"; diff --git a/nixpkgs/nixos/modules/tasks/filesystems.nix b/nixpkgs/nixos/modules/tasks/filesystems.nix index 4f56504f45e7..225bcbe58e01 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems.nix @@ -163,7 +163,7 @@ in fileSystems = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { "/".device = "/dev/hda1"; "/data" = { diff --git a/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix index fd35c35d32ad..38c3920a78ad 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix @@ -35,7 +35,7 @@ in <link xlink:href="https://linux.die.net/man/5/idmapd.conf"/> for details. ''; - example = literalExample '' + example = literalExpression '' { Translation = { GSS-Methods = "static,nsswitch"; diff --git a/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix index cb0e66402476..2c03ef7ba7e0 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix @@ -104,7 +104,7 @@ in readOnly = true; type = types.package; default = if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs; - defaultText = "if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs"; + defaultText = literalExpression "if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs"; description = "Configured ZFS userland tools package."; }; @@ -150,7 +150,6 @@ in devNodes = mkOption { type = types.path; default = "/dev/disk/by-id"; - example = "/dev/disk/by-id"; description = '' Name of directory from which to import ZFS devices. @@ -351,7 +350,7 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); - example = literalExample '' + example = literalExpression '' { ZED_DEBUG_LOG = "/tmp/zed.debug.log"; diff --git a/nixpkgs/nixos/modules/tasks/lvm.nix b/nixpkgs/nixos/modules/tasks/lvm.nix index aaa76b49fa30..35316603c38f 100644 --- a/nixpkgs/nixos/modules/tasks/lvm.nix +++ b/nixpkgs/nixos/modules/tasks/lvm.nix @@ -9,7 +9,7 @@ in { type = types.package; default = if cfg.dmeventd.enable then pkgs.lvm2_dmeventd else pkgs.lvm2; internal = true; - defaultText = "pkgs.lvm2"; + defaultText = literalExpression "pkgs.lvm2"; description = '' This option allows you to override the LVM package that's used on the system (udev rules, tmpfiles, systemd services). diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix b/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix index 11bd159319a3..e8e2de090b32 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix @@ -61,6 +61,8 @@ let MACAddress = i.macAddress; } // optionalAttrs (i.mtu != null) { MTUBytes = toString i.mtu; + } // optionalAttrs (i.wakeOnLan.enable == true) { + WakeOnLan = "magic"; }; }; in listToAttrs (map createNetworkLink interfaces); @@ -464,6 +466,39 @@ let ''; }); + createFouEncapsulation = n: v: nameValuePair "${n}-fou-encap" + (let + # if we have a device to bind to we can wait for its addresses to be + # configured, otherwise external sequencing is required. + deps = optionals (v.local != null && v.local.dev != null) + (deviceDependency v.local.dev ++ [ "network-addresses-${v.local.dev}.service" ]); + fouSpec = "port ${toString v.port} ${ + if v.protocol != null then "ipproto ${toString v.protocol}" else "gue" + } ${ + optionalString (v.local != null) "local ${escapeShellArg v.local.address} ${ + optionalString (v.local.dev != null) "dev ${escapeShellArg v.local.dev}" + }" + }"; + in + { description = "FOU endpoint ${n}"; + wantedBy = [ "network-setup.service" (subsystemDevice n) ]; + bindsTo = deps; + partOf = [ "network-setup.service" ]; + after = [ "network-pre.target" ] ++ deps; + before = [ "network-setup.service" ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + path = [ pkgs.iproute2 ]; + script = '' + # always remove previous incarnation since show can't filter + ip fou del ${fouSpec} >/dev/null 2>&1 || true + ip fou add ${fouSpec} + ''; + postStop = '' + ip fou del ${fouSpec} || true + ''; + }); + createSitDevice = n: v: nameValuePair "${n}-netdev" (let deps = deviceDependency v.dev; @@ -484,7 +519,12 @@ let ${optionalString (v.remote != null) "remote \"${v.remote}\""} \ ${optionalString (v.local != null) "local \"${v.local}\""} \ ${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \ - ${optionalString (v.dev != null) "dev \"${v.dev}\""} + ${optionalString (v.dev != null) "dev \"${v.dev}\""} \ + ${optionalString (v.encapsulation != null) + "encap ${v.encapsulation.type} encap-dport ${toString v.encapsulation.port} ${ + optionalString (v.encapsulation.sourcePort != null) + "encap-sport ${toString v.encapsulation.sourcePort}" + }"} ip link set "${n}" up ''; postStop = '' @@ -528,6 +568,7 @@ let // mapAttrs' createVswitchDevice cfg.vswitches // mapAttrs' createBondDevice cfg.bonds // mapAttrs' createMacvlanDevice cfg.macvlans + // mapAttrs' createFouEncapsulation cfg.fooOverUDP // mapAttrs' createSitDevice cfg.sits // mapAttrs' createVlanDevice cfg.vlans // { diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix b/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix index 225f9dc67fcc..ccfd7fd4132b 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix @@ -47,6 +47,9 @@ in } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; + }) ++ flip mapAttrsToList cfg.fooOverUDP (n: { local, ... }: { + assertion = local == null; + message = "networking.fooOverUDP.${n}.local is not supported by networkd."; }); networking.dhcpcd.enable = mkDefault false; @@ -194,6 +197,23 @@ in macvlan = [ name ]; } ]); }))) + (mkMerge (flip mapAttrsToList cfg.fooOverUDP (name: fou: { + netdevs."40-${name}" = { + netdevConfig = { + Name = name; + Kind = "fou"; + }; + # unfortunately networkd cannot encode dependencies of netdevs on addresses/routes, + # so we cannot specify Local=, Peer=, PeerPort=. this looks like a missing feature + # in networkd. + fooOverUDPConfig = { + Port = fou.port; + Encapsulation = if fou.protocol != null then "FooOverUDP" else "GenericUDPEncapsulation"; + } // (optionalAttrs (fou.protocol != null) { + Protocol = fou.protocol; + }); + }; + }))) (mkMerge (flip mapAttrsToList cfg.sits (name: sit: { netdevs."40-${name}" = { netdevConfig = { @@ -207,7 +227,17 @@ in Local = sit.local; }) // (optionalAttrs (sit.ttl != null) { TTL = sit.ttl; - }); + }) // (optionalAttrs (sit.encapsulation != null) ( + { + FooOverUDP = true; + Encapsulation = + if sit.encapsulation.type == "fou" + then "FooOverUDP" + else "GenericUDPEncapsulation"; + FOUDestinationPort = sit.encapsulation.port; + } // (optionalAttrs (sit.encapsulation.sourcePort != null) { + FOUSourcePort = sit.encapsulation.sourcePort; + }))); }; networks = mkIf (sit.dev != null) { "40-${sit.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) { diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces.nix b/nixpkgs/nixos/modules/tasks/network-interfaces.nix index d934e3cf0224..4e20ec118464 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces.nix @@ -10,6 +10,8 @@ let hasVirtuals = any (i: i.virtual) interfaces; hasSits = cfg.sits != { }; hasBonds = cfg.bonds != { }; + hasFous = cfg.fooOverUDP != { } + || filterAttrs (_: s: s.encapsulation != null) cfg.sits != { }; slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds) ++ concatMap (i: i.interfaces) (attrValues cfg.bridges) @@ -146,7 +148,7 @@ let tempAddress = mkOption { type = types.enum (lib.attrNames tempaddrValues); default = cfg.tempAddresses; - defaultText = literalExample ''config.networking.tempAddresses''; + defaultText = literalExpression ''config.networking.tempAddresses''; description = '' When IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this @@ -257,7 +259,7 @@ let virtualType = mkOption { default = if hasPrefix "tun" name then "tun" else "tap"; - defaultText = literalExample ''if hasPrefix "tun" name then "tun" else "tap"''; + defaultText = literalExpression ''if hasPrefix "tun" name then "tun" else "tap"''; type = with types; enum [ "tun" "tap" ]; description = '' The type of interface to create. @@ -284,6 +286,13 @@ let ''; }; + wakeOnLan = { + enable = mkOption { + type = types.bool; + default = false; + description = "Wether to enable wol on this interface."; + }; + }; }; config = { @@ -420,7 +429,7 @@ in The FQDN is required but cannot be determined. Please make sure that both networking.hostName and networking.domain are set properly. ''; - defaultText = literalExample ''''${networking.hostName}.''${networking.domain}''; + defaultText = literalExpression ''"''${networking.hostName}.''${networking.domain}"''; description = '' The fully qualified domain name (FQDN) of this host. It is the result of combining networking.hostName and networking.domain. Using this @@ -578,7 +587,6 @@ in options = { interfaces = mkOption { - example = [ "eth0" "eth1" ]; description = "The physical network interfaces connected by the vSwitch."; type = with types; attrsOf (submodule vswitchInterfaceOpts); }; @@ -691,7 +699,7 @@ in ''; in mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { bond0 = { interfaces = [ "eth0" "wlan0" ]; @@ -720,7 +728,7 @@ in driverOptions = mkOption { type = types.attrsOf types.str; default = {}; - example = literalExample driverOptionsExample; + example = literalExpression driverOptionsExample; description = '' Options for the bonding driver. Documentation can be found in @@ -784,7 +792,7 @@ in networking.macvlans = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { wan = { interface = "enp2s0"; @@ -817,9 +825,74 @@ in }); }; + networking.fooOverUDP = mkOption { + default = { }; + example = + { + primary = { port = 9001; local = { address = "192.0.2.1"; dev = "eth0"; }; }; + backup = { port = 9002; }; + }; + description = '' + This option allows you to configure Foo Over UDP and Generic UDP Encapsulation + endpoints. See <citerefentry><refentrytitle>ip-fou</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> for details. + ''; + type = with types; attrsOf (submodule { + options = { + port = mkOption { + type = port; + description = '' + Local port of the encapsulation UDP socket. + ''; + }; + + protocol = mkOption { + type = nullOr (ints.between 1 255); + default = null; + description = '' + Protocol number of the encapsulated packets. Specifying <literal>null</literal> + (the default) creates a GUE endpoint, specifying a protocol number will create + a FOU endpoint. + ''; + }; + + local = mkOption { + type = nullOr (submodule { + options = { + address = mkOption { + type = types.str; + description = '' + Local address to bind to. The address must be available when the FOU + endpoint is created, using the scripted network setup this can be achieved + either by setting <literal>dev</literal> or adding dependency information to + <literal>systemd.services.<name>-fou-encap</literal>; it isn't supported + when using networkd. + ''; + }; + + dev = mkOption { + type = nullOr str; + default = null; + example = "eth0"; + description = '' + Network device to bind to. + ''; + }; + }; + }); + default = null; + example = { address = "203.0.113.22"; }; + description = '' + Local address (and optionally device) to bind to using the given port. + ''; + }; + }; + }); + }; + networking.sits = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { hurricane = { remote = "10.0.0.1"; @@ -876,6 +949,44 @@ in ''; }; + encapsulation = with types; mkOption { + type = nullOr (submodule { + options = { + type = mkOption { + type = enum [ "fou" "gue" ]; + description = '' + Selects encapsulation type. See + <citerefentry><refentrytitle>ip-link</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> for details. + ''; + }; + + port = mkOption { + type = port; + example = 9001; + description = '' + Destination port for encapsulated packets. + ''; + }; + + sourcePort = mkOption { + type = nullOr types.port; + default = null; + example = 9002; + description = '' + Source port for encapsulated packets. Will be chosen automatically by + the kernel if unset. + ''; + }; + }; + }); + default = null; + example = { type = "fou"; port = 9001; }; + description = '' + Configures encapsulation in UDP packets. + ''; + }; + }; }); @@ -883,7 +994,7 @@ in networking.vlans = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { vlan0 = { id = 3; @@ -927,7 +1038,7 @@ in networking.wlanInterfaces = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { wlan-station0 = { device = "wlp6s0"; @@ -1110,7 +1221,8 @@ in boot.kernelModules = [ ] ++ optional hasVirtuals "tun" ++ optional hasSits "sit" - ++ optional hasBonds "bonding"; + ++ optional hasBonds "bonding" + ++ optional hasFous "fou"; boot.extraModprobeConfig = # This setting is intentional as it prevents default bond devices @@ -1139,10 +1251,12 @@ in source = "${pkgs.iputils.out}/bin/ping"; }; } else { - setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.iputils.out}/bin/ping"; + ping = { + setuid = true; + owner = "root"; + group = "root"; + source = "${pkgs.iputils.out}/bin/ping"; + }; }; security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter '' /run/wrappers/bin/ping { diff --git a/nixpkgs/nixos/modules/testing/test-instrumentation.nix b/nixpkgs/nixos/modules/testing/test-instrumentation.nix index be5fa88b8ade..a7011be7e042 100644 --- a/nixpkgs/nixos/modules/testing/test-instrumentation.nix +++ b/nixpkgs/nixos/modules/testing/test-instrumentation.nix @@ -4,7 +4,10 @@ { options, config, lib, pkgs, ... }: with lib; -with import ../../lib/qemu-flags.nix { inherit pkgs; }; + +let + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; +in { @@ -12,8 +15,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; systemd.services.backdoor = { wantedBy = [ "multi-user.target" ]; - requires = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; - after = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; + requires = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ]; + after = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ]; script = '' export USER=root @@ -30,7 +33,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; cd /tmp exec < /dev/hvc0 > /dev/hvc0 - while ! exec 2> /dev/${qemuSerialDevice}; do sleep 0.1; done + while ! exec 2> /dev/${qemu-common.qemuSerialDevice}; do sleep 0.1; done echo "connecting to host..." >&2 stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion echo @@ -42,7 +45,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # Prevent agetty from being instantiated on the serial device, since it # interferes with the backdoor (writes to it will randomly fail # with EIO). Likewise for hvc0. - systemd.services."serial-getty@${qemuSerialDevice}".enable = false; + systemd.services."serial-getty@${qemu-common.qemuSerialDevice}".enable = false; systemd.services."serial-getty@hvc0".enable = false; # Only set these settings when the options exist. Some tests (e.g. those @@ -57,7 +60,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # we avoid defining consoles if not possible. # TODO: refactor such that test-instrumentation can import qemu-vm # or declare virtualisation.qemu.console option in a module that's always imported - consoles = [ qemuSerialDevice ]; + consoles = [ qemu-common.qemuSerialDevice ]; package = lib.mkDefault pkgs.qemu_test; }; }; @@ -88,7 +91,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # Panic if an error occurs in stage 1 (rather than waiting for # user intervention). boot.kernelParams = - [ "console=${qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; + [ "console=${qemu-common.qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; # `xwininfo' is used by the test driver to query open windows. environment.systemPackages = [ pkgs.xorg.xwininfo ]; diff --git a/nixpkgs/nixos/modules/virtualisation/anbox.nix b/nixpkgs/nixos/modules/virtualisation/anbox.nix index 7b096bd1a9fb..a4da62eb5f79 100644 --- a/nixpkgs/nixos/modules/virtualisation/anbox.nix +++ b/nixpkgs/nixos/modules/virtualisation/anbox.nix @@ -35,7 +35,7 @@ in image = mkOption { default = pkgs.anbox.image; - example = literalExample "pkgs.anbox.image"; + defaultText = literalExpression "pkgs.anbox.image"; type = types.package; description = '' Base android image for Anbox. diff --git a/nixpkgs/nixos/modules/virtualisation/containers.nix b/nixpkgs/nixos/modules/virtualisation/containers.nix index 84824e2f90f0..cea3d51d3aef 100644 --- a/nixpkgs/nixos/modules/virtualisation/containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/containers.nix @@ -2,7 +2,7 @@ let cfg = config.virtualisation.containers; - inherit (lib) mkOption types; + inherit (lib) literalExpression mkOption types; toml = pkgs.formats.toml { }; in @@ -50,12 +50,12 @@ in containersConf.cniPlugins = mkOption { type = types.listOf types.package; - defaultText = '' + defaultText = literalExpression '' [ pkgs.cni-plugins ] ''; - example = lib.literalExample '' + example = literalExpression '' [ pkgs.cniPlugins.dnsname ] @@ -106,7 +106,7 @@ in policy = mkOption { default = {}; type = types.attrs; - example = lib.literalExample '' + example = literalExpression '' { default = [ { type = "insecureAcceptAnything"; } ]; transports = { diff --git a/nixpkgs/nixos/modules/virtualisation/cri-o.nix b/nixpkgs/nixos/modules/virtualisation/cri-o.nix index c135081959a6..38766113f391 100644 --- a/nixpkgs/nixos/modules/virtualisation/cri-o.nix +++ b/nixpkgs/nixos/modules/virtualisation/cri-o.nix @@ -38,27 +38,27 @@ in type = types.nullOr types.str; default = null; description = "Override the default pause image for pod sandboxes"; - example = [ "k8s.gcr.io/pause:3.2" ]; + example = "k8s.gcr.io/pause:3.2"; }; pauseCommand = mkOption { type = types.nullOr types.str; default = null; description = "Override the default pause command"; - example = [ "/pause" ]; + example = "/pause"; }; runtime = mkOption { type = types.nullOr types.str; default = null; description = "Override the default runtime"; - example = [ "crun" ]; + example = "crun"; }; extraPackages = mkOption { type = with types; listOf package; default = [ ]; - example = literalExample '' + example = literalExpression '' [ pkgs.gvisor ] diff --git a/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix b/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix index 02f4de009fa8..4339d91de168 100644 --- a/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix +++ b/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix @@ -20,7 +20,7 @@ in { options.virtualisation.digitalOcean.defaultConfigFile = mkOption { type = types.path; default = defaultConfigFile; - defaultText = '' + defaultText = literalDocBook '' The default configuration imports user-data if applicable and <literal>(modulesPath + "/virtualisation/digital-ocean-config.nix")</literal>. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/docker.nix b/nixpkgs/nixos/modules/virtualisation/docker.nix index 29f133786d8d..06858e150309 100644 --- a/nixpkgs/nixos/modules/virtualisation/docker.nix +++ b/nixpkgs/nixos/modules/virtualisation/docker.nix @@ -138,8 +138,9 @@ in package = mkOption { default = pkgs.docker; + defaultText = literalExpression "pkgs.docker"; type = types.package; - example = pkgs.docker-edge; + example = literalExpression "pkgs.docker-edge"; description = '' Docker package to be used in the module. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix b/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix index 93fefe56d1a5..aa38a02ea088 100644 --- a/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix @@ -12,7 +12,7 @@ in { type = types.path; description = "The ECS agent package to use"; default = pkgs.ecs-agent; - defaultText = "pkgs.ecs-agent"; + defaultText = literalExpression "pkgs.ecs-agent"; }; extra-environment = mkOption { diff --git a/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix b/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix index b3bcfff19807..fb6502644b80 100644 --- a/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix @@ -34,7 +34,7 @@ in { initrd.availableKernelModules = [ "hyperv_keyboard" ]; kernelParams = [ - "video=hyperv_fb:${cfg.videoMode} elevator=noop" + "video=hyperv_fb:${cfg.videoMode}" "elevator=noop" ]; }; diff --git a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix index 3c291397a998..121e7286bc13 100644 --- a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix +++ b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix @@ -13,23 +13,140 @@ let ''; ovmfFilePrefix = if pkgs.stdenv.isAarch64 then "AAVMF" else "OVMF"; qemuConfigFile = pkgs.writeText "qemu.conf" '' - ${optionalString cfg.qemuOvmf '' + ${optionalString cfg.qemu.ovmf.enable '' nvram = [ "/run/libvirt/nix-ovmf/${ovmfFilePrefix}_CODE.fd:/run/libvirt/nix-ovmf/${ovmfFilePrefix}_VARS.fd" ] ''} - ${optionalString (!cfg.qemuRunAsRoot) '' + ${optionalString (!cfg.qemu.runAsRoot) '' user = "qemu-libvirtd" group = "qemu-libvirtd" ''} - ${cfg.qemuVerbatimConfig} + ${cfg.qemu.verbatimConfig} ''; dirName = "libvirt"; subDirs = list: [ dirName ] ++ map (e: "${dirName}/${e}") list; -in { + ovmfModule = types.submodule { + options = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Allows libvirtd to take advantage of OVMF when creating new + QEMU VMs with UEFI boot. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.OVMF; + defaultText = literalExpression "pkgs.OVMF"; + example = literalExpression "pkgs.OVMFFull"; + description = '' + OVMF package to use. + ''; + }; + }; + }; + + swtpmModule = types.submodule { + options = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Allows libvirtd to use swtpm to create an emulated TPM. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.swtpm; + defaultText = literalExpression "pkgs.swtpm"; + description = '' + swtpm package to use. + ''; + }; + }; + }; + + qemuModule = types.submodule { + options = { + package = mkOption { + type = types.package; + default = pkgs.qemu; + defaultText = literalExpression "pkgs.qemu"; + description = '' + Qemu package to use with libvirt. + `pkgs.qemu` can emulate alien architectures (e.g. aarch64 on x86) + `pkgs.qemu_kvm` saves disk space allowing to emulate only host architectures. + ''; + }; + + runAsRoot = mkOption { + type = types.bool; + default = true; + description = '' + If true, libvirtd runs qemu as root. + If false, libvirtd runs qemu as unprivileged user qemu-libvirtd. + Changing this option to false may cause file permission issues + for existing guests. To fix these, manually change ownership + of affected files in /var/lib/libvirt/qemu to qemu-libvirtd. + ''; + }; + + verbatimConfig = mkOption { + type = types.lines; + default = '' + namespaces = [] + ''; + description = '' + Contents written to the qemu configuration file, qemu.conf. + Make sure to include a proper namespace configuration when + supplying custom configuration. + ''; + }; + + ovmf = mkOption { + type = ovmfModule; + default = { }; + description = '' + QEMU's OVMF options. + ''; + }; + + swtpm = mkOption { + type = swtpmModule; + default = { }; + description = '' + QEMU's swtpm options. + ''; + }; + }; + }; +in +{ imports = [ (mkRemovedOptionModule [ "virtualisation" "libvirtd" "enableKVM" ] - "Set the option `virtualisation.libvirtd.qemuPackage' instead.") + "Set the option `virtualisation.libvirtd.qemu.package' instead.") + (mkRenamedOptionModule + [ "virtualisation" "libvirtd" "qemuPackage" ] + [ "virtualisation" "libvirtd" "qemu" "package" ]) + (mkRenamedOptionModule + [ "virtualisation" "libvirtd" "qemuRunAsRoot" ] + [ "virtualisation" "libvirtd" "qemu" "runAsRoot" ]) + (mkRenamedOptionModule + [ "virtualisation" "libvirtd" "qemuVerbatimConfig" ] + [ "virtualisation" "libvirtd" "qemu" "verbatimConfig" ]) + (mkRenamedOptionModule + [ "virtualisation" "libvirtd" "qemuOvmf" ] + [ "virtualisation" "libvirtd" "qemu" "ovmf" "enable" ]) + (mkRenamedOptionModule + [ "virtualisation" "libvirtd" "qemuOvmfPackage" ] + [ "virtualisation" "libvirtd" "qemu" "ovmf" "package" ]) + (mkRenamedOptionModule + [ "virtualisation" "libvirtd" "qemuSwtpm" ] + [ "virtualisation" "libvirtd" "qemu" "swtpm" "enable" ]) ]; ###### interface @@ -50,22 +167,12 @@ in { package = mkOption { type = types.package; default = pkgs.libvirt; - defaultText = "pkgs.libvirt"; + defaultText = literalExpression "pkgs.libvirt"; description = '' libvirt package to use. ''; }; - qemuPackage = mkOption { - type = types.package; - default = pkgs.qemu; - description = '' - Qemu package to use with libvirt. - `pkgs.qemu` can emulate alien architectures (e.g. aarch64 on x86) - `pkgs.qemu_kvm` saves disk space allowing to emulate only host architectures. - ''; - }; - extraConfig = mkOption { type = types.lines; default = ""; @@ -75,39 +182,6 @@ in { ''; }; - qemuRunAsRoot = mkOption { - type = types.bool; - default = true; - description = '' - If true, libvirtd runs qemu as root. - If false, libvirtd runs qemu as unprivileged user qemu-libvirtd. - Changing this option to false may cause file permission issues - for existing guests. To fix these, manually change ownership - of affected files in /var/lib/libvirt/qemu to qemu-libvirtd. - ''; - }; - - qemuVerbatimConfig = mkOption { - type = types.lines; - default = '' - namespaces = [] - ''; - description = '' - Contents written to the qemu configuration file, qemu.conf. - Make sure to include a proper namespace configuration when - supplying custom configuration. - ''; - }; - - qemuOvmf = mkOption { - type = types.bool; - default = true; - description = '' - Allows libvirtd to take advantage of OVMF when creating new - QEMU VMs with UEFI boot. - ''; - }; - extraOptions = mkOption { type = types.listOf types.str; default = [ ]; @@ -118,7 +192,7 @@ in { }; onBoot = mkOption { - type = types.enum ["start" "ignore" ]; + type = types.enum [ "start" "ignore" ]; default = "start"; description = '' Specifies the action to be done to / on the guests when the host boots. @@ -130,7 +204,7 @@ in { }; onShutdown = mkOption { - type = types.enum ["shutdown" "suspend" ]; + type = types.enum [ "shutdown" "suspend" ]; default = "suspend"; description = '' When shutting down / restarting the host what method should @@ -148,6 +222,13 @@ in { ''; }; + qemu = mkOption { + type = qemuModule; + default = { }; + description = '' + QEMU related options. + ''; + }; }; @@ -160,13 +241,19 @@ in { assertion = config.security.polkit.enable; message = "The libvirtd module currently requires Polkit to be enabled ('security.polkit.enable = true')."; } + { + assertion = builtins.elem "fd" cfg.qemu.ovmf.package.outputs; + message = "The option 'virtualisation.libvirtd.qemuOvmfPackage' needs a package that has an 'fd' output."; + } ]; environment = { # this file is expected in /etc/qemu and not sysconfdir (/var/lib) - etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" (e: - "allow ${e}") cfg.allowedBridges; - systemPackages = with pkgs; [ libressl.nc iptables cfg.package cfg.qemuPackage ]; + etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" + (e: + "allow ${e}") + cfg.allowedBridges; + systemPackages = with pkgs; [ libressl.nc iptables cfg.package cfg.qemu.package ]; etc.ethertypes.source = "${pkgs.ebtables}/etc/ethertypes"; }; @@ -208,17 +295,17 @@ in { cp -f ${qemuConfigFile} /var/lib/${dirName}/qemu.conf # stable (not GC'able as in /nix/store) paths for using in <emulator> section of xml configs - for emulator in ${cfg.package}/libexec/libvirt_lxc ${cfg.qemuPackage}/bin/qemu-kvm ${cfg.qemuPackage}/bin/qemu-system-*; do + for emulator in ${cfg.package}/libexec/libvirt_lxc ${cfg.qemu.package}/bin/qemu-kvm ${cfg.qemu.package}/bin/qemu-system-*; do ln -s --force "$emulator" /run/${dirName}/nix-emulators/ done for helper in libexec/qemu-bridge-helper bin/qemu-pr-helper; do - ln -s --force ${cfg.qemuPackage}/$helper /run/${dirName}/nix-helpers/ + ln -s --force ${cfg.qemu.package}/$helper /run/${dirName}/nix-helpers/ done - ${optionalString cfg.qemuOvmf '' - ln -s --force ${pkgs.OVMF.fd}/FV/${ovmfFilePrefix}_CODE.fd /run/${dirName}/nix-ovmf/ - ln -s --force ${pkgs.OVMF.fd}/FV/${ovmfFilePrefix}_VARS.fd /run/${dirName}/nix-ovmf/ + ${optionalString cfg.qemu.ovmf.enable '' + ln -s --force ${cfg.qemu.ovmf.package.fd}/FV/${ovmfFilePrefix}_CODE.fd /run/${dirName}/nix-ovmf/ + ln -s --force ${cfg.qemu.ovmf.package.fd}/FV/${ovmfFilePrefix}_VARS.fd /run/${dirName}/nix-ovmf/ ''} ''; @@ -234,15 +321,20 @@ in { systemd.services.libvirtd = { requires = [ "libvirtd-config.service" ]; after = [ "libvirtd-config.service" ] - ++ optional vswitch.enable "ovs-vswitchd.service"; + ++ optional vswitch.enable "ovs-vswitchd.service"; environment.LIBVIRTD_ARGS = escapeShellArgs ( - [ "--config" configFile - "--timeout" "120" # from ${libvirt}/var/lib/sysconfig/libvirtd - ] ++ cfg.extraOptions); - - path = [ cfg.qemuPackage ] # libvirtd requires qemu-img to manage disk images - ++ optional vswitch.enable vswitch.package; + [ + "--config" + configFile + "--timeout" + "120" # from ${libvirt}/var/lib/sysconfig/libvirtd + ] ++ cfg.extraOptions + ); + + path = [ cfg.qemu.package ] # libvirtd requires qemu-img to manage disk images + ++ optional vswitch.enable vswitch.package + ++ optional cfg.qemu.swtpm.enable cfg.qemu.swtpm.package; serviceConfig = { Type = "notify"; diff --git a/nixpkgs/nixos/modules/virtualisation/lxd.nix b/nixpkgs/nixos/modules/virtualisation/lxd.nix index 6732e244369f..94cd22d1371c 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxd.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxd.nix @@ -35,7 +35,7 @@ in { package = mkOption { type = types.package; default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; }; - defaultText = "pkgs.lxd"; + defaultText = literalExpression "pkgs.lxd"; description = '' The LXD package to use. ''; @@ -44,7 +44,7 @@ in { lxcPackage = mkOption { type = types.package; default = pkgs.lxc; - defaultText = "pkgs.lxc"; + defaultText = literalExpression "pkgs.lxc"; description = '' The LXC package to use with LXD (required for AppArmor profiles). ''; @@ -53,7 +53,7 @@ in { zfsSupport = mkOption { type = types.bool; default = config.boot.zfs.enabled; - defaultText = "config.boot.zfs.enabled"; + defaultText = literalExpression "config.boot.zfs.enabled"; description = '' Enables lxd to use zfs as a storage for containers. diff --git a/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix b/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix index f3f318412df1..279c96567353 100644 --- a/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix @@ -530,7 +530,7 @@ in nixpkgs = mkOption { type = types.path; default = pkgs.path; - defaultText = "pkgs.path"; + defaultText = literalExpression "pkgs.path"; description = '' A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container. @@ -636,7 +636,7 @@ in bindMounts = mkOption { type = with types; attrsOf (submodule bindMountOpts); default = {}; - example = literalExample '' + example = literalExpression '' { "/home" = { hostPath = "/home/alice"; isReadOnly = false; }; } @@ -707,7 +707,7 @@ in })); default = {}; - example = literalExample + example = literalExpression '' { webserver = { path = "/nix/var/nix/profiles/webserver"; diff --git a/nixpkgs/nixos/modules/virtualisation/oci-containers.nix b/nixpkgs/nixos/modules/virtualisation/oci-containers.nix index a4a92f22506c..24573bba4800 100644 --- a/nixpkgs/nixos/modules/virtualisation/oci-containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/oci-containers.nix @@ -28,7 +28,7 @@ let You still need to set the <literal>image</literal> attribute, as it will be used as the image name for docker to start a container. ''; - example = literalExample "pkgs.dockerTools.buildDockerImage {...};"; + example = literalExpression "pkgs.dockerTools.buildDockerImage {...};"; }; login = { @@ -59,7 +59,7 @@ let type = with types; listOf str; default = []; description = "Commandline arguments to pass to the image's entrypoint."; - example = literalExample '' + example = literalExpression '' ["--port=9000"] ''; }; @@ -75,7 +75,7 @@ let type = with types; attrsOf str; default = {}; description = "Environment variables to set for this container."; - example = literalExample '' + example = literalExpression '' { DATABASE_HOST = "db.example.com"; DATABASE_PORT = "3306"; @@ -87,7 +87,7 @@ let type = with types; listOf path; default = []; description = "Environment files for this container."; - example = literalExample '' + example = literalExpression '' [ /path/to/.env /path/to/.env.secret @@ -160,7 +160,7 @@ let <link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports"> Docker engine documentation</link> for full details. ''; - example = literalExample '' + example = literalExpression '' [ "8080:9000" ] @@ -191,7 +191,7 @@ let <link xlink:href="https://docs.docker.com/engine/reference/run/#volume-shared-filesystems"> docker engine documentation</link> for details. ''; - example = literalExample '' + example = literalExpression '' [ "volume_name:/path/inside/container" "/path/on/host:/path/inside/container" @@ -214,7 +214,7 @@ let Use the same name as the attribute under <literal>virtualisation.oci-containers.containers</literal>. ''; - example = literalExample '' + example = literalExpression '' virtualisation.oci-containers.containers = { node1 = {}; node2 = { @@ -228,7 +228,7 @@ let type = with types; listOf str; default = []; description = "Extra options for <command>${defaultBackend} run</command>."; - example = literalExample '' + example = literalExpression '' ["--network=host"] ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/openvswitch.nix b/nixpkgs/nixos/modules/virtualisation/openvswitch.nix index ccf32641df62..325f6f5b43f4 100644 --- a/nixpkgs/nixos/modules/virtualisation/openvswitch.nix +++ b/nixpkgs/nixos/modules/virtualisation/openvswitch.nix @@ -31,7 +31,7 @@ in { package = mkOption { type = types.package; default = pkgs.openvswitch; - defaultText = "pkgs.openvswitch"; + defaultText = literalExpression "pkgs.openvswitch"; description = '' Open vSwitch package to use. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix b/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix index 55605b388b7c..d950cecff6f0 100644 --- a/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix @@ -34,8 +34,7 @@ in package = mkOption { type = types.nullOr types.package; default = config.boot.kernelPackages.prl-tools; - defaultText = "config.boot.kernelPackages.prl-tools"; - example = literalExample "config.boot.kernelPackages.prl-tools"; + defaultText = literalExpression "config.boot.kernelPackages.prl-tools"; description = '' Defines which package to use for prl-tools. Override to change the version. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/podman.nix b/nixpkgs/nixos/modules/virtualisation/podman.nix index 893afee4c32d..385475c84a1a 100644 --- a/nixpkgs/nixos/modules/virtualisation/podman.nix +++ b/nixpkgs/nixos/modules/virtualisation/podman.nix @@ -95,7 +95,7 @@ in extraPackages = mkOption { type = with types; listOf package; default = [ ]; - example = lib.literalExample '' + example = lib.literalExpression '' [ pkgs.gvisor ] diff --git a/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix b/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix index 3824d0c168f7..37a93a29976b 100644 --- a/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix @@ -15,6 +15,7 @@ in { package = mkOption { type = types.package; default = pkgs.qemu.ga; + defaultText = literalExpression "pkgs.qemu.ga"; description = "The QEMU guest agent package."; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix b/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix index b51c29f83d6d..c5f71b249a6d 100644 --- a/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix @@ -10,10 +10,10 @@ { config, lib, pkgs, options, ... }: with lib; -with import ../../lib/qemu-flags.nix { inherit pkgs; }; let + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; cfg = config.virtualisation; @@ -75,7 +75,7 @@ let in "-drive ${driveOpts} ${device}"; - drivesCmdLine = drives: concatStringsSep " " (imap1 driveCmdline drives); + drivesCmdLine = drives: concatStringsSep "\\\n " (imap1 driveCmdline drives); # Creates a device name from a 1-based a numerical index, e.g. @@ -108,39 +108,44 @@ let '' #! ${pkgs.runtimeShell} - NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) + set -e + + NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}") if ! test -e "$NIX_DISK_IMAGE"; then ${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ - ${toString config.virtualisation.diskSize}M || exit 1 + ${toString config.virtualisation.diskSize}M fi # Create a directory for storing temporary data of the running VM. - if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then + if [ -z "$TMPDIR" ] || [ -z "$USE_TMPDIR" ]; then TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) fi # Create a directory for exchanging data with the VM. - mkdir -p $TMPDIR/xchg + mkdir -p "$TMPDIR/xchg" - ${if cfg.useBootLoader then '' + ${lib.optionalString cfg.useBootLoader + '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. - ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img $TMPDIR/disk.img || exit 1 + ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" - NIX_EFI_VARS=$(readlink -f ''${NIX_EFI_VARS:-${cfg.efiVars}}) + NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") - ${if cfg.useEFIBoot then '' + ${lib.optionalString cfg.useEFIBoot + '' # VM needs writable EFI vars if ! test -e "$NIX_EFI_VARS"; then - cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1 - chmod 0644 "$NIX_EFI_VARS" || exit 1 + cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" + chmod 0644 "$NIX_EFI_VARS" fi - '' else ""} - '' else ""} + ''} + ''} + + cd "$TMPDIR" - cd $TMPDIR - idx=0 + ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} ${flip concatMapStrings cfg.emptyDiskImages (size: '' if ! test -e "empty$idx.qcow2"; then ${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" @@ -149,17 +154,18 @@ let '')} # Start QEMU. - exec ${qemuBinary qemu} \ + exec ${qemu-common.qemuBinary qemu} \ -name ${config.system.name} \ -m ${toString config.virtualisation.memorySize} \ -smp ${toString config.virtualisation.cores} \ -device virtio-rng-pci \ ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ - -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ - -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ - -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ + ${concatStringsSep " \\\n " + (mapAttrsToList + (tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}") + config.virtualisation.sharedDirectories)} \ ${drivesCmdLine config.virtualisation.qemu.drives} \ - ${toString config.virtualisation.qemu.options} \ + ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ $QEMU_OPTS \ "$@" ''; @@ -270,20 +276,21 @@ in virtualisation.memorySize = mkOption { + type = types.ints.positive; default = 384; description = '' - Memory size (M) of virtual machine. + The memory size in megabytes of the virtual machine. ''; }; virtualisation.msize = mkOption { - default = null; - type = types.nullOr types.ints.unsigned; + type = types.ints.positive; + default = 16384; description = '' - msize (maximum packet size) option passed to 9p file systems, in + The msize (maximum packet size) option passed to 9p file systems, in bytes. Increasing this should increase performance significantly, at the cost of higher RAM usage. ''; @@ -291,15 +298,17 @@ in virtualisation.diskSize = mkOption { + type = types.nullOr types.ints.positive; default = 512; description = '' - Disk size (M) of virtual machine. + The disk size in megabytes of the virtual machine. ''; }; virtualisation.diskImage = mkOption { + type = types.str; default = "./${config.system.name}.qcow2"; description = '' @@ -311,7 +320,7 @@ in virtualisation.bootDevice = mkOption { - type = types.str; + type = types.path; example = "/dev/vda"; description = '' @@ -321,8 +330,8 @@ in virtualisation.emptyDiskImages = mkOption { + type = types.listOf types.ints.positive; default = []; - type = types.listOf types.int; description = '' Additional disk images to provide to the VM. The value is @@ -333,6 +342,7 @@ in virtualisation.graphics = mkOption { + type = types.bool; default = true; description = '' @@ -342,10 +352,20 @@ in ''; }; + virtualisation.resolution = + mkOption { + type = options.services.xserver.resolutions.type.nestedTypes.elemType; + default = { x = 1024; y = 768; }; + description = + '' + The resolution of the virtual machine display. + ''; + }; + virtualisation.cores = mkOption { + type = types.ints.positive; default = 1; - type = types.int; description = '' Specify the number of cores the guest is permitted to use. @@ -354,8 +374,34 @@ in ''; }; + virtualisation.sharedDirectories = + mkOption { + type = types.attrsOf + (types.submodule { + options.source = mkOption { + type = types.str; + description = "The path of the directory to share, can be a shell variable"; + }; + options.target = mkOption { + type = types.path; + description = "The mount point of the directory inside the virtual machine"; + }; + }); + default = { }; + example = { + my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; }; + }; + description = + '' + An attributes set of directories that will be shared with the + virtual machine using VirtFS (9P filesystem over VirtIO). + The attribute name will be used as the 9P mount tag. + ''; + }; + virtualisation.pathsInNixDB = mkOption { + type = types.listOf types.path; default = []; description = '' @@ -367,8 +413,78 @@ in ''; }; + virtualisation.forwardPorts = mkOption { + type = types.listOf + (types.submodule { + options.from = mkOption { + type = types.enum [ "host" "guest" ]; + default = "host"; + description = + '' + Controls the direction in which the ports are mapped: + + - <literal>"host"</literal> means traffic from the host ports + is forwarded to the given guest port. + + - <literal>"guest"</literal> means traffic from the guest ports + is forwarded to the given host port. + ''; + }; + options.proto = mkOption { + type = types.enum [ "tcp" "udp" ]; + default = "tcp"; + description = "The protocol to forward."; + }; + options.host.address = mkOption { + type = types.str; + default = ""; + description = "The IPv4 address of the host."; + }; + options.host.port = mkOption { + type = types.port; + description = "The host port to be mapped."; + }; + options.guest.address = mkOption { + type = types.str; + default = ""; + description = "The IPv4 address on the guest VLAN."; + }; + options.guest.port = mkOption { + type = types.port; + description = "The guest port to be mapped."; + }; + }); + default = []; + example = lib.literalExpression + '' + [ # forward local port 2222 -> 22, to ssh into the VM + { from = "host"; host.port = 2222; guest.port = 22; } + + # forward local port 80 -> 10.0.2.10:80 in the VLAN + { from = "guest"; + guest.address = "10.0.2.10"; guest.port = 80; + host.address = "127.0.0.1"; host.port = 80; + } + ] + ''; + description = + '' + When using the SLiRP user networking (default), this option allows to + forward ports to/from the host/guest. + + <warning><para> + If the NixOS firewall on the virtual machine is enabled, you also + have to open the guest ports to enable the traffic between host and + guest. + </para></warning> + + <note><para>Currently QEMU supports only IPv4 forwarding.</para></note> + ''; + }; + virtualisation.vlans = mkOption { + type = types.listOf types.ints.unsigned; default = [ 1 ]; example = [ 1 2 ]; description = @@ -386,6 +502,7 @@ in virtualisation.writableStore = mkOption { + type = types.bool; default = true; # FIXME description = '' @@ -397,6 +514,7 @@ in virtualisation.writableStoreUseTmpfs = mkOption { + type = types.bool; default = true; description = '' @@ -407,6 +525,7 @@ in networking.primaryIPAddress = mkOption { + type = types.str; default = ""; internal = true; description = "Primary IP address used in /etc/hosts."; @@ -423,7 +542,7 @@ in options = mkOption { - type = types.listOf types.unspecified; + type = types.listOf types.str; default = []; example = [ "-vga std" ]; description = "Options passed to QEMU."; @@ -432,7 +551,7 @@ in consoles = mkOption { type = types.listOf types.str; default = let - consoles = [ "${qemuSerialDevice},115200n8" "tty0" ]; + consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ]; in if cfg.graphics then consoles else reverseList consoles; example = [ "console=tty1" ]; description = '' @@ -448,17 +567,18 @@ in networkingOptions = mkOption { - default = [ + type = types.listOf types.str; + default = [ ]; + example = [ "-net nic,netdev=user.0,model=virtio" - "-netdev user,id=user.0\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" + "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" ]; - type = types.listOf types.str; description = '' Networking-related command-line options that should be passed to qemu. - The default is to use userspace networking (slirp). + The default is to use userspace networking (SLiRP). If you override this option, be advised to keep - ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default) + ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example) to keep the default runtime behaviour. ''; }; @@ -472,16 +592,16 @@ in diskInterface = mkOption { + type = types.enum [ "virtio" "scsi" "ide" ]; default = "virtio"; example = "scsi"; - type = types.enum [ "virtio" "scsi" "ide" ]; description = "The interface used for the virtual hard disks."; }; guestAgent.enable = mkOption { - default = true; type = types.bool; + default = true; description = '' Enable the Qemu guest agent. ''; @@ -490,6 +610,7 @@ in virtualisation.useBootLoader = mkOption { + type = types.bool; default = false; description = '' @@ -504,6 +625,7 @@ in virtualisation.useEFIBoot = mkOption { + type = types.bool; default = false; description = '' @@ -515,6 +637,7 @@ in virtualisation.efiVars = mkOption { + type = types.str; default = "./${config.system.name}-efi-vars.fd"; description = '' @@ -525,8 +648,8 @@ in virtualisation.bios = mkOption { - default = null; type = types.nullOr types.package; + default = null; description = '' An alternate BIOS (such as <package>qboot</package>) with which to start the VM. @@ -539,6 +662,25 @@ in config = { + assertions = + lib.concatLists (lib.flip lib.imap cfg.forwardPorts (i: rule: + [ + { assertion = rule.from == "guest" -> rule.proto == "tcp"; + message = + '' + Invalid virtualisation.forwardPorts.<entry ${toString i}>.proto: + Guest forwarding supports only TCP connections. + ''; + } + { assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address; + message = + '' + Invalid virtualisation.forwardPorts.<entry ${toString i}>.guest.address: + The address must be in the default VLAN (10.0.2.0/24). + ''; + } + ])); + # Note [Disk layout with `useBootLoader`] # # If `useBootLoader = true`, we configure 2 drives: @@ -560,6 +702,7 @@ in then driveDeviceName 2 # second disk else cfg.bootDevice ); + boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}"; boot.initrd.extraUtilsCommands = '' @@ -618,6 +761,28 @@ in virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; + virtualisation.sharedDirectories = { + nix-store = { source = "/nix/store"; target = "/nix/store"; }; + xchg = { source = ''"$TMPDIR"/xchg''; target = "/tmp/xchg"; }; + shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; }; + }; + + virtualisation.qemu.networkingOptions = + let + forwardingOptions = flip concatMapStrings cfg.forwardPorts + ({ proto, from, host, guest }: + if from == "host" + then "hostfwd=${proto}:${host.address}:${toString host.port}-" + + "${guest.address}:${toString guest.port}," + else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" + + "cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}'," + ); + in + [ + "-net nic,netdev=user.0,model=virtio" + "-netdev user,id=user.0,${forwardingOptions}\"$QEMU_NET_OPTS\"" + ]; + # FIXME: Consolidate this one day. virtualisation.qemu.options = mkMerge [ (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ @@ -646,7 +811,7 @@ in virtualisation.qemu.drives = mkMerge [ [{ name = "root"; - file = "$NIX_DISK_IMAGE"; + file = ''"$NIX_DISK_IMAGE"''; driveExtraOpts.cache = "writeback"; driveExtraOpts.werror = "report"; }] @@ -655,7 +820,7 @@ in # note [Disk layout with `useBootLoader`]. { name = "boot"; - file = "$TMPDIR/disk.img"; + file = ''"$TMPDIR"/disk.img''; driveExtraOpts.media = "disk"; deviceExtraOpts.bootindex = "1"; } @@ -672,15 +837,26 @@ in # configuration, where the regular value for the `fileSystems' # attribute should be disregarded for the purpose of building a VM # test image (since those filesystems don't exist in the VM). - fileSystems = mkVMOverride ( - cfg.fileSystems // - { "/".device = cfg.bootDevice; - ${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} = - { device = "store"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; + fileSystems = + let + mkSharedDir = tag: share: + { + name = + if tag == "nix-store" && cfg.writableStore + then "/nix/.ro-store" + else share.target; + value.device = tag; + value.fsType = "9p"; + value.neededForBoot = true; + value.options = + [ "trans=virtio" "version=9p2000.L" "msize=${toString cfg.msize}" ] + ++ lib.optional (tag == "nix-store") "cache=loose"; + }; + in + mkVMOverride (cfg.fileSystems // + { + "/".device = cfg.bootDevice; + "/tmp" = mkIf config.boot.tmpOnTmpfs { device = "tmpfs"; fsType = "tmpfs"; @@ -688,32 +864,20 @@ in # Sync with systemd's tmp.mount; options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ]; }; - "/tmp/xchg" = - { device = "xchg"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; - "/tmp/shared" = - { device = "shared"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; - } // optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs) - { "/nix/.rw-store" = + + "/nix/.rw-store" = mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs) { fsType = "tmpfs"; options = [ "mode=0755" ]; neededForBoot = true; }; - } // optionalAttrs cfg.useBootLoader - { "/boot" = + + "/boot" = mkIf cfg.useBootLoader # see note [Disk layout with `useBootLoader`] { device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk` fsType = "vfat"; noCheck = true; # fsck fails on a r/o filesystem }; - }); + } // lib.mapAttrs' mkSharedDir cfg.sharedDirectories); swapDevices = mkVMOverride [ ]; boot.initrd.luks.devices = mkVMOverride {}; @@ -734,7 +898,7 @@ in # video driver the host uses. services.xserver.videoDrivers = mkVMOverride [ "modesetting" ]; services.xserver.defaultDepth = mkVMOverride 0; - services.xserver.resolutions = mkVMOverride [ { x = 1024; y = 768; } ]; + services.xserver.resolutions = mkVMOverride [ cfg.resolution ]; services.xserver.monitorSection = '' # Set a higher refresh rate so that resolutions > 800x600 work. diff --git a/nixpkgs/nixos/modules/virtualisation/railcar.nix b/nixpkgs/nixos/modules/virtualisation/railcar.nix index b603effef6e0..e719e25650d3 100644 --- a/nixpkgs/nixos/modules/virtualisation/railcar.nix +++ b/nixpkgs/nixos/modules/virtualisation/railcar.nix @@ -41,7 +41,7 @@ let description = "Source for the in-container mount"; }; options = mkOption { - type = attrsOf (str); + type = listOf str; default = [ "bind" ]; description = '' Mount options of the filesystem to be used. @@ -77,9 +77,7 @@ in The defaults have been chosen for simple bindmounts, meaning that you only need to provide the "source" parameter. ''; - example = '' - { "/data" = { source = "/var/lib/data"; }; } - ''; + example = { "/data" = { source = "/var/lib/data"; }; }; }; runType = mkOption { @@ -112,6 +110,7 @@ in package = mkOption { type = types.package; default = pkgs.railcar; + defaultText = literalExpression "pkgs.railcar"; description = "Railcar package to use"; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix index ddb0a7bda4f3..6c742ad371cd 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix @@ -43,7 +43,7 @@ in package = mkOption { type = types.package; default = pkgs.virtualbox; - defaultText = "pkgs.virtualbox"; + defaultText = literalExpression "pkgs.virtualbox"; description = '' Which VirtualBox package to use. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix b/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix index fea43727f2fb..f8f4af4f6b85 100644 --- a/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix @@ -35,8 +35,8 @@ in virtualisation.xen.package = mkOption { type = types.package; - defaultText = "pkgs.xen"; - example = literalExample "pkgs.xen-light"; + defaultText = literalExpression "pkgs.xen"; + example = literalExpression "pkgs.xen-light"; description = '' The package used for Xen binary. ''; @@ -45,8 +45,8 @@ in virtualisation.xen.package-qemu = mkOption { type = types.package; - defaultText = "pkgs.xen"; - example = literalExample "pkgs.qemu_xen-light"; + defaultText = literalExpression "pkgs.xen"; + example = literalExpression "pkgs.qemu_xen-light"; description = '' The package with qemu binaries for dom0 qemu and xendomains. ''; diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 3f19aa397a78..12b67008291e 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -97,6 +97,7 @@ in cryptpad = handleTest ./cryptpad.nix {}; deluge = handleTest ./deluge.nix {}; dendrite = handleTest ./dendrite.nix {}; + dex-oidc = handleTest ./dex-oidc.nix {}; dhparams = handleTest ./dhparams.nix {}; disable-installer-tools = handleTest ./disable-installer-tools.nix {}; discourse = handleTest ./discourse.nix {}; @@ -310,6 +311,7 @@ in nitter = handleTest ./nitter.nix {}; nix-serve = handleTest ./nix-ssh-serve.nix {}; nix-ssh-serve = handleTest ./nix-ssh-serve.nix {}; + nixops = handleTest ./nixops/default.nix {}; nixos-generate-config = handleTest ./nixos-generate-config.nix {}; node-red = handleTest ./node-red.nix {}; nomad = handleTest ./nomad.nix {}; @@ -374,6 +376,7 @@ in prosody = handleTest ./xmpp/prosody.nix {}; prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {}; proxy = handleTest ./proxy.nix {}; + prowlarr = handleTest ./prowlarr.nix {}; pt2-clone = handleTest ./pt2-clone.nix {}; qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {}; quorum = handleTest ./quorum.nix {}; @@ -382,6 +385,7 @@ in radicale = handleTest ./radicale.nix {}; redis = handleTest ./redis.nix {}; redmine = handleTest ./redmine.nix {}; + restartByActivationScript = handleTest ./restart-by-activation-script.nix {}; restic = handleTest ./restic.nix {}; robustirc-bridge = handleTest ./robustirc-bridge.nix {}; roundcube = handleTest ./roundcube.nix {}; @@ -476,7 +480,9 @@ in wasabibackend = handleTest ./wasabibackend.nix {}; wiki-js = handleTest ./wiki-js.nix {}; wireguard = handleTest ./wireguard {}; + without-nix = handleTest ./without-nix.nix {}; wmderland = handleTest ./wmderland.nix {}; + wpa_supplicant = handleTest ./wpa_supplicant.nix {}; wordpress = handleTest ./wordpress.nix {}; xandikos = handleTest ./xandikos.nix {}; xautolock = handleTest ./xautolock.nix {}; diff --git a/nixpkgs/nixos/tests/boot.nix b/nixpkgs/nixos/tests/boot.nix index bdae6341ec91..e8440598a822 100644 --- a/nixpkgs/nixos/tests/boot.nix +++ b/nixpkgs/nixos/tests/boot.nix @@ -4,10 +4,10 @@ }: with import ../lib/testing-python.nix { inherit system pkgs; }; -with import ../lib/qemu-flags.nix { inherit pkgs; }; with pkgs.lib; let + qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; iso = (import ../lib/eval-config.nix { @@ -23,7 +23,7 @@ let makeBootTest = name: extraConfig: let machineConfig = pythonDict ({ - qemuBinary = qemuBinary pkgs.qemu_test; + qemuBinary = qemu-common.qemuBinary pkgs.qemu_test; qemuFlags = "-m 768"; } // extraConfig); in @@ -65,7 +65,7 @@ let ]; }; machineConfig = pythonDict ({ - qemuBinary = qemuBinary pkgs.qemu_test; + qemuBinary = qemu-common.qemuBinary pkgs.qemu_test; qemuFlags = "-boot order=n -m 2000"; netBackendArgs = "tftp=${ipxeBootDir},bootfile=netboot.ipxe"; } // extraConfig); diff --git a/nixpkgs/nixos/tests/calibre-web.nix b/nixpkgs/nixos/tests/calibre-web.nix index 0af997317fcd..9832d5469787 100644 --- a/nixpkgs/nixos/tests/calibre-web.nix +++ b/nixpkgs/nixos/tests/calibre-web.nix @@ -11,10 +11,6 @@ import ./make-test-python.nix ( meta.maintainers = with pkgs.lib.maintainers; [ pborzenkov ]; nodes = { - default = { ... }: { - services.calibre-web.enable = true; - }; - customized = { pkgs, ... }: { services.calibre-web = { enable = true; @@ -33,12 +29,6 @@ import ./make-test-python.nix ( testScript = '' start_all() - default.wait_for_unit("calibre-web.service") - default.wait_for_open_port(${toString defaultPort}) - default.succeed( - "curl --fail 'http://localhost:${toString defaultPort}/basicconfig' | grep 'Basic Configuration'" - ) - customized.succeed( "mkdir /tmp/books && calibredb --library-path /tmp/books add -e --title test-book" ) diff --git a/nixpkgs/nixos/tests/custom-ca.nix b/nixpkgs/nixos/tests/custom-ca.nix index 26f29a3e68fe..05cfbbb2fdf2 100644 --- a/nixpkgs/nixos/tests/custom-ca.nix +++ b/nixpkgs/nixos/tests/custom-ca.nix @@ -82,7 +82,7 @@ in # chromium-based browsers refuse to run as root test-support.displayManager.auto.user = "alice"; # browsers may hang with the default memory - virtualisation.memorySize = "500"; + virtualisation.memorySize = 500; networking.hosts."127.0.0.1" = [ "good.example.com" "bad.example.com" ]; security.pki.certificateFiles = [ "${example-good-cert}/ca.crt" ]; @@ -113,7 +113,7 @@ in # which is why it will not use the system certificate store for the time being. # firefox chromium - falkon + qutebrowser midori ]; }; @@ -152,21 +152,21 @@ in with subtest("Unknown CA is untrusted in curl"): machine.fail("curl -fv https://bad.example.com") - browsers = [ + browsers = { # Firefox was disabled here, because we needed to disable p11-kit support in nss, # which is why it will not use the system certificate store for the time being. - # "firefox", - "chromium", - "falkon", - "midori" - ] - errors = ["Security Risk", "not private", "Certificate Error", "Security"] + #"firefox": "Security Risk", + "chromium": "not private", + "qutebrowser -T": "Certificate error", + "midori": "Security" + } machine.wait_for_x() - for browser, error in zip(browsers, errors): + for command, error in browsers.items(): + browser = command.split()[0] with subtest("Good certificate is trusted in " + browser): execute_as( - "alice", f"env P11_KIT_DEBUG=trust {browser} https://good.example.com & >&2" + "alice", f"env P11_KIT_DEBUG=trust {command} https://good.example.com & >&2" ) wait_for_window_as("alice", browser) machine.wait_for_text("It works!") @@ -174,7 +174,7 @@ in execute_as("alice", "xdotool key ctrl+w") # close tab with subtest("Unknown CA is untrusted in " + browser): - execute_as("alice", f"{browser} https://bad.example.com & >&2") + execute_as("alice", f"{command} https://bad.example.com & >&2") machine.wait_for_text(error) machine.screenshot("bad" + browser) machine.succeed("pkill " + browser) diff --git a/nixpkgs/nixos/tests/dex-oidc.nix b/nixpkgs/nixos/tests/dex-oidc.nix new file mode 100644 index 000000000000..37275a97ef0f --- /dev/null +++ b/nixpkgs/nixos/tests/dex-oidc.nix @@ -0,0 +1,78 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "dex-oidc"; + meta.maintainers = with lib.maintainers; [ Flakebi ]; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ jq ]; + services.dex = { + enable = true; + settings = { + issuer = "http://127.0.0.1:8080/dex"; + storage = { + type = "postgres"; + config.host = "/var/run/postgresql"; + }; + web.http = "127.0.0.1:8080"; + oauth2.skipApprovalScreen = true; + staticClients = [ + { + id = "oidcclient"; + name = "Client"; + redirectURIs = [ "https://example.com/callback" ]; + secretFile = "/etc/dex/oidcclient"; + } + ]; + connectors = [ + { + type = "mockPassword"; + id = "mock"; + name = "Example"; + config = { + username = "admin"; + password = "password"; + }; + } + ]; + }; + }; + + # This should not be set from nix but through other means to not leak the secret. + environment.etc."dex/oidcclient" = { + mode = "0400"; + user = "dex"; + text = "oidcclientsecret"; + }; + + services.postgresql = { + enable = true; + ensureDatabases =[ "dex" ]; + ensureUsers = [ + { + name = "dex"; + ensurePermissions = { "DATABASE dex" = "ALL PRIVILEGES"; }; + } + ]; + }; + }; + + testScript = '' + with subtest("Web server gets ready"): + machine.wait_for_unit("dex.service") + # Wait until server accepts connections + machine.wait_until_succeeds("curl -fs 'localhost:8080/dex/auth/mock?client_id=oidcclient&response_type=code&redirect_uri=https://example.com/callback&scope=openid'") + + with subtest("Login"): + state = machine.succeed("curl -fs 'localhost:8080/dex/auth/mock?client_id=oidcclient&response_type=code&redirect_uri=https://example.com/callback&scope=openid' | sed -n 's/.*state=\\(.*\\)\">.*/\\1/p'").strip() + print(f"Got state {state}") + machine.succeed(f"curl -fs 'localhost:8080/dex/auth/mock/login?back=&state={state}' -d 'login=admin&password=password'") + code = machine.succeed(f"curl -fs localhost:8080/dex/approval?req={state} | sed -n 's/.*code=\\(.*\\)&.*/\\1/p'").strip() + print(f"Got approval code {code}") + bearer = machine.succeed(f"curl -fs localhost:8080/dex/token -u oidcclient:oidcclientsecret -d 'grant_type=authorization_code&redirect_uri=https://example.com/callback&code={code}' | jq .access_token -r").strip() + print(f"Got access token {bearer}") + + with subtest("Get userinfo"): + assert '"sub"' in machine.succeed( + f"curl -fs localhost:8080/dex/userinfo --oauth2-bearer {bearer}" + ) + ''; +}) diff --git a/nixpkgs/nixos/tests/docker-tools.nix b/nixpkgs/nixos/tests/docker-tools.nix index 4c3c26980aa2..7110187e8d76 100644 --- a/nixpkgs/nixos/tests/docker-tools.nix +++ b/nixpkgs/nixos/tests/docker-tools.nix @@ -119,7 +119,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { with subtest("The pullImage tool works"): docker.succeed( - "docker load --input='${examples.nixFromDockerHub}'", + "docker load --input='${examples.testNixFromDockerHub}'", "docker run --rm nix:2.2.1 nix-store --version", "docker rmi nix:2.2.1", ) @@ -378,5 +378,23 @@ import ./make-test-python.nix ({ pkgs, ... }: { docker.succeed( "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" ) + + with subtest("exportImage produces a valid tarball"): + docker.succeed( + "tar -tf ${examples.exportBash} | grep '\./bin/bash' > /dev/null" + ) + + with subtest("Ensure bare paths in contents are loaded correctly"): + docker.succeed( + "docker load --input='${examples.build-image-with-path}'", + "docker run --rm build-image-with-path bash -c '[[ -e /hello.txt ]]'", + "docker rmi build-image-with-path", + ) + docker.succeed( + "${examples.layered-image-with-path} | docker load", + "docker run --rm layered-image-with-path bash -c '[[ -e /hello.txt ]]'", + "docker rmi layered-image-with-path", + ) + ''; }) diff --git a/nixpkgs/nixos/tests/firefox.nix b/nixpkgs/nixos/tests/firefox.nix index 4ad45c022407..dcaf369b62bd 100644 --- a/nixpkgs/nixos/tests/firefox.nix +++ b/nixpkgs/nixos/tests/firefox.nix @@ -14,7 +14,7 @@ import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }: { ]; # Need some more memory to record audio. - virtualisation.memorySize = "500"; + virtualisation.memorySize = 500; # Create a virtual sound device, with mixing # and all, for recording audio. diff --git a/nixpkgs/nixos/tests/gnome-xorg.nix b/nixpkgs/nixos/tests/gnome-xorg.nix index 55f9c90c20a0..b9ff5e682875 100644 --- a/nixpkgs/nixos/tests/gnome-xorg.nix +++ b/nixpkgs/nixos/tests/gnome-xorg.nix @@ -25,6 +25,21 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { services.xserver.desktopManager.gnome.debug = true; services.xserver.displayManager.defaultSession = "gnome-xorg"; + systemd.user.services = { + "org.gnome.Shell@x11" = { + serviceConfig = { + ExecStart = [ + # Clear the list before overriding it. + "" + # Eval API is now internal so Shell needs to run in unsafe mode. + # TODO: improve test driver so that it supports openqa-like manipulation + # that would allow us to drop this mess. + "${pkgs.gnome.gnome-shell}/bin/gnome-shell --unsafe-mode" + ]; + }; + }; + }; + virtualisation.memorySize = 1024; }; diff --git a/nixpkgs/nixos/tests/gnome.nix b/nixpkgs/nixos/tests/gnome.nix index e8d18a41bd06..1da97f733cfd 100644 --- a/nixpkgs/nixos/tests/gnome.nix +++ b/nixpkgs/nixos/tests/gnome.nix @@ -30,6 +30,21 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { }) ]; + systemd.user.services = { + "org.gnome.Shell@wayland" = { + serviceConfig = { + ExecStart = [ + # Clear the list before overriding it. + "" + # Eval API is now internal so Shell needs to run in unsafe mode. + # TODO: improve test driver so that it supports openqa-like manipulation + # that would allow us to drop this mess. + "${pkgs.gnome.gnome-shell}/bin/gnome-shell --unsafe-mode" + ]; + }; + }; + }; + virtualisation.memorySize = 1024; }; diff --git a/nixpkgs/nixos/tests/iscsi-multipath-root.nix b/nixpkgs/nixos/tests/iscsi-multipath-root.nix new file mode 100644 index 000000000000..a26fea503b62 --- /dev/null +++ b/nixpkgs/nixos/tests/iscsi-multipath-root.nix @@ -0,0 +1,267 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + let + initiatorName = "iqn.2020-08.org.linux-iscsi.initiatorhost:example"; + targetName = "iqn.2003-01.org.linux-iscsi.target.x8664:sn.acf8fd9c23af"; + in + { + name = "iscsi"; + meta = { + maintainers = pkgs.lib.teams.deshaw.members; + }; + + nodes = { + target = { config, pkgs, lib, ... }: { + virtualisation.vlans = [ 1 2 ]; + services.target = { + enable = true; + config = { + fabric_modules = [ ]; + storage_objects = [ + { + dev = "/dev/vdb"; + name = "test"; + plugin = "block"; + write_back = true; + wwn = "92b17c3f-6b40-4168-b082-ceeb7b495522"; + } + ]; + targets = [ + { + fabric = "iscsi"; + tpgs = [ + { + enable = true; + attributes = { + authentication = 0; + generate_node_acls = 1; + }; + luns = [ + { + alias = "94dfe06967"; + alua_tg_pt_gp_name = "default_tg_pt_gp"; + index = 0; + storage_object = "/backstores/block/test"; + } + ]; + node_acls = [ + { + mapped_luns = [ + { + alias = "d42f5bdf8a"; + index = 0; + tpg_lun = 0; + write_protect = false; + } + ]; + node_wwn = initiatorName; + } + ]; + portals = [ + { + ip_address = "0.0.0.0"; + iser = false; + offload = false; + port = 3260; + } + ]; + tag = 1; + } + ]; + wwn = targetName; + } + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ 3260 ]; + networking.firewall.allowedUDPPorts = [ 3260 ]; + + virtualisation.memorySize = 2048; + virtualisation.emptyDiskImages = [ 2048 ]; + }; + + initiatorAuto = { nodes, config, pkgs, ... }: { + virtualisation.vlans = [ 1 2 ]; + + services.multipath = { + enable = true; + defaults = '' + find_multipaths yes + user_friendly_names yes + ''; + pathGroups = [ + { + alias = 123456; + wwid = "3600140592b17c3f6b404168b082ceeb7"; + } + ]; + }; + + services.openiscsi = { + enable = true; + enableAutoLoginOut = true; + discoverPortal = "target"; + name = initiatorName; + }; + + environment.systemPackages = with pkgs; [ + xfsprogs + ]; + + environment.etc."initiator-root-disk-closure".source = nodes.initiatorRootDisk.config.system.build.toplevel; + + nix.binaryCaches = lib.mkForce [ ]; + nix.extraOptions = '' + hashed-mirrors = + connect-timeout = 1 + ''; + }; + + initiatorRootDisk = { config, pkgs, modulesPath, lib, ... }: { + boot.initrd.network.enable = true; + boot.loader.grub.enable = false; + + boot.kernelParams = lib.mkOverride 5 ( + [ + "boot.shell_on_fail" + "console=tty1" + "ip=192.168.1.1:::255.255.255.0::ens9:none" + "ip=192.168.2.1:::255.255.255.0::ens10:none" + ] + ); + + # defaults to true, puts some code in the initrd that tries to mount an overlayfs on /nix/store + virtualisation.writableStore = false; + virtualisation.vlans = [ 1 2 ]; + + services.multipath = { + enable = true; + defaults = '' + find_multipaths yes + user_friendly_names yes + ''; + pathGroups = [ + { + alias = 123456; + wwid = "3600140592b17c3f6b404168b082ceeb7"; + } + ]; + }; + + fileSystems = lib.mkOverride 5 { + "/" = { + fsType = "xfs"; + device = "/dev/mapper/123456"; + options = [ "_netdev" ]; + }; + }; + + boot.initrd.extraFiles."etc/multipath/wwids".source = pkgs.writeText "wwids" "/3600140592b17c3f6b404168b082ceeb7/"; + + boot.iscsi-initiator = { + discoverPortal = "target"; + name = initiatorName; + target = targetName; + extraIscsiCommands = '' + iscsiadm -m discovery -o update -t sendtargets -p 192.168.2.3 --login + ''; + }; + }; + + }; + + testScript = { nodes, ... }: '' + target.start() + target.wait_for_unit("iscsi-target.service") + + initiatorAuto.start() + + initiatorAuto.wait_for_unit("iscsid.service") + initiatorAuto.wait_for_unit("iscsi.service") + initiatorAuto.get_unit_info("iscsi") + + # Expecting this to fail since we should already know about 192.168.1.3 + initiatorAuto.fail("iscsiadm -m discovery -o update -t sendtargets -p 192.168.1.3 --login") + # Expecting this to succeed since we don't yet know about 192.168.2.3 + initiatorAuto.succeed("iscsiadm -m discovery -o update -t sendtargets -p 192.168.2.3 --login") + + # /dev/sda is provided by iscsi on target + initiatorAuto.succeed("set -x; while ! test -e /dev/sda; do sleep 1; done") + + initiatorAuto.succeed("mkfs.xfs /dev/sda") + initiatorAuto.succeed("mkdir /mnt") + + # Start by verifying /dev/sda and /dev/sdb are both the same disk + initiatorAuto.succeed("mount /dev/sda /mnt") + initiatorAuto.succeed("touch /mnt/hi") + initiatorAuto.succeed("umount /mnt") + + initiatorAuto.succeed("mount /dev/sdb /mnt") + initiatorAuto.succeed("test -e /mnt/hi") + initiatorAuto.succeed("umount /mnt") + + initiatorAuto.succeed("systemctl restart multipathd") + initiatorAuto.succeed("multipath -ll | systemd-cat") + + # Install our RootDisk machine to 123456, the alias to the device that multipath is now managing + initiatorAuto.succeed("mount /dev/mapper/123456 /mnt") + initiatorAuto.succeed("mkdir -p /mnt/etc/{multipath,iscsi}") + initiatorAuto.succeed("cp -r /etc/multipath/wwids /mnt/etc/multipath/wwids") + initiatorAuto.succeed("cp -r /etc/iscsi/{nodes,send_targets} /mnt/etc/iscsi") + initiatorAuto.succeed( + "nixos-install --no-bootloader --no-root-passwd --system /etc/initiator-root-disk-closure" + ) + initiatorAuto.succeed("umount /mnt") + initiatorAuto.shutdown() + + initiatorRootDisk.start() + initiatorRootDisk.wait_for_unit("multi-user.target") + initiatorRootDisk.wait_for_unit("iscsid") + + # Log in over both nodes + initiatorRootDisk.fail("iscsiadm -m discovery -o update -t sendtargets -p 192.168.1.3 --login") + initiatorRootDisk.fail("iscsiadm -m discovery -o update -t sendtargets -p 192.168.2.3 --login") + initiatorRootDisk.succeed("systemctl restart multipathd") + initiatorRootDisk.succeed("multipath -ll | systemd-cat") + + # Verify we can write and sync the root disk + initiatorRootDisk.succeed("mkdir /scratch") + initiatorRootDisk.succeed("touch /scratch/both-up") + initiatorRootDisk.succeed("sync /scratch") + + # Verify we can write to the root with ens9 (sda, 192.168.1.3) down + initiatorRootDisk.succeed("ip link set ens9 down") + initiatorRootDisk.succeed("touch /scratch/ens9-down") + initiatorRootDisk.succeed("sync /scratch") + initiatorRootDisk.succeed("ip link set ens9 up") + + # todo: better way to wait until multipath notices the link is back + initiatorRootDisk.succeed("sleep 5") + initiatorRootDisk.succeed("touch /scratch/both-down") + initiatorRootDisk.succeed("sync /scratch") + + # Verify we can write to the root with ens10 (sdb, 192.168.2.3) down + initiatorRootDisk.succeed("ip link set ens10 down") + initiatorRootDisk.succeed("touch /scratch/ens10-down") + initiatorRootDisk.succeed("sync /scratch") + initiatorRootDisk.succeed("ip link set ens10 up") + initiatorRootDisk.succeed("touch /scratch/ens10-down") + initiatorRootDisk.succeed("sync /scratch") + + initiatorRootDisk.succeed("ip link set ens9 up") + initiatorRootDisk.succeed("ip link set ens10 up") + initiatorRootDisk.shutdown() + + # Verify we can boot with the target's eth1 down, forcing + # it to multipath via the second link + target.succeed("ip link set eth1 down") + initiatorRootDisk.start() + initiatorRootDisk.wait_for_unit("multi-user.target") + initiatorRootDisk.wait_for_unit("iscsid") + initiatorRootDisk.succeed("test -e /scratch/both-up") + ''; + } +) + + diff --git a/nixpkgs/nixos/tests/kernel-generic.nix b/nixpkgs/nixos/tests/kernel-generic.nix index e88b60d33534..192dc810d7ad 100644 --- a/nixpkgs/nixos/tests/kernel-generic.nix +++ b/nixpkgs/nixos/tests/kernel-generic.nix @@ -31,7 +31,6 @@ let linuxPackages_4_19 linuxPackages_5_4 linuxPackages_5_10 - linuxPackages_5_13 linuxPackages_5_14 linuxPackages_4_14_hardened diff --git a/nixpkgs/nixos/tests/networking.nix b/nixpkgs/nixos/tests/networking.nix index 22f7ca5a9b82..647c8942b37d 100644 --- a/nixpkgs/nixos/tests/networking.nix +++ b/nixpkgs/nixos/tests/networking.nix @@ -8,7 +8,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let - qemu-flags = import ../lib/qemu-flags.nix { inherit pkgs; }; + qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; router = { config, pkgs, lib, ... }: with pkgs.lib; @@ -42,7 +42,7 @@ let machines = flip map vlanIfs (vlan: { hostName = "client${toString vlan}"; - ethernetAddress = qemu-flags.qemuNicMac vlan 1; + ethernetAddress = qemu-common.qemuNicMac vlan 1; ipAddress = "192.168.${toString vlan}.2"; } ); @@ -380,12 +380,57 @@ let router.wait_until_succeeds("ping -c 1 192.168.1.3") ''; }; + fou = { + name = "foo-over-udp"; + nodes.machine = { ... }: { + virtualisation.vlans = [ 1 ]; + networking = { + useNetworkd = networkd; + useDHCP = false; + interfaces.eth1.ipv4.addresses = mkOverride 0 + [ { address = "192.168.1.1"; prefixLength = 24; } ]; + fooOverUDP = { + fou1 = { port = 9001; }; + fou2 = { port = 9002; protocol = 41; }; + fou3 = mkIf (!networkd) + { port = 9003; local.address = "192.168.1.1"; }; + fou4 = mkIf (!networkd) + { port = 9004; local = { address = "192.168.1.1"; dev = "eth1"; }; }; + }; + }; + systemd.services = { + fou3-fou-encap.after = optional (!networkd) "network-addresses-eth1.service"; + }; + }; + testScript = { ... }: + '' + import json + + machine.wait_for_unit("network.target") + fous = json.loads(machine.succeed("ip -json fou show")) + assert {"port": 9001, "gue": None, "family": "inet"} in fous, "fou1 exists" + assert {"port": 9002, "ipproto": 41, "family": "inet"} in fous, "fou2 exists" + '' + optionalString (!networkd) '' + assert { + "port": 9003, + "gue": None, + "family": "inet", + "local": "192.168.1.1", + } in fous, "fou3 exists" + assert { + "port": 9004, + "gue": None, + "family": "inet", + "local": "192.168.1.1", + "dev": "eth1", + } in fous, "fou4 exists" + ''; + }; sit = let node = { address4, remote, address6 }: { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; - firewall.enable = false; useDHCP = false; sits.sit = { inherit remote; @@ -400,8 +445,30 @@ let }; in { name = "Sit"; - nodes.client1 = node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; }; - nodes.client2 = node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; }; + # note on firewalling: the two nodes are explicitly asymmetric. + # client1 sends SIT packets in UDP, but accepts only proto-41 incoming. + # client2 does the reverse, sending in proto-41 and accepting only UDP incoming. + # that way we'll notice when either SIT itself or FOU breaks. + nodes.client1 = args@{ pkgs, ... }: + mkMerge [ + (node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; } args) + { + networking = { + firewall.extraCommands = "iptables -A INPUT -p 41 -j ACCEPT"; + sits.sit.encapsulation = { type = "fou"; port = 9001; }; + }; + } + ]; + nodes.client2 = args@{ pkgs, ... }: + mkMerge [ + (node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; } args) + { + networking = { + firewall.allowedUDPPorts = [ 9001 ]; + fooOverUDP.fou1 = { port = 9001; protocol = 41; }; + }; + } + ]; testScript = { ... }: '' start_all() diff --git a/nixpkgs/nixos/tests/nextcloud/basic.nix b/nixpkgs/nixos/tests/nextcloud/basic.nix index c4ce34748ace..eb37470a4c7b 100644 --- a/nixpkgs/nixos/tests/nextcloud/basic.nix +++ b/nixpkgs/nixos/tests/nextcloud/basic.nix @@ -1,4 +1,6 @@ -import ../make-test-python.nix ({ pkgs, ...}: let +args@{ pkgs, nextcloudVersion ? 22, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let adminpass = "notproduction"; adminuser = "root"; in { @@ -31,14 +33,20 @@ in { in { networking.firewall.allowedTCPPorts = [ 80 ]; + systemd.tmpfiles.rules = [ + "d /var/lib/nextcloud-data 0750 nextcloud nginx - -" + ]; + services.nextcloud = { enable = true; + datadir = "/var/lib/nextcloud-data"; hostName = "nextcloud"; config = { # Don't inherit adminuser since "root" is supposed to be the default - inherit adminpass; + adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home! dbtableprefix = "nixos_"; }; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; autoUpdateApps = { enable = true; startAt = "20:00"; @@ -95,9 +103,10 @@ in { "${withRcloneEnv} ${copySharedFile}" ) client.wait_for_unit("multi-user.target") + nextcloud.succeed("test -f /var/lib/nextcloud-data/data/root/files/test-shared-file") client.succeed( "${withRcloneEnv} ${diffSharedFile}" ) assert "hi" in client.succeed("cat /mnt/dav/test-shared-file") ''; -}) +})) args diff --git a/nixpkgs/nixos/tests/nextcloud/default.nix b/nixpkgs/nixos/tests/nextcloud/default.nix index e4c7a70606cf..65043e509b3b 100644 --- a/nixpkgs/nixos/tests/nextcloud/default.nix +++ b/nixpkgs/nixos/tests/nextcloud/default.nix @@ -2,8 +2,20 @@ config ? {}, pkgs ? import ../../.. { inherit system config; } }: -{ - basic = import ./basic.nix { inherit system pkgs; }; - with-postgresql-and-redis = import ./with-postgresql-and-redis.nix { inherit system pkgs; }; - with-mysql-and-memcached = import ./with-mysql-and-memcached.nix { inherit system pkgs; }; -} + +with pkgs.lib; + +foldl + (matrix: ver: matrix // { + "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; }; + "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix { + inherit system pkgs; + nextcloudVersion = ver; + }; + "with-mysql-and-memcached${toString ver}" = import ./with-mysql-and-memcached.nix { + inherit system pkgs; + nextcloudVersion = ver; + }; + }) + {} + [ 20 21 22 ] diff --git a/nixpkgs/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixpkgs/nixos/tests/nextcloud/with-mysql-and-memcached.nix index 82041874de43..80cb63df5dbe 100644 --- a/nixpkgs/nixos/tests/nextcloud/with-mysql-and-memcached.nix +++ b/nixpkgs/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -1,4 +1,6 @@ -import ../make-test-python.nix ({ pkgs, ...}: let +args@{ pkgs, nextcloudVersion ? 22, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let adminpass = "hunter2"; adminuser = "root"; in { @@ -18,6 +20,7 @@ in { enable = true; hostName = "nextcloud"; https = true; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; caching = { apcu = true; redis = false; @@ -29,9 +32,9 @@ in { dbuser = "nextcloud"; dbhost = "127.0.0.1"; dbport = 3306; - dbpass = "hunter2"; + dbpassFile = "${pkgs.writeText "dbpass" "hunter2" }"; # Don't inherit adminuser since "root" is supposed to be the default - inherit adminpass; + adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home! }; }; @@ -39,6 +42,13 @@ in { enable = true; bind = "127.0.0.1"; package = pkgs.mariadb; + + # FIXME(@Ma27) Nextcloud isn't compatible with mariadb 10.6, + # this is a workaround. + # See https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/22 + extraOptions = '' + innodb_read_only_compressed=0 + ''; initialScript = pkgs.writeText "mysql-init" '' CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'hunter2'; CREATE DATABASE IF NOT EXISTS nextcloud; @@ -96,4 +106,4 @@ in { "${withRcloneEnv} ${diffSharedFile}" ) ''; -}) +})) args diff --git a/nixpkgs/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixpkgs/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 81af620598ee..36a69fda505b 100644 --- a/nixpkgs/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixpkgs/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -1,4 +1,6 @@ -import ../make-test-python.nix ({ pkgs, ...}: let +args@{ pkgs, nextcloudVersion ? 22, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let adminpass = "hunter2"; adminuser = "custom-admin-username"; in { @@ -17,6 +19,7 @@ in { services.nextcloud = { enable = true; hostName = "nextcloud"; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; caching = { apcu = false; redis = true; @@ -96,4 +99,4 @@ in { "${withRcloneEnv} ${diffSharedFile}" ) ''; -}) +})) args diff --git a/nixpkgs/nixos/tests/nixops/default.nix b/nixpkgs/nixos/tests/nixops/default.nix new file mode 100644 index 000000000000..4520b426849b --- /dev/null +++ b/nixpkgs/nixos/tests/nixops/default.nix @@ -0,0 +1,115 @@ +{ pkgs, ... }: +let + inherit (pkgs) lib; + + tests = { + # TODO: uncomment stable + # - Blocked on https://github.com/NixOS/nixpkgs/issues/138584 which has a + # PR in staging: https://github.com/NixOS/nixpkgs/pull/139986 + # - Alternatively, blocked on a NixOps 2 release + # https://github.com/NixOS/nixops/issues/1242 + # stable = testsLegacyNetwork { nixopsPkg = pkgs.nixops; }; + unstable = testsForPackage { nixopsPkg = pkgs.nixopsUnstable; }; + + # inherit testsForPackage; + }; + + testsForPackage = lib.makeOverridable (args: lib.recurseIntoAttrs { + legacyNetwork = testLegacyNetwork args; + }); + + testLegacyNetwork = { nixopsPkg }: pkgs.nixosTest ({ + nodes = { + deployer = { config, lib, nodes, pkgs, ... }: { + imports = [ ../../modules/installer/cd-dvd/channel.nix ]; + environment.systemPackages = [ nixopsPkg ]; + nix.binaryCaches = lib.mkForce [ ]; + users.users.person.isNormalUser = true; + virtualisation.writableStore = true; + virtualisation.memorySize = 1024 /*MiB*/; + virtualisation.pathsInNixDB = [ + pkgs.hello + pkgs.figlet + + # This includes build dependencies all the way down. Not efficient, + # but we do need build deps to an *arbitrary* depth, which is hard to + # determine. + (allDrvOutputs nodes.server.config.system.build.toplevel) + ]; + }; + server = { lib, ... }: { + imports = [ ./legacy/base-configuration.nix ]; + }; + }; + + testScript = { nodes }: + let + deployerSetup = pkgs.writeScript "deployerSetup" '' + #!${pkgs.runtimeShell} + set -eux -o pipefail + cp --no-preserve=mode -r ${./legacy} unicorn + cp --no-preserve=mode ${../ssh-keys.nix} unicorn/ssh-keys.nix + mkdir -p ~/.ssh + cp ${snakeOilPrivateKey} ~/.ssh/id_ed25519 + chmod 0400 ~/.ssh/id_ed25519 + ''; + serverNetworkJSON = pkgs.writeText "server-network.json" + (builtins.toJSON nodes.server.config.system.build.networkConfig); + in + '' + import shlex + + def deployer_do(cmd): + cmd = shlex.quote(cmd) + return deployer.succeed(f"su person -l -c {cmd} &>/dev/console") + + start_all() + + deployer_do("cat /etc/hosts") + + deployer_do("${deployerSetup}") + deployer_do("cp ${serverNetworkJSON} unicorn/server-network.json") + + # Establish that ssh works, regardless of nixops + # Easy way to accept the server host key too. + server.wait_for_open_port(22) + deployer.wait_for_unit("network.target") + + # Put newlines on console, to flush the console reader's line buffer + # in case nixops' last output did not end in a newline, as is the case + # with a status line (if implemented?) + deployer.succeed("while sleep 60s; do echo [60s passed] >/dev/console; done &") + + deployer_do("cd ~/unicorn; ssh -oStrictHostKeyChecking=accept-new root@server echo hi") + + # Create and deploy + deployer_do("cd ~/unicorn; nixops create") + + deployer_do("cd ~/unicorn; nixops deploy --confirm") + + deployer_do("cd ~/unicorn; nixops ssh server 'hello | figlet'") + ''; + }); + + inherit (import ../ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey; + + /* + Return a store path with a closure containing everything including + derivations and all build dependency outputs, all the way down. + */ + allDrvOutputs = pkg: + let name = lib.strings.sanitizeDerivationName "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}"; + in + pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } '' + touch $out + while read ref; do + case $ref in + *.drv) + cat $ref >>$out + ;; + esac + done <$refs + ''; + +in +tests diff --git a/nixpkgs/nixos/tests/nixops/legacy/base-configuration.nix b/nixpkgs/nixos/tests/nixops/legacy/base-configuration.nix new file mode 100644 index 000000000000..dba960f595c2 --- /dev/null +++ b/nixpkgs/nixos/tests/nixops/legacy/base-configuration.nix @@ -0,0 +1,31 @@ +{ lib, modulesPath, pkgs, ... }: +let + ssh-keys = + if builtins.pathExists ../../ssh-keys.nix + then # Outside sandbox + ../../ssh-keys.nix + else # In sandbox + ./ssh-keys.nix; + + inherit (import ssh-keys pkgs) + snakeOilPrivateKey snakeOilPublicKey; +in +{ + imports = [ + (modulesPath + "/virtualisation/qemu-vm.nix") + (modulesPath + "/testing/test-instrumentation.nix") + ]; + virtualisation.writableStore = true; + nix.binaryCaches = lib.mkForce [ ]; + virtualisation.graphics = false; + documentation.enable = false; + services.qemuGuest.enable = true; + boot.loader.grub.enable = false; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; + security.pam.services.sshd.limits = + [{ domain = "*"; item = "memlock"; type = "-"; value = 1024; }]; +} diff --git a/nixpkgs/nixos/tests/nixops/legacy/nixops.nix b/nixpkgs/nixos/tests/nixops/legacy/nixops.nix new file mode 100644 index 000000000000..795dc2a71825 --- /dev/null +++ b/nixpkgs/nixos/tests/nixops/legacy/nixops.nix @@ -0,0 +1,15 @@ +{ + network = { + description = "Legacy Network using <nixpkgs> and legacy state."; + # NB this is not really what makes it a legacy network; lack of flakes is. + storage.legacy = { }; + }; + server = { lib, pkgs, ... }: { + deployment.targetEnv = "none"; + imports = [ + ./base-configuration.nix + (lib.modules.importJSON ./server-network.json) + ]; + environment.systemPackages = [ pkgs.hello pkgs.figlet ]; + }; +} diff --git a/nixpkgs/nixos/tests/pict-rs.nix b/nixpkgs/nixos/tests/pict-rs.nix new file mode 100644 index 000000000000..432fd6a50ccd --- /dev/null +++ b/nixpkgs/nixos/tests/pict-rs.nix @@ -0,0 +1,17 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + { + name = "pict-rs"; + meta.maintainers = with lib.maintainers; [ happysalada ]; + + machine = { ... }: { + environment.systemPackages = with pkgs; [ curl jq ]; + services.pict-rs.enable = true; + }; + + testScript = '' + start_all() + + machine.wait_for_unit("pict-rs") + machine.wait_for_open_port("8080") + ''; + }) diff --git a/nixpkgs/nixos/tests/plasma5.nix b/nixpkgs/nixos/tests/plasma5.nix index f09859a055d5..7a5b7db94629 100644 --- a/nixpkgs/nixos/tests/plasma5.nix +++ b/nixpkgs/nixos/tests/plasma5.nix @@ -12,7 +12,7 @@ import ./make-test-python.nix ({ pkgs, ...} : imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.displayManager.sddm.enable = true; - services.xserver.displayManager.defaultSession = "plasma5"; + services.xserver.displayManager.defaultSession = "plasma"; services.xserver.desktopManager.plasma5.enable = true; services.xserver.displayManager.autoLogin = { enable = true; diff --git a/nixpkgs/nixos/tests/prowlarr.nix b/nixpkgs/nixos/tests/prowlarr.nix new file mode 100644 index 000000000000..4cbca107568f --- /dev/null +++ b/nixpkgs/nixos/tests/prowlarr.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ lib, ... }: + +with lib; + +{ + name = "prowlarr"; + meta.maintainers = with maintainers; [ jdreaver ]; + + nodes.machine = + { pkgs, ... }: + { services.prowlarr.enable = true; }; + + testScript = '' + machine.wait_for_unit("prowlarr.service") + machine.wait_for_open_port("9696") + machine.succeed("curl --fail http://localhost:9696/") + ''; +}) diff --git a/nixpkgs/nixos/tests/restart-by-activation-script.nix b/nixpkgs/nixos/tests/restart-by-activation-script.nix new file mode 100644 index 000000000000..0eec292ea9e2 --- /dev/null +++ b/nixpkgs/nixos/tests/restart-by-activation-script.nix @@ -0,0 +1,73 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "restart-by-activation-script"; + meta = with pkgs.lib.maintainers; { + maintainers = [ das_j ]; + }; + + machine = { pkgs, ... }: { + imports = [ ../modules/profiles/minimal.nix ]; + + systemd.services.restart-me = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + }; + }; + + systemd.services.reload-me = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = rec { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + ExecReload = ExecStart; + }; + }; + + system.activationScripts.test = { + supportsDryActivation = true; + text = '' + if [ -e /test-the-activation-script ]; then + if [ "$NIXOS_ACTION" != dry-activate ]; then + touch /activation-was-run + echo restart-me.service > /run/nixos/activation-restart-list + echo reload-me.service > /run/nixos/activation-reload-list + else + echo restart-me.service > /run/nixos/dry-activation-restart-list + echo reload-me.service > /run/nixos/dry-activation-reload-list + fi + fi + ''; + }; + }; + + testScript = /* python */ '' + machine.wait_for_unit("multi-user.target") + + with subtest("nothing happens when the activation script does nothing"): + out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate 2>&1") + assert 'restart' not in out + assert 'reload' not in out + out = machine.succeed("/run/current-system/bin/switch-to-configuration test") + assert 'restart' not in out + assert 'reload' not in out + + machine.succeed("touch /test-the-activation-script") + + with subtest("dry activation"): + out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate 2>&1") + assert 'would restart the following units: restart-me.service' in out + assert 'would reload the following units: reload-me.service' in out + machine.fail("test -f /run/nixos/dry-activation-restart-list") + machine.fail("test -f /run/nixos/dry-activation-reload-list") + + with subtest("real activation"): + out = machine.succeed("/run/current-system/bin/switch-to-configuration test 2>&1") + assert 'restarting the following units: restart-me.service' in out + assert 'reloading the following units: reload-me.service' in out + machine.fail("test -f /run/nixos/activation-restart-list") + machine.fail("test -f /run/nixos/activation-reload-list") + ''; +}) diff --git a/nixpkgs/nixos/tests/samba.nix b/nixpkgs/nixos/tests/samba.nix index d1d50caabfa5..252c3dd9c76e 100644 --- a/nixpkgs/nixos/tests/samba.nix +++ b/nixpkgs/nixos/tests/samba.nix @@ -20,6 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }: server = { ... }: { services.samba.enable = true; + services.samba.openFirewall = true; services.samba.shares.public = { path = "/public"; "read only" = true; @@ -27,8 +28,6 @@ import ./make-test-python.nix ({ pkgs, ... }: "guest ok" = "yes"; comment = "Public samba share."; }; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - networking.firewall.allowedUDPPorts = [ 137 138 ]; }; }; diff --git a/nixpkgs/nixos/tests/switch-test.nix b/nixpkgs/nixos/tests/switch-test.nix index 78adf7ffa7da..4caa7d98f47f 100644 --- a/nixpkgs/nixos/tests/switch-test.nix +++ b/nixpkgs/nixos/tests/switch-test.nix @@ -7,15 +7,224 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; nodes = { - machine = { ... }: { + machine = { config, pkgs, lib, ... }: { + environment.systemPackages = [ pkgs.socat ]; # for the socket activation stuff users.mutableUsers = false; + + specialisation = { + # A system with a simple socket-activated unit + simple-socket.configuration = { + systemd.services.socket-activated.serviceConfig = { + ExecStart = pkgs.writeScript "socket-test.py" /* python */ '' + #!${pkgs.python3}/bin/python3 + + from socketserver import TCPServer, StreamRequestHandler + import socket + + class Handler(StreamRequestHandler): + def handle(self): + self.wfile.write("hello".encode("utf-8")) + + class Server(TCPServer): + def __init__(self, server_address, handler_cls): + # Invoke base but omit bind/listen steps (performed by systemd activation!) + TCPServer.__init__( + self, server_address, handler_cls, bind_and_activate=False) + # Override socket + self.socket = socket.fromfd(3, self.address_family, self.socket_type) + + if __name__ == "__main__": + server = Server(("localhost", 1234), Handler) + server.serve_forever() + ''; + }; + systemd.sockets.socket-activated = { + wantedBy = [ "sockets.target" ]; + listenStreams = [ "/run/test.sock" ]; + socketConfig.SocketMode = lib.mkDefault "0777"; + }; + }; + + # The same system but the socket is modified + modified-socket.configuration = { + imports = [ config.specialisation.simple-socket.configuration ]; + systemd.sockets.socket-activated.socketConfig.SocketMode = "0666"; + }; + + # The same system but the service is modified + modified-service.configuration = { + imports = [ config.specialisation.simple-socket.configuration ]; + systemd.services.socket-activated.serviceConfig.X-Test = "test"; + }; + + # The same system but both service and socket are modified + modified-service-and-socket.configuration = { + imports = [ config.specialisation.simple-socket.configuration ]; + systemd.services.socket-activated.serviceConfig.X-Test = "some_value"; + systemd.sockets.socket-activated.socketConfig.SocketMode = "0444"; + }; + + # A system with a socket-activated service and some simple services + service-and-socket.configuration = { + imports = [ config.specialisation.simple-socket.configuration ]; + systemd.services.simple-service = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + }; + }; + + systemd.services.simple-restart-service = { + stopIfChanged = false; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + }; + }; + + systemd.services.simple-reload-service = { + reloadIfChanged = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + ExecReload = "${pkgs.coreutils}/bin/true"; + }; + }; + + systemd.services.no-restart-service = { + restartIfChanged = false; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + }; + }; + }; + + # The same system but with an activation script that restarts all services + restart-and-reload-by-activation-script.configuration = { + imports = [ config.specialisation.service-and-socket.configuration ]; + system.activationScripts.restart-and-reload-test = { + supportsDryActivation = true; + deps = []; + text = '' + if [ "$NIXOS_ACTION" = dry-activate ]; then + f=/run/nixos/dry-activation-restart-list + else + f=/run/nixos/activation-restart-list + fi + cat <<EOF >> "$f" + simple-service.service + simple-restart-service.service + simple-reload-service.service + no-restart-service.service + socket-activated.service + EOF + ''; + }; + }; + + # A system with a timer + with-timer.configuration = { + systemd.timers.test-timer = { + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = "@1395716396"; # chosen by fair dice roll + }; + systemd.services.test-timer = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.coreutils}/bin/true"; + }; + }; + }; + + # The same system but with another time + with-timer-modified.configuration = { + imports = [ config.specialisation.with-timer.configuration ]; + systemd.timers.test-timer.timerConfig.OnCalendar = lib.mkForce "Fri 2012-11-23 16:00:00"; + }; + + # A system with a systemd mount + with-mount.configuration = { + systemd.mounts = [ + { + description = "Testmount"; + what = "tmpfs"; + type = "tmpfs"; + where = "/testmount"; + options = "size=1M"; + wantedBy = [ "local-fs.target" ]; + } + ]; + }; + + # The same system but with another time + with-mount-modified.configuration = { + systemd.mounts = [ + { + description = "Testmount"; + what = "tmpfs"; + type = "tmpfs"; + where = "/testmount"; + options = "size=10M"; + wantedBy = [ "local-fs.target" ]; + } + ]; + }; + + # A system with a path unit + with-path.configuration = { + systemd.paths.test-watch = { + wantedBy = [ "paths.target" ]; + pathConfig.PathExists = "/testpath"; + }; + systemd.services.test-watch = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.coreutils}/bin/touch /testpath-modified"; + }; + }; + }; + + # The same system but watching another file + with-path-modified.configuration = { + imports = [ config.specialisation.with-path.configuration ]; + systemd.paths.test-watch.pathConfig.PathExists = lib.mkForce "/testpath2"; + }; + + # A system with a slice + with-slice.configuration = { + systemd.slices.testslice.sliceConfig.MemoryMax = "1"; # don't allow memory allocation + systemd.services.testservice = { + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + Slice = "testslice.slice"; + }; + }; + }; + + # The same system but the slice allows to allocate memory + with-slice-non-crashing.configuration = { + imports = [ config.specialisation.with-slice.configuration ]; + systemd.slices.testslice.sliceConfig.MemoryMax = lib.mkForce null; + }; + }; }; other = { ... }: { users.mutableUsers = true; }; }; - testScript = {nodes, ...}: let + testScript = { nodes, ... }: let originalSystem = nodes.machine.config.system.build.toplevel; otherSystem = nodes.other.config.system.build.toplevel; @@ -27,12 +236,182 @@ import ./make-test-python.nix ({ pkgs, ...} : { set -o pipefail exec env -i "$@" | tee /dev/stderr ''; - in '' + in /* python */ '' + def switch_to_specialisation(name, action="test"): + out = machine.succeed(f"${originalSystem}/specialisation/{name}/bin/switch-to-configuration {action} 2>&1") + assert_lacks(out, "switch-to-configuration line") # Perl warnings + return out + + def assert_contains(haystack, needle): + if needle not in haystack: + print("The haystack that will cause the following exception is:") + print("---") + print(haystack) + print("---") + raise Exception(f"Expected string '{needle}' was not found") + + def assert_lacks(haystack, needle): + if needle in haystack: + print("The haystack that will cause the following exception is:") + print("---") + print(haystack, end="") + print("---") + raise Exception(f"Unexpected string '{needle}' was found") + + machine.succeed( "${stderrRunner} ${originalSystem}/bin/switch-to-configuration test" ) machine.succeed( "${stderrRunner} ${otherSystem}/bin/switch-to-configuration test" ) + + with subtest("systemd sockets"): + machine.succeed("${originalSystem}/bin/switch-to-configuration test") + + # Simple socket is created + out = switch_to_specialisation("simple-socket") + assert_lacks(out, "stopping the following units:") + # not checking for reload because dbus gets reloaded + assert_lacks(out, "restarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_contains(out, "the following new units were started: socket-activated.socket\n") + assert_lacks(out, "as well:") + machine.succeed("[ $(stat -c%a /run/test.sock) = 777 ]") + + # Changing the socket restarts it + out = switch_to_specialisation("modified-socket") + assert_lacks(out, "stopping the following units:") + #assert_lacks(out, "reloading the following units:") + assert_contains(out, "restarting the following units: socket-activated.socket\n") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + machine.succeed("[ $(stat -c%a /run/test.sock) = 666 ]") # change was applied + + # The unit is properly activated when the socket is accessed + if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": + raise Exception("Socket was not properly activated") + + # Changing the socket restarts it and ignores the active service + out = switch_to_specialisation("simple-socket") + assert_contains(out, "stopping the following units: socket-activated.service\n") + assert_lacks(out, "reloading the following units:") + assert_contains(out, "restarting the following units: socket-activated.socket\n") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + machine.succeed("[ $(stat -c%a /run/test.sock) = 777 ]") # change was applied + + # Changing the service does nothing when the service is not active + out = switch_to_specialisation("modified-service") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "restarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + + # Activating the service and modifying it stops it but leaves the socket untouched + machine.succeed("socat - UNIX-CONNECT:/run/test.sock") + out = switch_to_specialisation("simple-socket") + assert_contains(out, "stopping the following units: socket-activated.service\n") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "restarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + + # Activating the service and both the service and the socket stops the service and restarts the socket + machine.succeed("socat - UNIX-CONNECT:/run/test.sock") + out = switch_to_specialisation("modified-service-and-socket") + assert_contains(out, "stopping the following units: socket-activated.service\n") + assert_lacks(out, "reloading the following units:") + assert_contains(out, "restarting the following units: socket-activated.socket\n") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + + with subtest("restart and reload by activation file"): + out = switch_to_specialisation("service-and-socket") + # Switch to a system where the example services get restarted + # by the activation script + out = switch_to_specialisation("restart-and-reload-by-activation-script") + assert_lacks(out, "stopping the following units:") + assert_contains(out, "stopping the following units as well: simple-service.service, socket-activated.service\n") + assert_contains(out, "reloading the following units: simple-reload-service.service\n") + assert_contains(out, "restarting the following units: simple-restart-service.service\n") + assert_contains(out, "\nstarting the following units: simple-service.service") + + # The same, but in dry mode + switch_to_specialisation("service-and-socket") + out = switch_to_specialisation("restart-and-reload-by-activation-script", action="dry-activate") + assert_lacks(out, "would stop the following units:") + assert_contains(out, "would stop the following units as well: simple-service.service, socket-activated.service\n") + assert_contains(out, "would reload the following units: simple-reload-service.service\n") + assert_contains(out, "would restart the following units: simple-restart-service.service\n") + assert_contains(out, "\nwould start the following units: simple-service.service") + + with subtest("mounts"): + switch_to_specialisation("with-mount") + out = machine.succeed("mount | grep 'on /testmount'") + assert_contains(out, "size=1024k") + + out = switch_to_specialisation("with-mount-modified") + assert_lacks(out, "stopping the following units:") + assert_contains(out, "reloading the following units: testmount.mount\n") + assert_lacks(out, "restarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + # It changed + out = machine.succeed("mount | grep 'on /testmount'") + assert_contains(out, "size=10240k") + + with subtest("timers"): + switch_to_specialisation("with-timer") + out = machine.succeed("systemctl show test-timer.timer") + assert_contains(out, "OnCalendar=2014-03-25 02:59:56 UTC") + + out = switch_to_specialisation("with-timer-modified") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "reloading the following units:") + assert_contains(out, "restarting the following units: test-timer.timer\n") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + assert_lacks(out, "as well:") + # It changed + out = machine.succeed("systemctl show test-timer.timer") + assert_contains(out, "OnCalendar=Fri 2012-11-23 16:00:00") + + with subtest("paths"): + switch_to_specialisation("with-path") + machine.fail("test -f /testpath-modified") + + # touch the file, unit should be triggered + machine.succeed("touch /testpath") + machine.wait_until_succeeds("test -f /testpath-modified") + + machine.succeed("rm /testpath /testpath-modified") + switch_to_specialisation("with-path-modified") + + machine.succeed("touch /testpath") + machine.fail("test -f /testpath-modified") + machine.succeed("touch /testpath2") + machine.wait_until_succeeds("test -f /testpath-modified") + + # This test ensures that changes to slice configuration get applied. + # We test this by having a slice that allows no memory allocation at + # all and starting a service within it. If the service crashes, the slice + # is applied and if we modify the slice to allow memory allocation, the + # service should successfully start. + with subtest("slices"): + machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # allow OOMing + out = switch_to_specialisation("with-slice") + machine.fail("systemctl start testservice.service") + out = switch_to_specialisation("with-slice-non-crashing") + machine.succeed("systemctl start testservice.service") + machine.succeed("echo 1 > /proc/sys/vm/panic_on_oom") # disallow OOMing + ''; }) diff --git a/nixpkgs/nixos/tests/udisks2.nix b/nixpkgs/nixos/tests/udisks2.nix index 1f01cc6de4d6..6c4b71aaa2ed 100644 --- a/nixpkgs/nixos/tests/udisks2.nix +++ b/nixpkgs/nixos/tests/udisks2.nix @@ -34,7 +34,7 @@ in with lzma.open( "${stick}" - ) as data, open(machine.state_dir + "/usbstick.img", "wb") as stick: + ) as data, open(machine.state_dir / "usbstick.img", "wb") as stick: stick.write(data.read()) machine.succeed("udisksctl info -b /dev/vda >&2") diff --git a/nixpkgs/nixos/tests/usbguard.nix b/nixpkgs/nixos/tests/usbguard.nix index cba905db44f3..bb707bdbf702 100644 --- a/nixpkgs/nixos/tests/usbguard.nix +++ b/nixpkgs/nixos/tests/usbguard.nix @@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { testScript = '' # create a blank disk image for our fake USB stick - with open(machine.state_dir + "/usbstick.img", "wb") as stick: + with open(machine.state_dir / "usbstick.img", "wb") as stick: stick.write(b"\x00" * (1024 * 1024)) # wait for machine to have started and the usbguard service to be up diff --git a/nixpkgs/nixos/tests/without-nix.nix b/nixpkgs/nixos/tests/without-nix.nix new file mode 100644 index 000000000000..2fc00b04144f --- /dev/null +++ b/nixpkgs/nixos/tests/without-nix.nix @@ -0,0 +1,23 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "without-nix"; + meta = with lib.maintainers; { + maintainers = [ ericson2314 ]; + }; + + nixpkgs.overlays = [ + (self: super: { + nix = throw "don't want to use this"; + }) + ]; + + nodes.machine = { ... }: { + nix.enable = false; + }; + + testScript = '' + start_all() + + machine.succeed("which which") + machine.fail("which nix") + ''; +}) diff --git a/nixpkgs/nixos/tests/wpa_supplicant.nix b/nixpkgs/nixos/tests/wpa_supplicant.nix new file mode 100644 index 000000000000..1d669d5016a7 --- /dev/null +++ b/nixpkgs/nixos/tests/wpa_supplicant.nix @@ -0,0 +1,81 @@ +import ./make-test-python.nix ({ pkgs, lib, ...}: +{ + name = "wpa_supplicant"; + meta = with lib.maintainers; { + maintainers = [ rnhmjoj ]; + }; + + machine = { ... }: { + imports = [ ../modules/profiles/minimal.nix ]; + + # add a virtual wlan interface + boot.kernelModules = [ "mac80211_hwsim" ]; + + # wireless access point + services.hostapd = { + enable = true; + wpa = true; + interface = "wlan0"; + ssid = "nixos-test"; + wpaPassphrase = "reproducibility"; + }; + + # wireless client + networking.wireless = { + # the override is needed because the wifi is + # disabled with mkVMOverride in qemu-vm.nix. + enable = lib.mkOverride 0 true; + userControlled.enable = true; + interfaces = [ "wlan1" ]; + + networks = { + # test network + nixos-test.psk = "@PSK_NIXOS_TEST@"; + + # secrets substitution test cases + test1.psk = "@PSK_VALID@"; # should be replaced + test2.psk = "@PSK_SPECIAL@"; # should be replaced + test3.psk = "@PSK_MISSING@"; # should not be replaced + test4.psk = "P@ssowrdWithSome@tSymbol"; # should not be replaced + }; + + # secrets + environmentFile = pkgs.writeText "wpa-secrets" '' + PSK_NIXOS_TEST="reproducibility" + PSK_VALID="S0m3BadP4ssw0rd"; + # taken from https://github.com/minimaxir/big-list-of-naughty-strings + PSK_SPECIAL=",./;'[]\-= <>?:\"{}|_+ !@#$%^\&*()`~"; + ''; + }; + + }; + + testScript = + '' + config_file = "/run/wpa_supplicant/wpa_supplicant.conf" + + with subtest("Configuration file is inaccessible to other users"): + machine.wait_for_file(config_file) + machine.fail(f"sudo -u nobody ls {config_file}") + + with subtest("Secrets variables have been substituted"): + machine.fail(f"grep -q @PSK_VALID@ {config_file}") + machine.fail(f"grep -q @PSK_SPECIAL@ {config_file}") + machine.succeed(f"grep -q @PSK_MISSING@ {config_file}") + machine.succeed(f"grep -q P@ssowrdWithSome@tSymbol {config_file}") + + # save file for manual inspection + machine.copy_from_vm(config_file) + + with subtest("Daemon is running and accepting connections"): + machine.wait_for_unit("wpa_supplicant-wlan1.service") + status = machine.succeed("wpa_cli -i wlan1 status") + assert "Failed to connect" not in status, \ + "Failed to connect to the daemon" + + with subtest("Daemon can connect to the access point"): + machine.wait_until_succeeds( + "wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED" + ) + ''; +}) |