diff options
Diffstat (limited to 'nixos/modules/programs')
-rw-r--r-- | nixos/modules/programs/adb.nix | 4 | ||||
-rw-r--r-- | nixos/modules/programs/digitalbitbox/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/environment.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/firejail.nix | 48 | ||||
-rw-r--r-- | nixos/modules/programs/gphoto2.nix | 4 | ||||
-rw-r--r-- | nixos/modules/programs/mosh.nix | 18 | ||||
-rw-r--r-- | nixos/modules/programs/npm.nix | 4 | ||||
-rw-r--r-- | nixos/modules/programs/nylas-mail.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/screen.nix | 4 | ||||
-rw-r--r-- | nixos/modules/programs/shell.nix | 42 | ||||
-rw-r--r-- | nixos/modules/programs/ssh.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/sway.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/thefuck.nix | 4 | ||||
-rw-r--r-- | nixos/modules/programs/tmux.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/wireshark.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/xonsh.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/xss-lock.nix | 26 | ||||
-rw-r--r-- | nixos/modules/programs/zsh/zsh-autosuggestions.nix | 60 | ||||
-rw-r--r-- | nixos/modules/programs/zsh/zsh.nix | 19 |
19 files changed, 191 insertions, 56 deletions
diff --git a/nixos/modules/programs/adb.nix b/nixos/modules/programs/adb.nix index f648d70bd9fa..942572cef9d5 100644 --- a/nixos/modules/programs/adb.nix +++ b/nixos/modules/programs/adb.nix @@ -14,7 +14,7 @@ with lib; description = '' Whether to configure system to use Android Debug Bridge (adb). To grant access to a user, it must be part of adbusers group: - <code>users.extraUsers.alice.extraGroups = ["adbusers"];</code> + <code>users.users.alice.extraGroups = ["adbusers"];</code> ''; relatedPackages = [ ["androidenv" "platformTools"] ]; }; @@ -25,6 +25,6 @@ with lib; config = mkIf config.programs.adb.enable { services.udev.packages = [ pkgs.android-udev-rules ]; environment.systemPackages = [ pkgs.androidenv.platformTools ]; - users.extraGroups.adbusers = {}; + users.groups.adbusers = {}; }; } diff --git a/nixos/modules/programs/digitalbitbox/default.nix b/nixos/modules/programs/digitalbitbox/default.nix index 7c727489c6c9..2fe0a14412c5 100644 --- a/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixos/modules/programs/digitalbitbox/default.nix @@ -34,6 +34,6 @@ in meta = { doc = ./doc.xml; - maintainers = with stdenv.lib.maintainers; [ vidbina ]; + maintainers = with lib.maintainers; [ vidbina ]; }; } diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 401d152941a0..06ebb7bc729b 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -33,8 +33,6 @@ in environment.profileRelativeEnvVars = { PATH = [ "/bin" ]; INFOPATH = [ "/info" "/share/info" ]; - PKG_CONFIG_PATH = [ "/lib/pkgconfig" ]; - PERL5LIB = [ "/lib/perl5/site_perl" ]; KDEDIRS = [ "" ]; STRIGI_PLUGIN_PATH = [ "/lib/strigi/" ]; QT_PLUGIN_PATH = [ "/lib/qt4/plugins" "/lib/kde4/plugins" ]; diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix new file mode 100644 index 000000000000..46ee4bc0f7a0 --- /dev/null +++ b/nixos/modules/programs/firejail.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.firejail; + + wrappedBins = pkgs.stdenv.mkDerivation rec { + name = "firejail-wrapped-binaries"; + nativeBuildInputs = with pkgs; [ makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' + cat <<_EOF >$out/bin/${command} + #!${pkgs.stdenv.shell} -e + /run/wrappers/bin/firejail ${binary} "\$@" + _EOF + chmod 0755 $out/bin/${command} + '') cfg.wrappedBinaries)} + ''; + }; + +in { + options.programs.firejail = { + enable = mkEnableOption "firejail"; + + wrappedBinaries = mkOption { + type = types.attrs; + default = {}; + description = '' + Wrap the binaries in firejail and place them in the global path. + </para> + <para> + You will get file collisions if you put the actual application binary in + the global environment and applications started via .desktop files are + not wrapped if they specify the absolute path to the binary. + ''; + }; + }; + + config = mkIf cfg.enable { + security.wrappers.firejail.source = "${lib.getBin pkgs.firejail}/bin/firejail"; + + environment.systemPackages = [ wrappedBins ]; + }; + + meta.maintainers = with maintainers; [ peterhoeg ]; +} diff --git a/nixos/modules/programs/gphoto2.nix b/nixos/modules/programs/gphoto2.nix index ca7c6fb28f52..93923ff3133c 100644 --- a/nixos/modules/programs/gphoto2.nix +++ b/nixos/modules/programs/gphoto2.nix @@ -15,7 +15,7 @@ with lib; Whether to configure system to use gphoto2. To grant digital camera access to a user, the user must be part of the camera group: - <code>users.extraUsers.alice.extraGroups = ["camera"];</code> + <code>users.users.alice.extraGroups = ["camera"];</code> ''; }; }; @@ -25,6 +25,6 @@ with lib; config = mkIf config.programs.gphoto2.enable { services.udev.packages = [ pkgs.libgphoto2 ]; environment.systemPackages = [ pkgs.gphoto2 ]; - users.extraGroups.camera = {}; + users.groups.camera = {}; }; } diff --git a/nixos/modules/programs/mosh.nix b/nixos/modules/programs/mosh.nix index b3aa55e189a3..359fe23e0ecd 100644 --- a/nixos/modules/programs/mosh.nix +++ b/nixos/modules/programs/mosh.nix @@ -16,10 +16,28 @@ in default = false; type = lib.types.bool; }; + withUtempter = mkOption { + description = '' + Whether to enable libutempter for mosh. + This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions). + Note, this will add a guid wrapper for the group utmp! + ''; + default = true; + type = lib.types.bool; + }; }; config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ mosh ]; networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ]; + security.wrappers = mkIf cfg.withUtempter { + utempter = { + source = "${pkgs.libutempter}/lib/utempter/utempter"; + owner = "nobody"; + group = "utmp"; + setuid = false; + setgid = true; + }; + }; }; } diff --git a/nixos/modules/programs/npm.nix b/nixos/modules/programs/npm.nix index 7ef172355c1f..5fdd4fa841a1 100644 --- a/nixos/modules/programs/npm.nix +++ b/nixos/modules/programs/npm.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; @@ -39,6 +39,8 @@ in environment.etc."npmrc".text = cfg.npmrc; environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc"; + + environment.systemPackages = [ pkgs.nodePackages.npm ]; }; } diff --git a/nixos/modules/programs/nylas-mail.nix b/nixos/modules/programs/nylas-mail.nix index 9a6cf755f2a2..08a6cd0a6049 100644 --- a/nixos/modules/programs/nylas-mail.nix +++ b/nixos/modules/programs/nylas-mail.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.nylas-mail; - defaultUser = "nylas-mail"; in { ###### interface options = { diff --git a/nixos/modules/programs/screen.nix b/nixos/modules/programs/screen.nix index f82338a69d25..c1daaa58f16f 100644 --- a/nixos/modules/programs/screen.nix +++ b/nixos/modules/programs/screen.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let inherit (lib) mkOption mkIf types; @@ -25,6 +25,8 @@ in config = mkIf (cfg.screenrc != "") { environment.etc."screenrc".text = cfg.screenrc; + + environment.systemPackages = [ pkgs.screen ]; }; } diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix index 3504a8a924b0..26ef18759921 100644 --- a/nixos/modules/programs/shell.nix +++ b/nixos/modules/programs/shell.nix @@ -4,12 +4,6 @@ with lib; -let - - cfg = config.environment; - -in - { config = { @@ -23,39 +17,39 @@ in environment.shellInit = '' # Set up the per-user profile. - mkdir -m 0755 -p $NIX_USER_PROFILE_DIR - if test "$(stat --printf '%u' $NIX_USER_PROFILE_DIR)" != "$(id -u)"; then - echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2 + mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR" + if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then + echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR, should be $(id -u)" >&2 fi - if test -w $HOME; then - if ! test -L $HOME/.nix-profile; then - if test "$USER" != root; then - ln -s $NIX_USER_PROFILE_DIR/profile $HOME/.nix-profile + if [ -w "$HOME" ]; then + if ! [ -L "$HOME/.nix-profile" ]; then + if [ "$USER" != root ]; then + ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile" else # Root installs in the system-wide profile by default. - ln -s /nix/var/nix/profiles/default $HOME/.nix-profile + ln -s /nix/var/nix/profiles/default "$HOME/.nix-profile" fi fi # Subscribe the root user to the NixOS channel by default. - if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then - echo "${config.system.nixos.defaultChannel} nixos" > $HOME/.nix-channels + if [ "$USER" = root -a ! -e "$HOME/.nix-channels" ]; then + echo "${config.system.nixos.defaultChannel} nixos" > "$HOME/.nix-channels" fi # Create the per-user garbage collector roots directory. - NIX_USER_GCROOTS_DIR=/nix/var/nix/gcroots/per-user/$USER - mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR - if test "$(stat --printf '%u' $NIX_USER_GCROOTS_DIR)" != "$(id -u)"; then - echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2 + NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER" + mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR" + if [ "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then + echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR, should be $(id -u)" >&2 fi # Set up a default Nix expression from which to install stuff. - if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then - rm -f $HOME/.nix-defexpr - mkdir -p $HOME/.nix-defexpr + if [ ! -e "$HOME/.nix-defexpr" -o -L "$HOME/.nix-defexpr" ]; then + rm -f "$HOME/.nix-defexpr" + mkdir -p "$HOME/.nix-defexpr" if [ "$USER" != root ]; then - ln -s /nix/var/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root + ln -s /nix/var/nix/profiles/per-user/root/channels "$HOME/.nix-defexpr/channels_root" fi fi fi diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 7a48624fd2a2..db44f9040dde 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -7,7 +7,6 @@ with lib; let cfg = config.programs.ssh; - cfgd = config.services.openssh; askPassword = cfg.askPassword; diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix index d9503d6004ff..0eaaf6b85b99 100644 --- a/nixos/modules/programs/sway.nix +++ b/nixos/modules/programs/sway.nix @@ -73,7 +73,7 @@ in { permissions = "u+rx,g+rx"; }; - users.extraGroups.sway = {}; + users.groups.sway = {}; security.pam.services.swaylock = {}; hardware.opengl.enable = mkDefault true; diff --git a/nixos/modules/programs/thefuck.nix b/nixos/modules/programs/thefuck.nix index eb913477cf05..f4ae52934760 100644 --- a/nixos/modules/programs/thefuck.nix +++ b/nixos/modules/programs/thefuck.nix @@ -31,8 +31,8 @@ in environment.systemPackages = with pkgs; [ thefuck ]; environment.shellInit = initScript; - programs.zsh.shellInit = mkIf prg.zsh.enable initScript; - programs.fish.shellInit = mkIf prg.fish.enable '' + programs.zsh.interactiveShellInit = mkIf prg.zsh.enable initScript; + programs.fish.interactiveShellInit = mkIf prg.fish.enable '' ${pkgs.thefuck}/bin/thefuck --alias | source ''; }; diff --git a/nixos/modules/programs/tmux.nix b/nixos/modules/programs/tmux.nix index 4a60403a2827..3d5a37274ae2 100644 --- a/nixos/modules/programs/tmux.nix +++ b/nixos/modules/programs/tmux.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (lib) mkOption mkEnableOption mkIf mkMerge types; + inherit (lib) mkOption mkIf types; cfg = config.programs.tmux; diff --git a/nixos/modules/programs/wireshark.nix b/nixos/modules/programs/wireshark.nix index 710d223b6f59..819f15b98a05 100644 --- a/nixos/modules/programs/wireshark.nix +++ b/nixos/modules/programs/wireshark.nix @@ -29,7 +29,7 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ wireshark ]; - users.extraGroups.wireshark = {}; + users.groups.wireshark = {}; security.wrappers.dumpcap = { source = "${wireshark}/bin/dumpcap"; diff --git a/nixos/modules/programs/xonsh.nix b/nixos/modules/programs/xonsh.nix index 49cc4906e038..f967ca82ac8c 100644 --- a/nixos/modules/programs/xonsh.nix +++ b/nixos/modules/programs/xonsh.nix @@ -6,8 +6,6 @@ with lib; let - cfge = config.environment; - cfg = config.programs.xonsh; in diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix new file mode 100644 index 000000000000..49d522c604f5 --- /dev/null +++ b/nixos/modules/programs/xss-lock.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs.xss-lock; +in +{ + options.programs.xss-lock = { + enable = mkEnableOption "xss-lock"; + lockerCommand = mkOption { + example = "xlock"; + type = types.string; + description = "Locker to be used with xsslock"; + }; + }; + + config = mkIf cfg.enable { + systemd.user.services.xss-lock = { + description = "XSS Lock Daemon"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig.ExecStart = "${pkgs.xss-lock}/bin/xss-lock ${cfg.lockerCommand}"; + }; + }; +} diff --git a/nixos/modules/programs/zsh/zsh-autosuggestions.nix b/nixos/modules/programs/zsh/zsh-autosuggestions.nix new file mode 100644 index 000000000000..416f4c9c6751 --- /dev/null +++ b/nixos/modules/programs/zsh/zsh-autosuggestions.nix @@ -0,0 +1,60 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs.zsh.autosuggestions; +in +{ + options.programs.zsh.autosuggestions = { + + enable = mkEnableOption "zsh-autosuggestions"; + + highlightStyle = mkOption { + type = types.str; + default = "fg=8"; # https://github.com/zsh-users/zsh-autosuggestions/tree/v0.4.3#suggestion-highlight-style + description = "Highlight style for suggestions ({fore,back}ground color)"; + example = "fg=cyan"; + }; + + strategy = mkOption { + type = types.enum [ "default" "match_prev_cmd" ]; + default = "default"; + description = '' + Set ZSH_AUTOSUGGEST_STRATEGY to choose the strategy for generating suggestions. + There are currently two to choose from: + + * default: Chooses the most recent match. + * match_prev_cmd: Chooses the most recent match whose preceding history item matches + the most recently executed command (more info). Note that this strategy won't work as + expected with ZSH options that don't preserve the history order such as + HIST_IGNORE_ALL_DUPS or HIST_EXPIRE_DUPS_FIRST. + ''; + }; + + extraConfig = mkOption { + type = with types; attrsOf str; + default = {}; + description = "Attribute set with additional configuration values"; + example = literalExample '' + { + "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20"; + } + ''; + }; + + }; + + config = mkIf cfg.enable { + + programs.zsh.interactiveShellInit = '' + source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh + + export ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="${cfg.highlightStyle}" + export ZSH_AUTOSUGGEST_STRATEGY="${cfg.strategy}" + + ${concatStringsSep "\n" (mapAttrsToList (key: value: ''export ${key}="${value}"'') cfg.extraConfig)} + ''; + + }; +} diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix index b88f54678ee1..42d4e1d4ada0 100644 --- a/nixos/modules/programs/zsh/zsh.nix +++ b/nixos/modules/programs/zsh/zsh.nix @@ -69,7 +69,9 @@ in promptInit = mkOption { default = '' - autoload -U promptinit && promptinit && prompt walters + if [ "$TERM" != dumb ]; then + autoload -U promptinit && promptinit && prompt walters + fi ''; description = '' Shell script code used to initialise the zsh prompt. @@ -85,13 +87,6 @@ in type = types.bool; }; - enableAutosuggestions = mkOption { - default = false; - description = '' - Enable zsh-autosuggestions - ''; - type = types.bool; - }; }; }; @@ -108,6 +103,8 @@ in if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi export __ETC_ZSHENV_SOURCED=1 + ${config.system.build.setEnvironment.text} + ${cfge.shellInit} ${cfg.shellInit} @@ -127,8 +124,6 @@ in if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi __ETC_ZPROFILE_SOURCED=1 - ${config.system.build.setEnvironment.text} - ${cfge.loginShellInit} ${cfg.loginShellInit} @@ -166,10 +161,6 @@ in ${optionalString cfg.enableCompletion "autoload -U compinit && compinit"} - ${optionalString (cfg.enableAutosuggestions) - "source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh" - } - ${cfge.interactiveShellInit} ${cfg.interactiveShellInit} |