diff options
Diffstat (limited to 'nixos/modules/services')
33 files changed, 188 insertions, 76 deletions
diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index cfb1cd773c7f..6fd39e68b1d9 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -161,11 +161,11 @@ in { ''; postStart = '' - until ${pkgs.curl}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do + until ${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do sleep 10 done while true ; do - index=`${pkgs.curl}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}` + index=`${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}` if [[ !("$index" =~ 'Please wait while Jenkins is restarting' || "$index" =~ 'Please wait while Jenkins is getting ready to work') ]]; then exit 0 diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 6fd901a00559..9e86559dda04 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -87,7 +87,7 @@ in mkdir -p ${cfg.dataDir} chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ''; - serviceConfig.ExecStart = "${openldap}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}"; + serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}"; }; users.extraUsers.openldap = diff --git a/nixos/modules/services/desktops/gnome3/gvfs.nix b/nixos/modules/services/desktops/gnome3/gvfs.nix index c4f41a6125c7..a07cdadbb12b 100644 --- a/nixos/modules/services/desktops/gnome3/gvfs.nix +++ b/nixos/modules/services/desktops/gnome3/gvfs.nix @@ -37,7 +37,7 @@ in services.dbus.packages = [ gnome3.gvfs ]; - services.udev.packages = [ pkgs.libmtp ]; + services.udev.packages = [ pkgs.libmtp.bin ]; }; diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index e267aeee030c..8e883ed7775f 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -72,7 +72,7 @@ let run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="[^/$]' | sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq) for i in $import_progs $run_progs; do - if [[ ! -x ${pkgs.udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then + if [[ ! -x ${udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then echo "FAIL" echo "$i is called in udev rules but not installed by udev" exit 1 diff --git a/nixos/modules/services/hardware/upower.nix b/nixos/modules/services/hardware/upower.nix index 739d76fbf1f5..2198842a4511 100644 --- a/nixos/modules/services/hardware/upower.nix +++ b/nixos/modules/services/hardware/upower.nix @@ -51,7 +51,7 @@ in systemd.services.upower = { description = "Power Management Daemon"; - path = [ pkgs.glib ]; # needed for gdbus + path = [ pkgs.glib.out ]; # needed for gdbus serviceConfig = { Type = "dbus"; BusName = "org.freedesktop.UPower"; diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index 0a0e160a7cc3..add339f9bdfe 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -65,7 +65,7 @@ in { }; postStart = '' - until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do sleep 1; done ''; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index e079a5d80d4c..911f79e5756a 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -358,7 +358,7 @@ in systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; systemd.services.nix-daemon = - { path = [ nix pkgs.openssl pkgs.utillinux config.programs.ssh.package ] + { path = [ nix pkgs.openssl.bin pkgs.utillinux config.programs.ssh.package ] ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; environment = cfg.envVars diff --git a/nixos/modules/services/misc/subsonic.nix b/nixos/modules/services/misc/subsonic.nix index 020d53a481de..c1ebe418f727 100644 --- a/nixos/modules/services/misc/subsonic.nix +++ b/nixos/modules/services/misc/subsonic.nix @@ -97,7 +97,7 @@ in transcoders = mkOption { type = types.listOf types.path; - default = [ "${pkgs.ffmpeg}/bin/ffmpeg" ]; + default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; description = '' List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside diff --git a/nixos/modules/services/misc/svnserve.nix b/nixos/modules/services/misc/svnserve.nix index 37dd133e137d..c74befac749d 100644 --- a/nixos/modules/services/misc/svnserve.nix +++ b/nixos/modules/services/misc/svnserve.nix @@ -38,7 +38,7 @@ in after = [ "network-interfaces.target" ]; wantedBy = [ "multi-user.target" ]; preStart = "mkdir -p ${cfg.svnBaseDir}"; - script = "${pkgs.subversion}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid"; + script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid"; }; }; } diff --git a/nixos/modules/services/monitoring/cadvisor.nix b/nixos/modules/services/monitoring/cadvisor.nix index 425e0ee9230f..a67df158be47 100644 --- a/nixos/modules/services/monitoring/cadvisor.nix +++ b/nixos/modules/services/monitoring/cadvisor.nix @@ -71,7 +71,7 @@ in { after = [ "network.target" "docker.service" "influxdb.service" ]; postStart = mkBefore '' - until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do sleep 1; done ''; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index 7104a5796f76..e50728aff8f8 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -509,7 +509,7 @@ in { }; in "${aenv}/${pkgs.python.sitePackages}"; GRAPHITE_API_CONFIG = graphiteApiConfig; - LD_LIBRARY_PATH = "${pkgs.cairo}/lib"; + LD_LIBRARY_PATH = "${pkgs.cairo.out}/lib"; }; serviceConfig = { ExecStart = '' diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix index ab441339a560..d4b6c05e9432 100644 --- a/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -26,6 +26,15 @@ in The port on which the introducer will listen. ''; }; + tub.location = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The external location that the introducer should listen on. + + If specified, the port should be included. + ''; + }; package = mkOption { default = pkgs.tahoelafs; defaultText = "pkgs.tahoelafs"; @@ -60,6 +69,18 @@ in system to listen on a different port. ''; }; + tub.location = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The external location that the node should listen on. + + This is the setting to tweak if there are multiple interfaces + and you want to alter which interface Tahoe is advertising. + + If specified, the port should be included. + ''; + }; web.port = mkOption { default = 3456; type = types.int; @@ -144,6 +165,8 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} + ${optionalString (settings.tub.location != null) + "tub.location = ${settings.tub.location}"} ''; }); # Actually require Tahoe, so that we will have it installed. @@ -209,6 +232,8 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} + ${optionalString (settings.tub.location != null) + "tub.location = ${settings.tub.location}"} # This is a Twisted endpoint. Twisted Web doesn't work on # non-TCP. ~ C. web.port = tcp:${toString settings.web.port} diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 886bfc30468e..61305f5a755e 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -151,7 +151,7 @@ in /etc/group r, ${config.environment.etc."nsswitch.conf".source} r, - ${pkgs.glibc}/lib/*.so mr, + ${pkgs.glibc.out}/lib/*.so mr, ${pkgs.tzdata}/share/zoneinfo/** r, network inet stream, @@ -159,12 +159,12 @@ in network inet dgram, network inet6 dgram, - ${pkgs.gcc.cc}/lib/libssp.so.* mr, - ${pkgs.libsodium}/lib/libsodium.so.* mr, + ${pkgs.gcc.cc.lib}/lib/libssp.so.* mr, + ${pkgs.libsodium.out}/lib/libsodium.so.* mr, ${pkgs.systemd}/lib/libsystemd.so.* mr, - ${pkgs.xz}/lib/liblzma.so.* mr, - ${pkgs.libgcrypt}/lib/libgcrypt.so.* mr, - ${pkgs.libgpgerror}/lib/libgpg-error.so.* mr, + ${pkgs.xz.out}/lib/liblzma.so.* mr, + ${pkgs.libgcrypt.out}/lib/libgcrypt.so.* mr, + ${pkgs.libgpgerror.out}/lib/libgpg-error.so.* mr, ${pkgs.libcap}/lib/libcap.so.* mr, ${pkgs.lz4}/lib/liblz4.so.* mr, ${pkgs.attr}/lib/libattr.so.* mr, diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index 15ec9be80121..0cbf57314c4b 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -8,7 +8,7 @@ let homeDir = "/var/lib/i2pd"; - extip = "EXTIP=\$(${pkgs.curl}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')"; + extip = "EXTIP=\$(${pkgs.curl.bin}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')"; toYesNo = b: if b then "yes" else "no"; diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index 880a1d361dfe..8f6881441cf7 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -50,7 +50,7 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ config.nix.package pkgs.bzip2 ]; + path = [ config.nix.package pkgs.bzip2.bin ]; environment.NIX_REMOTE = "daemon"; environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index f069fe7bec96..3664c2857739 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -6,6 +6,21 @@ let cfg = config.services.shout; shoutHome = "/var/lib/shout"; + defaultConfig = pkgs.runCommand "config.js" {} '' + EDITOR=true ${pkgs.shout}/bin/shout config --home $PWD + mv config.js $out + ''; + + finalConfigFile = if (cfg.configFile != null) then cfg.configFile else '' + var _ = require('${pkgs.shout}/lib/node_modules/shout/node_modules/lodash') + + module.exports = _.merge( + {}, + require('${defaultConfig}'), + ${builtins.toJSON cfg.config} + ) + ''; + in { options.services.shout = { enable = mkEnableOption "Shout web IRC client"; @@ -35,8 +50,31 @@ in { type = types.nullOr types.lines; default = null; description = '' - Contents of Shout's <filename>config.js</filename> file. If left empty, - Shout will generate from its defaults at first startup. + Contents of Shout's <filename>config.js</filename> file. + + Used for backward compatibility, recommended way is now to use + the <literal>config</literal> option. + + Documentation: http://shout-irc.com/docs/server/configuration.html + ''; + }; + + config = mkOption { + default = {}; + type = types.attrs; + example = { + displayNetwork = false; + defaults = { + name = "Your Network"; + host = "localhost"; + port = 6697; + }; + }; + description = '' + Shout <filename>config.js</filename> contents as attribute set (will be + converted to JSON to generate the configuration file). + + The options defined here will be merged to the default configuration file. Documentation: http://shout-irc.com/docs/server/configuration.html ''; @@ -57,11 +95,7 @@ in { wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; - preStart = if isNull cfg.configFile then "" - else '' - ln -sf ${pkgs.writeText "config.js" cfg.configFile} \ - ${shoutHome}/config.js - ''; + preStart = "ln -sf ${pkgs.writeText "config.js" finalConfigFile} ${shoutHome}/config.js"; script = concatStringsSep " " [ "${pkgs.shout}/bin/shout" (if cfg.private then "--private" else "--public") diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 9e122dc7beac..29166be2399b 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -14,21 +14,21 @@ let additionalBackends = pkgs.runCommand "additional-cups-backends" { } '' mkdir -p $out - if [ ! -e ${cups}/lib/cups/backend/smb ]; then + if [ ! -e ${cups.out}/lib/cups/backend/smb ]; then mkdir -p $out/lib/cups/backend ln -sv ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb fi # Provide support for printing via HTTPS. - if [ ! -e ${cups}/lib/cups/backend/https ]; then + if [ ! -e ${cups.out}/lib/cups/backend/https ]; then mkdir -p $out/lib/cups/backend - ln -sv ${cups}/lib/cups/backend/ipp $out/lib/cups/backend/https + ln -sv ${cups.out}/lib/cups/backend/ipp $out/lib/cups/backend/https fi ''; # Here we can enable additional backends, filters, etc. that are not # part of CUPS itself, e.g. the SMB backend is part of Samba. Since - # we can't update ${cups}/lib/cups itself, we create a symlink tree + # we can't update ${cups.out}/lib/cups itself, we create a symlink tree # here and add the additional programs. The ServerBin directive in # cupsd.conf tells cupsd to use this tree. bindir = pkgs.buildEnv { diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index 31332489a784..c51a42b8e9c1 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -148,7 +148,7 @@ in { if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi ''; postStart = mkBefore '' - until ${pkgs.curl}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do sleep 1 done ''; diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index ba34eb25169c..327993443048 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -121,7 +121,7 @@ in security.setuidOwners = singleton { program = "dbus-daemon-launch-helper"; - source = "${pkgs.dbus_daemon}/libexec/dbus-daemon-launch-helper"; + source = "${pkgs.dbus_daemon.lib}/libexec/dbus-daemon-launch-helper"; owner = "root"; group = "messagebus"; setuid = true; diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 3c0d2043ed5d..d98ef8a306d5 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -64,14 +64,14 @@ in restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source ]; serviceConfig = - { ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${cfgFile}"; + { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd -f ${cfgFile}"; Type = "forking"; PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; ExecReload = - [ "${pkgs.glibc}/sbin/nscd --invalidate passwd" - "${pkgs.glibc}/sbin/nscd --invalidate group" - "${pkgs.glibc}/sbin/nscd --invalidate hosts" + [ "${pkgs.glibc.bin}/sbin/nscd --invalidate passwd" + "${pkgs.glibc.bin}/sbin/nscd --invalidate group" + "${pkgs.glibc.bin}/sbin/nscd --invalidate hosts" ]; }; @@ -79,7 +79,7 @@ in # its pid. So wait until it's ready. postStart = '' - while ! ${pkgs.glibc}/sbin/nscd -g -f ${cfgFile} > /dev/null; do + while ! ${pkgs.glibc.bin}/sbin/nscd -g -f ${cfgFile} > /dev/null; do sleep 0.2 done ''; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 7718a721763c..c2220cb0cff7 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -113,21 +113,21 @@ in #include <abstractions/base> #include <abstractions/nameservice> - ${pkgs.glibc}/lib/*.so mr, - ${pkgs.libevent}/lib/libevent*.so* mr, - ${pkgs.curl}/lib/libcurl*.so* mr, - ${pkgs.openssl}/lib/libssl*.so* mr, - ${pkgs.openssl}/lib/libcrypto*.so* mr, - ${pkgs.zlib}/lib/libz*.so* mr, - ${pkgs.libssh2}/lib/libssh2*.so* mr, + ${pkgs.glibc.out}/lib/*.so mr, + ${pkgs.libevent.out}/lib/libevent*.so* mr, + ${pkgs.curl.out}/lib/libcurl*.so* mr, + ${pkgs.openssl.out}/lib/libssl*.so* mr, + ${pkgs.openssl.out}/lib/libcrypto*.so* mr, + ${pkgs.zlib.out}/lib/libz*.so* mr, + ${pkgs.libssh2.out}/lib/libssh2*.so* mr, ${pkgs.systemd}/lib/libsystemd*.so* mr, - ${pkgs.xz}/lib/liblzma*.so* mr, - ${pkgs.libgcrypt}/lib/libgcrypt*.so* mr, - ${pkgs.libgpgerror}/lib/libgpg-error*.so* mr, - ${pkgs.libnghttp2}/lib/libnghttp2*.so* mr, - ${pkgs.c-ares}/lib/libcares*.so* mr, - ${pkgs.libcap}/lib/libcap*.so* mr, - ${pkgs.attr}/lib/libattr*.so* mr, + ${pkgs.xz.out}/lib/liblzma*.so* mr, + ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr, + ${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr, + ${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr, + ${pkgs.c-ares.out}/lib/libcares*.so* mr, + ${pkgs.libcap.out}/lib/libcap*.so* mr, + ${pkgs.attr.out}/lib/libattr*.so* mr, ${pkgs.lz4}/lib/liblz4*.so* mr, @{PROC}/sys/kernel/random/uuid r, diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index fdbd61c85e65..7953729c00cd 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -6,13 +6,13 @@ let mainCfg = config.services.httpd; - httpd = mainCfg.package; + httpd = mainCfg.package.out; version24 = !versionOlder httpd.version "2.4"; httpdConf = mainCfg.configFile; - php = pkgs.php.override { apacheHttpd = httpd; }; + php = pkgs.php.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix index a9ec20ae8471..94e85f1f4289 100644 --- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix +++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix @@ -333,7 +333,7 @@ let 'version' => '${config.package.version}', - 'openssl' => '${pkgs.openssl}/bin/openssl' + 'openssl' => '${pkgs.openssl.bin}/bin/openssl' ); diff --git a/nixos/modules/services/web-servers/apache-httpd/phabricator.nix b/nixos/modules/services/web-servers/apache-httpd/phabricator.nix index e4e3aac8d411..efd4a7b5f0fb 100644 --- a/nixos/modules/services/web-servers/apache-httpd/phabricator.nix +++ b/nixos/modules/services/web-servers/apache-httpd/phabricator.nix @@ -39,7 +39,7 @@ in { "${pkgs.diffutils}" ] ++ (if config.mercurial then ["${pkgs.mercurial}"] else []) ++ - (if config.subversion then ["${pkgs.subversion}"] else []) ++ + (if config.subversion then ["${pkgs.subversion.out}"] else []) ++ (if config.git then ["${pkgs.git}"] else []); startupScript = pkgs.writeScript "activatePhabricator" '' diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix new file mode 100644 index 000000000000..0d2612aaa66b --- /dev/null +++ b/nixos/modules/services/web-servers/caddy.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.caddy; + configFile = pkgs.writeText "Caddyfile" cfg.config; +in +{ + options.services.caddy = { + enable = mkEnableOption "Caddy web server"; + + config = mkOption { + description = "Verbatim Caddyfile to use"; + }; + + email = mkOption { + default = ""; + type = types.string; + description = "Email address (for Let's Encrypt certificate)"; + }; + + dataDir = mkOption { + default = "/var/lib/caddy"; + type = types.path; + description = "The data directory, for storing certificates."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.caddy = { + description = "Caddy web server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.caddy}/bin/caddy -conf=${configFile} -email=${cfg.email}"; + Type = "simple"; + User = "caddy"; + Group = "caddy"; + AmbientCapabilities = "cap_net_bind_service"; + }; + }; + + users.extraUsers.caddy = { + group = "caddy"; + uid = config.ids.uids.caddy; + home = cfg.dataDir; + createHome = true; + }; + + users.extraGroups.caddy.gid = config.ids.uids.caddy; + }; +} diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index be7700424bc6..b112fc2422a7 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -166,7 +166,7 @@ in { }; environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules" - "${gnome3.glib_networking}/lib/gio/modules" + "${gnome3.glib_networking.out}/lib/gio/modules" "${gnome3.gvfs}/lib/gio/modules" ]; environment.systemPackages = gnome3.corePackages ++ cfg.sessionPath ++ (removePackagesByName gnome3.optionalPackages config.environment.gnome3.excludePackages); diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 71361bae82dc..4f74d5732af5 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -62,13 +62,13 @@ in ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} - exec ${kde5.plasma-workspace}/bin/startkde + exec startkde ''; }; security.setuidOwners = singleton { program = "kcheckpass"; - source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass"; + source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass"; owner = "root"; group = "root"; setuid = true; @@ -171,12 +171,12 @@ in # Enable GTK applications to load SVG icons environment.variables = mkIf (lib.hasAttr "breeze-icons" kde5) { - GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"; + GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"; }; fonts.fonts = [ (kde5.oxygen-fonts or pkgs.noto-fonts) ]; - programs.ssh.askPassword = "${kde5.ksshaskpass}/bin/ksshaskpass"; + programs.ssh.askPassword = "${kde5.ksshaskpass.out}/bin/ksshaskpass"; # Enable helpful DBus services. services.udisks2.enable = true; diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 7dffdfc2b36c..be634fc259a2 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -45,7 +45,7 @@ let ${optionalString cfg.startDbusSession '' if test -z "$DBUS_SESSION_BUS_ADDRESS"; then - exec ${pkgs.dbus.tools}/bin/dbus-launch --exit-with-session "$0" "$sessionType" + exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "$sessionType" fi ''} @@ -55,11 +55,11 @@ let # Start PulseAudio if enabled. ${optionalString (config.hardware.pulseaudio.enable) '' ${optionalString (!config.hardware.pulseaudio.systemWide) - "${config.hardware.pulseaudio.package}/bin/pulseaudio --start" + "${config.hardware.pulseaudio.package.out}/bin/pulseaudio --start" } # Publish access credentials in the root window. - ${config.hardware.pulseaudio.package}/bin/pactl load-module module-x11-publish "display=$DISPLAY" + ${config.hardware.pulseaudio.package.out}/bin/pactl load-module module-x11-publish "display=$DISPLAY" ''} # Tell systemd about our $DISPLAY. This is needed by the @@ -275,7 +275,7 @@ in }; config = { - services.xserver.displayManager.xserverBin = "${xorg.xorgserver}/bin/X"; + services.xserver.displayManager.xserverBin = "${xorg.xorgserver.out}/bin/X"; }; imports = [ diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index f5b6c20c5a05..543dd628ce66 100644 --- a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -24,9 +24,9 @@ let # This wrapper ensures that we actually get themes makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \ $out/greeter \ - --prefix PATH : "${pkgs.glibc}/bin" \ - --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ - --set GTK_PATH "${theme}:${pkgs.gtk3}" \ + --prefix PATH : "${pkgs.glibc.bin}/bin" \ + --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ + --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \ --set GTK_EXE_PREFIX "${theme}" \ --set GTK_DATA_PREFIX "${theme}" \ --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \ diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 4d61afe0eaeb..7a17a222bcab 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -48,7 +48,7 @@ let [XDisplay] MinimumVT=${toString xcfg.tty} ServerPath=${xserverWrapper} - XephyrPath=${pkgs.xorg.xorgserver}/bin/Xephyr + XephyrPath=${pkgs.xorg.xorgserver.out}/bin/Xephyr SessionCommand=${dmcfg.session.script} SessionDir=${dmcfg.session.desktops} XauthPath=${pkgs.xorg.xauth}/bin/xauth diff --git a/nixos/modules/services/x11/terminal-server.nix b/nixos/modules/services/x11/terminal-server.nix index 4d5dbd604159..09d0ab077515 100644 --- a/nixos/modules/services/x11/terminal-server.nix +++ b/nixos/modules/services/x11/terminal-server.nix @@ -41,7 +41,7 @@ with lib; { description = "Terminal Server"; path = - [ pkgs.xorgserver pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth + [ pkgs.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash ]; diff --git a/nixos/modules/services/x11/window-managers/metacity.nix b/nixos/modules/services/x11/window-managers/metacity.nix index 3e5229be634f..2957ad91be45 100644 --- a/nixos/modules/services/x11/window-managers/metacity.nix +++ b/nixos/modules/services/x11/window-managers/metacity.nix @@ -20,7 +20,7 @@ in services.xserver.windowManager.session = singleton { name = "metacity"; start = '' - env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/ + env LD_LIBRARY_PATH=${xorg.libX11.out}/lib:${xorg.libXext.out}/lib:/usr/lib/ # !!! Hack: load the schemas for Metacity. GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \ --makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */ diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 70df18b40209..dcf9f820f59c 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -456,7 +456,7 @@ in ]); environment.systemPackages = - [ xorg.xorgserver + [ xorg.xorgserver.out xorg.xrandr xorg.xrdb xorg.setxkbmap @@ -466,6 +466,7 @@ in xorg.xsetroot xorg.xinput xorg.xprop + xorg.xauth pkgs.xterm pkgs.xdg_utils ] @@ -493,7 +494,7 @@ in XKB_BINDIR = "${xorg.xkbcomp}/bin"; # Needed for the Xkb extension. XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${xorg.libX11}/lib" "${xorg.libXext}/lib" ] + [ "${xorg.libX11.out}/lib" "${xorg.libXext.out}/lib" ] ++ concatLists (catAttrs "libPath" cfg.drivers)); } // cfg.displayManager.job.environment; @@ -513,8 +514,7 @@ in }; services.xserver.displayManager.xserverArgs = - [ "-ac" - "-terminate" + [ "-terminate" "-config ${configFile}" "-xkbdir" "${cfg.xkbDir}" ] ++ optional (cfg.display != null) ":${toString cfg.display}" @@ -525,7 +525,7 @@ in services.xserver.modules = concatLists (catAttrs "modules" cfg.drivers) ++ - [ xorg.xorgserver + [ xorg.xorgserver.out xorg.xf86inputevdev ]; |