diff options
Diffstat (limited to 'nixos/modules/services')
28 files changed, 907 insertions, 225 deletions
diff --git a/nixos/modules/services/audio/spotifyd.nix b/nixos/modules/services/audio/spotifyd.nix index 1194b6f200d7..04bb523e25b1 100644 --- a/nixos/modules/services/audio/spotifyd.nix +++ b/nixos/modules/services/audio/spotifyd.nix @@ -24,7 +24,7 @@ in type = types.lines; description = lib.mdDoc '' (Deprecated) Configuration for Spotifyd. For syntax and directives, see - <https://github.com/Spotifyd/spotifyd#Configuration>. + <https://docs.spotifyd.rs/config/File.html>. ''; }; @@ -34,7 +34,7 @@ in example = { global.bitrate = 320; }; description = lib.mdDoc '' Configuration for Spotifyd. For syntax and directives, see - <https://github.com/Spotifyd/spotifyd#Configuration>. + <https://docs.spotifyd.rs/config/File.html>. ''; }; }; diff --git a/nixos/modules/services/continuous-integration/hydra/default.nix b/nixos/modules/services/continuous-integration/hydra/default.nix index b1d44e67658b..10e1f0532c84 100644 --- a/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixos/modules/services/continuous-integration/hydra/default.nix @@ -178,6 +178,24 @@ in description = lib.mdDoc "Whether to run the server in debug mode."; }; + maxServers = mkOption { + type = types.int; + default = 25; + description = lib.mdDoc "Maximum number of starman workers to spawn."; + }; + + minSpareServers = mkOption { + type = types.int; + default = 4; + description = lib.mdDoc "Minimum number of spare starman workers to keep."; + }; + + maxSpareServers = mkOption { + type = types.int; + default = 5; + description = lib.mdDoc "Maximum number of spare starman workers to keep."; + }; + extraConfig = mkOption { type = types.lines; description = lib.mdDoc "Extra lines for the Hydra configuration."; @@ -224,6 +242,16 @@ in ###### implementation config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.maxServers != 0 && cfg.maxSpareServers != 0 && cfg.minSpareServers != 0; + message = "services.hydra.{minSpareServers,maxSpareServers,minSpareServers} cannot be 0"; + } + { + assertion = cfg.minSpareServers < cfg.maxSpareServers; + message = "services.hydra.minSpareServers cannot be bigger than servives.hydra.maxSpareServers"; + } + ]; users.groups.hydra = { gid = config.ids.gids.hydra; @@ -258,7 +286,7 @@ in using_frontend_proxy = 1 base_uri = ${cfg.hydraURL} notification_sender = ${cfg.notificationSender} - max_servers = 25 + max_servers = ${toString cfg.maxServers} ${optionalString (cfg.logo != null) '' hydra_logo = ${cfg.logo} ''} @@ -359,8 +387,8 @@ in serviceConfig = { ExecStart = "@${hydra-package}/bin/hydra-server hydra-server -f -h '${cfg.listenHost}' " - + "-p ${toString cfg.port} --max_spare_servers 5 --max_servers 25 " - + "--max_requests 100 ${optionalString cfg.debugServer "-d"}"; + + "-p ${toString cfg.port} --min_spare_servers ${toString cfg.minSpareServers} --max_spare_servers ${toString cfg.maxSpareServers} " + + "--max_servers ${toString cfg.maxServers} --max_requests 100 ${optionalString cfg.debugServer "-d"}"; User = "hydra-www"; PermissionsStartOnly = true; Restart = "always"; diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index 7d141f12b5de..3ff1f00fa9cf 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -277,7 +277,7 @@ self: super: { Here's a recipe on how to override a particular plugin through an overlay: ``` self: super: { - postgresql_15 = super.postgresql_15.override { this = self.postgresql_15; } // { + postgresql_15 = super.postgresql_15// { pkgs = super.postgresql_15.pkgs // { pg_repack = super.postgresql_15.pkgs.pg_repack.overrideAttrs (_: { name = "pg_repack-v20181024"; diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index c4e76c82ba5c..c3f3b98ae5e7 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -14,7 +14,7 @@ let # package = pkgs.postgresql_<major>; # }; # works. - base = if cfg.enableJIT && !cfg.package.jitSupport then cfg.package.withJIT else cfg.package; + base = if cfg.enableJIT then cfg.package.withJIT else cfg.package; in if cfg.extraPlugins == [] then base diff --git a/nixos/modules/services/x11/desktop-managers/plasma6.nix b/nixos/modules/services/desktop-managers/plasma6.nix index a471a48c9002..1cb7a7ea778b 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma6.nix +++ b/nixos/modules/services/desktop-managers/plasma6.nix @@ -5,8 +5,7 @@ utils, ... }: let - xcfg = config.services.xserver; - cfg = xcfg.desktopManager.plasma6; + cfg = config.services.desktopManager.plasma6; inherit (pkgs) kdePackages; inherit (lib) literalExpression mkDefault mkIf mkOption mkPackageOptionMD types; @@ -17,7 +16,7 @@ ''; in { options = { - services.xserver.desktopManager.plasma6 = { + services.desktopManager.plasma6 = { enable = mkOption { type = types.bool; default = false; @@ -44,6 +43,12 @@ in { }; }; + imports = [ + (lib.mkRenamedOptionModule [ "services" "xserver" "desktopManager" "plasma6" "enable" ] [ "services" "desktopManager" "plasma6" "enable" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "desktopManager" "plasma6" "enableQt5Integration" ] [ "services" "desktopManager" "plasma6" "enableQt5Integration" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "desktopManager" "plasma6" "notoPackage" ] [ "services" "desktopManager" "plasma6" "notoPackage" ]) + ]; + config = mkIf cfg.enable { assertions = [ { @@ -161,7 +166,7 @@ in { in requiredPackages ++ utils.removePackagesByName optionalPackages config.environment.plasma6.excludePackages - ++ lib.optionals config.services.xserver.desktopManager.plasma6.enableQt5Integration [ + ++ lib.optionals config.services.desktopManager.plasma6.enableQt5Integration [ breeze.qt5 plasma-integration.qt5 pkgs.plasma5Packages.kwayland-integration @@ -185,7 +190,7 @@ in { "/libexec" # for drkonqi ]; - environment.etc."X11/xkb".source = xcfg.xkb.dir; + environment.etc."X11/xkb".source = config.services.xserver.xkb.dir; # Add ~/.config/kdedefaults to XDG_CONFIG_DIRS for shells, since Plasma sets that. # FIXME: maybe we should append to XDG_CONFIG_DIRS in /etc/set-environment instead? @@ -210,7 +215,7 @@ in { serif = ["Noto Serif"]; }; - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; + programs.gnupg.agent.pinentryPackage = mkDefault pkgs.pinentry-qt; programs.ssh.askPassword = mkDefault "${kdePackages.ksshaskpass.out}/bin/ksshaskpass"; # Enable helpful DBus services. diff --git a/nixos/modules/services/desktops/pipewire/wireplumber.nix b/nixos/modules/services/desktops/pipewire/wireplumber.nix index 009d68bd4f28..5967ac36fa85 100644 --- a/nixos/modules/services/desktops/pipewire/wireplumber.nix +++ b/nixos/modules/services/desktops/pipewire/wireplumber.nix @@ -56,24 +56,28 @@ in config = let - pwNotForAudioConfigPkg = pkgs.writeTextDir "share/wireplumber/main.lua.d/80-pw-not-for-audio.lua" '' - -- PipeWire is not used for audio, so prevent it from grabbing audio devices - alsa_monitor.enable = function() end - ''; - systemwideConfigPkg = pkgs.writeTextDir "share/wireplumber/main.lua.d/80-systemwide.lua" '' - -- When running system-wide, these settings need to be disabled (they - -- use functions that aren't available on the system dbus). - alsa_monitor.properties["alsa.reserve"] = false - default_access.properties["enable-flatpak-portal"] = false + pwNotForAudioConfigPkg = pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/90-nixos-no-audio.conf" '' + # PipeWire is not used for audio, so WirePlumber should not be handling it + wireplumber.profiles = { + main = { + hardware.audio = disabled + hardware.bluetooth = disabled + } + } ''; - systemwideBluetoothConfigPkg = pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/80-systemwide.lua" '' - -- When running system-wide, logind-integration needs to be disabled. - bluez_monitor.properties["with-logind"] = false + + systemwideConfigPkg = pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/90-nixos-systemwide.conf" '' + # When running system-wide, we don't have logind to call ReserveDevice + wireplumber.profiles = { + main = { + support.reserve-device = disabled + } + } ''; configPackages = cfg.configPackages ++ lib.optional (!pwUsedForAudio) pwNotForAudioConfigPkg - ++ lib.optionals config.services.pipewire.systemWide [ systemwideConfigPkg systemwideBluetoothConfigPkg ]; + ++ lib.optional config.services.pipewire.systemWide systemwideConfigPkg; configs = pkgs.buildEnv { name = "wireplumber-configs"; diff --git a/nixos/modules/services/development/hoogle.nix b/nixos/modules/services/development/hoogle.nix index 88dd01fd8aab..c90bb7f01902 100644 --- a/nixos/modules/services/development/hoogle.nix +++ b/nixos/modules/services/development/hoogle.nix @@ -56,6 +56,16 @@ in { description = lib.mdDoc "Set the host to bind on."; default = "127.0.0.1"; }; + + extraOptions = mkOption { + type = types.listOf types.str; + default = []; + example = [ "--no-security-headers" ]; + description = lib.mdDoc '' + Additional command-line arguments to pass to + {command}`hoogle server` + ''; + }; }; config = mkIf cfg.enable { @@ -66,7 +76,10 @@ in { serviceConfig = { Restart = "always"; - ExecStart = ''${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home} --host ${cfg.host}''; + ExecStart = '' + ${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home} --host ${cfg.host} \ + ${concatStringsSep " " cfg.extraOptions} + ''; DynamicUser = true; diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index e3f9c7742cc7..7291c0fcbcdd 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -1232,7 +1232,8 @@ in { ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; - ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ]; + ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ] ++ + (map (listener: dirOf listener.path) (filter (listener: listener.path != null) cfg.settings.listeners)); RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix index f5a5e8a780d4..546d52b1a3b5 100644 --- a/nixos/modules/services/misc/etebase-server.nix +++ b/nixos/modules/services/misc/etebase-server.nix @@ -177,6 +177,7 @@ in systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + "d '${builtins.dirOf cfg.unixSocket}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" ]; systemd.services.etebase-server = { diff --git a/nixos/modules/services/misc/llama-cpp.nix b/nixos/modules/services/misc/llama-cpp.nix index 4d76456fb2fd..305d4538e89a 100644 --- a/nixos/modules/services/misc/llama-cpp.nix +++ b/nixos/modules/services/misc/llama-cpp.nix @@ -56,7 +56,7 @@ in { serviceConfig = { Type = "idle"; KillSignal = "SIGINT"; - ExecStart = "${cfg.package}/bin/llama-cpp-server --log-disable --host ${cfg.host} --port ${builtins.toString cfg.port} -m ${cfg.model} ${utils.escapeSystemdExecArgs cfg.extraFlags}"; + ExecStart = "${cfg.package}/bin/llama-server --log-disable --host ${cfg.host} --port ${builtins.toString cfg.port} -m ${cfg.model} ${utils.escapeSystemdExecArgs cfg.extraFlags}"; Restart = "on-failure"; RestartSec = 300; diff --git a/nixos/modules/services/misc/ollama.nix b/nixos/modules/services/misc/ollama.nix index 3ac3beb4de07..7a5661510e25 100644 --- a/nixos/modules/services/misc/ollama.nix +++ b/nixos/modules/services/misc/ollama.nix @@ -13,48 +13,60 @@ in { options = { services.ollama = { - enable = lib.mkEnableOption ( - lib.mdDoc "Server for local large language models" - ); + enable = lib.mkEnableOption "ollama server for local large language models"; + package = lib.mkPackageOption pkgs "ollama" { }; listenAddress = lib.mkOption { type = types.str; default = "127.0.0.1:11434"; - description = lib.mdDoc '' - Specifies the bind address on which the ollama server HTTP interface listens. + example = "0.0.0.0:11111"; + description = '' + The address which the ollama server HTTP interface binds and listens to. ''; }; acceleration = lib.mkOption { type = types.nullOr (types.enum [ "rocm" "cuda" ]); default = null; example = "rocm"; - description = lib.mdDoc '' - Specifies the interface to use for hardware acceleration. + description = '' + What interface to use for hardware acceleration. - `rocm`: supported by modern AMD GPUs - `cuda`: supported by modern NVIDIA GPUs ''; }; - package = lib.mkPackageOption pkgs "ollama" { }; + environmentVariables = lib.mkOption { + type = types.attrsOf types.str; + default = { }; + example = { + HOME = "/tmp"; + OLLAMA_LLM_LIBRARY = "cpu"; + }; + description = '' + Set arbitrary environment variables for the ollama service. + + Be aware that these are only seen by the ollama server (systemd service), + not normal invocations like `ollama run`. + Since `ollama run` is mostly a shell around the ollama server, this is usually sufficient. + ''; + }; }; }; config = lib.mkIf cfg.enable { - systemd = { - services.ollama = { - wantedBy = [ "multi-user.target" ]; - description = "Server for local large language models"; - after = [ "network.target" ]; - environment = { - HOME = "%S/ollama"; - OLLAMA_MODELS = "%S/ollama/models"; - OLLAMA_HOST = cfg.listenAddress; - }; - serviceConfig = { - ExecStart = "${lib.getExe ollamaPackage} serve"; - WorkingDirectory = "/var/lib/ollama"; - StateDirectory = [ "ollama" ]; - DynamicUser = true; - }; + systemd.services.ollama = { + description = "Server for local large language models"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = cfg.environmentVariables // { + HOME = "%S/ollama"; + OLLAMA_MODELS = "%S/ollama/models"; + OLLAMA_HOST = cfg.listenAddress; + }; + serviceConfig = { + ExecStart = "${lib.getExe ollamaPackage} serve"; + WorkingDirectory = "%S/ollama"; + StateDirectory = [ "ollama" ]; + DynamicUser = true; }; }; diff --git a/nixos/modules/services/monitoring/scrutiny.nix b/nixos/modules/services/monitoring/scrutiny.nix index aef924ef840c..fbe8ab25299e 100644 --- a/nixos/modules/services/monitoring/scrutiny.nix +++ b/nixos/modules/services/monitoring/scrutiny.nix @@ -2,7 +2,7 @@ let inherit (lib) maintainers; inherit (lib.meta) getExe; - inherit (lib.modules) mkIf; + inherit (lib.modules) mkIf mkMerge; inherit (lib.options) literalExpression mkEnableOption mkOption mkPackageOption; inherit (lib.types) bool enum nullOr port str submodule; @@ -156,42 +156,44 @@ in }; }; - config = mkIf (cfg.enable || cfg.collector.enable) { - services.influxdb2.enable = cfg.influxdb.enable; + config = mkMerge [ + (mkIf cfg.enable { + services.influxdb2.enable = cfg.influxdb.enable; - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.settings.web.listen.port ]; - }; - - services.smartd = mkIf cfg.collector.enable { - enable = true; - extraOptions = [ - "-A /var/log/smartd/" - "--interval=600" - ]; - }; + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.settings.web.listen.port ]; + }; - systemd = { - services = { - scrutiny = mkIf cfg.enable { - description = "Hard Drive S.M.A.R.T Monitoring, Historical Trends & Real World Failure Thresholds"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - environment = { - SCRUTINY_VERSION = "1"; - SCRUTINY_WEB_DATABASE_LOCATION = "/var/lib/scrutiny/scrutiny.db"; - SCRUTINY_WEB_SRC_FRONTEND_PATH = "${cfg.package}/share/scrutiny"; - }; - serviceConfig = { - DynamicUser = true; - ExecStart = "${getExe cfg.package} start --config ${settingsFormat.generate "scrutiny.yaml" cfg.settings}"; - Restart = "always"; - StateDirectory = "scrutiny"; - StateDirectoryMode = "0750"; - }; + systemd.services.scrutiny = { + description = "Hard Drive S.M.A.R.T Monitoring, Historical Trends & Real World Failure Thresholds"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ] ++ lib.optional cfg.influxdb.enable "influxdb2.service"; + wants = lib.optional cfg.influxdb.enable "influxdb2.service"; + environment = { + SCRUTINY_VERSION = "1"; + SCRUTINY_WEB_DATABASE_LOCATION = "/var/lib/scrutiny/scrutiny.db"; + SCRUTINY_WEB_SRC_FRONTEND_PATH = "${cfg.package}/share/scrutiny"; }; + serviceConfig = { + DynamicUser = true; + ExecStart = "${getExe cfg.package} start --config ${settingsFormat.generate "scrutiny.yaml" cfg.settings}"; + Restart = "always"; + StateDirectory = "scrutiny"; + StateDirectoryMode = "0750"; + }; + }; + }) + (mkIf cfg.collector.enable { + services.smartd = { + enable = true; + extraOptions = [ + "-A /var/log/smartd/" + "--interval=600" + ]; + }; - scrutiny-collector = mkIf cfg.collector.enable { + systemd = { + services.scrutiny-collector = { description = "Scrutiny Collector Service"; environment = { COLLECTOR_VERSION = "1"; @@ -201,20 +203,13 @@ in Type = "oneshot"; ExecStart = "${getExe cfg.collector.package} run --config ${settingsFormat.generate "scrutiny-collector.yaml" cfg.collector.settings}"; }; + startAt = cfg.collector.schedule; }; - }; - timers = mkIf cfg.collector.enable { - scrutiny-collector = { - timerConfig = { - OnCalendar = cfg.collector.schedule; - Persistent = true; - Unit = "scrutiny-collector.service"; - }; - }; + timers.scrutiny-collector.timerConfig.Persistent = true; }; - }; - }; + }) + ]; meta.maintainers = [ maintainers.jnsgruk ]; } diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix index 5805f332a66f..1fb5063e5ad8 100644 --- a/nixos/modules/services/networking/murmur.nix +++ b/nixos/modules/services/networking/murmur.nix @@ -33,7 +33,7 @@ let sendversion=${boolToString cfg.sendVersion} ${optionalString (cfg.registerName != "") "registerName=${cfg.registerName}"} - ${optionalString (cfg.registerPassword == "") "registerPassword=${cfg.registerPassword}"} + ${optionalString (cfg.registerPassword != "") "registerPassword=${cfg.registerPassword}"} ${optionalString (cfg.registerUrl != "") "registerUrl=${cfg.registerUrl}"} ${optionalString (cfg.registerHostname != "") "registerHostname=${cfg.registerHostname}"} diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index dcde505b7f2a..b7f0d9373608 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -291,7 +291,7 @@ in }; dns = mkOption { - type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ]; + type = types.enum [ "default" "dnsmasq" "systemd-resolved" "none" ]; default = "default"; description = lib.mdDoc '' Set the DNS (`resolv.conf`) processing mode. @@ -584,6 +584,7 @@ in description = "Ensure that NetworkManager declarative profiles are created"; wantedBy = [ "multi-user.target" ]; before = [ "network-online.target" ]; + after = [ "NetworkManager.service" ]; script = let path = id: "/run/NetworkManager/system-connections/${id}.nmconnection"; in '' @@ -593,9 +594,7 @@ in ${pkgs.envsubst}/bin/envsubst -i ${ini.generate (lib.escapeShellArg profile.n) profile.v} > ${path (lib.escapeShellArg profile.n)} '') (lib.mapAttrsToList (n: v: { inherit n v; }) cfg.ensureProfiles.profiles) + '' - if systemctl is-active --quiet NetworkManager; then - ${pkgs.networkmanager}/bin/nmcli connection reload - fi + ${pkgs.networkmanager}/bin/nmcli connection reload ''; serviceConfig = { EnvironmentFile = cfg.ensureProfiles.environmentFiles; diff --git a/nixos/modules/services/networking/tinyproxy.nix b/nixos/modules/services/networking/tinyproxy.nix index 8ff12b52f10c..2b7509e99ca4 100644 --- a/nixos/modules/services/networking/tinyproxy.nix +++ b/nixos/modules/services/networking/tinyproxy.nix @@ -7,6 +7,7 @@ let mkValueStringTinyproxy = with lib; v: if true == v then "yes" else if false == v then "no" + else if types.path.check v then ''"${v}"'' else generators.mkValueStringDefault {} v; mkKeyValueTinyproxy = { mkValueString ? mkValueStringDefault {} diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 17c6789827b9..242fcd500bb0 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -230,8 +230,6 @@ in { resolvconf = { useLocalResolver = mkDefault true; }; - - networkmanager.dns = "unbound"; }; environment.etc."unbound/unbound.conf".source = confFile; diff --git a/nixos/modules/services/web-apps/engelsystem.nix b/nixos/modules/services/web-apps/engelsystem.nix index 669620debce5..ae7b2b9e7d0c 100644 --- a/nixos/modules/services/web-apps/engelsystem.nix +++ b/nixos/modules/services/web-apps/engelsystem.nix @@ -99,7 +99,6 @@ in { ''; services.phpfpm.pools.engelsystem = { - phpPackage = pkgs.php81; user = "engelsystem"; settings = { "listen.owner" = config.services.nginx.user; diff --git a/nixos/modules/services/web-apps/gotosocial.nix b/nixos/modules/services/web-apps/gotosocial.nix index 45464f646da8..657509c11005 100644 --- a/nixos/modules/services/web-apps/gotosocial.nix +++ b/nixos/modules/services/web-apps/gotosocial.nix @@ -27,7 +27,7 @@ let in { meta.doc = ./gotosocial.md; - meta.maintainers = with lib.maintainers; [ misuzu ]; + meta.maintainers = with lib.maintainers; [ misuzu blakesmith ]; options.services.gotosocial = { enable = lib.mkEnableOption (lib.mdDoc "ActivityPub social network server"); diff --git a/nixos/modules/services/web-apps/komga.nix b/nixos/modules/services/web-apps/komga.nix index 31f475fc7b04..d7ab2a9e612e 100644 --- a/nixos/modules/services/web-apps/komga.nix +++ b/nixos/modules/services/web-apps/komga.nix @@ -1,99 +1,122 @@ -{ config, pkgs, lib, ... }: - -with lib; +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.komga; - -in { + inherit (lib) mkOption mkEnableOption maintainers; + inherit (lib.types) port str bool; +in +{ options = { services.komga = { - enable = mkEnableOption (lib.mdDoc "Komga, a free and open source comics/mangas media server"); + enable = mkEnableOption "Komga, a free and open source comics/mangas media server"; port = mkOption { - type = types.port; + type = port; default = 8080; - description = lib.mdDoc '' - The port that Komga will listen on. - ''; + description = "The port that Komga will listen on."; }; user = mkOption { - type = types.str; + type = str; default = "komga"; - description = lib.mdDoc '' - User account under which Komga runs. - ''; + description = "User account under which Komga runs."; }; group = mkOption { - type = types.str; + type = str; default = "komga"; - description = lib.mdDoc '' - Group under which Komga runs. - ''; + description = "Group under which Komga runs."; }; stateDir = mkOption { - type = types.str; + type = str; default = "/var/lib/komga"; - description = lib.mdDoc '' - State and configuration directory Komga will use. - ''; + description = "State and configuration directory Komga will use."; }; openFirewall = mkOption { - type = types.bool; + type = bool; default = false; - description = lib.mdDoc '' - Whether to open the firewall for the port in {option}`services.komga.port`. - ''; + description = "Whether to open the firewall for the port in {option}`services.komga.port`."; }; }; }; - config = mkIf cfg.enable { - - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + config = + let + inherit (lib) mkIf getExe; + in + mkIf cfg.enable { - users.groups = mkIf (cfg.group == "komga") { - komga = {}; - }; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; - users.users = mkIf (cfg.user == "komga") { - komga = { - group = cfg.group; - home = cfg.stateDir; - description = "Komga Daemon user"; - isSystemUser = true; - }; - }; + users.groups = mkIf (cfg.group == "komga") { komga = { }; }; - systemd.services.komga = { - environment = { - SERVER_PORT = builtins.toString cfg.port; - KOMGA_CONFIGDIR = cfg.stateDir; + users.users = mkIf (cfg.user == "komga") { + komga = { + group = cfg.group; + home = cfg.stateDir; + description = "Komga Daemon user"; + isSystemUser = true; + }; }; - description = "Komga is a free and open source comics/mangas media server"; - - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - serviceConfig = { - User = cfg.user; - Group = cfg.group; - - Type = "simple"; - Restart = "on-failure"; - ExecStart = "${pkgs.komga}/bin/komga"; - - StateDirectory = mkIf (cfg.stateDir == "/var/lib/komga") "komga"; + systemd.services.komga = { + environment = { + SERVER_PORT = builtins.toString cfg.port; + KOMGA_CONFIGDIR = cfg.stateDir; + }; + + description = "Komga is a free and open source comics/mangas media server"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + + Type = "simple"; + Restart = "on-failure"; + ExecStart = getExe pkgs.komga; + + StateDirectory = mkIf (cfg.stateDir == "/var/lib/komga") "komga"; + + RemoveIPC = true; + NoNewPrivileges = true; + CapabilityBoundingSet = ""; + SystemCallFilter = [ "@system-service" ]; + ProtectSystem = "full"; + PrivateTmp = true; + ProtectProc = "invisible"; + ProtectClock = true; + ProcSubset = "pid"; + PrivateUsers = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectKernelTunables = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + LockPersonality = true; + RestrictNamespaces = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + SystemCallArchitectures = "native"; + RestrictSUIDSGID = true; + RestrictRealtime = true; + }; }; - }; - }; meta.maintainers = with maintainers; [ govanify ]; } diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 5cda4a00a9de..7f998207c434 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -14,7 +14,6 @@ let expose_php = "Off"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; display_errors = "stderr"; - "opcache.enable_cli" = "1"; "opcache.interned_strings_buffer" = "8"; "opcache.max_accelerated_files" = "10000"; "opcache.memory_consumption" = "128"; diff --git a/nixos/modules/services/web-apps/pretix.nix b/nixos/modules/services/web-apps/pretix.nix new file mode 100644 index 000000000000..500b2eb5416b --- /dev/null +++ b/nixos/modules/services/web-apps/pretix.nix @@ -0,0 +1,580 @@ +{ config +, lib +, pkgs +, utils +, ... +}: + +let + inherit (lib) + concatMapStringsSep + escapeShellArgs + filter + filterAttrs + getExe + getExe' + isAttrs + isList + literalExpression + mapAttrs + mkDefault + mkEnableOption + mkIf + mkOption + mkPackageOption + optionals + optionalString + recursiveUpdate + types + ; + + filterRecursiveNull = o: + if isAttrs o then + mapAttrs (_: v: filterRecursiveNull v) (filterAttrs (_: v: v != null) o) + else if isList o then + map filterRecursiveNull (filter (v: v != null) o) + else + o; + + cfg = config.services.pretix; + format = pkgs.formats.ini { }; + + configFile = format.generate "pretix.cfg" (filterRecursiveNull cfg.settings); + + finalPackage = cfg.package.override { + inherit (cfg) plugins; + }; + + pythonEnv = cfg.package.python.buildEnv.override { + extraLibs = with cfg.package.python.pkgs; [ + (toPythonModule finalPackage) + gunicorn + ] + ++ lib.optionals (cfg.settings.memcached.location != null) + cfg.package.optional-dependencies.memcached + ; + }; + + withRedis = cfg.settings.redis.location != null; +in +{ + meta = with lib; { + maintainers = with maintainers; [ hexa ]; + }; + + options.services.pretix = { + enable = mkEnableOption "pretix"; + + package = mkPackageOption pkgs "pretix" { }; + + group = mkOption { + type = types.str; + default = "pretix"; + description = '' + Group under which pretix should run. + ''; + }; + + user = mkOption { + type = types.str; + default = "pretix"; + description = '' + User under which pretix should run. + ''; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/pretix-secrets.env"; + description = '' + Environment file to pass secret configuration values. + + Each line must follow the `PRETIX_SECTION_KEY=value` pattern. + ''; + }; + + plugins = mkOption { + type = types.listOf types.package; + default = []; + example = literalExpression '' + with config.services.pretix.package.plugins; [ + passbook + pages + ]; + ''; + description = '' + Pretix plugins to install into the Python environment. + ''; + }; + + gunicorn.extraArgs = mkOption { + type = with types; listOf str; + default = [ + "--name=pretix" + ]; + example = [ + "--name=pretix" + "--workers=4" + "--max-requests=1200" + "--max-requests-jitter=50" + "--log-level=info" + ]; + description = '' + Extra arguments to pass to gunicorn. + See <https://docs.pretix.eu/en/latest/admin/installation/manual_smallscale.html#start-pretix-as-a-service> for details. + ''; + apply = escapeShellArgs; + }; + + celery = { + extraArgs = mkOption { + type = with types; listOf str; + default = [ ]; + description = '' + Extra arguments to pass to celery. + + See <https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker> for more info. + ''; + apply = utils.escapeSystemdExecArgs; + }; + }; + + nginx = { + enable = mkOption { + type = types.bool; + default = true; + example = false; + description = '' + Whether to set up an nginx virtual host. + ''; + }; + + domain = mkOption { + type = types.str; + example = "talks.example.com"; + description = '' + The domain name under which to set up the virtual host. + ''; + }; + }; + + database.createLocally = mkOption { + type = types.bool; + default = true; + example = false; + description = '' + Whether to automatically set up the database on the local DBMS instance. + + Only supported for PostgreSQL. Not required for sqlite. + ''; + }; + + settings = mkOption { + type = types.submodule { + freeformType = format.type; + options = { + pretix = { + instance_name = mkOption { + type = types.str; + example = "tickets.example.com"; + description = '' + The name of this installation. + ''; + }; + + url = mkOption { + type = types.str; + example = "https://tickets.example.com"; + description = '' + The installation’s full URL, without a trailing slash. + ''; + }; + + cachedir = mkOption { + type = types.path; + default = "/var/cache/pretix"; + description = '' + Directory for storing temporary files. + ''; + }; + + datadir = mkOption { + type = types.path; + default = "/var/lib/pretix"; + description = '' + Directory for storing user uploads and similar data. + ''; + }; + + logdir = mkOption { + type = types.path; + default = "/var/log/pretix"; + description = '' + Directory for storing log files. + ''; + }; + + currency = mkOption { + type = types.str; + default = "EUR"; + example = "USD"; + description = '' + Default currency for events in its ISO 4217 three-letter code. + ''; + }; + + registration = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether to allow registration of new admin users. + ''; + }; + }; + + database = { + backend = mkOption { + type = types.enum [ + "sqlite3" + "postgresql" + ]; + default = "postgresql"; + description = '' + Database backend to use. + + Only postgresql is recommended for production setups. + ''; + }; + + host = mkOption { + type = with types; nullOr types.path; + default = if cfg.settings.database.backend == "postgresql" then "/run/postgresql" else null; + defaultText = literalExpression '' + if config.services.pretix.settings..database.backend == "postgresql" then "/run/postgresql" + else null + ''; + description = '' + Database host or socket path. + ''; + }; + + name = mkOption { + type = types.str; + default = "pretix"; + description = '' + Database name. + ''; + }; + + user = mkOption { + type = types.str; + default = "pretix"; + description = '' + Database username. + ''; + }; + }; + + mail = { + from = mkOption { + type = types.str; + example = "tickets@example.com"; + description = '' + E-Mail address used in the `FROM` header of outgoing mails. + ''; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + example = "mail.example.com"; + description = '' + Hostname of the SMTP server use for mail delivery. + ''; + }; + + port = mkOption { + type = types.port; + default = 25; + example = 587; + description = '' + Port of the SMTP server to use for mail delivery. + ''; + }; + }; + + celery = { + backend = mkOption { + type = types.str; + default = "redis+socket://${config.services.redis.servers.pretix.unixSocket}?virtual_host=1"; + defaultText = literalExpression '' + optionalString config.services.pretix.celery.enable "redis+socket://''${config.services.redis.servers.pretix.unixSocket}?virtual_host=1" + ''; + description = '' + URI to the celery backend used for the asynchronous job queue. + ''; + }; + + broker = mkOption { + type = types.str; + default = "redis+socket://${config.services.redis.servers.pretix.unixSocket}?virtual_host=2"; + defaultText = literalExpression '' + optionalString config.services.pretix.celery.enable "redis+socket://''${config.services.redis.servers.pretix.unixSocket}?virtual_host=2" + ''; + description = '' + URI to the celery broker used for the asynchronous job queue. + ''; + }; + }; + + redis = { + location = mkOption { + type = with types; nullOr str; + default = "unix://${config.services.redis.servers.pretix.unixSocket}?db=0"; + defaultText = literalExpression '' + "unix://''${config.services.redis.servers.pretix.unixSocket}?db=0" + ''; + description = '' + URI to the redis server, used to speed up locking, caching and session storage. + ''; + }; + + sessions = mkOption { + type = types.bool; + default = true; + example = false; + description = '' + Whether to use redis as the session storage. + ''; + }; + }; + + memcached = { + location = mkOption { + type = with types; nullOr str; + default = null; + example = "127.0.0.1:11211"; + description = '' + The `host:port` combination or the path to the UNIX socket of a memcached instance. + + Can be used instead of Redis for caching. + ''; + }; + }; + + tools = { + pdftk = mkOption { + type = types.path; + default = getExe pkgs.pdftk; + defaultText = literalExpression '' + lib.getExe pkgs.pdftk + ''; + description = '' + Path to the pdftk executable. + ''; + }; + }; + }; + }; + default = { }; + description = '' + pretix configuration as a Nix attribute set. All settings can also be passed + from the environment. + + See <https://docs.pretix.eu/en/latest/admin/config.html> for possible options. + ''; + }; + }; + + config = mkIf cfg.enable { + # https://docs.pretix.eu/en/latest/admin/installation/index.html + + environment.systemPackages = [ + (pkgs.writeScriptBin "pretix-manage" '' + cd ${cfg.settings.pretix.datadir} + sudo=exec + if [[ "$USER" != ${cfg.user} ]]; then + sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} ${optionalString withRedis "-g redis-pretix"} --preserve-env=PRETIX_CONFIG_FILE' + fi + export PRETIX_CONFIG_FILE=${configFile} + $sudo ${getExe' pythonEnv "pretix-manage"} "$@" + '') + ]; + + services = { + nginx = mkIf cfg.nginx.enable { + enable = true; + recommendedGzipSettings = mkDefault true; + recommendedOptimisation = mkDefault true; + recommendedProxySettings = mkDefault true; + recommendedTlsSettings = mkDefault true; + upstreams.pretix.servers."unix:/run/pretix/pretix.sock" = { }; + virtualHosts.${cfg.nginx.domain} = { + # https://docs.pretix.eu/en/latest/admin/installation/manual_smallscale.html#ssl + extraConfig = '' + more_set_headers Referrer-Policy same-origin; + more_set_headers X-Content-Type-Options nosniff; + ''; + locations = { + "/".proxyPass = "http://pretix"; + "/media/" = { + alias = "${cfg.settings.pretix.datadir}/media/"; + extraConfig = '' + access_log off; + expires 7d; + ''; + }; + "^~ /media/(cachedfiles|invoices)" = { + extraConfig = '' + deny all; + return 404; + ''; + }; + "/static/" = { + alias = "${finalPackage}/${cfg.package.python.sitePackages}/pretix/static.dist/"; + extraConfig = '' + access_log off; + more_set_headers Cache-Control "public"; + expires 365d; + ''; + }; + }; + }; + }; + + postgresql = mkIf (cfg.database.createLocally && cfg.settings.database.backend == "postgresql") { + enable = true; + ensureUsers = [ { + name = cfg.settings.database.user; + ensureDBOwnership = true; + } ]; + ensureDatabases = [ cfg.settings.database.name ]; + }; + + redis.servers.pretix.enable = withRedis; + }; + + systemd.services = let + commonUnitConfig = { + environment.PRETIX_CONFIG_FILE = configFile; + serviceConfig = { + User = "pretix"; + Group = "pretix"; + EnvironmentFile = optionals (cfg.environmentFile != null) [ + cfg.environmentFile + ]; + StateDirectory = [ + "pretix" + ]; + StateDirectoryMode = "0755"; + CacheDirectory = "pretix"; + LogsDirectory = "pretix"; + WorkingDirectory = cfg.settings.pretix.datadir; + SupplementaryGroups = optionals withRedis [ + "redis-pretix" + ]; + AmbientCapabilities = ""; + CapabilityBoundingSet = [ "" ]; + DevicePolicy = "closed"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + ProcSubset = "pid"; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "@chown" + ]; + UMask = "0022"; + }; + }; + in { + pretix-web = recursiveUpdate commonUnitConfig { + description = "pretix web service"; + after = [ + "network.target" + "redis-pretix.service" + "postgresql.service" + ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + versionFile="${cfg.settings.pretix.datadir}/.version" + version=$(cat "$versionFile" 2>/dev/null || echo 0) + + pluginsFile="${cfg.settings.pretix.datadir}/.plugins" + plugins=$(cat "$pluginsFile" 2>/dev/null || echo "") + configuredPlugins="${concatMapStringsSep "|" (package: package.name) cfg.plugins}" + + if [[ $version != ${cfg.package.version} || $plugins != $configuredPlugins ]]; then + ${getExe' pythonEnv "pretix-manage"} migrate + + echo "${cfg.package.version}" > "$versionFile" + echo "$configuredPlugins" > "$pluginsFile" + fi + ''; + serviceConfig = { + ExecStart = "${getExe' pythonEnv "gunicorn"} --bind unix:/run/pretix/pretix.sock ${cfg.gunicorn.extraArgs} pretix.wsgi"; + RuntimeDirectory = "pretix"; + }; + }; + + pretix-periodic = recursiveUpdate commonUnitConfig { + description = "pretix periodic task runner"; + # every 15 minutes + startAt = [ "*:3,18,33,48" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${getExe' pythonEnv "pretix-manage"} runperiodic"; + }; + }; + + pretix-worker = recursiveUpdate commonUnitConfig { + description = "pretix asynchronous job runner"; + after = [ + "network.target" + "redis-pretix.service" + "postgresql.service" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${getExe' pythonEnv "celery"} -A pretix.celery_app worker ${cfg.celery.extraArgs}"; + }; + }; + + systemd.sockets.pretix-web.socketConfig = { + ListenStream = "/run/pretix/pretix.sock"; + SocketUser = "nginx"; + }; + + users = { + groups."${cfg.group}" = {}; + users."${cfg.user}" = { + isSystemUser = true; + createHome = true; + home = cfg.settings.pretix.datadir; + inherit (cfg) group; + }; + }; + }; +} diff --git a/nixos/modules/services/x11/desktop-managers/budgie.nix b/nixos/modules/services/x11/desktop-managers/budgie.nix index fe39097a22e8..7d8bb1963d78 100644 --- a/nixos/modules/services/x11/desktop-managers/budgie.nix +++ b/nixos/modules/services/x11/desktop-managers/budgie.nix @@ -159,7 +159,7 @@ in { ++ cfg.sessionPath; # Fonts. - fonts.packages = mkDefault [ + fonts.packages = [ pkgs.noto-fonts pkgs.hack-font ]; diff --git a/nixos/modules/services/x11/desktop-managers/deepin.nix b/nixos/modules/services/x11/desktop-managers/deepin.nix index e6f221201013..902e3a9317dd 100644 --- a/nixos/modules/services/x11/desktop-managers/deepin.nix +++ b/nixos/modules/services/x11/desktop-managers/deepin.nix @@ -66,7 +66,7 @@ in services.upower.enable = mkDefault config.powerManagement.enable; networking.networkmanager.enable = mkDefault true; programs.dconf.enable = mkDefault true; - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; + programs.gnupg.agent.pinentryPackage = mkDefault pkgs.pinentry-qt; fonts.packages = with pkgs; [ noto-fonts ]; xdg.mime.enable = true; diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix index ecb8d1e91bde..33d0a7b52643 100644 --- a/nixos/modules/services/x11/desktop-managers/default.nix +++ b/nixos/modules/services/x11/desktop-managers/default.nix @@ -18,7 +18,7 @@ in # determines the default: later modules (if enabled) are preferred. # E.g., if Plasma 5 is enabled, it supersedes xterm. imports = [ - ./none.nix ./xterm.nix ./phosh.nix ./xfce.nix ./plasma5.nix ./plasma6.nix ./lumina.nix + ./none.nix ./xterm.nix ./phosh.nix ./xfce.nix ./plasma5.nix ../../desktop-managers/plasma6.nix ./lumina.nix ./lxqt.nix ./enlightenment.nix ./gnome.nix ./retroarch.nix ./kodi.nix ./mate.nix ./pantheon.nix ./surf-display.nix ./cde.nix ./cinnamon.nix ./budgie.nix ./deepin.nix diff --git a/nixos/modules/services/x11/desktop-managers/lxqt.nix b/nixos/modules/services/x11/desktop-managers/lxqt.nix index d3bdc4326a90..3d02deba6fc7 100644 --- a/nixos/modules/services/x11/desktop-managers/lxqt.nix +++ b/nixos/modules/services/x11/desktop-managers/lxqt.nix @@ -62,7 +62,7 @@ in # Link some extra directories in /run/current-system/software/share environment.pathsToLink = [ "/share" ]; - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; + programs.gnupg.agent.pinentryPackage = mkDefault pkgs.pinentry-qt; # virtual file systems support for PCManFM-QT services.gvfs.enable = true; diff --git a/nixos/modules/services/x11/desktop-managers/mate.nix b/nixos/modules/services/x11/desktop-managers/mate.nix index f535a1d298b9..957eac7848e7 100644 --- a/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixos/modules/services/x11/desktop-managers/mate.nix @@ -20,6 +20,22 @@ in }; debug = mkEnableOption (lib.mdDoc "mate-session debug messages"); + + extraPanelApplets = mkOption { + default = [ ]; + example = literalExpression "with pkgs.mate; [ mate-applets ]"; + type = types.listOf types.package; + description = lib.mdDoc "Extra applets to add to mate-panel."; + }; + + extraCajaExtensions = mkOption { + default = [ ]; + example = lib.literalExpression "with pkgs.mate; [ caja-extensions ]"; + type = types.listOf types.package; + description = lib.mdDoc "Extra extensions to add to caja."; + }; + + enableWaylandSession = mkEnableOption (lib.mdDoc "MATE Wayland session"); }; environment.mate.excludePackages = mkOption { @@ -31,55 +47,63 @@ in }; - config = mkIf cfg.enable { - - services.xserver.displayManager.sessionPackages = [ - pkgs.mate.mate-session-manager - ]; - - # Let caja find extensions - environment.sessionVariables.CAJA_EXTENSION_DIRS = [ "${config.system.path}/lib/caja/extensions-2.0" ]; - - # Let mate-panel find applets - environment.sessionVariables."MATE_PANEL_APPLETS_DIR" = "${config.system.path}/share/mate-panel/applets"; - environment.sessionVariables."MATE_PANEL_EXTRA_MODULES" = "${config.system.path}/lib/mate-panel/applets"; - - # Debugging - environment.sessionVariables.MATE_SESSION_DEBUG = mkIf cfg.debug "1"; - - environment.systemPackages = utils.removePackagesByName - (pkgs.mate.basePackages ++ - pkgs.mate.extraPackages ++ - [ - pkgs.desktop-file-utils - pkgs.glib - pkgs.gtk3.out - pkgs.shared-mime-info - pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ - pkgs.yelp # for 'Contents' in 'Help' menus - ]) - config.environment.mate.excludePackages; - - programs.dconf.enable = true; - # Shell integration for VTE terminals - programs.bash.vteIntegration = mkDefault true; - programs.zsh.vteIntegration = mkDefault true; - - # Mate uses this for printing - programs.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); - - services.gnome.at-spi2-core.enable = true; - services.gnome.gnome-keyring.enable = true; - services.udev.packages = [ pkgs.mate.mate-settings-daemon ]; - services.gvfs.enable = true; - services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; - - security.pam.services.mate-screensaver.unixAuth = true; - - xdg.portal.configPackages = mkDefault [ pkgs.mate.mate-desktop ]; - - environment.pathsToLink = [ "/share" ]; - }; - + config = mkMerge [ + (mkIf (cfg.enable || cfg.enableWaylandSession) { + services.xserver.displayManager.sessionPackages = [ + pkgs.mate.mate-session-manager + ]; + + # Debugging + environment.sessionVariables.MATE_SESSION_DEBUG = mkIf cfg.debug "1"; + + environment.systemPackages = utils.removePackagesByName + (pkgs.mate.basePackages ++ + pkgs.mate.extraPackages ++ + [ + (pkgs.mate.caja-with-extensions.override { + extensions = cfg.extraCajaExtensions; + }) + (pkgs.mate.mate-panel-with-applets.override { + applets = cfg.extraPanelApplets; + }) + pkgs.desktop-file-utils + pkgs.glib + pkgs.gtk3.out + pkgs.shared-mime-info + pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ + pkgs.yelp # for 'Contents' in 'Help' menus + ]) + config.environment.mate.excludePackages; + + programs.dconf.enable = true; + # Shell integration for VTE terminals + programs.bash.vteIntegration = mkDefault true; + programs.zsh.vteIntegration = mkDefault true; + + # Mate uses this for printing + programs.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); + + services.gnome.at-spi2-core.enable = true; + services.gnome.gnome-keyring.enable = true; + services.udev.packages = [ pkgs.mate.mate-settings-daemon ]; + services.gvfs.enable = true; + services.upower.enable = config.powerManagement.enable; + services.xserver.libinput.enable = mkDefault true; + + security.pam.services.mate-screensaver.unixAuth = true; + + xdg.portal.configPackages = mkDefault [ pkgs.mate.mate-desktop ]; + + environment.pathsToLink = [ "/share" ]; + }) + (mkIf cfg.enableWaylandSession { + programs.wayfire.enable = true; + programs.wayfire.plugins = [ pkgs.wayfirePlugins.firedecor ]; + + environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${pkgs.mate.mate-gsettings-overrides}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; + + environment.systemPackages = [ pkgs.mate.mate-wayland-session ]; + services.xserver.displayManager.sessionPackages = [ pkgs.mate.mate-wayland-session ]; + }) + ]; } diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index c884b4487e24..f516a29fb5db 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -336,7 +336,7 @@ in serif = [ "Noto Serif" ]; }; - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt; + programs.gnupg.agent.pinentryPackage = mkDefault pkgs.pinentry-qt; programs.ssh.askPassword = mkDefault "${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass"; # Enable helpful DBus services. diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index 6bc964f4c6ed..3ba27b201507 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -131,7 +131,7 @@ in xfdesktop ] ++ optional cfg.enableScreensaver xfce4-screensaver) excludePackages; - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2; + programs.gnupg.agent.pinentryPackage = mkDefault pkgs.pinentry-gtk2; programs.xfconf.enable = true; programs.thunar.enable = true; |