diff options
Diffstat (limited to 'nixos/modules/system')
| -rw-r--r-- | nixos/modules/system/boot/loader/grub/grub.nix | 86 | ||||
| -rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 304 | ||||
| -rw-r--r-- | nixos/modules/system/boot/networkd.nix | 21 | ||||
| -rw-r--r-- | nixos/modules/system/boot/systemd.nix | 42 | ||||
| -rw-r--r-- | nixos/modules/system/etc/etc.nix | 6 |
5 files changed, 222 insertions, 237 deletions
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index cae045f78c37..c3be7407d592 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -131,51 +131,51 @@ in to the respective devices corresponding to those partitions. ''; - type = types.listOf types.optionSet; + type = with types; listOf (submodule { + options = { + + path = mkOption { + example = "/boot1"; + type = types.str; + description = '' + The path to the boot directory where GRUB will be written. Generally + this boot path should double as an EFI path. + ''; + }; + + efiSysMountPoint = mkOption { + default = null; + example = "/boot1/efi"; + type = types.nullOr types.str; + description = '' + The path to the efi system mount point. Usually this is the same + partition as the above path and can be left as null. + ''; + }; + + efiBootloaderId = mkOption { + default = null; + example = "NixOS-fsid"; + type = types.nullOr types.str; + description = '' + The id of the bootloader to store in efi nvram. + The default is to name it NixOS and append the path or efiSysMountPoint. + This is only used if <literal>boot.loader.efi.canTouchEfiVariables</literal> is true. + ''; + }; + + devices = mkOption { + default = [ ]; + example = [ "/dev/sda" "/dev/sdb" ]; + type = types.listOf types.str; + description = '' + The path to the devices which will have the GRUB MBR written. + Note these are typically device paths and not paths to partitions. + ''; + }; - options = { - - path = mkOption { - example = "/boot1"; - type = types.str; - description = '' - The path to the boot directory where GRUB will be written. Generally - this boot path should double as an EFI path. - ''; - }; - - efiSysMountPoint = mkOption { - default = null; - example = "/boot1/efi"; - type = types.nullOr types.str; - description = '' - The path to the efi system mount point. Usually this is the same - partition as the above path and can be left as null. - ''; - }; - - efiBootloaderId = mkOption { - default = null; - example = "NixOS-fsid"; - type = types.nullOr types.str; - description = '' - The id of the bootloader to store in efi nvram. - The default is to name it NixOS and append the path or efiSysMountPoint. - This is only used if <literal>boot.loader.efi.canTouchEfiVariables</literal> is true. - ''; }; - - devices = mkOption { - default = [ ]; - example = [ "/dev/sda" "/dev/sdb" ]; - type = types.listOf types.str; - description = '' - The path to the devices which will have the GRUB MBR written. - Note these are typically device paths and not paths to partitions. - ''; - }; - - }; + }); }; configurationName = mkOption { diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index f2755b49f88d..1f412fe2d8f2 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -236,165 +236,165 @@ in <filename>/dev/mapper/<replaceable>name</replaceable></filename>. ''; - type = types.loaOf types.optionSet; - - options = { name, ... }: { options = { - - name = mkOption { - visible = false; - default = name; - example = "luksroot"; - type = types.str; - description = "Name of the unencrypted device in <filename>/dev/mapper</filename>."; - }; - - device = mkOption { - example = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; - type = types.str; - description = "Path of the underlying encrypted block device."; - }; - - header = mkOption { - default = null; - example = "/root/header.img"; - type = types.nullOr types.str; - description = '' - The name of the file or block device that - should be used as header for the encrypted device. - ''; - }; - - keyFile = mkOption { - default = null; - example = "/dev/sdb1"; - type = types.nullOr types.str; - description = '' - The name of the file (can be a raw device or a partition) that - should be used as the decryption key for the encrypted device. If - not specified, you will be prompted for a passphrase instead. - ''; - }; - - keyFileSize = mkOption { - default = null; - example = 4096; - type = types.nullOr types.int; - description = '' - The size of the key file. Use this if only the beginning of the - key file should be used as a key (often the case if a raw device - or partition is used as key file). If not specified, the whole - <literal>keyFile</literal> will be used decryption, instead of just - the first <literal>keyFileSize</literal> bytes. - ''; - }; - - # FIXME: get rid of this option. - preLVM = mkOption { - default = true; - type = types.bool; - description = "Whether the luksOpen will be attempted before LVM scan or after it."; - }; - - allowDiscards = mkOption { - default = false; - type = types.bool; - description = '' - Whether to allow TRIM requests to the underlying device. This option - has security implications; please read the LUKS documentation before - activating it. - ''; - }; - - yubikey = mkOption { - default = null; - type = types.nullOr types.optionSet; - description = '' - The options to use for this LUKS device in Yubikey-PBA. - If null (the default), Yubikey-PBA will be disabled for this device. - ''; + type = with types; loaOf (submodule ( + { name, ... }: { options = { + + name = mkOption { + visible = false; + default = name; + example = "luksroot"; + type = types.str; + description = "Name of the unencrypted device in <filename>/dev/mapper</filename>."; + }; - options = { - twoFactor = mkOption { - default = true; - type = types.bool; - description = "Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false)."; - }; - - slot = mkOption { - default = 2; - type = types.int; - description = "Which slot on the Yubikey to challenge."; - }; - - saltLength = mkOption { - default = 16; - type = types.int; - description = "Length of the new salt in byte (64 is the effective maximum)."; - }; - - keyLength = mkOption { - default = 64; - type = types.int; - description = "Length of the LUKS slot key derived with PBKDF2 in byte."; - }; - - iterationStep = mkOption { - default = 0; - type = types.int; - description = "How much the iteration count for PBKDF2 is increased at each successful authentication."; - }; - - gracePeriod = mkOption { - default = 2; - type = types.int; - description = "Time in seconds to wait before attempting to find the Yubikey."; - }; - - ramfsMountPoint = mkOption { - default = "/crypt-ramfs"; - type = types.str; - description = "Path where the ramfs used to update the LUKS key will be mounted during early boot."; - }; - - /* TODO: Add to the documentation of the current module: - - Options related to the storing the salt. - */ - storage = { - device = mkOption { - default = "/dev/sda1"; - type = types.path; - description = '' - An unencrypted device that will temporarily be mounted in stage-1. - Must contain the current salt to create the challenge for this LUKS device. - ''; - }; + device = mkOption { + example = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; + type = types.str; + description = "Path of the underlying encrypted block device."; + }; - fsType = mkOption { - default = "vfat"; - type = types.str; - description = "The filesystem of the unencrypted device."; - }; + header = mkOption { + default = null; + example = "/root/header.img"; + type = types.nullOr types.str; + description = '' + The name of the file or block device that + should be used as header for the encrypted device. + ''; + }; - mountPoint = mkOption { - default = "/crypt-storage"; - type = types.str; - description = "Path where the unencrypted device will be mounted during early boot."; - }; + keyFile = mkOption { + default = null; + example = "/dev/sdb1"; + type = types.nullOr types.str; + description = '' + The name of the file (can be a raw device or a partition) that + should be used as the decryption key for the encrypted device. If + not specified, you will be prompted for a passphrase instead. + ''; + }; + + keyFileSize = mkOption { + default = null; + example = 4096; + type = types.nullOr types.int; + description = '' + The size of the key file. Use this if only the beginning of the + key file should be used as a key (often the case if a raw device + or partition is used as key file). If not specified, the whole + <literal>keyFile</literal> will be used decryption, instead of just + the first <literal>keyFileSize</literal> bytes. + ''; + }; + + # FIXME: get rid of this option. + preLVM = mkOption { + default = true; + type = types.bool; + description = "Whether the luksOpen will be attempted before LVM scan or after it."; + }; + + allowDiscards = mkOption { + default = false; + type = types.bool; + description = '' + Whether to allow TRIM requests to the underlying device. This option + has security implications; please read the LUKS documentation before + activating it. + ''; + }; - path = mkOption { - default = "/crypt-storage/default"; - type = types.str; - description = '' - Absolute path of the salt on the unencrypted device with - that device's root directory as "/". - ''; + yubikey = mkOption { + default = null; + description = '' + The options to use for this LUKS device in Yubikey-PBA. + If null (the default), Yubikey-PBA will be disabled for this device. + ''; + + type = with types; nullOr (submodule { + options = { + twoFactor = mkOption { + default = true; + type = types.bool; + description = "Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false)."; + }; + + slot = mkOption { + default = 2; + type = types.int; + description = "Which slot on the Yubikey to challenge."; + }; + + saltLength = mkOption { + default = 16; + type = types.int; + description = "Length of the new salt in byte (64 is the effective maximum)."; + }; + + keyLength = mkOption { + default = 64; + type = types.int; + description = "Length of the LUKS slot key derived with PBKDF2 in byte."; + }; + + iterationStep = mkOption { + default = 0; + type = types.int; + description = "How much the iteration count for PBKDF2 is increased at each successful authentication."; + }; + + gracePeriod = mkOption { + default = 2; + type = types.int; + description = "Time in seconds to wait before attempting to find the Yubikey."; + }; + + ramfsMountPoint = mkOption { + default = "/crypt-ramfs"; + type = types.str; + description = "Path where the ramfs used to update the LUKS key will be mounted during early boot."; + }; + + /* TODO: Add to the documentation of the current module: + + Options related to the storing the salt. + */ + storage = { + device = mkOption { + default = "/dev/sda1"; + type = types.path; + description = '' + An unencrypted device that will temporarily be mounted in stage-1. + Must contain the current salt to create the challenge for this LUKS device. + ''; + }; + + fsType = mkOption { + default = "vfat"; + type = types.str; + description = "The filesystem of the unencrypted device."; + }; + + mountPoint = mkOption { + default = "/crypt-storage"; + type = types.str; + description = "Path where the unencrypted device will be mounted during early boot."; + }; + + path = mkOption { + default = "/crypt-storage/default"; + type = types.str; + description = '' + Absolute path of the salt on the unencrypted device with + that device's root directory as "/". + ''; + }; + }; }; - }; + }); }; - }; - }; }; + }; })); }; boot.initrd.luks.yubikeySupport = mkOption { diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 38b4b437369d..2cf6a4cca9a4 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -471,8 +471,7 @@ let addresses = mkOption { default = [ ]; - type = types.listOf types.optionSet; - options = [ addressOptions ]; + type = with types; listOf (submodule [ addressOptions ]); description = '' A list of address sections to be added to the unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle> @@ -482,8 +481,7 @@ let routes = mkOption { default = [ ]; - type = types.listOf types.optionSet; - options = [ routeOptions ]; + type = with types; listOf (submodule [ routeOptions ]); description = '' A list of route sections to be added to the unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle> @@ -624,35 +622,32 @@ in systemd.network.links = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ linkOptions ]; + type = with types; attrsOf (submodule [ linkOptions ]); description = "Definition of systemd network links."; }; systemd.network.netdevs = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ netdevOptions ]; + type = with types; attrsOf (submodule [ netdevOptions ]); description = "Definition of systemd network devices."; }; systemd.network.networks = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ networkOptions networkConfig ]; + type = with types; attrsOf (submodule [ networkOptions networkConfig ]); description = "Definition of systemd networks."; }; systemd.network.units = mkOption { description = "Definition of networkd units."; default = {}; - type = types.attrsOf types.optionSet; - options = { name, config, ... }: + type = with types; attrsOf (submodule ( + { name, config, ... }: { options = concreteUnitOptions; config = { unit = mkDefault (makeUnit name config); }; - }; + })); }; }; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 2ac041f14128..4a59d6474808 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -389,13 +389,13 @@ in systemd.units = mkOption { description = "Definition of systemd units."; default = {}; - type = types.attrsOf types.optionSet; - options = { name, config, ... }: + type = with types; attrsOf (submodule ( + { name, config, ... }: { options = concreteUnitOptions; config = { unit = mkDefault (makeUnit name config); }; - }; + })); }; systemd.packages = mkOption { @@ -406,43 +406,37 @@ in systemd.targets = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ targetOptions unitConfig ]; + type = with types; attrsOf (submodule [ { options = targetOptions; } unitConfig] ); description = "Definition of systemd target units."; }; systemd.services = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ serviceOptions unitConfig serviceConfig ]; + type = with types; attrsOf (submodule [ { options = serviceOptions; } unitConfig serviceConfig ]); description = "Definition of systemd service units."; }; systemd.sockets = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ socketOptions unitConfig ]; + type = with types; attrsOf (submodule [ { options = socketOptions; } unitConfig ]); description = "Definition of systemd socket units."; }; systemd.timers = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ timerOptions unitConfig ]; + type = with types; attrsOf (submodule [ { options = timerOptions; } unitConfig ]); description = "Definition of systemd timer units."; }; systemd.paths = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ pathOptions unitConfig ]; + type = with types; attrsOf (submodule [ { options = pathOptions; } unitConfig ]); description = "Definition of systemd path units."; }; systemd.mounts = mkOption { default = []; - type = types.listOf types.optionSet; - options = [ mountOptions unitConfig mountConfig ]; + type = with types; listOf (submodule [ { options = mountOptions; } unitConfig mountConfig ]); description = '' Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from @@ -452,8 +446,7 @@ in systemd.automounts = mkOption { default = []; - type = types.listOf types.optionSet; - options = [ automountOptions unitConfig automountConfig ]; + type = with types; listOf (submodule [ { options = automountOptions; } unitConfig automountConfig ]); description = '' Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from @@ -600,33 +593,30 @@ in systemd.user.units = mkOption { description = "Definition of systemd per-user units."; default = {}; - type = types.attrsOf types.optionSet; - options = { name, config, ... }: + type = with types; attrsOf (submodule ( + { name, config, ... }: { options = concreteUnitOptions; config = { unit = mkDefault (makeUnit name config); }; - }; + })); }; systemd.user.services = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ serviceOptions unitConfig serviceConfig ]; + type = with types; attrsOf (submodule [ { options = serviceOptions; } unitConfig serviceConfig ] ); description = "Definition of systemd per-user service units."; }; systemd.user.timers = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ timerOptions unitConfig ]; + type = with types; attrsOf (submodule [ { options = timerOptions; } unitConfig ] ); description = "Definition of systemd per-user timer units."; }; systemd.user.sockets = mkOption { default = {}; - type = types.attrsOf types.optionSet; - options = [ socketOptions unitConfig ]; + type = with types; attrsOf (submodule [ { options = socketOptions; } unitConfig ] ); description = "Definition of systemd per-user socket units."; }; diff --git a/nixos/modules/system/etc/etc.nix b/nixos/modules/system/etc/etc.nix index 163f4f4106e8..dac36229408f 100644 --- a/nixos/modules/system/etc/etc.nix +++ b/nixos/modules/system/etc/etc.nix @@ -33,7 +33,6 @@ in options = { environment.etc = mkOption { - type = types.loaOf types.optionSet; default = {}; example = literalExample '' { example-configuration-file = @@ -47,7 +46,8 @@ in Set of files that have to be linked in <filename>/etc</filename>. ''; - options = singleton ({ name, config, ... }: + type = with types; loaOf (submodule ( + { name, config, ... }: { options = { enable = mkOption { @@ -117,7 +117,7 @@ in in mkDefault (pkgs.writeText name' config.text)); }; - }); + })); }; |