diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/programs/bash/bash.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/misc/disnix.nix | 14 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-ssh-serve.nix | 24 | ||||
-rw-r--r-- | nixos/modules/services/security/usbguard.nix | 2 |
4 files changed, 31 insertions, 12 deletions
diff --git a/nixos/modules/programs/bash/bash.nix b/nixos/modules/programs/bash/bash.nix index 1abdb4973a44..1a62f04972df 100644 --- a/nixos/modules/programs/bash/bash.nix +++ b/nixos/modules/programs/bash/bash.nix @@ -211,6 +211,9 @@ in "/share/bash-completion" ]; + environment.systemPackages = optional cfg.enableCompletion + pkgs.nix-bash-completions; + environment.shells = [ "/run/current-system/sw/bin/bash" "/var/run/current-system/sw/bin/bash" diff --git a/nixos/modules/services/misc/disnix.nix b/nixos/modules/services/misc/disnix.nix index e96645c79c77..39d23610b064 100644 --- a/nixos/modules/services/misc/disnix.nix +++ b/nixos/modules/services/misc/disnix.nix @@ -32,11 +32,17 @@ in description = "Whether to enable Disnix"; }; + enableMultiUser = mkOption { + type = types.bool; + default = true; + description = "Whether to support multi-user mode by enabling the Disnix D-Bus service"; + }; + useWebServiceInterface = mkOption { default = false; description = "Whether to enable the DisnixWebService interface running on Apache Tomcat"; }; - + package = mkOption { type = types.path; description = "The Disnix package"; @@ -52,7 +58,7 @@ in config = mkIf cfg.enable { dysnomia.enable = true; - + environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService; services.dbus.enable = true; @@ -71,7 +77,7 @@ in }; systemd.services = { - disnix = { + disnix = mkIf cfg.enableMultiUser { description = "Disnix server"; wants = [ "dysnomia.target" ]; wantedBy = [ "multi-user.target" ]; @@ -92,7 +98,7 @@ in } // (if config.environment.variables ? DYSNOMIA_CONTAINERS_PATH then { inherit (config.environment.variables) DYSNOMIA_CONTAINERS_PATH; } else {}) // (if config.environment.variables ? DYSNOMIA_MODULES_PATH then { inherit (config.environment.variables) DYSNOMIA_MODULES_PATH; } else {}); - + serviceConfig.ExecStart = "${cfg.package}/bin/disnix-service"; }; diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 66148431709f..5bd9cf9086f1 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -1,8 +1,12 @@ { config, lib, pkgs, ... }: with lib; - -{ +let cfg = config.nix.sshServe; + command = + if cfg.protocol == "ssh" + then "nix-store --serve" + else "nix-daemon --stdio"; +in { options = { nix.sshServe = { @@ -10,7 +14,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = "Whether to enable serving the Nix store as a binary cache via SSH."; + description = "Whether to enable serving the Nix store as a remote store via SSH."; }; keys = mkOption { @@ -20,14 +24,20 @@ with lib; description = "A list of SSH public keys allowed to access the binary cache via SSH."; }; + protocol = mkOption { + type = types.enum [ "ssh" "ssh-ng" ]; + default = "ssh"; + description = "The specific Nix-over-SSH protocol to use."; + }; + }; }; - config = mkIf config.nix.sshServe.enable { + config = mkIf cfg.enable { users.extraUsers.nix-ssh = { - description = "Nix SSH substituter user"; + description = "Nix SSH store user"; uid = config.ids.uids.nix-ssh; useDefaultShell = true; }; @@ -41,11 +51,11 @@ with lib; PermitTTY no PermitTunnel no X11Forwarding no - ForceCommand ${config.nix.package.out}/bin/nix-store --serve + ForceCommand ${config.nix.package.out}/bin/${command} Match All ''; - users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys; + users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = cfg.keys; }; } diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 4e685e633354..5d469cabe2cb 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -192,7 +192,7 @@ in { serviceConfig = { Type = "simple"; - ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -d -k -c ${daemonConfFile}''; + ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}''; Restart = "on-failure"; }; }; |