diff options
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/hardware/video/hidpi.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/hardware/video/nvidia.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/security/acme.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/security/acme.xml | 2 | ||||
| -rw-r--r-- | nixos/modules/services/logging/logrotate.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/caddy/default.nix | 27 | ||||
| -rw-r--r-- | nixos/modules/services/x11/display-managers/gdm.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/system/boot/loader/grub/install-grub.pl | 176 |
8 files changed, 107 insertions, 113 deletions
diff --git a/nixos/modules/hardware/video/hidpi.nix b/nixos/modules/hardware/video/hidpi.nix index c480cc481dfc..ac72b652504e 100644 --- a/nixos/modules/hardware/video/hidpi.nix +++ b/nixos/modules/hardware/video/hidpi.nix @@ -12,6 +12,5 @@ with lib; boot.loader.systemd-boot.consoleMode = mkDefault "1"; # TODO Find reasonable defaults X11 & wayland - services.xserver.dpi = lib.mkDefault 192; }; } diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 5b379505608a..ff4225dc29ad 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -179,7 +179,7 @@ in in mkIf enabled { assertions = [ { - assertion = with config.services.xserver.displayManager; gdm.nvidiaWayland -> cfg.modesetting.enable; + assertion = with config.services.xserver.displayManager; (gdm.enable && gdm.nvidiaWayland) -> cfg.modesetting.enable; message = "You cannot use wayland with GDM without modesetting enabled for NVIDIA drivers, set `hardware.nvidia.modesetting.enable = true`"; } diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 88c5774d187c..2815e2593b23 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -77,6 +77,7 @@ let unitConfig = { ConditionPathExists = "!/var/lib/acme/.minica/key.pem"; + StartLimitIntervalSec = 0; }; serviceConfig = commonServiceConfig // { @@ -235,6 +236,7 @@ let unitConfig = { ConditionPathExists = "!/var/lib/acme/${cert}/key.pem"; + StartLimitIntervalSec = 0; }; serviceConfig = commonServiceConfig // { diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 8249da948c6d..bf93800a0af4 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -253,7 +253,7 @@ chmod 400 /var/lib/secrets/certs.secret </programlisting> <para> - Now you're all set to generate certs! You should monitor the first invokation + Now you're all set to generate certs! You should monitor the first invocation by running <literal>systemctl start acme-example.com.service & journalctl -fu acme-example.com.service</literal> and watching its log output. </para> diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix index 624b6cfb1215..ba5d6e29d0bd 100644 --- a/nixos/modules/services/logging/logrotate.nix +++ b/nixos/modules/services/logging/logrotate.nix @@ -40,7 +40,7 @@ let }; frequency = mkOption { - type = types.enum [ "daily" "weekly" "monthly" "yearly" ]; + type = types.enum [ "hourly" "daily" "weekly" "monthly" "yearly" ]; default = "daily"; description = '' How often to rotate the logs. @@ -155,7 +155,7 @@ in systemd.services.logrotate = { description = "Logrotate Service"; wantedBy = [ "multi-user.target" ]; - startAt = "*-*-* *:05:00"; + startAt = "hourly"; script = '' exec ${pkgs.logrotate}/sbin/logrotate ${configFile} ''; diff --git a/nixos/modules/services/web-servers/caddy/default.nix b/nixos/modules/services/web-servers/caddy/default.nix index cef27e2e59f3..ed27dd375c86 100644 --- a/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixos/modules/services/web-servers/caddy/default.nix @@ -171,34 +171,27 @@ in }; config = mkIf cfg.enable { + systemd.packages = [ cfg.package ]; systemd.services.caddy = { - description = "Caddy web server"; - # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; startLimitIntervalSec = 14400; startLimitBurst = 10; + serviceConfig = { - ExecStart = "${cfg.package}/bin/caddy run ${optionalString cfg.resume "--resume"} --config ${configJSON}"; - ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}"; - Type = "simple"; + # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= + # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. + ExecStart = [ "" "${cfg.package}/bin/caddy run ${optionalString cfg.resume "--resume"} --config ${configJSON}" ]; + ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${configJSON}" ]; + User = cfg.user; Group = cfg.group; + ReadWriteDirectories = cfg.dataDir; Restart = "on-abnormal"; - AmbientCapabilities = "cap_net_bind_service"; - CapabilityBoundingSet = "cap_net_bind_service"; + + # TODO: attempt to upstream these options NoNewPrivileges = true; - LimitNPROC = 512; - LimitNOFILE = 1048576; - PrivateTmp = true; PrivateDevices = true; ProtectHome = true; - ProtectSystem = "full"; - ReadWriteDirectories = cfg.dataDir; - KillMode = "mixed"; - KillSignal = "SIGQUIT"; - TimeoutStopSec = "5s"; }; }; diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index e036c684c886..6f0d645725e9 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -83,14 +83,14 @@ in default = true; description = '' Allow GDM to run on Wayland instead of Xserver. - Note to enable Wayland with Nvidia you need to - enable the <option>nvidiaWayland</option>. + Note to enable Wayland with Nvidia the <option>nvidiaWayland</option> + must not be disabled. ''; }; nvidiaWayland = mkOption { type = types.bool; - default = false; + default = true; description = '' Whether to allow wayland to be used with the proprietary NVidia graphics driver. diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index 4d8537d4c327..0c93b288fc65 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -103,10 +103,10 @@ if (stat($bootPath)->dev != stat("/nix/store")->dev) { # Discover information about the location of the bootPath struct(Fs => { - device => '$', - type => '$', - mount => '$', - }); + device => '$', + type => '$', + mount => '$', +}); sub PathInMount { my ($path, $mount) = @_; my @splitMount = split /\//, $mount; @@ -155,9 +155,9 @@ sub GetFs { return $bestFs; } struct (Grub => { - path => '$', - search => '$', - }); + path => '$', + search => '$', +}); my $driveid = 1; sub GrubFs { my ($dir) = @_; @@ -254,8 +254,8 @@ if ($grubVersion == 1) { # $defaultEntry might be "saved", indicating that we want to use the last selected configuration as default. # Incidentally this is already the correct value for the grub 1 config to achieve this behaviour. $conf .= " - default $defaultEntry - timeout $timeout + default $defaultEntry + timeout $timeout "; if ($splashImage) { copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath: $!\n"; @@ -305,7 +305,7 @@ else { if ($copyKernels == 0) { $conf .= " - " . $grubStore->search; + " . $grubStore->search; } # FIXME: should use grub-mkconfig. my $defaultEntryText = $defaultEntry; @@ -313,55 +313,55 @@ else { $defaultEntryText = "\"\${saved_entry}\""; } $conf .= " - " . $grubBoot->search . " - if [ -s \$prefix/grubenv ]; then - load_env - fi - - # ‘grub-reboot’ sets a one-time saved entry, which we process here and - # then delete. - if [ \"\${next_entry}\" ]; then - set default=\"\${next_entry}\" - set next_entry= - save_env next_entry - set timeout=1 - set boot_once=true - else - set default=$defaultEntryText - set timeout=$timeout - fi - - function savedefault { - if [ -z \"\${boot_once}\"]; then - saved_entry=\"\${chosen}\" - save_env saved_entry + " . $grubBoot->search . " + if [ -s \$prefix/grubenv ]; then + load_env fi - } - # Setup the graphics stack for bios and efi systems - if [ \"\${grub_platform}\" = \"efi\" ]; then - insmod efi_gop - insmod efi_uga - else - insmod vbe - fi + # ‘grub-reboot’ sets a one-time saved entry, which we process here and + # then delete. + if [ \"\${next_entry}\" ]; then + set default=\"\${next_entry}\" + set next_entry= + save_env next_entry + set timeout=1 + set boot_once=true + else + set default=$defaultEntryText + set timeout=$timeout + fi + + function savedefault { + if [ -z \"\${boot_once}\"]; then + saved_entry=\"\${chosen}\" + save_env saved_entry + fi + } + + # Setup the graphics stack for bios and efi systems + if [ \"\${grub_platform}\" = \"efi\" ]; then + insmod efi_gop + insmod efi_uga + else + insmod vbe + fi "; if ($font) { copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath: $!\n"; $conf .= " - insmod font - if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then - insmod gfxterm - if [ \"\${grub_platform}\" = \"efi\" ]; then - set gfxmode=$gfxmodeEfi - set gfxpayload=$gfxpayloadEfi - else - set gfxmode=$gfxmodeBios - set gfxpayload=$gfxpayloadBios - fi - terminal_output gfxterm - fi + insmod font + if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then + insmod gfxterm + if [ \"\${grub_platform}\" = \"efi\" ]; then + set gfxmode=$gfxmodeEfi + set gfxpayload=$gfxpayloadEfi + else + set gfxmode=$gfxmodeBios + set gfxpayload=$gfxpayloadBios + fi + terminal_output gfxterm + fi "; } if ($splashImage) { @@ -378,14 +378,14 @@ else { } copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath: $!\n"; $conf .= " - insmod " . substr($suffix, 1) . " - if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then - set color_normal=white/black - set color_highlight=black/white - else - set menu_color_normal=cyan/blue - set menu_color_highlight=white/blue - fi + insmod " . substr($suffix, 1) . " + if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then + set color_normal=white/black + set color_highlight=black/white + else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + fi "; } @@ -395,20 +395,20 @@ else { # Copy theme rcopy($theme, "$bootPath/theme") or die "cannot copy $theme to $bootPath\n"; $conf .= " - # Sets theme. - set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt - export theme - # Load theme fonts, if any + # Sets theme. + set theme=" . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/theme.txt + export theme + # Load theme fonts, if any "; find( { wanted => sub { - if ($_ =~ /\.pf2$/i) { - $font = File::Spec->abs2rel($File::Find::name, $theme); - $conf .= " - loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font - "; - } - }, no_chdir => 1 }, $theme ); + if ($_ =~ /\.pf2$/i) { + $font = File::Spec->abs2rel($File::Find::name, $theme); + $conf .= " + loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/theme/$font + "; + } + }, no_chdir => 1 }, $theme ); } } @@ -474,8 +474,8 @@ sub addEntry { # FIXME: $confName my $kernelParams = - "init=" . Cwd::abs_path("$path/init") . " " . - readFile("$path/kernel-params"); + "init=" . Cwd::abs_path("$path/init") . " " . + readFile("$path/kernel-params"); my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : ""; if ($grubVersion == 1) { @@ -524,9 +524,9 @@ foreach my $link (@links) { my $date = strftime("%F", localtime(lstat($link)->mtime)); my $version = - -e "$link/nixos-version" - ? readFile("$link/nixos-version") - : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); + -e "$link/nixos-version" + ? readFile("$link/nixos-version") + : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); if ($cfgName) { $entryName = $cfgName; @@ -551,8 +551,8 @@ sub addProfile { sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; } my @links = sort - { nrFromGen($b) <=> nrFromGen($a) } - (glob "$profile-*-link"); + { nrFromGen($b) <=> nrFromGen($a) } + (glob "$profile-*-link"); my $curEntry = 0; foreach my $link (@links) { @@ -563,9 +563,9 @@ sub addProfile { } my $date = strftime("%F", localtime(lstat($link)->mtime)); my $version = - -e "$link/nixos-version" - ? readFile("$link/nixos-version") - : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); + -e "$link/nixos-version" + ? readFile("$link/nixos-version") + : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]); addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link); } @@ -653,13 +653,13 @@ foreach my $fn (glob "$bootPath/kernels/*") { # struct(GrubState => { - name => '$', - version => '$', - efi => '$', - devices => '$', - efiMountPoint => '$', - extraGrubInstallArgs => '@', - }); + name => '$', + version => '$', + efi => '$', + devices => '$', + efiMountPoint => '$', + extraGrubInstallArgs => '@', +}); # If you add something to the state file, only add it to the end # because it is read line-by-line. sub readGrubState { |