diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/hardware/all-firmware.nix | 3 | ||||
-rw-r--r-- | nixos/modules/i18n/input-method/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/installer/cd-dvd/sd-image.nix | 24 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/digitalbitbox/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/firejail.nix | 48 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/desktops/bamf.nix | 23 | ||||
-rw-r--r-- | nixos/modules/services/hardware/udisks2.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/logging/journalwatch.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 16 | ||||
-rw-r--r-- | nixos/modules/services/networking/znc.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/matomo.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nexus.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/xfce.nix | 8 | ||||
-rw-r--r-- | nixos/modules/virtualisation/virtualbox-image.nix | 36 |
18 files changed, 170 insertions, 30 deletions
diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix index b61acf1815d9..e978ec6b40ad 100644 --- a/nixos/modules/hardware/all-firmware.nix +++ b/nixos/modules/hardware/all-firmware.nix @@ -38,7 +38,8 @@ in { firmwareLinuxNonfree intel2200BGFirmware rtl8192su-firmware - ] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [ + ] ++ optional (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) raspberrypiWirelessFirmware + ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [ rtl8723bs-firmware ]; }) diff --git a/nixos/modules/i18n/input-method/default.nix b/nixos/modules/i18n/input-method/default.nix index 7ed4a584d646..9548a249efa0 100644 --- a/nixos/modules/i18n/input-method/default.nix +++ b/nixos/modules/i18n/input-method/default.nix @@ -50,7 +50,7 @@ in package = mkOption { internal = true; - type = types.path; + type = types.nullOr types.path; default = null; description = '' The input method method package. diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index c091923de60f..311a5ff69670 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -16,6 +16,8 @@ let inherit pkgs; inherit (config.sdImage) storePaths; volumeLabel = "NIXOS_SD"; + } // optionalAttrs (config.sdImage.rootPartitionUUID != null) { + uuid = config.sdImage.rootPartitionUUID; }; in { @@ -42,6 +44,24 @@ in ''; }; + bootPartitionID = mkOption { + type = types.string; + default = "0x2178694e"; + description = '' + Volume ID for the /boot partition on the SD card. This value must be a + 32-bit hexadecimal number. + ''; + }; + + rootPartitionUUID = mkOption { + type = types.nullOr types.string; + default = null; + example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7"; + description = '' + UUID for the main NixOS partition on the SD card. + ''; + }; + bootSize = mkOption { type = types.int; default = 120; @@ -95,7 +115,7 @@ in # type=b is 'W95 FAT32', type=83 is 'Linux'. sfdisk $img <<EOF label: dos - label-id: 0x2178694e + label-id: ${config.sdImage.bootPartitionID} start=8M, size=$bootSizeBlocks, type=b, bootable start=${toString (8 + config.sdImage.bootSize)}M, type=83 @@ -108,7 +128,7 @@ in # Create a FAT32 /boot partition of suitable size into bootpart.img eval $(partx $img -o START,SECTORS --nr 1 --pairs) truncate -s $((SECTORS * 512)) bootpart.img - faketime "1970-01-01 00:00:00" mkfs.vfat -i 0x2178694e -n NIXOS_BOOT bootpart.img + faketime "1970-01-01 00:00:00" mkfs.vfat -i ${config.sdImage.bootPartitionID} -n NIXOS_BOOT bootpart.img # Populate the files intended for /boot mkdir boot diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f6628b8e9c51..988693d924bf 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -86,6 +86,7 @@ ./programs/dconf.nix ./programs/digitalbitbox/default.nix ./programs/environment.nix + ./programs/firejail.nix ./programs/fish.nix ./programs/freetds.nix ./programs/gnupg.nix @@ -220,6 +221,7 @@ ./services/databases/stanchion.nix ./services/databases/virtuoso.nix ./services/desktops/accountsservice.nix + ./services/desktops/bamf.nix ./services/desktops/dleyna-renderer.nix ./services/desktops/dleyna-server.nix ./services/desktops/flatpak.nix diff --git a/nixos/modules/programs/digitalbitbox/default.nix b/nixos/modules/programs/digitalbitbox/default.nix index 7c727489c6c9..2fe0a14412c5 100644 --- a/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixos/modules/programs/digitalbitbox/default.nix @@ -34,6 +34,6 @@ in meta = { doc = ./doc.xml; - maintainers = with stdenv.lib.maintainers; [ vidbina ]; + maintainers = with lib.maintainers; [ vidbina ]; }; } diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix new file mode 100644 index 000000000000..46ee4bc0f7a0 --- /dev/null +++ b/nixos/modules/programs/firejail.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.firejail; + + wrappedBins = pkgs.stdenv.mkDerivation rec { + name = "firejail-wrapped-binaries"; + nativeBuildInputs = with pkgs; [ makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' + cat <<_EOF >$out/bin/${command} + #!${pkgs.stdenv.shell} -e + /run/wrappers/bin/firejail ${binary} "\$@" + _EOF + chmod 0755 $out/bin/${command} + '') cfg.wrappedBinaries)} + ''; + }; + +in { + options.programs.firejail = { + enable = mkEnableOption "firejail"; + + wrappedBinaries = mkOption { + type = types.attrs; + default = {}; + description = '' + Wrap the binaries in firejail and place them in the global path. + </para> + <para> + You will get file collisions if you put the actual application binary in + the global environment and applications started via .desktop files are + not wrapped if they specify the absolute path to the binary. + ''; + }; + }; + + config = mkIf cfg.enable { + security.wrappers.firejail.source = "${lib.getBin pkgs.firejail}/bin/firejail"; + + environment.systemPackages = [ wrappedBins ]; + }; + + meta.maintainers = with maintainers; [ peterhoeg ]; +} diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 7b094fc14203..3d626bf515ac 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -242,6 +242,7 @@ with lib; (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") (mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ] "Set the option `services.xserver.displayManager.sddm.package' instead.") + (mkRemovedOptionModule [ "services" "xserver" "desktopManager" "xfce" "screenLock" ] "") (mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "") (mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "") (mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.") diff --git a/nixos/modules/services/desktops/bamf.nix b/nixos/modules/services/desktops/bamf.nix new file mode 100644 index 000000000000..0928ee81a648 --- /dev/null +++ b/nixos/modules/services/desktops/bamf.nix @@ -0,0 +1,23 @@ +# Bamf + +{ config, lib, pkgs, ... }: + +with lib; + +{ + ###### interface + + options = { + services.bamf = { + enable = mkEnableOption "bamf"; + }; + }; + + ###### implementation + + config = mkIf config.services.bamf.enable { + services.dbus.packages = [ pkgs.bamf ]; + + systemd.packages = [ pkgs.bamf ]; + }; +} diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix index ad5dc8e8a49b..ed8703be921c 100644 --- a/nixos/modules/services/hardware/udisks2.nix +++ b/nixos/modules/services/hardware/udisks2.nix @@ -40,15 +40,8 @@ with lib; ''; services.udev.packages = [ pkgs.udisks2 ]; - - systemd.services.udisks2 = { - description = "Udisks2 service"; - serviceConfig = { - Type = "dbus"; - BusName = "org.freedesktop.UDisks2"; - ExecStart = "${pkgs.udisks2}/libexec/udisks2/udisksd --no-debug"; - }; - }; + + systemd.packages = [ pkgs.udisks2 ]; }; } diff --git a/nixos/modules/services/logging/journalwatch.nix b/nixos/modules/services/logging/journalwatch.nix index adabc6459148..2c9bc18c8c3c 100644 --- a/nixos/modules/services/logging/journalwatch.nix +++ b/nixos/modules/services/logging/journalwatch.nix @@ -241,6 +241,6 @@ in { }; meta = { - maintainers = with stdenv.lib.maintainers; [ florianjacob ]; + maintainers = with lib.maintainers; [ florianjacob ]; }; } diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 8b04fac089ef..7b2d1920f0f1 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -198,6 +198,10 @@ in [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; + example = + [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; } + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; } + ]; description = '' NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See @@ -358,7 +362,14 @@ in ${flip concatMapStrings cfg.hostKeys (k: '' if ! [ -f "${k.path}" ]; then - ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" + ssh-keygen \ + -t "${k.type}" \ + ${if k ? bits then "-b ${toString k.bits}" else ""} \ + ${if k ? rounds then "-a ${toString k.rounds}" else ""} \ + ${if k ? comment then "-C '${k.comment}'" else ""} \ + ${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \ + -f "${k.path}" \ + -N "" fi '')} ''; @@ -404,6 +415,9 @@ in unixAuth = cfg.passwordAuthentication; }; + # These values are merged with the ones defined externally, see: + # https://github.com/NixOS/nixpkgs/pull/10155 + # https://github.com/NixOS/nixpkgs/pull/41745 services.openssh.authorizedKeysFiles = [ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; diff --git a/nixos/modules/services/networking/znc.nix b/nixos/modules/services/networking/znc.nix index 76e4899c85ee..6f477e3b1460 100644 --- a/nixos/modules/services/networking/znc.nix +++ b/nixos/modules/services/networking/znc.nix @@ -36,6 +36,7 @@ let IPv4 = true IPv6 = true SSL = ${boolToString confOpts.useSSL} + ${lib.optionalString (confOpts.uriPrefix != null) "URIPrefix = ${confOpts.uriPrefix}"} </Listener> <User ${confOpts.userName}> @@ -310,6 +311,16 @@ in ''; }; + uriPrefix = mkOption { + type = types.nullOr types.str; + default = null; + example = "/znc/"; + description = '' + An optional URI prefix for the ZNC web interface. Can be + used to make ZNC available behind a reverse proxy. + ''; + }; + extraZncConf = mkOption { default = ""; type = types.lines; diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index ed38eb9ce1e9..42affb06b51f 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -241,6 +241,6 @@ in { meta = { doc = ./matomo-doc.xml; - maintainers = with stdenv.lib.maintainers; [ florianjacob ]; + maintainers = with lib.maintainers; [ florianjacob ]; }; } diff --git a/nixos/modules/services/web-apps/nexus.nix b/nixos/modules/services/web-apps/nexus.nix index 30876889cf25..050f8757fa5f 100644 --- a/nixos/modules/services/web-apps/nexus.nix +++ b/nixos/modules/services/web-apps/nexus.nix @@ -130,5 +130,5 @@ in }; }; - meta.maintainers = with stdenv.lib.maintainers; [ ironpinguin ]; + meta.maintainers = with lib.maintainers; [ ironpinguin ]; } diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index b71ff0531cc8..eb8ee9b5cf46 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -656,7 +656,7 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port}";}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); + warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); users.users = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 91d091d7d7e2..4b9e561d53c8 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -221,6 +221,11 @@ in security.pam.services.sddm.enableKwallet = true; security.pam.services.slim.enableKwallet = true; + # Update the start menu for each user that has `isNormalUser` set. + system.activationScripts.plasmaSetup = stringAfter [ "users" "groups" ] + (concatStringsSep "\n" + (mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c kbuildsycoca5") + (filterAttrs (n: v: v.isNormalUser) config.users.users))); }) ]; diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index 7dcc600d2664..ae155470419d 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -43,12 +43,6 @@ in default = true; description = "Enable the XFWM (default) window manager."; }; - - screenLock = mkOption { - type = types.enum [ "xscreensaver" "xlockmore" "slock" ]; - default = "xlockmore"; - description = "Application used by XFCE to lock the screen."; - }; }; }; @@ -92,7 +86,7 @@ in thunar-volman # TODO: drop ] ++ (if config.hardware.pulseaudio.enable then [ xfce4-mixer-pulse xfce4-volumed-pulse ] - else [ xfce4-mixer xfce4-volumed ]) + else [ xfce4-mixer xfce4-volumed ]) # TODO: NetworkManager doesn't belong here ++ optionals config.networking.networkmanager.enable [ networkmanagerapplet ] ++ optionals config.powerManagement.enable [ xfce4-power-manager ] diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 64f145f77ca3..475852d1546c 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -17,12 +17,40 @@ in { The size of the VirtualBox base image in MiB. ''; }; + memorySize = mkOption { + type = types.int; + default = 1536; + description = '' + The amount of RAM the VirtualBox appliance can use in MiB. + ''; + }; + vmDerivationName = mkOption { + type = types.str; + default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.system}"; + description = '' + The name of the derivation for the VirtualBox appliance. + ''; + }; + vmName = mkOption { + type = types.str; + default = "NixOS ${config.system.nixos.label} (${pkgs.stdenv.system})"; + description = '' + The name of the VirtualBox appliance. + ''; + }; + vmFileName = mkOption { + type = types.str; + default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.system}.ova"; + description = '' + The file name of the VirtualBox appliance. + ''; + }; }; }; config = { system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix { - name = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.system}"; + name = cfg.vmDerivationName; inherit pkgs lib config; partitionTableType = "legacy"; @@ -37,11 +65,11 @@ in { VBoxManage internalcommands createrawvmdk -filename disk.vmdk -rawdisk $diskImage echo "creating VirtualBox VM..." - vmName="NixOS ${config.system.nixos.label} (${pkgs.stdenv.system})" + vmName="${cfg.vmName}"; VBoxManage createvm --name "$vmName" --register \ --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"} VBoxManage modifyvm "$vmName" \ - --memory 1536 --acpi on --vram 32 \ + --memory ${toString cfg.memorySize} --acpi on --vram 32 \ ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \ --nictype1 virtio --nic1 nat \ --audiocontroller ac97 --audio alsa \ @@ -53,7 +81,7 @@ in { echo "exporting VirtualBox VM..." mkdir -p $out - fn="$out/nixos-${config.system.nixos.label}-${pkgs.stdenv.system}.ova" + fn="$out/${cfg.vmFileName}" VBoxManage export "$vmName" --output "$fn" rm -v $diskImage |