diff options
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/config/networking.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/programs/bash/bash.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/hardware/u2f.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/services/logging/logstash.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gollum.nix | 21 | ||||
| -rw-r--r-- | nixos/modules/services/misc/osrm.nix | 85 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/statsd.nix | 31 | ||||
| -rw-r--r-- | nixos/modules/services/networking/i2pd.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/services/networking/nat.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/networking/prosody.nix | 76 | ||||
| -rw-r--r-- | nixos/modules/services/security/tor.nix | 83 | ||||
| -rw-r--r-- | nixos/modules/services/system/localtime.nix | 60 | ||||
| -rw-r--r-- | nixos/modules/services/x11/xserver.nix | 25 | ||||
| -rw-r--r-- | nixos/modules/testing/test-instrumentation.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 2 |
17 files changed, 408 insertions, 60 deletions
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 619f36cd5150..4101ef82f3e1 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -290,8 +290,8 @@ in ln -s /run/systemd/resolve/resolv.conf /run/resolvconf/interfaces/systemd ''} - # Make sure resolv.conf is up to date if not managed by systemd - ${optionalString (!config.services.resolved.enable) '' + # Make sure resolv.conf is up to date if not managed manually or by systemd + ${optionalString (!config.environment.etc?"resolv.conf") '' ${pkgs.openresolv}/bin/resolvconf -u ''} ''; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5e2161aacb66..5f5ebae891f2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -239,6 +239,7 @@ ./services/hardware/tlp.nix ./services/hardware/thinkfan.nix ./services/hardware/trezord.nix + ./services/hardware/u2f.nix ./services/hardware/udev.nix ./services/hardware/udisks2.nix ./services/hardware/upower.nix @@ -328,6 +329,7 @@ ./services/misc/nix-ssh-serve.nix ./services/misc/nzbget.nix ./services/misc/octoprint.nix + ./services/misc/osrm.nix ./services/misc/packagekit.nix ./services/misc/parsoid.nix ./services/misc/phd.nix @@ -588,6 +590,7 @@ ./services/system/cloud-init.nix ./services/system/dbus.nix ./services/system/earlyoom.nix + ./services/system/localtime.nix ./services/system/kerberos.nix ./services/system/nscd.nix ./services/system/saslauthd.nix diff --git a/nixos/modules/programs/bash/bash.nix b/nixos/modules/programs/bash/bash.nix index ef1acdfe66e6..1abdb4973a44 100644 --- a/nixos/modules/programs/bash/bash.nix +++ b/nixos/modules/programs/bash/bash.nix @@ -14,13 +14,16 @@ let bashCompletion = optionalString cfg.enableCompletion '' # Check whether we're running a version of Bash that has support for # programmable completion. If we do, enable all modules installed in - # the system (and user profile). + # the system and user profile in obsolete /etc/bash_completion.d/ + # directories. Bash loads completions in all + # $XDG_DATA_DIRS/share/bash-completion/completions/ + # on demand, so they do not need to be sourced here. if shopt -q progcomp &>/dev/null; then . "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh" nullglobStatus=$(shopt -p nullglob) shopt -s nullglob for p in $NIX_PROFILES; do - for m in "$p/etc/bash_completion.d/"* "$p/share/bash-completion/completions/"*; do + for m in "$p/etc/bash_completion.d/"*; do . $m done done diff --git a/nixos/modules/services/hardware/u2f.nix b/nixos/modules/services/hardware/u2f.nix new file mode 100644 index 000000000000..bb4b2f05f890 --- /dev/null +++ b/nixos/modules/services/hardware/u2f.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.hardware.u2f; +in { + options = { + hardware.u2f = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable U2F hardware support. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + services.udev.packages = [ pkgs.libu2f-host ]; + }; +} + diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix index b4abd2cd7e5e..28d89a7463ab 100644 --- a/nixos/modules/services/logging/logstash.nix +++ b/nixos/modules/services/logging/logstash.nix @@ -103,7 +103,7 @@ in listenAddress = mkOption { type = types.str; - default = "0.0.0.0"; + default = "127.0.0.1"; description = "Address on which to start webserver."; }; diff --git a/nixos/modules/services/misc/gollum.nix b/nixos/modules/services/misc/gollum.nix index 81fb024f9094..0888221ab62f 100644 --- a/nixos/modules/services/misc/gollum.nix +++ b/nixos/modules/services/misc/gollum.nix @@ -32,6 +32,24 @@ in description = "Content of the configuration file"; }; + mathjax = mkOption { + type = types.bool; + default = false; + description = "Enable support for math rendering using MathJax"; + }; + + allowUploads = mkOption { + type = types.nullOr (types.enum [ "dir" "page" ]); + default = null; + description = "Enable uploads of external files"; + }; + + emoji = mkOption { + type = types.bool; + default = false; + description = "Parse and interpret emoji tags"; + }; + branch = mkOption { type = types.str; default = "master"; @@ -84,6 +102,9 @@ in --host ${cfg.address} \ --config ${builtins.toFile "gollum-config.rb" cfg.extraConfig} \ --ref ${cfg.branch} \ + ${optionalString cfg.mathjax "--mathjax"} \ + ${optionalString cfg.emoji "--emoji"} \ + ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ ${cfg.stateDir} ''; }; diff --git a/nixos/modules/services/misc/osrm.nix b/nixos/modules/services/misc/osrm.nix new file mode 100644 index 000000000000..7ec8b15906fc --- /dev/null +++ b/nixos/modules/services/misc/osrm.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.osrm; +in + +{ + options.services.osrm = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable the OSRM service."; + }; + + address = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "IP address on which the web server will listen."; + }; + + port = mkOption { + type = types.int; + default = 5000; + description = "Port on which the web server will run."; + }; + + threads = mkOption { + type = types.int; + default = 4; + description = "Number of threads to use."; + }; + + algorithm = mkOption { + type = types.enum [ "CH" "CoreCH" "MLD" ]; + default = "MLD"; + description = "Algorithm to use for the data. Must be one of CH, CoreCH, MLD"; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + example = [ "--max-table-size 1000" "--max-matching-size 1000" ]; + description = "Extra command line arguments passed to osrm-routed"; + }; + + dataFile = mkOption { + type = types.path; + example = "/var/lib/osrm/berlin-latest.osrm"; + description = "Data file location"; + }; + + }; + + config = mkIf cfg.enable { + + users.users.osrm = { + group = config.users.users.osrm.name; + description = "OSRM user"; + createHome = false; + }; + + users.groups.osrm = { }; + + systemd.services.osrm = { + description = "OSRM service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = config.users.extraUsers.osrm.name; + ExecStart = '' + ${pkgs.osrm-backend}/bin/osrm-routed \ + --ip ${cfg.address} \ + --port ${toString cfg.port} \ + --threads ${toString cfg.threads} \ + --algorithm ${cfg.algorithm} \ + ${toString cfg.extraFlags} \ + ${cfg.dataFile} + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/monitoring/statsd.nix b/nixos/modules/services/monitoring/statsd.nix index df2adb9f2766..7b0e9981cbb1 100644 --- a/nixos/modules/services/monitoring/statsd.nix +++ b/nixos/modules/services/monitoring/statsd.nix @@ -9,6 +9,12 @@ let isBuiltinBackend = name: builtins.elem name [ "graphite" "console" "repeater" ]; + backendsToPackages = let + mkMap = list: name: + if isBuiltinBackend name then list + else list ++ [ pkgs.nodePackages.${name} ]; + in foldl mkMap []; + configFile = pkgs.writeText "statsd.conf" '' { address: "${cfg.listenAddress}", @@ -27,13 +33,21 @@ let prettyprint: false }, log: { - backend: "syslog" + backend: "stdout" }, automaticConfigReload: false${optionalString (cfg.extraConfig != null) ","} ${cfg.extraConfig} } ''; + deps = pkgs.buildEnv { + name = "statsd-runtime-deps"; + pathsToLink = [ "/lib" ]; + ignoreCollisions = true; + + paths = backendsToPackages cfg.backends; + }; + in { @@ -42,11 +56,7 @@ in options.services.statsd = { - enable = mkOption { - description = "Whether to enable statsd stats aggregation service"; - default = false; - type = types.bool; - }; + enable = mkEnableOption "statsd"; listenAddress = mkOption { description = "Address that statsd listens on over UDP"; @@ -110,6 +120,11 @@ in config = mkIf cfg.enable { + assertions = map (backend: { + assertion = !isBuiltinBackend backend -> hasAttrByPath [ backend ] pkgs.nodePackages; + message = "Only builtin backends (graphite, console, repeater) or backends enumerated in `pkgs.nodePackages` are allowed!"; + }) cfg.backends; + users.extraUsers = singleton { name = "statsd"; uid = config.ids.uids.statsd; @@ -120,9 +135,7 @@ in description = "Statsd Server"; wantedBy = [ "multi-user.target" ]; environment = { - NODE_PATH=concatMapStringsSep ":" - (pkg: "${builtins.getAttr pkg pkgs.statsd.nodePackages}/lib/node_modules") - (filter (name: !isBuiltinBackend name) cfg.backends); + NODE_PATH = "${deps}/lib/node_modules"; }; serviceConfig = { ExecStart = "${pkgs.statsd}/bin/statsd ${configFile}"; diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index ca2e2a065dcf..8f5aeee4a16b 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -126,6 +126,7 @@ let [${tun.name}] type = client destination = ${tun.destination} + destinationport = ${toString tun.destinationPort} keys = ${tun.keys} address = ${tun.address} port = ${toString tun.port} @@ -137,15 +138,15 @@ let '') } ${flip concatMapStrings - (collect (tun: tun ? port && tun ? host) cfg.inTunnels) - (tun: let portStr = toString tun.port; in '' + (collect (tun: tun ? port && tun ? address) cfg.inTunnels) + (tun: '' [${tun.name}] type = server destination = ${tun.destination} keys = ${tun.keys} host = ${tun.address} - port = ${tun.port} - inport = ${tun.inPort} + port = ${toString tun.port} + inport = ${toString tun.inPort} accesslist = ${builtins.concatStringsSep "," tun.accessList} '') } @@ -405,7 +406,13 @@ in default = {}; type = with types; loaOf (submodule ( { name, config, ... }: { - options = commonTunOpts name; + options = { + destinationPort = mkOption { + type = types.int; + default = 0; + description = "Connect to particular port at destination."; + }; + } // commonTunOpts name; config = { name = mkDefault name; }; diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 366bb2ed7a80..bfaf30c11783 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -53,6 +53,12 @@ let -j DNAT --to-destination ${fwd.destination} '') cfg.forwardPorts} + ${optionalString (cfg.dmzHost != null) '' + iptables -w -t nat -A nixos-nat-pre \ + -i ${cfg.externalInterface} -j DNAT \ + --to-destination ${cfg.dmzHost} + ''} + # Append our chains to the nat tables iptables -w -t nat -A PREROUTING -j nixos-nat-pre iptables -w -t nat -A POSTROUTING -j nixos-nat-post @@ -125,15 +131,15 @@ in type = with types; listOf (submodule { options = { sourcePort = mkOption { - type = types.int; + type = types.either types.int (types.strMatching "[[:digit:]]+:[[:digit:]]+"); example = 8080; - description = "Source port of the external interface"; + description = "Source port of the external interface; to specify a port range, use a string with a colon (e.g. \"60000:61000\")"; }; destination = mkOption { type = types.str; example = "10.0.0.1:80"; - description = "Forward connection to destination ip:port"; + description = "Forward connection to destination ip:port; to specify a port range, use ip:start-end"; }; proto = mkOption { @@ -153,6 +159,17 @@ in ''; }; + networking.nat.dmzHost = mkOption { + type = types.nullOr types.str; + default = null; + example = "10.0.0.1"; + description = + '' + The local IP address to which all traffic that does not match any + forwarding rule is forwarded. + ''; + }; + }; diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 382f74606cae..62afbf32c2f6 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -346,10 +346,6 @@ in { wireless.enable = lib.mkDefault false; }; - powerManagement.resumeCommands = '' - ${config.systemd.package}/bin/systemctl restart network-manager - ''; - security.polkit.extraConfig = polkitConf; networking.networkmanager.packages = diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index fb9c9dc67f24..f34d8e172b46 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -10,98 +10,126 @@ let options = { - # TODO: require attribute key = mkOption { - type = types.str; - description = "Path to the key file"; + type = types.path; + description = "Path to the key file."; }; - # TODO: require attribute cert = mkOption { - type = types.str; - description = "Path to the certificate file"; + type = types.path; + description = "Path to the certificate file."; + }; + + extraOptions = mkOption { + type = types.attrs; + default = {}; + description = "Extra SSL configuration options."; }; + }; }; moduleOpts = { roster = mkOption { + type = types.bool; default = true; description = "Allow users to have a roster"; }; saslauth = mkOption { + type = types.bool; default = true; description = "Authentication for clients and servers. Recommended if you want to log in."; }; tls = mkOption { + type = types.bool; default = true; description = "Add support for secure TLS on c2s/s2s connections"; }; dialback = mkOption { + type = types.bool; default = true; description = "s2s dialback support"; }; disco = mkOption { + type = types.bool; default = true; description = "Service discovery"; }; legacyauth = mkOption { + type = types.bool; default = true; description = "Legacy authentication. Only used by some old clients and bots"; }; version = mkOption { + type = types.bool; default = true; description = "Replies to server version requests"; }; uptime = mkOption { + type = types.bool; default = true; description = "Report how long server has been running"; }; time = mkOption { + type = types.bool; default = true; description = "Let others know the time here on this server"; }; ping = mkOption { + type = types.bool; default = true; description = "Replies to XMPP pings with pongs"; }; console = mkOption { + type = types.bool; default = false; description = "telnet to port 5582"; }; bosh = mkOption { + type = types.bool; default = false; description = "Enable BOSH clients, aka 'Jabber over HTTP'"; }; httpserver = mkOption { + type = types.bool; default = false; description = "Serve static files from a directory over HTTP"; }; websocket = mkOption { + type = types.bool; default = false; description = "Enable WebSocket support"; }; }; - createSSLOptsStr = o: - if o ? key && o ? cert then - ''ssl = { key = "${o.key}"; certificate = "${o.cert}"; };'' - else ""; + toLua = x: + if builtins.isString x then ''"${x}"'' + else if builtins.isBool x then toString x + else if builtins.isInt x then toString x + else throw "Invalid Lua value"; + + createSSLOptsStr = o: '' + ssl = { + key = "${o.key}"; + certificate = "${o.cert}"; + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name} = ${toLua value};") o.extraOptions)} + }; + ''; vHostOpts = { ... }: { @@ -114,18 +142,20 @@ let }; enabled = mkOption { + type = types.bool; default = false; description = "Whether to enable the virtual host"; }; ssl = mkOption { - description = "Paths to SSL files"; + type = types.nullOr (types.submodule sslOpts); default = null; - options = [ sslOpts ]; + description = "Paths to SSL files"; }; extraConfig = mkOption { - default = ''''; + type = types.lines; + default = ""; description = "Additional virtual host specific configuration"; }; @@ -144,11 +174,13 @@ in services.prosody = { enable = mkOption { + type = types.bool; default = false; description = "Whether to enable the prosody server"; }; allowRegistration = mkOption { + type = types.bool; default = false; description = "Allow account creation"; }; @@ -156,8 +188,9 @@ in modules = moduleOpts; extraModules = mkOption { - description = "Enable custom modules"; + type = types.listOf types.str; default = []; + description = "Enable custom modules"; }; virtualHosts = mkOption { @@ -183,20 +216,21 @@ in }; ssl = mkOption { - description = "Paths to SSL files"; + type = types.nullOr (types.submodule sslOpts); default = null; - options = [ sslOpts ]; + description = "Paths to SSL files"; }; admins = mkOption { - description = "List of administrators of the current host"; - example = [ "admin1@example.com" "admin2@example.com" ]; + type = types.listOf types.str; default = []; + example = [ "admin1@example.com" "admin2@example.com" ]; + description = "List of administrators of the current host"; }; extraConfig = mkOption { type = types.lines; - default = ''''; + default = ""; description = "Additional prosody configuration"; }; @@ -263,17 +297,17 @@ in }; systemd.services.prosody = { - description = "Prosody XMPP server"; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; + restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ]; serviceConfig = { User = "prosody"; + Type = "forking"; PIDFile = "/var/lib/prosody/prosody.pid"; ExecStart = "${pkgs.prosody}/bin/prosodyctl start"; }; - }; }; diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index bc79d9f2a590..fa4aeb22ae9d 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -9,6 +9,26 @@ let opt = name: value: optionalString (value != null) "${name} ${value}"; optint = name: value: optionalString (value != null && value != 0) "${name} ${toString value}"; + isolationOptions = { + type = types.listOf (types.enum [ + "IsolateClientAddr" + "IsolateSOCKSAuth" + "IsolateClientProtocol" + "IsolateDestPort" + "IsolateDestAddr" + ]); + default = []; + example = [ + "IsolateClientAddr" + "IsolateSOCKSAuth" + "IsolateClientProtocol" + "IsolateDestPort" + "IsolateDestAddr" + ]; + description = "Tor isolation options"; + }; + + torRc = '' User tor DataDirectory ${torDirectory} @@ -20,10 +40,20 @@ let ${optint "ControlPort" cfg.controlPort} '' # Client connection config - + optionalString cfg.client.enable '' - SOCKSPort ${cfg.client.socksListenAddress} IsolateDestAddr + + optionalString cfg.client.enable '' + SOCKSPort ${cfg.client.socksListenAddress} ${toString cfg.client.socksIsolationOptions} SOCKSPort ${cfg.client.socksListenAddressFaster} ${opt "SocksPolicy" cfg.client.socksPolicy} + + ${optionalString cfg.client.transparentProxy.enable '' + TransPort ${cfg.client.transparentProxy.listenAddress} ${toString cfg.client.transparentProxy.isolationOptions} + ''} + + ${optionalString cfg.client.dns.enable '' + DNSPort ${cfg.client.dns.listenAddress} ${toString cfg.client.dns.isolationOptions} + AutomapHostsOnResolve 1 + AutomapHostsSuffixes ${concatStringsSep "," cfg.client.dns.automapHostsSuffixes} + ''} '' # Relay config + optionalString cfg.relay.enable '' @@ -154,6 +184,55 @@ in ''; }; + socksIsolationOptions = mkOption (isolationOptions // { + default = ["IsolateDestAddr"]; + }); + + transparentProxy = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable tor transaprent proxy"; + }; + + listenAddress = mkOption { + type = types.str; + default = "127.0.0.1:9040"; + example = "192.168.0.1:9040"; + description = '' + Bind transparent proxy to this address. + ''; + }; + + isolationOptions = mkOption isolationOptions; + }; + + dns = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable tor dns resolver"; + }; + + listenAddress = mkOption { + type = types.str; + default = "127.0.0.1:9053"; + example = "192.168.0.1:9053"; + description = '' + Bind tor dns to this address. + ''; + }; + + isolationOptions = mkOption isolationOptions; + + automapHostsSuffixes = mkOption { + type = types.listOf types.str; + default = [".onion" ".exit"]; + example = [".onion"]; + description = "List of suffixes to use with automapHostsOnResolve"; + }; + }; + privoxy.enable = mkOption { type = types.bool; default = true; diff --git a/nixos/modules/services/system/localtime.nix b/nixos/modules/services/system/localtime.nix new file mode 100644 index 000000000000..b9355bbb9441 --- /dev/null +++ b/nixos/modules/services/system/localtime.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.localtime; +in { + options = { + services.localtime = { + enable = mkOption { + default = false; + description = '' + Enable <literal>localtime</literal>, simple daemon for keeping the system + timezone up-to-date based on the current location. It uses geoclue2 to + determine the current location and systemd-timedated to actually set + the timezone. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + services.geoclue2.enable = true; + + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.timedate1.set-timezone" + && subject.user == "localtimed") { + return polkit.Result.YES; + } + }); + ''; + + users.users = [{ + name = "localtimed"; + description = "Taskserver user"; + }]; + + systemd.services.localtime = { + description = "localtime service"; + wantedBy = [ "multi-user.target" ]; + partOf = [ "geoclue.service "]; + + serviceConfig = { + Restart = "on-failure"; + # TODO: make it work with dbus + #DynamicUser = true; + Nice = 10; + User = "localtimed"; + PrivateTmp = "yes"; + PrivateDevices = true; + PrivateNetwork = "yes"; + NoNewPrivileges = "yes"; + ProtectSystem = "strict"; + ProtectHome = true; + ExecStart = "${pkgs.localtime}/bin/localtimed"; + }; + }; + }; +} diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 1049f810ad2a..7acd621f53ab 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -578,6 +578,22 @@ in target = "X11/xkb"; } ]) + # localectl looks into 00-keyboard.conf + ++ [ + { + text = '' + Section "InputClass" + Identifier "Keyboard catchall" + MatchIsKeyboard "on" + Option "XkbModel" "${cfg.xkbModel}" + Option "XkbLayout" "${cfg.layout}" + Option "XkbOptions" "${cfg.xkbOptions}" + Option "XkbVariant" "${cfg.xkbVariant}" + EndSection + ''; + target = "X11/xorg.conf.d/00-keyboard.conf"; + } + ] # Needed since 1.18; see https://bugs.freedesktop.org/show_bug.cgi?id=89023#c5 ++ (let cfgPath = "/X11/xorg.conf.d/10-evdev.conf"; in [{ @@ -697,15 +713,6 @@ in ${cfg.monitorSection} EndSection - Section "InputClass" - Identifier "Keyboard catchall" - MatchIsKeyboard "on" - Option "XkbModel" "${cfg.xkbModel}" - Option "XkbLayout" "${cfg.layout}" - Option "XkbOptions" "${cfg.xkbOptions}" - Option "XkbVariant" "${cfg.xkbVariant}" - EndSection - # Additional "InputClass" sections ${flip concatMapStrings cfg.inputClassSections (inputClassSection: '' Section "InputClass" diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 1d6c41406107..9b4136223c0f 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -128,7 +128,7 @@ in # Make it easy to log in as root when running the test interactively. users.extraUsers.root.initialHashedPassword = mkOverride 150 ""; - services.xserver.displayManager.logToJournal = true; + services.xserver.displayManager.job.logToJournal = true; }; } diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 770e5fb848a9..26f7945a4eda 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -18,7 +18,7 @@ let "i686-linux" = "${qemu}/bin/qemu-kvm"; "x86_64-linux" = "${qemu}/bin/qemu-kvm -cpu kvm64"; "armv7l-linux" = "${qemu}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host"; - "aarch64-linux" = "${qemu}/bin/qemu-system-aarch64 -enable-kvm -machine virt -cpu host"; + "aarch64-linux" = "${qemu}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host"; }.${pkgs.stdenv.system}; # FIXME: figure out a common place for this instead of copy pasting |