diff options
Diffstat (limited to 'nixos')
59 files changed, 519 insertions, 416 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 830e7cdd2696..47522fe3cc92 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -71,6 +71,8 @@ following incompatible changes:</para> <itemizedlist> <listitem> <para> + ZNC option <option>services.znc.mutable</option> now defaults to <literal>true</literal>. + That means that old configuration is not overwritten by default when update to the znc options are made. </para> </listitem> </itemizedlist> diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index d4b2e338c3ef..9fa848301f60 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -80,7 +80,7 @@ let truncate -s ${toString diskSize}M $diskImage ${if partitioned then '' - parted $diskImage -- mklabel msdos mkpart primary ext4 1M -1s + parted --script $diskImage -- mklabel msdos mkpart primary ext4 1M -1s offset=$((2048*512)) '' else '' offset=0 diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index 58c447c76db6..9339ba78ff0c 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -149,6 +149,7 @@ rec { { key = "run-in-machine"; networking.hostName = "client"; nix.readOnlyStore = false; + virtualisation.writableStore = false; } ]; diff --git a/nixos/modules/config/debug-info.nix b/nixos/modules/config/debug-info.nix index 49991d22a933..2942ae5905d1 100644 --- a/nixos/modules/config/debug-info.nix +++ b/nixos/modules/config/debug-info.nix @@ -30,14 +30,15 @@ with lib; }; - config = { + config = mkIf config.environment.enableDebugInfo { # FIXME: currently disabled because /lib is already in # environment.pathsToLink, and we can't have both. #environment.pathsToLink = [ "/lib/debug/.build-id" ]; - environment.extraOutputsToInstall = - optional config.environment.enableDebugInfo "debug"; + environment.extraOutputsToInstall = [ "debug" ]; + + environment.variables.NIX_DEBUG_INFO_DIRS = [ "/run/current-system/sw/lib/debug" ]; }; diff --git a/nixos/modules/hardware/network/intel-2030.nix b/nixos/modules/hardware/network/intel-2030.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-2030.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-2100bg.nix b/nixos/modules/hardware/network/intel-2100bg.nix deleted file mode 100644 index 0ec81474ad3e..000000000000 --- a/nixos/modules/hardware/network/intel-2100bg.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - - ###### interface - - options = { - - networking.enableIntel2100BGFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Turn on this option if you want firmware for the Intel - PRO/Wireless 2100BG to be loaded automatically. This is - required if you want to use this device. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableIntel2100BGFirmware { - - hardware.enableRedistributableFirmware = true; - - }; - -} diff --git a/nixos/modules/hardware/network/intel-3945abg.nix b/nixos/modules/hardware/network/intel-3945abg.nix deleted file mode 100644 index 27a3f228b7d1..000000000000 --- a/nixos/modules/hardware/network/intel-3945abg.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - - ###### interface - - options = { - - networking.enableIntel3945ABGFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - This option enables automatic loading of the firmware for the Intel - PRO/Wireless 3945ABG. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableIntel3945ABGFirmware { - - hardware.enableRedistributableFirmware = true; - - }; - -} diff --git a/nixos/modules/hardware/network/intel-4965agn.nix b/nixos/modules/hardware/network/intel-4965agn.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-4965agn.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-5000.nix b/nixos/modules/hardware/network/intel-5000.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-5000.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-5150.nix b/nixos/modules/hardware/network/intel-5150.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-5150.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-6000.nix b/nixos/modules/hardware/network/intel-6000.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-6000.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-6000g2a.nix b/nixos/modules/hardware/network/intel-6000g2a.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-6000g2a.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-6000g2b.nix b/nixos/modules/hardware/network/intel-6000g2b.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-6000g2b.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/ralink.nix b/nixos/modules/hardware/network/ralink.nix deleted file mode 100644 index 36182e2cb996..000000000000 --- a/nixos/modules/hardware/network/ralink.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, config, lib, ...}: - -{ - - ###### interface - - options = { - - networking.enableRalinkFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Turn on this option if you want firmware for the RT73 NIC. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableRalinkFirmware { - hardware.enableRedistributableFirmware = true; - }; - -} diff --git a/nixos/modules/hardware/network/rtl8192c.nix b/nixos/modules/hardware/network/rtl8192c.nix deleted file mode 100644 index bf328c2d3224..000000000000 --- a/nixos/modules/hardware/network/rtl8192c.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, config, lib, ...}: - -{ - - ###### interface - - options = { - - networking.enableRTL8192cFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Turn on this option if you want firmware for the RTL8192c (and related) NICs. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableRTL8192cFirmware { - hardware.enableRedistributableFirmware = true; - }; - -} diff --git a/nixos/modules/installer/scan/detected.nix b/nixos/modules/installer/scan/detected.nix index e72c78532943..7e181acb93b1 100644 --- a/nixos/modules/installer/scan/detected.nix +++ b/nixos/modules/installer/scan/detected.nix @@ -6,8 +6,7 @@ with lib; { config = mkDefault { - # Wireless card firmware - networking.enableIntel2200BGFirmware = true; - networking.enableIntel3945ABGFirmware = true; + # Common firmware, i.e. for wifi cards + hardware.enableRedistributableFirmware = true; }; } diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 4ec48b773358..926d1e3133f7 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -398,19 +398,15 @@ EOF # Is this a btrfs filesystem? if ($fsType eq "btrfs") { - my ($status, @id_info) = runCommand("btrfs subvol show $rootDir$mountPoint"); - if ($status != 0 || join("", @id_info) =~ /ERROR:/) { + my ($status, @info) = runCommand("btrfs subvol show $rootDir$mountPoint"); + if ($status != 0 || join("", @info) =~ /ERROR:/) { die "Failed to retrieve subvolume info for $mountPoint\n"; } - my @ids = join("", @id_info) =~ m/Subvolume ID:[ \t\n]*([^ \t\n]*)/; + my @ids = join("\n", @info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s; if ($#ids > 0) { die "Btrfs subvol name for $mountPoint listed multiple times in mount\n" } elsif ($#ids == 0) { - my ($status, @path_info) = runCommand("btrfs subvol list $rootDir$mountPoint"); - if ($status != 0) { - die "Failed to find $mountPoint subvolume id from btrfs\n"; - } - my @paths = join("", @path_info) =~ m/ID $ids[0] [^\n]* path ([^\n]*)/; + my @paths = join("", @info) =~ m/^([^\n]*)/; if ($#paths > 0) { die "Btrfs returned multiple paths for a single subvolume id, mountpoint $mountPoint\n"; } elsif ($#paths != 0) { diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 508a76d3cab5..7d9d9984cf28 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -296,6 +296,9 @@ clickhouse = 278; rslsync = 279; minio = 280; + kanboard = 281; + pykms = 282; + kodi = 283; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -561,6 +564,9 @@ clickhouse = 278; rslsync = 279; minio = 280; + kanboard = 281; + pykms = 282; + kodi = 283; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 0fe91435ce8c..51953d1110c4 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -125,13 +125,16 @@ in { warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; - + + # directory creation needs to be separated from main service + # because ReadWritePaths fails when the directory doesn't already exist + systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ]; + systemd.services.update-locatedb = { description = "Update Locate Database"; path = mkIf (!isMLocate) [ pkgs.su ]; script = '' - mkdir -m 0755 -p ${dirOf cfg.output} exec ${cfg.locate}/bin/updatedb \ ${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \ --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} @@ -147,8 +150,13 @@ in { serviceConfig.PrivateTmp = "yes"; serviceConfig.PrivateNetwork = "yes"; serviceConfig.NoNewPrivileges = "yes"; - serviceConfig.ReadOnlyDirectories = "/"; - serviceConfig.ReadWriteDirectories = dirOf cfg.output; + serviceConfig.ReadOnlyPaths = "/"; + # Use dirOf cfg.output because mlocate creates temporary files next to + # the actual database. We could specify and create them as well, + # but that would make this quite brittle when they change something. + # NOTE: If /var/cache does not exist, this leads to the misleading error message: + # update-locatedb.service: Failed at step NAMESPACE spawning …/update-locatedb-start: No such file or directory + serviceConfig.ReadWritePaths = dirOf cfg.output; }; systemd.timers.update-locatedb = diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 8ac7e5b52d69..a8cb957ffe21 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -35,11 +35,6 @@ ./hardware/ksm.nix ./hardware/mcelog.nix ./hardware/network/b43.nix - ./hardware/network/intel-2100bg.nix - ./hardware/network/intel-2200bg.nix - ./hardware/network/intel-3945abg.nix - ./hardware/network/ralink.nix - ./hardware/network/rtl8192c.nix ./hardware/nitrokey.nix ./hardware/opengl.nix ./hardware/pcmcia.nix @@ -136,8 +131,6 @@ ./security/rtkit.nix ./security/wrappers/default.nix ./security/sudo.nix - ./service-managers/docker.nix - ./service-managers/trivial.nix ./services/admin/salt/master.nix ./services/admin/salt/minion.nix ./services/amqp/activemq/default.nix @@ -333,6 +326,7 @@ ./services/misc/parsoid.nix ./services/misc/phd.nix ./services/misc/plex.nix + ./services/misc/pykms.nix ./services/misc/radarr.nix ./services/misc/redmine.nix ./services/misc/rippled.nix @@ -375,6 +369,7 @@ ./services/monitoring/prometheus/collectd-exporter.nix ./services/monitoring/prometheus/fritzbox-exporter.nix ./services/monitoring/prometheus/json-exporter.nix + ./services/monitoring/prometheus/minio-exporter.nix ./services/monitoring/prometheus/nginx-exporter.nix ./services/monitoring/prometheus/node-exporter.nix ./services/monitoring/prometheus/snmp-exporter.nix diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix index 6e6ae98e19fc..3c7e516c497f 100644 --- a/nixos/modules/profiles/all-hardware.nix +++ b/nixos/modules/profiles/all-hardware.nix @@ -41,15 +41,12 @@ # Virtio (QEMU, KVM etc.) support. "virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console" - + # VMware support. "mptspi" "vmw_balloon" "vmwgfx" "vmw_vmci" "vmw_vsock_vmci_transport" "vmxnet3" "vsock" # Hyper-V support. "hv_storvsc" - - # Keyboards - "usbhid" "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat" ]; # Include lots of firmware. diff --git a/nixos/modules/programs/command-not-found/command-not-found.nix b/nixos/modules/programs/command-not-found/command-not-found.nix index 55529d73cb60..bbe7165c62fb 100644 --- a/nixos/modules/programs/command-not-found/command-not-found.nix +++ b/nixos/modules/programs/command-not-found/command-not-found.nix @@ -25,7 +25,14 @@ in { options.programs.command-not-found = { - enable = mkEnableOption "command-not-found hook for interactive shell"; + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether interactive shells should show which Nix package (if + any) provides a missing command. + ''; + }; dbPath = mkOption { default = "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite" ; diff --git a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix index 9452489e2fb4..e7cf17c2c00c 100644 --- a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix +++ b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix @@ -5,74 +5,74 @@ with lib; let cfg = config.programs.zsh.syntaxHighlighting; in - { - options = { - programs.zsh.syntaxHighlighting = { - enable = mkEnableOption "zsh-syntax-highlighting"; +{ + options = { + programs.zsh.syntaxHighlighting = { + enable = mkEnableOption "zsh-syntax-highlighting"; - highlighters = mkOption { - default = [ "main" ]; + highlighters = mkOption { + default = [ "main" ]; - # https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md - type = types.listOf(types.enum([ - "main" - "brackets" - "pattern" - "cursor" - "root" - "line" - ])); + # https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md + type = types.listOf(types.enum([ + "main" + "brackets" + "pattern" + "cursor" + "root" + "line" + ])); - description = '' - Specifies the highlighters to be used by zsh-syntax-highlighting. + description = '' + Specifies the highlighters to be used by zsh-syntax-highlighting. - The following defined options can be found here: - https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md - ''; - }; + The following defined options can be found here: + https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md + ''; + }; - patterns = mkOption { - default = {}; - type = types.attrsOf types.string; + patterns = mkOption { + default = {}; + type = types.attrsOf types.string; - example = literalExample '' - { - "rm -rf *" = "fg=white,bold,bg=red"; - } - ''; + example = literalExample '' + { + "rm -rf *" = "fg=white,bold,bg=red"; + } + ''; - description = '' - Specifies custom patterns to be highlighted by zsh-syntax-highlighting. + description = '' + Specifies custom patterns to be highlighted by zsh-syntax-highlighting. - Please refer to the docs for more information about the usage: - https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md - ''; - }; + Please refer to the docs for more information about the usage: + https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md + ''; }; }; + }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ zsh-syntax-highlighting ]; - - programs.zsh.interactiveShellInit = with pkgs; with builtins; '' - source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ zsh-syntax-highlighting ]; - ${optionalString (length(cfg.highlighters) > 0) - "ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})" - } + assertions = [ + { + assertion = length(attrNames cfg.patterns) > 0 -> elem "pattern" cfg.highlighters; + message = '' + When highlighting patterns, "pattern" needs to be included in the list of highlighters. + ''; + } + ]; - ${let - n = attrNames cfg.patterns; - in - optionalString (length(n) > 0) - (assert(elem "pattern" cfg.highlighters); (foldl ( - a: b: - '' - ${a} - ZSH_HIGHLIGHT_PATTERNS+=('${b}' '${attrByPath [b] "" cfg.patterns}') - '' - ) "") n) - } - ''; - }; - } + programs.zsh.interactiveShellInit = with pkgs; + lib.concatStringsSep "\n" ([ + "source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" + ] ++ optional (length(cfg.highlighters) > 0) + "ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})" + ++ optionals (length(attrNames cfg.patterns) > 0) + (mapAttrsToList ( + pattern: design: + "ZSH_HIGHLIGHT_PATTERNS+=('${pattern}' '${design}')" + ) cfg.patterns) + ); + }; +} diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index deff4067957a..b1b3f67a41d0 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -11,7 +11,11 @@ with lib; (mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]) (mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]) - (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ]) (mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ] diff --git a/nixos/modules/service-managers/docker.nix b/nixos/modules/service-managers/docker.nix deleted file mode 100644 index 8e9c763b18af..000000000000 --- a/nixos/modules/service-managers/docker.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.docker-containers; - - containerModule = { - script = mkOption { - type = types.lines; - description = "Shell commands executed as the service's main process."; - }; - }; - - toContainer = name: value: pkgs.dockerTools.buildImage { - inherit name; - config = { - Cmd = [ value.script ]; - }; - }; -in { - options.docker-containers = mkOption { - default = {}; - type = with types; attrsOf (types.submodule containerModule); - description = "Definition of docker containers"; - }; - - config.system.build.toplevel-docker = lib.mapAttrs toContainer cfg; -} diff --git a/nixos/modules/service-managers/trivial.nix b/nixos/modules/service-managers/trivial.nix deleted file mode 100644 index 77e615d1e2e2..000000000000 --- a/nixos/modules/service-managers/trivial.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.trivial-services; - - serviceModule.options = { - script = mkOption { - type = types.lines; - description = "Shell commands executed as the service's main process."; - }; - - environment = mkOption { - default = {}; - type = types.attrs; # FIXME - example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; - description = "Environment variables passed to the service's processes."; - }; - }; - - launcher = name: value: pkgs.writeScript name '' - #!${pkgs.stdenv.shell} -eu - - ${pkgs.writeScript "${name}-entry" value.script} - ''; -in { - options.trivial-services = mkOption { - default = {}; - type = with types; attrsOf (types.submodule serviceModule); - description = "Definition of trivial services"; - }; - - config.system.build.toplevel-trivial = lib.mapAttrs launcher cfg; -} diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index efa3b5b6bd76..beca820d2d60 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -189,6 +189,7 @@ in sshKey = "/root/.ssh/id_buildfarm"; system = "x86_64-linux"; maxJobs = 2; + speedFactor = 2; supportedFeatures = [ "kvm" ]; mandatoryFeatures = [ "perf" ]; } diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix index e37b486375bd..46221ace3084 100644 --- a/nixos/modules/services/misc/plex.nix +++ b/nixos/modules/services/misc/plex.nix @@ -137,7 +137,7 @@ in User = cfg.user; Group = cfg.group; PermissionsStartOnly = "true"; - ExecStart = "/bin/sh -c ${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server"; + ExecStart = "\"${cfg.package}/usr/lib/plexmediaserver/Plex Media Server\""; KillSignal = "SIGQUIT"; Restart = "on-failure"; }; diff --git a/nixos/modules/services/misc/pykms.nix b/nixos/modules/services/misc/pykms.nix new file mode 100644 index 000000000000..897e856e2a2d --- /dev/null +++ b/nixos/modules/services/misc/pykms.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.pykms; + + home = "/var/lib/pykms"; + + services = { + serviceConfig = { + Restart = "on-failure"; + RestartSec = "10s"; + StartLimitInterval = "1min"; + PrivateTmp = true; + ProtectSystem = "full"; + ProtectHome = true; + }; + }; + +in { + + options = { + services.pykms = rec { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the PyKMS service."; + }; + + listenAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "The IP address on which to listen."; + }; + + port = mkOption { + type = types.int; + default = 1688; + description = "The port on which to listen."; + }; + + verbose = mkOption { + type = types.bool; + default = false; + description = "Show verbose output."; + }; + + openFirewallPort = mkOption { + type = types.bool; + default = false; + description = "Whether the listening port should be opened automatically."; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ]; + + systemd.services = { + pykms = services // { + description = "Python KMS"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = with pkgs; { + User = "pykms"; + Group = "pykms"; + ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db"; + ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}"; + WorkingDirectory = home; + MemoryLimit = "64M"; + }; + }; + }; + + users = { + extraUsers.pykms = { + name = "pykms"; + group = "pykms"; + home = home; + createHome = true; + uid = config.ids.uids.pykms; + description = "PyKMS daemon user"; + }; + + extraGroups.pykms = { + gid = config.ids.gids.pykms; + }; + }; + }; +} diff --git a/nixos/modules/services/monitoring/prometheus/minio-exporter.nix b/nixos/modules/services/monitoring/prometheus/minio-exporter.nix new file mode 100644 index 000000000000..4314671523cf --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/minio-exporter.nix @@ -0,0 +1,117 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.prometheus.minioExporter; +in { + options = { + services.prometheus.minioExporter = { + enable = mkEnableOption "prometheus minio exporter"; + + port = mkOption { + type = types.int; + default = 9290; + description = '' + Port to listen on. + ''; + }; + + listenAddress = mkOption { + type = types.nullOr types.str; + default = null; + example = "0.0.0.0"; + description = '' + Address to listen on for web interface and telemetry. + ''; + }; + + minioAddress = mkOption { + type = types.str; + example = "https://10.0.0.1:9000"; + default = if config.services.minio.enable then "http://localhost:9000" else null; + description = '' + The URL of the minio server. + Use HTTPS if Minio accepts secure connections only. + By default this connects to the local minio server if enabled. + ''; + }; + + minioAccessKey = mkOption ({ + type = types.str; + example = "BKIKJAA5BMMU2RHO6IBB"; + description = '' + The value of the Minio access key. + It is required in order to connect to the server. + By default this uses the one from the local minio server if enabled + and <literal>config.services.minio.accessKey</literal>. + ''; + } // optionalAttrs (config.services.minio.enable && config.services.minio.accessKey != "") { + default = config.services.minio.accessKey; + }); + + minioAccessSecret = mkOption ({ + type = types.str; + description = '' + The calue of the Minio access secret. + It is required in order to connect to the server. + By default this uses the one from the local minio server if enabled + and <literal>config.services.minio.secretKey</literal>. + ''; + } // optionalAttrs (config.services.minio.enable && config.services.minio.secretKey != "") { + default = config.services.minio.secretKey; + }); + + minioBucketStats = mkOption { + type = types.bool; + default = false; + description = '' + Collect statistics about the buckets and files in buckets. + It requires more computation, use it carefully in case of large buckets.. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra commandline options when launching the minio exporter. + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + + systemd.services.prometheus-minio-exporter = { + description = "Prometheus exporter for Minio server metrics"; + unitConfig.Documentation = "https://github.com/joe-pll/minio-exporter"; + wantedBy = [ "multi-user.target" ]; + after = optional config.services.minio.enable "minio.service"; + serviceConfig = { + DynamicUser = true; + Restart = "always"; + PrivateTmp = true; + WorkingDirectory = /tmp; + ExecStart = '' + ${pkgs.prometheus-minio-exporter}/bin/minio-exporter \ + -web.listen-address ${optionalString (cfg.listenAddress != null) cfg.listenAddress}:${toString cfg.port} \ + -minio.server ${cfg.minioAddress} \ + -minio.access-key ${cfg.minioAccessKey} \ + -minio.access-secret ${cfg.minioAccessSecret} \ + ${optionalString cfg.minioBucketStats "-minio.bucket-stats"} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/network-filesystems/kbfs.nix b/nixos/modules/services/network-filesystems/kbfs.nix index cf1d7617cca6..7b2eea3b5850 100644 --- a/nixos/modules/services/network-filesystems/kbfs.nix +++ b/nixos/modules/services/network-filesystems/kbfs.nix @@ -55,8 +55,11 @@ in { Restart = "on-failure"; PrivateTmp = true; }; + wantedBy = [ "default.target" ]; }; services.keybase.enable = true; + + environment.systemPackages = [ pkgs.kbfs ]; }; } diff --git a/nixos/modules/services/network-filesystems/openafs-client/default.nix b/nixos/modules/services/network-filesystems/openafs-client/default.nix index 94f93162cfee..0946e379e796 100644 --- a/nixos/modules/services/network-filesystems/openafs-client/default.nix +++ b/nixos/modules/services/network-filesystems/openafs-client/default.nix @@ -93,7 +93,6 @@ in preStop = '' ${pkgs.utillinux}/bin/umount /afs ${openafsPkgs}/sbin/afsd -shutdown - ${pkgs.kmod}/sbin/rmmod libafs ''; }; }; diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index d0683b877801..546d27069232 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -115,10 +115,5 @@ in { wireless.enable = true; networkmanager.enable = false; }; - - powerManagement.resumeCommands = '' - systemctl restart connman - ''; - }; } diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index f782be97f6fa..379203cd1ab6 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -18,10 +18,13 @@ let '') ips} '') cfg.domainServers)} - # djbdns contains an outdated list of root servers; - # if one was not provided in config, provide a current list - if [ ! -e servers/@ ]; then - awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@ + # if a list of root servers was not provided in config, copy it + # over. (this is also done by dnscache-conf, but we 'rm -rf + # /var/lib/dnscache/root' below & replace it wholesale with this, + # so we have to ensure servers/@ exists ourselves.) + if [ ! -e $out/servers/@ ]; then + # symlink does not work here, due chroot + cp ${pkgs.djbdns}/etc/dnsroots.global $out/servers/@; fi ''; diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 68a814b23053..9bd88ca1707b 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -95,18 +95,18 @@ let ip46tables -N nixos-fw-log-refuse ${optionalString cfg.logRefusedConnections '' - ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "rejected connection: " + ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " ''} ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ - -j LOG --log-level info --log-prefix "rejected broadcast: " + -j LOG --log-level info --log-prefix "refused broadcast: " ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ - -j LOG --log-level info --log-prefix "rejected multicast: " + -j LOG --log-level info --log-prefix "refused multicast: " ''} ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse ${optionalString cfg.logRefusedPackets '' ip46tables -A nixos-fw-log-refuse \ - -j LOG --log-level info --log-prefix "rejected packet: " + -j LOG --log-level info --log-prefix "refused packet: " ''} ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index ca5c279ac6f0..7c7982ee8eac 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -28,11 +28,12 @@ in { description = "Keybase service"; serviceConfig = { ExecStart = '' - ${pkgs.keybase}/bin/keybase service + ${pkgs.keybase}/bin/keybase -d service --auto-forked ''; Restart = "on-failure"; PrivateTmp = true; }; + wantedBy = [ "default.target" ]; }; environment.systemPackages = [ pkgs.keybase ]; diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index f3a04d97c98e..bcce4accdd6e 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -105,7 +105,7 @@ in description = "Unbound recursive Domain Name Server"; after = [ "network.target" ]; before = [ "nss-lookup.target" ]; - wants = [" nss-lookup.target" ]; + wants = [ "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' diff --git a/nixos/modules/services/networking/znc.nix b/nixos/modules/services/networking/znc.nix index 3d9cec46a582..72313ab2ee14 100644 --- a/nixos/modules/services/networking/znc.nix +++ b/nixos/modules/services/networking/znc.nix @@ -329,7 +329,7 @@ in }; mutable = mkOption { - default = false; + default = true; type = types.bool; description = '' Indicates whether to allow the contents of the `dataDir` directory to be changed diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix index af4f9f41fd04..ac589be57736 100644 --- a/nixos/modules/services/scheduling/fcron.nix +++ b/nixos/modules/services/scheduling/fcron.nix @@ -137,10 +137,7 @@ in after = [ "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; - # FIXME use specific path - environment = { - PATH = "/run/current-system/sw/bin"; - }; + path = [ pkgs.fcron ]; preStart = '' install \ @@ -149,7 +146,7 @@ in --group fcron \ --directory /var/spool/fcron # load system crontab file - /run/wrappers/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab} + /run/wrappers/bin/fcrontab -u systab - < ${pkgs.writeText "systab" cfg.systab} ''; serviceConfig = { diff --git a/nixos/modules/services/security/hologram-server.nix b/nixos/modules/services/security/hologram-server.nix index 8315c9ea5d61..e267fed27955 100644 --- a/nixos/modules/services/security/hologram-server.nix +++ b/nixos/modules/services/security/hologram-server.nix @@ -23,8 +23,6 @@ let stats = cfg.statsAddress; listen = cfg.listenAddress; }); - - script = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}"; in { options = { services.hologram-server = { @@ -96,15 +94,9 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - inherit script; - }; - - docker-containers.hologram-server = { - inherit script; - }; - - trivial-services.hologram-server = { - inherit script; + serviceConfig = { + ExecStart = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}"; + }; }; }; } diff --git a/nixos/modules/services/security/sshguard.nix b/nixos/modules/services/security/sshguard.nix index 5a183443f71d..7f09e8893c4d 100644 --- a/nixos/modules/services/security/sshguard.nix +++ b/nixos/modules/services/security/sshguard.nix @@ -89,7 +89,7 @@ in { environment.systemPackages = [ pkgs.sshguard pkgs.iptables pkgs.ipset ]; - environment.etc."sshguard.conf".text = let + environment.etc."sshguard.conf".text = let list_services = ( name: "-t ${name} "); in '' BACKEND="${pkgs.sshguard}/libexec/sshg-fw-ipset" diff --git a/nixos/modules/services/web-apps/mattermost.nix b/nixos/modules/services/web-apps/mattermost.nix index bc88a808abc9..0b637e3991b4 100644 --- a/nixos/modules/services/web-apps/mattermost.nix +++ b/nixos/modules/services/web-apps/mattermost.nix @@ -184,10 +184,12 @@ in fi '' + lib.optionalString cfg.localDatabaseCreate '' if ! test -e "${cfg.statePath}/.db-created"; then - ${config.services.postgresql.package}/bin/psql postgres -c \ - "CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'" - ${config.services.postgresql.package}/bin/createdb \ - --owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName} + ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \ + ${config.services.postgresql.package}/bin/psql postgres -c \ + "CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'" + ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \ + ${config.services.postgresql.package}/bin/createdb \ + --owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName} touch ${cfg.statePath}/.db-created fi '' + '' diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index 45a65965112a..700b4469c565 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -15,7 +15,8 @@ let # Some modules are always imported and should not appear in the config: # disallowedModules = [ "mod_indexfile" "mod_dirlisting" "mod_staticfile" ]; # - # Get full module list: "ls -1 $lighttpd/lib/*.so" + # For full module list, see the output of running ./configure in the lighttpd + # source. allKnownModules = [ "mod_rewrite" "mod_redirect" @@ -38,12 +39,15 @@ let "mod_accesslog" # Remaining list of modules, order assumed to be unimportant. "mod_authn_file" + "mod_authn_gssapi" + "mod_authn_ldap" "mod_authn_mysql" "mod_cml" "mod_deflate" "mod_evasive" "mod_extforward" "mod_flv_streaming" + "mod_geoip" "mod_magnet" "mod_mysql_vhost" "mod_scgi" diff --git a/nixos/modules/services/x11/compton.nix b/nixos/modules/services/x11/compton.nix index 56bc66b71796..42ceeb819806 100644 --- a/nixos/modules/services/x11/compton.nix +++ b/nixos/modules/services/x11/compton.nix @@ -7,7 +7,12 @@ let cfg = config.services.compton; - configFile = pkgs.writeText "compton.conf" + configFile = let + opacityRules = optionalString (length cfg.opacityRules != 0) + (concatStringsSep "\n" + (map (a: "opacity-rule = [ \"${a}\" ];") cfg.opacityRules) + ); + in pkgs.writeText "compton.conf" (optionalString cfg.fade '' # fading fading = true; @@ -30,7 +35,9 @@ let active-opacity = ${cfg.activeOpacity}; inactive-opacity = ${cfg.inactiveOpacity}; menu-opacity = ${cfg.menuOpacity}; - + + ${opacityRules} + # other options backend = ${toJSON cfg.backend}; vsync = ${toJSON cfg.vSync}; @@ -155,6 +162,14 @@ in { ''; }; + opacityRules = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Opacity rules to be handled by compton. + ''; + }; + backend = mkOption { type = types.str; default = "glx"; diff --git a/nixos/modules/services/x11/desktop-managers/mate.nix b/nixos/modules/services/x11/desktop-managers/mate.nix index 7a95ac6549d8..ab8a0a48b483 100644 --- a/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixos/modules/services/x11/desktop-managers/mate.nix @@ -72,6 +72,7 @@ in ]; services.gnome3.gnome-keyring.enable = true; + services.upower.enable = config.powerManagement.enable; environment.pathsToLink = [ "/share" ]; }; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index f099117f4777..d7e72c4a7aec 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -142,7 +142,8 @@ in kde-gtk-config breeze-gtk - phonon-backend-gstreamer + libsForQt56.phonon-backend-gstreamer + libsForQt5.phonon-backend-gstreamer ] ++ lib.optionals cfg.enableQt4Support [ breeze-qt4 pkgs.phonon-backend-gstreamer ] diff --git a/nixos/modules/services/x11/hardware/libinput.nix b/nixos/modules/services/x11/hardware/libinput.nix index d75c785270b3..44555cb6e2a9 100644 --- a/nixos/modules/services/x11/hardware/libinput.nix +++ b/nixos/modules/services/x11/hardware/libinput.nix @@ -75,12 +75,13 @@ in { default = null; description = '' - Enables a click method. Permitted values are none, buttonareas, clickfinger. + Enables a click method. Permitted values are <literal>none</literal>, + <literal>buttonareas</literal>, <literal>clickfinger</literal>. Not all devices support all methods, if an option is unsupported, - the default click method for this device is used. + the default click method for this device is used. ''; }; - + leftHanded = mkOption { type = types.bool; default = false; @@ -96,7 +97,7 @@ in { simultaneously produces a middle mouse button click. ''; }; - + naturalScrolling = mkOption { type = types.bool; default = false; @@ -120,7 +121,8 @@ in { example = "edge"; description = '' - Specify the scrolling method. + Specify the scrolling method: <literal>twofinger</literal>, <literal>edge</literal>, + or <literal>none</literal> ''; }; @@ -141,7 +143,8 @@ in { example = "disabled"; description = '' - Sets the send events mode to disabled, enabled, or "disable when an external mouse is connected". + Sets the send events mode to <literal>disabled</literal>, <literal>enabled</literal>, + or <literal>disabled-on-external-mouse</literal> ''; }; diff --git a/nixos/modules/services/x11/xautolock.nix b/nixos/modules/services/x11/xautolock.nix index 60ce9e6ed5c0..28fc92024bcb 100644 --- a/nixos/modules/services/x11/xautolock.nix +++ b/nixos/modules/services/x11/xautolock.nix @@ -31,7 +31,17 @@ in type = types.string; description = '' - The script to use when locking the computer. + The script to use when automatically locking the computer. + ''; + }; + + nowlocker = mkOption { + default = null; + example = "i3lock -i /path/to/img"; + type = types.nullOr types.string; + + description = '' + The script to use when manually locking the computer with <command>xautolock -locknow</command>. ''; }; @@ -45,28 +55,82 @@ in }; notifier = mkOption { - default = "notify-send 'Locking in 10 seconds'"; - type = types.string; + default = null; + example = literalExample '' + "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\"" + ''; + type = types.nullOr types.string; description = '' Notification script to be used to warn about the pending autolock. ''; }; + + killer = mkOption { + default = null; # default according to `man xautolock` is none + example = "systemctl suspend"; + type = types.nullOr types.string; + + description = '' + The script to use when nothing has happend for as long as <option>killtime</option> + ''; + }; + + killtime = mkOption { + default = 20; # default according to `man xautolock` + type = types.int; + + description = '' + Minutes xautolock waits until it executes the script specified in <option>killer</option> + (Has to be at least 10 minutes) + ''; + }; + + extraOptions = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "-detectsleep" ]; + description = '' + Additional command-line arguments to pass to + <command>xautolock</command>. + ''; + }; }; }; config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ xautolock ]; - - services.xserver.displayManager.sessionCommands = with builtins; with pkgs; '' - ${xautolock}/bin/xautolock \ - ${concatStringsSep " \\\n" ([ - "-time ${toString(cfg.time)}" - "-locker ${cfg.locker}" - ] ++ optional cfg.enableNotifier (concatStringsSep " " [ - "-notify ${toString(cfg.notify)}" - "-notifier \"${cfg.notifier}\"" - ]))} & - ''; + systemd.user.services.xautolock = { + description = "xautolock service"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = with lib; { + ExecStart = strings.concatStringsSep " " ([ + "${pkgs.xautolock}/bin/xautolock" + "-noclose" + "-time ${toString cfg.time}" + "-locker '${cfg.locker}'" + ] ++ optionals cfg.enableNotifier [ + "-notify ${toString cfg.notify}" + "-notifier '${cfg.notifier}'" + ] ++ optionals (cfg.nowlocker != null) [ + "-nowlocker '${cfg.nowlocker}'" + ] ++ optionals (cfg.killer != null) [ + "-killer '${cfg.killer}'" + "-killtime ${toString cfg.killtime}" + ] ++ cfg.extraOptions); + Restart = "always"; + }; + }; + assertions = [ + { + assertion = cfg.enableNotifier -> cfg.notifier != null; + message = "When enabling the notifier for xautolock, you also need to specify the notify script"; + } + { + assertion = cfg.killer != null -> cfg.killtime >= 10; + message = "killtime has to be at least 10 minutes according to `man xautolock`"; + } + ]; }; } diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index cf70a891c0ca..4db9631743e3 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -193,11 +193,6 @@ in "sd_mod" "sr_mod" - # Standard IDE stuff. - "ide_cd" - "ide_disk" - "ide_generic" - # SD cards and internal eMMC drives. "mmc_block" @@ -211,21 +206,11 @@ in "xhci_hcd" "xhci_pci" "usbhid" - "hid_generic" "hid_lenovo" - "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat" + "hid_generic" "hid_lenovo" "hid_apple" "hid_roccat" # Misc. keyboard stuff. "pcips2" "atkbd" "i8042" - # Temporary fix for https://github.com/NixOS/nixpkgs/issues/18451 - # Remove as soon as upstream gets fixed - marking it: - # TODO - # FIXME - "i8042" - - # To wait for SCSI devices to appear. - "scsi_wait_scan" - # Needed by the stage 2 init script. "rtc_cmos" ]; diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index 82b5bcda9217..cc03e54ead63 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -197,7 +197,7 @@ sub GrubFs { if ($status != 0) { die "Failed to retrieve subvolume info for @{[$fs->mount]}\n"; } - my @ids = join("", @id_info) =~ m/Subvolume ID:[ \t\n]*([^ \t\n]*)/; + my @ids = join("\n", @id_info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s; if ($#ids > 0) { die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n" } elsif ($#ids == 0) { diff --git a/nixos/modules/tasks/filesystems/ext.nix b/nixos/modules/tasks/filesystems/ext.nix index cc9d0ef37d59..3a8999c242bd 100644 --- a/nixos/modules/tasks/filesystems/ext.nix +++ b/nixos/modules/tasks/filesystems/ext.nix @@ -5,7 +5,8 @@ system.fsPackages = [ pkgs.e2fsprogs ]; - boot.initrd.availableKernelModules = [ "ext2" "ext3" "ext4" ]; + # As of kernel 4.3, there is no separate ext3 driver (they're also handled by ext4.ko) + boot.initrd.availableKernelModules = [ "ext2" "ext4" ]; boot.initrd.extraUtilsCommands = '' diff --git a/nixos/modules/tasks/powertop.nix b/nixos/modules/tasks/powertop.nix index 0ec4974789b4..609831506e16 100644 --- a/nixos/modules/tasks/powertop.nix +++ b/nixos/modules/tasks/powertop.nix @@ -16,6 +16,7 @@ in { powertop = { wantedBy = [ "multi-user.target" ]; description = "Powertop tunings"; + path = [ pkgs.kmod ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; diff --git a/nixos/modules/virtualisation/brightbox-image.nix b/nixos/modules/virtualisation/brightbox-image.nix index 7f45f0f34f71..08bbcfd9d7c2 100644 --- a/nixos/modules/virtualisation/brightbox-image.nix +++ b/nixos/modules/virtualisation/brightbox-image.nix @@ -33,9 +33,9 @@ in } '' # Create partition table - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize} - ${pkgs.parted}/sbin/parted /dev/vda print + ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted --script /dev/vda mkpart primary ext4 1 ${diskSize} + ${pkgs.parted}/sbin/parted --script /dev/vda print . /sys/class/block/vda1/uevent mknod /dev/vda1 b $MAJOR $MINOR diff --git a/nixos/release.nix b/nixos/release.nix index ee706ff986d4..4060e5df4ec1 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -303,6 +303,7 @@ in rec { #tests.panamax = hydraJob (import tests/panamax.nix { system = "x86_64-linux"; }); tests.peerflix = callTest tests/peerflix.nix {}; tests.postgresql = callSubTests tests/postgresql.nix {}; + tests.postgis = callTest tests/postgis.nix {}; #tests.pgjwt = callTest tests/pgjwt.nix {}; tests.printing = callTest tests/printing.nix {}; tests.proxy = callTest tests/proxy.nix {}; diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index c1dae2a34fa3..da9582deec1d 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -260,9 +260,9 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary linux-swap 1M 1024M", - "parted /dev/vda -- mkpart primary ext2 1024M -1s", + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", + "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", "swapon -L swap", @@ -277,11 +277,11 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel gpt", - "parted -s /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot - "parted -s /dev/vda -- set 1 boot on", - "parted -s /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", - "parted -s /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / + "parted --script /dev/vda mklabel gpt", + "parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot + "parted --script /dev/vda -- set 1 boot on", + "parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", + "parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -300,10 +300,10 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted /dev/vda -- mkpart primary linux-swap 50MB 1024M", - "parted /dev/vda -- mkpart primary ext2 1024M -1s", # / + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", + "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -321,10 +321,10 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted /dev/vda -- mkpart primary linux-swap 50MB 1024M", - "parted /dev/vda -- mkpart primary ext2 1024M -1s", # / + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", + "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -357,9 +357,9 @@ in { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary linux-swap 1M 1024M", - "parted /dev/vda -- mkpart primary 1024M -1s", + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", + "parted --script /dev/vda -- mkpart primary 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", @@ -380,11 +380,11 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary 1M 2048M", # PV1 - "parted /dev/vda -- set 1 lvm on", - "parted /dev/vda -- mkpart primary 2048M -1s", # PV2 - "parted /dev/vda -- set 2 lvm on", + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary 1M 2048M", # PV1 + "parted --script /dev/vda -- set 1 lvm on", + "parted --script /dev/vda -- mkpart primary 2048M -1s", # PV2 + "parted --script /dev/vda -- set 2 lvm on", "udevadm settle", "pvcreate /dev/vda1 /dev/vda2", "vgcreate MyVolGroup /dev/vda1 /dev/vda2", @@ -402,10 +402,10 @@ in { luksroot = makeInstallerTest "luksroot" { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted /dev/vda -- mkpart primary linux-swap 50M 1024M", - "parted /dev/vda -- mkpart primary 1024M -1s", # LUKS + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M", + "parted --script /dev/vda -- mkpart primary 1024M -1s", # LUKS "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -434,7 +434,7 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda --" + "parted --script /dev/vda --" . " mklabel msdos" . " mkpart primary ext2 1M 100MB" # /boot . " mkpart extended 100M -1s" @@ -469,9 +469,9 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/sda mklabel msdos", - "parted /dev/sda -- mkpart primary linux-swap 1M 1024M", - "parted /dev/sda -- mkpart primary ext2 1024M -1s", + "parted --script /dev/sda mklabel msdos", + "parted --script /dev/sda -- mkpart primary linux-swap 1M 1024M", + "parted --script /dev/sda -- mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/sda1 -L swap", "swapon -L swap", diff --git a/nixos/tests/minio.nix b/nixos/tests/minio.nix index a349265b2f57..07a292a9baa5 100644 --- a/nixos/tests/minio.nix +++ b/nixos/tests/minio.nix @@ -12,6 +12,9 @@ import ./make-test.nix ({ pkgs, ...} : { secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12"; }; environment.systemPackages = [ pkgs.minio-client ]; + + # Minio requires at least 1GiB of free disk space to run. + virtualisation.diskSize = 4 * 1024; }; }; @@ -20,7 +23,6 @@ import ./make-test.nix ({ pkgs, ...} : { startAll; $machine->waitForUnit("minio.service"); $machine->waitForOpenPort(9000); - $machine->succeed("curl --fail http://localhost:9000/minio/index.html"); # Create a test bucket on the server $machine->succeed("mc config host add minio http://localhost:9000 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4"); diff --git a/nixos/tests/postgis.nix b/nixos/tests/postgis.nix index 1dba5c363c09..f6ce3fe38ed3 100644 --- a/nixos/tests/postgis.nix +++ b/nixos/tests/postgis.nix @@ -9,15 +9,11 @@ import ./make-test.nix ({ pkgs, ...} : { { pkgs, config, ... }: { - services.postgresql = let mypg = pkgs.postgresql95; in { + services.postgresql = let mypg = pkgs.postgresql100; in { enable = true; package = mypg; - extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_2_1 ]; - initialScript = pkgs.writeText "postgresql-init.sql" - '' - CREATE ROLE postgres WITH superuser login createdb; - ''; - }; + extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_4_0 ]; + }; }; }; diff --git a/nixos/tests/run-in-machine.nix b/nixos/tests/run-in-machine.nix index d1102f8d4073..a6dfece44a92 100644 --- a/nixos/tests/run-in-machine.nix +++ b/nixos/tests/run-in-machine.nix @@ -2,7 +2,16 @@ with import ../lib/testing.nix { inherit system; }; -runInMachine { - drv = pkgs.hello; - machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ }; -} +let + output = runInMachine { + drv = pkgs.hello; + machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ }; + }; +in pkgs.runCommand "verify-output" { inherit output; } '' + if [ ! -e "$output/bin/hello" ]; then + echo "Derivation built using runInMachine produced incorrect output:" >&2 + ls -laR "$output" >&2 + exit 1 + fi + "$output/bin/hello" > "$out" +'' diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index a1ab7614871a..c519d7dae8be 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -107,8 +107,8 @@ let buildInputs = [ pkgs.utillinux pkgs.perl ]; } '' - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s . /sys/class/block/vda1/uevent mknod /dev/vda1 b $MAJOR $MINOR |