diff options
Diffstat (limited to 'nixos')
155 files changed, 1081 insertions, 783 deletions
diff --git a/nixos/doc/manual/configuration/profiles/clone-config.xml b/nixos/doc/manual/configuration/profiles/clone-config.xml index 234835845e2d..04fa1643d0fd 100644 --- a/nixos/doc/manual/configuration/profiles/clone-config.xml +++ b/nixos/doc/manual/configuration/profiles/clone-config.xml @@ -11,4 +11,11 @@ creating the image in the first place. As a result it allows users to edit and rebuild the live-system. </para> + + <para> + On images where the installation media also becomes an installation target, + copying over <literal>configuration.nix</literal> should be disabled by + setting <literal>installer.cloneConfig</literal> to <literal>false</literal>. + For example, this is done in <literal>sd-image-aarch64.nix</literal>. + </para> </section> diff --git a/nixos/doc/manual/configuration/profiles/installation-device.xml b/nixos/doc/manual/configuration/profiles/installation-device.xml index 3dcdf403d89d..192ae955b689 100644 --- a/nixos/doc/manual/configuration/profiles/installation-device.xml +++ b/nixos/doc/manual/configuration/profiles/installation-device.xml @@ -6,33 +6,31 @@ <title>Installation Device</title> <para> - Provides a basic configuration for installation devices like CDs. This means - enabling hardware scans, using the <link linkend="sec-profile-clone-config"> - Clone Config profile</link> to guarantee - <filename>/etc/nixos/configuration.nix</filename> exists (for - <command>nixos-rebuild</command> to work), a copy of the Nixpkgs channel - snapshot used to create the install media. + Provides a basic configuration for installation devices like CDs. + This enables redistributable firmware, includes the + <link linkend="sec-profile-clone-config">Clone Config profile</link> + and a copy of the Nixpkgs channel, so <command>nixos-install</command> + works out of the box. </para> - <para> - Additionally, documentation for <link linkend="opt-documentation.enable"> - Nixpkgs</link> and <link linkend="opt-documentation.nixos.enable">NixOS - </link> are forcefully enabled (to override the + Documentation for <link linkend="opt-documentation.enable">Nixpkgs</link> + and <link linkend="opt-documentation.nixos.enable">NixOS</link> are + forcefully enabled (to override the <link linkend="sec-profile-minimal">Minimal profile</link> preference); the - NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled. - Autologin is enabled as root. + NixOS manual is shown automatically on TTY 8, udisks is disabled. + Autologin is enabled as <literal>nixos</literal> user, while passwordless + login as both <literal>root</literal> and <literal>nixos</literal> is possible. + Passwordless <command>sudo</command> is enabled too. + <link linkend="opt-networking.wireless.enable">wpa_supplicant</link> is + enabled, but configured to not autostart. </para> - <para> - A message is shown to the user to start a display manager if needed, ssh with - <xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but - doesn't autostart). WPA Supplicant is also enabled without autostart. + It is explained how to login, start the ssh server, and if available, + how to start the display manager. </para> <para> - Finally, vim is installed, root is set to not have a password, the kernel is - made more silent for remote public IP installs, and several settings are - tweaked so that the installer has a better chance of succeeding under - low-memory environments. + Several settings are tweaked so that the installer has a better chance of + succeeding under low-memory environments. </para> </section> diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 166be1f1c28e..11c13b8d942b 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -57,6 +57,64 @@ and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading. </para> </listitem> + <listitem> + <para> + The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages + like games. + <itemizedlist> + <para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para> + <listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem> + </itemizedlist> + With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually + disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications. + <option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option> + in the GNOME 3 module. + </para> + </listitem> + <listitem> + <para> + Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications + to match as close as possible to a default reference GNOME 3 experience. + </para> + + <bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead> + + <itemizedlist> + <title>Applications removed from defaults:</title> + <listitem><para><literal>accerciser</literal></para></listitem> + <listitem><para><literal>dconf-editor</literal></para></listitem> + <listitem><para><literal>evolution</literal></para></listitem> + <listitem><para><literal>gnome-documents</literal></para></listitem> + <listitem><para><literal>gnome-nettool</literal></para></listitem> + <listitem><para><literal>gnome-power-manager</literal></para></listitem> + <listitem><para><literal>gnome-todo</literal></para></listitem> + <listitem><para><literal>gnome-tweaks</literal></para></listitem> + <listitem><para><literal>gnome-usage</literal></para></listitem> + <listitem><para><literal>gucharmap</literal></para></listitem> + <listitem><para><literal>nautilus-sendto</literal></para></listitem> + <listitem><para><literal>vinagre</literal></para></listitem> + </itemizedlist> + <itemizedlist> + <title>Applications added to defaults:</title> + <listitem><para><literal>cheese</literal></para></listitem> + <listitem><para><literal>geary</literal></para></listitem> + </itemizedlist> + + <bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead> + + <itemizedlist> + <title>Applications added to defaults:</title> + <listitem><para><literal>gnome-color-manager</literal></para></listitem> + <listitem><para><literal>orca</literal></para></listitem> + </itemizedlist> + <itemizedlist> + <title>Services enabled:</title> + <listitem><para><option>services.avahi.enable</option></para></listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> @@ -338,10 +396,23 @@ For nginx, the dependencies are still automatically managed when <option>services.nginx.virtualhosts.<name>.enableACME</option> is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all <literal>acme-certificates.target</literal>. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal - ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at + ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at <link xlink:href="https://github.com/NixOS/nixpkgs/issues/60180">NixOS/nixpkgs#60180</link>. </para> </listitem> + <listitem> + <para> + The old deprecated <literal>emacs</literal> package sets have been dropped. + What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>. + </para> + </listitem> + <listitem> + <para> + <option>services.xserver.desktopManager.xterm</option> is now disabled by default. + It was not useful except for debugging purposes and was confusingly set as default in some circumstances. + </para> + </listitem> + </itemizedlist> </section> @@ -540,8 +611,8 @@ </para> </listitem> </itemizedlist> - - This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>. + This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>, + and restricts the SysRq key combinations to the sync command only. These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>, and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link> (which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>). @@ -557,27 +628,78 @@ <option>boot.kernel.sysctl."kernel.core_pattern"</option> to <literal>"core"</literal>. </para> </listitem> - <listitem> - <para> - <literal>systemd.packages</literal> option now also supports generators and - shutdown scripts. Old <literal>systemd.generator-packages</literal> option has - been removed. - </para> - </listitem> - <listitem> - <para> - The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer. - Use <literal>rspamd</literal> in proxy mode instead. - </para> - </listitem> - <listitem> - <para> - systemd cgroup accounting via the - <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link> - option is now enabled by default. It now also enables the more recent Block IO and IP accounting - features. - </para> - </listitem> + <listitem> + <para> + <literal>systemd.packages</literal> option now also supports generators and + shutdown scripts. Old <literal>systemd.generator-packages</literal> option has + been removed. + </para> + </listitem> + <listitem> + <para> + The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer. + Use <literal>rspamd</literal> in proxy mode instead. + </para> + </listitem> + <listitem> + <para> + systemd cgroup accounting via the + <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link> + option is now enabled by default. It now also enables the more recent Block IO and IP accounting + features. + </para> + </listitem> + <listitem> + <para> + We no longer enable custom font rendering settings with <option>fonts.fontconfig.penultimate.enable</option> by default. + The defaults from fontconfig are sufficient. + </para> + </listitem> + <listitem> + <para> + The <literal>crashplan</literal> package and the + <literal>crashplan</literal> service have been removed from nixpkgs due to + crashplan shutting down the service, while the <literal>crashplansb</literal> + package and <literal>crashplan-small-business</literal> service have been + removed from nixpkgs due to lack of maintainer. + </para> + <para> + The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user, + <filename class="directory">/run/redis</filename> as runtime directory and + <filename class="directory">/var/lib/redis</filename> as state directory. + Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP), + because this features causes major performance problems for Redis, + e.g. (https://redis.io/topics/latency). + </para> + </listitem> + <listitem> + <para> + Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>. + <itemizedlist> + <para>Users of the following options will have this enabled by default:</para> + <listitem> + <para><option>services.xserver.enable</option></para> + </listitem> + <listitem> + <para><option>programs.sway.enable</option></para> + </listitem> + <listitem> + <para><option>programs.way-cooler.enable</option></para> + </listitem> + <listitem> + <para><option>services.xrdp.enable</option></para> + </listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + The <literal>altcoins</literal> categorization of packages has + been removed. You now access these packages at the top level, + ie. <literal>nix-shell -p dogecoin</literal> instead of + <literal>nix-shell -p altcoins.dogecoin</literal>, etc. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/config/fonts/fontconfig-penultimate.nix b/nixos/modules/config/fonts/fontconfig-penultimate.nix index 24ed9c97668b..7100f10dcfc8 100644 --- a/nixos/modules/config/fonts/fontconfig-penultimate.nix +++ b/nixos/modules/config/fonts/fontconfig-penultimate.nix @@ -269,7 +269,7 @@ in penultimate = { enable = mkOption { type = types.bool; - default = true; + default = false; description = '' Enable fontconfig-penultimate settings to supplement the NixOS defaults by providing per-font rendering defaults and diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index fe0b88cf4c26..bcb86f11ead7 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -116,7 +116,7 @@ let defaultFontsConf = let genDefault = fonts: name: optionalString (fonts != []) '' - <alias> + <alias binding="same"> <family>${name}</family> <prefer> ${concatStringsSep "" @@ -139,6 +139,8 @@ let ${genDefault cfg.defaultFonts.monospace "monospace"} + ${genDefault cfg.defaultFonts.emoji "emoji"} + </fontconfig> ''; @@ -344,6 +346,21 @@ in in case multiple languages must be supported. ''; }; + + emoji = mkOption { + type = types.listOf types.str; + default = ["Noto Color Emoji"]; + description = '' + System-wide default emoji font(s). Multiple fonts may be listed + in case a font does not support all emoji. + + Note that fontconfig matches color emoji fonts preferentially, + so if you want to use a black and white font while having + a color font installed (eg. Noto Color Emoji installed alongside + Noto Emoji), fontconfig will still choose the color font even + when it is later in the list. + ''; + }; }; hinting = { diff --git a/nixos/modules/config/fonts/fonts.nix b/nixos/modules/config/fonts/fonts.nix index 0dd01df9da74..abb806b601a7 100644 --- a/nixos/modules/config/fonts/fonts.nix +++ b/nixos/modules/config/fonts/fonts.nix @@ -43,6 +43,7 @@ with lib; pkgs.xorg.fontmiscmisc pkgs.xorg.fontcursormisc pkgs.unifont + pkgs.noto-fonts-emoji ]; }; diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 25f1c67ce830..c91eb0ebb876 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -181,7 +181,7 @@ let }; hashedPassword = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the hashed password for the user. @@ -191,7 +191,7 @@ let }; password = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the (clear text) password for the user. @@ -203,7 +203,7 @@ let }; passwordFile = mkOption { - type = with types; uniq (nullOr string); + type = with types; nullOr str; default = null; description = '' The full path to a file that contains the user's password. The password @@ -215,7 +215,7 @@ let }; initialHashedPassword = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the initial hashed password for the user, i.e. the @@ -230,7 +230,7 @@ let }; initialPassword = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the initial password for the user, i.e. the @@ -304,7 +304,7 @@ let }; members = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = []; description = '' The user names of the group members, added to the diff --git a/nixos/modules/hardware/raid/hpsa.nix b/nixos/modules/hardware/raid/hpsa.nix index 3a65cb800a98..4d7af138292c 100644 --- a/nixos/modules/hardware/raid/hpsa.nix +++ b/nixos/modules/hardware/raid/hpsa.nix @@ -4,11 +4,11 @@ with lib; let hpssacli = pkgs.stdenv.mkDerivation rec { - name = "hpssacli-${version}"; + pname = "hpssacli"; version = "2.40-13.0"; src = pkgs.fetchurl { - url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb"; + url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${pname}-${version}_amd64.deb"; sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw"; }; diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index da3c8ee5a9fa..3ab2afc97407 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -88,7 +88,7 @@ in }; hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = ""; example = "PCI:1:0:0"; description = '' @@ -98,7 +98,7 @@ in }; hardware.nvidia.optimus_prime.intelBusId = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = ""; example = "PCI:0:2:0"; description = '' diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix index a9241870fa71..2d34406a0320 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix @@ -59,4 +59,8 @@ in ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; } diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix index dab092415316..651d1a36dc11 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix @@ -56,4 +56,8 @@ in ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; } diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix index 8c9090471dcd..2a131d9ce980 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix @@ -45,4 +45,8 @@ in ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; } diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 7f355a132496..0a0150441554 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -54,7 +54,7 @@ in }; firmwarePartitionID = mkOption { - type = types.string; + type = types.str; default = "0x2178694e"; description = '' Volume ID for the /boot/firmware partition on the SD card. This value @@ -63,7 +63,7 @@ in }; rootPartitionUUID = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7"; description = '' diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index efd8544d6a21..ac6af1ce8b77 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -340,7 +340,7 @@ cockroachdb = 313; zoneminder = 314; paperless = 315; - mailman = 316; + #mailman = 316; # removed 2019-08-30 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -641,7 +641,7 @@ cockroachdb = 313; zoneminder = 314; paperless = 315; - mailman = 316; + #mailman = 316; # removed 2019-08-30 # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 75df6c8d453c..4bc37ed3f171 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -138,6 +138,7 @@ ./programs/qt5ct.nix ./programs/screen.nix ./programs/sedutil.nix + ./programs/seahorse.nix ./programs/slock.nix ./programs/shadow.nix ./programs/shell.nix @@ -152,12 +153,14 @@ ./programs/tmux.nix ./programs/tsm-client.nix ./programs/udevil.nix + ./programs/usbtop.nix ./programs/venus.nix ./programs/vim.nix ./programs/wavemon.nix ./programs/way-cooler.nix ./programs/waybar.nix ./programs/wireshark.nix + ./programs/x2goserver.nix ./programs/xfs_quota.nix ./programs/xonsh.nix ./programs/xss-lock.nix @@ -214,8 +217,6 @@ ./services/backup/bacula.nix ./services/backup/borgbackup.nix ./services/backup/duplicati.nix - ./services/backup/crashplan.nix - ./services/backup/crashplan-small-business.nix ./services/backup/duplicity.nix ./services/backup/mysql-backup.nix ./services/backup/postgresql-backup.nix @@ -301,7 +302,6 @@ ./services/desktops/gnome3/gnome-settings-daemon.nix ./services/desktops/gnome3/gnome-user-share.nix ./services/desktops/gnome3/rygel.nix - ./services/desktops/gnome3/seahorse.nix ./services/desktops/gnome3/sushi.nix ./services/desktops/gnome3/tracker.nix ./services/desktops/gnome3/tracker-miners.nix @@ -376,6 +376,7 @@ ./services/mail/mail.nix ./services/mail/mailcatcher.nix ./services/mail/mailhog.nix + ./services/mail/mailman.nix ./services/mail/mlmmj.nix ./services/mail/offlineimap.nix ./services/mail/opendkim.nix diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 1a6e06995603..fd30220ce1c9 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -55,13 +55,16 @@ with lib; services.mingetty.autologinUser = "nixos"; # Some more help text. - services.mingetty.helpLine = - '' - - The "nixos" and "root" account have empty passwords. ${ - optionalString config.services.xserver.enable - "Type `sudo systemctl start display-manager' to\nstart the graphical user interface."} - ''; + services.mingetty.helpLine = '' + The "nixos" and "root" accounts have empty passwords. + + Type `sudo systemctl start sshd` to start the SSH daemon. + You then must set a password for either "root" or "nixos" + with `passwd` to be able to login. + '' + optionalString config.services.xserver.enable '' + Type `sudo systemctl start display-manager' to + start the graphical user interface. + ''; # Allow sshd to be started manually through "systemctl start sshd". services.openssh = { diff --git a/nixos/modules/programs/seahorse.nix b/nixos/modules/programs/seahorse.nix new file mode 100644 index 000000000000..c08b0a85374c --- /dev/null +++ b/nixos/modules/programs/seahorse.nix @@ -0,0 +1,44 @@ +# Seahorse. + +{ config, pkgs, lib, ... }: + +with lib; + +{ + + # Added 2019-08-27 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "seahorse" "enable" ] + [ "programs" "seahorse" "enable" ]) + ]; + + + ###### interface + + options = { + + programs.seahorse = { + + enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring"; + + }; + + }; + + + ###### implementation + + config = mkIf config.programs.seahorse.enable { + + environment.systemPackages = [ + pkgs.gnome3.seahorse + ]; + + services.dbus.packages = [ + pkgs.gnome3.seahorse + ]; + + }; + +} diff --git a/nixos/modules/programs/thefuck.nix b/nixos/modules/programs/thefuck.nix index 21ed6603c1bd..b909916158d3 100644 --- a/nixos/modules/programs/thefuck.nix +++ b/nixos/modules/programs/thefuck.nix @@ -17,7 +17,7 @@ in alias = mkOption { default = "fuck"; - type = types.string; + type = types.str; description = '' `thefuck` needs an alias to be configured. diff --git a/nixos/modules/programs/usbtop.nix b/nixos/modules/programs/usbtop.nix new file mode 100644 index 000000000000..c1b6ee38caa1 --- /dev/null +++ b/nixos/modules/programs/usbtop.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs.usbtop; +in { + options = { + programs.usbtop.enable = mkEnableOption "usbtop and required kernel module"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + usbtop + ]; + + boot.kernelModules = [ + "usbmon" + ]; + }; +} diff --git a/nixos/modules/programs/x2goserver.nix b/nixos/modules/programs/x2goserver.nix new file mode 100644 index 000000000000..d9e7b6e4a5c0 --- /dev/null +++ b/nixos/modules/programs/x2goserver.nix @@ -0,0 +1,148 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.x2goserver; + + defaults = { + superenicer = { "enable" = cfg.superenicer.enable; }; + }; + confText = generators.toINI {} (recursiveUpdate defaults cfg.settings); + x2goServerConf = pkgs.writeText "x2goserver.conf" confText; + + x2goAgentOptions = pkgs.writeText "x2goagent.options" '' + X2GO_NXOPTIONS="" + X2GO_NXAGENT_DEFAULT_OPTIONS="${concatStringsSep " " cfg.nxagentDefaultOptions}" + ''; + +in { + options.programs.x2goserver = { + enable = mkEnableOption "x2goserver" // { + description = '' + Enables the x2goserver module. + NOTE: This will create a good amount of symlinks in `/usr/local/bin` + ''; + }; + + superenicer = { + enable = mkEnableOption "superenicer" // { + description = '' + Enables the SupeReNicer code in x2gocleansessions, this will renice + suspended sessions to nice level 19 and renice them to level 0 if the + session becomes marked as running again + ''; + }; + }; + + nxagentDefaultOptions = mkOption { + type = types.listOf types.str; + default = [ "-extension GLX" "-nolisten tcp" ]; + example = [ "-extension GLX" "-nolisten tcp" ]; + description = '' + List of default nx agent options. + ''; + }; + + settings = mkOption { + type = types.attrsOf types.attrs; + default = {}; + description = '' + x2goserver.conf ini configuration as nix attributes. See + `x2goserver.conf(5)` for details + ''; + example = literalExample '' + superenicer = { + "enable" = "yes"; + "idle-nice-level" = 19; + }; + telekinesis = { "enable" = "no"; }; + ''; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.x2goserver ]; + + users.groups.x2go = {}; + users.users.x2go = { + home = "/var/lib/x2go/db"; + group = "x2go"; + }; + + security.wrappers.x2gosqliteWrapper = { + source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl"; + owner = "x2go"; + group = "x2go"; + setgid = true; + }; + security.wrappers.x2goprintWrapper = { + source = "${pkgs.x2goserver}/bin/x2goprint"; + owner = "x2go"; + group = "x2go"; + setgid = true; + }; + + systemd.tmpfiles.rules = with pkgs; [ + "d /var/lib/x2go/ - x2go x2go - -" + "d /var/lib/x2go/db - x2go x2go - -" + "d /var/lib/x2go/conf - x2go x2go - -" + "d /run/x2go 0755 x2go x2go - -" + ] ++ + # x2goclient sends SSH commands with preset PATH set to + # "/usr/local/bin;/usr/bin;/bin". Since we cannot filter arbitrary ssh + # commands, we have to make the following executables available. + map (f: "L+ /usr/local/bin/${f} - - - - ${x2goserver}/bin/${f}") [ + "x2goagent" "x2gobasepath" "x2gocleansessions" "x2gocmdexitmessage" + "x2godbadmin" "x2gofeature" "x2gofeaturelist" "x2gofm" "x2gogetapps" + "x2gogetservers" "x2golistdesktops" "x2golistmounts" "x2golistsessions" + "x2golistsessions_root" "x2golistshadowsessions" "x2gomountdirs" + "x2gopath" "x2goprint" "x2goresume-desktopsharing" "x2goresume-session" + "x2goruncommand" "x2goserver-run-extensions" "x2gosessionlimit" + "x2gosetkeyboard" "x2goshowblocks" "x2gostartagent" + "x2gosuspend-desktopsharing" "x2gosuspend-session" + "x2goterminate-desktopsharing" "x2goterminate-session" + "x2goumount-session" "x2goversion" + ] ++ [ + "L+ /usr/local/bin/awk - - - - ${gawk}/bin/awk" + "L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod" + "L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp" + "L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed" + "L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid" + "L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr" + "L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap" + ]; + + systemd.services.x2goserver = { + description = "X2Go Server Daemon"; + wantedBy = [ "multi-user.target" ]; + unitConfig.Documentation = "man:x2goserver.conf(5)"; + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.x2goserver}/bin/x2gocleansessions"; + PIDFile = "/run/x2go/x2goserver.pid"; + User = "x2go"; + Group = "x2go"; + RuntimeDirectory = "x2go"; + StateDirectory = "x2go"; + }; + preStart = '' + if [ ! -e /var/lib/x2go/setup_ran ] + then + mkdir -p /var/lib/x2go/conf + cp -r ${pkgs.x2goserver}/etc/x2go/* /var/lib/x2go/conf/ + ln -sf ${x2goServerConf} /var/lib/x2go/conf/x2goserver.conf + ln -sf ${x2goAgentOptions} /var/lib/x2go/conf/x2goagent.options + ${pkgs.x2goserver}/bin/x2godbadmin --createdb + touch /var/lib/x2go/setup_ran + fi + ''; + }; + + # https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=276 + security.sudo.extraConfig = '' + Defaults env_keep+=QT_GRAPHICSSYSTEM + ''; + }; +} diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix index 070463311db5..a7ad9b89db4d 100644 --- a/nixos/modules/programs/xss-lock.nix +++ b/nixos/modules/programs/xss-lock.nix @@ -12,7 +12,7 @@ in lockerCommand = mkOption { default = "${pkgs.i3lock}/bin/i3lock"; example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; - type = types.string; + type = types.separatedString " "; description = "Locker to be used with xsslock"; }; diff --git a/nixos/modules/programs/yabar.nix b/nixos/modules/programs/yabar.nix index db085211366e..5de9331ac520 100644 --- a/nixos/modules/programs/yabar.nix +++ b/nixos/modules/programs/yabar.nix @@ -76,7 +76,7 @@ in font = mkOption { default = "sans bold 9"; example = "Droid Sans, FontAwesome Bold 9"; - type = types.string; + type = types.str; description = '' The font that will be used to draw the status bar. @@ -95,7 +95,7 @@ in extra = mkOption { default = {}; - type = types.attrsOf types.string; + type = types.attrsOf types.str; description = '' An attribute set which contains further attributes of a bar. @@ -107,7 +107,7 @@ in type = types.attrsOf(types.submodule { options.exec = mkOption { example = "YABAR_DATE"; - type = types.string; + type = types.str; description = '' The type of the indicator to be executed. ''; @@ -125,7 +125,7 @@ in options.extra = mkOption { default = {}; - type = types.attrsOf (types.either types.string types.int); + type = types.attrsOf (types.either types.str types.int); description = '' An attribute set which contains further attributes of a indicator. diff --git a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix index 89087a229eb7..7184e5d9b9a8 100644 --- a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix +++ b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix @@ -33,7 +33,7 @@ in patterns = mkOption { default = {}; - type = types.attrsOf types.string; + type = types.attrsOf types.str; example = literalExample '' { @@ -50,7 +50,7 @@ in }; styles = mkOption { default = {}; - type = types.attrsOf types.string; + type = types.attrsOf types.str; example = literalExample '' { diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 1048c2af2ea8..9e0ab60ca679 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -256,7 +256,7 @@ with lib; # binfmt (mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ]) - + # ACME (mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.") (mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal") @@ -285,6 +285,13 @@ with lib; throw "services.redshift.longitude is set to null, you can remove this" else builtins.fromJSON value)) + # Redis + (mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.") + (mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.") + (mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.") + (mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.") + (mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.") + ] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "snmpExporter" "unifiExporter" "varnishExporter" ] diff --git a/nixos/modules/security/auditd.nix b/nixos/modules/security/auditd.nix index 6abac244dac2..9d26cfbcfb10 100644 --- a/nixos/modules/security/auditd.nix +++ b/nixos/modules/security/auditd.nix @@ -6,6 +6,10 @@ with lib; options.security.auditd.enable = mkEnableOption "the Linux Audit daemon"; config = mkIf config.security.auditd.enable { + boot.kernelParams = [ "audit=1" ]; + + environment.systemPackages = [ pkgs.audit ]; + systemd.services.auditd = { description = "Linux Audit daemon"; wantedBy = [ "basic.target" ]; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 89e71c5136e4..9c7ddc2f4eea 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -685,7 +685,7 @@ in }; id = mkOption { example = "42"; - type = types.string; + type = types.str; description = "client id"; }; diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 573588aaeecc..10ee036be84e 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -91,7 +91,7 @@ in type = with types; listOf (submodule { options = { users = mkOption { - type = with types; listOf (either string int); + type = with types; listOf (either str int); description = '' The usernames / UIDs this rule should apply for. ''; @@ -99,7 +99,7 @@ in }; groups = mkOption { - type = with types; listOf (either string int); + type = with types; listOf (either str int); description = '' The groups / GIDs this rule should apply for. ''; @@ -107,7 +107,7 @@ in }; host = mkOption { - type = types.string; + type = types.str; default = "ALL"; description = '' For what host this rule should apply. @@ -115,7 +115,7 @@ in }; runAs = mkOption { - type = with types; string; + type = with types; str; default = "ALL:ALL"; description = '' Under which user/group the specified command is allowed to run. @@ -130,11 +130,11 @@ in description = '' The commands for which the rule should apply. ''; - type = with types; listOf (either string (submodule { + type = with types; listOf (either str (submodule { options = { command = mkOption { - type = with types; string; + type = with types; str; description = '' A command being either just a path to a binary to allow any arguments, the full command with arguments pre-set or with <code>""</code> used as the argument, diff --git a/nixos/modules/services/amqp/activemq/default.nix b/nixos/modules/services/amqp/activemq/default.nix index 27bfd91cd2d5..7729da27304b 100644 --- a/nixos/modules/services/amqp/activemq/default.nix +++ b/nixos/modules/services/amqp/activemq/default.nix @@ -40,7 +40,7 @@ in { ''; }; configurationURI = mkOption { - type = types.string; + type = types.str; default = "xbean:activemq.xml"; description = '' The URI that is passed along to the BrokerFactory to @@ -51,7 +51,7 @@ in { ''; }; baseDir = mkOption { - type = types.string; + type = types.str; default = "/var/activemq"; description = '' The base directory where ActiveMQ stores its persistent data and logs. @@ -81,7 +81,7 @@ in { ''; }; extraJavaOptions = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M"; description = '' diff --git a/nixos/modules/services/audio/alsa.nix b/nixos/modules/services/audio/alsa.nix index 376aad66e236..4939adc4ee65 100644 --- a/nixos/modules/services/audio/alsa.nix +++ b/nixos/modules/services/audio/alsa.nix @@ -64,7 +64,7 @@ in }; volumeStep = mkOption { - type = types.string; + type = types.str; default = "1"; example = "1%"; description = '' diff --git a/nixos/modules/services/audio/ympd.nix b/nixos/modules/services/audio/ympd.nix index 919b76622510..551bd941fe68 100644 --- a/nixos/modules/services/audio/ympd.nix +++ b/nixos/modules/services/audio/ympd.nix @@ -23,7 +23,7 @@ in { mpd = { host = mkOption { - type = types.string; + type = types.str; default = "localhost"; description = "The host where MPD is listening."; example = "localhost"; diff --git a/nixos/modules/services/backup/crashplan-small-business.nix b/nixos/modules/services/backup/crashplan-small-business.nix deleted file mode 100644 index 790dafefe66f..000000000000 --- a/nixos/modules/services/backup/crashplan-small-business.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.crashplansb; - crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; }; -in - -with lib; - -{ - options = { - services.crashplansb = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Starts crashplan for small business background service. - ''; - }; - maxRam = mkOption { - default = "1024m"; - example = "2G"; - type = types.str; - description = '' - Maximum amount of ram that the crashplan engine should use. - ''; - }; - openPorts = mkOption { - description = "Open ports in the firewall for crashplan."; - default = true; - type = types.bool; - }; - ports = mkOption { - # https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform - # used ports can also be checked in the desktop app console using the command connection.info - description = "which ports to open."; - default = [ 4242 4243 4244 4247 ]; - type = types.listOf types.int; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ crashplansb ]; - networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports; - - systemd.services.crashplansb = { - description = "CrashPlan Backup Engine"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; - - preStart = '' - install -d -m 755 ${crashplansb.vardir} - install -d -m 700 ${crashplansb.vardir}/conf - install -d -m 700 ${crashplansb.manifestdir} - install -d -m 700 ${crashplansb.vardir}/cache - install -d -m 700 ${crashplansb.vardir}/backupArchives - install -d -m 777 ${crashplansb.vardir}/log - cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf - ''; - - serviceConfig = { - Type = "forking"; - EnvironmentFile = "${crashplansb}/bin/run.conf"; - ExecStart = "${crashplansb}/bin/CrashPlanEngine start"; - ExecStop = "${crashplansb}/bin/CrashPlanEngine stop"; - PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid"; - WorkingDirectory = crashplansb; - }; - }; - }; -} diff --git a/nixos/modules/services/backup/crashplan.nix b/nixos/modules/services/backup/crashplan.nix deleted file mode 100644 index c540cc6e2aee..000000000000 --- a/nixos/modules/services/backup/crashplan.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.crashplan; - crashplan = pkgs.crashplan; -in - -with lib; - -{ - options = { - services.crashplan = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Starts crashplan background service. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ crashplan ]; - - systemd.services.crashplan = { - description = "CrashPlan Backup Engine"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; - - preStart = '' - ensureDir() { - dir=$1 - mode=$2 - - if ! test -e $dir; then - ${pkgs.coreutils}/bin/mkdir -m $mode -p $dir - elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then - ${pkgs.coreutils}/bin/chmod $mode $dir - fi - } - - ensureDir ${crashplan.vardir} 755 - ensureDir ${crashplan.vardir}/conf 700 - ensureDir ${crashplan.manifestdir} 700 - ensureDir ${crashplan.vardir}/cache 700 - ensureDir ${crashplan.vardir}/backupArchives 700 - ensureDir ${crashplan.vardir}/log 777 - cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf - for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do - rm -f ${crashplan.vardir}/$x; - ln -sf ${crashplan}/$x ${crashplan.vardir}/$x; - done - ''; - - serviceConfig = { - Type = "forking"; - EnvironmentFile = "${crashplan}/bin/run.conf"; - ExecStart = "${crashplan}/bin/CrashPlanEngine start"; - ExecStop = "${crashplan}/bin/CrashPlanEngine stop"; - PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid"; - WorkingDirectory = crashplan; - }; - }; - }; -} diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 17b410a97f3e..13a36ae32ac0 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -81,7 +81,7 @@ in { }; pgdumpOptions = mkOption { - type = types.string; + type = types.separatedString " "; default = "-Cbo"; description = '' Command line options for pg_dump. This options is not used diff --git a/nixos/modules/services/backup/rsnapshot.nix b/nixos/modules/services/backup/rsnapshot.nix index bb5dcab1dcf2..6635a51ec2c6 100644 --- a/nixos/modules/services/backup/rsnapshot.nix +++ b/nixos/modules/services/backup/rsnapshot.nix @@ -2,7 +2,7 @@ with lib; -let +let cfg = config.services.rsnapshot; cfgfile = pkgs.writeText "rsnapshot.conf" '' config_version 1.2 @@ -52,7 +52,7 @@ in cronIntervals = mkOption { default = {}; example = { hourly = "0 * * * *"; daily = "50 21 * * *"; }; - type = types.attrsOf types.string; + type = types.attrsOf types.str; description = '' Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration diff --git a/nixos/modules/services/databases/cassandra.nix b/nixos/modules/services/databases/cassandra.nix index a9da3a3c5620..9c8b6c50af14 100644 --- a/nixos/modules/services/databases/cassandra.nix +++ b/nixos/modules/services/databases/cassandra.nix @@ -259,7 +259,7 @@ in { ''; }; incrementalRepairOptions = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "--partitioner-range" ]; description = '' @@ -267,7 +267,7 @@ in { ''; }; maxHeapSize = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "4G"; description = '' @@ -287,7 +287,7 @@ in { ''; }; heapNewSize = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "800M"; description = '' @@ -352,11 +352,11 @@ in { type = types.listOf (types.submodule { options = { username = mkOption { - type = types.string; + type = types.str; description = "Username for JMX"; }; password = mkOption { - type = types.string; + type = types.str; description = "Password for JMX"; }; }; diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix index 77e404116c8a..53224db1d896 100644 --- a/nixos/modules/services/databases/couchdb.nix +++ b/nixos/modules/services/databases/couchdb.nix @@ -56,7 +56,7 @@ in { user = mkOption { - type = types.string; + type = types.str; default = "couchdb"; description = '' User account under which couchdb runs. @@ -64,7 +64,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "couchdb"; description = '' Group account under which couchdb runs. @@ -106,7 +106,7 @@ in { }; bindAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = '' Defines the IP address by which CouchDB will be accessible. @@ -138,7 +138,7 @@ in { }; configFile = mkOption { - type = types.string; + type = types.path; description = '' Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group. diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index 3746b875c7f2..8f8d0da7c8d3 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -140,7 +140,7 @@ in }; logSize = mkOption { - type = types.string; + type = types.str; default = "10MiB"; description = '' Roll over to a new log file after the current log file @@ -149,7 +149,7 @@ in }; maxLogSize = mkOption { - type = types.string; + type = types.str; default = "100MiB"; description = '' Delete the oldest log file when the total size of all log @@ -171,7 +171,7 @@ in }; memory = mkOption { - type = types.string; + type = types.str; default = "8GiB"; description = '' Maximum memory used by the process. The default value is @@ -193,7 +193,7 @@ in }; storageMemory = mkOption { - type = types.string; + type = types.str; default = "1GiB"; description = '' Maximum memory used for data storage. The default value is diff --git a/nixos/modules/services/databases/hbase.nix b/nixos/modules/services/databases/hbase.nix index 589c8cf5ec80..2d1a47bbaa31 100644 --- a/nixos/modules/services/databases/hbase.nix +++ b/nixos/modules/services/databases/hbase.nix @@ -53,7 +53,7 @@ in { user = mkOption { - type = types.string; + type = types.str; default = "hbase"; description = '' User account under which HBase runs. @@ -61,7 +61,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "hbase"; description = '' Group account under which HBase runs. diff --git a/nixos/modules/services/databases/influxdb.nix b/nixos/modules/services/databases/influxdb.nix index 6868050c8446..2f176a038729 100644 --- a/nixos/modules/services/databases/influxdb.nix +++ b/nixos/modules/services/databases/influxdb.nix @@ -129,13 +129,13 @@ in user = mkOption { default = "influxdb"; description = "User account under which influxdb runs"; - type = types.string; + type = types.str; }; group = mkOption { default = "influxdb"; description = "Group under which influxdb runs"; - type = types.string; + type = types.str; }; dataDir = mkOption { diff --git a/nixos/modules/services/databases/mongodb.nix b/nixos/modules/services/databases/mongodb.nix index c458a1d648a0..12879afed477 100644 --- a/nixos/modules/services/databases/mongodb.nix +++ b/nixos/modules/services/databases/mongodb.nix @@ -65,9 +65,9 @@ in default = false; description = "Enable client authentication. Creates a default superuser with username root!"; }; - + initialRootPassword = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = "Password for the root user if auth is enabled."; }; diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index d8e2c715afb9..5bf57a1bf9cb 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -47,26 +47,26 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "openldap"; description = "User account under which slapd runs."; }; group = mkOption { - type = types.string; + type = types.str; default = "openldap"; description = "Group account under which slapd runs."; }; urlList = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "ldap:///" ]; description = "URL list slapd should listen on."; example = [ "ldaps:///" ]; }; dataDir = mkOption { - type = types.string; + type = types.path; default = "/var/db/openldap"; description = "The database directory."; }; diff --git a/nixos/modules/services/databases/opentsdb.nix b/nixos/modules/services/databases/opentsdb.nix index b26fa9093ef4..c4bd71f3d60e 100644 --- a/nixos/modules/services/databases/opentsdb.nix +++ b/nixos/modules/services/databases/opentsdb.nix @@ -34,7 +34,7 @@ in { }; user = mkOption { - type = types.string; + type = types.str; default = "opentsdb"; description = '' User account under which OpenTSDB runs. @@ -42,7 +42,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "opentsdb"; description = '' Group account under which OpenTSDB runs. diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index c04cc1283b2e..9c389d80a6df 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -8,17 +8,19 @@ let condOption = name: value: if value != null then "${name} ${toString value}" else ""; redisConfig = pkgs.writeText "redis.conf" '' - pidfile ${cfg.pidFile} port ${toString cfg.port} ${condOption "bind" cfg.bind} ${condOption "unixsocket" cfg.unixSocket} + daemonize yes + supervised systemd loglevel ${cfg.logLevel} logfile ${cfg.logfile} syslog-enabled ${redisBool cfg.syslog} + pidfile /run/redis/redis.pid databases ${toString cfg.databases} ${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save} - dbfilename ${cfg.dbFilename} - dir ${toString cfg.dbpath} + dbfilename dump.rdb + dir /var/lib/redis ${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""} ${condOption "masterauth" cfg.masterAuth} ${condOption "requirepass" cfg.requirePass} @@ -40,7 +42,12 @@ in enable = mkOption { type = types.bool; default = false; - description = "Whether to enable the Redis server."; + description = '' + Whether to enable the Redis server. Note that the NixOS module for + Redis disables kernel support for Transparent Huge Pages (THP), + because this features causes major performance problems for Redis, + e.g. (https://redis.io/topics/latency). + ''; }; package = mkOption { @@ -50,18 +57,6 @@ in description = "Which Redis derivation to use."; }; - user = mkOption { - type = types.str; - default = "redis"; - description = "User account under which Redis runs."; - }; - - pidFile = mkOption { - type = types.path; - default = "/var/lib/redis/redis.pid"; - description = ""; - }; - port = mkOption { type = types.int; default = 6379; @@ -95,7 +90,7 @@ in type = with types; nullOr path; default = null; description = "The path to the socket to bind to."; - example = "/run/redis.sock"; + example = "/run/redis/redis.sock"; }; logLevel = mkOption { @@ -131,18 +126,6 @@ in example = [ [900 1] [300 10] [60 10000] ]; }; - dbFilename = mkOption { - type = types.str; - default = "dump.rdb"; - description = "The filename where to dump the DB."; - }; - - dbpath = mkOption { - type = types.path; - default = "/var/lib/redis"; - description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration."; - }; - slaveOf = mkOption { default = null; # { ip, port } description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave."; @@ -170,12 +153,6 @@ in description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; }; - appendOnlyFilename = mkOption { - type = types.str; - default = "appendonly.aof"; - description = "Filename for the append-only file (stored inside of dbpath)"; - }; - appendFsync = mkOption { type = types.str; default = "everysec"; # no, always, everysec @@ -217,26 +194,17 @@ in allowedTCPPorts = [ cfg.port ]; }; - users.users.redis = - { name = cfg.user; - description = "Redis database user"; - }; + users.users.redis.description = "Redis database user"; environment.systemPackages = [ cfg.package ]; - systemd.services.redis_init = - { description = "Redis Server Initialisation"; - - wantedBy = [ "redis.service" ]; - before = [ "redis.service" ]; - - serviceConfig.Type = "oneshot"; - - script = '' - install -d -m0700 -o ${cfg.user} ${cfg.dbpath} - chown -R ${cfg.user} ${cfg.dbpath} - ''; - }; + systemd.services.disable-transparent-huge-pages = { + description = "Disable Transparent Huge Pages (required by Redis)"; + before = [ "redis.service" ]; + wantedBy = [ "redis.service" ]; + script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled"; + serviceConfig.Type = "oneshot"; + }; systemd.services.redis = { description = "Redis Server"; @@ -246,7 +214,10 @@ in serviceConfig = { ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}"; - User = cfg.user; + RuntimeDirectory = "redis"; + StateDirectory = "redis"; + Type = "notify"; + User = "redis"; }; }; diff --git a/nixos/modules/services/databases/riak.nix b/nixos/modules/services/databases/riak.nix index ac086cf55996..885215209bdf 100644 --- a/nixos/modules/services/databases/riak.nix +++ b/nixos/modules/services/databases/riak.nix @@ -29,7 +29,7 @@ in }; nodeName = mkOption { - type = types.string; + type = types.str; default = "riak@127.0.0.1"; description = '' Name of the Erlang node. @@ -37,7 +37,7 @@ in }; distributedCookie = mkOption { - type = types.string; + type = types.str; default = "riak"; description = '' Cookie for distributed node communication. All nodes in the diff --git a/nixos/modules/services/desktops/gnome3/seahorse.nix b/nixos/modules/services/desktops/gnome3/seahorse.nix deleted file mode 100644 index 9631157934f9..000000000000 --- a/nixos/modules/services/desktops/gnome3/seahorse.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Seahorse daemon. - -{ config, pkgs, lib, ... }: - -with lib; - -{ - - ###### interface - - options = { - - services.gnome3.seahorse = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable Seahorse search provider for the GNOME Shell activity search. - ''; - }; - - }; - - }; - - - ###### implementation - - config = mkIf config.services.gnome3.seahorse.enable { - - environment.systemPackages = [ pkgs.gnome3.seahorse pkgs.gnome3.dconf ]; - - services.dbus.packages = [ pkgs.gnome3.seahorse ]; - - }; - -} diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index acd69f18376c..8ced302bad1e 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -9,6 +9,7 @@ Damien Cassou @DamienCassou Thomas Tuegel @ttuegel Rodney Lorrimar @rvl + Adam Hoese @adisbladis --> <para> <link xlink:href="https://www.gnu.org/software/emacs/">Emacs</link> is an @@ -130,15 +131,6 @@ Emacs packages through nixpkgs. </para> - <note> - <para> - This documentation describes the new Emacs packages framework in NixOS - 16.03 (<varname>emacsPackagesNg</varname>) which should not be confused - with the previous and deprecated framework - (<varname>emacs24Packages</varname>). - </para> - </note> - <para> The first step to declare the list of packages you want in your Emacs installation is to create a dedicated derivation. This can be done in a @@ -164,7 +156,7 @@ $ ./result/bin/emacs let myEmacs = pkgs.emacs; <co xml:id="ex-emacsNix-2" /> - emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" /> + emacsWithPackages = (pkgs.emacsPackagesGen myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" /> in emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ <co xml:id="ex-emacsNix-4" /> magit # ; Integrate git <C-x g> @@ -262,10 +254,10 @@ in <example xml:id="module-services-emacs-querying-packages"> <title>Querying Emacs packages</title> <programlisting><![CDATA[ -nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages -nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaPackages -nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaStablePackages -nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages +nix-env -f "<nixpkgs>" -qaP -A emacsPackages.elpaPackages +nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaPackages +nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaStablePackages +nix-env -f "<nixpkgs>" -qaP -A emacsPackages.orgPackages ]]></programlisting> </example> </para> diff --git a/nixos/modules/services/games/factorio.nix b/nixos/modules/services/games/factorio.nix index d04673a6c8b8..f3831156f453 100644 --- a/nixos/modules/services/games/factorio.nix +++ b/nixos/modules/services/games/factorio.nix @@ -55,7 +55,7 @@ in ''; }; saveName = mkOption { - type = types.string; + type = types.str; default = "default"; description = '' The name of the savegame that will be used by the server. @@ -81,7 +81,7 @@ in ''; }; stateDirName = mkOption { - type = types.string; + type = types.str; default = "factorio"; description = '' Name of the directory under /var/lib holding the server's data. @@ -102,14 +102,14 @@ in ''; }; game-name = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "Factorio Game"; description = '' Name of the game as it will appear in the game listing. ''; }; description = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = ""; description = '' Description of the game that will appear in the listing. @@ -130,28 +130,28 @@ in ''; }; username = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Your factorio.com login credentials. Required for games with visibility public. ''; }; password = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Your factorio.com login credentials. Required for games with visibility public. ''; }; token = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Authentication token. May be used instead of 'password' above. ''; }; game-password = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Game password. diff --git a/nixos/modules/services/hardware/freefall.nix b/nixos/modules/services/hardware/freefall.nix index 066ccaa4d7cf..83f1e8c84f28 100644 --- a/nixos/modules/services/hardware/freefall.nix +++ b/nixos/modules/services/hardware/freefall.nix @@ -28,7 +28,7 @@ in { }; devices = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "/dev/sda" ]; description = '' Device paths to all internal spinning hard drives. diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index cad9fa20de0f..6c341bcbf240 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -8,8 +8,8 @@ let cfg = config.services.fwupd; originalEtc = let - mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; }; - in listToAttrs (map mkEtcFile pkgs.fwupd.filesInstalledToEtc); + mkEtcFile = n: nameValuePair n { source = "${cfg.package}/etc/${n}"; }; + in listToAttrs (map mkEtcFile cfg.package.filesInstalledToEtc); extraTrustedKeys = let mkName = p: "pki/fwupd/${baseNameOf (toString p)}"; @@ -24,7 +24,7 @@ let "fwupd/remotes.d/fwupd-tests.conf" = { source = pkgs.runCommand "fwupd-tests-enabled.conf" {} '' sed "s,^Enabled=false,Enabled=true," \ - "${pkgs.fwupd.installedTests}/etc/fwupd/remotes.d/fwupd-tests.conf" > "$out" + "${cfg.package.installedTests}/etc/fwupd/remotes.d/fwupd-tests.conf" > "$out" ''; }; } else {}; @@ -43,7 +43,7 @@ in { }; blacklistDevices = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]; description = '' @@ -52,7 +52,7 @@ in { }; blacklistPlugins = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "test" ]; example = [ "udev" ]; description = '' @@ -77,13 +77,21 @@ in { <link xlink:href="https://github.com/hughsie/fwupd/blob/master/data/installed-tests/README.md">installed tests</link>. ''; }; + + package = mkOption { + type = types.package; + default = pkgs.fwupd; + description = '' + Which fwupd package to use. + ''; + }; }; }; ###### implementation config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.fwupd ]; + environment.systemPackages = [ cfg.package ]; environment.etc = { "fwupd/daemon.conf" = { @@ -102,11 +110,11 @@ in { } // originalEtc // extraTrustedKeys // testRemote; - services.dbus.packages = [ pkgs.fwupd ]; + services.dbus.packages = [ cfg.package ]; - services.udev.packages = [ pkgs.fwupd ]; + services.udev.packages = [ cfg.package ]; - systemd.packages = [ pkgs.fwupd ]; + systemd.packages = [ cfg.package ]; systemd.tmpfiles.rules = [ "d /var/lib/fwupd 0755 root root -" diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index fe05c5a5c06f..3f52658ff013 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -76,7 +76,7 @@ in }; hardware.sane.configDir = mkOption { - type = types.string; + type = types.str; internal = true; description = "The value of SANE_CONFIG_DIR."; }; diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index d4b0a9495d75..3876280ee6bc 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -49,13 +49,13 @@ in user = mkOption { default = "tss"; - type = types.string; + type = types.str; description = "User account under which tcsd runs."; }; group = mkOption { default = "tss"; - type = types.string; + type = types.str; description = "Group account under which tcsd runs."; }; @@ -65,19 +65,19 @@ in description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across - restarts of the TCSD and system reboots. + restarts of the TCSD and system reboots. ''; }; firmwarePCRs = mkOption { default = "0,1,2,3,4,5,6,7"; - type = types.string; + type = types.str; description = "PCR indices used in the TPM for firmware measurements."; }; kernelPCRs = mkOption { default = "8,9,10,11,12"; - type = types.string; + type = types.str; description = "PCR indices used in the TPM for kernel measurements."; }; diff --git a/nixos/modules/services/logging/SystemdJournal2Gelf.nix b/nixos/modules/services/logging/SystemdJournal2Gelf.nix index e90d9e7a12b6..f26aef7262ba 100644 --- a/nixos/modules/services/logging/SystemdJournal2Gelf.nix +++ b/nixos/modules/services/logging/SystemdJournal2Gelf.nix @@ -16,7 +16,7 @@ in }; graylogServer = mkOption { - type = types.string; + type = types.str; example = "graylog2.example.com:11201"; description = '' Host and port of your graylog2 input. This should be a GELF @@ -25,7 +25,7 @@ in }; extraOptions = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = '' Any extra flags to pass to SystemdJournal2Gelf. Note that @@ -56,4 +56,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/logging/awstats.nix b/nixos/modules/services/logging/awstats.nix index 54799d699a74..a92ff3bee490 100644 --- a/nixos/modules/services/logging/awstats.nix +++ b/nixos/modules/services/logging/awstats.nix @@ -32,7 +32,7 @@ in }; updateAt = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "hourly"; description = '' @@ -50,7 +50,7 @@ in description = ''Enable the awstats web service. This switches on httpd.''; }; urlPrefix = mkOption { - type = types.string; + type = types.str; default = "/awstats"; description = "The URL prefix under which the awstats service appears."; }; diff --git a/nixos/modules/services/logging/logcheck.nix b/nixos/modules/services/logging/logcheck.nix index f139190a1709..e7d6e3d62638 100644 --- a/nixos/modules/services/logging/logcheck.nix +++ b/nixos/modules/services/logging/logcheck.nix @@ -155,7 +155,7 @@ in config = mkOption { default = "FQDN=1"; - type = types.string; + type = types.lines; description = '' Config options that you would like in logcheck.conf. ''; diff --git a/nixos/modules/services/logging/rsyslogd.nix b/nixos/modules/services/logging/rsyslogd.nix index 1ea96b8f1325..b924d94e0b0d 100644 --- a/nixos/modules/services/logging/rsyslogd.nix +++ b/nixos/modules/services/logging/rsyslogd.nix @@ -46,7 +46,7 @@ in }; defaultConfig = mkOption { - type = types.string; + type = types.lines; default = defaultConf; description = '' The default <filename>syslog.conf</filename> file configures a @@ -56,7 +56,7 @@ in }; extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; example = "news.* -/var/log/news"; description = '' diff --git a/nixos/modules/services/mail/exim.nix b/nixos/modules/services/mail/exim.nix index c05811291359..47812dd1e40e 100644 --- a/nixos/modules/services/mail/exim.nix +++ b/nixos/modules/services/mail/exim.nix @@ -21,7 +21,7 @@ in }; config = mkOption { - type = types.string; + type = types.lines; default = ""; description = '' Verbatim Exim configuration. This should not contain exim_user, @@ -30,7 +30,7 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "exim"; description = '' User to use when no root privileges are required. @@ -42,7 +42,7 @@ in }; group = mkOption { - type = types.string; + type = types.str; default = "exim"; description = '' Group to use when no root privileges are required. @@ -50,7 +50,7 @@ in }; spoolDir = mkOption { - type = types.string; + type = types.path; default = "/var/spool/exim"; description = '' Location of the spool directory of exim. diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix new file mode 100644 index 000000000000..11dd5cb48db0 --- /dev/null +++ b/nixos/modules/services/mail/mailman.nix @@ -0,0 +1,114 @@ +{ config, pkgs, lib, ... }: # mailman.nix + +with lib; + +let + + cfg = config.services.mailman; + + pythonEnv = pkgs.python3.withPackages (ps: [ps.mailman]); + + mailmanExe = with pkgs; stdenv.mkDerivation { + name = "mailman-" + python3Packages.mailman.version; + unpackPhase = ":"; + installPhase = '' + mkdir -p $out/bin + sed >"$out/bin/mailman" <"${pythonEnv}/bin/mailman" \ + -e "2 iexport MAILMAN_CONFIG_FILE=/etc/mailman.cfg" + chmod +x $out/bin/mailman + ''; + }; + + mailmanCfg = '' + [mailman] + site_owner: ${cfg.siteOwner} + layout: fhs + + [paths.fhs] + bin_dir: ${pkgs.python3Packages.mailman}/bin + var_dir: /var/lib/mailman + queue_dir: $var_dir/queue + log_dir: $var_dir/log + lock_dir: $var_dir/lock + etc_dir: /etc + ext_dir: $etc_dir/mailman.d + pid_file: /run/mailman/master.pid + ''; + +in { + + ###### interface + + options = { + + services.mailman = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Enable Mailman on this host. Requires an active Postfix installation."; + }; + + siteOwner = mkOption { + type = types.str; + default = "postmaster"; + description = '' + Certain messages that must be delivered to a human, but which can't + be delivered to a list owner (e.g. a bounce from a list owner), will + be sent to this address. It should point to a human. + ''; + }; + + + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + + assertions = [ + { assertion = cfg.enable -> config.services.postfix.enable; + message = "Mailman requires Postfix"; + } + { assertion = config.services.postfix.recipientDelimiter == "+"; + message = "Postfix's recipientDelimiter must be set to '+'."; + } + ]; + + users.users.mailman = { description = "GNU Mailman"; isSystemUser = true; }; + + environment = { + systemPackages = [ mailmanExe ]; + etc."mailman.cfg".text = mailmanCfg; + }; + + services.postfix = { + relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; + config = { + transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + # Mailman uses recipient delimiters, so we don't need special handling. + owner_request_special = "no"; + }; + }; + + systemd.services.mailman = { + description = "GNU Mailman Master Process"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${mailmanExe}/bin/mailman start"; + ExecStop = "${mailmanExe}/bin/mailman stop"; + User = "mailman"; + Type = "forking"; + StateDirectory = "mailman"; + StateDirectoryMode = "0700"; + RuntimeDirectory = "mailman"; + PIDFile = "/run/mailman/master.pid"; + }; + }; + + }; + +} diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 9997d287013e..2c2910e0aa9b 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -14,7 +14,7 @@ with lib; }; user = mkOption { - type = types.string; + type = types.str; default = "nullmailer"; description = '' User to use to run nullmailer-send. @@ -22,7 +22,7 @@ with lib; }; group = mkOption { - type = types.string; + type = types.str; default = "nullmailer"; description = '' Group to use to run nullmailer-send. diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 2b08ab1e6aa6..c9b3ff0c8f8a 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -509,7 +509,7 @@ in }; localRecipients = mkOption { - type = with types; nullOr (listOf string); + type = with types; nullOr (listOf str); default = null; description = '' List of accepted local users. Specify a bare username, an @@ -530,7 +530,7 @@ in dnsBlacklists = mkOption { default = []; - type = with types; listOf string; + type = with types; listOf str; description = "dns blacklist servers to use with smtpd_client_restrictions"; }; diff --git a/nixos/modules/services/mail/postgrey.nix b/nixos/modules/services/mail/postgrey.nix index 8e2b9c5dbc56..660c4ca74b10 100644 --- a/nixos/modules/services/mail/postgrey.nix +++ b/nixos/modules/services/mail/postgrey.nix @@ -12,7 +12,7 @@ with lib; let inetSocket = with types; { options = { addr = mkOption { - type = nullOr string; + type = nullOr str; default = null; example = "127.0.0.1"; description = "The address to bind to. Localhost if null"; @@ -34,7 +34,7 @@ with lib; let }; mode = mkOption { - type = string; + type = str; default = "0777"; description = "Mode of the unix socket"; }; @@ -63,17 +63,17 @@ in { description = "Socket to bind to"; }; greylistText = mkOption { - type = string; + type = str; default = "Greylisted for %%s seconds"; description = "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient"; }; greylistAction = mkOption { - type = string; + type = str; default = "DEFER_IF_PERMIT"; description = "Response status for greylisted messages (see access(5))"; }; greylistHeader = mkOption { - type = string; + type = str; default = "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d"; description = "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host"; }; @@ -88,7 +88,7 @@ in { description = "Delete entries from whitelist if they haven't been seen for N days"; }; retryWindow = mkOption { - type = either string natural; + type = either str natural; default = 2; example = "12h"; description = "Allow N days for the first retry. Use string with appended 'h' to specify time in hours"; diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index e59d5715de05..e1ba63078111 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -308,7 +308,7 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "rspamd"; description = '' User to use when no root privileges are required. @@ -316,7 +316,7 @@ in }; group = mkOption { - type = types.string; + type = types.str; default = "rspamd"; description = '' Group to use when no root privileges are required. diff --git a/nixos/modules/services/misc/airsonic.nix b/nixos/modules/services/misc/airsonic.nix index 8b2ec82c7705..4480445c1eaa 100644 --- a/nixos/modules/services/misc/airsonic.nix +++ b/nixos/modules/services/misc/airsonic.nix @@ -34,7 +34,7 @@ in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = '' The host name or IP address on which to bind Airsonic. diff --git a/nixos/modules/services/misc/apache-kafka.nix b/nixos/modules/services/misc/apache-kafka.nix index 9eeae9556992..798e902ccae4 100644 --- a/nixos/modules/services/misc/apache-kafka.nix +++ b/nixos/modules/services/misc/apache-kafka.nix @@ -46,7 +46,7 @@ in { hostname = mkOption { description = "Hostname the broker should bind to."; default = "localhost"; - type = types.string; + type = types.str; }; logDirs = mkOption { @@ -54,13 +54,13 @@ in { default = [ "/tmp/kafka-logs" ]; type = types.listOf types.path; }; - + zookeeper = mkOption { description = "Zookeeper connection string"; default = "localhost:2181"; - type = types.string; + type = types.str; }; - + extraProperties = mkOption { description = "Extra properties for server.properties."; type = types.nullOr types.lines; @@ -79,8 +79,8 @@ in { log4jProperties = mkOption { description = "Kafka log4j property configuration."; default = '' - log4j.rootLogger=INFO, stdout - + log4j.rootLogger=INFO, stdout + log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n diff --git a/nixos/modules/services/misc/cpuminer-cryptonight.nix b/nixos/modules/services/misc/cpuminer-cryptonight.nix index f31526f8d107..907b9d90da29 100644 --- a/nixos/modules/services/misc/cpuminer-cryptonight.nix +++ b/nixos/modules/services/misc/cpuminer-cryptonight.nix @@ -28,15 +28,15 @@ in ''; }; url = mkOption { - type = types.string; + type = types.str; description = "URL of mining server"; }; user = mkOption { - type = types.string; + type = types.str; description = "Username for mining server"; }; pass = mkOption { - type = types.string; + type = types.str; default = "x"; description = "Password for mining server"; }; @@ -63,4 +63,4 @@ in }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/misc/exhibitor.nix b/nixos/modules/services/misc/exhibitor.nix index 665084a8ae05..f526270cb4b3 100644 --- a/nixos/modules/services/misc/exhibitor.nix +++ b/nixos/modules/services/misc/exhibitor.nix @@ -252,7 +252,7 @@ in example = ["host1:2181" "host2:2181"]; }; zkConfigExhibitorPath = mkOption { - type = types.string; + type = types.str; description = '' If the ZooKeeper shared config is also running Exhibitor, the URI path for the REST call ''; diff --git a/nixos/modules/services/misc/fstrim.nix b/nixos/modules/services/misc/fstrim.nix index 15f283f093c0..b8841a7fe74c 100644 --- a/nixos/modules/services/misc/fstrim.nix +++ b/nixos/modules/services/misc/fstrim.nix @@ -14,7 +14,7 @@ in { enable = mkEnableOption "periodic SSD TRIM of mounted partitions in background"; interval = mkOption { - type = types.string; + type = types.str; default = "weekly"; description = '' How often we run fstrim. For most desktop and server systems diff --git a/nixos/modules/services/misc/logkeys.nix b/nixos/modules/services/misc/logkeys.nix index ad13d9eaa674..0082db63a06a 100644 --- a/nixos/modules/services/misc/logkeys.nix +++ b/nixos/modules/services/misc/logkeys.nix @@ -11,7 +11,7 @@ in { device = mkOption { description = "Use the given device as keyboard input event device instead of /dev/input/eventX default."; default = null; - type = types.nullOr types.string; + type = types.nullOr types.str; example = "/dev/input/event15"; }; }; diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index e8e9c0946d7f..dbf12fd1da39 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -163,7 +163,7 @@ in { }; serverName = mkOption { - type = types.string; + type = types.str; default = "mediatomb"; description = '' How to identify the server on the network. diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 4e6cd80e2425..3985dc0b303c 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -50,7 +50,7 @@ in }; ocrLanguages = mkOption { - type = with types; nullOr (listOf string); + type = with types; nullOr (listOf str); default = null; description = '' Languages available for OCR via Tesseract, specified as diff --git a/nixos/modules/services/misc/subsonic.nix b/nixos/modules/services/misc/subsonic.nix index 1612b197f35f..c1e1a7f40f0c 100644 --- a/nixos/modules/services/misc/subsonic.nix +++ b/nixos/modules/services/misc/subsonic.nix @@ -17,7 +17,7 @@ let cfg = config.services.subsonic; in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = '' The host name or IP address on which to bind Subsonic. diff --git a/nixos/modules/services/misc/uhub.nix b/nixos/modules/services/misc/uhub.nix index 005951b9231e..753580c3e404 100644 --- a/nixos/modules/services/misc/uhub.nix +++ b/nixos/modules/services/misc/uhub.nix @@ -51,7 +51,7 @@ in }; address = mkOption { - type = types.string; + type = types.str; default = "any"; description = "Address to bind the hub to."; }; @@ -83,7 +83,7 @@ in description = "Whether to enable the Sqlite authentication database plugin"; }; file = mkOption { - type = types.string; + type = types.path; example = "/var/db/uhub-users"; description = "Path to user database. Use the uhub-passwd utility to create the database and add/remove users."; }; @@ -96,7 +96,7 @@ in description = "Whether to enable the logging plugin."; }; file = mkOption { - type = types.string; + type = types.str; default = ""; description = "Path of log file."; }; @@ -117,7 +117,7 @@ in default = ""; type = types.lines; description = '' - Welcome message displayed to clients after connecting + Welcome message displayed to clients after connecting and with the <literal>!motd</literal> command. ''; }; @@ -183,4 +183,4 @@ in }; }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/monitoring/apcupsd.nix b/nixos/modules/services/monitoring/apcupsd.nix index 49957e652900..75218aa1d46b 100644 --- a/nixos/modules/services/monitoring/apcupsd.nix +++ b/nixos/modules/services/monitoring/apcupsd.nix @@ -91,7 +91,7 @@ in BATTERYLEVEL 50 MINUTES 5 ''; - type = types.string; + type = types.lines; description = '' Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to @@ -106,7 +106,7 @@ in example = { doshutdown = ''# shell commands to notify that the computer is shutting down''; }; - type = types.attrsOf types.string; + type = types.attrsOf types.lines; description = '' Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that diff --git a/nixos/modules/services/monitoring/bosun.nix b/nixos/modules/services/monitoring/bosun.nix index 8bf741adb6e3..b1c12cce1f80 100644 --- a/nixos/modules/services/monitoring/bosun.nix +++ b/nixos/modules/services/monitoring/bosun.nix @@ -41,7 +41,7 @@ in { }; user = mkOption { - type = types.string; + type = types.str; default = "bosun"; description = '' User account under which bosun runs. @@ -49,7 +49,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "bosun"; description = '' Group account under which bosun runs. @@ -57,7 +57,7 @@ in { }; opentsdbHost = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "localhost:4242"; description = '' Host and port of the OpenTSDB database that stores bosun data. @@ -66,7 +66,7 @@ in { }; influxHost = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "localhost:8086"; description = '' @@ -75,7 +75,7 @@ in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = ":8070"; description = '' The host address and port that bosun's web interface will listen on. diff --git a/nixos/modules/services/monitoring/datadog-agent.nix b/nixos/modules/services/monitoring/datadog-agent.nix index 7f78db74677c..02a9f316fc32 100644 --- a/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixos/modules/services/monitoring/datadog-agent.nix @@ -87,7 +87,7 @@ in { description = "The hostname to show in the Datadog dashboard (optional)"; default = null; example = "mymachine.mydomain"; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; }; logLevel = mkOption { diff --git a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix index abc8d65d58f2..c0ea1eeb424f 100644 --- a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix +++ b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix @@ -145,41 +145,40 @@ in { description = "The hostname to show in the Datadog dashboard (optional)"; default = null; example = "mymachine.mydomain"; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; }; postgresqlConfig = mkOption { description = "Datadog PostgreSQL integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; nginxConfig = mkOption { description = "Datadog nginx integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; mongoConfig = mkOption { description = "MongoDB integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; jmxConfig = mkOption { description = "JMX integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; processConfig = mkOption { description = '' Process integration configuration - - See http://docs.datadoghq.com/integrations/process/ + See <link xlink:href="https://docs.datadoghq.com/integrations/process/"/> ''; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; }; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index d6473220c140..64cb6c3da1e5 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -11,7 +11,7 @@ let graphiteLocalSettingsDir = pkgs.runCommand "graphite_local_settings" { inherit graphiteLocalSettings; - preferLocalBuild = true; + preferLocalBuild = true; } '' mkdir -p $out ln -s $graphiteLocalSettings $out/graphite_local_settings.py @@ -215,7 +215,7 @@ in { storageAggregation = mkOption { description = "Defines how to aggregate data to lower-precision retentions."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [all_min] pattern = \.min$ @@ -227,7 +227,7 @@ in { storageSchemas = mkOption { description = "Defines retention rates for storing metrics."; default = ""; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [apache_busyWorkers] pattern = ^servers\.www.*\.workers\.busyWorkers$ @@ -238,14 +238,14 @@ in { blacklist = mkOption { description = "Any metrics received which match one of the experssions will be dropped."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = "^some\.noisy\.metric\.prefix\..*"; }; whitelist = mkOption { description = "Only metrics received which match one of the experssions will be persisted."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = ".*"; }; @@ -255,7 +255,7 @@ in { in a search and replace fashion. ''; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [post] _sum$ = @@ -272,7 +272,7 @@ in { relayRules = mkOption { description = "Relay rules are used to send certain metrics to a certain backend."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [example] pattern = ^mydata\.foo\..+ @@ -289,7 +289,7 @@ in { aggregationRules = mkOption { description = "Defines if and how received metrics will be aggregated."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency diff --git a/nixos/modules/services/monitoring/heapster.nix b/nixos/modules/services/monitoring/heapster.nix index fbdff2eb5dbe..6da0831b4c5f 100644 --- a/nixos/modules/services/monitoring/heapster.nix +++ b/nixos/modules/services/monitoring/heapster.nix @@ -15,19 +15,19 @@ in { source = mkOption { description = "Heapster metric source"; example = "kubernetes:https://kubernetes.default"; - type = types.string; + type = types.str; }; sink = mkOption { description = "Heapster metic sink"; example = "influxdb:http://localhost:8086"; - type = types.string; + type = types.str; }; extraOpts = mkOption { description = "Heapster extra options"; default = ""; - type = types.string; + type = types.separatedString " "; }; package = mkOption { diff --git a/nixos/modules/services/monitoring/kapacitor.nix b/nixos/modules/services/monitoring/kapacitor.nix index 0f236d25c9ed..9b4ff3c56124 100644 --- a/nixos/modules/services/monitoring/kapacitor.nix +++ b/nixos/modules/services/monitoring/kapacitor.nix @@ -116,17 +116,17 @@ in url = mkOption { description = "The URL to an InfluxDB server that serves as the default database"; example = "http://localhost:8086"; - type = types.string; + type = types.str; }; username = mkOption { description = "The username to connect to the remote InfluxDB server"; - type = types.string; + type = types.str; }; password = mkOption { description = "The password to connect to the remote InfluxDB server"; - type = types.string; + type = types.str; }; }; @@ -137,7 +137,7 @@ in description = "The URL to the Alerta REST API"; default = "http://localhost:5000"; example = "http://localhost:5000"; - type = types.string; + type = types.str; }; token = mkOption { diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index ffe223fedbe1..8af0650c7380 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -233,7 +233,7 @@ in # In the meantime this at least suppresses a useless graph full of # NaNs in the output. default = [ "munin_stats" ]; - type = with types; listOf string; + type = with types; listOf str; description = '' Munin plugins to disable, even if <literal>munin-node-configure --suggest</literal> tries to enable diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 2ab8910ff9db..b69310c34ff5 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -132,14 +132,10 @@ let in mkIf conf.enable { warnings = conf.warnings or []; - users.users = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) { - "${name}-exporter" = { - description = '' - Prometheus ${name} exporter service user - ''; - isSystemUser = true; - inherit (conf) group; - }; + users.users."${name}-exporter" = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) { + description = "Prometheus ${name} exporter service user"; + isSystemUser = true; + inherit (conf) group; }); users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) { "${name}-exporter" = {}; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix index 7e394e8463e0..adc2abe0b91c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -9,7 +9,7 @@ in port = 9100; extraOpts = { enabledCollectors = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = ''[ "systemd" ]''; description = '' diff --git a/nixos/modules/services/monitoring/riemann-tools.nix b/nixos/modules/services/monitoring/riemann-tools.nix index 2b647b6b1ade..86a11694e7b4 100644 --- a/nixos/modules/services/monitoring/riemann-tools.nix +++ b/nixos/modules/services/monitoring/riemann-tools.nix @@ -35,7 +35,7 @@ in { ''; }; extraArgs = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = '' A list of commandline-switches forwarded to a riemann-tool. diff --git a/nixos/modules/services/monitoring/scollector.nix b/nixos/modules/services/monitoring/scollector.nix index dc0899c7e684..38cd2213de76 100644 --- a/nixos/modules/services/monitoring/scollector.nix +++ b/nixos/modules/services/monitoring/scollector.nix @@ -51,7 +51,7 @@ in { }; user = mkOption { - type = types.string; + type = types.str; default = "scollector"; description = '' User account under which scollector runs. @@ -59,7 +59,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "scollector"; description = '' Group account under which scollector runs. @@ -67,7 +67,7 @@ in { }; bosunHost = mkOption { - type = types.string; + type = types.str; default = "localhost:8070"; description = '' Host and port of the bosun server that will store the collected diff --git a/nixos/modules/services/monitoring/ups.nix b/nixos/modules/services/monitoring/ups.nix index 429b40227d47..1bdc4e4410f1 100644 --- a/nixos/modules/services/monitoring/ups.nix +++ b/nixos/modules/services/monitoring/ups.nix @@ -55,7 +55,7 @@ let description = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Description of the UPS. ''; @@ -71,7 +71,7 @@ let summary = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' Lines which would be added inside ups.conf for handling this UPS. ''; diff --git a/nixos/modules/services/monitoring/uptime.nix b/nixos/modules/services/monitoring/uptime.nix index c0993f3bc2e7..245badc3e44f 100644 --- a/nixos/modules/services/monitoring/uptime.nix +++ b/nixos/modules/services/monitoring/uptime.nix @@ -57,7 +57,7 @@ in { nodeEnv = mkOption { description = "The node environment to run in (development, production, etc.)"; - type = types.string; + type = types.str; default = "production"; }; diff --git a/nixos/modules/services/network-filesystems/davfs2.nix b/nixos/modules/services/network-filesystems/davfs2.nix index c16e12378d75..100d458d536c 100644 --- a/nixos/modules/services/network-filesystems/davfs2.nix +++ b/nixos/modules/services/network-filesystems/davfs2.nix @@ -21,7 +21,7 @@ in }; davUser = mkOption { - type = types.string; + type = types.str; default = "davfs2"; description = '' When invoked by root the mount.davfs daemon will run as this user. @@ -30,7 +30,7 @@ in }; davGroup = mkOption { - type = types.string; + type = types.str; default = "davfs2"; description = '' The group of the running mount.davfs daemon. Ordinary users must be diff --git a/nixos/modules/services/network-filesystems/drbd.nix b/nixos/modules/services/network-filesystems/drbd.nix index 57b1fbb597c7..4ab74ed8e1c0 100644 --- a/nixos/modules/services/network-filesystems/drbd.nix +++ b/nixos/modules/services/network-filesystems/drbd.nix @@ -23,7 +23,7 @@ let cfg = config.services.drbd; in services.drbd.config = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' Contents of the <filename>drbd.conf</filename> configuration file. ''; diff --git a/nixos/modules/services/network-filesystems/rsyncd.nix b/nixos/modules/services/network-filesystems/rsyncd.nix index 054057d52ab1..b17ec3aa9300 100644 --- a/nixos/modules/services/network-filesystems/rsyncd.nix +++ b/nixos/modules/services/network-filesystems/rsyncd.nix @@ -35,7 +35,7 @@ in }; motd = mkOption { - type = types.string; + type = types.str; default = ""; description = '' Message of the day to display to clients on each connect. diff --git a/nixos/modules/services/network-filesystems/yandex-disk.nix b/nixos/modules/services/network-filesystems/yandex-disk.nix index e93f45b49867..0aa01ef9e6d9 100644 --- a/nixos/modules/services/network-filesystems/yandex-disk.nix +++ b/nixos/modules/services/network-filesystems/yandex-disk.nix @@ -29,7 +29,7 @@ in username = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Your yandex.com login name. ''; @@ -37,7 +37,7 @@ in password = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Your yandex.com password. Warning: it will be world-readable in /nix/store. ''; @@ -57,7 +57,7 @@ in excludes = mkOption { default = ""; - type = types.string; + type = types.commas; example = "data,backup"; description = '' Comma-separated list of directories which are excluded from synchronization. diff --git a/nixos/modules/services/networking/aria2.nix b/nixos/modules/services/networking/aria2.nix index 53829bf18863..c5b146283de3 100644 --- a/nixos/modules/services/networking/aria2.nix +++ b/nixos/modules/services/networking/aria2.nix @@ -47,8 +47,8 @@ in ''; }; downloadDir = mkOption { - type = types.string; - default = "${downloadDir}"; + type = types.path; + default = downloadDir; description = '' Directory to store downloaded files. ''; @@ -66,7 +66,7 @@ in description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; }; rpcSecret = mkOption { - type = types.string; + type = types.str; default = "aria2rpc"; description = '' Set RPC secret authorization token. @@ -74,7 +74,7 @@ in ''; }; extraArguments = mkOption { - type = types.string; + type = types.separatedString " "; example = "--rpc-listen-all --remote-time=true"; default = ""; description = '' diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index a098a155e991..a8d9a027e9fa 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -20,12 +20,12 @@ in type = types.listOf (types.submodule { options = { name = mkOption { - type = types.string; + type = types.str; example = "socks-peer"; description = "Name of the local AutoSSH session"; }; user = mkOption { - type = types.string; + type = types.str; example = "bill"; description = "Name of the user the AutoSSH session should run as"; }; @@ -40,7 +40,7 @@ in ''; }; extraArguments = mkOption { - type = types.string; + type = types.separatedString " "; example = "-N -D4343 bill@socks.example.net"; description = '' Arguments to be passed to AutoSSH and retransmitted to SSH diff --git a/nixos/modules/services/networking/bitcoind.nix b/nixos/modules/services/networking/bitcoind.nix index d3501636b41d..1439d739da9d 100644 --- a/nixos/modules/services/networking/bitcoind.nix +++ b/nixos/modules/services/networking/bitcoind.nix @@ -59,8 +59,8 @@ in { package = mkOption { type = types.package; - default = pkgs.altcoins.bitcoind; - defaultText = "pkgs.altcoins.bitcoind"; + default = pkgs.bitcoind; + defaultText = "pkgs.bitcoind"; description = "The package providing bitcoin binaries."; }; configFile = mkOption { diff --git a/nixos/modules/services/networking/charybdis.nix b/nixos/modules/services/networking/charybdis.nix index e3aba063f87b..da26246e703e 100644 --- a/nixos/modules/services/networking/charybdis.nix +++ b/nixos/modules/services/networking/charybdis.nix @@ -21,14 +21,14 @@ in enable = mkEnableOption "Charybdis IRC daemon"; config = mkOption { - type = types.string; + type = types.str; description = '' Charybdis IRC daemon configuration file. ''; }; statedir = mkOption { - type = types.string; + type = types.path; default = "/var/lib/charybdis"; description = '' Location of the state directory of charybdis. @@ -36,7 +36,7 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "ircd"; description = '' Charybdis IRC daemon user. @@ -44,7 +44,7 @@ in }; group = mkOption { - type = types.string; + type = types.str; default = "ircd"; description = '' Charybdis IRC daemon group. @@ -101,7 +101,7 @@ in }; } - + (mkIf (cfg.motd != null) { environment.etc."charybdis/ircd.motd".text = cfg.motd; }) diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index c3ca6fbe725e..1cd3fd2ade57 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -45,7 +45,7 @@ in { }; networkInterfaceBlacklist = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]; description = '' Default blacklisted interfaces, this includes NixOS containers interfaces (ve). @@ -53,7 +53,7 @@ in { }; extraFlags = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ ]; example = [ "--nodnsproxy" ]; description = '' diff --git a/nixos/modules/services/networking/gogoclient.nix b/nixos/modules/services/networking/gogoclient.nix index 9d16f0efb435..c9b03bca7112 100644 --- a/nixos/modules/services/networking/gogoclient.nix +++ b/nixos/modules/services/networking/gogoclient.nix @@ -34,7 +34,7 @@ in password = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Path to a file (as a string), containing your gogoNET password, if any. ''; diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix index 54a5bed2563f..2915b54f05b4 100644 --- a/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix @@ -81,7 +81,7 @@ in driver = mkOption { default = "nl80211"; example = "hostapd"; - type = types.string; + type = types.str; description = '' Which driver <command>hostapd</command> will use. Most applications will probably use the default. @@ -91,7 +91,7 @@ in ssid = mkOption { default = "nixos"; example = "mySpecialSSID"; - type = types.string; + type = types.str; description = "SSID to be used in IEEE 802.11 management frames."; }; @@ -119,7 +119,7 @@ in group = mkOption { default = "wheel"; example = "network"; - type = types.string; + type = types.str; description = '' Members of this group can control <command>hostapd</command>. ''; @@ -135,7 +135,7 @@ in wpaPassphrase = mkOption { default = "my_sekret"; example = "any_64_char_string"; - type = types.string; + type = types.str; description = '' WPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. diff --git a/nixos/modules/services/networking/jormungandr.nix b/nixos/modules/services/networking/jormungandr.nix index 0c66b85fe8a5..68f1e9af9fff 100644 --- a/nixos/modules/services/networking/jormungandr.nix +++ b/nixos/modules/services/networking/jormungandr.nix @@ -54,7 +54,7 @@ in { }; genesisBlockHash = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "d70495af81ae8600aca3e642b2427327cb6001ec4d7a0037e96a00dabed163f9"; description = '' diff --git a/nixos/modules/services/networking/kippo.nix b/nixos/modules/services/networking/kippo.nix index 40c38254a57c..7ef989b2a78e 100644 --- a/nixos/modules/services/networking/kippo.nix +++ b/nixos/modules/services/networking/kippo.nix @@ -26,22 +26,22 @@ rec { }; hostname = mkOption { default = "nas3"; - type = types.string; + type = types.str; description = ''Hostname for kippo to present to SSH login''; }; varPath = mkOption { default = "/var/lib/kippo"; - type = types.string; + type = types.path; description = ''Path of read/write files needed for operation and configuration.''; }; logPath = mkOption { default = "/var/log/kippo"; - type = types.string; + type = types.path; description = ''Path of log files needed for operation and configuration.''; }; pidPath = mkOption { default = "/run/kippo"; - type = types.string; + type = types.path; description = ''Path of pid files needed for operation.''; }; extraConfig = mkOption { @@ -109,8 +109,8 @@ rec { serviceConfig.ExecStart = "${pkgs.kippo.twisted}/bin/twistd -y ${pkgs.kippo}/src/kippo.tac --syslog --rundir=${cfg.varPath}/ --pidfile=${cfg.pidPath}/kippo.pid --prefix=kippo -n"; serviceConfig.PermissionsStartOnly = true; - serviceConfig.User = "kippo"; - serviceConfig.Group = "kippo"; + serviceConfig.User = "kippo"; + serviceConfig.Group = "kippo"; }; }; } diff --git a/nixos/modules/services/networking/morty.nix b/nixos/modules/services/networking/morty.nix index cc81e27e9399..1b3084fe9abb 100644 --- a/nixos/modules/services/networking/morty.nix +++ b/nixos/modules/services/networking/morty.nix @@ -27,7 +27,7 @@ in }; key = mkOption { - type = types.string; + type = types.str; default = ""; description = "HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can @@ -56,7 +56,7 @@ in }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = "The address on which the service listens"; defaultText = "127.0.0.1 (localhost)"; diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 1d49c137723c..d2feb93e2b72 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -49,7 +49,7 @@ in host = mkOption { default = "127.0.0.1"; example = "0.0.0.0"; - type = types.string; + type = types.str; description = '' Host to listen on without SSL. ''; @@ -88,7 +88,7 @@ in host = mkOption { default = "0.0.0.0"; example = "localhost"; - type = types.string; + type = types.str; description = '' Host to listen on with SSL. ''; @@ -135,7 +135,7 @@ in }; acl = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; example = [ "topic read A/B" "topic A/#" ]; description = '' Control client access to topics on the broker. diff --git a/nixos/modules/services/networking/namecoind.nix b/nixos/modules/services/networking/namecoind.nix index a569ca87e262..c8ee0a2f5647 100644 --- a/nixos/modules/services/networking/namecoind.nix +++ b/nixos/modules/services/networking/namecoind.nix @@ -175,7 +175,7 @@ in serviceConfig = { User = "namecoin"; Group = "namecoin"; - ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole"; + ExecStart = "${pkgs.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole"; ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Nice = "10"; diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 551636a33d25..0042a7df8e11 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -156,7 +156,7 @@ in { }; unmanaged = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = '' List of interfaces that will not be managed by NetworkManager. diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index ca458d089dcc..347d87b3f385 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -19,7 +19,7 @@ in }; bindAddress = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = '' IP address where nix-serve will bind its listening socket. @@ -44,7 +44,7 @@ in }; extraParams = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = '' Extra command line parameters for nix-serve. diff --git a/nixos/modules/services/networking/nylon.nix b/nixos/modules/services/networking/nylon.nix index b061ce34ed2c..7c171281a926 100644 --- a/nixos/modules/services/networking/nylon.nix +++ b/nixos/modules/services/networking/nylon.nix @@ -65,7 +65,7 @@ let }; acceptInterface = mkOption { - type = types.string; + type = types.str; default = "lo"; description = '' Tell nylon which interface to listen for client requests on, default is "lo". @@ -73,7 +73,7 @@ let }; bindInterface = mkOption { - type = types.string; + type = types.str; default = "enp3s0f0"; description = '' Tell nylon which interface to use as an uplink, default is "enp3s0f0". @@ -89,7 +89,7 @@ let }; allowedIPRanges = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]; description = '' Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: @@ -98,7 +98,7 @@ let }; deniedIPRanges = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ "0.0.0.0/0" ]; description = '' Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: diff --git a/nixos/modules/services/networking/openntpd.nix b/nixos/modules/services/networking/openntpd.nix index 57638ebc9c01..f3920aa80646 100644 --- a/nixos/modules/services/networking/openntpd.nix +++ b/nixos/modules/services/networking/openntpd.nix @@ -40,7 +40,7 @@ in }; extraOptions = mkOption { - type = with types; string; + type = with types; separatedString " "; default = ""; example = "-s"; description = '' diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix index f47122ee70bf..05be97e66a3d 100644 --- a/nixos/modules/services/networking/openvpn.nix +++ b/nixos/modules/services/networking/openvpn.nix @@ -182,12 +182,12 @@ in options = { username = mkOption { description = "The username to store inside the credentials file."; - type = types.string; + type = types.str; }; password = mkOption { description = "The password to store inside the credentials file."; - type = types.string; + type = types.str; }; }; }); diff --git a/nixos/modules/services/networking/ostinato.nix b/nixos/modules/services/networking/ostinato.nix index 13f784dc53c1..5e8cce5b89aa 100644 --- a/nixos/modules/services/networking/ostinato.nix +++ b/nixos/modules/services/networking/ostinato.nix @@ -50,7 +50,7 @@ in rpcServer = { address = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = '' By default, the Drone RPC server will listen on all interfaces and @@ -63,7 +63,7 @@ in portList = { include = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = ''[ "eth*" "lo*" ]''; description = '' diff --git a/nixos/modules/services/networking/polipo.nix b/nixos/modules/services/networking/polipo.nix index 529115a1c6e1..dbe3b7380970 100644 --- a/nixos/modules/services/networking/polipo.nix +++ b/nixos/modules/services/networking/polipo.nix @@ -30,7 +30,7 @@ in }; proxyAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = "IP address on which Polipo will listen."; }; @@ -51,7 +51,7 @@ in }; parentProxy = mkOption { - type = types.string; + type = types.str; default = ""; example = "localhost:8124"; description = '' @@ -61,7 +61,7 @@ in }; socksParentProxy = mkOption { - type = types.string; + type = types.str; default = ""; example = "localhost:9050"; description = '' @@ -74,7 +74,7 @@ in type = types.lines; default = ""; description = '' - Polio configuration. Contents will be added + Polio configuration. Contents will be added verbatim to the configuration file. ''; }; @@ -111,4 +111,4 @@ in }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/networking/pptpd.nix b/nixos/modules/services/networking/pptpd.nix index d8b9e8f8341a..3e7753b9dd35 100644 --- a/nixos/modules/services/networking/pptpd.nix +++ b/nixos/modules/services/networking/pptpd.nix @@ -8,13 +8,13 @@ with lib; enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon"; serverIp = mkOption { - type = types.string; + type = types.str; description = "The server-side IP address."; default = "10.124.124.1"; }; clientIpRange = mkOption { - type = types.string; + type = types.str; description = "The range from which client IPs are drawn."; default = "10.124.124.2-11"; }; diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 40bd9015b1eb..1ae063aa6bb5 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -297,7 +297,7 @@ in }; dataDir = mkOption { - type = types.string; + type = types.path; description = "Directory where Prosody stores its data"; default = "/var/lib/prosody"; }; diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index d6fabbcd4700..1daced4a6c70 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -41,7 +41,7 @@ in }; services.radicale.config = mkOption { - type = types.string; + type = types.str; default = ""; description = '' Radicale configuration, this will set the service @@ -50,7 +50,7 @@ in }; services.radicale.extraArgs = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = "Extra arguments passed to the Radicale daemon."; }; diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index f511a9af2562..e548ec66962a 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -35,7 +35,7 @@ in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = "IP interface to listen on for http connections."; }; diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index c41d0edaf17f..20228ceaaff8 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -55,7 +55,7 @@ in description = "Enable the smokeping service"; }; alertConfig = mkOption { - type = types.string; + type = types.lines; default = '' to = root@localhost from = smokeping@localhost @@ -73,19 +73,20 @@ in description = "Configuration for alerts."; }; cgiUrl = mkOption { - type = types.string; - default = "http://${cfg.hostName}:${builtins.toString cfg.port}/smokeping.cgi"; + type = types.str; + default = "http://${cfg.hostName}:${toString cfg.port}/smokeping.cgi"; + defaultText = "http://\${hostName}:\${toString port}/smokeping.cgi"; example = "https://somewhere.example.com/smokeping.cgi"; description = "URL to the smokeping cgi."; }; config = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.lines; default = null; description = "Full smokeping config supplied by the user. Overrides " + "and replaces any other configuration supplied."; }; databaseConfig = mkOption { - type = types.string; + type = types.lines; default = '' step = 300 pings = 20 @@ -122,14 +123,15 @@ in description = "Any additional customization not already included."; }; hostName = mkOption { - type = types.string; + type = types.str; default = config.networking.hostName; example = "somewhere.example.com"; description = "DNS name for the urls generated in the cgi."; }; imgUrl = mkOption { - type = types.string; - default = "http://${cfg.hostName}:${builtins.toString cfg.port}/cache"; + type = types.str; + default = "http://${cfg.hostName}:${toString cfg.port}/cache"; + defaultText = "http://\${hostName}:\${toString port}/cache"; example = "https://somewhere.example.com/cache"; description = "Base url for images generated in the cgi."; }; @@ -140,19 +142,19 @@ in description = "DNS name for the urls generated in the cgi."; }; mailHost = mkOption { - type = types.string; + type = types.str; default = ""; example = "localhost"; description = "Use this SMTP server to send alerts"; }; owner = mkOption { - type = types.string; + type = types.str; default = "nobody"; example = "Joe Admin"; description = "Real name of the owner of the instance"; }; ownerEmail = mkOption { - type = types.string; + type = types.str; default = "no-reply@${cfg.hostName}"; example = "no-reply@yourdomain.com"; description = "Email contact for owner"; @@ -170,7 +172,7 @@ in description = "TCP port to use for the web server."; }; presentationConfig = mkOption { - type = types.string; + type = types.lines; default = '' + charts menu = Charts @@ -211,12 +213,12 @@ in description = "presentation graph style"; }; presentationTemplate = mkOption { - type = types.string; + type = types.str; default = "${pkgs.smokeping}/etc/basepage.html.dist"; description = "Default page layout for the web UI."; }; probeConfig = mkOption { - type = types.string; + type = types.lines; default = '' + FPing binary = ${config.security.wrapperDir}/fping @@ -230,12 +232,12 @@ in description = "Use this sendmail compatible script to deliver alerts"; }; smokeMailTemplate = mkOption { - type = types.string; + type = types.str; default = "${cfg.package}/etc/smokemail.dist"; description = "Specify the smokemail template for alerts."; }; targetConfig = mkOption { - type = types.string; + type = types.lines; default = '' probe = FPing menu = Top @@ -253,7 +255,7 @@ in description = "Target configuration"; }; user = mkOption { - type = types.string; + type = types.str; default = "smokeping"; description = "User that runs smokeping and (optionally) thttpd"; }; diff --git a/nixos/modules/services/networking/softether.nix b/nixos/modules/services/networking/softether.nix index 65df93a00da9..669c69d832b8 100644 --- a/nixos/modules/services/networking/softether.nix +++ b/nixos/modules/services/networking/softether.nix @@ -50,7 +50,7 @@ in }; dataDir = mkOption { - type = types.string; + type = types.path; default = "/var/lib/softether"; description = '' Data directory for SoftEther VPN. diff --git a/nixos/modules/services/networking/stunnel.nix b/nixos/modules/services/networking/stunnel.nix index 89a14966eca7..cbc899f2b4d7 100644 --- a/nixos/modules/services/networking/stunnel.nix +++ b/nixos/modules/services/networking/stunnel.nix @@ -35,12 +35,12 @@ let clientConfig = { options = { accept = mkOption { - type = types.string; + type = types.str; description = "IP:Port on which connections should be accepted."; }; connect = mkOption { - type = types.string; + type = types.str; description = "IP:Port destination to connect to."; }; @@ -63,7 +63,7 @@ let }; verifyHostname = mkOption { - type = with types; nullOr string; + type = with types; nullOr str; default = null; description = "If set, stunnel checks if the provided certificate is valid for the given hostname."; }; @@ -88,13 +88,13 @@ in }; user = mkOption { - type = with types; nullOr string; + type = with types; nullOr str; default = "nobody"; description = "The user under which stunnel runs."; }; group = mkOption { - type = with types; nullOr string; + type = with types; nullOr str; default = "nogroup"; description = "The group under which stunnel runs."; }; diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix index 7830dfb1834c..7daacba185fe 100644 --- a/nixos/modules/services/networking/toxvpn.nix +++ b/nixos/modules/services/networking/toxvpn.nix @@ -8,7 +8,7 @@ with lib; enable = mkEnableOption "toxvpn running on startup"; localip = mkOption { - type = types.string; + type = types.str; default = "10.123.123.1"; description = "your ip on the vpn"; }; @@ -20,7 +20,7 @@ with lib; }; auto_add_peers = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = ''[ "toxid1" "toxid2" ]''; description = "peers to automacally connect to on startup"; diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix index 31e1e65fa9ca..67be60da5673 100644 --- a/nixos/modules/services/networking/vsftpd.nix +++ b/nixos/modules/services/networking/vsftpd.nix @@ -164,7 +164,7 @@ in }; anonymousUmask = mkOption { - type = types.string; + type = types.str; default = "077"; example = "002"; description = "Anonymous write umask."; diff --git a/nixos/modules/services/networking/xinetd.nix b/nixos/modules/services/networking/xinetd.nix index 2d7cd5cebb48..8dc6f845ed85 100644 --- a/nixos/modules/services/networking/xinetd.nix +++ b/nixos/modules/services/networking/xinetd.nix @@ -53,7 +53,7 @@ in services.xinetd.extraDefaults = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' Additional configuration lines added to the default section of xinetd's configuration. ''; @@ -70,13 +70,13 @@ in options = { name = mkOption { - type = types.string; + type = types.str; example = "login"; description = "Name of the service."; }; protocol = mkOption { - type = types.string; + type = types.str; default = "tcp"; description = "Protocol of the service. Usually <literal>tcp</literal> or <literal>udp</literal>."; @@ -90,25 +90,25 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "nobody"; description = "User account for the service"; }; server = mkOption { - type = types.string; + type = types.str; example = "/foo/bin/ftpd"; description = "Path of the program that implements the service."; }; serverArgs = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = "Command-line arguments for the server program."; }; flags = mkOption { - type = types.string; + type = types.str; default = ""; description = ""; }; diff --git a/nixos/modules/services/networking/xl2tpd.nix b/nixos/modules/services/networking/xl2tpd.nix index d0a3ed7bb5e0..7dbe51422d96 100644 --- a/nixos/modules/services/networking/xl2tpd.nix +++ b/nixos/modules/services/networking/xl2tpd.nix @@ -8,13 +8,13 @@ with lib; enable = mkEnableOption "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"; serverIp = mkOption { - type = types.string; + type = types.str; description = "The server-side IP address."; default = "10.125.125.1"; }; clientIpRange = mkOption { - type = types.string; + type = types.str; description = "The range from which client IPs are drawn."; default = "10.125.125.2-11"; }; diff --git a/nixos/modules/services/security/haka.nix b/nixos/modules/services/security/haka.nix index b64a1b4d03e0..618e689924fd 100644 --- a/nixos/modules/services/security/haka.nix +++ b/nixos/modules/services/security/haka.nix @@ -69,7 +69,7 @@ in configFile = mkOption { default = "empty.lua"; example = "/srv/haka/myfilter.lua"; - type = types.string; + type = types.str; description = '' Specify which configuration file Haka uses. It can be absolute path or a path relative to the sample directory of @@ -80,7 +80,7 @@ in interfaces = mkOption { default = [ "eth0" ]; example = [ "any" ]; - type = with types; listOf string; + type = with types; listOf str; description = '' Specify which interface(s) Haka listens to. Use 'any' to listen to all interfaces. diff --git a/nixos/modules/services/security/munge.nix b/nixos/modules/services/security/munge.nix index 1c4f8e20552f..891788864710 100644 --- a/nixos/modules/services/security/munge.nix +++ b/nixos/modules/services/security/munge.nix @@ -19,7 +19,7 @@ in password = mkOption { default = "/etc/munge/munge.key"; - type = types.string; + type = types.path; description = '' The path to a daemon's secret key. ''; diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index 61f203ef9e7d..bb03f7fc9e43 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -284,7 +284,7 @@ in #################################################### # UPSTREAM Configuration upstream = mkOption { - type = with types; coercedTo string (x: [x]) (listOf string); + type = with types; coercedTo str (x: [x]) (listOf str); default = []; description = '' The http url(s) of the upstream endpoint or <literal>file://</literal> @@ -523,7 +523,7 @@ in }; keyFile = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.path; default = null; description = '' oauth2_proxy allows passing sensitive configuration via environment variables. diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2_proxy_nginx.nix index a9ad5497a657..be6734f439f3 100644 --- a/nixos/modules/services/security/oauth2_proxy_nginx.nix +++ b/nixos/modules/services/security/oauth2_proxy_nginx.nix @@ -6,14 +6,14 @@ in { options.services.oauth2_proxy.nginx = { proxy = mkOption { - type = types.string; + type = types.str; default = config.services.oauth2_proxy.httpAddress; description = '' The address of the reverse proxy endpoint for oauth2_proxy ''; }; virtualHosts = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = '' A list of nginx virtual hosts to put behind the oauth2 proxy diff --git a/nixos/modules/services/torrent/deluge.nix b/nixos/modules/services/torrent/deluge.nix index 48ec4d692e2f..d8810a4481b1 100644 --- a/nixos/modules/services/torrent/deluge.nix +++ b/nixos/modules/services/torrent/deluge.nix @@ -173,7 +173,11 @@ in { # Provide a default set of `extraPackages`. services.deluge.extraPackages = with pkgs; [ unzip gnutar xz p7zip bzip2 ]; - systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ] + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group}" + "d '${cfg.dataDir}/.config' 0770 ${cfg.user} ${cfg.group}" + "d '${cfg.dataDir}/.config/deluge' 0770 ${cfg.user} ${cfg.group}" + ] ++ optional (cfg.config ? "download_location") "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}" ++ optional (cfg.config ? "torrentfiles_location") @@ -237,7 +241,6 @@ in { group = cfg.group; uid = config.ids.uids.deluge; home = cfg.dataDir; - createHome = true; description = "Deluge Daemon user"; }; }; diff --git a/nixos/modules/services/torrent/flexget.nix b/nixos/modules/services/torrent/flexget.nix index ca63f529a5df..6ac85f8fa178 100644 --- a/nixos/modules/services/torrent/flexget.nix +++ b/nixos/modules/services/torrent/flexget.nix @@ -19,7 +19,7 @@ in { user = mkOption { default = "deluge"; example = "some_user"; - type = types.string; + type = types.str; description = "The user under which to run flexget."; }; @@ -33,7 +33,7 @@ in { interval = mkOption { default = "10m"; example = "1h"; - type = types.string; + type = types.str; description = "When to perform a <command>flexget</command> run. See <command>man 7 systemd.time</command> for the format."; }; diff --git a/nixos/modules/services/web-apps/youtrack.nix b/nixos/modules/services/web-apps/youtrack.nix index 691cbdc8d1d5..830edac20bac 100644 --- a/nixos/modules/services/web-apps/youtrack.nix +++ b/nixos/modules/services/web-apps/youtrack.nix @@ -28,28 +28,28 @@ in The interface youtrack will listen on. ''; default = "127.0.0.1"; - type = types.string; + type = types.str; }; baseUrl = mkOption { description = '' Base URL for youtrack. Will be auto-detected and stored in database. ''; - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; }; extraParams = mkOption { default = {}; description = '' - Extra parameters to pass to youtrack. See + Extra parameters to pass to youtrack. See https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html for more information. ''; example = { "jetbrains.youtrack.overrideRootPassword" = "tortuga"; }; - type = types.attrsOf types.string; + type = types.attrsOf types.str; }; package = mkOption { @@ -73,7 +73,7 @@ in description = '' Where to keep the youtrack database. ''; - type = types.string; + type = types.path; default = "/var/lib/youtrack"; }; @@ -83,7 +83,7 @@ in If null, do not setup anything. ''; default = null; - type = types.nullOr types.string; + type = types.nullOr types.str; }; jvmOpts = mkOption { @@ -92,7 +92,7 @@ in See https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html for more information. ''; - type = types.string; + type = types.separatedString " "; example = "-XX:MetaspaceSize=250m"; default = ""; }; @@ -101,7 +101,7 @@ in description = '' Maximum Java heap size ''; - type = types.string; + type = types.str; default = "1g"; }; @@ -109,7 +109,7 @@ in description = '' Maximum java Metaspace memory. ''; - type = types.string; + type = types.str; default = "350m"; }; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix index 536e707137c6..9d747549c274 100644 --- a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -33,7 +33,7 @@ with lib; description = "port to listen on"; }; ip = mkOption { - type = types.string; + type = types.str; default = "*"; description = "Ip to listen on. 0.0.0.0 for ipv4 only, * for all."; }; diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 6a1db6087840..132c50735d96 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -27,13 +27,13 @@ in { ca = mkOption { default = "https://acme-v02.api.letsencrypt.org/directory"; example = "https://acme-staging-v02.api.letsencrypt.org/directory"; - type = types.string; + type = types.str; description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people."; }; email = mkOption { default = ""; - type = types.string; + type = types.str; description = "Email address (for Let's Encrypt certificate)"; }; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 5c65a2388d6f..b94b338fd4a6 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -473,7 +473,7 @@ in }; clientMaxBodySize = mkOption { - type = types.string; + type = types.str; default = "10m"; description = "Set nginx global client_max_body_size."; }; diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 5bac895d43ac..8de7df0d446c 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -67,7 +67,7 @@ in { group = mkOption { default = "traefik"; - type = types.string; + type = types.str; example = "docker"; description = '' Set the group that traefik runs under. diff --git a/nixos/modules/services/web-servers/uwsgi.nix b/nixos/modules/services/web-servers/uwsgi.nix index 3f858d90fa46..af70f32f32d0 100644 --- a/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixos/modules/services/web-servers/uwsgi.nix @@ -72,7 +72,7 @@ in { }; runDir = mkOption { - type = types.string; + type = types.path; default = "/run/uwsgi"; description = "Where uWSGI communication sockets can live"; }; diff --git a/nixos/modules/services/web-servers/zope2.nix b/nixos/modules/services/web-servers/zope2.nix index 4cad2a2ff777..3abd506827c0 100644 --- a/nixos/modules/services/web-servers/zope2.nix +++ b/nixos/modules/services/web-servers/zope2.nix @@ -11,7 +11,7 @@ let name = mkOption { default = "${name}"; - type = types.string; + type = types.str; description = "The name of the zope2 instance. If undefined, the name of the attribute set will be used."; }; @@ -23,19 +23,19 @@ let http_address = mkOption { default = "localhost:8080"; - type = types.string; + type = types.str; description = "Give a port and address for the HTTP server."; }; user = mkOption { default = "zope2"; - type = types.string; + type = types.str; description = "The name of the effective user for the Zope process."; }; clientHome = mkOption { default = "/var/lib/zope2/${name}"; - type = types.string; + type = types.path; description = "Home directory of zope2 instance."; }; extra = mkOption { @@ -52,7 +52,7 @@ let </blobstorage> </zodb_db> ''; - type = types.string; + type = types.lines; description = "Extra zope.conf"; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 0caa93ad217f..6f344f4121ba 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -37,7 +37,7 @@ let picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png' [org.gnome.shell] - favorite-apps=[ 'org.gnome.Epiphany.desktop', 'evolution.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ] + favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ] ${cfg.extraGSettingsOverrides} EOF @@ -238,6 +238,8 @@ in services.dbus.packages = optional config.services.printing.enable pkgs.system-config-printer; + services.avahi.enable = mkDefault true; + services.geoclue2.enable = mkDefault true; services.geoclue2.enableDemoAgent = false; # GNOME has its own geoclue agent @@ -261,16 +263,19 @@ in source-sans-pro ]; + # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-32/elements/core/meta-gnome-core-shell.bst environment.systemPackages = with pkgs.gnome3; [ adwaita-icon-theme gnome-backgrounds gnome-bluetooth + gnome-color-manager gnome-control-center gnome-getting-started-docs gnome-shell gnome-shell-extensions gnome-themes-extra gnome-user-docs + pkgs.orca pkgs.glib # for gsettings pkgs.gnome-menus pkgs.gtk3.out # for gtk-launch @@ -281,23 +286,43 @@ in ]; }) + # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-32/elements/core/meta-gnome-core-utilities.bst (mkIf serviceCfg.core-utilities.enable { environment.systemPackages = (with pkgs.gnome3; removePackagesByName [ - baobab eog epiphany evince gucharmap nautilus totem yelp gnome-calculator - gnome-contacts gnome-font-viewer gnome-screenshot gnome-system-monitor simple-scan - gnome-terminal evolution file-roller gedit gnome-clocks gnome-music gnome-tweaks - pkgs.gnome-photos nautilus-sendto dconf-editor vinagre gnome-weather gnome-logs - gnome-maps gnome-characters gnome-calendar accerciser gnome-nettool gnome-packagekit - gnome-software gnome-power-manager gnome-todo pkgs.gnome-usage + baobab + cheese + eog + epiphany + geary + gedit + gnome-calculator + gnome-calendar + gnome-characters + gnome-clocks + gnome-contacts + gnome-font-viewer + gnome-logs + gnome-maps + gnome-music + gnome-photos + gnome-screenshot + gnome-software + gnome-system-monitor + gnome-weather + nautilus + simple-scan + totem + yelp + # Unsure if sensible for NixOS + /* gnome-boxes */ ] config.environment.gnome3.excludePackages); # Enable default programs programs.evince.enable = mkDefault true; programs.file-roller.enable = mkDefault true; programs.gnome-disks.enable = mkDefault true; - programs.gnome-documents.enable = mkDefault true; programs.gnome-terminal.enable = mkDefault true; - services.gnome3.seahorse.enable = mkDefault true; + programs.seahorse.enable = mkDefault true; services.gnome3.sushi.enable = mkDefault true; # Let nautilus find extensions diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index ae23015d2005..5b82cb1f0262 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -145,6 +145,9 @@ in programs.dconf.enable = true; programs.evince.enable = mkDefault true; programs.file-roller.enable = mkDefault true; + # Otherwise you can't store NetworkManager Secrets with + # "Store the password only for this user" + programs.nm-applet.enable = true; # Shell integration for VTE terminals programs.bash.vteIntegration = mkDefault true; @@ -191,6 +194,7 @@ in gtk3.out hicolor-icon-theme lightlocker + onboard plank qgnomeplatform shared-mime-info diff --git a/nixos/modules/services/x11/desktop-managers/surf-display.nix b/nixos/modules/services/x11/desktop-managers/surf-display.nix index 232bbf5c55d4..140dde828daa 100644 --- a/nixos/modules/services/x11/desktop-managers/surf-display.nix +++ b/nixos/modules/services/x11/desktop-managers/surf-display.nix @@ -48,7 +48,7 @@ in { enable = mkEnableOption "surf-display as a kiosk browser session"; defaultWwwUri = mkOption { - type = types.string; + type = types.str; default = "${pkgs.surf-display}/share/surf-display/empty-page.html"; example = "https://www.example.com/"; description = "Default URI to display."; @@ -69,7 +69,7 @@ in { }; screensaverSettings = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = '' Screensaver settings, see <literal>man 1 xset</literal> for possible options. @@ -77,7 +77,7 @@ in { }; pointerButtonMap = mkOption { - type = types.string; + type = types.str; default = "1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"; description = '' Disable right and middle pointer device click in browser sessions @@ -87,14 +87,14 @@ in { }; hideIdlePointer = mkOption { - type = types.string; + type = types.str; default = "yes"; example = "no"; description = "Hide idle mouse pointer."; }; extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; example = '' # Enforce fixed resolution for all displays (default: not set): diff --git a/nixos/modules/services/x11/desktop-managers/xterm.nix b/nixos/modules/services/x11/desktop-managers/xterm.nix index ea441fbbe715..93987bd1dfc5 100644 --- a/nixos/modules/services/x11/desktop-managers/xterm.nix +++ b/nixos/modules/services/x11/desktop-managers/xterm.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.services.xserver.desktopManager.xterm; - xserverEnabled = config.services.xserver.enable; in @@ -14,7 +13,7 @@ in services.xserver.desktopManager.xterm.enable = mkOption { type = types.bool; - default = xserverEnabled; + default = false; defaultText = "config.services.xserver.enable"; description = "Enable a xterm terminal as a desktop manager."; }; diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index afa0cebbc527..9aed255f878a 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -114,7 +114,7 @@ in }; name = mkOption { - type = types.string; + type = types.str; description = '' The name of a .desktop file in the directory specified in the 'package' option. diff --git a/nixos/modules/services/x11/hardware/libinput.nix b/nixos/modules/services/x11/hardware/libinput.nix index a0a5e2656852..bd289976532b 100644 --- a/nixos/modules/services/x11/hardware/libinput.nix +++ b/nixos/modules/services/x11/hardware/libinput.nix @@ -41,13 +41,13 @@ in { }; accelSpeed = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; }; buttonMapping = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' @@ -61,7 +61,7 @@ in { }; calibrationMatrix = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' diff --git a/nixos/modules/services/x11/hardware/synaptics.nix b/nixos/modules/services/x11/hardware/synaptics.nix index f032c5938852..e39a56528e82 100644 --- a/nixos/modules/services/x11/hardware/synaptics.nix +++ b/nixos/modules/services/x11/hardware/synaptics.nix @@ -44,19 +44,19 @@ in { }; accelFactor = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "0.001"; description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; }; minSpeed = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "0.6"; description = "Cursor speed factor for precision finger motion."; }; maxSpeed = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "1.0"; description = "Cursor speed factor for highest-speed finger motion."; }; diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix index a6055f26789e..0e1314122767 100644 --- a/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixos/modules/services/x11/window-managers/xmonad.nix @@ -59,7 +59,7 @@ in config = mkOption { default = null; - type = with lib.types; nullOr (either path string); + type = with lib.types; nullOr (either path str); description = '' Configuration from which XMonad gets compiled. If no value is specified, the xmonad config from $HOME/.xmonad is taken. diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix index a550ffd6320f..a32c9dc1f2b4 100644 --- a/nixos/modules/system/boot/binfmt.nix +++ b/nixos/modules/system/boot/binfmt.nix @@ -239,7 +239,7 @@ in { List of systems to emulate. Will also configure Nix to support your new systems. ''; - type = types.listOf types.string; + type = types.listOf types.str; }; }; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index eca9dad64222..d8f347a54d6c 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -8,7 +8,7 @@ let efi = config.boot.loader.efi; - grubPkgs = + grubPkgs = # Package set of targeted architecture if cfg.forcei686 then pkgs.pkgsi686Linux else pkgs; @@ -333,7 +333,7 @@ in }; backgroundColor = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; example = "#7EBAE4"; default = null; description = '' @@ -399,7 +399,7 @@ in example = "text"; type = types.str; description = '' - The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. + The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. ''; }; @@ -408,7 +408,7 @@ in example = "keep"; type = types.str; description = '' - The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. + The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. ''; }; @@ -535,7 +535,7 @@ in default = false; type = types.bool; description = '' - Whether to force the use of a ia32 boot loader on x64 systems. Required + Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI. ''; }; @@ -554,7 +554,7 @@ in systemHasTPM = mkOption { default = ""; example = "YES_TPM_is_activated"; - type = types.string; + type = types.str; description = '' Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot diff --git a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix index 7db60daa60b8..1c8354e52696 100644 --- a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix +++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix @@ -10,7 +10,7 @@ let builderUboot = import ./uboot-builder.nix { inherit pkgs configTxt; inherit (cfg) version; }; builderGeneric = import ./raspberrypi-builder.nix { inherit pkgs configTxt; }; - builder = + builder = if cfg.uboot.enable then "${builderUboot} -g ${toString cfg.uboot.configurationLimit} -t ${timeoutStr} -c" else @@ -86,7 +86,7 @@ in firmwareConfig = mkOption { default = null; - type = types.nullOr types.string; + type = types.nullOr types.lines; description = '' Extra options that will be appended to <literal>/boot/config.txt</literal> file. For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/ diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 5ac753c92a78..16dde9175150 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -836,7 +836,7 @@ in options = { device = mkOption { - type = types.string; + type = types.str; example = "wlp6s0"; description = "The name of the underlying hardware WLAN device as assigned by <literal>udev</literal>."; }; @@ -852,7 +852,7 @@ in }; meshID = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = "MeshID of interface with type <literal>mesh</literal>."; }; diff --git a/nixos/modules/virtualisation/anbox.nix b/nixos/modules/virtualisation/anbox.nix index c63b971ead02..da5df3580734 100644 --- a/nixos/modules/virtualisation/anbox.nix +++ b/nixos/modules/virtualisation/anbox.nix @@ -56,7 +56,7 @@ in dns = mkOption { default = "1.1.1.1"; - type = types.string; + type = types.str; description = '' Container DNS server. ''; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index b61558b22019..0c0d8551e4aa 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -337,7 +337,7 @@ let networkOptions = { hostBridge = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "br0"; description = '' @@ -387,7 +387,7 @@ let }; hostAddress6 = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "fc00::1"; description = '' @@ -409,7 +409,7 @@ let }; localAddress6 = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "fc00::2"; description = '' @@ -565,7 +565,7 @@ in }; interfaces = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; description = '' diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 79766970c757..327324f2921d 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -21,7 +21,7 @@ in boot.initrd.kernelModules = [ "virtio_scsi" ]; boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. + # Generate a GRUB menu. boot.loader.grub.device = "/dev/sda"; boot.loader.timeout = 0; @@ -29,12 +29,16 @@ in # way to select them anyway. boot.loader.grub.configurationLimit = 0; - # Allow root logins only using the SSH key that the user specified - # at instance creation time. + # Allow root logins only using SSH keys + # and disable password authentication in general services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = mkDefault false; + # enable OS Login. This also requires setting enable-oslogin=TRUE metadata on + # instance or project level + security.googleOsLogin.enable = true; + # Use GCE udev rules for dynamic disk volumes services.udev.packages = [ gce ]; @@ -65,165 +69,80 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - security.googleOsLogin.enable = true; - - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - systemd.services.google-instance-setup = { description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; - path = with pkgs; [ ethtool openssh ]; + after = [ "network-online.target" "network.target" "rsyslog.service" ]; + before = [ "sshd.service" ]; + path = with pkgs; [ coreutils ethtool openssh ]; serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; + ExecStart = "${gce}/bin/google_instance_setup"; + StandardOutput="journal+console"; Type = "oneshot"; }; + wantedBy = [ "sshd.service" "multi-user.target" ]; }; systemd.services.google-network-daemon = { description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "network.target" "google-instance-setup.service" ]; path = with pkgs; [ iproute ]; serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; + ExecStart = "${gce}/bin/google_network_daemon"; + StandardOutput="journal+console"; + Type="simple"; }; + wantedBy = [ "multi-user.target" ]; }; + systemd.services.google-clock-skew-daemon = { + description = "Google Compute Engine Clock Skew Daemon"; + after = [ "network.target" "google-instance-setup.service" "google-network-daemon.service" ]; + serviceConfig = { + ExecStart = "${gce}/bin/google_clock_skew_daemon"; + StandardOutput="journal+console"; + Type = "simple"; + }; + wantedBy = ["multi-user.target"]; + }; + + systemd.services.google-shutdown-scripts = { description = "Google Compute Engine Shutdown Scripts"; after = [ - "local-fs.target" "network-online.target" "network.target" "rsyslog.service" - "systemd-resolved.service" "google-instance-setup.service" "google-network-daemon.service" ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; + ExecStop = "${gce}/bin/google_metadata_script_runner --script-type shutdown"; RemainAfterExit = true; - TimeoutStopSec = "infinity"; + StandardOutput="journal+console"; + TimeoutStopSec = "0"; + Type = "oneshot"; }; + wantedBy = [ "multi-user.target" ]; }; systemd.services.google-startup-scripts = { description = "Google Compute Engine Startup Scripts"; after = [ - "local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service" "google-network-daemon.service" ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; + ExecStart = "${gce}/bin/google_metadata_script_runner --script-type startup"; KillMode = "process"; + StandardOutput = "journal+console"; Type = "oneshot"; }; + wantedBy = [ "multi-user.target" ]; }; - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # strict reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # strict path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - - }; - + environment.etc."sysctl.d/11-gce-network-security.conf".source = "${gce}/sysctl.d/11-gce-network-security.conf"; } diff --git a/nixos/modules/virtualisation/kvmgt.nix b/nixos/modules/virtualisation/kvmgt.nix index 289e26e17035..78753da55328 100644 --- a/nixos/modules/virtualisation/kvmgt.nix +++ b/nixos/modules/virtualisation/kvmgt.nix @@ -9,7 +9,7 @@ let vgpuOptions = { uuid = mkOption { - type = types.string; + type = types.str; description = "UUID of VGPU device. You can generate one with <package>libossp_uuid</package>."; }; }; @@ -23,7 +23,7 @@ in { ''; # multi GPU support is under the question device = mkOption { - type = types.string; + type = types.str; default = "0000:00:02.0"; description = "PCI ID of graphics card. You can figure it with <command>ls /sys/class/mdev_bus</command>."; }; diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index 70e575b6c0d2..06d5c63476f9 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -119,7 +119,7 @@ in virtualisation.xen.domains = { extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; description = '' diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index ffa087bb6f28..9e2109d88b5f 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -68,6 +68,7 @@ in rec { nixos.tests.chromium.x86_64-linux or [] (all nixos.tests.firefox) (all nixos.tests.firewall) + (all nixos.tests.fontconfig-default-fonts) (all nixos.tests.gnome3-xorg) (all nixos.tests.gnome3) (all nixos.tests.pantheon) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 557ee78df7c6..8ee4dfbf13bc 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -87,6 +87,7 @@ in flatpak = handleTest ./flatpak.nix {}; flatpak-builder = handleTest ./flatpak-builder.nix {}; fluentd = handleTest ./fluentd.nix {}; + fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {}; fsck = handleTest ./fsck.nix {}; fwupd = handleTestOn ["x86_64-linux"] ./fwupd.nix {}; # libsmbios is unsupported on aarch64 gdk-pixbuf = handleTest ./gdk-pixbuf.nix {}; @@ -233,6 +234,7 @@ in rabbitmq = handleTest ./rabbitmq.nix {}; radarr = handleTest ./radarr.nix {}; radicale = handleTest ./radicale.nix {}; + redis = handleTest ./redis.nix {}; redmine = handleTest ./redmine.nix {}; roundcube = handleTest ./roundcube.nix {}; rspamd = handleTest ./rspamd.nix {}; diff --git a/nixos/tests/common/letsencrypt/default.nix b/nixos/tests/common/letsencrypt/default.nix index 8fe59bf4e70c..58d87c64e344 100644 --- a/nixos/tests/common/letsencrypt/default.nix +++ b/nixos/tests/common/letsencrypt/default.nix @@ -56,11 +56,11 @@ let softhsm = pkgs.stdenv.mkDerivation rec { - name = "softhsm-${version}"; + pname = "softhsm"; version = "1.3.8"; src = pkgs.fetchurl { - url = "https://dist.opendnssec.org/source/${name}.tar.gz"; + url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz"; sha256 = "0flmnpkgp65ym7w3qyg78d3fbmvq3aznmi66rgd420n33shf7aif"; }; diff --git a/nixos/tests/fontconfig-default-fonts.nix b/nixos/tests/fontconfig-default-fonts.nix new file mode 100644 index 000000000000..1991cec92189 --- /dev/null +++ b/nixos/tests/fontconfig-default-fonts.nix @@ -0,0 +1,28 @@ +import ./make-test.nix ({ lib, ... }: +{ + name = "fontconfig-default-fonts"; + + machine = { config, pkgs, ... }: { + fonts.enableDefaultFonts = true; # Background fonts + fonts.fonts = with pkgs; [ + noto-fonts-emoji + cantarell-fonts + twitter-color-emoji + source-code-pro + gentium + ]; + fonts.fontconfig.defaultFonts = { + serif = [ "Gentium Plus" ]; + sansSerif = [ "Cantarell" ]; + monospace = [ "Source Code Pro" ]; + emoji = [ "Twitter Color Emoji" ]; + }; + }; + + testScript = '' + $machine->succeed("fc-match serif | grep '\"Gentium Plus\"'"); + $machine->succeed("fc-match sans-serif | grep '\"Cantarell\"'"); + $machine->succeed("fc-match monospace | grep '\"Source Code Pro\"'"); + $machine->succeed("fc-match emoji | grep '\"Twitter Color Emoji\"'"); + ''; +}) diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix new file mode 100644 index 000000000000..325d93424dd7 --- /dev/null +++ b/nixos/tests/redis.nix @@ -0,0 +1,26 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "redis"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ flokli ]; + }; + + nodes = { + machine = + { pkgs, ... }: + + { + services.redis.enable = true; + services.redis.unixSocket = "/run/redis/redis.sock"; + }; + }; + + testScript = '' + startAll; + + $machine->waitForUnit("redis"); + $machine->waitForOpenPort("6379"); + + $machine->succeed("redis-cli ping | grep PONG"); + $machine->succeed("redis-cli -s /run/redis/redis.sock ping | grep PONG"); + ''; +}) diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index 1c201e3b5dcc..4b71b4d67597 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -71,11 +71,13 @@ import ./make-test.nix ({ pkgs, ... }: { # Regression test for https://github.com/NixOS/nixpkgs/issues/35268 subtest "file system with x-initrd.mount is not unmounted", sub { + $machine->succeed('mountpoint -q /test-x-initrd-mount'); $machine->shutdown; - $machine->waitForUnit('multi-user.target'); - # If the file system was unmounted during the shutdown the file system - # has a last mount time, because the file system wasn't checked. - $machine->fail('dumpe2fs /dev/vdb | grep -q "^Last mount time: *n/a"'); + system('qemu-img', 'convert', '-O', 'raw', + 'vm-state-machine/empty2.qcow2', 'x-initrd-mount.raw'); + my $extinfo = `${pkgs.e2fsprogs}/bin/dumpe2fs x-initrd-mount.raw`; + die "File system was not cleanly unmounted: $extinfo" + unless $extinfo =~ /^Filesystem state: *clean$/m; }; subtest "systemd-shutdown works", sub { |