diff options
Diffstat (limited to 'nixos')
19 files changed, 176 insertions, 36 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 2d517cdec66c..19ff6f4485cd 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -109,6 +109,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable). +- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](#opt-services.prometheus.exporters.fritz.enable). + - [armagetronad](https://wiki.armagetronad.org), a mid-2000s 3D lightcycle game widely played at iD Tech Camps. You can define multiple servers using `services.armagetronad.<server>.enable`. - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable). @@ -337,6 +339,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions. - To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager. +- The Budgie module installs gnome-terminal by default (instead of mate-terminal). + - New `boot.loader.systemd-boot.xbootldrMountPoint` allows setting up a separate [XBOOTLDR partition](https://uapi-group.org/specifications/specs/boot_loader_specification/) to store boot files. Useful on systems with a small EFI System partition that cannot be easily repartitioned. - `boot.loader.systemd-boot` will now verify that `efiSysMountPoint` (and `xbootldrMountPoint` if configured) are mounted partitions. diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix index 49ba2e5c8386..22a2c79843c6 100644 --- a/nixos/lib/utils.nix +++ b/nixos/lib/utils.nix @@ -64,8 +64,8 @@ rec { let s = if builtins.isPath arg then "${arg}" else if builtins.isString arg then arg - else if builtins.isInt arg || builtins.isFloat arg then toString arg - else throw "escapeSystemdExecArg only allows strings, paths and numbers"; + else if builtins.isInt arg || builtins.isFloat arg || lib.isDerivation arg then toString arg + else throw "escapeSystemdExecArg only allows strings, paths, numbers and derivations"; in replaceStrings [ "%" "$" ] [ "%%" "$$" ] (builtins.toJSON s); diff --git a/nixos/modules/i18n/input-method/fcitx5.nix b/nixos/modules/i18n/input-method/fcitx5.nix index ee8d2652b1c7..755336220520 100644 --- a/nixos/modules/i18n/input-method/fcitx5.nix +++ b/nixos/modules/i18n/input-method/fcitx5.nix @@ -32,8 +32,8 @@ in }; plasma6Support = mkOption { type = types.bool; - default = config.services.xserver.desktopManager.plasma6.enable; - defaultText = literalExpression "config.services.xserver.desktopManager.plasma6.enable"; + default = config.services.desktopManager.plasma6.enable; + defaultText = literalExpression "config.services.desktopManager.plasma6.enable"; description = lib.mdDoc '' Use qt6 versions of fcitx5 packages. Required for configuring fcitx5 in KDE System Settings. diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 560e5eff5c39..26dc724ae159 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -683,7 +683,7 @@ let (let dp9ik = config.security.pam.dp9ik; in { name = "p9"; enable = dp9ik.enable; control = dp9ik.control; modulePath = "${pkgs.pam_dp9ik}/lib/security/pam_p9.so"; args = [ dp9ik.authserver ]; }) - { name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${pkgs.fprintd}/lib/security/pam_fprintd.so"; } + { name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${config.services.fprintd.package}/lib/security/pam_fprintd.so"; } ] ++ # Modules in this block require having the password set in PAM_AUTHTOK. # pam_unix is marked as 'sufficient' on NixOS which means nothing will run diff --git a/nixos/modules/services/audio/wyoming/faster-whisper.nix b/nixos/modules/services/audio/wyoming/faster-whisper.nix index dd7f62744cd0..0c36e8c9ab05 100644 --- a/nixos/modules/services/audio/wyoming/faster-whisper.nix +++ b/nixos/modules/services/audio/wyoming/faster-whisper.nix @@ -37,22 +37,13 @@ in enable = mkEnableOption (mdDoc "Wyoming faster-whisper server"); model = mkOption { - # Intersection between available and referenced models here: - # https://github.com/rhasspy/models/releases/tag/v1.0 - # https://github.com/rhasspy/rhasspy3/blob/wyoming-v1/programs/asr/faster-whisper/server/wyoming_faster_whisper/download.py#L17-L27 - type = enum [ - "tiny" - "tiny-int8" - "base" - "base-int8" - "small" - "small-int8" - "medium-int8" - ]; + type = str; default = "tiny-int8"; - example = "medium-int8"; + example = "Systran/faster-distil-whisper-small.en"; description = mdDoc '' Name of the voice model to use. + + Check the [2.0.0 release notes](https://github.com/rhasspy/wyoming-faster-whisper/releases/tag/v2.0.0) for possible values. ''; }; diff --git a/nixos/modules/services/desktops/pipewire/wireplumber.nix b/nixos/modules/services/desktops/pipewire/wireplumber.nix index 5967ac36fa85..de177d0e4ef3 100644 --- a/nixos/modules/services/desktops/pipewire/wireplumber.nix +++ b/nixos/modules/services/desktops/pipewire/wireplumber.nix @@ -67,10 +67,12 @@ in ''; systemwideConfigPkg = pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/90-nixos-systemwide.conf" '' - # When running system-wide, we don't have logind to call ReserveDevice + # When running system-wide, we don't have logind to call ReserveDevice, + # And bluetooth logind integration needs to be disabled wireplumber.profiles = { main = { support.reserve-device = disabled + monitor.bluez.seat-monitoring = disabled } } ''; diff --git a/nixos/modules/services/display-managers/greetd.nix b/nixos/modules/services/display-managers/greetd.nix index c2d345152de9..5ce67c3fb3fd 100644 --- a/nixos/modules/services/display-managers/greetd.nix +++ b/nixos/modules/services/display-managers/greetd.nix @@ -61,6 +61,8 @@ in systemd.services."autovt@${tty}".enable = false; systemd.services.greetd = { + aliases = [ "display-manager.service" ]; + unitConfig = { Wants = [ "systemd-user-sessions.service" diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index b46b4596d563..8c5ec2992eda 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -35,6 +35,7 @@ let "dovecot" "fastly" "flow" + "fritz" "fritzbox" "graphite" "idrac" diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix new file mode 100644 index 000000000000..c3a962b576a5 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, utils, ... }: +let + inherit (lib) mkOption types mdDoc; + cfg = config.services.prometheus.exporters.fritz; + yaml = pkgs.formats.yaml { }; + configFile = yaml.generate "fritz-exporter.yaml" cfg.settings; +in +{ + port = 9787; + + extraOpts = { + settings = mkOption { + description = mdDoc "Configuration settings for fritz-exporter."; + type = types.submodule { + freeformType = yaml.type; + + options = { + # Pull existing port option into config file. + port = mkOption { + type = types.port; + default = cfg.port; + internal = true; + visible = false; + }; + # Pull existing listen address option into config file. + listen_address = mkOption { + type = types.str; + default = cfg.listenAddress; + internal = true; + visible = false; + }; + log_level = mkOption { + type = types.enum [ "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" ]; + default = "INFO"; + description = mdDoc '' + Log level to use for the exporter. + ''; + }; + devices = mkOption { + default = []; + description = "Fritz!-devices to monitor using the exporter."; + type = with types; listOf (submodule { + freeformType = yaml.type; + + options = { + name = mkOption { + type = types.str; + default = ""; + description = mdDoc '' + Name to use for the device. + ''; + }; + hostname = mkOption { + type = types.str; + default = "fritz.box"; + description = mdDoc '' + Hostname under which the target device is reachable. + ''; + }; + username = mkOption { + type = types.str; + description = mdDoc '' + Username to authenticate with the target device. + ''; + }; + password_file = mkOption { + type = types.path; + description = mdDoc '' + Path to a file which contains the password to authenticate with the target device. + Needs to be readable by the user the exporter runs under. + ''; + }; + host_info = mkOption { + type = types.bool; + description = mdDoc '' + Enable extended host info for this device. *Warning*: This will heavily increase scrape time. + ''; + default = false; + }; + }; + }); + }; + }; + }; + }; + }; + + serviceOpts = { + serviceConfig = { + ExecStart = utils.escapeSystemdExecArgs ([ + (lib.getExe pkgs.fritz-exporter) + "--config" configFile + ] ++ cfg.extraFlags); + DynamicUser = false; + }; + }; +} diff --git a/nixos/modules/services/networking/mycelium.nix b/nixos/modules/services/networking/mycelium.nix index 71ff8d1dd9af..9c4bca7c6861 100644 --- a/nixos/modules/services/networking/mycelium.nix +++ b/nixos/modules/services/networking/mycelium.nix @@ -9,17 +9,23 @@ in peers = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' - List of peers to connect to in the format quic://1.2.3.4:9651. - If addHostedPublicNodes is set to true, the hosted public nodes will be added to this list. + List of peers to connect to, in the formats: + - `quic://[2001:0db8::1]:9651` + - `quic://192.0.2.1:9651` + - `tcp://[2001:0db8::1]:9651` + - `tcp://192.0.2.1:9651` + + If addHostedPublicNodes is set to true, the hosted public nodes will also be added. ''; - default = []; + default = [ ]; }; keyFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; description = '' - optional path to a keyFile, if unset the default location (/var/lib/mycelium/key) will be used - If this key does not exist, it will be generated + Optional path to a file containing the mycelium key material. + If unset, the default location (`/var/lib/mycelium/key.bin`) will be used. + If no key exist at this location, it will be generated on startup. ''; }; openFirewall = lib.mkOption { @@ -37,7 +43,7 @@ in type = lib.types.bool; default = true; description = '' - add the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes + Adds the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes. ''; }; }; @@ -79,9 +85,10 @@ in "--key-file \${CREDENTIALS_DIRECTORY}/keyfile" else "--key-file %S/mycelium/key.bin" ) - "--tun-name" "mycelium" + "--tun-name" + "mycelium" ] ++ - (lib.optional (cfg.addHostedPublicNodes || cfg.peers != []) "--peers") + (lib.optional (cfg.addHostedPublicNodes || cfg.peers != [ ]) "--peers") ++ cfg.peers ++ (lib.optionals cfg.addHostedPublicNodes [ "tcp://188.40.132.242:9651" # DE 01 "tcp://[2a01:4f8:221:1e0b::2]:9651" diff --git a/nixos/modules/services/web-apps/suwayomi-server.md b/nixos/modules/services/web-apps/suwayomi-server.md index ff1e06c8a53a..18e7a631443f 100644 --- a/nixos/modules/services/web-apps/suwayomi-server.md +++ b/nixos/modules/services/web-apps/suwayomi-server.md @@ -101,6 +101,9 @@ Not all the configuration options are available directly in this module, but you port = 4567; autoDownloadNewChapters = false; maxSourcesInParallel" = 6; + extensionRepos = [ + "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" + ]; }; }; }; diff --git a/nixos/modules/services/web-apps/suwayomi-server.nix b/nixos/modules/services/web-apps/suwayomi-server.nix index 94dbe6f99356..99c6ea2a36e6 100644 --- a/nixos/modules/services/web-apps/suwayomi-server.nix +++ b/nixos/modules/services/web-apps/suwayomi-server.nix @@ -102,6 +102,17 @@ in ''; }; + extensionRepos = mkOption { + type = types.listOf types.str; + default = []; + example = [ + "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" + ]; + description = mdDoc '' + URL of repositories from which the extensions can be installed. + ''; + }; + localSourcePath = mkOption { type = types.path; default = cfg.dataDir; diff --git a/nixos/modules/services/x11/desktop-managers/budgie.nix b/nixos/modules/services/x11/desktop-managers/budgie.nix index dfc5450d1c81..466ef5c565b7 100644 --- a/nixos/modules/services/x11/desktop-managers/budgie.nix +++ b/nixos/modules/services/x11/desktop-managers/budgie.nix @@ -146,7 +146,6 @@ in { mate.atril mate.engrampa mate.mate-calc - mate.mate-terminal mate.mate-system-monitor vlc @@ -160,6 +159,9 @@ in { ] config.environment.budgie.excludePackages) ++ cfg.sessionPath; + # Both budgie-desktop-view and nemo defaults to this emulator. + programs.gnome-terminal.enable = mkDefault true; + # Fonts. fonts.packages = [ pkgs.noto-fonts @@ -214,7 +216,6 @@ in { services.colord.enable = mkDefault true; # for BCC's Color panel. services.gnome.at-spi2-core.enable = mkDefault true; # for BCC's A11y panel. services.accounts-daemon.enable = mkDefault true; # for BCC's Users panel. - services.fprintd.enable = mkDefault true; # for BCC's Users panel. services.udisks2.enable = mkDefault true; # for BCC's Details panel. # For BCC's Online Accounts panel. diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index 896e2ccf7b84..950cff386d02 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -301,6 +301,7 @@ in "usbhid" "hid_generic" "hid_lenovo" "hid_apple" "hid_roccat" "hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft" "hid_cherry" + "hid_corsair" ] ++ optionals pkgs.stdenv.hostPlatform.isx86 [ # Misc. x86 keyboard stuff. diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f713e3bfdc6f..2c08fdba6c98 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -290,8 +290,8 @@ in { activation-etc-overlay-mutable = runTest ./activation/etc-overlay-mutable.nix; activation-etc-overlay-immutable = runTest ./activation/etc-overlay-immutable.nix; activation-perlless = runTest ./activation/perlless.nix; - etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; - etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; + etcd = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./etcd/etcd.nix {}; + etcd-cluster = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./etcd/etcd-cluster.nix {}; etebase-server = handleTest ./etebase-server.nix {}; etesync-dav = handleTest ./etesync-dav.nix {}; evcc = handleTest ./evcc.nix {}; diff --git a/nixos/tests/budgie.nix b/nixos/tests/budgie.nix index 64a4e65fa7f6..5228e869b056 100644 --- a/nixos/tests/budgie.nix +++ b/nixos/tests/budgie.nix @@ -82,9 +82,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_until_succeeds("${su "budgie-screensaver-command -q"} | grep 'The screensaver is inactive'") machine.sleep(2) - with subtest("Open MATE terminal"): - machine.succeed("${su "mate-terminal >&2 &"}") - machine.wait_for_window("Terminal") + with subtest("Open GNOME terminal"): + machine.succeed("${su "gnome-terminal"}") + machine.wait_for_window("${user.name}@machine: ~") with subtest("Check if Budgie has ever coredumped"): machine.fail("coredumpctl --json=short | grep budgie") diff --git a/nixos/tests/etcd-cluster.nix b/nixos/tests/etcd/etcd-cluster.nix index c77c0dd73c25..734d56dbc223 100644 --- a/nixos/tests/etcd-cluster.nix +++ b/nixos/tests/etcd/etcd-cluster.nix @@ -1,6 +1,6 @@ # This test runs simple etcd cluster -import ./make-test-python.nix ({ pkgs, ... } : let +import ../make-test-python.nix ({ pkgs, ... } : let runWithOpenSSL = file: cmd: pkgs.runCommand file { buildInputs = [ pkgs.openssl ]; diff --git a/nixos/tests/etcd.nix b/nixos/tests/etcd/etcd.nix index 79857778ae1b..a32d0f9a55d1 100644 --- a/nixos/tests/etcd.nix +++ b/nixos/tests/etcd/etcd.nix @@ -1,6 +1,6 @@ # This test runs simple etcd node -import ./make-test-python.nix ({ pkgs, ... } : { +import ../make-test-python.nix ({ pkgs, ... } : { name = "etcd"; meta = with pkgs.lib.maintainers; { diff --git a/nixos/tests/redlib.nix b/nixos/tests/redlib.nix new file mode 100644 index 000000000000..e4bde25e30a6 --- /dev/null +++ b/nixos/tests/redlib.nix @@ -0,0 +1,20 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "redlib"; + meta.maintainers = with lib.maintainers; [ soispha ]; + + nodes.machine = { + services.libreddit = { + package = pkgs.redlib; + enable = true; + # Test CAP_NET_BIND_SERVICE + port = 80; + }; + }; + + testScript = '' + machine.wait_for_unit("libreddit.service") + machine.wait_for_open_port(80) + # Query a page that does not require Internet access + machine.succeed("curl --fail http://localhost:80/settings") + ''; +}) |