diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-unstable.xml | 24 | ||||
| -rw-r--r-- | nixos/modules/config/fonts/fontconfig.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/hardware/opengl.nix | 39 | ||||
| -rw-r--r-- | nixos/modules/installer/tools/auto-upgrade.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/programs/venus.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/rename.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/security/ca.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/continuous-integration/jenkins/default.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/dd-agent.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/ddclient.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/printing/cupsd.nix | 188 | ||||
| -rw-r--r-- | nixos/modules/services/x11/display-managers/default.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/services/x11/xserver.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/azure-agent.nix | 6 |
14 files changed, 195 insertions, 128 deletions
diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index a4f25cdc51f5..c2d1563e0a5d 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -169,10 +169,34 @@ fileSystems."/example" = { options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ]; }; </programlisting> + </para> + </listitem> + + <listitem> + <para>CUPS, installed by <literal>services.printing</literal> module, now + has its data directory in <filename>/var/lib/cups</filename>. Old + configurations from <filename>/etc/cups</filename> are moved there + automatically, but there might be problems. Also configuration options + <literal>services.printing.cupsdConf</literal> and + <literal>services.printing.cupsdFilesConf</literal> were removed + because they had been allowing one to override configuration variables + required for CUPS to work at all on NixOS. For most use cases, + <literal>services.printing.extraConf</literal> and new option + <literal>services.printing.extraFilesConf</literal> should be enough; + if you encounter a situation when they are not, please file a bug.</para> + <para>There are also Gutenprint improvements; in particular, a new option + <literal>services.printing.gutenprint</literal> is added to enable automatic + updating of Gutenprint PPMs; it's greatly recommended to enable it instead + of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list. </para> </listitem> + <listitem> + <para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use + <literal>services.hardware.opengl.extraPackages{,32}</literal> instead. You can + also specify VDPAU drivers there.</para> + </listitem> </itemizedlist> diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index be6662decea6..e078a75b295c 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -129,6 +129,14 @@ with lib; }; + cache32Bit = mkOption { + default = false; + type = types.bool; + description = '' + Generate system fonts cache for 32-bit applications. + ''; + }; + }; }; @@ -231,12 +239,19 @@ with lib; "${pkgs.fontconfig}/etc/fonts/fonts.conf"; environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text = - '' + let + cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; }; + in '' <?xml version='1.0'?> <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'> <fontconfig> <!-- Font directories --> ${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)} + <!-- Pre-generated font caches --> + <cachedir>${cache pkgs.fontconfig}</cachedir> + ${optionalString (pkgs.stdenv.isx86_64 && config.fonts.fontconfig.cache32Bit) '' + <cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir> + ''} </fontconfig> ''; diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index 7693bd5bb453..d3b146be6b33 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -10,7 +10,7 @@ let videoDrivers = config.services.xserver.videoDrivers; - makePackage = p: p.buildEnv { + makePackage = p: pkgs.buildEnv { name = "mesa-drivers+txc-${p.mesa_drivers.version}"; paths = [ p.mesa_drivers @@ -19,6 +19,16 @@ let ]; }; + package = pkgs.buildEnv { + name = "opengl-drivers"; + paths = [ cfg.package ] ++ cfg.extraPackages; + }; + + package32 = pkgs.buildEnv { + name = "opengl-drivers-32bit"; + paths = [ cfg.package32 ] ++ cfg.extraPackages32; + }; + in { @@ -75,11 +85,32 @@ in internal = true; description = '' The package that provides the 32-bit OpenGL implementation on - 64-bit systems. Used when <option>driSupport32Bit</option> is + 64-bit systems. Used when <option>driSupport32Bit</option> is set. ''; }; + hardware.opengl.extraPackages = mkOption { + type = types.listOf types.package; + default = []; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; + description = '' + Additional packages to add to OpenGL drivers. This can be used + to add additional VA-API/VDPAU drivers. + ''; + }; + + hardware.opengl.extraPackages32 = mkOption { + type = types.listOf types.package; + default = []; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; + description = '' + Additional packages to add to 32-bit OpenGL drivers on + 64-bit systems. Used when <option>driSupport32Bit</option> is + set. This can be used to add additional VA-API/VDPAU drivers. + ''; + }; + }; config = mkIf cfg.enable { @@ -91,11 +122,11 @@ in system.activationScripts.setup-opengl = '' - ln -sfn ${cfg.package} /run/opengl-driver + ln -sfn ${package} /run/opengl-driver ${if pkgs.stdenv.isi686 then '' ln -sfn opengl-driver /run/opengl-driver-32 '' else if cfg.driSupport32Bit then '' - ln -sfn ${cfg.package32} /run/opengl-driver-32 + ln -sfn ${package32} /run/opengl-driver-32 '' else '' rm -f /run/opengl-driver-32 ''} diff --git a/nixos/modules/installer/tools/auto-upgrade.nix b/nixos/modules/installer/tools/auto-upgrade.nix index 4ef5fa8bc1d4..2da330f9b571 100644 --- a/nixos/modules/installer/tools/auto-upgrade.nix +++ b/nixos/modules/installer/tools/auto-upgrade.nix @@ -74,7 +74,7 @@ let cfg = config.system.autoUpgrade; in serviceConfig.Type = "oneshot"; environment = config.nix.envVars // - { inherit (config.environment.sessionVariables) NIX_PATH SSL_CERT_FILE; + { inherit (config.environment.sessionVariables) NIX_PATH; HOME = "/root"; }; diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix index c3756b4838c7..76827eeced6f 100644 --- a/nixos/modules/programs/venus.nix +++ b/nixos/modules/programs/venus.nix @@ -165,7 +165,6 @@ in script = "exec venus-planet ${configFile}"; serviceConfig.User = "${cfg.user}"; serviceConfig.Group = "${cfg.group}"; - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; startAt = cfg.dates; }; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 010d44c40d19..6e10b47f03cc 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -77,6 +77,7 @@ with lib; (mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ]) (mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ]) (mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ]) + (mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ]) (mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ]) @@ -99,6 +100,8 @@ with lib; (mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ]) (mkRemovedOptionModule [ "ec2" "metadata" ]) (mkRemovedOptionModule [ "services" "openvpn" "enable" ]) + (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ]) + (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ]) ]; } diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 98d73ed25426..8bd634b10a51 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -64,12 +64,6 @@ in # CentOS/Fedora compatibility. environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates; - environment.sessionVariables = - { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - # FIXME: unneeded - remove eventually. - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; - }; - }; } diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index d6ae4b45ceef..cfb1cd773c7f 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -92,11 +92,12 @@ in { type = with types; attrsOf str; description = '' Additional environment variables to be passed to the jenkins process. - As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and - GIT_SSL_CAINFO from <option>environment.sessionVariables</option>, - NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to - the value of <option>services.jenkins.home</option>. This option has - precedence and can be used to override those mentioned variables. + As a base environment, jenkins receives NIX_PATH from + <option>environment.sessionVariables</option>, NIX_REMOTE is set to + "daemon" and JENKINS_HOME is set to the value of + <option>services.jenkins.home</option>. + This option has precedence and can be used to override those + mentioned variables. ''; }; @@ -136,11 +137,7 @@ in { environment = let selectedSessionVars = - lib.filterAttrs (n: v: builtins.elem n - [ "NIX_PATH" - "SSL_CERT_FILE" - "GIT_SSL_CAINFO" - ]) + lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ]) config.environment.sessionVariables; in selectedSessionVars // diff --git a/nixos/modules/services/monitoring/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent.nix index ed9be73ba65b..bd8d9950f77c 100644 --- a/nixos/modules/services/monitoring/dd-agent.nix +++ b/nixos/modules/services/monitoring/dd-agent.nix @@ -183,7 +183,6 @@ in { Restart = "always"; RestartSec = 2; }; - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ]; }; diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index e60520c742bd..c5dd1e71c189 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -127,7 +127,6 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; serviceConfig = { # Uncomment this if too many problems occur: # Type = "forking"; diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 0fe25b66da08..98fb33e3256c 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -4,10 +4,13 @@ with lib; let - inherit (pkgs) cups cups_filters; + inherit (pkgs) cups cups-pk-helper cups_filters gutenprint; cfg = config.services.printing; + avahiEnabled = config.services.avahi.enable; + polkitEnabled = config.security.polkit.enable; + additionalBackends = pkgs.runCommand "additional-cups-backends" { } '' mkdir -p $out @@ -30,12 +33,75 @@ let # cupsd.conf tells cupsd to use this tree. bindir = pkgs.buildEnv { name = "cups-progs"; - paths = cfg.drivers; - pathsToLink = [ "/lib/cups" "/share/cups" "/bin" "/etc/cups" ]; + paths = + [ cups additionalBackends cups_filters pkgs.ghostscript ] + ++ optional cfg.gutenprint gutenprint + ++ cfg.drivers; + pathsToLink = [ "/lib/cups" "/share/cups" "/bin" ]; postBuild = cfg.bindirCmds; ignoreCollisions = true; }; + writeConf = name: text: pkgs.writeTextFile { + inherit name text; + destination = "/etc/cups/${name}"; + }; + + cupsFilesFile = writeConf "cups-files.conf" '' + SystemGroup root wheel + + ServerBin ${bindir}/lib/cups + DataDir ${bindir}/share/cups + + AccessLog syslog + ErrorLog syslog + PageLog syslog + + TempDir ${cfg.tempDir} + + # User and group used to run external programs, including + # those that actually send the job to the printer. Note that + # Udev sets the group of printer devices to `lp', so we want + # these programs to run as `lp' as well. + User cups + Group lp + + ${cfg.extraFilesConf} + ''; + + cupsdFile = writeConf "cupsd.conf" '' + ${concatMapStrings (addr: '' + Listen ${addr} + '') cfg.listenAddresses} + Listen /var/run/cups/cups.sock + + SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin + + DefaultShared ${if cfg.defaultShared then "Yes" else "No"} + + Browsing ${if cfg.browsing then "Yes" else "No"} + + WebInterface ${if cfg.webInterface then "Yes" else "No"} + + ${cfg.extraConf} + ''; + + browsedFile = writeConf "cups-browsed.conf" cfg.browsedConf; + + rootdir = pkgs.buildEnv { + name = "cups-progs"; + paths = [ + cupsFilesFile + cupsdFile + (writeConf "client.conf" cfg.clientConf) + (writeConf "snmp.conf" cfg.snmpConf) + ] ++ optional avahiEnabled browsedFile + ++ optional cfg.gutenprint gutenprint + ++ cfg.drivers; + pathsToLink = [ "/etc/cups" ]; + ignoreCollisions = true; + }; + in { @@ -96,25 +162,11 @@ in ''; }; - cupsdConf = mkOption { - type = types.lines; - default = ""; - example = - '' - BrowsePoll cups.example.com - LogLevel debug - ''; - description = '' - The contents of the configuration file of the CUPS daemon - (<filename>cupsd.conf</filename>). - ''; - }; - - cupsFilesConf = mkOption { + extraFilesConf = mkOption { type = types.lines; default = ""; description = '' - The contents of the configuration file of the CUPS daemon + Extra contents of the configuration file of the CUPS daemon (<filename>cups-files.conf</filename>). ''; }; @@ -171,8 +223,18 @@ in ''; }; + gutenprint = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable Gutenprint drivers for CUPS. This includes auto-updating + Gutenprint PPD files. + ''; + }; + drivers = mkOption { type = types.listOf types.path; + default = []; example = literalExample "[ pkgs.splix ]"; description = '' CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript @@ -204,15 +266,10 @@ in description = "CUPS printing services"; }; - environment.systemPackages = [ cups ]; + environment.systemPackages = [ cups ] ++ optional polkitEnabled cups-pk-helper; + environment.etc."cups".source = "/var/lib/cups"; - environment.etc."cups/client.conf".text = cfg.clientConf; - environment.etc."cups/cups-files.conf".text = cfg.cupsFilesConf; - environment.etc."cups/cupsd.conf".text = cfg.cupsdConf; - environment.etc."cups/cups-browsed.conf".text = cfg.browsedConf; - environment.etc."cups/snmp.conf".text = cfg.snmpConf; - - services.dbus.packages = [ cups ]; + services.dbus.packages = [ cups ] ++ optional polkitEnabled cups-pk-helper; # Cups uses libusb to talk to printers, and does not use the # linux kernel driver. If the driver is not in a black list, it @@ -230,19 +287,35 @@ in preStart = '' - mkdir -m 0755 -p /etc/cups mkdir -m 0700 -p /var/cache/cups mkdir -m 0700 -p /var/spool/cups mkdir -m 0755 -p ${cfg.tempDir} - ''; - restartTriggers = - [ config.environment.etc."cups/cups-files.conf".source - config.environment.etc."cups/cupsd.conf".source - ]; + mkdir -m 0755 -p /var/lib/cups + # Backwards compatibility + if [ ! -L /etc/cups ]; then + mv /etc/cups/* /var/lib/cups + rmdir /etc/cups + ln -s /var/lib/cups /etc/cups + fi + # First, clean existing symlinks + if [ -n "$(ls /var/lib/cups)" ]; then + for i in /var/lib/cups/*; do + [ -L "$i" ] && rm "$i" + done + fi + # Then, populate it with static files + cd ${rootdir}/etc/cups + for i in *; do + [ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i" + done + ${optionalString cfg.gutenprint '' + ${gutenprint}/bin/cups-genppdupdate + ''} + ''; }; - systemd.services.cups-browsed = mkIf config.services.avahi.enable + systemd.services.cups-browsed = mkIf avahiEnabled { description = "CUPS Remote Printer Discovery"; wantedBy = [ "multi-user.target" ]; @@ -255,54 +328,13 @@ in serviceConfig.ExecStart = "${cups_filters}/bin/cups-browsed"; - restartTriggers = - [ config.environment.etc."cups/cups-browsed.conf".source - ]; + restartTriggers = [ browsedFile ]; }; - services.printing.drivers = - [ cups pkgs.ghostscript pkgs.cups_filters additionalBackends - pkgs.perl pkgs.coreutils pkgs.gnused pkgs.bc pkgs.gawk pkgs.gnugrep - ]; - - services.printing.cupsFilesConf = - '' - SystemGroup root wheel - - ServerBin ${bindir}/lib/cups - DataDir ${bindir}/share/cups - - AccessLog syslog - ErrorLog syslog - PageLog syslog - - TempDir ${cfg.tempDir} - - # User and group used to run external programs, including - # those that actually send the job to the printer. Note that - # Udev sets the group of printer devices to `lp', so we want - # these programs to run as `lp' as well. - User cups - Group lp - ''; - - services.printing.cupsdConf = + services.printing.extraConf = '' LogLevel info - ${concatMapStrings (addr: '' - Listen ${addr} - '') cfg.listenAddresses} - Listen /var/run/cups/cups.sock - - SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin:${bindir}/sbin - - DefaultShared ${if cfg.defaultShared then "Yes" else "No"} - - Browsing ${if cfg.browsing then "Yes" else "No"} - - WebInterface ${if cfg.webInterface then "Yes" else "No"} - DefaultAuthType Basic <Location /> @@ -343,8 +375,6 @@ in Order deny,allow </Limit> </Policy> - - ${cfg.extraConf} ''; security.pam.services.cups = {}; diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 87f3a4837a69..bfe975b162b6 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -16,13 +16,6 @@ let cfg = config.services.xserver; xorg = pkgs.xorg; - vaapiDrivers = pkgs.buildEnv { - name = "vaapi-drivers"; - paths = cfg.vaapiDrivers; - # We only want /lib/dri, but with a single input path, we need "/" for it to work - pathsToLink = [ "/" ]; - }; - fontconfig = config.fonts.fontconfig; xresourcesXft = pkgs.writeText "Xresources-Xft" '' ${optionalString (fontconfig.dpi != 0) ''Xft.dpi: ${toString fontconfig.dpi}''} @@ -104,8 +97,6 @@ let ${xorg.xrdb}/bin/xrdb -merge ~/.Xdefaults fi - export LIBVA_DRIVERS_PATH=${vaapiDrivers}/lib/dri - # Speed up application start by 50-150ms according to # http://kdemonkey.blogspot.nl/2008/04/magic-trick.html rm -rf $HOME/.compose-cache diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 68745ba8197a..653c97d7e6fa 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -216,15 +216,6 @@ in ''; }; - vaapiDrivers = mkOption { - type = types.listOf types.path; - default = [ ]; - example = literalExample "[ pkgs.vaapiIntel pkgs.vaapiVdpau ]"; - description = '' - Packages providing libva acceleration drivers. - ''; - }; - startGnuPGAgent = mkOption { type = types.bool; default = false; diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 96418d61ff85..4fbc8fd3511c 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -157,12 +157,6 @@ in after = [ "ip-up.target" ]; wants = [ "ip-up.target" ]; - environment = { - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; - OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - }; - path = [ pkgs.e2fsprogs ]; description = "Windows Azure Agent Service"; unitConfig.ConditionPathExists = "/etc/waagent.conf"; |