diff options
Diffstat (limited to 'nixpkgs/nixos/modules/programs')
19 files changed, 225 insertions, 65 deletions
diff --git a/nixpkgs/nixos/modules/programs/bandwhich.nix b/nixpkgs/nixos/modules/programs/bandwhich.nix index 8d1612217ad8..aa6a0dfb6ffd 100644 --- a/nixpkgs/nixos/modules/programs/bandwhich.nix +++ b/nixpkgs/nixos/modules/programs/bandwhich.nix @@ -24,7 +24,7 @@ in { security.wrappers.bandwhich = { owner = "root"; group = "root"; - capabilities = "cap_net_raw,cap_net_admin+ep"; + capabilities = "cap_sys_ptrace,cap_dac_read_search,cap_net_raw,cap_net_admin+ep"; source = "${pkgs.bandwhich}/bin/bandwhich"; }; }; diff --git a/nixpkgs/nixos/modules/programs/browserpass.nix b/nixpkgs/nixos/modules/programs/browserpass.nix index 346d38e5e880..abd99056ff3b 100644 --- a/nixpkgs/nixos/modules/programs/browserpass.nix +++ b/nixpkgs/nixos/modules/programs/browserpass.nix @@ -27,6 +27,6 @@ with lib; "opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium"; "opt/brave/policies/managed/${appId}".source = source "policies/chromium"; }; - nixpkgs.config.firefox.enableBrowserpass = true; + programs.firefox.wrapperConfig.enableBrowserpass = true; }; } diff --git a/nixpkgs/nixos/modules/programs/calls.nix b/nixpkgs/nixos/modules/programs/calls.nix index 7a18982915a9..3d757bc1fc32 100644 --- a/nixpkgs/nixos/modules/programs/calls.nix +++ b/nixpkgs/nixos/modules/programs/calls.nix @@ -8,7 +8,7 @@ in { options = { programs.calls = { enable = mkEnableOption (lib.mdDoc '' - Whether to enable GNOME calls: a phone dialer and call handler. + GNOME calls: a phone dialer and call handler ''); }; }; diff --git a/nixpkgs/nixos/modules/programs/cnping.nix b/nixpkgs/nixos/modules/programs/cnping.nix index d3cf659d4297..143267fc9a42 100644 --- a/nixpkgs/nixos/modules/programs/cnping.nix +++ b/nixpkgs/nixos/modules/programs/cnping.nix @@ -8,7 +8,7 @@ in { options = { programs.cnping = { - enable = mkEnableOption (lib.mdDoc "Whether to install a setcap wrapper for cnping"); + enable = mkEnableOption (lib.mdDoc "a setcap wrapper for cnping"); }; }; diff --git a/nixpkgs/nixos/modules/programs/direnv.nix b/nixpkgs/nixos/modules/programs/direnv.nix index 1a80cb202806..77a6568e73b8 100644 --- a/nixpkgs/nixos/modules/programs/direnv.nix +++ b/nixpkgs/nixos/modules/programs/direnv.nix @@ -11,7 +11,7 @@ in { enable = lib.mkEnableOption (lib.mdDoc '' direnv integration. Takes care of both installation and setting up the sourcing of the shell. Additionally enables nix-direnv - integration. Note that you need to logout and login for this change to apply. + integration. Note that you need to logout and login for this change to apply ''); package = lib.mkPackageOptionMD pkgs "direnv" {}; diff --git a/nixpkgs/nixos/modules/programs/environment.nix b/nixpkgs/nixos/modules/programs/environment.nix index 324b19184747..6cf9257d035a 100644 --- a/nixpkgs/nixos/modules/programs/environment.nix +++ b/nixpkgs/nixos/modules/programs/environment.nix @@ -22,7 +22,6 @@ in # be specified here; do so in the default value of programs.less.envVariables instead PAGER = mkDefault "less"; EDITOR = mkDefault "nano"; - XDG_CONFIG_DIRS = [ "/etc/xdg" ]; # needs to be before profile-relative paths to allow changes through environment.etc }; # since we set PAGER to this above, make sure it's installed @@ -33,6 +32,11 @@ in "/run/current-system/sw" ]; + environment.sessionVariables = + { + XDG_CONFIG_DIRS = [ "/etc/xdg" ]; # needs to be before profile-relative paths to allow changes through environment.etc + }; + # TODO: move most of these elsewhere environment.profileRelativeSessionVariables = { PATH = [ "/bin" ]; diff --git a/nixpkgs/nixos/modules/programs/feedbackd.nix b/nixpkgs/nixos/modules/programs/feedbackd.nix index cee8daa31462..e3fde947a3df 100644 --- a/nixpkgs/nixos/modules/programs/feedbackd.nix +++ b/nixpkgs/nixos/modules/programs/feedbackd.nix @@ -8,9 +8,9 @@ in { options = { programs.feedbackd = { enable = mkEnableOption (lib.mdDoc '' - Whether to enable the feedbackd D-BUS service and udev rules. + the feedbackd D-BUS service and udev rules. - Your user needs to be in the `feedbackd` group to trigger effects. + Your user needs to be in the `feedbackd` group to trigger effects ''); package = mkOption { description = lib.mdDoc '' diff --git a/nixpkgs/nixos/modules/programs/firefox.nix b/nixpkgs/nixos/modules/programs/firefox.nix index 8653f066cf8f..83a3edaf813e 100644 --- a/nixpkgs/nixos/modules/programs/firefox.nix +++ b/nixpkgs/nixos/modules/programs/firefox.nix @@ -36,6 +36,12 @@ in ]; }; + wrapperConfig = mkOption { + type = types.attrs; + default = {}; + description = mdDoc "Arguments to pass to Firefox wrapper"; + }; + policies = mkOption { type = policyFormat.type; default = { }; @@ -227,17 +233,23 @@ in ] ++ optionals nmh.passff [ passff-host ]; + cfg = let + # copy-pasted from the wrapper; TODO: figure out fix + applicationName = cfg.package.binaryName or (lib.getName cfg.package); + + nixpkgsConfig = pkgs.config.${applicationName} or {}; + optionConfig = cfg.wrapperConfig; + nmhConfig = { + enableBrowserpass = nmh.browserpass; + enableBukubrow = nmh.bukubrow; + enableTridactylNative = nmh.tridactyl; + enableUgetIntegrator = nmh.ugetIntegrator; + enableFXCastBridge = nmh.fxCast; + }; + in nixpkgsConfig // optionConfig // nmhConfig; }) ]; - nixpkgs.config.firefox = { - enableBrowserpass = nmh.browserpass; - enableBukubrow = nmh.bukubrow; - enableTridactylNative = nmh.tridactyl; - enableUgetIntegrator = nmh.ugetIntegrator; - enableFXCastBridge = nmh.fxCast; - }; - environment.etc = let policiesJSON = policyFormat.generate "firefox-policies.json" { inherit (cfg) policies; }; diff --git a/nixpkgs/nixos/modules/programs/fish.nix b/nixpkgs/nixos/modules/programs/fish.nix index c85097f45e92..e6ac6e9957ba 100644 --- a/nixpkgs/nixos/modules/programs/fish.nix +++ b/nixpkgs/nixos/modules/programs/fish.nix @@ -208,7 +208,7 @@ in end # if we haven't sourced the login config, do it - status --is-login; and not set -q __fish_nixos_login_config_sourced + status is-login; and not set -q __fish_nixos_login_config_sourced and begin ${sourceEnv "loginShellInit"} @@ -220,7 +220,7 @@ in end # if we haven't sourced the interactive config, do it - status --is-interactive; and not set -q __fish_nixos_interactive_config_sourced + status is-interactive; and not set -q __fish_nixos_interactive_config_sourced and begin ${fishAbbrs} ${fishAliases} @@ -258,16 +258,13 @@ in preferLocalBuild = true; allowSubstitutes = false; }; - generateCompletions = package: pkgs.runCommand - "${package.name}_fish-completions" - ( - { - inherit package; - preferLocalBuild = true; - allowSubstitutes = false; - } - // optionalAttrs (package ? meta.priority) { meta.priority = package.meta.priority; } - ) + generateCompletions = package: pkgs.runCommandLocal + ( with lib.strings; let + storeLength = stringLength storeDir + 34; # Nix' StorePath::HashLen + 2 for the separating slash and dash + pathName = substring storeLength (stringLength package - storeLength) package; + in (package.name or pathName) + "_fish-completions") + ( { inherit package; } // + optionalAttrs (package ? meta.priority) { meta.priority = package.meta.priority; }) '' mkdir -p $out if [ -d $package/share/man ]; then diff --git a/nixpkgs/nixos/modules/programs/gnupg.nix b/nixpkgs/nixos/modules/programs/gnupg.nix index 697b6e9a0bd0..aa1a536247ce 100644 --- a/nixpkgs/nixos/modules/programs/gnupg.nix +++ b/nixpkgs/nixos/modules/programs/gnupg.nix @@ -6,6 +6,10 @@ let cfg = config.programs.gnupg; + agentSettingsFormat = pkgs.formats.keyValue { + mkKeyValue = lib.generators.mkKeyValueDefault { } " "; + }; + xserverCfg = config.services.xserver; defaultPinentryFlavor = @@ -82,6 +86,18 @@ in ''; }; + agent.settings = mkOption { + type = agentSettingsFormat.type; + default = { }; + example = { + default-cache-ttl = 600; + }; + description = lib.mdDoc '' + Configuration for /etc/gnupg/gpg-agent.conf. + See {manpage}`gpg-agent(1)` for supported options. + ''; + }; + dirmngr.enable = mkOption { type = types.bool; default = false; @@ -92,17 +108,20 @@ in }; config = mkIf cfg.agent.enable { - environment.etc."gnupg/gpg-agent.conf".text = - lib.optionalString (cfg.agent.pinentryFlavor != null) '' - pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry - ''; + programs.gnupg.agent.settings = { + pinentry-program = lib.mkIf (cfg.agent.pinentryFlavor != null) + "${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry"; + }; + + environment.etc."gnupg/gpg-agent.conf".source = + agentSettingsFormat.generate "gpg-agent.conf" cfg.agent.settings; # This overrides the systemd user unit shipped with the gnupg package systemd.user.services.gpg-agent = { unitConfig = { Description = "GnuPG cryptographic agent and passphrase cache"; Documentation = "man:gpg-agent(1)"; - Requires = [ "gpg-agent.socket" ]; + Requires = [ "sockets.target" ]; }; serviceConfig = { ExecStart = "${cfg.package}/bin/gpg-agent --supervised"; diff --git a/nixpkgs/nixos/modules/programs/kdeconnect.nix b/nixpkgs/nixos/modules/programs/kdeconnect.nix index 4978c428ce34..4ba156f2db8d 100644 --- a/nixpkgs/nixos/modules/programs/kdeconnect.nix +++ b/nixpkgs/nixos/modules/programs/kdeconnect.nix @@ -9,7 +9,7 @@ with lib; 1714 to 1764 as they are needed for it to function properly. You can use the {option}`package` to use `gnomeExtensions.gsconnect` as an alternative - implementation if you use Gnome. + implementation if you use Gnome ''); package = mkOption { default = pkgs.plasma5Packages.kdeconnect-kde; diff --git a/nixpkgs/nixos/modules/programs/nano.nix b/nixpkgs/nixos/modules/programs/nano.nix index 7705bf0ddc72..88404f3557c6 100644 --- a/nixpkgs/nixos/modules/programs/nano.nix +++ b/nixpkgs/nixos/modules/programs/nano.nix @@ -2,14 +2,16 @@ let cfg = config.programs.nano; - LF = "\n"; in { - ###### interface - options = { programs.nano = { + enable = lib.mkEnableOption (lib.mdDoc "nano") // { + default = true; + }; + + package = lib.mkPackageOptionMD pkgs "nano" { }; nanorc = lib.mkOption { type = lib.types.lines; @@ -24,6 +26,7 @@ in set tabsize 2 ''; }; + syntaxHighlight = lib.mkOption { type = lib.types.bool; default = true; @@ -32,20 +35,14 @@ in }; }; - ###### implementation - - config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) { - environment.etc.nanorc.text = lib.concatStringsSep LF ( - ( lib.optionals cfg.syntaxHighlight [ - "# The line below is added because value of programs.nano.syntaxHighlight is set to true" - ''include "${pkgs.nano}/share/nano/*.nanorc"'' - "" - ]) - ++ ( lib.optionals (cfg.nanorc != "") [ - "# The lines below have been set from value of programs.nano.nanorc" - cfg.nanorc - ]) - ); + config = lib.mkIf cfg.enable { + environment = { + etc.nanorc.text = (lib.optionalString cfg.syntaxHighlight '' + # load syntax highlighting files + include "${cfg.package}/share/nano/*.nanorc" + include "${cfg.package}/share/nano/extra/*.nanorc" + '') + cfg.nanorc; + systemPackages = [ cfg.package ]; + }; }; - } diff --git a/nixpkgs/nixos/modules/programs/openvpn3.nix b/nixpkgs/nixos/modules/programs/openvpn3.nix index df7e9ef22c10..37a1bfeb0c3e 100644 --- a/nixpkgs/nixos/modules/programs/openvpn3.nix +++ b/nixpkgs/nixos/modules/programs/openvpn3.nix @@ -8,11 +8,23 @@ in { options.programs.openvpn3 = { enable = mkEnableOption (lib.mdDoc "the openvpn3 client"); + package = mkOption { + type = types.package; + default = pkgs.openvpn3.override { + enableSystemdResolved = config.services.resolved.enable; + }; + defaultText = literalExpression ''pkgs.openvpn3.override { + enableSystemdResolved = config.services.resolved.enable; + }''; + description = lib.mdDoc '' + Which package to use for `openvpn3`. + ''; + }; }; config = mkIf cfg.enable { - services.dbus.packages = with pkgs; [ - openvpn3 + services.dbus.packages = [ + cfg.package ]; users.users.openvpn = { @@ -25,8 +37,8 @@ in gid = config.ids.gids.openvpn; }; - environment.systemPackages = with pkgs; [ - openvpn3 + environment.systemPackages = [ + cfg.package ]; }; diff --git a/nixpkgs/nixos/modules/programs/projecteur.nix b/nixpkgs/nixos/modules/programs/projecteur.nix new file mode 100644 index 000000000000..9fcd357d3b23 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/projecteur.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.projecteur; +in +{ + options.programs.projecteur = { + enable = lib.mkEnableOption (lib.mdDoc "projecteur"); + package = lib.mkPackageOptionMD pkgs "projecteur" { }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + services.udev.packages = [ cfg.package ]; + }; + + meta = { + maintainers = with lib.maintainers; [ benneti drupol ]; + }; +} diff --git a/nixpkgs/nixos/modules/programs/regreet.nix b/nixpkgs/nixos/modules/programs/regreet.nix index f6c750a45bf5..0fd9cf232981 100644 --- a/nixpkgs/nixos/modules/programs/regreet.nix +++ b/nixpkgs/nixos/modules/programs/regreet.nix @@ -36,6 +36,19 @@ in ''; }; + cageArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "-s" ]; + example = lib.literalExpression + '' + [ "-s" "-m" "last" ] + ''; + description = lib.mdDoc '' + Additional arguments to be passed to + [cage](https://github.com/cage-kiosk/cage). + ''; + }; + extraCss = lib.mkOption { type = lib.types.either lib.types.path lib.types.lines; default = ""; @@ -50,7 +63,7 @@ in config = lib.mkIf cfg.enable { services.greetd = { enable = lib.mkDefault true; - settings.default_session.command = lib.mkDefault "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} -s -- ${lib.getExe cfg.package}"; + settings.default_session.command = lib.mkDefault "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} ${lib.escapeShellArgs cfg.cageArgs} -- ${lib.getExe cfg.package}"; }; environment.etc = { @@ -66,10 +79,10 @@ in }; systemd.tmpfiles.rules = let - user = config.services.greetd.settings.default_session.user; + group = config.users.users.${config.services.greetd.settings.default_session.user}.group; in [ - "d /var/log/regreet 0755 greeter ${user} - -" - "d /var/cache/regreet 0755 greeter ${user} - -" + "d /var/log/regreet 0755 greeter ${group} - -" + "d /var/cache/regreet 0755 greeter ${group} - -" ]; }; } diff --git a/nixpkgs/nixos/modules/programs/rust-motd.nix b/nixpkgs/nixos/modules/programs/rust-motd.nix index d5f1820ba752..4c9b1018596b 100644 --- a/nixpkgs/nixos/modules/programs/rust-motd.nix +++ b/nixpkgs/nixos/modules/programs/rust-motd.nix @@ -5,6 +5,23 @@ with lib; let cfg = config.programs.rust-motd; format = pkgs.formats.toml { }; + + # Order the sections in the TOML according to the order of sections + # in `cfg.order`. + motdConf = pkgs.runCommand "motd.conf" + { + __structuredAttrs = true; + inherit (cfg) order settings; + nativeBuildInputs = [ pkgs.remarshal pkgs.jq ]; + } + '' + cat "$NIX_ATTRS_JSON_FILE" \ + | jq '.settings as $settings + | .order + | map({ key: ., value: $settings."\(.)" }) + | from_entries' -r \ + | json2toml /dev/stdin "$out" + ''; in { options.programs.rust-motd = { enable = mkEnableOption (lib.mdDoc "rust-motd"); @@ -27,10 +44,43 @@ in { For possible formats, please refer to {manpage}`systemd.time(7)`. ''; }; + order = mkOption { + type = types.listOf types.str; + default = attrNames cfg.settings; + defaultText = literalExpression "attrNames cfg.settings"; + description = mdDoc '' + The order of the sections in [](#opt-programs.rust-motd.settings). + By default they are ordered alphabetically. + + Context: since attribute sets in Nix are always + ordered alphabetically internally this means that + + ```nix + { + uptime = { /* ... */ }; + banner = { /* ... */ }; + } + ``` + + will still have `banner` displayed before `uptime`. + + To work around that, this option can be used to define the order of all keys, + i.e. + + ```nix + { + order = [ + "uptime" + "banner" + ]; + } + ``` + + makes sure that `uptime` is placed before `banner` in the motd. + ''; + }; settings = mkOption { - type = types.submodule { - freeformType = format.type; - }; + type = types.attrsOf format.type; description = mdDoc '' Settings on what to generate. Please read the [upstream documentation](https://github.com/rust-motd/rust-motd/blob/main/README.md#configuration) @@ -45,14 +95,21 @@ in { `programs.rust-motd` is incompatible with `users.motd`! ''; } + { assertion = sort (a: b: a < b) cfg.order == attrNames cfg.settings; + message = '' + Please ensure that every section from `programs.rust-motd.settings` is present in + `programs.rust-motd.order`. + ''; + } ]; systemd.services.rust-motd = { path = with pkgs; [ bash ]; documentation = [ "https://github.com/rust-motd/rust-motd/blob/v${pkgs.rust-motd.version}/README.md" ]; description = "motd generator"; + wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.writeShellScript "update-motd" '' - ${pkgs.rust-motd}/bin/rust-motd ${format.generate "motd.conf" cfg.settings} > motd + ${pkgs.rust-motd}/bin/rust-motd ${motdConf} > motd ''}"; CapabilityBoundingSet = [ "" ]; LockPersonality = true; diff --git a/nixpkgs/nixos/modules/programs/virt-manager.nix b/nixpkgs/nixos/modules/programs/virt-manager.nix new file mode 100644 index 000000000000..095db7586a03 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/virt-manager.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.virt-manager; +in { + options.programs.virt-manager = { + enable = lib.mkEnableOption "virt-manager, an UI for managing virtual machines in libvirt"; + + package = lib.mkPackageOption pkgs "virt-manager" {}; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + programs.dconf.enable = true; + }; +} diff --git a/nixpkgs/nixos/modules/programs/wayland/sway.nix b/nixpkgs/nixos/modules/programs/wayland/sway.nix index 698d9c2b46c4..de739faabee9 100644 --- a/nixpkgs/nixos/modules/programs/wayland/sway.nix +++ b/nixpkgs/nixos/modules/programs/wayland/sway.nix @@ -42,6 +42,11 @@ in { <https://github.com/swaywm/sway/wiki> and "man 5 sway" for more information''); + enableRealtime = mkEnableOption (lib.mdDoc '' + add CAP_SYS_NICE capability on `sway` binary for realtime scheduling + privileges. This may improve latency and reduce stuttering, specially in + high load scenarios'') // { default = true; }; + package = mkOption { type = with types; nullOr package; default = defaultSwayPackage; @@ -149,6 +154,14 @@ in { "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config"; }; }; + security.wrappers = mkIf (cfg.enableRealtime && cfg.package != null) { + sway = { + owner = "root"; + group = "root"; + source = "${cfg.package}/bin/sway"; + capabilities = "cap_sys_nice+ep"; + }; + }; # To make a Sway session available if a display manager like SDDM is enabled: services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; } (import ./wayland-session.nix { inherit lib pkgs; }) diff --git a/nixpkgs/nixos/modules/programs/wayland/wayfire.nix b/nixpkgs/nixos/modules/programs/wayland/wayfire.nix index d0b280e3940f..9ea2010cf59c 100644 --- a/nixpkgs/nixos/modules/programs/wayland/wayfire.nix +++ b/nixpkgs/nixos/modules/programs/wayland/wayfire.nix @@ -6,7 +6,7 @@ in meta.maintainers = with lib.maintainers; [ rewine ]; options.programs.wayfire = { - enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots."); + enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots"); package = lib.mkPackageOptionMD pkgs "wayfire" { }; |