diff options
Diffstat (limited to 'nixpkgs/nixos/modules')
38 files changed, 654 insertions, 256 deletions
diff --git a/nixpkgs/nixos/modules/config/zram.nix b/nixpkgs/nixos/modules/config/zram.nix index 925d945c081e..5d411c73a560 100644 --- a/nixpkgs/nixos/modules/config/zram.nix +++ b/nixpkgs/nixos/modules/config/zram.nix @@ -91,13 +91,13 @@ in }; algorithm = mkOption { - default = "zstd"; - example = "lzo"; + default = "lzo"; + example = "lz4"; type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str; description = '' Compression algorithm. <literal>lzo</literal> has good compression, but is slow. <literal>lz4</literal> has bad compression, but is fast. - <literal>zstd</literal> is both good compression and fast. + <literal>zstd</literal> is both good compression and fast, but requires newer kernel. You can check what other algorithms are supported by your zram device with <programlisting>cat /sys/class/block/zram*/comp_algorithm</programlisting> ''; diff --git a/nixpkgs/nixos/modules/installer/tools/nixos-install.sh b/nixpkgs/nixos/modules/installer/tools/nixos-install.sh index defc46ad2a72..8685cb345e1e 100644 --- a/nixpkgs/nixos/modules/installer/tools/nixos-install.sh +++ b/nixpkgs/nixos/modules/installer/tools/nixos-install.sh @@ -138,7 +138,18 @@ fi # Ask the user to set a root password, but only if the passwd command # exists (i.e. when mutable user accounts are enabled). if [[ -z $noRootPasswd ]] && [ -t 0 ]; then - nixos-enter --root "$mountPoint" -c '[[ -e /nix/var/nix/profiles/system/sw/bin/passwd ]] && echo "setting root password..." && /nix/var/nix/profiles/system/sw/bin/passwd' + if nixos-enter --root "$mountPoint" -c 'test -e /nix/var/nix/profiles/system/sw/bin/passwd'; then + set +e + nixos-enter --root "$mountPoint" -c 'echo "setting root password..." && /nix/var/nix/profiles/system/sw/bin/passwd' + exit_code=$? + set -e + + if [[ $exit_code != 0 ]]; then + echo "Setting a root password failed with the above printed error." + echo "You can set the root password manually by executing \`nixos-enter --root ${mountPoint@Q}\` and then running \`passwd\` in the shell of the new system." + exit $exit_code + fi + fi fi echo "installation finished!" diff --git a/nixpkgs/nixos/modules/installer/virtualbox-demo.nix b/nixpkgs/nixos/modules/installer/virtualbox-demo.nix index 2e1b4b3998b5..af3e1aecca71 100644 --- a/nixpkgs/nixos/modules/installer/virtualbox-demo.nix +++ b/nixpkgs/nixos/modules/installer/virtualbox-demo.nix @@ -57,7 +57,5 @@ with lib; # Enable the OpenSSH daemon. # services.openssh.enable = true; - - system.stateVersion = mkDefault "18.03"; ''; } diff --git a/nixpkgs/nixos/modules/module-list.nix b/nixpkgs/nixos/modules/module-list.nix index 01c2f674c675..4c74c0643dde 100644 --- a/nixpkgs/nixos/modules/module-list.nix +++ b/nixpkgs/nixos/modules/module-list.nix @@ -129,7 +129,6 @@ ./programs/sysdig.nix ./programs/systemtap.nix ./programs/sway.nix - ./programs/sway-beta.nix ./programs/thefuck.nix ./programs/tmux.nix ./programs/udevil.nix @@ -182,6 +181,7 @@ ./services/audio/mpd.nix ./services/audio/mopidy.nix ./services/audio/slimserver.nix + ./services/audio/snapserver.nix ./services/audio/squeezelite.nix ./services/audio/ympd.nix ./services/backup/bacula.nix @@ -311,6 +311,7 @@ ./services/hardware/ratbagd.nix ./services/hardware/sane.nix ./services/hardware/sane_extra_backends/brscan4.nix + ./services/hardware/sane_extra_backends/dsseries.nix ./services/hardware/tcsd.nix ./services/hardware/tlp.nix ./services/hardware/thinkfan.nix @@ -340,6 +341,7 @@ ./services/logging/syslog-ng.nix ./services/logging/syslogd.nix ./services/mail/clamsmtp.nix + ./services/mail/davmail.nix ./services/mail/dkimproxy-out.nix ./services/mail/dovecot.nix ./services/mail/dspam.nix @@ -427,7 +429,7 @@ ./services/misc/parsoid.nix ./services/misc/phd.nix ./services/misc/plex.nix - ./services/misc/plexpy.nix + ./services/misc/tautulli.nix ./services/misc/pykms.nix ./services/misc/radarr.nix ./services/misc/redmine.nix @@ -577,6 +579,7 @@ ./services/networking/keepalived/default.nix ./services/networking/keybase.nix ./services/networking/kippo.nix + ./services/networking/knot.nix ./services/networking/kresd.nix ./services/networking/lambdabot.nix ./services/networking/libreswan.nix diff --git a/nixpkgs/nixos/modules/programs/bash/bash.nix b/nixpkgs/nixos/modules/programs/bash/bash.nix index d22f9dfa3199..d53c6b318f1d 100644 --- a/nixpkgs/nixos/modules/programs/bash/bash.nix +++ b/nixpkgs/nixos/modules/programs/bash/bash.nix @@ -102,7 +102,7 @@ in # Emacs term mode doesn't support xterm title escape sequence (\e]0;) PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " else - PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$\[\033[0m\] " + PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] " fi if test "$TERM" = "xterm"; then PS1="\[\033]2;\h:\u:\w\007\]$PS1" diff --git a/nixpkgs/nixos/modules/programs/gnupg.nix b/nixpkgs/nixos/modules/programs/gnupg.nix index b01de9efaa5e..22521280e936 100644 --- a/nixpkgs/nixos/modules/programs/gnupg.nix +++ b/nixpkgs/nixos/modules/programs/gnupg.nix @@ -85,11 +85,13 @@ in # SSH agent protocol doesn't support changing TTYs, so bind the agent # to every new TTY. ${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null + ''); + environment.extraInit = mkIf cfg.agent.enableSSHSupport '' if [ -z "$SSH_AUTH_SOCK" ]; then export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) fi - ''); + ''; assertions = [ { assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent; diff --git a/nixpkgs/nixos/modules/programs/sway-beta.nix b/nixpkgs/nixos/modules/programs/sway-beta.nix deleted file mode 100644 index 3c235de0ce63..000000000000 --- a/nixpkgs/nixos/modules/programs/sway-beta.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - cfg = config.programs.sway-beta; - swayPackage = cfg.package; - - swayWrapped = pkgs.writeShellScriptBin "sway" '' - set -o errexit - - if [ ! "$_SWAY_WRAPPER_ALREADY_EXECUTED" ]; then - export _SWAY_WRAPPER_ALREADY_EXECUTED=1 - ${cfg.extraSessionCommands} - fi - - if [ "$DBUS_SESSION_BUS_ADDRESS" ]; then - export DBUS_SESSION_BUS_ADDRESS - exec ${swayPackage}/bin/sway "$@" - else - exec ${pkgs.dbus}/bin/dbus-run-session ${swayPackage}/bin/sway "$@" - fi - ''; - swayJoined = pkgs.symlinkJoin { - name = "sway-joined"; - paths = [ swayWrapped swayPackage ]; - }; -in { - options.programs.sway-beta = { - enable = mkEnableOption '' - Sway, the i3-compatible tiling Wayland compositor. This module will be removed after the final release of Sway 1.0 - ''; - - package = mkOption { - type = types.package; - default = pkgs.sway-beta; - defaultText = "pkgs.sway-beta"; - description = '' - The package to be used for `sway`. - ''; - }; - - extraSessionCommands = mkOption { - type = types.lines; - default = ""; - example = '' - export SDL_VIDEODRIVER=wayland - # needs qt5.qtwayland in systemPackages - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - # Fix for some Java AWT applications (e.g. Android Studio), - # use this if they aren't displayed properly: - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - description = '' - Shell commands executed just before Sway is started. - ''; - }; - - extraPackages = mkOption { - type = with types; listOf package; - default = with pkgs; [ - swaylock swayidle - xwayland rxvt_unicode dmenu - ]; - defaultText = literalExample '' - with pkgs; [ swaylock swayidle xwayland rxvt_unicode dmenu ]; - ''; - example = literalExample '' - with pkgs; [ - xwayland - i3status i3status-rust - termite rofi light - ] - ''; - description = '' - Extra packages to be installed system wide. - ''; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages; - security.pam.services.swaylock = {}; - hardware.opengl.enable = mkDefault true; - fonts.enableDefaultFonts = mkDefault true; - programs.dconf.enable = mkDefault true; - }; - - meta.maintainers = with lib.maintainers; [ gnidorah primeos colemickens ]; -} diff --git a/nixpkgs/nixos/modules/programs/sway.nix b/nixpkgs/nixos/modules/programs/sway.nix index b3847db8cd9c..457faaa3c102 100644 --- a/nixpkgs/nixos/modules/programs/sway.nix +++ b/nixpkgs/nixos/modules/programs/sway.nix @@ -16,9 +16,9 @@ let if [ "$DBUS_SESSION_BUS_ADDRESS" ]; then export DBUS_SESSION_BUS_ADDRESS - exec sway-setcap "$@" + exec ${swayPackage}/bin/sway "$@" else - exec ${pkgs.dbus}/bin/dbus-run-session sway-setcap "$@" + exec ${pkgs.dbus}/bin/dbus-run-session ${swayPackage}/bin/sway "$@" fi ''; swayJoined = pkgs.symlinkJoin { @@ -28,22 +28,24 @@ let in { options.programs.sway = { enable = mkEnableOption '' - the tiling Wayland compositor Sway. After adding yourself to the "sway" - group you can manually launch Sway by executing "sway" from a terminal. - If you call "sway" with any parameters the extraSessionCommands won't be - executed and Sway won't be launched with dbus-launch''; + Sway, the i3-compatible tiling Wayland compositor. You can manually launch + Sway by executing "exec sway" on a TTY. Copy /etc/sway/config to + ~/.config/sway/config to modify the default configuration. See + https://github.com/swaywm/sway/wiki and "man 5 sway" for more information. + Please have a look at the "extraSessionCommands" example for running + programs natively under Wayland''; extraSessionCommands = mkOption { type = types.lines; default = ""; example = '' - # Define a keymap (US QWERTY is the default) - export XKB_DEFAULT_LAYOUT=de,us - export XKB_DEFAULT_VARIANT=nodeadkeys - export XKB_DEFAULT_OPTIONS=grp:alt_shift_toggle,caps:escape - # Change the Keyboard repeat delay and rate - export WLC_REPEAT_DELAY=660 - export WLC_REPEAT_RATE=25 + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 ''; description = '' Shell commands executed just before Sway is started. @@ -53,14 +55,17 @@ in { extraPackages = mkOption { type = with types; listOf package; default = with pkgs; [ - i3status xwayland rxvt_unicode dmenu + swaylock swayidle + xwayland rxvt_unicode dmenu ]; defaultText = literalExample '' - with pkgs; [ i3status xwayland rxvt_unicode dmenu ]; + with pkgs; [ swaylock swayidle xwayland rxvt_unicode dmenu ]; ''; example = literalExample '' with pkgs; [ - i3lock light termite + xwayland + i3status i3status-rust + termite rofi light ] ''; description = '' @@ -70,23 +75,19 @@ in { }; config = mkIf cfg.enable { - environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages; - security.wrappers.sway = { - program = "sway-setcap"; - source = "${swayPackage}/bin/sway"; - capabilities = "cap_sys_ptrace,cap_sys_tty_config=eip"; - owner = "root"; - group = "sway"; - permissions = "u+rx,g+rx"; + environment = { + systemPackages = [ swayJoined ] ++ cfg.extraPackages; + etc = { + "sway/config".source = "${swayPackage}/etc/sway/config"; + #"sway/security.d".source = "${swayPackage}/etc/sway/security.d/"; + #"sway/config.d".source = "${swayPackage}/etc/sway/config.d/"; + }; }; - - users.groups.sway = {}; security.pam.services.swaylock = {}; - hardware.opengl.enable = mkDefault true; fonts.enableDefaultFonts = mkDefault true; programs.dconf.enable = mkDefault true; }; - meta.maintainers = with lib.maintainers; [ gnidorah primeos ]; + meta.maintainers = with lib.maintainers; [ gnidorah primeos colemickens ]; } diff --git a/nixpkgs/nixos/modules/rename.nix b/nixpkgs/nixos/modules/rename.nix index 1e6557e1f0e0..7fb58a2b8002 100644 --- a/nixpkgs/nixos/modules/rename.nix +++ b/nixpkgs/nixos/modules/rename.nix @@ -186,6 +186,9 @@ with lib; # parsoid (mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ]) + # plexpy / tautulli + (mkRenamedOptionModule [ "services" "plexpy" ] [ "services" "tautulli" ]) + # piwik was renamed to matomo (mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ]) (mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ]) diff --git a/nixpkgs/nixos/modules/services/audio/snapserver.nix b/nixpkgs/nixos/modules/services/audio/snapserver.nix new file mode 100644 index 000000000000..f709dd7fe16b --- /dev/null +++ b/nixpkgs/nixos/modules/services/audio/snapserver.nix @@ -0,0 +1,217 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + package = "snapcast"; + name = "snapserver"; + + cfg = config.services.snapserver; + + # Using types.nullOr to inherit upstream defaults. + sampleFormat = mkOption { + type = with types; nullOr str; + default = null; + description = '' + Default sample format. + ''; + example = "48000:16:2"; + }; + + codec = mkOption { + type = with types; nullOr str; + default = null; + description = '' + Default audio compression method. + ''; + example = "flac"; + }; + + streamToOption = name: opt: + let + os = val: + optionalString (val != null) "${val}"; + os' = prefixx: val: + optionalString (val != null) (prefixx + "${val}"); + flatten = key: value: + "&${key}=${value}"; + in + "-s ${opt.type}://" + os opt.location + "?" + os' "name=" name + + concatStrings (mapAttrsToList flatten opt.query); + + optionalNull = val: ret: + optional (val != null) ret; + + optionString = concatStringsSep " " (mapAttrsToList streamToOption cfg.streams + ++ ["-p ${toString cfg.port}"] + ++ ["--controlPort ${toString cfg.controlPort}"] + ++ optionalNull cfg.sampleFormat "--sampleFormat ${cfg.sampleFormat}" + ++ optionalNull cfg.codec "-c ${cfg.codec}" + ++ optionalNull cfg.streamBuffer "--streamBuffer ${cfg.streamBuffer}" + ++ optionalNull cfg.buffer "-b ${cfg.buffer}" + ++ optional cfg.sendToMuted "--sendToMuted"); + +in { + + ###### interface + + options = { + + services.snapserver = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable snapserver. + ''; + }; + + port = mkOption { + type = types.port; + default = 1704; + description = '' + The port that snapclients can connect to. + ''; + }; + + controlPort = mkOption { + type = types.port; + default = 1705; + description = '' + The port for control connections (JSON-RPC). + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = true; + description = '' + Whether to automatically open the specified ports in the firewall. + ''; + }; + + inherit sampleFormat; + inherit codec; + + streams = mkOption { + type = with types; attrsOf (submodule { + options = { + location = mkOption { + type = types.path; + description = '' + The location of the pipe. + ''; + }; + type = mkOption { + type = types.enum [ "pipe" "file" "process" "spotify" "airplay" ]; + default = "pipe"; + description = '' + The type of input stream. + ''; + }; + query = mkOption { + type = attrsOf str; + default = {}; + description = '' + Key-value pairs that convey additional parameters about a stream. + ''; + example = literalExample '' + # for type == "pipe": + { + mode = "listen"; + }; + # for type == "process": + { + params = "--param1 --param2"; + logStderr = "true"; + }; + ''; + }; + inherit sampleFormat; + inherit codec; + }; + }); + default = { default = {}; }; + description = '' + The definition for an input source. + ''; + example = literalExample '' + { + mpd = { + type = "pipe"; + location = "/run/snapserver/mpd"; + sampleFormat = "48000:16:2"; + codec = "pcm"; + }; + }; + ''; + }; + + streamBuffer = mkOption { + type = with types; nullOr int; + default = null; + description = '' + Stream read (input) buffer in ms. + ''; + example = 20; + }; + + buffer = mkOption { + type = with types; nullOr int; + default = null; + description = '' + Network buffer in ms. + ''; + example = 1000; + }; + + sendToMuted = mkOption { + type = types.bool; + default = false; + description = '' + Send audio to muted clients. + ''; + }; + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + systemd.services.snapserver = { + after = [ "network.target" ]; + description = "Snapserver"; + wantedBy = [ "multi-user.target" ]; + before = [ "mpd.service" "mopidy.service" ]; + + serviceConfig = { + DynamicUser = true; + ExecStart = "${pkgs.snapcast}/bin/snapserver --daemon ${optionString}"; + Type = "forking"; + LimitRTPRIO = 50; + LimitRTTIME = "infinity"; + NoNewPrivileges = true; + PIDFile = "/run/${name}/pid"; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; + RestrictNamespaces = true; + RuntimeDirectory = name; + StateDirectory = name; + }; + }; + + networking.firewall.allowedTCPPorts = optionals cfg.openFirewall [ cfg.port cfg.controlPort ]; + }; + + meta = { + maintainers = with maintainers; [ tobim ]; + }; + +} diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix index 8f3234bfc706..4368159ea6e3 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -38,6 +38,18 @@ in { type = types.int; }; + reconcileMode = mkOption { + description = '' + Controls the addon manager reconciliation mode for the DNS addon. + + Setting reconcile mode to EnsureExists makes it possible to tailor DNS behavior by editing the coredns ConfigMap. + + See: <link xlink:href="https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/addon-manager/README.md"/>. + ''; + default = "Reconcile"; + type = types.enum [ "Reconcile" "EnsureExists" ]; + }; + coredns = mkOption { description = "Docker image to seed for the CoreDNS container."; type = types.attrs; @@ -131,7 +143,7 @@ in { kind = "ConfigMap"; metadata = { labels = { - "addonmanager.kubernetes.io/mode" = "Reconcile"; + "addonmanager.kubernetes.io/mode" = cfg.reconcileMode; "k8s-app" = "kube-dns"; "kubernetes.io/cluster-service" = "true"; }; @@ -162,7 +174,7 @@ in { kind = "Deployment"; metadata = { labels = { - "addonmanager.kubernetes.io/mode" = "Reconcile"; + "addonmanager.kubernetes.io/mode" = cfg.reconcileMode; "k8s-app" = "kube-dns"; "kubernetes.io/cluster-service" = "true"; "kubernetes.io/name" = "CoreDNS"; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix index 81e45b417de3..455d02396040 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix @@ -350,7 +350,7 @@ in listenPeerUrls = mkDefault ["https://0.0.0.0:2380"]; advertiseClientUrls = mkDefault ["https://${top.masterAddress}:2379"]; initialCluster = mkDefault ["${top.masterAddress}=https://${top.masterAddress}:2380"]; - name = top.masterAddress; + name = mkDefault top.masterAddress; initialAdvertisePeerUrls = mkDefault ["https://${top.masterAddress}:2380"]; }; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix index dff97f144d55..060fd9b78db6 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix @@ -131,7 +131,7 @@ in ${optionalString (cfg.tlsCertFile!=null) "--tls-cert-file=${cfg.tlsCertFile}"} \ ${optionalString (cfg.tlsKeyFile!=null) - "--tls-key-file=${cfg.tlsKeyFile}"} \ + "--tls-private-key-file=${cfg.tlsKeyFile}"} \ ${optionalString (elem "RBAC" top.apiserver.authorizationMode) "--use-service-account-credentials"} \ ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix index 375e33e91b5a..3e53d18f8bbf 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix @@ -10,7 +10,7 @@ let kind = "Config"; clusters = [{ name = "local"; - cluster.certificate-authority = cfg.caFile; + cluster.certificate-authority = conf.caFile or cfg.caFile; cluster.server = conf.server; }]; users = [{ diff --git a/nixpkgs/nixos/modules/services/databases/openldap.nix b/nixpkgs/nixos/modules/services/databases/openldap.nix index e996211be7da..5c302752781e 100644 --- a/nixpkgs/nixos/modules/services/databases/openldap.nix +++ b/nixpkgs/nixos/modules/services/databases/openldap.nix @@ -146,7 +146,7 @@ in chown -R "${cfg.user}:${cfg.group}" "${cfg.dataDir}" ''; serviceConfig.ExecStart = - "${openldap.out}/libexec/slapd -d ${cfg.logLevel} " + + "${openldap.out}/libexec/slapd -d '${cfg.logLevel}' " + "-u '${cfg.user}' -g '${cfg.group}' " + "-h '${concatStringsSep " " cfg.urlList}' " + "${configOpts}"; diff --git a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix new file mode 100644 index 000000000000..d71a17f5ea6b --- /dev/null +++ b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + options = { + + hardware.sane.dsseries.enable = + mkEnableOption "Brother DSSeries scan backend" // { + description = '' + When enabled, will automatically register the "dsseries" SANE backend. + + This supports the Brother DSmobile scanner series, including the + DS-620, DS-720D, DS-820W, and DS-920DW scanners. + ''; + }; + }; + + config = mkIf (config.hardware.sane.enable && config.hardware.sane.dsseries.enable) { + + hardware.sane.extraBackends = [ pkgs.dsseries ]; + services.udev.packages = [ pkgs.dsseries ]; + boot.kernelModules = [ "sg" ]; + + }; +} diff --git a/nixpkgs/nixos/modules/services/mail/davmail.nix b/nixpkgs/nixos/modules/services/mail/davmail.nix new file mode 100644 index 000000000000..a0cb81f84dac --- /dev/null +++ b/nixpkgs/nixos/modules/services/mail/davmail.nix @@ -0,0 +1,91 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.davmail; + + configType = with types; + either (either (attrsOf configType) str) (either int bool) // { + description = "davmail config type (str, int, bool or attribute set thereof)"; + }; + + toStr = val: if isBool val then boolToString val else toString val; + + linesForAttrs = attrs: concatMap (name: let value = attrs.${name}; in + if isAttrs value + then map (line: name + "." + line) (linesForAttrs value) + else [ "${name}=${toStr value}" ] + ) (attrNames attrs); + + configFile = pkgs.writeText "davmail.properties" (concatStringsSep "\n" (linesForAttrs cfg.config)); + +in + + { + options.services.davmail = { + enable = mkEnableOption "davmail, an MS Exchange gateway"; + + url = mkOption { + type = types.str; + description = "Outlook Web Access URL to access the exchange server, i.e. the base webmail URL."; + example = "https://outlook.office365.com/EWS/Exchange.asmx"; + }; + + config = mkOption { + type = configType; + default = {}; + description = '' + Davmail configuration. Refer to + <link xlink:href="http://davmail.sourceforge.net/serversetup.html"/> + and <link xlink:href="http://davmail.sourceforge.net/advanced.html"/> + for details on supported values. + ''; + example = literalExample '' + { + davmail.allowRemote = true; + davmail.imapPort = 55555; + davmail.bindAddress = "10.0.1.2"; + davmail.smtpSaveInSent = true; + davmail.folderSizeLimit = 10; + davmail.caldavAutoSchedule = false; + log4j.logger.rootLogger = "DEBUG"; + } + ''; + }; + }; + + config = mkIf cfg.enable { + + services.davmail.config.davmail = mapAttrs (name: mkDefault) { + server = true; + disableUpdateCheck = true; + logFilePath = "/var/log/davmail/davmail.log"; + logFileSize = "1MB"; + mode = "auto"; + url = cfg.url; + caldavPort = 1080; + imapPort = 1143; + ldapPort = 1389; + popPort = 1110; + smtpPort = 1025; + }; + + systemd.services.davmail = { + description = "DavMail POP/IMAP/SMTP Exchange Gateway"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.davmail}/bin/davmail ${configFile}"; + Restart = "on-failure"; + DynamicUser = "yes"; + LogsDirectory = "davmail"; + }; + }; + + environment.systemPackages = [ pkgs.davmail ]; + }; + } diff --git a/nixpkgs/nixos/modules/services/misc/bepasty.nix b/nixpkgs/nixos/modules/services/misc/bepasty.nix index 62835c194e42..006feca42b32 100644 --- a/nixpkgs/nixos/modules/services/misc/bepasty.nix +++ b/nixpkgs/nixos/modules/services/misc/bepasty.nix @@ -2,10 +2,10 @@ with lib; let - gunicorn = pkgs.pythonPackages.gunicorn; + gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; - gevent = pkgs.pythonPackages.gevent; - python = pkgs.pythonPackages.python; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.services.bepasty; user = "bepasty"; group = "bepasty"; diff --git a/nixpkgs/nixos/modules/services/misc/gitlab.nix b/nixpkgs/nixos/modules/services/misc/gitlab.nix index b8617e48d8e0..baa1c855c116 100644 --- a/nixpkgs/nixos/modules/services/misc/gitlab.nix +++ b/nixpkgs/nixos/modules/services/misc/gitlab.nix @@ -515,6 +515,8 @@ in { gitAndTools.git cfg.packages.gitaly.rubyEnv cfg.packages.gitaly.rubyEnv.wrappedRuby + gzip + bzip2 ]; serviceConfig = { Type = "simple"; diff --git a/nixpkgs/nixos/modules/services/misc/redmine.nix b/nixpkgs/nixos/modules/services/misc/redmine.nix index c38138d7c978..91ddf2c3edf3 100644 --- a/nixpkgs/nixos/modules/services/misc/redmine.nix +++ b/nixpkgs/nixos/modules/services/misc/redmine.nix @@ -266,7 +266,7 @@ in environment.REDMINE_LANG = "en"; environment.SCHEMA = "${cfg.stateDir}/cache/schema.db"; path = with pkgs; [ - imagemagickBig + imagemagick bazaar cvs darcs diff --git a/nixpkgs/nixos/modules/services/misc/plexpy.nix b/nixpkgs/nixos/modules/services/misc/tautulli.nix index 2a589fdfb27f..50e450366478 100644 --- a/nixpkgs/nixos/modules/services/misc/plexpy.nix +++ b/nixpkgs/nixos/modules/services/misc/tautulli.nix @@ -3,73 +3,69 @@ with lib; let - cfg = config.services.plexpy; + cfg = config.services.tautulli; in { options = { - services.plexpy = { - enable = mkEnableOption "PlexPy Plex Monitor"; + services.tautulli = { + enable = mkEnableOption "Tautulli Plex Monitor"; dataDir = mkOption { type = types.str; default = "/var/lib/plexpy"; - description = "The directory where PlexPy stores its data files."; + description = "The directory where Tautulli stores its data files."; }; configFile = mkOption { type = types.str; default = "/var/lib/plexpy/config.ini"; - description = "The location of PlexPy's config file."; + description = "The location of Tautulli's config file."; }; port = mkOption { type = types.int; default = 8181; - description = "TCP port where PlexPy listens."; + description = "TCP port where Tautulli listens."; }; user = mkOption { type = types.str; default = "plexpy"; - description = "User account under which PlexPy runs."; + description = "User account under which Tautulli runs."; }; group = mkOption { type = types.str; default = "nogroup"; - description = "Group under which PlexPy runs."; + description = "Group under which Tautulli runs."; }; package = mkOption { type = types.package; - default = pkgs.plexpy; - defaultText = "pkgs.plexpy"; + default = pkgs.tautulli; + defaultText = "pkgs.tautulli"; description = '' - The PlexPy package to use. + The Tautulli package to use. ''; }; }; }; config = mkIf cfg.enable { - systemd.services.plexpy = { - description = "PlexPy Plex Monitor"; + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.tautulli = { + description = "Tautulli Plex Monitor"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - preStart = '' - test -d "${cfg.dataDir}" || { - echo "Creating initial PlexPy data directory in \"${cfg.dataDir}\"." - mkdir -p "${cfg.dataDir}" - chown ${cfg.user}:${cfg.group} "${cfg.dataDir}" - } - ''; serviceConfig = { Type = "simple"; User = cfg.user; Group = cfg.group; - PermissionsStartOnly = "true"; GuessMainPID = "false"; - ExecStart = "${cfg.package}/bin/plexpy --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port} --pidfile ${cfg.dataDir}/plexpy.pid --nolaunch"; + ExecStart = "${cfg.package}/bin/tautulli --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port} --pidfile ${cfg.dataDir}/tautulli.pid --nolaunch"; Restart = "on-failure"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/zoneminder.nix b/nixpkgs/nixos/modules/services/misc/zoneminder.nix index ae7de7850d9f..2bd2f3c7cc08 100644 --- a/nixpkgs/nixos/modules/services/misc/zoneminder.nix +++ b/nixpkgs/nixos/modules/services/misc/zoneminder.nix @@ -50,7 +50,7 @@ let ZM_DB_TYPE=mysql ZM_DB_HOST=${cfg.database.host} ZM_DB_NAME=${cfg.database.name} - ZM_DB_USER=${cfg.database.username} + ZM_DB_USER=${if cfg.database.createLocally then user else cfg.database.username} ZM_DB_PASS=${cfg.database.password} # Web @@ -205,12 +205,12 @@ in { mysql = lib.mkIf cfg.database.createLocally { ensureDatabases = [ cfg.database.name ]; + initialDatabases = [{ + inherit (cfg.database) name; schema = "${pkg}/share/zoneminder/db/zm_create.sql"; + }]; ensureUsers = [{ name = cfg.database.username; ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; - initialDatabases = [ - { inherit (cfg.database) name; schema = "${pkg}/share/zoneminder/db/zm_create.sql"; } - ]; }]; }; @@ -275,14 +275,14 @@ in { }; phpfpm = lib.mkIf useNginx { - phpOptions = '' - date.timezone = "${config.time.timeZone}" - - ${lib.concatStringsSep "\n" (map (e: - "extension=${e.pkg}/lib/php/extensions/${e.name}.so") phpExtensions)} - ''; pools.zoneminder = { listen = socket; + phpOptions = '' + date.timezone = "${config.time.timeZone}" + + ${lib.concatStringsSep "\n" (map (e: + "extension=${e.pkg}/lib/php/extensions/${e.name}.so") phpExtensions)} + ''; extraConfig = '' user = ${user} group = ${group} diff --git a/nixpkgs/nixos/modules/services/monitoring/hdaps.nix b/nixpkgs/nixos/modules/services/monitoring/hdaps.nix index be26c44e78d1..2cad3b84d847 100644 --- a/nixpkgs/nixos/modules/services/monitoring/hdaps.nix +++ b/nixpkgs/nixos/modules/services/monitoring/hdaps.nix @@ -16,6 +16,7 @@ in }; config = mkIf cfg.enable { + boot.kernelModules = [ "hdapsd" ]; services.udev.packages = hdapsd; systemd.packages = hdapsd; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index 0a084561002f..fa53107ef24b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -119,7 +119,7 @@ let mkExporterConf = { name, conf, serviceOpts }: mkIf conf.enable { networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ - "ip46tables -I nixos-fw ${conf.firewallFilter} " + "ip46tables -A nixos-fw ${conf.firewallFilter} " "-m comment --comment ${name}-exporter -j nixos-fw-accept" ]); systemd.services."prometheus-${name}-exporter" = mkMerge ([{ diff --git a/nixpkgs/nixos/modules/services/networking/flannel.nix b/nixpkgs/nixos/modules/services/networking/flannel.nix index ec702cdc6ff4..c1f778ac139a 100644 --- a/nixpkgs/nixos/modules/services/networking/flannel.nix +++ b/nixpkgs/nixos/modules/services/networking/flannel.nix @@ -161,6 +161,7 @@ in { FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig; NODE_NAME = cfg.nodeName; }; + path = [ pkgs.iptables ]; preStart = '' mkdir -p /run/flannel touch /run/flannel/docker diff --git a/nixpkgs/nixos/modules/services/networking/knot.nix b/nixpkgs/nixos/modules/services/networking/knot.nix new file mode 100644 index 000000000000..1cc1dd3f2f62 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/knot.nix @@ -0,0 +1,95 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.knot; + + configFile = pkgs.writeText "knot.conf" cfg.extraConfig; + socketFile = "/run/knot/knot.sock"; + + knotConfCheck = file: pkgs.runCommand "knot-config-checked" + { buildInputs = [ cfg.package ]; } '' + ln -s ${configFile} $out + knotc --config=${configFile} conf-check + ''; + + knot-cli-wrappers = pkgs.stdenv.mkDerivation { + name = "knot-cli-wrappers"; + buildInputs = [ pkgs.makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + makeWrapper ${cfg.package}/bin/knotc "$out/bin/knotc" \ + --add-flags "--config=${configFile}" \ + --add-flags "--socket=${socketFile}" + makeWrapper ${cfg.package}/bin/keymgr "$out/bin/keymgr" \ + --add-flags "--config=${configFile}" + for executable in kdig khost kjournalprint knsec3hash knsupdate kzonecheck + do + ln -s "${cfg.package}/bin/$executable" "$out/bin/$executable" + done + mkdir -p "$out/share" + ln -s '${cfg.package}/share/man' "$out/share/" + ''; + }; +in { + options = { + services.knot = { + enable = mkEnableOption "Knot authoritative-only DNS server"; + + extraArgs = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of additional command line paramters for knotd + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra lines to be added verbatim to knot.conf + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.knot-dns; + description = '' + Which Knot DNS package to use + ''; + }; + }; + }; + + config = mkIf config.services.knot.enable { + systemd.services.knot = { + unitConfig.Documentation = "man:knotd(8) man:knot.conf(5) man:knotc(8) https://www.knot-dns.cz/docs/${cfg.package.version}/html/"; + description = cfg.package.meta.description; + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + after = ["network.target" ]; + + serviceConfig = { + Type = "notify"; + ExecStart = "${cfg.package}/bin/knotd --config=${knotConfCheck configFile} --socket=${socketFile} ${concatStringsSep " " cfg.extraArgs}"; + ExecReload = "${knot-cli-wrappers}/bin/knotc reload"; + CapabilityBoundingSet = "CAP_NET_BIND_SERVICE CAP_SETPCAP"; + AmbientCapabilities = "CAP_NET_BIND_SERVICE CAP_SETPCAP"; + NoNewPrivileges = true; + DynamicUser = "yes"; + RuntimeDirectory = "knot"; + StateDirectory = "knot"; + StateDirectoryMode = "0700"; + PrivateDevices = true; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; + SystemCallArchitectures = "native"; + Restart = "on-abort"; + }; + }; + + environment.systemPackages = [ knot-cli-wrappers ]; + }; +} + diff --git a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix index d770094960b2..817b5ec55f78 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix @@ -65,9 +65,12 @@ in { after = [ "network-online.target" "keys.target" ]; wants = [ "keys.target" ]; path = with pkgs; [ kmod iproute iptables utillinux ]; - environment.STRONGSWAN_CONF = pkgs.writeTextFile { - name = "strongswan.conf"; - text = cfg.strongswan.extraConfig; + environment = { + STRONGSWAN_CONF = pkgs.writeTextFile { + name = "strongswan.conf"; + text = cfg.strongswan.extraConfig; + }; + SWANCTL_DIR = "/etc/swanctl"; }; restartTriggers = [ config.environment.etc."swanctl/swanctl.conf".source ]; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index ccaa2cff1c23..50775c5262fa 100644 --- a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -546,26 +546,26 @@ in { config = mkIf cfg.enable { services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { - "${poolName}" = '' - listen = "${phpfpmSocketName}" - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = icingaweb2 - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 10 - ''; + "${poolName}" = { + listen = phpfpmSocketName; + phpOptions = '' + extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so + date.timezone = "${cfg.timezone}" + ''; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0600 + user = icingaweb2 + pm = dynamic + pm.max_children = 75 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 10 + ''; + }; }; - services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}") - '' - extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so - date.timezone = "${cfg.timezone}" - ''; - systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ]; services.nginx = { diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix index 498e3fdb23af..5ad241ace5c8 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix @@ -427,19 +427,19 @@ in { priority = 210; extraConfig = "return 301 $scheme://$host/remote.php/dav;"; }; - "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/" = { + "~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = { priority = 300; extraConfig = "deny all;"; }; - "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { + "~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = { priority = 300; extraConfig = "deny all;"; }; - "~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\\.php(?:$|/)" = { + "~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = { priority = 500; extraConfig = '' include ${config.services.nginx.package}/conf/fastcgi.conf; - fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_split_path_info ^(.+\.php)(\\/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS ${if cfg.https then "on" else "off"}; fastcgi_param modHeadersAvailable true; @@ -450,7 +450,7 @@ in { fastcgi_read_timeout 120s; ''; }; - "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\/)".extraConfig = '' + "~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = '' try_files $uri/ =404; index index.php; ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/restya-board.nix b/nixpkgs/nixos/modules/services/web-apps/restya-board.nix index bc6689bdb271..b064eae248ed 100644 --- a/nixpkgs/nixos/modules/services/web-apps/restya-board.nix +++ b/nixpkgs/nixos/modules/services/web-apps/restya-board.nix @@ -179,34 +179,35 @@ in config = mkIf cfg.enable { services.phpfpm.poolConfigs = { - "${poolName}" = '' - listen = "${phpfpmSocketName}"; - listen.owner = nginx - listen.group = nginx - listen.mode = 0600 - user = ${cfg.user} - group = ${cfg.group} - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - catch_workers_output = 1 - ''; + "${poolName}" = { + listen = phpfpmSocketName; + phpOptions = '' + date.timezone = "CET" + + ${optionalString (!isNull cfg.email.server) '' + SMTP = ${cfg.email.server} + smtp_port = ${toString cfg.email.port} + auth_username = ${cfg.email.login} + auth_password = ${cfg.email.password} + ''} + ''; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + listen.mode = 0600 + user = ${cfg.user} + group = ${cfg.group} + pm = dynamic + pm.max_children = 75 + pm.start_servers = 10 + pm.min_spare_servers = 5 + pm.max_spare_servers = 20 + pm.max_requests = 500 + catch_workers_output = 1 + ''; + }; }; - services.phpfpm.phpOptions = '' - date.timezone = "CET" - - ${optionalString (!isNull cfg.email.server) '' - SMTP = ${cfg.email.server} - smtp_port = ${toString cfg.email.port} - auth_username = ${cfg.email.login} - auth_password = ${cfg.email.password} - ''} - ''; - services.nginx.enable = true; services.nginx.virtualHosts."${cfg.virtualHost.serverName}" = { listen = [ { addr = cfg.virtualHost.listenHost; port = cfg.virtualHost.listenPort; } ]; diff --git a/nixpkgs/nixos/modules/services/web-apps/youtrack.nix b/nixpkgs/nixos/modules/services/web-apps/youtrack.nix index 6ad38028a641..691cbdc8d1d5 100644 --- a/nixpkgs/nixos/modules/services/web-apps/youtrack.nix +++ b/nixpkgs/nixos/modules/services/web-apps/youtrack.nix @@ -121,6 +121,7 @@ in environment.YOUTRACK_JVM_OPTS = "${extraAttr}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ unixtools.hostname ]; serviceConfig = { Type = "simple"; User = "youtrack"; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index 31bbbd558292..67faddb1ddb9 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -108,26 +108,26 @@ in ([ pkgs.pantheon.switchboard-plug-power ]) (mkIf config.services.printing.enable ([pkgs.system-config-printer]) ) ]; - services.pantheon.contractor.enable = true; + services.pantheon.contractor.enable = mkDefault true; services.geoclue2.enable = mkDefault true; # pantheon has pantheon-agent-geoclue2 services.geoclue2.enableDemoAgent = false; services.gnome3.at-spi2-core.enable = true; services.gnome3.evolution-data-server.enable = true; - services.gnome3.file-roller.enable = true; + services.gnome3.file-roller.enable = mkDefault true; # TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-settings-daemon.enable = true; services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon; services.gnome3.gvfs.enable = true; - services.gnome3.rygel.enable = true; - services.gsignond.enable = true; + services.gnome3.rygel.enable = mkDefault true; + services.gsignond.enable = mkDefault true; services.gsignond.plugins = with pkgs.gsignondPlugins; [ lastfm mail oauth ]; services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; services.xserver.libinput.enable = mkDefault true; services.xserver.updateDbusEnvironment = true; - services.zeitgeist.enable = true; + services.zeitgeist.enable = mkDefault true; networking.networkmanager.enable = mkDefault true; networking.networkmanager.basePackages = @@ -152,19 +152,15 @@ in "/share" ]; - environment.systemPackages = pkgs.pantheon.artwork ++ pkgs.pantheon.desktop ++ pkgs.pantheon.services ++ cfg.sessionPath - ++ (pkgs.gnome3.removePackagesByName pkgs.pantheon.apps config.environment.pantheon.excludePackages) - ++ (with pkgs.gnome3; - [ - adwaita-icon-theme - dconf - epiphany + environment.systemPackages = + pkgs.pantheon.artwork ++ pkgs.pantheon.desktop ++ pkgs.pantheon.services ++ cfg.sessionPath + ++ (with pkgs; gnome3.removePackagesByName + ([ + gnome3.geary + gnome3.epiphany + gnome3.gnome-font-viewer evince - geary - gnome-bluetooth - gnome-font-viewer - gnome-power-manager - ]) + ] ++ pantheon.apps) config.environment.pantheon.excludePackages) ++ (with pkgs; [ adwaita-qt @@ -172,6 +168,8 @@ in glib glib-networking gnome-menus + gnome3.adwaita-icon-theme + gnome3.dconf gtk3.out hicolor-icon-theme lightlocker @@ -185,7 +183,9 @@ in fonts.fonts = with pkgs; [ opensans-ttf roboto-mono + pantheon.elementary-redacted-script # needed by screenshot-tool ]; + fonts.fontconfig.defaultFonts = { monospace = [ "Roboto Mono" ]; sansSerif = [ "Open Sans" ]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix index ace9dd5321be..a9e55eb846ca 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -226,7 +226,29 @@ in security.pam.services.slim.enableKwallet = true; # Update the start menu for each user that is currently logged in - system.userActivationScripts.plasmaSetup = "${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5"; + system.userActivationScripts.plasmaSetup = '' + # The KDE icon cache is supposed to update itself + # automatically, but it uses the timestamp on the icon + # theme directory as a trigger. Since in Nix the + # timestamp is always the same, this doesn't work. So as + # a workaround, nuke the icon cache on login. This isn't + # perfect, since it may require logging out after + # installing new applications to update the cache. + # See http://lists-archives.org/kde-devel/26175-what-when-will-icon-cache-refresh.html + rm -fv $HOME/.cache/icon-cache.kcache + + # xdg-desktop-settings generates this empty file but + # it makes kbuildsyscoca5 fail silently. To fix this + # remove that menu if it exists. + rm -fv $HOME/.config/menus/applications-merged/xdg-desktop-menu-dummy.menu + + # Remove the kbuildsyscoca5 cache. It will be regenerated + # immediately after. This is necessary for kbuildsyscoca5 to + # recognize that software that has been removed. + rm -fv $HOME/.cache/ksycoca* + + ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5 + ''; }) ]; diff --git a/nixpkgs/nixos/modules/system/activation/top-level.nix b/nixpkgs/nixos/modules/system/activation/top-level.nix index a560af5ce96d..5c88d27b6c65 100644 --- a/nixpkgs/nixos/modules/system/activation/top-level.nix +++ b/nixpkgs/nixos/modules/system/activation/top-level.nix @@ -130,11 +130,9 @@ let failedAssertions = map (x: x.message) (filter (x: !x.assertion) config.assertions); - showWarnings = res: fold (w: x: builtins.trace "[1;31mwarning: ${w}[0m" x) res config.warnings; - baseSystemAssertWarn = if failedAssertions != [] then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}" - else showWarnings baseSystem; + else showWarnings config.warnings baseSystem; # Replace runtime dependencies system = fold ({ oldDependency, newDependency }: drv: diff --git a/nixpkgs/nixos/modules/tasks/auto-upgrade.nix b/nixpkgs/nixos/modules/tasks/auto-upgrade.nix index d225778a3878..91f4ae79ee91 100644 --- a/nixpkgs/nixos/modules/tasks/auto-upgrade.nix +++ b/nixpkgs/nixos/modules/tasks/auto-upgrade.nix @@ -57,7 +57,7 @@ let cfg = config.system.autoUpgrade; in }; - config = { + config = lib.mkIf cfg.enable { system.autoUpgrade.flags = [ "--no-build-output" ] @@ -84,7 +84,7 @@ let cfg = config.system.autoUpgrade; in ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags} ''; - startAt = optional cfg.enable cfg.dates; + startAt = cfg.dates; }; }; diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix b/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix index 93dfefdce902..c12ada7a030a 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix @@ -103,16 +103,18 @@ let script = '' - # Set the static DNS configuration, if given. - ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF - ${optionalString (cfg.nameservers != [] && cfg.domain != null) '' - domain ${cfg.domain} + ${optionalString (!config.environment.etc?"resolv.conf") '' + # Set the static DNS configuration, if given. + ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF + ${optionalString (cfg.nameservers != [] && cfg.domain != null) '' + domain ${cfg.domain} + ''} + ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)} + ${flip concatMapStrings cfg.nameservers (ns: '' + nameserver ${ns} + '')} + EOF ''} - ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)} - ${flip concatMapStrings cfg.nameservers (ns: '' - nameserver ${ns} - '')} - EOF # Set the default gateway. ${optionalString (cfg.defaultGateway != null && cfg.defaultGateway.address != "") '' diff --git a/nixpkgs/nixos/modules/virtualisation/amazon-image.nix b/nixpkgs/nixos/modules/virtualisation/amazon-image.nix index 6f4f99caa6f1..d67790702f1f 100644 --- a/nixpkgs/nixos/modules/virtualisation/amazon-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/amazon-image.nix @@ -31,6 +31,7 @@ in fileSystems."/" = { device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; autoResize = true; }; diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix index 60779579402c..6f7370181740 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix @@ -83,6 +83,8 @@ in }; config = mkIf cfg.enable (mkMerge [{ + warnings = mkIf (config.nixpkgs.config.virtualbox.enableExtensionPack or false) + ["'nixpkgs.virtualbox.enableExtensionPack' has no effect, please use 'virtualisation.virtualbox.host.enableExtensionPack'"]; boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ]; boot.extraModulePackages = [ kernelModules ]; environment.systemPackages = [ virtualbox ]; |