alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge master into haskell-updates

Browse source
This commit is contained in:
github-actions[bot] 2021-12-18 00:07:57 +00:00 committed by GitHub
parent 2189a53dad 7cb82ec614
commit eec551fc15
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
216 changed files with 4087 additions and 2942 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/modules.nix
View file

@ -614,6 +614,8 @@ rec {
definitions = map (def: def.value) res.defsFinal;
files = map (def: def.file) res.defsFinal;
inherit (res) isDefined;
# This allows options to be correctly displayed using `${options.path.to.it}`
__toString = _: showOption loc;
};
# Merge definitions of a value of a given type.

18
maintainers/scripts/check-maintainer-github-handles.sh
View file

@ -4,20 +4,19 @@
# Example how to work with the `lib.maintainers` attrset.
# Can be used to check whether all user handles are still valid.
set -e
# nixpkgs='<nixpkgs>'
# if [ -n "$1" ]; then
set -o errexit -o noclobber -o nounset -o pipefail
shopt -s failglob inherit_errexit
function checkCommits {
local user="$1"
local tmp=$(mktemp)
local ret status tmp user
user="$1"
tmp=$(mktemp)
curl --silent -w "%{http_code}" \
"https://github.com/NixOS/nixpkgs/commits?author=$user" \
> "$tmp"
# the last line of tmp contains the http status
local status=$(tail -n1 "$tmp")
local ret=
status=$(tail -n1 "$tmp")
ret=
case $status in
200) if <"$tmp" grep -i "no commits found" > /dev/null; then
ret=1
@ -31,7 +30,7 @@ function checkCommits {
checkCommits "$user"
ret=$?
;;
*) printf "BAD STATUS: $(tail -n1 $tmp) for %s\n" "$user"; ret=1
*) printf "BAD STATUS: $(tail -n1 "$tmp") for %s\n" "$user"; ret=1
ret=1
;;
esac
@ -63,4 +62,5 @@ nix-instantiate -A lib.maintainers --eval --strict --json \
| jq -r '.[]|.github|select(.)' \
| parallel -j5 checkUser
# To check some arbitrary users:
# parallel -j100 checkUser ::: "eelco" "profpatsch" "Profpatsch" "a"

15
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -36,6 +36,13 @@
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
a web interface for the PowerDNS server. Available at
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -152,6 +159,14 @@
compatibilty, but will be removed at a later date.
</para>
</listitem>
<listitem>
<para>
The <literal>services.unifi.openPorts</literal> option default
value of <literal>true</literal> is now deprecated and will be
changed to <literal>false</literal> in 22.11. Configurations
using this default will print a warning when rebuilt.
</para>
</listitem>
</itemizedlist>
</section>
</section>

5
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -12,6 +12,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
@ -63,3 +65,6 @@ In addition to numerous new and upgraded packages, this release has the followin
`influxdb2-cli`, matching the split that took place upstream. A
combined `influxdb2` package is still provided in this release for
backwards compatibilty, but will be removed at a later date.
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
Configurations using this default will print a warning when rebuilt.

8
nixos/modules/config/networking.nix
View file

@ -1,12 +1,13 @@
# /etc files related to networking, such as /etc/services.
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.networking;
opt = options.networking;
localhostMultiple = any (elem "localhost") (attrValues (removeAttrs cfg.hosts [ "127.0.0.1" "::1" ]));
@ -78,6 +79,7 @@ in
httpProxy = lib.mkOption {
type = types.nullOr types.str;
default = cfg.proxy.default;
defaultText = literalExpression "config.${opt.proxy.default}";
description = ''
This option specifies the http_proxy environment variable.
'';
@ -87,6 +89,7 @@ in
httpsProxy = lib.mkOption {
type = types.nullOr types.str;
default = cfg.proxy.default;
defaultText = literalExpression "config.${opt.proxy.default}";
description = ''
This option specifies the https_proxy environment variable.
'';
@ -96,6 +99,7 @@ in
ftpProxy = lib.mkOption {
type = types.nullOr types.str;
default = cfg.proxy.default;
defaultText = literalExpression "config.${opt.proxy.default}";
description = ''
This option specifies the ftp_proxy environment variable.
'';
@ -105,6 +109,7 @@ in
rsyncProxy = lib.mkOption {
type = types.nullOr types.str;
default = cfg.proxy.default;
defaultText = literalExpression "config.${opt.proxy.default}";
description = ''
This option specifies the rsync_proxy environment variable.
'';
@ -114,6 +119,7 @@ in
allProxy = lib.mkOption {
type = types.nullOr types.str;
default = cfg.proxy.default;
defaultText = literalExpression "config.${opt.proxy.default}";
description = ''
This option specifies the all_proxy environment variable.
'';

22
nixos/modules/config/system-path.nix
View file

@ -41,12 +41,17 @@ let
pkgs.zstd
];
defaultPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg)
[ pkgs.nano
pkgs.perl
pkgs.rsync
pkgs.strace
];
defaultPackageNames =
[ "nano"
"perl"
"rsync"
"strace"
];
defaultPackages =
map
(n: let pkg = pkgs.${n}; in setPrio ((pkg.meta.priority or 5) + 3) pkg)
defaultPackageNames;
defaultPackagesText = "[ ${concatMapStringsSep " " (n: "pkgs.${n}") defaultPackageNames } ]";
in
@ -73,6 +78,11 @@ in
defaultPackages = mkOption {
type = types.listOf types.package;
default = defaultPackages;
defaultText = literalDocBook ''
these packages, with their <literal>meta.priority</literal> numerically increased
(thus lowering their installation priority):
<programlisting>${defaultPackagesText}</programlisting>
'';
example = [];
description = ''
Set of default packages that aren't strictly necessary

8
nixos/modules/hardware/system-76.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
inherit (lib) mkOption mkEnableOption types mkIf mkMerge optional versionOlder;
inherit (lib) literalExpression mkOption mkEnableOption types mkIf mkMerge optional versionOlder;
cfg = config.hardware.system76;
opt = options.hardware.system76;
kpkgs = config.boot.kernelPackages;
modules = [ "system76" "system76-io" ] ++ (optional (versionOlder kpkgs.kernel.version "5.5") "system76-acpi");
@ -60,6 +61,7 @@ in {
firmware-daemon.enable = mkOption {
default = cfg.enableAll;
defaultText = literalExpression "config.${opt.enableAll}";
example = true;
description = "Whether to enable the system76 firmware daemon";
type = types.bool;
@ -67,6 +69,7 @@ in {
kernel-modules.enable = mkOption {
default = cfg.enableAll;
defaultText = literalExpression "config.${opt.enableAll}";
example = true;
description = "Whether to make the system76 out-of-tree kernel modules available";
type = types.bool;
@ -74,6 +77,7 @@ in {
power-daemon.enable = mkOption {
default = cfg.enableAll;
defaultText = literalExpression "config.${opt.enableAll}";
example = true;
description = "Whether to enable the system76 power daemon";
type = types.bool;

4
nixos/modules/misc/version.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.system.nixos;
opt = options.system.nixos;
in
{
@ -53,6 +54,7 @@ in
stateVersion = mkOption {
type = types.str;
default = cfg.release;
defaultText = literalExpression "config.${opt.release}";
description = ''
Every once in a while, a new NixOS release may change
configuration defaults in a way incompatible with stateful

1
nixos/modules/module-list.nix
View file

@ -1026,6 +1026,7 @@
./services/web-apps/plantuml-server.nix
./services/web-apps/plausible.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/powerdns-admin.nix
./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix
./services/web-apps/openwebrx.nix

26
nixos/modules/programs/captive-browser.nix
View file

@ -3,6 +3,18 @@
with lib;
let
cfg = config.programs.captive-browser;
browserDefault = chromium: concatStringsSep " " [
''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME"''
''${chromium}/bin/chromium''
''--user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive''
''--proxy-server="socks5://$PROXY"''
''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"''
''--no-first-run''
''--new-window''
''--incognito''
''-no-default-browser-check''
''http://cache.nixos.org/''
];
in
{
###### interface
@ -26,18 +38,8 @@ in
# the options below are the same as in "captive-browser.toml"
browser = mkOption {
type = types.str;
default = concatStringsSep " " [
''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME"''
''${pkgs.chromium}/bin/chromium''
''--user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive''
''--proxy-server="socks5://$PROXY"''
''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"''
''--no-first-run''
''--new-window''
''--incognito''
''-no-default-browser-check''
''http://cache.nixos.org/''
];
default = browserDefault pkgs.chromium;
defaultText = literalExpression (browserDefault "\${pkgs.chromium}");
description = ''
The shell (/bin/sh) command executed once the proxy starts.
When browser exits, the proxy exits. An extra env var PROXY is available.

1
nixos/modules/programs/gnupg.nix
View file

@ -71,6 +71,7 @@ in
type = types.nullOr (types.enum pkgs.pinentry.flavors);
example = "gnome3";
default = defaultPinentryFlavor;
defaultText = literalDocBook ''matching the configured desktop environment'';
description = ''
Which pinentry interface to use. If not null, the path to the
pinentry binary will be passed to gpg-agent via commandline and

4
nixos/modules/programs/zsh/zsh.nix
View file

@ -1,6 +1,6 @@
# This module defines global configuration for the zshell.
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -9,6 +9,7 @@ let
cfge = config.environment;
cfg = config.programs.zsh;
opt = options.programs.zsh;
zshAliases = concatStringsSep "\n" (
mapAttrsFlatten (k: v: "alias ${k}=${escapeShellArg v}")
@ -147,6 +148,7 @@ in
enableGlobalCompInit = mkOption {
default = cfg.enableCompletion;
defaultText = literalExpression "config.${opt.enableCompletion}";
description = ''
Enable execution of compinit call for all interactive zsh shells.

2
nixos/modules/security/acme.nix
View file

@ -2,6 +2,7 @@
with lib;
let
cfg = config.security.acme;
opt = options.security.acme;
# Used to calculate timer accuracy for coalescing
numCerts = length (builtins.attrNames cfg.certs);
@ -485,6 +486,7 @@ let
email = mkOption {
type = types.nullOr types.str;
default = cfg.email;
defaultText = literalExpression "config.${opt.email}";
description = "Contact email address for the CA to be able to reach you.";
};

6
nixos/modules/security/dhparams.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
inherit (lib) mkOption types;
inherit (lib) literalExpression mkOption types;
cfg = config.security.dhparams;
opt = options.security.dhparams;
bitType = types.addCheck types.int (b: b >= 16) // {
name = "bits";
@ -13,6 +14,7 @@ let
options.bits = mkOption {
type = bitType;
default = cfg.defaultBitSize;
defaultText = literalExpression "config.${opt.defaultBitSize}";
description = ''
The bit size for the prime that is used during a Diffie-Hellman
key exchange.

13
nixos/modules/services/audio/mpdscribble.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.mpdscribble;
mpdCfg = config.services.mpd;
mpdOpt = options.services.mpd;
endpointUrls = {
"last.fm" = "http://post.audioscrobbler.com";
@ -108,6 +109,11 @@ in {
mpdCfg.network.listenAddress
else
"localhost");
defaultText = literalExpression ''
if config.${mpdOpt.network.listenAddress} != "any"
then config.${mpdOpt.network.listenAddress}
else "localhost"
'';
type = types.str;
description = ''
Host for the mpdscribble daemon to search for a mpd daemon on.
@ -122,6 +128,10 @@ in {
mpdCfg.credentials).passwordFile
else
null;
defaultText = literalDocBook ''
The first password file with read access configured for MPD when using a local instance,
otherwise <literal>null</literal>.
'';
type = types.nullOr types.str;
description = ''
File containing the password for the mpd daemon.
@ -132,6 +142,7 @@ in {
port = mkOption {
default = mpdCfg.network.port;
defaultText = literalExpression "config.${mpdOpt.network.port}";
type = types.port;
description = ''
Port for the mpdscribble daemon to search for a mpd daemon on.

9
nixos/modules/services/backup/tarsnap.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, options, pkgs, utils, ... }:
with lib;
let
gcfg = config.services.tarsnap;
opt = options.services.tarsnap;
configFile = name: cfg: ''
keyfile ${cfg.keyfile}
@ -59,12 +60,13 @@ in
};
archives = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }:
type = types.attrsOf (types.submodule ({ config, options, ... }:
{
options = {
keyfile = mkOption {
type = types.str;
default = gcfg.keyfile;
defaultText = literalExpression "config.${opt.keyfile}";
description = ''
Set a specific keyfile for this archive. This defaults to
<literal>"/root/tarsnap.key"</literal> if left unspecified.
@ -87,6 +89,9 @@ in
cachedir = mkOption {
type = types.nullOr types.path;
default = "/var/cache/tarsnap/${utils.escapeSystemdPath config.keyfile}";
defaultText = literalExpression ''
"/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}"
'';
description = ''
The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage.

14
nixos/modules/services/cluster/hadoop/default.nix
View file

@ -1,6 +1,7 @@
{ config, lib, pkgs, ...}:
{ config, lib, options, pkgs, ...}:
let
cfg = config.services.hadoop;
opt = options.services.hadoop;
in
with lib;
{
@ -44,6 +45,14 @@ with lib;
"mapreduce.map.env" = "HADOOP_MAPRED_HOME=${cfg.package}/lib/${cfg.package.untarDir}";
"mapreduce.reduce.env" = "HADOOP_MAPRED_HOME=${cfg.package}/lib/${cfg.package.untarDir}";
};
defaultText = literalExpression ''
{
"mapreduce.framework.name" = "yarn";
"yarn.app.mapreduce.am.env" = "HADOOP_MAPRED_HOME=''${config.${opt.package}}/lib/''${config.${opt.package}.untarDir}";
"mapreduce.map.env" = "HADOOP_MAPRED_HOME=''${config.${opt.package}}/lib/''${config.${opt.package}.untarDir}";
"mapreduce.reduce.env" = "HADOOP_MAPRED_HOME=''${config.${opt.package}}/lib/''${config.${opt.package}.untarDir}";
}
'';
type = types.attrsOf types.anything;
example = literalExpression ''
options.services.hadoop.mapredSite.default // {
@ -98,6 +107,9 @@ with lib;
log4jProperties = mkOption {
default = "${cfg.package}/lib/${cfg.package.untarDir}/etc/hadoop/log4j.properties";
defaultText = literalExpression ''
"''${config.${opt.package}}/lib/''${config.${opt.package}.untarDir}/etc/hadoop/log4j.properties"
'';
type = types.path;
example = literalExpression ''
"''${pkgs.hadoop}/lib/''${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";

14
nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
View file

@ -1,9 +1,10 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.services.kubernetes.addons.dashboard;
opt = options.services.kubernetes.addons.dashboard;
in {
imports = [
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
@ -28,6 +29,9 @@ in {
description = "Whether to enable role based access control is enabled for kubernetes dashboard";
type = types.bool;
default = elem "RBAC" config.services.kubernetes.apiserver.authorizationMode;
defaultText = literalExpression ''
elem "RBAC" config.${options.services.kubernetes.apiserver.authorizationMode}
'';
};
clusterAdmin = mkOption {
@ -54,6 +58,14 @@ in {
finalImageTag = cfg.version;
sha256 = "01xrr4pwgr2hcjrjsi3d14ifpzdfbxzqpzxbk2fkbjb9zkv38zxy";
};
defaultText = literalExpression ''
{
imageName = "k8s.gcr.io/kubernetes-dashboard-amd64";
imageDigest = "sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747";
finalImageTag = config.${opt.version};
sha256 = "01xrr4pwgr2hcjrjsi3d14ifpzdfbxzqpzxbk2fkbjb9zkv38zxy";
};
'';
};
};

6
nixos/modules/services/cluster/kubernetes/addons/dns.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
@ -23,6 +23,10 @@ in {
take 3 (splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange
))
) + ".254";
defaultText = literalDocBook ''
The <literal>x.y.z.254</literal> IP of
<literal>config.${options.services.kubernetes.apiserver.serviceClusterIpRange}</literal>.
'';
type = types.str;
};

7
nixos/modules/services/cluster/kubernetes/apiserver.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.apiserver;
isRBACEnabled = elem "RBAC" cfg.authorizationMode;
@ -84,6 +85,7 @@ in
clientCaFile = mkOption {
description = "Kubernetes apiserver CA file for client auth.";
default = top.caFile;
defaultText = literalExpression "config.${otop.caFile}";
type = nullOr path;
};
@ -138,6 +140,7 @@ in
caFile = mkOption {
description = "Etcd ca file.";
default = top.caFile;
defaultText = literalExpression "config.${otop.caFile}";
type = types.nullOr types.path;
};
};
@ -157,6 +160,7 @@ in
featureGates = mkOption {
description = "List set of feature gates";
default = top.featureGates;
defaultText = literalExpression "config.${otop.featureGates}";
type = listOf str;
};
@ -175,6 +179,7 @@ in
kubeletClientCaFile = mkOption {
description = "Path to a cert file for connecting to kubelet.";
default = top.caFile;
defaultText = literalExpression "config.${otop.caFile}";
type = nullOr path;
};

6
nixos/modules/services/cluster/kubernetes/controller-manager.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.controllerManager;
in
{
@ -30,6 +31,7 @@ in
clusterCidr = mkOption {
description = "Kubernetes CIDR Range for Pods in cluster.";
default = top.clusterCidr;
defaultText = literalExpression "config.${otop.clusterCidr}";
type = str;
};
@ -44,6 +46,7 @@ in
featureGates = mkOption {
description = "List set of feature gates";
default = top.featureGates;
defaultText = literalExpression "config.${otop.featureGates}";
type = listOf str;
};
@ -67,6 +70,7 @@ in
service account's token secret.
'';
default = top.caFile;
defaultText = literalExpression "config.${otop.caFile}";
type = nullOr path;
};

4
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.kubernetes;
opt = options.services.kubernetes;
defaultContainerdSettings = {
version = 2;
@ -87,6 +88,7 @@ let
description = "${prefix} certificate authority file used to connect to kube-apiserver.";
type = types.nullOr types.path;
default = cfg.caFile;
defaultText = literalExpression "config.${opt.caFile}";
};
certFile = mkOption {

7
nixos/modules/services/cluster/kubernetes/kubelet.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.kubelet;
cniConfig =
@ -35,6 +36,7 @@ let
key = mkOption {
description = "Key of taint.";
default = name;
defaultText = literalDocBook "Name of this submodule.";
type = str;
};
value = mkOption {
@ -76,12 +78,14 @@ in
clusterDomain = mkOption {
description = "Use alternative domain.";
default = config.services.kubernetes.addons.dns.clusterDomain;
defaultText = literalExpression "config.${options.services.kubernetes.addons.dns.clusterDomain}";
type = str;
};
clientCaFile = mkOption {
description = "Kubernetes apiserver CA file for client authentication.";
default = top.caFile;
defaultText = literalExpression "config.${otop.caFile}";
type = nullOr path;
};
@ -148,6 +152,7 @@ in
featureGates = mkOption {
description = "List set of feature gates";
default = top.featureGates;
defaultText = literalExpression "config.${otop.featureGates}";
type = listOf str;
};

4
nixos/modules/services/cluster/kubernetes/proxy.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.proxy;
in
{
@ -31,6 +32,7 @@ in
featureGates = mkOption {
description = "List set of feature gates";
default = top.featureGates;
defaultText = literalExpression "config.${otop.featureGates}";
type = listOf str;
};

4
nixos/modules/services/cluster/kubernetes/scheduler.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.scheduler;
in
{
@ -27,6 +28,7 @@ in
featureGates = mkOption {
description = "List set of feature gates";
default = top.featureGates;
defaultText = literalExpression "config.${otop.featureGates}";
type = listOf str;
};

9
nixos/modules/services/computing/slurm/slurm.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.slurm;
opt = options.services.slurm;
# configuration file can be generated by http://slurm.schedmd.com/configurator.html
defaultUser = "slurm";
@ -90,6 +91,7 @@ in
storageUser = mkOption {
type = types.str;
default = cfg.user;
defaultText = literalExpression "config.${opt.user}";
description = ''
Database user name.
'';
@ -154,6 +156,7 @@ in
controlAddr = mkOption {
type = types.nullOr types.str;
default = cfg.controlMachine;
defaultText = literalExpression "config.${opt.controlMachine}";
example = null;
description = ''
Name that ControlMachine should be referred to in establishing a
@ -279,6 +282,10 @@ in
type = types.path;
internal = true;
default = etcSlurm;
defaultText = literalDocBook ''
Directory created from generated config files and
<literal>config.${opt.extraConfigPaths}</literal>.
'';
description = ''
Path to directory with slurm config files. This option is set by default from the
Slurm module and is meant to make the Slurm config file available to other modules.

4
nixos/modules/services/continuous-integration/buildbot/master.nix
View file

@ -1,11 +1,12 @@
# NixOS module for Buildbot continous integration server.
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.buildbot-master;
opt = options.services.buildbot-master;
python = cfg.package.pythonModule;
@ -152,6 +153,7 @@ in {
buildbotDir = mkOption {
default = "${cfg.home}/master";
defaultText = literalExpression ''"''${config.${opt.home}}/master"'';
type = types.path;
description = "Specifies the Buildbot directory.";
};

4
nixos/modules/services/continuous-integration/buildbot/worker.nix
View file

@ -1,11 +1,12 @@
# NixOS module for Buildbot Worker.
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.buildbot-worker;
opt = options.services.buildbot-worker;
python = cfg.package.pythonModule;
@ -77,6 +78,7 @@ in {
buildbotDir = mkOption {
default = "${cfg.home}/worker";
defaultText = literalExpression ''"''${config.${opt.home}}/worker"'';
type = types.path;
description = "Specifies the Buildbot directory.";
};

60
nixos/modules/services/continuous-integration/github-runner.nix
View file

@ -10,6 +10,8 @@ let
stateDir = "%S/${systemdDir}";
# %L: Log directory root (usually /var/log); see systemd.unit(5)
logsDir = "%L/${systemdDir}";
# Name of file stored in service state directory
currentConfigTokenFilename = ".current-token";
in
{
options.services.github-runner = {
@ -144,13 +146,11 @@ in
ExecStart = "${cfg.package}/bin/runsvc.sh";
# Does the following, sequentially:
# - Copy the current and the previous `tokenFile` to the $RUNTIME_DIRECTORY
# and make it accessible to the service user to allow for a content
# comparison.
# - If the module configuration or the token has changed, clear the state directory.
# - Configure the runner.
# - Copy the configured `tokenFile` to the $STATE_DIRECTORY and make it
# inaccessible to the service user.
# - If the module configuration or the token has changed, purge the state directory,
# and create the current and the new token file with the contents of the configured
# token. While both files have the same content, only the later is accessible by
# the service user.
# - Configure the runner using the new token file. When finished, delete it.
# - Set up the directory structure by creating the necessary symlinks.
ExecStartPre =
let
@ -173,37 +173,20 @@ in
currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg;
newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
currentConfigTokenFilename = ".current-token";
newConfigTokenFilename = ".new-token";
runnerCredFiles = [
".credentials"
".credentials_rsaparams"
".runner"
];
ownConfigTokens = writeScript "own-config-tokens" ''
# Copy current and new token file to runtime dir and make it accessible to the service user
cp ${escapeShellArg cfg.tokenFile} "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"
chmod 600 "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"
chown "$USER" "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"
if [[ -e "$STATE_DIRECTORY/${currentConfigTokenFilename}" ]]; then
cp "$STATE_DIRECTORY/${currentConfigTokenFilename}" "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"
chmod 600 "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"
chown "$USER" "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"
fi
'';
disownConfigTokens = writeScript "disown-config-tokens" ''
# Make the token inaccessible to the runner service user
chmod 600 "$STATE_DIRECTORY/${currentConfigTokenFilename}"
chown root:root "$STATE_DIRECTORY/${currentConfigTokenFilename}"
'';
unconfigureRunner = writeScript "unconfigure" ''
differs=
# Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist
${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1
# Also trigger a registration if the token content changed
${pkgs.diffutils}/bin/diff -q \
"$RUNTIME_DIRECTORY"/{${currentConfigTokenFilename},${newConfigTokenFilename}} \
"$STATE_DIRECTORY"/${currentConfigTokenFilename} \
${escapeShellArg cfg.tokenFile} \
>/dev/null 2>&1 || differs=1
if [[ -n "$differs" ]]; then
@ -211,13 +194,18 @@ in
echo "The old runner will still appear in the GitHub Actions UI." \
"You have to remove it manually."
find "$STATE_DIRECTORY/" -mindepth 1 -delete
# Copy the configured token file to the state dir and allow the service user to read the file
install --mode=666 ${escapeShellArg cfg.tokenFile} "$STATE_DIRECTORY/${newConfigTokenFilename}"
# Also copy current file to allow for a diff on the next start
install --mode=600 ${escapeShellArg cfg.tokenFile} "$STATE_DIRECTORY/${currentConfigTokenFilename}"
fi
'';
configureRunner = writeScript "configure" ''
empty=$(ls -A "$STATE_DIRECTORY")
if [[ -z "$empty" ]]; then
if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then
echo "Configuring GitHub Actions Runner"
token=$(< "$RUNTIME_DIRECTORY"/${newConfigTokenFilename})
token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename})
RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \
--unattended \
--work "$RUNTIME_DIRECTORY" \
@ -234,8 +222,7 @@ in
rm -rf "$STATE_DIRECTORY/_diag/"
# Cleanup token from config
rm -f "$RUNTIME_DIRECTORY"/${currentConfigTokenFilename}
mv "$RUNTIME_DIRECTORY"/${newConfigTokenFilename} "$STATE_DIRECTORY/${currentConfigTokenFilename}"
rm "$STATE_DIRECTORY/${newConfigTokenFilename}"
# Symlink to new config
ln -s '${newConfigPath}' "${currentConfigPath}"
@ -250,10 +237,8 @@ in
'';
in
map (x: "${x} ${escapeShellArgs [ stateDir runtimeDir logsDir ]}") [
"+${ownConfigTokens}" # runs as root
unconfigureRunner
"+${unconfigureRunner}" # runs as root
configureRunner
"+${disownConfigTokens}" # runs as root
setupRuntimeDir
];
@ -266,6 +251,13 @@ in
StateDirectoryMode = "0700";
WorkingDirectory = runtimeDir;
InaccessiblePaths = [
# Token file path given in the configuration
cfg.tokenFile
# Token file in the state directory
"${stateDir}/${currentConfigTokenFilename}"
];
# By default, use a dynamically allocated user
DynamicUser = true;

12
nixos/modules/services/continuous-integration/gocd-agent/default.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.gocd-agent;
opt = options.services.gocd-agent;
in {
options = {
services.gocd-agent = {
@ -98,6 +99,15 @@ in {
"-Dcruise.console.publish.interval=10"
"-Djava.security.egd=file:/dev/./urandom"
];
defaultText = literalExpression ''
[
"-Xms''${config.${opt.initialJavaHeapSize}}"
"-Xmx''${config.${opt.maxJavaHeapMemory}}"
"-Djava.io.tmpdir=/tmp"
"-Dcruise.console.publish.interval=10"
"-Djava.security.egd=file:/dev/./urandom"
]
'';
description = ''
Specifies startup command line arguments to pass to Go.CD agent
java process.

17
nixos/modules/services/continuous-integration/gocd-server/default.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.gocd-server;
opt = options.services.gocd-server;
in {
options = {
services.gocd-server = {
@ -106,6 +107,20 @@ in {
"-Dcruise.server.port=${toString cfg.port}"
"-Dcruise.server.ssl.port=${toString cfg.sslPort}"
];
defaultText = literalExpression ''
[
"-Xms''${config.${opt.initialJavaHeapSize}}"
"-Xmx''${config.${opt.maxJavaHeapMemory}}"
"-Dcruise.listen.host=''${config.${opt.listenAddress}}"
"-Duser.language=en"
"-Djruby.rack.request.size.threshold.bytes=30000000"
"-Duser.country=US"
"-Dcruise.config.dir=''${config.${opt.workDir}}/conf"
"-Dcruise.config.file=''${config.${opt.workDir}}/conf/cruise-config.xml"
"-Dcruise.server.port=''${toString config.${opt.port}}"
"-Dcruise.server.ssl.port=''${toString config.${opt.sslPort}}"
]
'';
description = ''
Specifies startup command line arguments to pass to Go.CD server

21
nixos/modules/services/databases/hbase.nix
View file

@ -1,14 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hbase;
defaultConfig = {
"hbase.rootdir" = "file://${cfg.dataDir}/hbase";
"hbase.zookeeper.property.dataDir" = "${cfg.dataDir}/zookeeper";
};
opt = options.services.hbase;
buildProperty = configAttr:
(builtins.concatStringsSep "\n"
@ -23,7 +19,7 @@ let
configFile = pkgs.writeText "hbase-site.xml"
''<configuration>
${buildProperty (defaultConfig // cfg.settings)}
${buildProperty (opt.settings.default // cfg.settings)}
</configuration>
'';
@ -96,7 +92,16 @@ in {
settings = mkOption {
type = with lib.types; attrsOf (oneOf [ str int bool ]);
default = defaultConfig;
default = {
"hbase.rootdir" = "file://${cfg.dataDir}/hbase";
"hbase.zookeeper.property.dataDir" = "${cfg.dataDir}/zookeeper";
};
defaultText = literalExpression ''
{
"hbase.rootdir" = "file://''${config.${opt.dataDir}}/hbase";
"hbase.zookeeper.property.dataDir" = "''${config.${opt.dataDir}}/zookeeper";
}
'';
description = ''
configurations in hbase-site.xml, see <link xlink:href="https://github.com/apache/hbase/blob/master/hbase-server/src/test/resources/hbase-site.xml"/> for details.
'';

8
nixos/modules/services/databases/neo4j.nix
View file

@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.neo4j;
opt = options.services.neo4j;
certDirOpt = options.services.neo4j.directories.certificates;
isDefaultPathOption = opt: isOption opt && opt.type == types.path && opt.highestPrio >= 1500;
@ -256,6 +257,7 @@ in {
certificates = mkOption {
type = types.path;
default = "${cfg.directories.home}/certificates";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/certificates"'';
description = ''
Directory for storing certificates to be used by Neo4j for
TLS connections.
@ -280,6 +282,7 @@ in {
data = mkOption {
type = types.path;
default = "${cfg.directories.home}/data";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/data"'';
description = ''
Path of the data directory. You must not configure more than one
Neo4j installation to use the same data directory.
@ -305,6 +308,7 @@ in {
imports = mkOption {
type = types.path;
default = "${cfg.directories.home}/import";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/import"'';
description = ''
The root directory for file URLs used with the Cypher
<literal>LOAD CSV</literal> clause. Only meaningful when
@ -321,6 +325,7 @@ in {
plugins = mkOption {
type = types.path;
default = "${cfg.directories.home}/plugins";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/plugins"'';
description = ''
Path of the database plugin directory. Compiled Java JAR files that
contain database procedures will be loaded if they are placed in
@ -432,6 +437,7 @@ in {
baseDirectory = mkOption {
type = types.path;
default = "${cfg.directories.certificates}/${name}";
defaultText = literalExpression ''"''${config.${opt.directories.certificates}}/''${name}"'';
description = ''
The mandatory base directory for cryptographic objects of this
policy. This path is only automatically generated when this
@ -493,6 +499,7 @@ in {
revokedDir = mkOption {
type = types.path;
default = "${config.baseDirectory}/revoked";
defaultText = literalExpression ''"''${config.${options.baseDirectory}}/revoked"'';
description = ''
Path to directory of CRLs (Certificate Revocation Lists) in
PEM format. Must be an absolute path. The existence of this
@ -528,6 +535,7 @@ in {
trustedDir = mkOption {
type = types.path;
default = "${config.baseDirectory}/trusted";
defaultText = literalExpression ''"''${config.${options.baseDirectory}}/trusted"'';
description = ''
Path to directory of X.509 certificates in PEM format for
trusted parties. Must be an absolute path. The existence of this

1
nixos/modules/services/games/quake3-server.nix
View file

@ -71,6 +71,7 @@ in {
baseq3 = mkOption {
type = types.either types.package types.path;
default = defaultBaseq3;
defaultText = literalDocBook "Manually downloaded Quake 3 installation directory.";
example = "/var/lib/q3ds";
description = ''
Path to the baseq3 files (pak*.pk3). If this is on the nix store (type = package) all .pk3 files should be saved

5
nixos/modules/services/games/terraria.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.terraria;
opt = options.services.terraria;
worldSizeMap = { small = 1; medium = 2; large = 3; };
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
boolFlag = name: val: optionalString val "-${name}";
@ -36,7 +37,7 @@ in
type = types.bool;
default = false;
description = ''
If enabled, starts a Terraria server. The server can be connected to via <literal>tmux -S ${cfg.dataDir}/terraria.sock attach</literal>
If enabled, starts a Terraria server. The server can be connected to via <literal>tmux -S ''${config.${opt.dataDir}}/terraria.sock attach</literal>
for administration by users who are a part of the <literal>terraria</literal> group (use <literal>C-b d</literal> shortcut to detach again).
'';
};

6
nixos/modules/services/hardware/tcsd.nix
View file

@ -1,11 +1,12 @@
# tcsd daemon.
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.services.tcsd;
opt = options.services.tcsd;
tcsdConf = pkgs.writeText "tcsd.conf" ''
port = 30003
@ -83,6 +84,7 @@ in
platformCred = mkOption {
default = "${cfg.stateDir}/platform.cert";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/platform.cert"'';
type = types.path;
description = ''
Path to the platform credential for your TPM. Your TPM
@ -96,6 +98,7 @@ in
conformanceCred = mkOption {
default = "${cfg.stateDir}/conformance.cert";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/conformance.cert"'';
type = types.path;
description = ''
Path to the conformance credential for your TPM.
@ -104,6 +107,7 @@ in
endorsementCred = mkOption {
default = "${cfg.stateDir}/endorsement.cert";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/endorsement.cert"'';
type = types.path;
description = ''
Path to the endorsement credential for your TPM.

16
nixos/modules/services/logging/journalbeat.nix
View file

@ -5,14 +5,10 @@ with lib;
let
cfg = config.services.journalbeat;
lt6 = builtins.compareVersions cfg.package.version "6" < 0;
journalbeatYml = pkgs.writeText "journalbeat.yml" ''
name: ${cfg.name}
tags: ${builtins.toJSON cfg.tags}
${optionalString lt6 "journalbeat.cursor_state_file: /var/lib/${cfg.stateDir}/cursor-state"}
${cfg.extraConfig}
'';
@ -57,17 +53,7 @@ in
extraConfig = mkOption {
type = types.lines;
default = optionalString lt6 ''
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
'';
default = "";
description = "Any other configuration options you want to add";
};

5
nixos/modules/services/mail/rspamd.nix
View file

@ -5,6 +5,7 @@ with lib;
let
cfg = config.services.rspamd;
opt = options.services.rspamd;
postfixCfg = config.services.postfix;
bindSocketOpts = {options, config, ... }: {
@ -285,8 +286,8 @@ in
bindSockets = [{
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
owner = "${cfg.user}";
group = "${cfg.group}";
owner = "''${config.${opt.user}}";
group = "''${config.${opt.group}}";
}];
};
controller = {

5
nixos/modules/services/misc/airsonic.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.airsonic;
opt = options.services.airsonic;
in {
options = {
@ -78,7 +79,7 @@ in {
description = ''
List of paths to transcoder executables that should be accessible
from Airsonic. Symlinks will be created to each executable inside
${cfg.home}/transcoders.
''${config.${opt.home}}/transcoders.
'';
};

9
nixos/modules/services/misc/etcd.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.etcd;
opt = options.services.etcd;
in {
@ -24,6 +25,7 @@ in {
advertiseClientUrls = mkOption {
description = "Etcd list of this member's client URLs to advertise to the rest of the cluster.";
default = cfg.listenClientUrls;
defaultText = literalExpression "config.${opt.listenClientUrls}";
type = types.listOf types.str;
};
@ -42,12 +44,14 @@ in {
initialAdvertisePeerUrls = mkOption {
description = "Etcd list of this member's peer URLs to advertise to rest of the cluster.";
default = cfg.listenPeerUrls;
defaultText = literalExpression "config.${opt.listenPeerUrls}";
type = types.listOf types.str;
};
initialCluster = mkOption {
description = "Etcd initial cluster configuration for bootstrapping.";
default = ["${cfg.name}=http://127.0.0.1:2380"];
defaultText = literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]'';
type = types.listOf types.str;
};
@ -96,18 +100,21 @@ in {
peerCertFile = mkOption {
description = "Cert file to use for peer to peer communication";
default = cfg.certFile;
defaultText = literalExpression "config.${opt.certFile}";
type = types.nullOr types.path;
};
peerKeyFile = mkOption {
description = "Key file to use for peer to peer communication";
default = cfg.keyFile;
defaultText = literalExpression "config.${opt.keyFile}";
type = types.nullOr types.path;
};
peerTrustedCaFile = mkOption {
description = "Certificate authority file to use for peer to peer communication";
default = cfg.trustedCaFile;
defaultText = literalExpression "config.${opt.trustedCaFile}";
type = types.nullOr types.path;
};

5
nixos/modules/services/misc/exhibitor.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.exhibitor;
opt = options.services.exhibitor;
exhibitorConfig = ''
zookeeper-install-directory=${cfg.baseDir}/zookeeper
zookeeper-data-directory=${cfg.zkDataDir}
@ -165,6 +166,7 @@ in
zkDataDir = mkOption {
type = types.str;
default = "${cfg.baseDir}/zkData";
defaultText = literalExpression ''"''${config.${opt.baseDir}}/zkData"'';
description = ''
The Zookeeper data directory
'';
@ -172,6 +174,7 @@ in
zkLogDir = mkOption {
type = types.path;
default = "${cfg.baseDir}/zkLogs";
defaultText = literalExpression ''"''${config.${opt.baseDir}}/zkLogs"'';
description = ''
The Zookeeper logs directory
'';

13
nixos/modules/services/misc/gitea.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.gitea;
opt = options.services.gitea;
gitea = cfg.package;
pg = config.services.postgresql;
useMysql = cfg.database.type == "mysql";
@ -51,6 +52,7 @@ in
log = {
rootPath = mkOption {
default = "${cfg.stateDir}/log";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/log"'';
type = types.str;
description = "Root path for log files.";
};
@ -84,6 +86,11 @@ in
port = mkOption {
type = types.port;
default = (if !usePostgresql then 3306 else pg.port);
defaultText = literalExpression ''
if config.${opt.database.type} != "postgresql"
then 3306
else config.${options.services.postgresql.port}
'';
description = "Database host port.";
};
@ -130,6 +137,7 @@ in
path = mkOption {
type = types.str;
default = "${cfg.stateDir}/data/gitea.db";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/gitea.db"'';
description = "Path to the sqlite3 database file.";
};
@ -166,6 +174,7 @@ in
backupDir = mkOption {
type = types.str;
default = "${cfg.stateDir}/dump";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/dump"'';
description = "Path to the dump files.";
};
};
@ -199,6 +208,7 @@ in
contentDir = mkOption {
type = types.str;
default = "${cfg.stateDir}/data/lfs";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/lfs"'';
description = "Where to store LFS files.";
};
};
@ -212,6 +222,7 @@ in
repositoryRoot = mkOption {
type = types.str;
default = "${cfg.stateDir}/repositories";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"'';
description = "Path to the git repositories.";
};

5
nixos/modules/services/misc/gitlab.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, options, pkgs, utils, ... }:
with lib;
let
cfg = config.services.gitlab;
opt = options.services.gitlab;
ruby = cfg.packages.gitlab.ruby;
@ -309,6 +310,7 @@ in {
backup.path = mkOption {
type = types.str;
default = cfg.statePath + "/backup";
defaultText = literalExpression ''config.${opt.statePath} + "/backup"'';
description = "GitLab path for backups.";
};
@ -554,6 +556,7 @@ in {
defaultForProjects = mkOption {
type = types.bool;
default = cfg.registry.enable;
defaultText = literalExpression "config.${opt.registry.enable}";
description = "If GitLab container registry should be enabled by default for projects.";
};
issuer = mkOption {

1
nixos/modules/services/misc/gitweb.nix
View file

@ -47,6 +47,7 @@ in
$highlight_bin = "${pkgs.highlight}/bin/highlight";
${cfg.extraConfig}
'';
defaultText = literalDocBook "generated config file";
type = types.path;
readOnly = true;
internal = true;

5
nixos/modules/services/misc/gogs.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.gogs;
opt = options.services.gogs;
configFile = pkgs.writeText "app.ini" ''
APP_NAME = ${cfg.appName}
RUN_USER = ${cfg.user}
@ -129,6 +130,7 @@ in
path = mkOption {
type = types.str;
default = "${cfg.stateDir}/data/gogs.db";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/gogs.db"'';
description = "Path to the sqlite3 database file.";
};
};
@ -142,6 +144,7 @@ in
repositoryRoot = mkOption {
type = types.str;
default = "${cfg.stateDir}/repositories";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"'';
description = "Path to the git repositories.";
};

4
nixos/modules/services/misc/headphones.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -7,6 +7,7 @@ let
name = "headphones";
cfg = config.services.headphones;
opt = options.services.headphones;
in
@ -29,6 +30,7 @@ in
configFile = mkOption {
type = types.path;
default = "${cfg.dataDir}/config.ini";
defaultText = literalExpression ''"''${config.${opt.dataDir}}/config.ini"'';
description = "Path to config file.";
};
host = mkOption {

4
nixos/modules/services/misc/matrix-appservice-discord.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
@ -7,6 +7,7 @@ let
registrationFile = "${dataDir}/discord-registration.yaml";
appDir = "${pkgs.matrix-appservice-discord}/${pkgs.matrix-appservice-discord.passthru.nodeAppDir}";
cfg = config.services.matrix-appservice-discord;
opt = options.services.matrix-appservice-discord;
# TODO: switch to configGen.json once RFC42 is implemented
settingsFile = pkgs.writeText "matrix-appservice-discord-settings.json" (builtins.toJSON cfg.settings);
@ -74,6 +75,7 @@ in {
url = mkOption {
type = types.str;
default = "http://localhost:${toString cfg.port}";
defaultText = literalExpression ''"http://localhost:''${toString config.${opt.port}}"'';
description = ''
The URL where the application service is listening for HS requests.
'';

36
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.matrix-synapse;
opt = options.services.matrix-synapse;
pg = config.services.postgresql;
usePostgresql = cfg.database_type == "psycopg2";
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
@ -197,7 +198,7 @@ in {
tls_certificate_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "${cfg.dataDir}/homeserver.tls.crt";
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
description = ''
PEM encoded X509 certificate for TLS.
You can replace the self-signed certificate that synapse
@ -209,7 +210,7 @@ in {
tls_private_key_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "${cfg.dataDir}/homeserver.tls.key";
example = "/var/lib/matrix-synapse/homeserver.tls.key";
description = ''
PEM encoded private key for TLS. Specify null if synapse is not
speaking TLS directly.
@ -218,7 +219,7 @@ in {
tls_dh_params_path = mkOption {
type = types.nullOr types.str;
default = null;
example = "${cfg.dataDir}/homeserver.tls.dh";
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
description = ''
PEM dh parameters for ephemeral keys
'';
@ -408,6 +409,29 @@ in {
database = cfg.database_name;
};
}.${cfg.database_type};
defaultText = literalDocBook ''
<variablelist>
<varlistentry>
<term>using sqlite3</term>
<listitem>
<programlisting>
{ database = "''${config.${opt.dataDir}}/homeserver.db"; }
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>using psycopg2</term>
<listitem>
<programlisting>
psycopg2 = {
user = config.${opt.database_user};
database = config.${opt.database_name};
}
</programlisting>
</listitem>
</varlistentry>
</variablelist>
'';
description = ''
Arguments to pass to the engine.
'';
@ -739,7 +763,7 @@ in {
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
wantedBy = [ "multi-user.target" ];
preStart = ''
${cfg.package}/bin/homeserver \
${cfg.package}/bin/synapse_homeserver \
--config-path ${configFile} \
--keys-directory ${cfg.dataDir} \
--generate-keys
@ -759,7 +783,7 @@ in {
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
'')) ];
ExecStart = ''
${cfg.package}/bin/homeserver \
${cfg.package}/bin/synapse_homeserver \
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
--keys-directory ${cfg.dataDir}
'';

10
nixos/modules/services/misc/mediatomb.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -6,6 +6,7 @@ let
gid = config.ids.gids.mediatomb;
cfg = config.services.mediatomb;
opt = options.services.mediatomb;
name = cfg.package.pname;
pkg = cfg.package;
optionYesNo = option: if option then "yes" else "no";
@ -261,6 +262,7 @@ in {
dataDir = mkOption {
type = types.path;
default = "/var/lib/${name}";
defaultText = literalExpression ''"/var/lib/''${config.${opt.package}.pname}"'';
description = ''
The directory where Gerbera/Mediatomb stores its state, data, etc.
'';
@ -277,13 +279,13 @@ in {
user = mkOption {
type = types.str;
default = "mediatomb";
description = "User account under which ${name} runs.";
description = "User account under which the service runs.";
};
group = mkOption {
type = types.str;
default = "mediatomb";
description = "Group account under which ${name} runs.";
description = "Group account under which the service runs.";
};
port = mkOption {
@ -340,7 +342,7 @@ in {
type = types.bool;
default = false;
description = ''
Allow ${name} to create and use its own config file inside the <literal>dataDir</literal> as
Allow the service to create and use its own config file inside the <literal>dataDir</literal> as
configured by <option>services.mediatomb.dataDir</option>.
Deactivated by default, the service then runs with the configuration generated from this module.
Otherwise, when enabled, no service configuration is generated. Gerbera/Mediatomb then starts using

4
nixos/modules/services/misc/moonraker.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
pkg = pkgs.moonraker;
cfg = config.services.moonraker;
opt = options.services.moonraker;
format = pkgs.formats.ini {
# https://github.com/NixOS/nixpkgs/pull/121613#issuecomment-885241996
listToValue = l:
@ -31,6 +32,7 @@ in {
configDir = mkOption {
type = types.path;
default = cfg.stateDir + "/config";
defaultText = literalExpression ''config.${opt.stateDir} + "/config"'';
description = ''
The directory containing client-writable configuration files.

12
nixos/modules/services/misc/mwlib.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.mwlib;
opt = options.services.mwlib;
pypkgs = pkgs.python27Packages;
inherit (pypkgs) python mwlib;
@ -46,6 +47,9 @@ in
qserve = mkOption {
default = [ "${cfg.qserve.address}:${toString cfg.qserve.port}" ];
defaultText = literalExpression ''
[ "''${config.${opt.qserve.address}}:''${toString config.${opt.qserve.port}}"
]'';
type = types.listOf types.str;
description = "Register qserve instance.";
}; # nserve.qserve
@ -96,6 +100,7 @@ in
nslave = {
enable = mkOption {
default = cfg.qserve.enable;
defaultText = literalExpression "config.${opt.qserve.enable}";
type = types.bool;
description = ''
Pulls new jobs from exactly one qserve instance
@ -127,7 +132,7 @@ in
You have to enable it, or use your own way for serving files
and set the http.url option accordingly.
'';
type = types.submodule ({
type = types.submodule ({ config, options, ... }: {
options = {
enable = mkOption {
default = true;
@ -148,7 +153,8 @@ in
}; # nslave.http.address
url = mkOption {
default = "http://localhost:${toString cfg.nslave.http.port}/cache";
default = "http://localhost:${toString config.port}/cache";
defaultText = literalExpression ''"http://localhost:''${toString config.${options.port}}/cache"'';
type = types.str;
description = ''
Specify URL for accessing generated files from cache.

6
nixos/modules/services/misc/rippled.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.rippled;
opt = options.services.rippled;
b2i = val: if val then "1" else "0";
@ -165,6 +166,7 @@ let
description = "Location to store the database.";
type = types.path;
default = cfg.databasePath;
defaultText = literalExpression "config.${opt.databasePath}";
};
compression = mkOption {
@ -177,6 +179,7 @@ let
description = "Enable automatic purging of older ledger information.";
type = types.nullOr (types.addCheck types.int (v: v > 256));
default = cfg.ledgerHistory;
defaultText = literalExpression "config.${opt.ledgerHistory}";
};
advisoryDelete = mkOption {
@ -398,6 +401,7 @@ in
config = mkOption {
internal = true;
default = pkgs.writeText "rippled.conf" rippledCfg;
defaultText = literalDocBook "generated config file";
};
};
};

4
nixos/modules/services/misc/sickbeard.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -7,6 +7,7 @@ let
name = "sickbeard";
cfg = config.services.sickbeard;
opt = options.services.sickbeard;
sickbeard = cfg.package;
in
@ -39,6 +40,7 @@ in
configFile = mkOption {
type = types.path;
default = "${cfg.dataDir}/config.ini";
defaultText = literalExpression ''"''${config.${opt.dataDir}}/config.ini"'';
description = "Path to config file.";
};
port = mkOption {

6
nixos/modules/services/misc/sourcehut/builds.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
scfg = cfg.builds;
rcfg = config.services.redis;
iniKey = "builds.sr.ht";
@ -38,6 +39,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/buildsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/buildsrht"'';
description = ''
State path for builds.sr.ht.
'';
@ -61,7 +63,7 @@ in
rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
ref = "nixos-unstable";
};
image_from_nixpkgs = pkgs_unstable: (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
image_from_nixpkgs = pkgs_unstable: (import ("''${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
pkgs = (import pkgs_unstable {});
});
in

4
nixos/modules/services/misc/sourcehut/dispatch.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.dispatch;
iniKey = "dispatch.sr.ht";
@ -38,6 +39,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/dispatchsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/dispatchsrht"'';
description = ''
State path for dispatch.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/git.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
scfg = cfg.git;
iniKey = "git.sr.ht";
@ -41,6 +42,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/gitsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/gitsrht"'';
description = ''
State path for git.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/hg.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
scfg = cfg.hg;
iniKey = "hg.sr.ht";
@ -40,6 +41,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/hgsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/hgsrht"'';
description = ''
State path for hg.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/hub.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.hub;
iniKey = "hub.sr.ht";
@ -38,6 +39,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/hubsrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/hubsrht"'';
description = ''
State path for hub.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/lists.nix
View file

@ -1,11 +1,12 @@
# Email setup is fairly involved, useful references:
# https://drewdevault.com/2018/08/05/Local-mail-server.html
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.lists;
iniKey = "lists.sr.ht";
@ -42,6 +43,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/listssrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/listssrht"'';
description = ''
State path for lists.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/man.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.man;
iniKey = "man.sr.ht";
@ -38,6 +39,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/mansrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/mansrht"'';
description = ''
State path for man.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/meta.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.meta;
iniKey = "meta.sr.ht";
@ -39,6 +40,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/metasrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/metasrht"'';
description = ''
State path for meta.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/paste.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.paste;
iniKey = "paste.sr.ht";
@ -39,6 +40,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/pastesrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/pastesrht"'';
description = ''
State path for pastesrht.sr.ht.
'';

4
nixos/modules/services/misc/sourcehut/todo.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.sourcehut;
opt = options.services.sourcehut;
cfgIni = cfg.settings;
scfg = cfg.todo;
iniKey = "todo.sr.ht";
@ -39,6 +40,7 @@ in
statePath = mkOption {
type = types.path;
default = "${cfg.statePath}/todosrht";
defaultText = literalExpression ''"''${config.${opt.statePath}}/todosrht"'';
description = ''
State path for todo.sr.ht.
'';

9
nixos/modules/services/misc/subsonic.nix
View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let cfg = config.services.subsonic; in {
let
cfg = config.services.subsonic;
opt = options.services.subsonic;
in {
options = {
services.subsonic = {
enable = mkEnableOption "Subsonic daemon";
@ -97,7 +100,7 @@ let cfg = config.services.subsonic; in {
description = ''
List of paths to transcoder executables that should be accessible
from Subsonic. Symlinks will be created to each executable inside
${cfg.home}/transcoders.
''${config.${opt.home}}/transcoders.
'';
};
};

2
nixos/modules/services/misc/zoneminder.nix
View file

@ -171,7 +171,7 @@ in {
example = "/storage/tank";
description = ''
ZoneMinder can generate quite a lot of data, so in case you don't want
to use the default ${home}, you can override the path here.
to use the default ${defaultDir}, you can override the path here.
'';
};

1
nixos/modules/services/monitoring/grafana.nix
View file

@ -404,6 +404,7 @@ in {
path = mkOption {
description = "Database path.";
default = "${cfg.dataDir}/data/grafana.db";
defaultText = literalExpression ''"''${config.${opt.dataDir}}/data/grafana.db"'';
type = types.path;
};

12
nixos/modules/services/monitoring/graphite.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.graphite;
opt = options.services.graphite;
writeTextOrNull = f: t: mapNullable (pkgs.writeTextDir f) t;
dataDir = cfg.dataDir;
@ -171,6 +172,13 @@ in {
directories:
- ${dataDir}/whisper
'';
defaultText = literalExpression ''
'''
whisper:
directories:
- ''${config.${opt.dataDir}}/whisper
'''
'';
example = ''
allowed_origins:
- dashboard.example.com
@ -312,12 +320,14 @@ in {
seyrenUrl = mkOption {
default = "http://localhost:${toString cfg.seyren.port}/";
defaultText = literalExpression ''"http://localhost:''${toString config.${opt.seyren.port}}/"'';
description = "Host where seyren is accessible.";
type = types.str;
};
graphiteUrl = mkOption {
default = "http://${cfg.web.listenAddress}:${toString cfg.web.port}";
defaultText = literalExpression ''"http://''${config.${opt.web.listenAddress}}:''${toString config.${opt.web.port}}"'';
description = "Host where graphite service runs.";
type = types.str;
};

6
nixos/modules/services/monitoring/parsedmarc.nix
View file

@ -1,7 +1,8 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
cfg = config.services.parsedmarc;
opt = options.services.parsedmarc;
ini = pkgs.formats.ini {};
in
{
@ -80,6 +81,9 @@ in
datasource = lib.mkOption {
type = lib.types.bool;
default = cfg.provision.elasticsearch && config.services.grafana.enable;
defaultText = lib.literalExpression ''
config.${opt.provision.elasticsearch} && config.${options.services.grafana.enable}
'';
apply = x: x && cfg.provision.elasticsearch;
description = ''
Whether the automatically provisioned Elasticsearch

4
nixos/modules/services/monitoring/smartd.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -8,6 +8,7 @@ let
+ optionalString (config.networking.domain != null) ".${config.networking.domain}";
cfg = config.services.smartd;
opt = options.services.smartd;
nm = cfg.notifications.mail;
nw = cfg.notifications.wall;
@ -211,6 +212,7 @@ in
autodetected = mkOption {
default = cfg.defaults.monitored;
defaultText = literalExpression "config.${opt.defaults.monitored}";
type = types.separatedString " ";
description = ''
Like <option>services.smartd.defaults.monitored</option>, but for the

3
nixos/modules/services/monitoring/thanos.nix
View file

@ -83,6 +83,9 @@ let
mkArgumentsOption = cmd: mkOption {
type = types.listOf types.str;
default = argumentsOf cmd;
defaultText = literalDocBook ''
calculated from <literal>config.services.thanos.${cmd}</literal>
'';
description = ''
Arguments to the <literal>thanos ${cmd}</literal> command.

10
nixos/modules/services/monitoring/uptime.nix
View file

@ -1,8 +1,9 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
let
inherit (lib) mkOption mkEnableOption mkIf mkMerge types optional;
inherit (lib) literalExpression mkOption mkEnableOption mkIf mkMerge types optional;
cfg = config.services.uptime;
opt = options.services.uptime;
configDir = pkgs.runCommand "config" { preferLocalBuild = true; }
(if cfg.configFile != null then ''
@ -52,7 +53,10 @@ in {
enableWebService = mkEnableOption "the uptime monitoring program web service";
enableSeparateMonitoringService = mkEnableOption "the uptime monitoring service" // { default = cfg.enableWebService; };
enableSeparateMonitoringService = mkEnableOption "the uptime monitoring service" // {
default = cfg.enableWebService;
defaultText = literalExpression "config.${opt.enableWebService}";
};
nodeEnv = mkOption {
description = "The node environment to run in (development, production, etc.)";

8
nixos/modules/services/monitoring/zabbix-proxy.nix
View file

@ -1,7 +1,8 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
cfg = config.services.zabbixProxy;
opt = options.services.zabbixProxy;
pgsql = config.services.postgresql;
mysql = config.services.mysql;
@ -103,6 +104,11 @@ in
port = mkOption {
type = types.int;
default = if cfg.database.type == "mysql" then mysql.port else pgsql.port;
defaultText = literalExpression ''
if config.${opt.database.type} == "mysql"
then config.${options.services.mysql.port}
else config.${options.services.postgresql.port}
'';
description = "Database host port.";
};

8
nixos/modules/services/monitoring/zabbix-server.nix
View file

@ -1,7 +1,8 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
cfg = config.services.zabbixServer;
opt = options.services.zabbixServer;
pgsql = config.services.postgresql;
mysql = config.services.mysql;
@ -95,6 +96,11 @@ in
port = mkOption {
type = types.int;
default = if cfg.database.type == "mysql" then mysql.port else pgsql.port;
defaultText = literalExpression ''
if config.${opt.database.type} == "mysql"
then config.${options.services.mysql.port}
else config.${options.services.postgresql.port}
'';
description = "Database host port.";
};

6
nixos/modules/services/networking/amuled.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.amule;
opt = options.services.amule;
user = if cfg.user != null then cfg.user else "amule";
in
@ -26,6 +27,9 @@ in
dataDir = mkOption {
type = types.str;
default = "/home/${user}/";
defaultText = literalExpression ''
"/home/''${config.${opt.user}}/"
'';
description = ''
The directory holding configuration, incoming and temporary files.
'';

6
nixos/modules/services/networking/ergo.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
cfg = config.services.ergo;
opt = options.services.ergo;
inherit (lib) mkEnableOption mkIf mkOption optionalString types;
inherit (lib) literalExpression mkEnableOption mkIf mkOption optionalString types;
configFile = pkgs.writeText "ergo.conf" (''
ergo {
@ -92,6 +93,7 @@ in {
group = mkOption {
type = types.str;
default = cfg.user;
defaultText = literalExpression "config.${opt.user}";
description = "The group as which to run the Ergo node.";
};

1
nixos/modules/services/networking/firewall.nix
View file

@ -421,6 +421,7 @@ in
checkReversePath = mkOption {
type = types.either types.bool (types.enum ["strict" "loose"]);
default = kernelHasRPFilter;
defaultText = literalDocBook "<literal>true</literal> if supported by the chosen kernel";
example = "loose";
description =
''

2
nixos/modules/services/networking/jibri/default.nix
View file

@ -132,7 +132,7 @@ in
pkgs.writeScript "finalize_recording.sh" ''''''
#!/bin/sh
RECORDINGS_DIR=$1
${pkgs.rclone}/bin/rclone copy $RECORDINGS_DIR RCLONE_REMOTE:jibri-recordings/ -v --log-file=/var/log/jitsi/jibri/recording-upload.txt
''${pkgs.rclone}/bin/rclone copy $RECORDINGS_DIR RCLONE_REMOTE:jibri-recordings/ -v --log-file=/var/log/jitsi/jibri/recording-upload.txt
exit 0
'''''';
'';

7
nixos/modules/services/networking/ntopng.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.ntopng;
opt = options.services.ntopng;
redisCfg = config.services.redis;
configFile = if cfg.configText != "" then
@ -35,8 +36,8 @@ in
collection tool.
With the default configuration, ntopng monitors all network
interfaces and displays its findings at http://localhost:${toString
cfg.http-port}. Default username and password is admin/admin.
interfaces and displays its findings at http://localhost:''${toString
config.${opt.http-port}}. Default username and password is admin/admin.
See the ntopng(8) manual page and http://www.ntop.org/products/ntop/
for more info.

6
nixos/modules/services/networking/quassel.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.quassel;
opt = options.services.quassel;
quassel = cfg.package;
user = if cfg.user != null then cfg.user else "quassel";
in
@ -63,6 +64,9 @@ in
dataDir = mkOption {
default = "/home/${user}/.config/quassel-irc.org";
defaultText = literalExpression ''
"/home/''${config.${opt.user}}/.config/quassel-irc.org"
'';
type = types.str;
description = ''
The directory holding configuration files, the SQlite database and the SSL Cert.

4
nixos/modules/services/networking/quorum.nix
View file

@ -1,9 +1,10 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption literalExpression types optionalString;
cfg = config.services.quorum;
opt = options.services.quorum;
dataDir = "/var/lib/quorum";
genesisFile = pkgs.writeText "genesis.json" (builtins.toJSON cfg.genesis);
staticNodesFile = pkgs.writeText "static-nodes.json" (builtins.toJSON cfg.staticNodes);
@ -23,6 +24,7 @@ in {
group = mkOption {
type = types.str;
default = cfg.user;
defaultText = literalExpression "config.${opt.user}";
description = "The group as which to run quorum.";
};

24
nixos/modules/services/networking/syncthing.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.syncthing;
opt = options.services.syncthing;
defaultUser = "syncthing";
defaultGroup = defaultUser;
@ -431,7 +432,26 @@ in {
The path where the settings and keys will exist.
'';
default = cfg.dataDir + optionalString cond "/.config/syncthing";
defaultText = literalExpression "dataDir${optionalString cond " + \"/.config/syncthing\""}";
defaultText = literalDocBook ''
<variablelist>
<varlistentry>
<term><literal>stateVersion >= 19.03</literal></term>
<listitem>
<programlisting>
config.${opt.dataDir} + "/.config/syncthing"
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>otherwise</term>
<listitem>
<programlisting>
config.${opt.dataDir}
</programlisting>
</listitem>
</varlistentry>
</variablelist>
'';
};
extraFlags = mkOption {

11
nixos/modules/services/networking/unifi.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, utils, ... }:
{ config, options, lib, pkgs, utils, ... }:
with lib;
let
cfg = config.services.unifi;
@ -50,7 +50,7 @@ in
'';
};
services.unifi.openPorts = mkOption {
services.unifi.openFirewall = mkOption {
type = types.bool;
default = true;
description = ''
@ -86,6 +86,10 @@ in
config = mkIf cfg.enable {
warnings = optional
(options.services.unifi.openFirewall.highestPrio >= (mkOptionDefault null).priority)
"The current services.unifi.openFirewall = true default is deprecated and will change to false in 22.11. Set it explicitly to silence this warning.";
users.users.unifi = {
isSystemUser = true;
group = "unifi";
@ -94,7 +98,7 @@ in
};
users.groups.unifi = {};
networking.firewall = mkIf cfg.openPorts {
networking.firewall = mkIf cfg.openFirewall {
# https://help.ubnt.com/hc/en-us/articles/218506997
allowedTCPPorts = [
8080 # Port for UAP to inform controller.
@ -192,6 +196,7 @@ in
};
imports = [
(mkRemovedOptionModule [ "services" "unifi" "dataDir" ] "You should move contents of dataDir to /var/lib/unifi/data" )
(mkRenamedOptionModule [ "services" "unifi" "openPorts" ] [ "services" "unifi" "openFirewall" ])
];
meta.maintainers = with lib.maintainers; [ erictapen pennae ];

6
nixos/modules/services/networking/wasabibackend.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
let
cfg = config.services.wasabibackend;
opt = options.services.wasabibackend;
inherit (lib) mkEnableOption mkIf mkOption optionalAttrs optionalString types;
inherit (lib) literalExpression mkEnableOption mkIf mkOption optionalAttrs optionalString types;
confOptions = {
BitcoinRpcConnectionString = "${cfg.rpc.user}:${cfg.rpc.password}";
@ -103,6 +104,7 @@ in {
group = mkOption {
type = types.str;
default = cfg.user;
defaultText = literalExpression "config.${opt.user}";
description = "The group as which to run the wasabibackend node.";
};
};

4
nixos/modules/services/networking/wireguard.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.networking.wireguard;
opt = options.networking.wireguard;
kernel = config.boot.kernelPackages;
@ -438,6 +439,7 @@ in
type = types.bool;
# 2019-05-25: Backwards compatibility.
default = cfg.interfaces != {};
defaultText = literalExpression "config.${opt.interfaces} != { }";
example = true;
};

4
nixos/modules/services/networking/wpa_supplicant.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, options, pkgs, utils, ... }:
with lib;
@ -8,6 +8,7 @@ let
else pkgs.wpa_supplicant;
cfg = config.networking.wireless;
opt = options.networking.wireless;
# Content of wpa_supplicant.conf
generatedConfig = concatStringsSep "\n" (
@ -421,6 +422,7 @@ in {
dbusControlled = mkOption {
type = types.bool;
default = lib.length cfg.interfaces < 2;
defaultText = literalExpression "length config.${opt.interfaces} < 2";
description = ''
Whether to enable the DBus control interface.
This is only needed when using NetworkManager or connman.

6
nixos/modules/services/search/kibana.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.kibana;
opt = options.services.kibana;
ge7 = builtins.compareVersions cfg.package.version "7" >= 0;
lt6_6 = builtins.compareVersions cfg.package.version "6.6" < 0;
@ -130,6 +131,9 @@ in {
This defaults to the singleton list [ca] when the <option>ca</option> option is defined.
'';
default = if cfg.elasticsearch.ca == null then [] else [ca];
defaultText = literalExpression ''
if config.${opt.elasticsearch.ca} == null then [ ] else [ ca ]
'';
type = types.listOf types.path;
};

6
nixos/modules/services/security/privacyidea.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.privacyidea;
opt = options.services.privacyidea;
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; };
python = uwsgi.python3;
@ -112,6 +113,7 @@ in
encFile = mkOption {
type = types.str;
default = "${cfg.stateDir}/enckey";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/enckey"'';
description = ''
This is used to encrypt the token data and token passwords
'';
@ -120,6 +122,7 @@ in
auditKeyPrivate = mkOption {
type = types.str;
default = "${cfg.stateDir}/private.pem";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/private.pem"'';
description = ''
Private Key for signing the audit log.
'';
@ -128,6 +131,7 @@ in
auditKeyPublic = mkOption {
type = types.str;
default = "${cfg.stateDir}/public.pem";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/public.pem"'';
description = ''
Public key for checking signatures of the audit log.
'';

8
nixos/modules/services/security/tor.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.services.tor;
opt = options.services.tor;
stateDir = "/var/lib/tor";
runDir = "/run/tor";
descriptionGeneric = option: ''
@ -799,6 +800,11 @@ in
options.SOCKSPort = mkOption {
description = descriptionGeneric "SOCKSPort";
default = if cfg.settings.HiddenServiceNonAnonymousMode == true then [{port = 0;}] else [];
defaultText = literalExpression ''
if config.${opt.settings}.HiddenServiceNonAnonymousMode == true
then [ { port = 0; } ]
else [ ]
'';
example = [{port = 9090;}];
type = types.listOf (optionSOCKSPort true);
};

8
nixos/modules/services/security/vault.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.vault;
opt = options.services.vault;
configFile = pkgs.writeText "vault.hcl" ''
listener "tcp" {
@ -83,6 +84,11 @@ in
storagePath = mkOption {
type = types.nullOr types.path;
default = if cfg.storageBackend == "file" then "/var/lib/vault" else null;
defaultText = literalExpression ''
if config.${opt.storageBackend} == "file"
then "/var/lib/vault"
else null
'';
description = "Data directory for file backend";
};

4
nixos/modules/services/torrent/peerflix.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.peerflix;
opt = options.services.peerflix;
configFile = pkgs.writeText "peerflix-config.json" ''
{
@ -32,6 +33,7 @@ in {
downloadDir = mkOption {
description = "Peerflix temporary download directory.";
default = "${cfg.stateDir}/torrents";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/torrents"'';
type = types.path;
};
};

4
nixos/modules/services/torrent/rtorrent.nix
View file

@ -1,10 +1,11 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.services.rtorrent;
opt = options.services.rtorrent;
in {
options.services.rtorrent = {
@ -21,6 +22,7 @@ in {
downloadDir = mkOption {
type = types.str;
default = "${cfg.dataDir}/download";
defaultText = literalExpression ''"''${config.${opt.dataDir}}/download"'';
description = ''
Where to put downloaded files.
'';

4
nixos/modules/services/torrent/transmission.nix
View file

@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.transmission;
opt = options.services.transmission;
inherit (config.environment) etc;
apparmor = config.security.apparmor;
rootDir = "/run/transmission";
@ -47,11 +48,13 @@ in
options.download-dir = mkOption {
type = types.path;
default = "${cfg.home}/${downloadsDir}";
defaultText = literalExpression ''"''${config.${opt.home}}/${downloadsDir}"'';
description = "Directory where to download torrents.";
};
options.incomplete-dir = mkOption {
type = types.path;
default = "${cfg.home}/${incompleteDir}";
defaultText = literalExpression ''"''${config.${opt.home}}/${incompleteDir}"'';
description = ''
When enabled with
services.transmission.home
@ -147,6 +150,7 @@ in
options.watch-dir = mkOption {
type = types.path;
default = "${cfg.home}/${watchDir}";
defaultText = literalExpression ''"''${config.${opt.home}}/${watchDir}"'';
description = "Watch a directory for torrent files and add them to transmission.";
};
options.watch-dir-enabled = mkOption {

8
nixos/modules/services/video/epgstation/default.nix
View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.epgstation;
opt = options.services.epgstation;
username = config.users.users.epgstation.name;
groupname = config.users.users.epgstation.group;
@ -72,6 +73,7 @@ in
socketioPort = mkOption {
type = types.port;
default = cfg.port + 1;
defaultText = literalExpression "config.${opt.port} + 1";
description = ''
Socket.io port for EPGStation to listen on.
'';
@ -80,6 +82,7 @@ in
clientSocketioPort = mkOption {
type = types.port;
default = cfg.socketioPort;
defaultText = literalExpression "config.${opt.socketioPort}";
description = ''
Socket.io port that the web client is going to connect to. This may be
different from <option>socketioPort</option> if EPGStation is hidden
@ -183,6 +186,9 @@ in
in {
type = types.str;
default = "http+unix://${replaceStrings ["/"] ["%2F"] sockPath}";
defaultText = literalExpression ''
"http+unix://''${replaceStrings ["/"] ["%2F"] config.${options.services.mirakurun.unixSocket}}"
'';
example = "http://localhost:40772";
description = "URL to connect to Mirakurun.";
});

4
nixos/modules/services/video/unifi-video.nix
View file

@ -1,7 +1,8 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, options, pkgs, utils, ... }:
with lib;
let
cfg = config.services.unifi-video;
opt = options.services.unifi-video;
mainClass = "com.ubnt.airvision.Main";
cmd = ''
${pkgs.jsvc}/bin/jsvc \
@ -164,6 +165,7 @@ in
pidFile = mkOption {
type = types.path;
default = "${cfg.dataDir}/unifi-video.pid";
defaultText = literalExpression ''"''${config.${opt.dataDir}}/unifi-video.pid"'';
description = "Location of unifi-video pid file.";
};

3
nixos/modules/services/web-apps/discourse.nix
View file

@ -4,6 +4,7 @@ let
json = pkgs.formats.json {};
cfg = config.services.discourse;
opt = options.services.discourse;
# Keep in sync with https://github.com/discourse/discourse_docker/blob/master/image/base/Dockerfile#L5
upstreamPostgresqlVersion = lib.getVersion pkgs.postgresql_13;
@ -327,6 +328,7 @@ in
useSSL = lib.mkOption {
type = lib.types.bool;
default = cfg.redis.host != "localhost";
defaultText = lib.literalExpression ''config.${opt.redis.host} != "localhost"'';
description = ''
Connect to Redis with SSL.
'';
@ -399,6 +401,7 @@ in
domain = lib.mkOption {
type = lib.types.str;
default = cfg.hostname;
defaultText = lib.literalExpression "config.${opt.hostname}";
description = ''
HELO domain to use for outgoing mail.
'';

6
nixos/modules/services/web-apps/galene.nix
View file

@ -1,8 +1,9 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.galene;
opt = options.services.galene;
defaultstateDir = "/var/lib/galene";
defaultrecordingsDir = "${cfg.stateDir}/recordings";
defaultgroupsDir = "${cfg.stateDir}/groups";
@ -88,6 +89,7 @@ in
recordingsDir = mkOption {
type = types.str;
default = defaultrecordingsDir;
defaultText = literalExpression ''"''${config.${opt.stateDir}}/recordings"'';
example = "/var/lib/galene/recordings";
description = "Recordings directory.";
};
@ -95,6 +97,7 @@ in
dataDir = mkOption {
type = types.str;
default = defaultdataDir;
defaultText = literalExpression ''"''${config.${opt.stateDir}}/data"'';
example = "/var/lib/galene/data";
description = "Data directory.";
};
@ -102,6 +105,7 @@ in
groupsDir = mkOption {
type = types.str;
default = defaultgroupsDir;
defaultText = literalExpression ''"''${config.${opt.stateDir}}/groups"'';
example = "/var/lib/galene/groups";
description = "Web server directory.";
};

2
nixos/modules/services/web-apps/hedgedoc.nix
View file

@ -33,7 +33,7 @@ in
type = types.listOf types.str;
default = [];
description = ''
Groups to which the user ${name} should be added.
Groups to which the service user should be added.
'';
};

1
nixos/modules/services/web-apps/invidious.nix
View file

@ -225,6 +225,7 @@ in
port = lib.mkOption {
type = types.port;
default = options.services.postgresql.port.default;
defaultText = lib.literalExpression "options.services.postgresql.port.default";
description = ''
The port of the database Invidious should use.

5
nixos/modules/services/web-apps/keycloak.nix
View file

@ -1,7 +1,8 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
let
cfg = config.services.keycloak;
opt = options.services.keycloak;
in
{
options.services.keycloak = {
@ -139,6 +140,7 @@ in
lib.mkOption {
type = lib.types.port;
default = dbPorts.${cfg.database.type};
defaultText = lib.literalDocBook "default port of selected database";
description = ''
Port of the database to connect to.
'';
@ -147,6 +149,7 @@ in
useSSL = lib.mkOption {
type = lib.types.bool;
default = cfg.database.host != "localhost";
defaultText = lib.literalExpression ''config.${opt.database.host} != "localhost"'';
description = ''
Whether the database connection should be secured by SSL /
TLS.

14
nixos/modules/services/web-apps/matomo.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.matomo;
@ -12,10 +12,7 @@ let
phpExecutionUnit = "phpfpm-${pool}";
databaseService = "mysql.service";
fqdn =
let
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
fqdn = if config.networking.domain != null then config.networking.fqdn else config.networking.hostName;
in {
imports = [
@ -81,9 +78,14 @@ in {
hostname = mkOption {
type = types.str;
default = "${user}.${fqdn}";
defaultText = literalExpression ''
if config.${options.networking.domain} != null
then "${user}.''${config.${options.networking.fqdn}}"
else "${user}.''${config.${options.networking.hostName}}"
'';
example = "matomo.yourdomain.org";
description = ''
URL of the host, without https prefix. By default, this is ${user}.${fqdn}, but you may want to change it if you
URL of the host, without https prefix. You may want to change it if you
run Matomo on a different URL than matomo.yourdomain.
'';
};

Some files were not shown because too many files have changed in this diff Show more