diff options
-rw-r--r-- | nixos/modules/security/lock-kernel-modules.nix | 11 | ||||
-rw-r--r-- | nixos/modules/security/sudo.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/backup/restic.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/games/factorio.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/games/freeciv.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/glusterfs.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/ddclient.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/i2pd.nix | 53 | ||||
-rw-r--r-- | nixos/modules/services/networking/prosody.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/vsftpd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/tor.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/dex.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/mastodon.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nifi.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/peertube.nix | 4 | ||||
-rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 2 |
17 files changed, 45 insertions, 65 deletions
diff --git a/nixos/modules/security/lock-kernel-modules.nix b/nixos/modules/security/lock-kernel-modules.nix index 674ba857818..333b6480142 100644 --- a/nixos/modules/security/lock-kernel-modules.nix +++ b/nixos/modules/security/lock-kernel-modules.nix @@ -22,12 +22,11 @@ with lib; config = mkIf config.security.lockKernelModules { boot.kernelModules = concatMap (x: - if x.device != null - then - if x.fsType == "vfat" - then [ "vfat" "nls-cp437" "nls-iso8859-1" ] - else [ x.fsType ] - else []) config.system.build.fileSystems; + optionals (x.device != null) ( + if x.fsType == "vfat" + then [ "vfat" "nls-cp437" "nls-iso8859-1" ] + else [ x.fsType ]) + ) config.system.build.fileSystems; systemd.services.disable-kernel-module-loading = { description = "Disable kernel module loading"; diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 296b61fd703..9ac91bd0d36 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -216,10 +216,10 @@ in ${concatStringsSep "\n" ( lists.flatten ( map ( - rule: if (length rule.commands != 0) then [ + rule: optionals (length rule.commands != 0) [ (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) - ] else [] + ] ) cfg.extraRules ) )} diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 3a951f7cbc8..1620770e5b5 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -298,7 +298,7 @@ in let extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; resticCmd = "${backup.package}/bin/restic${extraOptions}"; - excludeFlags = if (backup.exclude != []) then ["--exclude-file=${pkgs.writeText "exclude-patterns" (concatStringsSep "\n" backup.exclude)}"] else []; + excludeFlags = optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (concatStringsSep "\n" backup.exclude)}"; filesFromTmpFile = "/run/restic-backups-${name}/includes"; backupPaths = if (backup.dynamicFilesFrom == null) diff --git a/nixos/modules/services/games/factorio.nix b/nixos/modules/services/games/factorio.nix index 9b15cac149d..b349ffa2375 100644 --- a/nixos/modules/services/games/factorio.nix +++ b/nixos/modules/services/games/factorio.nix @@ -294,6 +294,6 @@ in }; }; - networking.firewall.allowedUDPPorts = if cfg.openFirewall then [ cfg.port ] else []; + networking.firewall.allowedUDPPorts = optional cfg.openFirewall cfg.port; }; } diff --git a/nixos/modules/services/games/freeciv.nix b/nixos/modules/services/games/freeciv.nix index f33ea5c08a2..bba27ae4cb5 100644 --- a/nixos/modules/services/games/freeciv.nix +++ b/nixos/modules/services/games/freeciv.nix @@ -16,7 +16,7 @@ let generate = name: value: let mkParam = k: v: if v == null then [] - else if isBool v then if v then [("--"+k)] else [] + else if isBool v then optional v ("--"+k) else [("--"+k) v]; mkParams = k: v: map (mkParam k) (if isList v then v else [v]); in escapeShellArgs (concatLists (concatLists (mapAttrsToList mkParams value))); diff --git a/nixos/modules/services/network-filesystems/glusterfs.nix b/nixos/modules/services/network-filesystems/glusterfs.nix index 5c3e197b687..ee03bada492 100644 --- a/nixos/modules/services/network-filesystems/glusterfs.nix +++ b/nixos/modules/services/network-filesystems/glusterfs.nix @@ -15,11 +15,11 @@ let rm -f /var/lib/glusterd/secure-access ''; - restartTriggers = if (cfg.tlsSettings != null) then [ + restartTriggers = optionals (cfg.tlsSettings != null) [ config.environment.etc."ssl/glusterfs.pem".source config.environment.etc."ssl/glusterfs.key".source config.environment.etc."ssl/glusterfs.ca".source - ] else []; + ]; cfg = config.services.glusterfs; diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 6b21ea5b524..4985a2dd4b2 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -48,7 +48,7 @@ with lib; (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] (config: let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; - in if value != "" then [ value ] else [])) + in optional (value != "") value)) (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") (mkRemovedOptionModule [ "services" "ddclient" "ipv6" ] "") diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index 3f6cb97296b..c940324ad09 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -169,15 +169,15 @@ let (boolOpt "enabled" proto.enable) (strOpt "address" proto.address) (intOpt "port" proto.port) - ] ++ (if proto ? keys then optionalNullString "keys" proto.keys else []) - ++ (if proto ? auth then optionalNullBool "auth" proto.auth else []) - ++ (if proto ? user then optionalNullString "user" proto.user else []) - ++ (if proto ? pass then optionalNullString "pass" proto.pass else []) - ++ (if proto ? strictHeaders then optionalNullBool "strictheaders" proto.strictHeaders else []) - ++ (if proto ? hostname then optionalNullString "hostname" proto.hostname else []) - ++ (if proto ? outproxy then optionalNullString "outproxy" proto.outproxy else []) - ++ (if proto ? outproxyPort then optionalNullInt "outproxyport" proto.outproxyPort else []) - ++ (if proto ? outproxyEnable then optionalNullBool "outproxy.enabled" proto.outproxyEnable else []); + ] ++ (optionals (proto ? keys) (optionalNullString "keys" proto.keys)) + ++ (optionals (proto ? auth) (optionalNullBool "auth" proto.auth)) + ++ (optionals (proto ? user) (optionalNullString "user" proto.user)) + ++ (optionals (proto ? pass) (optionalNullString "pass" proto.pass)) + ++ (optionals (proto ? strictHeaders) (optionalNullBool "strictheaders" proto.strictHeaders)) + ++ (optionals (proto ? hostname) (optionalNullString "hostname" proto.hostname)) + ++ (optionals (proto ? outproxy) (optionalNullString "outproxy" proto.outproxy)) + ++ (optionals (proto ? outproxyPort) (optionalNullInt "outproxyport" proto.outproxyPort)) + ++ (optionals (proto ? outproxyEnable) (optionalNullBool "outproxy.enabled" proto.outproxyEnable)); in (concatStringsSep "\n" protoOpts) )); in @@ -192,21 +192,14 @@ let "type = client" (intOpt "port" tun.port) (strOpt "destination" tun.destination) - ] ++ (if tun ? destinationPort then optionalNullInt "destinationport" tun.destinationPort else []) - ++ (if tun ? keys then - optionalNullString "keys" tun.keys else []) - ++ (if tun ? address then - optionalNullString "address" tun.address else []) - ++ (if tun ? inbound.length then - optionalNullInt "inbound.length" tun.inbound.length else []) - ++ (if tun ? inbound.quantity then - optionalNullInt "inbound.quantity" tun.inbound.quantity else []) - ++ (if tun ? outbound.length then - optionalNullInt "outbound.length" tun.outbound.length else []) - ++ (if tun ? outbound.quantity then - optionalNullInt "outbound.quantity" tun.outbound.quantity else []) - ++ (if tun ? crypto.tagsToSend then - optionalNullInt "crypto.tagstosend" tun.crypto.tagsToSend else []); + ] ++ (optionals (tun ? destinationPort) (optionalNullInt "destinationport" tun.destinationPort)) + ++ (optionals (tun ? keys) (optionalNullString "keys" tun.keys)) + ++ (optionals (tun ? address) (optionalNullString "address" tun.address)) + ++ (optionals (tun ? inbound.length) (optionalNullInt "inbound.length" tun.inbound.length)) + ++ (optionals (tun ? inbound.quantity) (optionalNullInt "inbound.quantity" tun.inbound.quantity)) + ++ (optionals (tun ? outbound.length) (optionalNullInt "outbound.length" tun.outbound.length)) + ++ (optionals (tun ? outbound.quantity) (optionalNullInt "outbound.quantity" tun.outbound.quantity)) + ++ (optionals (tun ? crypto.tagsToSend) (optionalNullInt "crypto.tagstosend" tun.crypto.tagsToSend)); in concatStringsSep "\n" outTunOpts)) (flip map (collect (tun: tun ? port && tun ? address) cfg.inTunnels) @@ -215,14 +208,10 @@ let "type = server" (intOpt "port" tun.port) (strOpt "host" tun.address) - ] ++ (if tun ? destination then - optionalNullString "destination" tun.destination else []) - ++ (if tun ? keys then - optionalNullString "keys" tun.keys else []) - ++ (if tun ? inPort then - optionalNullInt "inport" tun.inPort else []) - ++ (if tun ? accessList then - optionalEmptyList "accesslist" tun.accessList else []); + ] ++ (optionals (tun ? destination) (optionalNullString "destination" tun.destination)) + ++ (optionals (tun ? keys) (optionalNullString "keys" tun.keys)) + ++ (optionals (tun ? inPort) (optionalNullInt "inport" tun.inPort)) + ++ (optionals (tun ? accessList) (optionalEmptyList "accesslist" tun.accessList)); in concatStringsSep "\n" inTunOpts))]; in pkgs.writeText "i2pd-tunnels.conf" opts; diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 9f68853f9fa..0066c77438f 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -757,9 +757,8 @@ in environment.etc."prosody/prosody.cfg.lua".text = let - httpDiscoItems = if (cfg.uploadHttp != null) - then [{ url = cfg.uploadHttp.domain; description = "HTTP upload endpoint";}] - else []; + httpDiscoItems = optionals (cfg.uploadHttp != null) + [{ url = cfg.uploadHttp.domain; description = "HTTP upload endpoint";}]; mucDiscoItems = builtins.foldl' (acc: muc: [{ url = muc.domain; description = "${muc.domain} MUC endpoint";}] ++ acc) [] diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 59980a4cef9..fb9774bafde 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -528,7 +528,7 @@ in }; - networking.firewall.allowedTCPPorts = if cfg.openFirewall then cfg.ports else []; + networking.firewall.allowedTCPPorts = optionals cfg.openFirewall cfg.ports; security.pam.services.sshd = { startSession = true; diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix index b1f0f740324..318ceb4e509 100644 --- a/nixos/modules/services/networking/vsftpd.nix +++ b/nixos/modules/services/networking/vsftpd.nix @@ -305,7 +305,7 @@ in # If you really have to access root via FTP use mkOverride or userlistDeny # = false and whitelist root - services.vsftpd.userlist = if cfg.userlistDeny then ["root"] else []; + services.vsftpd.userlist = optional cfg.userlistDeny "root"; systemd = { tmpfiles.rules = optional cfg.anonymousUser diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 2aa2964f881..9e786eb2bf0 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -769,7 +769,7 @@ in }; options.SOCKSPort = mkOption { description = lib.mdDoc (descriptionGeneric "SOCKSPort"); - default = if cfg.settings.HiddenServiceNonAnonymousMode == true then [{port = 0;}] else []; + default = lib.optionals cfg.settings.HiddenServiceNonAnonymousMode [{port = 0;}]; defaultText = literalExpression '' if config.${opt.settings}.HiddenServiceNonAnonymousMode == true then [ { port = 0; } ] @@ -897,8 +897,7 @@ in allowedTCPPorts = concatMap (o: if isInt o && o > 0 then [o] - else if o ? "port" && isInt o.port && o.port > 0 then [o.port] - else [] + else optionals (o ? "port" && isInt o.port && o.port > 0) [o.port] ) (flatten [ cfg.settings.ORPort cfg.settings.DirPort diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index f69f1749aeb..bd041db007a 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -6,7 +6,7 @@ let cfg = config.services.dex; fixClient = client: if client ? secretFile then ((builtins.removeAttrs client [ "secretFile" ]) // { secret = client.secretFile; }) else client; filteredSettings = mapAttrs (n: v: if n == "staticClients" then (builtins.map fixClient v) else v) cfg.settings; - secretFiles = flatten (builtins.map (c: if c ? secretFile then [ c.secretFile ] else []) (cfg.settings.staticClients or [])); + secretFiles = flatten (builtins.map (c: optional (c ? secretFile) c.secretFile) (cfg.settings.staticClients or [])); settingsFormat = pkgs.formats.yaml {}; configFile = settingsFormat.generate "config.yaml" filteredSettings; diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index 2ad6cd6aae1..2aab97438b7 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -91,9 +91,7 @@ let envFile = pkgs.writeText "mastodon.env" (lib.concatMapStrings (s: s + "\n") ( (lib.concatLists (lib.mapAttrsToList (name: value: - if value != null then [ - "${name}=\"${toString value}\"" - ] else [] + lib.optional (value != null) ''${name}="${toString value}"'' ) env)))); mastodonTootctl = let diff --git a/nixos/modules/services/web-apps/nifi.nix b/nixos/modules/services/web-apps/nifi.nix index f643e24d81d..5ce56107783 100644 --- a/nixos/modules/services/web-apps/nifi.nix +++ b/nixos/modules/services/web-apps/nifi.nix @@ -13,9 +13,7 @@ let envFile = pkgs.writeText "nifi.env" (lib.concatMapStrings (s: s + "\n") ( (lib.concatLists (lib.mapAttrsToList (name: value: - if value != null then [ - "${name}=\"${toString value}\"" - ] else [] + lib.optional (value != null) ''${name}="${toString value}"'' ) env)))); nifiEnv = pkgs.writeShellScriptBin "nifi-env" '' diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix index 4ef2d7dce53..4826b2cab6a 100644 --- a/nixos/modules/services/web-apps/peertube.nix +++ b/nixos/modules/services/web-apps/peertube.nix @@ -52,9 +52,7 @@ let envFile = pkgs.writeText "peertube.env" (lib.concatMapStrings (s: s + "\n") ( (lib.concatLists (lib.mapAttrsToList (name: value: - if value != null then [ - "${name}=\"${toString value}\"" - ] else [] + lib.optional (value != null) ''${name}="${toString value}"'' ) env)))); peertubeEnv = pkgs.writeShellScriptBin "peertube-env" '' diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 71036044a2d..dc3fe163116 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -980,7 +980,7 @@ in ++ luks.cryptoModules # workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged # remove once 'modprobe --show-depends xts' shows ecb as a dependency - ++ (if builtins.elem "xts" luks.cryptoModules then ["ecb"] else []); + ++ (optional (builtins.elem "xts" luks.cryptoModules) "ecb"); # copy the cryptsetup binary and it's dependencies boot.initrd.extraUtilsCommands = let |