diff options
| author | Vladimír Čunát <v@cunat.cz> | 2019-09-02 23:25:24 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2019-09-02 23:25:24 +0200 |
| commit | f21211ebfe21797c6f0444d42ec7cb835c737388 (patch) | |
| tree | 816465981f650242d4b22e0f01b912917e7008f8 /nixos | |
| parent | b291f2a9953d48d6edc5c73776db9ba289ccf213 (diff) | |
| parent | 12ae04518b004adf949a43125954b99c05189e6f (diff) | |
| download | nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.tar nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.tar.gz nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.tar.bz2 nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.tar.lz nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.tar.xz nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.tar.zst nixpkgs-f21211ebfe21797c6f0444d42ec7cb835c737388.zip | |
Merge branch 'master' into staging
Diffstat (limited to 'nixos')
163 files changed, 731 insertions, 748 deletions
diff --git a/nixos/doc/manual/configuration/profiles/clone-config.xml b/nixos/doc/manual/configuration/profiles/clone-config.xml index 21c4ea75d6d..04fa1643d0f 100644 --- a/nixos/doc/manual/configuration/profiles/clone-config.xml +++ b/nixos/doc/manual/configuration/profiles/clone-config.xml @@ -16,6 +16,6 @@ On images where the installation media also becomes an installation target, copying over <literal>configuration.nix</literal> should be disabled by setting <literal>installer.cloneConfig</literal> to <literal>false</literal>. - This is already done in <literal>sd-image.nix</literal>. + For example, this is done in <literal>sd-image-aarch64.nix</literal>. </para> </section> diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 560b3198517..11c13b8d942 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -57,6 +57,64 @@ and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading. </para> </listitem> + <listitem> + <para> + The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages + like games. + <itemizedlist> + <para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para> + <listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem> + </itemizedlist> + With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually + disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications. + <option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option> + in the GNOME 3 module. + </para> + </listitem> + <listitem> + <para> + Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications + to match as close as possible to a default reference GNOME 3 experience. + </para> + + <bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead> + + <itemizedlist> + <title>Applications removed from defaults:</title> + <listitem><para><literal>accerciser</literal></para></listitem> + <listitem><para><literal>dconf-editor</literal></para></listitem> + <listitem><para><literal>evolution</literal></para></listitem> + <listitem><para><literal>gnome-documents</literal></para></listitem> + <listitem><para><literal>gnome-nettool</literal></para></listitem> + <listitem><para><literal>gnome-power-manager</literal></para></listitem> + <listitem><para><literal>gnome-todo</literal></para></listitem> + <listitem><para><literal>gnome-tweaks</literal></para></listitem> + <listitem><para><literal>gnome-usage</literal></para></listitem> + <listitem><para><literal>gucharmap</literal></para></listitem> + <listitem><para><literal>nautilus-sendto</literal></para></listitem> + <listitem><para><literal>vinagre</literal></para></listitem> + </itemizedlist> + <itemizedlist> + <title>Applications added to defaults:</title> + <listitem><para><literal>cheese</literal></para></listitem> + <listitem><para><literal>geary</literal></para></listitem> + </itemizedlist> + + <bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead> + + <itemizedlist> + <title>Applications added to defaults:</title> + <listitem><para><literal>gnome-color-manager</literal></para></listitem> + <listitem><para><literal>orca</literal></para></listitem> + </itemizedlist> + <itemizedlist> + <title>Services enabled:</title> + <listitem><para><option>services.avahi.enable</option></para></listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> @@ -348,6 +406,12 @@ What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>. </para> </listitem> + <listitem> + <para> + <option>services.xserver.desktopManager.xterm</option> is now disabled by default. + It was not useful except for debugging purposes and was confusingly set as default in some circumstances. + </para> + </listitem> </itemizedlist> </section> @@ -547,8 +611,8 @@ </para> </listitem> </itemizedlist> - - This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>. + This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>, + and restricts the SysRq key combinations to the sync command only. These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>, and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link> (which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>). @@ -591,6 +655,51 @@ The defaults from fontconfig are sufficient. </para> </listitem> + <listitem> + <para> + The <literal>crashplan</literal> package and the + <literal>crashplan</literal> service have been removed from nixpkgs due to + crashplan shutting down the service, while the <literal>crashplansb</literal> + package and <literal>crashplan-small-business</literal> service have been + removed from nixpkgs due to lack of maintainer. + </para> + <para> + The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user, + <filename class="directory">/run/redis</filename> as runtime directory and + <filename class="directory">/var/lib/redis</filename> as state directory. + Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP), + because this features causes major performance problems for Redis, + e.g. (https://redis.io/topics/latency). + </para> + </listitem> + <listitem> + <para> + Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>. + <itemizedlist> + <para>Users of the following options will have this enabled by default:</para> + <listitem> + <para><option>services.xserver.enable</option></para> + </listitem> + <listitem> + <para><option>programs.sway.enable</option></para> + </listitem> + <listitem> + <para><option>programs.way-cooler.enable</option></para> + </listitem> + <listitem> + <para><option>services.xrdp.enable</option></para> + </listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + The <literal>altcoins</literal> categorization of packages has + been removed. You now access these packages at the top level, + ie. <literal>nix-shell -p dogecoin</literal> instead of + <literal>nix-shell -p altcoins.dogecoin</literal>, etc. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index fe0b88cf4c2..bcb86f11ead 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -116,7 +116,7 @@ let defaultFontsConf = let genDefault = fonts: name: optionalString (fonts != []) '' - <alias> + <alias binding="same"> <family>${name}</family> <prefer> ${concatStringsSep "" @@ -139,6 +139,8 @@ let ${genDefault cfg.defaultFonts.monospace "monospace"} + ${genDefault cfg.defaultFonts.emoji "emoji"} + </fontconfig> ''; @@ -344,6 +346,21 @@ in in case multiple languages must be supported. ''; }; + + emoji = mkOption { + type = types.listOf types.str; + default = ["Noto Color Emoji"]; + description = '' + System-wide default emoji font(s). Multiple fonts may be listed + in case a font does not support all emoji. + + Note that fontconfig matches color emoji fonts preferentially, + so if you want to use a black and white font while having + a color font installed (eg. Noto Color Emoji installed alongside + Noto Emoji), fontconfig will still choose the color font even + when it is later in the list. + ''; + }; }; hinting = { diff --git a/nixos/modules/config/fonts/fonts.nix b/nixos/modules/config/fonts/fonts.nix index 0dd01df9da7..abb806b601a 100644 --- a/nixos/modules/config/fonts/fonts.nix +++ b/nixos/modules/config/fonts/fonts.nix @@ -43,6 +43,7 @@ with lib; pkgs.xorg.fontmiscmisc pkgs.xorg.fontcursormisc pkgs.unifont + pkgs.noto-fonts-emoji ]; }; diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index a11c038c2d3..ba79bd3d6ec 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -181,7 +181,7 @@ let }; hashedPassword = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the hashed password for the user. @@ -191,7 +191,7 @@ let }; password = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the (clear text) password for the user. @@ -203,7 +203,7 @@ let }; passwordFile = mkOption { - type = with types; uniq (nullOr string); + type = with types; nullOr str; default = null; description = '' The full path to a file that contains the user's password. The password @@ -215,7 +215,7 @@ let }; initialHashedPassword = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the initial hashed password for the user, i.e. the @@ -230,7 +230,7 @@ let }; initialPassword = mkOption { - type = with types; uniq (nullOr str); + type = with types; nullOr str; default = null; description = '' Specifies the initial password for the user, i.e. the @@ -304,7 +304,7 @@ let }; members = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = []; description = '' The user names of the group members, added to the diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index da3c8ee5a9f..3ab2afc9740 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -88,7 +88,7 @@ in }; hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = ""; example = "PCI:1:0:0"; description = '' @@ -98,7 +98,7 @@ in }; hardware.nvidia.optimus_prime.intelBusId = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = ""; example = "PCI:0:2:0"; description = '' diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix index a9241870fa7..2d34406a032 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix @@ -59,4 +59,8 @@ in ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; } diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix index dab09241531..651d1a36dc1 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix @@ -56,4 +56,8 @@ in ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; } diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix index 8c9090471dc..2a131d9ce98 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix @@ -45,4 +45,8 @@ in ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; } diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 07f6f627e6c..0a015044155 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -54,7 +54,7 @@ in }; firmwarePartitionID = mkOption { - type = types.string; + type = types.str; default = "0x2178694e"; description = '' Volume ID for the /boot/firmware partition on the SD card. This value @@ -63,7 +63,7 @@ in }; rootPartitionUUID = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7"; description = '' @@ -194,9 +194,5 @@ in rm -f /nix-path-registration fi ''; - - # the installation media is also the installation target, - # so we don't want to provide the installation configuration.nix. - installer.cloneConfig = false; }; } diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b6c946b99e0..4bc37ed3f17 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -138,6 +138,7 @@ ./programs/qt5ct.nix ./programs/screen.nix ./programs/sedutil.nix + ./programs/seahorse.nix ./programs/slock.nix ./programs/shadow.nix ./programs/shell.nix @@ -216,8 +217,6 @@ ./services/backup/bacula.nix ./services/backup/borgbackup.nix ./services/backup/duplicati.nix - ./services/backup/crashplan.nix - ./services/backup/crashplan-small-business.nix ./services/backup/duplicity.nix ./services/backup/mysql-backup.nix ./services/backup/postgresql-backup.nix @@ -303,7 +302,6 @@ ./services/desktops/gnome3/gnome-settings-daemon.nix ./services/desktops/gnome3/gnome-user-share.nix ./services/desktops/gnome3/rygel.nix - ./services/desktops/gnome3/seahorse.nix ./services/desktops/gnome3/sushi.nix ./services/desktops/gnome3/tracker.nix ./services/desktops/gnome3/tracker-miners.nix diff --git a/nixos/modules/programs/seahorse.nix b/nixos/modules/programs/seahorse.nix new file mode 100644 index 00000000000..c08b0a85374 --- /dev/null +++ b/nixos/modules/programs/seahorse.nix @@ -0,0 +1,44 @@ +# Seahorse. + +{ config, pkgs, lib, ... }: + +with lib; + +{ + + # Added 2019-08-27 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "seahorse" "enable" ] + [ "programs" "seahorse" "enable" ]) + ]; + + + ###### interface + + options = { + + programs.seahorse = { + + enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring"; + + }; + + }; + + + ###### implementation + + config = mkIf config.programs.seahorse.enable { + + environment.systemPackages = [ + pkgs.gnome3.seahorse + ]; + + services.dbus.packages = [ + pkgs.gnome3.seahorse + ]; + + }; + +} diff --git a/nixos/modules/programs/thefuck.nix b/nixos/modules/programs/thefuck.nix index 21ed6603c1b..b909916158d 100644 --- a/nixos/modules/programs/thefuck.nix +++ b/nixos/modules/programs/thefuck.nix @@ -17,7 +17,7 @@ in alias = mkOption { default = "fuck"; - type = types.string; + type = types.str; description = '' `thefuck` needs an alias to be configured. diff --git a/nixos/modules/programs/xss-lock.nix b/nixos/modules/programs/xss-lock.nix index 070463311db..a7ad9b89db4 100644 --- a/nixos/modules/programs/xss-lock.nix +++ b/nixos/modules/programs/xss-lock.nix @@ -12,7 +12,7 @@ in lockerCommand = mkOption { default = "${pkgs.i3lock}/bin/i3lock"; example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; - type = types.string; + type = types.separatedString " "; description = "Locker to be used with xsslock"; }; diff --git a/nixos/modules/programs/yabar.nix b/nixos/modules/programs/yabar.nix index db085211366..5de9331ac52 100644 --- a/nixos/modules/programs/yabar.nix +++ b/nixos/modules/programs/yabar.nix @@ -76,7 +76,7 @@ in font = mkOption { default = "sans bold 9"; example = "Droid Sans, FontAwesome Bold 9"; - type = types.string; + type = types.str; description = '' The font that will be used to draw the status bar. @@ -95,7 +95,7 @@ in extra = mkOption { default = {}; - type = types.attrsOf types.string; + type = types.attrsOf types.str; description = '' An attribute set which contains further attributes of a bar. @@ -107,7 +107,7 @@ in type = types.attrsOf(types.submodule { options.exec = mkOption { example = "YABAR_DATE"; - type = types.string; + type = types.str; description = '' The type of the indicator to be executed. ''; @@ -125,7 +125,7 @@ in options.extra = mkOption { default = {}; - type = types.attrsOf (types.either types.string types.int); + type = types.attrsOf (types.either types.str types.int); description = '' An attribute set which contains further attributes of a indicator. diff --git a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix index 89087a229eb..7184e5d9b9a 100644 --- a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix +++ b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix @@ -33,7 +33,7 @@ in patterns = mkOption { default = {}; - type = types.attrsOf types.string; + type = types.attrsOf types.str; example = literalExample '' { @@ -50,7 +50,7 @@ in }; styles = mkOption { default = {}; - type = types.attrsOf types.string; + type = types.attrsOf types.str; example = literalExample '' { diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 1048c2af2ea..9e0ab60ca67 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -256,7 +256,7 @@ with lib; # binfmt (mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ]) - + # ACME (mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.") (mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal") @@ -285,6 +285,13 @@ with lib; throw "services.redshift.longitude is set to null, you can remove this" else builtins.fromJSON value)) + # Redis + (mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.") + (mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.") + (mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.") + (mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.") + (mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.") + ] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "snmpExporter" "unifiExporter" "varnishExporter" ] diff --git a/nixos/modules/security/auditd.nix b/nixos/modules/security/auditd.nix index 6abac244dac..9d26cfbcfb1 100644 --- a/nixos/modules/security/auditd.nix +++ b/nixos/modules/security/auditd.nix @@ -6,6 +6,10 @@ with lib; options.security.auditd.enable = mkEnableOption "the Linux Audit daemon"; config = mkIf config.security.auditd.enable { + boot.kernelParams = [ "audit=1" ]; + + environment.systemPackages = [ pkgs.audit ]; + systemd.services.auditd = { description = "Linux Audit daemon"; wantedBy = [ "basic.target" ]; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 89e71c5136e..9c7ddc2f4ee 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -685,7 +685,7 @@ in }; id = mkOption { example = "42"; - type = types.string; + type = types.str; description = "client id"; }; diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 573588aaeec..10ee036be84 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -91,7 +91,7 @@ in type = with types; listOf (submodule { options = { users = mkOption { - type = with types; listOf (either string int); + type = with types; listOf (either str int); description = '' The usernames / UIDs this rule should apply for. ''; @@ -99,7 +99,7 @@ in }; groups = mkOption { - type = with types; listOf (either string int); + type = with types; listOf (either str int); description = '' The groups / GIDs this rule should apply for. ''; @@ -107,7 +107,7 @@ in }; host = mkOption { - type = types.string; + type = types.str; default = "ALL"; description = '' For what host this rule should apply. @@ -115,7 +115,7 @@ in }; runAs = mkOption { - type = with types; string; + type = with types; str; default = "ALL:ALL"; description = '' Under which user/group the specified command is allowed to run. @@ -130,11 +130,11 @@ in description = '' The commands for which the rule should apply. ''; - type = with types; listOf (either string (submodule { + type = with types; listOf (either str (submodule { options = { command = mkOption { - type = with types; string; + type = with types; str; description = '' A command being either just a path to a binary to allow any arguments, the full command with arguments pre-set or with <code>""</code> used as the argument, diff --git a/nixos/modules/services/amqp/activemq/default.nix b/nixos/modules/services/amqp/activemq/default.nix index 27bfd91cd2d..7729da27304 100644 --- a/nixos/modules/services/amqp/activemq/default.nix +++ b/nixos/modules/services/amqp/activemq/default.nix @@ -40,7 +40,7 @@ in { ''; }; configurationURI = mkOption { - type = types.string; + type = types.str; default = "xbean:activemq.xml"; description = '' The URI that is passed along to the BrokerFactory to @@ -51,7 +51,7 @@ in { ''; }; baseDir = mkOption { - type = types.string; + type = types.str; default = "/var/activemq"; description = '' The base directory where ActiveMQ stores its persistent data and logs. @@ -81,7 +81,7 @@ in { ''; }; extraJavaOptions = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M"; description = '' diff --git a/nixos/modules/services/audio/alsa.nix b/nixos/modules/services/audio/alsa.nix index 57bd4a8f5a6..f632644af09 100644 --- a/nixos/modules/services/audio/alsa.nix +++ b/nixos/modules/services/audio/alsa.nix @@ -64,7 +64,7 @@ in }; volumeStep = mkOption { - type = types.string; + type = types.str; default = "1"; example = "1%"; description = '' diff --git a/nixos/modules/services/audio/ympd.nix b/nixos/modules/services/audio/ympd.nix index 919b7662251..551bd941fe6 100644 --- a/nixos/modules/services/audio/ympd.nix +++ b/nixos/modules/services/audio/ympd.nix @@ -23,7 +23,7 @@ in { mpd = { host = mkOption { - type = types.string; + type = types.str; default = "localhost"; description = "The host where MPD is listening."; example = "localhost"; diff --git a/nixos/modules/services/backup/crashplan-small-business.nix b/nixos/modules/services/backup/crashplan-small-business.nix deleted file mode 100644 index 790dafefe66..00000000000 --- a/nixos/modules/services/backup/crashplan-small-business.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.crashplansb; - crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; }; -in - -with lib; - -{ - options = { - services.crashplansb = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Starts crashplan for small business background service. - ''; - }; - maxRam = mkOption { - default = "1024m"; - example = "2G"; - type = types.str; - description = '' - Maximum amount of ram that the crashplan engine should use. - ''; - }; - openPorts = mkOption { - description = "Open ports in the firewall for crashplan."; - default = true; - type = types.bool; - }; - ports = mkOption { - # https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform - # used ports can also be checked in the desktop app console using the command connection.info - description = "which ports to open."; - default = [ 4242 4243 4244 4247 ]; - type = types.listOf types.int; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ crashplansb ]; - networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports; - - systemd.services.crashplansb = { - description = "CrashPlan Backup Engine"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; - - preStart = '' - install -d -m 755 ${crashplansb.vardir} - install -d -m 700 ${crashplansb.vardir}/conf - install -d -m 700 ${crashplansb.manifestdir} - install -d -m 700 ${crashplansb.vardir}/cache - install -d -m 700 ${crashplansb.vardir}/backupArchives - install -d -m 777 ${crashplansb.vardir}/log - cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf - ''; - - serviceConfig = { - Type = "forking"; - EnvironmentFile = "${crashplansb}/bin/run.conf"; - ExecStart = "${crashplansb}/bin/CrashPlanEngine start"; - ExecStop = "${crashplansb}/bin/CrashPlanEngine stop"; - PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid"; - WorkingDirectory = crashplansb; - }; - }; - }; -} diff --git a/nixos/modules/services/backup/crashplan.nix b/nixos/modules/services/backup/crashplan.nix deleted file mode 100644 index c540cc6e2ae..00000000000 --- a/nixos/modules/services/backup/crashplan.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.crashplan; - crashplan = pkgs.crashplan; -in - -with lib; - -{ - options = { - services.crashplan = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Starts crashplan background service. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ crashplan ]; - - systemd.services.crashplan = { - description = "CrashPlan Backup Engine"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; - - preStart = '' - ensureDir() { - dir=$1 - mode=$2 - - if ! test -e $dir; then - ${pkgs.coreutils}/bin/mkdir -m $mode -p $dir - elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then - ${pkgs.coreutils}/bin/chmod $mode $dir - fi - } - - ensureDir ${crashplan.vardir} 755 - ensureDir ${crashplan.vardir}/conf 700 - ensureDir ${crashplan.manifestdir} 700 - ensureDir ${crashplan.vardir}/cache 700 - ensureDir ${crashplan.vardir}/backupArchives 700 - ensureDir ${crashplan.vardir}/log 777 - cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf - for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do - rm -f ${crashplan.vardir}/$x; - ln -sf ${crashplan}/$x ${crashplan.vardir}/$x; - done - ''; - - serviceConfig = { - Type = "forking"; - EnvironmentFile = "${crashplan}/bin/run.conf"; - ExecStart = "${crashplan}/bin/CrashPlanEngine start"; - ExecStop = "${crashplan}/bin/CrashPlanEngine stop"; - PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid"; - WorkingDirectory = crashplan; - }; - }; - }; -} diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 17b410a97f3..13a36ae32ac 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -81,7 +81,7 @@ in { }; pgdumpOptions = mkOption { - type = types.string; + type = types.separatedString " "; default = "-Cbo"; description = '' Command line options for pg_dump. This options is not used diff --git a/nixos/modules/services/backup/rsnapshot.nix b/nixos/modules/services/backup/rsnapshot.nix index bb5dcab1dcf..6635a51ec2c 100644 --- a/nixos/modules/services/backup/rsnapshot.nix +++ b/nixos/modules/services/backup/rsnapshot.nix @@ -2,7 +2,7 @@ with lib; -let +let cfg = config.services.rsnapshot; cfgfile = pkgs.writeText "rsnapshot.conf" '' config_version 1.2 @@ -52,7 +52,7 @@ in cronIntervals = mkOption { default = {}; example = { hourly = "0 * * * *"; daily = "50 21 * * *"; }; - type = types.attrsOf types.string; + type = types.attrsOf types.str; description = '' Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index 7022751b3f0..a7edac02538 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -111,7 +111,7 @@ in systemd.services.boinc = { description = "BOINC Client"; - after = ["network.target" "local-fs.target"]; + after = ["network.target"]; wantedBy = ["multi-user.target"]; script = '' ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag} diff --git a/nixos/modules/services/databases/cassandra.nix b/nixos/modules/services/databases/cassandra.nix index 74265f8488b..90c094f68b6 100644 --- a/nixos/modules/services/databases/cassandra.nix +++ b/nixos/modules/services/databases/cassandra.nix @@ -259,7 +259,7 @@ in { ''; }; incrementalRepairOptions = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "--partitioner-range" ]; description = '' @@ -267,7 +267,7 @@ in { ''; }; maxHeapSize = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "4G"; description = '' @@ -287,7 +287,7 @@ in { ''; }; heapNewSize = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "800M"; description = '' @@ -352,11 +352,11 @@ in { type = types.listOf (types.submodule { options = { username = mkOption { - type = types.string; + type = types.str; description = "Username for JMX"; }; password = mkOption { - type = types.string; + type = types.str; description = "Password for JMX"; }; }; diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix index 77e404116c8..53224db1d89 100644 --- a/nixos/modules/services/databases/couchdb.nix +++ b/nixos/modules/services/databases/couchdb.nix @@ -56,7 +56,7 @@ in { user = mkOption { - type = types.string; + type = types.str; default = "couchdb"; description = '' User account under which couchdb runs. @@ -64,7 +64,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "couchdb"; description = '' Group account under which couchdb runs. @@ -106,7 +106,7 @@ in { }; bindAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = '' Defines the IP address by which CouchDB will be accessible. @@ -138,7 +138,7 @@ in { }; configFile = mkOption { - type = types.string; + type = types.path; description = '' Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group. diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index 3746b875c7f..8f8d0da7c8d 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -140,7 +140,7 @@ in }; logSize = mkOption { - type = types.string; + type = types.str; default = "10MiB"; description = '' Roll over to a new log file after the current log file @@ -149,7 +149,7 @@ in }; maxLogSize = mkOption { - type = types.string; + type = types.str; default = "100MiB"; description = '' Delete the oldest log file when the total size of all log @@ -171,7 +171,7 @@ in }; memory = mkOption { - type = types.string; + type = types.str; default = "8GiB"; description = '' Maximum memory used by the process. The default value is @@ -193,7 +193,7 @@ in }; storageMemory = mkOption { - type = types.string; + type = types.str; default = "1GiB"; description = '' Maximum memory used for data storage. The default value is diff --git a/nixos/modules/services/databases/hbase.nix b/nixos/modules/services/databases/hbase.nix index 589c8cf5ec8..2d1a47bbaa3 100644 --- a/nixos/modules/services/databases/hbase.nix +++ b/nixos/modules/services/databases/hbase.nix @@ -53,7 +53,7 @@ in { user = mkOption { - type = types.string; + type = types.str; default = "hbase"; description = '' User account under which HBase runs. @@ -61,7 +61,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "hbase"; description = '' Group account under which HBase runs. diff --git a/nixos/modules/services/databases/influxdb.nix b/nixos/modules/services/databases/influxdb.nix index 6868050c844..2f176a03872 100644 --- a/nixos/modules/services/databases/influxdb.nix +++ b/nixos/modules/services/databases/influxdb.nix @@ -129,13 +129,13 @@ in user = mkOption { default = "influxdb"; description = "User account under which influxdb runs"; - type = types.string; + type = types.str; }; group = mkOption { default = "influxdb"; description = "Group under which influxdb runs"; - type = types.string; + type = types.str; }; dataDir = mkOption { diff --git a/nixos/modules/services/databases/mongodb.nix b/nixos/modules/services/databases/mongodb.nix index c458a1d648a..12879afed47 100644 --- a/nixos/modules/services/databases/mongodb.nix +++ b/nixos/modules/services/databases/mongodb.nix @@ -65,9 +65,9 @@ in default = false; description = "Enable client authentication. Creates a default superuser with username root!"; }; - + initialRootPassword = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = "Password for the root user if auth is enabled."; }; diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index d8e2c715afb..5bf57a1bf9c 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -47,26 +47,26 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "openldap"; description = "User account under which slapd runs."; }; group = mkOption { - type = types.string; + type = types.str; default = "openldap"; description = "Group account under which slapd runs."; }; urlList = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "ldap:///" ]; description = "URL list slapd should listen on."; example = [ "ldaps:///" ]; }; dataDir = mkOption { - type = types.string; + type = types.path; default = "/var/db/openldap"; description = "The database directory."; }; diff --git a/nixos/modules/services/databases/opentsdb.nix b/nixos/modules/services/databases/opentsdb.nix index b26fa9093ef..c4bd71f3d60 100644 --- a/nixos/modules/services/databases/opentsdb.nix +++ b/nixos/modules/services/databases/opentsdb.nix @@ -34,7 +34,7 @@ in { }; user = mkOption { - type = types.string; + type = types.str; default = "opentsdb"; description = '' User account under which OpenTSDB runs. @@ -42,7 +42,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "opentsdb"; description = '' Group account under which OpenTSDB runs. diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 3f2857100f5..9c389d80a6d 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -8,17 +8,19 @@ let condOption = name: value: if value != null then "${name} ${toString value}" else ""; redisConfig = pkgs.writeText "redis.conf" '' - pidfile ${cfg.pidFile} port ${toString cfg.port} ${condOption "bind" cfg.bind} ${condOption "unixsocket" cfg.unixSocket} + daemonize yes + supervised systemd loglevel ${cfg.logLevel} logfile ${cfg.logfile} syslog-enabled ${redisBool cfg.syslog} + pidfile /run/redis/redis.pid databases ${toString cfg.databases} ${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save} - dbfilename ${cfg.dbFilename} - dir ${toString cfg.dbpath} + dbfilename dump.rdb + dir /var/lib/redis ${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""} ${condOption "masterauth" cfg.masterAuth} ${condOption "requirepass" cfg.requirePass} @@ -40,7 +42,12 @@ in enable = mkOption { type = types.bool; default = false; - description = "Whether to enable the Redis server."; + description = '' + Whether to enable the Redis server. Note that the NixOS module for + Redis disables kernel support for Transparent Huge Pages (THP), + because this features causes major performance problems for Redis, + e.g. (https://redis.io/topics/latency). + ''; }; package = mkOption { @@ -50,18 +57,6 @@ in description = "Which Redis derivation to use."; }; - user = mkOption { - type = types.str; - default = "redis"; - description = "User account under which Redis runs."; - }; - - pidFile = mkOption { - type = types.path; - default = "/var/lib/redis/redis.pid"; - description = ""; - }; - port = mkOption { type = types.int; default = 6379; @@ -95,7 +90,7 @@ in type = with types; nullOr path; default = null; description = "The path to the socket to bind to."; - example = "/run/redis.sock"; + example = "/run/redis/redis.sock"; }; logLevel = mkOption { @@ -131,18 +126,6 @@ in example = [ [900 1] [300 10] [60 10000] ]; }; - dbFilename = mkOption { - type = types.str; - default = "dump.rdb"; - description = "The filename where to dump the DB."; - }; - - dbpath = mkOption { - type = types.path; - default = "/var/lib/redis"; - description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration."; - }; - slaveOf = mkOption { default = null; # { ip, port } description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave."; @@ -170,12 +153,6 @@ in description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; }; - appendOnlyFilename = mkOption { - type = types.str; - default = "appendonly.aof"; - description = "Filename for the append-only file (stored inside of dbpath)"; - }; - appendFsync = mkOption { type = types.str; default = "everysec"; # no, always, everysec @@ -217,27 +194,30 @@ in allowedTCPPorts = [ cfg.port ]; }; - users.users.redis = - { name = cfg.user; - description = "Redis database user"; - }; + users.users.redis.description = "Redis database user"; environment.systemPackages = [ cfg.package ]; + systemd.services.disable-transparent-huge-pages = { + description = "Disable Transparent Huge Pages (required by Redis)"; + before = [ "redis.service" ]; + wantedBy = [ "redis.service" ]; + script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled"; + serviceConfig.Type = "oneshot"; + }; + systemd.services.redis = { description = "Redis Server"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - preStart = '' - install -d -m0700 -o ${cfg.user} ${cfg.dbpath} - chown -R ${cfg.user} ${cfg.dbpath} - ''; - serviceConfig = { ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}"; - User = cfg.user; + RuntimeDirectory = "redis"; + StateDirectory = "redis"; + Type = "notify"; + User = "redis"; }; }; diff --git a/nixos/modules/services/databases/riak.nix b/nixos/modules/services/databases/riak.nix index ac086cf5599..885215209bd 100644 --- a/nixos/modules/services/databases/riak.nix +++ b/nixos/modules/services/databases/riak.nix @@ -29,7 +29,7 @@ in }; nodeName = mkOption { - type = types.string; + type = types.str; default = "riak@127.0.0.1"; description = '' Name of the Erlang node. @@ -37,7 +37,7 @@ in }; distributedCookie = mkOption { - type = types.string; + type = types.str; default = "riak"; description = '' Cookie for distributed node communication. All nodes in the diff --git a/nixos/modules/services/desktops/gnome3/seahorse.nix b/nixos/modules/services/desktops/gnome3/seahorse.nix deleted file mode 100644 index 9631157934f..00000000000 --- a/nixos/modules/services/desktops/gnome3/seahorse.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Seahorse daemon. - -{ config, pkgs, lib, ... }: - -with lib; - -{ - - ###### interface - - options = { - - services.gnome3.seahorse = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable Seahorse search provider for the GNOME Shell activity search. - ''; - }; - - }; - - }; - - - ###### implementation - - config = mkIf config.services.gnome3.seahorse.enable { - - environment.systemPackages = [ pkgs.gnome3.seahorse pkgs.gnome3.dconf ]; - - services.dbus.packages = [ pkgs.gnome3.seahorse ]; - - }; - -} diff --git a/nixos/modules/services/desktops/profile-sync-daemon.nix b/nixos/modules/services/desktops/profile-sync-daemon.nix index e4e47cfbd43..a8ac22ac127 100644 --- a/nixos/modules/services/desktops/profile-sync-daemon.nix +++ b/nixos/modules/services/desktops/profile-sync-daemon.nix @@ -34,7 +34,7 @@ in { psd = { enable = true; description = "Profile Sync daemon"; - wants = [ "psd-resync.service" "local-fs.target" ]; + wants = [ "psd-resync.service" ]; wantedBy = [ "default.target" ]; path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ]; unitConfig = { diff --git a/nixos/modules/services/games/factorio.nix b/nixos/modules/services/games/factorio.nix index d04673a6c8b..f3831156f45 100644 --- a/nixos/modules/services/games/factorio.nix +++ b/nixos/modules/services/games/factorio.nix @@ -55,7 +55,7 @@ in ''; }; saveName = mkOption { - type = types.string; + type = types.str; default = "default"; description = '' The name of the savegame that will be used by the server. @@ -81,7 +81,7 @@ in ''; }; stateDirName = mkOption { - type = types.string; + type = types.str; default = "factorio"; description = '' Name of the directory under /var/lib holding the server's data. @@ -102,14 +102,14 @@ in ''; }; game-name = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "Factorio Game"; description = '' Name of the game as it will appear in the game listing. ''; }; description = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = ""; description = '' Description of the game that will appear in the listing. @@ -130,28 +130,28 @@ in ''; }; username = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Your factorio.com login credentials. Required for games with visibility public. ''; }; password = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Your factorio.com login credentials. Required for games with visibility public. ''; }; token = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Authentication token. May be used instead of 'password' above. ''; }; game-password = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' Game password. diff --git a/nixos/modules/services/hardware/freefall.nix b/nixos/modules/services/hardware/freefall.nix index 066ccaa4d7c..83f1e8c84f2 100644 --- a/nixos/modules/services/hardware/freefall.nix +++ b/nixos/modules/services/hardware/freefall.nix @@ -28,7 +28,7 @@ in { }; devices = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "/dev/sda" ]; description = '' Device paths to all internal spinning hard drives. diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index 223adfee96e..6c341bcbf24 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -43,7 +43,7 @@ in { }; blacklistDevices = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]; description = '' @@ -52,7 +52,7 @@ in { }; blacklistPlugins = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = [ "test" ]; example = [ "udev" ]; description = '' diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index 5a35bb3f981..b344dfc2061 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -76,7 +76,7 @@ in }; hardware.sane.configDir = mkOption { - type = types.string; + type = types.str; internal = true; description = "The value of SANE_CONFIG_DIR."; }; diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index d4b0a9495d7..3876280ee6b 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -49,13 +49,13 @@ in user = mkOption { default = "tss"; - type = types.string; + type = types.str; description = "User account under which tcsd runs."; }; group = mkOption { default = "tss"; - type = types.string; + type = types.str; description = "Group account under which tcsd runs."; }; @@ -65,19 +65,19 @@ in description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across - restarts of the TCSD and system reboots. + restarts of the TCSD and system reboots. ''; }; firmwarePCRs = mkOption { default = "0,1,2,3,4,5,6,7"; - type = types.string; + type = types.str; description = "PCR indices used in the TPM for firmware measurements."; }; kernelPCRs = mkOption { default = "8,9,10,11,12"; - type = types.string; + type = types.str; description = "PCR indices used in the TPM for kernel measurements."; }; diff --git a/nixos/modules/services/hardware/triggerhappy.nix b/nixos/modules/services/hardware/triggerhappy.nix index a500cb4fc36..f9f5234bdc3 100644 --- a/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixos/modules/services/hardware/triggerhappy.nix @@ -102,7 +102,6 @@ in systemd.services.triggerhappy = { wantedBy = [ "multi-user.target" ]; - after = [ "local-fs.target" ]; description = "Global hotkey daemon"; serviceConfig = { ExecStart = "${pkgs.triggerhappy}/bin/thd ${optionalString (cfg.user != "root") "--user ${cfg.user}"} --socket ${socket} --triggers ${configFile} --deviceglob /dev/input/event*"; diff --git a/nixos/modules/services/logging/SystemdJournal2Gelf.nix b/nixos/modules/services/logging/SystemdJournal2Gelf.nix index e90d9e7a12b..f26aef7262b 100644 --- a/nixos/modules/services/logging/SystemdJournal2Gelf.nix +++ b/nixos/modules/services/logging/SystemdJournal2Gelf.nix @@ -16,7 +16,7 @@ in }; graylogServer = mkOption { - type = types.string; + type = types.str; example = "graylog2.example.com:11201"; description = '' Host and port of your graylog2 input. This should be a GELF @@ -25,7 +25,7 @@ in }; extraOptions = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = '' Any extra flags to pass to SystemdJournal2Gelf. Note that @@ -56,4 +56,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/logging/awstats.nix b/nixos/modules/services/logging/awstats.nix index 54799d699a7..a92ff3bee49 100644 --- a/nixos/modules/services/logging/awstats.nix +++ b/nixos/modules/services/logging/awstats.nix @@ -32,7 +32,7 @@ in }; updateAt = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "hourly"; description = '' @@ -50,7 +50,7 @@ in description = ''Enable the awstats web service. This switches on httpd.''; }; urlPrefix = mkOption { - type = types.string; + type = types.str; default = "/awstats"; description = "The URL prefix under which the awstats service appears."; }; diff --git a/nixos/modules/services/logging/logcheck.nix b/nixos/modules/services/logging/logcheck.nix index 5be23757d63..6d8be5b926d 100644 --- a/nixos/modules/services/logging/logcheck.nix +++ b/nixos/modules/services/logging/logcheck.nix @@ -155,7 +155,7 @@ in config = mkOption { default = "FQDN=1"; - type = types.string; + type = types.lines; description = '' Config options that you would like in logcheck.conf. ''; diff --git a/nixos/modules/services/logging/rsyslogd.nix b/nixos/modules/services/logging/rsyslogd.nix index 1ea96b8f132..b924d94e0b0 100644 --- a/nixos/modules/services/logging/rsyslogd.nix +++ b/nixos/modules/services/logging/rsyslogd.nix @@ -46,7 +46,7 @@ in }; defaultConfig = mkOption { - type = types.string; + type = types.lines; default = defaultConf; description = '' The default <filename>syslog.conf</filename> file configures a @@ -56,7 +56,7 @@ in }; extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; example = "news.* -/var/log/news"; description = '' diff --git a/nixos/modules/services/mail/exim.nix b/nixos/modules/services/mail/exim.nix index c0581129135..47812dd1e40 100644 --- a/nixos/modules/services/mail/exim.nix +++ b/nixos/modules/services/mail/exim.nix @@ -21,7 +21,7 @@ in }; config = mkOption { - type = types.string; + type = types.lines; default = ""; description = '' Verbatim Exim configuration. This should not contain exim_user, @@ -30,7 +30,7 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "exim"; description = '' User to use when no root privileges are required. @@ -42,7 +42,7 @@ in }; group = mkOption { - type = types.string; + type = types.str; default = "exim"; description = '' Group to use when no root privileges are required. @@ -50,7 +50,7 @@ in }; spoolDir = mkOption { - type = types.string; + type = types.path; default = "/var/spool/exim"; description = '' Location of the spool directory of exim. diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 9997d287013..2c2910e0aa9 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -14,7 +14,7 @@ with lib; }; user = mkOption { - type = types.string; + type = types.str; default = "nullmailer"; description = '' User to use to run nullmailer-send. @@ -22,7 +22,7 @@ with lib; }; group = mkOption { - type = types.string; + type = types.str; default = "nullmailer"; description = '' Group to use to run nullmailer-send. diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index f772aae1bb8..d5fd76da970 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -509,7 +509,7 @@ in }; localRecipients = mkOption { - type = with types; nullOr (listOf string); + type = with types; nullOr (listOf str); default = null; description = '' List of accepted local users. Specify a bare username, an @@ -530,7 +530,7 @@ in dnsBlacklists = mkOption { default = []; - type = with types; listOf string; + type = with types; listOf str; description = "dns blacklist servers to use with smtpd_client_restrictions"; }; diff --git a/nixos/modules/services/mail/postgrey.nix b/nixos/modules/services/mail/postgrey.nix index 252c92e3595..88fb7f0b4ad 100644 --- a/nixos/modules/services/mail/postgrey.nix +++ b/nixos/modules/services/mail/postgrey.nix @@ -12,7 +12,7 @@ with lib; let inetSocket = with types; { options = { addr = mkOption { - type = nullOr string; + type = nullOr str; default = null; example = "127.0.0.1"; description = "The address to bind to. Localhost if null"; @@ -34,7 +34,7 @@ with lib; let }; mode = mkOption { - type = string; + type = str; default = "0777"; description = "Mode of the unix socket"; }; @@ -63,17 +63,17 @@ in { description = "Socket to bind to"; }; greylistText = mkOption { - type = string; + type = str; default = "Greylisted for %%s seconds"; description = "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient"; }; greylistAction = mkOption { - type = string; + type = str; default = "DEFER_IF_PERMIT"; description = "Response status for greylisted messages (see access(5))"; }; greylistHeader = mkOption { - type = string; + type = str; default = "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d"; description = "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host"; }; @@ -88,7 +88,7 @@ in { description = "Delete entries from whitelist if they haven't been seen for N days"; }; retryWindow = mkOption { - type = either string natural; + type = either str natural; default = 2; example = "12h"; description = "Allow N days for the first retry. Use string with appended 'h' to specify time in hours"; diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index 341303aee3c..89aa9d17ff7 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -308,7 +308,7 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "rspamd"; description = '' User to use when no root privileges are required. @@ -316,7 +316,7 @@ in }; group = mkOption { - type = types.string; + type = types.str; default = "rspamd"; description = '' Group to use when no root privileges are required. diff --git a/nixos/modules/services/misc/airsonic.nix b/nixos/modules/services/misc/airsonic.nix index c537354157f..919d3b2f6e6 100644 --- a/nixos/modules/services/misc/airsonic.nix +++ b/nixos/modules/services/misc/airsonic.nix @@ -34,7 +34,7 @@ in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = '' The host name or IP address on which to bind Airsonic. @@ -105,7 +105,7 @@ in { config = mkIf cfg.enable { systemd.services.airsonic = { description = "Airsonic Media Server"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' diff --git a/nixos/modules/services/misc/apache-kafka.nix b/nixos/modules/services/misc/apache-kafka.nix index 9eeae955699..798e902ccae 100644 --- a/nixos/modules/services/misc/apache-kafka.nix +++ b/nixos/modules/services/misc/apache-kafka.nix @@ -46,7 +46,7 @@ in { hostname = mkOption { description = "Hostname the broker should bind to."; default = "localhost"; - type = types.string; + type = types.str; }; logDirs = mkOption { @@ -54,13 +54,13 @@ in { default = [ "/tmp/kafka-logs" ]; type = types.listOf types.path; }; - + zookeeper = mkOption { description = "Zookeeper connection string"; default = "localhost:2181"; - type = types.string; + type = types.str; }; - + extraProperties = mkOption { description = "Extra properties for server.properties."; type = types.nullOr types.lines; @@ -79,8 +79,8 @@ in { log4jProperties = mkOption { description = "Kafka log4j property configuration."; default = '' - log4j.rootLogger=INFO, stdout - + log4j.rootLogger=INFO, stdout + log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n diff --git a/nixos/modules/services/misc/cpuminer-cryptonight.nix b/nixos/modules/services/misc/cpuminer-cryptonight.nix index f31526f8d10..907b9d90da2 100644 --- a/nixos/modules/services/misc/cpuminer-cryptonight.nix +++ b/nixos/modules/services/misc/cpuminer-cryptonight.nix @@ -28,15 +28,15 @@ in ''; }; url = mkOption { - type = types.string; + type = types.str; description = "URL of mining server"; }; user = mkOption { - type = types.string; + type = types.str; description = "Username for mining server"; }; pass = mkOption { - type = types.string; + type = types.str; default = "x"; description = "Password for mining server"; }; @@ -63,4 +63,4 @@ in }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/misc/exhibitor.nix b/nixos/modules/services/misc/exhibitor.nix index dfe9532dc4d..74f4f671f46 100644 --- a/nixos/modules/services/misc/exhibitor.nix +++ b/nixos/modules/services/misc/exhibitor.nix @@ -252,7 +252,7 @@ in example = ["host1:2181" "host2:2181"]; }; zkConfigExhibitorPath = mkOption { - type = types.string; + type = types.str; description = '' If the ZooKeeper shared config is also running Exhibitor, the URI path for the REST call ''; diff --git a/nixos/modules/services/misc/fstrim.nix b/nixos/modules/services/misc/fstrim.nix index 15f283f093c..b8841a7fe74 100644 --- a/nixos/modules/services/misc/fstrim.nix +++ b/nixos/modules/services/misc/fstrim.nix @@ -14,7 +14,7 @@ in { enable = mkEnableOption "periodic SSD TRIM of mounted partitions in background"; interval = mkOption { - type = types.string; + type = types.str; default = "weekly"; description = '' How often we run fstrim. For most desktop and server systems diff --git a/nixos/modules/services/misc/logkeys.nix b/nixos/modules/services/misc/logkeys.nix index ad13d9eaa67..0082db63a06 100644 --- a/nixos/modules/services/misc/logkeys.nix +++ b/nixos/modules/services/misc/logkeys.nix @@ -11,7 +11,7 @@ in { device = mkOption { description = "Use the given device as keyboard input event device instead of /dev/input/eventX default."; default = null; - type = types.nullOr types.string; + type = types.nullOr types.str; example = "/dev/input/event15"; }; }; diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index e8e9c0946d7..107fb57fe1c 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -163,7 +163,7 @@ in { }; serverName = mkOption { - type = types.string; + type = types.str; default = "mediatomb"; description = '' How to identify the server on the network. @@ -259,7 +259,7 @@ in { config = mkIf cfg.enable { systemd.services.mediatomb = { description = "MediaTomb media Server"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.mediatomb ]; serviceConfig.ExecStart = "${pkgs.mediatomb}/bin/mediatomb -p ${toString cfg.port} ${if cfg.interface!="" then "-e ${cfg.interface}" else ""} ${if cfg.customCfg then "" else "-c ${mtConf}"} -m ${cfg.dataDir}"; diff --git a/nixos/modules/services/misc/mwlib.nix b/nixos/modules/services/misc/mwlib.nix index a8edecff2a1..6b41b552a86 100644 --- a/nixos/modules/services/misc/mwlib.nix +++ b/nixos/modules/services/misc/mwlib.nix @@ -165,7 +165,7 @@ in }; # options.services - config = { + config = { systemd.services.mwlib-nserve = mkIf cfg.nserve.enable { @@ -191,7 +191,6 @@ in description = "mwlib job queue server"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; preStart = '' mkdir -pv '${cfg.qserve.datadir}' @@ -218,7 +217,7 @@ in description = "mwlib worker"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; preStart = '' mkdir -pv '${cfg.nslave.cachedir}' diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 4e6cd80e242..3985dc0b303 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -50,7 +50,7 @@ in }; ocrLanguages = mkOption { - type = with types; nullOr (listOf string); + type = with types; nullOr (listOf str); default = null; description = '' Languages available for OCR via Tesseract, specified as diff --git a/nixos/modules/services/misc/serviio.nix b/nixos/modules/services/misc/serviio.nix index 8808f2d2193..9868192724b 100644 --- a/nixos/modules/services/misc/serviio.nix +++ b/nixos/modules/services/misc/serviio.nix @@ -10,7 +10,7 @@ let #!${pkgs.bash}/bin/sh SERVIIO_HOME=${pkgs.serviio} - + # Setup the classpath SERVIIO_CLASS_PATH="$SERVIIO_HOME/lib/*:$SERVIIO_HOME/config" @@ -21,13 +21,13 @@ let # Execute the JVM in the foreground exec ${pkgs.jre}/bin/java -Xmx512M -Xms20M -XX:+UseG1GC -XX:GCTimeRatio=1 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 $JAVA_OPTS -classpath "$SERVIIO_CLASS_PATH" org.serviio.MediaServer "$@" ''; - + in { ###### interface options = { services.serviio = { - + enable = mkOption { type = types.bool; default = false; @@ -52,7 +52,7 @@ in { config = mkIf cfg.enable { systemd.services.serviio = { description = "Serviio Media Server"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.serviio ]; serviceConfig = { @@ -64,7 +64,7 @@ in { }; users.users = [ - { + { name = "serviio"; group = "serviio"; home = cfg.dataDir; @@ -75,16 +75,16 @@ in { ]; users.groups = [ - { name = "serviio";} + { name = "serviio";} ]; networking.firewall = { - allowedTCPPorts = [ + allowedTCPPorts = [ 8895 # serve UPnP responses 23423 # console 23424 # mediabrowser ]; - allowedUDPPorts = [ + allowedUDPPorts = [ 1900 # UPnP service discovey ]; }; diff --git a/nixos/modules/services/misc/subsonic.nix b/nixos/modules/services/misc/subsonic.nix index 1612b197f35..152917d345c 100644 --- a/nixos/modules/services/misc/subsonic.nix +++ b/nixos/modules/services/misc/subsonic.nix @@ -17,7 +17,7 @@ let cfg = config.services.subsonic; in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = '' The host name or IP address on which to bind Subsonic. @@ -105,7 +105,7 @@ let cfg = config.services.subsonic; in { config = mkIf cfg.enable { systemd.services.subsonic = { description = "Personal media streamer"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; script = '' ${pkgs.jre}/bin/java -Xmx${toString cfg.maxMemory}m \ diff --git a/nixos/modules/services/misc/uhub.nix b/nixos/modules/services/misc/uhub.nix index 005951b9231..753580c3e40 100644 --- a/nixos/modules/services/misc/uhub.nix +++ b/nixos/modules/services/misc/uhub.nix @@ -51,7 +51,7 @@ in }; address = mkOption { - type = types.string; + type = types.str; default = "any"; description = "Address to bind the hub to."; }; @@ -83,7 +83,7 @@ in description = "Whether to enable the Sqlite authentication database plugin"; }; file = mkOption { - type = types.string; + type = types.path; example = "/var/db/uhub-users"; description = "Path to user database. Use the uhub-passwd utility to create the database and add/remove users."; }; @@ -96,7 +96,7 @@ in description = "Whether to enable the logging plugin."; }; file = mkOption { - type = types.string; + type = types.str; default = ""; description = "Path of log file."; }; @@ -117,7 +117,7 @@ in default = ""; type = types.lines; description = '' - Welcome message displayed to clients after connecting + Welcome message displayed to clients after connecting and with the <literal>!motd</literal> command. ''; }; @@ -183,4 +183,4 @@ in }; }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/monitoring/apcupsd.nix b/nixos/modules/services/monitoring/apcupsd.nix index 49957e65290..75218aa1d46 100644 --- a/nixos/modules/services/monitoring/apcupsd.nix +++ b/nixos/modules/services/monitoring/apcupsd.nix @@ -91,7 +91,7 @@ in BATTERYLEVEL 50 MINUTES 5 ''; - type = types.string; + type = types.lines; description = '' Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to @@ -106,7 +106,7 @@ in example = { doshutdown = ''# shell commands to notify that the computer is shutting down''; }; - type = types.attrsOf types.string; + type = types.attrsOf types.lines; description = '' Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that diff --git a/nixos/modules/services/monitoring/bosun.nix b/nixos/modules/services/monitoring/bosun.nix index 8bf741adb6e..b1c12cce1f8 100644 --- a/nixos/modules/services/monitoring/bosun.nix +++ b/nixos/modules/services/monitoring/bosun.nix @@ -41,7 +41,7 @@ in { }; user = mkOption { - type = types.string; + type = types.str; default = "bosun"; description = '' User account under which bosun runs. @@ -49,7 +49,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "bosun"; description = '' Group account under which bosun runs. @@ -57,7 +57,7 @@ in { }; opentsdbHost = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "localhost:4242"; description = '' Host and port of the OpenTSDB database that stores bosun data. @@ -66,7 +66,7 @@ in { }; influxHost = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "localhost:8086"; description = '' @@ -75,7 +75,7 @@ in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = ":8070"; description = '' The host address and port that bosun's web interface will listen on. diff --git a/nixos/modules/services/monitoring/datadog-agent.nix b/nixos/modules/services/monitoring/datadog-agent.nix index 7f78db74677..02a9f316fc3 100644 --- a/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixos/modules/services/monitoring/datadog-agent.nix @@ -87,7 +87,7 @@ in { description = "The hostname to show in the Datadog dashboard (optional)"; default = null; example = "mymachine.mydomain"; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; }; logLevel = mkOption { diff --git a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix index 5e6d0d401eb..5ee6b092a6a 100644 --- a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix +++ b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix @@ -145,41 +145,40 @@ in { description = "The hostname to show in the Datadog dashboard (optional)"; default = null; example = "mymachine.mydomain"; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; }; postgresqlConfig = mkOption { description = "Datadog PostgreSQL integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; nginxConfig = mkOption { description = "Datadog nginx integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; mongoConfig = mkOption { description = "MongoDB integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; jmxConfig = mkOption { description = "JMX integration configuration"; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; processConfig = mkOption { description = '' Process integration configuration - - See http://docs.datadoghq.com/integrations/process/ + See <link xlink:href="https://docs.datadoghq.com/integrations/process/"/> ''; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.lines; }; }; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index d6473220c14..64cb6c3da1e 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -11,7 +11,7 @@ let graphiteLocalSettingsDir = pkgs.runCommand "graphite_local_settings" { inherit graphiteLocalSettings; - preferLocalBuild = true; + preferLocalBuild = true; } '' mkdir -p $out ln -s $graphiteLocalSettings $out/graphite_local_settings.py @@ -215,7 +215,7 @@ in { storageAggregation = mkOption { description = "Defines how to aggregate data to lower-precision retentions."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [all_min] pattern = \.min$ @@ -227,7 +227,7 @@ in { storageSchemas = mkOption { description = "Defines retention rates for storing metrics."; default = ""; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [apache_busyWorkers] pattern = ^servers\.www.*\.workers\.busyWorkers$ @@ -238,14 +238,14 @@ in { blacklist = mkOption { description = "Any metrics received which match one of the experssions will be dropped."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = "^some\.noisy\.metric\.prefix\..*"; }; whitelist = mkOption { description = "Only metrics received which match one of the experssions will be persisted."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = ".*"; }; @@ -255,7 +255,7 @@ in { in a search and replace fashion. ''; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [post] _sum$ = @@ -272,7 +272,7 @@ in { relayRules = mkOption { description = "Relay rules are used to send certain metrics to a certain backend."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' [example] pattern = ^mydata\.foo\..+ @@ -289,7 +289,7 @@ in { aggregationRules = mkOption { description = "Defines if and how received metrics will be aggregated."; default = null; - type = types.uniq (types.nullOr types.string); + type = types.nullOr types.str; example = '' <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency diff --git a/nixos/modules/services/monitoring/heapster.nix b/nixos/modules/services/monitoring/heapster.nix index fbdff2eb5db..6da0831b4c5 100644 --- a/nixos/modules/services/monitoring/heapster.nix +++ b/nixos/modules/services/monitoring/heapster.nix @@ -15,19 +15,19 @@ in { source = mkOption { description = "Heapster metric source"; example = "kubernetes:https://kubernetes.default"; - type = types.string; + type = types.str; }; sink = mkOption { description = "Heapster metic sink"; example = "influxdb:http://localhost:8086"; - type = types.string; + type = types.str; }; extraOpts = mkOption { description = "Heapster extra options"; default = ""; - type = types.string; + type = types.separatedString " "; }; package = mkOption { diff --git a/nixos/modules/services/monitoring/kapacitor.nix b/nixos/modules/services/monitoring/kapacitor.nix index 0f236d25c9e..9b4ff3c5612 100644 --- a/nixos/modules/services/monitoring/kapacitor.nix +++ b/nixos/modules/services/monitoring/kapacitor.nix @@ -116,17 +116,17 @@ in url = mkOption { description = "The URL to an InfluxDB server that serves as the default database"; example = "http://localhost:8086"; - type = types.string; + type = types.str; }; username = mkOption { description = "The username to connect to the remote InfluxDB server"; - type = types.string; + type = types.str; }; password = mkOption { description = "The password to connect to the remote InfluxDB server"; - type = types.string; + type = types.str; }; }; @@ -137,7 +137,7 @@ in description = "The URL to the Alerta REST API"; default = "http://localhost:5000"; example = "http://localhost:5000"; - type = types.string; + type = types.str; }; token = mkOption { diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index ffe223fedbe..8af0650c738 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -233,7 +233,7 @@ in # In the meantime this at least suppresses a useless graph full of # NaNs in the output. default = [ "munin_stats" ]; - type = with types; listOf string; + type = with types; listOf str; description = '' Munin plugins to disable, even if <literal>munin-node-configure --suggest</literal> tries to enable diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 2ab8910ff9d..b69310c34ff 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -132,14 +132,10 @@ let in mkIf conf.enable { warnings = conf.warnings or []; - users.users = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) { - "${name}-exporter" = { - description = '' - Prometheus ${name} exporter service user - ''; - isSystemUser = true; - inherit (conf) group; - }; + users.users."${name}-exporter" = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) { + description = "Prometheus ${name} exporter service user"; + isSystemUser = true; + inherit (conf) group; }); users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) { "${name}-exporter" = {}; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix index 7e394e8463e..adc2abe0b91 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -9,7 +9,7 @@ in port = 9100; extraOpts = { enabledCollectors = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = ''[ "systemd" ]''; description = '' diff --git a/nixos/modules/services/monitoring/riemann-tools.nix b/nixos/modules/services/monitoring/riemann-tools.nix index 2b647b6b1ad..86a11694e7b 100644 --- a/nixos/modules/services/monitoring/riemann-tools.nix +++ b/nixos/modules/services/monitoring/riemann-tools.nix @@ -35,7 +35,7 @@ in { ''; }; extraArgs = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = '' A list of commandline-switches forwarded to a riemann-tool. diff --git a/nixos/modules/services/monitoring/scollector.nix b/nixos/modules/services/monitoring/scollector.nix index dc0899c7e68..38cd2213de7 100644 --- a/nixos/modules/services/monitoring/scollector.nix +++ b/nixos/modules/services/monitoring/scollector.nix @@ -51,7 +51,7 @@ in { }; user = mkOption { - type = types.string; + type = types.str; default = "scollector"; description = '' User account under which scollector runs. @@ -59,7 +59,7 @@ in { }; group = mkOption { - type = types.string; + type = types.str; default = "scollector"; description = '' Group account under which scollector runs. @@ -67,7 +67,7 @@ in { }; bosunHost = mkOption { - type = types.string; + type = types.str; default = "localhost:8070"; description = '' Host and port of the bosun server that will store the collected diff --git a/nixos/modules/services/monitoring/ups.nix b/nixos/modules/services/monitoring/ups.nix index 429b40227d4..1bdc4e4410f 100644 --- a/nixos/modules/services/monitoring/ups.nix +++ b/nixos/modules/services/monitoring/ups.nix @@ -55,7 +55,7 @@ let description = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Description of the UPS. ''; @@ -71,7 +71,7 @@ let summary = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' Lines which would be added inside ups.conf for handling this UPS. ''; diff --git a/nixos/modules/services/monitoring/uptime.nix b/nixos/modules/services/monitoring/uptime.nix index c0993f3bc2e..245badc3e44 100644 --- a/nixos/modules/services/monitoring/uptime.nix +++ b/nixos/modules/services/monitoring/uptime.nix @@ -57,7 +57,7 @@ in { nodeEnv = mkOption { description = "The node environment to run in (development, production, etc.)"; - type = types.string; + type = types.str; default = "production"; }; diff --git a/nixos/modules/services/network-filesystems/ceph.nix b/nixos/modules/services/network-filesystems/ceph.nix index 02f945afa4a..0191b0640f0 100644 --- a/nixos/modules/services/network-filesystems/ceph.nix +++ b/nixos/modules/services/network-filesystems/ceph.nix @@ -9,7 +9,7 @@ let translateOption = replaceStrings upperChars (map (s: " ${s}") lowerChars); generateDaemonList = (daemonType: daemons: extraServiceConfig: mkMerge ( - map (daemon: + map (daemon: { "ceph-${daemonType}-${daemon}" = generateServiceFile daemonType daemon cfg.global.clusterName ceph extraServiceConfig; } ) daemons ) @@ -17,8 +17,8 @@ let generateServiceFile = (daemonType: daemonId: clusterName: ceph: extraServiceConfig: { enable = true; description = "Ceph ${builtins.replaceStrings lowerChars upperChars daemonType} daemon ${daemonId}"; - after = [ "network-online.target" "local-fs.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target"; - wants = [ "network-online.target" "local-fs.target" "time-sync.target" ]; + after = [ "network-online.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target"; + wants = [ "network-online.target" "time-sync.target" ]; partOf = [ "ceph-${daemonType}.target" ]; wantedBy = [ "ceph-${daemonType}.target" ]; @@ -41,7 +41,7 @@ let daemonPath="/var/lib/ceph/${if daemonType == "rgw" then "radosgw" else daemonType}/${clusterName}-${daemonId}" if [ ! -d ''$daemonPath ]; then mkdir -m 755 -p ''$daemonPath - chown -R ceph:ceph ''$daemonPath + chown -R ceph:ceph ''$daemonPath fi ''; } // optionalAttrs (daemonType == "osd") { path = [ pkgs.getopt ]; } @@ -55,7 +55,7 @@ let }; } ); -in +in { options.services.ceph = { # Ceph has a monolithic configuration file but different sections for @@ -86,7 +86,7 @@ in type = with types; nullOr commas; default = null; example = '' - node0, node1, node2 + node0, node1, node2 ''; description = '' List of hosts that will be used as monitors at startup. @@ -313,9 +313,9 @@ in } ]; - warnings = optional (cfg.global.monInitialMembers == null) + warnings = optional (cfg.global.monInitialMembers == null) ''Not setting up a list of members in monInitialMembers requires that you set the host variable for each mon daemon or else the cluster won't function''; - + environment.etc."ceph/ceph.conf".text = let # Translate camelCaseOptions to the expected camel case option for ceph.conf translatedGlobalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) cfg.global; @@ -344,13 +344,13 @@ in }; systemd.services = let - services = [] - ++ optional cfg.mon.enable (generateDaemonList "mon" cfg.mon.daemons { RestartSec = "10"; }) + services = [] + ++ optional cfg.mon.enable (generateDaemonList "mon" cfg.mon.daemons { RestartSec = "10"; }) ++ optional cfg.mds.enable (generateDaemonList "mds" cfg.mds.daemons { StartLimitBurst = "3"; }) ++ optional cfg.osd.enable (generateDaemonList "osd" cfg.osd.daemons { StartLimitBurst = "30"; RestartSec = "20s"; }) ++ optional cfg.rgw.enable (generateDaemonList "rgw" cfg.rgw.daemons { }) ++ optional cfg.mgr.enable (generateDaemonList "mgr" cfg.mgr.daemons { StartLimitBurst = "3"; }); - in + in mkMerge services; systemd.targets = let diff --git a/nixos/modules/services/network-filesystems/davfs2.nix b/nixos/modules/services/network-filesystems/davfs2.nix index c16e12378d7..100d458d536 100644 --- a/nixos/modules/services/network-filesystems/davfs2.nix +++ b/nixos/modules/services/network-filesystems/davfs2.nix @@ -21,7 +21,7 @@ in }; davUser = mkOption { - type = types.string; + type = types.str; default = "davfs2"; description = '' When invoked by root the mount.davfs daemon will run as this user. @@ -30,7 +30,7 @@ in }; davGroup = mkOption { - type = types.string; + type = types.str; default = "davfs2"; description = '' The group of the running mount.davfs daemon. Ordinary users must be diff --git a/nixos/modules/services/network-filesystems/drbd.nix b/nixos/modules/services/network-filesystems/drbd.nix index 57b1fbb597c..4ab74ed8e1c 100644 --- a/nixos/modules/services/network-filesystems/drbd.nix +++ b/nixos/modules/services/network-filesystems/drbd.nix @@ -23,7 +23,7 @@ let cfg = config.services.drbd; in services.drbd.config = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' Contents of the <filename>drbd.conf</filename> configuration file. ''; diff --git a/nixos/modules/services/network-filesystems/glusterfs.nix b/nixos/modules/services/network-filesystems/glusterfs.nix index 00875c6c4a1..d70092999f6 100644 --- a/nixos/modules/services/network-filesystems/glusterfs.nix +++ b/nixos/modules/services/network-filesystems/glusterfs.nix @@ -156,7 +156,7 @@ in wantedBy = [ "multi-user.target" ]; requires = lib.optional cfg.useRpcbind "rpcbind.service"; - after = [ "network.target" "local-fs.target" ] ++ lib.optional cfg.useRpcbind "rpcbind.service"; + after = [ "network.target" ] ++ lib.optional cfg.useRpcbind "rpcbind.service"; preStart = '' install -m 0755 -d /var/log/glusterfs diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix index bbbfcf6a473..b6d881afd7b 100644 --- a/nixos/modules/services/network-filesystems/ipfs.nix +++ b/nixos/modules/services/network-filesystems/ipfs.nix @@ -236,7 +236,6 @@ in { systemd.services.ipfs-init = recursiveUpdate commonEnv { description = "IPFS Initializer"; - after = [ "local-fs.target" ]; before = [ "ipfs.service" "ipfs-offline.service" "ipfs-norouting.service" ]; script = '' @@ -263,21 +262,21 @@ in { systemd.services.ipfs = recursiveUpdate baseService { description = "IPFS Daemon"; wantedBy = mkIf (cfg.defaultMode == "online") [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" "ipfs-init.service" ]; + after = [ "network.target" "ipfs-init.service" ]; conflicts = [ "ipfs-offline.service" "ipfs-norouting.service"]; }; systemd.services.ipfs-offline = recursiveUpdate baseService { description = "IPFS Daemon (offline mode)"; wantedBy = mkIf (cfg.defaultMode == "offline") [ "multi-user.target" ]; - after = [ "local-fs.target" "ipfs-init.service" ]; + after = [ "ipfs-init.service" ]; conflicts = [ "ipfs.service" "ipfs-norouting.service"]; }; systemd.services.ipfs-norouting = recursiveUpdate baseService { description = "IPFS Daemon (no routing mode)"; wantedBy = mkIf (cfg.defaultMode == "norouting") [ "multi-user.target" ]; - after = [ "local-fs.target" "ipfs-init.service" ]; + after = [ "ipfs-init.service" ]; conflicts = [ "ipfs.service" "ipfs-offline.service"]; }; diff --git a/nixos/modules/services/network-filesystems/rsyncd.nix b/nixos/modules/services/network-filesystems/rsyncd.nix index 054057d52ab..b17ec3aa930 100644 --- a/nixos/modules/services/network-filesystems/rsyncd.nix +++ b/nixos/modules/services/network-filesystems/rsyncd.nix @@ -35,7 +35,7 @@ in }; motd = mkOption { - type = types.string; + type = types.str; default = ""; description = '' Message of the day to display to clients on each connect. diff --git a/nixos/modules/services/network-filesystems/yandex-disk.nix b/nixos/modules/services/network-filesystems/yandex-disk.nix index e93f45b4986..0aa01ef9e6d 100644 --- a/nixos/modules/services/network-filesystems/yandex-disk.nix +++ b/nixos/modules/services/network-filesystems/yandex-disk.nix @@ -29,7 +29,7 @@ in username = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Your yandex.com login name. ''; @@ -37,7 +37,7 @@ in password = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Your yandex.com password. Warning: it will be world-readable in /nix/store. ''; @@ -57,7 +57,7 @@ in excludes = mkOption { default = ""; - type = types.string; + type = types.commas; example = "data,backup"; description = '' Comma-separated list of directories which are excluded from synchronization. diff --git a/nixos/modules/services/networking/aria2.nix b/nixos/modules/services/networking/aria2.nix index 53829bf1886..156fef14479 100644 --- a/nixos/modules/services/networking/aria2.nix +++ b/nixos/modules/services/networking/aria2.nix @@ -47,8 +47,8 @@ in ''; }; downloadDir = mkOption { - type = types.string; - default = "${downloadDir}"; + type = types.path; + default = downloadDir; description = '' Directory to store downloaded files. ''; @@ -66,7 +66,7 @@ in description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; }; rpcSecret = mkOption { - type = types.string; + type = types.str; default = "aria2rpc"; description = '' Set RPC secret authorization token. @@ -74,7 +74,7 @@ in ''; }; extraArguments = mkOption { - type = types.string; + type = types.separatedString " "; example = "--rpc-listen-all --remote-time=true"; default = ""; description = '' @@ -109,7 +109,7 @@ in systemd.services.aria2 = { description = "aria2 Service"; - after = [ "local-fs.target" "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' if [[ ! -e "${sessionFile}" ]] diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index a098a155e99..a8d9a027e9f 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -20,12 +20,12 @@ in type = types.listOf (types.submodule { options = { name = mkOption { - type = types.string; + type = types.str; example = "socks-peer"; description = "Name of the local AutoSSH session"; }; user = mkOption { - type = types.string; + type = types.str; example = "bill"; description = "Name of the user the AutoSSH session should run as"; }; @@ -40,7 +40,7 @@ in ''; }; extraArguments = mkOption { - type = types.string; + type = types.separatedString " "; example = "-N -D4343 bill@socks.example.net"; description = '' Arguments to be passed to AutoSSH and retransmitted to SSH diff --git a/nixos/modules/services/networking/charybdis.nix b/nixos/modules/services/networking/charybdis.nix index e3aba063f87..da26246e703 100644 --- a/nixos/modules/services/networking/charybdis.nix +++ b/nixos/modules/services/networking/charybdis.nix @@ -21,14 +21,14 @@ in enable = mkEnableOption "Charybdis IRC daemon"; config = mkOption { - type = types.string; + type = types.str; description = '' Charybdis IRC daemon configuration file. ''; }; statedir = mkOption { - type = types.string; + type = types.path; default = "/var/lib/charybdis"; description = '' Location of the state directory of charybdis. @@ -36,7 +36,7 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "ircd"; description = '' Charybdis IRC daemon user. @@ -44,7 +44,7 @@ in }; group = mkOption { - type = types.string; + type = types.str; default = "ircd"; description = '' Charybdis IRC daemon group. @@ -101,7 +101,7 @@ in }; } - + (mkIf (cfg.motd != null) { environment.etc."charybdis/ircd.motd".text = cfg.motd; }) diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index 700a7e6d022..31127f79049 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -45,7 +45,7 @@ in { }; networkInterfaceBlacklist = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]; description = '' Default blacklisted interfaces, this includes NixOS containers interfaces (ve). @@ -53,7 +53,7 @@ in { }; extraFlags = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ ]; example = [ "--nodnsproxy" ]; description = '' diff --git a/nixos/modules/services/networking/gogoclient.nix b/nixos/modules/services/networking/gogoclient.nix index 9d16f0efb43..c9b03bca711 100644 --- a/nixos/modules/services/networking/gogoclient.nix +++ b/nixos/modules/services/networking/gogoclient.nix @@ -34,7 +34,7 @@ in password = mkOption { default = ""; - type = types.string; + type = types.str; description = '' Path to a file (as a string), containing your gogoNET password, if any. ''; diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix index 54a5bed2563..2915b54f05b 100644 --- a/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix @@ -81,7 +81,7 @@ in driver = mkOption { default = "nl80211"; example = "hostapd"; - type = types.string; + type = types.str; description = '' Which driver <command>hostapd</command> will use. Most applications will probably use the default. @@ -91,7 +91,7 @@ in ssid = mkOption { default = "nixos"; example = "mySpecialSSID"; - type = types.string; + type = types.str; description = "SSID to be used in IEEE 802.11 management frames."; }; @@ -119,7 +119,7 @@ in group = mkOption { default = "wheel"; example = "network"; - type = types.string; + type = types.str; description = '' Members of this group can control <command>hostapd</command>. ''; @@ -135,7 +135,7 @@ in wpaPassphrase = mkOption { default = "my_sekret"; example = "any_64_char_string"; - type = types.string; + type = types.str; description = '' WPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. diff --git a/nixos/modules/services/networking/jormungandr.nix b/nixos/modules/services/networking/jormungandr.nix index 0c66b85fe8a..68f1e9af9ff 100644 --- a/nixos/modules/services/networking/jormungandr.nix +++ b/nixos/modules/services/networking/jormungandr.nix @@ -54,7 +54,7 @@ in { }; genesisBlockHash = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "d70495af81ae8600aca3e642b2427327cb6001ec4d7a0037e96a00dabed163f9"; description = '' diff --git a/nixos/modules/services/networking/kippo.nix b/nixos/modules/services/networking/kippo.nix index a04f77c9a52..bdea6a1d1ca 100644 --- a/nixos/modules/services/networking/kippo.nix +++ b/nixos/modules/services/networking/kippo.nix @@ -26,22 +26,22 @@ in }; hostname = mkOption { default = "nas3"; - type = types.string; + type = types.str; description = ''Hostname for kippo to present to SSH login''; }; varPath = mkOption { default = "/var/lib/kippo"; - type = types.string; + type = types.path; description = ''Path of read/write files needed for operation and configuration.''; }; logPath = mkOption { default = "/var/log/kippo"; - type = types.string; + type = types.path; description = ''Path of log files needed for operation and configuration.''; }; pidPath = mkOption { default = "/run/kippo"; - type = types.string; + type = types.path; description = ''Path of pid files needed for operation.''; }; extraConfig = mkOption { @@ -109,8 +109,8 @@ in serviceConfig.ExecStart = "${pkgs.kippo.twisted}/bin/twistd -y ${pkgs.kippo}/src/kippo.tac --syslog --rundir=${cfg.varPath}/ --pidfile=${cfg.pidPath}/kippo.pid --prefix=kippo -n"; serviceConfig.PermissionsStartOnly = true; - serviceConfig.User = "kippo"; - serviceConfig.Group = "kippo"; + serviceConfig.User = "kippo"; + serviceConfig.Group = "kippo"; }; }; } diff --git a/nixos/modules/services/networking/logmein-hamachi.nix b/nixos/modules/services/networking/logmein-hamachi.nix index 406626a8a34..11cbdda2f84 100644 --- a/nixos/modules/services/networking/logmein-hamachi.nix +++ b/nixos/modules/services/networking/logmein-hamachi.nix @@ -35,7 +35,7 @@ in description = "LogMeIn Hamachi Daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; serviceConfig = { Type = "forking"; diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix index ed0c1044a57..0947471adbc 100644 --- a/nixos/modules/services/networking/minidlna.nix +++ b/nixos/modules/services/networking/minidlna.nix @@ -96,7 +96,7 @@ in { description = "MiniDLNA Server"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; serviceConfig = { User = "minidlna"; diff --git a/nixos/modules/services/networking/morty.nix b/nixos/modules/services/networking/morty.nix index cc81e27e939..1b3084fe9ab 100644 --- a/nixos/modules/services/networking/morty.nix +++ b/nixos/modules/services/networking/morty.nix @@ -27,7 +27,7 @@ in }; key = mkOption { - type = types.string; + type = types.str; default = ""; description = "HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can @@ -56,7 +56,7 @@ in }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = "The address on which the service listens"; defaultText = "127.0.0.1 (localhost)"; diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 1d49c137723..d2feb93e2b7 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -49,7 +49,7 @@ in host = mkOption { default = "127.0.0.1"; example = "0.0.0.0"; - type = types.string; + type = types.str; description = '' Host to listen on without SSL. ''; @@ -88,7 +88,7 @@ in host = mkOption { default = "0.0.0.0"; example = "localhost"; - type = types.string; + type = types.str; description = '' Host to listen on with SSL. ''; @@ -135,7 +135,7 @@ in }; acl = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; example = [ "topic read A/B" "topic A/#" ]; description = '' Control client access to topics on the broker. diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 649c926ae97..2061c02fffb 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -156,7 +156,7 @@ in { }; unmanaged = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = '' List of interfaces that will not be managed by NetworkManager. diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index ca458d089dc..347d87b3f38 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -19,7 +19,7 @@ in }; bindAddress = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = '' IP address where nix-serve will bind its listening socket. @@ -44,7 +44,7 @@ in }; extraParams = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = '' Extra command line parameters for nix-serve. diff --git a/nixos/modules/services/networking/nylon.nix b/nixos/modules/services/networking/nylon.nix index b061ce34ed2..7c171281a92 100644 --- a/nixos/modules/services/networking/nylon.nix +++ b/nixos/modules/services/networking/nylon.nix @@ -65,7 +65,7 @@ let }; acceptInterface = mkOption { - type = types.string; + type = types.str; default = "lo"; description = '' Tell nylon which interface to listen for client requests on, default is "lo". @@ -73,7 +73,7 @@ let }; bindInterface = mkOption { - type = types.string; + type = types.str; default = "enp3s0f0"; description = '' Tell nylon which interface to use as an uplink, default is "enp3s0f0". @@ -89,7 +89,7 @@ let }; allowedIPRanges = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]; description = '' Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: @@ -98,7 +98,7 @@ let }; deniedIPRanges = mkOption { - type = with types; listOf string; + type = with types; listOf str; default = [ "0.0.0.0/0" ]; description = '' Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: diff --git a/nixos/modules/services/networking/openntpd.nix b/nixos/modules/services/networking/openntpd.nix index 57638ebc9c0..f3920aa8064 100644 --- a/nixos/modules/services/networking/openntpd.nix +++ b/nixos/modules/services/networking/openntpd.nix @@ -40,7 +40,7 @@ in }; extraOptions = mkOption { - type = with types; string; + type = with types; separatedString " "; default = ""; example = "-s"; description = '' diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix index f47122ee70b..05be97e66a3 100644 --- a/nixos/modules/services/networking/openvpn.nix +++ b/nixos/modules/services/networking/openvpn.nix @@ -182,12 +182,12 @@ in options = { username = mkOption { description = "The username to store inside the credentials file."; - type = types.string; + type = types.str; }; password = mkOption { description = "The password to store inside the credentials file."; - type = types.string; + type = types.str; }; }; }); diff --git a/nixos/modules/services/networking/ostinato.nix b/nixos/modules/services/networking/ostinato.nix index 13f784dc53c..5e8cce5b89a 100644 --- a/nixos/modules/services/networking/ostinato.nix +++ b/nixos/modules/services/networking/ostinato.nix @@ -50,7 +50,7 @@ in rpcServer = { address = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = '' By default, the Drone RPC server will listen on all interfaces and @@ -63,7 +63,7 @@ in portList = { include = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = ''[ "eth*" "lo*" ]''; description = '' diff --git a/nixos/modules/services/networking/polipo.nix b/nixos/modules/services/networking/polipo.nix index 529115a1c6e..dbe3b738097 100644 --- a/nixos/modules/services/networking/polipo.nix +++ b/nixos/modules/services/networking/polipo.nix @@ -30,7 +30,7 @@ in }; proxyAddress = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1"; description = "IP address on which Polipo will listen."; }; @@ -51,7 +51,7 @@ in }; parentProxy = mkOption { - type = types.string; + type = types.str; default = ""; example = "localhost:8124"; description = '' @@ -61,7 +61,7 @@ in }; socksParentProxy = mkOption { - type = types.string; + type = types.str; default = ""; example = "localhost:9050"; description = '' @@ -74,7 +74,7 @@ in type = types.lines; default = ""; description = '' - Polio configuration. Contents will be added + Polio configuration. Contents will be added verbatim to the configuration file. ''; }; @@ -111,4 +111,4 @@ in }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/networking/pptpd.nix b/nixos/modules/services/networking/pptpd.nix index d8b9e8f8341..3e7753b9dd3 100644 --- a/nixos/modules/services/networking/pptpd.nix +++ b/nixos/modules/services/networking/pptpd.nix @@ -8,13 +8,13 @@ with lib; enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon"; serverIp = mkOption { - type = types.string; + type = types.str; description = "The server-side IP address."; default = "10.124.124.1"; }; clientIpRange = mkOption { - type = types.string; + type = types.str; description = "The range from which client IPs are drawn."; default = "10.124.124.2-11"; }; diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 40bd9015b1e..1ae063aa6bb 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -297,7 +297,7 @@ in }; dataDir = mkOption { - type = types.string; + type = types.path; description = "Directory where Prosody stores its data"; default = "/var/lib/prosody"; }; diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index d6fabbcd470..1daced4a6c7 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -41,7 +41,7 @@ in }; services.radicale.config = mkOption { - type = types.string; + type = types.str; default = ""; description = '' Radicale configuration, this will set the service @@ -50,7 +50,7 @@ in }; services.radicale.extraArgs = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = "Extra arguments passed to the Radicale daemon."; }; diff --git a/nixos/modules/services/networking/resilio.nix b/nixos/modules/services/networking/resilio.nix index ee7f82ac7be..9b25aa57583 100644 --- a/nixos/modules/services/networking/resilio.nix +++ b/nixos/modules/services/networking/resilio.nix @@ -249,7 +249,7 @@ in systemd.services.resilio = with pkgs; { description = "Resilio Sync Service"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "local-fs.target" ]; + after = [ "network.target" ]; serviceConfig = { Restart = "on-abort"; UMask = "0002"; diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index f511a9af256..e548ec66962 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -35,7 +35,7 @@ in { }; listenAddress = mkOption { - type = types.string; + type = types.str; default = "0.0.0.0"; description = "IP interface to listen on for http connections."; }; diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index c3720375a19..d4d0594a9cd 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -55,7 +55,7 @@ in description = "Enable the smokeping service"; }; alertConfig = mkOption { - type = types.string; + type = types.lines; default = '' to = root@localhost from = smokeping@localhost @@ -73,19 +73,20 @@ in description = "Configuration for alerts."; }; cgiUrl = mkOption { - type = types.string; - default = "http://${cfg.hostName}:${builtins.toString cfg.port}/smokeping.cgi"; + type = types.str; + default = "http://${cfg.hostName}:${toString cfg.port}/smokeping.cgi"; + defaultText = "http://\${hostName}:\${toString port}/smokeping.cgi"; example = "https://somewhere.example.com/smokeping.cgi"; description = "URL to the smokeping cgi."; }; config = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.lines; default = null; description = "Full smokeping config supplied by the user. Overrides " + "and replaces any other configuration supplied."; }; databaseConfig = mkOption { - type = types.string; + type = types.lines; default = '' step = 300 pings = 20 @@ -122,14 +123,15 @@ in description = "Any additional customization not already included."; }; hostName = mkOption { - type = types.string; + type = types.str; default = config.networking.hostName; example = "somewhere.example.com"; description = "DNS name for the urls generated in the cgi."; }; imgUrl = mkOption { - type = types.string; - default = "http://${cfg.hostName}:${builtins.toString cfg.port}/cache"; + type = types.str; + default = "http://${cfg.hostName}:${toString cfg.port}/cache"; + defaultText = "http://\${hostName}:\${toString port}/cache"; example = "https://somewhere.example.com/cache"; description = "Base url for images generated in the cgi."; }; @@ -140,19 +142,19 @@ in description = "DNS name for the urls generated in the cgi."; }; mailHost = mkOption { - type = types.string; + type = types.str; default = ""; example = "localhost"; description = "Use this SMTP server to send alerts"; }; owner = mkOption { - type = types.string; + type = types.str; default = "nobody"; example = "Joe Admin"; description = "Real name of the owner of the instance"; }; ownerEmail = mkOption { - type = types.string; + type = types.str; default = "no-reply@${cfg.hostName}"; example = "no-reply@yourdomain.com"; description = "Email contact for owner"; @@ -170,7 +172,7 @@ in description = "TCP port to use for the web server."; }; presentationConfig = mkOption { - type = types.string; + type = types.lines; default = '' + charts menu = Charts @@ -211,12 +213,12 @@ in description = "presentation graph style"; }; presentationTemplate = mkOption { - type = types.string; + type = types.str; default = "${pkgs.smokeping}/etc/basepage.html.dist"; description = "Default page layout for the web UI."; }; probeConfig = mkOption { - type = types.string; + type = types.lines; default = '' + FPing binary = ${config.security.wrapperDir}/fping @@ -230,12 +232,12 @@ in description = "Use this sendmail compatible script to deliver alerts"; }; smokeMailTemplate = mkOption { - type = types.string; + type = types.str; default = "${cfg.package}/etc/smokemail.dist"; description = "Specify the smokemail template for alerts."; }; targetConfig = mkOption { - type = types.string; + type = types.lines; default = '' probe = FPing menu = Top @@ -253,7 +255,7 @@ in description = "Target configuration"; }; user = mkOption { - type = types.string; + type = types.str; default = "smokeping"; description = "User that runs smokeping and (optionally) thttpd"; }; diff --git a/nixos/modules/services/networking/softether.nix b/nixos/modules/services/networking/softether.nix index 2aa3ad4be03..2dc73d81b25 100644 --- a/nixos/modules/services/networking/softether.nix +++ b/nixos/modules/services/networking/softether.nix @@ -50,7 +50,7 @@ in }; dataDir = mkOption { - type = types.string; + type = types.path; default = "/var/lib/softether"; description = '' Data directory for SoftEther VPN. diff --git a/nixos/modules/services/networking/stunnel.nix b/nixos/modules/services/networking/stunnel.nix index 89a14966eca..cbc899f2b4d 100644 --- a/nixos/modules/services/networking/stunnel.nix +++ b/nixos/modules/services/networking/stunnel.nix @@ -35,12 +35,12 @@ let clientConfig = { options = { accept = mkOption { - type = types.string; + type = types.str; description = "IP:Port on which connections should be accepted."; }; connect = mkOption { - type = types.string; + type = types.str; description = "IP:Port destination to connect to."; }; @@ -63,7 +63,7 @@ let }; verifyHostname = mkOption { - type = with types; nullOr string; + type = with types; nullOr str; default = null; description = "If set, stunnel checks if the provided certificate is valid for the given hostname."; }; @@ -88,13 +88,13 @@ in }; user = mkOption { - type = with types; nullOr string; + type = with types; nullOr str; default = "nobody"; description = "The user under which stunnel runs."; }; group = mkOption { - type = with types; nullOr string; + type = with types; nullOr str; default = "nogroup"; description = "The group under which stunnel runs."; }; diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix index 7830dfb1834..7daacba185f 100644 --- a/nixos/modules/services/networking/toxvpn.nix +++ b/nixos/modules/services/networking/toxvpn.nix @@ -8,7 +8,7 @@ with lib; enable = mkEnableOption "toxvpn running on startup"; localip = mkOption { - type = types.string; + type = types.str; default = "10.123.123.1"; description = "your ip on the vpn"; }; @@ -20,7 +20,7 @@ with lib; }; auto_add_peers = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = ''[ "toxid1" "toxid2" ]''; description = "peers to automacally connect to on startup"; diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix index 31e1e65fa9c..67be60da567 100644 --- a/nixos/modules/services/networking/vsftpd.nix +++ b/nixos/modules/services/networking/vsftpd.nix @@ -164,7 +164,7 @@ in }; anonymousUmask = mkOption { - type = types.string; + type = types.str; default = "077"; example = "002"; description = "Anonymous write umask."; diff --git a/nixos/modules/services/networking/xinetd.nix b/nixos/modules/services/networking/xinetd.nix index 2d7cd5cebb4..8dc6f845ed8 100644 --- a/nixos/modules/services/networking/xinetd.nix +++ b/nixos/modules/services/networking/xinetd.nix @@ -53,7 +53,7 @@ in services.xinetd.extraDefaults = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' Additional configuration lines added to the default section of xinetd's configuration. ''; @@ -70,13 +70,13 @@ in options = { name = mkOption { - type = types.string; + type = types.str; example = "login"; description = "Name of the service."; }; protocol = mkOption { - type = types.string; + type = types.str; default = "tcp"; description = "Protocol of the service. Usually <literal>tcp</literal> or <literal>udp</literal>."; @@ -90,25 +90,25 @@ in }; user = mkOption { - type = types.string; + type = types.str; default = "nobody"; description = "User account for the service"; }; server = mkOption { - type = types.string; + type = types.str; example = "/foo/bin/ftpd"; description = "Path of the program that implements the service."; }; serverArgs = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = "Command-line arguments for the server program."; }; flags = mkOption { - type = types.string; + type = types.str; default = ""; description = ""; }; diff --git a/nixos/modules/services/networking/xl2tpd.nix b/nixos/modules/services/networking/xl2tpd.nix index d0a3ed7bb5e..7dbe51422d9 100644 --- a/nixos/modules/services/networking/xl2tpd.nix +++ b/nixos/modules/services/networking/xl2tpd.nix @@ -8,13 +8,13 @@ with lib; enable = mkEnableOption "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"; serverIp = mkOption { - type = types.string; + type = types.str; description = "The server-side IP address."; default = "10.125.125.1"; }; clientIpRange = mkOption { - type = types.string; + type = types.str; description = "The range from which client IPs are drawn."; default = "10.125.125.2-11"; }; diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix index f77b3bcd592..e43ca014e14 100644 --- a/nixos/modules/services/scheduling/fcron.nix +++ b/nixos/modules/services/scheduling/fcron.nix @@ -143,7 +143,6 @@ in }; systemd.services.fcron = { description = "fcron daemon"; - after = [ "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.fcron ]; diff --git a/nixos/modules/services/security/haka.nix b/nixos/modules/services/security/haka.nix index b64a1b4d03e..618e689924f 100644 --- a/nixos/modules/services/security/haka.nix +++ b/nixos/modules/services/security/haka.nix @@ -69,7 +69,7 @@ in configFile = mkOption { default = "empty.lua"; example = "/srv/haka/myfilter.lua"; - type = types.string; + type = types.str; description = '' Specify which configuration file Haka uses. It can be absolute path or a path relative to the sample directory of @@ -80,7 +80,7 @@ in interfaces = mkOption { default = [ "eth0" ]; example = [ "any" ]; - type = with types; listOf string; + type = with types; listOf str; description = '' Specify which interface(s) Haka listens to. Use 'any' to listen to all interfaces. diff --git a/nixos/modules/services/security/munge.nix b/nixos/modules/services/security/munge.nix index 1c4f8e20552..89178886471 100644 --- a/nixos/modules/services/security/munge.nix +++ b/nixos/modules/services/security/munge.nix @@ -19,7 +19,7 @@ in password = mkOption { default = "/etc/munge/munge.key"; - type = types.string; + type = types.path; description = '' The path to a daemon's secret key. ''; diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index 61f203ef9e7..bb03f7fc9e4 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -284,7 +284,7 @@ in #################################################### # UPSTREAM Configuration upstream = mkOption { - type = with types; coercedTo string (x: [x]) (listOf string); + type = with types; coercedTo str (x: [x]) (listOf str); default = []; description = '' The http url(s) of the upstream endpoint or <literal>file://</literal> @@ -523,7 +523,7 @@ in }; keyFile = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.path; default = null; description = '' oauth2_proxy allows passing sensitive configuration via environment variables. diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2_proxy_nginx.nix index a9ad5497a65..be6734f439f 100644 --- a/nixos/modules/services/security/oauth2_proxy_nginx.nix +++ b/nixos/modules/services/security/oauth2_proxy_nginx.nix @@ -6,14 +6,14 @@ in { options.services.oauth2_proxy.nginx = { proxy = mkOption { - type = types.string; + type = types.str; default = config.services.oauth2_proxy.httpAddress; description = '' The address of the reverse proxy endpoint for oauth2_proxy ''; }; virtualHosts = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; description = '' A list of nginx virtual hosts to put behind the oauth2 proxy diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index abdc0cd78b4..ed862387cce 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -722,7 +722,6 @@ in systemd.services.tor-init = { description = "Tor Daemon Init"; wantedBy = [ "tor.service" ]; - after = [ "local-fs.target" ]; script = '' install -m 0700 -o tor -g tor -d ${torDirectory} ${torDirectory}/onion install -m 0750 -o tor -g tor -d ${torRunDirectory} diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 20d5e3b28eb..4ced5acd9bd 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -195,7 +195,7 @@ in { description = "USBGuard daemon"; wantedBy = [ "basic.target" ]; - wants = [ "systemd-udevd.service" "local-fs.target" ]; + wants = [ "systemd-udevd.service" ]; # make sure an empty rule file and required directories exist preStart = '' diff --git a/nixos/modules/services/system/cgmanager.nix b/nixos/modules/services/system/cgmanager.nix index 59d3deced86..d3d57aa7692 100644 --- a/nixos/modules/services/system/cgmanager.nix +++ b/nixos/modules/services/system/cgmanager.nix @@ -14,7 +14,6 @@ in { config = mkIf cfg.enable { systemd.services.cgmanager = { wantedBy = [ "multi-user.target" ]; - after = [ "local-fs.target" ]; description = "Cgroup management daemon"; restartIfChanged = false; serviceConfig = { diff --git a/nixos/modules/services/system/cloud-init.nix b/nixos/modules/services/system/cloud-init.nix index 3ad555f78ef..15fe822aec6 100644 --- a/nixos/modules/services/system/cloud-init.nix +++ b/nixos/modules/services/system/cloud-init.nix @@ -112,8 +112,6 @@ in systemd.services.cloud-init-local = { description = "Initial cloud-init job (pre-networking)"; wantedBy = [ "multi-user.target" ]; - wants = [ "local-fs.target" ]; - after = [ "local-fs.target" ]; path = path; serviceConfig = { Type = "oneshot"; @@ -127,9 +125,9 @@ in systemd.services.cloud-init = { description = "Initial cloud-init job (metadata service crawler)"; wantedBy = [ "multi-user.target" ]; - wants = [ "local-fs.target" "network-online.target" "cloud-init-local.service" + wants = [ "network-online.target" "cloud-init-local.service" "sshd.service" "sshd-keygen.service" ]; - after = [ "local-fs.target" "network-online.target" "cloud-init-local.service" ]; + after = [ "network-online.target" "cloud-init-local.service" ]; before = [ "sshd.service" "sshd-keygen.service" ]; requires = [ "network.target "]; path = path; diff --git a/nixos/modules/services/torrent/deluge.nix b/nixos/modules/services/torrent/deluge.nix index 18fdacaf97b..e1c5e052a12 100644 --- a/nixos/modules/services/torrent/deluge.nix +++ b/nixos/modules/services/torrent/deluge.nix @@ -173,8 +173,11 @@ in { # Provide a default set of `extraPackages`. services.deluge.extraPackages = with pkgs; [ unzip gnutar xz p7zip bzip2 ]; - systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ] - ++ optional (cfg.config ? download_location) + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group}" + "d '${cfg.dataDir}/.config' 0770 ${cfg.user} ${cfg.group}" + "d '${cfg.dataDir}/.config/deluge' 0770 ${cfg.user} ${cfg.group}" + ] "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}" ++ optional (cfg.config ? torrentfiles_location) "d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}" @@ -237,7 +240,6 @@ in { group = cfg.group; uid = config.ids.uids.deluge; home = cfg.dataDir; - createHome = true; description = "Deluge Daemon user"; }; }; diff --git a/nixos/modules/services/torrent/flexget.nix b/nixos/modules/services/torrent/flexget.nix index ca63f529a5d..6ac85f8fa17 100644 --- a/nixos/modules/services/torrent/flexget.nix +++ b/nixos/modules/services/torrent/flexget.nix @@ -19,7 +19,7 @@ in { user = mkOption { default = "deluge"; example = "some_user"; - type = types.string; + type = types.str; description = "The user under which to run flexget."; }; @@ -33,7 +33,7 @@ in { interval = mkOption { default = "10m"; example = "1h"; - type = types.string; + type = types.str; description = "When to perform a <command>flexget</command> run. See <command>man 7 systemd.time</command> for the format."; }; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index a94a471361e..7409eb8cdcb 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -102,7 +102,7 @@ in config = mkIf cfg.enable { systemd.services.transmission = { description = "Transmission BitTorrent Service"; - after = [ "local-fs.target" "network.target" ] ++ optional apparmor "apparmor.service"; + after = [ "network.target" ] ++ optional apparmor "apparmor.service"; requires = mkIf apparmor [ "apparmor.service" ]; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/web-apps/youtrack.nix b/nixos/modules/services/web-apps/youtrack.nix index 691cbdc8d1d..830edac20ba 100644 --- a/nixos/modules/services/web-apps/youtrack.nix +++ b/nixos/modules/services/web-apps/youtrack.nix @@ -28,28 +28,28 @@ in The interface youtrack will listen on. ''; default = "127.0.0.1"; - type = types.string; + type = types.str; }; baseUrl = mkOption { description = '' Base URL for youtrack. Will be auto-detected and stored in database. ''; - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; }; extraParams = mkOption { default = {}; description = '' - Extra parameters to pass to youtrack. See + Extra parameters to pass to youtrack. See https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html for more information. ''; example = { "jetbrains.youtrack.overrideRootPassword" = "tortuga"; }; - type = types.attrsOf types.string; + type = types.attrsOf types.str; }; package = mkOption { @@ -73,7 +73,7 @@ in description = '' Where to keep the youtrack database. ''; - type = types.string; + type = types.path; default = "/var/lib/youtrack"; }; @@ -83,7 +83,7 @@ in If null, do not setup anything. ''; default = null; - type = types.nullOr types.string; + type = types.nullOr types.str; }; jvmOpts = mkOption { @@ -92,7 +92,7 @@ in See https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html for more information. ''; - type = types.string; + type = types.separatedString " "; example = "-XX:MetaspaceSize=250m"; default = ""; }; @@ -101,7 +101,7 @@ in description = '' Maximum Java heap size ''; - type = types.string; + type = types.str; default = "1g"; }; @@ -109,7 +109,7 @@ in description = '' Maximum java Metaspace memory. ''; - type = types.string; + type = types.str; default = "350m"; }; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix index 536e707137c..9d747549c27 100644 --- a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -33,7 +33,7 @@ with lib; description = "port to listen on"; }; ip = mkOption { - type = types.string; + type = types.str; default = "*"; description = "Ip to listen on. 0.0.0.0 for ipv4 only, * for all."; }; diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 6a1db608784..132c50735d9 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -27,13 +27,13 @@ in { ca = mkOption { default = "https://acme-v02.api.letsencrypt.org/directory"; example = "https://acme-staging-v02.api.letsencrypt.org/directory"; - type = types.string; + type = types.str; description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people."; }; email = mkOption { default = ""; - type = types.string; + type = types.str; description = "Email address (for Let's Encrypt certificate)"; }; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 5c65a2388d6..b94b338fd4a 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -473,7 +473,7 @@ in }; clientMaxBodySize = mkOption { - type = types.string; + type = types.str; default = "10m"; description = "Set nginx global client_max_body_size."; }; diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 5bac895d43a..8de7df0d446 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -67,7 +67,7 @@ in { group = mkOption { default = "traefik"; - type = types.string; + type = types.str; example = "docker"; description = '' Set the group that traefik runs under. diff --git a/nixos/modules/services/web-servers/uwsgi.nix b/nixos/modules/services/web-servers/uwsgi.nix index 3f858d90fa4..af70f32f32d 100644 --- a/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixos/modules/services/web-servers/uwsgi.nix @@ -72,7 +72,7 @@ in { }; runDir = mkOption { - type = types.string; + type = types.path; default = "/run/uwsgi"; description = "Where uWSGI communication sockets can live"; }; diff --git a/nixos/modules/services/web-servers/zope2.nix b/nixos/modules/services/web-servers/zope2.nix index 4cad2a2ff77..3abd506827c 100644 --- a/nixos/modules/services/web-servers/zope2.nix +++ b/nixos/modules/services/web-servers/zope2.nix @@ -11,7 +11,7 @@ let name = mkOption { default = "${name}"; - type = types.string; + type = types.str; description = "The name of the zope2 instance. If undefined, the name of the attribute set will be used."; }; @@ -23,19 +23,19 @@ let http_address = mkOption { default = "localhost:8080"; - type = types.string; + type = types.str; description = "Give a port and address for the HTTP server."; }; user = mkOption { default = "zope2"; - type = types.string; + type = types.str; description = "The name of the effective user for the Zope process."; }; clientHome = mkOption { default = "/var/lib/zope2/${name}"; - type = types.string; + type = types.path; description = "Home directory of zope2 instance."; }; extra = mkOption { @@ -52,7 +52,7 @@ let </blobstorage> </zodb_db> ''; - type = types.string; + type = types.lines; description = "Extra zope.conf"; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 0caa93ad217..6f344f4121b 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -37,7 +37,7 @@ let picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png' [org.gnome.shell] - favorite-apps=[ 'org.gnome.Epiphany.desktop', 'evolution.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ] + favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ] ${cfg.extraGSettingsOverrides} EOF @@ -238,6 +238,8 @@ in services.dbus.packages = optional config.services.printing.enable pkgs.system-config-printer; + services.avahi.enable = mkDefault true; + services.geoclue2.enable = mkDefault true; services.geoclue2.enableDemoAgent = false; # GNOME has its own geoclue agent @@ -261,16 +263,19 @@ in source-sans-pro ]; + # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-32/elements/core/meta-gnome-core-shell.bst environment.systemPackages = with pkgs.gnome3; [ adwaita-icon-theme gnome-backgrounds gnome-bluetooth + gnome-color-manager gnome-control-center gnome-getting-started-docs gnome-shell gnome-shell-extensions gnome-themes-extra gnome-user-docs + pkgs.orca pkgs.glib # for gsettings pkgs.gnome-menus pkgs.gtk3.out # for gtk-launch @@ -281,23 +286,43 @@ in ]; }) + # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-32/elements/core/meta-gnome-core-utilities.bst (mkIf serviceCfg.core-utilities.enable { environment.systemPackages = (with pkgs.gnome3; removePackagesByName [ - baobab eog epiphany evince gucharmap nautilus totem yelp gnome-calculator - gnome-contacts gnome-font-viewer gnome-screenshot gnome-system-monitor simple-scan - gnome-terminal evolution file-roller gedit gnome-clocks gnome-music gnome-tweaks - pkgs.gnome-photos nautilus-sendto dconf-editor vinagre gnome-weather gnome-logs - gnome-maps gnome-characters gnome-calendar accerciser gnome-nettool gnome-packagekit - gnome-software gnome-power-manager gnome-todo pkgs.gnome-usage + baobab + cheese + eog + epiphany + geary + gedit + gnome-calculator + gnome-calendar + gnome-characters + gnome-clocks + gnome-contacts + gnome-font-viewer + gnome-logs + gnome-maps + gnome-music + gnome-photos + gnome-screenshot + gnome-software + gnome-system-monitor + gnome-weather + nautilus + simple-scan + totem + yelp + # Unsure if sensible for NixOS + /* gnome-boxes */ ] config.environment.gnome3.excludePackages); # Enable default programs programs.evince.enable = mkDefault true; programs.file-roller.enable = mkDefault true; programs.gnome-disks.enable = mkDefault true; - programs.gnome-documents.enable = mkDefault true; programs.gnome-terminal.enable = mkDefault true; - services.gnome3.seahorse.enable = mkDefault true; + programs.seahorse.enable = mkDefault true; services.gnome3.sushi.enable = mkDefault true; # Let nautilus find extensions diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index ae23015d200..5b82cb1f026 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -145,6 +145,9 @@ in programs.dconf.enable = true; programs.evince.enable = mkDefault true; programs.file-roller.enable = mkDefault true; + # Otherwise you can't store NetworkManager Secrets with + # "Store the password only for this user" + programs.nm-applet.enable = true; # Shell integration for VTE terminals programs.bash.vteIntegration = mkDefault true; @@ -191,6 +194,7 @@ in gtk3.out hicolor-icon-theme lightlocker + onboard plank qgnomeplatform shared-mime-info diff --git a/nixos/modules/services/x11/desktop-managers/surf-display.nix b/nixos/modules/services/x11/desktop-managers/surf-display.nix index 232bbf5c55d..140dde828da 100644 --- a/nixos/modules/services/x11/desktop-managers/surf-display.nix +++ b/nixos/modules/services/x11/desktop-managers/surf-display.nix @@ -48,7 +48,7 @@ in { enable = mkEnableOption "surf-display as a kiosk browser session"; defaultWwwUri = mkOption { - type = types.string; + type = types.str; default = "${pkgs.surf-display}/share/surf-display/empty-page.html"; example = "https://www.example.com/"; description = "Default URI to display."; @@ -69,7 +69,7 @@ in { }; screensaverSettings = mkOption { - type = types.string; + type = types.separatedString " "; default = ""; description = '' Screensaver settings, see <literal>man 1 xset</literal> for possible options. @@ -77,7 +77,7 @@ in { }; pointerButtonMap = mkOption { - type = types.string; + type = types.str; default = "1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"; description = '' Disable right and middle pointer device click in browser sessions @@ -87,14 +87,14 @@ in { }; hideIdlePointer = mkOption { - type = types.string; + type = types.str; default = "yes"; example = "no"; description = "Hide idle mouse pointer."; }; extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; example = '' # Enforce fixed resolution for all displays (default: not set): diff --git a/nixos/modules/services/x11/desktop-managers/xterm.nix b/nixos/modules/services/x11/desktop-managers/xterm.nix index ea441fbbe71..93987bd1dfc 100644 --- a/nixos/modules/services/x11/desktop-managers/xterm.nix +++ b/nixos/modules/services/x11/desktop-managers/xterm.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.services.xserver.desktopManager.xterm; - xserverEnabled = config.services.xserver.enable; in @@ -14,7 +13,7 @@ in services.xserver.desktopManager.xterm.enable = mkOption { type = types.bool; - default = xserverEnabled; + default = false; defaultText = "config.services.xserver.enable"; description = "Enable a xterm terminal as a desktop manager."; }; diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 5d3d1b485cf..956c95e4822 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -114,7 +114,7 @@ in }; name = mkOption { - type = types.string; + type = types.str; description = '' The name of a .desktop file in the directory specified in the 'package' option. diff --git a/nixos/modules/services/x11/hardware/libinput.nix b/nixos/modules/services/x11/hardware/libinput.nix index a0a5e265685..bd289976532 100644 --- a/nixos/modules/services/x11/hardware/libinput.nix +++ b/nixos/modules/services/x11/hardware/libinput.nix @@ -41,13 +41,13 @@ in { }; accelSpeed = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; }; buttonMapping = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' @@ -61,7 +61,7 @@ in { }; calibrationMatrix = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = '' diff --git a/nixos/modules/services/x11/hardware/synaptics.nix b/nixos/modules/services/x11/hardware/synaptics.nix index c4aad72f7e2..22af869f1f8 100644 --- a/nixos/modules/services/x11/hardware/synaptics.nix +++ b/nixos/modules/services/x11/hardware/synaptics.nix @@ -44,19 +44,19 @@ in { }; accelFactor = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "0.001"; description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; }; minSpeed = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "0.6"; description = "Cursor speed factor for precision finger motion."; }; maxSpeed = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = "1.0"; description = "Cursor speed factor for highest-speed finger motion."; }; diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix index a6055f26789..0e131412276 100644 --- a/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixos/modules/services/x11/window-managers/xmonad.nix @@ -59,7 +59,7 @@ in config = mkOption { default = null; - type = with lib.types; nullOr (either path string); + type = with lib.types; nullOr (either path str); description = '' Configuration from which XMonad gets compiled. If no value is specified, the xmonad config from $HOME/.xmonad is taken. diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index c94a0643831..a8406544a72 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -659,7 +659,7 @@ in systemd.services.display-manager = { description = "X11 Server"; - after = [ "systemd-udev-settle.service" "local-fs.target" "acpid.service" "systemd-logind.service" ]; + after = [ "systemd-udev-settle.service" "acpid.service" "systemd-logind.service" ]; wants = [ "systemd-udev-settle.service" ]; restartIfChanged = false; diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix index a550ffd6320..a32c9dc1f2b 100644 --- a/nixos/modules/system/boot/binfmt.nix +++ b/nixos/modules/system/boot/binfmt.nix @@ -239,7 +239,7 @@ in { List of systems to emulate. Will also configure Nix to support your new systems. ''; - type = types.listOf types.string; + type = types.listOf types.str; }; }; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 4a68ae901da..e13f0421d38 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -8,7 +8,7 @@ let efi = config.boot.loader.efi; - grubPkgs = + grubPkgs = # Package set of targeted architecture if cfg.forcei686 then pkgs.pkgsi686Linux else pkgs; @@ -333,7 +333,7 @@ in }; backgroundColor = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; example = "#7EBAE4"; default = null; description = '' @@ -399,7 +399,7 @@ in example = "text"; type = types.str; description = '' - The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. + The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. ''; }; @@ -408,7 +408,7 @@ in example = "keep"; type = types.str; description = '' - The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. + The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. ''; }; @@ -535,7 +535,7 @@ in default = false; type = types.bool; description = '' - Whether to force the use of a ia32 boot loader on x64 systems. Required + Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI. ''; }; @@ -554,7 +554,7 @@ in systemHasTPM = mkOption { default = ""; example = "YES_TPM_is_activated"; - type = types.string; + type = types.str; description = '' Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot diff --git a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix index 7db60daa60b..1c8354e5269 100644 --- a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix +++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix @@ -10,7 +10,7 @@ let builderUboot = import ./uboot-builder.nix { inherit pkgs configTxt; inherit (cfg) version; }; builderGeneric = import ./raspberrypi-builder.nix { inherit pkgs configTxt; }; - builder = + builder = if cfg.uboot.enable then "${builderUboot} -g ${toString cfg.uboot.configurationLimit} -t ${timeoutStr} -c" else @@ -86,7 +86,7 @@ in firmwareConfig = mkOption { default = null; - type = types.nullOr types.string; + type = types.nullOr types.lines; description = '' Extra options that will be appended to <literal>/boot/config.txt</literal> file. For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/ diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 046c61c8b56..5bf7b0d227f 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -836,7 +836,7 @@ in options = { device = mkOption { - type = types.string; + type = types.str; example = "wlp6s0"; description = "The name of the underlying hardware WLAN device as assigned by <literal>udev</literal>."; }; @@ -852,7 +852,7 @@ in }; meshID = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; description = "MeshID of interface with type <literal>mesh</literal>."; }; diff --git a/nixos/modules/virtualisation/anbox.nix b/nixos/modules/virtualisation/anbox.nix index c63b971ead0..da5df358073 100644 --- a/nixos/modules/virtualisation/anbox.nix +++ b/nixos/modules/virtualisation/anbox.nix @@ -56,7 +56,7 @@ in dns = mkOption { default = "1.1.1.1"; - type = types.string; + type = types.str; description = '' Container DNS server. ''; diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 770cefbcd51..036b1036f92 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -166,7 +166,6 @@ in wantedBy = [ "sshd.service" "waagent.service" ]; before = [ "sshd.service" "waagent.service" ]; - after = [ "local-fs.target" ]; path = [ pkgs.coreutils ]; script = diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index dd2108ccc37..e91dd72ff5d 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -26,7 +26,6 @@ in wantedBy = [ "sshd.service" "waagent.service" ]; before = [ "sshd.service" "waagent.service" ]; - after = [ "local-fs.target" ]; path = [ pkgs.coreutils ]; script = diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 510b91904c5..9c9f8fc0c21 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -337,7 +337,7 @@ let networkOptions = { hostBridge = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "br0"; description = '' @@ -387,7 +387,7 @@ let }; hostAddress6 = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "fc00::1"; description = '' @@ -409,7 +409,7 @@ let }; localAddress6 = mkOption { - type = types.nullOr types.string; + type = types.nullOr types.str; default = null; example = "fc00::2"; description = '' @@ -565,7 +565,7 @@ in }; interfaces = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; description = '' diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 79766970c75..327324f2921 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -21,7 +21,7 @@ in boot.initrd.kernelModules = [ "virtio_scsi" ]; boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. + # Generate a GRUB menu. boot.loader.grub.device = "/dev/sda"; boot.loader.timeout = 0; @@ -29,12 +29,16 @@ in # way to select them anyway. boot.loader.grub.configurationLimit = 0; - # Allow root logins only using the SSH key that the user specified - # at instance creation time. + # Allow root logins only using SSH keys + # and disable password authentication in general services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = mkDefault false; + # enable OS Login. This also requires setting enable-oslogin=TRUE metadata on + # instance or project level + security.googleOsLogin.enable = true; + # Use GCE udev rules for dynamic disk volumes services.udev.packages = [ gce ]; @@ -65,165 +69,80 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - security.googleOsLogin.enable = true; - - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - systemd.services.google-instance-setup = { description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; - path = with pkgs; [ ethtool openssh ]; + after = [ "network-online.target" "network.target" "rsyslog.service" ]; + before = [ "sshd.service" ]; + path = with pkgs; [ coreutils ethtool openssh ]; serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; + ExecStart = "${gce}/bin/google_instance_setup"; + StandardOutput="journal+console"; Type = "oneshot"; }; + wantedBy = [ "sshd.service" "multi-user.target" ]; }; systemd.services.google-network-daemon = { description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "network.target" "google-instance-setup.service" ]; path = with pkgs; [ iproute ]; serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; + ExecStart = "${gce}/bin/google_network_daemon"; + StandardOutput="journal+console"; + Type="simple"; }; + wantedBy = [ "multi-user.target" ]; }; + systemd.services.google-clock-skew-daemon = { + description = "Google Compute Engine Clock Skew Daemon"; + after = [ "network.target" "google-instance-setup.service" "google-network-daemon.service" ]; + serviceConfig = { + ExecStart = "${gce}/bin/google_clock_skew_daemon"; + StandardOutput="journal+console"; + Type = "simple"; + }; + wantedBy = ["multi-user.target"]; + }; + + systemd.services.google-shutdown-scripts = { description = "Google Compute Engine Shutdown Scripts"; after = [ - "local-fs.target" "network-online.target" "network.target" "rsyslog.service" - "systemd-resolved.service" "google-instance-setup.service" "google-network-daemon.service" ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; + ExecStop = "${gce}/bin/google_metadata_script_runner --script-type shutdown"; RemainAfterExit = true; - TimeoutStopSec = "infinity"; + StandardOutput="journal+console"; + TimeoutStopSec = "0"; + Type = "oneshot"; }; + wantedBy = [ "multi-user.target" ]; }; systemd.services.google-startup-scripts = { description = "Google Compute Engine Startup Scripts"; after = [ - "local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service" "google-network-daemon.service" ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; + ExecStart = "${gce}/bin/google_metadata_script_runner --script-type startup"; KillMode = "process"; + StandardOutput = "journal+console"; Type = "oneshot"; }; + wantedBy = [ "multi-user.target" ]; }; - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # strict reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # strict path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - - }; - + environment.etc."sysctl.d/11-gce-network-security.conf".source = "${gce}/sysctl.d/11-gce-network-security.conf"; } diff --git a/nixos/modules/virtualisation/kvmgt.nix b/nixos/modules/virtualisation/kvmgt.nix index df4c5678fd1..36ef6d17df6 100644 --- a/nixos/modules/virtualisation/kvmgt.nix +++ b/nixos/modules/virtualisation/kvmgt.nix @@ -9,7 +9,7 @@ let vgpuOptions = { uuid = mkOption { - type = types.string; + type = types.str; description = "UUID of VGPU device. You can generate one with <package>libossp_uuid</package>."; }; }; @@ -23,7 +23,7 @@ in { ''; # multi GPU support is under the question device = mkOption { - type = types.string; + type = types.str; default = "0000:00:02.0"; description = "PCI ID of graphics card. You can figure it with <command>ls /sys/class/mdev_bus</command>."; }; diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index 70e575b6c0d..06d5c63476f 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -119,7 +119,7 @@ in virtualisation.xen.domains = { extraConfig = mkOption { - type = types.string; + type = types.lines; default = ""; description = '' diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index ffa087bb6f2..9e2109d88b5 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -68,6 +68,7 @@ in rec { nixos.tests.chromium.x86_64-linux or [] (all nixos.tests.firefox) (all nixos.tests.firewall) + (all nixos.tests.fontconfig-default-fonts) (all nixos.tests.gnome3-xorg) (all nixos.tests.gnome3) (all nixos.tests.pantheon) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 557ee78df7c..8ee4dfbf13b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -87,6 +87,7 @@ in flatpak = handleTest ./flatpak.nix {}; flatpak-builder = handleTest ./flatpak-builder.nix {}; fluentd = handleTest ./fluentd.nix {}; + fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {}; fsck = handleTest ./fsck.nix {}; fwupd = handleTestOn ["x86_64-linux"] ./fwupd.nix {}; # libsmbios is unsupported on aarch64 gdk-pixbuf = handleTest ./gdk-pixbuf.nix {}; @@ -233,6 +234,7 @@ in rabbitmq = handleTest ./rabbitmq.nix {}; radarr = handleTest ./radarr.nix {}; radicale = handleTest ./radicale.nix {}; + redis = handleTest ./redis.nix {}; redmine = handleTest ./redmine.nix {}; roundcube = handleTest ./roundcube.nix {}; rspamd = handleTest ./rspamd.nix {}; diff --git a/nixos/tests/fontconfig-default-fonts.nix b/nixos/tests/fontconfig-default-fonts.nix new file mode 100644 index 00000000000..1991cec9218 --- /dev/null +++ b/nixos/tests/fontconfig-default-fonts.nix @@ -0,0 +1,28 @@ +import ./make-test.nix ({ lib, ... }: +{ + name = "fontconfig-default-fonts"; + + machine = { config, pkgs, ... }: { + fonts.enableDefaultFonts = true; # Background fonts + fonts.fonts = with pkgs; [ + noto-fonts-emoji + cantarell-fonts + twitter-color-emoji + source-code-pro + gentium + ]; + fonts.fontconfig.defaultFonts = { + serif = [ "Gentium Plus" ]; + sansSerif = [ "Cantarell" ]; + monospace = [ "Source Code Pro" ]; + emoji = [ "Twitter Color Emoji" ]; + }; + }; + + testScript = '' + $machine->succeed("fc-match serif | grep '\"Gentium Plus\"'"); + $machine->succeed("fc-match sans-serif | grep '\"Cantarell\"'"); + $machine->succeed("fc-match monospace | grep '\"Source Code Pro\"'"); + $machine->succeed("fc-match emoji | grep '\"Twitter Color Emoji\"'"); + ''; +}) diff --git a/nixos/tests/hocker-fetchdocker/machine.nix b/nixos/tests/hocker-fetchdocker/machine.nix index 78343f0e02f..885adebe149 100644 --- a/nixos/tests/hocker-fetchdocker/machine.nix +++ b/nixos/tests/hocker-fetchdocker/machine.nix @@ -11,8 +11,8 @@ systemd.services.docker-load-fetchdocker-image = { description = "Docker load hello-world-container"; wantedBy = [ "multi-user.target" ]; - wants = [ "docker.service" "local-fs.target" ]; - after = [ "docker.service" "local-fs.target" ]; + wants = [ "docker.service" ]; + after = [ "docker.service" ]; script = '' ${pkgs.hello-world-container}/compositeImage.sh | ${pkgs.docker}/bin/docker load diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix new file mode 100644 index 00000000000..325d93424dd --- /dev/null +++ b/nixos/tests/redis.nix @@ -0,0 +1,26 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "redis"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ flokli ]; + }; + + nodes = { + machine = + { pkgs, ... }: + + { + services.redis.enable = true; + services.redis.unixSocket = "/run/redis/redis.sock"; + }; + }; + + testScript = '' + startAll; + + $machine->waitForUnit("redis"); + $machine->waitForOpenPort("6379"); + + $machine->succeed("redis-cli ping | grep PONG"); + $machine->succeed("redis-cli -s /run/redis/redis.sock ping | grep PONG"); + ''; +}) |