diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-14 13:46:33 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-14 13:46:33 +0200 |
commit | cff9e6429a4341e924594f5e057b03ca8101b314 (patch) | |
tree | f8c1a31c9ad11b4c417b9c331747f3b3dc47bdf4 /nixos | |
parent | a6055b7d8705d3c3a008e67cde1d43cf5727f76b (diff) | |
parent | 8d56f2472e47a3f1f388b69c0ecc24421910d555 (diff) | |
download | nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.tar nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.tar.gz nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.tar.bz2 nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.tar.lz nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.tar.xz nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.tar.zst nixpkgs-cff9e6429a4341e924594f5e057b03ca8101b314.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos')
63 files changed, 1198 insertions, 437 deletions
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 7fc0ad702f8..f9de2db1a08 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -5,55 +5,6 @@ with pkgs; let lib = pkgs.lib; - # Remove invisible and internal options. - optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options); - - # Replace functions by the string <function> - substFunction = x: - if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x - else if builtins.isList x then map substFunction x - else if lib.isFunction x then "<function>" - else x; - - # Generate DocBook documentation for a list of packages. This is - # what `relatedPackages` option of `mkOption` from - # ../../../lib/options.nix influences. - # - # Each element of `relatedPackages` can be either - # - a string: that will be interpreted as an attribute name from `pkgs`, - # - a list: that will be interpreted as an attribute path from `pkgs`, - # - an attrset: that can specify `name`, `path`, `package`, `comment` - # (either of `name`, `path` is required, the rest are optional). - genRelatedPackages = packages: - let - unpack = p: if lib.isString p then { name = p; } - else if lib.isList p then { path = p; } - else p; - describe = args: - let - title = args.title or null; - name = args.name or (lib.concatStringsSep "." args.path); - path = args.path or [ args.name ]; - package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs); - in "<listitem>" - + "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>" - + lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>" - + ": ${package.meta.description or "???"}.</para>" - + lib.optionalString (args ? comment) "\n<para>${args.comment}</para>" - # Lots of `longDescription's break DocBook, so we just wrap them into <programlisting> - + lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>" - + "</listitem>"; - in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>"; - - optionsListDesc = lib.flip map optionsListVisible (opt: opt // { - # Clean up declaration sites to not refer to the NixOS source tree. - declarations = map stripAnyPrefixes opt.declarations; - } - // lib.optionalAttrs (opt ? example) { example = substFunction opt.example; } - // lib.optionalAttrs (opt ? default) { default = substFunction opt.default; } - // lib.optionalAttrs (opt ? type) { type = substFunction opt.type; } - // lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; }); - # We need to strip references to /nix/store/* from options, # including any `extraSources` if some modules came from elsewhere, # or else the build will fail. @@ -63,37 +14,13 @@ let prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources); stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) prefixesToStrip; - # Custom "less" that pushes up all the things ending in ".enable*" - # and ".package*" - optionLess = a: b: - let - ise = lib.hasPrefix "enable"; - isp = lib.hasPrefix "package"; - cmp = lib.splitByAndCompare ise lib.compare - (lib.splitByAndCompare isp lib.compare lib.compare); - in lib.compareLists cmp a.loc b.loc < 0; - - # Customly sort option list for the man page. - optionsList = lib.sort optionLess optionsListDesc; - - # Convert the list of options into an XML file. - optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList); - - optionsDocBook = runCommand "options-db.xml" {} '' - optionsXML=${optionsXML} - if grep /nixpkgs/nixos/modules $optionsXML; then - echo "The manual appears to depend on the location of Nixpkgs, which is bad" - echo "since this prevents sharing via the NixOS channel. This is typically" - echo "caused by an option default that refers to a relative path (see above" - echo "for hints about the offending path)." - exit 1 - fi - ${buildPackages.libxslt.bin}/bin/xsltproc \ - --stringparam revision '${revision}' \ - -o intermediate.xml ${./options-to-docbook.xsl} $optionsXML - ${buildPackages.libxslt.bin}/bin/xsltproc \ - -o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml - ''; + optionsDoc = buildPackages.nixosOptionsDoc { + inherit options revision; + transformOptions = opt: opt // { + # Clean up declaration sites to not refer to the NixOS source tree. + declarations = map stripAnyPrefixes opt.declarations; + }; + }; sources = lib.sourceFilesBySuffices ./. [".xml"]; @@ -108,7 +35,7 @@ let generatedSources = runCommand "generated-docbook" {} '' mkdir $out ln -s ${modulesDoc} $out/modules.xml - ln -s ${optionsDocBook} $out/options-db.xml + ln -s ${optionsDoc.optionsDocBook} $out/options-db.xml printf "%s" "${version}" > $out/version ''; @@ -234,22 +161,7 @@ let in rec { inherit generatedSources; - # The NixOS options in JSON format. - optionsJSON = runCommand "options-json" - { meta.description = "List of NixOS options in JSON format"; - } - '' - # Export list of options in different format. - dst=$out/share/doc/nixos - mkdir -p $dst - - cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON - (builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList)))) - } $dst/options.json - - mkdir -p $out/nix-support - echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products - ''; # */ + inherit (optionsDoc) optionsJSON optionsXML optionsDocBook; # Generate the NixOS manual. manualHTML = runCommand "nixos-manual-html" diff --git a/nixos/doc/manual/development/option-types.xml b/nixos/doc/manual/development/option-types.xml index 069cc36573d..8fcbb627342 100644 --- a/nixos/doc/manual/development/option-types.xml +++ b/nixos/doc/manual/development/option-types.xml @@ -348,6 +348,18 @@ </varlistentry> <varlistentry> <term> + <varname>types.oneOf</varname> [ <replaceable>t1</replaceable> <replaceable>t2</replaceable> ... ] + </term> + <listitem> + <para> + Type <replaceable>t1</replaceable> or type <replaceable>t2</replaceable> and so forth, + e.g. <literal>with types; oneOf [ int str bool ]</literal>. Multiple definitions + cannot be merged. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <varname>types.coercedTo</varname> <replaceable>from</replaceable> <replaceable>f</replaceable> <replaceable>to</replaceable> </term> <listitem> diff --git a/nixos/doc/manual/development/releases.xml b/nixos/doc/manual/development/releases.xml index f45fecd16c3..3cb16d33cd4 100755 --- a/nixos/doc/manual/development/releases.xml +++ b/nixos/doc/manual/development/releases.xml @@ -100,6 +100,16 @@ </listitem> <listitem> <para> + Remove attributes that we know we will not be able to support, + especially if there is a stable alternative. E.g. Check that our + Linux kernels' + <link xlink:href="https://www.kernel.org/category/releases.html"> + projected end-of-life</link> are after our release projected + end-of-life + </para> + </listitem> + <listitem> + <para> Edit changelog at <literal>nixos/doc/manual/release-notes/rl-1709.xml</literal> (double check desktop versions are noted) diff --git a/nixos/doc/manual/installation/changing-config.xml b/nixos/doc/manual/installation/changing-config.xml index b77d71389a9..48193d986ab 100644 --- a/nixos/doc/manual/installation/changing-config.xml +++ b/nixos/doc/manual/installation/changing-config.xml @@ -14,6 +14,13 @@ to build the new configuration, make it the default configuration for booting, and try to realise the configuration in the running system (e.g., by restarting system services). + <warning> + <para> + This command doesn't start/stop <link linkend="opt-systemd.user.services">user + services</link> automatically. <command>nixos-rebuild</command> only runs a + <literal>daemon-reload</literal> for each user with running user services. + </para> + </warning> </para> <warning> <para> diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml index 9cec83f1e28..4c20cfcdd7d 100644 --- a/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixos/doc/manual/man-nixos-rebuild.xml @@ -90,6 +90,35 @@ <arg> <option>--show-trace</option> </arg> + <arg> + <option>-I</option> + <replaceable>path</replaceable> + </arg> + <arg> + <group choice='req'> + <arg choice='plain'><option>--verbose</option></arg> + <arg choice='plain'><option>-v</option></arg> + </group> + </arg> + <arg> + <group choice='req'> + <arg choice='plain'><option>--max-jobs</option></arg> + <arg choice='plain'><option>-j</option></arg> + </group> + <replaceable>number</replaceable> + </arg> + <arg> + <group choice='req'> + <arg choice='plain'><option>--keep-failed</option></arg> + <arg choice='plain'><option>-K</option></arg> + </group> + </arg> + <arg> + <group choice='req'> + <arg choice='plain'><option>--keep-going</option></arg> + <arg choice='plain'><option>-k</option></arg> + </group> + </arg> </cmdsynopsis> </refsynopsisdiv> <refsection> @@ -101,7 +130,8 @@ NixOS module, you must run <command>nixos-rebuild</command> to make the changes take effect. It builds the new system in <filename>/nix/store</filename>, runs its activation script, and stop and - (re)starts any system services if needed. + (re)starts any system services if needed. Please note that user services need + to be started manually as they aren't detected by the activation script at the moment. </para> <para> This command has one required argument, which specifies the desired diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 6f049005ab6..b12858cfc96 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -33,6 +33,15 @@ PHP 7.1 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 19.09 release. </para> </listitem> + <listitem> + <para> + The binfmt module is now easier to use. Additional systems can + be added through <option>boot.binfmt.emulatedSystems</option>. + For instance, <literal>boot.binfmt.emulatedSystems = [ + "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];</literal> will + set up binfmt interpreters for each of those listed systems. + </para> + </listitem> </itemizedlist> </section> @@ -47,6 +56,13 @@ The following new services were added since the last release: </para> + <itemizedlist> + <listitem> + <para> + <literal>./programs/dwm-status.nix</literal> + </para> + </listitem> + </itemizedlist> </section> <section xmlns="http://docbook.org/ns/docbook" @@ -226,6 +242,12 @@ Only some exporters are affected by the latter, namely the exporters <literal>dovecot</literal>, <literal>node</literal>, <literal>postfix</literal> and <literal>varnish</literal>. </para> </listitem> + <listitem> + <para> + The <literal>ibus-qt</literal> package is not installed by default anymore when <xref linkend="opt-i18n.inputMethod.enabled" /> is set to <literal>ibus</literal>. + If IBus support in Qt 4.x applications is required, add the <literal>ibus-qt</literal> package to your <xref linkend="opt-environment.systemPackages" /> manually. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/lib/make-options-doc/default.nix b/nixos/lib/make-options-doc/default.nix new file mode 100644 index 00000000000..88e052106a2 --- /dev/null +++ b/nixos/lib/make-options-doc/default.nix @@ -0,0 +1,164 @@ +/* Generate JSON, XML and DocBook documentation for given NixOS options. + + Minimal example: + + { pkgs, }: + + let + eval = import (pkgs.path + "/nixos/lib/eval-config.nix") { + baseModules = [ + ../module.nix + ]; + modules = []; + }; + in pkgs.nixosOptionsDoc { + options = eval.options; + } + +*/ +{ pkgs +, lib +, options +, transformOptions ? lib.id # function for additional tranformations of the options +, revision ? "" # Specify revision for the options +}: + +let + # Replace functions by the string <function> + substFunction = x: + if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x + else if builtins.isList x then map substFunction x + else if lib.isFunction x then "<function>" + else x; + + optionsListDesc = lib.flip map optionsListVisible + (opt: transformOptions opt + // lib.optionalAttrs (opt ? example) { example = substFunction opt.example; } + // lib.optionalAttrs (opt ? default) { default = substFunction opt.default; } + // lib.optionalAttrs (opt ? type) { type = substFunction opt.type; } + // lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; } + ); + + # Generate DocBook documentation for a list of packages. This is + # what `relatedPackages` option of `mkOption` from + # ../../../lib/options.nix influences. + # + # Each element of `relatedPackages` can be either + # - a string: that will be interpreted as an attribute name from `pkgs`, + # - a list: that will be interpreted as an attribute path from `pkgs`, + # - an attrset: that can specify `name`, `path`, `package`, `comment` + # (either of `name`, `path` is required, the rest are optional). + genRelatedPackages = packages: + let + unpack = p: if lib.isString p then { name = p; } + else if lib.isList p then { path = p; } + else p; + describe = args: + let + title = args.title or null; + name = args.name or (lib.concatStringsSep "." args.path); + path = args.path or [ args.name ]; + package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs); + in "<listitem>" + + "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>" + + lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>" + + ": ${package.meta.description or "???"}.</para>" + + lib.optionalString (args ? comment) "\n<para>${args.comment}</para>" + # Lots of `longDescription's break DocBook, so we just wrap them into <programlisting> + + lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>" + + "</listitem>"; + in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>"; + + # Custom "less" that pushes up all the things ending in ".enable*" + # and ".package*" + optionLess = a: b: + let + ise = lib.hasPrefix "enable"; + isp = lib.hasPrefix "package"; + cmp = lib.splitByAndCompare ise lib.compare + (lib.splitByAndCompare isp lib.compare lib.compare); + in lib.compareLists cmp a.loc b.loc < 0; + + # Remove invisible and internal options. + optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options); + + # Customly sort option list for the man page. + optionsList = lib.sort optionLess optionsListDesc; + + # Convert the list of options into an XML file. + optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList); + + optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList); + + # TODO: declarations: link to github + singleAsciiDoc = name: value: '' + == ${name} + + ${value.description} + + [discrete] + === details + + Type:: ${value.type} + ${ if lib.hasAttr "default" value + then '' + Default:: + + + ---- + ${builtins.toJSON value.default} + ---- + '' + else "No Default:: {blank}" + } + ${ if value.readOnly + then "Read Only:: {blank}" + else "" + } + ${ if lib.hasAttr "example" value + then '' + Example:: + + + ---- + ${builtins.toJSON value.example} + ---- + '' + else "No Example:: {blank}" + } + ''; + +in rec { + inherit optionsNix; + + optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix); + + optionsJSON = pkgs.runCommand "options.json" + { meta.description = "List of NixOS options in JSON format"; + } + '' + # Export list of options in different format. + dst=$out/share/doc/nixos + mkdir -p $dst + + cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json + + mkdir -p $out/nix-support + echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products + ''; # */ + + optionsDocBook = pkgs.runCommand "options-docbook.xml" {} '' + optionsXML=${optionsXML} + if grep /nixpkgs/nixos/modules $optionsXML; then + echo "The manual appears to depend on the location of Nixpkgs, which is bad" + echo "since this prevents sharing via the NixOS channel. This is typically" + echo "caused by an option default that refers to a relative path (see above" + echo "for hints about the offending path)." + exit 1 + fi + + ${pkgs.libxslt.bin}/bin/xsltproc \ + --stringparam revision '${revision}' \ + -o intermediate.xml ${./options-to-docbook.xsl} $optionsXML + ${pkgs.libxslt.bin}/bin/xsltproc \ + -o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml + ''; +} diff --git a/nixos/doc/manual/options-to-docbook.xsl b/nixos/lib/make-options-doc/options-to-docbook.xsl index 72ac89d4ff6..72ac89d4ff6 100644 --- a/nixos/doc/manual/options-to-docbook.xsl +++ b/nixos/lib/make-options-doc/options-to-docbook.xsl diff --git a/nixos/doc/manual/postprocess-option-descriptions.xsl b/nixos/lib/make-options-doc/postprocess-option-descriptions.xsl index 1201c7612c2..1201c7612c2 100644 --- a/nixos/doc/manual/postprocess-option-descriptions.xsl +++ b/nixos/lib/make-options-doc/postprocess-option-descriptions.xsl diff --git a/nixos/modules/config/timezone.nix b/nixos/modules/config/locale.nix index b15948f6e2e..6f056588187 100644 --- a/nixos/modules/config/timezone.nix +++ b/nixos/modules/config/locale.nix @@ -9,6 +9,8 @@ let timezone = types.nullOr (types.addCheck types.str nospace) // { description = "null or string without spaces"; }; + lcfg = config.location; + in { @@ -37,12 +39,45 @@ in }; }; + + location = { + + latitude = mkOption { + type = types.float; + description = '' + Your current latitude, between + <literal>-90.0</literal> and <literal>90.0</literal>. Must be provided + along with longitude. + ''; + }; + + longitude = mkOption { + type = types.float; + description = '' + Your current longitude, between + between <literal>-180.0</literal> and <literal>180.0</literal>. Must be + provided along with latitude. + ''; + }; + + provider = mkOption { + type = types.enum [ "manual" "geoclue2" ]; + default = "manual"; + description = '' + The location provider to use for determining your location. If set to + <literal>manual</literal> you must also provide latitude/longitude. + ''; + }; + + }; }; config = { environment.sessionVariables.TZDIR = "/etc/zoneinfo"; + services.geoclue2.enable = mkIf (lcfg.provider == "geoclue2") true; + # This way services are restarted when tzdata changes. systemd.globalEnvironment.TZDIR = tzdir; diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index c3f228c9bcc..25f1c67ce83 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -564,7 +564,10 @@ in { }; }) (filterAttrs (_: u: u.packages != []) cfg.users)); - environment.profiles = [ "/etc/profiles/per-user/$USER" ]; + environment.profiles = [ + "$HOME/.nix-profile" + "/etc/profiles/per-user/$USER" + ]; assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); diff --git a/nixos/modules/i18n/input-method/ibus.nix b/nixos/modules/i18n/input-method/ibus.nix index f8e021f551e..8109ef76c40 100644 --- a/nixos/modules/i18n/input-method/ibus.nix +++ b/nixos/modules/i18n/input-method/ibus.nix @@ -55,7 +55,7 @@ in # Without dconf enabled it is impossible to use IBus environment.systemPackages = with pkgs; [ - ibus-qt gnome3.dconf ibusAutostart + gnome3.dconf ibusAutostart ]; environment.variables = { diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index c09def1fcea..cfdbdaabf5c 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -607,90 +607,7 @@ EOF } write_file($fn, <<EOF); -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - -$bootLoaderConfig - # networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password\@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List packages installed in system profile. To search, run: - # \$ nix search wget - # environment.systemPackages = with pkgs; [ - # wget vim - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable touchpad support. - # services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. - # services.xserver.displayManager.sddm.enable = true; - # services.xserver.desktopManager.plasma5.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "${\(qw(@release@))}"; # Did you read the comment? - -} +@configuration@ EOF } else { print STDERR "warning: not overwriting existing $fn\n"; diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 59eb4a63af4..05add59117d 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -38,7 +38,7 @@ let src = ./nixos-generate-config.pl; path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ]; perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/${pkgs.perl.libPrefix}"; - inherit (config.system.nixos) release; + inherit (config.system.nixos-generate-config) configuration; }; nixos-option = makeProg { @@ -61,8 +61,111 @@ in { + options.system.nixos-generate-config.configuration = mkOption { + internal = true; + type = types.str; + description = '' + The NixOS module that <literal>nixos-generate-config</literal> + saves to <literal>/etc/nixos/configuration.nix</literal>. + + This is an internal option. No backward compatibility is guaranteed. + Use at your own risk! + + Note that this string gets spliced into a Perl script. The perl + variable <literal>$bootLoaderConfig</literal> can be used to + splice in the boot loader configuration. + ''; + }; + config = { + system.nixos-generate-config.configuration = mkDefault '' + # Edit this configuration file to define what should be installed on + # your system. Help is available in the configuration.nix(5) man page + # and in the NixOS manual (accessible by running ‘nixos-help’). + + { config, pkgs, ... }: + + { + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + $bootLoaderConfig + # networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password\@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n = { + # consoleFont = "Lat2-Terminus16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search, run: + # \$ nix search wget + # environment.systemPackages = with pkgs; [ + # wget vim + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable touchpad support. + # services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.desktopManager.plasma5.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.jane = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "${config.system.nixos.release}"; # Did you read the comment? + + } + ''; + environment.systemPackages = [ nixos-build-vms nixos-install diff --git a/nixos/modules/misc/crashdump.nix b/nixos/modules/misc/crashdump.nix index 6e0b49fa9af..3c47e79d051 100644 --- a/nixos/modules/misc/crashdump.nix +++ b/nixos/modules/misc/crashdump.nix @@ -58,7 +58,6 @@ in "crashkernel=${crashdump.reservedMemory}" "nmi_watchdog=panic" "softlockup_panic=1" - "idle=poll" ]; kernelPatches = [ { name = "crashdump-config"; diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix index e0c192246c0..afb74581e23 100644 --- a/nixos/modules/misc/nixpkgs.nix +++ b/nixos/modules/misc/nixpkgs.nix @@ -19,7 +19,7 @@ let lhs = optCall lhs_ { inherit pkgs; }; rhs = optCall rhs_ { inherit pkgs; }; in - lhs // rhs // + recursiveUpdate lhs rhs // optionalAttrs (lhs ? packageOverrides) { packageOverrides = pkgs: optCall lhs.packageOverrides pkgs // diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 15990177d74..3d4c41bbbdb 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -20,6 +20,7 @@ ./config/iproute2.nix ./config/krb5/default.nix ./config/ldap.nix + ./config/locale.nix ./config/malloc.nix ./config/networking.nix ./config/no-x-libs.nix @@ -33,7 +34,6 @@ ./config/system-environment.nix ./config/system-path.nix ./config/terminfo.nix - ./config/timezone.nix ./config/unix-odbc-drivers.nix ./config/users-groups.nix ./config/vpnc.nix @@ -106,9 +106,14 @@ ./programs/digitalbitbox/default.nix ./programs/dmrconfig.nix ./programs/environment.nix + ./programs/evince.nix + ./programs/file-roller.nix ./programs/firejail.nix ./programs/fish.nix ./programs/freetds.nix + ./programs/gnome-disks.nix + ./programs/gnome-documents.nix + ./programs/gpaste.nix ./programs/gnupg.nix ./programs/gphoto2.nix ./programs/iftop.nix @@ -209,6 +214,7 @@ ./services/backup/duplicity.nix ./services/backup/mysql-backup.nix ./services/backup/postgresql-backup.nix + ./services/backup/postgresql-wal-receiver.nix ./services/backup/restic.nix ./services/backup/restic-rest-server.nix ./services/backup/rsnapshot.nix @@ -280,12 +286,8 @@ ./services/desktops/pipewire.nix ./services/desktops/gnome3/at-spi2-core.nix ./services/desktops/gnome3/chrome-gnome-shell.nix - ./services/desktops/gnome3/evince.nix ./services/desktops/gnome3/evolution-data-server.nix - ./services/desktops/gnome3/file-roller.nix ./services/desktops/gnome3/glib-networking.nix - ./services/desktops/gnome3/gnome-disks.nix - ./services/desktops/gnome3/gnome-documents.nix ./services/desktops/gnome3/gnome-keyring.nix ./services/desktops/gnome3/gnome-online-accounts.nix ./services/desktops/gnome3/gnome-remote-desktop.nix @@ -293,7 +295,6 @@ ./services/desktops/gnome3/gnome-settings-daemon.nix ./services/desktops/gnome3/gnome-terminal-server.nix ./services/desktops/gnome3/gnome-user-share.nix - ./services/desktops/gnome3/gpaste.nix ./services/desktops/gnome3/gvfs.nix ./services/desktops/gnome3/rygel.nix ./services/desktops/gnome3/seahorse.nix @@ -402,6 +403,7 @@ ./services/misc/couchpotato.nix ./services/misc/devmon.nix ./services/misc/dictd.nix + ./services/misc/dwm-status.nix ./services/misc/dysnomia.nix ./services/misc/disnix.nix ./services/misc/docker-registry.nix @@ -818,6 +820,7 @@ ./services/web-servers/varnish/default.nix ./services/web-servers/zope2.nix ./services/x11/extra-layouts.nix + ./services/x11/clight.nix ./services/x11/colord.nix ./services/x11/compton.nix ./services/x11/unclutter.nix diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 3c6d356ef99..4d762314298 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -23,9 +23,8 @@ in XCURSOR_PATH = [ "$HOME/.icons" ]; }; - environment.profiles = - [ "$HOME/.nix-profile" - "/nix/var/nix/profiles/default" + environment.profiles = mkAfter + [ "/nix/var/nix/profiles/default" "/run/current-system/sw" ]; diff --git a/nixos/modules/services/desktops/gnome3/evince.nix b/nixos/modules/programs/evince.nix index 5f040a16f06..473fddb09d0 100644 --- a/nixos/modules/services/desktops/gnome3/evince.nix +++ b/nixos/modules/programs/evince.nix @@ -6,14 +6,21 @@ with lib; { + # Added 2019-08-09 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "evince" "enable" ] + [ "programs" "evince" "enable" ]) + ]; + ###### interface options = { - services.gnome3.evince = { + programs.evince = { enable = mkEnableOption - "systemd and dbus services for Evince, the GNOME document viewer"; + "Evince, the GNOME document viewer"; }; @@ -22,7 +29,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome3.evince.enable { + config = mkIf config.programs.evince.enable { environment.systemPackages = [ pkgs.evince ]; diff --git a/nixos/modules/services/desktops/gnome3/file-roller.nix b/nixos/modules/programs/file-roller.nix index 7fb558a9895..64f6a94e764 100644 --- a/nixos/modules/services/desktops/gnome3/file-roller.nix +++ b/nixos/modules/programs/file-roller.nix @@ -6,11 +6,18 @@ with lib; { + # Added 2019-08-09 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "file-roller" "enable" ] + [ "programs" "file-roller" "enable" ]) + ]; + ###### interface options = { - services.gnome3.file-roller = { + programs.file-roller = { enable = mkEnableOption "File Roller, an archive manager for GNOME"; @@ -21,7 +28,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome3.file-roller.enable { + config = mkIf config.programs.file-roller.enable { environment.systemPackages = [ pkgs.gnome3.file-roller ]; diff --git a/nixos/modules/services/desktops/gnome3/gnome-disks.nix b/nixos/modules/programs/gnome-disks.nix index 139534cdb89..1cf839a6ddb 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-disks.nix +++ b/nixos/modules/programs/gnome-disks.nix @@ -1,4 +1,4 @@ -# GNOME Disks daemon. +# GNOME Disks. { config, pkgs, lib, ... }: @@ -6,17 +6,24 @@ with lib; { + # Added 2019-08-09 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "gnome-disks" "enable" ] + [ "programs" "gnome-disks" "enable" ]) + ]; + ###### interface options = { - services.gnome3.gnome-disks = { + programs.gnome-disks = { enable = mkOption { type = types.bool; default = false; description = '' - Whether to enable GNOME Disks daemon, a service designed to + Whether to enable GNOME Disks daemon, a program designed to be a UDisks2 graphical front-end. ''; }; @@ -28,7 +35,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome3.gnome-disks.enable { + config = mkIf config.programs.gnome-disks.enable { environment.systemPackages = [ pkgs.gnome3.gnome-disk-utility ]; diff --git a/nixos/modules/services/desktops/gnome3/gnome-documents.nix b/nixos/modules/programs/gnome-documents.nix index f6efb668424..bfa3d409ee3 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-documents.nix +++ b/nixos/modules/programs/gnome-documents.nix @@ -1,4 +1,4 @@ -# GNOME Documents daemon. +# GNOME Documents. { config, pkgs, lib, ... }: @@ -6,17 +6,24 @@ with lib; { + # Added 2019-08-09 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "gnome-documents" "enable" ] + [ "programs" "gnome-documents" "enable" ]) + ]; + ###### interface options = { - services.gnome3.gnome-documents = { + programs.gnome-documents = { enable = mkOption { type = types.bool; default = false; description = '' - Whether to enable GNOME Documents services, a document + Whether to enable GNOME Documents, a document manager application for GNOME. ''; }; @@ -28,7 +35,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome3.gnome-documents.enable { + config = mkIf config.programs.gnome-documents.enable { environment.systemPackages = [ pkgs.gnome3.gnome-documents ]; diff --git a/nixos/modules/services/desktops/gnome3/gpaste.nix b/nixos/modules/programs/gpaste.nix index 5a8258775e0..4f6deb77e5e 100644 --- a/nixos/modules/services/desktops/gnome3/gpaste.nix +++ b/nixos/modules/programs/gpaste.nix @@ -1,12 +1,20 @@ -# GPaste daemon. +# GPaste. { config, lib, pkgs, ... }: with lib; { + + # Added 2019-08-09 + imports = [ + (mkRenamedOptionModule + [ "services" "gnome3" "gpaste" "enable" ] + [ "programs" "gpaste" "enable" ]) + ]; + ###### interface options = { - services.gnome3.gpaste = { + programs.gpaste = { enable = mkOption { type = types.bool; default = false; @@ -18,10 +26,9 @@ with lib; }; ###### implementation - config = mkIf config.services.gnome3.gpaste.enable { + config = mkIf config.programs.gpaste.enable { environment.systemPackages = [ pkgs.gnome3.gpaste ]; services.dbus.packages = [ pkgs.gnome3.gpaste ]; - services.xserver.desktopManager.gnome3.sessionPath = [ pkgs.gnome3.gpaste ]; systemd.packages = [ pkgs.gnome3.gpaste ]; }; } diff --git a/nixos/modules/programs/nylas-mail.nix b/nixos/modules/programs/nylas-mail.nix deleted file mode 100644 index 08a6cd0a604..00000000000 --- a/nixos/modules/programs/nylas-mail.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.nylas-mail; -in { - ###### interface - options = { - services.nylas-mail = { - - enable = mkEnableOption '' - nylas-mail - Open-source mail client built on the modern web with Electron, React, and Flux - ''; - - gnome3-keyring = mkOption { - type = types.bool; - default = true; - description = "Enable gnome3 keyring for nylas-mail."; - }; - }; - }; - - - ###### implementation - - config = mkIf cfg.enable { - - environment.systemPackages = [ pkgs.nylas-mail-bin ]; - - services.gnome3.gnome-keyring = mkIf cfg.gnome3-keyring { - enable = true; - }; - - }; -} diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index e0d64914ef4..5c08a25c128 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -51,6 +51,10 @@ with lib; (mkRemovedOptionModule [ "services" "misc" "nzbget" "openFirewall" ] "The port used by nzbget is managed through the web interface so you should adjust your firewall rules accordingly.") (mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.") (mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.") + (mkRemovedOptionModule [ "services" "prometheus2" "alertmanagerURL" ] '' + Due to incompatibility, the alertmanagerURL option has been removed, + please use 'services.prometheus2.alertmanagers' instead. + '') (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ]) (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) (mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ]) @@ -258,6 +262,20 @@ with lib; (mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ]) (mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ]) + # Redshift + (mkChangedOptionModule [ "services" "redshift" "latitude" ] [ "location" "latitude" ] + (config: + let value = getAttrFromPath [ "services" "redshift" "latitude" ] config; + in if value == null then + throw "services.redshift.latitude is set to null, you can remove this" + else builtins.fromJSON value)) + (mkChangedOptionModule [ "services" "redshift" "longitude" ] [ "location" "longitude" ] + (config: + let value = getAttrFromPath [ "services" "redshift" "longitude" ] config; + in if value == null then + throw "services.redshift.longitude is set to null, you can remove this" + else builtins.fromJSON value)) + ] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "snmpExporter" "unifiExporter" "varnishExporter" ] diff --git a/nixos/modules/services/admin/oxidized.nix b/nixos/modules/services/admin/oxidized.nix index 687cdfb5ba5..39112c3970d 100644 --- a/nixos/modules/services/admin/oxidized.nix +++ b/nixos/modules/services/admin/oxidized.nix @@ -97,8 +97,8 @@ in preStart = '' mkdir -p ${cfg.dataDir}/.config/oxidized - cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db - cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config + ln -f -s ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db + ln -f -s ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config ''; serviceConfig = { diff --git a/nixos/modules/services/backup/automysqlbackup.nix b/nixos/modules/services/backup/automysqlbackup.nix index b845f370fb7..1884f3536a9 100644 --- a/nixos/modules/services/backup/automysqlbackup.nix +++ b/nixos/modules/services/backup/automysqlbackup.nix @@ -41,7 +41,7 @@ in }; config = mkOption { - type = with types; attrsOf (either (either str (either int bool)) (listOf str)); + type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); default = {}; description = '' automysqlbackup configuration. Refer to diff --git a/nixos/modules/services/backup/postgresql-wal-receiver.nix b/nixos/modules/services/backup/postgresql-wal-receiver.nix new file mode 100644 index 00000000000..d9a37037992 --- /dev/null +++ b/nixos/modules/services/backup/postgresql-wal-receiver.nix @@ -0,0 +1,203 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + receiverSubmodule = { + options = { + postgresqlPackage = mkOption { + type = types.package; + example = literalExample "pkgs.postgresql_11"; + description = '' + PostgreSQL package to use. + ''; + }; + + directory = mkOption { + type = types.path; + example = literalExample "/mnt/pg_wal/main/"; + description = '' + Directory to write the output to. + ''; + }; + + statusInterval = mkOption { + type = types.int; + default = 10; + description = '' + Specifies the number of seconds between status packets sent back to the server. + This allows for easier monitoring of the progress from server. + A value of zero disables the periodic status updates completely, + although an update will still be sent when requested by the server, to avoid timeout disconnect. + ''; + }; + + slot = mkOption { + type = types.str; + default = ""; + example = "some_slot_name"; + description = '' + Require <command>pg_receivewal</command> to use an existing replication slot (see + <link xlink:href="https://www.postgresql.org/docs/current/warm-standby.html#STREAMING-REPLICATION-SLOTS">Section 26.2.6 of the PostgreSQL manual</link>). + When this option is used, <command>pg_receivewal</command> will report a flush position to the server, + indicating when each segment has been synchronized to disk so that the server can remove that segment if it is not otherwise needed. + + When the replication client of <command>pg_receivewal</command> is configured on the server as a synchronous standby, + then using a replication slot will report the flush position to the server, but only when a WAL file is closed. + Therefore, that configuration will cause transactions on the primary to wait for a long time and effectively not work satisfactorily. + The option <option>synchronous</option> must be specified in addition to make this work correctly. + ''; + }; + + synchronous = mkOption { + type = types.bool; + default = false; + description = '' + Flush the WAL data to disk immediately after it has been received. + Also send a status packet back to the server immediately after flushing, regardless of <option>statusInterval</option>. + + This option should be specified if the replication client of <command>pg_receivewal</command> is configured on the server as a synchronous standby, + to ensure that timely feedback is sent to the server. + ''; + }; + + compress = mkOption { + type = types.ints.between 0 9; + default = 0; + description = '' + Enables gzip compression of write-ahead logs, and specifies the compression level + (<literal>0</literal> through <literal>9</literal>, <literal>0</literal> being no compression and <literal>9</literal> being best compression). + The suffix <literal>.gz</literal> will automatically be added to all filenames. + + This option requires PostgreSQL >= 10. + ''; + }; + + connection = mkOption { + type = types.str; + example = "postgresql://user@somehost"; + description = '' + Specifies parameters used to connect to the server, as a connection string. + See <link xlink:href="https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING">Section 34.1.1 of the PostgreSQL manual</link> for more information. + + Because <command>pg_receivewal</command> doesn't connect to any particular database in the cluster, + database name in the connection string will be ignored. + ''; + }; + + extraArgs = mkOption { + type = with types; listOf str; + default = [ ]; + example = literalExample '' + [ + "--no-sync" + ] + ''; + description = '' + A list of extra arguments to pass to the <command>pg_receivewal</command> command. + ''; + }; + + environment = mkOption { + type = with types; attrsOf str; + default = { }; + example = literalExample '' + { + PGPASSFILE = "/private/passfile"; + PGSSLMODE = "require"; + } + ''; + description = '' + Environment variables passed to the service. + Usable parameters are listed in <link xlink:href="https://www.postgresql.org/docs/current/libpq-envars.html">Section 34.14 of the PostgreSQL manual</link>. + ''; + }; + }; + }; + +in { + options = { + services.postgresqlWalReceiver = { + receivers = mkOption { + type = with types; attrsOf (submodule receiverSubmodule); + default = { }; + example = literalExample '' + { + main = { + postgresqlPackage = pkgs.postgresql_11; + directory = /mnt/pg_wal/main/; + slot = "main_wal_receiver"; + connection = "postgresql://user@somehost"; + }; + } + ''; + description = '' + PostgreSQL WAL receivers. + Stream write-ahead logs from a PostgreSQL server using <command>pg_receivewal</command> (formerly <command>pg_receivexlog</command>). + See <link xlink:href="https://www.postgresql.org/docs/current/app-pgreceivewal.html">the man page</link> for more information. + ''; + }; + }; + }; + + config = let + receivers = config.services.postgresqlWalReceiver.receivers; + in mkIf (receivers != { }) { + users = { + users.postgres = { + uid = config.ids.uids.postgres; + group = "postgres"; + description = "PostgreSQL server user"; + }; + + groups.postgres = { + gid = config.ids.gids.postgres; + }; + }; + + assertions = concatLists (attrsets.mapAttrsToList (name: config: [ + { + assertion = config.compress > 0 -> versionAtLeast config.postgresqlPackage.version "10"; + message = "Invalid configuration for WAL receiver \"${name}\": compress requires PostgreSQL version >= 10."; + } + ]) receivers); + + systemd.tmpfiles.rules = mapAttrsToList (name: config: '' + d ${escapeShellArg config.directory} 0750 postgres postgres - - + '') receivers; + + systemd.services = with attrsets; mapAttrs' (name: config: nameValuePair "postgresql-wal-receiver-${name}" { + description = "PostgreSQL WAL receiver (${name})"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = "postgres"; + Group = "postgres"; + KillSignal = "SIGINT"; + Restart = "always"; + RestartSec = 30; + }; + + inherit (config) environment; + + script = let + receiverCommand = postgresqlPackage: + if (versionAtLeast postgresqlPackage.version "10") + then "${postgresqlPackage}/bin/pg_receivewal" + else "${postgresqlPackage}/bin/pg_receivexlog"; + in '' + ${receiverCommand config.postgresqlPackage} \ + --no-password \ + --directory=${escapeShellArg config.directory} \ + --status-interval=${toString config.statusInterval} \ + --dbname=${escapeShellArg config.connection} \ + ${optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ + ${optionalString (config.slot != "") "--slot=${escapeShellArg config.slot}"} \ + ${optionalString config.synchronous "--synchronous"} \ + ${concatStringsSep " " config.extraArgs} + ''; + }) receivers; + }; + + meta.maintainers = with maintainers; [ pacien ]; +} diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix index 5ddf8ba4bfb..77e404116c8 100644 --- a/nixos/modules/services/databases/couchdb.nix +++ b/nixos/modules/services/databases/couchdb.nix @@ -160,7 +160,7 @@ in { systemd.tmpfiles.rules = [ "d '${dirOf cfg.uriFile}' - ${cfg.user} ${cfg.group} - -" - "d '${dirOf cfg.logFile}' - ${cfg.user} ${cfg.group} - -" + "f '${cfg.logFile}' - ${cfg.user} ${cfg.group} - -" "d '${cfg.databaseDir}' - ${cfg.user} ${cfg.group} - -" "d '${cfg.viewIndexDir}' - ${cfg.user} ${cfg.group} - -" ]; @@ -169,11 +169,9 @@ in { description = "CouchDB Server"; wantedBy = [ "multi-user.target" ]; - preStart = - '' + preStart = '' touch ${cfg.configFile} - touch -a ${cfg.logFile} - ''; + ''; environment = mkIf useVersion2 { # we are actually specifying 4 configuration files: diff --git a/nixos/modules/services/databases/memcached.nix b/nixos/modules/services/databases/memcached.nix index 052ff1f308e..f9e403dfc0c 100644 --- a/nixos/modules/services/databases/memcached.nix +++ b/nixos/modules/services/databases/memcached.nix @@ -86,7 +86,25 @@ in in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}"; User = cfg.user; + + # Filesystem access + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; RuntimeDirectory = "memcached"; + # Caps + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + # Misc. + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + MemoryDenyWriteExecute = true; }; }; }; diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 7ff899970cc..10250bb5193 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -330,13 +330,13 @@ in fi '' + optionalString (cfg.ensureDatabases != []) '' ${concatMapStrings (database: '' - $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc "CREATE DATABASE ${database}" + $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"' '') cfg.ensureDatabases} '' + '' ${concatMapStrings (user: '' $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc "CREATE USER ${user.name}" ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' - $PSQL -tAc "GRANT ${permission} ON ${database} TO ${user.name}" + $PSQL -tAc 'GRANT ${permission} ON ${database} TO ${user.name}' '') user.ensurePermissions)} '') cfg.ensureUsers} ''; diff --git a/nixos/modules/services/games/minecraft-server.nix b/nixos/modules/services/games/minecraft-server.nix index 39a68f4b553..eb9288fca58 100644 --- a/nixos/modules/services/games/minecraft-server.nix +++ b/nixos/modules/services/games/minecraft-server.nix @@ -118,7 +118,7 @@ in { }; serverProperties = mkOption { - type = with types; attrsOf (either bool (either int str)); + type = with types; attrsOf (oneOf [ bool int str ]); default = {}; example = literalExample '' { diff --git a/nixos/modules/services/mail/davmail.nix b/nixos/modules/services/mail/davmail.nix index 5b5cc294e5c..374a3dd75c1 100644 --- a/nixos/modules/services/mail/davmail.nix +++ b/nixos/modules/services/mail/davmail.nix @@ -7,7 +7,7 @@ let cfg = config.services.davmail; configType = with types; - either (either (attrsOf configType) str) (either int bool) // { + oneOf [ (attrsOf configType) str int bool ] // { description = "davmail config type (str, int, bool or attribute set thereof)"; }; diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index dab1b29aa4b..2b08ab1e6aa 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -447,7 +447,7 @@ in }; config = mkOption { - type = with types; attrsOf (either bool (either str (listOf str))); + type = with types; attrsOf (oneOf [ bool str (listOf str) ]); description = '' The main.cf configuration file as key value set. ''; diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index 5541b8b79b7..e59d5715de0 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -331,7 +331,7 @@ in }; config = mkOption { - type = with types; attrsOf (either bool (either str (listOf str))); + type = with types; attrsOf (oneOf [ bool str (listOf str) ]); description = '' Addon to postfix configuration ''; diff --git a/nixos/modules/services/mail/rss2email.nix b/nixos/modules/services/mail/rss2email.nix index a123736005a..df454abc826 100644 --- a/nixos/modules/services/mail/rss2email.nix +++ b/nixos/modules/services/mail/rss2email.nix @@ -30,7 +30,7 @@ in { }; config = mkOption { - type = with types; attrsOf (either str (either int bool)); + type = with types; attrsOf (oneOf [ str int bool ]); default = {}; description = '' The configuration to give rss2email. diff --git a/nixos/modules/services/misc/dwm-status.nix b/nixos/modules/services/misc/dwm-status.nix new file mode 100644 index 00000000000..b98a42e6a6d --- /dev/null +++ b/nixos/modules/services/misc/dwm-status.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dwm-status; + + order = concatMapStringsSep "," (feature: ''"${feature}"'') cfg.order; + + configFile = pkgs.writeText "dwm-status.toml" '' + order = [${order}] + + ${cfg.extraConfig} + ''; +in + +{ + + ###### interface + + options = { + + services.dwm-status = { + + enable = mkEnableOption "dwm-status user service"; + + package = mkOption { + type = types.package; + default = pkgs.dwm-status; + defaultText = "pkgs.dwm-status"; + example = "pkgs.dwm-status.override { enableAlsaUtils = false; }"; + description = '' + Which dwm-status package to use. + ''; + }; + + order = mkOption { + type = types.listOf (types.enum [ "audio" "backlight" "battery" "cpu_load" "network" "time" ]); + description = '' + List of enabled features in order. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra config in TOML format. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + services.upower.enable = elem "battery" cfg.order; + + systemd.user.services.dwm-status = { + description = "Highly performant and configurable DWM status service"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + + serviceConfig.ExecStart = "${cfg.package}/bin/dwm-status ${configFile}"; + }; + + }; + +} diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 2f3f76d79ff..087630f2177 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -502,7 +502,7 @@ in { "d ${cfg.statePath} 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -" - "d ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -" + "D ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -" diff --git a/nixos/modules/services/monitoring/datadog-agent.nix b/nixos/modules/services/monitoring/datadog-agent.nix index ce3d53fb2c1..7f78db74677 100644 --- a/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixos/modules/services/monitoring/datadog-agent.nix @@ -42,9 +42,9 @@ let # Apply the configured extraIntegrations to the provided agent # package. See the documentation of `dd-agent/integrations-core.nix` # for detailed information on this. - datadogPkg = cfg.package.overrideAttrs(_: { - python = (pkgs.datadog-integrations-core cfg.extraIntegrations).python; - }); + datadogPkg = cfg.package.override { + pythonPackages = pkgs.datadog-integrations-core cfg.extraIntegrations; + }; in { options.services.datadog-agent = { enable = mkOption { @@ -60,7 +60,7 @@ in { defaultText = "pkgs.datadog-agent"; description = '' Which DataDog v6 agent package to use. Note that the provided - package is expected to have an overridable `python`-attribute + package is expected to have an overridable `pythonPackages`-attribute which configures the Python environment with the Datadog checks. ''; diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index c2f6b585d49..bf1084eecc3 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -503,12 +503,12 @@ in { message = "Cannot set both adminPassword and adminPasswordFile"; } { - assertion = cfg.security.secretKeyFile != opt.security.secretKeyFile.default -> cfg.security.secretKeyFile == null; + assertion = cfg.security.secretKey != opt.security.secretKey.default -> cfg.security.secretKeyFile == null; message = "Cannot set both secretKey and secretKeyFile"; } { assertion = cfg.smtp.password != opt.smtp.password.default -> cfg.smtp.passwordFile == null; - message = "Cannot set both password and secretKeyFile"; + message = "Cannot set both password and passwordFile"; } ]; diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index d8384e0d35b..647d67533b8 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -79,12 +79,8 @@ let (pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg2.rules)) ]); scrape_configs = filterValidPrometheus cfg2.scrapeConfigs; - alerting = optionalAttrs (cfg2.alertmanagerURL != []) { - alertmanagers = [{ - static_configs = [{ - targets = cfg2.alertmanagerURL; - }]; - }]; + alerting = { + inherit (cfg2) alertmanagers; }; }; @@ -738,11 +734,23 @@ in { ''; }; - alertmanagerURL = mkOption { - type = types.listOf types.str; + alertmanagers = mkOption { + type = types.listOf types.attrs; + example = literalExample '' + [ { + scheme = "https"; + path_prefix = "/alertmanager"; + static_configs = [ { + targets = [ + "prometheus.domain.tld" + ]; + } ]; + } ] + ''; default = []; description = '' - List of Alertmanager URLs to send notifications to. + A list of alertmanagers to send alerts to. + See <link xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config">the official documentation</link> for more information. ''; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix index f69b389760f..ca4366121e1 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix @@ -4,6 +4,13 @@ with lib; let cfg = config.services.prometheus.exporters.blackbox; + + checkConfig = file: pkgs.runCommand "checked-blackbox-exporter.conf" { + preferLocalBuild = true; + buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; } '' + ln -s ${file} $out + blackbox_exporter --config.check --config.file $out + ''; in { port = 9115; @@ -21,7 +28,7 @@ in ExecStart = '' ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - --config.file ${cfg.configFile} \ + --config.file ${checkConfig cfg.configFile} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; diff --git a/nixos/modules/services/networking/znc/default.nix b/nixos/modules/services/networking/znc/default.nix index 46bff6954cd..05f97bfa539 100644 --- a/nixos/modules/services/networking/znc/default.nix +++ b/nixos/modules/services/networking/znc/default.nix @@ -62,9 +62,9 @@ let concatStringsSep "\n" (toLines cfg.config); semanticTypes = with types; rec { - zncAtom = nullOr (either (either int bool) str); + zncAtom = nullOr (oneOf [ int bool str ]); zncAttr = attrsOf (nullOr zncConf); - zncAll = either (either zncAtom (listOf zncAtom)) zncAttr; + zncAll = oneOf [ zncAtom (listOf zncAtom) zncAttr ]; zncConf = attrsOf (zncAll // { # Since this is a recursive type and the description by default contains # the description of its subtypes, infinite recursion would occur without diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix index bb036ee020f..80fd65891ff 100644 --- a/nixos/modules/services/security/bitwarden_rs/default.nix +++ b/nixos/modules/services/security/bitwarden_rs/default.nix @@ -36,7 +36,7 @@ in { }; config = mkOption { - type = attrsOf (nullOr (either (either bool int) str)); + type = attrsOf (nullOr (oneOf [ bool int str ])); default = {}; example = literalExample '' { diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index 5b2f3875aaa..84a94fc446e 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -14,7 +14,7 @@ let pkg = pkgs.limesurvey; - configType = with types; either (either (attrsOf configType) str) (either int bool) // { + configType = with types; oneOf [ (attrsOf configType) str int bool ] // { description = "limesurvey config type (str, int, bool or attribute set thereof)"; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index ea9476a7c91..12200c879be 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -336,7 +336,7 @@ let ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } ++ concatMap (svc: svc.extraModules) allSubservices ++ extraForeignModules; - in concatMapStrings load allModules + in concatMapStrings load (unique allModules) } AddHandler type-map var diff --git a/nixos/modules/services/x11/clight.nix b/nixos/modules/services/x11/clight.nix new file mode 100644 index 00000000000..6ec395bb05e --- /dev/null +++ b/nixos/modules/services/x11/clight.nix @@ -0,0 +1,115 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.clight; + + toConf = v: + if builtins.isFloat v then toString v + else if isInt v then toString v + else if isBool v then boolToString v + else if isString v then ''"${escape [''"''] v}"'' + else if isList v then "[ " + concatMapStringsSep ", " toConf v + " ]" + else abort "clight.toConf: unexpected type (v = ${v})"; + + clightConf = pkgs.writeText "clight.conf" + (concatStringsSep "\n" (mapAttrsToList + (name: value: "${toString name} = ${toConf value};") + (filterAttrs + (_: value: value != null) + cfg.settings))); +in { + options.services.clight = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable clight or not. + ''; + }; + + temperature = { + day = mkOption { + type = types.int; + default = 5500; + description = '' + Colour temperature to use during the day, between + <literal>1000</literal> and <literal>25000</literal> K. + ''; + }; + night = mkOption { + type = types.int; + default = 3700; + description = '' + Colour temperature to use at night, between + <literal>1000</literal> and <literal>25000</literal> K. + ''; + }; + }; + + settings = let + validConfigTypes = with types; either int (either str (either bool float)); + in mkOption { + type = with types; attrsOf (nullOr (either validConfigTypes (listOf validConfigTypes))); + default = {}; + example = { captures = 20; gamma_long_transition = true; ac_capture_timeouts = [ 120 300 60 ]; }; + description = '' + Additional configuration to extend clight.conf. See + <link xlink:href="https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf"/> for a + sample configuration file. + ''; + }; + }; + + config = mkIf cfg.enable { + boot.kernelModules = [ "i2c_dev" ]; + environment.systemPackages = with pkgs; [ clight clightd ]; + services.dbus.packages = with pkgs; [ clight clightd ]; + services.upower.enable = true; + + services.clight.settings = { + gamma_temp = with cfg.temperature; mkDefault [ day night ]; + } // (optionalAttrs (config.location.provider == "manual") { + latitude = mkDefault config.location.latitude; + longitude = mkDefault config.location.longitude; + }); + + services.geoclue2.appConfig."clightc" = { + isAllowed = true; + isSystem = true; + }; + + systemd.services.clightd = { + requires = [ "polkit.service" ]; + wantedBy = [ "multi-user.target" ]; + + description = "Bus service to manage various screen related properties (gamma, dpms, backlight)"; + serviceConfig = { + Type = "dbus"; + BusName = "org.clightd.clightd"; + Restart = "on-failure"; + RestartSec = 5; + ExecStart = '' + ${pkgs.clightd}/bin/clightd + ''; + }; + }; + + systemd.user.services.clight = { + after = [ "upower.service" "clightd.service" ]; + wants = [ "upower.service" "clightd.service" ]; + partOf = [ "graphical-session.target" ]; + wantedBy = [ "graphical-session.target" ]; + + description = "C daemon to adjust screen brightness to match ambient brightness, as computed capturing frames from webcam"; + serviceConfig = { + Restart = "on-failure"; + RestartSec = 5; + ExecStart = '' + ${pkgs.clight}/bin/clight --conf-file ${clightConf} + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/x11/compton.nix b/nixos/modules/services/x11/compton.nix index c02c9bfd94e..a94a76ff0c0 100644 --- a/nixos/modules/services/x11/compton.nix +++ b/nixos/modules/services/x11/compton.nix @@ -215,7 +215,7 @@ in { }; settings = let - configTypes = with types; either bool (either int (either float str)); + configTypes = with types; oneOf [ bool int float str ]; # types.loaOf converts lists to sets loaOf = t: with types; either (listOf t) (attrsOf t); in mkOption { diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index cd750242125..5e1e652a508 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -123,12 +123,8 @@ in { services.dleyna-renderer.enable = mkDefault true; services.dleyna-server.enable = mkDefault true; services.gnome3.at-spi2-core.enable = true; - services.gnome3.evince.enable = mkDefault true; services.gnome3.evolution-data-server.enable = true; - services.gnome3.file-roller.enable = mkDefault true; services.gnome3.glib-networking.enable = true; - services.gnome3.gnome-disks.enable = mkDefault true; - services.gnome3.gnome-documents.enable = mkDefault true; services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-online-accounts.enable = mkDefault true; services.gnome3.gnome-remote-desktop.enable = mkDefault true; @@ -157,6 +153,12 @@ in { xdg.portal.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + # Enable default programs + programs.evince.enable = mkDefault true; + programs.file-roller.enable = mkDefault true; + programs.gnome-disks.enable = mkDefault true; + programs.gnome-documents.enable = mkDefault true; + # If gnome3 is installed, build vim for gtk3 too. nixpkgs.config.vim.gui = "gtk3"; diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix index 4345a334808..55f8f75021b 100644 --- a/nixos/modules/services/x11/redshift.nix +++ b/nixos/modules/services/x11/redshift.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.redshift; + lcfg = config.location; in { @@ -18,35 +19,6 @@ in { ''; }; - latitude = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Your current latitude, between - <literal>-90.0</literal> and <literal>90.0</literal>. Must be provided - along with longitude. - ''; - }; - - longitude = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Your current longitude, between - between <literal>-180.0</literal> and <literal>180.0</literal>. Must be - provided along with latitude. - ''; - }; - - provider = mkOption { - type = types.enum [ "manual" "geoclue2" ]; - default = "manual"; - description = '' - The location provider to use for determining your location. If set to - <literal>manual</literal> you must also provide latitude/longitude. - ''; - }; - temperature = { day = mkOption { type = types.int; @@ -106,33 +78,19 @@ in { }; config = mkIf cfg.enable { - assertions = [ - { - assertion = - if cfg.provider == "manual" - then (cfg.latitude != null && cfg.longitude != null) - else (cfg.latitude == null && cfg.longitude == null); - message = "Latitude and longitude must be provided together, and with provider set to null."; - } - ]; - # needed so that .desktop files are installed, which geoclue cares about environment.systemPackages = [ cfg.package ]; - services.geoclue2 = mkIf (cfg.provider == "geoclue2") { - enable = true; - appConfig."redshift" = { - isAllowed = true; - isSystem = true; - }; + services.geoclue2.appConfig."redshift" = { + isAllowed = true; + isSystem = true; }; - systemd.user.services.redshift = + systemd.user.services.redshift = let - providerString = - if cfg.provider == "manual" - then "${cfg.latitude}:${cfg.longitude}" - else cfg.provider; + providerString = if lcfg.provider == "manual" + then "${toString lcfg.latitude}:${toString lcfg.longitude}" + else lcfg.provider; in { description = "Redshift colour temperature adjuster"; diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix index d6c0f050486..a550ffd6320 100644 --- a/nixos/modules/system/boot/binfmt.nix +++ b/nixos/modules/system/boot/binfmt.nix @@ -115,6 +115,14 @@ let magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00''; mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff''; }; + wasm32-wasi = { + magicOrExtension = ''\x00asm''; + mask = ''\xff\xff\xff\xff''; + }; + wasm64-wasi = { + magicOrExtension = ''\x00asm''; + mask = ''\xff\xff\xff\xff''; + }; x86_64-windows = { magicOrExtension = ".exe"; recognitionType = "extension"; @@ -226,6 +234,7 @@ in { emulatedSystems = mkOption { default = []; + example = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]; description = '' List of systems to emulate. Will also configure Nix to support your new systems. diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix index ee4ae845a7d..c1f2c98afcd 100644 --- a/nixos/modules/system/boot/systemd-unit-options.nix +++ b/nixos/modules/system/boot/systemd-unit-options.nix @@ -226,7 +226,7 @@ in rec { environment = mkOption { default = {}; - type = with types; attrsOf (nullOr (either str (either path package))); + type = with types; attrsOf (nullOr (oneOf [ str path package ])); example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; description = "Environment variables passed to the service's processes."; }; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 1025a038c4b..1914827d0e5 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -524,7 +524,7 @@ in }; systemd.globalEnvironment = mkOption { - type = with types; attrsOf (nullOr (either str (either path package))); + type = with types; attrsOf (nullOr (oneOf [ str path package ])); default = {}; example = { TZ = "CET"; }; description = '' diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index b9a9515f94e..7146aebf54b 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -68,8 +68,9 @@ in rec { nixos.tests.chromium.x86_64-linux or [] (all nixos.tests.firefox) (all nixos.tests.firewall) - (except ["aarch64-linux"] nixos.tests.gnome3) - (except ["aarch64-linux"] nixos.tests.pantheon) + (all nixos.tests.gnome3-xorg) + (all nixos.tests.gnome3) + (all nixos.tests.pantheon) nixos.tests.installer.zfsroot.x86_64-linux or [] # ZFS is 64bit only (except ["aarch64-linux"] nixos.tests.installer.lvm) (except ["aarch64-linux"] nixos.tests.installer.luksroot) @@ -103,7 +104,7 @@ in rec { #(all nixos.tests.keymap.neo) #(all nixos.tests.keymap.qwertz) (all nixos.tests.plasma5) - #(all nixos.tests.lightdm) + (all nixos.tests.lightdm) (all nixos.tests.login) (all nixos.tests.misc) (all nixos.tests.mutableUsers) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index c3fa53ac544..c24c8ae61a5 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -56,7 +56,7 @@ in containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-restart_networking = handleTest ./containers-restart_networking.nix {}; containers-tmpfs = handleTest ./containers-tmpfs.nix {}; - #couchdb = handleTest ./couchdb.nix {}; # spidermonkey-1.8.5 is marked as broken + couchdb = handleTest ./couchdb.nix {}; deluge = handleTest ./deluge.nix {}; dhparams = handleTest ./dhparams.nix {}; dnscrypt-proxy = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy.nix {}; @@ -93,8 +93,8 @@ in gitlab = handleTest ./gitlab.nix {}; gitolite = handleTest ./gitolite.nix {}; gjs = handleTest ./gjs.nix {}; - gnome3 = handleTestOn ["x86_64-linux"] ./gnome3.nix {}; # libsmbios is unsupported on aarch64 - gnome3-gdm = handleTestOn ["x86_64-linux"] ./gnome3-gdm.nix {}; # libsmbios is unsupported on aarch64 + gnome3-xorg = handleTest ./gnome3-xorg.nix {}; + gnome3 = handleTest ./gnome3.nix {}; gocd-agent = handleTest ./gocd-agent.nix {}; gocd-server = handleTest ./gocd-server.nix {}; google-oslogin = handleTest ./google-oslogin {}; @@ -139,7 +139,7 @@ in ldap = handleTest ./ldap.nix {}; leaps = handleTest ./leaps.nix {}; lidarr = handleTest ./lidarr.nix {}; - #lightdm = handleTest ./lightdm.nix {}; + lightdm = handleTest ./lightdm.nix {}; limesurvey = handleTest ./limesurvey.nix {}; login = handleTest ./login.nix {}; loki = handleTest ./loki.nix {}; @@ -183,6 +183,7 @@ in nginx = handleTest ./nginx.nix {}; nginx-sso = handleTest ./nginx-sso.nix {}; nix-ssh-serve = handleTest ./nix-ssh-serve.nix {}; + nixos-generate-config = handleTest ./nixos-generate-config.nix {}; novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {}; nsd = handleTest ./nsd.nix {}; nzbget = handleTest ./nzbget.nix {}; @@ -209,6 +210,7 @@ in plotinus = handleTest ./plotinus.nix {}; postgis = handleTest ./postgis.nix {}; postgresql = handleTest ./postgresql.nix {}; + postgresql-wal-receiver = handleTest ./postgresql-wal-receiver.nix {}; powerdns = handleTest ./powerdns.nix {}; predictable-interface-names = handleTest ./predictable-interface-names.nix {}; printing = handleTest ./printing.nix {}; diff --git a/nixos/tests/gnome3-gdm.nix b/nixos/tests/gnome3-gdm.nix deleted file mode 100644 index c2808d87d99..00000000000 --- a/nixos/tests/gnome3-gdm.nix +++ /dev/null @@ -1,63 +0,0 @@ -import ./make-test.nix ({ pkgs, ...} : { - name = "gnome3-gdm"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ lethalman ]; - }; - - machine = - { ... }: - - { imports = [ ./common/user-account.nix ]; - - services.xserver.enable = true; - - services.xserver.displayManager.gdm = { - enable = true; - autoLogin = { - enable = true; - user = "alice"; - }; - }; - services.xserver.desktopManager.gnome3.enable = true; - - virtualisation.memorySize = 1024; - }; - - testScript = let - # Keep line widths somewhat managable - bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus"; - gdbus = "${bus} gdbus"; - # Call javascript in gnome shell, returns a tuple (success, output), where - # `success` is true if the dbus call was successful and output is what the - # javascript evaluates to. - eval = "call --session -d org.gnome.Shell -o /org/gnome/Shell -m org.gnome.Shell.Eval"; - # False when startup is done - startingUp = "${gdbus} ${eval} Main.layoutManager._startingUp"; - # Hopefully gnome-terminal's wm class - wmClass = "${gdbus} ${eval} global.display.focus_window.wm_class"; - in '' - # wait for gdm to start - $machine->waitForUnit("display-manager.service"); - - # wait for alice to be logged in - $machine->waitForUnit("default.target","alice"); - - # Check that logging in has given the user ownership of devices. - $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); - - # Wait for the wayland server - $machine->waitForFile("/run/user/1000/wayland-0"); - - # Wait for gnome shell, correct output should be "(true, 'false')" - $machine->waitUntilSucceeds("su - alice -c '${startingUp} | grep -q true,..false'"); - - # open a terminal - $machine->succeed("su - alice -c '${bus} gnome-terminal'"); - # and check it's there - $machine->waitUntilSucceeds("su - alice -c '${wmClass} | grep -q gnome-terminal-server'"); - - # wait to get a nice screenshot - $machine->sleep(20); - $machine->screenshot("screen"); - ''; -}) diff --git a/nixos/tests/gnome3-xorg.nix b/nixos/tests/gnome3-xorg.nix new file mode 100644 index 00000000000..f12361da037 --- /dev/null +++ b/nixos/tests/gnome3-xorg.nix @@ -0,0 +1,41 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "gnome3-xorg"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = pkgs.gnome3.maintainers; + }; + + machine = + { ... }: + + { imports = [ ./common/user-account.nix ]; + + services.xserver.enable = true; + + services.xserver.displayManager.gdm.enable = false; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.displayManager.lightdm.autoLogin.enable = true; + services.xserver.displayManager.lightdm.autoLogin.user = "alice"; + services.xserver.desktopManager.gnome3.enable = true; + services.xserver.desktopManager.default = "gnome-xorg"; + + virtualisation.memorySize = 1024; + }; + + testScript = + '' + $machine->waitForX; + + # wait for alice to be logged in + $machine->waitForUnit("default.target","alice"); + + # Check that logging in has given the user ownership of devices. + $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); + + $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); + $machine->succeed("xauth merge ~alice/.Xauthority"); + $machine->waitForWindow(qr/alice.*machine/); + $machine->succeed("timeout 900 bash -c 'while read msg; do if [[ \$msg =~ \"GNOME Shell started\" ]]; then break; fi; done < <(journalctl -f)'"); + $machine->sleep(10); + $machine->screenshot("screen"); + ''; +}) diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index b58c9e5a0e3..b6fe602a732 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -1,7 +1,7 @@ import ./make-test.nix ({ pkgs, ...} : { name = "gnome3"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ domenkozar eelco lethalman ]; + maintainers = pkgs.gnome3.maintainers; }; machine = @@ -11,19 +11,34 @@ import ./make-test.nix ({ pkgs, ...} : { services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = false; - services.xserver.displayManager.lightdm.enable = true; - services.xserver.displayManager.lightdm.autoLogin.enable = true; - services.xserver.displayManager.lightdm.autoLogin.user = "alice"; + services.xserver.displayManager.gdm = { + enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; + }; + services.xserver.desktopManager.gnome3.enable = true; - services.xserver.desktopManager.default = "gnome-xorg"; virtualisation.memorySize = 1024; }; - testScript = - '' - $machine->waitForX; + testScript = let + # Keep line widths somewhat managable + bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus"; + gdbus = "${bus} gdbus"; + # Call javascript in gnome shell, returns a tuple (success, output), where + # `success` is true if the dbus call was successful and output is what the + # javascript evaluates to. + eval = "call --session -d org.gnome.Shell -o /org/gnome/Shell -m org.gnome.Shell.Eval"; + # False when startup is done + startingUp = "${gdbus} ${eval} Main.layoutManager._startingUp"; + # Hopefully gnome-terminal's wm class + wmClass = "${gdbus} ${eval} global.display.focus_window.wm_class"; + in '' + # wait for gdm to start + $machine->waitForUnit("display-manager.service"); # wait for alice to be logged in $machine->waitForUnit("default.target","alice"); @@ -31,11 +46,19 @@ import ./make-test.nix ({ pkgs, ...} : { # Check that logging in has given the user ownership of devices. $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); - $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); - $machine->succeed("xauth merge ~alice/.Xauthority"); - $machine->waitForWindow(qr/alice.*machine/); - $machine->succeed("timeout 900 bash -c 'while read msg; do if [[ \$msg =~ \"GNOME Shell started\" ]]; then break; fi; done < <(journalctl -f)'"); - $machine->sleep(10); + # Wait for the wayland server + $machine->waitForFile("/run/user/1000/wayland-0"); + + # Wait for gnome shell, correct output should be "(true, 'false')" + $machine->waitUntilSucceeds("su - alice -c '${startingUp} | grep -q true,..false'"); + + # open a terminal + $machine->succeed("su - alice -c '${bus} gnome-terminal'"); + # and check it's there + $machine->waitUntilSucceeds("su - alice -c '${wmClass} | grep -q gnome-terminal-server'"); + + # wait to get a nice screenshot + $machine->sleep(20); $machine->screenshot("screen"); ''; }) diff --git a/nixos/tests/lightdm.nix b/nixos/tests/lightdm.nix index 8a9a7408d29..c805f1ed9f3 100644 --- a/nixos/tests/lightdm.nix +++ b/nixos/tests/lightdm.nix @@ -1,7 +1,7 @@ import ./make-test.nix ({ pkgs, ...} : { name = "lightdm"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ aszlig ]; + maintainers = [ aszlig worldofpeace ]; }; machine = { ... }: { diff --git a/nixos/tests/mosquitto.nix b/nixos/tests/mosquitto.nix index 86b7f9c044d..bd5447de15f 100644 --- a/nixos/tests/mosquitto.nix +++ b/nixos/tests/mosquitto.nix @@ -49,21 +49,40 @@ in rec { testScript = let file = "/tmp/msg"; - payload = "wootWOOT"; + sub = args: + "(${cmd "sub"} -C 1 ${args} | tee ${file} &)"; in '' startAll; $server->waitForUnit("mosquitto.service"); $server->fail("test -f ${file}"); - $server->execute("(${cmd "sub"} -C 1 | tee ${file} &)"); - $client1->fail("test -f ${file}"); - $client1->execute("(${cmd "sub"} -C 1 | tee ${file} &)"); + $client2->fail("test -f ${file}"); + + + # QoS = 0, so only one subscribers should get it + $server->execute("${sub "-q 0"}"); + + # we need to give the subscribers some time to connect + $client2->execute("sleep 5"); + $client2->succeed("${cmd "pub"} -m FOO -q 0"); + + $server->waitUntilSucceeds("grep -q FOO ${file}"); + $server->execute("rm ${file}"); + + + # QoS = 1, so both subscribers should get it + $server->execute("${sub "-q 1"}"); + $client1->execute("${sub "-q 1"}"); - $client2->succeed("${cmd "pub"} -m ${payload}"); + # we need to give the subscribers some time to connect + $client2->execute("sleep 5"); + $client2->succeed("${cmd "pub"} -m BAR -q 1"); - $server->succeed("grep -q ${payload} ${file}"); + $server->waitUntilSucceeds("grep -q BAR ${file}"); + $server->execute("rm ${file}"); - $client1->succeed("grep -q ${payload} ${file}"); + $client1->waitUntilSucceeds("grep -q BAR ${file}"); + $client1->execute("rm ${file}"); ''; }) diff --git a/nixos/tests/nixos-generate-config.nix b/nixos/tests/nixos-generate-config.nix new file mode 100644 index 00000000000..15a173e024b --- /dev/null +++ b/nixos/tests/nixos-generate-config.nix @@ -0,0 +1,24 @@ +import ./make-test.nix ({ lib, ... } : { + name = "nixos-generate-config"; + meta.maintainers = with lib.maintainers; [ basvandijk ]; + machine = { + system.nixos-generate-config.configuration = '' + # OVERRIDDEN + { config, pkgs, ... }: { + imports = [ ./hardware-configuration.nix ]; + $bootLoaderConfig + } + ''; + }; + testScript = '' + startAll; + $machine->waitForUnit("multi-user.target"); + $machine->succeed("nixos-generate-config"); + + # Test if the configuration really is overridden + $machine->succeed("grep 'OVERRIDDEN' /etc/nixos/configuration.nix"); + + # Test of if the Perl variable $bootLoaderConfig is spliced correctly: + $machine->succeed("grep 'boot\\.loader\\.grub\\.enable = true;' /etc/nixos/configuration.nix"); + ''; +}) diff --git a/nixos/tests/postgresql-wal-receiver.nix b/nixos/tests/postgresql-wal-receiver.nix new file mode 100644 index 00000000000..791b041ba95 --- /dev/null +++ b/nixos/tests/postgresql-wal-receiver.nix @@ -0,0 +1,86 @@ +{ system ? builtins.currentSystem +, config ? { } +, pkgs ? import ../.. { inherit system config; } }: + +with import ../lib/testing.nix { inherit system pkgs; }; +with pkgs.lib; + +let + postgresqlDataDir = "/var/db/postgresql/test"; + replicationUser = "wal_receiver_user"; + replicationSlot = "wal_receiver_slot"; + replicationConn = "postgresql://${replicationUser}@localhost"; + baseBackupDir = "/tmp/pg_basebackup"; + walBackupDir = "/tmp/pg_wal"; + recoveryConf = pkgs.writeText "recovery.conf" '' + restore_command = 'cp ${walBackupDir}/%f %p' + ''; + + makePostgresqlWalReceiverTest = subTestName: postgresqlPackage: makeTest { + name = "postgresql-wal-receiver-${subTestName}"; + meta.maintainers = with maintainers; [ pacien ]; + + machine = { ... }: { + services.postgresql = { + package = postgresqlPackage; + enable = true; + dataDir = postgresqlDataDir; + extraConfig = '' + wal_level = archive # alias for replica on pg >= 9.6 + max_wal_senders = 10 + max_replication_slots = 10 + ''; + authentication = '' + host replication ${replicationUser} all trust + ''; + initialScript = pkgs.writeText "init.sql" '' + create user ${replicationUser} replication; + select * from pg_create_physical_replication_slot('${replicationSlot}'); + ''; + }; + + services.postgresqlWalReceiver.receivers.main = { + inherit postgresqlPackage; + connection = replicationConn; + slot = replicationSlot; + directory = walBackupDir; + }; + }; + + testScript = '' + # make an initial base backup + $machine->waitForUnit('postgresql'); + $machine->waitForUnit('postgresql-wal-receiver-main'); + # WAL receiver healthchecks PG every 5 seconds, so let's be sure they have connected each other + # required only for 9.4 + $machine->sleep(5); + $machine->succeed('${postgresqlPackage}/bin/pg_basebackup --dbname=${replicationConn} --pgdata=${baseBackupDir}'); + + # create a dummy table with 100 records + $machine->succeed('sudo -u postgres psql --command="create table dummy as select * from generate_series(1, 100) as val;"'); + + # stop postgres and destroy data + $machine->systemctl('stop postgresql'); + $machine->systemctl('stop postgresql-wal-receiver-main'); + $machine->succeed('rm -r ${postgresqlDataDir}/{base,global,pg_*}'); + + # restore the base backup + $machine->succeed('cp -r ${baseBackupDir}/* ${postgresqlDataDir} && chown postgres:postgres -R ${postgresqlDataDir}'); + + # prepare WAL and recovery + $machine->succeed('chmod a+rX -R ${walBackupDir}'); + $machine->execute('for part in ${walBackupDir}/*.partial; do mv $part ''${part%%.*}; done'); # make use of partial segments too + $machine->succeed('cp ${recoveryConf} ${postgresqlDataDir}/recovery.conf && chmod 666 ${postgresqlDataDir}/recovery.conf'); + + # replay WAL + $machine->systemctl('start postgresql'); + $machine->waitForFile('${postgresqlDataDir}/recovery.done'); + $machine->systemctl('restart postgresql'); + $machine->waitForUnit('postgresql'); + + # check that our records have been restored + $machine->succeed('test $(sudo -u postgres psql --pset="pager=off" --tuples-only --command="select count(distinct val) from dummy;") -eq 100'); + ''; + }; + +in mapAttrs makePostgresqlWalReceiverTest (import ../../pkgs/servers/sql/postgresql pkgs) diff --git a/nixos/tests/syncthing-init.nix b/nixos/tests/syncthing-init.nix index 811a466ff94..0de76b688bd 100644 --- a/nixos/tests/syncthing-init.nix +++ b/nixos/tests/syncthing-init.nix @@ -22,9 +22,13 @@ in { }; testScript = '' + my $config; + $machine->waitForUnit("syncthing-init.service"); - $machine->succeed("cat /var/lib/syncthing/config.xml") =~ /${testId}/ or die; - $machine->succeed("cat /var/lib/syncthing/config.xml") =~ /testFolder/ or die; + $config = $machine->succeed("cat /var/lib/syncthing/.config/syncthing/config.xml"); + + $config =~ /${testId}/ or die; + $config =~ /testFolder/ or die; ''; }) |