From e57034f9a778384481dede840e1adc8b0ba947af Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 22 Sep 2023 17:40:04 +0100 Subject: modules/xmr-stak: drop broken cudaSupport option Tanvir Ahmed T. reports that `services.xmr-stak.enable = true;` shows that `23.05` ships broken `xmr-stak` module: error: function 'anonymous lambda' called with unexpected argument 'cudaSupport' I broke it when I removed `cudaSupport` flag in https://github.com/NixOS/nixpkgs/commit/a5ce71d4e8cbe1d3311aeddc86a8d847989d6099 I'm just removing the option without an attempt to supply the stub as module was already broken on `23.05` release. There are probably no users of `xmr-stak` module by now. Closes: https://github.com/NixOS/nixpkgs/issues/256703 --- nixos/modules/services/misc/xmr-stak.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/xmr-stak.nix b/nixos/modules/services/misc/xmr-stak.nix index 6e123cf0380..54efae48d5d 100644 --- a/nixos/modules/services/misc/xmr-stak.nix +++ b/nixos/modules/services/misc/xmr-stak.nix @@ -7,7 +7,7 @@ let cfg = config.services.xmr-stak; pkg = pkgs.xmr-stak.override { - inherit (cfg) openclSupport cudaSupport; + inherit (cfg) openclSupport; }; in @@ -17,7 +17,6 @@ in services.xmr-stak = { enable = mkEnableOption (lib.mdDoc "xmr-stak miner"); openclSupport = mkEnableOption (lib.mdDoc "support for OpenCL (AMD/ATI graphics cards)"); - cudaSupport = mkEnableOption (lib.mdDoc "support for CUDA (NVidia graphics cards)"); extraArgs = mkOption { type = types.listOf types.str; @@ -64,15 +63,12 @@ in wantedBy = [ "multi-user.target" ]; bindsTo = [ "network-online.target" ]; after = [ "network-online.target" ]; - environment = mkIf cfg.cudaSupport { - LD_LIBRARY_PATH = "${pkgs.linuxPackages_latest.nvidia_x11}/lib"; - }; preStart = concatStrings (flip mapAttrsToList cfg.configFiles (fn: content: '' ln -sf '${pkgs.writeText "xmr-stak-${fn}" content}' '${fn}' '')); - serviceConfig = let rootRequired = cfg.openclSupport || cfg.cudaSupport; in { + serviceConfig = let rootRequired = cfg.openclSupport; in { ExecStart = "${pkg}/bin/xmr-stak ${concatStringsSep " " cfg.extraArgs}"; # xmr-stak generates cpu and/or gpu configuration files WorkingDirectory = "/tmp"; -- cgit 1.4.1 From 32c36780d1a438f4c9e36a5666ab2fdd5515a372 Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Wed, 27 Sep 2023 18:35:30 +0200 Subject: dysnomia: 0.10.1 -> 0.10.2 --- nixos/modules/services/misc/dysnomia.nix | 2 +- pkgs/tools/package-management/disnix/dysnomia/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/dysnomia.nix b/nixos/modules/services/misc/dysnomia.nix index 0f92265ccbe..129345e3810 100644 --- a/nixos/modules/services/misc/dysnomia.nix +++ b/nixos/modules/services/misc/dysnomia.nix @@ -223,7 +223,7 @@ in ejabberdUser = config.services.ejabberd.user; }; } // lib.optionalAttrs (config.services.mysql.enable) { mysql-database = { - mysqlPort = config.services.mysql.port; + mysqlPort = config.services.mysql.settings.mysqld.port; mysqlSocket = "/run/mysqld/mysqld.sock"; } // lib.optionalAttrs cfg.enableAuthentication { mysqlUsername = "root"; diff --git a/pkgs/tools/package-management/disnix/dysnomia/default.nix b/pkgs/tools/package-management/disnix/dysnomia/default.nix index f07aade89ca..48d1b796511 100644 --- a/pkgs/tools/package-management/disnix/dysnomia/default.nix +++ b/pkgs/tools/package-management/disnix/dysnomia/default.nix @@ -40,10 +40,10 @@ assert enableXinetdService -> xinetd != null; stdenv.mkDerivation rec { pname = "dysnomia"; - version = "0.10.1"; + version = "0.10.2"; src = fetchurl { url = "https://github.com/svanderburg/dysnomia/releases/download/dysnomia-${version}/dysnomia-${version}.tar.gz"; - sha256 = "0w9601g8zpaxrmynx6mh8zz85ldpb8psp7cc6ls8v3srjpj1l5n3"; + sha256 = "08ijqbijs2h584dvsb3z858ha385fqd5jfxc51lks9lxxv0sfkr4"; }; configureFlags = [ -- cgit 1.4.1 From 5edabf7c0b904e62b65027e2bc4dbed4e98788d1 Mon Sep 17 00:00:00 2001 From: Vladimir Serov Date: Mon, 12 Jun 2023 22:05:18 +0400 Subject: moonraker: add useGpiod --- nixos/modules/services/misc/moonraker.nix | 10 +++++++- pkgs/servers/moonraker/default.nix | 39 +++++++++++++++++-------------- 2 files changed, 30 insertions(+), 19 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/moonraker.nix b/nixos/modules/services/misc/moonraker.nix index 7e306d718e0..797e145c47a 100644 --- a/nixos/modules/services/misc/moonraker.nix +++ b/nixos/modules/services/misc/moonraker.nix @@ -1,8 +1,8 @@ { config, lib, options, pkgs, ... }: with lib; let - pkg = pkgs.moonraker; cfg = config.services.moonraker; + pkg = cfg.package; opt = options.services.moonraker; format = pkgs.formats.ini { # https://github.com/NixOS/nixpkgs/pull/121613#issuecomment-885241996 @@ -18,6 +18,14 @@ in { services.moonraker = { enable = mkEnableOption (lib.mdDoc "Moonraker, an API web server for Klipper"); + package = mkOption { + type = with types; nullOr package; + default = pkgs.moonraker; + defaultText = literalExpression "pkgs.moonraker"; + example = literalExpression "pkgs.moonraker.override { useGpiod = true; }"; + description = lib.mdDoc "Moonraker package to use"; + }; + klipperSocket = mkOption { type = types.path; default = config.services.klipper.apiSocket; diff --git a/pkgs/servers/moonraker/default.nix b/pkgs/servers/moonraker/default.nix index 73595e6909c..84e426d6ac5 100644 --- a/pkgs/servers/moonraker/default.nix +++ b/pkgs/servers/moonraker/default.nix @@ -1,23 +1,26 @@ -{ lib, stdenvNoCC, fetchFromGitHub, python3, makeWrapper, unstableGitUpdater, nixosTests }: +{ lib, stdenvNoCC, fetchFromGitHub, python3, makeWrapper, unstableGitUpdater, nixosTests, useGpiod ? false }: let - pythonEnv = python3.withPackages (packages: with packages; [ - tornado - pyserial-asyncio - pillow - lmdb - streaming-form-data - distro - inotify-simple - libnacl - paho-mqtt - pycurl - zeroconf - preprocess-cancellation - jinja2 - dbus-next - apprise - ]); + pythonEnv = python3.withPackages (packages: + with packages; [ + tornado + pyserial-asyncio + pillow + lmdb + streaming-form-data + distro + inotify-simple + libnacl + paho-mqtt + pycurl + zeroconf + preprocess-cancellation + jinja2 + dbus-next + apprise + ] + ++ (lib.optionals useGpiod [ libgpiod ]) + ); in stdenvNoCC.mkDerivation rec { pname = "moonraker"; version = "unstable-2022-11-18"; -- cgit 1.4.1 From 342cc761dfd76ac6caaaafd96b3aac8f0311119a Mon Sep 17 00:00:00 2001 From: Linus Karl Date: Sun, 26 Feb 2023 23:04:25 +0100 Subject: nixos/gpsd: add extraArgs option Allows setting addtional arguments to gpsd --- nixos/modules/services/misc/gpsd.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/gpsd.nix b/nixos/modules/services/misc/gpsd.nix index ce0f9bb3ba2..5d2e806181d 100644 --- a/nixos/modules/services/misc/gpsd.nix +++ b/nixos/modules/services/misc/gpsd.nix @@ -92,6 +92,16 @@ in { ''; }; + extraArgs = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "-r" "-s" "19200" ]; + description = lib.mdDoc '' + A list of extra command line arguments to pass to gpsd. + Check gpsd(8) mangpage for possible arguments. + ''; + }; + }; }; @@ -117,12 +127,14 @@ in { Type = "forking"; ExecStart = let devices = utils.escapeSystemdExecArgs cfg.devices; + extraArgs = utils.escapeSystemdExecArgs cfg.extraArgs; in '' ${pkgs.gpsd}/sbin/gpsd -D "${toString cfg.debugLevel}" \ -S "${toString cfg.port}" \ ${optionalString cfg.readonly "-b"} \ ${optionalString cfg.nowait "-n"} \ ${optionalString cfg.listenany "-G"} \ + ${extraArgs} \ ${devices} ''; }; -- cgit 1.4.1 From 6249a0983d1fba22ff629aaabaea172432f83cf9 Mon Sep 17 00:00:00 2001 From: Leona Maroni Date: Wed, 4 Oct 2023 22:03:18 +0200 Subject: nixos/paperless: fix start with latest systemd --- nixos/modules/services/misc/paperless.nix | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 74a3b49ac9a..9b8bd62809c 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -36,18 +36,7 @@ let # Secure the services defaultServiceConfig = { - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - "-/etc/ssl/certs" - "-/etc/static/ssl/certs" - "-/run/postgresql" - ] ++ (optional enableRedis redisServer.unixSocket); - BindPaths = [ + ReadWritePaths = [ cfg.consumptionDir cfg.dataDir cfg.mediaDir @@ -66,11 +55,9 @@ let PrivateUsers = true; ProtectClock = true; # Breaks if the home dir of the user is in /home - # Also does not add much value in combination with the TemporaryFileSystem. # ProtectHome = true; ProtectHostname = true; - # Would re-mount paths ignored by temporary root - #ProtectSystem = "strict"; + ProtectSystem = "strict"; ProtectControlGroups = true; ProtectKernelLogs = true; ProtectKernelModules = true; @@ -319,17 +306,6 @@ in Type = "oneshot"; # Enable internet access PrivateNetwork = false; - # Restrict write access - BindPaths = []; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/ssl/certs" - "-/etc/static/ssl/certs" - "-/etc/hosts" - "-/etc/localtime" - ]; ExecStart = let pythonWithNltk = pkg.python.withPackages (ps: [ ps.nltk ]); in '' ${pythonWithNltk}/bin/python -m nltk.downloader -d '${nltkDir}' punkt snowball_data stopwords ''; -- cgit 1.4.1 From d4eca0e8bbfb20a667d684f4c207372c5dc95248 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 6 Oct 2023 23:52:42 +0300 Subject: nixos/gollum: remove non-existent maintainer --- nixos/modules/services/misc/gollum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/gollum.nix b/nixos/modules/services/misc/gollum.nix index d607e92e5ec..b73528abaf6 100644 --- a/nixos/modules/services/misc/gollum.nix +++ b/nixos/modules/services/misc/gollum.nix @@ -154,5 +154,5 @@ in }; }; - meta.maintainers = with lib.maintainers; [ erictapen bbenno joscha ]; + meta.maintainers = with lib.maintainers; [ erictapen bbenno ]; } -- cgit 1.4.1 From b59e5a34e782478445b6ea690fd546c8624ed705 Mon Sep 17 00:00:00 2001 From: Tristan Daniël Maat Date: Sat, 7 Oct 2023 01:21:21 +0200 Subject: nixos/gitea: Add option to supply the metrics token via file --- nixos/modules/services/misc/gitea.nix | 15 +++++++++++++++ nixos/tests/gitea.nix | 8 ++++++++ 2 files changed, 23 insertions(+) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index f6ef2bb9191..3f690f85d62 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -246,6 +246,13 @@ in description = lib.mdDoc "Path to a file containing the SMTP password."; }; + metricsTokenFile = mkOption { + type = types.nullOr types.str; + default = null; + example = "/var/lib/secrets/gitea/metrics_token"; + description = lib.mdDoc "Path to a file containing the metrics authentication token."; + }; + settings = mkOption { default = {}; description = lib.mdDoc '' @@ -433,6 +440,10 @@ in PASSWD = "#mailerpass#"; }; + metrics = mkIf (cfg.metricsTokenFile != null) { + TOKEN = "#metricstoken#"; + }; + oauth2 = { JWT_SECRET = "#oauth2jwtsecret#"; }; @@ -559,6 +570,10 @@ in ${lib.optionalString (cfg.mailerPasswordFile != null) '' ${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}' ''} + + ${lib.optionalString (cfg.metricsTokenFile != null) '' + ${replaceSecretBin} '#metricstoken#' '${cfg.metricsTokenFile}' '${runConfig}' + ''} chmod u-w '${runConfig}' } (umask 027; gitea_setup) diff --git a/nixos/tests/gitea.nix b/nixos/tests/gitea.nix index b747659de82..f574b59be54 100644 --- a/nixos/tests/gitea.nix +++ b/nixos/tests/gitea.nix @@ -35,9 +35,11 @@ let enable = true; database = { inherit type; }; package = giteaPackage; + metricsTokenFile = (pkgs.writeText "metrics_secret" "fakesecret").outPath; settings.service.DISABLE_REGISTRATION = true; settings."repository.signing".SIGNING_KEY = signingPrivateKeyId; settings.actions.ENABLED = true; + settings.metrics.ENABLED = true; }; environment.systemPackages = [ giteaPackage pkgs.gnupg pkgs.jq ]; services.openssh.enable = true; @@ -143,6 +145,12 @@ let + '-H "Accept: application/json" | jq length)" = "1"' ) + with subtest("Testing metrics endpoint"): + server.succeed('curl ' + + '-H "Authorization: Bearer fakesecret" ' + + 'http://localhost:3000/metrics ' + + '| grep gitea_accesses') + with subtest("Testing runner registration"): server.succeed( "su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea actions generate-runner-token' | sed 's/^/TOKEN=/' | tee /var/lib/gitea/runner_token" -- cgit 1.4.1 From f3ad4def37a26d06a3e59988c9b2fd8d63f26f0e Mon Sep 17 00:00:00 2001 From: ckie Date: Wed, 4 Oct 2023 17:13:20 +0300 Subject: nixos/rkvm: init Co-authored-by: Lin Jian --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/rkvm.nix | 164 +++++++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 nixos/modules/services/misc/rkvm.nix (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 29fcabaefad..a56400cbabf 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -706,6 +706,7 @@ ./services/misc/ripple-data-api.nix ./services/misc/rippled.nix ./services/misc/rmfakecloud.nix + ./services/misc/rkvm.nix ./services/misc/rshim.nix ./services/misc/safeeyes.nix ./services/misc/sdrplay.nix diff --git a/nixos/modules/services/misc/rkvm.nix b/nixos/modules/services/misc/rkvm.nix new file mode 100644 index 00000000000..582e8511ed9 --- /dev/null +++ b/nixos/modules/services/misc/rkvm.nix @@ -0,0 +1,164 @@ +{ options, config, pkgs, lib, ... }: + +with lib; +let + opt = options.services.rkvm; + cfg = config.services.rkvm; + toml = pkgs.formats.toml { }; +in +{ + meta.maintainers = with maintainers; [ ckie ]; + + options.services.rkvm = { + enable = mkOption { + default = cfg.server.enable || cfg.client.enable; + defaultText = literalExpression "config.${opt.server.enable} || config.${opt.client.enable}"; + type = types.bool; + description = mdDoc '' + Whether to enable rkvm, a Virtual KVM switch for Linux machines. + ''; + }; + + package = mkPackageOption pkgs "rkvm" { }; + + server = { + enable = mkEnableOption "the rkvm server daemon (input transmitter)"; + + settings = mkOption { + type = types.submodule + { + freeformType = toml.type; + options = { + listen = mkOption { + type = types.str; + default = "0.0.0.0:5258"; + description = mdDoc '' + An internet socket address to listen on, either IPv4 or IPv6. + ''; + }; + + switch-keys = mkOption { + type = types.listOf types.str; + default = [ "left-alt" "left-ctrl" ]; + description = mdDoc '' + A key list specifying a host switch combination. + + _A list of key names is available in ._ + ''; + }; + + certificate = mkOption { + type = types.path; + default = "/etc/rkvm/certificate.pem"; + description = mdDoc '' + TLS certificate path. + + ::: {.note} + This should be generated with {command}`rkvm-certificate-gen`. + ::: + ''; + }; + + key = mkOption { + type = types.path; + default = "/etc/rkvm/key.pem"; + description = mdDoc '' + TLS key path. + + ::: {.note} + This should be generated with {command}`rkvm-certificate-gen`. + ::: + ''; + }; + + password = mkOption { + type = types.str; + description = mdDoc '' + Shared secret token to authenticate the client. + Make sure this matches your client's config. + ''; + }; + }; + }; + + default = { }; + description = mdDoc "Structured server daemon configuration"; + }; + }; + + client = { + enable = mkEnableOption "the rkvm client daemon (input receiver)"; + + settings = mkOption { + type = types.submodule + { + freeformType = toml.type; + options = { + server = mkOption { + type = types.str; + example = "192.168.0.123:5258"; + description = mdDoc '' + An RKVM server's internet socket address, either IPv4 or IPv6. + ''; + }; + + certificate = mkOption { + type = types.path; + default = "/etc/rkvm/certificate.pem"; + description = mdDoc '' + TLS ceritficate path. + + ::: {.note} + This should be generated with {command}`rkvm-certificate-gen`. + ::: + ''; + }; + + password = mkOption { + type = types.str; + description = mdDoc '' + Shared secret token to authenticate the client. + Make sure this matches your server's config. + ''; + }; + }; + }; + + default = {}; + description = mdDoc "Structured client daemon configuration"; + }; + }; + + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + systemd.services = + let + mkBase = component: { + description = "RKVM ${component}"; + wantedBy = [ "multi-user.target" ]; + after = { + server = [ "network.target" ]; + client = [ "network-online.target" ]; + }.${component}; + wants = { + server = [ ]; + client = [ "network-online.target" ]; + }.${component}; + serviceConfig = { + ExecStart = "${cfg.package}/bin/rkvm-${component} ${toml.generate "rkvm-${component}.toml" cfg.${component}.settings}"; + Restart = "always"; + RestartSec = 5; + Type = "simple"; + }; + }; + in + { + rkvm-server = mkIf cfg.server.enable (mkBase "server"); + rkvm-client = mkIf cfg.client.enable (mkBase "client"); + }; + }; + +} -- cgit 1.4.1 From 142074c2a84ea2f018ed729e9ff6ee97c4f022b8 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Wed, 18 Oct 2023 22:59:26 +0200 Subject: nixos: fix bad mkEnableOption descriptions Fix descriptions that don't account for (1) the "Whether to enable" prefix or (2) the automatically added trailing dot. --- nixos/modules/config/iproute2.nix | 2 +- nixos/modules/config/stevenblack.nix | 2 +- nixos/modules/hardware/corectrl.nix | 4 ++-- nixos/modules/hardware/i2c.nix | 2 +- nixos/modules/hardware/keyboard/uhk.nix | 2 +- nixos/modules/hardware/keyboard/zsa.nix | 2 +- nixos/modules/hardware/openrazer.nix | 2 +- nixos/modules/hardware/tuxedo-keyboard.nix | 2 +- nixos/modules/hardware/video/nvidia.nix | 26 +++++++++++----------- nixos/modules/hardware/video/webcam/facetimehd.nix | 2 +- nixos/modules/misc/nixops-autoluks.nix | 2 +- nixos/modules/programs/calls.nix | 2 +- nixos/modules/programs/cnping.nix | 2 +- nixos/modules/programs/direnv.nix | 2 +- nixos/modules/programs/feedbackd.nix | 4 ++-- nixos/modules/programs/kdeconnect.nix | 2 +- nixos/modules/programs/wayland/wayfire.nix | 2 +- nixos/modules/services/backup/znapzend.nix | 20 ++++++++--------- nixos/modules/services/databases/cassandra.nix | 2 +- nixos/modules/services/databases/ferretdb.nix | 2 +- nixos/modules/services/databases/redis.nix | 2 +- nixos/modules/services/databases/surrealdb.nix | 2 +- .../services/desktops/deepin/app-services.nix | 2 +- nixos/modules/services/desktops/deepin/dde-api.nix | 4 ++-- .../services/desktops/deepin/dde-daemon.nix | 2 +- .../desktops/gnome/gnome-browser-connector.nix | 4 ++-- nixos/modules/services/hardware/supergfxd.nix | 2 +- nixos/modules/services/hardware/tuxedo-rs.nix | 4 ++-- nixos/modules/services/mail/dovecot.nix | 2 +- nixos/modules/services/mail/mailman.nix | 2 +- nixos/modules/services/matrix/mjolnir.nix | 4 ++-- nixos/modules/services/misc/klipper.nix | 4 ++-- nixos/modules/services/misc/packagekit.nix | 4 ++-- nixos/modules/services/misc/rshim.nix | 2 +- nixos/modules/services/misc/sourcehut/default.nix | 2 +- nixos/modules/services/misc/tp-auto-kbbl.nix | 2 +- nixos/modules/services/misc/zoneminder.nix | 4 ++-- .../modules/services/monitoring/mackerel-agent.nix | 6 ++--- .../monitoring/prometheus/exporters/wireguard.nix | 2 +- .../network-filesystems/openafs/server.nix | 4 ++-- nixos/modules/services/networking/create_ap.nix | 2 +- nixos/modules/services/networking/dae.nix | 6 ++--- nixos/modules/services/networking/deconz.nix | 8 +++---- nixos/modules/services/networking/go-neb.nix | 2 +- nixos/modules/services/networking/hostapd.nix | 4 ++-- .../services/networking/hylafax/options.nix | 8 +++---- nixos/modules/services/networking/i2pd.nix | 8 +++---- .../services/networking/iscsi/initiator.nix | 2 +- nixos/modules/services/networking/nar-serve.nix | 2 +- nixos/modules/services/networking/nftables.nix | 2 +- .../services/networking/snowflake-proxy.nix | 2 +- nixos/modules/services/networking/yggdrasil.nix | 4 ++-- nixos/modules/services/system/earlyoom.nix | 2 +- nixos/modules/services/system/systembus-notify.nix | 2 +- nixos/modules/services/torrent/flexget.nix | 2 +- nixos/modules/services/video/mediamtx.nix | 2 +- nixos/modules/services/web-apps/cloudlog.nix | 2 +- nixos/modules/services/web-apps/hledger-web.nix | 2 +- nixos/modules/services/web-apps/isso.nix | 4 ++-- nixos/modules/services/web-apps/jitsi-meet.nix | 4 ++-- nixos/modules/services/web-apps/meme-bingo-web.nix | 4 ++-- nixos/modules/services/web-apps/phylactery.nix | 2 +- nixos/modules/services/web-apps/snipe-it.nix | 2 +- nixos/modules/services/web-apps/zitadel.nix | 2 +- .../modules/services/web-servers/keter/default.nix | 2 +- nixos/modules/services/web-servers/rustus.nix | 2 +- .../services/x11/desktop-managers/deepin.nix | 2 +- nixos/modules/system/activation/bootspec.nix | 2 +- nixos/modules/system/boot/grow-partition.nix | 2 +- .../system/boot/loader/external/external.nix | 2 +- nixos/modules/system/boot/systemd/homed.nix | 2 +- nixos/modules/system/boot/systemd/userdbd.nix | 2 +- 72 files changed, 121 insertions(+), 121 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/config/iproute2.nix b/nixos/modules/config/iproute2.nix index 8f49e7dbf7d..7e4fb4d848e 100644 --- a/nixos/modules/config/iproute2.nix +++ b/nixos/modules/config/iproute2.nix @@ -7,7 +7,7 @@ let in { options.networking.iproute2 = { - enable = mkEnableOption (lib.mdDoc "copy IP route configuration files"); + enable = mkEnableOption (lib.mdDoc "copying IP route configuration files"); rttablesExtraConfig = mkOption { type = types.lines; default = ""; diff --git a/nixos/modules/config/stevenblack.nix b/nixos/modules/config/stevenblack.nix index 07a0aa339a5..30ef7ff259f 100644 --- a/nixos/modules/config/stevenblack.nix +++ b/nixos/modules/config/stevenblack.nix @@ -15,7 +15,7 @@ let in { options.networking.stevenblack = { - enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist"); + enable = mkEnableOption (mdDoc "the stevenblack hosts file blocklist"); block = mkOption { type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]); diff --git a/nixos/modules/hardware/corectrl.nix b/nixos/modules/hardware/corectrl.nix index 965cbe0267e..8ef61a158d5 100644 --- a/nixos/modules/hardware/corectrl.nix +++ b/nixos/modules/hardware/corectrl.nix @@ -8,13 +8,13 @@ in { options.programs.corectrl = { enable = mkEnableOption (lib.mdDoc '' - A tool to overclock amd graphics cards and processors. + CoreCtrl, a tool to overclock amd graphics cards and processors. Add your user to the corectrl group to run corectrl without needing to enter your password ''); gpuOverclock = { enable = mkEnableOption (lib.mdDoc '' - true + GPU overclocking ''); ppfeaturemask = mkOption { type = types.str; diff --git a/nixos/modules/hardware/i2c.nix b/nixos/modules/hardware/i2c.nix index 9a5a2e44813..bd4c4ebe21b 100644 --- a/nixos/modules/hardware/i2c.nix +++ b/nixos/modules/hardware/i2c.nix @@ -11,7 +11,7 @@ in enable = mkEnableOption (lib.mdDoc '' i2c devices support. By default access is granted to users in the "i2c" group (will be created if non-existent) and any user with a seat, meaning - logged on the computer locally. + logged on the computer locally ''); group = mkOption { diff --git a/nixos/modules/hardware/keyboard/uhk.nix b/nixos/modules/hardware/keyboard/uhk.nix index 17baff83d88..ff984fa5daa 100644 --- a/nixos/modules/hardware/keyboard/uhk.nix +++ b/nixos/modules/hardware/keyboard/uhk.nix @@ -11,7 +11,7 @@ in non-root access to the firmware of UHK keyboards. You need it when you want to flash a new firmware on the keyboard. Access to the keyboard is granted to users in the "input" group. - You may want to install the uhk-agent package. + You may want to install the uhk-agent package ''); }; diff --git a/nixos/modules/hardware/keyboard/zsa.nix b/nixos/modules/hardware/keyboard/zsa.nix index a04b67b5c8d..191fb12cca4 100644 --- a/nixos/modules/hardware/keyboard/zsa.nix +++ b/nixos/modules/hardware/keyboard/zsa.nix @@ -11,7 +11,7 @@ in udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I. You need it when you want to flash a new configuration on the keyboard or use their live training in the browser. - You may want to install the wally-cli package. + You may want to install the wally-cli package ''); }; diff --git a/nixos/modules/hardware/openrazer.nix b/nixos/modules/hardware/openrazer.nix index aaa4000e758..abbafaee895 100644 --- a/nixos/modules/hardware/openrazer.nix +++ b/nixos/modules/hardware/openrazer.nix @@ -50,7 +50,7 @@ in options = { hardware.openrazer = { enable = mkEnableOption (lib.mdDoc '' - OpenRazer drivers and userspace daemon. + OpenRazer drivers and userspace daemon ''); verboseLogging = mkOption { diff --git a/nixos/modules/hardware/tuxedo-keyboard.nix b/nixos/modules/hardware/tuxedo-keyboard.nix index 3ae876bd1f1..fd8b48a5e9e 100644 --- a/nixos/modules/hardware/tuxedo-keyboard.nix +++ b/nixos/modules/hardware/tuxedo-keyboard.nix @@ -9,7 +9,7 @@ in { options.hardware.tuxedo-keyboard = { enable = mkEnableOption (lib.mdDoc '' - Enables the tuxedo-keyboard driver. + the tuxedo-keyboard driver. To configure the driver, pass the options to the {option}`boot.kernelParams` configuration. There are several parameters you can change. It's best to check at the source code description which options are supported. diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index a40713ac25c..4320edf60da 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -24,7 +24,7 @@ in { options = { hardware.nvidia = { datacenter.enable = lib.mkEnableOption (lib.mdDoc '' - Data Center drivers for NVIDIA cards on a NVLink topology. + Data Center drivers for NVIDIA cards on a NVLink topology ''); datacenter.settings = lib.mkOption { type = settingsFormat.type; @@ -79,18 +79,18 @@ in { powerManagement.enable = lib.mkEnableOption (lib.mdDoc '' experimental power management through systemd. For more information, see - the NVIDIA docs, on Chapter 21. Configuring Power Management Support. + the NVIDIA docs, on Chapter 21. Configuring Power Management Support ''); powerManagement.finegrained = lib.mkEnableOption (lib.mdDoc '' experimental power management of PRIME offload. For more information, see - the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management. + the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management ''); dynamicBoost.enable = lib.mkEnableOption (lib.mdDoc '' dynamic Boost balances power between the CPU and the GPU for improved performance on supported laptops using the nvidia-powerd daemon. For more - information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux. + information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux ''); modesetting.enable = lib.mkEnableOption (lib.mdDoc '' @@ -99,7 +99,7 @@ in { Enabling this fixes screen tearing when using Optimus via PRIME (see {option}`hardware.nvidia.prime.sync.enable`. This is not enabled by default because it is not officially supported by NVIDIA and would not - work with SLI. + work with SLI ''); prime.nvidiaBusId = lib.mkOption { @@ -153,11 +153,11 @@ in { Note that this configuration will only be successful when a display manager for which the {option}`services.xserver.displayManager.setupCommands` - option is supported is used. + option is supported is used ''); prime.allowExternalGpu = lib.mkEnableOption (lib.mdDoc '' - configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus. + configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus ''); prime.offload.enable = lib.mkEnableOption (lib.mdDoc '' @@ -166,7 +166,7 @@ in { If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and {option}`hardware.nvidia.prime.intelBusId` or - {option}`hardware.nvidia.prime.amdgpuBusId`). + {option}`hardware.nvidia.prime.amdgpuBusId`) ''); prime.offload.enableOffloadCmd = lib.mkEnableOption (lib.mdDoc '' @@ -174,7 +174,7 @@ in { for offloading programs to an nvidia device. To work, should have also enabled {option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`. - Example usage `nvidia-offload sauerbraten_client`. + Example usage `nvidia-offload sauerbraten_client` ''); prime.reverseSync.enable = lib.mkEnableOption (lib.mdDoc '' @@ -202,25 +202,25 @@ in { Note that this configuration will only be successful when a display manager for which the {option}`services.xserver.displayManager.setupCommands` - option is supported is used. + option is supported is used ''); nvidiaSettings = (lib.mkEnableOption (lib.mdDoc '' - nvidia-settings, NVIDIA's GUI configuration tool. + nvidia-settings, NVIDIA's GUI configuration tool '')) // {default = true;}; nvidiaPersistenced = lib.mkEnableOption (lib.mdDoc '' nvidia-persistenced a update for NVIDIA GPU headless mode, i.e. - It ensures all GPUs stay awake even during headless mode. + It ensures all GPUs stay awake even during headless mode ''); forceFullCompositionPipeline = lib.mkEnableOption (lib.mdDoc '' forcefully the full composition pipeline. This sometimes fixes screen tearing issues. This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL. - It also drastically increases the time the driver needs to clock down after load. + It also drastically increases the time the driver needs to clock down after load ''); package = lib.mkOption { diff --git a/nixos/modules/hardware/video/webcam/facetimehd.nix b/nixos/modules/hardware/video/webcam/facetimehd.nix index 480c636aa0d..a0ec9c98a54 100644 --- a/nixos/modules/hardware/video/webcam/facetimehd.nix +++ b/nixos/modules/hardware/video/webcam/facetimehd.nix @@ -12,7 +12,7 @@ in { - options.hardware.facetimehd.enable = mkEnableOption (lib.mdDoc "facetimehd kernel module"); + options.hardware.facetimehd.enable = mkEnableOption (lib.mdDoc "the facetimehd kernel module"); options.hardware.facetimehd.withCalibration = mkOption { default = false; diff --git a/nixos/modules/misc/nixops-autoluks.nix b/nixos/modules/misc/nixops-autoluks.nix index 221b34f3cc3..e6817633119 100644 --- a/nixos/modules/misc/nixops-autoluks.nix +++ b/nixos/modules/misc/nixops-autoluks.nix @@ -5,7 +5,7 @@ let inherit (config.nixops) enableDeprecatedAutoLuks; in { - options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption (lib.mdDoc "Enable the deprecated NixOps AutoLuks module"); + options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption (lib.mdDoc "the deprecated NixOps AutoLuks module"); config = { assertions = [ diff --git a/nixos/modules/programs/calls.nix b/nixos/modules/programs/calls.nix index 7a18982915a..3d757bc1fc3 100644 --- a/nixos/modules/programs/calls.nix +++ b/nixos/modules/programs/calls.nix @@ -8,7 +8,7 @@ in { options = { programs.calls = { enable = mkEnableOption (lib.mdDoc '' - Whether to enable GNOME calls: a phone dialer and call handler. + GNOME calls: a phone dialer and call handler ''); }; }; diff --git a/nixos/modules/programs/cnping.nix b/nixos/modules/programs/cnping.nix index d3cf659d429..143267fc9a4 100644 --- a/nixos/modules/programs/cnping.nix +++ b/nixos/modules/programs/cnping.nix @@ -8,7 +8,7 @@ in { options = { programs.cnping = { - enable = mkEnableOption (lib.mdDoc "Whether to install a setcap wrapper for cnping"); + enable = mkEnableOption (lib.mdDoc "a setcap wrapper for cnping"); }; }; diff --git a/nixos/modules/programs/direnv.nix b/nixos/modules/programs/direnv.nix index 1a80cb20280..77a6568e73b 100644 --- a/nixos/modules/programs/direnv.nix +++ b/nixos/modules/programs/direnv.nix @@ -11,7 +11,7 @@ in { enable = lib.mkEnableOption (lib.mdDoc '' direnv integration. Takes care of both installation and setting up the sourcing of the shell. Additionally enables nix-direnv - integration. Note that you need to logout and login for this change to apply. + integration. Note that you need to logout and login for this change to apply ''); package = lib.mkPackageOptionMD pkgs "direnv" {}; diff --git a/nixos/modules/programs/feedbackd.nix b/nixos/modules/programs/feedbackd.nix index cee8daa3146..e3fde947a3d 100644 --- a/nixos/modules/programs/feedbackd.nix +++ b/nixos/modules/programs/feedbackd.nix @@ -8,9 +8,9 @@ in { options = { programs.feedbackd = { enable = mkEnableOption (lib.mdDoc '' - Whether to enable the feedbackd D-BUS service and udev rules. + the feedbackd D-BUS service and udev rules. - Your user needs to be in the `feedbackd` group to trigger effects. + Your user needs to be in the `feedbackd` group to trigger effects ''); package = mkOption { description = lib.mdDoc '' diff --git a/nixos/modules/programs/kdeconnect.nix b/nixos/modules/programs/kdeconnect.nix index 4978c428ce3..4ba156f2db8 100644 --- a/nixos/modules/programs/kdeconnect.nix +++ b/nixos/modules/programs/kdeconnect.nix @@ -9,7 +9,7 @@ with lib; 1714 to 1764 as they are needed for it to function properly. You can use the {option}`package` to use `gnomeExtensions.gsconnect` as an alternative - implementation if you use Gnome. + implementation if you use Gnome ''); package = mkOption { default = pkgs.plasma5Packages.kdeconnect-kde; diff --git a/nixos/modules/programs/wayland/wayfire.nix b/nixos/modules/programs/wayland/wayfire.nix index d0b280e3940..9ea2010cf59 100644 --- a/nixos/modules/programs/wayland/wayfire.nix +++ b/nixos/modules/programs/wayland/wayfire.nix @@ -6,7 +6,7 @@ in meta.maintainers = with lib.maintainers; [ rewine ]; options.programs.wayfire = { - enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots."); + enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots"); package = lib.mkPackageOptionMD pkgs "wayfire" { }; diff --git a/nixos/modules/services/backup/znapzend.nix b/nixos/modules/services/backup/znapzend.nix index 76f147c18af..2ebe8ad2f69 100644 --- a/nixos/modules/services/backup/znapzend.nix +++ b/nixos/modules/services/backup/znapzend.nix @@ -359,14 +359,14 @@ in }; features.oracleMode = mkEnableOption (lib.mdDoc '' - Destroy snapshots one by one instead of using one long argument list. + destroying snapshots one by one instead of using one long argument list. If source and destination are out of sync for a long time, you may have so many snapshots to destroy that the argument gets is too long and the - command fails. + command fails ''); features.recvu = mkEnableOption (lib.mdDoc '' recvu feature which uses `-u` on the receiving end to keep the destination - filesystem unmounted. + filesystem unmounted ''); features.compressed = mkEnableOption (lib.mdDoc '' compressed feature which adds the options `-Lce` to @@ -377,7 +377,7 @@ in support and -e is for embedded data support. see {manpage}`znapzend(1)` and {manpage}`zfs(8)` - for more info. + for more info ''); features.sendRaw = mkEnableOption (lib.mdDoc '' sendRaw feature which adds the options `-w` to the @@ -386,25 +386,25 @@ in backup that can't be read without the encryption key/passphrase, useful when the remote isn't fully trusted or not physically secure. This option must be used consistently, raw incrementals cannot be based on - non-raw snapshots and vice versa. + non-raw snapshots and vice versa ''); features.skipIntermediates = mkEnableOption (lib.mdDoc '' - Enable the skipIntermediates feature to send a single increment + the skipIntermediates feature to send a single increment between latest common snapshot and the newly made one. It may skip several source snaps if the destination was offline for some time, and it should skip snapshots not managed by znapzend. Normally for online destinations, the new snapshot is sent as soon as it is created on the - source, so there are no automatic increments to skip. + source, so there are no automatic increments to skip ''); features.lowmemRecurse = mkEnableOption (lib.mdDoc '' use lowmemRecurse on systems where you have too many datasets, so a recursive listing of attributes to find backup plans exhausts the memory available to {command}`znapzend`: instead, go the slower way to first list all impacted dataset names, and then query their - configs one by one. + configs one by one ''); features.zfsGetType = mkEnableOption (lib.mdDoc '' - use zfsGetType if your {command}`zfs get` supports a + using zfsGetType if your {command}`zfs get` supports a `-t` argument for filtering by dataset type at all AND lists properties for snapshots by default when recursing, so that there is too much data to process while searching for backup plans. @@ -412,7 +412,7 @@ in `--recursive` search for backup plans can literally differ by hundreds of times (depending on the amount of snapshots in that dataset tree... and a decent backup plan will ensure you have a lot - of those), so you would benefit from requesting this feature. + of those), so you would benefit from requesting this feature ''); }; }; diff --git a/nixos/modules/services/databases/cassandra.nix b/nixos/modules/services/databases/cassandra.nix index e26acb88d8c..cd816ffaf0d 100644 --- a/nixos/modules/services/databases/cassandra.nix +++ b/nixos/modules/services/databases/cassandra.nix @@ -122,7 +122,7 @@ in options.services.cassandra = { enable = mkEnableOption (lib.mdDoc '' - Apache Cassandra – Scalable and highly available database. + Apache Cassandra – Scalable and highly available database ''); clusterName = mkOption { diff --git a/nixos/modules/services/databases/ferretdb.nix b/nixos/modules/services/databases/ferretdb.nix index 5b2cc59d8c0..45f822d6469 100644 --- a/nixos/modules/services/databases/ferretdb.nix +++ b/nixos/modules/services/databases/ferretdb.nix @@ -11,7 +11,7 @@ in options = { services.ferretdb = { - enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative."; + enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative"; package = mkOption { type = types.package; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 1464f4487e3..86b295dadf4 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -75,7 +75,7 @@ in { Note that the NixOS module for Redis disables kernel support for Transparent Huge Pages (THP), because this features causes major performance problems for Redis, - e.g. (https://redis.io/topics/latency). + e.g. (https://redis.io/topics/latency) ''); user = mkOption { diff --git a/nixos/modules/services/databases/surrealdb.nix b/nixos/modules/services/databases/surrealdb.nix index 28bd97cd731..e1a1faed1f8 100644 --- a/nixos/modules/services/databases/surrealdb.nix +++ b/nixos/modules/services/databases/surrealdb.nix @@ -8,7 +8,7 @@ in { options = { services.surrealdb = { - enable = mkEnableOption (lib.mdDoc "A scalable, distributed, collaborative, document-graph database, for the realtime web "); + enable = mkEnableOption (lib.mdDoc "SurrealDB, a scalable, distributed, collaborative, document-graph database, for the realtime web"); package = mkOption { default = pkgs.surrealdb; diff --git a/nixos/modules/services/desktops/deepin/app-services.nix b/nixos/modules/services/desktops/deepin/app-services.nix index 6f9932e4873..4592bc7bb34 100644 --- a/nixos/modules/services/desktops/deepin/app-services.nix +++ b/nixos/modules/services/desktops/deepin/app-services.nix @@ -14,7 +14,7 @@ with lib; services.deepin.app-services = { - enable = mkEnableOption (lib.mdDoc "Service collection of DDE applications, including dconfig-center"); + enable = mkEnableOption (lib.mdDoc "service collection of DDE applications, including dconfig-center"); }; diff --git a/nixos/modules/services/desktops/deepin/dde-api.nix b/nixos/modules/services/desktops/deepin/dde-api.nix index 472d9860c10..459876febf2 100644 --- a/nixos/modules/services/desktops/deepin/dde-api.nix +++ b/nixos/modules/services/desktops/deepin/dde-api.nix @@ -15,8 +15,8 @@ with lib; services.deepin.dde-api = { enable = mkEnableOption (lib.mdDoc '' - Provides some dbus interfaces that is used for screen zone detecting, - thumbnail generating, and sound playing in Deepin Desktop Environment. + some dbus interfaces that is used for screen zone detecting, + thumbnail generating, and sound playing in Deepin Desktop Environment ''); }; diff --git a/nixos/modules/services/desktops/deepin/dde-daemon.nix b/nixos/modules/services/desktops/deepin/dde-daemon.nix index 9377f523ebf..356d323bcbd 100644 --- a/nixos/modules/services/desktops/deepin/dde-daemon.nix +++ b/nixos/modules/services/desktops/deepin/dde-daemon.nix @@ -14,7 +14,7 @@ with lib; services.deepin.dde-daemon = { - enable = mkEnableOption (lib.mdDoc "Daemon for handling the deepin session settings"); + enable = mkEnableOption (lib.mdDoc "daemon for handling the deepin session settings"); }; diff --git a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix index 9a45d839629..d18e303891e 100644 --- a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix +++ b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix @@ -24,8 +24,8 @@ in options = { services.gnome.gnome-browser-connector.enable = mkEnableOption (mdDoc '' - Native host connector for the GNOME Shell browser extension, a DBus service - allowing to install GNOME Shell extensions from a web browser. + native host connector for the GNOME Shell browser extension, a DBus service + allowing to install GNOME Shell extensions from a web browser ''); }; diff --git a/nixos/modules/services/hardware/supergfxd.nix b/nixos/modules/services/hardware/supergfxd.nix index bd82775e824..f7af993d723 100644 --- a/nixos/modules/services/hardware/supergfxd.nix +++ b/nixos/modules/services/hardware/supergfxd.nix @@ -7,7 +7,7 @@ in { options = { services.supergfxd = { - enable = lib.mkEnableOption (lib.mdDoc "Enable the supergfxd service"); + enable = lib.mkEnableOption (lib.mdDoc "the supergfxd service"); settings = lib.mkOption { type = lib.types.nullOr json.type; diff --git a/nixos/modules/services/hardware/tuxedo-rs.nix b/nixos/modules/services/hardware/tuxedo-rs.nix index 343f6845fab..0daccfef3a5 100644 --- a/nixos/modules/services/hardware/tuxedo-rs.nix +++ b/nixos/modules/services/hardware/tuxedo-rs.nix @@ -9,9 +9,9 @@ in { options = { hardware.tuxedo-rs = { - enable = mkEnableOption (lib.mdDoc "Rust utilities for interacting with hardware from TUXEDO Computers."); + enable = mkEnableOption (lib.mdDoc "Rust utilities for interacting with hardware from TUXEDO Computers"); - tailor-gui.enable = mkEnableOption (lib.mdDoc "Alternative to TUXEDO Control Center, written in Rust."); + tailor-gui.enable = mkEnableOption (lib.mdDoc "tailor-gui, an alternative to TUXEDO Control Center, written in Rust"); }; }; diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 21bafd859c3..abbb2f32e6c 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -302,7 +302,7 @@ in enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; }; - enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange") // { default = true; }; + enableDHE = mkEnableOption (lib.mdDoc "ssl_dh and generation of primes for the key exchange") // { default = true; }; sieveScripts = mkOption { type = types.attrsOf types.path; diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 9f43d5829f0..9cc1ade3f41 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -260,7 +260,7 @@ in { }; serve = { - enable = mkEnableOption (lib.mdDoc "Automatic nginx and uwsgi setup for mailman-web"); + enable = mkEnableOption (lib.mdDoc "automatic nginx and uwsgi setup for mailman-web"); virtualRoot = mkOption { default = "/"; diff --git a/nixos/modules/services/matrix/mjolnir.nix b/nixos/modules/services/matrix/mjolnir.nix index 0824be66334..4e9a915c23c 100644 --- a/nixos/modules/services/matrix/mjolnir.nix +++ b/nixos/modules/services/matrix/mjolnir.nix @@ -96,8 +96,8 @@ in type = types.submodule { options = { enable = mkEnableOption (lib.mdDoc '' - If true, accessToken is ignored and the username/password below will be - used instead. The access token of the bot will be stored in the dataPath. + ignoring the accessToken. If true, accessToken is ignored and the username/password below will be + used instead. The access token of the bot will be stored in the dataPath ''); username = mkOption { diff --git a/nixos/modules/services/misc/klipper.nix b/nixos/modules/services/misc/klipper.nix index 67a217c994e..9eb2fdb4659 100644 --- a/nixos/modules/services/misc/klipper.nix +++ b/nixos/modules/services/misc/klipper.nix @@ -111,11 +111,11 @@ in (submodule { options = { enable = mkEnableOption (lib.mdDoc '' - building of firmware for manual flashing. + building of firmware for manual flashing ''); enableKlipperFlash = mkEnableOption (lib.mdDoc '' flashings scripts for firmware. This will add `klipper-flash-$mcu` scripts to your environment which can be called to flash the firmware. - Please check the configs at [klipper](https://github.com/Klipper3d/klipper/tree/master/config) whether your board supports flashing via `make flash`. + Please check the configs at [klipper](https://github.com/Klipper3d/klipper/tree/master/config) whether your board supports flashing via `make flash` ''); serial = mkOption { type = types.nullOr path; diff --git a/nixos/modules/services/misc/packagekit.nix b/nixos/modules/services/misc/packagekit.nix index f3e6bf50e9b..5a0d314d25c 100644 --- a/nixos/modules/services/misc/packagekit.nix +++ b/nixos/modules/services/misc/packagekit.nix @@ -40,9 +40,9 @@ in options.services.packagekit = { enable = mkEnableOption (lib.mdDoc '' - PackageKit provides a cross-platform D-Bus abstraction layer for + PackageKit, a cross-platform D-Bus abstraction layer for installing software. Software utilizing PackageKit can install - software regardless of the package manager. + software regardless of the package manager ''); settings = mkOption { diff --git a/nixos/modules/services/misc/rshim.nix b/nixos/modules/services/misc/rshim.nix index 0fef2cc228c..706cf9136b0 100644 --- a/nixos/modules/services/misc/rshim.nix +++ b/nixos/modules/services/misc/rshim.nix @@ -12,7 +12,7 @@ let in { options.services.rshim = { - enable = lib.mkEnableOption (lib.mdDoc "User-space rshim driver for the BlueField SoC"); + enable = lib.mkEnableOption (lib.mdDoc "user-space rshim driver for the BlueField SoC"); package = lib.mkPackageOptionMD pkgs "rshim-user-space" { }; diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 580a009a0ad..bee97166297 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -438,7 +438,7 @@ in }; options."lists.sr.ht" = commonServiceSettings "lists" // { - allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists"); + allow-new-lists = mkEnableOption (lib.mdDoc "creation of new lists"); notify-from = mkOption { description = lib.mdDoc "Outgoing email for notifications generated by users."; type = types.str; diff --git a/nixos/modules/services/misc/tp-auto-kbbl.nix b/nixos/modules/services/misc/tp-auto-kbbl.nix index 8d92d3d9367..1076c814e86 100644 --- a/nixos/modules/services/misc/tp-auto-kbbl.nix +++ b/nixos/modules/services/misc/tp-auto-kbbl.nix @@ -9,7 +9,7 @@ in { options = { services.tp-auto-kbbl = { - enable = mkEnableOption (lib.mdDoc "Auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux"); + enable = mkEnableOption (lib.mdDoc "auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index b2e4e760d82..fca03b2ad4e 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -67,14 +67,14 @@ in { options = { services.zoneminder = with lib; { enable = lib.mkEnableOption (lib.mdDoc '' - ZoneMinder + ZoneMinder. If you intend to run the database locally, you should set `config.services.zoneminder.database.createLocally` to true. Otherwise, when set to `false` (the default), you will have to create the database and database user as well as populate the database yourself. Additionally, you will need to run `zmupdate.pl` yourself when - upgrading to a newer version. + upgrading to a newer version ''); webserver = mkOption { diff --git a/nixos/modules/services/monitoring/mackerel-agent.nix b/nixos/modules/services/monitoring/mackerel-agent.nix index 67dc1bc19ed..62a7858500f 100644 --- a/nixos/modules/services/monitoring/mackerel-agent.nix +++ b/nixos/modules/services/monitoring/mackerel-agent.nix @@ -11,10 +11,10 @@ in { # the upstream package runs as root, but doesn't seem to be strictly # necessary for basic functionality - runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root"); + runAsRoot = mkEnableOption (lib.mdDoc "running as root"); autoRetirement = mkEnableOption (lib.mdDoc '' - Whether to automatically retire the host upon OS shutdown. + retiring the host upon OS shutdown ''); apiKeyFile = mkOption { @@ -59,7 +59,7 @@ in { }; options.diagnostic = - mkEnableOption (lib.mdDoc "Collect memory usage for the agent itself"); + mkEnableOption (lib.mdDoc "collecting memory usage for the agent itself"); }; }; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index c98dcd9f64b..9b759031493 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -11,7 +11,7 @@ in { ({ options.warnings = options.warnings; options.assertions = options.assertions; }) ]; extraOpts = { - verbose = mkEnableOption (lib.mdDoc "Verbose logging mode for prometheus-wireguard-exporter"); + verbose = mkEnableOption (lib.mdDoc "verbose logging mode for prometheus-wireguard-exporter"); wireguardConfig = mkOption { type = with types; nullOr (either path str); diff --git a/nixos/modules/services/network-filesystems/openafs/server.nix b/nixos/modules/services/network-filesystems/openafs/server.nix index ad0fd783567..fbaa7cfc192 100644 --- a/nixos/modules/services/network-filesystems/openafs/server.nix +++ b/nixos/modules/services/network-filesystems/openafs/server.nix @@ -177,13 +177,13 @@ in { backup = { enable = mkEnableOption (lib.mdDoc '' - Backup server role. When using OpenAFS built-in buserver, use in conjunction with the + the backup server role. When using OpenAFS built-in buserver, use in conjunction with the `database` role to maintain the Backup Database. Normally only used in conjunction with tape storage or IBM's Tivoli Storage Manager. For a modern backup server, enable this role and see - {option}`enableFabs`. + {option}`enableFabs` ''); enableFabs = mkEnableOption (lib.mdDoc '' diff --git a/nixos/modules/services/networking/create_ap.nix b/nixos/modules/services/networking/create_ap.nix index e772cf21ec5..994aa6d36d2 100644 --- a/nixos/modules/services/networking/create_ap.nix +++ b/nixos/modules/services/networking/create_ap.nix @@ -8,7 +8,7 @@ let in { options = { services.create_ap = { - enable = mkEnableOption (lib.mdDoc "setup wifi hotspots using create_ap"); + enable = mkEnableOption (lib.mdDoc "setting up wifi hotspots using create_ap"); settings = mkOption { type = with types; attrsOf (oneOf [ int bool str ]); default = {}; diff --git a/nixos/modules/services/networking/dae.nix b/nixos/modules/services/networking/dae.nix index 3c7f386d2d4..cf3fead19be 100644 --- a/nixos/modules/services/networking/dae.nix +++ b/nixos/modules/services/networking/dae.nix @@ -14,7 +14,7 @@ in options = { services.dae = with lib;{ enable = mkEnableOption - (mdDoc "A Linux high-performance transparent proxy solution based on eBPF"); + (mdDoc "dae, a Linux high-performance transparent proxy solution based on eBPF"); package = mkPackageOptionMD pkgs "dae" { }; @@ -46,7 +46,7 @@ in openFirewall = mkOption { type = with types; submodule { options = { - enable = mkEnableOption "enable"; + enable = mkEnableOption (mdDoc "opening {option}`port` in the firewall"); port = mkOption { type = types.port; description = '' @@ -91,7 +91,7 @@ in }; disableTxChecksumIpGeneric = - mkEnableOption (mdDoc "See "); + mkEnableOption "" // { description = mdDoc "See "; }; }; }; diff --git a/nixos/modules/services/networking/deconz.nix b/nixos/modules/services/networking/deconz.nix index 1fe10373321..05b72470877 100644 --- a/nixos/modules/services/networking/deconz.nix +++ b/nixos/modules/services/networking/deconz.nix @@ -54,13 +54,13 @@ in description = "TCP port for the WebSocket."; }; - openFirewall = lib.mkEnableOption "open up the service ports in the firewall"; + openFirewall = lib.mkEnableOption "opening up the service ports in the firewall"; - allowRebootSystem = lib.mkEnableOption "allow rebooting the system"; + allowRebootSystem = lib.mkEnableOption "rebooting the system"; - allowRestartService = lib.mkEnableOption "allow killing/restarting processes"; + allowRestartService = lib.mkEnableOption "killing/restarting processes"; - allowSetSystemTime = lib.mkEnableOption "allow setting the system time"; + allowSetSystemTime = lib.mkEnableOption "setting the system time"; extraArgs = lib.mkOption { type = lib.types.listOf lib.types.str; diff --git a/nixos/modules/services/networking/go-neb.nix b/nixos/modules/services/networking/go-neb.nix index b65bb5f548e..78d24ecf17d 100644 --- a/nixos/modules/services/networking/go-neb.nix +++ b/nixos/modules/services/networking/go-neb.nix @@ -9,7 +9,7 @@ let configFile = settingsFormat.generate "config.yaml" cfg.config; in { options.services.go-neb = { - enable = mkEnableOption (lib.mdDoc "Extensible matrix bot written in Go"); + enable = mkEnableOption (lib.mdDoc "an extensible matrix bot written in Go"); bindAddress = mkOption { type = types.str; diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix index 4ec066c2ec9..ffb15446305 100644 --- a/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix @@ -116,10 +116,10 @@ in { options = { services.hostapd = { enable = mkEnableOption (mdDoc '' - Whether to enable hostapd. hostapd is a user space daemon for access point and + hostapd, a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS - authentication server. + authentication server ''); package = mkPackageOption pkgs "hostapd" {}; diff --git a/nixos/modules/services/networking/hylafax/options.nix b/nixos/modules/services/networking/hylafax/options.nix index 82c144236f3..49b2bef90a5 100644 --- a/nixos/modules/services/networking/hylafax/options.nix +++ b/nixos/modules/services/networking/hylafax/options.nix @@ -272,18 +272,18 @@ in }; faxcron.enable.spoolInit = mkEnableOption (lib.mdDoc '' - Purge old files from the spooling area with + purging old files from the spooling area with {file}`faxcron` - each time the spooling area is initialized. + each time the spooling area is initialized ''); faxcron.enable.frequency = mkOption { type = nullOr nonEmptyStr; default = null; example = "daily"; description = lib.mdDoc '' - Purge old files from the spooling area with + purging old files from the spooling area with {file}`faxcron` with the given frequency - (see systemd.time(7)). + (see systemd.time(7)) ''; }; faxcron.infoDays = mkOption { diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index c940324ad09..f872daf05b8 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -265,7 +265,7 @@ in ''; }; - logCLFTime = mkEnableOption (lib.mdDoc "Full CLF-formatted date and time to log"); + logCLFTime = mkEnableOption (lib.mdDoc "full CLF-formatted date and time to log"); address = mkOption { type = with types; nullOr str; @@ -456,7 +456,7 @@ in ''; }; - trust.enable = mkEnableOption (lib.mdDoc "Explicit trust options"); + trust.enable = mkEnableOption (lib.mdDoc "explicit trust options"); trust.family = mkOption { type = with types; nullOr str; @@ -474,7 +474,7 @@ in ''; }; - trust.hidden = mkEnableOption (lib.mdDoc "Router concealment"); + trust.hidden = mkEnableOption (lib.mdDoc "router concealment"); websocket = mkEndpointOpt "websockets" "127.0.0.1" 7666; @@ -552,7 +552,7 @@ in proto.http = (mkEndpointOpt "http" "127.0.0.1" 7070) // { - auth = mkEnableOption (lib.mdDoc "Webconsole authentication"); + auth = mkEnableOption (lib.mdDoc "webconsole authentication"); user = mkOption { type = types.str; diff --git a/nixos/modules/services/networking/iscsi/initiator.nix b/nixos/modules/services/networking/iscsi/initiator.nix index d2865a660ea..9c71a988f29 100644 --- a/nixos/modules/services/networking/iscsi/initiator.nix +++ b/nixos/modules/services/networking/iscsi/initiator.nix @@ -7,7 +7,7 @@ in enable = mkEnableOption (lib.mdDoc "the openiscsi iscsi daemon"); enableAutoLoginOut = mkEnableOption (lib.mdDoc '' automatic login and logout of all automatic targets. - You probably do not want this. + You probably do not want this ''); discoverPortal = mkOption { type = nullOr str; diff --git a/nixos/modules/services/networking/nar-serve.nix b/nixos/modules/services/networking/nar-serve.nix index beee53c8a24..b8b76120e44 100644 --- a/nixos/modules/services/networking/nar-serve.nix +++ b/nixos/modules/services/networking/nar-serve.nix @@ -10,7 +10,7 @@ in }; options = { services.nar-serve = { - enable = mkEnableOption (lib.mdDoc "Serve NAR file contents via HTTP"); + enable = mkEnableOption (lib.mdDoc "serving NAR file contents via HTTP"); port = mkOption { type = types.port; diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index a0afdb45275..424d005dc0b 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -103,7 +103,7 @@ in ''; }; - networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "Flush the entire ruleset on each reload."); + networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "flushing the entire ruleset on each reload"); networking.nftables.extraDeletions = mkOption { type = types.lines; diff --git a/nixos/modules/services/networking/snowflake-proxy.nix b/nixos/modules/services/networking/snowflake-proxy.nix index ca015ed9d44..19b68f1e20b 100644 --- a/nixos/modules/services/networking/snowflake-proxy.nix +++ b/nixos/modules/services/networking/snowflake-proxy.nix @@ -8,7 +8,7 @@ in { options = { services.snowflake-proxy = { - enable = mkEnableOption (lib.mdDoc "System to defeat internet censorship"); + enable = mkEnableOption (lib.mdDoc "snowflake-proxy, a system to defeat internet censorship"); broker = mkOption { description = lib.mdDoc "Broker URL (default \"https://snowflake-broker.torproject.net/\")"; diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 8335583d2da..56d81fb0401 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -116,9 +116,9 @@ in }; persistentKeys = mkEnableOption (lib.mdDoc '' - If enabled then keys will be generated once and Yggdrasil + persistent keys. If enabled then keys will be generated once and Yggdrasil will retain the same IPv6 address when the service is - restarted. Keys are stored at ${keysPath}. + restarted. Keys are stored at ${keysPath} ''); extraArgs = mkOption { diff --git a/nixos/modules/services/system/earlyoom.nix b/nixos/modules/services/system/earlyoom.nix index 3f501d45346..38805eba2ca 100644 --- a/nixos/modules/services/system/earlyoom.nix +++ b/nixos/modules/services/system/earlyoom.nix @@ -11,7 +11,7 @@ let in { options.services.earlyoom = { - enable = mkEnableOption (lib.mdDoc "Early out of memory killing"); + enable = mkEnableOption (lib.mdDoc "early out of memory killing"); freeMemThreshold = mkOption { type = types.ints.between 1 100; diff --git a/nixos/modules/services/system/systembus-notify.nix b/nixos/modules/services/system/systembus-notify.nix index 269197b3997..f79879fa136 100644 --- a/nixos/modules/services/system/systembus-notify.nix +++ b/nixos/modules/services/system/systembus-notify.nix @@ -13,7 +13,7 @@ in WARNING: enabling this option (while convenient) should *not* be done on a machine where you do not trust the other users as it allows any other - local user to DoS your session by spamming notifications. + local user to DoS your session by spamming notifications ''); }; diff --git a/nixos/modules/services/torrent/flexget.nix b/nixos/modules/services/torrent/flexget.nix index 1b971838b32..5cd7ae6ad7d 100644 --- a/nixos/modules/services/torrent/flexget.nix +++ b/nixos/modules/services/torrent/flexget.nix @@ -14,7 +14,7 @@ let in { options = { services.flexget = { - enable = mkEnableOption (lib.mdDoc "Run FlexGet Daemon"); + enable = mkEnableOption (lib.mdDoc "FlexGet daemon"); package = mkPackageOptionMD pkgs "flexget" {}; diff --git a/nixos/modules/services/video/mediamtx.nix b/nixos/modules/services/video/mediamtx.nix index c3abd9cdcc5..50f8e881027 100644 --- a/nixos/modules/services/video/mediamtx.nix +++ b/nixos/modules/services/video/mediamtx.nix @@ -40,7 +40,7 @@ in }; allowVideoAccess = lib.mkEnableOption (lib.mdDoc '' - Enable access to video devices like cameras on the system. + access to video devices like cameras on the system ''); }; }; diff --git a/nixos/modules/services/web-apps/cloudlog.nix b/nixos/modules/services/web-apps/cloudlog.nix index da2cf93d7f1..5519d6967a1 100644 --- a/nixos/modules/services/web-apps/cloudlog.nix +++ b/nixos/modules/services/web-apps/cloudlog.nix @@ -69,7 +69,7 @@ let in { options.services.cloudlog = with types; { - enable = mkEnableOption (mdDoc "Whether to enable Cloudlog"); + enable = mkEnableOption (mdDoc "Cloudlog"); dataDir = mkOption { type = str; default = "/var/lib/cloudlog"; diff --git a/nixos/modules/services/web-apps/hledger-web.nix b/nixos/modules/services/web-apps/hledger-web.nix index 0fc283ff521..be8ecc645e5 100644 --- a/nixos/modules/services/web-apps/hledger-web.nix +++ b/nixos/modules/services/web-apps/hledger-web.nix @@ -7,7 +7,7 @@ in { enable = mkEnableOption (lib.mdDoc "hledger-web service"); - serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI"); + serveApi = mkEnableOption (lib.mdDoc "serving only the JSON web API, without the web UI"); host = mkOption { type = types.str; diff --git a/nixos/modules/services/web-apps/isso.nix b/nixos/modules/services/web-apps/isso.nix index 1a852ec352f..6cb2d9ec785 100644 --- a/nixos/modules/services/web-apps/isso.nix +++ b/nixos/modules/services/web-apps/isso.nix @@ -12,11 +12,11 @@ in { options = { services.isso = { enable = mkEnableOption (lib.mdDoc '' - A commenting server similar to Disqus. + isso, a commenting server similar to Disqus. Note: The application's author suppose to run isso behind a reverse proxy. The embedded solution offered by NixOS is also only suitable for small installations - below 20 requests per second. + below 20 requests per second ''); settings = mkOption { diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index 3825b03c244..21416be3587 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -105,9 +105,9 @@ in type = bool; default = true; description = lib.mdDoc '' - Whether to enable Jitsi Videobridge instance and configure it to connect to Prosody. + Jitsi Videobridge instance and configure it to connect to Prosody. - Additional configuration is possible with {option}`services.jitsi-videobridge`. + Additional configuration is possible with {option}`services.jitsi-videobridge` ''; }; diff --git a/nixos/modules/services/web-apps/meme-bingo-web.nix b/nixos/modules/services/web-apps/meme-bingo-web.nix index cb864321ef2..652dc884025 100644 --- a/nixos/modules/services/web-apps/meme-bingo-web.nix +++ b/nixos/modules/services/web-apps/meme-bingo-web.nix @@ -8,9 +8,9 @@ in { options = { services.meme-bingo-web = { enable = mkEnableOption (mdDoc '' - A web app for the meme bingo, rendered entirely on the web server and made interactive with forms. + a web app for the meme bingo, rendered entirely on the web server and made interactive with forms. - Note: The application's author suppose to run meme-bingo-web behind a reverse proxy for SSL and HTTP/3. + Note: The application's author suppose to run meme-bingo-web behind a reverse proxy for SSL and HTTP/3 ''); package = mkOption { diff --git a/nixos/modules/services/web-apps/phylactery.nix b/nixos/modules/services/web-apps/phylactery.nix index 4801bd203b4..723b38ee75d 100644 --- a/nixos/modules/services/web-apps/phylactery.nix +++ b/nixos/modules/services/web-apps/phylactery.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.services.phylactery; in { options.services.phylactery = { - enable = mkEnableOption (lib.mdDoc "Whether to enable Phylactery server"); + enable = mkEnableOption (lib.mdDoc "Phylactery server"); host = mkOption { type = types.str; diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix index e861a418519..9cba5cb4fa9 100644 --- a/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixos/modules/services/web-apps/snipe-it.nix @@ -30,7 +30,7 @@ let in { options.services.snipe-it = { - enable = mkEnableOption (lib.mdDoc "A free open source IT asset/license management system"); + enable = mkEnableOption (lib.mdDoc "snipe-it, a free open source IT asset/license management system"); user = mkOption { default = "snipeit"; diff --git a/nixos/modules/services/web-apps/zitadel.nix b/nixos/modules/services/web-apps/zitadel.nix index f225d138cc4..99b0a0bc56f 100644 --- a/nixos/modules/services/web-apps/zitadel.nix +++ b/nixos/modules/services/web-apps/zitadel.nix @@ -9,7 +9,7 @@ in options.services.zitadel = let inherit (lib) mkEnableOption mkOption mkPackageOption types; in { - enable = mkEnableOption "ZITADEL, a user and identity access management platform."; + enable = mkEnableOption "ZITADEL, a user and identity access management platform"; package = mkPackageOption pkgs "ZITADEL" { default = [ "zitadel" ]; }; diff --git a/nixos/modules/services/web-servers/keter/default.nix b/nixos/modules/services/web-servers/keter/default.nix index 3916c486475..0cd9c30cea1 100644 --- a/nixos/modules/services/web-servers/keter/default.nix +++ b/nixos/modules/services/web-servers/keter/default.nix @@ -16,7 +16,7 @@ in options.services.keter = { enable = lib.mkEnableOption (lib.mdDoc ''keter, a web app deployment manager. Note that this module only support loading of webapps: -Keep an old app running and swap the ports when the new one is booted. +Keep an old app running and swap the ports when the new one is booted ''); root = lib.mkOption { diff --git a/nixos/modules/services/web-servers/rustus.nix b/nixos/modules/services/web-servers/rustus.nix index 878d790e366..6d3b2e6a65d 100644 --- a/nixos/modules/services/web-servers/rustus.nix +++ b/nixos/modules/services/web-servers/rustus.nix @@ -8,7 +8,7 @@ in options.services.rustus = { - enable = mkEnableOption (lib.mdDoc "TUS protocol implementation in Rust."); + enable = mkEnableOption (lib.mdDoc "TUS protocol implementation in Rust"); host = mkOption { type = types.str; diff --git a/nixos/modules/services/x11/desktop-managers/deepin.nix b/nixos/modules/services/x11/desktop-managers/deepin.nix index b2369e2426f..28d75130589 100644 --- a/nixos/modules/services/x11/desktop-managers/deepin.nix +++ b/nixos/modules/services/x11/desktop-managers/deepin.nix @@ -15,7 +15,7 @@ in options = { services.xserver.desktopManager.deepin = { - enable = mkEnableOption (lib.mdDoc "Enable Deepin desktop manager"); + enable = mkEnableOption (lib.mdDoc "Deepin desktop manager"); extraGSettingsOverrides = mkOption { default = ""; type = types.lines; diff --git a/nixos/modules/system/activation/bootspec.nix b/nixos/modules/system/activation/bootspec.nix index 9e1fa309d5d..98c234bc340 100644 --- a/nixos/modules/system/activation/bootspec.nix +++ b/nixos/modules/system/activation/bootspec.nix @@ -79,7 +79,7 @@ in // { default = true; internal = true; }; enableValidation = lib.mkEnableOption (lib.mdDoc ''the validation of bootspec documents for each build. This will introduce Go in the build-time closure as we are relying on [Cuelang](https://cuelang.org/) for schema validation. - Enable this option if you want to ascertain that your documents are correct. + Enable this option if you want to ascertain that your documents are correct '' ); diff --git a/nixos/modules/system/boot/grow-partition.nix b/nixos/modules/system/boot/grow-partition.nix index 1ce4d5e5623..897602f9826 100644 --- a/nixos/modules/system/boot/grow-partition.nix +++ b/nixos/modules/system/boot/grow-partition.nix @@ -12,7 +12,7 @@ with lib; ]; options = { - boot.growPartition = mkEnableOption (lib.mdDoc "grow the root partition on boot"); + boot.growPartition = mkEnableOption (lib.mdDoc "growing the root partition on boot"); }; config = mkIf config.boot.growPartition { diff --git a/nixos/modules/system/boot/loader/external/external.nix b/nixos/modules/system/boot/loader/external/external.nix index 926cbd2b4b3..78982356a9e 100644 --- a/nixos/modules/system/boot/loader/external/external.nix +++ b/nixos/modules/system/boot/loader/external/external.nix @@ -12,7 +12,7 @@ in }; options.boot.loader.external = { - enable = mkEnableOption (lib.mdDoc "use an external tool to install your bootloader"); + enable = mkEnableOption (lib.mdDoc "using an external tool to install your bootloader"); installHook = mkOption { type = with types; path; diff --git a/nixos/modules/system/boot/systemd/homed.nix b/nixos/modules/system/boot/systemd/homed.nix index 403d1690124..b216820c0c0 100644 --- a/nixos/modules/system/boot/systemd/homed.nix +++ b/nixos/modules/system/boot/systemd/homed.nix @@ -5,7 +5,7 @@ let in { options.services.homed.enable = lib.mkEnableOption (lib.mdDoc '' - Enable systemd home area/user account manager + systemd home area/user account manager ''); config = lib.mkIf cfg.enable { diff --git a/nixos/modules/system/boot/systemd/userdbd.nix b/nixos/modules/system/boot/systemd/userdbd.nix index 994aa3ca3b8..e7f6d42341c 100644 --- a/nixos/modules/system/boot/systemd/userdbd.nix +++ b/nixos/modules/system/boot/systemd/userdbd.nix @@ -5,7 +5,7 @@ let in { options.services.userdbd.enable = lib.mkEnableOption (lib.mdDoc '' - Enables the systemd JSON user/group record lookup service + the systemd JSON user/group record lookup service ''); config = lib.mkIf cfg.enable { systemd.additionalUpstreamSystemUnits = [ -- cgit 1.4.1 From e6321d2788254242956443c624a026cba9f9f3d6 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Fri, 20 Oct 2023 19:55:39 +0200 Subject: treewide: remove execute bit for non-executable `*.nix` files --- nixos/modules/services/misc/confd.nix | 0 pkgs/applications/audio/soundwireserver/default.nix | 0 pkgs/applications/editors/neovim/neovim-gtk.nix | 0 pkgs/applications/graphics/structorizer/default.nix | 0 pkgs/applications/misc/fluxboxlauncher/default.nix | 0 pkgs/applications/science/biology/poretools/default.nix | 0 pkgs/applications/science/biology/trimal/default.nix | 0 pkgs/applications/science/biology/vcftools/default.nix | 0 pkgs/applications/virtualization/vmware-workstation/default.nix | 0 pkgs/data/fonts/vazir-fonts/default.nix | 0 pkgs/development/python-modules/atlassian-python-api/default.nix | 0 pkgs/development/python-modules/osmnx/default.nix | 0 pkgs/development/python-modules/streamlit/default.nix | 0 pkgs/development/python-modules/zstandard/default.nix | 0 pkgs/misc/uq/default.nix | 0 pkgs/servers/unifi-video/default.nix | 0 pkgs/tools/archivers/payload-dumper-go/default.nix | 0 pkgs/tools/misc/starfetch/default.nix | 0 pkgs/tools/misc/szyszka/default.nix | 0 pkgs/tools/networking/ipfetch/default.nix | 0 20 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 nixos/modules/services/misc/confd.nix mode change 100755 => 100644 pkgs/applications/audio/soundwireserver/default.nix mode change 100755 => 100644 pkgs/applications/editors/neovim/neovim-gtk.nix mode change 100755 => 100644 pkgs/applications/graphics/structorizer/default.nix mode change 100755 => 100644 pkgs/applications/misc/fluxboxlauncher/default.nix mode change 100755 => 100644 pkgs/applications/science/biology/poretools/default.nix mode change 100755 => 100644 pkgs/applications/science/biology/trimal/default.nix mode change 100755 => 100644 pkgs/applications/science/biology/vcftools/default.nix mode change 100755 => 100644 pkgs/applications/virtualization/vmware-workstation/default.nix mode change 100755 => 100644 pkgs/data/fonts/vazir-fonts/default.nix mode change 100755 => 100644 pkgs/development/python-modules/atlassian-python-api/default.nix mode change 100755 => 100644 pkgs/development/python-modules/osmnx/default.nix mode change 100755 => 100644 pkgs/development/python-modules/streamlit/default.nix mode change 100755 => 100644 pkgs/development/python-modules/zstandard/default.nix mode change 100755 => 100644 pkgs/misc/uq/default.nix mode change 100755 => 100644 pkgs/servers/unifi-video/default.nix mode change 100755 => 100644 pkgs/tools/archivers/payload-dumper-go/default.nix mode change 100755 => 100644 pkgs/tools/misc/starfetch/default.nix mode change 100755 => 100644 pkgs/tools/misc/szyszka/default.nix mode change 100755 => 100644 pkgs/tools/networking/ipfetch/default.nix (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/confd.nix b/nixos/modules/services/misc/confd.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/audio/soundwireserver/default.nix b/pkgs/applications/audio/soundwireserver/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/editors/neovim/neovim-gtk.nix b/pkgs/applications/editors/neovim/neovim-gtk.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/graphics/structorizer/default.nix b/pkgs/applications/graphics/structorizer/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/misc/fluxboxlauncher/default.nix b/pkgs/applications/misc/fluxboxlauncher/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/science/biology/poretools/default.nix b/pkgs/applications/science/biology/poretools/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/science/biology/trimal/default.nix b/pkgs/applications/science/biology/trimal/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/science/biology/vcftools/default.nix b/pkgs/applications/science/biology/vcftools/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/applications/virtualization/vmware-workstation/default.nix b/pkgs/applications/virtualization/vmware-workstation/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/data/fonts/vazir-fonts/default.nix b/pkgs/data/fonts/vazir-fonts/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/development/python-modules/atlassian-python-api/default.nix b/pkgs/development/python-modules/atlassian-python-api/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/development/python-modules/osmnx/default.nix b/pkgs/development/python-modules/osmnx/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/development/python-modules/streamlit/default.nix b/pkgs/development/python-modules/streamlit/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/development/python-modules/zstandard/default.nix b/pkgs/development/python-modules/zstandard/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/misc/uq/default.nix b/pkgs/misc/uq/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/servers/unifi-video/default.nix b/pkgs/servers/unifi-video/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/tools/archivers/payload-dumper-go/default.nix b/pkgs/tools/archivers/payload-dumper-go/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/tools/misc/starfetch/default.nix b/pkgs/tools/misc/starfetch/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/tools/misc/szyszka/default.nix b/pkgs/tools/misc/szyszka/default.nix old mode 100755 new mode 100644 diff --git a/pkgs/tools/networking/ipfetch/default.nix b/pkgs/tools/networking/ipfetch/default.nix old mode 100755 new mode 100644 -- cgit 1.4.1 From 77f7b5a3e5cf65b4b31204aae8d205a771ec990e Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Jul 2023 01:44:42 +0200 Subject: nixos/soft-serve: init This adds a NixOS module for Soft Serve, a tasty, self-hostable Git server for the command line. The module has a test that checks some basic things like creating users, creating a repo and cloning it. Co-authored-by: Sandro --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/soft-serve.nix | 99 +++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/soft-serve.nix | 102 ++++++++++++++++++++++ pkgs/servers/soft-serve/default.nix | 4 +- 6 files changed, 208 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/services/misc/soft-serve.nix create mode 100644 nixos/tests/soft-serve.nix (limited to 'nixos/modules/services/misc') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 38c89668f84..13648364e13 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -113,6 +113,8 @@ - [virt-manager](https://virt-manager.org/), an UI for managing virtual machines in libvirt, is now available as `programs.virt-manager`. +- [Soft Serve](https://github.com/charmbracelet/soft-serve), a tasty, self-hostable Git server for the command line. Available as [services.soft-serve](#opt-services.soft-serve.enable). + ## Backward Incompatibilities {#sec-release-23.11-incompatibilities} - `network-online.target` has been fixed to no longer time out for systems with `networking.useDHCP = true` and `networking.useNetworkd = true`. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 79918f71f7b..69f2a5a557c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -730,6 +730,7 @@ ./services/misc/signald.nix ./services/misc/siproxd.nix ./services/misc/snapper.nix + ./services/misc/soft-serve.nix ./services/misc/sonarr.nix ./services/misc/sourcehut ./services/misc/spice-vdagentd.nix diff --git a/nixos/modules/services/misc/soft-serve.nix b/nixos/modules/services/misc/soft-serve.nix new file mode 100644 index 00000000000..0f246493880 --- /dev/null +++ b/nixos/modules/services/misc/soft-serve.nix @@ -0,0 +1,99 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.soft-serve; + configFile = format.generate "config.yaml" cfg.settings; + format = pkgs.formats.yaml { }; + docUrl = "https://charm.sh/blog/self-hosted-soft-serve/"; + stateDir = "/var/lib/soft-serve"; +in +{ + options = { + services.soft-serve = { + enable = mkEnableOption "Enable soft-serve service"; + + package = mkPackageOption pkgs "soft-serve" { }; + + settings = mkOption { + type = format.type; + default = { }; + description = mdDoc '' + The contents of the configuration file. + + See <${docUrl}>. + ''; + example = literalExpression '' + { + name = "dadada's repos"; + log_format = "text"; + ssh = { + listen_addr = ":23231"; + public_url = "ssh://localhost:23231"; + max_timeout = 30; + idle_timeout = 120; + }; + stats.listen_addr = ":23233"; + } + ''; + }; + }; + }; + + config = mkIf cfg.enable { + + systemd.tmpfiles.rules = [ + # The config file has to be inside the state dir + "L+ ${stateDir}/config.yaml - - - - ${configFile}" + ]; + + systemd.services.soft-serve = { + description = "Soft Serve git server"; + documentation = [ docUrl ]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment.SOFT_SERVE_DATA_PATH = stateDir; + + serviceConfig = { + Type = "simple"; + DynamicUser = true; + Restart = "always"; + ExecStart = "${getExe cfg.package} serve"; + StateDirectory = "soft-serve"; + WorkingDirectory = stateDir; + RuntimeDirectory = "soft-serve"; + RuntimeDirectoryMode = "0750"; + ProcSubset = "pid"; + ProtectProc = "invisible"; + UMask = "0027"; + CapabilityBoundingSet = ""; + ProtectHome = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RemoveIPC = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap" + ]; + }; + }; + }; + + meta.maintainers = [ maintainers.dadada ]; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 33f8abf6ccd..59da5827a1b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -732,6 +732,7 @@ in { snapper = handleTest ./snapper.nix {}; snipe-it = runTest ./web-apps/snipe-it.nix; soapui = handleTest ./soapui.nix {}; + soft-serve = handleTest ./soft-serve.nix {}; sogo = handleTest ./sogo.nix {}; solanum = handleTest ./solanum.nix {}; sonarr = handleTest ./sonarr.nix {}; diff --git a/nixos/tests/soft-serve.nix b/nixos/tests/soft-serve.nix new file mode 100644 index 00000000000..1c4cb4c9581 --- /dev/null +++ b/nixos/tests/soft-serve.nix @@ -0,0 +1,102 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +let + inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey; + sshPort = 8231; + httpPort = 8232; + statsPort = 8233; + gitPort = 8418; +in +{ + name = "soft-serve"; + meta.maintainers = with lib.maintainers; [ dadada ]; + nodes = { + client = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + curl + git + openssh + ]; + environment.etc.sshKey = { + source = snakeOilPrivateKey; + mode = "0600"; + }; + }; + + server = + { config, ... }: + { + services.soft-serve = { + enable = true; + settings = { + name = "TestServer"; + ssh.listen_addr = ":${toString sshPort}"; + git.listen_addr = ":${toString gitPort}"; + http.listen_addr = ":${toString httpPort}"; + stats.listen_addr = ":${toString statsPort}"; + initial_admin_keys = [ snakeOilPublicKey ]; + }; + }; + networking.firewall.allowedTCPPorts = [ sshPort httpPort statsPort ]; + }; + }; + + testScript = + { ... }: + '' + SSH_PORT = ${toString sshPort} + HTTP_PORT = ${toString httpPort} + STATS_PORT = ${toString statsPort} + KEY = "${snakeOilPublicKey}" + SSH_KEY = "/etc/sshKey" + SSH_COMMAND = f"ssh -p {SSH_PORT} -i {SSH_KEY} -o StrictHostKeyChecking=no" + TEST_DIR = "/tmp/test" + GIT = f"git -C {TEST_DIR}" + + for machine in client, server: + machine.wait_for_unit("network.target") + + server.wait_for_unit("soft-serve.service") + server.wait_for_open_port(SSH_PORT) + + with subtest("Get info"): + status, test = client.execute(f"{SSH_COMMAND} server info") + if status != 0: + raise Exception("Failed to get SSH info") + key = " ".join(KEY.split(" ")[0:2]) + if not key in test: + raise Exception("Admin key must be configured correctly") + + with subtest("Create user"): + client.succeed(f"{SSH_COMMAND} server user create beatrice") + client.succeed(f"{SSH_COMMAND} server user info beatrice") + + with subtest("Create repo"): + client.succeed(f"git init {TEST_DIR}") + client.succeed(f"{GIT} config --global user.email you@example.com") + client.succeed(f"touch {TEST_DIR}/foo") + client.succeed(f"{GIT} add foo") + client.succeed(f"{GIT} commit --allow-empty -m test") + client.succeed(f"{GIT} remote add origin git@server:test") + client.succeed(f"GIT_SSH_COMMAND='{SSH_COMMAND}' {GIT} push -u origin master") + client.execute("rm -r /tmp/test") + + server.wait_for_open_port(HTTP_PORT) + + with subtest("Clone over HTTP"): + client.succeed(f"curl --connect-timeout 10 http://server:{HTTP_PORT}/") + client.succeed(f"git clone http://server:{HTTP_PORT}/test /tmp/test") + client.execute("rm -r /tmp/test") + + with subtest("Clone over SSH"): + client.succeed(f"GIT_SSH_COMMAND='{SSH_COMMAND}' git clone git@server:test /tmp/test") + client.execute("rm -r /tmp/test") + + with subtest("Get stats over HTTP"): + server.wait_for_open_port(STATS_PORT) + status, test = client.execute(f"curl --connect-timeout 10 http://server:{STATS_PORT}/metrics") + if status != 0: + raise Exception("Failed to get metrics from status port") + if not "go_gc_duration_seconds_count" in test: + raise Exception("Metrics did not contain key 'go_gc_duration_seconds_count'") + ''; +}) diff --git a/pkgs/servers/soft-serve/default.nix b/pkgs/servers/soft-serve/default.nix index 01a5ea9d6dd..2cfd41f7caf 100644 --- a/pkgs/servers/soft-serve/default.nix +++ b/pkgs/servers/soft-serve/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub, makeWrapper, git, bash }: +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, nixosTests, git, bash }: buildGoModule rec { pname = "soft-serve"; @@ -26,6 +26,8 @@ buildGoModule rec { --prefix PATH : "${lib.makeBinPath [ git bash ]}" ''; + passthru.tests = nixosTests.soft-serve; + meta = with lib; { description = "A tasty, self-hosted Git server for the command line"; homepage = "https://github.com/charmbracelet/soft-serve"; -- cgit 1.4.1 From 84803308bf8f4c2b182f34a18236de6e766318be Mon Sep 17 00:00:00 2001 From: Lorenz Leutgeb Date: Mon, 16 Oct 2023 21:41:58 +0200 Subject: nixos/xmrig: Use `hardware.cpu.x86.msr` --- nixos/modules/services/misc/xmrig.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/xmrig.nix b/nixos/modules/services/misc/xmrig.nix index d2aa3df45d5..05e63c77320 100644 --- a/nixos/modules/services/misc/xmrig.nix +++ b/nixos/modules/services/misc/xmrig.nix @@ -52,7 +52,7 @@ with lib; }; config = mkIf cfg.enable { - boot.kernelModules = [ "msr" ]; + hardware.cpu.x86.msr.enable = true; systemd.services.xmrig = { wantedBy = [ "multi-user.target" ]; -- cgit 1.4.1 From b8585a119ce5c28754267f349107304117041083 Mon Sep 17 00:00:00 2001 From: emilylange Date: Sun, 22 Oct 2023 15:25:34 +0200 Subject: nixos/forgejo: work around permissions error on `postgresql_15` From `postgresql_15`'s release notes: > PostgreSQL 15 also revokes the CREATE permission from all users except a database owner from the public (or default) schema. https://www.postgresql.org/about/news/postgresql-15-released-2526/ This directly affects `services.postgresql.ensureUsers` in NixOS, leading to > permission denied for schema public `postgresql_15` is now the default for stateVersion `23.11`/`unstable`. So until this is resolved globally, we work around this issue. --- nixos/modules/services/misc/forgejo.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix index f26658b7bcb..b2920981efb 100644 --- a/nixos/modules/services/misc/forgejo.nix +++ b/nixos/modules/services/misc/forgejo.nix @@ -428,6 +428,17 @@ in ]; }; + # Work around 'pq: permission denied for schema public' with postgres v15, until a + # solution for `services.postgresql.ensureUsers` is found. + # See https://github.com/NixOS/nixpkgs/issues/216989 + systemd.services.postgresql.postStart = lib.mkIf ( + usePostgresql + && cfg.database.createDatabase + && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" + ) (lib.mkAfter '' + $PSQL -tAc 'ALTER DATABASE "${cfg.database.name}" OWNER TO "${cfg.database.user}";' + ''); + services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) { enable = mkDefault true; package = mkDefault pkgs.mariadb; -- cgit 1.4.1 From d147d7feed63ba43e80a103d278d5ad4bb12b1fd Mon Sep 17 00:00:00 2001 From: Dmytro Kyrychuk Date: Sun, 8 Oct 2023 20:22:45 +0000 Subject: nixos/spice-autorandr: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/spice-autorandr.nix | 26 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 nixos/modules/services/misc/spice-autorandr.nix (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 811b82f28ce..20a7d06d0f9 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -731,6 +731,7 @@ ./services/misc/snapper.nix ./services/misc/sonarr.nix ./services/misc/sourcehut + ./services/misc/spice-autorandr.nix ./services/misc/spice-vdagentd.nix ./services/misc/spice-webdavd.nix ./services/misc/ssm-agent.nix diff --git a/nixos/modules/services/misc/spice-autorandr.nix b/nixos/modules/services/misc/spice-autorandr.nix new file mode 100644 index 00000000000..8437441c752 --- /dev/null +++ b/nixos/modules/services/misc/spice-autorandr.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.spice-autorandr; +in +{ + options = { + services.spice-autorandr = { + enable = lib.mkEnableOption (lib.mdDoc "spice-autorandr service that will automatically resize display to match SPICE client window size."); + package = lib.mkPackageOptionMD pkgs "spice-autorandr" { }; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + systemd.user.services.spice-autorandr = { + wantedBy = [ "default.target" ]; + after = [ "spice-vdagentd.service" ]; + serviceConfig = { + ExecStart = "${cfg.package}/bin/spice-autorandr"; + Restart = "on-failure"; + }; + }; + }; +} -- cgit 1.4.1 From ccf080ee055c620c6adc451c1b1b29a71ec0722a Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Tue, 17 Oct 2023 23:01:15 +0200 Subject: amazon-ssm-agent: rename from ssm-agent --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 + nixos/modules/module-list.nix | 2 +- nixos/modules/services/misc/amazon-ssm-agent.nix | 78 ++++++++++ nixos/modules/services/misc/ssm-agent.nix | 73 ---------- ...le-NIC-tests-that-fail-in-the-Nix-sandbox.patch | 44 ------ ...rsion-gen-don-t-use-unnecessary-constants.patch | 46 ------ .../networking/cluster/ssm-agent/default.nix | 157 --------------------- ...le-NIC-tests-that-fail-in-the-Nix-sandbox.patch | 44 ++++++ ...rsion-gen-don-t-use-unnecessary-constants.patch | 46 ++++++ pkgs/by-name/am/amazon-ssm-agent/package.nix | 157 +++++++++++++++++++++ pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 1 - 12 files changed, 329 insertions(+), 322 deletions(-) create mode 100644 nixos/modules/services/misc/amazon-ssm-agent.nix delete mode 100644 nixos/modules/services/misc/ssm-agent.nix delete mode 100644 pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch delete mode 100644 pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch delete mode 100644 pkgs/applications/networking/cluster/ssm-agent/default.nix create mode 100644 pkgs/by-name/am/amazon-ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch create mode 100644 pkgs/by-name/am/amazon-ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch create mode 100644 pkgs/by-name/am/amazon-ssm-agent/package.nix (limited to 'nixos/modules/services/misc') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 9e2afe5fd20..b7b1a71c90d 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -325,6 +325,8 @@ - `ps3netsrv` has been replaced with the webman-mod fork, the executable has been renamed from `ps3netsrv++` to `ps3netsrv` and cli parameters have changed. +- `ssm-agent` package and module were renamed to `amazon-ssm-agent` to be consistent with the upstream package name. + ## Other Notable Changes {#sec-release-23.11-notable-changes} - The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 47b262bf4d9..673a87e49a1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -625,6 +625,7 @@ ./services/matrix/matrix-sliding-sync.nix ./services/matrix/synapse.nix ./services/misc/airsonic.nix + ./services/misc/amazon-ssm-agent.nix ./services/misc/ananicy.nix ./services/misc/ankisyncd.nix ./services/misc/apache-kafka.nix @@ -741,7 +742,6 @@ ./services/misc/spice-autorandr.nix ./services/misc/spice-vdagentd.nix ./services/misc/spice-webdavd.nix - ./services/misc/ssm-agent.nix ./services/misc/sssd.nix ./services/misc/subsonic.nix ./services/misc/sundtek.nix diff --git a/nixos/modules/services/misc/amazon-ssm-agent.nix b/nixos/modules/services/misc/amazon-ssm-agent.nix new file mode 100644 index 00000000000..0be79e759c3 --- /dev/null +++ b/nixos/modules/services/misc/amazon-ssm-agent.nix @@ -0,0 +1,78 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.services.amazon-ssm-agent; + + # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool + # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM + # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix. + fake-lsb-release = pkgs.writeScriptBin "lsb_release" '' + #!${pkgs.runtimeShell} + + case "$1" in + -i) echo "nixos";; + -r) echo "${config.system.nixos.version}";; + esac + ''; +in { + imports = [ + (mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ]) + (mkRenamedOptionModule [ "services" "ssm-agent" "package" ] [ "services" "amazon-ssm-agent" "package" ]) + ]; + + options.services.amazon-ssm-agent = { + enable = mkEnableOption (lib.mdDoc "Amazon SSM agent"); + + package = mkOption { + type = types.path; + description = lib.mdDoc "The Amazon SSM agent package to use"; + default = pkgs.amazon-ssm-agent.override { overrideEtc = false; }; + defaultText = literalExpression "pkgs.amazon-ssm-agent.override { overrideEtc = false; }"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.amazon-ssm-agent = { + inherit (cfg.package.meta) description; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ fake-lsb-release pkgs.coreutils ]; + serviceConfig = { + ExecStart = "${cfg.package}/bin/amazon-ssm-agent"; + KillMode = "process"; + # We want this restating pretty frequently. It could be our only means + # of accessing the instance. + Restart = "always"; + RestartSec = "1min"; + }; + }; + + # Add user that Session Manager needs, and give it sudo. + # This is consistent with Amazon Linux 2 images. + security.sudo.extraRules = [ + { + users = [ "ssm-user" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + # On Amazon Linux 2 images, the ssm-user user is pretty much a + # normal user with its own group. We do the same. + users.groups.ssm-user = {}; + users.users.ssm-user = { + isNormalUser = true; + group = "ssm-user"; + }; + + environment.etc."amazon/ssm/seelog.xml".source = "${cfg.package}/seelog.xml.template"; + + environment.etc."amazon/ssm/amazon-ssm-agent.json".source = "${cfg.package}/etc/amazon/ssm/amazon-ssm-agent.json.template"; + + }; +} diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix deleted file mode 100644 index d1f371c2bd6..00000000000 --- a/nixos/modules/services/misc/ssm-agent.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.services.ssm-agent; - - # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool - # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM - # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix. - fake-lsb-release = pkgs.writeScriptBin "lsb_release" '' - #!${pkgs.runtimeShell} - - case "$1" in - -i) echo "nixos";; - -r) echo "${config.system.nixos.version}";; - esac - ''; -in { - options.services.ssm-agent = { - enable = mkEnableOption (lib.mdDoc "AWS SSM agent"); - - package = mkOption { - type = types.path; - description = lib.mdDoc "The SSM agent package to use"; - default = pkgs.ssm-agent.override { overrideEtc = false; }; - defaultText = literalExpression "pkgs.ssm-agent.override { overrideEtc = false; }"; - }; - }; - - config = mkIf cfg.enable { - systemd.services.ssm-agent = { - inherit (cfg.package.meta) description; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - path = [ fake-lsb-release pkgs.coreutils ]; - serviceConfig = { - ExecStart = "${cfg.package}/bin/amazon-ssm-agent"; - KillMode = "process"; - # We want this restating pretty frequently. It could be our only means - # of accessing the instance. - Restart = "always"; - RestartSec = "1min"; - }; - }; - - # Add user that Session Manager needs, and give it sudo. - # This is consistent with Amazon Linux 2 images. - security.sudo.extraRules = [ - { - users = [ "ssm-user" ]; - commands = [ - { - command = "ALL"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; - # On Amazon Linux 2 images, the ssm-user user is pretty much a - # normal user with its own group. We do the same. - users.groups.ssm-user = {}; - users.users.ssm-user = { - isNormalUser = true; - group = "ssm-user"; - }; - - environment.etc."amazon/ssm/seelog.xml".source = "${cfg.package}/seelog.xml.template"; - - environment.etc."amazon/ssm/amazon-ssm-agent.json".source = "${cfg.package}/etc/amazon/ssm/amazon-ssm-agent.json.template"; - - }; -} diff --git a/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch b/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch deleted file mode 100644 index 364f7653efa..00000000000 --- a/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch +++ /dev/null @@ -1,44 +0,0 @@ -From bea6307ec2a77d90d59c13940381d73ec0f05b70 Mon Sep 17 00:00:00 2001 -From: Graham Christensen -Date: Mon, 1 Mar 2021 10:57:44 -0500 -Subject: [PATCH] Disable NIC tests that fail in the Nix sandbox. - ---- - agent/managedInstances/fingerprint/fingerprint_integ_test.go | 2 ++ - agent/ssm/service_test.go | 1 + - 2 files changed, 3 insertions(+) - -diff --git a/agent/managedInstances/fingerprint/fingerprint_integ_test.go b/agent/managedInstances/fingerprint/fingerprint_integ_test.go -index a1f969ff..631ea1f5 100644 ---- a/agent/managedInstances/fingerprint/fingerprint_integ_test.go -+++ b/agent/managedInstances/fingerprint/fingerprint_integ_test.go -@@ -28,12 +28,14 @@ func TestHostnameInfo(t *testing.T) { - } - - func TestPrimaryIpInfo(t *testing.T) { -+ t.Skip("The Nix build sandbox has no non-loopback IPs, causing this test to fail."); - ip, err := primaryIpInfo() - assert.NoError(t, err, "expected no error fetching the primary ip") - assert.NotEmpty(t, ip, "expected to fetch primary ip") - } - - func TestMacAddrInfo(t *testing.T) { -+ t.Skip("The Nix build sandbox has no non-loopback interfaces, causing this test to fail."); - mac, err := macAddrInfo() - assert.NoError(t, err, "expected no error fetching the mac addr") - assert.NotEmpty(t, mac, "expected to fetch mac address") -diff --git a/agent/ssm/service_test.go b/agent/ssm/service_test.go -index f4b34f83..d8216dba 100644 ---- a/agent/ssm/service_test.go -+++ b/agent/ssm/service_test.go -@@ -85,6 +85,7 @@ func (suite *SsmServiceTestSuite) TestUpdateEmptyInstanceInformation() { - // Test function for update instance information - // This function update the agent name, agent statuc, and agent version. - func (suite *SsmServiceTestSuite) TestUpdateInstanceInformation() { -+ suite.T().Skip("The Nix build sandbox has no interfaces for IP and MAC address reports."); - // Give mock value to test UpdateInstanceInformation, assert the error is nil, assert the log.Debug function get called. - response, err := suite.sdkService.UpdateInstanceInformation(suite.logMock, "2.2.3.2", "active", "Amazon-ssm-agent") - assert.Nil(suite.T(), err, "Err should be nil") --- -2.29.2 - diff --git a/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch b/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch deleted file mode 100644 index 234e510d3d1..00000000000 --- a/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 473e3f8544915a35b3a45c548743978b34e5310e Mon Sep 17 00:00:00 2001 -From: Cole Helbling -Date: Tue, 2 Mar 2021 00:24:00 -0800 -Subject: [PATCH] version-gen: don't use unnecessary constants - -This prevents the tool from being built with Nix, because this project -doesn't use Go modules (or something; I'm not really familiar with Go, -much less Go + Nix). ---- - agent/version/versiongenerator/version-gen.go | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/agent/version/versiongenerator/version-gen.go b/agent/version/versiongenerator/version-gen.go -index d710effc..55c9a001 100644 ---- a/agent/version/versiongenerator/version-gen.go -+++ b/agent/version/versiongenerator/version-gen.go -@@ -22,8 +22,6 @@ import ( - "path/filepath" - "strings" - "text/template" -- -- "github.com/aws/amazon-ssm-agent/agent/appconfig" - ) - - const versiongoTemplate = `// This is an autogenerated file and should not be edited. -@@ -59,7 +57,7 @@ func main() { - versionStr := strings.TrimSpace(string(versionContent)) - - fmt.Printf("Agent Version: %v", versionStr) -- if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), appconfig.ReadWriteAccess); err != nil { -+ if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), 0600); err != nil { - log.Fatalf("Error writing to VERSION file. %v", err) - } - -@@ -108,7 +106,7 @@ func main() { - - releaseNoteOutFile := strings.Join(releaseNoteLines, "\n") - -- if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), appconfig.ReadWriteAccess); err != nil { -+ if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), 0600); err != nil { - log.Fatalf("Error writing to RELEASENOTES.md file. %v", err) - } - --- -2.30.0 - diff --git a/pkgs/applications/networking/cluster/ssm-agent/default.nix b/pkgs/applications/networking/cluster/ssm-agent/default.nix deleted file mode 100644 index f6afcd7d884..00000000000 --- a/pkgs/applications/networking/cluster/ssm-agent/default.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ lib -, writeShellScriptBin -, buildGoModule -, makeWrapper -, fetchFromGitHub -, coreutils -, nettools -, util-linux -, stdenv -, dmidecode -, bashInteractive -, nix-update-script -, testers -, ssm-agent -, overrideEtc ? true -}: - -let - # Tests use lsb_release, so we mock it (the SSM agent used to not - # read from our /etc/os-release file, but now it does) because in - # reality, it won't (shouldn't) be used when active on a system with - # /etc/os-release. If it is, we fake the only two fields it cares about. - fake-lsb-release = writeShellScriptBin "lsb_release" '' - . /etc/os-release || true - - case "$1" in - -i) echo "''${NAME:-unknown}";; - -r) echo "''${VERSION:-unknown}";; - esac - ''; - - binaries = { - "core" = "amazon-ssm-agent"; - "agent" = "ssm-agent-worker"; - "cli-main" = "ssm-cli"; - "worker" = "ssm-document-worker"; - "logging" = "ssm-session-logger"; - "sessionworker" = "ssm-session-worker"; - }; -in -buildGoModule rec { - pname = "amazon-ssm-agent"; - version = "3.2.1630.0"; - - src = fetchFromGitHub { - owner = "aws"; - repo = "amazon-ssm-agent"; - rev = "refs/tags/${version}"; - hash = "sha256-0tN0rBfz2VZ4UkYLFDGg9218O9vyyRT2Lrppu9TETao="; - }; - - vendorHash = null; - - patches = [ - # Some tests use networking, so we skip them. - ./0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch - - # They used constants from another package that I couldn't figure - # out how to resolve, so hardcoded the constants. - ./0002-version-gen-don-t-use-unnecessary-constants.patch - ]; - - nativeBuildInputs = [ makeWrapper ]; - - # See the list https://github.com/aws/amazon-ssm-agent/blob/3.2.1630.0/makefile#L120-L138 - # The updater is not built because it cannot work on NixOS - subPackages = [ - "core" - "agent" - "agent/cli-main" - "agent/framework/processor/executer/outofproc/worker" - "agent/session/logging" - "agent/framework/processor/executer/outofproc/sessionworker" - ]; - - ldflags = [ "-s" "-w" ]; - - postPatch = '' - printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh - - substituteInPlace agent/platform/platform_unix.go \ - --replace "/usr/bin/uname" "${coreutils}/bin/uname" \ - --replace '"/bin", "hostname"' '"${nettools}/bin/hostname"' \ - --replace '"lsb_release"' '"${fake-lsb-release}/bin/lsb_release"' - - substituteInPlace agent/session/shell/shell_unix.go \ - --replace '"script"' '"${util-linux}/bin/script"' - - substituteInPlace agent/rebooter/rebooter_unix.go \ - --replace "/sbin/shutdown" "shutdown" - - echo "${version}" > VERSION - '' + lib.optionalString overrideEtc '' - substituteInPlace agent/appconfig/constants_unix.go \ - --replace '"/etc/amazon/ssm/"' '"${placeholder "out"}/etc/amazon/ssm/"' - '' + lib.optionalString stdenv.isLinux '' - substituteInPlace agent/managedInstances/fingerprint/hardwareInfo_unix.go \ - --replace /usr/sbin/dmidecode ${dmidecode}/bin/dmidecode - ''; - - preBuild = '' - # Note: if this step fails, please patch the code to fix it! Please only skip - # tests if it is not feasible for the test to pass in a sandbox. - make quick-integtest - - make pre-release - make pre-build - ''; - - installPhase = '' - runHook preInstall - - declare -A map=(${builtins.concatStringsSep " " (lib.mapAttrsToList (name: value: "[\"${name}\"]=\"${value}\"") binaries)}) - - for key in ''${!map[@]}; do - install -D -m 0555 -T "$GOPATH/bin/''${key}" "$out/bin/''${map[''${key}]}" - done - - # These templates retain their `.template` extensions on installation. The - # amazon-ssm-agent.json.template is required as default configuration when an - # amazon-ssm-agent.json isn't present. Here, we retain the template to show - # we're using the default configuration. - - # seelog.xml isn't actually required to run, but it does ship as a template - # with debian packages, so it's here for reference. Future work in the nixos - # module could use this template and substitute a different log level. - - install -D -m 0444 -t $out/etc/amazon/ssm amazon-ssm-agent.json.template - install -D -m 0444 -T seelog_unix.xml $out/etc/amazon/ssm/seelog.xml.template - - runHook postInstall - ''; - - postFixup = '' - wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin - ''; - - passthru = { - updateScript = nix-update-script { }; - tests.version = testers.testVersion { - package = ssm-agent; - command = "amazon-ssm-agent --version"; - }; - }; - - meta = with lib; { - description = "Agent to enable remote management of your Amazon EC2 instance configuration"; - changelog = "https://github.com/aws/amazon-ssm-agent/releases/tag/${version}"; - homepage = "https://github.com/aws/amazon-ssm-agent"; - license = licenses.asl20; - platforms = platforms.unix; - maintainers = with maintainers; [ copumpkin manveru anthonyroussel ]; - - # Darwin support is broken - broken = stdenv.isDarwin; - }; -} diff --git a/pkgs/by-name/am/amazon-ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch b/pkgs/by-name/am/amazon-ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch new file mode 100644 index 00000000000..364f7653efa --- /dev/null +++ b/pkgs/by-name/am/amazon-ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch @@ -0,0 +1,44 @@ +From bea6307ec2a77d90d59c13940381d73ec0f05b70 Mon Sep 17 00:00:00 2001 +From: Graham Christensen +Date: Mon, 1 Mar 2021 10:57:44 -0500 +Subject: [PATCH] Disable NIC tests that fail in the Nix sandbox. + +--- + agent/managedInstances/fingerprint/fingerprint_integ_test.go | 2 ++ + agent/ssm/service_test.go | 1 + + 2 files changed, 3 insertions(+) + +diff --git a/agent/managedInstances/fingerprint/fingerprint_integ_test.go b/agent/managedInstances/fingerprint/fingerprint_integ_test.go +index a1f969ff..631ea1f5 100644 +--- a/agent/managedInstances/fingerprint/fingerprint_integ_test.go ++++ b/agent/managedInstances/fingerprint/fingerprint_integ_test.go +@@ -28,12 +28,14 @@ func TestHostnameInfo(t *testing.T) { + } + + func TestPrimaryIpInfo(t *testing.T) { ++ t.Skip("The Nix build sandbox has no non-loopback IPs, causing this test to fail."); + ip, err := primaryIpInfo() + assert.NoError(t, err, "expected no error fetching the primary ip") + assert.NotEmpty(t, ip, "expected to fetch primary ip") + } + + func TestMacAddrInfo(t *testing.T) { ++ t.Skip("The Nix build sandbox has no non-loopback interfaces, causing this test to fail."); + mac, err := macAddrInfo() + assert.NoError(t, err, "expected no error fetching the mac addr") + assert.NotEmpty(t, mac, "expected to fetch mac address") +diff --git a/agent/ssm/service_test.go b/agent/ssm/service_test.go +index f4b34f83..d8216dba 100644 +--- a/agent/ssm/service_test.go ++++ b/agent/ssm/service_test.go +@@ -85,6 +85,7 @@ func (suite *SsmServiceTestSuite) TestUpdateEmptyInstanceInformation() { + // Test function for update instance information + // This function update the agent name, agent statuc, and agent version. + func (suite *SsmServiceTestSuite) TestUpdateInstanceInformation() { ++ suite.T().Skip("The Nix build sandbox has no interfaces for IP and MAC address reports."); + // Give mock value to test UpdateInstanceInformation, assert the error is nil, assert the log.Debug function get called. + response, err := suite.sdkService.UpdateInstanceInformation(suite.logMock, "2.2.3.2", "active", "Amazon-ssm-agent") + assert.Nil(suite.T(), err, "Err should be nil") +-- +2.29.2 + diff --git a/pkgs/by-name/am/amazon-ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch b/pkgs/by-name/am/amazon-ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch new file mode 100644 index 00000000000..234e510d3d1 --- /dev/null +++ b/pkgs/by-name/am/amazon-ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch @@ -0,0 +1,46 @@ +From 473e3f8544915a35b3a45c548743978b34e5310e Mon Sep 17 00:00:00 2001 +From: Cole Helbling +Date: Tue, 2 Mar 2021 00:24:00 -0800 +Subject: [PATCH] version-gen: don't use unnecessary constants + +This prevents the tool from being built with Nix, because this project +doesn't use Go modules (or something; I'm not really familiar with Go, +much less Go + Nix). +--- + agent/version/versiongenerator/version-gen.go | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/agent/version/versiongenerator/version-gen.go b/agent/version/versiongenerator/version-gen.go +index d710effc..55c9a001 100644 +--- a/agent/version/versiongenerator/version-gen.go ++++ b/agent/version/versiongenerator/version-gen.go +@@ -22,8 +22,6 @@ import ( + "path/filepath" + "strings" + "text/template" +- +- "github.com/aws/amazon-ssm-agent/agent/appconfig" + ) + + const versiongoTemplate = `// This is an autogenerated file and should not be edited. +@@ -59,7 +57,7 @@ func main() { + versionStr := strings.TrimSpace(string(versionContent)) + + fmt.Printf("Agent Version: %v", versionStr) +- if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), appconfig.ReadWriteAccess); err != nil { ++ if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), 0600); err != nil { + log.Fatalf("Error writing to VERSION file. %v", err) + } + +@@ -108,7 +106,7 @@ func main() { + + releaseNoteOutFile := strings.Join(releaseNoteLines, "\n") + +- if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), appconfig.ReadWriteAccess); err != nil { ++ if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), 0600); err != nil { + log.Fatalf("Error writing to RELEASENOTES.md file. %v", err) + } + +-- +2.30.0 + diff --git a/pkgs/by-name/am/amazon-ssm-agent/package.nix b/pkgs/by-name/am/amazon-ssm-agent/package.nix new file mode 100644 index 00000000000..b884eb9ed06 --- /dev/null +++ b/pkgs/by-name/am/amazon-ssm-agent/package.nix @@ -0,0 +1,157 @@ +{ lib +, writeShellScriptBin +, buildGoModule +, makeWrapper +, fetchFromGitHub +, coreutils +, nettools +, util-linux +, stdenv +, dmidecode +, bashInteractive +, nix-update-script +, testers +, amazon-ssm-agent +, overrideEtc ? true +}: + +let + # Tests use lsb_release, so we mock it (the SSM agent used to not + # read from our /etc/os-release file, but now it does) because in + # reality, it won't (shouldn't) be used when active on a system with + # /etc/os-release. If it is, we fake the only two fields it cares about. + fake-lsb-release = writeShellScriptBin "lsb_release" '' + . /etc/os-release || true + + case "$1" in + -i) echo "''${NAME:-unknown}";; + -r) echo "''${VERSION:-unknown}";; + esac + ''; + + binaries = { + "core" = "amazon-ssm-agent"; + "agent" = "ssm-agent-worker"; + "cli-main" = "ssm-cli"; + "worker" = "ssm-document-worker"; + "logging" = "ssm-session-logger"; + "sessionworker" = "ssm-session-worker"; + }; +in +buildGoModule rec { + pname = "amazon-ssm-agent"; + version = "3.2.1630.0"; + + src = fetchFromGitHub { + owner = "aws"; + repo = "amazon-ssm-agent"; + rev = "refs/tags/${version}"; + hash = "sha256-0tN0rBfz2VZ4UkYLFDGg9218O9vyyRT2Lrppu9TETao="; + }; + + vendorHash = null; + + patches = [ + # Some tests use networking, so we skip them. + ./0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch + + # They used constants from another package that I couldn't figure + # out how to resolve, so hardcoded the constants. + ./0002-version-gen-don-t-use-unnecessary-constants.patch + ]; + + nativeBuildInputs = [ makeWrapper ]; + + # See the list https://github.com/aws/amazon-ssm-agent/blob/3.2.1630.0/makefile#L120-L138 + # The updater is not built because it cannot work on NixOS + subPackages = [ + "core" + "agent" + "agent/cli-main" + "agent/framework/processor/executer/outofproc/worker" + "agent/session/logging" + "agent/framework/processor/executer/outofproc/sessionworker" + ]; + + ldflags = [ "-s" "-w" ]; + + postPatch = '' + printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh + + substituteInPlace agent/platform/platform_unix.go \ + --replace "/usr/bin/uname" "${coreutils}/bin/uname" \ + --replace '"/bin", "hostname"' '"${nettools}/bin/hostname"' \ + --replace '"lsb_release"' '"${fake-lsb-release}/bin/lsb_release"' + + substituteInPlace agent/session/shell/shell_unix.go \ + --replace '"script"' '"${util-linux}/bin/script"' + + substituteInPlace agent/rebooter/rebooter_unix.go \ + --replace "/sbin/shutdown" "shutdown" + + echo "${version}" > VERSION + '' + lib.optionalString overrideEtc '' + substituteInPlace agent/appconfig/constants_unix.go \ + --replace '"/etc/amazon/ssm/"' '"${placeholder "out"}/etc/amazon/ssm/"' + '' + lib.optionalString stdenv.isLinux '' + substituteInPlace agent/managedInstances/fingerprint/hardwareInfo_unix.go \ + --replace /usr/sbin/dmidecode ${dmidecode}/bin/dmidecode + ''; + + preBuild = '' + # Note: if this step fails, please patch the code to fix it! Please only skip + # tests if it is not feasible for the test to pass in a sandbox. + make quick-integtest + + make pre-release + make pre-build + ''; + + installPhase = '' + runHook preInstall + + declare -A map=(${builtins.concatStringsSep " " (lib.mapAttrsToList (name: value: "[\"${name}\"]=\"${value}\"") binaries)}) + + for key in ''${!map[@]}; do + install -D -m 0555 -T "$GOPATH/bin/''${key}" "$out/bin/''${map[''${key}]}" + done + + # These templates retain their `.template` extensions on installation. The + # amazon-ssm-agent.json.template is required as default configuration when an + # amazon-ssm-agent.json isn't present. Here, we retain the template to show + # we're using the default configuration. + + # seelog.xml isn't actually required to run, but it does ship as a template + # with debian packages, so it's here for reference. Future work in the nixos + # module could use this template and substitute a different log level. + + install -D -m 0444 -t $out/etc/amazon/ssm amazon-ssm-agent.json.template + install -D -m 0444 -T seelog_unix.xml $out/etc/amazon/ssm/seelog.xml.template + + runHook postInstall + ''; + + postFixup = '' + wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin + ''; + + passthru = { + updateScript = nix-update-script { }; + tests.version = testers.testVersion { + package = amazon-ssm-agent; + command = "amazon-ssm-agent --version"; + }; + }; + + meta = with lib; { + description = "Agent to enable remote management of your Amazon EC2 instance configuration"; + changelog = "https://github.com/aws/amazon-ssm-agent/releases/tag/${version}"; + homepage = "https://github.com/aws/amazon-ssm-agent"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ copumpkin manveru anthonyroussel ]; + + # Darwin support is broken + broken = stdenv.isDarwin; + }; +} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index c1d23ad8fba..3a6fe8700d3 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -849,6 +849,7 @@ mapAliases ({ spotify-unwrapped = spotify; # added 2022-11-06 spring-boot = spring-boot-cli; # added 2020-04-24 squid4 = throw "'squid4' has been renamed to/replaced by 'squid'"; # Converted to throw 2023-09-10 + ssm-agent = amazon-ssm-agent; # Added 2023-10-17 starboard-octant-plugin = throw "starboard-octant-plugin has been dropped due to needing octant which is archived"; # Added 2023-09-29 steam-run-native = steam-run; # added 2022-02-21 sumneko-lua-language-server = lua-language-server; # Added 2023-02-07 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5a23e5416f9..6fd9e0d0740 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18134,7 +18134,6 @@ with pkgs; inherit (darwin) libobjc; }; - ssm-agent = callPackage ../applications/networking/cluster/ssm-agent { }; ssm-session-manager-plugin = callPackage ../applications/networking/cluster/ssm-session-manager-plugin { }; starlark = callPackage ../development/interpreters/starlark { }; -- cgit 1.4.1 From 402b5c67a8ce96709d31c40e000bfdd339b23409 Mon Sep 17 00:00:00 2001 From: emilylange Date: Tue, 24 Oct 2023 03:27:20 +0200 Subject: nixos/forgejo: pass {env}`GIT_PROTOCOL` via ssh to forgejo when using the host's openssh service (not the builtin golang one). This enables the use of the much faster and more efficient wire protocol version 2. See https://git-scm.com/docs/protocol-v2 --- nixos/modules/services/misc/forgejo.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix index b2920981efb..90b5f16f418 100644 --- a/nixos/modules/services/misc/forgejo.nix +++ b/nixos/modules/services/misc/forgejo.nix @@ -632,6 +632,8 @@ in }; }; + services.openssh.settings.AcceptEnv = mkIf (!cfg.settings.START_SSH_SERVER or false) "GIT_PROTOCOL"; + users.users = mkIf (cfg.user == "forgejo") { forgejo = { home = cfg.stateDir; -- cgit 1.4.1 From 63ef0339923bb33aba54301d83ad7f047ee9a2f8 Mon Sep 17 00:00:00 2001 From: Matthias Riße Date: Wed, 18 Oct 2023 18:01:34 +0200 Subject: nixos/paperless: set PAPERLESS_SECRET_KEY If the PAPERLESS_SECRET_KEY environment variable is left unset paperless-ngx defaults to a well-known value, which is insecure. Co-authored-by: Erik Arvstedt --- nixos/modules/services/misc/paperless.nix | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 9b8bd62809c..1e0a8d0f928 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -332,12 +332,28 @@ in # during migrations bindsTo = [ "paperless-scheduler.service" ]; after = [ "paperless-scheduler.service" ]; + # Setup PAPERLESS_SECRET_KEY. + # If this environment variable is left unset, paperless-ngx defaults + # to a well-known value, which is insecure. + script = let + secretKeyFile = "${cfg.dataDir}/nixos-paperless-secret-key"; + in '' + if [[ ! -f '${secretKeyFile}' ]]; then + ( + umask 0377 + tr -dc A-Za-z0-9 < /dev/urandom | head -c64 | ${pkgs.moreutils}/bin/sponge '${secretKeyFile}' + ) + fi + export PAPERLESS_SECRET_KEY=$(cat '${secretKeyFile}') + if [[ ! $PAPERLESS_SECRET_KEY ]]; then + echo "PAPERLESS_SECRET_KEY is empty, refusing to start." + exit 1 + fi + exec ${pkg.python.pkgs.gunicorn}/bin/gunicorn \ + -c ${pkg}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application + ''; serviceConfig = defaultServiceConfig // { User = cfg.user; - ExecStart = '' - ${pkg.python.pkgs.gunicorn}/bin/gunicorn \ - -c ${pkg}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application - ''; Restart = "on-failure"; # gunicorn needs setuid, liblapack needs mbind @@ -349,7 +365,6 @@ in CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; }; environment = env // { - PATH = mkForce pkg.path; PYTHONPATH = "${pkg.python.pkgs.makePythonPath pkg.propagatedBuildInputs}:${pkg}/lib/paperless-ngx/src"; }; # Allow the web interface to access the private /tmp directory of the server. -- cgit 1.4.1 From 0711d3d69bcce0f7f94aeb740716bf9d6bcab507 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Fri, 27 Oct 2023 17:24:20 -0700 Subject: xmrig: add meta.mainProgram See #246386 --- nixos/modules/services/misc/xmrig.nix | 4 ++-- pkgs/applications/misc/xmrig/default.nix | 1 + pkgs/applications/misc/xmrig/moneroocean.nix | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/xmrig.nix b/nixos/modules/services/misc/xmrig.nix index 05e63c77320..f75b47ffece 100644 --- a/nixos/modules/services/misc/xmrig.nix +++ b/nixos/modules/services/misc/xmrig.nix @@ -59,8 +59,8 @@ with lib; after = [ "network.target" ]; description = "XMRig Mining Software Service"; serviceConfig = { - ExecStartPre = "${cfg.package}/bin/xmrig --config=${configFile} --dry-run"; - ExecStart = "${cfg.package}/bin/xmrig --config=${configFile}"; + ExecStartPre = "${lib.getExe cfg.package} --config=${configFile} --dry-run"; + ExecStart = "${lib.getExe cfg.package} --config=${configFile}"; # https://xmrig.com/docs/miner/randomx-optimization-guide/msr # If you use recent XMRig with root privileges (Linux) or admin # privileges (Windows) the miner configure all MSR registers diff --git a/pkgs/applications/misc/xmrig/default.nix b/pkgs/applications/misc/xmrig/default.nix index 2a6ac97c9c3..d93108bdf58 100644 --- a/pkgs/applications/misc/xmrig/default.nix +++ b/pkgs/applications/misc/xmrig/default.nix @@ -66,6 +66,7 @@ stdenv.mkDerivation rec { description = "Monero (XMR) CPU miner"; homepage = "https://github.com/xmrig/xmrig"; license = licenses.gpl3Plus; + mainProgram = "xmrig"; platforms = platforms.unix; maintainers = with maintainers; [ kim0 ]; }; diff --git a/pkgs/applications/misc/xmrig/moneroocean.nix b/pkgs/applications/misc/xmrig/moneroocean.nix index 99d8225f264..ba643eb77b4 100644 --- a/pkgs/applications/misc/xmrig/moneroocean.nix +++ b/pkgs/applications/misc/xmrig/moneroocean.nix @@ -15,6 +15,7 @@ xmrig.overrideAttrs (oldAttrs: rec { description = "A fork of the XMRig CPU miner with support for algorithm switching"; homepage = "https://github.com/MoneroOcean/xmrig"; license = licenses.gpl3Plus; + mainProgram = "xmrig"; platforms = platforms.unix; maintainers = with maintainers; [ j0hax ]; }; -- cgit 1.4.1 From e30f48be948272df2d57237ef955023f937f4421 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Mon, 30 Oct 2023 21:41:44 +0100 Subject: treewide: fix redirected and broken URLs Using the script in maintainers/scripts/update-redirected-urls.sh --- CONTRIBUTING.md | 2 +- doc/languages-frameworks/lisp.section.md | 2 +- doc/packages/steam.section.md | 2 +- doc/using/overlays.chapter.md | 2 +- lib/licenses.nix | 10 +++++----- .../haskell/upload-nixos-package-list-to-hackage.sh | 2 +- nixos/doc/manual/configuration/subversion.chapter.md | 4 ++-- .../manual/development/writing-documentation.chapter.md | 8 ++++---- nixos/modules/config/users-groups.nix | 2 +- nixos/modules/installer/tools/nixos-generate-config.pl | 2 +- nixos/modules/programs/npm.nix | 2 +- nixos/modules/programs/zsh/oh-my-zsh.md | 2 +- nixos/modules/security/pam_mount.nix | 6 +++--- nixos/modules/security/polkit.nix | 3 +-- nixos/modules/services/audio/jack.nix | 2 +- nixos/modules/services/computing/boinc/client.nix | 2 +- nixos/modules/services/computing/slurm/slurm.nix | 2 +- nixos/modules/services/databases/couchdb.nix | 2 +- nixos/modules/services/databases/firebird.nix | 2 +- nixos/modules/services/databases/pgmanage.nix | 2 +- nixos/modules/services/databases/postgresql.md | 2 +- nixos/modules/services/databases/postgresql.nix | 2 +- nixos/modules/services/databases/redis.nix | 2 +- nixos/modules/services/hardware/udev.nix | 2 +- nixos/modules/services/logging/logstash.nix | 2 +- nixos/modules/services/misc/mediatomb.nix | 2 +- nixos/modules/services/monitoring/bosun.nix | 2 +- nixos/modules/services/monitoring/grafana.nix | 4 ++-- nixos/modules/services/monitoring/graphite.nix | 2 +- nixos/modules/services/monitoring/munin.nix | 14 +++++++------- nixos/modules/services/monitoring/nagios.nix | 2 +- nixos/modules/services/network-filesystems/xtreemfs.nix | 10 +++++----- nixos/modules/services/networking/asterisk.nix | 2 +- nixos/modules/services/networking/i2pd.nix | 2 +- nixos/modules/services/networking/ntp/ntpd.nix | 2 +- nixos/modules/services/networking/tox-bootstrapd.nix | 2 +- nixos/modules/services/torrent/transmission.nix | 2 +- nixos/modules/services/video/unifi-video.nix | 4 ++-- nixos/modules/services/web-apps/discourse.nix | 4 ++-- nixos/modules/services/web-apps/nextcloud.md | 2 +- nixos/modules/services/web-apps/tt-rss.nix | 2 +- nixos/modules/services/web-servers/lighttpd/default.nix | 6 +++--- nixos/modules/services/web-servers/mighttpd2.nix | 4 ++-- nixos/modules/services/web-servers/nginx/default.nix | 2 +- .../services/x11/desktop-managers/enlightenment.nix | 2 +- nixos/modules/services/x11/desktop-managers/gnome.nix | 2 +- nixos/modules/services/x11/desktop-managers/pantheon.nix | 2 +- nixos/modules/services/x11/display-managers/default.nix | 2 +- nixos/modules/services/x11/display-managers/xpra.nix | 6 +++--- nixos/modules/services/x11/imwheel.nix | 2 +- .../boot/loader/generic-extlinux-compatible/default.nix | 2 +- nixos/modules/system/boot/loader/grub/grub.nix | 2 +- nixos/modules/system/boot/luksroot.nix | 2 +- nixos/modules/system/boot/stage-1.nix | 2 +- pkgs/applications/emulators/gxemul/default.nix | 4 ++-- pkgs/applications/file-managers/dfilemanager/default.nix | 2 +- pkgs/applications/graphics/openscad/default.nix | 2 +- pkgs/applications/graphics/pikopixel/default.nix | 6 +++--- pkgs/applications/graphics/viewnior/default.nix | 2 +- pkgs/applications/misc/yate/default.nix | 2 +- pkgs/applications/networking/irc/kirc/default.nix | 2 +- pkgs/applications/networking/irc/kvirc/default.nix | 2 +- pkgs/applications/networking/p2p/mldonkey/default.nix | 2 +- pkgs/applications/radio/ebook2cw/default.nix | 2 +- pkgs/applications/science/logic/aiger/default.nix | 4 ++-- pkgs/applications/science/logic/cadical/default.nix | 2 +- pkgs/applications/science/logic/cvc3/default.nix | 6 +++--- pkgs/applications/science/logic/kissat/default.nix | 2 +- pkgs/applications/science/logic/picosat/default.nix | 4 ++-- pkgs/applications/science/math/colpack/default.nix | 2 +- pkgs/applications/virtualization/qemu/default.nix | 7 ++----- pkgs/applications/virtualization/virt-manager/default.nix | 2 +- pkgs/applications/virtualization/virt-viewer/default.nix | 2 +- pkgs/data/soundfonts/generaluser/default.nix | 4 ++-- pkgs/development/compilers/pforth/default.nix | 2 +- pkgs/development/compilers/uasm/default.nix | 2 +- pkgs/development/interpreters/picolisp/default.nix | 2 +- pkgs/development/libraries/ctpp2/default.nix | 4 ++-- pkgs/development/libraries/dbus/default.nix | 2 +- pkgs/development/libraries/irrlicht/default.nix | 2 +- pkgs/development/libraries/irrlicht/mac.nix | 2 +- pkgs/development/libraries/libcdr/default.nix | 2 +- pkgs/development/libraries/libevdev/default.nix | 2 +- pkgs/development/libraries/libproxy/default.nix | 2 +- pkgs/development/libraries/libsodium/default.nix | 2 +- pkgs/development/libraries/libtsm/default.nix | 2 +- pkgs/development/libraries/openfx/default.nix | 4 ++-- pkgs/development/libraries/polkit/default.nix | 2 +- pkgs/development/libraries/portaudio/default.nix | 4 ++-- .../development/libraries/startup-notification/default.nix | 2 +- pkgs/development/libraries/vcg/default.nix | 2 +- .../examples/bordeaux-threads.nix | 2 +- pkgs/development/python-modules/cvxopt/default.nix | 2 +- pkgs/development/python-modules/polling/default.nix | 2 +- pkgs/development/python-modules/sqlobject/default.nix | 2 +- pkgs/development/tools/nailgun/default.nix | 2 +- pkgs/games/hedgewars/default.nix | 2 +- pkgs/games/hyperrogue/default.nix | 2 +- pkgs/games/xskat/default.nix | 4 ++-- pkgs/misc/cups/cups-pk-helper.nix | 2 +- pkgs/os-specific/linux/ch9344/default.nix | 2 +- pkgs/os-specific/linux/kmscon/default.nix | 2 +- pkgs/os-specific/linux/microcode/intel.nix | 2 +- pkgs/tools/filesystems/unionfs-fuse/default.nix | 2 +- pkgs/tools/misc/ccal/default.nix | 5 ++--- pkgs/tools/misc/desktop-file-utils/default.nix | 2 +- pkgs/tools/misc/plantuml/default.nix | 2 +- pkgs/tools/networking/redsocks/default.nix | 2 +- pkgs/tools/networking/ripmime/default.nix | 6 +++--- pkgs/tools/security/afl/qemu.nix | 4 ++-- pkgs/tools/security/chkrootkit/default.nix | 4 ++-- 111 files changed, 157 insertions(+), 162 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 483267935c8..dadda215b0d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -353,7 +353,7 @@ In a case a contributor definitively leaves the Nix community, they should creat # Flow of merged pull requests After a pull request is merged, it eventually makes it to the [official Hydra CI](https://hydra.nixos.org/). -Hydra regularly evaluates and builds Nixpkgs, updating [the official channels](http://channels.nixos.org/) when specific Hydra jobs succeeded. +Hydra regularly evaluates and builds Nixpkgs, updating [the official channels](https://channels.nixos.org/) when specific Hydra jobs succeeded. See [Nix Channel Status](https://status.nixos.org/) for the current channels and their state. Here's a brief overview of the main Git branches and what channels they're used for: diff --git a/doc/languages-frameworks/lisp.section.md b/doc/languages-frameworks/lisp.section.md index fe7f2ef80a2..09193093b08 100644 --- a/doc/languages-frameworks/lisp.section.md +++ b/doc/languages-frameworks/lisp.section.md @@ -66,7 +66,7 @@ buildPhase = '' To save some work of writing Nix expressions, there is a script that imports all the packages distributed by Quicklisp into `imported.nix`. This works by parsing its `releases.txt` and `systems.txt` files, which are published every couple of -months on [quicklisp.org](http://beta.quicklisp.org/dist/quicklisp.txt). +months on [quicklisp.org](https://beta.quicklisp.org/dist/quicklisp.txt). The import process is implemented in the `import` directory as Common Lisp code in the `org.lispbuilds.nix` ASDF system. To run the script, one can diff --git a/doc/packages/steam.section.md b/doc/packages/steam.section.md index 25728aa52ae..a1e88b0d971 100644 --- a/doc/packages/steam.section.md +++ b/doc/packages/steam.section.md @@ -11,7 +11,7 @@ Nix problems and constraints: - The `steam.sh` script in `$HOME` cannot be patched, as it is checked and rewritten by steam. - The steam binary cannot be patched, it's also checked. -The current approach to deploy Steam in NixOS is composing a FHS-compatible chroot environment, as documented [here](http://sandervanderburg.blogspot.nl/2013/09/composing-fhs-compatible-chroot.html). This allows us to have binaries in the expected paths without disrupting the system, and to avoid patching them to work in a non FHS environment. +The current approach to deploy Steam in NixOS is composing a FHS-compatible chroot environment, as documented [here](https://sandervanderburg.blogspot.com/2013/09/composing-fhs-compatible-chroot.html). This allows us to have binaries in the expected paths without disrupting the system, and to avoid patching them to work in a non FHS environment. ## How to play {#sec-steam-play} diff --git a/doc/using/overlays.chapter.md b/doc/using/overlays.chapter.md index 1e965e5f0c7..1bec6586f28 100644 --- a/doc/using/overlays.chapter.md +++ b/doc/using/overlays.chapter.md @@ -77,7 +77,7 @@ In Nixpkgs, we have multiple implementations of the BLAS/LAPACK numerical linear The Nixpkgs attribute is `openblas` for ILP64 (integer width = 64 bits) and `openblasCompat` for LP64 (integer width = 32 bits). `openblasCompat` is the default. -- [LAPACK reference](http://www.netlib.org/lapack/) (also provides BLAS and CBLAS) +- [LAPACK reference](https://www.netlib.org/lapack/) (also provides BLAS and CBLAS) The Nixpkgs attribute is `lapack-reference`. diff --git a/lib/licenses.nix b/lib/licenses.nix index a90bab0b15d..ad6922498ab 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -516,17 +516,17 @@ in mkLicense lset) ({ generaluser = { fullName = "GeneralUser GS License v2.0"; - url = "http://www.schristiancollins.com/generaluser.php"; # license included in sources + url = "https://www.schristiancollins.com/generaluser.php"; # license included in sources }; gfl = { fullName = "GUST Font License"; - url = "http://www.gust.org.pl/fonts/licenses/GUST-FONT-LICENSE.txt"; + url = "https://www.gust.org.pl/projects/e-foundry/licenses/GUST-FONT-LICENSE.txt"; }; gfsl = { fullName = "GUST Font Source License"; - url = "http://www.gust.org.pl/fonts/licenses/GUST-FONT-SOURCE-LICENSE.txt"; + url = "https://www.gust.org.pl/projects/e-foundry/licenses/GUST-FONT-SOURCE-LICENSE.txt"; }; gpl1Only = { @@ -613,7 +613,7 @@ in mkLicense lset) ({ info-zip = { spdxId = "Info-ZIP"; fullName = "Info-ZIP License"; - url = "http://www.info-zip.org/pub/infozip/license.html"; + url = "https://infozip.sourceforge.net/license.html"; }; inria-compcert = { @@ -1182,7 +1182,7 @@ in mkLicense lset) ({ xfig = { fullName = "xfig"; - url = "http://mcj.sourceforge.net/authors.html#xfig"; # https is broken + url = "https://mcj.sourceforge.net/authors.html#xfig"; }; zlib = { diff --git a/maintainers/scripts/haskell/upload-nixos-package-list-to-hackage.sh b/maintainers/scripts/haskell/upload-nixos-package-list-to-hackage.sh index 86fecbc3d87..9130941a536 100755 --- a/maintainers/scripts/haskell/upload-nixos-package-list-to-hackage.sh +++ b/maintainers/scripts/haskell/upload-nixos-package-list-to-hackage.sh @@ -39,5 +39,5 @@ fi package_list="$(nix-build -A haskell.package-list)/nixos-hackage-packages.csv" username=$(grep "^username:" "$CABAL_DIR/config" | sed "s/^username: //") password_command=$(grep "^password-command:" "$CABAL_DIR/config" | sed "s/^password-command: //") -curl -u "$username:$($password_command | head -n1)" --digest -H "Content-type: text/csv" -T "$package_list" http://hackage.haskell.org/distro/NixOS/packages.csv +curl -u "$username:$($password_command | head -n1)" --digest -H "Content-type: text/csv" -T "$package_list" https://hackage.haskell.org/distro/NixOS/packages.csv echo diff --git a/nixos/doc/manual/configuration/subversion.chapter.md b/nixos/doc/manual/configuration/subversion.chapter.md index 84f9c270337..ff870f5c40b 100644 --- a/nixos/doc/manual/configuration/subversion.chapter.md +++ b/nixos/doc/manual/configuration/subversion.chapter.md @@ -2,7 +2,7 @@ [Subversion](https://subversion.apache.org/) is a centralized version-control system. It can use a [variety of -protocols](http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing) +protocols](https://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing) for communication between client and server. ## Subversion inside Apache HTTP {#module-services-subversion-apache-httpd} @@ -14,7 +14,7 @@ for communication. For more information on the general setup, please refer to the [the appropriate section of the Subversion -book](http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd). +book](https://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd). To configure, include in `/etc/nixos/configuration.nix` code to activate Apache HTTP, setting [](#opt-services.httpd.adminAddr) diff --git a/nixos/doc/manual/development/writing-documentation.chapter.md b/nixos/doc/manual/development/writing-documentation.chapter.md index c07a2618c07..3d9bd318cf3 100644 --- a/nixos/doc/manual/development/writing-documentation.chapter.md +++ b/nixos/doc/manual/development/writing-documentation.chapter.md @@ -33,13 +33,13 @@ symlink at `./result/share/doc/nixos/index.html`. ## Editing DocBook XML {#sec-writing-docs-editing-docbook-xml} For general information on how to write in DocBook, see [DocBook 5: The -Definitive Guide](http://www.docbook.org/tdg5/en/html/docbook.html). +Definitive Guide](https://tdg.docbook.org/tdg/5.1/). Emacs nXML Mode is very helpful for editing DocBook XML because it validates the document as you write, and precisely locates errors. To use it, see [](#sec-emacs-docbook-xml). -[Pandoc](http://pandoc.org) can generate DocBook XML from a multitude of +[Pandoc](https://pandoc.org/) can generate DocBook XML from a multitude of formats, which makes a good starting point. Here is an example of Pandoc invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML: @@ -62,9 +62,9 @@ topic from scratch. Keep the following guidelines in mind when you create and add a topic: -- The NixOS [`book`](http://www.docbook.org/tdg5/en/html/book.html) +- The NixOS [`book`](https://tdg.docbook.org/tdg/5.0/book.html) element is in `nixos/doc/manual/manual.xml`. It includes several - [`parts`](http://www.docbook.org/tdg5/en/html/book.html) which are in + [`parts`](https://tdg.docbook.org/tdg/5.0/book.html) which are in subdirectories. - Store the topic file in the same directory as the `part` to which it diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index b4251214876..39aac9fb821 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -153,7 +153,7 @@ let {file}`pam_mount.conf.xml`. Useful attributes might include `path`, `options`, `fstype`, and `server`. - See + See for more information. ''; }; diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 85180bf2d1b..71737cd8ebc 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -130,7 +130,7 @@ sub pciCheck { debug "\n"; if (defined $module) { - # See the bottom of http://pciids.sourceforge.net/pci.ids for + # See the bottom of https://pciids.sourceforge.net/pci.ids for # device classes. if (# Mass-storage controller. Definitely important. $class =~ /^0x01/ || diff --git a/nixos/modules/programs/npm.nix b/nixos/modules/programs/npm.nix index 48dc48e668f..c41fea32614 100644 --- a/nixos/modules/programs/npm.nix +++ b/nixos/modules/programs/npm.nix @@ -34,7 +34,7 @@ in prefix = ''${HOME}/.npm https-proxy=proxy.example.com init-license=MIT - init-author-url=http://npmjs.org + init-author-url=https://www.npmjs.com/ color=true ''; }; diff --git a/nixos/modules/programs/zsh/oh-my-zsh.md b/nixos/modules/programs/zsh/oh-my-zsh.md index 73d425244ce..6a310006edb 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.md +++ b/nixos/modules/programs/zsh/oh-my-zsh.md @@ -78,7 +78,7 @@ If third-party customizations (e.g. new themes) are supposed to be added to - Completion scripts are supposed to be stored at `$out/share/zsh/site-functions`. This directory is part of the - [`fpath`](http://zsh.sourceforge.net/Doc/Release/Functions.html) + [`fpath`](https://zsh.sourceforge.io/Doc/Release/Functions.html) and the package should be compatible with pure `ZSH` setups. The module will automatically link the contents of `site-functions` to completions directory in the proper diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix index ad78f38b086..26f906f2a76 100644 --- a/nixos/modules/security/pam_mount.nix +++ b/nixos/modules/security/pam_mount.nix @@ -33,7 +33,7 @@ in default = []; description = lib.mdDoc '' List of volume definitions for pam_mount. - For more information, visit . + For more information, visit . ''; }; @@ -78,7 +78,7 @@ in description = lib.mdDoc '' Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, and 2 additionally enables tracing in mount.crypt. The default is 0. - For more information, visit . + For more information, visit . ''; }; @@ -88,7 +88,7 @@ in description = lib.mdDoc '' Amount of microseconds to wait until killing remaining processes after final logout. - For more information, visit . + For more information, visit . ''; }; diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index de427ccb295..327f49c0b63 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -35,7 +35,7 @@ in description = lib.mdDoc '' Any polkit rules to be added to config (in JavaScript ;-). See: - http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules + ''; }; @@ -117,4 +117,3 @@ in }; } - diff --git a/nixos/modules/services/audio/jack.nix b/nixos/modules/services/audio/jack.nix index 105e99cb2f5..b51f2a78c98 100644 --- a/nixos/modules/services/audio/jack.nix +++ b/nixos/modules/services/audio/jack.nix @@ -225,7 +225,7 @@ in { description = "JACK Audio system service user"; isSystemUser = true; }; - # http://jackaudio.org/faq/linux_rt_config.html + # https://jackaudio.org/faq/linux_rt_config.html security.pam.loginLimits = [ { domain = "@jackaudio"; type = "-"; item = "rtprio"; value = "99"; } { domain = "@jackaudio"; type = "-"; item = "memlock"; value = "unlimited"; } diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index 51475171bf3..ff16795c820 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -54,7 +54,7 @@ in only the hosts listed in {var}`dataDir`/remote_hosts.cfg will be allowed to connect. - See also: + See also: ''; }; diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index 344c43a429b..1cbe7b893f8 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -6,7 +6,7 @@ let cfg = config.services.slurm; opt = options.services.slurm; - # configuration file can be generated by http://slurm.schedmd.com/configurator.html + # configuration file can be generated by https://slurm.schedmd.com/configurator.html defaultUser = "slurm"; diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix index 0a81a8dceee..bfecfbb3664 100644 --- a/nixos/modules/services/databases/couchdb.nix +++ b/nixos/modules/services/databases/couchdb.nix @@ -79,7 +79,7 @@ in { ''; }; - # couchdb options: http://docs.couchdb.org/en/latest/config/index.html + # couchdb options: https://docs.couchdb.org/en/latest/config/index.html databaseDir = mkOption { type = types.path; diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix index 26ed46f0e60..3927c81d953 100644 --- a/nixos/modules/services/databases/firebird.nix +++ b/nixos/modules/services/databases/firebird.nix @@ -17,7 +17,7 @@ # There are at least two ways to run firebird. superserver has been chosen # however there are no strong reasons to prefer this or the other one AFAIK # Eg superserver is said to be most efficiently using resources according to -# http://www.firebirdsql.org/manual/qsg25-classic-or-super.html +# https://www.firebirdsql.org/manual/qsg25-classic-or-super.html with lib; diff --git a/nixos/modules/services/databases/pgmanage.nix b/nixos/modules/services/databases/pgmanage.nix index 12c8253ab49..a0933a5ffc4 100644 --- a/nixos/modules/services/databases/pgmanage.nix +++ b/nixos/modules/services/databases/pgmanage.nix @@ -66,7 +66,7 @@ in { pgmanage requires at least one PostgreSQL server be defined. Detailed information about PostgreSQL connection strings is available at: - + Note that you should not specify your user name or password. That information will be entered on the login screen. If you specify a diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index e4b679a3eee..d65d9616e2f 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -5,7 +5,7 @@ *Source:* {file}`modules/services/databases/postgresql.nix` -*Upstream documentation:* +*Upstream documentation:* diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 21e6a60e32a..af4db5c9611 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -588,7 +588,7 @@ in else "simple"; # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See - # http://www.postgresql.org/docs/current/static/server-shutdown.html + # https://www.postgresql.org/docs/current/server-shutdown.html KillSignal = "SIGINT"; KillMode = "mixed"; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 86b295dadf4..315a0282cd7 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -63,7 +63,7 @@ in { vmOverCommit = mkEnableOption (lib.mdDoc '' setting of vm.overcommit_memory to 1 - (Suggested for Background Saving: http://redis.io/topics/faq) + (Suggested for Background Saving: ) ''); servers = mkOption { diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 24987374ab0..08ca7a0d247 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -279,7 +279,7 @@ in default = true; type = types.bool; description = lib.mdDoc '' - Whether to assign [predictable names to network interfaces](http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames). + Whether to assign [predictable names to network interfaces](https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/). If enabled, interfaces are assigned names that contain topology information (e.g. `wlp3s0`) and thus should be stable diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix index e9e3ae1f14c..42d52a61639 100644 --- a/nixos/modules/services/logging/logstash.nix +++ b/nixos/modules/services/logging/logstash.nix @@ -123,7 +123,7 @@ in example = '' if [type] == "syslog" { # Keep only relevant systemd fields - # http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html + # https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html prune { whitelist_names => [ "type", "@timestamp", "@version", diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index 632b7caaac4..335b1b684b1 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -186,7 +186,7 @@ let defaultFirewallRules = { # udp 1900 port needs to be opened for SSDP (not configurable within # mediatomb/gerbera) cf. - # http://docs.gerbera.io/en/latest/run.html?highlight=udp%20port#network-setup + # https://docs.gerbera.io/en/latest/run.html?highlight=udp%20port#network-setup allowedUDPPorts = [ 1900 cfg.port ]; allowedTCPPorts = [ cfg.port ]; }; diff --git a/nixos/modules/services/monitoring/bosun.nix b/nixos/modules/services/monitoring/bosun.nix index dc75fda6ed8..1dc19743461 100644 --- a/nixos/modules/services/monitoring/bosun.nix +++ b/nixos/modules/services/monitoring/bosun.nix @@ -108,7 +108,7 @@ in { option. A detailed description of the supported syntax can be found at-spi2-atk - http://bosun.org/configuration.html + https://bosun.org/configuration.html ''; }; diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index e90a0e9d16d..5e21407042b 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -88,7 +88,7 @@ let # Get a submodule without any embedded metadata: _filter = x: filterAttrs (k: v: k != "_module") x; - # http://docs.grafana.org/administration/provisioning/#datasources + # https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources grafanaTypes.datasourceConfig = types.submodule { freeformType = provisioningSettingsFormat.type; @@ -140,7 +140,7 @@ let }; }; - # http://docs.grafana.org/administration/provisioning/#dashboards + # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards grafanaTypes.dashboardConfig = types.submodule { freeformType = provisioningSettingsFormat.type; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index 65c91b8f79b..cc3d7097620 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -102,7 +102,7 @@ in { default = ""; description = lib.mdDoc '' Graphite webapp settings. See: - + ''; }; }; diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index 90a51181ac3..5ed7cac48ae 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -4,7 +4,7 @@ # TODO: LWP/Pg perl libs aren't recognized # TODO: support fastcgi -# http://guide.munin-monitoring.org/en/latest/example/webserver/apache-cgi.html +# https://guide.munin-monitoring.org/en/latest/example/webserver/apache-cgi.html # spawn-fcgi -s /run/munin/fastcgi-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph # spawn-fcgi -s /run/munin/fastcgi-html.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html # https://paste.sh/vofcctHP#-KbDSXVeWoifYncZmLfZzgum @@ -147,7 +147,7 @@ in Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons. - See . + See . ''; }; @@ -156,7 +156,7 @@ in type = types.lines; description = lib.mdDoc '' {file}`munin-node.conf` extra configuration. See - + ''; }; @@ -165,7 +165,7 @@ in type = types.lines; description = lib.mdDoc '' {file}`plugin-conf.d` extra plugin configuration. See - + ''; example = '' [fail2ban_*] @@ -273,9 +273,9 @@ in type = types.lines; description = lib.mdDoc '' {file}`munin.conf` extra global configuration. - See . + See . Useful to setup notifications, see - + ''; example = '' contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com @@ -288,7 +288,7 @@ in description = lib.mdDoc '' Definitions of hosts of nodes to collect data from. Needs at least one host for cron to succeed. See - + ''; example = literalExpression '' ''' diff --git a/nixos/modules/services/monitoring/nagios.nix b/nixos/modules/services/monitoring/nagios.nix index 8feff22c118..dc5fa1be292 100644 --- a/nixos/modules/services/monitoring/nagios.nix +++ b/nixos/modules/services/monitoring/nagios.nix @@ -88,7 +88,7 @@ in options = { services.nagios = { - enable = mkEnableOption (lib.mdDoc ''[Nagios](http://www.nagios.org/) to monitor your system or network.''); + enable = mkEnableOption (lib.mdDoc ''[Nagios](https://www.nagios.org/) to monitor your system or network.''); objectDefs = mkOption { description = lib.mdDoc '' diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix index 926c3c3bd52..866661cf4e6 100644 --- a/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -176,7 +176,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS DIR service. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; replication = { @@ -218,7 +218,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS DIR replication plugin. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; }; @@ -319,7 +319,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS MRC service. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; replication = { @@ -361,7 +361,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS MRC replication plugin. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; }; @@ -438,7 +438,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS OSD service. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; }; diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index 5a1d03f0721..279927781ed 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -139,7 +139,7 @@ in path. See - + for more examples of what is possible here. ''; }; diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index f872daf05b8..808e7b66d36 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -239,7 +239,7 @@ in enable = mkEnableOption (lib.mdDoc "I2Pd daemon") // { description = lib.mdDoc '' Enables I2Pd as a running service upon activation. - Please read http://i2pd.readthedocs.io/en/latest/ for further + Please read for further configuration help. ''; }; diff --git a/nixos/modules/services/networking/ntp/ntpd.nix b/nixos/modules/services/networking/ntp/ntpd.nix index 036a8df635d..2bc690cacf0 100644 --- a/nixos/modules/services/networking/ntp/ntpd.nix +++ b/nixos/modules/services/networking/ntp/ntpd.nix @@ -56,7 +56,7 @@ in The default flags prevent external hosts from using ntpd as a DDoS reflector, setting system time, and querying OS/ntpd version. As recommended in section 6.5.1.1.3, answer "No" of - http://support.ntp.org/bin/view/Support/AccessRestrictions + https://support.ntp.org/Support/AccessRestrictions ''; default = [ "limited" "kod" "nomodify" "notrap" "noquery" "nopeer" ]; }; diff --git a/nixos/modules/services/networking/tox-bootstrapd.nix b/nixos/modules/services/networking/tox-bootstrapd.nix index 5c7e7a4c220..0f310a28d26 100644 --- a/nixos/modules/services/networking/tox-bootstrapd.nix +++ b/nixos/modules/services/networking/tox-bootstrapd.nix @@ -47,7 +47,7 @@ in lib.mdDoc '' Configuration for bootstrap daemon. See - and . + and . ''; }; }; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index b98cb5283a1..5efb9334ea0 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -148,7 +148,7 @@ in type = types.bool; default = true; description = lib.mdDoc '' - Whether to enable [Micro Transport Protocol (µTP)](http://en.wikipedia.org/wiki/Micro_Transport_Protocol). + Whether to enable [Micro Transport Protocol (µTP)](https://en.wikipedia.org/wiki/Micro_Transport_Protocol). ''; }; options.watch-dir = mkOption { diff --git a/nixos/modules/services/video/unifi-video.nix b/nixos/modules/services/video/unifi-video.nix index cb438a08150..5c93f60cbd7 100644 --- a/nixos/modules/services/video/unifi-video.nix +++ b/nixos/modules/services/video/unifi-video.nix @@ -32,7 +32,7 @@ let name = "mongo.conf"; executable = false; text = '' - # for documentation of all options, see http://docs.mongodb.org/manual/reference/configuration-options/ + # for documentation of all options, see https://www.mongodb.com/docs/manual/reference/configuration-options/ storage: dbPath: ${cfg.dataDir}/db @@ -63,7 +63,7 @@ let executable = false; text = '' # for documentation of all options, see: - # http://docs.mongodb.org/manual/reference/configuration-options/ + # https://www.mongodb.com/docs/manual/reference/configuration-options/ storage: dbPath: ${cfg.dataDir}/db-wt diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index f80eb6b4c7f..da1dba7d940 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -407,7 +407,7 @@ in type = with lib.types; nullOr (enum ["plain" "login" "cram_md5"]); default = null; description = lib.mdDoc '' - Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html + Authentication type to use, see https://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; @@ -423,7 +423,7 @@ in type = lib.types.str; default = "peer"; description = lib.mdDoc '' - How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html + How OpenSSL checks the certificate, see https://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md index a25bed30e47..ecc7f380592 100644 --- a/nixos/modules/services/web-apps/nextcloud.md +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -49,7 +49,7 @@ used by the imperative installer and all values are written to an additional fil to ensure that changes can be applied by changing the module's options. In case the application serves multiple domains (those are checked with -[`$_SERVER['HTTP_HOST']`](http://php.net/manual/en/reserved.variables.server.php)) +[`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php)) it's needed to add them to [`services.nextcloud.config.extraTrustedDomains`](#opt-services.nextcloud.config.extraTrustedDomains). diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 592ab253f7d..7b2e3be4295 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -430,7 +430,7 @@ let background processes while not running tt-rss, this method is generally viable to keep your feeds up to date. Still, there are more robust (and recommended) updating methods - available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds + available, you can read about them here: ''; }; diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index 729a633a36c..eaa113c0d52 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -10,7 +10,7 @@ let # List of known lighttpd modules, ordered by how the lighttpd documentation # recommends them being imported: - # http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails + # https://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails # # Some modules are always imported and should not appear in the config: # disallowedModules = [ "mod_indexfile" "mod_dirlisting" "mod_staticfile" ]; @@ -84,8 +84,8 @@ let # server.modules += () entries in each sub-service extraConfig snippet, # read this: # - # http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails - # http://redmine.lighttpd.net/issues/2337 + # https://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails + # https://redmine.lighttpd.net/issues/2337 # # Basically, lighttpd doesn't want to load (or even silently ignore) a # module for a second time, and there is no way to check if a module has diff --git a/nixos/modules/services/web-servers/mighttpd2.nix b/nixos/modules/services/web-servers/mighttpd2.nix index 2d887af87c7..bdd6d8b62aa 100644 --- a/nixos/modules/services/web-servers/mighttpd2.nix +++ b/nixos/modules/services/web-servers/mighttpd2.nix @@ -44,7 +44,7 @@ in { type = types.lines; description = lib.mdDoc '' Verbatim config file to use - (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html) + (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; }; @@ -78,7 +78,7 @@ in { type = types.lines; description = lib.mdDoc '' Verbatim routing file to use - (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html) + (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; }; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index f2e8585a936..cf70dc32594 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -955,7 +955,7 @@ in default = {}; description = lib.mdDoc '' Configure a proxy cache path entry. - See for documentation. + See for documentation. ''; }; diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index d4b2a50cb8a..28dd408c923 100644 --- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -63,7 +63,7 @@ in # make available for D-BUS user services #export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${e.efl}/share - # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ + # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update fi ''; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 8b5daf83de1..12bdd933337 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -455,7 +455,7 @@ in pkgs.glib # for gsettings program pkgs.gnome-menus pkgs.gtk3.out # for gtk-launch program - pkgs.xdg-user-dirs # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ + pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ]; in mandatoryPackages diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index eef7aa14057..d82d19b26cd 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -201,7 +201,7 @@ in onboard orca # elementary/greeter#668 sound-theme-freedesktop - xdg-user-dirs # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ + xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ]) ++ (with pkgs.pantheon; [ # Artwork elementary-gtk-theme diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 1f08ded7c96..16a7ff1a4bd 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -96,7 +96,7 @@ let )} # Speed up application start by 50-150ms according to - # http://kdemonkey.blogspot.nl/2008/04/magic-trick.html + # https://kdemonkey.blogspot.com/2008/04/magic-trick.html compose_cache="''${XCOMPOSECACHE:-$HOME/.compose-cache}" mkdir -p "$compose_cache" # To avoid accidentally deleting a wrongly set up XCOMPOSECACHE directory, diff --git a/nixos/modules/services/x11/display-managers/xpra.nix b/nixos/modules/services/x11/display-managers/xpra.nix index cb78f52d9b6..0861530f21e 100644 --- a/nixos/modules/services/x11/display-managers/xpra.nix +++ b/nixos/modules/services/x11/display-managers/xpra.nix @@ -60,11 +60,11 @@ in VertRefresh 1.0 - 200.0 #To add your own modes here, use a modeline calculator, like: # cvt: - # http://www.x.org/archive/X11R7.5/doc/man/man1/cvt.1.html + # https://www.x.org/archive/X11R7.5/doc/man/man1/cvt.1.html # xtiming: - # http://xtiming.sourceforge.net/cgi-bin/xtiming.pl + # https://xtiming.sourceforge.net/cgi-bin/xtiming.pl # gtf: - # http://gtf.sourceforge.net/ + # https://gtf.sourceforge.net/ #This can be used to get a specific DPI, but only for the default resolution: #DisplaySize 508 317 #NOTE: the highest modes will not work without increasing the VideoRam diff --git a/nixos/modules/services/x11/imwheel.nix b/nixos/modules/services/x11/imwheel.nix index 133e64c65cd..bd2bcb7bcd0 100644 --- a/nixos/modules/services/x11/imwheel.nix +++ b/nixos/modules/services/x11/imwheel.nix @@ -37,7 +37,7 @@ in Window class translation rules. /etc/X11/imwheelrc is generated based on this config which means this config is global for all users. - See [official man pages](http://imwheel.sourceforge.net/imwheel.1.html) + See [official man pages](https://imwheel.sourceforge.net/imwheel.1.html) for more information. ''; }; diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix index 5ef3c5cd52a..13df6090711 100644 --- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix @@ -25,7 +25,7 @@ in under `/boot/extlinux.conf`. For instance, U-Boot's generic distro boot support uses this file format. - See [U-boot's documentation](http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.distro;hb=refs/heads/master) + See [U-boot's documentation](https://u-boot.readthedocs.io/en/latest/develop/distro.html) for more information. ''; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 468f701ae5b..7097e1d83dc 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -339,7 +339,7 @@ in See the [ GRUB source code - ](http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326) + ](https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326) for which disk modules are available. The list elements are passed directly as `argv` diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 06c329e006b..ca560d63f3b 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -537,7 +537,7 @@ in description = lib.mdDoc '' Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. - More information is available at . + More information is available at . This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them! diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 322a234e0c4..13c71e1495e 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -284,7 +284,7 @@ let # in the NixOS installation CD, so use ID_CDROM_MEDIA in the # corresponding udev rules for now. This was the behaviour in # udev <= 154. See also - # http://www.spinics.net/lists/hotplug/msg03935.html + # https://www.spinics.net/lists/hotplug/msg03935.html substituteInPlace $out/60-persistent-storage.rules \ --replace ID_CDROM_MEDIA_TRACK_COUNT_DATA ID_CDROM_MEDIA ''; # */ diff --git a/pkgs/applications/emulators/gxemul/default.nix b/pkgs/applications/emulators/gxemul/default.nix index cacb521c2fb..05f837b1876 100644 --- a/pkgs/applications/emulators/gxemul/default.nix +++ b/pkgs/applications/emulators/gxemul/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { version = "0.7.0"; src = fetchurl { - url = "http://gavare.se/gxemul/src/${pname}-${version}.tar.gz"; + url = "https://gavare.se/gxemul/src/${pname}-${version}.tar.gz"; sha256 = "sha256-ecRDfG+MqQT0bTOsNgYqZf3PSpKiSEeOQIqxEpXPjoM="; }; @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://gavare.se/gxemul/"; + homepage = "https://gavare.se/gxemul/"; description = "Gavare's experimental emulator"; longDescription = '' GXemul is a framework for full-system computer architecture diff --git a/pkgs/applications/file-managers/dfilemanager/default.nix b/pkgs/applications/file-managers/dfilemanager/default.nix index 2c374511af5..6c5544aded3 100644 --- a/pkgs/applications/file-managers/dfilemanager/default.nix +++ b/pkgs/applications/file-managers/dfilemanager/default.nix @@ -17,7 +17,7 @@ mkDerivation { cmakeFlags = [ "-DQT5BUILD=true" ]; meta = { - homepage = "http://dfilemanager.sourceforge.net/"; + homepage = "https://github.com/probonopd/dfilemanager"; description = "File manager written in Qt/C++"; license = lib.licenses.gpl2; platforms = lib.platforms.unix; diff --git a/pkgs/applications/graphics/openscad/default.nix b/pkgs/applications/graphics/openscad/default.nix index 37fcc0eb48e..fc048d4acae 100644 --- a/pkgs/applications/graphics/openscad/default.nix +++ b/pkgs/applications/graphics/openscad/default.nix @@ -105,7 +105,7 @@ mkDerivation rec { machine parts but pretty sure is not what you are looking for when you are more interested in creating computer-animated movies. ''; - homepage = "http://openscad.org/"; + homepage = "https://openscad.org/"; license = lib.licenses.gpl2; platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ bjornfor raskin gebner ]; diff --git a/pkgs/applications/graphics/pikopixel/default.nix b/pkgs/applications/graphics/pikopixel/default.nix index 58a52aee494..0463958b4c6 100644 --- a/pkgs/applications/graphics/pikopixel/default.nix +++ b/pkgs/applications/graphics/pikopixel/default.nix @@ -13,7 +13,7 @@ in gnustep'.gsmakeDerivation rec { version = "1.0-b10"; src = fetchurl { - url = "http://twilightedge.com/downloads/PikoPixel.Sources.${version}.tar.gz"; + url = "https://twilightedge.com/downloads/PikoPixel.Sources.${version}.tar.gz"; sha256 = "1b27npgsan2nx1p581b9q2krx4506yyd6s34r4sf1r9x9adshm77"; }; @@ -38,8 +38,8 @@ in gnustep'.gsmakeDerivation rec { meta = with lib; { description = "Application for drawing and editing pixel-art images"; - homepage = "http://twilightedge.com/mac/pikopixel/"; - downloadPage = "http://twilightedge.com/mac/pikopixel/"; + homepage = "https://twilightedge.com/mac/pikopixel/"; + downloadPage = "https://twilightedge.com/mac/pikopixel/"; license = licenses.agpl3; maintainers = with maintainers; [ fgaz ]; platforms = platforms.all; diff --git a/pkgs/applications/graphics/viewnior/default.nix b/pkgs/applications/graphics/viewnior/default.nix index 74cc2bdc4e8..7f90c815837 100644 --- a/pkgs/applications/graphics/viewnior/default.nix +++ b/pkgs/applications/graphics/viewnior/default.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { in mind (follows Gnome HIG2). ''; license = licenses.gpl3; - homepage = "http://siyanpanayotov.com/project/viewnior/"; + homepage = "https://siyanpanayotov.com/project/viewnior/"; maintainers = with maintainers; [ smironov artturin ]; platforms = platforms.gnu ++ platforms.linux; }; diff --git a/pkgs/applications/misc/yate/default.nix b/pkgs/applications/misc/yate/default.nix index 07857fbf5e9..76eb27a624c 100644 --- a/pkgs/applications/misc/yate/default.nix +++ b/pkgs/applications/misc/yate/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { meta = { description = "Yet another telephony engine"; - homepage = "http://yate.ro/"; + homepage = "https://yate.ro/"; # Yate's license is GPL with an exception for linking with # OpenH323 and PWlib (licensed under MPL). license = lib.licenses.gpl2Only; diff --git a/pkgs/applications/networking/irc/kirc/default.nix b/pkgs/applications/networking/irc/kirc/default.nix index b0e771a80f4..c21a444b61c 100644 --- a/pkgs/applications/networking/irc/kirc/default.nix +++ b/pkgs/applications/networking/irc/kirc/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { installFlags = [ "PREFIX=$(out)" ]; meta = with lib; { - homepage = "http://kirc.io/"; + homepage = "https://mcpcpc.github.io/kirc/"; description = "Tiny IRC client written in C99"; longDescription = '' kirc is a tiny open-source Internet Relay Chat (IRC) client designed with diff --git a/pkgs/applications/networking/irc/kvirc/default.nix b/pkgs/applications/networking/irc/kvirc/default.nix index 8c1a96d5234..eb443666764 100644 --- a/pkgs/applications/networking/irc/kvirc/default.nix +++ b/pkgs/applications/networking/irc/kvirc/default.nix @@ -24,7 +24,7 @@ mkDerivation rec { meta = with lib; { description = "Advanced IRC Client"; - homepage = "http://www.kvirc.net/"; + homepage = "https://www.kvirc.net/"; license = licenses.gpl2; maintainers = [ maintainers.suhr ]; platforms = platforms.linux; diff --git a/pkgs/applications/networking/p2p/mldonkey/default.nix b/pkgs/applications/networking/p2p/mldonkey/default.nix index 7bc5e2f5967..81a625e5210 100644 --- a/pkgs/applications/networking/p2p/mldonkey/default.nix +++ b/pkgs/applications/networking/p2p/mldonkey/default.nix @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { meta = { broken = stdenv.isDarwin; description = "Client for many p2p networks, with multiple frontends"; - homepage = "http://mldonkey.sourceforge.net/"; + homepage = "https://github.com/ygrek/mldonkey"; license = lib.licenses.gpl2Only; platforms = lib.platforms.unix; }; diff --git a/pkgs/applications/radio/ebook2cw/default.nix b/pkgs/applications/radio/ebook2cw/default.nix index 6c3fbc16c40..329d87d80f4 100644 --- a/pkgs/applications/radio/ebook2cw/default.nix +++ b/pkgs/applications/radio/ebook2cw/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Convert ebooks to Morse MP3s/OGGs"; - homepage = "http://fkurz.net/ham/ebook2cw.html"; + homepage = "https://fkurz.net/ham/ebook2cw.html"; license = licenses.gpl2; platforms = platforms.all; maintainers = with maintainers; [ earldouglas ]; diff --git a/pkgs/applications/science/logic/aiger/default.nix b/pkgs/applications/science/logic/aiger/default.nix index 15c45466b13..4f3f585c220 100644 --- a/pkgs/applications/science/logic/aiger/default.nix +++ b/pkgs/applications/science/logic/aiger/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { version = "1.9.9"; src = fetchurl { - url = "http://fmv.jku.at/aiger/${pname}-${version}.tar.gz"; + url = "https://fmv.jku.at/aiger/${pname}-${version}.tar.gz"; sha256 = "1ish0dw0nf9gyghxsdhpy1jjiy5wp54c993swp85xp7m6vdx6l0y"; }; @@ -47,7 +47,7 @@ stdenv.mkDerivation rec { meta = { description = "And-Inverter Graph (AIG) utilities"; - homepage = "http://fmv.jku.at/aiger/"; + homepage = "https://fmv.jku.at/aiger/"; license = lib.licenses.mit; maintainers = with lib.maintainers; [ thoughtpolice ]; platforms = lib.platforms.unix; diff --git a/pkgs/applications/science/logic/cadical/default.nix b/pkgs/applications/science/logic/cadical/default.nix index 9bfadc41f60..a9b27877ab1 100644 --- a/pkgs/applications/science/logic/cadical/default.nix +++ b/pkgs/applications/science/logic/cadical/default.nix @@ -43,6 +43,6 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ shnarazk ]; platforms = platforms.unix; license = licenses.mit; - homepage = "http://fmv.jku.at/cadical"; + homepage = "https://fmv.jku.at/cadical/"; }; } diff --git a/pkgs/applications/science/logic/cvc3/default.nix b/pkgs/applications/science/logic/cvc3/default.nix index cfa8f62990c..0385909610e 100644 --- a/pkgs/applications/science/logic/cvc3/default.nix +++ b/pkgs/applications/science/logic/cvc3/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { version = "2.4.1"; src = fetchurl { - url = "http://www.cs.nyu.edu/acsys/cvc3/releases/${version}/${pname}-${version}.tar.gz"; + url = "https://cs.nyu.edu/acsys/cvc3/releases/${version}/${pname}-${version}.tar.gz"; sha256 = "1xxcwhz3y6djrycw8sm6xz83wb4hb12rd1n0skvc7fng0rh1snym"; }; @@ -32,11 +32,11 @@ stdenv.mkDerivation rec { [ raskin ]; platforms = platforms.unix; license = licenses.free; - homepage = "http://www.cs.nyu.edu/acsys/cvc3/index.html"; + homepage = "https://cs.nyu.edu/acsys/cvc3/index.html"; }; passthru = { updateInfo = { - downloadPage = "http://www.cs.nyu.edu/acsys/cvc3/download.html"; + downloadPage = "https://cs.nyu.edu/acsys/cvc3/download.html"; }; }; } diff --git a/pkgs/applications/science/logic/kissat/default.nix b/pkgs/applications/science/logic/kissat/default.nix index 2941952287b..d1703340527 100644 --- a/pkgs/applications/science/logic/kissat/default.nix +++ b/pkgs/applications/science/logic/kissat/default.nix @@ -48,6 +48,6 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ shnarazk ]; platforms = platforms.unix; license = licenses.mit; - homepage = "http://fmv.jku.at/kissat"; + homepage = "https://fmv.jku.at/kissat"; }; } diff --git a/pkgs/applications/science/logic/picosat/default.nix b/pkgs/applications/science/logic/picosat/default.nix index 48def5fc2e4..1fef05069a6 100644 --- a/pkgs/applications/science/logic/picosat/default.nix +++ b/pkgs/applications/science/logic/picosat/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { version = "965"; src = fetchurl { - url = "http://fmv.jku.at/picosat/${pname}-${version}.tar.gz"; + url = "https://fmv.jku.at/picosat/${pname}-${version}.tar.gz"; sha256 = "0m578rpa5rdn08d10kr4lbsdwp4402hpavrz6n7n53xs517rn5hm"; }; @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { meta = { description = "SAT solver with proof and core support"; - homepage = "http://fmv.jku.at/picosat/"; + homepage = "https://fmv.jku.at/picosat/"; license = lib.licenses.mit; platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ roconnor thoughtpolice ]; diff --git a/pkgs/applications/science/math/colpack/default.nix b/pkgs/applications/science/math/colpack/default.nix index 3cc9290a762..d5ab38ff751 100644 --- a/pkgs/applications/science/math/colpack/default.nix +++ b/pkgs/applications/science/math/colpack/default.nix @@ -35,7 +35,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "A package comprising of implementations of algorithms for vertex coloring and derivative computation"; - homepage = "http://cscapes.cs.purdue.edu/coloringpage/software.htm#functionalities"; + homepage = "https://cscapes.cs.purdue.edu/coloringpage/software.htm#functionalities"; license = licenses.lgpl3Plus; platforms = platforms.unix; maintainers = with maintainers; [ edwtjo ]; diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index ea96f7f241b..0dc91af767f 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -266,11 +266,8 @@ stdenv.mkDerivation (finalAttrs: { requiredSystemFeatures = [ "big-parallel" ]; meta = with lib; { - homepage = "http://www.qemu.org/"; - description = - if toolsOnly - then "Support tools for qemu, a machine emulator and virtualizer" - else "A generic and open source machine emulator and virtualizer"; + homepage = "https://www.qemu.org/"; + description = "A generic and open source machine emulator and virtualizer"; license = licenses.gpl2Plus; maintainers = with maintainers; [ eelco qyliss ]; platforms = platforms.unix; diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix index 163812bdccf..4e4d7e7d0a9 100644 --- a/pkgs/applications/virtualization/virt-manager/default.nix +++ b/pkgs/applications/virtualization/virt-manager/default.nix @@ -83,7 +83,7 @@ python3.pkgs.buildPythonApplication rec { ''; meta = with lib; { - homepage = "http://virt-manager.org"; + homepage = "https://virt-manager.org"; description = "Desktop user interface for managing virtual machines"; longDescription = '' The virt-manager application is a desktop user interface for managing diff --git a/pkgs/applications/virtualization/virt-viewer/default.nix b/pkgs/applications/virtualization/virt-viewer/default.nix index 0e24dd9b08f..58d9edb269a 100644 --- a/pkgs/applications/virtualization/virt-viewer/default.nix +++ b/pkgs/applications/virtualization/virt-viewer/default.nix @@ -104,7 +104,7 @@ stdenv.mkDerivation rec { }; passthru = { updateInfo = { - downloadPage = "http://virt-manager.org/download.html"; + downloadPage = "https://virt-manager.org/download.html"; }; }; } diff --git a/pkgs/data/soundfonts/generaluser/default.nix b/pkgs/data/soundfonts/generaluser/default.nix index 5191199e647..abe1ea4ceac 100644 --- a/pkgs/data/soundfonts/generaluser/default.nix +++ b/pkgs/data/soundfonts/generaluser/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { # we can't use fetchurl since stdenv does not handle unpacking *.zip's by default. src = fetchzip { - # Linked on http://www.schristiancollins.com/generaluser.php: + # Linked on https://www.schristiancollins.com/generaluser.php: url = "https://www.dropbox.com/s/4x27l49kxcwamp5/GeneralUser_GS_${version}.zip"; sha256 = "sha256-lwUlWubXiVZ8fijKuNF54YQjT0uigjNAbjKaNjmC51s="; }; @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "a SoundFont bank featuring 259 instrument presets and 11 drum kits"; - homepage = "http://www.schristiancollins.com/generaluser.php"; + homepage = "https://www.schristiancollins.com/generaluser.php"; license = licenses.generaluser; platforms = platforms.all; maintainers = with maintainers; [ ckie ]; diff --git a/pkgs/development/compilers/pforth/default.nix b/pkgs/development/compilers/pforth/default.nix index d0766fe1376..aadc72c174e 100644 --- a/pkgs/development/compilers/pforth/default.nix +++ b/pkgs/development/compilers/pforth/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: { ''; meta = { - homepage = "http://www.softsynth.com/pforth/"; + homepage = "https://www.softsynth.com/pforth/"; description = "Portable Portable ANS-like Forth written in ANSI 'C'"; changelog = "https://github.com/philburk/pforth/blob/v${finalAttrs.version}/RELEASES.md"; license = lib.licenses.bsd0; diff --git a/pkgs/development/compilers/uasm/default.nix b/pkgs/development/compilers/uasm/default.nix index cae9a17ccca..9fe0e42cb13 100644 --- a/pkgs/development/compilers/uasm/default.nix +++ b/pkgs/development/compilers/uasm/default.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { }; meta = with lib; { - homepage = "http://www.terraspace.co.uk/uasm.html"; + homepage = "https://www.terraspace.co.uk/uasm.html"; description = "A free MASM-compatible assembler based on JWasm"; platforms = platforms.unix; maintainers = with maintainers; [ thiagokokada ]; diff --git a/pkgs/development/interpreters/picolisp/default.nix b/pkgs/development/interpreters/picolisp/default.nix index b85f99a7b52..4e589cb722e 100644 --- a/pkgs/development/interpreters/picolisp/default.nix +++ b/pkgs/development/interpreters/picolisp/default.nix @@ -60,7 +60,7 @@ stdenv.mkDerivation rec { passthru = { updateInfo = { - downloadPage = "http://www.software-lab.de/down.html"; + downloadPage = "https://www.software-lab.de/down.html"; }; }; } diff --git a/pkgs/development/libraries/ctpp2/default.nix b/pkgs/development/libraries/ctpp2/default.nix index c8bc708a2aa..5aac0850a74 100644 --- a/pkgs/development/libraries/ctpp2/default.nix +++ b/pkgs/development/libraries/ctpp2/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { version = "2.8.3"; src = fetchurl { - url = "http://ctpp.havoc.ru/download/${pname}-${version}.tar.gz"; + url = "https://ctpp.havoc.ru/download/${pname}-${version}.tar.gz"; sha256 = "1z22zfw9lb86z4hcan9hlvji49c9b7vznh7gjm95gnvsh43zsgx8"; }; @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "A high performance templating engine"; - homepage = "http://ctpp.havoc.ru"; + homepage = "https://ctpp.havoc.ru/"; maintainers = [ maintainers.robbinch ]; platforms = platforms.linux; license = licenses.bsd2; diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix index e9f0f013fe2..a809eda31c0 100644 --- a/pkgs/development/libraries/dbus/default.nix +++ b/pkgs/development/libraries/dbus/default.nix @@ -114,7 +114,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Simple interprocess messaging system"; - homepage = "http://www.freedesktop.org/wiki/Software/dbus/"; + homepage = "https://www.freedesktop.org/wiki/Software/dbus/"; changelog = "https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-${version}/NEWS"; license = licenses.gpl2Plus; # most is also under AFL-2.1 maintainers = teams.freedesktop.members ++ (with maintainers; [ ]); diff --git a/pkgs/development/libraries/irrlicht/default.nix b/pkgs/development/libraries/irrlicht/default.nix index 7a68f130663..fa5d2b3b0c9 100644 --- a/pkgs/development/libraries/irrlicht/default.nix +++ b/pkgs/development/libraries/irrlicht/default.nix @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { ] ++ lib.optional stdenv.isAarch64 zlib; meta = { - homepage = "http://irrlicht.sourceforge.net/"; + homepage = "https://irrlicht.sourceforge.io/"; license = lib.licenses.zlib; description = "Open source high performance realtime 3D engine written in C++"; platforms = lib.platforms.linux ++ lib.platforms.darwin; diff --git a/pkgs/development/libraries/irrlicht/mac.nix b/pkgs/development/libraries/irrlicht/mac.nix index a7901466081..b3ef27e3877 100644 --- a/pkgs/development/libraries/irrlicht/mac.nix +++ b/pkgs/development/libraries/irrlicht/mac.nix @@ -35,7 +35,7 @@ stdenv.mkDerivation rec { buildInputs = [ OpenGL Cocoa IOKit ]; meta = { - homepage = "http://irrlicht.sourceforge.net/"; + homepage = "https://irrlicht.sourceforge.net/"; license = lib.licenses.zlib; description = "Open source high performance realtime 3D engine written in C++"; platforms = lib.platforms.darwin; diff --git a/pkgs/development/libraries/libcdr/default.nix b/pkgs/development/libraries/libcdr/default.nix index b3087f0abea..64695aaa55d 100644 --- a/pkgs/development/libraries/libcdr/default.nix +++ b/pkgs/development/libraries/libcdr/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { meta = { description = "A library providing ability to interpret and import Corel Draw drawings into various applications"; - homepage = "http://www.freedesktop.org/wiki/Software/libcdr"; + homepage = "https://wiki.documentfoundation.org/DLP/Libraries/libcdr"; platforms = lib.platforms.all; license = lib.licenses.mpl20; }; diff --git a/pkgs/development/libraries/libevdev/default.nix b/pkgs/development/libraries/libevdev/default.nix index 90853d5f2db..c8db600dce8 100644 --- a/pkgs/development/libraries/libevdev/default.nix +++ b/pkgs/development/libraries/libevdev/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Wrapper library for evdev devices"; - homepage = "http://www.freedesktop.org/software/libevdev/doc/latest/index.html"; + homepage = "https://www.freedesktop.org/software/libevdev/doc/latest/index.html"; license = licenses.mit; platforms = platforms.linux; maintainers = [ maintainers.amorsillo ]; diff --git a/pkgs/development/libraries/libproxy/default.nix b/pkgs/development/libraries/libproxy/default.nix index 62ddcd67390..5c7a3162502 100644 --- a/pkgs/development/libraries/libproxy/default.nix +++ b/pkgs/development/libraries/libproxy/default.nix @@ -76,7 +76,7 @@ stdenv.mkDerivation rec { meta = with lib; { platforms = platforms.linux ++ platforms.darwin; license = licenses.lgpl21; - homepage = "http://libproxy.github.io/libproxy/"; + homepage = "https://libproxy.github.io/libproxy/"; description = "A library that provides automatic proxy configuration management"; }; } diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix index 14e730d69e5..b4eeed32d59 100644 --- a/pkgs/development/libraries/libsodium/default.nix +++ b/pkgs/development/libraries/libsodium/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation (finalAttrs: { meta = with lib; { description = "A modern and easy-to-use crypto library"; - homepage = "http://doc.libsodium.org/"; + homepage = "https://doc.libsodium.org/"; license = licenses.isc; maintainers = with maintainers; [ raskin ]; pkgConfigModules = [ "libsodium" ]; diff --git a/pkgs/development/libraries/libtsm/default.nix b/pkgs/development/libraries/libtsm/default.nix index 75773296fab..c8e00cf4a94 100644 --- a/pkgs/development/libraries/libtsm/default.nix +++ b/pkgs/development/libraries/libtsm/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Terminal-emulator State Machine"; - homepage = "http://www.freedesktop.org/wiki/Software/kmscon/libtsm/"; + homepage = "https://www.freedesktop.org/wiki/Software/kmscon/libtsm/"; license = licenses.mit; maintainers = with maintainers; [ ]; platforms = platforms.linux; diff --git a/pkgs/development/libraries/openfx/default.nix b/pkgs/development/libraries/openfx/default.nix index 201bf16ad64..2bfb0870858 100644 --- a/pkgs/development/libraries/openfx/default.nix +++ b/pkgs/development/libraries/openfx/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation { version = "1.4"; src = fetchFromGitHub { - owner = "ofxa"; + owner = "AcademySoftwareFoundation"; repo = "openfx"; rev = "OFX_Release_1_4_TAG"; sha256 = "0k9ggzr6bisn77mipjfvawg3mv4bz50b63v8f7w1jhldi1sfy548"; @@ -27,7 +27,7 @@ stdenv.mkDerivation { meta = with lib; { description = "Image processing plug-in standard"; - homepage = "http://openeffects.org/"; + homepage = "https://openeffects.org/"; license = licenses.bsd3; platforms = platforms.all; maintainers = [ maintainers.guibou ]; diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 5dbb7dc98b2..80badcdd4db 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -181,7 +181,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://www.freedesktop.org/wiki/Software/polkit"; + homepage = "https://gitlab.freedesktop.org/polkit/polkit/"; description = "A toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes"; license = licenses.lgpl2Plus; platforms = platforms.linux; diff --git a/pkgs/development/libraries/portaudio/default.nix b/pkgs/development/libraries/portaudio/default.nix index 589cf7cdf95..a109aad97b9 100644 --- a/pkgs/development/libraries/portaudio/default.nix +++ b/pkgs/development/libraries/portaudio/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { version = "190700_20210406"; src = fetchurl { - url = "http://files.portaudio.com/archives/pa_stable_v${version}.tgz"; + url = "https://files.portaudio.com/archives/pa_stable_v${version}.tgz"; sha256 = "1vrdrd42jsnffh6rq8ap2c6fr4g9fcld89z649fs06bwqx1bzvs7"; }; @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Portable cross-platform Audio API"; - homepage = "http://www.portaudio.com/"; + homepage = "https://www.portaudio.com/"; # Not exactly a bsd license, but alike license = licenses.mit; maintainers = with maintainers; [ lovek323 ]; diff --git a/pkgs/development/libraries/startup-notification/default.nix b/pkgs/development/libraries/startup-notification/default.nix index 001123ead60..c1c5819ad42 100644 --- a/pkgs/development/libraries/startup-notification/default.nix +++ b/pkgs/development/libraries/startup-notification/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ libX11 libxcb xcbutil ]; meta = { - homepage = "http://www.freedesktop.org/software/startup-notification"; + homepage = "https://www.freedesktop.org/software/startup-notification"; description = "Application startup notification and feedback library"; license = lib.licenses.lgpl2; }; diff --git a/pkgs/development/libraries/vcg/default.nix b/pkgs/development/libraries/vcg/default.nix index 8b86df2e1c1..e7e818cbea5 100644 --- a/pkgs/development/libraries/vcg/default.nix +++ b/pkgs/development/libraries/vcg/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://vcg.isti.cnr.it/vcglib/install.html"; + homepage = "https://vcg.isti.cnr.it/vcglib/install.html"; description = "C++ library for manipulation, processing and displaying with OpenGL of triangle and tetrahedral meshes"; license = licenses.gpl3; platforms = platforms.all; diff --git a/pkgs/development/lisp-modules-new-obsolete/examples/bordeaux-threads.nix b/pkgs/development/lisp-modules-new-obsolete/examples/bordeaux-threads.nix index 42afb6d2706..31a53b0f949 100644 --- a/pkgs/development/lisp-modules-new-obsolete/examples/bordeaux-threads.nix +++ b/pkgs/development/lisp-modules-new-obsolete/examples/bordeaux-threads.nix @@ -33,7 +33,7 @@ let pname = "bordeaux-threads"; version = "0.8.8"; src = pkgs.fetchzip { - url = "http://github.com/sionescu/bordeaux-threads/archive/v0.8.8.tar.gz"; + url = "https://github.com/sionescu/bordeaux-threads/archive/v0.8.8.tar.gz"; sha256 = "19i443fz3488v1pbbr9x24y8h8vlyhny9vj6c9jk5prm702awrp6"; }; lisp = sbcl; diff --git a/pkgs/development/python-modules/cvxopt/default.nix b/pkgs/development/python-modules/cvxopt/default.nix index 0a2b13ad4c8..f6135ecba74 100644 --- a/pkgs/development/python-modules/cvxopt/default.nix +++ b/pkgs/development/python-modules/cvxopt/default.nix @@ -68,7 +68,7 @@ buildPythonPackage rec { unittestFlagsArray = [ "-s" "tests" ]; meta = with lib; { - homepage = "http://cvxopt.org/"; + homepage = "https://cvxopt.org/"; description = "Python Software for Convex Optimization"; longDescription = '' CVXOPT is a free software package for convex optimization based on the diff --git a/pkgs/development/python-modules/polling/default.nix b/pkgs/development/python-modules/polling/default.nix index 22e7e0c3916..ee816585893 100644 --- a/pkgs/development/python-modules/polling/default.nix +++ b/pkgs/development/python-modules/polling/default.nix @@ -35,7 +35,7 @@ buildPythonPackage rec { meta = with lib; { description = "Powerful polling utility in Python"; - homepage = "http://github.com/justiniso/polling"; + homepage = "https://github.com/justiniso/polling"; license = licenses.mit; maintainers = with maintainers; [ ]; }; diff --git a/pkgs/development/python-modules/sqlobject/default.nix b/pkgs/development/python-modules/sqlobject/default.nix index 6a4ea78b82e..06d2534eb23 100644 --- a/pkgs/development/python-modules/sqlobject/default.nix +++ b/pkgs/development/python-modules/sqlobject/default.nix @@ -44,7 +44,7 @@ buildPythonPackage rec { meta = with lib; { description = "Object Relational Manager for providing an object interface to your database"; - homepage = "http://www.sqlobject.org/"; + homepage = "https://www.sqlobject.org/"; changelog = "https://github.com/sqlobject/sqlobject/blob/${version}/docs/News.rst"; license = licenses.lgpl21Only; maintainers = with maintainers; [ ]; diff --git a/pkgs/development/tools/nailgun/default.nix b/pkgs/development/tools/nailgun/default.nix index 2d8b075a685..6c71e374ffc 100644 --- a/pkgs/development/tools/nailgun/default.nix +++ b/pkgs/development/tools/nailgun/default.nix @@ -11,7 +11,7 @@ let commonMeta = { license = lib.licenses.asl20; - homepage = "http://www.martiansoftware.com/nailgun/"; + homepage = "https://www.martiansoftware.com/nailgun/"; platforms = lib.platforms.linux; maintainers = with lib.maintainers; [ ]; }; diff --git a/pkgs/games/hedgewars/default.nix b/pkgs/games/hedgewars/default.nix index 6674c85c332..94f8a28add9 100644 --- a/pkgs/games/hedgewars/default.nix +++ b/pkgs/games/hedgewars/default.nix @@ -56,7 +56,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Turn-based strategy artillery game similar to Worms"; - homepage = "http://hedgewars.org/"; + homepage = "https://hedgewars.org/"; license = licenses.gpl2; longDescription = '' Each player controls a team of several hedgehogs. During the course of diff --git a/pkgs/games/hyperrogue/default.nix b/pkgs/games/hyperrogue/default.nix index cd24a44f92a..2735cfff194 100644 --- a/pkgs/games/hyperrogue/default.nix +++ b/pkgs/games/hyperrogue/default.nix @@ -60,7 +60,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; meta = with lib; { - homepage = "http://www.roguetemple.com/z/hyper/"; + homepage = "https://www.roguetemple.com/z/hyper/"; description = "A roguelike game set in hyperbolic geometry"; maintainers = with maintainers; [ rardiol ]; license = licenses.gpl2; diff --git a/pkgs/games/xskat/default.nix b/pkgs/games/xskat/default.nix index 74c2be586ce..6baf397ad67 100644 --- a/pkgs/games/xskat/default.nix +++ b/pkgs/games/xskat/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { buildInputs = [ libX11 imake ]; src = fetchurl { - url = "http://www.xskat.de/xskat-${version }.tar.gz"; + url = "https://web.archive.org/web/20220331112433if_/https://www.xskat.de/xskat-${version}.tar.gz"; sha256 = "8ba52797ccbd131dce69b96288f525b0d55dee5de4008733f7a5a51deb831c10"; }; @@ -25,6 +25,6 @@ stdenv.mkDerivation rec { platforms = platforms.unix; license = licenses.free; longDescription = "Play the german card game Skat against the AI or over IRC."; - homepage = "http://www.xskat.de/"; + homepage = "https://web.archive.org/web/20221003060115/https://www.xskat.de/xskat.html"; }; } diff --git a/pkgs/misc/cups/cups-pk-helper.nix b/pkgs/misc/cups/cups-pk-helper.nix index f5edc729340..1a3b4ebfbef 100644 --- a/pkgs/misc/cups/cups-pk-helper.nix +++ b/pkgs/misc/cups/cups-pk-helper.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "PolicyKit helper to configure cups with fine-grained privileges"; - homepage = "http://www.freedesktop.org/wiki/Software/cups-pk-helper/"; + homepage = "https://www.freedesktop.org/wiki/Software/cups-pk-helper/"; license = licenses.gpl2; platforms = platforms.linux; maintainers = [ maintainers.bjornfor ]; diff --git a/pkgs/os-specific/linux/ch9344/default.nix b/pkgs/os-specific/linux/ch9344/default.nix index 8f258d227bb..e7da864b90c 100644 --- a/pkgs/os-specific/linux/ch9344/default.nix +++ b/pkgs/os-specific/linux/ch9344/default.nix @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://www.wch-ic.com/"; + homepage = "https://www.wch-ic.com/"; downloadPage = "https://www.wch.cn/downloads/CH9344SER_LINUX_ZIP.html"; description = "WCH CH9344/CH348 UART driver"; longDescription = '' diff --git a/pkgs/os-specific/linux/kmscon/default.nix b/pkgs/os-specific/linux/kmscon/default.nix index 0d146613542..4762b63eda9 100644 --- a/pkgs/os-specific/linux/kmscon/default.nix +++ b/pkgs/os-specific/linux/kmscon/default.nix @@ -72,7 +72,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "KMS/DRM based System Console"; - homepage = "http://www.freedesktop.org/wiki/Software/kmscon/"; + homepage = "https://www.freedesktop.org/wiki/Software/kmscon/"; license = licenses.mit; maintainers = with maintainers; [ omasanori ]; platforms = platforms.linux; diff --git a/pkgs/os-specific/linux/microcode/intel.nix b/pkgs/os-specific/linux/microcode/intel.nix index b58d471680b..c489e746886 100644 --- a/pkgs/os-specific/linux/microcode/intel.nix +++ b/pkgs/os-specific/linux/microcode/intel.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://www.intel.com/"; + homepage = "https://www.intel.com/"; description = "Microcode for Intel processors"; license = licenses.unfreeRedistributableFirmware; platforms = platforms.linux; diff --git a/pkgs/tools/filesystems/unionfs-fuse/default.nix b/pkgs/tools/filesystems/unionfs-fuse/default.nix index 8f008c3a346..4dc9ca9de6e 100644 --- a/pkgs/tools/filesystems/unionfs-fuse/default.nix +++ b/pkgs/tools/filesystems/unionfs-fuse/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { patches = [ # Prevent the unionfs daemon from being killed during # shutdown. See - # http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ + # https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ # for details. ./prevent-kill-on-shutdown.patch ]; diff --git a/pkgs/tools/misc/ccal/default.nix b/pkgs/tools/misc/ccal/default.nix index 55ccb7f774c..e7a01795f0d 100644 --- a/pkgs/tools/misc/ccal/default.nix +++ b/pkgs/tools/misc/ccal/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { pname = "ccal"; version = "2.5.3"; src = fetchurl { - url = "http://ccal.chinesebay.com/ccal/${pname}-${version}.tar.gz"; + url = "https://ccal.chinesebay.com/${pname}-${version}.tar.gz"; sha256 = "sha256-PUy9yfkFzgKrSEBB+79/C3oxmuajUMbBbWNuGlpQ35Y="; }; @@ -25,11 +25,10 @@ stdenv.mkDerivation rec { ''; meta = { - homepage = "http://ccal.chinesebay.com/ccal.htm"; + homepage = "https://ccal.chinesebay.com/ccal.htm"; description = "Command line Chinese calendar viewer, similar to cal"; license = lib.licenses.gpl3; maintainers = with lib.maintainers; [ sharzy ]; platforms = lib.platforms.all; }; } - diff --git a/pkgs/tools/misc/desktop-file-utils/default.nix b/pkgs/tools/misc/desktop-file-utils/default.nix index 218eed5eb8b..b58a7d819ba 100644 --- a/pkgs/tools/misc/desktop-file-utils/default.nix +++ b/pkgs/tools/misc/desktop-file-utils/default.nix @@ -50,7 +50,7 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; meta = with lib; { - homepage = "http://www.freedesktop.org/wiki/Software/desktop-file-utils"; + homepage = "https://www.freedesktop.org/wiki/Software/desktop-file-utils"; description = "Command line utilities for working with .desktop files"; platforms = platforms.linux ++ platforms.darwin; license = licenses.gpl2Plus; diff --git a/pkgs/tools/misc/plantuml/default.nix b/pkgs/tools/misc/plantuml/default.nix index 9a6698ecfd4..eb6cfb7ebcb 100644 --- a/pkgs/tools/misc/plantuml/default.nix +++ b/pkgs/tools/misc/plantuml/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Draw UML diagrams using a simple and human readable text description"; - homepage = "http://plantuml.sourceforge.net/"; + homepage = "https://plantuml.com/"; sourceProvenance = with sourceTypes; [ binaryBytecode ]; # "plantuml -license" says GPLv3 or later license = licenses.gpl3Plus; diff --git a/pkgs/tools/networking/redsocks/default.nix b/pkgs/tools/networking/redsocks/default.nix index 9b8989f30c2..cebec2cb2b6 100644 --- a/pkgs/tools/networking/redsocks/default.nix +++ b/pkgs/tools/networking/redsocks/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { meta = { description = "Transparent redirector of any TCP connection to proxy"; - homepage = "http://darkk.net.ru/redsocks/"; + homepage = "https://darkk.net.ru/redsocks/"; license = lib.licenses.asl20; maintainers = [ lib.maintainers.ekleog ]; platforms = lib.platforms.linux; diff --git a/pkgs/tools/networking/ripmime/default.nix b/pkgs/tools/networking/ripmime/default.nix index 6584edca5e6..7cfb31ff985 100644 --- a/pkgs/tools/networking/ripmime/default.nix +++ b/pkgs/tools/networking/ripmime/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { pname = "ripmime"; version = "1.4.0.10"; src = fetchurl { - url = "http://www.pldaniels.com/${pname}/${pname}-${version}.tar.gz"; + url = "https://pldaniels.com/${pname}/${pname}-${version}.tar.gz"; sha256 = "0sj06ibmlzy34n8v0mnlq2gwidy7n2aqcwgjh0xssz3vi941aqc9"; }; @@ -19,13 +19,13 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Attachment extractor for MIME messages"; maintainers = with maintainers; [ raskin ]; - homepage = "http://www.pldaniels.com/ripmime/"; + homepage = "https://pldaniels.com/ripmime/"; platforms = platforms.all; }; passthru = { updateInfo = { - downloadPage = "http://www.pldaniels.com/ripmime/"; + downloadPage = "https://pldaniels.com/ripmime/"; }; }; } diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 9a8b4b3ca36..845d9fa3e6f 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { srcs = [ (fetchurl { - url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; + url = "https://download.qemu.org/qemu-${version}.tar.bz2"; sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; }) afl.src @@ -68,7 +68,7 @@ stdenv.mkDerivation rec { ]; meta = with lib; { - homepage = "http://www.qemu.org/"; + homepage = "https://www.qemu.org/"; description = "Fork of QEMU with AFL instrumentation support"; license = licenses.gpl2Plus; maintainers = with maintainers; [ thoughtpolice ]; diff --git a/pkgs/tools/security/chkrootkit/default.nix b/pkgs/tools/security/chkrootkit/default.nix index b365fa62f95..7c3af075a55 100644 --- a/pkgs/tools/security/chkrootkit/default.nix +++ b/pkgs/tools/security/chkrootkit/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { version = "0.55"; src = fetchurl { - url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${pname}-${version}.tar.gz"; + url = "ftp://ftp.chkrootkit.org/pub/seg/pac/${pname}-${version}.tar.gz"; sha256 = "sha256-qBwChuxEkxP5U3ASAqAOgbIE/Cz0PieFhaEcEqXgJYs="; }; @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Locally checks for signs of a rootkit"; - homepage = "http://www.chkrootkit.org/"; + homepage = "https://www.chkrootkit.org/"; license = licenses.bsd2; platforms = with platforms; linux; }; -- cgit 1.4.1 From d70317352043d4db2264285a18b1fce40446ab22 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 19 Apr 2023 23:41:17 +0200 Subject: sourcehut: make /query endpoint config common to all services Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 85 +++++++++-------------- nixos/modules/services/misc/sourcehut/service.nix | 19 +++++ 2 files changed, 50 insertions(+), 54 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index bee97166297..5506e262107 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -77,6 +77,14 @@ let type = types.path; apply = s: "<" + toString s; }; + api-origin = mkOption { + description = lib.mdDoc "Origin URL for API, 100 more than web."; + type = types.str; + default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; + defaultText = lib.literalMD '' + `"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"` + ''; + }; }; # Specialized python containing all the modules @@ -501,12 +509,6 @@ in options."meta.sr.ht" = removeAttrs (commonServiceSettings "meta") ["oauth-client-id" "oauth-client-secret"] // { - api-origin = mkOption { - description = lib.mdDoc "Origin URL for API, 100 more than web."; - type = types.str; - default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; - defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`''; - }; webhooks = mkOption { description = lib.mdDoc "The Redis connection used for the webhooks worker."; type = types.str; @@ -1252,55 +1254,30 @@ in ) cfg.settings)); serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; }; - extraConfig = mkMerge [ - { - assertions = [ - { assertion = let s = cfg.settings."meta.sr.ht::billing"; in - s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); - message = "If meta.sr.ht::billing is enabled, the keys must be defined."; - } - ]; - environment.systemPackages = optional cfg.meta.enable - (pkgs.writeShellScriptBin "metasrht-manageuser" '' - set -eux - if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' - then exec sudo -u '${cfg.meta.user}' "$0" "$@" - else - # In order to load config.ini - if cd /run/sourcehut/metasrht - then exec ${cfg.python}/bin/metasrht-manageuser "$@" - else cat < (s.stripe-public-key != null && s.stripe-secret-key != null); + message = "If meta.sr.ht::billing is enabled, the keys must be defined."; + } + ]; + environment.systemPackages = optional cfg.meta.enable + (pkgs.writeShellScriptBin "metasrht-manageuser" '' + set -eux + if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' + then exec sudo -u '${cfg.meta.user}' "$0" "$@" + else + # In order to load config.ini + if cd /run/sourcehut/metasrht + then exec ${cfg.python}/bin/metasrht-manageuser "$@" + else cat < Date: Wed, 19 Apr 2023 23:43:58 +0200 Subject: sourcehut.gitsrht: 0.78.20 -> 0.84.2 Newer version of the gitsrht-api service call setrlimit() on startup, thus allow it in the `SystemCallFilter` definition for the service. Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 19 +++++++++++-------- nixos/modules/services/misc/sourcehut/service.nix | 2 +- .../applications/version-management/sourcehut/git.nix | 16 +++++++++------- 3 files changed, 21 insertions(+), 16 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 5506e262107..524e4a9b377 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -803,6 +803,9 @@ in systemd.services.sshd = { #path = optional cfg.git.enable [ cfg.git.package ]; serviceConfig = { + BindPaths = optionals cfg.git.enable [ + "/var/log:/var/log" + ]; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. @@ -834,14 +837,13 @@ in set -e cd /run/sourcehut/gitsrht/subdir set -x + export PATH="${cfg.git.package}/bin:$PATH" + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" ''}:/usr/bin/gitsrht-shell" "${pkgs.writeShellScript "gitsrht-update-hook" '' set -e - test -e "''${PWD%/*}"/config.ini || - # Git hooks are run relative to their repository's directory, - # but gitsrht-update-hook looks up ../config.ini - ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 @@ -1068,10 +1070,11 @@ in }; }) ]; - extraServices.gitsrht-api = { - serviceConfig.Restart = "always"; - serviceConfig.RestartSec = "5s"; - serviceConfig.ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + extraServices.gitsrht-api.serviceConfig = { + Restart = "always"; + RestartSec = "5s"; + ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; }; extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { serviceConfig = { diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 72c273d3452..26fbb3a1136 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -108,7 +108,7 @@ let #SocketBindDeny = "any"; SystemCallFilter = [ "@system-service" - "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@timer" + "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@timer" "@chown" "@setuid" ]; SystemCallArchitectures = "native"; diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index eae70b37246..cf9089e1aa3 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -4,32 +4,33 @@ , buildPythonPackage , python , srht -, pygit2 , scmsrht +, pygit2 +, minio , unzip }: let - version = "0.78.20"; + version = "0.84.2"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "git.sr.ht"; rev = version; - sha256 = "sha256-rZsTtHobsgRVmMOjPa1fiKrPsNyFu/gOsmO0cTl5MqQ="; + sha256 = "sha256-sAkTsQlWtNDQ5vAhA2EeOvuJcj9A6AG8pgDyIKtr65s="; }; gitApi = buildGoModule ({ inherit src version; pname = "gitsrht-api"; modRoot = "api"; - vendorHash = "sha256-cCs9FUBusaAou9w4TDOg8GKxhRcsPbSNcQpxvFH/+so="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); + vendorHash = "sha256-LAYp0zgosZnFEbtxzjuTH9++0lbxhACr705HqXJz3D0="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); gitDispatch = buildGoModule { inherit src version; pname = "gitsrht-dispatch"; modRoot = "gitsrht-dispatch"; - vendorHash = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; + vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc="; }; gitKeys = buildGoModule { @@ -65,8 +66,9 @@ buildPythonPackage rec { propagatedBuildInputs = [ srht - pygit2 scmsrht + pygit2 + minio ]; preBuild = '' -- cgit 1.4.1 From 6e51802196d4b3f60e65b061c637d90cbc5fceb8 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Thu, 20 Apr 2023 01:31:14 +0200 Subject: sourcehut: fix `repos` path by using actual settings value Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 524e4a9b377..9774917407e 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -38,9 +38,9 @@ let # for services needing access to them. "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; "git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; - "git.sr.ht".repos = "/var/lib/sourcehut/gitsrht/repos"; + "git.sr.ht".repos = cfg.settings."git.sr.ht".repos; "hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; - "hg.sr.ht".repos = "/var/lib/sourcehut/hgsrht/repos"; + "hg.sr.ht".repos = cfg.settings."hg.sr.ht".repos; # Making this a per service option despite being in a global section, # so that it uses the redis-server used by the service. "sr.ht".redis-host = cfg.${srv}.redis.host; -- cgit 1.4.1 From 6648488333f66dd8fee678f27fb33016b046090f Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Fri, 21 Apr 2023 01:13:42 +0200 Subject: sourcehut: fix logging of git/hg ssh commands Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 17 +++++++++++++---- .../version-management/sourcehut/git.nix | 20 ++++++++++++++++++++ .../applications/version-management/sourcehut/hg.nix | 8 ++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 9774917407e..6e1347a52d6 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -801,11 +801,20 @@ in ''; }; systemd.services.sshd = { - #path = optional cfg.git.enable [ cfg.git.package ]; + preStart = concatStringsSep "\n" ( + optionals cfg.git.enable (map (n: '' + touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet + chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true + '') [ + "keys" + "shell" + "update-hook" + ]) ++ + optional cfg.hg.enable [ + "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys" + ]); serviceConfig = { - BindPaths = optionals cfg.git.enable [ - "/var/log:/var/log" - ]; + LogsDirectory = mkIf (cfg.git.enable || cfg.hg.enable) "sourcehut"; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index af93057e670..3a5163f9d17 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -31,6 +31,11 @@ let pname = "gitsrht-dispatch"; modRoot = "gitsrht-dispatch"; vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc="; + + postPatch = '' + substituteInPlace gitsrht-dispatch/main.go \ + --replace /var/log/gitsrht-dispatch /var/log/sourcehut/gitsrht-dispatch + ''; }; gitKeys = buildGoModule { @@ -38,6 +43,11 @@ let pname = "gitsrht-keys"; modRoot = "gitsrht-keys"; vendorHash = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; + + postPatch = '' + substituteInPlace gitsrht-keys/main.go \ + --replace /var/log/gitsrht-keys /var/log/sourcehut/gitsrht-keys + ''; }; gitShell = buildGoModule { @@ -45,6 +55,11 @@ let pname = "gitsrht-shell"; modRoot = "gitsrht-shell"; vendorHash = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI="; + + postPatch = '' + substituteInPlace gitsrht-shell/main.go \ + --replace /var/log/gitsrht-shell /var/log/sourcehut/gitsrht-shell + ''; }; gitUpdateHook = buildGoModule { @@ -52,6 +67,11 @@ let pname = "gitsrht-update-hook"; modRoot = "gitsrht-update-hook"; vendorHash = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc="; + + postPatch = '' + substituteInPlace gitsrht-update-hook/main.go \ + --replace /var/log/gitsrht-update-hook /var/log/sourcehut/gitsrht-update-hook + ''; }; in diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix index 2ac9861135d..f448109a6d7 100644 --- a/pkgs/applications/version-management/sourcehut/hg.nix +++ b/pkgs/applications/version-management/sourcehut/hg.nix @@ -25,6 +25,9 @@ buildPythonPackage rec { postPatch = '' substituteInPlace Makefile \ --replace "all: api hgsrht-keys" "" + + substituteInPlace hgsrht-shell \ + --replace /var/log/hgsrht-shell /var/log/sourcehut/hgsrht-shell ''; hgsrht-api = buildGoModule ({ @@ -39,6 +42,11 @@ buildPythonPackage rec { pname = "hgsrht-keys"; modRoot = "hgsrht-keys"; vendorHash = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU="; + + postPatch = '' + substituteInPlace hgsrht-keys/main.go \ + --replace /var/log/hgsrht-keys /var/log/sourcehut/hgsrht-keys + ''; }; propagatedBuildInputs = [ -- cgit 1.4.1 From c39ba7f5b17747f34a7806c49cf91ccbaf9c81be Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Fri, 21 Apr 2023 01:14:13 +0200 Subject: sourcehut: remove `set -x` from ssh commands Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 8 -------- 1 file changed, 8 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 6e1347a52d6..7d8f07ac392 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -827,7 +827,6 @@ in "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' set -e cd /run/sourcehut/buildsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" ''}:/usr/bin/buildsrht-keys" "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" @@ -839,13 +838,11 @@ in "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' set -e cd /run/sourcehut/gitsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" ''}:/usr/bin/gitsrht-keys" "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' set -e cd /run/sourcehut/gitsrht/subdir - set -x export PATH="${cfg.git.package}/bin:$PATH" export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" @@ -858,11 +855,9 @@ in # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 if test "''${STAGE3:+set}" then - set -x exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" else export STAGE3=set - set -x exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" fi ''}:/usr/bin/gitsrht-update-hook" @@ -873,13 +868,11 @@ in "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' set -e cd /run/sourcehut/hgsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" ''}:/usr/bin/hgsrht-keys" "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' set -e cd /run/sourcehut/hgsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" ''}:/usr/bin/hgsrht-shell" # Mercurial's changegroup hooks are run relative to their repository's directory, @@ -888,7 +881,6 @@ in set -e test -e "''$PWD"/config.ini || ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini - set -x exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" ''}:/usr/bin/hgsrht-hook-changegroup" ]; -- cgit 1.4.1 From 5841d27497905b0411cba48f0f4cc8c1a1c1edd4 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 2 May 2023 22:44:35 +0200 Subject: sourcehut: explicitly disallow openssh to socket-active This breaks the (already fragile) gitsrht-dispatch -> gitsrht-keys command chain. Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 7d8f07ac392..5b16aa21d78 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -786,6 +786,7 @@ in extraConfig = '' PermitUserEnvironment SRHT_* ''; + startWhenNeeded = false; }; environment.etc."ssh/sourcehut/config.ini".source = settingsFormat.generate "sourcehut-dispatch-config.ini" -- cgit 1.4.1 From 6b25e09d2dfe8b92db9ae148989d6d7aaad2dd7f Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Mon, 24 Jul 2023 14:49:51 +0200 Subject: sourcehut: fix up some more bin paths Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 5b16aa21d78..abe2370483c 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -408,8 +408,8 @@ in This setting is propagated to newer and existing repositories. ''; type = types.str; - default = "${cfg.python}/bin/hgsrht-hook-changegroup"; - defaultText = "\${cfg.python}/bin/hgsrht-hook-changegroup"; + default = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; + defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; }; repos = mkOption { description = lib.mdDoc '' @@ -795,10 +795,11 @@ in environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { # sshd_config(5): The program must be owned by root, not writable by group or others mode = "0755"; - source = pkgs.writeShellScript "srht-dispatch" '' + source = pkgs.writeShellScript "srht-dispatch-wrapper" '' set -e + set -x cd /etc/ssh/sourcehut/subdir - ${cfg.python}/bin/gitsrht-dispatch "$@" + ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" ''; }; systemd.services.sshd = { @@ -882,7 +883,7 @@ in set -e test -e "''$PWD"/config.ini || ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini - exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" + exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup "$@" ''}:/usr/bin/hgsrht-hook-changegroup" ]; }; @@ -1195,7 +1196,7 @@ in extraServices.listssrht-lmtp = { wants = [ "postfix.service" ]; unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; - serviceConfig.ExecStart = "${cfg.python}/bin/listssrht-lmtp"; + serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-lmtp"; # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) serviceConfig.PrivateUsers = mkForce false; }; @@ -1274,7 +1275,7 @@ in else # In order to load config.ini if cd /run/sourcehut/metasrht - then exec ${cfg.python}/bin/metasrht-manageuser "$@" + then exec ${pkgs.sourcehut.metasrht}/bin/metasrht-manageuser "$@" else cat < Date: Mon, 7 Aug 2023 21:15:35 +0200 Subject: sourcehut: drop obsolete `services` array in favor of indivdual `enable` flags Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 15 +++++---------- nixos/modules/services/misc/sourcehut/service.nix | 3 --- nixos/tests/sourcehut.nix | 5 ----- 3 files changed, 5 insertions(+), 18 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index abe2370483c..293ab4ada84 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -25,7 +25,7 @@ let || head srvMatch == srv # Include sections for the service being configured then v # Enable Web links and integrations between services. - else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services + else if tail srvMatch == [ null ] && cfg.${head srvMatch}.enable then { inherit (v) origin; # mansrht crashes without it @@ -120,15 +120,6 @@ in and account management services ''); - services = mkOption { - type = with types; listOf (enum - [ "builds" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); - defaultText = "locally enabled services"; - description = lib.mdDoc '' - Services that may be displayed as links in the title bar of the Web interface. - ''; - }; - listenAddress = mkOption { type = types.str; default = "localhost"; @@ -1371,6 +1362,10 @@ in dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ for more information. '') + + (mkRemovedOptionModule [ "services" "sourcehut" "services"] '' + This option was removed in favor of individual .enable flags. + '') ]; meta.doc = ./default.md; diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 26fbb3a1136..dcd76f898f9 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -255,9 +255,6 @@ in }) [srvCfg.user]; }; - services.sourcehut.services = mkDefault (filter (s: cfg.${s}.enable) - [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); - services.sourcehut.settings = mkMerge [ { "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}"; diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix index 87e6d82bdd8..0529abd73a8 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut.nix @@ -134,11 +134,6 @@ in services.sourcehut = { enable = true; - services = [ - "builds" - "git" - "meta" - ]; nginx.enable = true; nginx.virtualHost = { forceSSL = true; -- cgit 1.4.1 From fc6addb147839dffc2532d111f0a5ab4175a2555 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 12:53:16 +0100 Subject: sourcehut: reword `api-origin` option description Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 293ab4ada84..4e494bc3a31 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -78,7 +78,7 @@ let apply = s: "<" + toString s; }; api-origin = mkOption { - description = lib.mdDoc "Origin URL for API, 100 more than web."; + description = lib.mdDoc "Origin URL for the API"; type = types.str; default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; defaultText = lib.literalMD '' -- cgit 1.4.1 From 641e54bb289d708f45f11e156bf4ffa251a2b4b2 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 12:53:42 +0100 Subject: sourcehut: create logs directory unconditionally An empty log directory, in case it stays unused, does not hurt anyone. Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 4e494bc3a31..a375b8eafe2 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -807,7 +807,7 @@ in "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys" ]); serviceConfig = { - LogsDirectory = mkIf (cfg.git.enable || cfg.hg.enable) "sourcehut"; + LogsDirectory = "sourcehut"; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. -- cgit 1.4.1 From acd21dad52d61370abd384b45eb8233ca3b7b4af Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 13:49:35 +0100 Subject: sourcehut: use systemd.tmpfiles instead of manually creating logfiles Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 24 +++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index a375b8eafe2..f2b09f4bc4b 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -793,19 +793,19 @@ in ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" ''; }; + systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable ( + builtins.listToAttrs (map (name: { + name = "/var/log/sourcehut/gitsrht-${name}"; + value.f = { + inherit (cfg.git) user group; + mode = "0644"; + }; + }) [ "keys" "shell" "update-hook" ]) + ); systemd.services.sshd = { - preStart = concatStringsSep "\n" ( - optionals cfg.git.enable (map (n: '' - touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet - chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true - '') [ - "keys" - "shell" - "update-hook" - ]) ++ - optional cfg.hg.enable [ - "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys" - ]); + preStart = mkIf cfg.hg.enable '' + chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys + ''; serviceConfig = { LogsDirectory = "sourcehut"; BindReadOnlyPaths = -- cgit 1.4.1 From 66b86f8a2e665832a431d7a69c6ab806c74eec88 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 13:50:54 +0100 Subject: sourcehut: de-duplicate nginx `add_header` directives Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/service.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index dcd76f898f9..101389c4d94 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -225,19 +225,17 @@ in locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) { proxyPass = cfg.settings.${iniKey}.api-origin; extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; ''; }; -- cgit 1.4.1 From 88a3d2a0b43e80f9275af1952a9b94b6ddcd88af Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 15:50:16 +0100 Subject: sourcehut: fix postgresql database permission for postgresql >= 15 Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/service.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 101389c4d94..18c2f5effc5 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -377,6 +377,20 @@ in } extraService ])) extraServices) + + # Work around 'pq: permission denied for schema public' with postgres v15, until a + # solution for `services.postgresql.ensureUsers` is found. + # See https://github.com/NixOS/nixpkgs/issues/216989 + # Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741 + (lib.mkIf ( + cfg.postgresql.enable + && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" + ) { + postgresql.postStart = (lib.mkAfter '' + $PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";' + ''); + } + ) ]; systemd.timers = mapAttrs (timerName: timer: -- cgit 1.4.1 From f192930a799b7912fb486bd6b258844c3f97b24a Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Nov 2023 22:34:54 +0100 Subject: nixos/soft-serve: fix typos in option descriptions --- nixos/modules/services/misc/soft-serve.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/soft-serve.nix b/nixos/modules/services/misc/soft-serve.nix index 0f246493880..2b63b6bcd86 100644 --- a/nixos/modules/services/misc/soft-serve.nix +++ b/nixos/modules/services/misc/soft-serve.nix @@ -12,7 +12,7 @@ in { options = { services.soft-serve = { - enable = mkEnableOption "Enable soft-serve service"; + enable = mkEnableOption "soft-serve"; package = mkPackageOption pkgs "soft-serve" { }; @@ -20,7 +20,7 @@ in type = format.type; default = { }; description = mdDoc '' - The contents of the configuration file. + The contents of the configuration file for soft-serve. See <${docUrl}>. ''; -- cgit 1.4.1 From 48459567ae3e532a87267e186170eb931d7156a3 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 8 Nov 2023 12:50:09 +0100 Subject: nixos/postgresql: drop ensurePermissions, fix ensureUsers for postgresql15 Closes #216989 First of all, a bit of context: in PostgreSQL, newly created users don't have the CREATE privilege on the public schema of a database even with `ALL PRIVILEGES` granted via `ensurePermissions` which is how most of the DB users are currently set up "declaratively"[1]. This means e.g. a freshly deployed Nextcloud service will break early because Nextcloud itself cannot CREATE any tables in the public schema anymore. The other issue here is that `ensurePermissions` is a mere hack. It's effectively a mixture of SQL code (e.g. `DATABASE foo` is relying on how a value is substituted in a query. You'd have to parse a subset of SQL to actually know which object are permissions granted to for a user). After analyzing the existing modules I realized that in every case with a single exception[2] the UNIX system user is equal to the db user is equal to the db name and I don't see a compelling reason why people would change that in 99% of the cases. In fact, some modules would even break if you'd change that because the declarations of the system user & the db user are mixed up[3]. So I decided to go with something new which restricts the ways to use `ensure*` options rather than expanding those[4]. Effectively this means that * The DB user _must_ be equal to the DB name. * Permissions are granted via `ensureDBOwnerhip` for an attribute-set in `ensureUsers`. That way, the user is actually the owner and can perform `CREATE`. * For such a postgres user, a database must be declared in `ensureDatabases`. For anything else, a custom state management should be implemented. This can either be `initialScript`, doing it manual, outside of the module or by implementing proper state management for postgresql[5], but the current state of `ensure*` isn't even declarative, but a convergent tool which is what Nix actually claims to _not_ do. Regarding existing setups: there are effectively two options: * Leave everything as-is (assuming that system user == db user == db name): then the DB user will automatically become the DB owner and everything else stays the same. * Drop the `createDatabase = true;` declarations: nothing will change because a removal of `ensure*` statements is ignored, so it doesn't matter at all whether this option is kept after the first deploy (and later on you'd usually restore from backups anyways). The DB user isn't the owner of the DB then, but for an existing setup this is irrelevant because CREATE on the public schema isn't revoked from existing users (only not granted for new users). [1] not really declarative though because removals of these statements are simply ignored for instance: https://github.com/NixOS/nixpkgs/issues/206467 [2] `services.invidious`: I removed the `ensure*` part temporarily because it IMHO falls into the category "manage the state on your own" (see the commit message). See also https://github.com/NixOS/nixpkgs/pull/265857 [3] e.g. roundcube had `"DATABASE ${cfg.database.username}" = "ALL PRIVILEGES";` [4] As opposed to other changes that are considered a potential fix, but also add more things like collation for DBs or passwords that are _never_ touched again when changing those. [5] As suggested in e.g. https://github.com/NixOS/nixpkgs/issues/206467 --- nixos/modules/services/databases/postgresql.nix | 65 ++++++++++------------ nixos/modules/services/development/zammad.nix | 4 +- nixos/modules/services/finance/odoo.nix | 2 +- nixos/modules/services/mail/listmonk.nix | 2 +- nixos/modules/services/mail/roundcube.nix | 14 ++++- nixos/modules/services/mail/sympa.nix | 10 ++-- .../services/matrix/matrix-sliding-sync.nix | 4 +- nixos/modules/services/matrix/mautrix-facebook.nix | 4 +- nixos/modules/services/misc/atuin.nix | 4 +- nixos/modules/services/misc/forgejo.nix | 10 +++- nixos/modules/services/misc/gitea.nix | 10 +++- nixos/modules/services/misc/redmine.nix | 4 +- nixos/modules/services/misc/sourcehut/service.nix | 11 +++- nixos/modules/services/monitoring/zabbix-proxy.nix | 4 +- .../modules/services/monitoring/zabbix-server.nix | 4 +- nixos/modules/services/security/hockeypuck.nix | 2 +- nixos/modules/services/web-apps/coder.nix | 10 ++-- nixos/modules/services/web-apps/gotosocial.nix | 4 +- nixos/modules/services/web-apps/invidious.nix | 6 -- nixos/modules/services/web-apps/lemmy.nix | 2 +- nixos/modules/services/web-apps/mastodon.nix | 6 +- nixos/modules/services/web-apps/mediawiki.nix | 4 +- nixos/modules/services/web-apps/miniflux.nix | 17 ++---- nixos/modules/services/web-apps/mobilizon.nix | 10 +++- nixos/modules/services/web-apps/moodle.nix | 4 +- nixos/modules/services/web-apps/netbox.nix | 4 +- nixos/modules/services/web-apps/nextcloud.nix | 2 +- nixos/modules/services/web-apps/onlyoffice.nix | 2 +- nixos/modules/services/web-apps/outline.nix | 2 +- .../modules/services/web-apps/peering-manager.nix | 4 +- nixos/modules/services/web-apps/pixelfed.nix | 1 - nixos/modules/services/web-apps/tt-rss.nix | 13 ++++- nixos/modules/services/web-servers/hydron.nix | 2 +- nixos/tests/dex-oidc.nix | 2 +- nixos/tests/ferretdb.nix | 2 +- nixos/tests/freshrss-pgsql.nix | 4 +- nixos/tests/grafana/basic.nix | 2 +- nixos/tests/hockeypuck.nix | 2 +- nixos/tests/home-assistant.nix | 12 ++-- nixos/tests/paperless.nix | 2 +- nixos/tests/pgadmin4.nix | 8 --- nixos/tests/pgbouncer.nix | 12 ++-- nixos/tests/powerdns-admin.nix | 4 +- nixos/tests/sftpgo.nix | 2 +- nixos/tests/tandoor-recipes.nix | 23 ++++++++ nixos/tests/vikunja.nix | 2 +- nixos/tests/wiki-js.nix | 5 +- 47 files changed, 176 insertions(+), 153 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index af4db5c9611..3d2205b6355 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -165,25 +165,13 @@ in ''; }; - ensurePermissions = mkOption { - type = types.attrsOf types.str; - default = {}; - description = lib.mdDoc '' - Permissions to ensure for the user, specified as an attribute set. - The attribute names specify the database and tables to grant the permissions for. - The attribute values specify the permissions to grant. You may specify one or - multiple comma-separated SQL privileges here. - - For more information on how to specify the target - and on which privileges exist, see the - [GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html). - The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`. - ''; - example = literalExpression '' - { - "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - } + ensureDBOwnership = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Grants the user ownership to a database with the same name. + This database must be defined manually in + [](#opt-services.postgresql.ensureDatabases). ''; }; @@ -338,26 +326,21 @@ in }); default = []; description = lib.mdDoc '' - Ensures that the specified users exist and have at least the ensured permissions. + Ensures that the specified users exist. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the same name only, and that without the need for a password. - This option will never delete existing users or remove permissions, especially not when the value of this - option is changed. This means that users created and permissions assigned once through this option or - otherwise have to be removed manually. + This option will never delete existing users or remove DB ownership of databases + once granted with `ensureDBOwnership = true;`. This means that this must be + cleaned up manually when changing after changing the config in here. ''; example = literalExpression '' [ { name = "nextcloud"; - ensurePermissions = { - "DATABASE nextcloud" = "ALL PRIVILEGES"; - }; } { name = "superuser"; - ensurePermissions = { - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ] ''; @@ -445,6 +428,19 @@ in config = mkIf cfg.enable { + assertions = [ + { + assertion = all + ({ name, ensureDBOwnership, ... }: ensureDBOwnership -> builtins.elem name cfg.ensureDatabases) + cfg.ensureUsers; + message = '' + For each database user defined with `services.postgresql.ensureUsers` and + `ensureDBOwnership = true;`, a database with the same name must be defined + in `services.postgresql.ensureDatabases`. + ''; + } + ]; + services.postgresql.settings = { hba_file = "${pkgs.writeText "pg_hba.conf" cfg.authentication}"; @@ -557,11 +553,9 @@ in concatMapStrings (user: let - userPermissions = concatStringsSep "\n" - (mapAttrsToList - (database: permission: ''$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' '') - user.ensurePermissions - ); + dbOwnershipStmt = optionalString + user.ensureDBOwnership + ''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' ''; filteredClauses = filterAttrs (name: value: value != null) user.ensureClauses; @@ -570,8 +564,9 @@ in userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' ''; in '' $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' - ${userPermissions} ${userClauses} + + ${dbOwnershipStmt} '' ) cfg.ensureUsers diff --git a/nixos/modules/services/development/zammad.nix b/nixos/modules/services/development/zammad.nix index 7dd143eebf1..d24ed24ef39 100644 --- a/nixos/modules/services/development/zammad.nix +++ b/nixos/modules/services/development/zammad.nix @@ -204,7 +204,7 @@ in assertions = [ { - assertion = cfg.database.createLocally -> cfg.database.user == "zammad"; + assertion = cfg.database.createLocally -> cfg.database.user == "zammad" && cfg.database.name == "zammad"; message = "services.zammad.database.user must be set to \"zammad\" if services.zammad.database.createLocally is set to true"; } { @@ -231,7 +231,7 @@ in ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/finance/odoo.nix b/nixos/modules/services/finance/odoo.nix index eec7c4e30cc..b8574ed09af 100644 --- a/nixos/modules/services/finance/odoo.nix +++ b/nixos/modules/services/finance/odoo.nix @@ -121,7 +121,7 @@ in ensureDatabases = [ "odoo" ]; ensureUsers = [{ name = "odoo"; - ensurePermissions = { "DATABASE odoo" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; }]; }; }); diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix index 11b2a518622..cea1bc95608 100644 --- a/nixos/modules/services/mail/listmonk.nix +++ b/nixos/modules/services/mail/listmonk.nix @@ -168,7 +168,7 @@ in { ensureUsers = [{ name = "listmonk"; - ensurePermissions = { "DATABASE listmonk" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; }]; ensureDatabases = [ "listmonk" ]; diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index 22a4e3c451a..4e29f567ed9 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -179,14 +179,22 @@ in }; }; + assertions = [ + { + assertion = localDB -> cfg.database.username == cfg.database.dbname; + message = '' + When setting up a DB and its owner user, the owner and the DB name must be + equal! + ''; + } + ]; + services.postgresql = mkIf localDB { enable = true; ensureDatabases = [ cfg.database.dbname ]; ensureUsers = [ { name = cfg.database.username; - ensurePermissions = { - "DATABASE ${cfg.database.username}" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/mail/sympa.nix b/nixos/modules/services/mail/sympa.nix index 7a5047b2bea..04ae46f66ee 100644 --- a/nixos/modules/services/mail/sympa.nix +++ b/nixos/modules/services/mail/sympa.nix @@ -218,7 +218,7 @@ in default = null; example = "/run/keys/sympa-dbpassword"; description = lib.mdDoc '' - A file containing the password for {option}`services.sympa.database.user`. + A file containing the password for {option}`services.sympa.database.name`. ''; }; @@ -342,6 +342,7 @@ in db_type = cfg.database.type; db_name = cfg.database.name; + db_user = cfg.database.name; } // (optionalAttrs (cfg.database.host != null) { db_host = cfg.database.host; @@ -355,9 +356,6 @@ in // (optionalAttrs (cfg.database.port != null) { db_port = cfg.database.port; }) - // (optionalAttrs (cfg.database.user != null) { - db_user = cfg.database.user; - }) // (optionalAttrs (cfg.mta.type == "postfix") { sendmail_aliases = "${dataDir}/sympa_transport"; aliases_program = "${pkgs.postfix}/bin/postmap"; @@ -393,7 +391,7 @@ in users.groups.${group} = {}; assertions = [ - { assertion = cfg.database.createLocally -> cfg.database.user == user; + { assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.name == cfg.database.user; message = "services.sympa.database.user must be set to ${user} if services.sympa.database.createLocally is set to true"; } { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; @@ -579,7 +577,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/matrix/matrix-sliding-sync.nix b/nixos/modules/services/matrix/matrix-sliding-sync.nix index 9807cde4091..84bb38f35ae 100644 --- a/nixos/modules/services/matrix/matrix-sliding-sync.nix +++ b/nixos/modules/services/matrix/matrix-sliding-sync.nix @@ -74,9 +74,9 @@ in services.postgresql = lib.optionalAttrs cfg.createDatabase { enable = true; ensureDatabases = [ "matrix-sliding-sync" ]; - ensureUsers = [ rec { + ensureUsers = [ { name = "matrix-sliding-sync"; - ensurePermissions."DATABASE \"${name}\"" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/matrix/mautrix-facebook.nix b/nixos/modules/services/matrix/mautrix-facebook.nix index 671040500df..d7cf024bb80 100644 --- a/nixos/modules/services/matrix/mautrix-facebook.nix +++ b/nixos/modules/services/matrix/mautrix-facebook.nix @@ -135,9 +135,7 @@ in { ensureDatabases = ["mautrix-facebook"]; ensureUsers = [{ name = "mautrix-facebook"; - ensurePermissions = { - "DATABASE \"mautrix-facebook\"" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; }; diff --git a/nixos/modules/services/misc/atuin.nix b/nixos/modules/services/misc/atuin.nix index 8d2c1b5242f..2d6ffc510ce 100644 --- a/nixos/modules/services/misc/atuin.nix +++ b/nixos/modules/services/misc/atuin.nix @@ -73,9 +73,7 @@ in enable = true; ensureUsers = [{ name = "atuin"; - ensurePermissions = { - "DATABASE atuin" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; ensureDatabases = [ "atuin" ]; }; diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix index 90b5f16f418..6f459048f34 100644 --- a/nixos/modules/services/misc/forgejo.nix +++ b/nixos/modules/services/misc/forgejo.nix @@ -357,6 +357,14 @@ in assertion = cfg.database.createDatabase -> useSqlite || cfg.database.user == cfg.user; message = "services.forgejo.database.user must match services.forgejo.user if the database is to be automatically provisioned"; } + { assertion = cfg.database.createDatabase && usePostgresql -> cfg.database.user == cfg.database.name; + message = '' + When creating a database via NixOS, the db user and db name must be equal! + If you already have an existing DB+user and this assertion is new, you can safely set + `services.forgejo.createDatabase` to `false` because removal of `ensureUsers` + and `ensureDatabases` doesn't have any effect. + ''; + } ]; services.forgejo.settings = { @@ -423,7 +431,7 @@ in ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 3f690f85d62..be528a29899 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -394,6 +394,14 @@ in { assertion = cfg.database.createDatabase -> useSqlite || cfg.database.user == cfg.user; message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned"; } + { assertion = cfg.database.createDatabase && usePostgresql -> cfg.database.user == cfg.database.name; + message = '' + When creating a database via NixOS, the db user and db name must be equal! + If you already have an existing DB+user and this assertion is new, you can safely set + `services.gitea.createDatabase` to `false` because removal of `ensureUsers` + and `ensureDatabases` doesn't have any effect. + ''; + } ]; services.gitea.settings = { @@ -461,7 +469,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index a296fd3816b..20fa71507b6 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -267,7 +267,7 @@ in { assertion = cfg.database.passwordFile != null || cfg.database.socket != null; message = "one of services.redmine.database.socket or services.redmine.database.passwordFile must be set"; } - { assertion = cfg.database.createLocally -> cfg.database.user == cfg.user; + { assertion = cfg.database.createLocally -> cfg.database.user == cfg.user && cfg.database.user == cfg.database.name; message = "services.redmine.database.user must be set to ${cfg.user} if services.redmine.database.createLocally is set true"; } { assertion = cfg.database.createLocally -> cfg.database.socket != null; @@ -315,7 +315,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 18c2f5effc5..d2cd599d3fe 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -242,6 +242,15 @@ in } cfg.nginx.virtualHost ]; }; + assertions = [ + { + assertion = srvCfg.user == srvCfg.postgresql.database; + message = '' + When creating a database via NixOS, the db user and db name must be equal! + ''; + } + ]; + services.postgresql = mkIf cfg.postgresql.enable { authentication = '' local ${srvCfg.postgresql.database} ${srvCfg.user} trust @@ -249,7 +258,7 @@ in ensureDatabases = [ srvCfg.postgresql.database ]; ensureUsers = map (name: { inherit name; - ensurePermissions = { "DATABASE \"${srvCfg.postgresql.database}\"" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; }) [srvCfg.user]; }; diff --git a/nixos/modules/services/monitoring/zabbix-proxy.nix b/nixos/modules/services/monitoring/zabbix-proxy.nix index 85da416ba6c..503e81b48a5 100644 --- a/nixos/modules/services/monitoring/zabbix-proxy.nix +++ b/nixos/modules/services/monitoring/zabbix-proxy.nix @@ -203,7 +203,7 @@ in { assertion = !config.services.zabbixServer.enable; message = "Please choose one of services.zabbixServer or services.zabbixProxy."; } - { assertion = cfg.database.createLocally -> cfg.database.user == user; + { assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.name == cfg.database.user; message = "services.zabbixProxy.database.user must be set to ${user} if services.zabbixProxy.database.createLocally is set true"; } { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; @@ -252,7 +252,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/monitoring/zabbix-server.nix b/nixos/modules/services/monitoring/zabbix-server.nix index 2b50280e396..0607188d213 100644 --- a/nixos/modules/services/monitoring/zabbix-server.nix +++ b/nixos/modules/services/monitoring/zabbix-server.nix @@ -191,7 +191,7 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = cfg.database.createLocally -> cfg.database.user == user; + { assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.user == cfg.database.name; message = "services.zabbixServer.database.user must be set to ${user} if services.zabbixServer.database.createLocally is set true"; } { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; @@ -240,7 +240,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/security/hockeypuck.nix b/nixos/modules/services/security/hockeypuck.nix index 127134bc5db..56c13d79192 100644 --- a/nixos/modules/services/security/hockeypuck.nix +++ b/nixos/modules/services/security/hockeypuck.nix @@ -55,7 +55,7 @@ in { ensureDatabases = [ "hockeypuck" ]; ensureUsers = [{ name = "hockeypuck"; - ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; }; ``` diff --git a/nixos/modules/services/web-apps/coder.nix b/nixos/modules/services/web-apps/coder.nix index 469a29bc3aa..f65211308c4 100644 --- a/nixos/modules/services/web-apps/coder.nix +++ b/nixos/modules/services/web-apps/coder.nix @@ -149,8 +149,8 @@ in { config = mkIf cfg.enable { assertions = [ - { assertion = cfg.database.createLocally -> cfg.database.username == name; - message = "services.coder.database.username must be set to ${user} if services.coder.database.createLocally is set true"; + { assertion = cfg.database.createLocally -> cfg.database.username == name && cfg.database.database == cfg.database.username; + message = "services.coder.database.username must be set to ${name} if services.coder.database.createLocally is set true"; } ]; @@ -193,10 +193,8 @@ in { cfg.database.database ]; ensureUsers = [{ - name = cfg.database.username; - ensurePermissions = { - "DATABASE \"${cfg.database.database}\"" = "ALL PRIVILEGES"; - }; + name = cfg.user; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/web-apps/gotosocial.nix b/nixos/modules/services/web-apps/gotosocial.nix index f7ae018d5b7..9c21719a575 100644 --- a/nixos/modules/services/web-apps/gotosocial.nix +++ b/nixos/modules/services/web-apps/gotosocial.nix @@ -128,9 +128,7 @@ in ensureUsers = [ { name = "gotosocial"; - ensurePermissions = { - "DATABASE gotosocial" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/web-apps/invidious.nix b/nixos/modules/services/web-apps/invidious.nix index 5603ef7392e..fc9c1ec06f6 100644 --- a/nixos/modules/services/web-apps/invidious.nix +++ b/nixos/modules/services/web-apps/invidious.nix @@ -112,12 +112,6 @@ let services.postgresql = { enable = true; ensureDatabases = lib.singleton cfg.settings.db.dbname; - ensureUsers = lib.singleton { - name = cfg.settings.db.user; - ensurePermissions = { - "DATABASE ${cfg.settings.db.dbname}" = "ALL PRIVILEGES"; - }; - }; # This is only needed because the unix user invidious isn't the same as # the database user. This tells postgres to map one to the other. identMap = '' diff --git a/nixos/modules/services/web-apps/lemmy.nix b/nixos/modules/services/web-apps/lemmy.nix index 20d9dcb7c26..32389f7a59d 100644 --- a/nixos/modules/services/web-apps/lemmy.nix +++ b/nixos/modules/services/web-apps/lemmy.nix @@ -146,7 +146,7 @@ in ensureDatabases = [ cfg.settings.database.database ]; ensureUsers = [{ name = cfg.settings.database.user; - ensurePermissions."DATABASE ${cfg.settings.database.database}" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; }; diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index 2aab97438b7..5feca2525ea 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -557,7 +557,7 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [{ assertions = [ { - assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user); + assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user && cfg.database.user == cfg.database.name); message = '' For local automatic database provisioning (services.mastodon.database.createLocally == true) with peer authentication (services.mastodon.database.host == "/run/postgresql") to work services.mastodon.user @@ -799,8 +799,8 @@ in { enable = true; ensureUsers = [ { - name = cfg.database.user; - ensurePermissions."DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; + name = cfg.database.name; + ensureDBOwnership = true; } ]; ensureDatabases = [ cfg.database.name ]; diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 8b494b7c120..ce7bcd94b3f 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -454,7 +454,7 @@ in { assertion = cfg.database.createLocally -> (cfg.database.type == "mysql" || cfg.database.type == "postgres"); message = "services.mediawiki.createLocally is currently only supported for database type 'mysql' and 'postgres'"; } - { assertion = cfg.database.createLocally -> cfg.database.user == user; + { assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.name == cfg.database.user; message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true"; } { assertion = cfg.database.createLocally -> cfg.database.socket != null; @@ -486,7 +486,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [{ name = cfg.database.user; - ensurePermissions = { "DATABASE \"${cfg.database.name}\"" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; }]; }; diff --git a/nixos/modules/services/web-apps/miniflux.nix b/nixos/modules/services/web-apps/miniflux.nix index 3374c746ad3..5c8c93c13c4 100644 --- a/nixos/modules/services/web-apps/miniflux.nix +++ b/nixos/modules/services/web-apps/miniflux.nix @@ -6,13 +6,10 @@ let defaultAddress = "localhost:8080"; - dbUser = "miniflux"; - dbName = "miniflux"; - pgbin = "${config.services.postgresql.package}/bin"; preStart = pkgs.writeScript "miniflux-pre-start" '' #!${pkgs.runtimeShell} - ${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore" + ${pgbin}/psql "miniflux" -c "CREATE EXTENSION IF NOT EXISTS hstore" ''; in @@ -62,7 +59,7 @@ in services.miniflux.config = { LISTEN_ADDR = mkDefault defaultAddress; - DATABASE_URL = "user=${dbUser} host=/run/postgresql dbname=${dbName}"; + DATABASE_URL = "user=miniflux host=/run/postgresql dbname=miniflux"; RUN_MIGRATIONS = "1"; CREATE_ADMIN = "1"; }; @@ -70,12 +67,10 @@ in services.postgresql = { enable = true; ensureUsers = [ { - name = dbUser; - ensurePermissions = { - "DATABASE ${dbName}" = "ALL PRIVILEGES"; - }; + name = "miniflux"; + ensureDBOwnership = true; } ]; - ensureDatabases = [ dbName ]; + ensureDatabases = [ "miniflux" ]; }; systemd.services.miniflux-dbsetup = { @@ -97,7 +92,7 @@ in serviceConfig = { ExecStart = "${cfg.package}/bin/miniflux"; - User = dbUser; + User = "miniflux"; DynamicUser = true; RuntimeDirectory = "miniflux"; RuntimeDirectoryMode = "0700"; diff --git a/nixos/modules/services/web-apps/mobilizon.nix b/nixos/modules/services/web-apps/mobilizon.nix index 343c5cead2b..601c2830e0e 100644 --- a/nixos/modules/services/web-apps/mobilizon.nix +++ b/nixos/modules/services/web-apps/mobilizon.nix @@ -212,6 +212,12 @@ in assertion = cfg.nginx.enable -> (cfg.settings.":mobilizon"."Mobilizon.Web.Endpoint".http.ip == settingsFormat.lib.mkTuple [ 0 0 0 0 0 0 0 1 ]); message = "Setting the IP mobilizon listens on is only possible when the nginx config is not used, as it is hardcoded there."; } + { + assertion = isLocalPostgres -> repoSettings.database == repoSettings.username; + message = '' + When creating a database via NixOS, the db user and db name must be equal! + ''; + } ]; services.mobilizon.settings = { @@ -372,9 +378,7 @@ in ensureUsers = [ { name = dbUser; - ensurePermissions = { - "DATABASE \"${repoSettings.database}\"" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; extraPlugins = with postgresql.pkgs; [ postgis ]; diff --git a/nixos/modules/services/web-apps/moodle.nix b/nixos/modules/services/web-apps/moodle.nix index b617e9a5937..04ae6bd7f17 100644 --- a/nixos/modules/services/web-apps/moodle.nix +++ b/nixos/modules/services/web-apps/moodle.nix @@ -194,7 +194,7 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = cfg.database.createLocally -> cfg.database.user == user; + { assertion = cfg.database.createLocally -> cfg.database.user == user && cfg.database.user == cfg.database.name; message = "services.moodle.database.user must be set to ${user} if services.moodle.database.createLocally is set true"; } { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; @@ -220,7 +220,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/web-apps/netbox.nix b/nixos/modules/services/web-apps/netbox.nix index 8ba1852848e..3b9434e3d34 100644 --- a/nixos/modules/services/web-apps/netbox.nix +++ b/nixos/modules/services/web-apps/netbox.nix @@ -257,9 +257,7 @@ in { ensureUsers = [ { name = "netbox"; - ensurePermissions = { - "DATABASE netbox" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index f9713cac47e..f1ac3770d40 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1042,7 +1042,7 @@ in { ensureDatabases = [ cfg.config.dbname ]; ensureUsers = [{ name = cfg.config.dbuser; - ensurePermissions = { "DATABASE ${cfg.config.dbname}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; }]; }; diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix index 3494f2fa21f..f958566b91f 100644 --- a/nixos/modules/services/web-apps/onlyoffice.nix +++ b/nixos/modules/services/web-apps/onlyoffice.nix @@ -198,7 +198,7 @@ in ensureDatabases = [ "onlyoffice" ]; ensureUsers = [{ name = "onlyoffice"; - ensurePermissions = { "DATABASE \"onlyoffice\"" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; }]; }; }; diff --git a/nixos/modules/services/web-apps/outline.nix b/nixos/modules/services/web-apps/outline.nix index 0e3bd07c1fc..d97b45d6241 100644 --- a/nixos/modules/services/web-apps/outline.nix +++ b/nixos/modules/services/web-apps/outline.nix @@ -581,7 +581,7 @@ in enable = true; ensureUsers = [{ name = "outline"; - ensurePermissions."DATABASE outline" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; ensureDatabases = [ "outline" ]; }; diff --git a/nixos/modules/services/web-apps/peering-manager.nix b/nixos/modules/services/web-apps/peering-manager.nix index 7012df6dffb..d6f6077268d 100644 --- a/nixos/modules/services/web-apps/peering-manager.nix +++ b/nixos/modules/services/web-apps/peering-manager.nix @@ -186,9 +186,7 @@ in { ensureUsers = [ { name = "peering-manager"; - ensurePermissions = { - "DATABASE \"peering-manager\"" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/web-apps/pixelfed.nix b/nixos/modules/services/web-apps/pixelfed.nix index 159fb52476a..b0a25dcce9e 100644 --- a/nixos/modules/services/web-apps/pixelfed.nix +++ b/nixos/modules/services/web-apps/pixelfed.nix @@ -271,7 +271,6 @@ in { ensureDatabases = [ cfg.database.name ]; ensureUsers = [{ name = user; - ensurePermissions = { }; }]; }; diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 7b2e3be4295..a8fb37d2c5e 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -529,6 +529,15 @@ let assertion = cfg.database.password != null -> cfg.database.passwordFile == null; message = "Cannot set both password and passwordFile"; } + { + assertion = cfg.database.createLocally -> cfg.database.name == cfg.user && cfg.database.user == cfg.user; + message = '' + When creating a database via NixOS, the db user and db name must be equal! + If you already have an existing DB+user and this assertion is new, you can safely set + `services.tt-rss.database.createLocally` to `false` because removal of `ensureUsers` + and `ensureDatabases` doesn't have any effect. + ''; + } ]; services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { @@ -632,8 +641,8 @@ let enable = mkDefault true; ensureDatabases = [ cfg.database.name ]; ensureUsers = [ - { name = cfg.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + { name = cfg.database.user; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix index 4434965b217..9d30fdc0caa 100644 --- a/nixos/modules/services/web-servers/hydron.nix +++ b/nixos/modules/services/web-servers/hydron.nix @@ -93,7 +93,7 @@ in with lib; { ensureDatabases = [ "hydron" ]; ensureUsers = [ { name = "hydron"; - ensurePermissions = { "DATABASE hydron" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/tests/dex-oidc.nix b/nixos/tests/dex-oidc.nix index 37275a97ef0..e54ae18ca93 100644 --- a/nixos/tests/dex-oidc.nix +++ b/nixos/tests/dex-oidc.nix @@ -49,7 +49,7 @@ import ./make-test-python.nix ({ lib, ... }: { ensureUsers = [ { name = "dex"; - ensurePermissions = { "DATABASE dex" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/tests/ferretdb.nix b/nixos/tests/ferretdb.nix index 9ad7397ade8..7251198af77 100644 --- a/nixos/tests/ferretdb.nix +++ b/nixos/tests/ferretdb.nix @@ -39,7 +39,7 @@ with import ../lib/testing-python.nix { inherit system; }; ensureDatabases = [ "ferretdb" ]; ensureUsers = [{ name = "ferretdb"; - ensurePermissions."DATABASE ferretdb" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; }; diff --git a/nixos/tests/freshrss-pgsql.nix b/nixos/tests/freshrss-pgsql.nix index 055bd51ed43..c685f4a8159 100644 --- a/nixos/tests/freshrss-pgsql.nix +++ b/nixos/tests/freshrss-pgsql.nix @@ -22,9 +22,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { ensureUsers = [ { name = "freshrss"; - ensurePermissions = { - "DATABASE freshrss" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; initialScript = pkgs.writeText "postgresql-password" '' diff --git a/nixos/tests/grafana/basic.nix b/nixos/tests/grafana/basic.nix index 8bf4caad7fb..dd389bc8a3d 100644 --- a/nixos/tests/grafana/basic.nix +++ b/nixos/tests/grafana/basic.nix @@ -55,7 +55,7 @@ let ensureDatabases = [ "grafana" ]; ensureUsers = [{ name = "grafana"; - ensurePermissions."DATABASE grafana" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; }; systemd.services.grafana.after = [ "postgresql.service" ]; diff --git a/nixos/tests/hockeypuck.nix b/nixos/tests/hockeypuck.nix index 2b9dba8720a..675d6b226ad 100644 --- a/nixos/tests/hockeypuck.nix +++ b/nixos/tests/hockeypuck.nix @@ -35,7 +35,7 @@ in { ensureDatabases = [ "hockeypuck" ]; ensureUsers = [{ name = "hockeypuck"; - ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; }; }; diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index e97e8a467b1..e1588088ba1 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -9,13 +9,11 @@ in { nodes.hass = { pkgs, ... }: { services.postgresql = { enable = true; - - # FIXME: hack for https://github.com/NixOS/nixpkgs/issues/216989 - # Should be replaced with ensureUsers again when a solution for that is found - initialScript = pkgs.writeText "hass-setup-db.sql" '' - CREATE ROLE hass WITH LOGIN; - CREATE DATABASE hass WITH OWNER hass; - ''; + ensureDatabases = [ "hass" ]; + ensureUsers = [{ + name = "hass"; + ensureDBOwnership = true; + }]; }; services.home-assistant = { diff --git a/nixos/tests/paperless.nix b/nixos/tests/paperless.nix index 22409e89923..6a51cc522bd 100644 --- a/nixos/tests/paperless.nix +++ b/nixos/tests/paperless.nix @@ -17,7 +17,7 @@ import ./make-test-python.nix ({ lib, ... }: { ensureDatabases = [ "paperless" ]; ensureUsers = [ { name = config.services.paperless.user; - ensurePermissions = { "DATABASE \"paperless\"" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/tests/pgadmin4.nix b/nixos/tests/pgadmin4.nix index cb8de87c9ee..3ee7ed19fa1 100644 --- a/nixos/tests/pgadmin4.nix +++ b/nixos/tests/pgadmin4.nix @@ -19,14 +19,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: authentication = '' host all all localhost trust ''; - ensureUsers = [ - { - name = "postgres"; - ensurePermissions = { - "DATABASE \"postgres\"" = "ALL PRIVILEGES"; - }; - } - ]; }; services.pgadmin = { diff --git a/nixos/tests/pgbouncer.nix b/nixos/tests/pgbouncer.nix index 1e72327d420..814ca0d5886 100644 --- a/nixos/tests/pgbouncer.nix +++ b/nixos/tests/pgbouncer.nix @@ -24,13 +24,11 @@ in services = { postgresql = { enable = true; - ensureDatabases = [ "testdb" ]; + ensureDatabases = [ "test" ]; ensureUsers = [ { - name = "testuser"; - ensurePermissions = { - "DATABASE testdb" = "ALL PRIVILEGES"; - }; + name = "test"; + ensureDBOwnership = true; }]; authentication = '' local testdb testuser scram-sha-256 @@ -40,7 +38,7 @@ in pgbouncer = { enable = true; listenAddress = "localhost"; - databases = { testdb = "host=/run/postgresql/ port=5432 auth_user=testuser dbname=testdb"; }; + databases = { test = "host=/run/postgresql/ port=5432 auth_user=testuser dbname=test"; }; authType = "scram-sha-256"; authFile = testAuthFile; }; @@ -55,7 +53,7 @@ in # Test if we can make a query through PgBouncer one.wait_until_succeeds( - "psql 'postgres://testuser:testpass@localhost:6432/testdb' -c 'SELECT 1;'" + "psql 'postgres://testuser:testpass@localhost:6432/test' -c 'SELECT 1;'" ) ''; }) diff --git a/nixos/tests/powerdns-admin.nix b/nixos/tests/powerdns-admin.nix index d7bacb24eec..d326d74a982 100644 --- a/nixos/tests/powerdns-admin.nix +++ b/nixos/tests/powerdns-admin.nix @@ -87,9 +87,7 @@ let ensureUsers = [ { name = "powerdnsadmin"; - ensurePermissions = { - "DATABASE powerdnsadmin" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/tests/sftpgo.nix b/nixos/tests/sftpgo.nix index db0098d2ac4..a5bb1981d2c 100644 --- a/nixos/tests/sftpgo.nix +++ b/nixos/tests/sftpgo.nix @@ -156,7 +156,7 @@ in ensureDatabases = [ "sftpgo" ]; ensureUsers = [{ name = "sftpgo"; - ensurePermissions."DATABASE sftpgo" = "ALL PRIVILEGES"; + ensureDBOwnership = true; }]; }; diff --git a/nixos/tests/tandoor-recipes.nix b/nixos/tests/tandoor-recipes.nix index f3369da99a0..18beaac6f06 100644 --- a/nixos/tests/tandoor-recipes.nix +++ b/nixos/tests/tandoor-recipes.nix @@ -5,6 +5,29 @@ import ./make-test-python.nix ({ lib, ... }: { nodes.machine = { pkgs, ... }: { services.tandoor-recipes = { enable = true; + extraConfig = { + DB_ENGINE = "django.db.backends.postgresql"; + POSTGRES_HOST = "/run/postgresql"; + POSTGRES_USER = "tandoor_recipes"; + POSTGRES_DB = "tandoor_recipes"; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "tandoor_recipes" ]; + ensureUsers = [ + { + name = "tandoor_recipes"; + ensureDBOwnership = true; + } + ]; + }; + + systemd.services = { + tandoor-recipes = { + after = [ "postgresql.service" ]; + }; }; }; diff --git a/nixos/tests/vikunja.nix b/nixos/tests/vikunja.nix index 2660aa9767c..60fd5ce1385 100644 --- a/nixos/tests/vikunja.nix +++ b/nixos/tests/vikunja.nix @@ -33,7 +33,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { ensureDatabases = [ "vikunja-api" ]; ensureUsers = [ { name = "vikunja-api"; - ensurePermissions = { "DATABASE \"vikunja-api\"" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; diff --git a/nixos/tests/wiki-js.nix b/nixos/tests/wiki-js.nix index fd054a9c590..8b3c51935a6 100644 --- a/nixos/tests/wiki-js.nix +++ b/nixos/tests/wiki-js.nix @@ -10,14 +10,15 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { enable = true; settings.db.host = "/run/postgresql"; settings.db.user = "wiki-js"; + settings.db.db = "wiki-js"; settings.logLevel = "debug"; }; services.postgresql = { enable = true; - ensureDatabases = [ "wiki" ]; + ensureDatabases = [ "wiki-js" ]; ensureUsers = [ { name = "wiki-js"; - ensurePermissions."DATABASE wiki" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; -- cgit 1.4.1 From 3f4c802d263989eb0a0327243a100ad3643be98e Mon Sep 17 00:00:00 2001 From: zzywysm <51676322+zzywysm@users.noreply.github.com> Date: Tue, 14 Nov 2023 15:37:50 -0500 Subject: initrd/autofs4: remove legacy references to autofs4 kernel module Back in 2018, the kernel decided to remove the autofs4 module. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2225d931f75ddd3c39f4d0d195fad99dfd68671 This caused immediate problems with systemd, so the kernel allowed autofs4 as a config option that would simply map back to autofs. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d02d21ea007b6b33cdaf15c2f84fb1fea996ecc2 Earlier this year, in July 2023, the kernel got tired of people not adapting to the autofs change, and forced the issue by fixing it within the kernel defconfigs, which NixOS uses as a starting point for their own kernel configs. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f2190d6b7112d22d3f8dfeca16a2f6a2f51444e This commit reflects the post-2018 reality by changing the remaining autofs4 references to autofs. Since this change initially happened in kernel 4.18 and we no longer support 4.x kernels, we don't need any backwards-compatibility tweaks. --- nixos/modules/services/misc/autofs.nix | 2 +- nixos/modules/system/boot/systemd/initrd.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/autofs.nix b/nixos/modules/services/misc/autofs.nix index 55ab15ff003..723b67e8bb6 100644 --- a/nixos/modules/services/misc/autofs.nix +++ b/nixos/modules/services/misc/autofs.nix @@ -74,7 +74,7 @@ in config = mkIf cfg.enable { - boot.kernelModules = [ "autofs4" ]; + boot.kernelModules = [ "autofs" ]; systemd.services.autofs = { description = "Automounts filesystems on demand"; diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index e223451652b..0e7d59b3207 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -370,7 +370,7 @@ in { boot.initrd.availableKernelModules = [ # systemd needs this for some features - "autofs4" + "autofs" # systemd-cryptenroll ] ++ lib.optional cfg.enableTpm2 "tpm-tis" ++ lib.optional (cfg.enableTpm2 && !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7)) "tpm-crb"; -- cgit 1.4.1 From 7cd63bff21f67d13810f547fb02165131f9942b1 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Fri, 17 Nov 2023 15:03:19 +0100 Subject: nixos/sourcehut: do not use `ensureDBOwnership` Given that SourceHut uses unfortunate defaults for database name, it will not be realistic to fix this in time for 23.11. We will leave the workaround and leave it to SourceHut maintainers to pick up the work to clean this up after 23.11. --- nixos/modules/services/misc/sourcehut/service.nix | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index d2cd599d3fe..f08d5eb4687 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -242,15 +242,6 @@ in } cfg.nginx.virtualHost ]; }; - assertions = [ - { - assertion = srvCfg.user == srvCfg.postgresql.database; - message = '' - When creating a database via NixOS, the db user and db name must be equal! - ''; - } - ]; - services.postgresql = mkIf cfg.postgresql.enable { authentication = '' local ${srvCfg.postgresql.database} ${srvCfg.user} trust @@ -258,10 +249,13 @@ in ensureDatabases = [ srvCfg.postgresql.database ]; ensureUsers = map (name: { inherit name; - ensureDBOwnership = true; + # We don't use it because we have a special default database name with dots. + # TODO(for maintainers of sourcehut): migrate away from custom preStart script. + ensureDBOwnership = false; }) [srvCfg.user]; }; + services.sourcehut.settings = mkMerge [ { "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}"; @@ -387,10 +381,11 @@ in extraService ])) extraServices) - # Work around 'pq: permission denied for schema public' with postgres v15, until a - # solution for `services.postgresql.ensureUsers` is found. + # Work around 'pq: permission denied for schema public' with postgres v15. # See https://github.com/NixOS/nixpkgs/issues/216989 # Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741 + # TODO(to maintainers of sourcehut): please migrate away from this workaround + # by migrating away from database name defaults with dots. (lib.mkIf ( cfg.postgresql.enable && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" -- cgit 1.4.1 From 20832d59954641e608d1dc5bb51457280dc384d7 Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Fri, 17 Nov 2023 15:55:24 +0100 Subject: nixos/forgejo: changelog and migration instructions (#267248) * nixos/forgejo: changelog and migration instructions * nixos/forgejo/docs: clarify sentence Co-authored-by: Trolli Schmittlauch * nixos/forgejo/docs: document migration via gitea impersonation * nixos/forgejo/docs: note about url change on migration * nixos/forgejo/docs: note about migration (non-)requirement * nixos/forgejo/docs: header ids * nixos/forgejo/docs: clarify release notes entry Co-authored-by: Emily * nixos/forgejo/docs: improve manual entry Co-authored-by: Emily * nixos/forgejo/docs: move changelog line to the middle of the section as noted --------- Co-authored-by: Trolli Schmittlauch Co-authored-by: Emily --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 + nixos/modules/services/misc/forgejo.md | 79 +++++++++++++++++++++++ nixos/modules/services/misc/forgejo.nix | 1 + 3 files changed, 82 insertions(+) create mode 100644 nixos/modules/services/misc/forgejo.md (limited to 'nixos/modules/services/misc') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 5cb5fec2305..1dbc33f2373 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -104,6 +104,8 @@ - [eris-server](https://codeberg.org/eris/eris-go). [ERIS](https://eris.codeberg.page/) is an encoding for immutable storage and this server provides block exchange as well as content decoding over HTTP and through a FUSE file-system. Available as [services.eris-server](#opt-services.eris-server.enable). +- [forgejo](https://forgejo.org/), a git forge. Previously deployed as a drop-in replacement package in the [gitea module](#opt-services.gitea.package). Available as [services.forgejo](#opt-services.forgejo.enable). See migration instructions in the [NixOS manual](#module-forgejo) on how to migrate your forgejo instance using [`services.gitea.package = pkgs.forgejo`](#opt-services.gitea.package) to [`services.forgejo`](#opt-services.forgejo.enable). + - hardware/infiniband.nix adds infiniband subnet manager support using an [opensm](https://github.com/linux-rdma/opensm) systemd-template service, instantiated on card guids. The module also adds kernel modules and cli tooling to help administrators debug and measure performance. Available as [hardware.infiniband.enable](#opt-hardware.infiniband.enable). - [zwave-js](https://github.com/zwave-js/zwave-js-server), a small server wrapper around Z-Wave JS to access it via a WebSocket. Available as [services.zwave-js](#opt-services.zwave-js.enable). diff --git a/nixos/modules/services/misc/forgejo.md b/nixos/modules/services/misc/forgejo.md new file mode 100644 index 00000000000..6a340738208 --- /dev/null +++ b/nixos/modules/services/misc/forgejo.md @@ -0,0 +1,79 @@ +# Forgejo {#module-forgejo} + +Forgejo is a soft-fork of gitea, with strong community focus, as well +as on self-hosting and federation. [Codeberg](https://codeberg.org) is +deployed from it. + +See [upstream docs](https://forgejo.org/docs/latest/). + +The method of choice for running forgejo is using [`services.forgejo`](#opt-services.forgejo.enable). + +::: {.warning} +Running forgejo using `services.gitea.package = pkgs.forgejo` is no longer +recommended. +If you experience issues with your instance using `services.gitea`, +**DO NOT** report them to the `services.gitea` module maintainers. +**DO** report them to the `services.forgejo` module maintainers instead. +::: + +## Migration from Gitea {#module-forgejo-migration-gitea} + +::: {.note} +Migrating is, while not strictly necessary at this point, highly recommended. +Both modules and projects are likely to divide further with each release. +Which might lead to an even more involved migration. +::: + +### Full-Migration {#module-forgejo-migration-gitea-default} + +This will migrate the state directory (data), rename and chown the database and +delete the gitea user. + +::: {.note} +This will also change the git remote ssh-url user from `gitea@` to `forgejo@`, +when using the host's openssh server (default) instead of the integrated one. +::: + +Instructions for PostgreSQL (default). Adapt accordingly for other databases: + +```sh +systemctl stop gitea +mv /var/lib/gitea /var/lib/forgejo +runuser -u postgres -- psql -c ' + ALTER USER gitea RENAME TO forgejo; + ALTER DATABASE gitea RENAME TO forgejo; +' +nixos-rebuild switch +systemctl stop forgejo +chown -R forgejo:forgejo /var/lib/forgejo +systemctl restart forgejo +``` + +### Alternatively, keeping the gitea user {#module-forgejo-migration-gitea-impersonate} + +Alternatively, instead of renaming the database, copying the state folder and +changing the user, the forgejo module can be set up to re-use the old storage +locations and database, instead of having to copy or rename them. +Make sure to disable `services.gitea`, when doing this. + +```nix +services.gitea.enable = false; + +services.forgejo = { + enable = true; + user = "gitea"; + group = "gitea"; + stateDir = "/var/lib/gitea"; + database.name = "gitea"; + database.user = "gitea"; +}; + +users.users,gitea = { + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; +}; + +users.groups.gitea = {}; +``` diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix index 90b5f16f418..e71e47b27f1 100644 --- a/nixos/modules/services/misc/forgejo.nix +++ b/nixos/modules/services/misc/forgejo.nix @@ -677,5 +677,6 @@ in }; }; + meta.doc = ./forgejo.md; meta.maintainers = with lib.maintainers; [ bendlas emilylange ]; } -- cgit 1.4.1 From 8c441fc2a765b8d99f9acb7d02945a71a828a6e1 Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Fri, 17 Nov 2023 17:12:14 +0100 Subject: nixos/forgejo/docs: fix typo --- nixos/modules/services/misc/forgejo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/forgejo.md b/nixos/modules/services/misc/forgejo.md index 6a340738208..3df8bc20976 100644 --- a/nixos/modules/services/misc/forgejo.md +++ b/nixos/modules/services/misc/forgejo.md @@ -68,7 +68,7 @@ services.forgejo = { database.user = "gitea"; }; -users.users,gitea = { +users.users.gitea = { home = "/var/lib/gitea"; useDefaultShell = true; group = "gitea"; -- cgit 1.4.1 From b3e8dae766a3db1f0845a598f71e1267292a470a Mon Sep 17 00:00:00 2001 From: emilylange Date: Fri, 17 Nov 2023 19:52:31 +0100 Subject: nixos/forgejo: remove `postgresql_15` permission work-around This is no longer necessary as of ccfe07c3168109567b98462533f7ddf14c7ba18d. Previously: b8585a119ce5c28754267f349107304117041083. --- nixos/modules/services/misc/forgejo.nix | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'nixos/modules/services/misc') diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix index 15966adfe38..454febda589 100644 --- a/nixos/modules/services/misc/forgejo.nix +++ b/nixos/modules/services/misc/forgejo.nix @@ -436,17 +436,6 @@ in ]; }; - # Work around 'pq: permission denied for schema public' with postgres v15, until a - # solution for `services.postgresql.ensureUsers` is found. - # See https://github.com/NixOS/nixpkgs/issues/216989 - systemd.services.postgresql.postStart = lib.mkIf ( - usePostgresql - && cfg.database.createDatabase - && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" - ) (lib.mkAfter '' - $PSQL -tAc 'ALTER DATABASE "${cfg.database.name}" OWNER TO "${cfg.database.user}";' - ''); - services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) { enable = mkDefault true; package = mkDefault pkgs.mariadb; -- cgit 1.4.1