From 72e80cdc54f33889d4bf7b38fa58bd2d459d14e6 Mon Sep 17 00:00:00 2001 From: Patryk Wychowaniec Date: Fri, 5 Jun 2020 12:57:18 +0200 Subject: lxd: Add proper support for `nftables` --- nixos/modules/virtualisation/lxd.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index 53b89a9f55b..f526324e0a0 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -15,7 +15,6 @@ in ###### interface options = { - virtualisation.lxd = { enable = mkOption { type = types.bool; @@ -30,7 +29,7 @@ in package = mkOption { type = types.package; - default = pkgs.lxd; + default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; }; defaultText = "pkgs.lxd"; description = '' The LXD package to use. @@ -65,6 +64,7 @@ in with nixos. ''; }; + recommendedSysctlSettings = mkOption { type = types.bool; default = false; @@ -83,7 +83,6 @@ in ###### implementation config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; security.apparmor = { -- cgit 1.4.1 From 6c6924b2eb54658ededd4e20275c4a5b2ebab24c Mon Sep 17 00:00:00 2001 From: Patryk Wychowaniec Date: Fri, 5 Jun 2020 14:40:02 +0200 Subject: lxd: When `lxcfs` is enabled, start `lxd` with explicit `LXD_LXC_TEMPLATE_CONFIG` --- nixos/modules/virtualisation/lxd.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index f526324e0a0..3958fc2c1d7 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -24,6 +24,12 @@ in containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the lxc command line tool, among others. + + Most of the time, you'll also want to start lxcfs, so + that containers can "see" the limits: + + virtualisation.lxc.lxcfs.enable = true; + ''; }; @@ -114,6 +120,12 @@ in LimitNOFILE = "1048576"; LimitNPROC = "infinity"; TasksMax = "infinity"; + + # By default, `lxd` loads configuration files from hard-coded + # `/usr/share/lxc/config` - since this is a no-go for us, we have to + # explicitly tell it where the actual configuration files are + Environment = mkIf (config.virtualisation.lxc.lxcfs.enable) + "LXD_LXC_TEMPLATE_CONFIG=${pkgs.lxcfs}/share/lxc/config"; }; }; -- cgit 1.4.1 From 8ae7ac9e8c959cf0524331550f858549edd5152e Mon Sep 17 00:00:00 2001 From: Patryk Wychowaniec Date: Mon, 8 Jun 2020 21:33:21 +0200 Subject: lxd: Add tests --- nixos/tests/all-tests.nix | 2 + nixos/tests/lxd-nftables.nix | 50 ++++++++++++++++ nixos/tests/lxd.nix | 135 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 187 insertions(+) create mode 100644 nixos/tests/lxd-nftables.nix create mode 100644 nixos/tests/lxd.nix (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 796c626f3dd..abc9dc2f89a 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -178,6 +178,8 @@ in limesurvey = handleTest ./limesurvey.nix {}; login = handleTest ./login.nix {}; loki = handleTest ./loki.nix {}; + lxd = handleTest ./lxd.nix {}; + lxd-nftables = handleTest ./lxd-nftables.nix {}; #logstash = handleTest ./logstash.nix {}; lorri = handleTest ./lorri/default.nix {}; magnetico = handleTest ./magnetico.nix {}; diff --git a/nixos/tests/lxd-nftables.nix b/nixos/tests/lxd-nftables.nix new file mode 100644 index 00000000000..25517914db8 --- /dev/null +++ b/nixos/tests/lxd-nftables.nix @@ -0,0 +1,50 @@ +# This test makes sure that lxd stops implicitly depending on iptables when +# user enabled nftables. +# +# It has been extracted from `lxd.nix` for clarity, and because switching from +# iptables to nftables requires a full reboot, which is a bit hard inside NixOS +# tests. + +import ./make-test-python.nix ({ pkgs, ...} : { + name = "lxd-nftables"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ patryk27 ]; + }; + + machine = { lib, ... }: { + virtualisation = { + lxd.enable = true; + }; + + networking = { + firewall.enable = false; + nftables.enable = true; + nftables.ruleset = '' + table inet filter { + chain incoming { + type filter hook input priority 0; + policy accept; + } + + chain forward { + type filter hook forward priority 0; + policy accept; + } + + chain output { + type filter hook output priority 0; + policy accept; + } + } + ''; + }; + }; + + testScript = '' + machine.wait_for_unit("network.target") + + with subtest("When nftables are enabled, lxd doesn't depend on iptables anymore"): + machine.succeed("lsmod | grep nf_tables") + machine.fail("lsmod | grep ip_tables") + ''; +}) diff --git a/nixos/tests/lxd.nix b/nixos/tests/lxd.nix new file mode 100644 index 00000000000..db2d44dff55 --- /dev/null +++ b/nixos/tests/lxd.nix @@ -0,0 +1,135 @@ +import ./make-test-python.nix ({ pkgs, ...} : + +let + # Since we don't have access to the internet during the tests, we have to + # pre-fetch lxd containers beforehand. + # + # I've chosen to import Alpine Linux, because its image is turbo-tiny and, + # generally, sufficient for our tests. + + alpine-meta = pkgs.fetchurl { + url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/lxd.tar.xz"; + sha256 = "1hkvaj3rr333zmx1759njy435lps33gl4ks8zfm7m4nqvipm26a0"; + }; + + alpine-rootfs = pkgs.fetchurl { + url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/rootfs.tar.xz"; + sha256 = "1v82zdra4j5xwsff09qlp7h5vbsg54s0j7rdg4rynichfid3r347"; + }; + + lxd-config = pkgs.writeText "config.yaml" '' + storage_pools: + - name: default + driver: dir + config: + source: /var/lxd-pool + + networks: + - name: lxdbr0 + type: bridge + config: + ipv4.address: auto + ipv6.address: none + + profiles: + - name: default + devices: + eth0: + name: eth0 + network: lxdbr0 + type: nic + root: + path: / + pool: default + type: disk + ''; + +in { + name = "lxd"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ patryk27 ]; + }; + + machine = { lib, ... }: { + virtualisation = { + # Since we're testing `limits.cpu`, we've gotta have a known number of + # cores to lay on + cores = 2; + + # Ditto, for `limits.memory` + memorySize = 512; + + lxc.lxcfs.enable = true; + lxd.enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("sockets.target") + machine.wait_for_unit("lxd.service") + + # It takes additional second for lxd to settle + machine.sleep(1) + + # lxd expects the pool's directory to already exist + machine.succeed("mkdir /var/lxd-pool") + + machine.succeed( + "cat ${lxd-config} | lxd init --preseed" + ) + + machine.succeed( + "lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine" + ) + + with subtest("Containers can be launched and destroyed"): + machine.succeed("lxc launch alpine test") + machine.succeed("lxc exec test true") + machine.succeed("lxc delete -f test") + + with subtest("Containers are being mounted with lxcfs inside"): + machine.succeed("lxc launch alpine test") + + ## ---------- ## + ## limits.cpu ## + + machine.succeed("lxc config set test limits.cpu 1") + + # Since Alpine doesn't have `nproc` pre-installed, we've gotta resort + # to the primal methods + assert ( + "1" + == machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip() + ) + + machine.succeed("lxc config set test limits.cpu 2") + + assert ( + "2" + == machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip() + ) + + ## ------------- ## + ## limits.memory ## + + machine.succeed("lxc config set test limits.memory 64MB") + + assert ( + "MemTotal: 62500 kB" + == machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip() + ) + + machine.succeed("lxc config set test limits.memory 128MB") + + assert ( + "MemTotal: 125000 kB" + == machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip() + ) + + machine.succeed("lxc delete -f test") + + with subtest("Unless explicitly changed, lxd leans on iptables"): + machine.succeed("lsmod | grep ip_tables") + machine.fail("lsmod | grep nf_tables") + ''; +}) -- cgit 1.4.1 From 10acf9ae002563b1bc6519eb50a4d65c6c684e98 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Mon, 8 Jun 2020 16:09:13 +0100 Subject: nixos/redis: add redis group --- nixos/modules/services/databases/redis.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 799c3db6216..f1777854e14 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -218,6 +218,7 @@ in description = "Redis database user"; isSystemUser = true; }; + users.groups.redis = {}; environment.systemPackages = [ cfg.package ]; @@ -240,6 +241,7 @@ in StateDirectory = "redis"; Type = "notify"; User = "redis"; + Group = "redis"; }; }; }; -- cgit 1.4.1 From e77426822ff234a50bf959384e86d78c0cf9a240 Mon Sep 17 00:00:00 2001 From: Matt Layher Date: Wed, 10 Jun 2020 13:12:43 -0400 Subject: nixos/prometheus-keylight-exporter: new module Signed-off-by: Matt Layher --- .../services/monitoring/prometheus/exporters.nix | 1 + .../monitoring/prometheus/exporters/keylight.nix | 19 +++++++++++++++++++ nixos/tests/prometheus-exporters.nix | 19 +++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 nixos/modules/services/monitoring/prometheus/exporters/keylight.nix (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index f9ad1457fc8..b62a68860da 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -28,6 +28,7 @@ let "dovecot" "fritzbox" "json" + "keylight" "mail" "mikrotik" "minio" diff --git a/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix b/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix new file mode 100644 index 00000000000..dfa56343b87 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.keylight; +in +{ + port = 9288; + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-keylight-exporter}/bin/keylight_exporter \ + -metrics.addr ${cfg.listenAddress}:${toString cfg.port} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 4fc3668cfaf..e2221352dcf 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -202,6 +202,25 @@ let ''; }; + keylight = { + # A hardware device is required to properly test this exporter, so just + # perform a couple of basic sanity checks that the exporter is running + # and requires a target, but cannot reach a specified target. + exporterConfig = { + enable = true; + }; + exporterTest = '' + wait_for_unit("prometheus-keylight-exporter.service") + wait_for_open_port(9288) + succeed( + "curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics | grep -q '400'" + ) + succeed( + "curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics?target=nosuchdevice | grep -q '500'" + ) + ''; + }; + mail = { exporterConfig = { enable = true; -- cgit 1.4.1 From e45146d94bf6d27cbde107e82a2520b007344055 Mon Sep 17 00:00:00 2001 From: Matt Layher Date: Wed, 10 Jun 2020 14:13:07 -0400 Subject: nixos/prometheus-apcupsd-exporter: new module Signed-off-by: Matt Layher --- .../services/monitoring/prometheus/exporters.nix | 1 + .../monitoring/prometheus/exporters/apcupsd.nix | 38 ++++++++++++++++++++++ nixos/tests/prometheus-exporters.nix | 15 +++++++++ 3 files changed, 54 insertions(+) create mode 100644 nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index f9ad1457fc8..18a714360cf 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -21,6 +21,7 @@ let # `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart` exporterOpts = genAttrs [ + "apcupsd" "bind" "blackbox" "collectd" diff --git a/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix b/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix new file mode 100644 index 00000000000..57c35a742c5 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.apcupsd; +in +{ + port = 9162; + extraOpts = { + apcupsdAddress = mkOption { + type = types.str; + default = ":3551"; + description = '' + Address of the apcupsd Network Information Server (NIS). + ''; + }; + + apcupsdNetwork = mkOption { + type = types.enum ["tcp" "tcp4" "tcp6"]; + default = "tcp"; + description = '' + Network of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6". + ''; + }; + }; + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-apcupsd-exporter}/bin/apcupsd_exporter \ + -telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \ + -apcupsd.addr ${cfg.apcupsdAddress} \ + -apcupsd.network ${cfg.apcupsdNetwork} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 4fc3668cfaf..caed263fe46 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -56,6 +56,21 @@ let */ exporterTests = { + apcupsd = { + exporterConfig = { + enable = true; + }; + metricProvider = { + services.apcupsd.enable = true; + }; + exporterTest = '' + wait_for_unit("apcupsd.service") + wait_for_open_port(3551) + wait_for_unit("prometheus-apcupsd-exporter.service") + wait_for_open_port(9162) + succeed("curl -sSf http://localhost:9162/metrics | grep -q 'apcupsd_info'") + ''; + }; bind = { exporterConfig = { -- cgit 1.4.1 From 92aa60918f75dd0d2e72011fb52466a1917094ec Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Thu, 11 Jun 2020 10:22:20 +0200 Subject: nixos i18n.supportedLocales: increase systemPackages priority https://discourse.nixos.org/t/conflict-between-glibc-and-glibclocales-workaround-inside/7608 --- nixos/modules/config/i18n.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix index cc2ddda9d32..feb76581a72 100644 --- a/nixos/modules/config/i18n.nix +++ b/nixos/modules/config/i18n.nix @@ -68,7 +68,8 @@ with lib; config = { environment.systemPackages = - optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales; + # We increase the priority a little, so that plain glibc in systemPackages can't win. + optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); environment.sessionVariables = { LANG = config.i18n.defaultLocale; -- cgit 1.4.1 From 876bf3abc9328d308e84a7826b44f08fe02a2db0 Mon Sep 17 00:00:00 2001 From: Martin Milata Date: Thu, 4 Jun 2020 01:38:09 +0200 Subject: nixos/prometheus-lnd-exporter: init --- .../services/monitoring/prometheus/exporters.nix | 1 + .../monitoring/prometheus/exporters/lnd.nix | 46 ++++++++++++++++++++++ nixos/tests/prometheus-exporters.nix | 44 +++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 nixos/modules/services/monitoring/prometheus/exporters/lnd.nix (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index e006caecbb8..0318acae50f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -30,6 +30,7 @@ let "fritzbox" "json" "keylight" + "lnd" "mail" "mikrotik" "minio" diff --git a/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix b/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix new file mode 100644 index 00000000000..35f97202057 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.lnd; +in +{ + port = 9092; + extraOpts = { + lndHost = mkOption { + type = types.str; + default = "localhost:10009"; + description = '' + lnd instance gRPC address:port. + ''; + }; + + lndTlsPath = mkOption { + type = types.path; + description = '' + Path to lnd TLS certificate. + ''; + }; + + lndMacaroonDir = mkOption { + type = types.path; + description = '' + Path to lnd macaroons. + ''; + }; + }; + serviceOpts.serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-lnd-exporter}/bin/lndmon \ + --prometheus.listenaddr=${cfg.listenAddress}:${toString cfg.port} \ + --prometheus.logdir=/var/log/prometheus-lnd-exporter \ + --lnd.host=${cfg.lndHost} \ + --lnd.tlspath=${cfg.lndTlsPath} \ + --lnd.macaroondir=${cfg.lndMacaroonDir} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + LogsDirectory = "prometheus-lnd-exporter"; + ReadOnlyPaths = [ cfg.lndTlsPath cfg.lndMacaroonDir ]; + }; +} diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 4dc6e1407e9..4dbd6431222 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -236,6 +236,50 @@ let ''; }; + lnd = { + exporterConfig = { + enable = true; + lndTlsPath = "/var/lib/lnd/tls.cert"; + lndMacaroonDir = "/var/lib/lnd"; + }; + metricProvider = { + systemd.services.prometheus-lnd-exporter.serviceConfig.DynamicUser = false; + services.bitcoind.enable = true; + services.bitcoind.extraConfig = '' + rpcauth=bitcoinrpc:e8fe33f797e698ac258c16c8d7aadfbe$872bdb8f4d787367c26bcfd75e6c23c4f19d44a69f5d1ad329e5adf3f82710f7 + bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 + bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 + ''; + systemd.services.lnd = { + serviceConfig.ExecStart = '' + ${pkgs.lnd}/bin/lnd \ + --datadir=/var/lib/lnd \ + --tlscertpath=/var/lib/lnd/tls.cert \ + --tlskeypath=/var/lib/lnd/tls.key \ + --logdir=/var/log/lnd \ + --bitcoin.active \ + --bitcoin.mainnet \ + --bitcoin.node=bitcoind \ + --bitcoind.rpcuser=bitcoinrpc \ + --bitcoind.rpcpass=hunter2 \ + --bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 \ + --bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 \ + --readonlymacaroonpath=/var/lib/lnd/readonly.macaroon + ''; + serviceConfig.StateDirectory = "lnd"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + }; + }; + exporterTest = '' + wait_for_unit("lnd.service") + wait_for_open_port(10009) + wait_for_unit("prometheus-lnd-exporter.service") + wait_for_open_port(9092) + succeed("curl -sSf localhost:9092/metrics | grep -q '^promhttp_metric_handler'") + ''; + }; + mail = { exporterConfig = { enable = true; -- cgit 1.4.1 From 1a5dafcd5bebd2ad915876333b0ba94680148db7 Mon Sep 17 00:00:00 2001 From: adisbladis Date: Sat, 23 May 2020 22:38:16 +0100 Subject: services.x11.videoDrivers: Don't include vmware driver by default A better option for vmware guests is to set `virtualisation.vmware.guest.enable`. --- nixos/doc/manual/release-notes/rl-2009.xml | 6 ++++++ nixos/modules/services/x11/xserver.nix | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 40316b980f3..be7f176614c 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -176,6 +176,12 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' security.duosec.integrationKey. + + + vmware has been removed from the services.x11.videoDrivers defaults. + For VMWare guests set virtualisation.vmware.guest.enable to true which will include the appropriate drivers. + + The initrd SSH support now uses OpenSSH rather than Dropbear to diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 6aec1c0753a..400173745d3 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -246,7 +246,7 @@ in videoDrivers = mkOption { type = types.listOf types.str; # !!! We'd like "nv" here, but it segfaults the X server. - default = [ "radeon" "cirrus" "vesa" "vmware" "modesetting" ]; + default = [ "radeon" "cirrus" "vesa" "modesetting" ]; example = [ "ati_unfree" "amdgpu" "amdgpu-pro" "nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304" -- cgit 1.4.1