Project import generated by Copybara.
GitOrigin-RevId: a7855f2235a1876f97473a76151fec2afa02b287
This commit is contained in:
parent
bd37aaa161
commit
13da32182d
1831 changed files with 57456 additions and 17499 deletions
3
third_party/nixpkgs/.git-blame-ignore-revs
vendored
3
third_party/nixpkgs/.git-blame-ignore-revs
vendored
|
@ -36,3 +36,6 @@ d08ede042b74b8199dc748323768227b88efcf7c
|
||||||
|
|
||||||
# fix indentation in mk-python-derivation.nix
|
# fix indentation in mk-python-derivation.nix
|
||||||
d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3
|
d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3
|
||||||
|
|
||||||
|
# fix indentation in meteor default.nix
|
||||||
|
f76b359e4a55267ddd4e9e149e7cc13ae5cad98a
|
||||||
|
|
6
third_party/nixpkgs/.github/CODEOWNERS
vendored
6
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -108,9 +108,9 @@
|
||||||
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn
|
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn
|
||||||
|
|
||||||
# Perl
|
# Perl
|
||||||
/pkgs/development/interpreters/perl @stigtsp @zakame
|
/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ
|
||||||
/pkgs/top-level/perl-packages.nix @stigtsp @zakame
|
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ
|
||||||
/pkgs/development/perl-modules @stigtsp @zakame
|
/pkgs/development/perl-modules @stigtsp @zakame @dasJ
|
||||||
|
|
||||||
# R
|
# R
|
||||||
/pkgs/applications/science/math/R @jbedo
|
/pkgs/applications/science/math/R @jbedo
|
||||||
|
|
27
third_party/nixpkgs/CONTRIBUTING.md
vendored
27
third_party/nixpkgs/CONTRIBUTING.md
vendored
|
@ -62,25 +62,26 @@ many CODEOWNERS will be inadvertently requested for review. To achieve this,
|
||||||
rebasing should not be performed directly on the target branch, but on the merge
|
rebasing should not be performed directly on the target branch, but on the merge
|
||||||
base between the current and target branch.
|
base between the current and target branch.
|
||||||
|
|
||||||
In the following example, we see a rebase from `master` onto the merge base
|
In the following example, we assume that the current branch, called `feature`,
|
||||||
between `master` and `staging`, so that a change can eventually be retargeted to
|
is based on `master`, and we rebase it onto the merge base between
|
||||||
`staging`. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
|
`master` and `staging` so that the PR can eventually be retargeted to
|
||||||
while the `origin` remote is used for the remote you are pushing to.
|
`staging` without causing a mess. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
|
||||||
|
while `origin` is the remote you are pushing to.
|
||||||
|
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# Find the common base between two branches
|
# Rebase your commits onto the common merge base
|
||||||
common=$(git merge-base upstream/master upstream/staging)
|
git rebase --onto upstream/staging... upstream/master
|
||||||
# Find the common base between your feature branch and master
|
|
||||||
commits=$(git merge-base $(git branch --show-current) upstream/master)
|
|
||||||
# Rebase all commits onto the common base
|
|
||||||
git rebase --onto=$common $commits
|
|
||||||
# Force push your changes
|
# Force push your changes
|
||||||
git push origin $(git branch --show-current) --force-with-lease
|
git push origin feature --force-with-lease
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The syntax `upstream/staging...` is equivalent to `upstream/staging...HEAD` and
|
||||||
|
stands for the merge base between `upstream/staging` and `HEAD` (hence between
|
||||||
|
`upstream/staging` and `upstream/master`).
|
||||||
|
|
||||||
Then change the base branch in the GitHub PR using the *Edit* button in the upper
|
Then change the base branch in the GitHub PR using the *Edit* button in the upper
|
||||||
right corner, and switch from `master` to `staging`. After the PR has been
|
right corner, and switch from `master` to `staging`. *After* the PR has been
|
||||||
retargeted it might be necessary to do a final rebase onto the target branch, to
|
retargeted it might be necessary to do a final rebase onto the target branch, to
|
||||||
resolve any outstanding merge conflicts.
|
resolve any outstanding merge conflicts.
|
||||||
|
|
||||||
|
@ -90,7 +91,7 @@ git rebase upstream/staging
|
||||||
# Review and fixup possible conflicts
|
# Review and fixup possible conflicts
|
||||||
git status
|
git status
|
||||||
# Force push your changes
|
# Force push your changes
|
||||||
git push origin $(git branch --show-current) --force-with-lease
|
git push origin feature --force-with-lease
|
||||||
```
|
```
|
||||||
|
|
||||||
## Backporting changes
|
## Backporting changes
|
||||||
|
|
|
@ -91,7 +91,7 @@ Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this c
|
||||||
|
|
||||||
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
|
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
|
||||||
|
|
||||||
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) and [git clone --filter](https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---filterltfilter-specgt) for more information:
|
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ stdenv, fetchgit }:
|
{ stdenv, fetchgit }:
|
||||||
|
@ -101,8 +101,8 @@ stdenv.mkDerivation {
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "https://...";
|
url = "https://...";
|
||||||
sparseCheckout = ''
|
sparseCheckout = ''
|
||||||
path/to/be/included
|
directory/to/be/included
|
||||||
another/path
|
another/directory
|
||||||
'';
|
'';
|
||||||
sha256 = "0000000000000000000000000000000000000000000000000000";
|
sha256 = "0000000000000000000000000000000000000000000000000000";
|
||||||
};
|
};
|
||||||
|
|
|
@ -36,6 +36,9 @@ buildImage {
|
||||||
WorkingDir = "/data";
|
WorkingDir = "/data";
|
||||||
Volumes = { "/data" = { }; };
|
Volumes = { "/data" = { }; };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
diskSize = 1024;
|
||||||
|
buildVMMemorySize = 512;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -59,6 +62,10 @@ The above example will build a Docker image `redis/latest` from the given base i
|
||||||
|
|
||||||
- `config` is used to specify the configuration of the containers that will be started off the built image in Docker. The available options are listed in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions).
|
- `config` is used to specify the configuration of the containers that will be started off the built image in Docker. The available options are listed in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions).
|
||||||
|
|
||||||
|
- `diskSize` is used to specify the disk size of the VM used to build the image in megabytes. By default it's 1024 MiB.
|
||||||
|
|
||||||
|
- `buildVMMemorySize` is used to specify the memory size of the VM to build the image in megabytes. By default it's 512 MiB.
|
||||||
|
|
||||||
After the new layer has been created, its closure (to which `contents`, `config` and `runAsRoot` contribute) will be copied in the layer itself. Only new dependencies that are not already in the existing layers will be copied.
|
After the new layer has been created, its closure (to which `contents`, `config` and `runAsRoot` contribute) will be copied in the layer itself. Only new dependencies that are not already in the existing layers will be copied.
|
||||||
|
|
||||||
At the end of the process, only one new single layer will be produced and added to the resulting image.
|
At the end of the process, only one new single layer will be produced and added to the resulting image.
|
||||||
|
|
19
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
19
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -871,12 +871,27 @@ Constructs a wrapper for a program with various possible arguments. It is define
|
||||||
# adds `FOOBAR=baz` to `$out/bin/foo`’s environment
|
# adds `FOOBAR=baz` to `$out/bin/foo`’s environment
|
||||||
makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
|
makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
|
||||||
|
|
||||||
# prefixes the binary paths of `hello` and `git`
|
# Prefixes the binary paths of `hello` and `git`
|
||||||
|
# and suffixes the binary path of `xdg-utils`.
|
||||||
# Be advised that paths often should be patched in directly
|
# Be advised that paths often should be patched in directly
|
||||||
# (via string replacements or in `configurePhase`).
|
# (via string replacements or in `configurePhase`).
|
||||||
makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]}
|
makeWrapper $out/bin/foo $wrapperfile \
|
||||||
|
--prefix PATH : ${lib.makeBinPath [ hello git ]} \
|
||||||
|
--suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Packages may expect or require other utilities to be available at runtime.
|
||||||
|
`makeWrapper` can be used to add packages to a `PATH` environment variable local to a wrapper.
|
||||||
|
|
||||||
|
Use `--prefix` to explicitly set dependencies in `PATH`.
|
||||||
|
|
||||||
|
:::{note}
|
||||||
|
`--prefix` essentially hard-codes dependencies into the wrapper.
|
||||||
|
They cannot be overridden without rebuilding the package.
|
||||||
|
:::
|
||||||
|
|
||||||
|
If dependencies should be resolved at runtime, use `--suffix` to append fallback values to `PATH`.
|
||||||
|
|
||||||
There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
|
There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
|
||||||
|
|
||||||
`wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`.
|
`wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`.
|
||||||
|
|
2
third_party/nixpkgs/lib/lists.nix
vendored
2
third_party/nixpkgs/lib/lists.nix
vendored
|
@ -36,7 +36,7 @@ rec {
|
||||||
forEach = xs: f: map f xs;
|
forEach = xs: f: map f xs;
|
||||||
|
|
||||||
/* “right fold” a binary function `op` between successive elements of
|
/* “right fold” a binary function `op` between successive elements of
|
||||||
`list` with `nul' as the starting value, i.e.,
|
`list` with `nul` as the starting value, i.e.,
|
||||||
`foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))`.
|
`foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))`.
|
||||||
|
|
||||||
Type: foldr :: (a -> b -> b) -> b -> [a] -> b
|
Type: foldr :: (a -> b -> b) -> b -> [a] -> b
|
||||||
|
|
109
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
109
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -1359,6 +1359,12 @@
|
||||||
githubId = 9315;
|
githubId = 9315;
|
||||||
name = "Zhong Jianxin";
|
name = "Zhong Jianxin";
|
||||||
};
|
};
|
||||||
|
a-kenji = {
|
||||||
|
email = "aks.kenji@protonmail.com";
|
||||||
|
github = "a-kenji";
|
||||||
|
githubId = 65275785;
|
||||||
|
name = "Alexander Kenji Berthold";
|
||||||
|
};
|
||||||
b4dm4n = {
|
b4dm4n = {
|
||||||
email = "fabianm88@gmail.com";
|
email = "fabianm88@gmail.com";
|
||||||
github = "B4dM4n";
|
github = "B4dM4n";
|
||||||
|
@ -1778,7 +1784,7 @@
|
||||||
};
|
};
|
||||||
booklearner = {
|
booklearner = {
|
||||||
name = "booklearner";
|
name = "booklearner";
|
||||||
email = "hey@booklearner.org";
|
email = "booklearner@proton.me";
|
||||||
matrix = "@booklearner:matrix.org";
|
matrix = "@booklearner:matrix.org";
|
||||||
github = "booklearner";
|
github = "booklearner";
|
||||||
githubId = 103979114;
|
githubId = 103979114;
|
||||||
|
@ -3738,6 +3744,12 @@
|
||||||
githubId = 537775;
|
githubId = 537775;
|
||||||
name = "Emery Hemingway";
|
name = "Emery Hemingway";
|
||||||
};
|
};
|
||||||
|
eigengrau = {
|
||||||
|
email = "seb@schattenkopie.de";
|
||||||
|
name = "Sebastian Reuße";
|
||||||
|
github = "eigengrau";
|
||||||
|
githubId = 4939947;
|
||||||
|
};
|
||||||
eikek = {
|
eikek = {
|
||||||
email = "eike.kettner@posteo.de";
|
email = "eike.kettner@posteo.de";
|
||||||
github = "eikek";
|
github = "eikek";
|
||||||
|
@ -4661,6 +4673,12 @@
|
||||||
githubId = 37017396;
|
githubId = 37017396;
|
||||||
name = "gbtb";
|
name = "gbtb";
|
||||||
};
|
};
|
||||||
|
gdinh = {
|
||||||
|
email = "nix@contact.dinh.ai";
|
||||||
|
github = "gdinh";
|
||||||
|
githubId = 34658064;
|
||||||
|
name = "Grace Dinh";
|
||||||
|
};
|
||||||
gebner = {
|
gebner = {
|
||||||
email = "gebner@gebner.org";
|
email = "gebner@gebner.org";
|
||||||
github = "gebner";
|
github = "gebner";
|
||||||
|
@ -6337,6 +6355,16 @@
|
||||||
}];
|
}];
|
||||||
name = "Ioannis Koutras";
|
name = "Ioannis Koutras";
|
||||||
};
|
};
|
||||||
|
jonaenz = {
|
||||||
|
name = "Jona Enzinger";
|
||||||
|
email = "5xt3zyy5l@mozmail.com";
|
||||||
|
matrix = "@jona:matrix.jonaenz.de";
|
||||||
|
github = "jonaenz";
|
||||||
|
githubId = 57130301;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "1CC5 B67C EB9A 13A5 EDF6 F10E 0B4A 3662 FC58 9202";
|
||||||
|
}];
|
||||||
|
};
|
||||||
jonafato = {
|
jonafato = {
|
||||||
email = "jon@jonafato.com";
|
email = "jon@jonafato.com";
|
||||||
github = "jonafato";
|
github = "jonafato";
|
||||||
|
@ -6783,6 +6811,12 @@
|
||||||
githubId = 2029444;
|
githubId = 2029444;
|
||||||
name = "James Kent";
|
name = "James Kent";
|
||||||
};
|
};
|
||||||
|
kephasp = {
|
||||||
|
email = "pierre@nothos.net";
|
||||||
|
github = "kephas";
|
||||||
|
githubId = 762421;
|
||||||
|
name = "Pierre Thierry";
|
||||||
|
};
|
||||||
ketzacoatl = {
|
ketzacoatl = {
|
||||||
email = "ketzacoatl@protonmail.com";
|
email = "ketzacoatl@protonmail.com";
|
||||||
github = "ketzacoatl";
|
github = "ketzacoatl";
|
||||||
|
@ -7250,7 +7284,7 @@
|
||||||
};
|
};
|
||||||
lassulus = {
|
lassulus = {
|
||||||
email = "lassulus@gmail.com";
|
email = "lassulus@gmail.com";
|
||||||
matrix = "@lassulus:nixos.dev";
|
matrix = "@lassulus:lassul.us";
|
||||||
github = "Lassulus";
|
github = "Lassulus";
|
||||||
githubId = 621759;
|
githubId = 621759;
|
||||||
name = "Lassulus";
|
name = "Lassulus";
|
||||||
|
@ -7944,6 +7978,12 @@
|
||||||
githubId = 31056089;
|
githubId = 31056089;
|
||||||
name = "Tom Ho";
|
name = "Tom Ho";
|
||||||
};
|
};
|
||||||
|
majewsky = {
|
||||||
|
email = "majewsky@gmx.net";
|
||||||
|
github = "majewsky";
|
||||||
|
githubId = 24696;
|
||||||
|
name = "Stefan Majewsky";
|
||||||
|
};
|
||||||
majiir = {
|
majiir = {
|
||||||
email = "majiir@nabaal.net";
|
email = "majiir@nabaal.net";
|
||||||
github = "Majiir";
|
github = "Majiir";
|
||||||
|
@ -8160,6 +8200,15 @@
|
||||||
githubId = 427866;
|
githubId = 427866;
|
||||||
name = "Matthias Beyer";
|
name = "Matthias Beyer";
|
||||||
};
|
};
|
||||||
|
MatthieuBarthel = {
|
||||||
|
email = "matthieu@imatt.ch";
|
||||||
|
name = "Matthieu Barthel";
|
||||||
|
github = "MatthieuBarthel";
|
||||||
|
githubId = 435534;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "80EB 0F2B 484A BB80 7BEF 4145 BA23 F10E AADC 2E26";
|
||||||
|
}];
|
||||||
|
};
|
||||||
matthuszagh = {
|
matthuszagh = {
|
||||||
email = "huszaghmatt@gmail.com";
|
email = "huszaghmatt@gmail.com";
|
||||||
github = "matthuszagh";
|
github = "matthuszagh";
|
||||||
|
@ -8466,6 +8515,15 @@
|
||||||
githubId = 9980864;
|
githubId = 9980864;
|
||||||
name = "Max Hofer";
|
name = "Max Hofer";
|
||||||
};
|
};
|
||||||
|
miangraham = {
|
||||||
|
email = "miangraham@users.noreply.github.com";
|
||||||
|
github = "miangraham";
|
||||||
|
githubId = 704580;
|
||||||
|
name = "M. Ian Graham";
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "8CE3 2906 516F C4D8 D373 308A E189 648A 55F5 9A9F";
|
||||||
|
}];
|
||||||
|
};
|
||||||
mic92 = {
|
mic92 = {
|
||||||
email = "joerg@thalheim.io";
|
email = "joerg@thalheim.io";
|
||||||
matrix = "@mic92:nixos.dev";
|
matrix = "@mic92:nixos.dev";
|
||||||
|
@ -8788,6 +8846,13 @@
|
||||||
fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE";
|
fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
monaaraj = {
|
||||||
|
name = "Mon Aaraj";
|
||||||
|
email = "owo69uwu69@gmail.com";
|
||||||
|
matrix = "@mon:tchncs.de";
|
||||||
|
github = "MonAaraj";
|
||||||
|
githubId = 46468162;
|
||||||
|
};
|
||||||
monsieurp = {
|
monsieurp = {
|
||||||
email = "monsieurp@gentoo.org";
|
email = "monsieurp@gentoo.org";
|
||||||
github = "monsieurp";
|
github = "monsieurp";
|
||||||
|
@ -10141,6 +10206,16 @@
|
||||||
fingerprint = "5D69 CF04 B7BC 2BC1 A567 9267 00BC F29B 3208 0700";
|
fingerprint = "5D69 CF04 B7BC 2BC1 A567 9267 00BC F29B 3208 0700";
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
phfroidmont = {
|
||||||
|
name = "Paul-Henri Froidmont";
|
||||||
|
email = "nix.contact-j9dw4d@froidmont.org";
|
||||||
|
|
||||||
|
github = "phfroidmont";
|
||||||
|
githubId = 8150907;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "3AC6 F170 F011 33CE 393B CD94 BE94 8AFD 7E78 73BE";
|
||||||
|
}];
|
||||||
|
};
|
||||||
philandstuff = {
|
philandstuff = {
|
||||||
email = "philip.g.potter@gmail.com";
|
email = "philip.g.potter@gmail.com";
|
||||||
github = "philandstuff";
|
github = "philandstuff";
|
||||||
|
@ -13451,6 +13526,15 @@
|
||||||
githubId = 619015;
|
githubId = 619015;
|
||||||
name = "Svintsov Dmitry";
|
name = "Svintsov Dmitry";
|
||||||
};
|
};
|
||||||
|
urandom = {
|
||||||
|
email = "colin@urandom.co.uk";
|
||||||
|
github = "arnottcr";
|
||||||
|
githubId = 2526260;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "04A3 A2C6 0042 784A AEA7 D051 0447 A663 F7F3 E236";
|
||||||
|
}];
|
||||||
|
name = "Colin Arnott";
|
||||||
|
};
|
||||||
urbas = {
|
urbas = {
|
||||||
email = "matej.urbas@gmail.com";
|
email = "matej.urbas@gmail.com";
|
||||||
github = "urbas";
|
github = "urbas";
|
||||||
|
@ -13662,6 +13746,12 @@
|
||||||
githubId = 118959;
|
githubId = 118959;
|
||||||
name = "VinyMeuh";
|
name = "VinyMeuh";
|
||||||
};
|
};
|
||||||
|
virchau13 = {
|
||||||
|
email = "virchau13@hexular.net";
|
||||||
|
github = "virchau13";
|
||||||
|
githubId = 16955157;
|
||||||
|
name = "Vir Chaudhury";
|
||||||
|
};
|
||||||
viraptor = {
|
viraptor = {
|
||||||
email = "nix@viraptor.info";
|
email = "nix@viraptor.info";
|
||||||
github = "viraptor";
|
github = "viraptor";
|
||||||
|
@ -13813,6 +13903,12 @@
|
||||||
github = "wamserma";
|
github = "wamserma";
|
||||||
githubId = 60148;
|
githubId = 60148;
|
||||||
};
|
};
|
||||||
|
water-sucks = {
|
||||||
|
email = "varun@cvte.org";
|
||||||
|
name = "Varun Narravula";
|
||||||
|
github = "water-sucks";
|
||||||
|
githubId = 68445574;
|
||||||
|
};
|
||||||
waynr = {
|
waynr = {
|
||||||
name = "Wayne Warren";
|
name = "Wayne Warren";
|
||||||
email = "wayne.warren.s@gmail.com";
|
email = "wayne.warren.s@gmail.com";
|
||||||
|
@ -14015,6 +14111,15 @@
|
||||||
github = "wr0belj";
|
github = "wr0belj";
|
||||||
githubId = 40501814;
|
githubId = 40501814;
|
||||||
};
|
};
|
||||||
|
wrmilling = {
|
||||||
|
name = "Winston R. Milling";
|
||||||
|
email = "Winston@Milli.ng";
|
||||||
|
github = "WRMilling";
|
||||||
|
githubId = 6162814;
|
||||||
|
keys = [{
|
||||||
|
fingerprint = "21E1 6B8D 2EE8 7530 6A6C 9968 D830 77B9 9F8C 6643";
|
||||||
|
}];
|
||||||
|
};
|
||||||
wscott = {
|
wscott = {
|
||||||
email = "wsc9tt@gmail.com";
|
email = "wsc9tt@gmail.com";
|
||||||
github = "wscott";
|
github = "wscott";
|
||||||
|
|
|
@ -35,7 +35,7 @@ toRemove=()
|
||||||
cleanup() {
|
cleanup() {
|
||||||
rm -rf "${toRemove[@]}"
|
rm -rf "${toRemove[@]}"
|
||||||
}
|
}
|
||||||
trap cleanup EXIT SIGINT SIGQUIT ERR
|
trap cleanup EXIT
|
||||||
|
|
||||||
MKTEMP='mktemp --tmpdir nix-rebuild-amount-XXXXXXXX'
|
MKTEMP='mktemp --tmpdir nix-rebuild-amount-XXXXXXXX'
|
||||||
|
|
||||||
|
|
|
@ -177,17 +177,17 @@ OK
|
||||||
the boot partition.
|
the boot partition.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# parted /dev/sda -- mkpart primary 512MiB -8GiB
|
# parted /dev/sda -- mkpart primary 512MB -8GB
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Next, add a <emphasis>swap</emphasis> partition. The size
|
Next, add a <emphasis>swap</emphasis> partition. The size
|
||||||
required will vary according to needs, here a 8GiB one is
|
required will vary according to needs, here a 8GB one is
|
||||||
created.
|
created.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<note>
|
<note>
|
||||||
<para>
|
<para>
|
||||||
|
@ -204,7 +204,7 @@ OK
|
||||||
reserved 512MiB at the start of the disk.
|
reserved 512MiB at the start of the disk.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB
|
||||||
# parted /dev/sda -- set 3 esp on
|
# parted /dev/sda -- set 3 esp on
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -242,7 +242,7 @@ OK
|
||||||
live.
|
live.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# parted /dev/sda -- mkpart primary 1MiB -8GiB
|
# parted /dev/sda -- mkpart primary 1MB -8GB
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -252,7 +252,7 @@ OK
|
||||||
created.
|
created.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<note>
|
<note>
|
||||||
<para>
|
<para>
|
||||||
|
|
|
@ -2130,6 +2130,13 @@ sudo mkdir /var/lib/redis-peertube
|
||||||
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
|
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Added the <literal>keter</literal> NixOS module. Keter reverse
|
||||||
|
proxies requests to your loaded application based on virtual
|
||||||
|
hostnames.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
If you are using Wayland you can choose to use the Ozone
|
If you are using Wayland you can choose to use the Ozone
|
||||||
|
|
|
@ -70,6 +70,34 @@
|
||||||
with any supported NixOS release.
|
with any supported NixOS release.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>emacs</literal> enables native compilation which
|
||||||
|
means:
|
||||||
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
emacs packages from nixpkgs, builtin or not, will do
|
||||||
|
native compilation ahead of time so you can enjoy the
|
||||||
|
benefit of native compilation without compiling them on
|
||||||
|
you machine;
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
emacs packages from somewhere else, e.g.
|
||||||
|
<literal>package-install</literal>, will do asynchronously
|
||||||
|
deferred native compilation. If you do not want this,
|
||||||
|
maybe to avoid CPU consumption for compilation, you can
|
||||||
|
use
|
||||||
|
<literal>(setq native-comp-deferred-compilation nil)</literal>
|
||||||
|
to disable it while still enjoy the benefit of native
|
||||||
|
compilation for packages from nixpkgs.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>nixos-generate-config</literal> now generates
|
<literal>nixos-generate-config</literal> now generates
|
||||||
|
@ -97,7 +125,9 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Cinnamon has been updated to 5.4.
|
Cinnamon has been updated to 5.4. While at it, the cinnamon
|
||||||
|
module now defaults to blueman as bluetooth manager and
|
||||||
|
slick-greeter as lightdm greeter to match upstream.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -138,6 +168,13 @@
|
||||||
<link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
|
<link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://komga.org/">Komga</link>, a free and
|
||||||
|
open source comics/mangas media server. Available as
|
||||||
|
<link linkend="opt-services.komga.enable">services.komga</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<link xlink:href="https://hbase.apache.org/">HBase
|
<link xlink:href="https://hbase.apache.org/">HBase
|
||||||
|
@ -191,6 +228,14 @@
|
||||||
<link linkend="opt-services.tempo.enable">services.tempo</link>.
|
<link linkend="opt-services.tempo.enable">services.tempo</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://github.com/zalando/patroni">Patroni</link>,
|
||||||
|
a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
|
||||||
|
Available as
|
||||||
|
<link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="sec-release-22.11-incompatibilities">
|
<section xml:id="sec-release-22.11-incompatibilities">
|
||||||
|
@ -251,6 +296,18 @@
|
||||||
<literal>(with foo; isPower && is32bit && isBigEndian)</literal>.
|
<literal>(with foo; isPower && is32bit && isBigEndian)</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>fetchgit</literal> fetcher now uses
|
||||||
|
<link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling">cone
|
||||||
|
mode</link> by default for sparse checkouts.
|
||||||
|
<link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems">Non-cone
|
||||||
|
mode</link> can be enabled by passing
|
||||||
|
<literal>nonConeMode = true</literal>, but note that non-cone
|
||||||
|
mode is deprecated and this option may be removed alongside a
|
||||||
|
future Git update without notice.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>bsp-layout</literal> no longer uses the command
|
<literal>bsp-layout</literal> no longer uses the command
|
||||||
|
@ -357,6 +414,16 @@
|
||||||
release notes</link> for more details.
|
release notes</link> for more details.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>github-runner</literal> gained support for ephemeral
|
||||||
|
runners and registrations using a personal access token (PAT)
|
||||||
|
instead of a registration token. See
|
||||||
|
<literal>services.github-runner.ephemeral</literal> and
|
||||||
|
<literal>services.github-runner.tokenFile</literal> for
|
||||||
|
details.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
A new module was added for the Saleae Logic device family,
|
A new module was added for the Saleae Logic device family,
|
||||||
|
@ -372,6 +439,13 @@
|
||||||
instead of using the Redis default.
|
instead of using the Redis default.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Neo4j was updated from version 3 to version 4. See this
|
||||||
|
<link xlink:href="https://neo4j.com/docs/upgrade-migration-guide/current/">migration
|
||||||
|
guide</link> on how to migrate your Neo4j instance.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Matrix Synapse now requires entries in the
|
Matrix Synapse now requires entries in the
|
||||||
|
@ -450,6 +524,12 @@
|
||||||
dbus service.
|
dbus service.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>nomad</literal> package now defaults to 1.3,
|
||||||
|
which no longer has a downgrade path to releases 1.2 or older.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -133,14 +133,14 @@ update /etc/fstab.
|
||||||
which will be used by the boot partition.
|
which will be used by the boot partition.
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
# parted /dev/sda -- mkpart primary 512MiB -8GiB
|
# parted /dev/sda -- mkpart primary 512MB -8GB
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Next, add a *swap* partition. The size required will vary according
|
3. Next, add a *swap* partition. The size required will vary according
|
||||||
to needs, here a 8GiB one is created.
|
to needs, here a 8GB one is created.
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||||
```
|
```
|
||||||
|
|
||||||
::: {.note}
|
::: {.note}
|
||||||
|
@ -153,7 +153,7 @@ update /etc/fstab.
|
||||||
reserved 512MiB at the start of the disk.
|
reserved 512MiB at the start of the disk.
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB
|
||||||
# parted /dev/sda -- set 3 esp on
|
# parted /dev/sda -- set 3 esp on
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -180,14 +180,14 @@ update /etc/fstab.
|
||||||
end part, where the swap will live.
|
end part, where the swap will live.
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
# parted /dev/sda -- mkpart primary 1MiB -8GiB
|
# parted /dev/sda -- mkpart primary 1MB -8GB
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Finally, add a *swap* partition. The size required will vary
|
3. Finally, add a *swap* partition. The size required will vary
|
||||||
according to needs, here a 8GiB one is created.
|
according to needs, here a 8GiB one is created.
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||||
```
|
```
|
||||||
|
|
||||||
::: {.note}
|
::: {.note}
|
||||||
|
|
|
@ -778,6 +778,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
sudo mkdir /var/lib/redis-peertube
|
sudo mkdir /var/lib/redis-peertube
|
||||||
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
|
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
|
||||||
```
|
```
|
||||||
|
- Added the `keter` NixOS module. Keter reverse proxies requests to your loaded application based on virtual hostnames.
|
||||||
|
|
||||||
- If you are using Wayland you can choose to use the Ozone Wayland support
|
- If you are using Wayland you can choose to use the Ozone Wayland support
|
||||||
in Chrome and several Electron apps by setting the environment variable
|
in Chrome and several Electron apps by setting the environment variable
|
||||||
|
|
|
@ -35,6 +35,10 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
for a transition period so that in time the ecosystem can switch without
|
for a transition period so that in time the ecosystem can switch without
|
||||||
breaking compatibility with any supported NixOS release.
|
breaking compatibility with any supported NixOS release.
|
||||||
|
|
||||||
|
- `emacs` enables native compilation which means:
|
||||||
|
- emacs packages from nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
|
||||||
|
- emacs packages from somewhere else, e.g. `package-install`, will do asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use `(setq native-comp-deferred-compilation nil)` to disable it while still enjoy the benefit of native compilation for packages from nixpkgs.
|
||||||
|
|
||||||
- `nixos-generate-config` now generates configurations that can be built in pure
|
- `nixos-generate-config` now generates configurations that can be built in pure
|
||||||
mode. This is achieved by setting the new `nixpkgs.hostPlatform` option.
|
mode. This is achieved by setting the new `nixpkgs.hostPlatform` option.
|
||||||
|
|
||||||
|
@ -46,7 +50,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- PHP now defaults to PHP 8.1, updated from 8.0.
|
- PHP now defaults to PHP 8.1, updated from 8.0.
|
||||||
|
|
||||||
- Cinnamon has been updated to 5.4.
|
- Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
|
||||||
|
blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
|
||||||
|
|
||||||
- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
|
- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
|
||||||
|
|
||||||
|
@ -59,6 +64,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
|
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
|
||||||
|
|
||||||
|
- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
|
||||||
|
|
||||||
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
|
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
|
||||||
|
|
||||||
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
|
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
|
||||||
|
@ -75,6 +82,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
|
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
|
||||||
|
|
||||||
|
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
|
||||||
|
Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
|
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
|
||||||
|
@ -97,6 +107,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`.
|
- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`.
|
||||||
|
|
||||||
|
- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.
|
||||||
|
|
||||||
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
|
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
|
||||||
|
|
||||||
- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
|
- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
|
||||||
|
@ -135,10 +147,14 @@ Use `configure.packages` instead.
|
||||||
|
|
||||||
- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.
|
- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.
|
||||||
|
|
||||||
|
- `github-runner` gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. See `services.github-runner.ephemeral` and `services.github-runner.tokenFile` for details.
|
||||||
|
|
||||||
- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
|
- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
|
||||||
|
|
||||||
- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
|
- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
|
||||||
|
|
||||||
|
- Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.
|
||||||
|
|
||||||
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
|
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
|
||||||
|
|
||||||
- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
|
- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
|
||||||
|
@ -159,4 +175,6 @@ Use `configure.packages` instead.
|
||||||
|
|
||||||
- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.
|
- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.
|
||||||
|
|
||||||
|
- The `nomad` package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older.
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
|
@ -123,7 +123,7 @@ in rec {
|
||||||
inherit self;
|
inherit self;
|
||||||
includeSiteCustomize = true;
|
includeSiteCustomize = true;
|
||||||
});
|
});
|
||||||
in self.withPackages (p: [ p.mistune_2_0 ]))
|
in self.withPackages (p: [ p.mistune ]))
|
||||||
];
|
];
|
||||||
options = builtins.toFile "options.json"
|
options = builtins.toFile "options.json"
|
||||||
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));
|
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));
|
||||||
|
|
|
@ -285,6 +285,8 @@ in rec {
|
||||||
Documentation = toString config.documentation; }
|
Documentation = toString config.documentation; }
|
||||||
// optionalAttrs (config.onFailure != []) {
|
// optionalAttrs (config.onFailure != []) {
|
||||||
OnFailure = toString config.onFailure; }
|
OnFailure = toString config.onFailure; }
|
||||||
|
// optionalAttrs (config.onSuccess != []) {
|
||||||
|
OnSuccess = toString config.onSuccess; }
|
||||||
// optionalAttrs (options.startLimitIntervalSec.isDefined) {
|
// optionalAttrs (options.startLimitIntervalSec.isDefined) {
|
||||||
StartLimitIntervalSec = toString config.startLimitIntervalSec;
|
StartLimitIntervalSec = toString config.startLimitIntervalSec;
|
||||||
} // optionalAttrs (options.startLimitBurst.isDefined) {
|
} // optionalAttrs (options.startLimitBurst.isDefined) {
|
||||||
|
|
|
@ -206,6 +206,15 @@ in rec {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
onSuccess = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf unitNameType;
|
||||||
|
description = ''
|
||||||
|
A list of one or more units that are activated when
|
||||||
|
this unit enters the "inactive" state.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
startLimitBurst = mkOption {
|
startLimitBurst = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
description = ''
|
description = ''
|
||||||
|
|
|
@ -204,11 +204,11 @@ in {
|
||||||
admin_server = SYSLOG:NOTICE
|
admin_server = SYSLOG:NOTICE
|
||||||
default = SYSLOG:NOTICE
|
default = SYSLOG:NOTICE
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
These lines go to the end of <literal>krb5.conf</literal> verbatim.
|
These lines go to the end of `krb5.conf` verbatim.
|
||||||
<literal>krb5.conf</literal> may include any of the relations that are
|
`krb5.conf` may include any of the relations that are
|
||||||
valid for <literal>kdc.conf</literal> (see <literal>man
|
valid for `kdc.conf` (see `man kdc.conf`),
|
||||||
kdc.conf</literal>), but it is not a recommended practice.
|
but it is not a recommended practice.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -186,16 +186,16 @@ in
|
||||||
policy = mkOption {
|
policy = mkOption {
|
||||||
default = "hard_open";
|
default = "hard_open";
|
||||||
type = types.enum [ "hard_open" "hard_init" "soft" ];
|
type = types.enum [ "hard_open" "hard_init" "soft" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Specifies the policy to use for reconnecting to an unavailable
|
Specifies the policy to use for reconnecting to an unavailable
|
||||||
LDAP server. The default is <literal>hard_open</literal>, which
|
LDAP server. The default is `hard_open`, which
|
||||||
reconnects if opening the connection to the directory server
|
reconnects if opening the connection to the directory server
|
||||||
failed. By contrast, <literal>hard_init</literal> reconnects if
|
failed. By contrast, `hard_init` reconnects if
|
||||||
initializing the connection failed. Initializing may not
|
initializing the connection failed. Initializing may not
|
||||||
actually contact the directory server, and it is possible that
|
actually contact the directory server, and it is possible that
|
||||||
a malformed configuration file will trigger reconnection. If
|
a malformed configuration file will trigger reconnection. If
|
||||||
<literal>soft</literal> is specified, then
|
`soft` is specified, then
|
||||||
<package>nss_ldap</package> will return immediately on server
|
`nss_ldap` will return immediately on server
|
||||||
failure. All hard reconnect policies block with exponential
|
failure. All hard reconnect policies block with exponential
|
||||||
backoff before retrying.
|
backoff before retrying.
|
||||||
'';
|
'';
|
||||||
|
|
519
third_party/nixpkgs/nixos/modules/config/mysql.nix
vendored
Normal file
519
third_party/nixpkgs/nixos/modules/config/mysql.nix
vendored
Normal file
|
@ -0,0 +1,519 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.users.mysql;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
users.mysql = {
|
||||||
|
enable = mkEnableOption "Authentication against a MySQL/MariaDB database";
|
||||||
|
host = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "localhost";
|
||||||
|
description = "The hostname of the MySQL/MariaDB server";
|
||||||
|
};
|
||||||
|
database = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "auth";
|
||||||
|
description = "The name of the database containing the users";
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "nss-user";
|
||||||
|
description = "The username to use when connecting to the database";
|
||||||
|
};
|
||||||
|
passwordFile = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
example = "/run/secrets/mysql-auth-db-passwd";
|
||||||
|
description = "The path to the file containing the password for the user";
|
||||||
|
};
|
||||||
|
pam = mkOption {
|
||||||
|
description = "Settings for <literal>pam_mysql</literal>";
|
||||||
|
type = types.submodule {
|
||||||
|
options = {
|
||||||
|
table = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "users";
|
||||||
|
description = "The name of table that maps unique login names to the passwords.";
|
||||||
|
};
|
||||||
|
updateTable = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "users_updates";
|
||||||
|
description = ''
|
||||||
|
The name of the table used for password alteration. If not defined, the value
|
||||||
|
of the <literal>table</literal> option will be used instead.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
userColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "username";
|
||||||
|
description = "The name of the column that contains a unix login name.";
|
||||||
|
};
|
||||||
|
passwordColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "password";
|
||||||
|
description = "The name of the column that contains a (encrypted) password string.";
|
||||||
|
};
|
||||||
|
statusColumn = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "status";
|
||||||
|
description = ''
|
||||||
|
The name of the column or an SQL expression that indicates the status of
|
||||||
|
the user. The status is expressed by the combination of two bitfields
|
||||||
|
shown below:
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>bit 0 (0x01)</literal>:
|
||||||
|
if flagged, <literal>pam_mysql</literal> deems the account to be expired and
|
||||||
|
returns <literal>PAM_ACCT_EXPIRED</literal>. That is, the account is supposed
|
||||||
|
to no longer be available. Note this doesn't mean that <literal>pam_mysql</literal>
|
||||||
|
rejects further authentication operations.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>bit 1 (0x02)</literal>:
|
||||||
|
if flagged, <literal>pam_mysql</literal> deems the authentication token
|
||||||
|
(password) to be expired and returns <literal>PAM_NEW_AUTHTOK_REQD</literal>.
|
||||||
|
This ends up requiring that the user enter a new password.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
passwordCrypt = mkOption {
|
||||||
|
example = "2";
|
||||||
|
type = types.enum [
|
||||||
|
"0" "plain"
|
||||||
|
"1" "Y"
|
||||||
|
"2" "mysql"
|
||||||
|
"3" "md5"
|
||||||
|
"4" "sha1"
|
||||||
|
"5" "drupal7"
|
||||||
|
"6" "joomla15"
|
||||||
|
"7" "ssha"
|
||||||
|
"8" "sha512"
|
||||||
|
"9" "sha256"
|
||||||
|
];
|
||||||
|
description = ''
|
||||||
|
The method to encrypt the user's password:
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>0</literal> (or <literal>"plain"</literal>):
|
||||||
|
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>1</literal> (or <literal>"Y"</literal>):
|
||||||
|
Use crypt(3) function.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>2</literal> (or <literal>"mysql"</literal>):
|
||||||
|
Use the MySQL PASSWORD() function. It is possible that the encryption function used
|
||||||
|
by <literal>pam_mysql</literal> is different from that of the MySQL server, as
|
||||||
|
<literal>pam_mysql</literal> uses the function defined in MySQL's C-client API
|
||||||
|
instead of using PASSWORD() SQL function in the query.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>3</literal> (or <literal>"md5"</literal>):
|
||||||
|
Use plain hex MD5.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>4</literal> (or <literal>"sha1"</literal>):
|
||||||
|
Use plain hex SHA1.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>5</literal> (or <literal>"drupal7"</literal>):
|
||||||
|
Use Drupal7 salted passwords.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>6</literal> (or <literal>"joomla15"</literal>):
|
||||||
|
Use Joomla15 salted passwords.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>7</literal> (or <literal>"ssha"</literal>):
|
||||||
|
Use ssha hashed passwords.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>8</literal> (or <literal>"sha512"</literal>):
|
||||||
|
Use sha512 hashed passwords.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>9</literal> (or <literal>"sha256"</literal>):
|
||||||
|
Use sha256 hashed passwords.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
cryptDefault = mkOption {
|
||||||
|
type = types.nullOr (types.enum [ "md5" "sha256" "sha512" "blowfish" ]);
|
||||||
|
default = null;
|
||||||
|
example = "blowfish";
|
||||||
|
description = "The default encryption method to use for <literal>passwordCrypt = 1</literal>.";
|
||||||
|
};
|
||||||
|
where = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "host.name='web' AND user.active=1";
|
||||||
|
description = "Additional criteria for the query.";
|
||||||
|
};
|
||||||
|
verbose = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
If enabled, produces logs with detailed messages that describes what
|
||||||
|
<literal>pam_mysql</literal> is doing. May be useful for debugging.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
disconnectEveryOperation = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
By default, <literal>pam_mysql</literal> keeps the connection to the MySQL
|
||||||
|
database until the session is closed. If this option is set to true it
|
||||||
|
disconnects every time the PAM operation has finished. This option may
|
||||||
|
be useful in case the session lasts quite long.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
logging = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Enables logging of authentication attempts in the MySQL database.";
|
||||||
|
};
|
||||||
|
table = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "logs";
|
||||||
|
description = "The name of the table to which logs are written.";
|
||||||
|
};
|
||||||
|
msgColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "msg";
|
||||||
|
description = ''
|
||||||
|
The name of the column in the log table to which the description
|
||||||
|
of the performed operation is stored.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
userColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "user";
|
||||||
|
description = ''
|
||||||
|
The name of the column in the log table to which the name of the
|
||||||
|
user being authenticated is stored.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
pidColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "pid";
|
||||||
|
description = ''
|
||||||
|
The name of the column in the log table to which the pid of the
|
||||||
|
process utilising the <literal>pam_mysql's</literal> authentication
|
||||||
|
service is stored.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
hostColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "host";
|
||||||
|
description = ''
|
||||||
|
The name of the column in the log table to which the name of the user
|
||||||
|
being authenticated is stored.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
rHostColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "rhost";
|
||||||
|
description = ''
|
||||||
|
The name of the column in the log table to which the name of the remote
|
||||||
|
host that initiates the session is stored. The value is supposed to be
|
||||||
|
set by the PAM-aware application with <literal>pam_set_item(PAM_RHOST)
|
||||||
|
</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
timeColumn = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "timestamp";
|
||||||
|
description = ''
|
||||||
|
The name of the column in the log table to which the timestamp of the
|
||||||
|
log entry is stored.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nss = mkOption {
|
||||||
|
description = ''
|
||||||
|
Settings for <literal>libnss-mysql</literal>.
|
||||||
|
|
||||||
|
All examples are from the <link xlink:href="https://github.com/saknopper/libnss-mysql/tree/master/sample/minimal">minimal example</link>
|
||||||
|
of <literal>libnss-mysql</literal>, but they are modified with NixOS paths for bash.
|
||||||
|
'';
|
||||||
|
type = types.submodule {
|
||||||
|
options = {
|
||||||
|
getpwnam = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
|
||||||
|
FROM users \
|
||||||
|
WHERE username='%1$s' \
|
||||||
|
LIMIT 1
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getpwnam.3.html">getpwnam</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getpwuid = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
|
||||||
|
FROM users \
|
||||||
|
WHERE uid='%1$u' \
|
||||||
|
LIMIT 1
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getpwuid.3.html">getpwuid</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getspnam = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT username,password,'1','0','99999','0','0','-1','0' \
|
||||||
|
FROM users \
|
||||||
|
WHERE username='%1$s' \
|
||||||
|
LIMIT 1
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getspnam.3.html">getspnam</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getpwent = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getpwent.3.html">getpwent</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getspent = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT username,password,'1','0','99999','0','0','-1','0' FROM users
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getspent.3.html">getspent</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getgrnam = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getgrnam.3.html">getgrnam</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getgrgid = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getgrgid.3.html">getgrgid</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
getgrent = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT name,password,gid FROM groups
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/getgrent.3.html">getgrent</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
memsbygid = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT username FROM grouplist WHERE gid='%1$u'
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/memsbygid.3.html">memsbygid</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
gidsbymem = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
SELECT gid FROM grouplist WHERE username='%1$s'
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
SQL query for the <link
|
||||||
|
xlink:href="https://man7.org/linux/man-pages/man3/gidsbymem.3.html">gidsbymem</link>
|
||||||
|
syscall.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
system.nssModules = [ pkgs.libnss-mysql ];
|
||||||
|
system.nssDatabases.shadow = [ "mysql" ];
|
||||||
|
system.nssDatabases.group = [ "mysql" ];
|
||||||
|
system.nssDatabases.passwd = [ "mysql" ];
|
||||||
|
|
||||||
|
environment.etc."security/pam_mysql.conf" = {
|
||||||
|
user = "root";
|
||||||
|
group = "root";
|
||||||
|
mode = "0600";
|
||||||
|
# password will be added from password file in activation script
|
||||||
|
text = ''
|
||||||
|
users.host=${cfg.host}
|
||||||
|
users.db_user=${cfg.user}
|
||||||
|
users.database=${cfg.database}
|
||||||
|
users.table=${cfg.pam.table}
|
||||||
|
users.user_column=${cfg.pam.userColumn}
|
||||||
|
users.password_column=${cfg.pam.passwordColumn}
|
||||||
|
users.password_crypt=${cfg.pam.passwordCrypt}
|
||||||
|
users.disconnect_every_operation=${if cfg.pam.disconnectEveryOperation then "1" else "0"}
|
||||||
|
verbose=${if cfg.pam.verbose then "1" else "0"}
|
||||||
|
'' + optionalString (cfg.pam.cryptDefault != null) ''
|
||||||
|
users.use_${cfg.pam.cryptDefault}=1
|
||||||
|
'' + optionalString (cfg.pam.where != null) ''
|
||||||
|
users.where_clause=${cfg.pam.where}
|
||||||
|
'' + optionalString (cfg.pam.statusColumn != null) ''
|
||||||
|
users.status_column=${cfg.pam.statusColumn}
|
||||||
|
'' + optionalString (cfg.pam.updateTable != null) ''
|
||||||
|
users.update_table=${cfg.pam.updateTable}
|
||||||
|
'' + optionalString cfg.pam.logging.enable ''
|
||||||
|
log.enabled=true
|
||||||
|
log.table=${cfg.pam.logging.table}
|
||||||
|
log.message_column=${cfg.pam.logging.msgColumn}
|
||||||
|
log.pid_column=${cfg.pam.logging.pidColumn}
|
||||||
|
log.user_column=${cfg.pam.logging.userColumn}
|
||||||
|
log.host_column=${cfg.pam.logging.hostColumn}
|
||||||
|
log.rhost_column=${cfg.pam.logging.rHostColumn}
|
||||||
|
log.time_column=${cfg.pam.logging.timeColumn}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc."libnss-mysql.cfg" = {
|
||||||
|
mode = "0600";
|
||||||
|
user = config.services.nscd.user;
|
||||||
|
group = config.services.nscd.group;
|
||||||
|
text = optionalString (cfg.nss.getpwnam != null) ''
|
||||||
|
getpwnam ${cfg.nss.getpwnam}
|
||||||
|
'' + optionalString (cfg.nss.getpwuid != null) ''
|
||||||
|
getpwuid ${cfg.nss.getpwuid}
|
||||||
|
'' + optionalString (cfg.nss.getspnam != null) ''
|
||||||
|
getspnam ${cfg.nss.getspnam}
|
||||||
|
'' + optionalString (cfg.nss.getpwent != null) ''
|
||||||
|
getpwent ${cfg.nss.getpwent}
|
||||||
|
'' + optionalString (cfg.nss.getspent != null) ''
|
||||||
|
getspent ${cfg.nss.getspent}
|
||||||
|
'' + optionalString (cfg.nss.getgrnam != null) ''
|
||||||
|
getgrnam ${cfg.nss.getgrnam}
|
||||||
|
'' + optionalString (cfg.nss.getgrgid != null) ''
|
||||||
|
getgrgid ${cfg.nss.getgrgid}
|
||||||
|
'' + optionalString (cfg.nss.getgrent != null) ''
|
||||||
|
getgrent ${cfg.nss.getgrent}
|
||||||
|
'' + optionalString (cfg.nss.memsbygid != null) ''
|
||||||
|
memsbygid ${cfg.nss.memsbygid}
|
||||||
|
'' + optionalString (cfg.nss.gidsbymem != null) ''
|
||||||
|
gidsbymem ${cfg.nss.gidsbymem}
|
||||||
|
'' + ''
|
||||||
|
host ${cfg.host}
|
||||||
|
database ${cfg.database}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc."libnss-mysql-root.cfg" = {
|
||||||
|
mode = "0600";
|
||||||
|
user = config.services.nscd.user;
|
||||||
|
group = config.services.nscd.group;
|
||||||
|
# password will be added from password file in activation script
|
||||||
|
text = ''
|
||||||
|
username ${cfg.user}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Activation script to append the password from the password file
|
||||||
|
# to the configuration files. It also fixes the owner of the
|
||||||
|
# libnss-mysql-root.cfg because it is changed to root after the
|
||||||
|
# password is appended.
|
||||||
|
system.activationScripts.mysql-auth-passwords = ''
|
||||||
|
if [[ -r ${cfg.passwordFile} ]]; then
|
||||||
|
org_umask=$(umask)
|
||||||
|
umask 0077
|
||||||
|
|
||||||
|
conf_nss="$(mktemp)"
|
||||||
|
cp /etc/libnss-mysql-root.cfg $conf_nss
|
||||||
|
printf 'password %s\n' "$(cat ${cfg.passwordFile})" >> $conf_nss
|
||||||
|
mv -fT "$conf_nss" /etc/libnss-mysql-root.cfg
|
||||||
|
chown ${config.services.nscd.user}:${config.services.nscd.group} /etc/libnss-mysql-root.cfg
|
||||||
|
|
||||||
|
conf_pam="$(mktemp)"
|
||||||
|
cp /etc/security/pam_mysql.conf $conf_pam
|
||||||
|
printf 'users.db_passwd=%s\n' "$(cat ${cfg.passwordFile})" >> $conf_pam
|
||||||
|
mv -fT "$conf_pam" /etc/security/pam_mysql.conf
|
||||||
|
|
||||||
|
umask $org_umask
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -91,7 +91,7 @@ in
|
||||||
|
|
||||||
systemd.services.post-resume =
|
systemd.services.post-resume =
|
||||||
{ description = "Post-Resume Actions";
|
{ description = "Post-Resume Actions";
|
||||||
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
|
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
|
||||||
script =
|
script =
|
||||||
''
|
''
|
||||||
/run/current-system/systemd/bin/systemctl try-restart post-resume.target
|
/run/current-system/systemd/bin/systemctl try-restart post-resume.target
|
||||||
|
|
|
@ -26,13 +26,12 @@ in
|
||||||
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
|
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
|
||||||
'';
|
'';
|
||||||
type = types.attrsOf sysctlOption;
|
type = types.attrsOf sysctlOption;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Runtime parameters of the Linux kernel, as set by
|
Runtime parameters of the Linux kernel, as set by
|
||||||
<citerefentry><refentrytitle>sysctl</refentrytitle>
|
{manpage}`sysctl(8)`. Note that sysctl
|
||||||
<manvolnum>8</manvolnum></citerefentry>. Note that sysctl
|
|
||||||
parameters names must be enclosed in quotes
|
parameters names must be enclosed in quotes
|
||||||
(e.g. <literal>"vm.swappiness"</literal> instead of
|
(e.g. `"vm.swappiness"` instead of
|
||||||
<literal>vm.swappiness</literal>). The value of each
|
`vm.swappiness`). The value of each
|
||||||
parameter may be a string, integer, boolean, or null
|
parameter may be a string, integer, boolean, or null
|
||||||
(signifying the option will not appear at all).
|
(signifying the option will not appear at all).
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -39,26 +39,23 @@ in
|
||||||
environment.profileRelativeSessionVariables = mkOption {
|
environment.profileRelativeSessionVariables = mkOption {
|
||||||
type = types.attrsOf (types.listOf types.str);
|
type = types.attrsOf (types.listOf types.str);
|
||||||
example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
|
example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Attribute set of environment variable used in the global
|
Attribute set of environment variable used in the global
|
||||||
environment. These variables will be set by PAM early in the
|
environment. These variables will be set by PAM early in the
|
||||||
login process.
|
login process.
|
||||||
|
|
||||||
Variable substitution is available as described in
|
Variable substitution is available as described in
|
||||||
<citerefentry>
|
{manpage}`pam_env.conf(5)`.
|
||||||
<refentrytitle>pam_env.conf</refentrytitle>
|
|
||||||
<manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>.
|
|
||||||
|
|
||||||
Each attribute maps to a list of relative paths. Each relative
|
Each attribute maps to a list of relative paths. Each relative
|
||||||
path is appended to the each profile of
|
path is appended to the each profile of
|
||||||
<option>environment.profiles</option> to form the content of
|
{option}`environment.profiles` to form the content of
|
||||||
the corresponding environment variable.
|
the corresponding environment variable.
|
||||||
|
|
||||||
Also, these variables are merged into
|
Also, these variables are merged into
|
||||||
<xref linkend="opt-environment.profileRelativeEnvVars"/> and it is
|
[](#opt-environment.profileRelativeEnvVars) and it is
|
||||||
therefore not possible to use PAM style variables such as
|
therefore not possible to use PAM style variables such as
|
||||||
<literal>@{HOME}</literal>.
|
`@{HOME}`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -84,19 +84,19 @@ in
|
||||||
<programlisting>${defaultPackagesText}</programlisting>
|
<programlisting>${defaultPackagesText}</programlisting>
|
||||||
'';
|
'';
|
||||||
example = [];
|
example = [];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Set of default packages that aren't strictly necessary
|
Set of default packages that aren't strictly necessary
|
||||||
for a running system, entries can be removed for a more
|
for a running system, entries can be removed for a more
|
||||||
minimal NixOS installation.
|
minimal NixOS installation.
|
||||||
|
|
||||||
Note: If <package>pkgs.nano</package> is removed from this list,
|
Note: If `pkgs.nano` is removed from this list,
|
||||||
make sure another editor is installed and the
|
make sure another editor is installed and the
|
||||||
<literal>EDITOR</literal> environment variable is set to it.
|
`EDITOR` environment variable is set to it.
|
||||||
Environment variables can be set using
|
Environment variables can be set using
|
||||||
<option>environment.variables</option>.
|
{option}`environment.variables`.
|
||||||
|
|
||||||
Like with systemPackages, packages are installed to
|
Like with systemPackages, packages are installed to
|
||||||
<filename>/run/current-system/sw</filename>. They are
|
{file}`/run/current-system/sw`. They are
|
||||||
automatically available to all users, and are
|
automatically available to all users, and are
|
||||||
automatically updated every time you rebuild the system
|
automatically updated every time you rebuild the system
|
||||||
configuration.
|
configuration.
|
||||||
|
|
|
@ -40,12 +40,12 @@ in
|
||||||
extraPortals = mkOption {
|
extraPortals = mkOption {
|
||||||
type = types.listOf types.package;
|
type = types.listOf types.package;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of additional portals to add to path. Portals allow interaction
|
List of additional portals to add to path. Portals allow interaction
|
||||||
with system, like choosing files or taking screenshots. At minimum,
|
with system, like choosing files or taking screenshots. At minimum,
|
||||||
a desktop portal implementation should be listed. GNOME and KDE already
|
a desktop portal implementation should be listed. GNOME and KDE already
|
||||||
adds <package>xdg-desktop-portal-gtk</package>; and
|
adds `xdg-desktop-portal-gtk`; and
|
||||||
<package>xdg-desktop-portal-kde</package> respectively. On other desktop
|
`xdg-desktop-portal-kde` respectively. On other desktop
|
||||||
environments you probably want to add them yourself.
|
environments you probably want to add them yourself.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -15,7 +15,7 @@ in
|
||||||
enable = mkEnableOption ''
|
enable = mkEnableOption ''
|
||||||
the desktop portal for the LXQt desktop environment.
|
the desktop portal for the LXQt desktop environment.
|
||||||
|
|
||||||
This will add the <package>lxqt.xdg-desktop-portal-lxqt</package>
|
This will add the <literal>lxqt.xdg-desktop-portal-lxqt</literal>
|
||||||
package (with the extra Qt styles) into the
|
package (with the extra Qt styles) into the
|
||||||
<option>xdg.portal.extraPortals</option> option
|
<option>xdg.portal.extraPortals</option> option
|
||||||
'';
|
'';
|
||||||
|
@ -29,9 +29,9 @@ in
|
||||||
pkgs.qtcurve
|
pkgs.qtcurve
|
||||||
];
|
];
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra Qt styles that will be available to the
|
Extra Qt styles that will be available to the
|
||||||
<package>lxqt.xdg-desktop-portal-lxqt</package>.
|
`lxqt.xdg-desktop-portal-lxqt`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,16 +17,16 @@ in
|
||||||
enable = mkEnableOption ''
|
enable = mkEnableOption ''
|
||||||
desktop portal for wlroots-based desktops
|
desktop portal for wlroots-based desktops
|
||||||
|
|
||||||
This will add the <package>xdg-desktop-portal-wlr</package> package into
|
This will add the <literal>xdg-desktop-portal-wlr</literal> package into
|
||||||
the <option>xdg.portal.extraPortals</option> option, and provide the
|
the <option>xdg.portal.extraPortals</option> option, and provide the
|
||||||
configuration file
|
configuration file
|
||||||
'';
|
'';
|
||||||
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Configuration for <package>xdg-desktop-portal-wlr</package>.
|
Configuration for `xdg-desktop-portal-wlr`.
|
||||||
|
|
||||||
See <literal>xdg-desktop-portal-wlr(5)</literal> for supported
|
See `xdg-desktop-portal-wlr(5)` for supported
|
||||||
values.
|
values.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -103,12 +103,12 @@ in
|
||||||
default = "zstd";
|
default = "zstd";
|
||||||
example = "lz4";
|
example = "lz4";
|
||||||
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Compression algorithm. <literal>lzo</literal> has good compression,
|
Compression algorithm. `lzo` has good compression,
|
||||||
but is slow. <literal>lz4</literal> has bad compression, but is fast.
|
but is slow. `lz4` has bad compression, but is fast.
|
||||||
<literal>zstd</literal> is both good compression and fast, but requires newer kernel.
|
`zstd` is both good compression and fast, but requires newer kernel.
|
||||||
You can check what other algorithms are supported by your zram device with
|
You can check what other algorithms are supported by your zram device with
|
||||||
<programlisting>cat /sys/class/block/zram*/comp_algorithm</programlisting>
|
{command}`cat /sys/class/block/zram*/comp_algorithm`
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -20,7 +20,7 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "0xfffd7fff";
|
default = "0xfffd7fff";
|
||||||
example = "0xffffffff";
|
example = "0xffffffff";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Sets the `amdgpu.ppfeaturemask` kernel option.
|
Sets the `amdgpu.ppfeaturemask` kernel option.
|
||||||
In particular, it is used here to set the overdrive bit.
|
In particular, it is used here to set the overdrive bit.
|
||||||
Default is `0xfffd7fff` as it is less likely to cause flicker issues.
|
Default is `0xfffd7fff` as it is less likely to cause flicker issues.
|
||||||
|
|
|
@ -8,17 +8,17 @@ in
|
||||||
options.hardware.cpu.amd.sev = {
|
options.hardware.cpu.amd.sev = {
|
||||||
enable = mkEnableOption "access to the AMD SEV device";
|
enable = mkEnableOption "access to the AMD SEV device";
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
description = "Owner to assign to the SEV device.";
|
description = lib.mdDoc "Owner to assign to the SEV device.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "root";
|
default = "root";
|
||||||
};
|
};
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
description = "Group to assign to the SEV device.";
|
description = lib.mdDoc "Group to assign to the SEV device.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = defaultGroup;
|
default = defaultGroup;
|
||||||
};
|
};
|
||||||
mode = mkOption {
|
mode = mkOption {
|
||||||
description = "Mode to set for the SEV device.";
|
description = lib.mdDoc "Mode to set for the SEV device.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "0660";
|
default = "0660";
|
||||||
};
|
};
|
||||||
|
|
|
@ -56,23 +56,6 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# this requires kernel package
|
|
||||||
dtbsWithSymbols = pkgs.stdenv.mkDerivation {
|
|
||||||
name = "dtbs-with-symbols";
|
|
||||||
inherit (cfg.kernelPackage) src nativeBuildInputs depsBuildBuild;
|
|
||||||
patches = map (patch: patch.patch) cfg.kernelPackage.kernelPatches;
|
|
||||||
buildPhase = ''
|
|
||||||
patchShebangs scripts/*
|
|
||||||
substituteInPlace scripts/Makefile.lib \
|
|
||||||
--replace 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget))' 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget)) -@'
|
|
||||||
make ${pkgs.stdenv.hostPlatform.linux-kernel.baseConfig} ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
|
|
||||||
make dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
|
|
||||||
'';
|
|
||||||
installPhase = ''
|
|
||||||
make dtbs_install INSTALL_DTBS_PATH=$out/dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
filterDTBs = src: if isNull cfg.filter
|
filterDTBs = src: if isNull cfg.filter
|
||||||
then "${src}/dtbs"
|
then "${src}/dtbs"
|
||||||
else
|
else
|
||||||
|
@ -83,6 +66,8 @@ let
|
||||||
| xargs -0 cp -v --no-preserve=mode --target-directory $out --parents
|
| xargs -0 cp -v --no-preserve=mode --target-directory $out --parents
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
filteredDTBs = filterDTBs cfg.kernelPackage;
|
||||||
|
|
||||||
# Compile single Device Tree overlay source
|
# Compile single Device Tree overlay source
|
||||||
# file (.dts) into its compiled variant (.dtbo)
|
# file (.dts) into its compiled variant (.dtbo)
|
||||||
compileDTS = name: f: pkgs.callPackage({ stdenv, dtc }: stdenv.mkDerivation {
|
compileDTS = name: f: pkgs.callPackage({ stdenv, dtc }: stdenv.mkDerivation {
|
||||||
|
@ -197,7 +182,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.deviceTree.package = if (cfg.overlays != [])
|
hardware.deviceTree.package = if (cfg.overlays != [])
|
||||||
then pkgs.deviceTree.applyOverlays (filterDTBs dtbsWithSymbols) (withDTBOs cfg.overlays)
|
then pkgs.deviceTree.applyOverlays filteredDTBs (withDTBOs cfg.overlays)
|
||||||
else (filterDTBs cfg.kernelPackage);
|
else filteredDTBs;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,14 @@ with lib;
|
||||||
console.earlySetup = mkDefault true;
|
console.earlySetup = mkDefault true;
|
||||||
boot.loader.systemd-boot.consoleMode = mkDefault "1";
|
boot.loader.systemd-boot.consoleMode = mkDefault "1";
|
||||||
|
|
||||||
|
|
||||||
|
# Grayscale anti-aliasing for fonts
|
||||||
|
fonts.fontconfig.antialias = mkDefault true;
|
||||||
|
fonts.fontconfig.subpixel = {
|
||||||
|
rgba = mkDefault "none";
|
||||||
|
lcdfilter = mkDefault "none";
|
||||||
|
};
|
||||||
|
|
||||||
# TODO Find reasonable defaults X11 & wayland
|
# TODO Find reasonable defaults X11 & wayland
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -454,23 +454,23 @@ in
|
||||||
|
|
||||||
isoImage.isoName = mkOption {
|
isoImage.isoName = mkOption {
|
||||||
default = "${config.isoImage.isoBaseName}.iso";
|
default = "${config.isoImage.isoBaseName}.iso";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name of the generated ISO image file.
|
Name of the generated ISO image file.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
isoImage.isoBaseName = mkOption {
|
isoImage.isoBaseName = mkOption {
|
||||||
default = "nixos";
|
default = "nixos";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Prefix of the name of the generated ISO image file.
|
Prefix of the name of the generated ISO image file.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
isoImage.compressImage = mkOption {
|
isoImage.compressImage = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether the ISO image should be compressed using
|
Whether the ISO image should be compressed using
|
||||||
<command>zstd</command>.
|
{command}`zstd`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -481,7 +481,7 @@ in
|
||||||
+ lib.optionalString isAarch "-Xbcj arm"
|
+ lib.optionalString isAarch "-Xbcj arm"
|
||||||
+ lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc"
|
+ lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc"
|
||||||
+ lib.optionalString (isSparc) "-Xbcj sparc";
|
+ lib.optionalString (isSparc) "-Xbcj sparc";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Compression settings to use for the squashfs nix store.
|
Compression settings to use for the squashfs nix store.
|
||||||
'';
|
'';
|
||||||
example = "zstd -Xcompression-level 6";
|
example = "zstd -Xcompression-level 6";
|
||||||
|
@ -489,7 +489,7 @@ in
|
||||||
|
|
||||||
isoImage.edition = mkOption {
|
isoImage.edition = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Specifies which edition string to use in the volume ID of the generated
|
Specifies which edition string to use in the volume ID of the generated
|
||||||
ISO image.
|
ISO image.
|
||||||
'';
|
'';
|
||||||
|
@ -498,7 +498,7 @@ in
|
||||||
isoImage.volumeID = mkOption {
|
isoImage.volumeID = mkOption {
|
||||||
# nixos-$EDITION-$RELEASE-$ARCH
|
# nixos-$EDITION-$RELEASE-$ARCH
|
||||||
default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
|
default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Specifies the label or volume ID of the generated ISO image.
|
Specifies the label or volume ID of the generated ISO image.
|
||||||
Note that the label is used by stage 1 of the boot process to
|
Note that the label is used by stage 1 of the boot process to
|
||||||
mount the CD, so it should be reasonably distinctive.
|
mount the CD, so it should be reasonably distinctive.
|
||||||
|
@ -512,7 +512,7 @@ in
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option lists files to be copied to fixed locations in the
|
This option lists files to be copied to fixed locations in the
|
||||||
generated ISO image.
|
generated ISO image.
|
||||||
'';
|
'';
|
||||||
|
@ -520,7 +520,7 @@ in
|
||||||
|
|
||||||
isoImage.storeContents = mkOption {
|
isoImage.storeContents = mkOption {
|
||||||
example = literalExpression "[ pkgs.stdenv ]";
|
example = literalExpression "[ pkgs.stdenv ]";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option lists additional derivations to be included in the
|
This option lists additional derivations to be included in the
|
||||||
Nix store in the generated ISO image.
|
Nix store in the generated ISO image.
|
||||||
'';
|
'';
|
||||||
|
@ -528,7 +528,7 @@ in
|
||||||
|
|
||||||
isoImage.includeSystemBuildDependencies = mkOption {
|
isoImage.includeSystemBuildDependencies = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Set this option to include all the needed sources etc in the
|
Set this option to include all the needed sources etc in the
|
||||||
image. It significantly increases image size. Use that when
|
image. It significantly increases image size. Use that when
|
||||||
you want to be able to keep all the sources needed to build your
|
you want to be able to keep all the sources needed to build your
|
||||||
|
@ -539,14 +539,14 @@ in
|
||||||
|
|
||||||
isoImage.makeEfiBootable = mkOption {
|
isoImage.makeEfiBootable = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether the ISO image should be an efi-bootable volume.
|
Whether the ISO image should be an efi-bootable volume.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
isoImage.makeUsbBootable = mkOption {
|
isoImage.makeUsbBootable = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether the ISO image should be bootable from CD as well as USB.
|
Whether the ISO image should be bootable from CD as well as USB.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -556,7 +556,7 @@ in
|
||||||
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png";
|
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png";
|
||||||
sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x";
|
sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x";
|
||||||
};
|
};
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The splash image to use in the EFI bootloader.
|
The splash image to use in the EFI bootloader.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -566,7 +566,7 @@ in
|
||||||
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png";
|
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png";
|
||||||
sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd";
|
sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd";
|
||||||
};
|
};
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The splash image to use in the legacy-boot bootloader.
|
The splash image to use in the legacy-boot bootloader.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -574,7 +574,7 @@ in
|
||||||
isoImage.grubTheme = mkOption {
|
isoImage.grubTheme = mkOption {
|
||||||
default = pkgs.nixos-grub2-theme;
|
default = pkgs.nixos-grub2-theme;
|
||||||
type = types.nullOr (types.either types.path types.package);
|
type = types.nullOr (types.either types.path types.package);
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The grub2 theme used for UEFI boot.
|
The grub2 theme used for UEFI boot.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -605,7 +605,7 @@ in
|
||||||
MENU COLOR SEL 7;37;40 #FFFFFFFF #FF5277C3 std
|
MENU COLOR SEL 7;37;40 #FFFFFFFF #FF5277C3 std
|
||||||
'';
|
'';
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The syslinux theme used for BIOS boot.
|
The syslinux theme used for BIOS boot.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -613,12 +613,12 @@ in
|
||||||
isoImage.appendToMenuLabel = mkOption {
|
isoImage.appendToMenuLabel = mkOption {
|
||||||
default = " Installer";
|
default = " Installer";
|
||||||
example = " Live System";
|
example = " Live System";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The string to append after the menu label for the NixOS system.
|
The string to append after the menu label for the NixOS system.
|
||||||
This will be directly appended (without whitespace) to the NixOS version
|
This will be directly appended (without whitespace) to the NixOS version
|
||||||
string, like for example if it is set to <literal>XXX</literal>:
|
string, like for example if it is set to `XXX`:
|
||||||
|
|
||||||
<literal>NixOS 99.99-pre666XXX</literal>
|
`NixOS 99.99-pre666XXX`
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ with lib;
|
||||||
|
|
||||||
netboot.storeContents = mkOption {
|
netboot.storeContents = mkOption {
|
||||||
example = literalExpression "[ pkgs.stdenv ]";
|
example = literalExpression "[ pkgs.stdenv ]";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option lists additional derivations to be included in the
|
This option lists additional derivations to be included in the
|
||||||
Nix store in the generated netboot image.
|
Nix store in the generated netboot image.
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -35,14 +35,14 @@ in
|
||||||
options.sdImage = {
|
options.sdImage = {
|
||||||
imageName = mkOption {
|
imageName = mkOption {
|
||||||
default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
|
default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name of the generated image file.
|
Name of the generated image file.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
imageBaseName = mkOption {
|
imageBaseName = mkOption {
|
||||||
default = "nixos-sd-image";
|
default = "nixos-sd-image";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Prefix of the name of the generated image file.
|
Prefix of the name of the generated image file.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -50,7 +50,7 @@ in
|
||||||
storePaths = mkOption {
|
storePaths = mkOption {
|
||||||
type = with types; listOf package;
|
type = with types; listOf package;
|
||||||
example = literalExpression "[ pkgs.stdenv ]";
|
example = literalExpression "[ pkgs.stdenv ]";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Derivations to be included in the Nix store in the generated SD image.
|
Derivations to be included in the Nix store in the generated SD image.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -74,7 +74,7 @@ in
|
||||||
firmwarePartitionID = mkOption {
|
firmwarePartitionID = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "0x2178694e";
|
default = "0x2178694e";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Volume ID for the /boot/firmware partition on the SD card. This value
|
Volume ID for the /boot/firmware partition on the SD card. This value
|
||||||
must be a 32-bit hexadecimal number.
|
must be a 32-bit hexadecimal number.
|
||||||
'';
|
'';
|
||||||
|
@ -83,7 +83,7 @@ in
|
||||||
firmwarePartitionName = mkOption {
|
firmwarePartitionName = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "FIRMWARE";
|
default = "FIRMWARE";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name of the filesystem which holds the boot firmware.
|
Name of the filesystem which holds the boot firmware.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -92,7 +92,7 @@ in
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
|
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
UUID for the filesystem on the main NixOS partition on the SD card.
|
UUID for the filesystem on the main NixOS partition on the SD card.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -101,14 +101,14 @@ in
|
||||||
type = types.int;
|
type = types.int;
|
||||||
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
|
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
|
||||||
default = 30;
|
default = 30;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Size of the /boot/firmware partition, in megabytes.
|
Size of the /boot/firmware partition, in megabytes.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
populateFirmwareCommands = mkOption {
|
populateFirmwareCommands = mkOption {
|
||||||
example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
|
example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Shell commands to populate the ./firmware directory.
|
Shell commands to populate the ./firmware directory.
|
||||||
All files in that directory are copied to the
|
All files in that directory are copied to the
|
||||||
/boot/firmware partition on the SD image.
|
/boot/firmware partition on the SD image.
|
||||||
|
@ -117,7 +117,7 @@ in
|
||||||
|
|
||||||
populateRootCommands = mkOption {
|
populateRootCommands = mkOption {
|
||||||
example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
|
example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Shell commands to populate the ./files directory.
|
Shell commands to populate the ./files directory.
|
||||||
All files in that directory are copied to the
|
All files in that directory are copied to the
|
||||||
root (/) partition on the SD image. Use this to
|
root (/) partition on the SD image. Use this to
|
||||||
|
@ -128,7 +128,7 @@ in
|
||||||
postBuildCommands = mkOption {
|
postBuildCommands = mkOption {
|
||||||
example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
|
example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Shell commands to run after the image is built.
|
Shell commands to run after the image is built.
|
||||||
Can be used for boards requiring to dd u-boot SPL before actual partitions.
|
Can be used for boards requiring to dd u-boot SPL before actual partitions.
|
||||||
'';
|
'';
|
||||||
|
@ -137,16 +137,16 @@ in
|
||||||
compressImage = mkOption {
|
compressImage = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether the SD image should be compressed using
|
Whether the SD image should be compressed using
|
||||||
<command>zstd</command>.
|
{command}`zstd`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
expandOnBoot = mkOption {
|
expandOnBoot = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to configure the sd image to expand it's partition on boot.
|
Whether to configure the sd image to expand it's partition on boot.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -160,9 +160,9 @@ in
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to install documentation of packages from
|
Whether to install documentation of packages from
|
||||||
<option>environment.systemPackages</option> into the generated system path.
|
{option}`environment.systemPackages` into the generated system path.
|
||||||
|
|
||||||
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
|
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
|
||||||
'';
|
'';
|
||||||
|
@ -172,9 +172,9 @@ in
|
||||||
man.enable = mkOption {
|
man.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to install manual pages.
|
Whether to install manual pages.
|
||||||
This also includes <literal>man</literal> outputs.
|
This also includes `man` outputs.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -193,8 +193,8 @@ in
|
||||||
info.enable = mkOption {
|
info.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to install info pages and the <command>info</command> command.
|
Whether to install info pages and the {command}`info` command.
|
||||||
This also includes "info" outputs.
|
This also includes "info" outputs.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -202,8 +202,8 @@ in
|
||||||
doc.enable = mkOption {
|
doc.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to install documentation distributed in packages' <literal>/share/doc</literal>.
|
Whether to install documentation distributed in packages' `/share/doc`.
|
||||||
Usually plain text and/or HTML.
|
Usually plain text and/or HTML.
|
||||||
This also includes "doc" outputs.
|
This also includes "doc" outputs.
|
||||||
'';
|
'';
|
||||||
|
@ -230,8 +230,7 @@ in
|
||||||
Whether to install NixOS's own documentation.
|
Whether to install NixOS's own documentation.
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem><para>This includes man pages like
|
<listitem><para>This includes man pages like
|
||||||
<citerefentry><refentrytitle>configuration.nix</refentrytitle>
|
<citerefentry><refentrytitle>configuration.nix</refentrytitle><manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
|
||||||
<manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
|
|
||||||
set.</para></listitem>
|
set.</para></listitem>
|
||||||
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
|
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
|
||||||
<option>documentation.doc.enable</option> is set.</para></listitem>
|
<option>documentation.doc.enable</option> is set.</para></listitem>
|
||||||
|
@ -242,7 +241,7 @@ in
|
||||||
nixos.extraModules = mkOption {
|
nixos.extraModules = mkOption {
|
||||||
type = types.listOf types.raw;
|
type = types.listOf types.raw;
|
||||||
default = [];
|
default = [];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Modules for which to show options even when not imported.
|
Modules for which to show options even when not imported.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -250,7 +249,7 @@ in
|
||||||
nixos.options.splitBuild = mkOption {
|
nixos.options.splitBuild = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to split the option docs build into a cacheable and an uncacheable part.
|
Whether to split the option docs build into a cacheable and an uncacheable part.
|
||||||
Splitting the build can substantially decrease the amount of time needed to build
|
Splitting the build can substantially decrease the amount of time needed to build
|
||||||
the manual, but some user modules may be incompatible with this splitting.
|
the manual, but some user modules may be incompatible with this splitting.
|
||||||
|
@ -260,7 +259,7 @@ in
|
||||||
nixos.options.warningsAreErrors = mkOption {
|
nixos.options.warningsAreErrors = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Treat warning emitted during the option documentation build (eg for missing option
|
Treat warning emitted during the option documentation build (eg for missing option
|
||||||
descriptions) as errors.
|
descriptions) as errors.
|
||||||
'';
|
'';
|
||||||
|
@ -269,18 +268,18 @@ in
|
||||||
nixos.includeAllModules = mkOption {
|
nixos.includeAllModules = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether the generated NixOS's documentation should include documentation for all
|
Whether the generated NixOS's documentation should include documentation for all
|
||||||
the options from all the NixOS modules included in the current
|
the options from all the NixOS modules included in the current
|
||||||
<literal>configuration.nix</literal>. Disabling this will make the manual
|
`configuration.nix`. Disabling this will make the manual
|
||||||
generator to ignore options defined outside of <literal>baseModules</literal>.
|
generator to ignore options defined outside of `baseModules`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
nixos.extraModuleSources = mkOption {
|
nixos.extraModuleSources = mkOption {
|
||||||
type = types.listOf (types.either types.path types.str);
|
type = types.listOf (types.either types.path types.str);
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Which extra NixOS module paths the generated NixOS's documentation should strip
|
Which extra NixOS module paths the generated NixOS's documentation should strip
|
||||||
from options.
|
from options.
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -354,6 +354,7 @@ in
|
||||||
webdav = 322;
|
webdav = 322;
|
||||||
pipewire = 323;
|
pipewire = 323;
|
||||||
rstudio-server = 324;
|
rstudio-server = 324;
|
||||||
|
localtimed = 325;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||||
|
|
||||||
|
@ -662,6 +663,7 @@ in
|
||||||
webdav = 322;
|
webdav = 322;
|
||||||
pipewire = 323;
|
pipewire = 323;
|
||||||
rstudio-server = 324;
|
rstudio-server = 324;
|
||||||
|
localtimed = 325;
|
||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing
|
# When adding a gid, make sure it doesn't match an existing
|
||||||
# uid. Users and groups with the same name should have equal
|
# uid. Users and groups with the same name should have equal
|
||||||
|
|
|
@ -39,16 +39,15 @@ in
|
||||||
type = str;
|
type = str;
|
||||||
default = "02:15";
|
default = "02:15";
|
||||||
example = "hourly";
|
example = "hourly";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Update the locate database at this interval. Updates by
|
Update the locate database at this interval. Updates by
|
||||||
default at 2:15 AM every day.
|
default at 2:15 AM every day.
|
||||||
|
|
||||||
The format is described in
|
The format is described in
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)`.
|
||||||
<manvolnum>7</manvolnum></citerefentry>.
|
|
||||||
|
|
||||||
To disable automatic updates, set to <literal>"never"</literal>
|
To disable automatic updates, set to `"never"`
|
||||||
and run <command>updatedb</command> manually.
|
and run {command}`updatedb` manually.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -117,13 +117,13 @@ in
|
||||||
'';
|
'';
|
||||||
type = pkgsType;
|
type = pkgsType;
|
||||||
example = literalExpression "import <nixpkgs> {}";
|
example = literalExpression "import <nixpkgs> {}";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
If set, the pkgs argument to all NixOS modules is the value of
|
If set, the pkgs argument to all NixOS modules is the value of
|
||||||
this option, extended with <literal>nixpkgs.overlays</literal>, if
|
this option, extended with `nixpkgs.overlays`, if
|
||||||
that is also set. Either <literal>nixpkgs.crossSystem</literal> or
|
that is also set. Either `nixpkgs.crossSystem` or
|
||||||
<literal>nixpkgs.localSystem</literal> will be used in an assertion
|
`nixpkgs.localSystem` will be used in an assertion
|
||||||
to check that the NixOS and Nixpkgs architectures match. Any
|
to check that the NixOS and Nixpkgs architectures match. Any
|
||||||
other options in <literal>nixpkgs.*</literal>, notably <literal>config</literal>,
|
other options in `nixpkgs.*`, notably `config`,
|
||||||
will be ignored.
|
will be ignored.
|
||||||
|
|
||||||
If unset, the pkgs argument to all NixOS modules is determined
|
If unset, the pkgs argument to all NixOS modules is determined
|
||||||
|
@ -132,18 +132,18 @@ in
|
||||||
The default value imports the Nixpkgs source files
|
The default value imports the Nixpkgs source files
|
||||||
relative to the location of this NixOS module, because
|
relative to the location of this NixOS module, because
|
||||||
NixOS and Nixpkgs are distributed together for consistency,
|
NixOS and Nixpkgs are distributed together for consistency,
|
||||||
so the <literal>nixos</literal> in the default value is in fact a
|
so the `nixos` in the default value is in fact a
|
||||||
relative path. The <literal>config</literal>, <literal>overlays</literal>,
|
relative path. The `config`, `overlays`,
|
||||||
<literal>localSystem</literal>, and <literal>crossSystem</literal> come
|
`localSystem`, and `crossSystem` come
|
||||||
from this option's siblings.
|
from this option's siblings.
|
||||||
|
|
||||||
This option can be used by applications like NixOps to increase
|
This option can be used by applications like NixOps to increase
|
||||||
the performance of evaluation, or to create packages that depend
|
the performance of evaluation, or to create packages that depend
|
||||||
on a container that should be built with the exact same evaluation
|
on a container that should be built with the exact same evaluation
|
||||||
of Nixpkgs, for example. Applications like this should set
|
of Nixpkgs, for example. Applications like this should set
|
||||||
their default value using <literal>lib.mkDefault</literal>, so
|
their default value using `lib.mkDefault`, so
|
||||||
user-provided configuration can override it without using
|
user-provided configuration can override it without using
|
||||||
<literal>lib</literal>.
|
`lib`.
|
||||||
|
|
||||||
Note that using a distinct version of Nixpkgs with NixOS may
|
Note that using a distinct version of Nixpkgs with NixOS may
|
||||||
be an unexpected source of problems. Use this option with care.
|
be an unexpected source of problems. Use this option with care.
|
||||||
|
@ -157,12 +157,12 @@ in
|
||||||
{ allowBroken = true; allowUnfree = true; }
|
{ allowBroken = true; allowUnfree = true; }
|
||||||
'';
|
'';
|
||||||
type = configType;
|
type = configType;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The configuration of the Nix Packages collection. (For
|
The configuration of the Nix Packages collection. (For
|
||||||
details, see the Nixpkgs documentation.) It allows you to set
|
details, see the Nixpkgs documentation.) It allows you to set
|
||||||
package configuration options.
|
package configuration options.
|
||||||
|
|
||||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
Ignored when `nixpkgs.pkgs` is set.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -180,17 +180,17 @@ in
|
||||||
]
|
]
|
||||||
'';
|
'';
|
||||||
type = types.listOf overlayType;
|
type = types.listOf overlayType;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of overlays to use with the Nix Packages collection.
|
List of overlays to use with the Nix Packages collection.
|
||||||
(For details, see the Nixpkgs documentation.) It allows
|
(For details, see the Nixpkgs documentation.) It allows
|
||||||
you to override packages globally. Each function in the list
|
you to override packages globally. Each function in the list
|
||||||
takes as an argument the <emphasis>original</emphasis> Nixpkgs.
|
takes as an argument the *original* Nixpkgs.
|
||||||
The first argument should be used for finding dependencies, and
|
The first argument should be used for finding dependencies, and
|
||||||
the second should be used for overriding recipes.
|
the second should be used for overriding recipes.
|
||||||
|
|
||||||
If <literal>nixpkgs.pkgs</literal> is set, overlays specified here
|
If `nixpkgs.pkgs` is set, overlays specified here
|
||||||
will be applied after the overlays that were already present
|
will be applied after the overlays that were already present
|
||||||
in <literal>nixpkgs.pkgs</literal>.
|
in `nixpkgs.pkgs`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -202,12 +202,12 @@ in
|
||||||
apply = lib.systems.elaborate;
|
apply = lib.systems.elaborate;
|
||||||
defaultText = literalExpression
|
defaultText = literalExpression
|
||||||
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Specifies the platform where the NixOS configuration will run.
|
Specifies the platform where the NixOS configuration will run.
|
||||||
|
|
||||||
To cross-compile, set also <literal>nixpkgs.buildPlatform</literal>.
|
To cross-compile, set also `nixpkgs.buildPlatform`.
|
||||||
|
|
||||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
Ignored when `nixpkgs.pkgs` is set.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -220,7 +220,7 @@ in
|
||||||
apply = lib.systems.elaborate;
|
apply = lib.systems.elaborate;
|
||||||
defaultText = literalExpression
|
defaultText = literalExpression
|
||||||
''config.nixpkgs.hostPlatform'';
|
''config.nixpkgs.hostPlatform'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Specifies the platform on which NixOS should be built.
|
Specifies the platform on which NixOS should be built.
|
||||||
By default, NixOS is built on the system where it runs, but you can
|
By default, NixOS is built on the system where it runs, but you can
|
||||||
change where it's built. Setting this option will cause NixOS to be
|
change where it's built. Setting this option will cause NixOS to be
|
||||||
|
@ -230,7 +230,7 @@ in
|
||||||
or if you're building machines, you can set this to match your
|
or if you're building machines, you can set this to match your
|
||||||
development system and/or build farm.
|
development system and/or build farm.
|
||||||
|
|
||||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
Ignored when `nixpkgs.pkgs` is set.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -243,25 +243,25 @@ in
|
||||||
apply = lib.systems.elaborate;
|
apply = lib.systems.elaborate;
|
||||||
defaultText = literalExpression
|
defaultText = literalExpression
|
||||||
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Systems with a recently generated <literal>hardware-configuration.nix</literal>
|
Systems with a recently generated `hardware-configuration.nix`
|
||||||
do not need to specify this option, unless cross-compiling, in which case
|
do not need to specify this option, unless cross-compiling, in which case
|
||||||
you should set <emphasis>only</emphasis> <option>nixpkgs.buildPlatform</option>.
|
you should set *only* {option}`nixpkgs.buildPlatform`.
|
||||||
|
|
||||||
If this is somehow not feasible, you may fall back to removing the
|
If this is somehow not feasible, you may fall back to removing the
|
||||||
<option>nixpkgs.hostPlatform</option> line from the generated config and
|
{option}`nixpkgs.hostPlatform` line from the generated config and
|
||||||
use the old options.
|
use the old options.
|
||||||
|
|
||||||
Specifies the platform on which NixOS should be built. When
|
Specifies the platform on which NixOS should be built. When
|
||||||
<literal>nixpkgs.crossSystem</literal> is unset, it also specifies
|
`nixpkgs.crossSystem` is unset, it also specifies
|
||||||
the platform <emphasis>for</emphasis> which NixOS should be
|
the platform *for* which NixOS should be
|
||||||
built. If this option is unset, it defaults to the platform
|
built. If this option is unset, it defaults to the platform
|
||||||
type of the machine where evaluation happens. Specifying this
|
type of the machine where evaluation happens. Specifying this
|
||||||
option is useful when doing distributed multi-platform
|
option is useful when doing distributed multi-platform
|
||||||
deployment, or when building virtual machines. See its
|
deployment, or when building virtual machines. See its
|
||||||
description in the Nixpkgs manual for more details.
|
description in the Nixpkgs manual for more details.
|
||||||
|
|
||||||
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
|
Ignored when `nixpkgs.pkgs` or `hostPlatform` is set.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -272,20 +272,20 @@ in
|
||||||
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
|
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
|
||||||
default = null;
|
default = null;
|
||||||
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
|
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Systems with a recently generated <literal>hardware-configuration.nix</literal>
|
Systems with a recently generated `hardware-configuration.nix`
|
||||||
may instead specify <emphasis>only</emphasis> <option>nixpkgs.buildPlatform</option>,
|
may instead specify *only* {option}`nixpkgs.buildPlatform`,
|
||||||
or fall back to removing the <option>nixpkgs.hostPlatform</option> line from the generated config.
|
or fall back to removing the {option}`nixpkgs.hostPlatform` line from the generated config.
|
||||||
|
|
||||||
Specifies the platform for which NixOS should be
|
Specifies the platform for which NixOS should be
|
||||||
built. Specify this only if it is different from
|
built. Specify this only if it is different from
|
||||||
<literal>nixpkgs.localSystem</literal>, the platform
|
`nixpkgs.localSystem`, the platform
|
||||||
<emphasis>on</emphasis> which NixOS should be built. In other
|
*on* which NixOS should be built. In other
|
||||||
words, specify this to cross-compile NixOS. Otherwise it
|
words, specify this to cross-compile NixOS. Otherwise it
|
||||||
should be set as null, the default. See its description in the
|
should be set as null, the default. See its description in the
|
||||||
Nixpkgs manual for more details.
|
Nixpkgs manual for more details.
|
||||||
|
|
||||||
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
|
Ignored when `nixpkgs.pkgs` or `hostPlatform` is set.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ in
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
A set with the key names being the environment variable you'd like to
|
A set with the key names being the environment variable you'd like to
|
||||||
set and the values being a list of paths to text documents containing
|
set and the values being a list of paths to text documents containing
|
||||||
lists of words. The various files will be merged, sorted, duplicates
|
lists of words. The various files will be merged, sorted, duplicates
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
./config/ldap.nix
|
./config/ldap.nix
|
||||||
./config/locale.nix
|
./config/locale.nix
|
||||||
./config/malloc.nix
|
./config/malloc.nix
|
||||||
|
./config/mysql.nix
|
||||||
./config/networking.nix
|
./config/networking.nix
|
||||||
./config/no-x-libs.nix
|
./config/no-x-libs.nix
|
||||||
./config/nsswitch.nix
|
./config/nsswitch.nix
|
||||||
|
@ -329,6 +330,7 @@
|
||||||
./services/cluster/kubernetes/proxy.nix
|
./services/cluster/kubernetes/proxy.nix
|
||||||
./services/cluster/kubernetes/scheduler.nix
|
./services/cluster/kubernetes/scheduler.nix
|
||||||
./services/cluster/pacemaker/default.nix
|
./services/cluster/pacemaker/default.nix
|
||||||
|
./services/cluster/patroni/default.nix
|
||||||
./services/cluster/spark/default.nix
|
./services/cluster/spark/default.nix
|
||||||
./services/computing/boinc/client.nix
|
./services/computing/boinc/client.nix
|
||||||
./services/computing/foldingathome/client.nix
|
./services/computing/foldingathome/client.nix
|
||||||
|
@ -618,6 +620,7 @@
|
||||||
./services/misc/plikd.nix
|
./services/misc/plikd.nix
|
||||||
./services/misc/podgrab.nix
|
./services/misc/podgrab.nix
|
||||||
./services/misc/polaris.nix
|
./services/misc/polaris.nix
|
||||||
|
./services/misc/portunus.nix
|
||||||
./services/misc/prowlarr.nix
|
./services/misc/prowlarr.nix
|
||||||
./services/misc/tautulli.nix
|
./services/misc/tautulli.nix
|
||||||
./services/misc/pinnwand.nix
|
./services/misc/pinnwand.nix
|
||||||
|
@ -637,6 +640,7 @@
|
||||||
./services/misc/sonarr.nix
|
./services/misc/sonarr.nix
|
||||||
./services/misc/sourcehut
|
./services/misc/sourcehut
|
||||||
./services/misc/spice-vdagentd.nix
|
./services/misc/spice-vdagentd.nix
|
||||||
|
./services/misc/spice-webdavd.nix
|
||||||
./services/misc/ssm-agent.nix
|
./services/misc/ssm-agent.nix
|
||||||
./services/misc/sssd.nix
|
./services/misc/sssd.nix
|
||||||
./services/misc/subsonic.nix
|
./services/misc/subsonic.nix
|
||||||
|
@ -1023,7 +1027,7 @@
|
||||||
./services/system/cloud-init.nix
|
./services/system/cloud-init.nix
|
||||||
./services/system/dbus.nix
|
./services/system/dbus.nix
|
||||||
./services/system/earlyoom.nix
|
./services/system/earlyoom.nix
|
||||||
./services/system/localtime.nix
|
./services/system/localtimed.nix
|
||||||
./services/system/kerberos/default.nix
|
./services/system/kerberos/default.nix
|
||||||
./services/system/nscd.nix
|
./services/system/nscd.nix
|
||||||
./services/system/saslauthd.nix
|
./services/system/saslauthd.nix
|
||||||
|
@ -1074,6 +1078,7 @@
|
||||||
./services/web-apps/jirafeau.nix
|
./services/web-apps/jirafeau.nix
|
||||||
./services/web-apps/jitsi-meet.nix
|
./services/web-apps/jitsi-meet.nix
|
||||||
./services/web-apps/keycloak.nix
|
./services/web-apps/keycloak.nix
|
||||||
|
./services/web-apps/komga.nix
|
||||||
./services/web-apps/lemmy.nix
|
./services/web-apps/lemmy.nix
|
||||||
./services/web-apps/invidious.nix
|
./services/web-apps/invidious.nix
|
||||||
./services/web-apps/invoiceplane.nix
|
./services/web-apps/invoiceplane.nix
|
||||||
|
@ -1134,6 +1139,7 @@
|
||||||
./services/web-servers/pomerium.nix
|
./services/web-servers/pomerium.nix
|
||||||
./services/web-servers/unit/default.nix
|
./services/web-servers/unit/default.nix
|
||||||
./services/web-servers/tomcat.nix
|
./services/web-servers/tomcat.nix
|
||||||
|
./services/web-servers/keter
|
||||||
./services/web-servers/traefik.nix
|
./services/web-servers/traefik.nix
|
||||||
./services/web-servers/trafficserver/default.nix
|
./services/web-servers/trafficserver/default.nix
|
||||||
./services/web-servers/ttyd.nix
|
./services/web-servers/ttyd.nix
|
||||||
|
|
|
@ -61,7 +61,7 @@ in
|
||||||
|
|
||||||
installer.cloneConfig = mkOption {
|
installer.cloneConfig = mkOption {
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Try to clone the installation-device configuration by re-using it's
|
Try to clone the installation-device configuration by re-using it's
|
||||||
profile from the list of imported modules.
|
profile from the list of imported modules.
|
||||||
'';
|
'';
|
||||||
|
@ -70,14 +70,14 @@ in
|
||||||
installer.cloneConfigIncludes = mkOption {
|
installer.cloneConfigIncludes = mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
example = [ "./nixos/modules/hardware/network/rt73.nix" ];
|
example = [ "./nixos/modules/hardware/network/rt73.nix" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of modules used to re-build this installation device profile.
|
List of modules used to re-build this installation device profile.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
installer.cloneConfigExtra = mkOption {
|
installer.cloneConfigExtra = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra text to include in the cloned configuration.nix included in this
|
Extra text to include in the cloned configuration.nix included in this
|
||||||
installer.
|
installer.
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -85,9 +85,9 @@ in
|
||||||
bindInterface = mkOption {
|
bindInterface = mkOption {
|
||||||
default = true;
|
default = true;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Binds <package>captive-browser</package> to the network interface declared in
|
Binds `captive-browser` to the network interface declared in
|
||||||
<literal>cfg.interface</literal>. This can be used to avoid collisions
|
`cfg.interface`. This can be used to avoid collisions
|
||||||
with private subnets.
|
with private subnets.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -76,10 +76,10 @@ in
|
||||||
|
|
||||||
extraOpts = mkOption {
|
extraOpts = mkOption {
|
||||||
type = types.attrs;
|
type = types.attrs;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra chromium policy options. A list of available policies
|
Extra chromium policy options. A list of available policies
|
||||||
can be found in the Chrome Enterprise documentation:
|
can be found in the Chrome Enterprise documentation:
|
||||||
<link xlink:href="https://cloud.google.com/docs/chrome-enterprise/policies/">https://cloud.google.com/docs/chrome-enterprise/policies/</link>
|
<https://cloud.google.com/docs/chrome-enterprise/policies/>
|
||||||
Make sure the selected policy is supported on Linux and your browser version.
|
Make sure the selected policy is supported on Linux and your browser version.
|
||||||
'';
|
'';
|
||||||
default = {};
|
default = {};
|
||||||
|
|
|
@ -8,15 +8,15 @@ with lib;
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to enable k3b, the KDE disk burning application.
|
Whether to enable k3b, the KDE disk burning application.
|
||||||
|
|
||||||
Additionally to installing <package>k3b</package> enabling this will
|
Additionally to installing `k3b` enabling this will
|
||||||
add <literal>setuid</literal> wrappers in <literal>/run/wrappers/bin</literal>
|
add `setuid` wrappers in `/run/wrappers/bin`
|
||||||
for both <package>cdrdao</package> and <package>cdrecord</package>. On first
|
for both `cdrdao` and `cdrecord`. On first
|
||||||
run you must manually configure the path of <package>cdrdae</package> and
|
run you must manually configure the path of `cdrdae` and
|
||||||
<package>cdrecord</package> to correspond to the appropriate paths under
|
`cdrecord` to correspond to the appropriate paths under
|
||||||
<literal>/run/wrappers/bin</literal> in the "Setup External Programs" menu.
|
`/run/wrappers/bin` in the "Setup External Programs" menu.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,7 +17,7 @@ in
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
withUtempter = mkOption {
|
withUtempter = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to enable libutempter for mosh.
|
Whether to enable libutempter for mosh.
|
||||||
This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).
|
This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).
|
||||||
Note, this will add a guid wrapper for the group utmp!
|
Note, this will add a guid wrapper for the group utmp!
|
||||||
|
|
|
@ -45,7 +45,7 @@ in {
|
||||||
passwordeval = "cat /secrets/password.txt";
|
passwordeval = "cat /secrets/password.txt";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Named accounts and their respective configurations.
|
Named accounts and their respective configurations.
|
||||||
The special name "default" allows a default account to be defined.
|
The special name "default" allows a default account to be defined.
|
||||||
See msmtp(1) for the available options.
|
See msmtp(1) for the available options.
|
||||||
|
|
|
@ -93,10 +93,10 @@ in
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra configuration text prepended to <filename>ssh_config</filename>. Other generated
|
Extra configuration text prepended to {file}`ssh_config`. Other generated
|
||||||
options will be added after a <literal>Host *</literal> pattern.
|
options will be added after a `Host *` pattern.
|
||||||
See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
See {manpage}`ssh_config(5)`
|
||||||
for help.
|
for help.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -22,7 +22,7 @@ in
|
||||||
default = "fuck";
|
default = "fuck";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
`thefuck` needs an alias to be configured.
|
`thefuck` needs an alias to be configured.
|
||||||
The default value is `fuck`, but you can use anything else as well.
|
The default value is `fuck`, but you can use anything else as well.
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -95,13 +95,13 @@ let
|
||||||
exclude.dir /nix/store
|
exclude.dir /nix/store
|
||||||
include.encrypt /home/.../*
|
include.encrypt /home/.../*
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
<literal>include.*</literal> and
|
`include.*` and
|
||||||
<literal>exclude.*</literal> directives to be
|
`exclude.*` directives to be
|
||||||
used when sending files to the IBM TSM server.
|
used when sending files to the IBM TSM server.
|
||||||
The lines will be written into a file that the
|
The lines will be written into a file that the
|
||||||
<literal>inclexcl</literal>
|
`inclexcl`
|
||||||
directive in <filename>dsm.sys</filename> points to.
|
directive in {file}`dsm.sys` points to.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
options.extraConfig = mkOption {
|
options.extraConfig = mkOption {
|
||||||
|
|
|
@ -62,7 +62,7 @@ in
|
||||||
to use `yabar-unstable'.
|
to use `yabar-unstable'.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The package which contains the `yabar` binary.
|
The package which contains the `yabar` binary.
|
||||||
|
|
||||||
Nixpkgs provides the `yabar` and `yabar-unstable`
|
Nixpkgs provides the `yabar` and `yabar-unstable`
|
||||||
|
|
|
@ -49,7 +49,7 @@ in
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
default = pkgs.oh-my-zsh;
|
default = pkgs.oh-my-zsh;
|
||||||
defaultText = literalExpression "pkgs.oh-my-zsh";
|
defaultText = literalExpression "pkgs.oh-my-zsh";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Package to install for `oh-my-zsh` usage.
|
Package to install for `oh-my-zsh` usage.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -67,7 +67,7 @@ in
|
||||||
custom = mkOption {
|
custom = mkOption {
|
||||||
default = null;
|
default = null;
|
||||||
type = with types; nullOr str;
|
type = with types; nullOr str;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Path to a custom oh-my-zsh package to override config of oh-my-zsh.
|
Path to a custom oh-my-zsh package to override config of oh-my-zsh.
|
||||||
(Can't be used along with `customPkgs`).
|
(Can't be used along with `customPkgs`).
|
||||||
'';
|
'';
|
||||||
|
@ -76,7 +76,7 @@ in
|
||||||
customPkgs = mkOption {
|
customPkgs = mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
type = types.listOf types.package;
|
type = types.listOf types.package;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of custom packages that should be loaded into `oh-my-zsh`.
|
List of custom packages that should be loaded into `oh-my-zsh`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -92,7 +92,7 @@ in
|
||||||
cacheDir = mkOption {
|
cacheDir = mkOption {
|
||||||
default = "$HOME/.cache/oh-my-zsh";
|
default = "$HOME/.cache/oh-my-zsh";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Cache directory to be used by `oh-my-zsh`.
|
Cache directory to be used by `oh-my-zsh`.
|
||||||
Without this option it would default to the read-only nix store.
|
Without this option it would default to the read-only nix store.
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
default = pkgs.zsh-autoenv;
|
default = pkgs.zsh-autoenv;
|
||||||
defaultText = literalExpression "pkgs.zsh-autoenv";
|
defaultText = literalExpression "pkgs.zsh-autoenv";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Package to install for `zsh-autoenv` usage.
|
Package to install for `zsh-autoenv` usage.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ in
|
||||||
strategy = mkOption {
|
strategy = mkOption {
|
||||||
type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]);
|
type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]);
|
||||||
default = [ "history" ];
|
default = [ "history" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
`ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated.
|
`ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated.
|
||||||
The strategies in the array are tried successively until a suggestion is found.
|
The strategies in the array are tried successively until a suggestion is found.
|
||||||
There are currently three built-in strategies to choose from:
|
There are currently three built-in strategies to choose from:
|
||||||
|
|
|
@ -451,10 +451,9 @@ let
|
||||||
renewInterval = mkOption {
|
renewInterval = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
inherit (defaultAndText "renewInterval" "daily") default defaultText;
|
inherit (defaultAndText "renewInterval" "daily") default defaultText;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Systemd calendar expression when to check for renewal. See
|
Systemd calendar expression when to check for renewal. See
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)`.
|
||||||
<manvolnum>7</manvolnum></citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -677,7 +676,7 @@ let
|
||||||
inheritDefaults = mkOption {
|
inheritDefaults = mkOption {
|
||||||
default = true;
|
default = true;
|
||||||
example = true;
|
example = true;
|
||||||
description = "Whether to inherit values set in `security.acme.defaults` or not.";
|
description = lib.mdDoc "Whether to inherit values set in `security.acme.defaults` or not.";
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -81,8 +81,8 @@ services.nginx = {
|
||||||
};
|
};
|
||||||
|
|
||||||
# We can also add a different vhost and reuse the same certificate
|
# We can also add a different vhost and reuse the same certificate
|
||||||
# but we have to append extraDomainNames manually.
|
# but we have to append extraDomainNames manually beforehand:
|
||||||
<link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ];
|
# <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ];
|
||||||
"baz.example.com" = {
|
"baz.example.com" = {
|
||||||
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
|
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
|
||||||
<link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com";
|
<link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com";
|
||||||
|
|
|
@ -42,7 +42,7 @@ in
|
||||||
if you want this service to do such killing
|
if you want this service to do such killing
|
||||||
by sending a <literal>SIGTERM</literal> to those running processes'';
|
by sending a <literal>SIGTERM</literal> to those running processes'';
|
||||||
policies = mkOption {
|
policies = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
AppArmor policies.
|
AppArmor policies.
|
||||||
'';
|
'';
|
||||||
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
||||||
|
@ -50,7 +50,7 @@ in
|
||||||
enable = mkDisableOption "loading of the profile into the kernel";
|
enable = mkDisableOption "loading of the profile into the kernel";
|
||||||
enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
|
enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
|
||||||
profile = mkOption {
|
profile = mkOption {
|
||||||
description = "The policy of the profile.";
|
description = lib.mdDoc "The policy of the profile.";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
apply = pkgs.writeText name;
|
apply = pkgs.writeText name;
|
||||||
};
|
};
|
||||||
|
@ -61,16 +61,16 @@ in
|
||||||
includes = mkOption {
|
includes = mkOption {
|
||||||
type = types.attrsOf types.lines;
|
type = types.attrsOf types.lines;
|
||||||
default = {};
|
default = {};
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of paths to be added to AppArmor's searched paths
|
List of paths to be added to AppArmor's searched paths
|
||||||
when resolving <literal>include</literal> directives.
|
when resolving `include` directives.
|
||||||
'';
|
'';
|
||||||
apply = mapAttrs pkgs.writeText;
|
apply = mapAttrs pkgs.writeText;
|
||||||
};
|
};
|
||||||
packages = mkOption {
|
packages = mkOption {
|
||||||
type = types.listOf types.package;
|
type = types.listOf types.package;
|
||||||
default = [];
|
default = [];
|
||||||
description = "List of packages to be added to AppArmor's include path";
|
description = lib.mdDoc "List of packages to be added to AppArmor's include path";
|
||||||
};
|
};
|
||||||
enableCache = mkEnableOption ''
|
enableCache = mkEnableOption ''
|
||||||
caching of AppArmor policies
|
caching of AppArmor policies
|
||||||
|
|
|
@ -94,7 +94,7 @@ in {
|
||||||
|
|
||||||
<note><para>If this is <literal>false</literal> the resulting store
|
<note><para>If this is <literal>false</literal> the resulting store
|
||||||
path will be non-deterministic and will be rebuilt every time the
|
path will be non-deterministic and will be rebuilt every time the
|
||||||
<package>openssl</package> package changes.</para></note>
|
<literal>openssl</literal> package changes.</para></note>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -142,6 +142,16 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mysqlAuth = mkOption {
|
||||||
|
default = config.users.mysql.enable;
|
||||||
|
defaultText = literalExpression "config.users.mysql.enable";
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
If set, the <literal>pam_mysql</literal> module will be used to
|
||||||
|
authenticate users against a MySQL/MariaDB database.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
fprintAuth = mkOption {
|
fprintAuth = mkOption {
|
||||||
default = config.services.fprintd.enable;
|
default = config.services.fprintd.enable;
|
||||||
defaultText = literalExpression "config.services.fprintd.enable";
|
defaultText = literalExpression "config.services.fprintd.enable";
|
||||||
|
@ -310,12 +320,10 @@ let
|
||||||
limits = mkOption {
|
limits = mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
type = limitsType;
|
type = limitsType;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Attribute set describing resource limits. Defaults to the
|
Attribute set describing resource limits. Defaults to the
|
||||||
value of <option>security.pam.loginLimits</option>.
|
value of {option}`security.pam.loginLimits`.
|
||||||
The meaning of the values is explained in <citerefentry>
|
The meaning of the values is explained in {manpage}`limits.conf(5)`.
|
||||||
<refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -442,11 +450,13 @@ let
|
||||||
(
|
(
|
||||||
''
|
''
|
||||||
# Account management.
|
# Account management.
|
||||||
account required pam_unix.so
|
|
||||||
'' +
|
'' +
|
||||||
optionalString use_ldap ''
|
optionalString use_ldap ''
|
||||||
account sufficient ${pam_ldap}/lib/security/pam_ldap.so
|
account sufficient ${pam_ldap}/lib/security/pam_ldap.so
|
||||||
'' +
|
'' +
|
||||||
|
optionalString cfg.mysqlAuth ''
|
||||||
|
account sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||||
|
'' +
|
||||||
optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) ''
|
optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) ''
|
||||||
account sufficient ${pkgs.sssd}/lib/security/pam_sss.so
|
account sufficient ${pkgs.sssd}/lib/security/pam_sss.so
|
||||||
'' +
|
'' +
|
||||||
|
@ -460,7 +470,11 @@ let
|
||||||
account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
|
account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
|
||||||
account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so
|
account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so
|
||||||
'' +
|
'' +
|
||||||
|
# The required pam_unix.so module has to come after all the sufficient modules
|
||||||
|
# because otherwise, the account lookup will fail if the user does not exist
|
||||||
|
# locally, for example with MySQL- or LDAP-auth.
|
||||||
''
|
''
|
||||||
|
account required pam_unix.so
|
||||||
|
|
||||||
# Authentication management.
|
# Authentication management.
|
||||||
'' +
|
'' +
|
||||||
|
@ -476,6 +490,9 @@ let
|
||||||
optionalString cfg.logFailures ''
|
optionalString cfg.logFailures ''
|
||||||
auth required pam_faillock.so
|
auth required pam_faillock.so
|
||||||
'' +
|
'' +
|
||||||
|
optionalString cfg.mysqlAuth ''
|
||||||
|
auth sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||||
|
'' +
|
||||||
optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) ''
|
optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) ''
|
||||||
auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}
|
auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}
|
||||||
'' +
|
'' +
|
||||||
|
@ -573,6 +590,9 @@ let
|
||||||
optionalString use_ldap ''
|
optionalString use_ldap ''
|
||||||
password sufficient ${pam_ldap}/lib/security/pam_ldap.so
|
password sufficient ${pam_ldap}/lib/security/pam_ldap.so
|
||||||
'' +
|
'' +
|
||||||
|
optionalString cfg.mysqlAuth ''
|
||||||
|
password sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||||
|
'' +
|
||||||
optionalString config.services.sssd.enable ''
|
optionalString config.services.sssd.enable ''
|
||||||
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok
|
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok
|
||||||
'' +
|
'' +
|
||||||
|
@ -616,6 +636,9 @@ let
|
||||||
optionalString use_ldap ''
|
optionalString use_ldap ''
|
||||||
session optional ${pam_ldap}/lib/security/pam_ldap.so
|
session optional ${pam_ldap}/lib/security/pam_ldap.so
|
||||||
'' +
|
'' +
|
||||||
|
optionalString cfg.mysqlAuth ''
|
||||||
|
session optional ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||||
|
'' +
|
||||||
optionalString config.services.sssd.enable ''
|
optionalString config.services.sssd.enable ''
|
||||||
session optional ${pkgs.sssd}/lib/security/pam_sss.so
|
session optional ${pkgs.sssd}/lib/security/pam_sss.so
|
||||||
'' +
|
'' +
|
||||||
|
@ -750,14 +773,13 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
description =
|
description = ''
|
||||||
'' Define resource limits that should apply to users or groups.
|
Define resource limits that should apply to users or groups.
|
||||||
Each item in the list should be an attribute set with a
|
Each item in the list should be an attribute set with a
|
||||||
<varname>domain</varname>, <varname>type</varname>,
|
<varname>domain</varname>, <varname>type</varname>,
|
||||||
<varname>item</varname>, and <varname>value</varname>
|
<varname>item</varname>, and <varname>value</varname>
|
||||||
attribute. The syntax and semantics of these attributes
|
attribute. The syntax and semantics of these attributes
|
||||||
must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle>
|
must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
<manvolnum>5</manvolnum></citerefentry>.
|
|
||||||
|
|
||||||
Note that these limits do not apply to systemd services,
|
Note that these limits do not apply to systemd services,
|
||||||
whose limits can be changed via <option>systemd.extraConfig</option>
|
whose limits can be changed via <option>systemd.extraConfig</option>
|
||||||
|
@ -838,17 +860,14 @@ in
|
||||||
control = mkOption {
|
control = mkOption {
|
||||||
default = "sufficient";
|
default = "sufficient";
|
||||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option sets pam "control".
|
This option sets pam "control".
|
||||||
If you want to have multi factor authentication, use "required".
|
If you want to have multi factor authentication, use "required".
|
||||||
If you want to use the PKCS#11 device instead of the regular password,
|
If you want to use the PKCS#11 device instead of the regular password,
|
||||||
use "sufficient".
|
use "sufficient".
|
||||||
|
|
||||||
Read
|
Read
|
||||||
<citerefentry>
|
{manpage}`pam.conf(5)`
|
||||||
<refentrytitle>pam.conf</refentrytitle>
|
|
||||||
<manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>
|
|
||||||
for better understanding of this option.
|
for better understanding of this option.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -929,16 +948,13 @@ in
|
||||||
control = mkOption {
|
control = mkOption {
|
||||||
default = "sufficient";
|
default = "sufficient";
|
||||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option sets pam "control".
|
This option sets pam "control".
|
||||||
If you want to have multi factor authentication, use "required".
|
If you want to have multi factor authentication, use "required".
|
||||||
If you want to use U2F device instead of regular password, use "sufficient".
|
If you want to use U2F device instead of regular password, use "sufficient".
|
||||||
|
|
||||||
Read
|
Read
|
||||||
<citerefentry>
|
{manpage}`pam.conf(5)`
|
||||||
<refentrytitle>pam.conf</refentrytitle>
|
|
||||||
<manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>
|
|
||||||
for better understanding of this option.
|
for better understanding of this option.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -1047,17 +1063,14 @@ in
|
||||||
control = mkOption {
|
control = mkOption {
|
||||||
default = "sufficient";
|
default = "sufficient";
|
||||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option sets pam "control".
|
This option sets pam "control".
|
||||||
If you want to have multi factor authentication, use "required".
|
If you want to have multi factor authentication, use "required".
|
||||||
If you want to use the SSH certificate instead of the regular password,
|
If you want to use the SSH certificate instead of the regular password,
|
||||||
use "sufficient".
|
use "sufficient".
|
||||||
|
|
||||||
Read
|
Read
|
||||||
<citerefentry>
|
{manpage}`pam.conf(5)`
|
||||||
<refentrytitle>pam.conf</refentrytitle>
|
|
||||||
<manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>
|
|
||||||
for better understanding of this option.
|
for better understanding of this option.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -1082,16 +1095,13 @@ in
|
||||||
control = mkOption {
|
control = mkOption {
|
||||||
default = "sufficient";
|
default = "sufficient";
|
||||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option sets pam "control".
|
This option sets pam "control".
|
||||||
If you want to have multi factor authentication, use "required".
|
If you want to have multi factor authentication, use "required".
|
||||||
If you want to use Yubikey instead of regular password, use "sufficient".
|
If you want to use Yubikey instead of regular password, use "sufficient".
|
||||||
|
|
||||||
Read
|
Read
|
||||||
<citerefentry>
|
{manpage}`pam.conf(5)`
|
||||||
<refentrytitle>pam.conf</refentrytitle>
|
|
||||||
<manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>
|
|
||||||
for better understanding of this option.
|
for better understanding of this option.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -1250,6 +1260,9 @@ in
|
||||||
optionalString (isEnabled (cfg: cfg.oathAuth)) ''
|
optionalString (isEnabled (cfg: cfg.oathAuth)) ''
|
||||||
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so,
|
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so,
|
||||||
'' +
|
'' +
|
||||||
|
optionalString (isEnabled (cfg: cfg.mysqlAuth)) ''
|
||||||
|
mr ${pkgs.pam_mysql}/lib/security/pam_mysql.so,
|
||||||
|
'' +
|
||||||
optionalString (isEnabled (cfg: cfg.yubicoAuth)) ''
|
optionalString (isEnabled (cfg: cfg.yubicoAuth)) ''
|
||||||
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,
|
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,
|
||||||
'' +
|
'' +
|
||||||
|
|
|
@ -46,7 +46,7 @@ in
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.sudo;
|
default = pkgs.sudo;
|
||||||
defaultText = literalExpression "pkgs.sudo";
|
defaultText = literalExpression "pkgs.sudo";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Which package to use for `sudo`.
|
Which package to use for `sudo`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -10,12 +10,10 @@ in {
|
||||||
options.confinement.enable = lib.mkOption {
|
options.confinement.enable = lib.mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
If set, all the required runtime store paths for this service are
|
If set, all the required runtime store paths for this service are
|
||||||
bind-mounted into a <literal>tmpfs</literal>-based <citerefentry>
|
bind-mounted into a `tmpfs`-based
|
||||||
<refentrytitle>chroot</refentrytitle>
|
{manpage}`chroot(2)`.
|
||||||
<manvolnum>2</manvolnum>
|
|
||||||
</citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -63,16 +61,13 @@ in {
|
||||||
default = toplevelConfig.environment.binsh;
|
default = toplevelConfig.environment.binsh;
|
||||||
defaultText = lib.literalExpression "config.environment.binsh";
|
defaultText = lib.literalExpression "config.environment.binsh";
|
||||||
example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"'';
|
example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The program to make available as <filename>/bin/sh</filename> inside
|
The program to make available as {file}`/bin/sh` inside
|
||||||
the chroot. If this is set to <literal>null</literal>, no
|
the chroot. If this is set to `null`, no
|
||||||
<filename>/bin/sh</filename> is provided at all.
|
{file}`/bin/sh` is provided at all.
|
||||||
|
|
||||||
This is useful for some applications, which for example use the
|
This is useful for some applications, which for example use the
|
||||||
<citerefentry>
|
{manpage}`system(3)` library function to execute commands.
|
||||||
<refentrytitle>system</refentrytitle>
|
|
||||||
<manvolnum>3</manvolnum>
|
|
||||||
</citerefentry> library function to execute commands.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -88,10 +83,8 @@ in {
|
||||||
name space.
|
name space.
|
||||||
|
|
||||||
If this is set to <literal>chroot-only</literal>, only the file
|
If this is set to <literal>chroot-only</literal>, only the file
|
||||||
system name space is set up along with the call to <citerefentry>
|
system name space is set up along with the call to
|
||||||
<refentrytitle>chroot</refentrytitle>
|
<citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
|
||||||
<manvolnum>2</manvolnum>
|
|
||||||
</citerefentry>.
|
|
||||||
|
|
||||||
<note><para>This doesn't cover network namespaces and is solely for
|
<note><para>This doesn't cover network namespaces and is solely for
|
||||||
file system level isolation.</para></note>
|
file system level isolation.</para></note>
|
||||||
|
|
|
@ -54,10 +54,7 @@ let
|
||||||
description = ''
|
description = ''
|
||||||
A comma-separated list of capabilities to be given to the wrapper
|
A comma-separated list of capabilities to be given to the wrapper
|
||||||
program. For capabilities supported by the system check the
|
program. For capabilities supported by the system check the
|
||||||
<citerefentry>
|
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||||
<refentrytitle>capabilities</refentrytitle>
|
|
||||||
<manvolnum>7</manvolnum>
|
|
||||||
</citerefentry>
|
|
||||||
manual page.
|
manual page.
|
||||||
|
|
||||||
<note><para>
|
<note><para>
|
||||||
|
@ -188,6 +185,16 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.wrapperDirSize = lib.mkOption {
|
||||||
|
default = "50%";
|
||||||
|
example = "10G";
|
||||||
|
type = lib.types.str;
|
||||||
|
description = ''
|
||||||
|
Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option,
|
||||||
|
for the accepted syntax. WARNING: don't set to less than 64MB.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
security.wrapperDir = lib.mkOption {
|
security.wrapperDir = lib.mkOption {
|
||||||
type = lib.types.path;
|
type = lib.types.path;
|
||||||
default = "/run/wrappers/bin";
|
default = "/run/wrappers/bin";
|
||||||
|
@ -230,7 +237,7 @@ in
|
||||||
|
|
||||||
boot.specialFileSystems.${parentWrapperDir} = {
|
boot.specialFileSystems.${parentWrapperDir} = {
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = [ "nodev" "mode=755" ];
|
options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Make sure our wrapperDir exports to the PATH env variable when
|
# Make sure our wrapperDir exports to the PATH env variable when
|
||||||
|
|
|
@ -23,12 +23,10 @@ let
|
||||||
on_exit()
|
on_exit()
|
||||||
{
|
{
|
||||||
exitStatus=$?
|
exitStatus=$?
|
||||||
# Reset the EXIT handler, or else we're called again on 'exit' below
|
|
||||||
trap - EXIT
|
|
||||||
${cfg.postHook}
|
${cfg.postHook}
|
||||||
exit $exitStatus
|
exit $exitStatus
|
||||||
}
|
}
|
||||||
trap 'on_exit' INT TERM QUIT EXIT
|
trap on_exit EXIT
|
||||||
|
|
||||||
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
|
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
|
||||||
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
|
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
|
||||||
|
@ -320,13 +318,12 @@ in {
|
||||||
startAt = mkOption {
|
startAt = mkOption {
|
||||||
type = with types; either str (listOf str);
|
type = with types; either str (listOf str);
|
||||||
default = "daily";
|
default = "daily";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
When or how often the backup should run.
|
When or how often the backup should run.
|
||||||
Must be in the format described in
|
Must be in the format described in
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)`.
|
||||||
<manvolnum>7</manvolnum></citerefentry>.
|
|
||||||
If you do not want the backup to start
|
If you do not want the backup to start
|
||||||
automatically, use <literal>[ ]</literal>.
|
automatically, use `[ ]`.
|
||||||
It will generate a systemd service borgbackup-job-NAME.
|
It will generate a systemd service borgbackup-job-NAME.
|
||||||
You may trigger it manually via systemctl restart borgbackup-job-NAME.
|
You may trigger it manually via systemctl restart borgbackup-job-NAME.
|
||||||
'';
|
'';
|
||||||
|
@ -336,10 +333,9 @@ in {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
example = true;
|
example = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Set the <literal>persistentTimer</literal> option for the
|
Set the `persistentTimer` option for the
|
||||||
<citerefentry><refentrytitle>systemd.timer</refentrytitle>
|
{manpage}`systemd.timer(5)`
|
||||||
<manvolnum>5</manvolnum></citerefentry>
|
|
||||||
which triggers the backup immediately if the last trigger
|
which triggers the backup immediately if the last trigger
|
||||||
was missed (e.g. if the system was powered down).
|
was missed (e.g. if the system was powered down).
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -27,30 +27,27 @@ in
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "/home" ];
|
example = [ "/home" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of paths to include into the backups. See the FILE SELECTION
|
List of paths to include into the backups. See the FILE SELECTION
|
||||||
section in <citerefentry><refentrytitle>duplicity</refentrytitle>
|
section in {manpage}`duplicity(1)` for details on the syntax.
|
||||||
<manvolnum>1</manvolnum></citerefentry> for details on the syntax.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
exclude = mkOption {
|
exclude = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of paths to exclude from backups. See the FILE SELECTION section in
|
List of paths to exclude from backups. See the FILE SELECTION section in
|
||||||
<citerefentry><refentrytitle>duplicity</refentrytitle>
|
{manpage}`duplicity(1)` for details on the syntax.
|
||||||
<manvolnum>1</manvolnum></citerefentry> for details on the syntax.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
targetUrl = mkOption {
|
targetUrl = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "s3://host:port/prefix";
|
example = "s3://host:port/prefix";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Target url to backup to. See the URL FORMAT section in
|
Target url to backup to. See the URL FORMAT section in
|
||||||
<citerefentry><refentrytitle>duplicity</refentrytitle>
|
{manpage}`duplicity(1)` for supported urls.
|
||||||
<manvolnum>1</manvolnum></citerefentry> for supported urls.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -60,8 +57,7 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
Path of a file containing secrets (gpg passphrase, access key...) in
|
Path of a file containing secrets (gpg passphrase, access key...) in
|
||||||
the format of EnvironmentFile as described by
|
the format of EnvironmentFile as described by
|
||||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle>
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For example:
|
||||||
<manvolnum>5</manvolnum></citerefentry>. For example:
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
PASSPHRASE=«...»
|
PASSPHRASE=«...»
|
||||||
AWS_ACCESS_KEY_ID=«...»
|
AWS_ACCESS_KEY_ID=«...»
|
||||||
|
@ -73,10 +69,9 @@ in
|
||||||
frequency = mkOption {
|
frequency = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = "daily";
|
default = "daily";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Run duplicity with the given frequency (see
|
Run duplicity with the given frequency (see
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)` for the format).
|
||||||
<manvolnum>7</manvolnum></citerefentry> for the format).
|
|
||||||
If null, do not run automatically.
|
If null, do not run automatically.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -85,10 +80,9 @@ in
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "--backend-retry-delay" "100" ];
|
example = [ "--backend-retry-delay" "100" ];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra command-line flags passed to duplicity. See
|
Extra command-line flags passed to duplicity. See
|
||||||
<citerefentry><refentrytitle>duplicity</refentrytitle>
|
{manpage}`duplicity(1)`.
|
||||||
<manvolnum>1</manvolnum></citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -118,12 +118,11 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "hourly";
|
default = "hourly";
|
||||||
example = "daily";
|
example = "daily";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Run sanoid at this interval. The default is to run hourly.
|
Run sanoid at this interval. The default is to run hourly.
|
||||||
|
|
||||||
The format is described in
|
The format is described in
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)`.
|
||||||
<manvolnum>7</manvolnum></citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -16,11 +16,11 @@ let
|
||||||
lib.concatMapStrings (s: if lib.isList s then "-" else s)
|
lib.concatMapStrings (s: if lib.isList s then "-" else s)
|
||||||
(builtins.split "[^a-zA-Z0-9_.\\-]+" name);
|
(builtins.split "[^a-zA-Z0-9_.\\-]+" name);
|
||||||
|
|
||||||
# Function to build "zfs allow" commands for the filesystems we've
|
# Function to build "zfs allow" commands for the filesystems we've delegated
|
||||||
# delegated permissions to. It also checks if the target dataset
|
# permissions to. It also checks if the target dataset exists before
|
||||||
# exists before delegating permissions, if it doesn't exist we
|
# delegating permissions, if it doesn't exist we delegate it to the parent
|
||||||
# delegate it to the parent dataset. This should solve the case of
|
# dataset (if it exists). This should solve the case of provisoning new
|
||||||
# provisoning new datasets.
|
# datasets.
|
||||||
buildAllowCommand = permissions: dataset: (
|
buildAllowCommand = permissions: dataset: (
|
||||||
"-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
|
"-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
|
||||||
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS
|
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS
|
||||||
|
@ -38,6 +38,7 @@ let
|
||||||
(concatStringsSep "," permissions)
|
(concatStringsSep "," permissions)
|
||||||
dataset
|
dataset
|
||||||
]}
|
]}
|
||||||
|
${lib.optionalString ((builtins.dirOf dataset) != ".") ''
|
||||||
else
|
else
|
||||||
${lib.escapeShellArgs [
|
${lib.escapeShellArgs [
|
||||||
"/run/booted-system/sw/bin/zfs"
|
"/run/booted-system/sw/bin/zfs"
|
||||||
|
@ -47,6 +48,7 @@ let
|
||||||
# Remove the last part of the path
|
# Remove the last part of the path
|
||||||
(builtins.dirOf dataset)
|
(builtins.dirOf dataset)
|
||||||
]}
|
]}
|
||||||
|
''}
|
||||||
fi
|
fi
|
||||||
''}"
|
''}"
|
||||||
);
|
);
|
||||||
|
@ -67,14 +69,14 @@ let
|
||||||
(concatStringsSep "," permissions)
|
(concatStringsSep "," permissions)
|
||||||
dataset
|
dataset
|
||||||
]}
|
]}
|
||||||
${lib.escapeShellArgs [
|
${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [
|
||||||
"/run/booted-system/sw/bin/zfs"
|
"/run/booted-system/sw/bin/zfs"
|
||||||
"unallow"
|
"unallow"
|
||||||
cfg.user
|
cfg.user
|
||||||
(concatStringsSep "," permissions)
|
(concatStringsSep "," permissions)
|
||||||
# Remove the last part of the path
|
# Remove the last part of the path
|
||||||
(builtins.dirOf dataset)
|
(builtins.dirOf dataset)
|
||||||
]}
|
])}
|
||||||
''}"
|
''}"
|
||||||
);
|
);
|
||||||
in
|
in
|
||||||
|
@ -89,12 +91,11 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "hourly";
|
default = "hourly";
|
||||||
example = "*-*-* *:15:00";
|
example = "*-*-* *:15:00";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Run syncoid at this interval. The default is to run hourly.
|
Run syncoid at this interval. The default is to run hourly.
|
||||||
|
|
||||||
The format is described in
|
The format is described in
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)`.
|
||||||
<manvolnum>7</manvolnum></citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -140,12 +140,11 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "01:15";
|
default = "01:15";
|
||||||
example = "hourly";
|
example = "hourly";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Create archive at this interval.
|
Create archive at this interval.
|
||||||
|
|
||||||
The format is described in
|
The format is described in
|
||||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
{manpage}`systemd.time(7)`.
|
||||||
<manvolnum>7</manvolnum></citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -16,9 +16,9 @@ with lib;
|
||||||
"fs.defaultFS" = "hdfs://localhost";
|
"fs.defaultFS" = "hdfs://localhost";
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Hadoop core-site.xml definition
|
Hadoop core-site.xml definition
|
||||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml"/>
|
<https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
coreSiteInternal = mkOption {
|
coreSiteInternal = mkOption {
|
||||||
|
@ -38,7 +38,7 @@ with lib;
|
||||||
"dfs.namenode.http-bind-host" = "0.0.0.0";
|
"dfs.namenode.http-bind-host" = "0.0.0.0";
|
||||||
};
|
};
|
||||||
type = types.attrsOf types.anything;
|
type = types.attrsOf types.anything;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Default options for hdfs-site.xml
|
Default options for hdfs-site.xml
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -50,9 +50,9 @@ with lib;
|
||||||
"dfs.nameservices" = "namenode1";
|
"dfs.nameservices" = "namenode1";
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Additional options and overrides for hdfs-site.xml
|
Additional options and overrides for hdfs-site.xml
|
||||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml"/>
|
<https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
hdfsSiteInternal = mkOption {
|
hdfsSiteInternal = mkOption {
|
||||||
|
@ -80,7 +80,7 @@ with lib;
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
type = types.attrsOf types.anything;
|
type = types.attrsOf types.anything;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Default options for mapred-site.xml
|
Default options for mapred-site.xml
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -92,9 +92,9 @@ with lib;
|
||||||
"mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC";
|
"mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC";
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Additional options and overrides for mapred-site.xml
|
Additional options and overrides for mapred-site.xml
|
||||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml"/>
|
<https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ with lib;
|
||||||
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler";
|
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler";
|
||||||
};
|
};
|
||||||
type = types.attrsOf types.anything;
|
type = types.attrsOf types.anything;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Default options for yarn-site.xml
|
Default options for yarn-site.xml
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -125,9 +125,9 @@ with lib;
|
||||||
"yarn.resourcemanager.hostname" = "''${config.networking.hostName}";
|
"yarn.resourcemanager.hostname" = "''${config.networking.hostName}";
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Additional options and overrides for yarn-site.xml
|
Additional options and overrides for yarn-site.xml
|
||||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml"/>
|
<https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
yarnSiteInternal = mkOption {
|
yarnSiteInternal = mkOption {
|
||||||
|
@ -147,9 +147,9 @@ with lib;
|
||||||
"hadoop.http.max.threads" = 500;
|
"hadoop.http.max.threads" = 500;
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Hadoop httpfs-site.xml definition
|
Hadoop httpfs-site.xml definition
|
||||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html"/>
|
<https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -162,7 +162,7 @@ with lib;
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
"''${pkgs.hadoop}/lib/''${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";
|
"''${pkgs.hadoop}/lib/''${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";
|
||||||
'';
|
'';
|
||||||
description = "log4j.properties file added to HADOOP_CONF_DIR";
|
description = lib.mdDoc "log4j.properties file added to HADOOP_CONF_DIR";
|
||||||
};
|
};
|
||||||
|
|
||||||
containerExecutorCfg = mkOption {
|
containerExecutorCfg = mkOption {
|
||||||
|
@ -179,9 +179,9 @@ with lib;
|
||||||
"feature.terminal.enabled" = 0;
|
"feature.terminal.enabled" = 0;
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Yarn container-executor.cfg definition
|
Yarn container-executor.cfg definition
|
||||||
<link xlink:href="https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html"/>
|
<https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -194,7 +194,7 @@ with lib;
|
||||||
./extraYARNConfs
|
./extraYARNConfs
|
||||||
]
|
]
|
||||||
'';
|
'';
|
||||||
description = "Directories containing additional config files to be added to HADOOP_CONF_DIR";
|
description = lib.mdDoc "Directories containing additional config files to be added to HADOOP_CONF_DIR";
|
||||||
};
|
};
|
||||||
|
|
||||||
gatewayRole.enable = mkEnableOption "gateway role for deploying hadoop configs";
|
gatewayRole.enable = mkEnableOption "gateway role for deploying hadoop configs";
|
||||||
|
|
|
@ -21,7 +21,7 @@ in
|
||||||
"hbase.cluster.distributed" = "true";
|
"hbase.cluster.distributed" = "true";
|
||||||
};
|
};
|
||||||
type = types.attrsOf types.anything;
|
type = types.attrsOf types.anything;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Default options for hbase-site.xml
|
Default options for hbase-site.xml
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -30,9 +30,9 @@ in
|
||||||
type = with types; attrsOf anything;
|
type = with types; attrsOf anything;
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Additional options and overrides for hbase-site.xml
|
Additional options and overrides for hbase-site.xml
|
||||||
<link xlink:href="https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml"/>
|
<https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
hbaseSiteInternal = mkOption {
|
hbaseSiteInternal = mkOption {
|
||||||
|
@ -50,11 +50,11 @@ in
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.hbase;
|
default = pkgs.hbase;
|
||||||
defaultText = literalExpression "pkgs.hbase";
|
defaultText = literalExpression "pkgs.hbase";
|
||||||
description = "HBase package";
|
description = lib.mdDoc "HBase package";
|
||||||
};
|
};
|
||||||
|
|
||||||
rootdir = mkOption {
|
rootdir = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option will set "hbase.rootdir" in hbase-site.xml and determine
|
This option will set "hbase.rootdir" in hbase-site.xml and determine
|
||||||
the directory shared by region servers and into which HBase persists.
|
the directory shared by region servers and into which HBase persists.
|
||||||
The URL should be 'fully-qualified' to include the filesystem scheme.
|
The URL should be 'fully-qualified' to include the filesystem scheme.
|
||||||
|
@ -68,7 +68,7 @@ in
|
||||||
default = "/hbase";
|
default = "/hbase";
|
||||||
};
|
};
|
||||||
zookeeperQuorum = mkOption {
|
zookeeperQuorum = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
This option will set "hbase.zookeeper.quorum" in hbase-site.xml.
|
This option will set "hbase.zookeeper.quorum" in hbase-site.xml.
|
||||||
Comma separated list of servers in the ZooKeeper ensemble.
|
Comma separated list of servers in the ZooKeeper ensemble.
|
||||||
'';
|
'';
|
||||||
|
@ -83,7 +83,7 @@ in
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Open firewall ports for HBase master.
|
Open firewall ports for HBase master.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -94,7 +94,7 @@ in
|
||||||
overrideHosts = mkOption {
|
overrideHosts = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix
|
Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix
|
||||||
Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records
|
Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records
|
||||||
or /etc/hosts entries.
|
or /etc/hosts entries.
|
||||||
|
@ -105,7 +105,7 @@ in
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Open firewall ports for HBase master.
|
Open firewall ports for HBase master.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
268
third_party/nixpkgs/nixos/modules/services/cluster/patroni/default.nix
vendored
Normal file
268
third_party/nixpkgs/nixos/modules/services/cluster/patroni/default.nix
vendored
Normal file
|
@ -0,0 +1,268 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.services.patroni;
|
||||||
|
defaultUser = "patroni";
|
||||||
|
defaultGroup = "patroni";
|
||||||
|
format = pkgs.formats.yaml { };
|
||||||
|
|
||||||
|
#boto doesn't support python 3.10 yet
|
||||||
|
patroni = pkgs.patroni.override { pythonPackages = pkgs.python39Packages; };
|
||||||
|
|
||||||
|
configFileName = "patroni-${cfg.scope}-${cfg.name}.yaml";
|
||||||
|
configFile = format.generate configFileName cfg.settings;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.patroni = {
|
||||||
|
|
||||||
|
enable = mkEnableOption "Patroni";
|
||||||
|
|
||||||
|
postgresqlPackage = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
example = literalExpression "pkgs.postgresql_14";
|
||||||
|
description = mdDoc ''
|
||||||
|
PostgreSQL package to use.
|
||||||
|
Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresqlDataDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"'';
|
||||||
|
example = "/var/lib/postgresql/14";
|
||||||
|
default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}";
|
||||||
|
description = mdDoc ''
|
||||||
|
The data directory for PostgreSQL. If left as the default value
|
||||||
|
this directory will automatically be created before the PostgreSQL server starts, otherwise
|
||||||
|
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
|
||||||
|
and permissions.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresqlPort = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 5432;
|
||||||
|
description = mdDoc ''
|
||||||
|
The port on which PostgreSQL listens.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = defaultUser;
|
||||||
|
example = "postgres";
|
||||||
|
description = mdDoc ''
|
||||||
|
The user for the service. If left as the default value this user will automatically be created,
|
||||||
|
otherwise the sysadmin is responsible for ensuring the user exists.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = defaultGroup;
|
||||||
|
example = "postgres";
|
||||||
|
description = mdDoc ''
|
||||||
|
The group for the service. If left as the default value this group will automatically be created,
|
||||||
|
otherwise the sysadmin is responsible for ensuring the group exists.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/lib/patroni";
|
||||||
|
description = mdDoc ''
|
||||||
|
Folder where Patroni data will be written, used by Raft as well if enabled.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
scope = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "cluster1";
|
||||||
|
description = mdDoc ''
|
||||||
|
Cluster name.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
name = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "node1";
|
||||||
|
description = mdDoc ''
|
||||||
|
The name of the host. Must be unique for the cluster.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
namespace = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/service";
|
||||||
|
description = mdDoc ''
|
||||||
|
Path within the configuration store where Patroni will keep information about the cluster.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
nodeIp = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "192.168.1.1";
|
||||||
|
description = mdDoc ''
|
||||||
|
IP address of this node.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
otherNodesIps = mkOption {
|
||||||
|
type = types.listOf types.string;
|
||||||
|
example = [ "192.168.1.2" "192.168.1.3" ];
|
||||||
|
description = mdDoc ''
|
||||||
|
IP addresses of the other nodes.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
restApiPort = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 8008;
|
||||||
|
description = mdDoc ''
|
||||||
|
The port on Patroni's REST api listens.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
raft = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
This will configure Patroni to use its own RAFT implementation instead of using a dedicated DCS.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
raftPort = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 5010;
|
||||||
|
description = mdDoc ''
|
||||||
|
The port on which RAFT listens.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
softwareWatchdog = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
This will configure Patroni to use the software watchdog built into the Linux kernel
|
||||||
|
as described in the [documentation](https://patroni.readthedocs.io/en/latest/watchdog.html#setting-up-software-watchdog-on-linux).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = format.type;
|
||||||
|
default = { };
|
||||||
|
description = mdDoc ''
|
||||||
|
The primary patroni configuration. See the [documentation](https://patroni.readthedocs.io/en/latest/SETTINGS.html)
|
||||||
|
for possible values.
|
||||||
|
Secrets should be passed in by using the `environmentFiles` option.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFiles = mkOption {
|
||||||
|
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
|
||||||
|
default = { };
|
||||||
|
example = {
|
||||||
|
PATRONI_REPLICATION_PASSWORD = "/secret/file";
|
||||||
|
PATRONI_SUPERUSER_PASSWORD = "/secret/file";
|
||||||
|
};
|
||||||
|
description = mdDoc "Environment variables made available to Patroni as files content, useful for providing secrets from files.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
services.patroni.settings = {
|
||||||
|
scope = cfg.scope;
|
||||||
|
name = cfg.name;
|
||||||
|
namespace = cfg.namespace;
|
||||||
|
|
||||||
|
restapi = {
|
||||||
|
listen = "${cfg.nodeIp}:${toString cfg.restApiPort}";
|
||||||
|
connect_address = "${cfg.nodeIp}:${toString cfg.restApiPort}";
|
||||||
|
};
|
||||||
|
|
||||||
|
raft = mkIf cfg.raft {
|
||||||
|
data_dir = "${cfg.dataDir}/raft";
|
||||||
|
self_addr = "${cfg.nodeIp}:5010";
|
||||||
|
partner_addrs = map (ip: ip + ":5010") cfg.otherNodesIps;
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresql = {
|
||||||
|
listen = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
|
||||||
|
connect_address = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
|
||||||
|
data_dir = cfg.postgresqlDataDir;
|
||||||
|
bin_dir = "${cfg.postgresqlPackage}/bin";
|
||||||
|
pgpass = "${cfg.dataDir}/pgpass";
|
||||||
|
};
|
||||||
|
|
||||||
|
watchdog = mkIf cfg.softwareWatchdog {
|
||||||
|
mode = "required";
|
||||||
|
device = "/dev/watchdog";
|
||||||
|
safety_margin = 5;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
users = {
|
||||||
|
users = mkIf (cfg.user == defaultUser) {
|
||||||
|
patroni = {
|
||||||
|
group = cfg.group;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
groups = mkIf (cfg.group == defaultGroup) {
|
||||||
|
patroni = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
patroni = {
|
||||||
|
description = "Runners to orchestrate a high-availability PostgreSQL";
|
||||||
|
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))}
|
||||||
|
exec ${patroni}/bin/patroni ${configFile}
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = mkMerge [
|
||||||
|
{
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "on-failure";
|
||||||
|
TimeoutSec = 30;
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
|
||||||
|
KillMode = "process";
|
||||||
|
}
|
||||||
|
(mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") {
|
||||||
|
StateDirectory = "patroni patroni/raft postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}";
|
||||||
|
StateDirectoryMode = "0750";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ];
|
||||||
|
|
||||||
|
services.udev.extraRules = mkIf cfg.softwareWatchdog ''
|
||||||
|
KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600"
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
patroni
|
||||||
|
cfg.postgresqlPackage
|
||||||
|
(mkIf cfg.raft pkgs.python310Packages.pysyncobj)
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.etc."${configFileName}".source = configFile;
|
||||||
|
|
||||||
|
environment.sessionVariables = {
|
||||||
|
PATRONICTL_CONFIG_FILE = "/etc/${configFileName}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.maintainers = [ maintainers.phfroidmont ];
|
||||||
|
}
|
|
@ -109,10 +109,9 @@ in
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra configuration for <literal>slurmdbd.conf</literal> See also:
|
Extra configuration for `slurmdbd.conf` See also:
|
||||||
<citerefentry><refentrytitle>slurmdbd.conf</refentrytitle>
|
{manpage}`slurmdbd.conf(8)`.
|
||||||
<manvolnum>8</manvolnum></citerefentry>.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -121,10 +121,10 @@ in {
|
||||||
keepalive = mkOption {
|
keepalive = mkOption {
|
||||||
default = 600;
|
default = 600;
|
||||||
type = types.int;
|
type = types.int;
|
||||||
description = "
|
description = lib.mdDoc ''
|
||||||
This is a number that indicates how frequently keepalive messages should be sent
|
This is a number that indicates how frequently keepalive messages should be sent
|
||||||
from the worker to the buildmaster, expressed in seconds.
|
from the worker to the buildmaster, expressed in seconds.
|
||||||
";
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
|
|
|
@ -193,7 +193,7 @@ in
|
||||||
options.services.buildkite-agents = mkOption {
|
options.services.buildkite-agents = mkOption {
|
||||||
type = types.attrsOf (types.submodule buildkiteOptions);
|
type = types.attrsOf (types.submodule buildkiteOptions);
|
||||||
default = {};
|
default = {};
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Attribute set of buildkite agents.
|
Attribute set of buildkite agents.
|
||||||
The attribute key is combined with the hostname and a unique integer to
|
The attribute key is combined with the hostname and a unique integer to
|
||||||
create the final agent name. This can be overridden by setting the `name`
|
create the final agent name. This can be overridden by setting the `name`
|
||||||
|
|
|
@ -48,9 +48,14 @@ in
|
||||||
tokenFile = mkOption {
|
tokenFile = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
The full path to a file which contains the runner registration token.
|
The full path to a file which contains either a runner registration token or a
|
||||||
|
personal access token (PAT).
|
||||||
The file should contain exactly one line with the token without any newline.
|
The file should contain exactly one line with the token without any newline.
|
||||||
The token can be used to re-register a runner of the same name but is time-limited.
|
If a registration token is given, it can be used to re-register a runner of the same
|
||||||
|
name but is time-limited. If the file contains a PAT, the service creates a new
|
||||||
|
registration token on startup as needed. Make sure the PAT has a scope of
|
||||||
|
`admin:org` for organization-wide registrations or a scope of
|
||||||
|
`repo` for a single repository.
|
||||||
|
|
||||||
Changing this option or the file's content triggers a new runner registration.
|
Changing this option or the file's content triggers a new runner registration.
|
||||||
'';
|
'';
|
||||||
|
@ -117,6 +122,24 @@ in
|
||||||
default = pkgs.github-runner;
|
default = pkgs.github-runner;
|
||||||
defaultText = literalExpression "pkgs.github-runner";
|
defaultText = literalExpression "pkgs.github-runner";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ephemeral = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
If enabled, causes the following behavior:
|
||||||
|
|
||||||
|
- Passes the `--ephemeral` flag to the runner configuration script
|
||||||
|
- De-registers and stops the runner with GitHub after it has processed one job
|
||||||
|
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
|
||||||
|
- Restarts the service after its successful exit
|
||||||
|
- On start, wipes the state directory and configures a new runner
|
||||||
|
|
||||||
|
You should only enable this option if `tokenFile` points to a file which contains a
|
||||||
|
personal access token (PAT). If you're using the option with a registration token, restarting the
|
||||||
|
service will fail as soon as the registration token expired.
|
||||||
|
'';
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -136,7 +159,7 @@ in
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
HOME = runtimeDir;
|
HOME = runtimeDir;
|
||||||
RUNNER_ROOT = runtimeDir;
|
RUNNER_ROOT = stateDir;
|
||||||
};
|
};
|
||||||
|
|
||||||
path = (with pkgs; [
|
path = (with pkgs; [
|
||||||
|
@ -150,7 +173,7 @@ in
|
||||||
] ++ cfg.extraPackages;
|
] ++ cfg.extraPackages;
|
||||||
|
|
||||||
serviceConfig = rec {
|
serviceConfig = rec {
|
||||||
ExecStart = "${cfg.package}/bin/runsvc.sh";
|
ExecStart = "${cfg.package}/bin/Runner.Listener run --startuptype service";
|
||||||
|
|
||||||
# Does the following, sequentially:
|
# Does the following, sequentially:
|
||||||
# - If the module configuration or the token has changed, purge the state directory,
|
# - If the module configuration or the token has changed, purge the state directory,
|
||||||
|
@ -178,7 +201,7 @@ in
|
||||||
${lines}
|
${lines}
|
||||||
'';
|
'';
|
||||||
currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
|
currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
|
||||||
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg;
|
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" "ephemeral" ] cfg;
|
||||||
newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
|
newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
|
||||||
newConfigTokenFilename = ".new-token";
|
newConfigTokenFilename = ".new-token";
|
||||||
runnerCredFiles = [
|
runnerCredFiles = [
|
||||||
|
@ -188,6 +211,9 @@ in
|
||||||
];
|
];
|
||||||
unconfigureRunner = writeScript "unconfigure" ''
|
unconfigureRunner = writeScript "unconfigure" ''
|
||||||
differs=
|
differs=
|
||||||
|
|
||||||
|
if [[ "$(ls -A "$STATE_DIRECTORY")" ]]; then
|
||||||
|
# State directory is not empty
|
||||||
# Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist
|
# Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist
|
||||||
${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1
|
${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1
|
||||||
# Also trigger a registration if the token content changed
|
# Also trigger a registration if the token content changed
|
||||||
|
@ -195,10 +221,14 @@ in
|
||||||
"$STATE_DIRECTORY"/${currentConfigTokenFilename} \
|
"$STATE_DIRECTORY"/${currentConfigTokenFilename} \
|
||||||
${escapeShellArg cfg.tokenFile} \
|
${escapeShellArg cfg.tokenFile} \
|
||||||
>/dev/null 2>&1 || differs=1
|
>/dev/null 2>&1 || differs=1
|
||||||
|
# If .credentials does not exist, assume a previous run de-registered the runner on stop (ephemeral mode)
|
||||||
|
[[ ! -f "$STATE_DIRECTORY/.credentials" ]] && differs=1
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -n "$differs" ]]; then
|
if [[ -n "$differs" ]]; then
|
||||||
echo "Config has changed, removing old runner state."
|
echo "Config has changed, removing old runner state."
|
||||||
echo "The old runner will still appear in the GitHub Actions UI." \
|
# In ephemeral mode, the runner deletes the `.credentials` file after de-registering it with GitHub
|
||||||
|
[[ -f "$STATE_DIRECTORY/.credentials" ]] && echo "The old runner will still appear in the GitHub Actions UI." \
|
||||||
"You have to remove it manually."
|
"You have to remove it manually."
|
||||||
find "$STATE_DIRECTORY/" -mindepth 1 -delete
|
find "$STATE_DIRECTORY/" -mindepth 1 -delete
|
||||||
|
|
||||||
|
@ -212,17 +242,28 @@ in
|
||||||
if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then
|
if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then
|
||||||
echo "Configuring GitHub Actions Runner"
|
echo "Configuring GitHub Actions Runner"
|
||||||
|
|
||||||
token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename})
|
args=(
|
||||||
RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \
|
--unattended
|
||||||
--unattended \
|
--disableupdate
|
||||||
--disableupdate \
|
--work "$RUNTIME_DIRECTORY"
|
||||||
--work "$RUNTIME_DIRECTORY" \
|
--url ${escapeShellArg cfg.url}
|
||||||
--url ${escapeShellArg cfg.url} \
|
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)}
|
||||||
--token "$token" \
|
--name ${escapeShellArg cfg.name}
|
||||||
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)} \
|
${optionalString cfg.replace "--replace"}
|
||||||
--name ${escapeShellArg cfg.name} \
|
|
||||||
${optionalString cfg.replace "--replace"} \
|
|
||||||
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}
|
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}
|
||||||
|
${optionalString cfg.ephemeral "--ephemeral"}
|
||||||
|
)
|
||||||
|
|
||||||
|
# If the token file contains a PAT (i.e., it starts with "ghp_"), we have to use the --pat option,
|
||||||
|
# if it is not a PAT, we assume it contains a registration token and use the --token option
|
||||||
|
token=$(<"$STATE_DIRECTORY/${newConfigTokenFilename}")
|
||||||
|
if [[ "$token" =~ ^ghp_* ]]; then
|
||||||
|
args+=(--pat "$token")
|
||||||
|
else
|
||||||
|
args+=(--token "$token")
|
||||||
|
fi
|
||||||
|
|
||||||
|
${cfg.package}/bin/config.sh "''${args[@]}"
|
||||||
|
|
||||||
# Move the automatically created _diag dir to the logs dir
|
# Move the automatically created _diag dir to the logs dir
|
||||||
mkdir -p "$STATE_DIRECTORY/_diag"
|
mkdir -p "$STATE_DIRECTORY/_diag"
|
||||||
|
@ -250,6 +291,10 @@ in
|
||||||
setupRuntimeDir
|
setupRuntimeDir
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# If running in ephemeral mode, restart the service on-exit (i.e., successful de-registration of the runner)
|
||||||
|
# to trigger a fresh registration.
|
||||||
|
Restart = if cfg.ephemeral then "on-success" else "no";
|
||||||
|
|
||||||
# Contains _diag
|
# Contains _diag
|
||||||
LogsDirectory = [ systemdDir ];
|
LogsDirectory = [ systemdDir ];
|
||||||
# Default RUNNER_ROOT which contains ephemeral Runner data
|
# Default RUNNER_ROOT which contains ephemeral Runner data
|
||||||
|
@ -269,8 +314,7 @@ in
|
||||||
# By default, use a dynamically allocated user
|
# By default, use a dynamically allocated user
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
|
|
||||||
KillMode = "process";
|
KillSignal = "SIGINT";
|
||||||
KillSignal = "SIGTERM";
|
|
||||||
|
|
||||||
# Hardening (may overlap with DynamicUser=)
|
# Hardening (may overlap with DynamicUser=)
|
||||||
# The following options are only for optimizing:
|
# The following options are only for optimizing:
|
||||||
|
|
|
@ -103,15 +103,15 @@ let
|
||||||
defaultText = literalExpression ''baseDirectory + "/secrets"'';
|
defaultText = literalExpression ''baseDirectory + "/secrets"'';
|
||||||
};
|
};
|
||||||
clusterJoinTokenPath = mkOption {
|
clusterJoinTokenPath = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Location of the cluster-join-token.key file.
|
Location of the cluster-join-token.key file.
|
||||||
|
|
||||||
You can retrieve the contents of the file when creating a new agent via
|
You can retrieve the contents of the file when creating a new agent via
|
||||||
<link xlink:href="https://hercules-ci.com/dashboard">https://hercules-ci.com/dashboard</link>.
|
<https://hercules-ci.com/dashboard>.
|
||||||
|
|
||||||
As this value is confidential, it should not be in the store, but
|
As this value is confidential, it should not be in the store, but
|
||||||
installed using other means, such as agenix, NixOps
|
installed using other means, such as agenix, NixOps
|
||||||
<literal>deployment.keys</literal>, or manual installation.
|
`deployment.keys`, or manual installation.
|
||||||
|
|
||||||
The contents of the file are used for authentication between the agent and the API.
|
The contents of the file are used for authentication between the agent and the API.
|
||||||
'';
|
'';
|
||||||
|
@ -120,29 +120,28 @@ let
|
||||||
defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';
|
defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';
|
||||||
};
|
};
|
||||||
binaryCachesPath = mkOption {
|
binaryCachesPath = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Path to a JSON file containing binary cache secret keys.
|
Path to a JSON file containing binary cache secret keys.
|
||||||
|
|
||||||
As these values are confidential, they should not be in the store, but
|
As these values are confidential, they should not be in the store, but
|
||||||
copied over using other means, such as agenix, NixOps
|
copied over using other means, such as agenix, NixOps
|
||||||
<literal>deployment.keys</literal>, or manual installation.
|
`deployment.keys`, or manual installation.
|
||||||
|
|
||||||
The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/">https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/</link>.
|
The format is described on <https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/>.
|
||||||
'';
|
'';
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = config.staticSecretsDirectory + "/binary-caches.json";
|
default = config.staticSecretsDirectory + "/binary-caches.json";
|
||||||
defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';
|
defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';
|
||||||
};
|
};
|
||||||
secretsJsonPath = mkOption {
|
secretsJsonPath = mkOption {
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Path to a JSON file containing secrets for effects.
|
Path to a JSON file containing secrets for effects.
|
||||||
|
|
||||||
As these values are confidential, they should not be in the store, but
|
As these values are confidential, they should not be in the store, but
|
||||||
copied over using other means, such as agenix, NixOps
|
copied over using other means, such as agenix, NixOps
|
||||||
<literal>deployment.keys</literal>, or manual installation.
|
`deployment.keys`, or manual installation.
|
||||||
|
|
||||||
The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/">https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/</link>.
|
|
||||||
|
|
||||||
|
The format is described on <https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/>.
|
||||||
'';
|
'';
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = config.staticSecretsDirectory + "/secrets.json";
|
default = config.staticSecretsDirectory + "/secrets.json";
|
||||||
|
|
|
@ -87,7 +87,7 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = localDB;
|
default = localDB;
|
||||||
example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;";
|
example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The DBI string for Hydra database connection.
|
The DBI string for Hydra database connection.
|
||||||
|
|
||||||
NOTE: Attempts to set `application_name` will be overridden by
|
NOTE: Attempts to set `application_name` will be overridden by
|
||||||
|
@ -115,8 +115,8 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "*";
|
default = "*";
|
||||||
example = "localhost";
|
example = "localhost";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The hostname or address to listen on or <literal>*</literal> to listen
|
The hostname or address to listen on or `*` to listen
|
||||||
on all interfaces.
|
on all interfaces.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -97,9 +97,9 @@ in
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Open the firewall ports corresponding to FoundationDB processes and coordinators
|
Open the firewall ports corresponding to FoundationDB processes and coordinators
|
||||||
using <option>config.networking.firewall.*</option>.
|
using {option}`config.networking.firewall.*`.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -35,9 +35,9 @@ in
|
||||||
default = pkgs.mongodb;
|
default = pkgs.mongodb;
|
||||||
defaultText = literalExpression "pkgs.mongodb";
|
defaultText = literalExpression "pkgs.mongodb";
|
||||||
type = types.package;
|
type = types.package;
|
||||||
description = "
|
description = lib.mdDoc ''
|
||||||
Which MongoDB derivation to use.
|
Which MongoDB derivation to use.
|
||||||
";
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
|
|
|
@ -36,9 +36,9 @@ in
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
example = literalExpression "pkgs.mariadb";
|
example = literalExpression "pkgs.mariadb";
|
||||||
description = "
|
description = lib.mdDoc ''
|
||||||
Which MySQL derivation to use. MariaDB packages are supported too.
|
Which MySQL derivation to use. MariaDB packages are supported too.
|
||||||
";
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
|
|
|
@ -36,48 +36,43 @@ let
|
||||||
serverConfig = pkgs.writeText "neo4j.conf" ''
|
serverConfig = pkgs.writeText "neo4j.conf" ''
|
||||||
# General
|
# General
|
||||||
dbms.allow_upgrade=${boolToString cfg.allowUpgrade}
|
dbms.allow_upgrade=${boolToString cfg.allowUpgrade}
|
||||||
dbms.connectors.default_listen_address=${cfg.defaultListenAddress}
|
dbms.default_listen_address=${cfg.defaultListenAddress}
|
||||||
dbms.read_only=${boolToString cfg.readOnly}
|
dbms.databases.default_to_read_only=${boolToString cfg.readOnly}
|
||||||
${optionalString (cfg.workerCount > 0) ''
|
${optionalString (cfg.workerCount > 0) ''
|
||||||
dbms.threads.worker_count=${toString cfg.workerCount}
|
dbms.threads.worker_count=${toString cfg.workerCount}
|
||||||
''}
|
''}
|
||||||
|
|
||||||
# Directories
|
# Directories (readonly)
|
||||||
dbms.directories.certificates=${cfg.directories.certificates}
|
dbms.directories.certificates=${cfg.directories.certificates}
|
||||||
dbms.directories.data=${cfg.directories.data}
|
|
||||||
dbms.directories.logs=${cfg.directories.home}/logs
|
|
||||||
dbms.directories.plugins=${cfg.directories.plugins}
|
dbms.directories.plugins=${cfg.directories.plugins}
|
||||||
|
dbms.directories.lib=${cfg.package}/share/neo4j/lib
|
||||||
${optionalString (cfg.constrainLoadCsv) ''
|
${optionalString (cfg.constrainLoadCsv) ''
|
||||||
dbms.directories.import=${cfg.directories.imports}
|
dbms.directories.import=${cfg.directories.imports}
|
||||||
''}
|
''}
|
||||||
|
|
||||||
|
# Directories (read and write)
|
||||||
|
dbms.directories.data=${cfg.directories.data}
|
||||||
|
dbms.directories.logs=${cfg.directories.home}/logs
|
||||||
|
dbms.directories.run=${cfg.directories.home}/run
|
||||||
|
|
||||||
# HTTP Connector
|
# HTTP Connector
|
||||||
${optionalString (cfg.http.enable) ''
|
${optionalString (cfg.http.enable) ''
|
||||||
dbms.connector.http.enabled=${boolToString cfg.http.enable}
|
dbms.connector.http.enabled=${boolToString cfg.http.enable}
|
||||||
dbms.connector.http.listen_address=${cfg.http.listenAddress}
|
dbms.connector.http.listen_address=${cfg.http.listenAddress}
|
||||||
''}
|
dbms.connector.http.advertised_address=${cfg.http.listenAddress}
|
||||||
${optionalString (!cfg.http.enable) ''
|
|
||||||
# It is not possible to disable the HTTP connector. To fully prevent
|
|
||||||
# clients from connecting to HTTP, block the HTTP port (7474 by default)
|
|
||||||
# via firewall. listen_address is set to the loopback interface to
|
|
||||||
# prevent remote clients from connecting.
|
|
||||||
dbms.connector.http.listen_address=127.0.0.1
|
|
||||||
''}
|
''}
|
||||||
|
|
||||||
# HTTPS Connector
|
# HTTPS Connector
|
||||||
dbms.connector.https.enabled=${boolToString cfg.https.enable}
|
dbms.connector.https.enabled=${boolToString cfg.https.enable}
|
||||||
dbms.connector.https.listen_address=${cfg.https.listenAddress}
|
dbms.connector.https.listen_address=${cfg.https.listenAddress}
|
||||||
https.ssl_policy=${cfg.https.sslPolicy}
|
dbms.connector.https.advertised_address=${cfg.https.listenAddress}
|
||||||
|
|
||||||
# BOLT Connector
|
# BOLT Connector
|
||||||
dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable}
|
dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable}
|
||||||
dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress}
|
dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress}
|
||||||
bolt.ssl_policy=${cfg.bolt.sslPolicy}
|
dbms.connector.bolt.advertised_address=${cfg.bolt.listenAddress}
|
||||||
dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel}
|
dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel}
|
||||||
|
|
||||||
# neo4j-shell
|
|
||||||
dbms.shell.enabled=${boolToString cfg.shell.enable}
|
|
||||||
|
|
||||||
# SSL Policies
|
# SSL Policies
|
||||||
${concatStringsSep "\n" sslPolicies}
|
${concatStringsSep "\n" sslPolicies}
|
||||||
|
|
||||||
|
@ -95,8 +90,10 @@ let
|
||||||
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
|
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
|
||||||
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
|
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
|
||||||
|
|
||||||
# Usage Data Collector
|
#dbms.memory.heap.initial_size=12000m
|
||||||
dbms.udc.enabled=${boolToString cfg.udc.enable}
|
#dbms.memory.heap.max_size=12000m
|
||||||
|
#dbms.memory.pagecache.size=4g
|
||||||
|
#dbms.tx_state.max_off_heap_memory=8000m
|
||||||
|
|
||||||
# Extra Configuration
|
# Extra Configuration
|
||||||
${cfg.extraServerConfig}
|
${cfg.extraServerConfig}
|
||||||
|
@ -114,6 +111,8 @@ in {
|
||||||
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
|
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
|
||||||
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
|
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
|
||||||
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
|
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
|
||||||
|
(mkRemovedOptionModule [ "services" "neo4j" "shell" "enabled" ] "shell.enabled was removed upstream")
|
||||||
|
(mkRemovedOptionModule [ "services" "neo4j" "udc" "enabled" ] "udc.enabled was removed upstream")
|
||||||
];
|
];
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
|
@ -334,13 +333,10 @@ in {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = lib.mdDoc ''
|
description = ''
|
||||||
The HTTP connector is required for Neo4j, and cannot be disabled.
|
Enable the HTTP connector for Neo4j. Setting this option to
|
||||||
Setting this option to `false` will force the HTTP
|
<literal>false</literal> will stop Neo4j from listening for incoming
|
||||||
connector's {option}`listenAddress` to the loopback
|
connections on the HTTPS port (7474 by default).
|
||||||
interface to prevent connection of remote clients. To prevent all
|
|
||||||
clients from connecting, block the HTTP port (7474 by default) by
|
|
||||||
firewall.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -568,19 +564,6 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
udc = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Enable the Usage Data Collector which Neo4j uses to collect usage
|
|
||||||
data. Refer to the operations manual section on the
|
|
||||||
[Usage Data Collector](https://neo4j.com/docs/operations-manual/current/configuration/usage-data-collector/)
|
|
||||||
for more information.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
@ -612,7 +595,7 @@ in {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
environment = {
|
environment = {
|
||||||
NEO4J_HOME = "${cfg.package}/share/neo4j";
|
NEO4J_HOME = "${cfg.directories.home}";
|
||||||
NEO4J_CONF = "${cfg.directories.home}/conf";
|
NEO4J_CONF = "${cfg.directories.home}/conf";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -653,6 +636,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
maintainers = with lib.maintainers; [ patternspandemic ];
|
maintainers = with lib.maintainers; [ patternspandemic jonringer erictapen ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -79,15 +79,15 @@ in
|
||||||
authentication = mkOption {
|
authentication = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Defines how users authenticate themselves to the server. See the
|
Defines how users authenticate themselves to the server. See the
|
||||||
<link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">PostgreSQL documentation for pg_hba.conf</link>
|
[PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html)
|
||||||
for details on the expected format of this option. By default,
|
for details on the expected format of this option. By default,
|
||||||
peer based authentication will be used for users connecting
|
peer based authentication will be used for users connecting
|
||||||
via the Unix socket, and md5 password authentication will be
|
via the Unix socket, and md5 password authentication will be
|
||||||
used for users connecting via TCP. Any added rules will be
|
used for users connecting via TCP. Any added rules will be
|
||||||
inserted above the default rules. If you'd like to replace the
|
inserted above the default rules. If you'd like to replace the
|
||||||
default rules entirely, you can use <function>lib.mkForce</function> in your
|
default rules entirely, you can use `lib.mkForce` in your
|
||||||
module.
|
module.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -24,22 +24,22 @@ in
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
default = "rethinkdb";
|
default = "rethinkdb";
|
||||||
description = "User account under which RethinkDB runs.";
|
description = lib.mdDoc "User account under which RethinkDB runs.";
|
||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
default = "rethinkdb";
|
default = "rethinkdb";
|
||||||
description = "Group which rethinkdb user belongs to.";
|
description = lib.mdDoc "Group which rethinkdb user belongs to.";
|
||||||
};
|
};
|
||||||
|
|
||||||
dbpath = mkOption {
|
dbpath = mkOption {
|
||||||
default = "/var/db/rethinkdb";
|
default = "/var/db/rethinkdb";
|
||||||
description = "Location where RethinkDB stores its data, 1 data directory per instance.";
|
description = lib.mdDoc "Location where RethinkDB stores its data, 1 data directory per instance.";
|
||||||
};
|
};
|
||||||
|
|
||||||
pidpath = mkOption {
|
pidpath = mkOption {
|
||||||
default = "/run/rethinkdb";
|
default = "/run/rethinkdb";
|
||||||
description = "Location where each instance's pid file is located.";
|
description = lib.mdDoc "Location where each instance's pid file is located.";
|
||||||
};
|
};
|
||||||
|
|
||||||
#cfgpath = mkOption {
|
#cfgpath = mkOption {
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
},
|
},
|
||||||
"context.spa-libs": {
|
"context.spa-libs": {
|
||||||
"audio.convert.*": "audioconvert/libspa-audioconvert",
|
"audio.convert.*": "audioconvert/libspa-audioconvert",
|
||||||
|
"avb.*": "avb/libspa-avb",
|
||||||
"api.alsa.*": "alsa/libspa-alsa",
|
"api.alsa.*": "alsa/libspa-alsa",
|
||||||
"api.v4l2.*": "v4l2/libspa-v4l2",
|
"api.v4l2.*": "v4l2/libspa-v4l2",
|
||||||
"api.libcamera.*": "libcamera/libspa-libcamera",
|
"api.libcamera.*": "libcamera/libspa-libcamera",
|
||||||
|
|
|
@ -39,14 +39,14 @@ in {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = "Whether to enable the deprecated example Pipewire session manager";
|
description = lib.mdDoc "Whether to enable the deprecated example Pipewire session manager";
|
||||||
};
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.pipewire-media-session;
|
default = pkgs.pipewire-media-session;
|
||||||
defaultText = literalExpression "pkgs.pipewire-media-session";
|
defaultText = literalExpression "pkgs.pipewire-media-session";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The pipewire-media-session derivation to use.
|
The pipewire-media-session derivation to use.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -54,7 +54,7 @@ in {
|
||||||
config = {
|
config = {
|
||||||
media-session = mkOption {
|
media-session = mkOption {
|
||||||
type = json.type;
|
type = json.type;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Configuration for the media session core. For details see
|
Configuration for the media session core. For details see
|
||||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/media-session.conf
|
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/media-session.conf
|
||||||
'';
|
'';
|
||||||
|
@ -63,7 +63,7 @@ in {
|
||||||
|
|
||||||
alsa-monitor = mkOption {
|
alsa-monitor = mkOption {
|
||||||
type = json.type;
|
type = json.type;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Configuration for the alsa monitor. For details see
|
Configuration for the alsa monitor. For details see
|
||||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/alsa-monitor.conf
|
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/alsa-monitor.conf
|
||||||
'';
|
'';
|
||||||
|
@ -72,7 +72,7 @@ in {
|
||||||
|
|
||||||
bluez-monitor = mkOption {
|
bluez-monitor = mkOption {
|
||||||
type = json.type;
|
type = json.type;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Configuration for the bluez5 monitor. For details see
|
Configuration for the bluez5 monitor. For details see
|
||||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/bluez-monitor.conf
|
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/bluez-monitor.conf
|
||||||
'';
|
'';
|
||||||
|
@ -81,7 +81,7 @@ in {
|
||||||
|
|
||||||
v4l2-monitor = mkOption {
|
v4l2-monitor = mkOption {
|
||||||
type = json.type;
|
type = json.type;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Configuration for the V4L2 monitor. For details see
|
Configuration for the V4L2 monitor. For details see
|
||||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/v4l2-monitor.conf
|
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/v4l2-monitor.conf
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -34,7 +34,8 @@ with lib;
|
||||||
];
|
];
|
||||||
|
|
||||||
# for $out/bin/install-printer-driver
|
# for $out/bin/install-printer-driver
|
||||||
services.packagekit.enable = true;
|
# TODO: Enable once #177946 is resolved
|
||||||
|
# services.packagekit.enable = true;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ in {
|
||||||
ip = mkOption {
|
ip = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "localhost";
|
default = "localhost";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
IP address Jupyter will be listening on.
|
IP address Jupyter will be listening on.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -41,7 +41,7 @@ in {
|
||||||
# saving a rebuild.
|
# saving a rebuild.
|
||||||
default = pkgs.python3.pkgs.notebook;
|
default = pkgs.python3.pkgs.notebook;
|
||||||
defaultText = literalExpression "pkgs.python3.pkgs.notebook";
|
defaultText = literalExpression "pkgs.python3.pkgs.notebook";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Jupyter package to use.
|
Jupyter package to use.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -50,7 +50,7 @@ in {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "jupyter-notebook";
|
default = "jupyter-notebook";
|
||||||
example = "jupyter-lab";
|
example = "jupyter-lab";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Which command the service runs. Note that not all jupyter packages
|
Which command the service runs. Note that not all jupyter packages
|
||||||
have all commands, e.g. jupyter-lab isn't present in the default package.
|
have all commands, e.g. jupyter-lab isn't present in the default package.
|
||||||
'';
|
'';
|
||||||
|
@ -59,7 +59,7 @@ in {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 8888;
|
default = 8888;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Port number Jupyter will be listening on.
|
Port number Jupyter will be listening on.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -67,7 +67,7 @@ in {
|
||||||
notebookDir = mkOption {
|
notebookDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "~/";
|
default = "~/";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Root directory for notebooks.
|
Root directory for notebooks.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -75,7 +75,7 @@ in {
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "jupyter";
|
default = "jupyter";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name of the user used to run the jupyter service.
|
Name of the user used to run the jupyter service.
|
||||||
For security reason, jupyter should really not be run as root.
|
For security reason, jupyter should really not be run as root.
|
||||||
If not set (jupyter), the service will create a jupyter user with appropriate settings.
|
If not set (jupyter), the service will create a jupyter user with appropriate settings.
|
||||||
|
@ -86,7 +86,7 @@ in {
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "jupyter";
|
default = "jupyter";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name of the group used to run the jupyter service.
|
Name of the group used to run the jupyter service.
|
||||||
Use this if you want to create a group of users that are able to view the notebook directory's content.
|
Use this if you want to create a group of users that are able to view the notebook directory's content.
|
||||||
'';
|
'';
|
||||||
|
@ -95,7 +95,7 @@ in {
|
||||||
|
|
||||||
password = mkOption {
|
password = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Password to use with notebook.
|
Password to use with notebook.
|
||||||
Can be generated using:
|
Can be generated using:
|
||||||
In [1]: from notebook.auth import passwd
|
In [1]: from notebook.auth import passwd
|
||||||
|
@ -112,7 +112,7 @@ in {
|
||||||
notebookConfig = mkOption {
|
notebookConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Raw jupyter config.
|
Raw jupyter config.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -149,13 +149,14 @@ in {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = "Declarative kernel config
|
description = lib.mdDoc ''
|
||||||
|
Declarative kernel config.
|
||||||
|
|
||||||
Kernels can be declared in any language that supports and has the required
|
Kernels can be declared in any language that supports and has the required
|
||||||
dependencies to communicate with a jupyter server.
|
dependencies to communicate with a jupyter server.
|
||||||
In python's case, it means that ipykernel package must always be included in
|
In python's case, it means that ipykernel package must always be included in
|
||||||
the list of packages of the targeted environment.
|
the list of packages of the targeted environment.
|
||||||
";
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ with lib;
|
||||||
"Python 3"
|
"Python 3"
|
||||||
"Python 3 for Data Science"
|
"Python 3 for Data Science"
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name that will be shown to the user.
|
Name that will be shown to the user.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -27,7 +27,7 @@ with lib;
|
||||||
"-f"
|
"-f"
|
||||||
"{connection_file}"
|
"{connection_file}"
|
||||||
];
|
];
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Command and arguments to start the kernel.
|
Command and arguments to start the kernel.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -35,7 +35,7 @@ with lib;
|
||||||
language = mkOption {
|
language = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "python";
|
example = "python";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Language of the environment. Typically the name of the binary.
|
Language of the environment. Typically the name of the binary.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -44,7 +44,7 @@ with lib;
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"'';
|
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Path to 32x32 logo png.
|
Path to 32x32 logo png.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -52,7 +52,7 @@ with lib;
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"'';
|
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Path to 64x64 logo png.
|
Path to 64x64 logo png.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -61,7 +61,7 @@ with lib;
|
||||||
type = types.attrsOf types.path;
|
type = types.attrsOf types.path;
|
||||||
default = { };
|
default = { };
|
||||||
example = literalExpression ''"{ examples = ''${env.sitePack}/IRkernel/kernelspec/kernel.js"; }'';
|
example = literalExpression ''"{ examples = ''${env.sitePack}/IRkernel/kernelspec/kernel.js"; }'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra paths to link in kernel directory
|
Extra paths to link in kernel directory
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -35,7 +35,7 @@ in {
|
||||||
authentication = mkOption {
|
authentication = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "jupyterhub.auth.PAMAuthenticator";
|
default = "jupyterhub.auth.PAMAuthenticator";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Jupyterhub authentication to use
|
Jupyterhub authentication to use
|
||||||
|
|
||||||
There are many authenticators available including: oauth, pam,
|
There are many authenticators available including: oauth, pam,
|
||||||
|
@ -46,7 +46,7 @@ in {
|
||||||
spawner = mkOption {
|
spawner = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "systemdspawner.SystemdSpawner";
|
default = "systemdspawner.SystemdSpawner";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Jupyterhub spawner to use
|
Jupyterhub spawner to use
|
||||||
|
|
||||||
There are many spawners available including: local process,
|
There are many spawners available including: local process,
|
||||||
|
@ -57,7 +57,7 @@ in {
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Extra contents appended to the jupyterhub configuration
|
Extra contents appended to the jupyterhub configuration
|
||||||
|
|
||||||
Jupyterhub configuration is a normal python file using
|
Jupyterhub configuration is a normal python file using
|
||||||
|
@ -84,7 +84,7 @@ in {
|
||||||
jupyterhub-systemdspawner
|
jupyterhub-systemdspawner
|
||||||
])
|
])
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Python environment to run jupyterhub
|
Python environment to run jupyterhub
|
||||||
|
|
||||||
Customizing will affect the packages available in the hub and
|
Customizing will affect the packages available in the hub and
|
||||||
|
@ -106,7 +106,7 @@ in {
|
||||||
jupyterlab
|
jupyterlab
|
||||||
])
|
])
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Python environment to run jupyterlab
|
Python environment to run jupyterlab
|
||||||
|
|
||||||
Customizing will affect the packages available in the
|
Customizing will affect the packages available in the
|
||||||
|
@ -146,7 +146,7 @@ in {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Declarative kernel config
|
Declarative kernel config
|
||||||
|
|
||||||
Kernels can be declared in any language that supports and has
|
Kernels can be declared in any language that supports and has
|
||||||
|
@ -159,7 +159,7 @@ in {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.port;
|
type = types.port;
|
||||||
default = 8000;
|
default = 8000;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Port number Jupyterhub will be listening on
|
Port number Jupyterhub will be listening on
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -167,7 +167,7 @@ in {
|
||||||
host = mkOption {
|
host = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "0.0.0.0";
|
default = "0.0.0.0";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Bind IP JupyterHub will be listening on
|
Bind IP JupyterHub will be listening on
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -175,7 +175,7 @@ in {
|
||||||
stateDirectory = mkOption {
|
stateDirectory = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "jupyterhub";
|
default = "jupyterhub";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Directory for jupyterhub state (token + database)
|
Directory for jupyterhub state (token + database)
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,7 +9,7 @@ in {
|
||||||
enable = lib.mkOption {
|
enable = lib.mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Enables the daemon for `lorri`, a nix-shell replacement for project
|
Enables the daemon for `lorri`, a nix-shell replacement for project
|
||||||
development. The socket-activated daemon starts on the first request
|
development. The socket-activated daemon starts on the first request
|
||||||
issued by the `lorri` command.
|
issued by the `lorri` command.
|
||||||
|
|
|
@ -36,7 +36,7 @@ in {
|
||||||
certificateChain = mkOption {
|
certificateChain = mkOption {
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Chain of CA-certificates to which our `certificateFile` is relative.
|
Chain of CA-certificates to which our `certificateFile` is relative.
|
||||||
Optional for TLS.
|
Optional for TLS.
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -81,11 +81,11 @@ in
|
||||||
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
type = format.type;
|
type = format.type;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
The ASF.json file, all the options are documented <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config">here</link>.
|
The ASF.json file, all the options are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config).
|
||||||
Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything.
|
Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything.
|
||||||
`Headless` is also always set to `true` because there is no way to provide inputs via a systemd service.
|
`Headless` is also always set to `true` because there is no way to provide inputs via a systemd service.
|
||||||
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod">here</link>.
|
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod).
|
||||||
'';
|
'';
|
||||||
example = {
|
example = {
|
||||||
Statistics = false;
|
Statistics = false;
|
||||||
|
|
|
@ -41,7 +41,7 @@ in {
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "/var/lib/crossfire";
|
default = "/var/lib/crossfire";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Where to store runtime data (save files, persistent items, etc).
|
Where to store runtime data (save files, persistent items, etc).
|
||||||
|
|
||||||
If left at the default, this will be automatically created on server
|
If left at the default, this will be automatically created on server
|
||||||
|
@ -61,7 +61,7 @@ in {
|
||||||
|
|
||||||
configFiles = mkOption {
|
configFiles = mkOption {
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Text to append to the corresponding configuration files. Note that the
|
Text to append to the corresponding configuration files. Note that the
|
||||||
files given in the example are *not* the complete set of files available
|
files given in the example are *not* the complete set of files available
|
||||||
to customize; look in /etc/crossfire after enabling the server to see
|
to customize; look in /etc/crossfire after enabling the server to see
|
||||||
|
|
|
@ -41,7 +41,7 @@ in {
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "/var/lib/deliantra";
|
default = "/var/lib/deliantra";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Where to store runtime data (save files, persistent items, etc).
|
Where to store runtime data (save files, persistent items, etc).
|
||||||
|
|
||||||
If left at the default, this will be automatically created on server
|
If left at the default, this will be automatically created on server
|
||||||
|
|
|
@ -25,7 +25,7 @@ in
|
||||||
gameId = mkOption {
|
gameId = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Id of the game to use. To list available games run
|
Id of the game to use. To list available games run
|
||||||
`minetestserver --gameid list`.
|
`minetestserver --gameid list`.
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ in
|
||||||
world = mkOption {
|
world = mkOption {
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Name of the world to use. To list available worlds run
|
Name of the world to use. To list available worlds run
|
||||||
`minetestserver --world list`.
|
`minetestserver --world list`.
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ in
|
||||||
configPath = mkOption {
|
configPath = mkOption {
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Path to the config to use.
|
Path to the config to use.
|
||||||
|
|
||||||
If set to null, the config of the running user will be used:
|
If set to null, the config of the running user will be used:
|
||||||
|
|
|
@ -15,9 +15,9 @@ let
|
||||||
DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins}
|
DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"fwupd/uefi.conf" = {
|
"fwupd/uefi_capsule.conf" = {
|
||||||
source = pkgs.writeText "uefi.conf" ''
|
source = pkgs.writeText "uefi_capsule.conf" ''
|
||||||
[uefi]
|
[uefi_capsule]
|
||||||
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -35,11 +35,10 @@ in
|
||||||
LIBPATH /path/to/serial_reader.so
|
LIBPATH /path/to/serial_reader.so
|
||||||
CHANNELID 1
|
CHANNELID 1
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Configuration for devices that aren't hotpluggable.
|
Configuration for devices that aren't hotpluggable.
|
||||||
|
|
||||||
See <citerefentry><refentrytitle>reader.conf</refentrytitle>
|
See {manpage}`reader.conf(5)` for valid options.
|
||||||
<manvolnum>5</manvolnum></citerefentry> for valid options.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -126,10 +126,10 @@ in {
|
||||||
psycopg2
|
psycopg2
|
||||||
];
|
];
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
List of packages to add to propagatedBuildInputs.
|
List of packages to add to propagatedBuildInputs.
|
||||||
|
|
||||||
A popular example is <package>python3Packages.psycopg2</package>
|
A popular example is `python3Packages.psycopg2`
|
||||||
for PostgreSQL support in the recorder component.
|
for PostgreSQL support in the recorder component.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -121,11 +121,9 @@ in
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
example = "hourly";
|
example = "hourly";
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Specification of the time at which awstats will get updated.
|
Specification of the time at which awstats will get updated.
|
||||||
(in the format described by <citerefentry>
|
(in the format described by {manpage}`systemd.time(7)`)
|
||||||
<refentrytitle>systemd.time</refentrytitle>
|
|
||||||
<manvolnum>7</manvolnum></citerefentry>)
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -79,7 +79,7 @@ let
|
||||||
priority = mkOption {
|
priority = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 1000;
|
default = 1000;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Order of this logrotate block in relation to the others. The semantics are
|
Order of this logrotate block in relation to the others. The semantics are
|
||||||
the same as with `lib.mkOrder`. Smaller values have a greater priority.
|
the same as with `lib.mkOrder`. Smaller values have a greater priority.
|
||||||
'';
|
'';
|
||||||
|
@ -260,7 +260,7 @@ in
|
||||||
priority = mkOption {
|
priority = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 1000;
|
default = 1000;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Order of this logrotate block in relation to the others. The semantics are
|
Order of this logrotate block in relation to the others. The semantics are
|
||||||
the same as with `lib.mkOrder`. Smaller values are inserted first.
|
the same as with `lib.mkOrder`. Smaller values are inserted first.
|
||||||
'';
|
'';
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue