Project import generated by Copybara.

GitOrigin-RevId: a7855f2235a1876f97473a76151fec2afa02b287
This commit is contained in:
Default email 2022-08-21 15:32:41 +02:00
parent bd37aaa161
commit 13da32182d
1831 changed files with 57456 additions and 17499 deletions

View file

@ -36,3 +36,6 @@ d08ede042b74b8199dc748323768227b88efcf7c
# fix indentation in mk-python-derivation.nix # fix indentation in mk-python-derivation.nix
d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3 d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3
# fix indentation in meteor default.nix
f76b359e4a55267ddd4e9e149e7cc13ae5cad98a

View file

@ -108,9 +108,9 @@
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn /pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn
# Perl # Perl
/pkgs/development/interpreters/perl @stigtsp @zakame /pkgs/development/interpreters/perl @stigtsp @zakame @dasJ
/pkgs/top-level/perl-packages.nix @stigtsp @zakame /pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ
/pkgs/development/perl-modules @stigtsp @zakame /pkgs/development/perl-modules @stigtsp @zakame @dasJ
# R # R
/pkgs/applications/science/math/R @jbedo /pkgs/applications/science/math/R @jbedo

View file

@ -62,25 +62,26 @@ many CODEOWNERS will be inadvertently requested for review. To achieve this,
rebasing should not be performed directly on the target branch, but on the merge rebasing should not be performed directly on the target branch, but on the merge
base between the current and target branch. base between the current and target branch.
In the following example, we see a rebase from `master` onto the merge base In the following example, we assume that the current branch, called `feature`,
between `master` and `staging`, so that a change can eventually be retargeted to is based on `master`, and we rebase it onto the merge base between
`staging`. The example uses `upstream` as the remote for `NixOS/nixpkgs.git` `master` and `staging` so that the PR can eventually be retargeted to
while the `origin` remote is used for the remote you are pushing to. `staging` without causing a mess. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
while `origin` is the remote you are pushing to.
```console ```console
# Find the common base between two branches # Rebase your commits onto the common merge base
common=$(git merge-base upstream/master upstream/staging) git rebase --onto upstream/staging... upstream/master
# Find the common base between your feature branch and master
commits=$(git merge-base $(git branch --show-current) upstream/master)
# Rebase all commits onto the common base
git rebase --onto=$common $commits
# Force push your changes # Force push your changes
git push origin $(git branch --show-current) --force-with-lease git push origin feature --force-with-lease
``` ```
The syntax `upstream/staging...` is equivalent to `upstream/staging...HEAD` and
stands for the merge base between `upstream/staging` and `HEAD` (hence between
`upstream/staging` and `upstream/master`).
Then change the base branch in the GitHub PR using the *Edit* button in the upper Then change the base branch in the GitHub PR using the *Edit* button in the upper
right corner, and switch from `master` to `staging`. After the PR has been right corner, and switch from `master` to `staging`. *After* the PR has been
retargeted it might be necessary to do a final rebase onto the target branch, to retargeted it might be necessary to do a final rebase onto the target branch, to
resolve any outstanding merge conflicts. resolve any outstanding merge conflicts.
@ -90,7 +91,7 @@ git rebase upstream/staging
# Review and fixup possible conflicts # Review and fixup possible conflicts
git status git status
# Force push your changes # Force push your changes
git push origin $(git branch --show-current) --force-with-lease git push origin feature --force-with-lease
``` ```
## Backporting changes ## Backporting changes

View file

@ -91,7 +91,7 @@ Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this c
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout. Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) and [git clone --filter](https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---filterltfilter-specgt) for more information: If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information:
```nix ```nix
{ stdenv, fetchgit }: { stdenv, fetchgit }:
@ -101,8 +101,8 @@ stdenv.mkDerivation {
src = fetchgit { src = fetchgit {
url = "https://..."; url = "https://...";
sparseCheckout = '' sparseCheckout = ''
path/to/be/included directory/to/be/included
another/path another/directory
''; '';
sha256 = "0000000000000000000000000000000000000000000000000000"; sha256 = "0000000000000000000000000000000000000000000000000000";
}; };

View file

@ -36,6 +36,9 @@ buildImage {
WorkingDir = "/data"; WorkingDir = "/data";
Volumes = { "/data" = { }; }; Volumes = { "/data" = { }; };
}; };
diskSize = 1024;
buildVMMemorySize = 512;
} }
``` ```
@ -59,6 +62,10 @@ The above example will build a Docker image `redis/latest` from the given base i
- `config` is used to specify the configuration of the containers that will be started off the built image in Docker. The available options are listed in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions). - `config` is used to specify the configuration of the containers that will be started off the built image in Docker. The available options are listed in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions).
- `diskSize` is used to specify the disk size of the VM used to build the image in megabytes. By default it's 1024 MiB.
- `buildVMMemorySize` is used to specify the memory size of the VM to build the image in megabytes. By default it's 512 MiB.
After the new layer has been created, its closure (to which `contents`, `config` and `runAsRoot` contribute) will be copied in the layer itself. Only new dependencies that are not already in the existing layers will be copied. After the new layer has been created, its closure (to which `contents`, `config` and `runAsRoot` contribute) will be copied in the layer itself. Only new dependencies that are not already in the existing layers will be copied.
At the end of the process, only one new single layer will be produced and added to the resulting image. At the end of the process, only one new single layer will be produced and added to the resulting image.

View file

@ -871,12 +871,27 @@ Constructs a wrapper for a program with various possible arguments. It is define
# adds `FOOBAR=baz` to `$out/bin/foo`s environment # adds `FOOBAR=baz` to `$out/bin/foo`s environment
makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
# prefixes the binary paths of `hello` and `git` # Prefixes the binary paths of `hello` and `git`
# and suffixes the binary path of `xdg-utils`.
# Be advised that paths often should be patched in directly # Be advised that paths often should be patched in directly
# (via string replacements or in `configurePhase`). # (via string replacements or in `configurePhase`).
makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]} makeWrapper $out/bin/foo $wrapperfile \
--prefix PATH : ${lib.makeBinPath [ hello git ]} \
--suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
``` ```
Packages may expect or require other utilities to be available at runtime.
`makeWrapper` can be used to add packages to a `PATH` environment variable local to a wrapper.
Use `--prefix` to explicitly set dependencies in `PATH`.
:::{note}
`--prefix` essentially hard-codes dependencies into the wrapper.
They cannot be overridden without rebuilding the package.
:::
If dependencies should be resolved at runtime, use `--suffix` to append fallback values to `PATH`.
Theres many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. Theres many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
`wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`. `wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`.

View file

@ -36,7 +36,7 @@ rec {
forEach = xs: f: map f xs; forEach = xs: f: map f xs;
/* right fold a binary function `op` between successive elements of /* right fold a binary function `op` between successive elements of
`list` with `nul' as the starting value, i.e., `list` with `nul` as the starting value, i.e.,
`foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))`. `foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))`.
Type: foldr :: (a -> b -> b) -> b -> [a] -> b Type: foldr :: (a -> b -> b) -> b -> [a] -> b

View file

@ -1359,6 +1359,12 @@
githubId = 9315; githubId = 9315;
name = "Zhong Jianxin"; name = "Zhong Jianxin";
}; };
a-kenji = {
email = "aks.kenji@protonmail.com";
github = "a-kenji";
githubId = 65275785;
name = "Alexander Kenji Berthold";
};
b4dm4n = { b4dm4n = {
email = "fabianm88@gmail.com"; email = "fabianm88@gmail.com";
github = "B4dM4n"; github = "B4dM4n";
@ -1778,7 +1784,7 @@
}; };
booklearner = { booklearner = {
name = "booklearner"; name = "booklearner";
email = "hey@booklearner.org"; email = "booklearner@proton.me";
matrix = "@booklearner:matrix.org"; matrix = "@booklearner:matrix.org";
github = "booklearner"; github = "booklearner";
githubId = 103979114; githubId = 103979114;
@ -3738,6 +3744,12 @@
githubId = 537775; githubId = 537775;
name = "Emery Hemingway"; name = "Emery Hemingway";
}; };
eigengrau = {
email = "seb@schattenkopie.de";
name = "Sebastian Reuße";
github = "eigengrau";
githubId = 4939947;
};
eikek = { eikek = {
email = "eike.kettner@posteo.de"; email = "eike.kettner@posteo.de";
github = "eikek"; github = "eikek";
@ -4661,6 +4673,12 @@
githubId = 37017396; githubId = 37017396;
name = "gbtb"; name = "gbtb";
}; };
gdinh = {
email = "nix@contact.dinh.ai";
github = "gdinh";
githubId = 34658064;
name = "Grace Dinh";
};
gebner = { gebner = {
email = "gebner@gebner.org"; email = "gebner@gebner.org";
github = "gebner"; github = "gebner";
@ -6337,6 +6355,16 @@
}]; }];
name = "Ioannis Koutras"; name = "Ioannis Koutras";
}; };
jonaenz = {
name = "Jona Enzinger";
email = "5xt3zyy5l@mozmail.com";
matrix = "@jona:matrix.jonaenz.de";
github = "jonaenz";
githubId = 57130301;
keys = [{
fingerprint = "1CC5 B67C EB9A 13A5 EDF6 F10E 0B4A 3662 FC58 9202";
}];
};
jonafato = { jonafato = {
email = "jon@jonafato.com"; email = "jon@jonafato.com";
github = "jonafato"; github = "jonafato";
@ -6783,6 +6811,12 @@
githubId = 2029444; githubId = 2029444;
name = "James Kent"; name = "James Kent";
}; };
kephasp = {
email = "pierre@nothos.net";
github = "kephas";
githubId = 762421;
name = "Pierre Thierry";
};
ketzacoatl = { ketzacoatl = {
email = "ketzacoatl@protonmail.com"; email = "ketzacoatl@protonmail.com";
github = "ketzacoatl"; github = "ketzacoatl";
@ -7250,7 +7284,7 @@
}; };
lassulus = { lassulus = {
email = "lassulus@gmail.com"; email = "lassulus@gmail.com";
matrix = "@lassulus:nixos.dev"; matrix = "@lassulus:lassul.us";
github = "Lassulus"; github = "Lassulus";
githubId = 621759; githubId = 621759;
name = "Lassulus"; name = "Lassulus";
@ -7944,6 +7978,12 @@
githubId = 31056089; githubId = 31056089;
name = "Tom Ho"; name = "Tom Ho";
}; };
majewsky = {
email = "majewsky@gmx.net";
github = "majewsky";
githubId = 24696;
name = "Stefan Majewsky";
};
majiir = { majiir = {
email = "majiir@nabaal.net"; email = "majiir@nabaal.net";
github = "Majiir"; github = "Majiir";
@ -8160,6 +8200,15 @@
githubId = 427866; githubId = 427866;
name = "Matthias Beyer"; name = "Matthias Beyer";
}; };
MatthieuBarthel = {
email = "matthieu@imatt.ch";
name = "Matthieu Barthel";
github = "MatthieuBarthel";
githubId = 435534;
keys = [{
fingerprint = "80EB 0F2B 484A BB80 7BEF 4145 BA23 F10E AADC 2E26";
}];
};
matthuszagh = { matthuszagh = {
email = "huszaghmatt@gmail.com"; email = "huszaghmatt@gmail.com";
github = "matthuszagh"; github = "matthuszagh";
@ -8466,6 +8515,15 @@
githubId = 9980864; githubId = 9980864;
name = "Max Hofer"; name = "Max Hofer";
}; };
miangraham = {
email = "miangraham@users.noreply.github.com";
github = "miangraham";
githubId = 704580;
name = "M. Ian Graham";
keys = [{
fingerprint = "8CE3 2906 516F C4D8 D373 308A E189 648A 55F5 9A9F";
}];
};
mic92 = { mic92 = {
email = "joerg@thalheim.io"; email = "joerg@thalheim.io";
matrix = "@mic92:nixos.dev"; matrix = "@mic92:nixos.dev";
@ -8788,6 +8846,13 @@
fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE"; fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE";
}]; }];
}; };
monaaraj = {
name = "Mon Aaraj";
email = "owo69uwu69@gmail.com";
matrix = "@mon:tchncs.de";
github = "MonAaraj";
githubId = 46468162;
};
monsieurp = { monsieurp = {
email = "monsieurp@gentoo.org"; email = "monsieurp@gentoo.org";
github = "monsieurp"; github = "monsieurp";
@ -10141,6 +10206,16 @@
fingerprint = "5D69 CF04 B7BC 2BC1 A567 9267 00BC F29B 3208 0700"; fingerprint = "5D69 CF04 B7BC 2BC1 A567 9267 00BC F29B 3208 0700";
}]; }];
}; };
phfroidmont = {
name = "Paul-Henri Froidmont";
email = "nix.contact-j9dw4d@froidmont.org";
github = "phfroidmont";
githubId = 8150907;
keys = [{
fingerprint = "3AC6 F170 F011 33CE 393B CD94 BE94 8AFD 7E78 73BE";
}];
};
philandstuff = { philandstuff = {
email = "philip.g.potter@gmail.com"; email = "philip.g.potter@gmail.com";
github = "philandstuff"; github = "philandstuff";
@ -13451,6 +13526,15 @@
githubId = 619015; githubId = 619015;
name = "Svintsov Dmitry"; name = "Svintsov Dmitry";
}; };
urandom = {
email = "colin@urandom.co.uk";
github = "arnottcr";
githubId = 2526260;
keys = [{
fingerprint = "04A3 A2C6 0042 784A AEA7 D051 0447 A663 F7F3 E236";
}];
name = "Colin Arnott";
};
urbas = { urbas = {
email = "matej.urbas@gmail.com"; email = "matej.urbas@gmail.com";
github = "urbas"; github = "urbas";
@ -13662,6 +13746,12 @@
githubId = 118959; githubId = 118959;
name = "VinyMeuh"; name = "VinyMeuh";
}; };
virchau13 = {
email = "virchau13@hexular.net";
github = "virchau13";
githubId = 16955157;
name = "Vir Chaudhury";
};
viraptor = { viraptor = {
email = "nix@viraptor.info"; email = "nix@viraptor.info";
github = "viraptor"; github = "viraptor";
@ -13813,6 +13903,12 @@
github = "wamserma"; github = "wamserma";
githubId = 60148; githubId = 60148;
}; };
water-sucks = {
email = "varun@cvte.org";
name = "Varun Narravula";
github = "water-sucks";
githubId = 68445574;
};
waynr = { waynr = {
name = "Wayne Warren"; name = "Wayne Warren";
email = "wayne.warren.s@gmail.com"; email = "wayne.warren.s@gmail.com";
@ -14015,6 +14111,15 @@
github = "wr0belj"; github = "wr0belj";
githubId = 40501814; githubId = 40501814;
}; };
wrmilling = {
name = "Winston R. Milling";
email = "Winston@Milli.ng";
github = "WRMilling";
githubId = 6162814;
keys = [{
fingerprint = "21E1 6B8D 2EE8 7530 6A6C 9968 D830 77B9 9F8C 6643";
}];
};
wscott = { wscott = {
email = "wsc9tt@gmail.com"; email = "wsc9tt@gmail.com";
github = "wscott"; github = "wscott";

View file

@ -35,7 +35,7 @@ toRemove=()
cleanup() { cleanup() {
rm -rf "${toRemove[@]}" rm -rf "${toRemove[@]}"
} }
trap cleanup EXIT SIGINT SIGQUIT ERR trap cleanup EXIT
MKTEMP='mktemp --tmpdir nix-rebuild-amount-XXXXXXXX' MKTEMP='mktemp --tmpdir nix-rebuild-amount-XXXXXXXX'

View file

@ -177,17 +177,17 @@ OK
the boot partition. the boot partition.
</para> </para>
<programlisting> <programlisting>
# parted /dev/sda -- mkpart primary 512MiB -8GiB # parted /dev/sda -- mkpart primary 512MB -8GB
</programlisting> </programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Next, add a <emphasis>swap</emphasis> partition. The size Next, add a <emphasis>swap</emphasis> partition. The size
required will vary according to needs, here a 8GiB one is required will vary according to needs, here a 8GB one is
created. created.
</para> </para>
<programlisting> <programlisting>
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100% # parted /dev/sda -- mkpart primary linux-swap -8GB 100%
</programlisting> </programlisting>
<note> <note>
<para> <para>
@ -204,7 +204,7 @@ OK
reserved 512MiB at the start of the disk. reserved 512MiB at the start of the disk.
</para> </para>
<programlisting> <programlisting>
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB # parted /dev/sda -- mkpart ESP fat32 1MB 512MB
# parted /dev/sda -- set 3 esp on # parted /dev/sda -- set 3 esp on
</programlisting> </programlisting>
</listitem> </listitem>
@ -242,7 +242,7 @@ OK
live. live.
</para> </para>
<programlisting> <programlisting>
# parted /dev/sda -- mkpart primary 1MiB -8GiB # parted /dev/sda -- mkpart primary 1MB -8GB
</programlisting> </programlisting>
</listitem> </listitem>
<listitem> <listitem>
@ -252,7 +252,7 @@ OK
created. created.
</para> </para>
<programlisting> <programlisting>
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100% # parted /dev/sda -- mkpart primary linux-swap -8GB 100%
</programlisting> </programlisting>
<note> <note>
<para> <para>

View file

@ -2130,6 +2130,13 @@ sudo mkdir /var/lib/redis-peertube
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
</programlisting> </programlisting>
</listitem> </listitem>
<listitem>
<para>
Added the <literal>keter</literal> NixOS module. Keter reverse
proxies requests to your loaded application based on virtual
hostnames.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
If you are using Wayland you can choose to use the Ozone If you are using Wayland you can choose to use the Ozone

View file

@ -70,6 +70,34 @@
with any supported NixOS release. with any supported NixOS release.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>emacs</literal> enables native compilation which
means:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
emacs packages from nixpkgs, builtin or not, will do
native compilation ahead of time so you can enjoy the
benefit of native compilation without compiling them on
you machine;
</para>
</listitem>
<listitem>
<para>
emacs packages from somewhere else, e.g.
<literal>package-install</literal>, will do asynchronously
deferred native compilation. If you do not want this,
maybe to avoid CPU consumption for compilation, you can
use
<literal>(setq native-comp-deferred-compilation nil)</literal>
to disable it while still enjoy the benefit of native
compilation for packages from nixpkgs.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>nixos-generate-config</literal> now generates <literal>nixos-generate-config</literal> now generates
@ -97,7 +125,9 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Cinnamon has been updated to 5.4. Cinnamon has been updated to 5.4. While at it, the cinnamon
module now defaults to blueman as bluetooth manager and
slick-greeter as lightdm greeter to match upstream.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -138,6 +168,13 @@
<link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>. <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<link xlink:href="https://komga.org/">Komga</link>, a free and
open source comics/mangas media server. Available as
<link linkend="opt-services.komga.enable">services.komga</link>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<link xlink:href="https://hbase.apache.org/">HBase <link xlink:href="https://hbase.apache.org/">HBase
@ -191,6 +228,14 @@
<link linkend="opt-services.tempo.enable">services.tempo</link>. <link linkend="opt-services.tempo.enable">services.tempo</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<link xlink:href="https://github.com/zalando/patroni">Patroni</link>,
a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
Available as
<link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section xml:id="sec-release-22.11-incompatibilities"> <section xml:id="sec-release-22.11-incompatibilities">
@ -251,6 +296,18 @@
<literal>(with foo; isPower &amp;&amp; is32bit &amp;&amp; isBigEndian)</literal>. <literal>(with foo; isPower &amp;&amp; is32bit &amp;&amp; isBigEndian)</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>fetchgit</literal> fetcher now uses
<link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling">cone
mode</link> by default for sparse checkouts.
<link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems">Non-cone
mode</link> can be enabled by passing
<literal>nonConeMode = true</literal>, but note that non-cone
mode is deprecated and this option may be removed alongside a
future Git update without notice.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>bsp-layout</literal> no longer uses the command <literal>bsp-layout</literal> no longer uses the command
@ -357,6 +414,16 @@
release notes</link> for more details. release notes</link> for more details.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>github-runner</literal> gained support for ephemeral
runners and registrations using a personal access token (PAT)
instead of a registration token. See
<literal>services.github-runner.ephemeral</literal> and
<literal>services.github-runner.tokenFile</literal> for
details.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
A new module was added for the Saleae Logic device family, A new module was added for the Saleae Logic device family,
@ -372,6 +439,13 @@
instead of using the Redis default. instead of using the Redis default.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Neo4j was updated from version 3 to version 4. See this
<link xlink:href="https://neo4j.com/docs/upgrade-migration-guide/current/">migration
guide</link> on how to migrate your Neo4j instance.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Matrix Synapse now requires entries in the Matrix Synapse now requires entries in the
@ -450,6 +524,12 @@
dbus service. dbus service.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>nomad</literal> package now defaults to 1.3,
which no longer has a downgrade path to releases 1.2 or older.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

View file

@ -133,14 +133,14 @@ update /etc/fstab.
which will be used by the boot partition. which will be used by the boot partition.
```ShellSession ```ShellSession
# parted /dev/sda -- mkpart primary 512MiB -8GiB # parted /dev/sda -- mkpart primary 512MB -8GB
``` ```
3. Next, add a *swap* partition. The size required will vary according 3. Next, add a *swap* partition. The size required will vary according
to needs, here a 8GiB one is created. to needs, here a 8GB one is created.
```ShellSession ```ShellSession
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100% # parted /dev/sda -- mkpart primary linux-swap -8GB 100%
``` ```
::: {.note} ::: {.note}
@ -153,7 +153,7 @@ update /etc/fstab.
reserved 512MiB at the start of the disk. reserved 512MiB at the start of the disk.
```ShellSession ```ShellSession
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB # parted /dev/sda -- mkpart ESP fat32 1MB 512MB
# parted /dev/sda -- set 3 esp on # parted /dev/sda -- set 3 esp on
``` ```
@ -180,14 +180,14 @@ update /etc/fstab.
end part, where the swap will live. end part, where the swap will live.
```ShellSession ```ShellSession
# parted /dev/sda -- mkpart primary 1MiB -8GiB # parted /dev/sda -- mkpart primary 1MB -8GB
``` ```
3. Finally, add a *swap* partition. The size required will vary 3. Finally, add a *swap* partition. The size required will vary
according to needs, here a 8GiB one is created. according to needs, here a 8GiB one is created.
```ShellSession ```ShellSession
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100% # parted /dev/sda -- mkpart primary linux-swap -8GB 100%
``` ```
::: {.note} ::: {.note}

View file

@ -778,6 +778,7 @@ In addition to numerous new and upgraded packages, this release has the followin
sudo mkdir /var/lib/redis-peertube sudo mkdir /var/lib/redis-peertube
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
``` ```
- Added the `keter` NixOS module. Keter reverse proxies requests to your loaded application based on virtual hostnames.
- If you are using Wayland you can choose to use the Ozone Wayland support - If you are using Wayland you can choose to use the Ozone Wayland support
in Chrome and several Electron apps by setting the environment variable in Chrome and several Electron apps by setting the environment variable

View file

@ -35,6 +35,10 @@ In addition to numerous new and upgraded packages, this release has the followin
for a transition period so that in time the ecosystem can switch without for a transition period so that in time the ecosystem can switch without
breaking compatibility with any supported NixOS release. breaking compatibility with any supported NixOS release.
- `emacs` enables native compilation which means:
- emacs packages from nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
- emacs packages from somewhere else, e.g. `package-install`, will do asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use `(setq native-comp-deferred-compilation nil)` to disable it while still enjoy the benefit of native compilation for packages from nixpkgs.
- `nixos-generate-config` now generates configurations that can be built in pure - `nixos-generate-config` now generates configurations that can be built in pure
mode. This is achieved by setting the new `nixpkgs.hostPlatform` option. mode. This is achieved by setting the new `nixpkgs.hostPlatform` option.
@ -46,7 +50,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- PHP now defaults to PHP 8.1, updated from 8.0. - PHP now defaults to PHP 8.1, updated from 8.0.
- Cinnamon has been updated to 5.4. - Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement. - `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
@ -59,6 +64,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable). - [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable). - [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle. - [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
@ -75,6 +82,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable). - [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
Available as [services.patroni](options.html#opt-services.patroni.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.11-incompatibilities} ## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
@ -97,6 +107,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`. - The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`.
- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`. - `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed, - The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
@ -135,10 +147,14 @@ Use `configure.packages` instead.
- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details. - The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.
- `github-runner` gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. See `services.github-runner.ephemeral` and `services.github-runner.tokenFile` for details.
- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`. - A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default. - The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
- Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. - Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`. - `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
@ -159,4 +175,6 @@ Use `configure.packages` instead.
- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service. - There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.
- The `nomad` package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -123,7 +123,7 @@ in rec {
inherit self; inherit self;
includeSiteCustomize = true; includeSiteCustomize = true;
}); });
in self.withPackages (p: [ p.mistune_2_0 ])) in self.withPackages (p: [ p.mistune ]))
]; ];
options = builtins.toFile "options.json" options = builtins.toFile "options.json"
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix)); (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));

View file

@ -285,6 +285,8 @@ in rec {
Documentation = toString config.documentation; } Documentation = toString config.documentation; }
// optionalAttrs (config.onFailure != []) { // optionalAttrs (config.onFailure != []) {
OnFailure = toString config.onFailure; } OnFailure = toString config.onFailure; }
// optionalAttrs (config.onSuccess != []) {
OnSuccess = toString config.onSuccess; }
// optionalAttrs (options.startLimitIntervalSec.isDefined) { // optionalAttrs (options.startLimitIntervalSec.isDefined) {
StartLimitIntervalSec = toString config.startLimitIntervalSec; StartLimitIntervalSec = toString config.startLimitIntervalSec;
} // optionalAttrs (options.startLimitBurst.isDefined) { } // optionalAttrs (options.startLimitBurst.isDefined) {

View file

@ -206,6 +206,15 @@ in rec {
''; '';
}; };
onSuccess = mkOption {
default = [];
type = types.listOf unitNameType;
description = ''
A list of one or more units that are activated when
this unit enters the "inactive" state.
'';
};
startLimitBurst = mkOption { startLimitBurst = mkOption {
type = types.int; type = types.int;
description = '' description = ''

View file

@ -204,11 +204,11 @@ in {
admin_server = SYSLOG:NOTICE admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE default = SYSLOG:NOTICE
''; '';
description = '' description = lib.mdDoc ''
These lines go to the end of <literal>krb5.conf</literal> verbatim. These lines go to the end of `krb5.conf` verbatim.
<literal>krb5.conf</literal> may include any of the relations that are `krb5.conf` may include any of the relations that are
valid for <literal>kdc.conf</literal> (see <literal>man valid for `kdc.conf` (see `man kdc.conf`),
kdc.conf</literal>), but it is not a recommended practice. but it is not a recommended practice.
''; '';
}; };

View file

@ -186,16 +186,16 @@ in
policy = mkOption { policy = mkOption {
default = "hard_open"; default = "hard_open";
type = types.enum [ "hard_open" "hard_init" "soft" ]; type = types.enum [ "hard_open" "hard_init" "soft" ];
description = '' description = lib.mdDoc ''
Specifies the policy to use for reconnecting to an unavailable Specifies the policy to use for reconnecting to an unavailable
LDAP server. The default is <literal>hard_open</literal>, which LDAP server. The default is `hard_open`, which
reconnects if opening the connection to the directory server reconnects if opening the connection to the directory server
failed. By contrast, <literal>hard_init</literal> reconnects if failed. By contrast, `hard_init` reconnects if
initializing the connection failed. Initializing may not initializing the connection failed. Initializing may not
actually contact the directory server, and it is possible that actually contact the directory server, and it is possible that
a malformed configuration file will trigger reconnection. If a malformed configuration file will trigger reconnection. If
<literal>soft</literal> is specified, then `soft` is specified, then
<package>nss_ldap</package> will return immediately on server `nss_ldap` will return immediately on server
failure. All hard reconnect policies block with exponential failure. All hard reconnect policies block with exponential
backoff before retrying. backoff before retrying.
''; '';

View file

@ -0,0 +1,519 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.users.mysql;
in
{
options = {
users.mysql = {
enable = mkEnableOption "Authentication against a MySQL/MariaDB database";
host = mkOption {
type = types.str;
example = "localhost";
description = "The hostname of the MySQL/MariaDB server";
};
database = mkOption {
type = types.str;
example = "auth";
description = "The name of the database containing the users";
};
user = mkOption {
type = types.str;
example = "nss-user";
description = "The username to use when connecting to the database";
};
passwordFile = mkOption {
type = types.path;
example = "/run/secrets/mysql-auth-db-passwd";
description = "The path to the file containing the password for the user";
};
pam = mkOption {
description = "Settings for <literal>pam_mysql</literal>";
type = types.submodule {
options = {
table = mkOption {
type = types.str;
example = "users";
description = "The name of table that maps unique login names to the passwords.";
};
updateTable = mkOption {
type = types.nullOr types.str;
default = null;
example = "users_updates";
description = ''
The name of the table used for password alteration. If not defined, the value
of the <literal>table</literal> option will be used instead.
'';
};
userColumn = mkOption {
type = types.str;
example = "username";
description = "The name of the column that contains a unix login name.";
};
passwordColumn = mkOption {
type = types.str;
example = "password";
description = "The name of the column that contains a (encrypted) password string.";
};
statusColumn = mkOption {
type = types.nullOr types.str;
default = null;
example = "status";
description = ''
The name of the column or an SQL expression that indicates the status of
the user. The status is expressed by the combination of two bitfields
shown below:
<itemizedlist>
<listitem>
<para>
<literal>bit 0 (0x01)</literal>:
if flagged, <literal>pam_mysql</literal> deems the account to be expired and
returns <literal>PAM_ACCT_EXPIRED</literal>. That is, the account is supposed
to no longer be available. Note this doesn't mean that <literal>pam_mysql</literal>
rejects further authentication operations.
</para>
</listitem>
<listitem>
<para>
<literal>bit 1 (0x02)</literal>:
if flagged, <literal>pam_mysql</literal> deems the authentication token
(password) to be expired and returns <literal>PAM_NEW_AUTHTOK_REQD</literal>.
This ends up requiring that the user enter a new password.
</para>
</listitem>
</itemizedlist>
'';
};
passwordCrypt = mkOption {
example = "2";
type = types.enum [
"0" "plain"
"1" "Y"
"2" "mysql"
"3" "md5"
"4" "sha1"
"5" "drupal7"
"6" "joomla15"
"7" "ssha"
"8" "sha512"
"9" "sha256"
];
description = ''
The method to encrypt the user's password:
<itemizedlist>
<listitem>
<para>
<literal>0</literal> (or <literal>"plain"</literal>):
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
</para>
</listitem>
<listitem>
<para>
<literal>1</literal> (or <literal>"Y"</literal>):
Use crypt(3) function.
</para>
</listitem>
<listitem>
<para>
<literal>2</literal> (or <literal>"mysql"</literal>):
Use the MySQL PASSWORD() function. It is possible that the encryption function used
by <literal>pam_mysql</literal> is different from that of the MySQL server, as
<literal>pam_mysql</literal> uses the function defined in MySQL's C-client API
instead of using PASSWORD() SQL function in the query.
</para>
</listitem>
<listitem>
<para>
<literal>3</literal> (or <literal>"md5"</literal>):
Use plain hex MD5.
</para>
</listitem>
<listitem>
<para>
<literal>4</literal> (or <literal>"sha1"</literal>):
Use plain hex SHA1.
</para>
</listitem>
<listitem>
<para>
<literal>5</literal> (or <literal>"drupal7"</literal>):
Use Drupal7 salted passwords.
</para>
</listitem>
<listitem>
<para>
<literal>6</literal> (or <literal>"joomla15"</literal>):
Use Joomla15 salted passwords.
</para>
</listitem>
<listitem>
<para>
<literal>7</literal> (or <literal>"ssha"</literal>):
Use ssha hashed passwords.
</para>
</listitem>
<listitem>
<para>
<literal>8</literal> (or <literal>"sha512"</literal>):
Use sha512 hashed passwords.
</para>
</listitem>
<listitem>
<para>
<literal>9</literal> (or <literal>"sha256"</literal>):
Use sha256 hashed passwords.
</para>
</listitem>
</itemizedlist>
'';
};
cryptDefault = mkOption {
type = types.nullOr (types.enum [ "md5" "sha256" "sha512" "blowfish" ]);
default = null;
example = "blowfish";
description = "The default encryption method to use for <literal>passwordCrypt = 1</literal>.";
};
where = mkOption {
type = types.nullOr types.str;
default = null;
example = "host.name='web' AND user.active=1";
description = "Additional criteria for the query.";
};
verbose = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, produces logs with detailed messages that describes what
<literal>pam_mysql</literal> is doing. May be useful for debugging.
'';
};
disconnectEveryOperation = mkOption {
type = types.bool;
default = false;
description = ''
By default, <literal>pam_mysql</literal> keeps the connection to the MySQL
database until the session is closed. If this option is set to true it
disconnects every time the PAM operation has finished. This option may
be useful in case the session lasts quite long.
'';
};
logging = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enables logging of authentication attempts in the MySQL database.";
};
table = mkOption {
type = types.str;
example = "logs";
description = "The name of the table to which logs are written.";
};
msgColumn = mkOption {
type = types.str;
example = "msg";
description = ''
The name of the column in the log table to which the description
of the performed operation is stored.
'';
};
userColumn = mkOption {
type = types.str;
example = "user";
description = ''
The name of the column in the log table to which the name of the
user being authenticated is stored.
'';
};
pidColumn = mkOption {
type = types.str;
example = "pid";
description = ''
The name of the column in the log table to which the pid of the
process utilising the <literal>pam_mysql's</literal> authentication
service is stored.
'';
};
hostColumn = mkOption {
type = types.str;
example = "host";
description = ''
The name of the column in the log table to which the name of the user
being authenticated is stored.
'';
};
rHostColumn = mkOption {
type = types.str;
example = "rhost";
description = ''
The name of the column in the log table to which the name of the remote
host that initiates the session is stored. The value is supposed to be
set by the PAM-aware application with <literal>pam_set_item(PAM_RHOST)
</literal>.
'';
};
timeColumn = mkOption {
type = types.str;
example = "timestamp";
description = ''
The name of the column in the log table to which the timestamp of the
log entry is stored.
'';
};
};
};
};
};
nss = mkOption {
description = ''
Settings for <literal>libnss-mysql</literal>.
All examples are from the <link xlink:href="https://github.com/saknopper/libnss-mysql/tree/master/sample/minimal">minimal example</link>
of <literal>libnss-mysql</literal>, but they are modified with NixOS paths for bash.
'';
type = types.submodule {
options = {
getpwnam = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE username='%1$s' \
LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getpwnam.3.html">getpwnam</link>
syscall.
'';
};
getpwuid = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE uid='%1$u' \
LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getpwuid.3.html">getpwuid</link>
syscall.
'';
};
getspnam = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,password,'1','0','99999','0','0','-1','0' \
FROM users \
WHERE username='%1$s' \
LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getspnam.3.html">getspnam</link>
syscall.
'';
};
getpwent = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getpwent.3.html">getpwent</link>
syscall.
'';
};
getspent = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,password,'1','0','99999','0','0','-1','0' FROM users
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getspent.3.html">getspent</link>
syscall.
'';
};
getgrnam = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getgrnam.3.html">getgrnam</link>
syscall.
'';
};
getgrgid = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getgrgid.3.html">getgrgid</link>
syscall.
'';
};
getgrent = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT name,password,gid FROM groups
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getgrent.3.html">getgrent</link>
syscall.
'';
};
memsbygid = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username FROM grouplist WHERE gid='%1$u'
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/memsbygid.3.html">memsbygid</link>
syscall.
'';
};
gidsbymem = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT gid FROM grouplist WHERE username='%1$s'
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/gidsbymem.3.html">gidsbymem</link>
syscall.
'';
};
};
};
};
};
};
config = mkIf cfg.enable {
system.nssModules = [ pkgs.libnss-mysql ];
system.nssDatabases.shadow = [ "mysql" ];
system.nssDatabases.group = [ "mysql" ];
system.nssDatabases.passwd = [ "mysql" ];
environment.etc."security/pam_mysql.conf" = {
user = "root";
group = "root";
mode = "0600";
# password will be added from password file in activation script
text = ''
users.host=${cfg.host}
users.db_user=${cfg.user}
users.database=${cfg.database}
users.table=${cfg.pam.table}
users.user_column=${cfg.pam.userColumn}
users.password_column=${cfg.pam.passwordColumn}
users.password_crypt=${cfg.pam.passwordCrypt}
users.disconnect_every_operation=${if cfg.pam.disconnectEveryOperation then "1" else "0"}
verbose=${if cfg.pam.verbose then "1" else "0"}
'' + optionalString (cfg.pam.cryptDefault != null) ''
users.use_${cfg.pam.cryptDefault}=1
'' + optionalString (cfg.pam.where != null) ''
users.where_clause=${cfg.pam.where}
'' + optionalString (cfg.pam.statusColumn != null) ''
users.status_column=${cfg.pam.statusColumn}
'' + optionalString (cfg.pam.updateTable != null) ''
users.update_table=${cfg.pam.updateTable}
'' + optionalString cfg.pam.logging.enable ''
log.enabled=true
log.table=${cfg.pam.logging.table}
log.message_column=${cfg.pam.logging.msgColumn}
log.pid_column=${cfg.pam.logging.pidColumn}
log.user_column=${cfg.pam.logging.userColumn}
log.host_column=${cfg.pam.logging.hostColumn}
log.rhost_column=${cfg.pam.logging.rHostColumn}
log.time_column=${cfg.pam.logging.timeColumn}
'';
};
environment.etc."libnss-mysql.cfg" = {
mode = "0600";
user = config.services.nscd.user;
group = config.services.nscd.group;
text = optionalString (cfg.nss.getpwnam != null) ''
getpwnam ${cfg.nss.getpwnam}
'' + optionalString (cfg.nss.getpwuid != null) ''
getpwuid ${cfg.nss.getpwuid}
'' + optionalString (cfg.nss.getspnam != null) ''
getspnam ${cfg.nss.getspnam}
'' + optionalString (cfg.nss.getpwent != null) ''
getpwent ${cfg.nss.getpwent}
'' + optionalString (cfg.nss.getspent != null) ''
getspent ${cfg.nss.getspent}
'' + optionalString (cfg.nss.getgrnam != null) ''
getgrnam ${cfg.nss.getgrnam}
'' + optionalString (cfg.nss.getgrgid != null) ''
getgrgid ${cfg.nss.getgrgid}
'' + optionalString (cfg.nss.getgrent != null) ''
getgrent ${cfg.nss.getgrent}
'' + optionalString (cfg.nss.memsbygid != null) ''
memsbygid ${cfg.nss.memsbygid}
'' + optionalString (cfg.nss.gidsbymem != null) ''
gidsbymem ${cfg.nss.gidsbymem}
'' + ''
host ${cfg.host}
database ${cfg.database}
'';
};
environment.etc."libnss-mysql-root.cfg" = {
mode = "0600";
user = config.services.nscd.user;
group = config.services.nscd.group;
# password will be added from password file in activation script
text = ''
username ${cfg.user}
'';
};
# Activation script to append the password from the password file
# to the configuration files. It also fixes the owner of the
# libnss-mysql-root.cfg because it is changed to root after the
# password is appended.
system.activationScripts.mysql-auth-passwords = ''
if [[ -r ${cfg.passwordFile} ]]; then
org_umask=$(umask)
umask 0077
conf_nss="$(mktemp)"
cp /etc/libnss-mysql-root.cfg $conf_nss
printf 'password %s\n' "$(cat ${cfg.passwordFile})" >> $conf_nss
mv -fT "$conf_nss" /etc/libnss-mysql-root.cfg
chown ${config.services.nscd.user}:${config.services.nscd.group} /etc/libnss-mysql-root.cfg
conf_pam="$(mktemp)"
cp /etc/security/pam_mysql.conf $conf_pam
printf 'users.db_passwd=%s\n' "$(cat ${cfg.passwordFile})" >> $conf_pam
mv -fT "$conf_pam" /etc/security/pam_mysql.conf
umask $org_umask
fi
'';
};
}

View file

@ -91,7 +91,7 @@ in
systemd.services.post-resume = systemd.services.post-resume =
{ description = "Post-Resume Actions"; { description = "Post-Resume Actions";
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ]; after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
script = script =
'' ''
/run/current-system/systemd/bin/systemctl try-restart post-resume.target /run/current-system/systemd/bin/systemctl try-restart post-resume.target

View file

@ -26,13 +26,12 @@ in
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
''; '';
type = types.attrsOf sysctlOption; type = types.attrsOf sysctlOption;
description = '' description = lib.mdDoc ''
Runtime parameters of the Linux kernel, as set by Runtime parameters of the Linux kernel, as set by
<citerefentry><refentrytitle>sysctl</refentrytitle> {manpage}`sysctl(8)`. Note that sysctl
<manvolnum>8</manvolnum></citerefentry>. Note that sysctl
parameters names must be enclosed in quotes parameters names must be enclosed in quotes
(e.g. <literal>"vm.swappiness"</literal> instead of (e.g. `"vm.swappiness"` instead of
<literal>vm.swappiness</literal>). The value of each `vm.swappiness`). The value of each
parameter may be a string, integer, boolean, or null parameter may be a string, integer, boolean, or null
(signifying the option will not appear at all). (signifying the option will not appear at all).
''; '';

View file

@ -39,26 +39,23 @@ in
environment.profileRelativeSessionVariables = mkOption { environment.profileRelativeSessionVariables = mkOption {
type = types.attrsOf (types.listOf types.str); type = types.attrsOf (types.listOf types.str);
example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
description = '' description = lib.mdDoc ''
Attribute set of environment variable used in the global Attribute set of environment variable used in the global
environment. These variables will be set by PAM early in the environment. These variables will be set by PAM early in the
login process. login process.
Variable substitution is available as described in Variable substitution is available as described in
<citerefentry> {manpage}`pam_env.conf(5)`.
<refentrytitle>pam_env.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>.
Each attribute maps to a list of relative paths. Each relative Each attribute maps to a list of relative paths. Each relative
path is appended to the each profile of path is appended to the each profile of
<option>environment.profiles</option> to form the content of {option}`environment.profiles` to form the content of
the corresponding environment variable. the corresponding environment variable.
Also, these variables are merged into Also, these variables are merged into
<xref linkend="opt-environment.profileRelativeEnvVars"/> and it is [](#opt-environment.profileRelativeEnvVars) and it is
therefore not possible to use PAM style variables such as therefore not possible to use PAM style variables such as
<literal>@{HOME}</literal>. `@{HOME}`.
''; '';
}; };

View file

@ -84,19 +84,19 @@ in
<programlisting>${defaultPackagesText}</programlisting> <programlisting>${defaultPackagesText}</programlisting>
''; '';
example = []; example = [];
description = '' description = lib.mdDoc ''
Set of default packages that aren't strictly necessary Set of default packages that aren't strictly necessary
for a running system, entries can be removed for a more for a running system, entries can be removed for a more
minimal NixOS installation. minimal NixOS installation.
Note: If <package>pkgs.nano</package> is removed from this list, Note: If `pkgs.nano` is removed from this list,
make sure another editor is installed and the make sure another editor is installed and the
<literal>EDITOR</literal> environment variable is set to it. `EDITOR` environment variable is set to it.
Environment variables can be set using Environment variables can be set using
<option>environment.variables</option>. {option}`environment.variables`.
Like with systemPackages, packages are installed to Like with systemPackages, packages are installed to
<filename>/run/current-system/sw</filename>. They are {file}`/run/current-system/sw`. They are
automatically available to all users, and are automatically available to all users, and are
automatically updated every time you rebuild the system automatically updated every time you rebuild the system
configuration. configuration.

View file

@ -40,12 +40,12 @@ in
extraPortals = mkOption { extraPortals = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = [ ]; default = [ ];
description = '' description = lib.mdDoc ''
List of additional portals to add to path. Portals allow interaction List of additional portals to add to path. Portals allow interaction
with system, like choosing files or taking screenshots. At minimum, with system, like choosing files or taking screenshots. At minimum,
a desktop portal implementation should be listed. GNOME and KDE already a desktop portal implementation should be listed. GNOME and KDE already
adds <package>xdg-desktop-portal-gtk</package>; and adds `xdg-desktop-portal-gtk`; and
<package>xdg-desktop-portal-kde</package> respectively. On other desktop `xdg-desktop-portal-kde` respectively. On other desktop
environments you probably want to add them yourself. environments you probably want to add them yourself.
''; '';
}; };

View file

@ -15,7 +15,7 @@ in
enable = mkEnableOption '' enable = mkEnableOption ''
the desktop portal for the LXQt desktop environment. the desktop portal for the LXQt desktop environment.
This will add the <package>lxqt.xdg-desktop-portal-lxqt</package> This will add the <literal>lxqt.xdg-desktop-portal-lxqt</literal>
package (with the extra Qt styles) into the package (with the extra Qt styles) into the
<option>xdg.portal.extraPortals</option> option <option>xdg.portal.extraPortals</option> option
''; '';
@ -29,9 +29,9 @@ in
pkgs.qtcurve pkgs.qtcurve
]; ];
''; '';
description = '' description = lib.mdDoc ''
Extra Qt styles that will be available to the Extra Qt styles that will be available to the
<package>lxqt.xdg-desktop-portal-lxqt</package>. `lxqt.xdg-desktop-portal-lxqt`.
''; '';
}; };
}; };

View file

@ -17,16 +17,16 @@ in
enable = mkEnableOption '' enable = mkEnableOption ''
desktop portal for wlroots-based desktops desktop portal for wlroots-based desktops
This will add the <package>xdg-desktop-portal-wlr</package> package into This will add the <literal>xdg-desktop-portal-wlr</literal> package into
the <option>xdg.portal.extraPortals</option> option, and provide the the <option>xdg.portal.extraPortals</option> option, and provide the
configuration file configuration file
''; '';
settings = mkOption { settings = mkOption {
description = '' description = lib.mdDoc ''
Configuration for <package>xdg-desktop-portal-wlr</package>. Configuration for `xdg-desktop-portal-wlr`.
See <literal>xdg-desktop-portal-wlr(5)</literal> for supported See `xdg-desktop-portal-wlr(5)` for supported
values. values.
''; '';

View file

@ -103,12 +103,12 @@ in
default = "zstd"; default = "zstd";
example = "lz4"; example = "lz4";
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str; type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
description = '' description = lib.mdDoc ''
Compression algorithm. <literal>lzo</literal> has good compression, Compression algorithm. `lzo` has good compression,
but is slow. <literal>lz4</literal> has bad compression, but is fast. but is slow. `lz4` has bad compression, but is fast.
<literal>zstd</literal> is both good compression and fast, but requires newer kernel. `zstd` is both good compression and fast, but requires newer kernel.
You can check what other algorithms are supported by your zram device with You can check what other algorithms are supported by your zram device with
<programlisting>cat /sys/class/block/zram*/comp_algorithm</programlisting> {command}`cat /sys/class/block/zram*/comp_algorithm`
''; '';
}; };
}; };

View file

@ -20,7 +20,7 @@ in
type = types.str; type = types.str;
default = "0xfffd7fff"; default = "0xfffd7fff";
example = "0xffffffff"; example = "0xffffffff";
description = '' description = lib.mdDoc ''
Sets the `amdgpu.ppfeaturemask` kernel option. Sets the `amdgpu.ppfeaturemask` kernel option.
In particular, it is used here to set the overdrive bit. In particular, it is used here to set the overdrive bit.
Default is `0xfffd7fff` as it is less likely to cause flicker issues. Default is `0xfffd7fff` as it is less likely to cause flicker issues.

View file

@ -8,17 +8,17 @@ in
options.hardware.cpu.amd.sev = { options.hardware.cpu.amd.sev = {
enable = mkEnableOption "access to the AMD SEV device"; enable = mkEnableOption "access to the AMD SEV device";
user = mkOption { user = mkOption {
description = "Owner to assign to the SEV device."; description = lib.mdDoc "Owner to assign to the SEV device.";
type = types.str; type = types.str;
default = "root"; default = "root";
}; };
group = mkOption { group = mkOption {
description = "Group to assign to the SEV device."; description = lib.mdDoc "Group to assign to the SEV device.";
type = types.str; type = types.str;
default = defaultGroup; default = defaultGroup;
}; };
mode = mkOption { mode = mkOption {
description = "Mode to set for the SEV device."; description = lib.mdDoc "Mode to set for the SEV device.";
type = types.str; type = types.str;
default = "0660"; default = "0660";
}; };

View file

@ -56,23 +56,6 @@ let
}; };
}; };
# this requires kernel package
dtbsWithSymbols = pkgs.stdenv.mkDerivation {
name = "dtbs-with-symbols";
inherit (cfg.kernelPackage) src nativeBuildInputs depsBuildBuild;
patches = map (patch: patch.patch) cfg.kernelPackage.kernelPatches;
buildPhase = ''
patchShebangs scripts/*
substituteInPlace scripts/Makefile.lib \
--replace 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget))' 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget)) -@'
make ${pkgs.stdenv.hostPlatform.linux-kernel.baseConfig} ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
make dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
'';
installPhase = ''
make dtbs_install INSTALL_DTBS_PATH=$out/dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
'';
};
filterDTBs = src: if isNull cfg.filter filterDTBs = src: if isNull cfg.filter
then "${src}/dtbs" then "${src}/dtbs"
else else
@ -83,6 +66,8 @@ let
| xargs -0 cp -v --no-preserve=mode --target-directory $out --parents | xargs -0 cp -v --no-preserve=mode --target-directory $out --parents
''; '';
filteredDTBs = filterDTBs cfg.kernelPackage;
# Compile single Device Tree overlay source # Compile single Device Tree overlay source
# file (.dts) into its compiled variant (.dtbo) # file (.dts) into its compiled variant (.dtbo)
compileDTS = name: f: pkgs.callPackage({ stdenv, dtc }: stdenv.mkDerivation { compileDTS = name: f: pkgs.callPackage({ stdenv, dtc }: stdenv.mkDerivation {
@ -197,7 +182,7 @@ in
}; };
hardware.deviceTree.package = if (cfg.overlays != []) hardware.deviceTree.package = if (cfg.overlays != [])
then pkgs.deviceTree.applyOverlays (filterDTBs dtbsWithSymbols) (withDTBOs cfg.overlays) then pkgs.deviceTree.applyOverlays filteredDTBs (withDTBOs cfg.overlays)
else (filterDTBs cfg.kernelPackage); else filteredDTBs;
}; };
} }

View file

@ -11,6 +11,14 @@ with lib;
console.earlySetup = mkDefault true; console.earlySetup = mkDefault true;
boot.loader.systemd-boot.consoleMode = mkDefault "1"; boot.loader.systemd-boot.consoleMode = mkDefault "1";
# Grayscale anti-aliasing for fonts
fonts.fontconfig.antialias = mkDefault true;
fonts.fontconfig.subpixel = {
rgba = mkDefault "none";
lcdfilter = mkDefault "none";
};
# TODO Find reasonable defaults X11 & wayland # TODO Find reasonable defaults X11 & wayland
}; };
} }

View file

@ -454,23 +454,23 @@ in
isoImage.isoName = mkOption { isoImage.isoName = mkOption {
default = "${config.isoImage.isoBaseName}.iso"; default = "${config.isoImage.isoBaseName}.iso";
description = '' description = lib.mdDoc ''
Name of the generated ISO image file. Name of the generated ISO image file.
''; '';
}; };
isoImage.isoBaseName = mkOption { isoImage.isoBaseName = mkOption {
default = "nixos"; default = "nixos";
description = '' description = lib.mdDoc ''
Prefix of the name of the generated ISO image file. Prefix of the name of the generated ISO image file.
''; '';
}; };
isoImage.compressImage = mkOption { isoImage.compressImage = mkOption {
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether the ISO image should be compressed using Whether the ISO image should be compressed using
<command>zstd</command>. {command}`zstd`.
''; '';
}; };
@ -481,7 +481,7 @@ in
+ lib.optionalString isAarch "-Xbcj arm" + lib.optionalString isAarch "-Xbcj arm"
+ lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc" + lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc"
+ lib.optionalString (isSparc) "-Xbcj sparc"; + lib.optionalString (isSparc) "-Xbcj sparc";
description = '' description = lib.mdDoc ''
Compression settings to use for the squashfs nix store. Compression settings to use for the squashfs nix store.
''; '';
example = "zstd -Xcompression-level 6"; example = "zstd -Xcompression-level 6";
@ -489,7 +489,7 @@ in
isoImage.edition = mkOption { isoImage.edition = mkOption {
default = ""; default = "";
description = '' description = lib.mdDoc ''
Specifies which edition string to use in the volume ID of the generated Specifies which edition string to use in the volume ID of the generated
ISO image. ISO image.
''; '';
@ -498,7 +498,7 @@ in
isoImage.volumeID = mkOption { isoImage.volumeID = mkOption {
# nixos-$EDITION-$RELEASE-$ARCH # nixos-$EDITION-$RELEASE-$ARCH
default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}"; default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
description = '' description = lib.mdDoc ''
Specifies the label or volume ID of the generated ISO image. Specifies the label or volume ID of the generated ISO image.
Note that the label is used by stage 1 of the boot process to Note that the label is used by stage 1 of the boot process to
mount the CD, so it should be reasonably distinctive. mount the CD, so it should be reasonably distinctive.
@ -512,7 +512,7 @@ in
} }
] ]
''; '';
description = '' description = lib.mdDoc ''
This option lists files to be copied to fixed locations in the This option lists files to be copied to fixed locations in the
generated ISO image. generated ISO image.
''; '';
@ -520,7 +520,7 @@ in
isoImage.storeContents = mkOption { isoImage.storeContents = mkOption {
example = literalExpression "[ pkgs.stdenv ]"; example = literalExpression "[ pkgs.stdenv ]";
description = '' description = lib.mdDoc ''
This option lists additional derivations to be included in the This option lists additional derivations to be included in the
Nix store in the generated ISO image. Nix store in the generated ISO image.
''; '';
@ -528,7 +528,7 @@ in
isoImage.includeSystemBuildDependencies = mkOption { isoImage.includeSystemBuildDependencies = mkOption {
default = false; default = false;
description = '' description = lib.mdDoc ''
Set this option to include all the needed sources etc in the Set this option to include all the needed sources etc in the
image. It significantly increases image size. Use that when image. It significantly increases image size. Use that when
you want to be able to keep all the sources needed to build your you want to be able to keep all the sources needed to build your
@ -539,14 +539,14 @@ in
isoImage.makeEfiBootable = mkOption { isoImage.makeEfiBootable = mkOption {
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether the ISO image should be an efi-bootable volume. Whether the ISO image should be an efi-bootable volume.
''; '';
}; };
isoImage.makeUsbBootable = mkOption { isoImage.makeUsbBootable = mkOption {
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether the ISO image should be bootable from CD as well as USB. Whether the ISO image should be bootable from CD as well as USB.
''; '';
}; };
@ -556,7 +556,7 @@ in
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png"; url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png";
sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x"; sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x";
}; };
description = '' description = lib.mdDoc ''
The splash image to use in the EFI bootloader. The splash image to use in the EFI bootloader.
''; '';
}; };
@ -566,7 +566,7 @@ in
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png"; url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png";
sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd"; sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd";
}; };
description = '' description = lib.mdDoc ''
The splash image to use in the legacy-boot bootloader. The splash image to use in the legacy-boot bootloader.
''; '';
}; };
@ -574,7 +574,7 @@ in
isoImage.grubTheme = mkOption { isoImage.grubTheme = mkOption {
default = pkgs.nixos-grub2-theme; default = pkgs.nixos-grub2-theme;
type = types.nullOr (types.either types.path types.package); type = types.nullOr (types.either types.path types.package);
description = '' description = lib.mdDoc ''
The grub2 theme used for UEFI boot. The grub2 theme used for UEFI boot.
''; '';
}; };
@ -605,7 +605,7 @@ in
MENU COLOR SEL 7;37;40 #FFFFFFFF #FF5277C3 std MENU COLOR SEL 7;37;40 #FFFFFFFF #FF5277C3 std
''; '';
type = types.str; type = types.str;
description = '' description = lib.mdDoc ''
The syslinux theme used for BIOS boot. The syslinux theme used for BIOS boot.
''; '';
}; };
@ -613,12 +613,12 @@ in
isoImage.appendToMenuLabel = mkOption { isoImage.appendToMenuLabel = mkOption {
default = " Installer"; default = " Installer";
example = " Live System"; example = " Live System";
description = '' description = lib.mdDoc ''
The string to append after the menu label for the NixOS system. The string to append after the menu label for the NixOS system.
This will be directly appended (without whitespace) to the NixOS version This will be directly appended (without whitespace) to the NixOS version
string, like for example if it is set to <literal>XXX</literal>: string, like for example if it is set to `XXX`:
<literal>NixOS 99.99-pre666XXX</literal> `NixOS 99.99-pre666XXX`
''; '';
}; };

View file

@ -10,7 +10,7 @@ with lib;
netboot.storeContents = mkOption { netboot.storeContents = mkOption {
example = literalExpression "[ pkgs.stdenv ]"; example = literalExpression "[ pkgs.stdenv ]";
description = '' description = lib.mdDoc ''
This option lists additional derivations to be included in the This option lists additional derivations to be included in the
Nix store in the generated netboot image. Nix store in the generated netboot image.
''; '';

View file

@ -35,14 +35,14 @@ in
options.sdImage = { options.sdImage = {
imageName = mkOption { imageName = mkOption {
default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img"; default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
description = '' description = lib.mdDoc ''
Name of the generated image file. Name of the generated image file.
''; '';
}; };
imageBaseName = mkOption { imageBaseName = mkOption {
default = "nixos-sd-image"; default = "nixos-sd-image";
description = '' description = lib.mdDoc ''
Prefix of the name of the generated image file. Prefix of the name of the generated image file.
''; '';
}; };
@ -50,7 +50,7 @@ in
storePaths = mkOption { storePaths = mkOption {
type = with types; listOf package; type = with types; listOf package;
example = literalExpression "[ pkgs.stdenv ]"; example = literalExpression "[ pkgs.stdenv ]";
description = '' description = lib.mdDoc ''
Derivations to be included in the Nix store in the generated SD image. Derivations to be included in the Nix store in the generated SD image.
''; '';
}; };
@ -74,7 +74,7 @@ in
firmwarePartitionID = mkOption { firmwarePartitionID = mkOption {
type = types.str; type = types.str;
default = "0x2178694e"; default = "0x2178694e";
description = '' description = lib.mdDoc ''
Volume ID for the /boot/firmware partition on the SD card. This value Volume ID for the /boot/firmware partition on the SD card. This value
must be a 32-bit hexadecimal number. must be a 32-bit hexadecimal number.
''; '';
@ -83,7 +83,7 @@ in
firmwarePartitionName = mkOption { firmwarePartitionName = mkOption {
type = types.str; type = types.str;
default = "FIRMWARE"; default = "FIRMWARE";
description = '' description = lib.mdDoc ''
Name of the filesystem which holds the boot firmware. Name of the filesystem which holds the boot firmware.
''; '';
}; };
@ -92,7 +92,7 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7"; example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = '' description = lib.mdDoc ''
UUID for the filesystem on the main NixOS partition on the SD card. UUID for the filesystem on the main NixOS partition on the SD card.
''; '';
}; };
@ -101,14 +101,14 @@ in
type = types.int; type = types.int;
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB # As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
default = 30; default = 30;
description = '' description = lib.mdDoc ''
Size of the /boot/firmware partition, in megabytes. Size of the /boot/firmware partition, in megabytes.
''; '';
}; };
populateFirmwareCommands = mkOption { populateFirmwareCommands = mkOption {
example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''"; example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
description = '' description = lib.mdDoc ''
Shell commands to populate the ./firmware directory. Shell commands to populate the ./firmware directory.
All files in that directory are copied to the All files in that directory are copied to the
/boot/firmware partition on the SD image. /boot/firmware partition on the SD image.
@ -117,7 +117,7 @@ in
populateRootCommands = mkOption { populateRootCommands = mkOption {
example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''"; example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
description = '' description = lib.mdDoc ''
Shell commands to populate the ./files directory. Shell commands to populate the ./files directory.
All files in that directory are copied to the All files in that directory are copied to the
root (/) partition on the SD image. Use this to root (/) partition on the SD image. Use this to
@ -128,7 +128,7 @@ in
postBuildCommands = mkOption { postBuildCommands = mkOption {
example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''"; example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
default = ""; default = "";
description = '' description = lib.mdDoc ''
Shell commands to run after the image is built. Shell commands to run after the image is built.
Can be used for boards requiring to dd u-boot SPL before actual partitions. Can be used for boards requiring to dd u-boot SPL before actual partitions.
''; '';
@ -137,16 +137,16 @@ in
compressImage = mkOption { compressImage = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether the SD image should be compressed using Whether the SD image should be compressed using
<command>zstd</command>. {command}`zstd`.
''; '';
}; };
expandOnBoot = mkOption { expandOnBoot = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to configure the sd image to expand it's partition on boot. Whether to configure the sd image to expand it's partition on boot.
''; '';
}; };

View file

@ -160,9 +160,9 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to install documentation of packages from Whether to install documentation of packages from
<option>environment.systemPackages</option> into the generated system path. {option}`environment.systemPackages` into the generated system path.
See "Multiple-output packages" chapter in the nixpkgs manual for more info. See "Multiple-output packages" chapter in the nixpkgs manual for more info.
''; '';
@ -172,9 +172,9 @@ in
man.enable = mkOption { man.enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to install manual pages. Whether to install manual pages.
This also includes <literal>man</literal> outputs. This also includes `man` outputs.
''; '';
}; };
@ -193,8 +193,8 @@ in
info.enable = mkOption { info.enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to install info pages and the <command>info</command> command. Whether to install info pages and the {command}`info` command.
This also includes "info" outputs. This also includes "info" outputs.
''; '';
}; };
@ -202,8 +202,8 @@ in
doc.enable = mkOption { doc.enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to install documentation distributed in packages' <literal>/share/doc</literal>. Whether to install documentation distributed in packages' `/share/doc`.
Usually plain text and/or HTML. Usually plain text and/or HTML.
This also includes "doc" outputs. This also includes "doc" outputs.
''; '';
@ -230,8 +230,7 @@ in
Whether to install NixOS's own documentation. Whether to install NixOS's own documentation.
<itemizedlist> <itemizedlist>
<listitem><para>This includes man pages like <listitem><para>This includes man pages like
<citerefentry><refentrytitle>configuration.nix</refentrytitle> <citerefentry><refentrytitle>configuration.nix</refentrytitle><manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
<manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
set.</para></listitem> set.</para></listitem>
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if <listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
<option>documentation.doc.enable</option> is set.</para></listitem> <option>documentation.doc.enable</option> is set.</para></listitem>
@ -242,7 +241,7 @@ in
nixos.extraModules = mkOption { nixos.extraModules = mkOption {
type = types.listOf types.raw; type = types.listOf types.raw;
default = []; default = [];
description = '' description = lib.mdDoc ''
Modules for which to show options even when not imported. Modules for which to show options even when not imported.
''; '';
}; };
@ -250,7 +249,7 @@ in
nixos.options.splitBuild = mkOption { nixos.options.splitBuild = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to split the option docs build into a cacheable and an uncacheable part. Whether to split the option docs build into a cacheable and an uncacheable part.
Splitting the build can substantially decrease the amount of time needed to build Splitting the build can substantially decrease the amount of time needed to build
the manual, but some user modules may be incompatible with this splitting. the manual, but some user modules may be incompatible with this splitting.
@ -260,7 +259,7 @@ in
nixos.options.warningsAreErrors = mkOption { nixos.options.warningsAreErrors = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Treat warning emitted during the option documentation build (eg for missing option Treat warning emitted during the option documentation build (eg for missing option
descriptions) as errors. descriptions) as errors.
''; '';
@ -269,18 +268,18 @@ in
nixos.includeAllModules = mkOption { nixos.includeAllModules = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether the generated NixOS's documentation should include documentation for all Whether the generated NixOS's documentation should include documentation for all
the options from all the NixOS modules included in the current the options from all the NixOS modules included in the current
<literal>configuration.nix</literal>. Disabling this will make the manual `configuration.nix`. Disabling this will make the manual
generator to ignore options defined outside of <literal>baseModules</literal>. generator to ignore options defined outside of `baseModules`.
''; '';
}; };
nixos.extraModuleSources = mkOption { nixos.extraModuleSources = mkOption {
type = types.listOf (types.either types.path types.str); type = types.listOf (types.either types.path types.str);
default = [ ]; default = [ ];
description = '' description = lib.mdDoc ''
Which extra NixOS module paths the generated NixOS's documentation should strip Which extra NixOS module paths the generated NixOS's documentation should strip
from options. from options.
''; '';

View file

@ -354,6 +354,7 @@ in
webdav = 322; webdav = 322;
pipewire = 323; pipewire = 323;
rstudio-server = 324; rstudio-server = 324;
localtimed = 325;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -662,6 +663,7 @@ in
webdav = 322; webdav = 322;
pipewire = 323; pipewire = 323;
rstudio-server = 324; rstudio-server = 324;
localtimed = 325;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

View file

@ -39,16 +39,15 @@ in
type = str; type = str;
default = "02:15"; default = "02:15";
example = "hourly"; example = "hourly";
description = '' description = lib.mdDoc ''
Update the locate database at this interval. Updates by Update the locate database at this interval. Updates by
default at 2:15 AM every day. default at 2:15 AM every day.
The format is described in The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)`.
<manvolnum>7</manvolnum></citerefentry>.
To disable automatic updates, set to <literal>"never"</literal> To disable automatic updates, set to `"never"`
and run <command>updatedb</command> manually. and run {command}`updatedb` manually.
''; '';
}; };

View file

@ -117,13 +117,13 @@ in
''; '';
type = pkgsType; type = pkgsType;
example = literalExpression "import <nixpkgs> {}"; example = literalExpression "import <nixpkgs> {}";
description = '' description = lib.mdDoc ''
If set, the pkgs argument to all NixOS modules is the value of If set, the pkgs argument to all NixOS modules is the value of
this option, extended with <literal>nixpkgs.overlays</literal>, if this option, extended with `nixpkgs.overlays`, if
that is also set. Either <literal>nixpkgs.crossSystem</literal> or that is also set. Either `nixpkgs.crossSystem` or
<literal>nixpkgs.localSystem</literal> will be used in an assertion `nixpkgs.localSystem` will be used in an assertion
to check that the NixOS and Nixpkgs architectures match. Any to check that the NixOS and Nixpkgs architectures match. Any
other options in <literal>nixpkgs.*</literal>, notably <literal>config</literal>, other options in `nixpkgs.*`, notably `config`,
will be ignored. will be ignored.
If unset, the pkgs argument to all NixOS modules is determined If unset, the pkgs argument to all NixOS modules is determined
@ -132,18 +132,18 @@ in
The default value imports the Nixpkgs source files The default value imports the Nixpkgs source files
relative to the location of this NixOS module, because relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency, NixOS and Nixpkgs are distributed together for consistency,
so the <literal>nixos</literal> in the default value is in fact a so the `nixos` in the default value is in fact a
relative path. The <literal>config</literal>, <literal>overlays</literal>, relative path. The `config`, `overlays`,
<literal>localSystem</literal>, and <literal>crossSystem</literal> come `localSystem`, and `crossSystem` come
from this option's siblings. from this option's siblings.
This option can be used by applications like NixOps to increase This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend the performance of evaluation, or to create packages that depend
on a container that should be built with the exact same evaluation on a container that should be built with the exact same evaluation
of Nixpkgs, for example. Applications like this should set of Nixpkgs, for example. Applications like this should set
their default value using <literal>lib.mkDefault</literal>, so their default value using `lib.mkDefault`, so
user-provided configuration can override it without using user-provided configuration can override it without using
<literal>lib</literal>. `lib`.
Note that using a distinct version of Nixpkgs with NixOS may Note that using a distinct version of Nixpkgs with NixOS may
be an unexpected source of problems. Use this option with care. be an unexpected source of problems. Use this option with care.
@ -157,12 +157,12 @@ in
{ allowBroken = true; allowUnfree = true; } { allowBroken = true; allowUnfree = true; }
''; '';
type = configType; type = configType;
description = '' description = lib.mdDoc ''
The configuration of the Nix Packages collection. (For The configuration of the Nix Packages collection. (For
details, see the Nixpkgs documentation.) It allows you to set details, see the Nixpkgs documentation.) It allows you to set
package configuration options. package configuration options.
Ignored when <literal>nixpkgs.pkgs</literal> is set. Ignored when `nixpkgs.pkgs` is set.
''; '';
}; };
@ -180,17 +180,17 @@ in
] ]
''; '';
type = types.listOf overlayType; type = types.listOf overlayType;
description = '' description = lib.mdDoc ''
List of overlays to use with the Nix Packages collection. List of overlays to use with the Nix Packages collection.
(For details, see the Nixpkgs documentation.) It allows (For details, see the Nixpkgs documentation.) It allows
you to override packages globally. Each function in the list you to override packages globally. Each function in the list
takes as an argument the <emphasis>original</emphasis> Nixpkgs. takes as an argument the *original* Nixpkgs.
The first argument should be used for finding dependencies, and The first argument should be used for finding dependencies, and
the second should be used for overriding recipes. the second should be used for overriding recipes.
If <literal>nixpkgs.pkgs</literal> is set, overlays specified here If `nixpkgs.pkgs` is set, overlays specified here
will be applied after the overlays that were already present will be applied after the overlays that were already present
in <literal>nixpkgs.pkgs</literal>. in `nixpkgs.pkgs`.
''; '';
}; };
@ -202,12 +202,12 @@ in
apply = lib.systems.elaborate; apply = lib.systems.elaborate;
defaultText = literalExpression defaultText = literalExpression
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = '' description = lib.mdDoc ''
Specifies the platform where the NixOS configuration will run. Specifies the platform where the NixOS configuration will run.
To cross-compile, set also <literal>nixpkgs.buildPlatform</literal>. To cross-compile, set also `nixpkgs.buildPlatform`.
Ignored when <literal>nixpkgs.pkgs</literal> is set. Ignored when `nixpkgs.pkgs` is set.
''; '';
}; };
@ -220,7 +220,7 @@ in
apply = lib.systems.elaborate; apply = lib.systems.elaborate;
defaultText = literalExpression defaultText = literalExpression
''config.nixpkgs.hostPlatform''; ''config.nixpkgs.hostPlatform'';
description = '' description = lib.mdDoc ''
Specifies the platform on which NixOS should be built. Specifies the platform on which NixOS should be built.
By default, NixOS is built on the system where it runs, but you can By default, NixOS is built on the system where it runs, but you can
change where it's built. Setting this option will cause NixOS to be change where it's built. Setting this option will cause NixOS to be
@ -230,7 +230,7 @@ in
or if you're building machines, you can set this to match your or if you're building machines, you can set this to match your
development system and/or build farm. development system and/or build farm.
Ignored when <literal>nixpkgs.pkgs</literal> is set. Ignored when `nixpkgs.pkgs` is set.
''; '';
}; };
@ -243,25 +243,25 @@ in
apply = lib.systems.elaborate; apply = lib.systems.elaborate;
defaultText = literalExpression defaultText = literalExpression
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = '' description = lib.mdDoc ''
Systems with a recently generated <literal>hardware-configuration.nix</literal> Systems with a recently generated `hardware-configuration.nix`
do not need to specify this option, unless cross-compiling, in which case do not need to specify this option, unless cross-compiling, in which case
you should set <emphasis>only</emphasis> <option>nixpkgs.buildPlatform</option>. you should set *only* {option}`nixpkgs.buildPlatform`.
If this is somehow not feasible, you may fall back to removing the If this is somehow not feasible, you may fall back to removing the
<option>nixpkgs.hostPlatform</option> line from the generated config and {option}`nixpkgs.hostPlatform` line from the generated config and
use the old options. use the old options.
Specifies the platform on which NixOS should be built. When Specifies the platform on which NixOS should be built. When
<literal>nixpkgs.crossSystem</literal> is unset, it also specifies `nixpkgs.crossSystem` is unset, it also specifies
the platform <emphasis>for</emphasis> which NixOS should be the platform *for* which NixOS should be
built. If this option is unset, it defaults to the platform built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details. description in the Nixpkgs manual for more details.
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set. Ignored when `nixpkgs.pkgs` or `hostPlatform` is set.
''; '';
}; };
@ -272,20 +272,20 @@ in
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
default = null; default = null;
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; }; example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
description = '' description = lib.mdDoc ''
Systems with a recently generated <literal>hardware-configuration.nix</literal> Systems with a recently generated `hardware-configuration.nix`
may instead specify <emphasis>only</emphasis> <option>nixpkgs.buildPlatform</option>, may instead specify *only* {option}`nixpkgs.buildPlatform`,
or fall back to removing the <option>nixpkgs.hostPlatform</option> line from the generated config. or fall back to removing the {option}`nixpkgs.hostPlatform` line from the generated config.
Specifies the platform for which NixOS should be Specifies the platform for which NixOS should be
built. Specify this only if it is different from built. Specify this only if it is different from
<literal>nixpkgs.localSystem</literal>, the platform `nixpkgs.localSystem`, the platform
<emphasis>on</emphasis> which NixOS should be built. In other *on* which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the should be set as null, the default. See its description in the
Nixpkgs manual for more details. Nixpkgs manual for more details.
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set. Ignored when `nixpkgs.pkgs` or `hostPlatform` is set.
''; '';
}; };

View file

@ -23,7 +23,7 @@ in
} }
''; '';
description = '' description = lib.mdDoc ''
A set with the key names being the environment variable you'd like to A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing set and the values being a list of paths to text documents containing
lists of words. The various files will be merged, sorted, duplicates lists of words. The various files will be merged, sorted, duplicates

View file

@ -22,6 +22,7 @@
./config/ldap.nix ./config/ldap.nix
./config/locale.nix ./config/locale.nix
./config/malloc.nix ./config/malloc.nix
./config/mysql.nix
./config/networking.nix ./config/networking.nix
./config/no-x-libs.nix ./config/no-x-libs.nix
./config/nsswitch.nix ./config/nsswitch.nix
@ -329,6 +330,7 @@
./services/cluster/kubernetes/proxy.nix ./services/cluster/kubernetes/proxy.nix
./services/cluster/kubernetes/scheduler.nix ./services/cluster/kubernetes/scheduler.nix
./services/cluster/pacemaker/default.nix ./services/cluster/pacemaker/default.nix
./services/cluster/patroni/default.nix
./services/cluster/spark/default.nix ./services/cluster/spark/default.nix
./services/computing/boinc/client.nix ./services/computing/boinc/client.nix
./services/computing/foldingathome/client.nix ./services/computing/foldingathome/client.nix
@ -618,6 +620,7 @@
./services/misc/plikd.nix ./services/misc/plikd.nix
./services/misc/podgrab.nix ./services/misc/podgrab.nix
./services/misc/polaris.nix ./services/misc/polaris.nix
./services/misc/portunus.nix
./services/misc/prowlarr.nix ./services/misc/prowlarr.nix
./services/misc/tautulli.nix ./services/misc/tautulli.nix
./services/misc/pinnwand.nix ./services/misc/pinnwand.nix
@ -637,6 +640,7 @@
./services/misc/sonarr.nix ./services/misc/sonarr.nix
./services/misc/sourcehut ./services/misc/sourcehut
./services/misc/spice-vdagentd.nix ./services/misc/spice-vdagentd.nix
./services/misc/spice-webdavd.nix
./services/misc/ssm-agent.nix ./services/misc/ssm-agent.nix
./services/misc/sssd.nix ./services/misc/sssd.nix
./services/misc/subsonic.nix ./services/misc/subsonic.nix
@ -1023,7 +1027,7 @@
./services/system/cloud-init.nix ./services/system/cloud-init.nix
./services/system/dbus.nix ./services/system/dbus.nix
./services/system/earlyoom.nix ./services/system/earlyoom.nix
./services/system/localtime.nix ./services/system/localtimed.nix
./services/system/kerberos/default.nix ./services/system/kerberos/default.nix
./services/system/nscd.nix ./services/system/nscd.nix
./services/system/saslauthd.nix ./services/system/saslauthd.nix
@ -1074,6 +1078,7 @@
./services/web-apps/jirafeau.nix ./services/web-apps/jirafeau.nix
./services/web-apps/jitsi-meet.nix ./services/web-apps/jitsi-meet.nix
./services/web-apps/keycloak.nix ./services/web-apps/keycloak.nix
./services/web-apps/komga.nix
./services/web-apps/lemmy.nix ./services/web-apps/lemmy.nix
./services/web-apps/invidious.nix ./services/web-apps/invidious.nix
./services/web-apps/invoiceplane.nix ./services/web-apps/invoiceplane.nix
@ -1134,6 +1139,7 @@
./services/web-servers/pomerium.nix ./services/web-servers/pomerium.nix
./services/web-servers/unit/default.nix ./services/web-servers/unit/default.nix
./services/web-servers/tomcat.nix ./services/web-servers/tomcat.nix
./services/web-servers/keter
./services/web-servers/traefik.nix ./services/web-servers/traefik.nix
./services/web-servers/trafficserver/default.nix ./services/web-servers/trafficserver/default.nix
./services/web-servers/ttyd.nix ./services/web-servers/ttyd.nix

View file

@ -61,7 +61,7 @@ in
installer.cloneConfig = mkOption { installer.cloneConfig = mkOption {
default = true; default = true;
description = '' description = lib.mdDoc ''
Try to clone the installation-device configuration by re-using it's Try to clone the installation-device configuration by re-using it's
profile from the list of imported modules. profile from the list of imported modules.
''; '';
@ -70,14 +70,14 @@ in
installer.cloneConfigIncludes = mkOption { installer.cloneConfigIncludes = mkOption {
default = []; default = [];
example = [ "./nixos/modules/hardware/network/rt73.nix" ]; example = [ "./nixos/modules/hardware/network/rt73.nix" ];
description = '' description = lib.mdDoc ''
List of modules used to re-build this installation device profile. List of modules used to re-build this installation device profile.
''; '';
}; };
installer.cloneConfigExtra = mkOption { installer.cloneConfigExtra = mkOption {
default = ""; default = "";
description = '' description = lib.mdDoc ''
Extra text to include in the cloned configuration.nix included in this Extra text to include in the cloned configuration.nix included in this
installer. installer.
''; '';

View file

@ -85,9 +85,9 @@ in
bindInterface = mkOption { bindInterface = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Binds <package>captive-browser</package> to the network interface declared in Binds `captive-browser` to the network interface declared in
<literal>cfg.interface</literal>. This can be used to avoid collisions `cfg.interface`. This can be used to avoid collisions
with private subnets. with private subnets.
''; '';
}; };

View file

@ -76,10 +76,10 @@ in
extraOpts = mkOption { extraOpts = mkOption {
type = types.attrs; type = types.attrs;
description = '' description = lib.mdDoc ''
Extra chromium policy options. A list of available policies Extra chromium policy options. A list of available policies
can be found in the Chrome Enterprise documentation: can be found in the Chrome Enterprise documentation:
<link xlink:href="https://cloud.google.com/docs/chrome-enterprise/policies/">https://cloud.google.com/docs/chrome-enterprise/policies/</link> <https://cloud.google.com/docs/chrome-enterprise/policies/>
Make sure the selected policy is supported on Linux and your browser version. Make sure the selected policy is supported on Linux and your browser version.
''; '';
default = {}; default = {};

View file

@ -8,15 +8,15 @@ with lib;
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to enable k3b, the KDE disk burning application. Whether to enable k3b, the KDE disk burning application.
Additionally to installing <package>k3b</package> enabling this will Additionally to installing `k3b` enabling this will
add <literal>setuid</literal> wrappers in <literal>/run/wrappers/bin</literal> add `setuid` wrappers in `/run/wrappers/bin`
for both <package>cdrdao</package> and <package>cdrecord</package>. On first for both `cdrdao` and `cdrecord`. On first
run you must manually configure the path of <package>cdrdae</package> and run you must manually configure the path of `cdrdae` and
<package>cdrecord</package> to correspond to the appropriate paths under `cdrecord` to correspond to the appropriate paths under
<literal>/run/wrappers/bin</literal> in the "Setup External Programs" menu. `/run/wrappers/bin` in the "Setup External Programs" menu.
''; '';
}; };
}; };

View file

@ -17,7 +17,7 @@ in
type = lib.types.bool; type = lib.types.bool;
}; };
withUtempter = mkOption { withUtempter = mkOption {
description = '' description = lib.mdDoc ''
Whether to enable libutempter for mosh. Whether to enable libutempter for mosh.
This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions). This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).
Note, this will add a guid wrapper for the group utmp! Note, this will add a guid wrapper for the group utmp!

View file

@ -45,7 +45,7 @@ in {
passwordeval = "cat /secrets/password.txt"; passwordeval = "cat /secrets/password.txt";
}; };
}; };
description = '' description = lib.mdDoc ''
Named accounts and their respective configurations. Named accounts and their respective configurations.
The special name "default" allows a default account to be defined. The special name "default" allows a default account to be defined.
See msmtp(1) for the available options. See msmtp(1) for the available options.

View file

@ -93,10 +93,10 @@ in
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Extra configuration text prepended to <filename>ssh_config</filename>. Other generated Extra configuration text prepended to {file}`ssh_config`. Other generated
options will be added after a <literal>Host *</literal> pattern. options will be added after a `Host *` pattern.
See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry> See {manpage}`ssh_config(5)`
for help. for help.
''; '';
}; };

View file

@ -22,7 +22,7 @@ in
default = "fuck"; default = "fuck";
type = types.str; type = types.str;
description = '' description = lib.mdDoc ''
`thefuck` needs an alias to be configured. `thefuck` needs an alias to be configured.
The default value is `fuck`, but you can use anything else as well. The default value is `fuck`, but you can use anything else as well.
''; '';

View file

@ -95,13 +95,13 @@ let
exclude.dir /nix/store exclude.dir /nix/store
include.encrypt /home/.../* include.encrypt /home/.../*
''; '';
description = '' description = lib.mdDoc ''
<literal>include.*</literal> and `include.*` and
<literal>exclude.*</literal> directives to be `exclude.*` directives to be
used when sending files to the IBM TSM server. used when sending files to the IBM TSM server.
The lines will be written into a file that the The lines will be written into a file that the
<literal>inclexcl</literal> `inclexcl`
directive in <filename>dsm.sys</filename> points to. directive in {file}`dsm.sys` points to.
''; '';
}; };
options.extraConfig = mkOption { options.extraConfig = mkOption {

View file

@ -62,7 +62,7 @@ in
to use `yabar-unstable'. to use `yabar-unstable'.
''; '';
description = '' description = lib.mdDoc ''
The package which contains the `yabar` binary. The package which contains the `yabar` binary.
Nixpkgs provides the `yabar` and `yabar-unstable` Nixpkgs provides the `yabar` and `yabar-unstable`

View file

@ -49,7 +49,7 @@ in
package = mkOption { package = mkOption {
default = pkgs.oh-my-zsh; default = pkgs.oh-my-zsh;
defaultText = literalExpression "pkgs.oh-my-zsh"; defaultText = literalExpression "pkgs.oh-my-zsh";
description = '' description = lib.mdDoc ''
Package to install for `oh-my-zsh` usage. Package to install for `oh-my-zsh` usage.
''; '';
@ -67,7 +67,7 @@ in
custom = mkOption { custom = mkOption {
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = lib.mdDoc ''
Path to a custom oh-my-zsh package to override config of oh-my-zsh. Path to a custom oh-my-zsh package to override config of oh-my-zsh.
(Can't be used along with `customPkgs`). (Can't be used along with `customPkgs`).
''; '';
@ -76,7 +76,7 @@ in
customPkgs = mkOption { customPkgs = mkOption {
default = []; default = [];
type = types.listOf types.package; type = types.listOf types.package;
description = '' description = lib.mdDoc ''
List of custom packages that should be loaded into `oh-my-zsh`. List of custom packages that should be loaded into `oh-my-zsh`.
''; '';
}; };
@ -92,7 +92,7 @@ in
cacheDir = mkOption { cacheDir = mkOption {
default = "$HOME/.cache/oh-my-zsh"; default = "$HOME/.cache/oh-my-zsh";
type = types.str; type = types.str;
description = '' description = lib.mdDoc ''
Cache directory to be used by `oh-my-zsh`. Cache directory to be used by `oh-my-zsh`.
Without this option it would default to the read-only nix store. Without this option it would default to the read-only nix store.
''; '';

View file

@ -11,7 +11,7 @@ in {
package = mkOption { package = mkOption {
default = pkgs.zsh-autoenv; default = pkgs.zsh-autoenv;
defaultText = literalExpression "pkgs.zsh-autoenv"; defaultText = literalExpression "pkgs.zsh-autoenv";
description = '' description = lib.mdDoc ''
Package to install for `zsh-autoenv` usage. Package to install for `zsh-autoenv` usage.
''; '';

View file

@ -24,7 +24,7 @@ in
strategy = mkOption { strategy = mkOption {
type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]); type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]);
default = [ "history" ]; default = [ "history" ];
description = '' description = lib.mdDoc ''
`ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated. `ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated.
The strategies in the array are tried successively until a suggestion is found. The strategies in the array are tried successively until a suggestion is found.
There are currently three built-in strategies to choose from: There are currently three built-in strategies to choose from:

View file

@ -451,10 +451,9 @@ let
renewInterval = mkOption { renewInterval = mkOption {
type = types.str; type = types.str;
inherit (defaultAndText "renewInterval" "daily") default defaultText; inherit (defaultAndText "renewInterval" "daily") default defaultText;
description = '' description = lib.mdDoc ''
Systemd calendar expression when to check for renewal. See Systemd calendar expression when to check for renewal. See
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)`.
<manvolnum>7</manvolnum></citerefentry>.
''; '';
}; };
@ -677,7 +676,7 @@ let
inheritDefaults = mkOption { inheritDefaults = mkOption {
default = true; default = true;
example = true; example = true;
description = "Whether to inherit values set in `security.acme.defaults` or not."; description = lib.mdDoc "Whether to inherit values set in `security.acme.defaults` or not.";
type = lib.types.bool; type = lib.types.bool;
}; };
}; };

View file

@ -81,8 +81,8 @@ services.nginx = {
}; };
# We can also add a different vhost and reuse the same certificate # We can also add a different vhost and reuse the same certificate
# but we have to append extraDomainNames manually. # but we have to append extraDomainNames manually beforehand:
<link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ]; # <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ];
"baz.example.com" = { "baz.example.com" = {
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com"; <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com";

View file

@ -42,7 +42,7 @@ in
if you want this service to do such killing if you want this service to do such killing
by sending a <literal>SIGTERM</literal> to those running processes''; by sending a <literal>SIGTERM</literal> to those running processes'';
policies = mkOption { policies = mkOption {
description = '' description = lib.mdDoc ''
AppArmor policies. AppArmor policies.
''; '';
type = types.attrsOf (types.submodule ({ name, config, ... }: { type = types.attrsOf (types.submodule ({ name, config, ... }: {
@ -50,7 +50,7 @@ in
enable = mkDisableOption "loading of the profile into the kernel"; enable = mkDisableOption "loading of the profile into the kernel";
enforce = mkDisableOption "enforcing of the policy or only complain in the logs"; enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
profile = mkOption { profile = mkOption {
description = "The policy of the profile."; description = lib.mdDoc "The policy of the profile.";
type = types.lines; type = types.lines;
apply = pkgs.writeText name; apply = pkgs.writeText name;
}; };
@ -61,16 +61,16 @@ in
includes = mkOption { includes = mkOption {
type = types.attrsOf types.lines; type = types.attrsOf types.lines;
default = {}; default = {};
description = '' description = lib.mdDoc ''
List of paths to be added to AppArmor's searched paths List of paths to be added to AppArmor's searched paths
when resolving <literal>include</literal> directives. when resolving `include` directives.
''; '';
apply = mapAttrs pkgs.writeText; apply = mapAttrs pkgs.writeText;
}; };
packages = mkOption { packages = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = []; default = [];
description = "List of packages to be added to AppArmor's include path"; description = lib.mdDoc "List of packages to be added to AppArmor's include path";
}; };
enableCache = mkEnableOption '' enableCache = mkEnableOption ''
caching of AppArmor policies caching of AppArmor policies

View file

@ -94,7 +94,7 @@ in {
<note><para>If this is <literal>false</literal> the resulting store <note><para>If this is <literal>false</literal> the resulting store
path will be non-deterministic and will be rebuilt every time the path will be non-deterministic and will be rebuilt every time the
<package>openssl</package> package changes.</para></note> <literal>openssl</literal> package changes.</para></note>
''; '';
}; };

View file

@ -142,6 +142,16 @@ let
''; '';
}; };
mysqlAuth = mkOption {
default = config.users.mysql.enable;
defaultText = literalExpression "config.users.mysql.enable";
type = types.bool;
description = ''
If set, the <literal>pam_mysql</literal> module will be used to
authenticate users against a MySQL/MariaDB database.
'';
};
fprintAuth = mkOption { fprintAuth = mkOption {
default = config.services.fprintd.enable; default = config.services.fprintd.enable;
defaultText = literalExpression "config.services.fprintd.enable"; defaultText = literalExpression "config.services.fprintd.enable";
@ -310,12 +320,10 @@ let
limits = mkOption { limits = mkOption {
default = []; default = [];
type = limitsType; type = limitsType;
description = '' description = lib.mdDoc ''
Attribute set describing resource limits. Defaults to the Attribute set describing resource limits. Defaults to the
value of <option>security.pam.loginLimits</option>. value of {option}`security.pam.loginLimits`.
The meaning of the values is explained in <citerefentry> The meaning of the values is explained in {manpage}`limits.conf(5)`.
<refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
''; '';
}; };
@ -442,11 +450,13 @@ let
( (
'' ''
# Account management. # Account management.
account required pam_unix.so
'' + '' +
optionalString use_ldap '' optionalString use_ldap ''
account sufficient ${pam_ldap}/lib/security/pam_ldap.so account sufficient ${pam_ldap}/lib/security/pam_ldap.so
'' + '' +
optionalString cfg.mysqlAuth ''
account sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) '' optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) ''
account sufficient ${pkgs.sssd}/lib/security/pam_sss.so account sufficient ${pkgs.sssd}/lib/security/pam_sss.so
'' + '' +
@ -460,7 +470,11 @@ let
account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so
'' + '' +
# The required pam_unix.so module has to come after all the sufficient modules
# because otherwise, the account lookup will fail if the user does not exist
# locally, for example with MySQL- or LDAP-auth.
'' ''
account required pam_unix.so
# Authentication management. # Authentication management.
'' + '' +
@ -476,6 +490,9 @@ let
optionalString cfg.logFailures '' optionalString cfg.logFailures ''
auth required pam_faillock.so auth required pam_faillock.so
'' + '' +
optionalString cfg.mysqlAuth ''
auth sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) '' optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) ''
auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles} auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}
'' + '' +
@ -573,6 +590,9 @@ let
optionalString use_ldap '' optionalString use_ldap ''
password sufficient ${pam_ldap}/lib/security/pam_ldap.so password sufficient ${pam_ldap}/lib/security/pam_ldap.so
'' + '' +
optionalString cfg.mysqlAuth ''
password sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString config.services.sssd.enable '' optionalString config.services.sssd.enable ''
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok
'' + '' +
@ -616,6 +636,9 @@ let
optionalString use_ldap '' optionalString use_ldap ''
session optional ${pam_ldap}/lib/security/pam_ldap.so session optional ${pam_ldap}/lib/security/pam_ldap.so
'' + '' +
optionalString cfg.mysqlAuth ''
session optional ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString config.services.sssd.enable '' optionalString config.services.sssd.enable ''
session optional ${pkgs.sssd}/lib/security/pam_sss.so session optional ${pkgs.sssd}/lib/security/pam_sss.so
'' + '' +
@ -750,14 +773,13 @@ in
} }
]; ];
description = description = ''
'' Define resource limits that should apply to users or groups. Define resource limits that should apply to users or groups.
Each item in the list should be an attribute set with a Each item in the list should be an attribute set with a
<varname>domain</varname>, <varname>type</varname>, <varname>domain</varname>, <varname>type</varname>,
<varname>item</varname>, and <varname>value</varname> <varname>item</varname>, and <varname>value</varname>
attribute. The syntax and semantics of these attributes attribute. The syntax and semantics of these attributes
must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle> must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
<manvolnum>5</manvolnum></citerefentry>.
Note that these limits do not apply to systemd services, Note that these limits do not apply to systemd services,
whose limits can be changed via <option>systemd.extraConfig</option> whose limits can be changed via <option>systemd.extraConfig</option>
@ -838,17 +860,14 @@ in
control = mkOption { control = mkOption {
default = "sufficient"; default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ]; type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = '' description = lib.mdDoc ''
This option sets pam "control". This option sets pam "control".
If you want to have multi factor authentication, use "required". If you want to have multi factor authentication, use "required".
If you want to use the PKCS#11 device instead of the regular password, If you want to use the PKCS#11 device instead of the regular password,
use "sufficient". use "sufficient".
Read Read
<citerefentry> {manpage}`pam.conf(5)`
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option. for better understanding of this option.
''; '';
}; };
@ -929,16 +948,13 @@ in
control = mkOption { control = mkOption {
default = "sufficient"; default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ]; type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = '' description = lib.mdDoc ''
This option sets pam "control". This option sets pam "control".
If you want to have multi factor authentication, use "required". If you want to have multi factor authentication, use "required".
If you want to use U2F device instead of regular password, use "sufficient". If you want to use U2F device instead of regular password, use "sufficient".
Read Read
<citerefentry> {manpage}`pam.conf(5)`
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option. for better understanding of this option.
''; '';
}; };
@ -1047,17 +1063,14 @@ in
control = mkOption { control = mkOption {
default = "sufficient"; default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ]; type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = '' description = lib.mdDoc ''
This option sets pam "control". This option sets pam "control".
If you want to have multi factor authentication, use "required". If you want to have multi factor authentication, use "required".
If you want to use the SSH certificate instead of the regular password, If you want to use the SSH certificate instead of the regular password,
use "sufficient". use "sufficient".
Read Read
<citerefentry> {manpage}`pam.conf(5)`
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option. for better understanding of this option.
''; '';
}; };
@ -1082,16 +1095,13 @@ in
control = mkOption { control = mkOption {
default = "sufficient"; default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ]; type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = '' description = lib.mdDoc ''
This option sets pam "control". This option sets pam "control".
If you want to have multi factor authentication, use "required". If you want to have multi factor authentication, use "required".
If you want to use Yubikey instead of regular password, use "sufficient". If you want to use Yubikey instead of regular password, use "sufficient".
Read Read
<citerefentry> {manpage}`pam.conf(5)`
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option. for better understanding of this option.
''; '';
}; };
@ -1250,6 +1260,9 @@ in
optionalString (isEnabled (cfg: cfg.oathAuth)) '' optionalString (isEnabled (cfg: cfg.oathAuth)) ''
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so, "mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so,
'' + '' +
optionalString (isEnabled (cfg: cfg.mysqlAuth)) ''
mr ${pkgs.pam_mysql}/lib/security/pam_mysql.so,
'' +
optionalString (isEnabled (cfg: cfg.yubicoAuth)) '' optionalString (isEnabled (cfg: cfg.yubicoAuth)) ''
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so, mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,
'' + '' +

View file

@ -46,7 +46,7 @@ in
type = types.package; type = types.package;
default = pkgs.sudo; default = pkgs.sudo;
defaultText = literalExpression "pkgs.sudo"; defaultText = literalExpression "pkgs.sudo";
description = '' description = lib.mdDoc ''
Which package to use for `sudo`. Which package to use for `sudo`.
''; '';
}; };

View file

@ -10,12 +10,10 @@ in {
options.confinement.enable = lib.mkOption { options.confinement.enable = lib.mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
If set, all the required runtime store paths for this service are If set, all the required runtime store paths for this service are
bind-mounted into a <literal>tmpfs</literal>-based <citerefentry> bind-mounted into a `tmpfs`-based
<refentrytitle>chroot</refentrytitle> {manpage}`chroot(2)`.
<manvolnum>2</manvolnum>
</citerefentry>.
''; '';
}; };
@ -63,16 +61,13 @@ in {
default = toplevelConfig.environment.binsh; default = toplevelConfig.environment.binsh;
defaultText = lib.literalExpression "config.environment.binsh"; defaultText = lib.literalExpression "config.environment.binsh";
example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"'';
description = '' description = lib.mdDoc ''
The program to make available as <filename>/bin/sh</filename> inside The program to make available as {file}`/bin/sh` inside
the chroot. If this is set to <literal>null</literal>, no the chroot. If this is set to `null`, no
<filename>/bin/sh</filename> is provided at all. {file}`/bin/sh` is provided at all.
This is useful for some applications, which for example use the This is useful for some applications, which for example use the
<citerefentry> {manpage}`system(3)` library function to execute commands.
<refentrytitle>system</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry> library function to execute commands.
''; '';
}; };
@ -88,10 +83,8 @@ in {
name space. name space.
If this is set to <literal>chroot-only</literal>, only the file If this is set to <literal>chroot-only</literal>, only the file
system name space is set up along with the call to <citerefentry> system name space is set up along with the call to
<refentrytitle>chroot</refentrytitle> <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
<manvolnum>2</manvolnum>
</citerefentry>.
<note><para>This doesn't cover network namespaces and is solely for <note><para>This doesn't cover network namespaces and is solely for
file system level isolation.</para></note> file system level isolation.</para></note>

View file

@ -54,10 +54,7 @@ let
description = '' description = ''
A comma-separated list of capabilities to be given to the wrapper A comma-separated list of capabilities to be given to the wrapper
program. For capabilities supported by the system check the program. For capabilities supported by the system check the
<citerefentry> <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<refentrytitle>capabilities</refentrytitle>
<manvolnum>7</manvolnum>
</citerefentry>
manual page. manual page.
<note><para> <note><para>
@ -188,6 +185,16 @@ in
''; '';
}; };
security.wrapperDirSize = lib.mkOption {
default = "50%";
example = "10G";
type = lib.types.str;
description = ''
Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option,
for the accepted syntax. WARNING: don't set to less than 64MB.
'';
};
security.wrapperDir = lib.mkOption { security.wrapperDir = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = "/run/wrappers/bin"; default = "/run/wrappers/bin";
@ -230,7 +237,7 @@ in
boot.specialFileSystems.${parentWrapperDir} = { boot.specialFileSystems.${parentWrapperDir} = {
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "nodev" "mode=755" ]; options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
}; };
# Make sure our wrapperDir exports to the PATH env variable when # Make sure our wrapperDir exports to the PATH env variable when

View file

@ -23,12 +23,10 @@ let
on_exit() on_exit()
{ {
exitStatus=$? exitStatus=$?
# Reset the EXIT handler, or else we're called again on 'exit' below
trap - EXIT
${cfg.postHook} ${cfg.postHook}
exit $exitStatus exit $exitStatus
} }
trap 'on_exit' INT TERM QUIT EXIT trap on_exit EXIT
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})" archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}" archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
@ -320,13 +318,12 @@ in {
startAt = mkOption { startAt = mkOption {
type = with types; either str (listOf str); type = with types; either str (listOf str);
default = "daily"; default = "daily";
description = '' description = lib.mdDoc ''
When or how often the backup should run. When or how often the backup should run.
Must be in the format described in Must be in the format described in
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)`.
<manvolnum>7</manvolnum></citerefentry>.
If you do not want the backup to start If you do not want the backup to start
automatically, use <literal>[ ]</literal>. automatically, use `[ ]`.
It will generate a systemd service borgbackup-job-NAME. It will generate a systemd service borgbackup-job-NAME.
You may trigger it manually via systemctl restart borgbackup-job-NAME. You may trigger it manually via systemctl restart borgbackup-job-NAME.
''; '';
@ -336,10 +333,9 @@ in {
default = false; default = false;
type = types.bool; type = types.bool;
example = true; example = true;
description = '' description = lib.mdDoc ''
Set the <literal>persistentTimer</literal> option for the Set the `persistentTimer` option for the
<citerefentry><refentrytitle>systemd.timer</refentrytitle> {manpage}`systemd.timer(5)`
<manvolnum>5</manvolnum></citerefentry>
which triggers the backup immediately if the last trigger which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down). was missed (e.g. if the system was powered down).
''; '';

View file

@ -27,30 +27,27 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "/home" ]; example = [ "/home" ];
description = '' description = lib.mdDoc ''
List of paths to include into the backups. See the FILE SELECTION List of paths to include into the backups. See the FILE SELECTION
section in <citerefentry><refentrytitle>duplicity</refentrytitle> section in {manpage}`duplicity(1)` for details on the syntax.
<manvolnum>1</manvolnum></citerefentry> for details on the syntax.
''; '';
}; };
exclude = mkOption { exclude = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
description = '' description = lib.mdDoc ''
List of paths to exclude from backups. See the FILE SELECTION section in List of paths to exclude from backups. See the FILE SELECTION section in
<citerefentry><refentrytitle>duplicity</refentrytitle> {manpage}`duplicity(1)` for details on the syntax.
<manvolnum>1</manvolnum></citerefentry> for details on the syntax.
''; '';
}; };
targetUrl = mkOption { targetUrl = mkOption {
type = types.str; type = types.str;
example = "s3://host:port/prefix"; example = "s3://host:port/prefix";
description = '' description = lib.mdDoc ''
Target url to backup to. See the URL FORMAT section in Target url to backup to. See the URL FORMAT section in
<citerefentry><refentrytitle>duplicity</refentrytitle> {manpage}`duplicity(1)` for supported urls.
<manvolnum>1</manvolnum></citerefentry> for supported urls.
''; '';
}; };
@ -60,8 +57,7 @@ in
description = '' description = ''
Path of a file containing secrets (gpg passphrase, access key...) in Path of a file containing secrets (gpg passphrase, access key...) in
the format of EnvironmentFile as described by the format of EnvironmentFile as described by
<citerefentry><refentrytitle>systemd.exec</refentrytitle> <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For example:
<manvolnum>5</manvolnum></citerefentry>. For example:
<programlisting> <programlisting>
PASSPHRASE=«...» PASSPHRASE=«...»
AWS_ACCESS_KEY_ID=«...» AWS_ACCESS_KEY_ID=«...»
@ -73,10 +69,9 @@ in
frequency = mkOption { frequency = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = "daily"; default = "daily";
description = '' description = lib.mdDoc ''
Run duplicity with the given frequency (see Run duplicity with the given frequency (see
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)` for the format).
<manvolnum>7</manvolnum></citerefentry> for the format).
If null, do not run automatically. If null, do not run automatically.
''; '';
}; };
@ -85,10 +80,9 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "--backend-retry-delay" "100" ]; example = [ "--backend-retry-delay" "100" ];
description = '' description = lib.mdDoc ''
Extra command-line flags passed to duplicity. See Extra command-line flags passed to duplicity. See
<citerefentry><refentrytitle>duplicity</refentrytitle> {manpage}`duplicity(1)`.
<manvolnum>1</manvolnum></citerefentry>.
''; '';
}; };

View file

@ -118,12 +118,11 @@ in
type = types.str; type = types.str;
default = "hourly"; default = "hourly";
example = "daily"; example = "daily";
description = '' description = lib.mdDoc ''
Run sanoid at this interval. The default is to run hourly. Run sanoid at this interval. The default is to run hourly.
The format is described in The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)`.
<manvolnum>7</manvolnum></citerefentry>.
''; '';
}; };

View file

@ -16,11 +16,11 @@ let
lib.concatMapStrings (s: if lib.isList s then "-" else s) lib.concatMapStrings (s: if lib.isList s then "-" else s)
(builtins.split "[^a-zA-Z0-9_.\\-]+" name); (builtins.split "[^a-zA-Z0-9_.\\-]+" name);
# Function to build "zfs allow" commands for the filesystems we've # Function to build "zfs allow" commands for the filesystems we've delegated
# delegated permissions to. It also checks if the target dataset # permissions to. It also checks if the target dataset exists before
# exists before delegating permissions, if it doesn't exist we # delegating permissions, if it doesn't exist we delegate it to the parent
# delegate it to the parent dataset. This should solve the case of # dataset (if it exists). This should solve the case of provisoning new
# provisoning new datasets. # datasets.
buildAllowCommand = permissions: dataset: ( buildAllowCommand = permissions: dataset: (
"-+${pkgs.writeShellScript "zfs-allow-${dataset}" '' "-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS # Here we explicitly use the booted system to guarantee the stable API needed by ZFS
@ -38,6 +38,7 @@ let
(concatStringsSep "," permissions) (concatStringsSep "," permissions)
dataset dataset
]} ]}
${lib.optionalString ((builtins.dirOf dataset) != ".") ''
else else
${lib.escapeShellArgs [ ${lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs" "/run/booted-system/sw/bin/zfs"
@ -47,6 +48,7 @@ let
# Remove the last part of the path # Remove the last part of the path
(builtins.dirOf dataset) (builtins.dirOf dataset)
]} ]}
''}
fi fi
''}" ''}"
); );
@ -67,14 +69,14 @@ let
(concatStringsSep "," permissions) (concatStringsSep "," permissions)
dataset dataset
]} ]}
${lib.escapeShellArgs [ ${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs" "/run/booted-system/sw/bin/zfs"
"unallow" "unallow"
cfg.user cfg.user
(concatStringsSep "," permissions) (concatStringsSep "," permissions)
# Remove the last part of the path # Remove the last part of the path
(builtins.dirOf dataset) (builtins.dirOf dataset)
]} ])}
''}" ''}"
); );
in in
@ -89,12 +91,11 @@ in
type = types.str; type = types.str;
default = "hourly"; default = "hourly";
example = "*-*-* *:15:00"; example = "*-*-* *:15:00";
description = '' description = lib.mdDoc ''
Run syncoid at this interval. The default is to run hourly. Run syncoid at this interval. The default is to run hourly.
The format is described in The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)`.
<manvolnum>7</manvolnum></citerefentry>.
''; '';
}; };

View file

@ -140,12 +140,11 @@ in
type = types.str; type = types.str;
default = "01:15"; default = "01:15";
example = "hourly"; example = "hourly";
description = '' description = lib.mdDoc ''
Create archive at this interval. Create archive at this interval.
The format is described in The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle> {manpage}`systemd.time(7)`.
<manvolnum>7</manvolnum></citerefentry>.
''; '';
}; };

View file

@ -16,9 +16,9 @@ with lib;
"fs.defaultFS" = "hdfs://localhost"; "fs.defaultFS" = "hdfs://localhost";
} }
''; '';
description = '' description = lib.mdDoc ''
Hadoop core-site.xml definition Hadoop core-site.xml definition
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml"/> <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml>
''; '';
}; };
coreSiteInternal = mkOption { coreSiteInternal = mkOption {
@ -38,7 +38,7 @@ with lib;
"dfs.namenode.http-bind-host" = "0.0.0.0"; "dfs.namenode.http-bind-host" = "0.0.0.0";
}; };
type = types.attrsOf types.anything; type = types.attrsOf types.anything;
description = '' description = lib.mdDoc ''
Default options for hdfs-site.xml Default options for hdfs-site.xml
''; '';
}; };
@ -50,9 +50,9 @@ with lib;
"dfs.nameservices" = "namenode1"; "dfs.nameservices" = "namenode1";
} }
''; '';
description = '' description = lib.mdDoc ''
Additional options and overrides for hdfs-site.xml Additional options and overrides for hdfs-site.xml
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml"/> <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml>
''; '';
}; };
hdfsSiteInternal = mkOption { hdfsSiteInternal = mkOption {
@ -80,7 +80,7 @@ with lib;
} }
''; '';
type = types.attrsOf types.anything; type = types.attrsOf types.anything;
description = '' description = lib.mdDoc ''
Default options for mapred-site.xml Default options for mapred-site.xml
''; '';
}; };
@ -92,9 +92,9 @@ with lib;
"mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC"; "mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC";
} }
''; '';
description = '' description = lib.mdDoc ''
Additional options and overrides for mapred-site.xml Additional options and overrides for mapred-site.xml
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml"/> <https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml>
''; '';
}; };
@ -113,7 +113,7 @@ with lib;
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler"; "yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler";
}; };
type = types.attrsOf types.anything; type = types.attrsOf types.anything;
description = '' description = lib.mdDoc ''
Default options for yarn-site.xml Default options for yarn-site.xml
''; '';
}; };
@ -125,9 +125,9 @@ with lib;
"yarn.resourcemanager.hostname" = "''${config.networking.hostName}"; "yarn.resourcemanager.hostname" = "''${config.networking.hostName}";
} }
''; '';
description = '' description = lib.mdDoc ''
Additional options and overrides for yarn-site.xml Additional options and overrides for yarn-site.xml
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml"/> <https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml>
''; '';
}; };
yarnSiteInternal = mkOption { yarnSiteInternal = mkOption {
@ -147,9 +147,9 @@ with lib;
"hadoop.http.max.threads" = 500; "hadoop.http.max.threads" = 500;
} }
''; '';
description = '' description = lib.mdDoc ''
Hadoop httpfs-site.xml definition Hadoop httpfs-site.xml definition
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html"/> <https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html>
''; '';
}; };
@ -162,7 +162,7 @@ with lib;
example = literalExpression '' example = literalExpression ''
"''${pkgs.hadoop}/lib/''${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties"; "''${pkgs.hadoop}/lib/''${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";
''; '';
description = "log4j.properties file added to HADOOP_CONF_DIR"; description = lib.mdDoc "log4j.properties file added to HADOOP_CONF_DIR";
}; };
containerExecutorCfg = mkOption { containerExecutorCfg = mkOption {
@ -179,9 +179,9 @@ with lib;
"feature.terminal.enabled" = 0; "feature.terminal.enabled" = 0;
} }
''; '';
description = '' description = lib.mdDoc ''
Yarn container-executor.cfg definition Yarn container-executor.cfg definition
<link xlink:href="https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html"/> <https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html>
''; '';
}; };
@ -194,7 +194,7 @@ with lib;
./extraYARNConfs ./extraYARNConfs
] ]
''; '';
description = "Directories containing additional config files to be added to HADOOP_CONF_DIR"; description = lib.mdDoc "Directories containing additional config files to be added to HADOOP_CONF_DIR";
}; };
gatewayRole.enable = mkEnableOption "gateway role for deploying hadoop configs"; gatewayRole.enable = mkEnableOption "gateway role for deploying hadoop configs";

View file

@ -21,7 +21,7 @@ in
"hbase.cluster.distributed" = "true"; "hbase.cluster.distributed" = "true";
}; };
type = types.attrsOf types.anything; type = types.attrsOf types.anything;
description = '' description = lib.mdDoc ''
Default options for hbase-site.xml Default options for hbase-site.xml
''; '';
}; };
@ -30,9 +30,9 @@ in
type = with types; attrsOf anything; type = with types; attrsOf anything;
example = literalExpression '' example = literalExpression ''
''; '';
description = '' description = lib.mdDoc ''
Additional options and overrides for hbase-site.xml Additional options and overrides for hbase-site.xml
<link xlink:href="https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml"/> <https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml>
''; '';
}; };
hbaseSiteInternal = mkOption { hbaseSiteInternal = mkOption {
@ -50,11 +50,11 @@ in
type = types.package; type = types.package;
default = pkgs.hbase; default = pkgs.hbase;
defaultText = literalExpression "pkgs.hbase"; defaultText = literalExpression "pkgs.hbase";
description = "HBase package"; description = lib.mdDoc "HBase package";
}; };
rootdir = mkOption { rootdir = mkOption {
description = '' description = lib.mdDoc ''
This option will set "hbase.rootdir" in hbase-site.xml and determine This option will set "hbase.rootdir" in hbase-site.xml and determine
the directory shared by region servers and into which HBase persists. the directory shared by region servers and into which HBase persists.
The URL should be 'fully-qualified' to include the filesystem scheme. The URL should be 'fully-qualified' to include the filesystem scheme.
@ -68,7 +68,7 @@ in
default = "/hbase"; default = "/hbase";
}; };
zookeeperQuorum = mkOption { zookeeperQuorum = mkOption {
description = '' description = lib.mdDoc ''
This option will set "hbase.zookeeper.quorum" in hbase-site.xml. This option will set "hbase.zookeeper.quorum" in hbase-site.xml.
Comma separated list of servers in the ZooKeeper ensemble. Comma separated list of servers in the ZooKeeper ensemble.
''; '';
@ -83,7 +83,7 @@ in
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Open firewall ports for HBase master. Open firewall ports for HBase master.
''; '';
}; };
@ -94,7 +94,7 @@ in
overrideHosts = mkOption { overrideHosts = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix
Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records
or /etc/hosts entries. or /etc/hosts entries.
@ -105,7 +105,7 @@ in
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Open firewall ports for HBase master. Open firewall ports for HBase master.
''; '';
}; };

View file

@ -0,0 +1,268 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.patroni;
defaultUser = "patroni";
defaultGroup = "patroni";
format = pkgs.formats.yaml { };
#boto doesn't support python 3.10 yet
patroni = pkgs.patroni.override { pythonPackages = pkgs.python39Packages; };
configFileName = "patroni-${cfg.scope}-${cfg.name}.yaml";
configFile = format.generate configFileName cfg.settings;
in
{
options.services.patroni = {
enable = mkEnableOption "Patroni";
postgresqlPackage = mkOption {
type = types.package;
example = literalExpression "pkgs.postgresql_14";
description = mdDoc ''
PostgreSQL package to use.
Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`.
'';
};
postgresqlDataDir = mkOption {
type = types.path;
defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"'';
example = "/var/lib/postgresql/14";
default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}";
description = mdDoc ''
The data directory for PostgreSQL. If left as the default value
this directory will automatically be created before the PostgreSQL server starts, otherwise
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
and permissions.
'';
};
postgresqlPort = mkOption {
type = types.port;
default = 5432;
description = mdDoc ''
The port on which PostgreSQL listens.
'';
};
user = mkOption {
type = types.str;
default = defaultUser;
example = "postgres";
description = mdDoc ''
The user for the service. If left as the default value this user will automatically be created,
otherwise the sysadmin is responsible for ensuring the user exists.
'';
};
group = mkOption {
type = types.str;
default = defaultGroup;
example = "postgres";
description = mdDoc ''
The group for the service. If left as the default value this group will automatically be created,
otherwise the sysadmin is responsible for ensuring the group exists.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/patroni";
description = mdDoc ''
Folder where Patroni data will be written, used by Raft as well if enabled.
'';
};
scope = mkOption {
type = types.str;
example = "cluster1";
description = mdDoc ''
Cluster name.
'';
};
name = mkOption {
type = types.str;
example = "node1";
description = mdDoc ''
The name of the host. Must be unique for the cluster.
'';
};
namespace = mkOption {
type = types.str;
default = "/service";
description = mdDoc ''
Path within the configuration store where Patroni will keep information about the cluster.
'';
};
nodeIp = mkOption {
type = types.str;
example = "192.168.1.1";
description = mdDoc ''
IP address of this node.
'';
};
otherNodesIps = mkOption {
type = types.listOf types.string;
example = [ "192.168.1.2" "192.168.1.3" ];
description = mdDoc ''
IP addresses of the other nodes.
'';
};
restApiPort = mkOption {
type = types.port;
default = 8008;
description = mdDoc ''
The port on Patroni's REST api listens.
'';
};
raft = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
This will configure Patroni to use its own RAFT implementation instead of using a dedicated DCS.
'';
};
raftPort = mkOption {
type = types.port;
default = 5010;
description = mdDoc ''
The port on which RAFT listens.
'';
};
softwareWatchdog = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
This will configure Patroni to use the software watchdog built into the Linux kernel
as described in the [documentation](https://patroni.readthedocs.io/en/latest/watchdog.html#setting-up-software-watchdog-on-linux).
'';
};
settings = mkOption {
type = format.type;
default = { };
description = mdDoc ''
The primary patroni configuration. See the [documentation](https://patroni.readthedocs.io/en/latest/SETTINGS.html)
for possible values.
Secrets should be passed in by using the `environmentFiles` option.
'';
};
environmentFiles = mkOption {
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
default = { };
example = {
PATRONI_REPLICATION_PASSWORD = "/secret/file";
PATRONI_SUPERUSER_PASSWORD = "/secret/file";
};
description = mdDoc "Environment variables made available to Patroni as files content, useful for providing secrets from files.";
};
};
config = mkIf cfg.enable {
services.patroni.settings = {
scope = cfg.scope;
name = cfg.name;
namespace = cfg.namespace;
restapi = {
listen = "${cfg.nodeIp}:${toString cfg.restApiPort}";
connect_address = "${cfg.nodeIp}:${toString cfg.restApiPort}";
};
raft = mkIf cfg.raft {
data_dir = "${cfg.dataDir}/raft";
self_addr = "${cfg.nodeIp}:5010";
partner_addrs = map (ip: ip + ":5010") cfg.otherNodesIps;
};
postgresql = {
listen = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
connect_address = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
data_dir = cfg.postgresqlDataDir;
bin_dir = "${cfg.postgresqlPackage}/bin";
pgpass = "${cfg.dataDir}/pgpass";
};
watchdog = mkIf cfg.softwareWatchdog {
mode = "required";
device = "/dev/watchdog";
safety_margin = 5;
};
};
users = {
users = mkIf (cfg.user == defaultUser) {
patroni = {
group = cfg.group;
isSystemUser = true;
};
};
groups = mkIf (cfg.group == defaultGroup) {
patroni = { };
};
};
systemd.services = {
patroni = {
description = "Runners to orchestrate a high-availability PostgreSQL";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))}
exec ${patroni}/bin/patroni ${configFile}
'';
serviceConfig = mkMerge [
{
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
TimeoutSec = 30;
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
KillMode = "process";
}
(mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") {
StateDirectory = "patroni patroni/raft postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}";
StateDirectoryMode = "0750";
})
];
};
};
boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ];
services.udev.extraRules = mkIf cfg.softwareWatchdog ''
KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600"
'';
environment.systemPackages = [
patroni
cfg.postgresqlPackage
(mkIf cfg.raft pkgs.python310Packages.pysyncobj)
];
environment.etc."${configFileName}".source = configFile;
environment.sessionVariables = {
PATRONICTL_CONFIG_FILE = "/etc/${configFileName}";
};
};
meta.maintainers = [ maintainers.phfroidmont ];
}

View file

@ -109,10 +109,9 @@ in
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Extra configuration for <literal>slurmdbd.conf</literal> See also: Extra configuration for `slurmdbd.conf` See also:
<citerefentry><refentrytitle>slurmdbd.conf</refentrytitle> {manpage}`slurmdbd.conf(8)`.
<manvolnum>8</manvolnum></citerefentry>.
''; '';
}; };
}; };

View file

@ -121,10 +121,10 @@ in {
keepalive = mkOption { keepalive = mkOption {
default = 600; default = 600;
type = types.int; type = types.int;
description = " description = lib.mdDoc ''
This is a number that indicates how frequently keepalive messages should be sent This is a number that indicates how frequently keepalive messages should be sent
from the worker to the buildmaster, expressed in seconds. from the worker to the buildmaster, expressed in seconds.
"; '';
}; };
package = mkOption { package = mkOption {

View file

@ -193,7 +193,7 @@ in
options.services.buildkite-agents = mkOption { options.services.buildkite-agents = mkOption {
type = types.attrsOf (types.submodule buildkiteOptions); type = types.attrsOf (types.submodule buildkiteOptions);
default = {}; default = {};
description = '' description = lib.mdDoc ''
Attribute set of buildkite agents. Attribute set of buildkite agents.
The attribute key is combined with the hostname and a unique integer to The attribute key is combined with the hostname and a unique integer to
create the final agent name. This can be overridden by setting the `name` create the final agent name. This can be overridden by setting the `name`

View file

@ -48,9 +48,14 @@ in
tokenFile = mkOption { tokenFile = mkOption {
type = types.path; type = types.path;
description = lib.mdDoc '' description = lib.mdDoc ''
The full path to a file which contains the runner registration token. The full path to a file which contains either a runner registration token or a
personal access token (PAT).
The file should contain exactly one line with the token without any newline. The file should contain exactly one line with the token without any newline.
The token can be used to re-register a runner of the same name but is time-limited. If a registration token is given, it can be used to re-register a runner of the same
name but is time-limited. If the file contains a PAT, the service creates a new
registration token on startup as needed. Make sure the PAT has a scope of
`admin:org` for organization-wide registrations or a scope of
`repo` for a single repository.
Changing this option or the file's content triggers a new runner registration. Changing this option or the file's content triggers a new runner registration.
''; '';
@ -117,6 +122,24 @@ in
default = pkgs.github-runner; default = pkgs.github-runner;
defaultText = literalExpression "pkgs.github-runner"; defaultText = literalExpression "pkgs.github-runner";
}; };
ephemeral = mkOption {
type = types.bool;
description = lib.mdDoc ''
If enabled, causes the following behavior:
- Passes the `--ephemeral` flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if `tokenFile` points to a file which contains a
personal access token (PAT). If you're using the option with a registration token, restarting the
service will fail as soon as the registration token expired.
'';
default = false;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -136,7 +159,7 @@ in
environment = { environment = {
HOME = runtimeDir; HOME = runtimeDir;
RUNNER_ROOT = runtimeDir; RUNNER_ROOT = stateDir;
}; };
path = (with pkgs; [ path = (with pkgs; [
@ -150,7 +173,7 @@ in
] ++ cfg.extraPackages; ] ++ cfg.extraPackages;
serviceConfig = rec { serviceConfig = rec {
ExecStart = "${cfg.package}/bin/runsvc.sh"; ExecStart = "${cfg.package}/bin/Runner.Listener run --startuptype service";
# Does the following, sequentially: # Does the following, sequentially:
# - If the module configuration or the token has changed, purge the state directory, # - If the module configuration or the token has changed, purge the state directory,
@ -178,7 +201,7 @@ in
${lines} ${lines}
''; '';
currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json"; currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg; runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" "ephemeral" ] cfg;
newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig); newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
newConfigTokenFilename = ".new-token"; newConfigTokenFilename = ".new-token";
runnerCredFiles = [ runnerCredFiles = [
@ -188,6 +211,9 @@ in
]; ];
unconfigureRunner = writeScript "unconfigure" '' unconfigureRunner = writeScript "unconfigure" ''
differs= differs=
if [[ "$(ls -A "$STATE_DIRECTORY")" ]]; then
# State directory is not empty
# Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist # Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist
${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1 ${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1
# Also trigger a registration if the token content changed # Also trigger a registration if the token content changed
@ -195,10 +221,14 @@ in
"$STATE_DIRECTORY"/${currentConfigTokenFilename} \ "$STATE_DIRECTORY"/${currentConfigTokenFilename} \
${escapeShellArg cfg.tokenFile} \ ${escapeShellArg cfg.tokenFile} \
>/dev/null 2>&1 || differs=1 >/dev/null 2>&1 || differs=1
# If .credentials does not exist, assume a previous run de-registered the runner on stop (ephemeral mode)
[[ ! -f "$STATE_DIRECTORY/.credentials" ]] && differs=1
fi
if [[ -n "$differs" ]]; then if [[ -n "$differs" ]]; then
echo "Config has changed, removing old runner state." echo "Config has changed, removing old runner state."
echo "The old runner will still appear in the GitHub Actions UI." \ # In ephemeral mode, the runner deletes the `.credentials` file after de-registering it with GitHub
[[ -f "$STATE_DIRECTORY/.credentials" ]] && echo "The old runner will still appear in the GitHub Actions UI." \
"You have to remove it manually." "You have to remove it manually."
find "$STATE_DIRECTORY/" -mindepth 1 -delete find "$STATE_DIRECTORY/" -mindepth 1 -delete
@ -212,17 +242,28 @@ in
if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then
echo "Configuring GitHub Actions Runner" echo "Configuring GitHub Actions Runner"
token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename}) args=(
RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \ --unattended
--unattended \ --disableupdate
--disableupdate \ --work "$RUNTIME_DIRECTORY"
--work "$RUNTIME_DIRECTORY" \ --url ${escapeShellArg cfg.url}
--url ${escapeShellArg cfg.url} \ --labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)}
--token "$token" \ --name ${escapeShellArg cfg.name}
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)} \ ${optionalString cfg.replace "--replace"}
--name ${escapeShellArg cfg.name} \
${optionalString cfg.replace "--replace"} \
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"} ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}
${optionalString cfg.ephemeral "--ephemeral"}
)
# If the token file contains a PAT (i.e., it starts with "ghp_"), we have to use the --pat option,
# if it is not a PAT, we assume it contains a registration token and use the --token option
token=$(<"$STATE_DIRECTORY/${newConfigTokenFilename}")
if [[ "$token" =~ ^ghp_* ]]; then
args+=(--pat "$token")
else
args+=(--token "$token")
fi
${cfg.package}/bin/config.sh "''${args[@]}"
# Move the automatically created _diag dir to the logs dir # Move the automatically created _diag dir to the logs dir
mkdir -p "$STATE_DIRECTORY/_diag" mkdir -p "$STATE_DIRECTORY/_diag"
@ -250,6 +291,10 @@ in
setupRuntimeDir setupRuntimeDir
]; ];
# If running in ephemeral mode, restart the service on-exit (i.e., successful de-registration of the runner)
# to trigger a fresh registration.
Restart = if cfg.ephemeral then "on-success" else "no";
# Contains _diag # Contains _diag
LogsDirectory = [ systemdDir ]; LogsDirectory = [ systemdDir ];
# Default RUNNER_ROOT which contains ephemeral Runner data # Default RUNNER_ROOT which contains ephemeral Runner data
@ -269,8 +314,7 @@ in
# By default, use a dynamically allocated user # By default, use a dynamically allocated user
DynamicUser = true; DynamicUser = true;
KillMode = "process"; KillSignal = "SIGINT";
KillSignal = "SIGTERM";
# Hardening (may overlap with DynamicUser=) # Hardening (may overlap with DynamicUser=)
# The following options are only for optimizing: # The following options are only for optimizing:

View file

@ -103,15 +103,15 @@ let
defaultText = literalExpression ''baseDirectory + "/secrets"''; defaultText = literalExpression ''baseDirectory + "/secrets"'';
}; };
clusterJoinTokenPath = mkOption { clusterJoinTokenPath = mkOption {
description = '' description = lib.mdDoc ''
Location of the cluster-join-token.key file. Location of the cluster-join-token.key file.
You can retrieve the contents of the file when creating a new agent via You can retrieve the contents of the file when creating a new agent via
<link xlink:href="https://hercules-ci.com/dashboard">https://hercules-ci.com/dashboard</link>. <https://hercules-ci.com/dashboard>.
As this value is confidential, it should not be in the store, but As this value is confidential, it should not be in the store, but
installed using other means, such as agenix, NixOps installed using other means, such as agenix, NixOps
<literal>deployment.keys</literal>, or manual installation. `deployment.keys`, or manual installation.
The contents of the file are used for authentication between the agent and the API. The contents of the file are used for authentication between the agent and the API.
''; '';
@ -120,29 +120,28 @@ let
defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"''; defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';
}; };
binaryCachesPath = mkOption { binaryCachesPath = mkOption {
description = '' description = lib.mdDoc ''
Path to a JSON file containing binary cache secret keys. Path to a JSON file containing binary cache secret keys.
As these values are confidential, they should not be in the store, but As these values are confidential, they should not be in the store, but
copied over using other means, such as agenix, NixOps copied over using other means, such as agenix, NixOps
<literal>deployment.keys</literal>, or manual installation. `deployment.keys`, or manual installation.
The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/">https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/</link>. The format is described on <https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/>.
''; '';
type = types.path; type = types.path;
default = config.staticSecretsDirectory + "/binary-caches.json"; default = config.staticSecretsDirectory + "/binary-caches.json";
defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"''; defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';
}; };
secretsJsonPath = mkOption { secretsJsonPath = mkOption {
description = '' description = lib.mdDoc ''
Path to a JSON file containing secrets for effects. Path to a JSON file containing secrets for effects.
As these values are confidential, they should not be in the store, but As these values are confidential, they should not be in the store, but
copied over using other means, such as agenix, NixOps copied over using other means, such as agenix, NixOps
<literal>deployment.keys</literal>, or manual installation. `deployment.keys`, or manual installation.
The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/">https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/</link>.
The format is described on <https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/>.
''; '';
type = types.path; type = types.path;
default = config.staticSecretsDirectory + "/secrets.json"; default = config.staticSecretsDirectory + "/secrets.json";

View file

@ -87,7 +87,7 @@ in
type = types.str; type = types.str;
default = localDB; default = localDB;
example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;"; example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;";
description = '' description = lib.mdDoc ''
The DBI string for Hydra database connection. The DBI string for Hydra database connection.
NOTE: Attempts to set `application_name` will be overridden by NOTE: Attempts to set `application_name` will be overridden by
@ -115,8 +115,8 @@ in
type = types.str; type = types.str;
default = "*"; default = "*";
example = "localhost"; example = "localhost";
description = '' description = lib.mdDoc ''
The hostname or address to listen on or <literal>*</literal> to listen The hostname or address to listen on or `*` to listen
on all interfaces. on all interfaces.
''; '';
}; };

View file

@ -97,9 +97,9 @@ in
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Open the firewall ports corresponding to FoundationDB processes and coordinators Open the firewall ports corresponding to FoundationDB processes and coordinators
using <option>config.networking.firewall.*</option>. using {option}`config.networking.firewall.*`.
''; '';
}; };

View file

@ -35,9 +35,9 @@ in
default = pkgs.mongodb; default = pkgs.mongodb;
defaultText = literalExpression "pkgs.mongodb"; defaultText = literalExpression "pkgs.mongodb";
type = types.package; type = types.package;
description = " description = lib.mdDoc ''
Which MongoDB derivation to use. Which MongoDB derivation to use.
"; '';
}; };
user = mkOption { user = mkOption {

View file

@ -36,9 +36,9 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
example = literalExpression "pkgs.mariadb"; example = literalExpression "pkgs.mariadb";
description = " description = lib.mdDoc ''
Which MySQL derivation to use. MariaDB packages are supported too. Which MySQL derivation to use. MariaDB packages are supported too.
"; '';
}; };
user = mkOption { user = mkOption {

View file

@ -36,48 +36,43 @@ let
serverConfig = pkgs.writeText "neo4j.conf" '' serverConfig = pkgs.writeText "neo4j.conf" ''
# General # General
dbms.allow_upgrade=${boolToString cfg.allowUpgrade} dbms.allow_upgrade=${boolToString cfg.allowUpgrade}
dbms.connectors.default_listen_address=${cfg.defaultListenAddress} dbms.default_listen_address=${cfg.defaultListenAddress}
dbms.read_only=${boolToString cfg.readOnly} dbms.databases.default_to_read_only=${boolToString cfg.readOnly}
${optionalString (cfg.workerCount > 0) '' ${optionalString (cfg.workerCount > 0) ''
dbms.threads.worker_count=${toString cfg.workerCount} dbms.threads.worker_count=${toString cfg.workerCount}
''} ''}
# Directories # Directories (readonly)
dbms.directories.certificates=${cfg.directories.certificates} dbms.directories.certificates=${cfg.directories.certificates}
dbms.directories.data=${cfg.directories.data}
dbms.directories.logs=${cfg.directories.home}/logs
dbms.directories.plugins=${cfg.directories.plugins} dbms.directories.plugins=${cfg.directories.plugins}
dbms.directories.lib=${cfg.package}/share/neo4j/lib
${optionalString (cfg.constrainLoadCsv) '' ${optionalString (cfg.constrainLoadCsv) ''
dbms.directories.import=${cfg.directories.imports} dbms.directories.import=${cfg.directories.imports}
''} ''}
# Directories (read and write)
dbms.directories.data=${cfg.directories.data}
dbms.directories.logs=${cfg.directories.home}/logs
dbms.directories.run=${cfg.directories.home}/run
# HTTP Connector # HTTP Connector
${optionalString (cfg.http.enable) '' ${optionalString (cfg.http.enable) ''
dbms.connector.http.enabled=${boolToString cfg.http.enable} dbms.connector.http.enabled=${boolToString cfg.http.enable}
dbms.connector.http.listen_address=${cfg.http.listenAddress} dbms.connector.http.listen_address=${cfg.http.listenAddress}
''} dbms.connector.http.advertised_address=${cfg.http.listenAddress}
${optionalString (!cfg.http.enable) ''
# It is not possible to disable the HTTP connector. To fully prevent
# clients from connecting to HTTP, block the HTTP port (7474 by default)
# via firewall. listen_address is set to the loopback interface to
# prevent remote clients from connecting.
dbms.connector.http.listen_address=127.0.0.1
''} ''}
# HTTPS Connector # HTTPS Connector
dbms.connector.https.enabled=${boolToString cfg.https.enable} dbms.connector.https.enabled=${boolToString cfg.https.enable}
dbms.connector.https.listen_address=${cfg.https.listenAddress} dbms.connector.https.listen_address=${cfg.https.listenAddress}
https.ssl_policy=${cfg.https.sslPolicy} dbms.connector.https.advertised_address=${cfg.https.listenAddress}
# BOLT Connector # BOLT Connector
dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable} dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable}
dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress} dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress}
bolt.ssl_policy=${cfg.bolt.sslPolicy} dbms.connector.bolt.advertised_address=${cfg.bolt.listenAddress}
dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel} dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel}
# neo4j-shell
dbms.shell.enabled=${boolToString cfg.shell.enable}
# SSL Policies # SSL Policies
${concatStringsSep "\n" sslPolicies} ${concatStringsSep "\n" sslPolicies}
@ -95,8 +90,10 @@ let
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
# Usage Data Collector #dbms.memory.heap.initial_size=12000m
dbms.udc.enabled=${boolToString cfg.udc.enable} #dbms.memory.heap.max_size=12000m
#dbms.memory.pagecache.size=4g
#dbms.tx_state.max_off_heap_memory=8000m
# Extra Configuration # Extra Configuration
${cfg.extraServerConfig} ${cfg.extraServerConfig}
@ -114,6 +111,8 @@ in {
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "shell" "enabled" ] "shell.enabled was removed upstream")
(mkRemovedOptionModule [ "services" "neo4j" "udc" "enabled" ] "udc.enabled was removed upstream")
]; ];
###### interface ###### interface
@ -334,13 +333,10 @@ in {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = lib.mdDoc '' description = ''
The HTTP connector is required for Neo4j, and cannot be disabled. Enable the HTTP connector for Neo4j. Setting this option to
Setting this option to `false` will force the HTTP <literal>false</literal> will stop Neo4j from listening for incoming
connector's {option}`listenAddress` to the loopback connections on the HTTPS port (7474 by default).
interface to prevent connection of remote clients. To prevent all
clients from connecting, block the HTTP port (7474 by default) by
firewall.
''; '';
}; };
@ -568,19 +564,6 @@ in {
''; '';
}; };
udc = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the Usage Data Collector which Neo4j uses to collect usage
data. Refer to the operations manual section on the
[Usage Data Collector](https://neo4j.com/docs/operations-manual/current/configuration/usage-data-collector/)
for more information.
'';
};
};
}; };
###### implementation ###### implementation
@ -612,7 +595,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
environment = { environment = {
NEO4J_HOME = "${cfg.package}/share/neo4j"; NEO4J_HOME = "${cfg.directories.home}";
NEO4J_CONF = "${cfg.directories.home}/conf"; NEO4J_CONF = "${cfg.directories.home}/conf";
}; };
serviceConfig = { serviceConfig = {
@ -653,6 +636,6 @@ in {
}; };
meta = { meta = {
maintainers = with lib.maintainers; [ patternspandemic ]; maintainers = with lib.maintainers; [ patternspandemic jonringer erictapen ];
}; };
} }

View file

@ -79,15 +79,15 @@ in
authentication = mkOption { authentication = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Defines how users authenticate themselves to the server. See the Defines how users authenticate themselves to the server. See the
<link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">PostgreSQL documentation for pg_hba.conf</link> [PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html)
for details on the expected format of this option. By default, for details on the expected format of this option. By default,
peer based authentication will be used for users connecting peer based authentication will be used for users connecting
via the Unix socket, and md5 password authentication will be via the Unix socket, and md5 password authentication will be
used for users connecting via TCP. Any added rules will be used for users connecting via TCP. Any added rules will be
inserted above the default rules. If you'd like to replace the inserted above the default rules. If you'd like to replace the
default rules entirely, you can use <function>lib.mkForce</function> in your default rules entirely, you can use `lib.mkForce` in your
module. module.
''; '';
}; };

View file

@ -24,22 +24,22 @@ in
user = mkOption { user = mkOption {
default = "rethinkdb"; default = "rethinkdb";
description = "User account under which RethinkDB runs."; description = lib.mdDoc "User account under which RethinkDB runs.";
}; };
group = mkOption { group = mkOption {
default = "rethinkdb"; default = "rethinkdb";
description = "Group which rethinkdb user belongs to."; description = lib.mdDoc "Group which rethinkdb user belongs to.";
}; };
dbpath = mkOption { dbpath = mkOption {
default = "/var/db/rethinkdb"; default = "/var/db/rethinkdb";
description = "Location where RethinkDB stores its data, 1 data directory per instance."; description = lib.mdDoc "Location where RethinkDB stores its data, 1 data directory per instance.";
}; };
pidpath = mkOption { pidpath = mkOption {
default = "/run/rethinkdb"; default = "/run/rethinkdb";
description = "Location where each instance's pid file is located."; description = lib.mdDoc "Location where each instance's pid file is located.";
}; };
#cfgpath = mkOption { #cfgpath = mkOption {

View file

@ -10,6 +10,7 @@
}, },
"context.spa-libs": { "context.spa-libs": {
"audio.convert.*": "audioconvert/libspa-audioconvert", "audio.convert.*": "audioconvert/libspa-audioconvert",
"avb.*": "avb/libspa-avb",
"api.alsa.*": "alsa/libspa-alsa", "api.alsa.*": "alsa/libspa-alsa",
"api.v4l2.*": "v4l2/libspa-v4l2", "api.v4l2.*": "v4l2/libspa-v4l2",
"api.libcamera.*": "libcamera/libspa-libcamera", "api.libcamera.*": "libcamera/libspa-libcamera",

View file

@ -39,14 +39,14 @@ in {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable the deprecated example Pipewire session manager"; description = lib.mdDoc "Whether to enable the deprecated example Pipewire session manager";
}; };
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.pipewire-media-session; default = pkgs.pipewire-media-session;
defaultText = literalExpression "pkgs.pipewire-media-session"; defaultText = literalExpression "pkgs.pipewire-media-session";
description = '' description = lib.mdDoc ''
The pipewire-media-session derivation to use. The pipewire-media-session derivation to use.
''; '';
}; };
@ -54,7 +54,7 @@ in {
config = { config = {
media-session = mkOption { media-session = mkOption {
type = json.type; type = json.type;
description = '' description = lib.mdDoc ''
Configuration for the media session core. For details see Configuration for the media session core. For details see
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/media-session.conf https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/media-session.conf
''; '';
@ -63,7 +63,7 @@ in {
alsa-monitor = mkOption { alsa-monitor = mkOption {
type = json.type; type = json.type;
description = '' description = lib.mdDoc ''
Configuration for the alsa monitor. For details see Configuration for the alsa monitor. For details see
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/alsa-monitor.conf https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/alsa-monitor.conf
''; '';
@ -72,7 +72,7 @@ in {
bluez-monitor = mkOption { bluez-monitor = mkOption {
type = json.type; type = json.type;
description = '' description = lib.mdDoc ''
Configuration for the bluez5 monitor. For details see Configuration for the bluez5 monitor. For details see
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/bluez-monitor.conf https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/bluez-monitor.conf
''; '';
@ -81,7 +81,7 @@ in {
v4l2-monitor = mkOption { v4l2-monitor = mkOption {
type = json.type; type = json.type;
description = '' description = lib.mdDoc ''
Configuration for the V4L2 monitor. For details see Configuration for the V4L2 monitor. For details see
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/v4l2-monitor.conf https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/v4l2-monitor.conf
''; '';

View file

@ -34,7 +34,8 @@ with lib;
]; ];
# for $out/bin/install-printer-driver # for $out/bin/install-printer-driver
services.packagekit.enable = true; # TODO: Enable once #177946 is resolved
# services.packagekit.enable = true;
}; };

View file

@ -29,7 +29,7 @@ in {
ip = mkOption { ip = mkOption {
type = types.str; type = types.str;
default = "localhost"; default = "localhost";
description = '' description = lib.mdDoc ''
IP address Jupyter will be listening on. IP address Jupyter will be listening on.
''; '';
}; };
@ -41,7 +41,7 @@ in {
# saving a rebuild. # saving a rebuild.
default = pkgs.python3.pkgs.notebook; default = pkgs.python3.pkgs.notebook;
defaultText = literalExpression "pkgs.python3.pkgs.notebook"; defaultText = literalExpression "pkgs.python3.pkgs.notebook";
description = '' description = lib.mdDoc ''
Jupyter package to use. Jupyter package to use.
''; '';
}; };
@ -50,7 +50,7 @@ in {
type = types.str; type = types.str;
default = "jupyter-notebook"; default = "jupyter-notebook";
example = "jupyter-lab"; example = "jupyter-lab";
description = '' description = lib.mdDoc ''
Which command the service runs. Note that not all jupyter packages Which command the service runs. Note that not all jupyter packages
have all commands, e.g. jupyter-lab isn't present in the default package. have all commands, e.g. jupyter-lab isn't present in the default package.
''; '';
@ -59,7 +59,7 @@ in {
port = mkOption { port = mkOption {
type = types.int; type = types.int;
default = 8888; default = 8888;
description = '' description = lib.mdDoc ''
Port number Jupyter will be listening on. Port number Jupyter will be listening on.
''; '';
}; };
@ -67,7 +67,7 @@ in {
notebookDir = mkOption { notebookDir = mkOption {
type = types.str; type = types.str;
default = "~/"; default = "~/";
description = '' description = lib.mdDoc ''
Root directory for notebooks. Root directory for notebooks.
''; '';
}; };
@ -75,7 +75,7 @@ in {
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "jupyter"; default = "jupyter";
description = '' description = lib.mdDoc ''
Name of the user used to run the jupyter service. Name of the user used to run the jupyter service.
For security reason, jupyter should really not be run as root. For security reason, jupyter should really not be run as root.
If not set (jupyter), the service will create a jupyter user with appropriate settings. If not set (jupyter), the service will create a jupyter user with appropriate settings.
@ -86,7 +86,7 @@ in {
group = mkOption { group = mkOption {
type = types.str; type = types.str;
default = "jupyter"; default = "jupyter";
description = '' description = lib.mdDoc ''
Name of the group used to run the jupyter service. Name of the group used to run the jupyter service.
Use this if you want to create a group of users that are able to view the notebook directory's content. Use this if you want to create a group of users that are able to view the notebook directory's content.
''; '';
@ -95,7 +95,7 @@ in {
password = mkOption { password = mkOption {
type = types.str; type = types.str;
description = '' description = lib.mdDoc ''
Password to use with notebook. Password to use with notebook.
Can be generated using: Can be generated using:
In [1]: from notebook.auth import passwd In [1]: from notebook.auth import passwd
@ -112,7 +112,7 @@ in {
notebookConfig = mkOption { notebookConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Raw jupyter config. Raw jupyter config.
''; '';
}; };
@ -149,13 +149,14 @@ in {
}; };
} }
''; '';
description = "Declarative kernel config description = lib.mdDoc ''
Declarative kernel config.
Kernels can be declared in any language that supports and has the required Kernels can be declared in any language that supports and has the required
dependencies to communicate with a jupyter server. dependencies to communicate with a jupyter server.
In python's case, it means that ipykernel package must always be included in In python's case, it means that ipykernel package must always be included in
the list of packages of the targeted environment. the list of packages of the targeted environment.
"; '';
}; };
}; };

View file

@ -13,7 +13,7 @@ with lib;
"Python 3" "Python 3"
"Python 3 for Data Science" "Python 3 for Data Science"
''; '';
description = '' description = lib.mdDoc ''
Name that will be shown to the user. Name that will be shown to the user.
''; '';
}; };
@ -27,7 +27,7 @@ with lib;
"-f" "-f"
"{connection_file}" "{connection_file}"
]; ];
description = '' description = lib.mdDoc ''
Command and arguments to start the kernel. Command and arguments to start the kernel.
''; '';
}; };
@ -35,7 +35,7 @@ with lib;
language = mkOption { language = mkOption {
type = types.str; type = types.str;
example = "python"; example = "python";
description = '' description = lib.mdDoc ''
Language of the environment. Typically the name of the binary. Language of the environment. Typically the name of the binary.
''; '';
}; };
@ -44,7 +44,7 @@ with lib;
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"''; example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"'';
description = '' description = lib.mdDoc ''
Path to 32x32 logo png. Path to 32x32 logo png.
''; '';
}; };
@ -52,7 +52,7 @@ with lib;
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"''; example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"'';
description = '' description = lib.mdDoc ''
Path to 64x64 logo png. Path to 64x64 logo png.
''; '';
}; };
@ -61,7 +61,7 @@ with lib;
type = types.attrsOf types.path; type = types.attrsOf types.path;
default = { }; default = { };
example = literalExpression ''"{ examples = ''${env.sitePack}/IRkernel/kernelspec/kernel.js"; }''; example = literalExpression ''"{ examples = ''${env.sitePack}/IRkernel/kernelspec/kernel.js"; }'';
description = '' description = lib.mdDoc ''
Extra paths to link in kernel directory Extra paths to link in kernel directory
''; '';
}; };

View file

@ -35,7 +35,7 @@ in {
authentication = mkOption { authentication = mkOption {
type = types.str; type = types.str;
default = "jupyterhub.auth.PAMAuthenticator"; default = "jupyterhub.auth.PAMAuthenticator";
description = '' description = lib.mdDoc ''
Jupyterhub authentication to use Jupyterhub authentication to use
There are many authenticators available including: oauth, pam, There are many authenticators available including: oauth, pam,
@ -46,7 +46,7 @@ in {
spawner = mkOption { spawner = mkOption {
type = types.str; type = types.str;
default = "systemdspawner.SystemdSpawner"; default = "systemdspawner.SystemdSpawner";
description = '' description = lib.mdDoc ''
Jupyterhub spawner to use Jupyterhub spawner to use
There are many spawners available including: local process, There are many spawners available including: local process,
@ -57,7 +57,7 @@ in {
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Extra contents appended to the jupyterhub configuration Extra contents appended to the jupyterhub configuration
Jupyterhub configuration is a normal python file using Jupyterhub configuration is a normal python file using
@ -84,7 +84,7 @@ in {
jupyterhub-systemdspawner jupyterhub-systemdspawner
]) ])
''; '';
description = '' description = lib.mdDoc ''
Python environment to run jupyterhub Python environment to run jupyterhub
Customizing will affect the packages available in the hub and Customizing will affect the packages available in the hub and
@ -106,7 +106,7 @@ in {
jupyterlab jupyterlab
]) ])
''; '';
description = '' description = lib.mdDoc ''
Python environment to run jupyterlab Python environment to run jupyterlab
Customizing will affect the packages available in the Customizing will affect the packages available in the
@ -146,7 +146,7 @@ in {
}; };
} }
''; '';
description = '' description = lib.mdDoc ''
Declarative kernel config Declarative kernel config
Kernels can be declared in any language that supports and has Kernels can be declared in any language that supports and has
@ -159,7 +159,7 @@ in {
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 8000; default = 8000;
description = '' description = lib.mdDoc ''
Port number Jupyterhub will be listening on Port number Jupyterhub will be listening on
''; '';
}; };
@ -167,7 +167,7 @@ in {
host = mkOption { host = mkOption {
type = types.str; type = types.str;
default = "0.0.0.0"; default = "0.0.0.0";
description = '' description = lib.mdDoc ''
Bind IP JupyterHub will be listening on Bind IP JupyterHub will be listening on
''; '';
}; };
@ -175,7 +175,7 @@ in {
stateDirectory = mkOption { stateDirectory = mkOption {
type = types.str; type = types.str;
default = "jupyterhub"; default = "jupyterhub";
description = '' description = lib.mdDoc ''
Directory for jupyterhub state (token + database) Directory for jupyterhub state (token + database)
''; '';
}; };

View file

@ -9,7 +9,7 @@ in {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
type = lib.types.bool; type = lib.types.bool;
description = '' description = lib.mdDoc ''
Enables the daemon for `lorri`, a nix-shell replacement for project Enables the daemon for `lorri`, a nix-shell replacement for project
development. The socket-activated daemon starts on the first request development. The socket-activated daemon starts on the first request
issued by the `lorri` command. issued by the `lorri` command.

View file

@ -36,7 +36,7 @@ in {
certificateChain = mkOption { certificateChain = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Chain of CA-certificates to which our `certificateFile` is relative. Chain of CA-certificates to which our `certificateFile` is relative.
Optional for TLS. Optional for TLS.
''; '';

View file

@ -81,11 +81,11 @@ in
settings = mkOption { settings = mkOption {
type = format.type; type = format.type;
description = '' description = lib.mdDoc ''
The ASF.json file, all the options are documented <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config">here</link>. The ASF.json file, all the options are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config).
Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything. Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything.
`Headless` is also always set to `true` because there is no way to provide inputs via a systemd service. `Headless` is also always set to `true` because there is no way to provide inputs via a systemd service.
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod">here</link>. You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod).
''; '';
example = { example = {
Statistics = false; Statistics = false;

View file

@ -41,7 +41,7 @@ in {
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
default = "/var/lib/crossfire"; default = "/var/lib/crossfire";
description = '' description = lib.mdDoc ''
Where to store runtime data (save files, persistent items, etc). Where to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server If left at the default, this will be automatically created on server
@ -61,7 +61,7 @@ in {
configFiles = mkOption { configFiles = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
description = '' description = lib.mdDoc ''
Text to append to the corresponding configuration files. Note that the Text to append to the corresponding configuration files. Note that the
files given in the example are *not* the complete set of files available files given in the example are *not* the complete set of files available
to customize; look in /etc/crossfire after enabling the server to see to customize; look in /etc/crossfire after enabling the server to see

View file

@ -41,7 +41,7 @@ in {
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
default = "/var/lib/deliantra"; default = "/var/lib/deliantra";
description = '' description = lib.mdDoc ''
Where to store runtime data (save files, persistent items, etc). Where to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server If left at the default, this will be automatically created on server

View file

@ -25,7 +25,7 @@ in
gameId = mkOption { gameId = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = lib.mdDoc ''
Id of the game to use. To list available games run Id of the game to use. To list available games run
`minetestserver --gameid list`. `minetestserver --gameid list`.
@ -36,7 +36,7 @@ in
world = mkOption { world = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Name of the world to use. To list available worlds run Name of the world to use. To list available worlds run
`minetestserver --world list`. `minetestserver --world list`.
@ -47,7 +47,7 @@ in
configPath = mkOption { configPath = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Path to the config to use. Path to the config to use.
If set to null, the config of the running user will be used: If set to null, the config of the running user will be used:

View file

@ -15,9 +15,9 @@ let
DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins} DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins}
''; '';
}; };
"fwupd/uefi.conf" = { "fwupd/uefi_capsule.conf" = {
source = pkgs.writeText "uefi.conf" '' source = pkgs.writeText "uefi_capsule.conf" ''
[uefi] [uefi_capsule]
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint} OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
''; '';
}; };

View file

@ -35,11 +35,10 @@ in
LIBPATH /path/to/serial_reader.so LIBPATH /path/to/serial_reader.so
CHANNELID 1 CHANNELID 1
''; '';
description = '' description = lib.mdDoc ''
Configuration for devices that aren't hotpluggable. Configuration for devices that aren't hotpluggable.
See <citerefentry><refentrytitle>reader.conf</refentrytitle> See {manpage}`reader.conf(5)` for valid options.
<manvolnum>5</manvolnum></citerefentry> for valid options.
''; '';
}; };
}; };

View file

@ -126,10 +126,10 @@ in {
psycopg2 psycopg2
]; ];
''; '';
description = '' description = lib.mdDoc ''
List of packages to add to propagatedBuildInputs. List of packages to add to propagatedBuildInputs.
A popular example is <package>python3Packages.psycopg2</package> A popular example is `python3Packages.psycopg2`
for PostgreSQL support in the recorder component. for PostgreSQL support in the recorder component.
''; '';
}; };

View file

@ -121,11 +121,9 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "hourly"; example = "hourly";
description = '' description = lib.mdDoc ''
Specification of the time at which awstats will get updated. Specification of the time at which awstats will get updated.
(in the format described by <citerefentry> (in the format described by {manpage}`systemd.time(7)`)
<refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>)
''; '';
}; };
}; };

View file

@ -79,7 +79,7 @@ let
priority = mkOption { priority = mkOption {
type = types.int; type = types.int;
default = 1000; default = 1000;
description = '' description = lib.mdDoc ''
Order of this logrotate block in relation to the others. The semantics are Order of this logrotate block in relation to the others. The semantics are
the same as with `lib.mkOrder`. Smaller values have a greater priority. the same as with `lib.mkOrder`. Smaller values have a greater priority.
''; '';
@ -260,7 +260,7 @@ in
priority = mkOption { priority = mkOption {
type = types.int; type = types.int;
default = 1000; default = 1000;
description = '' description = lib.mdDoc ''
Order of this logrotate block in relation to the others. The semantics are Order of this logrotate block in relation to the others. The semantics are
the same as with `lib.mkOrder`. Smaller values are inserted first. the same as with `lib.mkOrder`. Smaller values are inserted first.
''; '';

Some files were not shown because too many files have changed in this diff Show more