Project import generated by Copybara.
GitOrigin-RevId: a7855f2235a1876f97473a76151fec2afa02b287
This commit is contained in:
parent
bd37aaa161
commit
13da32182d
1831 changed files with 57456 additions and 17499 deletions
3
third_party/nixpkgs/.git-blame-ignore-revs
vendored
3
third_party/nixpkgs/.git-blame-ignore-revs
vendored
|
@ -36,3 +36,6 @@ d08ede042b74b8199dc748323768227b88efcf7c
|
|||
|
||||
# fix indentation in mk-python-derivation.nix
|
||||
d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3
|
||||
|
||||
# fix indentation in meteor default.nix
|
||||
f76b359e4a55267ddd4e9e149e7cc13ae5cad98a
|
||||
|
|
6
third_party/nixpkgs/.github/CODEOWNERS
vendored
6
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -108,9 +108,9 @@
|
|||
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn
|
||||
|
||||
# Perl
|
||||
/pkgs/development/interpreters/perl @stigtsp @zakame
|
||||
/pkgs/top-level/perl-packages.nix @stigtsp @zakame
|
||||
/pkgs/development/perl-modules @stigtsp @zakame
|
||||
/pkgs/development/interpreters/perl @stigtsp @zakame @dasJ
|
||||
/pkgs/top-level/perl-packages.nix @stigtsp @zakame @dasJ
|
||||
/pkgs/development/perl-modules @stigtsp @zakame @dasJ
|
||||
|
||||
# R
|
||||
/pkgs/applications/science/math/R @jbedo
|
||||
|
|
27
third_party/nixpkgs/CONTRIBUTING.md
vendored
27
third_party/nixpkgs/CONTRIBUTING.md
vendored
|
@ -62,25 +62,26 @@ many CODEOWNERS will be inadvertently requested for review. To achieve this,
|
|||
rebasing should not be performed directly on the target branch, but on the merge
|
||||
base between the current and target branch.
|
||||
|
||||
In the following example, we see a rebase from `master` onto the merge base
|
||||
between `master` and `staging`, so that a change can eventually be retargeted to
|
||||
`staging`. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
|
||||
while the `origin` remote is used for the remote you are pushing to.
|
||||
In the following example, we assume that the current branch, called `feature`,
|
||||
is based on `master`, and we rebase it onto the merge base between
|
||||
`master` and `staging` so that the PR can eventually be retargeted to
|
||||
`staging` without causing a mess. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
|
||||
while `origin` is the remote you are pushing to.
|
||||
|
||||
|
||||
```console
|
||||
# Find the common base between two branches
|
||||
common=$(git merge-base upstream/master upstream/staging)
|
||||
# Find the common base between your feature branch and master
|
||||
commits=$(git merge-base $(git branch --show-current) upstream/master)
|
||||
# Rebase all commits onto the common base
|
||||
git rebase --onto=$common $commits
|
||||
# Rebase your commits onto the common merge base
|
||||
git rebase --onto upstream/staging... upstream/master
|
||||
# Force push your changes
|
||||
git push origin $(git branch --show-current) --force-with-lease
|
||||
git push origin feature --force-with-lease
|
||||
```
|
||||
|
||||
The syntax `upstream/staging...` is equivalent to `upstream/staging...HEAD` and
|
||||
stands for the merge base between `upstream/staging` and `HEAD` (hence between
|
||||
`upstream/staging` and `upstream/master`).
|
||||
|
||||
Then change the base branch in the GitHub PR using the *Edit* button in the upper
|
||||
right corner, and switch from `master` to `staging`. After the PR has been
|
||||
right corner, and switch from `master` to `staging`. *After* the PR has been
|
||||
retargeted it might be necessary to do a final rebase onto the target branch, to
|
||||
resolve any outstanding merge conflicts.
|
||||
|
||||
|
@ -90,7 +91,7 @@ git rebase upstream/staging
|
|||
# Review and fixup possible conflicts
|
||||
git status
|
||||
# Force push your changes
|
||||
git push origin $(git branch --show-current) --force-with-lease
|
||||
git push origin feature --force-with-lease
|
||||
```
|
||||
|
||||
## Backporting changes
|
||||
|
|
|
@ -91,7 +91,7 @@ Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this c
|
|||
|
||||
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
|
||||
|
||||
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) and [git clone --filter](https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---filterltfilter-specgt) for more information:
|
||||
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information:
|
||||
|
||||
```nix
|
||||
{ stdenv, fetchgit }:
|
||||
|
@ -101,8 +101,8 @@ stdenv.mkDerivation {
|
|||
src = fetchgit {
|
||||
url = "https://...";
|
||||
sparseCheckout = ''
|
||||
path/to/be/included
|
||||
another/path
|
||||
directory/to/be/included
|
||||
another/directory
|
||||
'';
|
||||
sha256 = "0000000000000000000000000000000000000000000000000000";
|
||||
};
|
||||
|
|
|
@ -36,6 +36,9 @@ buildImage {
|
|||
WorkingDir = "/data";
|
||||
Volumes = { "/data" = { }; };
|
||||
};
|
||||
|
||||
diskSize = 1024;
|
||||
buildVMMemorySize = 512;
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -59,6 +62,10 @@ The above example will build a Docker image `redis/latest` from the given base i
|
|||
|
||||
- `config` is used to specify the configuration of the containers that will be started off the built image in Docker. The available options are listed in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions).
|
||||
|
||||
- `diskSize` is used to specify the disk size of the VM used to build the image in megabytes. By default it's 1024 MiB.
|
||||
|
||||
- `buildVMMemorySize` is used to specify the memory size of the VM to build the image in megabytes. By default it's 512 MiB.
|
||||
|
||||
After the new layer has been created, its closure (to which `contents`, `config` and `runAsRoot` contribute) will be copied in the layer itself. Only new dependencies that are not already in the existing layers will be copied.
|
||||
|
||||
At the end of the process, only one new single layer will be produced and added to the resulting image.
|
||||
|
|
19
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
19
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -871,12 +871,27 @@ Constructs a wrapper for a program with various possible arguments. It is define
|
|||
# adds `FOOBAR=baz` to `$out/bin/foo`’s environment
|
||||
makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
|
||||
|
||||
# prefixes the binary paths of `hello` and `git`
|
||||
# Prefixes the binary paths of `hello` and `git`
|
||||
# and suffixes the binary path of `xdg-utils`.
|
||||
# Be advised that paths often should be patched in directly
|
||||
# (via string replacements or in `configurePhase`).
|
||||
makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]}
|
||||
makeWrapper $out/bin/foo $wrapperfile \
|
||||
--prefix PATH : ${lib.makeBinPath [ hello git ]} \
|
||||
--suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
|
||||
```
|
||||
|
||||
Packages may expect or require other utilities to be available at runtime.
|
||||
`makeWrapper` can be used to add packages to a `PATH` environment variable local to a wrapper.
|
||||
|
||||
Use `--prefix` to explicitly set dependencies in `PATH`.
|
||||
|
||||
:::{note}
|
||||
`--prefix` essentially hard-codes dependencies into the wrapper.
|
||||
They cannot be overridden without rebuilding the package.
|
||||
:::
|
||||
|
||||
If dependencies should be resolved at runtime, use `--suffix` to append fallback values to `PATH`.
|
||||
|
||||
There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
|
||||
|
||||
`wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`.
|
||||
|
|
2
third_party/nixpkgs/lib/lists.nix
vendored
2
third_party/nixpkgs/lib/lists.nix
vendored
|
@ -36,7 +36,7 @@ rec {
|
|||
forEach = xs: f: map f xs;
|
||||
|
||||
/* “right fold” a binary function `op` between successive elements of
|
||||
`list` with `nul' as the starting value, i.e.,
|
||||
`list` with `nul` as the starting value, i.e.,
|
||||
`foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))`.
|
||||
|
||||
Type: foldr :: (a -> b -> b) -> b -> [a] -> b
|
||||
|
|
109
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
109
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -1359,6 +1359,12 @@
|
|||
githubId = 9315;
|
||||
name = "Zhong Jianxin";
|
||||
};
|
||||
a-kenji = {
|
||||
email = "aks.kenji@protonmail.com";
|
||||
github = "a-kenji";
|
||||
githubId = 65275785;
|
||||
name = "Alexander Kenji Berthold";
|
||||
};
|
||||
b4dm4n = {
|
||||
email = "fabianm88@gmail.com";
|
||||
github = "B4dM4n";
|
||||
|
@ -1778,7 +1784,7 @@
|
|||
};
|
||||
booklearner = {
|
||||
name = "booklearner";
|
||||
email = "hey@booklearner.org";
|
||||
email = "booklearner@proton.me";
|
||||
matrix = "@booklearner:matrix.org";
|
||||
github = "booklearner";
|
||||
githubId = 103979114;
|
||||
|
@ -3738,6 +3744,12 @@
|
|||
githubId = 537775;
|
||||
name = "Emery Hemingway";
|
||||
};
|
||||
eigengrau = {
|
||||
email = "seb@schattenkopie.de";
|
||||
name = "Sebastian Reuße";
|
||||
github = "eigengrau";
|
||||
githubId = 4939947;
|
||||
};
|
||||
eikek = {
|
||||
email = "eike.kettner@posteo.de";
|
||||
github = "eikek";
|
||||
|
@ -4661,6 +4673,12 @@
|
|||
githubId = 37017396;
|
||||
name = "gbtb";
|
||||
};
|
||||
gdinh = {
|
||||
email = "nix@contact.dinh.ai";
|
||||
github = "gdinh";
|
||||
githubId = 34658064;
|
||||
name = "Grace Dinh";
|
||||
};
|
||||
gebner = {
|
||||
email = "gebner@gebner.org";
|
||||
github = "gebner";
|
||||
|
@ -6337,6 +6355,16 @@
|
|||
}];
|
||||
name = "Ioannis Koutras";
|
||||
};
|
||||
jonaenz = {
|
||||
name = "Jona Enzinger";
|
||||
email = "5xt3zyy5l@mozmail.com";
|
||||
matrix = "@jona:matrix.jonaenz.de";
|
||||
github = "jonaenz";
|
||||
githubId = 57130301;
|
||||
keys = [{
|
||||
fingerprint = "1CC5 B67C EB9A 13A5 EDF6 F10E 0B4A 3662 FC58 9202";
|
||||
}];
|
||||
};
|
||||
jonafato = {
|
||||
email = "jon@jonafato.com";
|
||||
github = "jonafato";
|
||||
|
@ -6783,6 +6811,12 @@
|
|||
githubId = 2029444;
|
||||
name = "James Kent";
|
||||
};
|
||||
kephasp = {
|
||||
email = "pierre@nothos.net";
|
||||
github = "kephas";
|
||||
githubId = 762421;
|
||||
name = "Pierre Thierry";
|
||||
};
|
||||
ketzacoatl = {
|
||||
email = "ketzacoatl@protonmail.com";
|
||||
github = "ketzacoatl";
|
||||
|
@ -7250,7 +7284,7 @@
|
|||
};
|
||||
lassulus = {
|
||||
email = "lassulus@gmail.com";
|
||||
matrix = "@lassulus:nixos.dev";
|
||||
matrix = "@lassulus:lassul.us";
|
||||
github = "Lassulus";
|
||||
githubId = 621759;
|
||||
name = "Lassulus";
|
||||
|
@ -7944,6 +7978,12 @@
|
|||
githubId = 31056089;
|
||||
name = "Tom Ho";
|
||||
};
|
||||
majewsky = {
|
||||
email = "majewsky@gmx.net";
|
||||
github = "majewsky";
|
||||
githubId = 24696;
|
||||
name = "Stefan Majewsky";
|
||||
};
|
||||
majiir = {
|
||||
email = "majiir@nabaal.net";
|
||||
github = "Majiir";
|
||||
|
@ -8160,6 +8200,15 @@
|
|||
githubId = 427866;
|
||||
name = "Matthias Beyer";
|
||||
};
|
||||
MatthieuBarthel = {
|
||||
email = "matthieu@imatt.ch";
|
||||
name = "Matthieu Barthel";
|
||||
github = "MatthieuBarthel";
|
||||
githubId = 435534;
|
||||
keys = [{
|
||||
fingerprint = "80EB 0F2B 484A BB80 7BEF 4145 BA23 F10E AADC 2E26";
|
||||
}];
|
||||
};
|
||||
matthuszagh = {
|
||||
email = "huszaghmatt@gmail.com";
|
||||
github = "matthuszagh";
|
||||
|
@ -8466,6 +8515,15 @@
|
|||
githubId = 9980864;
|
||||
name = "Max Hofer";
|
||||
};
|
||||
miangraham = {
|
||||
email = "miangraham@users.noreply.github.com";
|
||||
github = "miangraham";
|
||||
githubId = 704580;
|
||||
name = "M. Ian Graham";
|
||||
keys = [{
|
||||
fingerprint = "8CE3 2906 516F C4D8 D373 308A E189 648A 55F5 9A9F";
|
||||
}];
|
||||
};
|
||||
mic92 = {
|
||||
email = "joerg@thalheim.io";
|
||||
matrix = "@mic92:nixos.dev";
|
||||
|
@ -8788,6 +8846,13 @@
|
|||
fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE";
|
||||
}];
|
||||
};
|
||||
monaaraj = {
|
||||
name = "Mon Aaraj";
|
||||
email = "owo69uwu69@gmail.com";
|
||||
matrix = "@mon:tchncs.de";
|
||||
github = "MonAaraj";
|
||||
githubId = 46468162;
|
||||
};
|
||||
monsieurp = {
|
||||
email = "monsieurp@gentoo.org";
|
||||
github = "monsieurp";
|
||||
|
@ -10141,6 +10206,16 @@
|
|||
fingerprint = "5D69 CF04 B7BC 2BC1 A567 9267 00BC F29B 3208 0700";
|
||||
}];
|
||||
};
|
||||
phfroidmont = {
|
||||
name = "Paul-Henri Froidmont";
|
||||
email = "nix.contact-j9dw4d@froidmont.org";
|
||||
|
||||
github = "phfroidmont";
|
||||
githubId = 8150907;
|
||||
keys = [{
|
||||
fingerprint = "3AC6 F170 F011 33CE 393B CD94 BE94 8AFD 7E78 73BE";
|
||||
}];
|
||||
};
|
||||
philandstuff = {
|
||||
email = "philip.g.potter@gmail.com";
|
||||
github = "philandstuff";
|
||||
|
@ -13451,6 +13526,15 @@
|
|||
githubId = 619015;
|
||||
name = "Svintsov Dmitry";
|
||||
};
|
||||
urandom = {
|
||||
email = "colin@urandom.co.uk";
|
||||
github = "arnottcr";
|
||||
githubId = 2526260;
|
||||
keys = [{
|
||||
fingerprint = "04A3 A2C6 0042 784A AEA7 D051 0447 A663 F7F3 E236";
|
||||
}];
|
||||
name = "Colin Arnott";
|
||||
};
|
||||
urbas = {
|
||||
email = "matej.urbas@gmail.com";
|
||||
github = "urbas";
|
||||
|
@ -13662,6 +13746,12 @@
|
|||
githubId = 118959;
|
||||
name = "VinyMeuh";
|
||||
};
|
||||
virchau13 = {
|
||||
email = "virchau13@hexular.net";
|
||||
github = "virchau13";
|
||||
githubId = 16955157;
|
||||
name = "Vir Chaudhury";
|
||||
};
|
||||
viraptor = {
|
||||
email = "nix@viraptor.info";
|
||||
github = "viraptor";
|
||||
|
@ -13813,6 +13903,12 @@
|
|||
github = "wamserma";
|
||||
githubId = 60148;
|
||||
};
|
||||
water-sucks = {
|
||||
email = "varun@cvte.org";
|
||||
name = "Varun Narravula";
|
||||
github = "water-sucks";
|
||||
githubId = 68445574;
|
||||
};
|
||||
waynr = {
|
||||
name = "Wayne Warren";
|
||||
email = "wayne.warren.s@gmail.com";
|
||||
|
@ -14015,6 +14111,15 @@
|
|||
github = "wr0belj";
|
||||
githubId = 40501814;
|
||||
};
|
||||
wrmilling = {
|
||||
name = "Winston R. Milling";
|
||||
email = "Winston@Milli.ng";
|
||||
github = "WRMilling";
|
||||
githubId = 6162814;
|
||||
keys = [{
|
||||
fingerprint = "21E1 6B8D 2EE8 7530 6A6C 9968 D830 77B9 9F8C 6643";
|
||||
}];
|
||||
};
|
||||
wscott = {
|
||||
email = "wsc9tt@gmail.com";
|
||||
github = "wscott";
|
||||
|
|
|
@ -35,7 +35,7 @@ toRemove=()
|
|||
cleanup() {
|
||||
rm -rf "${toRemove[@]}"
|
||||
}
|
||||
trap cleanup EXIT SIGINT SIGQUIT ERR
|
||||
trap cleanup EXIT
|
||||
|
||||
MKTEMP='mktemp --tmpdir nix-rebuild-amount-XXXXXXXX'
|
||||
|
||||
|
|
|
@ -177,17 +177,17 @@ OK
|
|||
the boot partition.
|
||||
</para>
|
||||
<programlisting>
|
||||
# parted /dev/sda -- mkpart primary 512MiB -8GiB
|
||||
# parted /dev/sda -- mkpart primary 512MB -8GB
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Next, add a <emphasis>swap</emphasis> partition. The size
|
||||
required will vary according to needs, here a 8GiB one is
|
||||
required will vary according to needs, here a 8GB one is
|
||||
created.
|
||||
</para>
|
||||
<programlisting>
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||
</programlisting>
|
||||
<note>
|
||||
<para>
|
||||
|
@ -204,7 +204,7 @@ OK
|
|||
reserved 512MiB at the start of the disk.
|
||||
</para>
|
||||
<programlisting>
|
||||
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
||||
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB
|
||||
# parted /dev/sda -- set 3 esp on
|
||||
</programlisting>
|
||||
</listitem>
|
||||
|
@ -242,7 +242,7 @@ OK
|
|||
live.
|
||||
</para>
|
||||
<programlisting>
|
||||
# parted /dev/sda -- mkpart primary 1MiB -8GiB
|
||||
# parted /dev/sda -- mkpart primary 1MB -8GB
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -252,7 +252,7 @@ OK
|
|||
created.
|
||||
</para>
|
||||
<programlisting>
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||
</programlisting>
|
||||
<note>
|
||||
<para>
|
||||
|
|
|
@ -2130,6 +2130,13 @@ sudo mkdir /var/lib/redis-peertube
|
|||
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Added the <literal>keter</literal> NixOS module. Keter reverse
|
||||
proxies requests to your loaded application based on virtual
|
||||
hostnames.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
If you are using Wayland you can choose to use the Ozone
|
||||
|
|
|
@ -70,6 +70,34 @@
|
|||
with any supported NixOS release.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>emacs</literal> enables native compilation which
|
||||
means:
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
emacs packages from nixpkgs, builtin or not, will do
|
||||
native compilation ahead of time so you can enjoy the
|
||||
benefit of native compilation without compiling them on
|
||||
you machine;
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
emacs packages from somewhere else, e.g.
|
||||
<literal>package-install</literal>, will do asynchronously
|
||||
deferred native compilation. If you do not want this,
|
||||
maybe to avoid CPU consumption for compilation, you can
|
||||
use
|
||||
<literal>(setq native-comp-deferred-compilation nil)</literal>
|
||||
to disable it while still enjoy the benefit of native
|
||||
compilation for packages from nixpkgs.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>nixos-generate-config</literal> now generates
|
||||
|
@ -97,7 +125,9 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Cinnamon has been updated to 5.4.
|
||||
Cinnamon has been updated to 5.4. While at it, the cinnamon
|
||||
module now defaults to blueman as bluetooth manager and
|
||||
slick-greeter as lightdm greeter to match upstream.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -138,6 +168,13 @@
|
|||
<link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://komga.org/">Komga</link>, a free and
|
||||
open source comics/mangas media server. Available as
|
||||
<link linkend="opt-services.komga.enable">services.komga</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://hbase.apache.org/">HBase
|
||||
|
@ -191,6 +228,14 @@
|
|||
<link linkend="opt-services.tempo.enable">services.tempo</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/zalando/patroni">Patroni</link>,
|
||||
a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
|
||||
Available as
|
||||
<link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.11-incompatibilities">
|
||||
|
@ -251,6 +296,18 @@
|
|||
<literal>(with foo; isPower && is32bit && isBigEndian)</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>fetchgit</literal> fetcher now uses
|
||||
<link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling">cone
|
||||
mode</link> by default for sparse checkouts.
|
||||
<link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems">Non-cone
|
||||
mode</link> can be enabled by passing
|
||||
<literal>nonConeMode = true</literal>, but note that non-cone
|
||||
mode is deprecated and this option may be removed alongside a
|
||||
future Git update without notice.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>bsp-layout</literal> no longer uses the command
|
||||
|
@ -357,6 +414,16 @@
|
|||
release notes</link> for more details.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>github-runner</literal> gained support for ephemeral
|
||||
runners and registrations using a personal access token (PAT)
|
||||
instead of a registration token. See
|
||||
<literal>services.github-runner.ephemeral</literal> and
|
||||
<literal>services.github-runner.tokenFile</literal> for
|
||||
details.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A new module was added for the Saleae Logic device family,
|
||||
|
@ -372,6 +439,13 @@
|
|||
instead of using the Redis default.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Neo4j was updated from version 3 to version 4. See this
|
||||
<link xlink:href="https://neo4j.com/docs/upgrade-migration-guide/current/">migration
|
||||
guide</link> on how to migrate your Neo4j instance.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Matrix Synapse now requires entries in the
|
||||
|
@ -450,6 +524,12 @@
|
|||
dbus service.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>nomad</literal> package now defaults to 1.3,
|
||||
which no longer has a downgrade path to releases 1.2 or older.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -133,14 +133,14 @@ update /etc/fstab.
|
|||
which will be used by the boot partition.
|
||||
|
||||
```ShellSession
|
||||
# parted /dev/sda -- mkpart primary 512MiB -8GiB
|
||||
# parted /dev/sda -- mkpart primary 512MB -8GB
|
||||
```
|
||||
|
||||
3. Next, add a *swap* partition. The size required will vary according
|
||||
to needs, here a 8GiB one is created.
|
||||
to needs, here a 8GB one is created.
|
||||
|
||||
```ShellSession
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||
```
|
||||
|
||||
::: {.note}
|
||||
|
@ -153,7 +153,7 @@ update /etc/fstab.
|
|||
reserved 512MiB at the start of the disk.
|
||||
|
||||
```ShellSession
|
||||
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
||||
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB
|
||||
# parted /dev/sda -- set 3 esp on
|
||||
```
|
||||
|
||||
|
@ -180,14 +180,14 @@ update /etc/fstab.
|
|||
end part, where the swap will live.
|
||||
|
||||
```ShellSession
|
||||
# parted /dev/sda -- mkpart primary 1MiB -8GiB
|
||||
# parted /dev/sda -- mkpart primary 1MB -8GB
|
||||
```
|
||||
|
||||
3. Finally, add a *swap* partition. The size required will vary
|
||||
according to needs, here a 8GiB one is created.
|
||||
|
||||
```ShellSession
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
|
||||
```
|
||||
|
||||
::: {.note}
|
||||
|
|
|
@ -778,6 +778,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
sudo mkdir /var/lib/redis-peertube
|
||||
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
|
||||
```
|
||||
- Added the `keter` NixOS module. Keter reverse proxies requests to your loaded application based on virtual hostnames.
|
||||
|
||||
- If you are using Wayland you can choose to use the Ozone Wayland support
|
||||
in Chrome and several Electron apps by setting the environment variable
|
||||
|
|
|
@ -35,6 +35,10 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
for a transition period so that in time the ecosystem can switch without
|
||||
breaking compatibility with any supported NixOS release.
|
||||
|
||||
- `emacs` enables native compilation which means:
|
||||
- emacs packages from nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
|
||||
- emacs packages from somewhere else, e.g. `package-install`, will do asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use `(setq native-comp-deferred-compilation nil)` to disable it while still enjoy the benefit of native compilation for packages from nixpkgs.
|
||||
|
||||
- `nixos-generate-config` now generates configurations that can be built in pure
|
||||
mode. This is achieved by setting the new `nixpkgs.hostPlatform` option.
|
||||
|
||||
|
@ -46,7 +50,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- PHP now defaults to PHP 8.1, updated from 8.0.
|
||||
|
||||
- Cinnamon has been updated to 5.4.
|
||||
- Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
|
||||
blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
|
||||
|
||||
- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
|
||||
|
||||
|
@ -59,6 +64,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
|
||||
|
||||
- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
|
||||
|
||||
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
|
||||
|
||||
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
|
||||
|
@ -75,6 +82,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
|
||||
|
||||
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
|
||||
Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
|
||||
|
@ -97,6 +107,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`.
|
||||
|
||||
- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.
|
||||
|
||||
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
|
||||
|
||||
- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
|
||||
|
@ -135,10 +147,14 @@ Use `configure.packages` instead.
|
|||
|
||||
- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.
|
||||
|
||||
- `github-runner` gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. See `services.github-runner.ephemeral` and `services.github-runner.tokenFile` for details.
|
||||
|
||||
- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
|
||||
|
||||
- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
|
||||
|
||||
- Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.
|
||||
|
||||
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
|
||||
|
||||
- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
|
||||
|
@ -159,4 +175,6 @@ Use `configure.packages` instead.
|
|||
|
||||
- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.
|
||||
|
||||
- The `nomad` package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
|
|
@ -123,7 +123,7 @@ in rec {
|
|||
inherit self;
|
||||
includeSiteCustomize = true;
|
||||
});
|
||||
in self.withPackages (p: [ p.mistune_2_0 ]))
|
||||
in self.withPackages (p: [ p.mistune ]))
|
||||
];
|
||||
options = builtins.toFile "options.json"
|
||||
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));
|
||||
|
|
|
@ -285,6 +285,8 @@ in rec {
|
|||
Documentation = toString config.documentation; }
|
||||
// optionalAttrs (config.onFailure != []) {
|
||||
OnFailure = toString config.onFailure; }
|
||||
// optionalAttrs (config.onSuccess != []) {
|
||||
OnSuccess = toString config.onSuccess; }
|
||||
// optionalAttrs (options.startLimitIntervalSec.isDefined) {
|
||||
StartLimitIntervalSec = toString config.startLimitIntervalSec;
|
||||
} // optionalAttrs (options.startLimitBurst.isDefined) {
|
||||
|
|
|
@ -206,6 +206,15 @@ in rec {
|
|||
'';
|
||||
};
|
||||
|
||||
onSuccess = mkOption {
|
||||
default = [];
|
||||
type = types.listOf unitNameType;
|
||||
description = ''
|
||||
A list of one or more units that are activated when
|
||||
this unit enters the "inactive" state.
|
||||
'';
|
||||
};
|
||||
|
||||
startLimitBurst = mkOption {
|
||||
type = types.int;
|
||||
description = ''
|
||||
|
|
|
@ -204,11 +204,11 @@ in {
|
|||
admin_server = SYSLOG:NOTICE
|
||||
default = SYSLOG:NOTICE
|
||||
'';
|
||||
description = ''
|
||||
These lines go to the end of <literal>krb5.conf</literal> verbatim.
|
||||
<literal>krb5.conf</literal> may include any of the relations that are
|
||||
valid for <literal>kdc.conf</literal> (see <literal>man
|
||||
kdc.conf</literal>), but it is not a recommended practice.
|
||||
description = lib.mdDoc ''
|
||||
These lines go to the end of `krb5.conf` verbatim.
|
||||
`krb5.conf` may include any of the relations that are
|
||||
valid for `kdc.conf` (see `man kdc.conf`),
|
||||
but it is not a recommended practice.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -186,16 +186,16 @@ in
|
|||
policy = mkOption {
|
||||
default = "hard_open";
|
||||
type = types.enum [ "hard_open" "hard_init" "soft" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specifies the policy to use for reconnecting to an unavailable
|
||||
LDAP server. The default is <literal>hard_open</literal>, which
|
||||
LDAP server. The default is `hard_open`, which
|
||||
reconnects if opening the connection to the directory server
|
||||
failed. By contrast, <literal>hard_init</literal> reconnects if
|
||||
failed. By contrast, `hard_init` reconnects if
|
||||
initializing the connection failed. Initializing may not
|
||||
actually contact the directory server, and it is possible that
|
||||
a malformed configuration file will trigger reconnection. If
|
||||
<literal>soft</literal> is specified, then
|
||||
<package>nss_ldap</package> will return immediately on server
|
||||
`soft` is specified, then
|
||||
`nss_ldap` will return immediately on server
|
||||
failure. All hard reconnect policies block with exponential
|
||||
backoff before retrying.
|
||||
'';
|
||||
|
|
519
third_party/nixpkgs/nixos/modules/config/mysql.nix
vendored
Normal file
519
third_party/nixpkgs/nixos/modules/config/mysql.nix
vendored
Normal file
|
@ -0,0 +1,519 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.users.mysql;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
users.mysql = {
|
||||
enable = mkEnableOption "Authentication against a MySQL/MariaDB database";
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
example = "localhost";
|
||||
description = "The hostname of the MySQL/MariaDB server";
|
||||
};
|
||||
database = mkOption {
|
||||
type = types.str;
|
||||
example = "auth";
|
||||
description = "The name of the database containing the users";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
example = "nss-user";
|
||||
description = "The username to use when connecting to the database";
|
||||
};
|
||||
passwordFile = mkOption {
|
||||
type = types.path;
|
||||
example = "/run/secrets/mysql-auth-db-passwd";
|
||||
description = "The path to the file containing the password for the user";
|
||||
};
|
||||
pam = mkOption {
|
||||
description = "Settings for <literal>pam_mysql</literal>";
|
||||
type = types.submodule {
|
||||
options = {
|
||||
table = mkOption {
|
||||
type = types.str;
|
||||
example = "users";
|
||||
description = "The name of table that maps unique login names to the passwords.";
|
||||
};
|
||||
updateTable = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "users_updates";
|
||||
description = ''
|
||||
The name of the table used for password alteration. If not defined, the value
|
||||
of the <literal>table</literal> option will be used instead.
|
||||
'';
|
||||
};
|
||||
userColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "username";
|
||||
description = "The name of the column that contains a unix login name.";
|
||||
};
|
||||
passwordColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "password";
|
||||
description = "The name of the column that contains a (encrypted) password string.";
|
||||
};
|
||||
statusColumn = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "status";
|
||||
description = ''
|
||||
The name of the column or an SQL expression that indicates the status of
|
||||
the user. The status is expressed by the combination of two bitfields
|
||||
shown below:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>bit 0 (0x01)</literal>:
|
||||
if flagged, <literal>pam_mysql</literal> deems the account to be expired and
|
||||
returns <literal>PAM_ACCT_EXPIRED</literal>. That is, the account is supposed
|
||||
to no longer be available. Note this doesn't mean that <literal>pam_mysql</literal>
|
||||
rejects further authentication operations.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>bit 1 (0x02)</literal>:
|
||||
if flagged, <literal>pam_mysql</literal> deems the authentication token
|
||||
(password) to be expired and returns <literal>PAM_NEW_AUTHTOK_REQD</literal>.
|
||||
This ends up requiring that the user enter a new password.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
};
|
||||
passwordCrypt = mkOption {
|
||||
example = "2";
|
||||
type = types.enum [
|
||||
"0" "plain"
|
||||
"1" "Y"
|
||||
"2" "mysql"
|
||||
"3" "md5"
|
||||
"4" "sha1"
|
||||
"5" "drupal7"
|
||||
"6" "joomla15"
|
||||
"7" "ssha"
|
||||
"8" "sha512"
|
||||
"9" "sha256"
|
||||
];
|
||||
description = ''
|
||||
The method to encrypt the user's password:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>0</literal> (or <literal>"plain"</literal>):
|
||||
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>1</literal> (or <literal>"Y"</literal>):
|
||||
Use crypt(3) function.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>2</literal> (or <literal>"mysql"</literal>):
|
||||
Use the MySQL PASSWORD() function. It is possible that the encryption function used
|
||||
by <literal>pam_mysql</literal> is different from that of the MySQL server, as
|
||||
<literal>pam_mysql</literal> uses the function defined in MySQL's C-client API
|
||||
instead of using PASSWORD() SQL function in the query.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>3</literal> (or <literal>"md5"</literal>):
|
||||
Use plain hex MD5.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>4</literal> (or <literal>"sha1"</literal>):
|
||||
Use plain hex SHA1.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>5</literal> (or <literal>"drupal7"</literal>):
|
||||
Use Drupal7 salted passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>6</literal> (or <literal>"joomla15"</literal>):
|
||||
Use Joomla15 salted passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>7</literal> (or <literal>"ssha"</literal>):
|
||||
Use ssha hashed passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>8</literal> (or <literal>"sha512"</literal>):
|
||||
Use sha512 hashed passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>9</literal> (or <literal>"sha256"</literal>):
|
||||
Use sha256 hashed passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
};
|
||||
cryptDefault = mkOption {
|
||||
type = types.nullOr (types.enum [ "md5" "sha256" "sha512" "blowfish" ]);
|
||||
default = null;
|
||||
example = "blowfish";
|
||||
description = "The default encryption method to use for <literal>passwordCrypt = 1</literal>.";
|
||||
};
|
||||
where = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "host.name='web' AND user.active=1";
|
||||
description = "Additional criteria for the query.";
|
||||
};
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If enabled, produces logs with detailed messages that describes what
|
||||
<literal>pam_mysql</literal> is doing. May be useful for debugging.
|
||||
'';
|
||||
};
|
||||
disconnectEveryOperation = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
By default, <literal>pam_mysql</literal> keeps the connection to the MySQL
|
||||
database until the session is closed. If this option is set to true it
|
||||
disconnects every time the PAM operation has finished. This option may
|
||||
be useful in case the session lasts quite long.
|
||||
'';
|
||||
};
|
||||
logging = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enables logging of authentication attempts in the MySQL database.";
|
||||
};
|
||||
table = mkOption {
|
||||
type = types.str;
|
||||
example = "logs";
|
||||
description = "The name of the table to which logs are written.";
|
||||
};
|
||||
msgColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "msg";
|
||||
description = ''
|
||||
The name of the column in the log table to which the description
|
||||
of the performed operation is stored.
|
||||
'';
|
||||
};
|
||||
userColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "user";
|
||||
description = ''
|
||||
The name of the column in the log table to which the name of the
|
||||
user being authenticated is stored.
|
||||
'';
|
||||
};
|
||||
pidColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "pid";
|
||||
description = ''
|
||||
The name of the column in the log table to which the pid of the
|
||||
process utilising the <literal>pam_mysql's</literal> authentication
|
||||
service is stored.
|
||||
'';
|
||||
};
|
||||
hostColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "host";
|
||||
description = ''
|
||||
The name of the column in the log table to which the name of the user
|
||||
being authenticated is stored.
|
||||
'';
|
||||
};
|
||||
rHostColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "rhost";
|
||||
description = ''
|
||||
The name of the column in the log table to which the name of the remote
|
||||
host that initiates the session is stored. The value is supposed to be
|
||||
set by the PAM-aware application with <literal>pam_set_item(PAM_RHOST)
|
||||
</literal>.
|
||||
'';
|
||||
};
|
||||
timeColumn = mkOption {
|
||||
type = types.str;
|
||||
example = "timestamp";
|
||||
description = ''
|
||||
The name of the column in the log table to which the timestamp of the
|
||||
log entry is stored.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
nss = mkOption {
|
||||
description = ''
|
||||
Settings for <literal>libnss-mysql</literal>.
|
||||
|
||||
All examples are from the <link xlink:href="https://github.com/saknopper/libnss-mysql/tree/master/sample/minimal">minimal example</link>
|
||||
of <literal>libnss-mysql</literal>, but they are modified with NixOS paths for bash.
|
||||
'';
|
||||
type = types.submodule {
|
||||
options = {
|
||||
getpwnam = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
|
||||
FROM users \
|
||||
WHERE username='%1$s' \
|
||||
LIMIT 1
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getpwnam.3.html">getpwnam</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getpwuid = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
|
||||
FROM users \
|
||||
WHERE uid='%1$u' \
|
||||
LIMIT 1
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getpwuid.3.html">getpwuid</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getspnam = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT username,password,'1','0','99999','0','0','-1','0' \
|
||||
FROM users \
|
||||
WHERE username='%1$s' \
|
||||
LIMIT 1
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getspnam.3.html">getspnam</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getpwent = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getpwent.3.html">getpwent</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getspent = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT username,password,'1','0','99999','0','0','-1','0' FROM users
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getspent.3.html">getspent</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getgrnam = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getgrnam.3.html">getgrnam</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getgrgid = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getgrgid.3.html">getgrgid</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
getgrent = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT name,password,gid FROM groups
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/getgrent.3.html">getgrent</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
memsbygid = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT username FROM grouplist WHERE gid='%1$u'
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/memsbygid.3.html">memsbygid</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
gidsbymem = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
SELECT gid FROM grouplist WHERE username='%1$s'
|
||||
'';
|
||||
description = ''
|
||||
SQL query for the <link
|
||||
xlink:href="https://man7.org/linux/man-pages/man3/gidsbymem.3.html">gidsbymem</link>
|
||||
syscall.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
system.nssModules = [ pkgs.libnss-mysql ];
|
||||
system.nssDatabases.shadow = [ "mysql" ];
|
||||
system.nssDatabases.group = [ "mysql" ];
|
||||
system.nssDatabases.passwd = [ "mysql" ];
|
||||
|
||||
environment.etc."security/pam_mysql.conf" = {
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0600";
|
||||
# password will be added from password file in activation script
|
||||
text = ''
|
||||
users.host=${cfg.host}
|
||||
users.db_user=${cfg.user}
|
||||
users.database=${cfg.database}
|
||||
users.table=${cfg.pam.table}
|
||||
users.user_column=${cfg.pam.userColumn}
|
||||
users.password_column=${cfg.pam.passwordColumn}
|
||||
users.password_crypt=${cfg.pam.passwordCrypt}
|
||||
users.disconnect_every_operation=${if cfg.pam.disconnectEveryOperation then "1" else "0"}
|
||||
verbose=${if cfg.pam.verbose then "1" else "0"}
|
||||
'' + optionalString (cfg.pam.cryptDefault != null) ''
|
||||
users.use_${cfg.pam.cryptDefault}=1
|
||||
'' + optionalString (cfg.pam.where != null) ''
|
||||
users.where_clause=${cfg.pam.where}
|
||||
'' + optionalString (cfg.pam.statusColumn != null) ''
|
||||
users.status_column=${cfg.pam.statusColumn}
|
||||
'' + optionalString (cfg.pam.updateTable != null) ''
|
||||
users.update_table=${cfg.pam.updateTable}
|
||||
'' + optionalString cfg.pam.logging.enable ''
|
||||
log.enabled=true
|
||||
log.table=${cfg.pam.logging.table}
|
||||
log.message_column=${cfg.pam.logging.msgColumn}
|
||||
log.pid_column=${cfg.pam.logging.pidColumn}
|
||||
log.user_column=${cfg.pam.logging.userColumn}
|
||||
log.host_column=${cfg.pam.logging.hostColumn}
|
||||
log.rhost_column=${cfg.pam.logging.rHostColumn}
|
||||
log.time_column=${cfg.pam.logging.timeColumn}
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc."libnss-mysql.cfg" = {
|
||||
mode = "0600";
|
||||
user = config.services.nscd.user;
|
||||
group = config.services.nscd.group;
|
||||
text = optionalString (cfg.nss.getpwnam != null) ''
|
||||
getpwnam ${cfg.nss.getpwnam}
|
||||
'' + optionalString (cfg.nss.getpwuid != null) ''
|
||||
getpwuid ${cfg.nss.getpwuid}
|
||||
'' + optionalString (cfg.nss.getspnam != null) ''
|
||||
getspnam ${cfg.nss.getspnam}
|
||||
'' + optionalString (cfg.nss.getpwent != null) ''
|
||||
getpwent ${cfg.nss.getpwent}
|
||||
'' + optionalString (cfg.nss.getspent != null) ''
|
||||
getspent ${cfg.nss.getspent}
|
||||
'' + optionalString (cfg.nss.getgrnam != null) ''
|
||||
getgrnam ${cfg.nss.getgrnam}
|
||||
'' + optionalString (cfg.nss.getgrgid != null) ''
|
||||
getgrgid ${cfg.nss.getgrgid}
|
||||
'' + optionalString (cfg.nss.getgrent != null) ''
|
||||
getgrent ${cfg.nss.getgrent}
|
||||
'' + optionalString (cfg.nss.memsbygid != null) ''
|
||||
memsbygid ${cfg.nss.memsbygid}
|
||||
'' + optionalString (cfg.nss.gidsbymem != null) ''
|
||||
gidsbymem ${cfg.nss.gidsbymem}
|
||||
'' + ''
|
||||
host ${cfg.host}
|
||||
database ${cfg.database}
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc."libnss-mysql-root.cfg" = {
|
||||
mode = "0600";
|
||||
user = config.services.nscd.user;
|
||||
group = config.services.nscd.group;
|
||||
# password will be added from password file in activation script
|
||||
text = ''
|
||||
username ${cfg.user}
|
||||
'';
|
||||
};
|
||||
|
||||
# Activation script to append the password from the password file
|
||||
# to the configuration files. It also fixes the owner of the
|
||||
# libnss-mysql-root.cfg because it is changed to root after the
|
||||
# password is appended.
|
||||
system.activationScripts.mysql-auth-passwords = ''
|
||||
if [[ -r ${cfg.passwordFile} ]]; then
|
||||
org_umask=$(umask)
|
||||
umask 0077
|
||||
|
||||
conf_nss="$(mktemp)"
|
||||
cp /etc/libnss-mysql-root.cfg $conf_nss
|
||||
printf 'password %s\n' "$(cat ${cfg.passwordFile})" >> $conf_nss
|
||||
mv -fT "$conf_nss" /etc/libnss-mysql-root.cfg
|
||||
chown ${config.services.nscd.user}:${config.services.nscd.group} /etc/libnss-mysql-root.cfg
|
||||
|
||||
conf_pam="$(mktemp)"
|
||||
cp /etc/security/pam_mysql.conf $conf_pam
|
||||
printf 'users.db_passwd=%s\n' "$(cat ${cfg.passwordFile})" >> $conf_pam
|
||||
mv -fT "$conf_pam" /etc/security/pam_mysql.conf
|
||||
|
||||
umask $org_umask
|
||||
fi
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -91,7 +91,7 @@ in
|
|||
|
||||
systemd.services.post-resume =
|
||||
{ description = "Post-Resume Actions";
|
||||
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
|
||||
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
|
||||
script =
|
||||
''
|
||||
/run/current-system/systemd/bin/systemctl try-restart post-resume.target
|
||||
|
|
|
@ -26,13 +26,12 @@ in
|
|||
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
|
||||
'';
|
||||
type = types.attrsOf sysctlOption;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Runtime parameters of the Linux kernel, as set by
|
||||
<citerefentry><refentrytitle>sysctl</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>. Note that sysctl
|
||||
{manpage}`sysctl(8)`. Note that sysctl
|
||||
parameters names must be enclosed in quotes
|
||||
(e.g. <literal>"vm.swappiness"</literal> instead of
|
||||
<literal>vm.swappiness</literal>). The value of each
|
||||
(e.g. `"vm.swappiness"` instead of
|
||||
`vm.swappiness`). The value of each
|
||||
parameter may be a string, integer, boolean, or null
|
||||
(signifying the option will not appear at all).
|
||||
'';
|
||||
|
|
|
@ -39,26 +39,23 @@ in
|
|||
environment.profileRelativeSessionVariables = mkOption {
|
||||
type = types.attrsOf (types.listOf types.str);
|
||||
example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Attribute set of environment variable used in the global
|
||||
environment. These variables will be set by PAM early in the
|
||||
login process.
|
||||
|
||||
Variable substitution is available as described in
|
||||
<citerefentry>
|
||||
<refentrytitle>pam_env.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>.
|
||||
{manpage}`pam_env.conf(5)`.
|
||||
|
||||
Each attribute maps to a list of relative paths. Each relative
|
||||
path is appended to the each profile of
|
||||
<option>environment.profiles</option> to form the content of
|
||||
{option}`environment.profiles` to form the content of
|
||||
the corresponding environment variable.
|
||||
|
||||
Also, these variables are merged into
|
||||
<xref linkend="opt-environment.profileRelativeEnvVars"/> and it is
|
||||
[](#opt-environment.profileRelativeEnvVars) and it is
|
||||
therefore not possible to use PAM style variables such as
|
||||
<literal>@{HOME}</literal>.
|
||||
`@{HOME}`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -84,19 +84,19 @@ in
|
|||
<programlisting>${defaultPackagesText}</programlisting>
|
||||
'';
|
||||
example = [];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Set of default packages that aren't strictly necessary
|
||||
for a running system, entries can be removed for a more
|
||||
minimal NixOS installation.
|
||||
|
||||
Note: If <package>pkgs.nano</package> is removed from this list,
|
||||
Note: If `pkgs.nano` is removed from this list,
|
||||
make sure another editor is installed and the
|
||||
<literal>EDITOR</literal> environment variable is set to it.
|
||||
`EDITOR` environment variable is set to it.
|
||||
Environment variables can be set using
|
||||
<option>environment.variables</option>.
|
||||
{option}`environment.variables`.
|
||||
|
||||
Like with systemPackages, packages are installed to
|
||||
<filename>/run/current-system/sw</filename>. They are
|
||||
{file}`/run/current-system/sw`. They are
|
||||
automatically available to all users, and are
|
||||
automatically updated every time you rebuild the system
|
||||
configuration.
|
||||
|
|
|
@ -40,12 +40,12 @@ in
|
|||
extraPortals = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of additional portals to add to path. Portals allow interaction
|
||||
with system, like choosing files or taking screenshots. At minimum,
|
||||
a desktop portal implementation should be listed. GNOME and KDE already
|
||||
adds <package>xdg-desktop-portal-gtk</package>; and
|
||||
<package>xdg-desktop-portal-kde</package> respectively. On other desktop
|
||||
adds `xdg-desktop-portal-gtk`; and
|
||||
`xdg-desktop-portal-kde` respectively. On other desktop
|
||||
environments you probably want to add them yourself.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -15,7 +15,7 @@ in
|
|||
enable = mkEnableOption ''
|
||||
the desktop portal for the LXQt desktop environment.
|
||||
|
||||
This will add the <package>lxqt.xdg-desktop-portal-lxqt</package>
|
||||
This will add the <literal>lxqt.xdg-desktop-portal-lxqt</literal>
|
||||
package (with the extra Qt styles) into the
|
||||
<option>xdg.portal.extraPortals</option> option
|
||||
'';
|
||||
|
@ -29,9 +29,9 @@ in
|
|||
pkgs.qtcurve
|
||||
];
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Extra Qt styles that will be available to the
|
||||
<package>lxqt.xdg-desktop-portal-lxqt</package>.
|
||||
`lxqt.xdg-desktop-portal-lxqt`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -17,16 +17,16 @@ in
|
|||
enable = mkEnableOption ''
|
||||
desktop portal for wlroots-based desktops
|
||||
|
||||
This will add the <package>xdg-desktop-portal-wlr</package> package into
|
||||
This will add the <literal>xdg-desktop-portal-wlr</literal> package into
|
||||
the <option>xdg.portal.extraPortals</option> option, and provide the
|
||||
configuration file
|
||||
'';
|
||||
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Configuration for <package>xdg-desktop-portal-wlr</package>.
|
||||
description = lib.mdDoc ''
|
||||
Configuration for `xdg-desktop-portal-wlr`.
|
||||
|
||||
See <literal>xdg-desktop-portal-wlr(5)</literal> for supported
|
||||
See `xdg-desktop-portal-wlr(5)` for supported
|
||||
values.
|
||||
'';
|
||||
|
||||
|
|
|
@ -103,12 +103,12 @@ in
|
|||
default = "zstd";
|
||||
example = "lz4";
|
||||
type = with types; either (enum [ "lzo" "lz4" "zstd" ]) str;
|
||||
description = ''
|
||||
Compression algorithm. <literal>lzo</literal> has good compression,
|
||||
but is slow. <literal>lz4</literal> has bad compression, but is fast.
|
||||
<literal>zstd</literal> is both good compression and fast, but requires newer kernel.
|
||||
description = lib.mdDoc ''
|
||||
Compression algorithm. `lzo` has good compression,
|
||||
but is slow. `lz4` has bad compression, but is fast.
|
||||
`zstd` is both good compression and fast, but requires newer kernel.
|
||||
You can check what other algorithms are supported by your zram device with
|
||||
<programlisting>cat /sys/class/block/zram*/comp_algorithm</programlisting>
|
||||
{command}`cat /sys/class/block/zram*/comp_algorithm`
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -20,7 +20,7 @@ in
|
|||
type = types.str;
|
||||
default = "0xfffd7fff";
|
||||
example = "0xffffffff";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Sets the `amdgpu.ppfeaturemask` kernel option.
|
||||
In particular, it is used here to set the overdrive bit.
|
||||
Default is `0xfffd7fff` as it is less likely to cause flicker issues.
|
||||
|
|
|
@ -8,17 +8,17 @@ in
|
|||
options.hardware.cpu.amd.sev = {
|
||||
enable = mkEnableOption "access to the AMD SEV device";
|
||||
user = mkOption {
|
||||
description = "Owner to assign to the SEV device.";
|
||||
description = lib.mdDoc "Owner to assign to the SEV device.";
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
group = mkOption {
|
||||
description = "Group to assign to the SEV device.";
|
||||
description = lib.mdDoc "Group to assign to the SEV device.";
|
||||
type = types.str;
|
||||
default = defaultGroup;
|
||||
};
|
||||
mode = mkOption {
|
||||
description = "Mode to set for the SEV device.";
|
||||
description = lib.mdDoc "Mode to set for the SEV device.";
|
||||
type = types.str;
|
||||
default = "0660";
|
||||
};
|
||||
|
|
|
@ -56,23 +56,6 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
# this requires kernel package
|
||||
dtbsWithSymbols = pkgs.stdenv.mkDerivation {
|
||||
name = "dtbs-with-symbols";
|
||||
inherit (cfg.kernelPackage) src nativeBuildInputs depsBuildBuild;
|
||||
patches = map (patch: patch.patch) cfg.kernelPackage.kernelPatches;
|
||||
buildPhase = ''
|
||||
patchShebangs scripts/*
|
||||
substituteInPlace scripts/Makefile.lib \
|
||||
--replace 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget))' 'DTC_FLAGS += $(DTC_FLAGS_$(basetarget)) -@'
|
||||
make ${pkgs.stdenv.hostPlatform.linux-kernel.baseConfig} ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
|
||||
make dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
|
||||
'';
|
||||
installPhase = ''
|
||||
make dtbs_install INSTALL_DTBS_PATH=$out/dtbs ARCH="${pkgs.stdenv.hostPlatform.linuxArch}"
|
||||
'';
|
||||
};
|
||||
|
||||
filterDTBs = src: if isNull cfg.filter
|
||||
then "${src}/dtbs"
|
||||
else
|
||||
|
@ -83,6 +66,8 @@ let
|
|||
| xargs -0 cp -v --no-preserve=mode --target-directory $out --parents
|
||||
'';
|
||||
|
||||
filteredDTBs = filterDTBs cfg.kernelPackage;
|
||||
|
||||
# Compile single Device Tree overlay source
|
||||
# file (.dts) into its compiled variant (.dtbo)
|
||||
compileDTS = name: f: pkgs.callPackage({ stdenv, dtc }: stdenv.mkDerivation {
|
||||
|
@ -197,7 +182,7 @@ in
|
|||
};
|
||||
|
||||
hardware.deviceTree.package = if (cfg.overlays != [])
|
||||
then pkgs.deviceTree.applyOverlays (filterDTBs dtbsWithSymbols) (withDTBOs cfg.overlays)
|
||||
else (filterDTBs cfg.kernelPackage);
|
||||
then pkgs.deviceTree.applyOverlays filteredDTBs (withDTBOs cfg.overlays)
|
||||
else filteredDTBs;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,6 +11,14 @@ with lib;
|
|||
console.earlySetup = mkDefault true;
|
||||
boot.loader.systemd-boot.consoleMode = mkDefault "1";
|
||||
|
||||
|
||||
# Grayscale anti-aliasing for fonts
|
||||
fonts.fontconfig.antialias = mkDefault true;
|
||||
fonts.fontconfig.subpixel = {
|
||||
rgba = mkDefault "none";
|
||||
lcdfilter = mkDefault "none";
|
||||
};
|
||||
|
||||
# TODO Find reasonable defaults X11 & wayland
|
||||
};
|
||||
}
|
||||
|
|
|
@ -454,23 +454,23 @@ in
|
|||
|
||||
isoImage.isoName = mkOption {
|
||||
default = "${config.isoImage.isoBaseName}.iso";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name of the generated ISO image file.
|
||||
'';
|
||||
};
|
||||
|
||||
isoImage.isoBaseName = mkOption {
|
||||
default = "nixos";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Prefix of the name of the generated ISO image file.
|
||||
'';
|
||||
};
|
||||
|
||||
isoImage.compressImage = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether the ISO image should be compressed using
|
||||
<command>zstd</command>.
|
||||
{command}`zstd`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -481,7 +481,7 @@ in
|
|||
+ lib.optionalString isAarch "-Xbcj arm"
|
||||
+ lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc"
|
||||
+ lib.optionalString (isSparc) "-Xbcj sparc";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Compression settings to use for the squashfs nix store.
|
||||
'';
|
||||
example = "zstd -Xcompression-level 6";
|
||||
|
@ -489,7 +489,7 @@ in
|
|||
|
||||
isoImage.edition = mkOption {
|
||||
default = "";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specifies which edition string to use in the volume ID of the generated
|
||||
ISO image.
|
||||
'';
|
||||
|
@ -498,7 +498,7 @@ in
|
|||
isoImage.volumeID = mkOption {
|
||||
# nixos-$EDITION-$RELEASE-$ARCH
|
||||
default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specifies the label or volume ID of the generated ISO image.
|
||||
Note that the label is used by stage 1 of the boot process to
|
||||
mount the CD, so it should be reasonably distinctive.
|
||||
|
@ -512,7 +512,7 @@ in
|
|||
}
|
||||
]
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option lists files to be copied to fixed locations in the
|
||||
generated ISO image.
|
||||
'';
|
||||
|
@ -520,7 +520,7 @@ in
|
|||
|
||||
isoImage.storeContents = mkOption {
|
||||
example = literalExpression "[ pkgs.stdenv ]";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option lists additional derivations to be included in the
|
||||
Nix store in the generated ISO image.
|
||||
'';
|
||||
|
@ -528,7 +528,7 @@ in
|
|||
|
||||
isoImage.includeSystemBuildDependencies = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Set this option to include all the needed sources etc in the
|
||||
image. It significantly increases image size. Use that when
|
||||
you want to be able to keep all the sources needed to build your
|
||||
|
@ -539,14 +539,14 @@ in
|
|||
|
||||
isoImage.makeEfiBootable = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether the ISO image should be an efi-bootable volume.
|
||||
'';
|
||||
};
|
||||
|
||||
isoImage.makeUsbBootable = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether the ISO image should be bootable from CD as well as USB.
|
||||
'';
|
||||
};
|
||||
|
@ -556,7 +556,7 @@ in
|
|||
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png";
|
||||
sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x";
|
||||
};
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The splash image to use in the EFI bootloader.
|
||||
'';
|
||||
};
|
||||
|
@ -566,7 +566,7 @@ in
|
|||
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png";
|
||||
sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd";
|
||||
};
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The splash image to use in the legacy-boot bootloader.
|
||||
'';
|
||||
};
|
||||
|
@ -574,7 +574,7 @@ in
|
|||
isoImage.grubTheme = mkOption {
|
||||
default = pkgs.nixos-grub2-theme;
|
||||
type = types.nullOr (types.either types.path types.package);
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The grub2 theme used for UEFI boot.
|
||||
'';
|
||||
};
|
||||
|
@ -605,7 +605,7 @@ in
|
|||
MENU COLOR SEL 7;37;40 #FFFFFFFF #FF5277C3 std
|
||||
'';
|
||||
type = types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The syslinux theme used for BIOS boot.
|
||||
'';
|
||||
};
|
||||
|
@ -613,12 +613,12 @@ in
|
|||
isoImage.appendToMenuLabel = mkOption {
|
||||
default = " Installer";
|
||||
example = " Live System";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The string to append after the menu label for the NixOS system.
|
||||
This will be directly appended (without whitespace) to the NixOS version
|
||||
string, like for example if it is set to <literal>XXX</literal>:
|
||||
string, like for example if it is set to `XXX`:
|
||||
|
||||
<literal>NixOS 99.99-pre666XXX</literal>
|
||||
`NixOS 99.99-pre666XXX`
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ with lib;
|
|||
|
||||
netboot.storeContents = mkOption {
|
||||
example = literalExpression "[ pkgs.stdenv ]";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option lists additional derivations to be included in the
|
||||
Nix store in the generated netboot image.
|
||||
'';
|
||||
|
|
|
@ -35,14 +35,14 @@ in
|
|||
options.sdImage = {
|
||||
imageName = mkOption {
|
||||
default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name of the generated image file.
|
||||
'';
|
||||
};
|
||||
|
||||
imageBaseName = mkOption {
|
||||
default = "nixos-sd-image";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Prefix of the name of the generated image file.
|
||||
'';
|
||||
};
|
||||
|
@ -50,7 +50,7 @@ in
|
|||
storePaths = mkOption {
|
||||
type = with types; listOf package;
|
||||
example = literalExpression "[ pkgs.stdenv ]";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Derivations to be included in the Nix store in the generated SD image.
|
||||
'';
|
||||
};
|
||||
|
@ -74,7 +74,7 @@ in
|
|||
firmwarePartitionID = mkOption {
|
||||
type = types.str;
|
||||
default = "0x2178694e";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Volume ID for the /boot/firmware partition on the SD card. This value
|
||||
must be a 32-bit hexadecimal number.
|
||||
'';
|
||||
|
@ -83,7 +83,7 @@ in
|
|||
firmwarePartitionName = mkOption {
|
||||
type = types.str;
|
||||
default = "FIRMWARE";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name of the filesystem which holds the boot firmware.
|
||||
'';
|
||||
};
|
||||
|
@ -92,7 +92,7 @@ in
|
|||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
UUID for the filesystem on the main NixOS partition on the SD card.
|
||||
'';
|
||||
};
|
||||
|
@ -101,14 +101,14 @@ in
|
|||
type = types.int;
|
||||
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
|
||||
default = 30;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Size of the /boot/firmware partition, in megabytes.
|
||||
'';
|
||||
};
|
||||
|
||||
populateFirmwareCommands = mkOption {
|
||||
example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Shell commands to populate the ./firmware directory.
|
||||
All files in that directory are copied to the
|
||||
/boot/firmware partition on the SD image.
|
||||
|
@ -117,7 +117,7 @@ in
|
|||
|
||||
populateRootCommands = mkOption {
|
||||
example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Shell commands to populate the ./files directory.
|
||||
All files in that directory are copied to the
|
||||
root (/) partition on the SD image. Use this to
|
||||
|
@ -128,7 +128,7 @@ in
|
|||
postBuildCommands = mkOption {
|
||||
example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
|
||||
default = "";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Shell commands to run after the image is built.
|
||||
Can be used for boards requiring to dd u-boot SPL before actual partitions.
|
||||
'';
|
||||
|
@ -137,16 +137,16 @@ in
|
|||
compressImage = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether the SD image should be compressed using
|
||||
<command>zstd</command>.
|
||||
{command}`zstd`.
|
||||
'';
|
||||
};
|
||||
|
||||
expandOnBoot = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to configure the sd image to expand it's partition on boot.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -160,9 +160,9 @@ in
|
|||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to install documentation of packages from
|
||||
<option>environment.systemPackages</option> into the generated system path.
|
||||
{option}`environment.systemPackages` into the generated system path.
|
||||
|
||||
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
|
||||
'';
|
||||
|
@ -172,9 +172,9 @@ in
|
|||
man.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to install manual pages.
|
||||
This also includes <literal>man</literal> outputs.
|
||||
This also includes `man` outputs.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -193,8 +193,8 @@ in
|
|||
info.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to install info pages and the <command>info</command> command.
|
||||
description = lib.mdDoc ''
|
||||
Whether to install info pages and the {command}`info` command.
|
||||
This also includes "info" outputs.
|
||||
'';
|
||||
};
|
||||
|
@ -202,8 +202,8 @@ in
|
|||
doc.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to install documentation distributed in packages' <literal>/share/doc</literal>.
|
||||
description = lib.mdDoc ''
|
||||
Whether to install documentation distributed in packages' `/share/doc`.
|
||||
Usually plain text and/or HTML.
|
||||
This also includes "doc" outputs.
|
||||
'';
|
||||
|
@ -230,8 +230,7 @@ in
|
|||
Whether to install NixOS's own documentation.
|
||||
<itemizedlist>
|
||||
<listitem><para>This includes man pages like
|
||||
<citerefentry><refentrytitle>configuration.nix</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
|
||||
<citerefentry><refentrytitle>configuration.nix</refentrytitle><manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
|
||||
set.</para></listitem>
|
||||
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
|
||||
<option>documentation.doc.enable</option> is set.</para></listitem>
|
||||
|
@ -242,7 +241,7 @@ in
|
|||
nixos.extraModules = mkOption {
|
||||
type = types.listOf types.raw;
|
||||
default = [];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Modules for which to show options even when not imported.
|
||||
'';
|
||||
};
|
||||
|
@ -250,7 +249,7 @@ in
|
|||
nixos.options.splitBuild = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to split the option docs build into a cacheable and an uncacheable part.
|
||||
Splitting the build can substantially decrease the amount of time needed to build
|
||||
the manual, but some user modules may be incompatible with this splitting.
|
||||
|
@ -260,7 +259,7 @@ in
|
|||
nixos.options.warningsAreErrors = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Treat warning emitted during the option documentation build (eg for missing option
|
||||
descriptions) as errors.
|
||||
'';
|
||||
|
@ -269,18 +268,18 @@ in
|
|||
nixos.includeAllModules = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether the generated NixOS's documentation should include documentation for all
|
||||
the options from all the NixOS modules included in the current
|
||||
<literal>configuration.nix</literal>. Disabling this will make the manual
|
||||
generator to ignore options defined outside of <literal>baseModules</literal>.
|
||||
`configuration.nix`. Disabling this will make the manual
|
||||
generator to ignore options defined outside of `baseModules`.
|
||||
'';
|
||||
};
|
||||
|
||||
nixos.extraModuleSources = mkOption {
|
||||
type = types.listOf (types.either types.path types.str);
|
||||
default = [ ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Which extra NixOS module paths the generated NixOS's documentation should strip
|
||||
from options.
|
||||
'';
|
||||
|
|
|
@ -354,6 +354,7 @@ in
|
|||
webdav = 322;
|
||||
pipewire = 323;
|
||||
rstudio-server = 324;
|
||||
localtimed = 325;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
|
@ -662,6 +663,7 @@ in
|
|||
webdav = 322;
|
||||
pipewire = 323;
|
||||
rstudio-server = 324;
|
||||
localtimed = 325;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -39,16 +39,15 @@ in
|
|||
type = str;
|
||||
default = "02:15";
|
||||
example = "hourly";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Update the locate database at this interval. Updates by
|
||||
default at 2:15 AM every day.
|
||||
|
||||
The format is described in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
{manpage}`systemd.time(7)`.
|
||||
|
||||
To disable automatic updates, set to <literal>"never"</literal>
|
||||
and run <command>updatedb</command> manually.
|
||||
To disable automatic updates, set to `"never"`
|
||||
and run {command}`updatedb` manually.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -117,13 +117,13 @@ in
|
|||
'';
|
||||
type = pkgsType;
|
||||
example = literalExpression "import <nixpkgs> {}";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
If set, the pkgs argument to all NixOS modules is the value of
|
||||
this option, extended with <literal>nixpkgs.overlays</literal>, if
|
||||
that is also set. Either <literal>nixpkgs.crossSystem</literal> or
|
||||
<literal>nixpkgs.localSystem</literal> will be used in an assertion
|
||||
this option, extended with `nixpkgs.overlays`, if
|
||||
that is also set. Either `nixpkgs.crossSystem` or
|
||||
`nixpkgs.localSystem` will be used in an assertion
|
||||
to check that the NixOS and Nixpkgs architectures match. Any
|
||||
other options in <literal>nixpkgs.*</literal>, notably <literal>config</literal>,
|
||||
other options in `nixpkgs.*`, notably `config`,
|
||||
will be ignored.
|
||||
|
||||
If unset, the pkgs argument to all NixOS modules is determined
|
||||
|
@ -132,18 +132,18 @@ in
|
|||
The default value imports the Nixpkgs source files
|
||||
relative to the location of this NixOS module, because
|
||||
NixOS and Nixpkgs are distributed together for consistency,
|
||||
so the <literal>nixos</literal> in the default value is in fact a
|
||||
relative path. The <literal>config</literal>, <literal>overlays</literal>,
|
||||
<literal>localSystem</literal>, and <literal>crossSystem</literal> come
|
||||
so the `nixos` in the default value is in fact a
|
||||
relative path. The `config`, `overlays`,
|
||||
`localSystem`, and `crossSystem` come
|
||||
from this option's siblings.
|
||||
|
||||
This option can be used by applications like NixOps to increase
|
||||
the performance of evaluation, or to create packages that depend
|
||||
on a container that should be built with the exact same evaluation
|
||||
of Nixpkgs, for example. Applications like this should set
|
||||
their default value using <literal>lib.mkDefault</literal>, so
|
||||
their default value using `lib.mkDefault`, so
|
||||
user-provided configuration can override it without using
|
||||
<literal>lib</literal>.
|
||||
`lib`.
|
||||
|
||||
Note that using a distinct version of Nixpkgs with NixOS may
|
||||
be an unexpected source of problems. Use this option with care.
|
||||
|
@ -157,12 +157,12 @@ in
|
|||
{ allowBroken = true; allowUnfree = true; }
|
||||
'';
|
||||
type = configType;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The configuration of the Nix Packages collection. (For
|
||||
details, see the Nixpkgs documentation.) It allows you to set
|
||||
package configuration options.
|
||||
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
||||
Ignored when `nixpkgs.pkgs` is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -180,17 +180,17 @@ in
|
|||
]
|
||||
'';
|
||||
type = types.listOf overlayType;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of overlays to use with the Nix Packages collection.
|
||||
(For details, see the Nixpkgs documentation.) It allows
|
||||
you to override packages globally. Each function in the list
|
||||
takes as an argument the <emphasis>original</emphasis> Nixpkgs.
|
||||
takes as an argument the *original* Nixpkgs.
|
||||
The first argument should be used for finding dependencies, and
|
||||
the second should be used for overriding recipes.
|
||||
|
||||
If <literal>nixpkgs.pkgs</literal> is set, overlays specified here
|
||||
If `nixpkgs.pkgs` is set, overlays specified here
|
||||
will be applied after the overlays that were already present
|
||||
in <literal>nixpkgs.pkgs</literal>.
|
||||
in `nixpkgs.pkgs`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -202,12 +202,12 @@ in
|
|||
apply = lib.systems.elaborate;
|
||||
defaultText = literalExpression
|
||||
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specifies the platform where the NixOS configuration will run.
|
||||
|
||||
To cross-compile, set also <literal>nixpkgs.buildPlatform</literal>.
|
||||
To cross-compile, set also `nixpkgs.buildPlatform`.
|
||||
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
||||
Ignored when `nixpkgs.pkgs` is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -220,7 +220,7 @@ in
|
|||
apply = lib.systems.elaborate;
|
||||
defaultText = literalExpression
|
||||
''config.nixpkgs.hostPlatform'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specifies the platform on which NixOS should be built.
|
||||
By default, NixOS is built on the system where it runs, but you can
|
||||
change where it's built. Setting this option will cause NixOS to be
|
||||
|
@ -230,7 +230,7 @@ in
|
|||
or if you're building machines, you can set this to match your
|
||||
development system and/or build farm.
|
||||
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
||||
Ignored when `nixpkgs.pkgs` is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -243,25 +243,25 @@ in
|
|||
apply = lib.systems.elaborate;
|
||||
defaultText = literalExpression
|
||||
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
|
||||
description = ''
|
||||
Systems with a recently generated <literal>hardware-configuration.nix</literal>
|
||||
description = lib.mdDoc ''
|
||||
Systems with a recently generated `hardware-configuration.nix`
|
||||
do not need to specify this option, unless cross-compiling, in which case
|
||||
you should set <emphasis>only</emphasis> <option>nixpkgs.buildPlatform</option>.
|
||||
you should set *only* {option}`nixpkgs.buildPlatform`.
|
||||
|
||||
If this is somehow not feasible, you may fall back to removing the
|
||||
<option>nixpkgs.hostPlatform</option> line from the generated config and
|
||||
{option}`nixpkgs.hostPlatform` line from the generated config and
|
||||
use the old options.
|
||||
|
||||
Specifies the platform on which NixOS should be built. When
|
||||
<literal>nixpkgs.crossSystem</literal> is unset, it also specifies
|
||||
the platform <emphasis>for</emphasis> which NixOS should be
|
||||
`nixpkgs.crossSystem` is unset, it also specifies
|
||||
the platform *for* which NixOS should be
|
||||
built. If this option is unset, it defaults to the platform
|
||||
type of the machine where evaluation happens. Specifying this
|
||||
option is useful when doing distributed multi-platform
|
||||
deployment, or when building virtual machines. See its
|
||||
description in the Nixpkgs manual for more details.
|
||||
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
|
||||
Ignored when `nixpkgs.pkgs` or `hostPlatform` is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -272,20 +272,20 @@ in
|
|||
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
|
||||
default = null;
|
||||
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
|
||||
description = ''
|
||||
Systems with a recently generated <literal>hardware-configuration.nix</literal>
|
||||
may instead specify <emphasis>only</emphasis> <option>nixpkgs.buildPlatform</option>,
|
||||
or fall back to removing the <option>nixpkgs.hostPlatform</option> line from the generated config.
|
||||
description = lib.mdDoc ''
|
||||
Systems with a recently generated `hardware-configuration.nix`
|
||||
may instead specify *only* {option}`nixpkgs.buildPlatform`,
|
||||
or fall back to removing the {option}`nixpkgs.hostPlatform` line from the generated config.
|
||||
|
||||
Specifies the platform for which NixOS should be
|
||||
built. Specify this only if it is different from
|
||||
<literal>nixpkgs.localSystem</literal>, the platform
|
||||
<emphasis>on</emphasis> which NixOS should be built. In other
|
||||
`nixpkgs.localSystem`, the platform
|
||||
*on* which NixOS should be built. In other
|
||||
words, specify this to cross-compile NixOS. Otherwise it
|
||||
should be set as null, the default. See its description in the
|
||||
Nixpkgs manual for more details.
|
||||
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
|
||||
Ignored when `nixpkgs.pkgs` or `hostPlatform` is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ in
|
|||
}
|
||||
'';
|
||||
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
A set with the key names being the environment variable you'd like to
|
||||
set and the values being a list of paths to text documents containing
|
||||
lists of words. The various files will be merged, sorted, duplicates
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
./config/ldap.nix
|
||||
./config/locale.nix
|
||||
./config/malloc.nix
|
||||
./config/mysql.nix
|
||||
./config/networking.nix
|
||||
./config/no-x-libs.nix
|
||||
./config/nsswitch.nix
|
||||
|
@ -329,6 +330,7 @@
|
|||
./services/cluster/kubernetes/proxy.nix
|
||||
./services/cluster/kubernetes/scheduler.nix
|
||||
./services/cluster/pacemaker/default.nix
|
||||
./services/cluster/patroni/default.nix
|
||||
./services/cluster/spark/default.nix
|
||||
./services/computing/boinc/client.nix
|
||||
./services/computing/foldingathome/client.nix
|
||||
|
@ -618,6 +620,7 @@
|
|||
./services/misc/plikd.nix
|
||||
./services/misc/podgrab.nix
|
||||
./services/misc/polaris.nix
|
||||
./services/misc/portunus.nix
|
||||
./services/misc/prowlarr.nix
|
||||
./services/misc/tautulli.nix
|
||||
./services/misc/pinnwand.nix
|
||||
|
@ -637,6 +640,7 @@
|
|||
./services/misc/sonarr.nix
|
||||
./services/misc/sourcehut
|
||||
./services/misc/spice-vdagentd.nix
|
||||
./services/misc/spice-webdavd.nix
|
||||
./services/misc/ssm-agent.nix
|
||||
./services/misc/sssd.nix
|
||||
./services/misc/subsonic.nix
|
||||
|
@ -1023,7 +1027,7 @@
|
|||
./services/system/cloud-init.nix
|
||||
./services/system/dbus.nix
|
||||
./services/system/earlyoom.nix
|
||||
./services/system/localtime.nix
|
||||
./services/system/localtimed.nix
|
||||
./services/system/kerberos/default.nix
|
||||
./services/system/nscd.nix
|
||||
./services/system/saslauthd.nix
|
||||
|
@ -1074,6 +1078,7 @@
|
|||
./services/web-apps/jirafeau.nix
|
||||
./services/web-apps/jitsi-meet.nix
|
||||
./services/web-apps/keycloak.nix
|
||||
./services/web-apps/komga.nix
|
||||
./services/web-apps/lemmy.nix
|
||||
./services/web-apps/invidious.nix
|
||||
./services/web-apps/invoiceplane.nix
|
||||
|
@ -1134,6 +1139,7 @@
|
|||
./services/web-servers/pomerium.nix
|
||||
./services/web-servers/unit/default.nix
|
||||
./services/web-servers/tomcat.nix
|
||||
./services/web-servers/keter
|
||||
./services/web-servers/traefik.nix
|
||||
./services/web-servers/trafficserver/default.nix
|
||||
./services/web-servers/ttyd.nix
|
||||
|
|
|
@ -61,7 +61,7 @@ in
|
|||
|
||||
installer.cloneConfig = mkOption {
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Try to clone the installation-device configuration by re-using it's
|
||||
profile from the list of imported modules.
|
||||
'';
|
||||
|
@ -70,14 +70,14 @@ in
|
|||
installer.cloneConfigIncludes = mkOption {
|
||||
default = [];
|
||||
example = [ "./nixos/modules/hardware/network/rt73.nix" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of modules used to re-build this installation device profile.
|
||||
'';
|
||||
};
|
||||
|
||||
installer.cloneConfigExtra = mkOption {
|
||||
default = "";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Extra text to include in the cloned configuration.nix included in this
|
||||
installer.
|
||||
'';
|
||||
|
|
|
@ -85,9 +85,9 @@ in
|
|||
bindInterface = mkOption {
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Binds <package>captive-browser</package> to the network interface declared in
|
||||
<literal>cfg.interface</literal>. This can be used to avoid collisions
|
||||
description = lib.mdDoc ''
|
||||
Binds `captive-browser` to the network interface declared in
|
||||
`cfg.interface`. This can be used to avoid collisions
|
||||
with private subnets.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -76,10 +76,10 @@ in
|
|||
|
||||
extraOpts = mkOption {
|
||||
type = types.attrs;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Extra chromium policy options. A list of available policies
|
||||
can be found in the Chrome Enterprise documentation:
|
||||
<link xlink:href="https://cloud.google.com/docs/chrome-enterprise/policies/">https://cloud.google.com/docs/chrome-enterprise/policies/</link>
|
||||
<https://cloud.google.com/docs/chrome-enterprise/policies/>
|
||||
Make sure the selected policy is supported on Linux and your browser version.
|
||||
'';
|
||||
default = {};
|
||||
|
|
|
@ -8,15 +8,15 @@ with lib;
|
|||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable k3b, the KDE disk burning application.
|
||||
|
||||
Additionally to installing <package>k3b</package> enabling this will
|
||||
add <literal>setuid</literal> wrappers in <literal>/run/wrappers/bin</literal>
|
||||
for both <package>cdrdao</package> and <package>cdrecord</package>. On first
|
||||
run you must manually configure the path of <package>cdrdae</package> and
|
||||
<package>cdrecord</package> to correspond to the appropriate paths under
|
||||
<literal>/run/wrappers/bin</literal> in the "Setup External Programs" menu.
|
||||
Additionally to installing `k3b` enabling this will
|
||||
add `setuid` wrappers in `/run/wrappers/bin`
|
||||
for both `cdrdao` and `cdrecord`. On first
|
||||
run you must manually configure the path of `cdrdae` and
|
||||
`cdrecord` to correspond to the appropriate paths under
|
||||
`/run/wrappers/bin` in the "Setup External Programs" menu.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -17,7 +17,7 @@ in
|
|||
type = lib.types.bool;
|
||||
};
|
||||
withUtempter = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable libutempter for mosh.
|
||||
This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).
|
||||
Note, this will add a guid wrapper for the group utmp!
|
||||
|
|
|
@ -45,7 +45,7 @@ in {
|
|||
passwordeval = "cat /secrets/password.txt";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Named accounts and their respective configurations.
|
||||
The special name "default" allows a default account to be defined.
|
||||
See msmtp(1) for the available options.
|
||||
|
|
|
@ -93,10 +93,10 @@ in
|
|||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra configuration text prepended to <filename>ssh_config</filename>. Other generated
|
||||
options will be added after a <literal>Host *</literal> pattern.
|
||||
See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
description = lib.mdDoc ''
|
||||
Extra configuration text prepended to {file}`ssh_config`. Other generated
|
||||
options will be added after a `Host *` pattern.
|
||||
See {manpage}`ssh_config(5)`
|
||||
for help.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -22,7 +22,7 @@ in
|
|||
default = "fuck";
|
||||
type = types.str;
|
||||
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
`thefuck` needs an alias to be configured.
|
||||
The default value is `fuck`, but you can use anything else as well.
|
||||
'';
|
||||
|
|
|
@ -95,13 +95,13 @@ let
|
|||
exclude.dir /nix/store
|
||||
include.encrypt /home/.../*
|
||||
'';
|
||||
description = ''
|
||||
<literal>include.*</literal> and
|
||||
<literal>exclude.*</literal> directives to be
|
||||
description = lib.mdDoc ''
|
||||
`include.*` and
|
||||
`exclude.*` directives to be
|
||||
used when sending files to the IBM TSM server.
|
||||
The lines will be written into a file that the
|
||||
<literal>inclexcl</literal>
|
||||
directive in <filename>dsm.sys</filename> points to.
|
||||
`inclexcl`
|
||||
directive in {file}`dsm.sys` points to.
|
||||
'';
|
||||
};
|
||||
options.extraConfig = mkOption {
|
||||
|
|
|
@ -62,7 +62,7 @@ in
|
|||
to use `yabar-unstable'.
|
||||
'';
|
||||
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The package which contains the `yabar` binary.
|
||||
|
||||
Nixpkgs provides the `yabar` and `yabar-unstable`
|
||||
|
|
|
@ -49,7 +49,7 @@ in
|
|||
package = mkOption {
|
||||
default = pkgs.oh-my-zsh;
|
||||
defaultText = literalExpression "pkgs.oh-my-zsh";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Package to install for `oh-my-zsh` usage.
|
||||
'';
|
||||
|
||||
|
@ -67,7 +67,7 @@ in
|
|||
custom = mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Path to a custom oh-my-zsh package to override config of oh-my-zsh.
|
||||
(Can't be used along with `customPkgs`).
|
||||
'';
|
||||
|
@ -76,7 +76,7 @@ in
|
|||
customPkgs = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.package;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of custom packages that should be loaded into `oh-my-zsh`.
|
||||
'';
|
||||
};
|
||||
|
@ -92,7 +92,7 @@ in
|
|||
cacheDir = mkOption {
|
||||
default = "$HOME/.cache/oh-my-zsh";
|
||||
type = types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Cache directory to be used by `oh-my-zsh`.
|
||||
Without this option it would default to the read-only nix store.
|
||||
'';
|
||||
|
|
|
@ -11,7 +11,7 @@ in {
|
|||
package = mkOption {
|
||||
default = pkgs.zsh-autoenv;
|
||||
defaultText = literalExpression "pkgs.zsh-autoenv";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Package to install for `zsh-autoenv` usage.
|
||||
'';
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ in
|
|||
strategy = mkOption {
|
||||
type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]);
|
||||
default = [ "history" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
`ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated.
|
||||
The strategies in the array are tried successively until a suggestion is found.
|
||||
There are currently three built-in strategies to choose from:
|
||||
|
|
|
@ -451,10 +451,9 @@ let
|
|||
renewInterval = mkOption {
|
||||
type = types.str;
|
||||
inherit (defaultAndText "renewInterval" "daily") default defaultText;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Systemd calendar expression when to check for renewal. See
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
{manpage}`systemd.time(7)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -677,7 +676,7 @@ let
|
|||
inheritDefaults = mkOption {
|
||||
default = true;
|
||||
example = true;
|
||||
description = "Whether to inherit values set in `security.acme.defaults` or not.";
|
||||
description = lib.mdDoc "Whether to inherit values set in `security.acme.defaults` or not.";
|
||||
type = lib.types.bool;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -81,8 +81,8 @@ services.nginx = {
|
|||
};
|
||||
|
||||
# We can also add a different vhost and reuse the same certificate
|
||||
# but we have to append extraDomainNames manually.
|
||||
<link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ];
|
||||
# but we have to append extraDomainNames manually beforehand:
|
||||
# <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ];
|
||||
"baz.example.com" = {
|
||||
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
|
||||
<link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com";
|
||||
|
|
|
@ -42,7 +42,7 @@ in
|
|||
if you want this service to do such killing
|
||||
by sending a <literal>SIGTERM</literal> to those running processes'';
|
||||
policies = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
AppArmor policies.
|
||||
'';
|
||||
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
||||
|
@ -50,7 +50,7 @@ in
|
|||
enable = mkDisableOption "loading of the profile into the kernel";
|
||||
enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
|
||||
profile = mkOption {
|
||||
description = "The policy of the profile.";
|
||||
description = lib.mdDoc "The policy of the profile.";
|
||||
type = types.lines;
|
||||
apply = pkgs.writeText name;
|
||||
};
|
||||
|
@ -61,16 +61,16 @@ in
|
|||
includes = mkOption {
|
||||
type = types.attrsOf types.lines;
|
||||
default = {};
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of paths to be added to AppArmor's searched paths
|
||||
when resolving <literal>include</literal> directives.
|
||||
when resolving `include` directives.
|
||||
'';
|
||||
apply = mapAttrs pkgs.writeText;
|
||||
};
|
||||
packages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
description = "List of packages to be added to AppArmor's include path";
|
||||
description = lib.mdDoc "List of packages to be added to AppArmor's include path";
|
||||
};
|
||||
enableCache = mkEnableOption ''
|
||||
caching of AppArmor policies
|
||||
|
|
|
@ -94,7 +94,7 @@ in {
|
|||
|
||||
<note><para>If this is <literal>false</literal> the resulting store
|
||||
path will be non-deterministic and will be rebuilt every time the
|
||||
<package>openssl</package> package changes.</para></note>
|
||||
<literal>openssl</literal> package changes.</para></note>
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -142,6 +142,16 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
mysqlAuth = mkOption {
|
||||
default = config.users.mysql.enable;
|
||||
defaultText = literalExpression "config.users.mysql.enable";
|
||||
type = types.bool;
|
||||
description = ''
|
||||
If set, the <literal>pam_mysql</literal> module will be used to
|
||||
authenticate users against a MySQL/MariaDB database.
|
||||
'';
|
||||
};
|
||||
|
||||
fprintAuth = mkOption {
|
||||
default = config.services.fprintd.enable;
|
||||
defaultText = literalExpression "config.services.fprintd.enable";
|
||||
|
@ -310,12 +320,10 @@ let
|
|||
limits = mkOption {
|
||||
default = [];
|
||||
type = limitsType;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Attribute set describing resource limits. Defaults to the
|
||||
value of <option>security.pam.loginLimits</option>.
|
||||
The meaning of the values is explained in <citerefentry>
|
||||
<refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>.
|
||||
value of {option}`security.pam.loginLimits`.
|
||||
The meaning of the values is explained in {manpage}`limits.conf(5)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -442,11 +450,13 @@ let
|
|||
(
|
||||
''
|
||||
# Account management.
|
||||
account required pam_unix.so
|
||||
'' +
|
||||
optionalString use_ldap ''
|
||||
account sufficient ${pam_ldap}/lib/security/pam_ldap.so
|
||||
'' +
|
||||
optionalString cfg.mysqlAuth ''
|
||||
account sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||
'' +
|
||||
optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) ''
|
||||
account sufficient ${pkgs.sssd}/lib/security/pam_sss.so
|
||||
'' +
|
||||
|
@ -460,7 +470,11 @@ let
|
|||
account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
|
||||
account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so
|
||||
'' +
|
||||
# The required pam_unix.so module has to come after all the sufficient modules
|
||||
# because otherwise, the account lookup will fail if the user does not exist
|
||||
# locally, for example with MySQL- or LDAP-auth.
|
||||
''
|
||||
account required pam_unix.so
|
||||
|
||||
# Authentication management.
|
||||
'' +
|
||||
|
@ -476,6 +490,9 @@ let
|
|||
optionalString cfg.logFailures ''
|
||||
auth required pam_faillock.so
|
||||
'' +
|
||||
optionalString cfg.mysqlAuth ''
|
||||
auth sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||
'' +
|
||||
optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) ''
|
||||
auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}
|
||||
'' +
|
||||
|
@ -573,6 +590,9 @@ let
|
|||
optionalString use_ldap ''
|
||||
password sufficient ${pam_ldap}/lib/security/pam_ldap.so
|
||||
'' +
|
||||
optionalString cfg.mysqlAuth ''
|
||||
password sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||
'' +
|
||||
optionalString config.services.sssd.enable ''
|
||||
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok
|
||||
'' +
|
||||
|
@ -616,6 +636,9 @@ let
|
|||
optionalString use_ldap ''
|
||||
session optional ${pam_ldap}/lib/security/pam_ldap.so
|
||||
'' +
|
||||
optionalString cfg.mysqlAuth ''
|
||||
session optional ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
|
||||
'' +
|
||||
optionalString config.services.sssd.enable ''
|
||||
session optional ${pkgs.sssd}/lib/security/pam_sss.so
|
||||
'' +
|
||||
|
@ -750,14 +773,13 @@ in
|
|||
}
|
||||
];
|
||||
|
||||
description =
|
||||
'' Define resource limits that should apply to users or groups.
|
||||
description = ''
|
||||
Define resource limits that should apply to users or groups.
|
||||
Each item in the list should be an attribute set with a
|
||||
<varname>domain</varname>, <varname>type</varname>,
|
||||
<varname>item</varname>, and <varname>value</varname>
|
||||
attribute. The syntax and semantics of these attributes
|
||||
must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>.
|
||||
must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
|
||||
Note that these limits do not apply to systemd services,
|
||||
whose limits can be changed via <option>systemd.extraConfig</option>
|
||||
|
@ -838,17 +860,14 @@ in
|
|||
control = mkOption {
|
||||
default = "sufficient";
|
||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option sets pam "control".
|
||||
If you want to have multi factor authentication, use "required".
|
||||
If you want to use the PKCS#11 device instead of the regular password,
|
||||
use "sufficient".
|
||||
|
||||
Read
|
||||
<citerefentry>
|
||||
<refentrytitle>pam.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
{manpage}`pam.conf(5)`
|
||||
for better understanding of this option.
|
||||
'';
|
||||
};
|
||||
|
@ -929,16 +948,13 @@ in
|
|||
control = mkOption {
|
||||
default = "sufficient";
|
||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option sets pam "control".
|
||||
If you want to have multi factor authentication, use "required".
|
||||
If you want to use U2F device instead of regular password, use "sufficient".
|
||||
|
||||
Read
|
||||
<citerefentry>
|
||||
<refentrytitle>pam.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
{manpage}`pam.conf(5)`
|
||||
for better understanding of this option.
|
||||
'';
|
||||
};
|
||||
|
@ -1047,17 +1063,14 @@ in
|
|||
control = mkOption {
|
||||
default = "sufficient";
|
||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option sets pam "control".
|
||||
If you want to have multi factor authentication, use "required".
|
||||
If you want to use the SSH certificate instead of the regular password,
|
||||
use "sufficient".
|
||||
|
||||
Read
|
||||
<citerefentry>
|
||||
<refentrytitle>pam.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
{manpage}`pam.conf(5)`
|
||||
for better understanding of this option.
|
||||
'';
|
||||
};
|
||||
|
@ -1082,16 +1095,13 @@ in
|
|||
control = mkOption {
|
||||
default = "sufficient";
|
||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option sets pam "control".
|
||||
If you want to have multi factor authentication, use "required".
|
||||
If you want to use Yubikey instead of regular password, use "sufficient".
|
||||
|
||||
Read
|
||||
<citerefentry>
|
||||
<refentrytitle>pam.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
{manpage}`pam.conf(5)`
|
||||
for better understanding of this option.
|
||||
'';
|
||||
};
|
||||
|
@ -1250,6 +1260,9 @@ in
|
|||
optionalString (isEnabled (cfg: cfg.oathAuth)) ''
|
||||
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so,
|
||||
'' +
|
||||
optionalString (isEnabled (cfg: cfg.mysqlAuth)) ''
|
||||
mr ${pkgs.pam_mysql}/lib/security/pam_mysql.so,
|
||||
'' +
|
||||
optionalString (isEnabled (cfg: cfg.yubicoAuth)) ''
|
||||
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,
|
||||
'' +
|
||||
|
|
|
@ -46,7 +46,7 @@ in
|
|||
type = types.package;
|
||||
default = pkgs.sudo;
|
||||
defaultText = literalExpression "pkgs.sudo";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Which package to use for `sudo`.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -10,12 +10,10 @@ in {
|
|||
options.confinement.enable = lib.mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
If set, all the required runtime store paths for this service are
|
||||
bind-mounted into a <literal>tmpfs</literal>-based <citerefentry>
|
||||
<refentrytitle>chroot</refentrytitle>
|
||||
<manvolnum>2</manvolnum>
|
||||
</citerefentry>.
|
||||
bind-mounted into a `tmpfs`-based
|
||||
{manpage}`chroot(2)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -63,16 +61,13 @@ in {
|
|||
default = toplevelConfig.environment.binsh;
|
||||
defaultText = lib.literalExpression "config.environment.binsh";
|
||||
example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"'';
|
||||
description = ''
|
||||
The program to make available as <filename>/bin/sh</filename> inside
|
||||
the chroot. If this is set to <literal>null</literal>, no
|
||||
<filename>/bin/sh</filename> is provided at all.
|
||||
description = lib.mdDoc ''
|
||||
The program to make available as {file}`/bin/sh` inside
|
||||
the chroot. If this is set to `null`, no
|
||||
{file}`/bin/sh` is provided at all.
|
||||
|
||||
This is useful for some applications, which for example use the
|
||||
<citerefentry>
|
||||
<refentrytitle>system</refentrytitle>
|
||||
<manvolnum>3</manvolnum>
|
||||
</citerefentry> library function to execute commands.
|
||||
{manpage}`system(3)` library function to execute commands.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -88,10 +83,8 @@ in {
|
|||
name space.
|
||||
|
||||
If this is set to <literal>chroot-only</literal>, only the file
|
||||
system name space is set up along with the call to <citerefentry>
|
||||
<refentrytitle>chroot</refentrytitle>
|
||||
<manvolnum>2</manvolnum>
|
||||
</citerefentry>.
|
||||
system name space is set up along with the call to
|
||||
<citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
|
||||
|
||||
<note><para>This doesn't cover network namespaces and is solely for
|
||||
file system level isolation.</para></note>
|
||||
|
|
|
@ -54,10 +54,7 @@ let
|
|||
description = ''
|
||||
A comma-separated list of capabilities to be given to the wrapper
|
||||
program. For capabilities supported by the system check the
|
||||
<citerefentry>
|
||||
<refentrytitle>capabilities</refentrytitle>
|
||||
<manvolnum>7</manvolnum>
|
||||
</citerefentry>
|
||||
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
manual page.
|
||||
|
||||
<note><para>
|
||||
|
@ -188,6 +185,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
security.wrapperDirSize = lib.mkOption {
|
||||
default = "50%";
|
||||
example = "10G";
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option,
|
||||
for the accepted syntax. WARNING: don't set to less than 64MB.
|
||||
'';
|
||||
};
|
||||
|
||||
security.wrapperDir = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/run/wrappers/bin";
|
||||
|
@ -230,7 +237,7 @@ in
|
|||
|
||||
boot.specialFileSystems.${parentWrapperDir} = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "nodev" "mode=755" ];
|
||||
options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
|
||||
};
|
||||
|
||||
# Make sure our wrapperDir exports to the PATH env variable when
|
||||
|
|
|
@ -23,12 +23,10 @@ let
|
|||
on_exit()
|
||||
{
|
||||
exitStatus=$?
|
||||
# Reset the EXIT handler, or else we're called again on 'exit' below
|
||||
trap - EXIT
|
||||
${cfg.postHook}
|
||||
exit $exitStatus
|
||||
}
|
||||
trap 'on_exit' INT TERM QUIT EXIT
|
||||
trap on_exit EXIT
|
||||
|
||||
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
|
||||
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
|
||||
|
@ -320,13 +318,12 @@ in {
|
|||
startAt = mkOption {
|
||||
type = with types; either str (listOf str);
|
||||
default = "daily";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
When or how often the backup should run.
|
||||
Must be in the format described in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
{manpage}`systemd.time(7)`.
|
||||
If you do not want the backup to start
|
||||
automatically, use <literal>[ ]</literal>.
|
||||
automatically, use `[ ]`.
|
||||
It will generate a systemd service borgbackup-job-NAME.
|
||||
You may trigger it manually via systemctl restart borgbackup-job-NAME.
|
||||
'';
|
||||
|
@ -336,10 +333,9 @@ in {
|
|||
default = false;
|
||||
type = types.bool;
|
||||
example = true;
|
||||
description = ''
|
||||
Set the <literal>persistentTimer</literal> option for the
|
||||
<citerefentry><refentrytitle>systemd.timer</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>
|
||||
description = lib.mdDoc ''
|
||||
Set the `persistentTimer` option for the
|
||||
{manpage}`systemd.timer(5)`
|
||||
which triggers the backup immediately if the last trigger
|
||||
was missed (e.g. if the system was powered down).
|
||||
'';
|
||||
|
|
|
@ -27,30 +27,27 @@ in
|
|||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
example = [ "/home" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of paths to include into the backups. See the FILE SELECTION
|
||||
section in <citerefentry><refentrytitle>duplicity</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> for details on the syntax.
|
||||
section in {manpage}`duplicity(1)` for details on the syntax.
|
||||
'';
|
||||
};
|
||||
|
||||
exclude = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of paths to exclude from backups. See the FILE SELECTION section in
|
||||
<citerefentry><refentrytitle>duplicity</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> for details on the syntax.
|
||||
{manpage}`duplicity(1)` for details on the syntax.
|
||||
'';
|
||||
};
|
||||
|
||||
targetUrl = mkOption {
|
||||
type = types.str;
|
||||
example = "s3://host:port/prefix";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Target url to backup to. See the URL FORMAT section in
|
||||
<citerefentry><refentrytitle>duplicity</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry> for supported urls.
|
||||
{manpage}`duplicity(1)` for supported urls.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -60,8 +57,7 @@ in
|
|||
description = ''
|
||||
Path of a file containing secrets (gpg passphrase, access key...) in
|
||||
the format of EnvironmentFile as described by
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>. For example:
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For example:
|
||||
<programlisting>
|
||||
PASSPHRASE=«...»
|
||||
AWS_ACCESS_KEY_ID=«...»
|
||||
|
@ -73,10 +69,9 @@ in
|
|||
frequency = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "daily";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Run duplicity with the given frequency (see
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry> for the format).
|
||||
{manpage}`systemd.time(7)` for the format).
|
||||
If null, do not run automatically.
|
||||
'';
|
||||
};
|
||||
|
@ -85,10 +80,9 @@ in
|
|||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
example = [ "--backend-retry-delay" "100" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Extra command-line flags passed to duplicity. See
|
||||
<citerefentry><refentrytitle>duplicity</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>.
|
||||
{manpage}`duplicity(1)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -118,12 +118,11 @@ in
|
|||
type = types.str;
|
||||
default = "hourly";
|
||||
example = "daily";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Run sanoid at this interval. The default is to run hourly.
|
||||
|
||||
The format is described in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
{manpage}`systemd.time(7)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -16,11 +16,11 @@ let
|
|||
lib.concatMapStrings (s: if lib.isList s then "-" else s)
|
||||
(builtins.split "[^a-zA-Z0-9_.\\-]+" name);
|
||||
|
||||
# Function to build "zfs allow" commands for the filesystems we've
|
||||
# delegated permissions to. It also checks if the target dataset
|
||||
# exists before delegating permissions, if it doesn't exist we
|
||||
# delegate it to the parent dataset. This should solve the case of
|
||||
# provisoning new datasets.
|
||||
# Function to build "zfs allow" commands for the filesystems we've delegated
|
||||
# permissions to. It also checks if the target dataset exists before
|
||||
# delegating permissions, if it doesn't exist we delegate it to the parent
|
||||
# dataset (if it exists). This should solve the case of provisoning new
|
||||
# datasets.
|
||||
buildAllowCommand = permissions: dataset: (
|
||||
"-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
|
||||
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS
|
||||
|
@ -38,6 +38,7 @@ let
|
|||
(concatStringsSep "," permissions)
|
||||
dataset
|
||||
]}
|
||||
${lib.optionalString ((builtins.dirOf dataset) != ".") ''
|
||||
else
|
||||
${lib.escapeShellArgs [
|
||||
"/run/booted-system/sw/bin/zfs"
|
||||
|
@ -47,6 +48,7 @@ let
|
|||
# Remove the last part of the path
|
||||
(builtins.dirOf dataset)
|
||||
]}
|
||||
''}
|
||||
fi
|
||||
''}"
|
||||
);
|
||||
|
@ -67,14 +69,14 @@ let
|
|||
(concatStringsSep "," permissions)
|
||||
dataset
|
||||
]}
|
||||
${lib.escapeShellArgs [
|
||||
${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [
|
||||
"/run/booted-system/sw/bin/zfs"
|
||||
"unallow"
|
||||
cfg.user
|
||||
(concatStringsSep "," permissions)
|
||||
# Remove the last part of the path
|
||||
(builtins.dirOf dataset)
|
||||
]}
|
||||
])}
|
||||
''}"
|
||||
);
|
||||
in
|
||||
|
@ -89,12 +91,11 @@ in
|
|||
type = types.str;
|
||||
default = "hourly";
|
||||
example = "*-*-* *:15:00";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Run syncoid at this interval. The default is to run hourly.
|
||||
|
||||
The format is described in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
{manpage}`systemd.time(7)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -140,12 +140,11 @@ in
|
|||
type = types.str;
|
||||
default = "01:15";
|
||||
example = "hourly";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Create archive at this interval.
|
||||
|
||||
The format is described in
|
||||
<citerefentry><refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
{manpage}`systemd.time(7)`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -16,9 +16,9 @@ with lib;
|
|||
"fs.defaultFS" = "hdfs://localhost";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Hadoop core-site.xml definition
|
||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml"/>
|
||||
<https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml>
|
||||
'';
|
||||
};
|
||||
coreSiteInternal = mkOption {
|
||||
|
@ -38,7 +38,7 @@ with lib;
|
|||
"dfs.namenode.http-bind-host" = "0.0.0.0";
|
||||
};
|
||||
type = types.attrsOf types.anything;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Default options for hdfs-site.xml
|
||||
'';
|
||||
};
|
||||
|
@ -50,9 +50,9 @@ with lib;
|
|||
"dfs.nameservices" = "namenode1";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Additional options and overrides for hdfs-site.xml
|
||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml"/>
|
||||
<https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml>
|
||||
'';
|
||||
};
|
||||
hdfsSiteInternal = mkOption {
|
||||
|
@ -80,7 +80,7 @@ with lib;
|
|||
}
|
||||
'';
|
||||
type = types.attrsOf types.anything;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Default options for mapred-site.xml
|
||||
'';
|
||||
};
|
||||
|
@ -92,9 +92,9 @@ with lib;
|
|||
"mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Additional options and overrides for mapred-site.xml
|
||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml"/>
|
||||
<https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -113,7 +113,7 @@ with lib;
|
|||
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler";
|
||||
};
|
||||
type = types.attrsOf types.anything;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Default options for yarn-site.xml
|
||||
'';
|
||||
};
|
||||
|
@ -125,9 +125,9 @@ with lib;
|
|||
"yarn.resourcemanager.hostname" = "''${config.networking.hostName}";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Additional options and overrides for yarn-site.xml
|
||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml"/>
|
||||
<https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml>
|
||||
'';
|
||||
};
|
||||
yarnSiteInternal = mkOption {
|
||||
|
@ -147,9 +147,9 @@ with lib;
|
|||
"hadoop.http.max.threads" = 500;
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Hadoop httpfs-site.xml definition
|
||||
<link xlink:href="https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html"/>
|
||||
<https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -162,7 +162,7 @@ with lib;
|
|||
example = literalExpression ''
|
||||
"''${pkgs.hadoop}/lib/''${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";
|
||||
'';
|
||||
description = "log4j.properties file added to HADOOP_CONF_DIR";
|
||||
description = lib.mdDoc "log4j.properties file added to HADOOP_CONF_DIR";
|
||||
};
|
||||
|
||||
containerExecutorCfg = mkOption {
|
||||
|
@ -179,9 +179,9 @@ with lib;
|
|||
"feature.terminal.enabled" = 0;
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Yarn container-executor.cfg definition
|
||||
<link xlink:href="https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html"/>
|
||||
<https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -194,7 +194,7 @@ with lib;
|
|||
./extraYARNConfs
|
||||
]
|
||||
'';
|
||||
description = "Directories containing additional config files to be added to HADOOP_CONF_DIR";
|
||||
description = lib.mdDoc "Directories containing additional config files to be added to HADOOP_CONF_DIR";
|
||||
};
|
||||
|
||||
gatewayRole.enable = mkEnableOption "gateway role for deploying hadoop configs";
|
||||
|
|
|
@ -21,7 +21,7 @@ in
|
|||
"hbase.cluster.distributed" = "true";
|
||||
};
|
||||
type = types.attrsOf types.anything;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Default options for hbase-site.xml
|
||||
'';
|
||||
};
|
||||
|
@ -30,9 +30,9 @@ in
|
|||
type = with types; attrsOf anything;
|
||||
example = literalExpression ''
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Additional options and overrides for hbase-site.xml
|
||||
<link xlink:href="https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml"/>
|
||||
<https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml>
|
||||
'';
|
||||
};
|
||||
hbaseSiteInternal = mkOption {
|
||||
|
@ -50,11 +50,11 @@ in
|
|||
type = types.package;
|
||||
default = pkgs.hbase;
|
||||
defaultText = literalExpression "pkgs.hbase";
|
||||
description = "HBase package";
|
||||
description = lib.mdDoc "HBase package";
|
||||
};
|
||||
|
||||
rootdir = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option will set "hbase.rootdir" in hbase-site.xml and determine
|
||||
the directory shared by region servers and into which HBase persists.
|
||||
The URL should be 'fully-qualified' to include the filesystem scheme.
|
||||
|
@ -68,7 +68,7 @@ in
|
|||
default = "/hbase";
|
||||
};
|
||||
zookeeperQuorum = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This option will set "hbase.zookeeper.quorum" in hbase-site.xml.
|
||||
Comma separated list of servers in the ZooKeeper ensemble.
|
||||
'';
|
||||
|
@ -83,7 +83,7 @@ in
|
|||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Open firewall ports for HBase master.
|
||||
'';
|
||||
};
|
||||
|
@ -94,7 +94,7 @@ in
|
|||
overrideHosts = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix
|
||||
Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records
|
||||
or /etc/hosts entries.
|
||||
|
@ -105,7 +105,7 @@ in
|
|||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Open firewall ports for HBase master.
|
||||
'';
|
||||
};
|
||||
|
|
268
third_party/nixpkgs/nixos/modules/services/cluster/patroni/default.nix
vendored
Normal file
268
third_party/nixpkgs/nixos/modules/services/cluster/patroni/default.nix
vendored
Normal file
|
@ -0,0 +1,268 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.patroni;
|
||||
defaultUser = "patroni";
|
||||
defaultGroup = "patroni";
|
||||
format = pkgs.formats.yaml { };
|
||||
|
||||
#boto doesn't support python 3.10 yet
|
||||
patroni = pkgs.patroni.override { pythonPackages = pkgs.python39Packages; };
|
||||
|
||||
configFileName = "patroni-${cfg.scope}-${cfg.name}.yaml";
|
||||
configFile = format.generate configFileName cfg.settings;
|
||||
in
|
||||
{
|
||||
options.services.patroni = {
|
||||
|
||||
enable = mkEnableOption "Patroni";
|
||||
|
||||
postgresqlPackage = mkOption {
|
||||
type = types.package;
|
||||
example = literalExpression "pkgs.postgresql_14";
|
||||
description = mdDoc ''
|
||||
PostgreSQL package to use.
|
||||
Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`.
|
||||
'';
|
||||
};
|
||||
|
||||
postgresqlDataDir = mkOption {
|
||||
type = types.path;
|
||||
defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"'';
|
||||
example = "/var/lib/postgresql/14";
|
||||
default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}";
|
||||
description = mdDoc ''
|
||||
The data directory for PostgreSQL. If left as the default value
|
||||
this directory will automatically be created before the PostgreSQL server starts, otherwise
|
||||
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
|
||||
and permissions.
|
||||
'';
|
||||
};
|
||||
|
||||
postgresqlPort = mkOption {
|
||||
type = types.port;
|
||||
default = 5432;
|
||||
description = mdDoc ''
|
||||
The port on which PostgreSQL listens.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = defaultUser;
|
||||
example = "postgres";
|
||||
description = mdDoc ''
|
||||
The user for the service. If left as the default value this user will automatically be created,
|
||||
otherwise the sysadmin is responsible for ensuring the user exists.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = defaultGroup;
|
||||
example = "postgres";
|
||||
description = mdDoc ''
|
||||
The group for the service. If left as the default value this group will automatically be created,
|
||||
otherwise the sysadmin is responsible for ensuring the group exists.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/patroni";
|
||||
description = mdDoc ''
|
||||
Folder where Patroni data will be written, used by Raft as well if enabled.
|
||||
'';
|
||||
};
|
||||
|
||||
scope = mkOption {
|
||||
type = types.str;
|
||||
example = "cluster1";
|
||||
description = mdDoc ''
|
||||
Cluster name.
|
||||
'';
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
example = "node1";
|
||||
description = mdDoc ''
|
||||
The name of the host. Must be unique for the cluster.
|
||||
'';
|
||||
};
|
||||
|
||||
namespace = mkOption {
|
||||
type = types.str;
|
||||
default = "/service";
|
||||
description = mdDoc ''
|
||||
Path within the configuration store where Patroni will keep information about the cluster.
|
||||
'';
|
||||
};
|
||||
|
||||
nodeIp = mkOption {
|
||||
type = types.str;
|
||||
example = "192.168.1.1";
|
||||
description = mdDoc ''
|
||||
IP address of this node.
|
||||
'';
|
||||
};
|
||||
|
||||
otherNodesIps = mkOption {
|
||||
type = types.listOf types.string;
|
||||
example = [ "192.168.1.2" "192.168.1.3" ];
|
||||
description = mdDoc ''
|
||||
IP addresses of the other nodes.
|
||||
'';
|
||||
};
|
||||
|
||||
restApiPort = mkOption {
|
||||
type = types.port;
|
||||
default = 8008;
|
||||
description = mdDoc ''
|
||||
The port on Patroni's REST api listens.
|
||||
'';
|
||||
};
|
||||
|
||||
raft = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
This will configure Patroni to use its own RAFT implementation instead of using a dedicated DCS.
|
||||
'';
|
||||
};
|
||||
|
||||
raftPort = mkOption {
|
||||
type = types.port;
|
||||
default = 5010;
|
||||
description = mdDoc ''
|
||||
The port on which RAFT listens.
|
||||
'';
|
||||
};
|
||||
|
||||
softwareWatchdog = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
This will configure Patroni to use the software watchdog built into the Linux kernel
|
||||
as described in the [documentation](https://patroni.readthedocs.io/en/latest/watchdog.html#setting-up-software-watchdog-on-linux).
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = format.type;
|
||||
default = { };
|
||||
description = mdDoc ''
|
||||
The primary patroni configuration. See the [documentation](https://patroni.readthedocs.io/en/latest/SETTINGS.html)
|
||||
for possible values.
|
||||
Secrets should be passed in by using the `environmentFiles` option.
|
||||
'';
|
||||
};
|
||||
|
||||
environmentFiles = mkOption {
|
||||
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
|
||||
default = { };
|
||||
example = {
|
||||
PATRONI_REPLICATION_PASSWORD = "/secret/file";
|
||||
PATRONI_SUPERUSER_PASSWORD = "/secret/file";
|
||||
};
|
||||
description = mdDoc "Environment variables made available to Patroni as files content, useful for providing secrets from files.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.patroni.settings = {
|
||||
scope = cfg.scope;
|
||||
name = cfg.name;
|
||||
namespace = cfg.namespace;
|
||||
|
||||
restapi = {
|
||||
listen = "${cfg.nodeIp}:${toString cfg.restApiPort}";
|
||||
connect_address = "${cfg.nodeIp}:${toString cfg.restApiPort}";
|
||||
};
|
||||
|
||||
raft = mkIf cfg.raft {
|
||||
data_dir = "${cfg.dataDir}/raft";
|
||||
self_addr = "${cfg.nodeIp}:5010";
|
||||
partner_addrs = map (ip: ip + ":5010") cfg.otherNodesIps;
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
listen = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
|
||||
connect_address = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
|
||||
data_dir = cfg.postgresqlDataDir;
|
||||
bin_dir = "${cfg.postgresqlPackage}/bin";
|
||||
pgpass = "${cfg.dataDir}/pgpass";
|
||||
};
|
||||
|
||||
watchdog = mkIf cfg.softwareWatchdog {
|
||||
mode = "required";
|
||||
device = "/dev/watchdog";
|
||||
safety_margin = 5;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
users = {
|
||||
users = mkIf (cfg.user == defaultUser) {
|
||||
patroni = {
|
||||
group = cfg.group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
groups = mkIf (cfg.group == defaultGroup) {
|
||||
patroni = { };
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
patroni = {
|
||||
description = "Runners to orchestrate a high-availability PostgreSQL";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
script = ''
|
||||
${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))}
|
||||
exec ${patroni}/bin/patroni ${configFile}
|
||||
'';
|
||||
|
||||
serviceConfig = mkMerge [
|
||||
{
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Type = "simple";
|
||||
Restart = "on-failure";
|
||||
TimeoutSec = 30;
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
|
||||
KillMode = "process";
|
||||
}
|
||||
(mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") {
|
||||
StateDirectory = "patroni patroni/raft postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}";
|
||||
StateDirectoryMode = "0750";
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ];
|
||||
|
||||
services.udev.extraRules = mkIf cfg.softwareWatchdog ''
|
||||
KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600"
|
||||
'';
|
||||
|
||||
environment.systemPackages = [
|
||||
patroni
|
||||
cfg.postgresqlPackage
|
||||
(mkIf cfg.raft pkgs.python310Packages.pysyncobj)
|
||||
];
|
||||
|
||||
environment.etc."${configFileName}".source = configFile;
|
||||
|
||||
environment.sessionVariables = {
|
||||
PATRONICTL_CONFIG_FILE = "/etc/${configFileName}";
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = [ maintainers.phfroidmont ];
|
||||
}
|
|
@ -109,10 +109,9 @@ in
|
|||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra configuration for <literal>slurmdbd.conf</literal> See also:
|
||||
<citerefentry><refentrytitle>slurmdbd.conf</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>.
|
||||
description = lib.mdDoc ''
|
||||
Extra configuration for `slurmdbd.conf` See also:
|
||||
{manpage}`slurmdbd.conf(8)`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -121,10 +121,10 @@ in {
|
|||
keepalive = mkOption {
|
||||
default = 600;
|
||||
type = types.int;
|
||||
description = "
|
||||
description = lib.mdDoc ''
|
||||
This is a number that indicates how frequently keepalive messages should be sent
|
||||
from the worker to the buildmaster, expressed in seconds.
|
||||
";
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
|
|
|
@ -193,7 +193,7 @@ in
|
|||
options.services.buildkite-agents = mkOption {
|
||||
type = types.attrsOf (types.submodule buildkiteOptions);
|
||||
default = {};
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Attribute set of buildkite agents.
|
||||
The attribute key is combined with the hostname and a unique integer to
|
||||
create the final agent name. This can be overridden by setting the `name`
|
||||
|
|
|
@ -48,9 +48,14 @@ in
|
|||
tokenFile = mkOption {
|
||||
type = types.path;
|
||||
description = lib.mdDoc ''
|
||||
The full path to a file which contains the runner registration token.
|
||||
The full path to a file which contains either a runner registration token or a
|
||||
personal access token (PAT).
|
||||
The file should contain exactly one line with the token without any newline.
|
||||
The token can be used to re-register a runner of the same name but is time-limited.
|
||||
If a registration token is given, it can be used to re-register a runner of the same
|
||||
name but is time-limited. If the file contains a PAT, the service creates a new
|
||||
registration token on startup as needed. Make sure the PAT has a scope of
|
||||
`admin:org` for organization-wide registrations or a scope of
|
||||
`repo` for a single repository.
|
||||
|
||||
Changing this option or the file's content triggers a new runner registration.
|
||||
'';
|
||||
|
@ -117,6 +122,24 @@ in
|
|||
default = pkgs.github-runner;
|
||||
defaultText = literalExpression "pkgs.github-runner";
|
||||
};
|
||||
|
||||
ephemeral = mkOption {
|
||||
type = types.bool;
|
||||
description = lib.mdDoc ''
|
||||
If enabled, causes the following behavior:
|
||||
|
||||
- Passes the `--ephemeral` flag to the runner configuration script
|
||||
- De-registers and stops the runner with GitHub after it has processed one job
|
||||
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
|
||||
- Restarts the service after its successful exit
|
||||
- On start, wipes the state directory and configures a new runner
|
||||
|
||||
You should only enable this option if `tokenFile` points to a file which contains a
|
||||
personal access token (PAT). If you're using the option with a registration token, restarting the
|
||||
service will fail as soon as the registration token expired.
|
||||
'';
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -136,7 +159,7 @@ in
|
|||
|
||||
environment = {
|
||||
HOME = runtimeDir;
|
||||
RUNNER_ROOT = runtimeDir;
|
||||
RUNNER_ROOT = stateDir;
|
||||
};
|
||||
|
||||
path = (with pkgs; [
|
||||
|
@ -150,7 +173,7 @@ in
|
|||
] ++ cfg.extraPackages;
|
||||
|
||||
serviceConfig = rec {
|
||||
ExecStart = "${cfg.package}/bin/runsvc.sh";
|
||||
ExecStart = "${cfg.package}/bin/Runner.Listener run --startuptype service";
|
||||
|
||||
# Does the following, sequentially:
|
||||
# - If the module configuration or the token has changed, purge the state directory,
|
||||
|
@ -178,7 +201,7 @@ in
|
|||
${lines}
|
||||
'';
|
||||
currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
|
||||
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg;
|
||||
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" "ephemeral" ] cfg;
|
||||
newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
|
||||
newConfigTokenFilename = ".new-token";
|
||||
runnerCredFiles = [
|
||||
|
@ -188,6 +211,9 @@ in
|
|||
];
|
||||
unconfigureRunner = writeScript "unconfigure" ''
|
||||
differs=
|
||||
|
||||
if [[ "$(ls -A "$STATE_DIRECTORY")" ]]; then
|
||||
# State directory is not empty
|
||||
# Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist
|
||||
${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1
|
||||
# Also trigger a registration if the token content changed
|
||||
|
@ -195,10 +221,14 @@ in
|
|||
"$STATE_DIRECTORY"/${currentConfigTokenFilename} \
|
||||
${escapeShellArg cfg.tokenFile} \
|
||||
>/dev/null 2>&1 || differs=1
|
||||
# If .credentials does not exist, assume a previous run de-registered the runner on stop (ephemeral mode)
|
||||
[[ ! -f "$STATE_DIRECTORY/.credentials" ]] && differs=1
|
||||
fi
|
||||
|
||||
if [[ -n "$differs" ]]; then
|
||||
echo "Config has changed, removing old runner state."
|
||||
echo "The old runner will still appear in the GitHub Actions UI." \
|
||||
# In ephemeral mode, the runner deletes the `.credentials` file after de-registering it with GitHub
|
||||
[[ -f "$STATE_DIRECTORY/.credentials" ]] && echo "The old runner will still appear in the GitHub Actions UI." \
|
||||
"You have to remove it manually."
|
||||
find "$STATE_DIRECTORY/" -mindepth 1 -delete
|
||||
|
||||
|
@ -212,17 +242,28 @@ in
|
|||
if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then
|
||||
echo "Configuring GitHub Actions Runner"
|
||||
|
||||
token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename})
|
||||
RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \
|
||||
--unattended \
|
||||
--disableupdate \
|
||||
--work "$RUNTIME_DIRECTORY" \
|
||||
--url ${escapeShellArg cfg.url} \
|
||||
--token "$token" \
|
||||
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)} \
|
||||
--name ${escapeShellArg cfg.name} \
|
||||
${optionalString cfg.replace "--replace"} \
|
||||
args=(
|
||||
--unattended
|
||||
--disableupdate
|
||||
--work "$RUNTIME_DIRECTORY"
|
||||
--url ${escapeShellArg cfg.url}
|
||||
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)}
|
||||
--name ${escapeShellArg cfg.name}
|
||||
${optionalString cfg.replace "--replace"}
|
||||
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}
|
||||
${optionalString cfg.ephemeral "--ephemeral"}
|
||||
)
|
||||
|
||||
# If the token file contains a PAT (i.e., it starts with "ghp_"), we have to use the --pat option,
|
||||
# if it is not a PAT, we assume it contains a registration token and use the --token option
|
||||
token=$(<"$STATE_DIRECTORY/${newConfigTokenFilename}")
|
||||
if [[ "$token" =~ ^ghp_* ]]; then
|
||||
args+=(--pat "$token")
|
||||
else
|
||||
args+=(--token "$token")
|
||||
fi
|
||||
|
||||
${cfg.package}/bin/config.sh "''${args[@]}"
|
||||
|
||||
# Move the automatically created _diag dir to the logs dir
|
||||
mkdir -p "$STATE_DIRECTORY/_diag"
|
||||
|
@ -250,6 +291,10 @@ in
|
|||
setupRuntimeDir
|
||||
];
|
||||
|
||||
# If running in ephemeral mode, restart the service on-exit (i.e., successful de-registration of the runner)
|
||||
# to trigger a fresh registration.
|
||||
Restart = if cfg.ephemeral then "on-success" else "no";
|
||||
|
||||
# Contains _diag
|
||||
LogsDirectory = [ systemdDir ];
|
||||
# Default RUNNER_ROOT which contains ephemeral Runner data
|
||||
|
@ -269,8 +314,7 @@ in
|
|||
# By default, use a dynamically allocated user
|
||||
DynamicUser = true;
|
||||
|
||||
KillMode = "process";
|
||||
KillSignal = "SIGTERM";
|
||||
KillSignal = "SIGINT";
|
||||
|
||||
# Hardening (may overlap with DynamicUser=)
|
||||
# The following options are only for optimizing:
|
||||
|
|
|
@ -103,15 +103,15 @@ let
|
|||
defaultText = literalExpression ''baseDirectory + "/secrets"'';
|
||||
};
|
||||
clusterJoinTokenPath = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Location of the cluster-join-token.key file.
|
||||
|
||||
You can retrieve the contents of the file when creating a new agent via
|
||||
<link xlink:href="https://hercules-ci.com/dashboard">https://hercules-ci.com/dashboard</link>.
|
||||
<https://hercules-ci.com/dashboard>.
|
||||
|
||||
As this value is confidential, it should not be in the store, but
|
||||
installed using other means, such as agenix, NixOps
|
||||
<literal>deployment.keys</literal>, or manual installation.
|
||||
`deployment.keys`, or manual installation.
|
||||
|
||||
The contents of the file are used for authentication between the agent and the API.
|
||||
'';
|
||||
|
@ -120,29 +120,28 @@ let
|
|||
defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';
|
||||
};
|
||||
binaryCachesPath = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Path to a JSON file containing binary cache secret keys.
|
||||
|
||||
As these values are confidential, they should not be in the store, but
|
||||
copied over using other means, such as agenix, NixOps
|
||||
<literal>deployment.keys</literal>, or manual installation.
|
||||
`deployment.keys`, or manual installation.
|
||||
|
||||
The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/">https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/</link>.
|
||||
The format is described on <https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/>.
|
||||
'';
|
||||
type = types.path;
|
||||
default = config.staticSecretsDirectory + "/binary-caches.json";
|
||||
defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';
|
||||
};
|
||||
secretsJsonPath = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Path to a JSON file containing secrets for effects.
|
||||
|
||||
As these values are confidential, they should not be in the store, but
|
||||
copied over using other means, such as agenix, NixOps
|
||||
<literal>deployment.keys</literal>, or manual installation.
|
||||
|
||||
The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/">https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/</link>.
|
||||
`deployment.keys`, or manual installation.
|
||||
|
||||
The format is described on <https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/>.
|
||||
'';
|
||||
type = types.path;
|
||||
default = config.staticSecretsDirectory + "/secrets.json";
|
||||
|
|
|
@ -87,7 +87,7 @@ in
|
|||
type = types.str;
|
||||
default = localDB;
|
||||
example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The DBI string for Hydra database connection.
|
||||
|
||||
NOTE: Attempts to set `application_name` will be overridden by
|
||||
|
@ -115,8 +115,8 @@ in
|
|||
type = types.str;
|
||||
default = "*";
|
||||
example = "localhost";
|
||||
description = ''
|
||||
The hostname or address to listen on or <literal>*</literal> to listen
|
||||
description = lib.mdDoc ''
|
||||
The hostname or address to listen on or `*` to listen
|
||||
on all interfaces.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -97,9 +97,9 @@ in
|
|||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Open the firewall ports corresponding to FoundationDB processes and coordinators
|
||||
using <option>config.networking.firewall.*</option>.
|
||||
using {option}`config.networking.firewall.*`.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -35,9 +35,9 @@ in
|
|||
default = pkgs.mongodb;
|
||||
defaultText = literalExpression "pkgs.mongodb";
|
||||
type = types.package;
|
||||
description = "
|
||||
description = lib.mdDoc ''
|
||||
Which MongoDB derivation to use.
|
||||
";
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
|
|
|
@ -36,9 +36,9 @@ in
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
example = literalExpression "pkgs.mariadb";
|
||||
description = "
|
||||
description = lib.mdDoc ''
|
||||
Which MySQL derivation to use. MariaDB packages are supported too.
|
||||
";
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
|
|
|
@ -36,48 +36,43 @@ let
|
|||
serverConfig = pkgs.writeText "neo4j.conf" ''
|
||||
# General
|
||||
dbms.allow_upgrade=${boolToString cfg.allowUpgrade}
|
||||
dbms.connectors.default_listen_address=${cfg.defaultListenAddress}
|
||||
dbms.read_only=${boolToString cfg.readOnly}
|
||||
dbms.default_listen_address=${cfg.defaultListenAddress}
|
||||
dbms.databases.default_to_read_only=${boolToString cfg.readOnly}
|
||||
${optionalString (cfg.workerCount > 0) ''
|
||||
dbms.threads.worker_count=${toString cfg.workerCount}
|
||||
''}
|
||||
|
||||
# Directories
|
||||
# Directories (readonly)
|
||||
dbms.directories.certificates=${cfg.directories.certificates}
|
||||
dbms.directories.data=${cfg.directories.data}
|
||||
dbms.directories.logs=${cfg.directories.home}/logs
|
||||
dbms.directories.plugins=${cfg.directories.plugins}
|
||||
dbms.directories.lib=${cfg.package}/share/neo4j/lib
|
||||
${optionalString (cfg.constrainLoadCsv) ''
|
||||
dbms.directories.import=${cfg.directories.imports}
|
||||
''}
|
||||
|
||||
# Directories (read and write)
|
||||
dbms.directories.data=${cfg.directories.data}
|
||||
dbms.directories.logs=${cfg.directories.home}/logs
|
||||
dbms.directories.run=${cfg.directories.home}/run
|
||||
|
||||
# HTTP Connector
|
||||
${optionalString (cfg.http.enable) ''
|
||||
dbms.connector.http.enabled=${boolToString cfg.http.enable}
|
||||
dbms.connector.http.listen_address=${cfg.http.listenAddress}
|
||||
''}
|
||||
${optionalString (!cfg.http.enable) ''
|
||||
# It is not possible to disable the HTTP connector. To fully prevent
|
||||
# clients from connecting to HTTP, block the HTTP port (7474 by default)
|
||||
# via firewall. listen_address is set to the loopback interface to
|
||||
# prevent remote clients from connecting.
|
||||
dbms.connector.http.listen_address=127.0.0.1
|
||||
dbms.connector.http.advertised_address=${cfg.http.listenAddress}
|
||||
''}
|
||||
|
||||
# HTTPS Connector
|
||||
dbms.connector.https.enabled=${boolToString cfg.https.enable}
|
||||
dbms.connector.https.listen_address=${cfg.https.listenAddress}
|
||||
https.ssl_policy=${cfg.https.sslPolicy}
|
||||
dbms.connector.https.advertised_address=${cfg.https.listenAddress}
|
||||
|
||||
# BOLT Connector
|
||||
dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable}
|
||||
dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress}
|
||||
bolt.ssl_policy=${cfg.bolt.sslPolicy}
|
||||
dbms.connector.bolt.advertised_address=${cfg.bolt.listenAddress}
|
||||
dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel}
|
||||
|
||||
# neo4j-shell
|
||||
dbms.shell.enabled=${boolToString cfg.shell.enable}
|
||||
|
||||
# SSL Policies
|
||||
${concatStringsSep "\n" sslPolicies}
|
||||
|
||||
|
@ -95,8 +90,10 @@ let
|
|||
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
|
||||
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
|
||||
|
||||
# Usage Data Collector
|
||||
dbms.udc.enabled=${boolToString cfg.udc.enable}
|
||||
#dbms.memory.heap.initial_size=12000m
|
||||
#dbms.memory.heap.max_size=12000m
|
||||
#dbms.memory.pagecache.size=4g
|
||||
#dbms.tx_state.max_off_heap_memory=8000m
|
||||
|
||||
# Extra Configuration
|
||||
${cfg.extraServerConfig}
|
||||
|
@ -114,6 +111,8 @@ in {
|
|||
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "shell" "enabled" ] "shell.enabled was removed upstream")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "udc" "enabled" ] "udc.enabled was removed upstream")
|
||||
];
|
||||
|
||||
###### interface
|
||||
|
@ -334,13 +333,10 @@ in {
|
|||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = lib.mdDoc ''
|
||||
The HTTP connector is required for Neo4j, and cannot be disabled.
|
||||
Setting this option to `false` will force the HTTP
|
||||
connector's {option}`listenAddress` to the loopback
|
||||
interface to prevent connection of remote clients. To prevent all
|
||||
clients from connecting, block the HTTP port (7474 by default) by
|
||||
firewall.
|
||||
description = ''
|
||||
Enable the HTTP connector for Neo4j. Setting this option to
|
||||
<literal>false</literal> will stop Neo4j from listening for incoming
|
||||
connections on the HTTPS port (7474 by default).
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -568,19 +564,6 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
udc = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Enable the Usage Data Collector which Neo4j uses to collect usage
|
||||
data. Refer to the operations manual section on the
|
||||
[Usage Data Collector](https://neo4j.com/docs/operations-manual/current/configuration/usage-data-collector/)
|
||||
for more information.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
@ -612,7 +595,7 @@ in {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
environment = {
|
||||
NEO4J_HOME = "${cfg.package}/share/neo4j";
|
||||
NEO4J_HOME = "${cfg.directories.home}";
|
||||
NEO4J_CONF = "${cfg.directories.home}/conf";
|
||||
};
|
||||
serviceConfig = {
|
||||
|
@ -653,6 +636,6 @@ in {
|
|||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ patternspandemic ];
|
||||
maintainers = with lib.maintainers; [ patternspandemic jonringer erictapen ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -79,15 +79,15 @@ in
|
|||
authentication = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Defines how users authenticate themselves to the server. See the
|
||||
<link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">PostgreSQL documentation for pg_hba.conf</link>
|
||||
[PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html)
|
||||
for details on the expected format of this option. By default,
|
||||
peer based authentication will be used for users connecting
|
||||
via the Unix socket, and md5 password authentication will be
|
||||
used for users connecting via TCP. Any added rules will be
|
||||
inserted above the default rules. If you'd like to replace the
|
||||
default rules entirely, you can use <function>lib.mkForce</function> in your
|
||||
default rules entirely, you can use `lib.mkForce` in your
|
||||
module.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -24,22 +24,22 @@ in
|
|||
|
||||
user = mkOption {
|
||||
default = "rethinkdb";
|
||||
description = "User account under which RethinkDB runs.";
|
||||
description = lib.mdDoc "User account under which RethinkDB runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
default = "rethinkdb";
|
||||
description = "Group which rethinkdb user belongs to.";
|
||||
description = lib.mdDoc "Group which rethinkdb user belongs to.";
|
||||
};
|
||||
|
||||
dbpath = mkOption {
|
||||
default = "/var/db/rethinkdb";
|
||||
description = "Location where RethinkDB stores its data, 1 data directory per instance.";
|
||||
description = lib.mdDoc "Location where RethinkDB stores its data, 1 data directory per instance.";
|
||||
};
|
||||
|
||||
pidpath = mkOption {
|
||||
default = "/run/rethinkdb";
|
||||
description = "Location where each instance's pid file is located.";
|
||||
description = lib.mdDoc "Location where each instance's pid file is located.";
|
||||
};
|
||||
|
||||
#cfgpath = mkOption {
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
},
|
||||
"context.spa-libs": {
|
||||
"audio.convert.*": "audioconvert/libspa-audioconvert",
|
||||
"avb.*": "avb/libspa-avb",
|
||||
"api.alsa.*": "alsa/libspa-alsa",
|
||||
"api.v4l2.*": "v4l2/libspa-v4l2",
|
||||
"api.libcamera.*": "libcamera/libspa-libcamera",
|
||||
|
|
|
@ -39,14 +39,14 @@ in {
|
|||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable the deprecated example Pipewire session manager";
|
||||
description = lib.mdDoc "Whether to enable the deprecated example Pipewire session manager";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.pipewire-media-session;
|
||||
defaultText = literalExpression "pkgs.pipewire-media-session";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The pipewire-media-session derivation to use.
|
||||
'';
|
||||
};
|
||||
|
@ -54,7 +54,7 @@ in {
|
|||
config = {
|
||||
media-session = mkOption {
|
||||
type = json.type;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for the media session core. For details see
|
||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/media-session.conf
|
||||
'';
|
||||
|
@ -63,7 +63,7 @@ in {
|
|||
|
||||
alsa-monitor = mkOption {
|
||||
type = json.type;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for the alsa monitor. For details see
|
||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/alsa-monitor.conf
|
||||
'';
|
||||
|
@ -72,7 +72,7 @@ in {
|
|||
|
||||
bluez-monitor = mkOption {
|
||||
type = json.type;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for the bluez5 monitor. For details see
|
||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/bluez-monitor.conf
|
||||
'';
|
||||
|
@ -81,7 +81,7 @@ in {
|
|||
|
||||
v4l2-monitor = mkOption {
|
||||
type = json.type;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for the V4L2 monitor. For details see
|
||||
https://gitlab.freedesktop.org/pipewire/media-session/-/blob/${cfg.package.version}/src/daemon/media-session.d/v4l2-monitor.conf
|
||||
'';
|
||||
|
|
|
@ -34,7 +34,8 @@ with lib;
|
|||
];
|
||||
|
||||
# for $out/bin/install-printer-driver
|
||||
services.packagekit.enable = true;
|
||||
# TODO: Enable once #177946 is resolved
|
||||
# services.packagekit.enable = true;
|
||||
|
||||
};
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ in {
|
|||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
IP address Jupyter will be listening on.
|
||||
'';
|
||||
};
|
||||
|
@ -41,7 +41,7 @@ in {
|
|||
# saving a rebuild.
|
||||
default = pkgs.python3.pkgs.notebook;
|
||||
defaultText = literalExpression "pkgs.python3.pkgs.notebook";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Jupyter package to use.
|
||||
'';
|
||||
};
|
||||
|
@ -50,7 +50,7 @@ in {
|
|||
type = types.str;
|
||||
default = "jupyter-notebook";
|
||||
example = "jupyter-lab";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Which command the service runs. Note that not all jupyter packages
|
||||
have all commands, e.g. jupyter-lab isn't present in the default package.
|
||||
'';
|
||||
|
@ -59,7 +59,7 @@ in {
|
|||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 8888;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Port number Jupyter will be listening on.
|
||||
'';
|
||||
};
|
||||
|
@ -67,7 +67,7 @@ in {
|
|||
notebookDir = mkOption {
|
||||
type = types.str;
|
||||
default = "~/";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Root directory for notebooks.
|
||||
'';
|
||||
};
|
||||
|
@ -75,7 +75,7 @@ in {
|
|||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "jupyter";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name of the user used to run the jupyter service.
|
||||
For security reason, jupyter should really not be run as root.
|
||||
If not set (jupyter), the service will create a jupyter user with appropriate settings.
|
||||
|
@ -86,7 +86,7 @@ in {
|
|||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "jupyter";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name of the group used to run the jupyter service.
|
||||
Use this if you want to create a group of users that are able to view the notebook directory's content.
|
||||
'';
|
||||
|
@ -95,7 +95,7 @@ in {
|
|||
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Password to use with notebook.
|
||||
Can be generated using:
|
||||
In [1]: from notebook.auth import passwd
|
||||
|
@ -112,7 +112,7 @@ in {
|
|||
notebookConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Raw jupyter config.
|
||||
'';
|
||||
};
|
||||
|
@ -149,13 +149,14 @@ in {
|
|||
};
|
||||
}
|
||||
'';
|
||||
description = "Declarative kernel config
|
||||
description = lib.mdDoc ''
|
||||
Declarative kernel config.
|
||||
|
||||
Kernels can be declared in any language that supports and has the required
|
||||
dependencies to communicate with a jupyter server.
|
||||
In python's case, it means that ipykernel package must always be included in
|
||||
the list of packages of the targeted environment.
|
||||
";
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ with lib;
|
|||
"Python 3"
|
||||
"Python 3 for Data Science"
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name that will be shown to the user.
|
||||
'';
|
||||
};
|
||||
|
@ -27,7 +27,7 @@ with lib;
|
|||
"-f"
|
||||
"{connection_file}"
|
||||
];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Command and arguments to start the kernel.
|
||||
'';
|
||||
};
|
||||
|
@ -35,7 +35,7 @@ with lib;
|
|||
language = mkOption {
|
||||
type = types.str;
|
||||
example = "python";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Language of the environment. Typically the name of the binary.
|
||||
'';
|
||||
};
|
||||
|
@ -44,7 +44,7 @@ with lib;
|
|||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Path to 32x32 logo png.
|
||||
'';
|
||||
};
|
||||
|
@ -52,7 +52,7 @@ with lib;
|
|||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Path to 64x64 logo png.
|
||||
'';
|
||||
};
|
||||
|
@ -61,7 +61,7 @@ with lib;
|
|||
type = types.attrsOf types.path;
|
||||
default = { };
|
||||
example = literalExpression ''"{ examples = ''${env.sitePack}/IRkernel/kernelspec/kernel.js"; }'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Extra paths to link in kernel directory
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -35,7 +35,7 @@ in {
|
|||
authentication = mkOption {
|
||||
type = types.str;
|
||||
default = "jupyterhub.auth.PAMAuthenticator";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Jupyterhub authentication to use
|
||||
|
||||
There are many authenticators available including: oauth, pam,
|
||||
|
@ -46,7 +46,7 @@ in {
|
|||
spawner = mkOption {
|
||||
type = types.str;
|
||||
default = "systemdspawner.SystemdSpawner";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Jupyterhub spawner to use
|
||||
|
||||
There are many spawners available including: local process,
|
||||
|
@ -57,7 +57,7 @@ in {
|
|||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Extra contents appended to the jupyterhub configuration
|
||||
|
||||
Jupyterhub configuration is a normal python file using
|
||||
|
@ -84,7 +84,7 @@ in {
|
|||
jupyterhub-systemdspawner
|
||||
])
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Python environment to run jupyterhub
|
||||
|
||||
Customizing will affect the packages available in the hub and
|
||||
|
@ -106,7 +106,7 @@ in {
|
|||
jupyterlab
|
||||
])
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Python environment to run jupyterlab
|
||||
|
||||
Customizing will affect the packages available in the
|
||||
|
@ -146,7 +146,7 @@ in {
|
|||
};
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Declarative kernel config
|
||||
|
||||
Kernels can be declared in any language that supports and has
|
||||
|
@ -159,7 +159,7 @@ in {
|
|||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8000;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Port number Jupyterhub will be listening on
|
||||
'';
|
||||
};
|
||||
|
@ -167,7 +167,7 @@ in {
|
|||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Bind IP JupyterHub will be listening on
|
||||
'';
|
||||
};
|
||||
|
@ -175,7 +175,7 @@ in {
|
|||
stateDirectory = mkOption {
|
||||
type = types.str;
|
||||
default = "jupyterhub";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Directory for jupyterhub state (token + database)
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -9,7 +9,7 @@ in {
|
|||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Enables the daemon for `lorri`, a nix-shell replacement for project
|
||||
development. The socket-activated daemon starts on the first request
|
||||
issued by the `lorri` command.
|
||||
|
|
|
@ -36,7 +36,7 @@ in {
|
|||
certificateChain = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Chain of CA-certificates to which our `certificateFile` is relative.
|
||||
Optional for TLS.
|
||||
'';
|
||||
|
|
|
@ -81,11 +81,11 @@ in
|
|||
|
||||
settings = mkOption {
|
||||
type = format.type;
|
||||
description = ''
|
||||
The ASF.json file, all the options are documented <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config">here</link>.
|
||||
description = lib.mdDoc ''
|
||||
The ASF.json file, all the options are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config).
|
||||
Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything.
|
||||
`Headless` is also always set to `true` because there is no way to provide inputs via a systemd service.
|
||||
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod">here</link>.
|
||||
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod).
|
||||
'';
|
||||
example = {
|
||||
Statistics = false;
|
||||
|
|
|
@ -41,7 +41,7 @@ in {
|
|||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/crossfire";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Where to store runtime data (save files, persistent items, etc).
|
||||
|
||||
If left at the default, this will be automatically created on server
|
||||
|
@ -61,7 +61,7 @@ in {
|
|||
|
||||
configFiles = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Text to append to the corresponding configuration files. Note that the
|
||||
files given in the example are *not* the complete set of files available
|
||||
to customize; look in /etc/crossfire after enabling the server to see
|
||||
|
|
|
@ -41,7 +41,7 @@ in {
|
|||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/deliantra";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Where to store runtime data (save files, persistent items, etc).
|
||||
|
||||
If left at the default, this will be automatically created on server
|
||||
|
|
|
@ -25,7 +25,7 @@ in
|
|||
gameId = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Id of the game to use. To list available games run
|
||||
`minetestserver --gameid list`.
|
||||
|
||||
|
@ -36,7 +36,7 @@ in
|
|||
world = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Name of the world to use. To list available worlds run
|
||||
`minetestserver --world list`.
|
||||
|
||||
|
@ -47,7 +47,7 @@ in
|
|||
configPath = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Path to the config to use.
|
||||
|
||||
If set to null, the config of the running user will be used:
|
||||
|
|
|
@ -15,9 +15,9 @@ let
|
|||
DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins}
|
||||
'';
|
||||
};
|
||||
"fwupd/uefi.conf" = {
|
||||
source = pkgs.writeText "uefi.conf" ''
|
||||
[uefi]
|
||||
"fwupd/uefi_capsule.conf" = {
|
||||
source = pkgs.writeText "uefi_capsule.conf" ''
|
||||
[uefi_capsule]
|
||||
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -35,11 +35,10 @@ in
|
|||
LIBPATH /path/to/serial_reader.so
|
||||
CHANNELID 1
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for devices that aren't hotpluggable.
|
||||
|
||||
See <citerefentry><refentrytitle>reader.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for valid options.
|
||||
See {manpage}`reader.conf(5)` for valid options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -126,10 +126,10 @@ in {
|
|||
psycopg2
|
||||
];
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of packages to add to propagatedBuildInputs.
|
||||
|
||||
A popular example is <package>python3Packages.psycopg2</package>
|
||||
A popular example is `python3Packages.psycopg2`
|
||||
for PostgreSQL support in the recorder component.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -121,11 +121,9 @@ in
|
|||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "hourly";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specification of the time at which awstats will get updated.
|
||||
(in the format described by <citerefentry>
|
||||
<refentrytitle>systemd.time</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>)
|
||||
(in the format described by {manpage}`systemd.time(7)`)
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -79,7 +79,7 @@ let
|
|||
priority = mkOption {
|
||||
type = types.int;
|
||||
default = 1000;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Order of this logrotate block in relation to the others. The semantics are
|
||||
the same as with `lib.mkOrder`. Smaller values have a greater priority.
|
||||
'';
|
||||
|
@ -260,7 +260,7 @@ in
|
|||
priority = mkOption {
|
||||
type = types.int;
|
||||
default = 1000;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Order of this logrotate block in relation to the others. The semantics are
|
||||
the same as with `lib.mkOrder`. Smaller values are inserted first.
|
||||
'';
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue