b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
Frederik Rietdijk 2020-01-07 20:06:22 +01:00
parent 7f81119550 c425a7e694
commit a823616723
324 changed files with 2717 additions and 2294 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
lib/tests/modules.sh
View file

@ -87,36 +87,36 @@ checkConfigOutput "false" "$@" ./define-force-enable.nix
checkConfigOutput "false" "$@" ./define-enable-force.nix checkConfigOutput "false" "$@" ./define-enable-force.nix
# Check mkForce with option and submodules. # Check mkForce with option and submodules.
checkConfigError 'attribute .*foo.* .* not found' config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix checkConfigError 'attribute .*foo.* .* not found' config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix
checkConfigOutput 'false' config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix checkConfigOutput 'false' config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix
set -- config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo-enable.nix set -- config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo-enable.nix
checkConfigOutput 'true' "$@" checkConfigOutput 'true' "$@"
checkConfigOutput 'false' "$@" ./define-force-loaOfSub-foo-enable.nix checkConfigOutput 'false' "$@" ./define-force-attrsOfSub-foo-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-force-foo-enable.nix checkConfigOutput 'false' "$@" ./define-attrsOfSub-force-foo-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-force-enable.nix checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-force-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-enable-force.nix checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-enable-force.nix
# Check overriding effect of mkForce on submodule definitions. # Check overriding effect of mkForce on submodule definitions.
checkConfigError 'attribute .*bar.* .* not found' config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix checkConfigError 'attribute .*bar.* .* not found' config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix
checkConfigOutput 'false' config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix ./define-loaOfSub-bar.nix checkConfigOutput 'false' config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix ./define-attrsOfSub-bar.nix
set -- config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix ./define-loaOfSub-bar-enable.nix set -- config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix ./define-attrsOfSub-bar-enable.nix
checkConfigOutput 'true' "$@" checkConfigOutput 'true' "$@"
checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-force-loaOfSub-foo-enable.nix checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-force-attrsOfSub-foo-enable.nix
checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-loaOfSub-force-foo-enable.nix checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-attrsOfSub-force-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-loaOfSub-foo-force-enable.nix checkConfigOutput 'true' "$@" ./define-attrsOfSub-foo-force-enable.nix
checkConfigOutput 'true' "$@" ./define-loaOfSub-foo-enable-force.nix checkConfigOutput 'true' "$@" ./define-attrsOfSub-foo-enable-force.nix
# Check mkIf with submodules. # Check mkIf with submodules.
checkConfigError 'attribute .*foo.* .* not found' config.loaOfSub.foo.enable ./declare-enable.nix ./declare-loaOfSub-any-enable.nix checkConfigError 'attribute .*foo.* .* not found' config.attrsOfSub.foo.enable ./declare-enable.nix ./declare-attrsOfSub-any-enable.nix
set -- config.loaOfSub.foo.enable ./declare-enable.nix ./declare-loaOfSub-any-enable.nix set -- config.attrsOfSub.foo.enable ./declare-enable.nix ./declare-attrsOfSub-any-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-if-loaOfSub-foo-enable.nix checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-if-attrsOfSub-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-loaOfSub-if-foo-enable.nix checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-attrsOfSub-if-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-loaOfSub-foo-if-enable.nix checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-attrsOfSub-foo-if-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-enable-if.nix checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-enable-if.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-if-loaOfSub-foo-enable.nix checkConfigOutput 'true' "$@" ./define-enable.nix ./define-if-attrsOfSub-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-if-foo-enable.nix checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-if-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-if-enable.nix checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-foo-if-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-enable-if.nix checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-foo-enable-if.nix
# Check disabledModules with config definitions and option declarations. # Check disabledModules with config definitions and option declarations.
set -- config.enable ./define-enable.nix ./declare-enable.nix set -- config.enable ./define-enable.nix ./declare-enable.nix
@ -138,7 +138,7 @@ checkConfigError 'while evaluating the module argument .*custom.* in .*import-cu
checkConfigError 'infinite recursion encountered' "$@" checkConfigError 'infinite recursion encountered' "$@"
# Check _module.check. # Check _module.check.
set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-loaOfSub-foo.nix set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-attrsOfSub-foo.nix
checkConfigError 'The option .* defined in .* does not exist.' "$@" checkConfigError 'The option .* defined in .* does not exist.' "$@"
checkConfigOutput "true" "$@" ./define-module-check.nix checkConfigOutput "true" "$@" ./define-module-check.nix
@ -152,12 +152,6 @@ checkConfigOutput "12" config.value ./declare-coerced-value-unsound.nix
checkConfigError 'The option value .* in .* is not.*8 bit signed integer.* or string convertible to it' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix checkConfigError 'The option value .* in .* is not.*8 bit signed integer.* or string convertible to it' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix
checkConfigError 'unrecognised JSON value' config.value ./declare-coerced-value-unsound.nix ./define-value-string-arbitrary.nix checkConfigError 'unrecognised JSON value' config.value ./declare-coerced-value-unsound.nix ./define-value-string-arbitrary.nix
# Check loaOf with long list.
checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-long-list.nix
# Check loaOf with many merges of lists.
checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-many-list-merges.nix
# Check mkAliasOptionModule. # Check mkAliasOptionModule.
checkConfigOutput "true" config.enable ./alias-with-priority.nix checkConfigOutput "true" config.enable ./alias-with-priority.nix
checkConfigOutput "true" config.enableAlias ./alias-with-priority.nix checkConfigOutput "true" config.enableAlias ./alias-with-priority.nix

4
lib/tests/modules/declare-loaOfSub-any-enable.nix → lib/tests/modules/declare-attrsOfSub-any-enable.nix
View file

@ -17,10 +17,10 @@ in
{ {
options = { options = {
loaOfSub = lib.mkOption { attrsOfSub = lib.mkOption {
default = {}; default = {};
example = {}; example = {};
type = lib.types.loaOf (lib.types.submodule [ submod ]); type = lib.types.attrsOf (lib.types.submodule [ submod ]);
description = '' description = ''
Some descriptive text Some descriptive text
''; '';

3
lib/tests/modules/define-attrsOfSub-bar-enable.nix Normal file
View file

@ -0,0 +1,3 @@
{
attrsOfSub.bar.enable = true;
}

3
lib/tests/modules/define-attrsOfSub-bar.nix Normal file
View file

@ -0,0 +1,3 @@
{
attrsOfSub.bar = {};
}

5
lib/tests/modules/define-attrsOfSub-foo-enable-force.nix Normal file
View file

@ -0,0 +1,5 @@
{ lib, ... }:
{
attrsOfSub.foo.enable = lib.mkForce false;
}

5
lib/tests/modules/define-attrsOfSub-foo-enable-if.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, ... }:
{
attrsOfSub.foo.enable = lib.mkIf config.enable true;
}

3
lib/tests/modules/define-attrsOfSub-foo-enable.nix Normal file
View file

@ -0,0 +1,3 @@
{
attrsOfSub.foo.enable = true;
}

2
lib/tests/modules/define-loaOfSub-foo-force-enable.nix → lib/tests/modules/define-attrsOfSub-foo-force-enable.nix
View file

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
loaOfSub.foo = lib.mkForce { attrsOfSub.foo = lib.mkForce {
enable = false; enable = false;
}; };
} }

2
lib/tests/modules/define-loaOfSub-foo-if-enable.nix → lib/tests/modules/define-attrsOfSub-foo-if-enable.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
loaOfSub.foo = lib.mkIf config.enable { attrsOfSub.foo = lib.mkIf config.enable {
enable = true; enable = true;
}; };
} }

3
lib/tests/modules/define-attrsOfSub-foo.nix Normal file
View file

@ -0,0 +1,3 @@
{
attrsOfSub.foo = {};
}

2
lib/tests/modules/define-loaOfSub-force-foo-enable.nix → lib/tests/modules/define-attrsOfSub-force-foo-enable.nix
View file

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
loaOfSub = lib.mkForce { attrsOfSub = lib.mkForce {
foo.enable = false; foo.enable = false;
}; };
} }

2
lib/tests/modules/define-loaOfSub-if-foo-enable.nix → lib/tests/modules/define-attrsOfSub-if-foo-enable.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
loaOfSub = lib.mkIf config.enable { attrsOfSub = lib.mkIf config.enable {
foo.enable = true; foo.enable = true;
}; };
} }

5
lib/tests/modules/define-force-attrsOfSub-foo-enable.nix Normal file
View file

@ -0,0 +1,5 @@
{ lib, ... }:
lib.mkForce {
attrsOfSub.foo.enable = false;
}

5
lib/tests/modules/define-force-loaOfSub-foo-enable.nix
View file

@ -1,5 +0,0 @@
{ lib, ... }:
lib.mkForce {
loaOfSub.foo.enable = false;
}

2
lib/tests/modules/define-if-loaOfSub-foo-enable.nix → lib/tests/modules/define-if-attrsOfSub-foo-enable.nix
View file

@ -1,5 +1,5 @@
{ config, lib, ... }: { config, lib, ... }:
lib.mkIf config.enable { lib.mkIf config.enable {
loaOfSub.foo.enable = true; attrsOfSub.foo.enable = true;
} }

3
lib/tests/modules/define-loaOfSub-bar-enable.nix
View file

@ -1,3 +0,0 @@
{
loaOfSub.bar.enable = true;
}

3
lib/tests/modules/define-loaOfSub-bar.nix
View file

@ -1,3 +0,0 @@
{
loaOfSub.bar = {};
}

5
lib/tests/modules/define-loaOfSub-foo-enable-force.nix
View file

@ -1,5 +0,0 @@
{ lib, ... }:
{
loaOfSub.foo.enable = lib.mkForce false;
}

5
lib/tests/modules/define-loaOfSub-foo-enable-if.nix
View file

@ -1,5 +0,0 @@
{ config, lib, ... }:
{
loaOfSub.foo.enable = lib.mkIf config.enable true;
}

3
lib/tests/modules/define-loaOfSub-foo-enable.nix
View file

@ -1,3 +0,0 @@
{
loaOfSub.foo.enable = true;
}

3
lib/tests/modules/define-loaOfSub-foo.nix
View file

@ -1,3 +0,0 @@
{
loaOfSub.foo = {};
}

19
lib/tests/modules/loaOf-with-long-list.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
{
options = {
loaOfInt = lib.mkOption {
type = lib.types.loaOf lib.types.int;
};
result = lib.mkOption {
type = lib.types.str;
};
};
config = {
loaOfInt = [ 1 2 3 4 5 6 7 8 9 10 ];
result = toString (lib.attrValues config.loaOfInt);
};
}

19
lib/tests/modules/loaOf-with-many-list-merges.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
{
options = {
loaOfInt = lib.mkOption {
type = lib.types.loaOf lib.types.int;
};
result = lib.mkOption {
type = lib.types.str;
};
};
config = {
loaOfInt = lib.mkMerge (map lib.singleton [ 1 2 3 4 5 6 7 8 9 10 ]);
result = toString (lib.attrValues config.loaOfInt);
};
}

44
lib/types.nix
View file

@ -242,8 +242,7 @@ rec {
path = mkOptionType { path = mkOptionType {
name = "path"; name = "path";
# Hacky: there is no isPath primop. check = x: isCoercibleToString x && builtins.substring 0 1 (toString x) == "/";
check = x: builtins.substring 0 1 (toString x) == "/";
merge = mergeEqualOption; merge = mergeEqualOption;
}; };
@ -295,26 +294,43 @@ rec {
# List or attribute set of ... # List or attribute set of ...
loaOf = elemType: loaOf = elemType:
let let
convertAllLists = defs: convertAllLists = loc: defs:
let let
padWidth = stringLength (toString (length defs)); padWidth = stringLength (toString (length defs));
unnamedPrefix = i: "unnamed-" + fixedWidthNumber padWidth i + "."; unnamedPrefix = i: "unnamed-" + fixedWidthNumber padWidth i + ".";
in in
imap1 (i: convertIfList (unnamedPrefix i)) defs; imap1 (i: convertIfList loc (unnamedPrefix i)) defs;
convertIfList = loc: unnamedPrefix: def:
convertIfList = unnamedPrefix: def:
if isList def.value then if isList def.value then
let let
padWidth = stringLength (toString (length def.value)); padWidth = stringLength (toString (length def.value));
unnamed = i: unnamedPrefix + fixedWidthNumber padWidth i; unnamed = i: unnamedPrefix + fixedWidthNumber padWidth i;
res =
{ inherit (def) file;
value = listToAttrs (
imap1 (elemIdx: elem:
{ name = elem.name or (unnamed elemIdx);
value = elem;
}) def.value);
};
option = concatStringsSep "." loc;
sample = take 3 def.value;
list = concatMapStrings (x: ''{ name = "${x.name or "unnamed"}"; ...} '') sample;
set = concatMapStrings (x: ''${x.name or "unnamed"} = {...}; '') sample;
msg = ''
In file ${def.file}
a list is being assigned to the option config.${option}.
This will soon be an error as type loaOf is deprecated.
See https://git.io/fj2zm for more information.
Do
${option} =
{ ${set}...}
instead of
${option} =
[ ${list}...]
'';
in in
{ inherit (def) file; lib.warn msg res
value = listToAttrs (
imap1 (elemIdx: elem:
{ name = elem.name or (unnamed elemIdx);
value = elem;
}) def.value);
}
else else
def; def;
attrOnly = attrsOf elemType; attrOnly = attrsOf elemType;
@ -322,7 +338,7 @@ rec {
name = "loaOf"; name = "loaOf";
description = "list or attribute set of ${elemType.description}s"; description = "list or attribute set of ${elemType.description}s";
check = x: isList x || isAttrs x; check = x: isList x || isAttrs x;
merge = loc: defs: attrOnly.merge loc (convertAllLists defs); merge = loc: defs: attrOnly.merge loc (convertAllLists loc defs);
getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name?>"]); getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name?>"]);
getSubModules = elemType.getSubModules; getSubModules = elemType.getSubModules;
substSubModules = m: loaOf (elemType.substSubModules m); substSubModules = m: loaOf (elemType.substSubModules m);

6
maintainers/maintainer-list.nix
View file

@ -4430,6 +4430,12 @@
githubId = 4378377; githubId = 4378377;
name = "Matthias Devlamynck"; name = "Matthias Devlamynck";
}; };
mdlayher = {
email = "mdlayher@gmail.com";
github = "mdlayher";
githubId = 1926905;
name = "Matt Layher";
};
meditans = { meditans = {
email = "meditans@gmail.com"; email = "meditans@gmail.com";
github = "meditans"; github = "meditans";

13
nixos/modules/config/i18n.nix
View file

@ -80,14 +80,11 @@ with lib;
}; };
# /etc/locale.conf is used by systemd. # /etc/locale.conf is used by systemd.
environment.etc = singleton environment.etc."locale.conf".source = pkgs.writeText "locale.conf"
{ target = "locale.conf"; ''
source = pkgs.writeText "locale.conf" LANG=${config.i18n.defaultLocale}
'' ${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
LANG=${config.i18n.defaultLocale} '';
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
'';
};
}; };
} }

4
nixos/modules/config/ldap.nix
View file

@ -224,7 +224,9 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.etc = optional (!cfg.daemon.enable) ldapConfig; environment.etc = optionalAttrs (!cfg.daemon.enable) {
"ldap.conf" = ldapConfig;
};
system.activationScripts = mkIf (!cfg.daemon.enable) { system.activationScripts = mkIf (!cfg.daemon.enable) {
ldap = stringAfter [ "etc" "groups" "users" ] '' ldap = stringAfter [ "etc" "groups" "users" ] ''

27
nixos/modules/config/pulseaudio.nix
View file

@ -215,9 +215,8 @@ in {
config = mkMerge [ config = mkMerge [
{ {
environment.etc = singleton { environment.etc = {
target = "pulse/client.conf"; "pulse/client.conf".source = clientConf;
source = clientConf;
}; };
hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa"; hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";
@ -228,19 +227,16 @@ in {
sound.enable = true; sound.enable = true;
environment.etc = [ environment.etc = {
{ target = "asound.conf"; "asound.conf".source = alsaConf;
source = alsaConf; }
{ target = "pulse/daemon.conf"; "pulse/daemon.conf".source = writeText "daemon.conf"
source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); } (lib.generators.toKeyValue {} cfg.daemon.config);
{ target = "openal/alsoft.conf"; "openal/alsoft.conf".source = writeText "alsoft.conf" "drivers=pulse";
source = writeText "alsoft.conf" "drivers=pulse"; }
{ target = "libao.conf"; "libao.conf".source = writeText "libao.conf" "default_driver=pulse";
source = writeText "libao.conf" "default_driver=pulse"; } };
];
# Disable flat volumes to enable relative ones # Disable flat volumes to enable relative ones
hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no"; hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";
@ -275,9 +271,8 @@ in {
}) })
(mkIf nonSystemWide { (mkIf nonSystemWide {
environment.etc = singleton { environment.etc = {
target = "pulse/default.pa"; "pulse/default.pa".source = myConfigFile;
source = myConfigFile;
}; };
systemd.user = { systemd.user = {
services.pulseaudio = { services.pulseaudio = {

2
nixos/modules/i18n/input-method/ibus.nix
View file

@ -64,6 +64,8 @@ in
# Without dconf enabled it is impossible to use IBus # Without dconf enabled it is impossible to use IBus
programs.dconf.enable = true; programs.dconf.enable = true;
programs.dconf.profiles.ibus = "${ibusPackage}/etc/dconf/profile/ibus";
services.dbus.packages = [ services.dbus.packages = [
ibusAutostart ibusAutostart
]; ];

5
nixos/modules/installer/cd-dvd/system-tarball-pc.nix
View file

@ -122,11 +122,10 @@ in
/* fake entry, just to have a happy stage-1. Users /* fake entry, just to have a happy stage-1. Users
may boot without having stage-1 though */ may boot without having stage-1 though */
fileSystems = [ fileSystems.fake =
{ mountPoint = "/"; { mountPoint = "/";
device = "/dev/something"; device = "/dev/something";
} };
];
nixpkgs.config = { nixpkgs.config = {
packageOverrides = p: { packageOverrides = p: {

5
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View file

@ -117,11 +117,10 @@ in
/* fake entry, just to have a happy stage-1. Users /* fake entry, just to have a happy stage-1. Users
may boot without having stage-1 though */ may boot without having stage-1 though */
fileSystems = [ fileSystems.fake =
{ mountPoint = "/"; { mountPoint = "/";
device = "/dev/something"; device = "/dev/something";
} };
];
services.mingetty = { services.mingetty = {
# Some more help text. # Some more help text.

2
nixos/modules/installer/cd-dvd/system-tarball.nix
View file

@ -41,7 +41,7 @@ in
# In stage 1 of the boot, mount the CD/DVD as the root FS by label # In stage 1 of the boot, mount the CD/DVD as the root FS by label
# so that we don't need to know its device. # so that we don't need to know its device.
fileSystems = [ ]; fileSystems = { };
# boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ]; # boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];

9
nixos/modules/programs/dconf.nix
View file

@ -6,7 +6,10 @@ let
cfg = config.programs.dconf; cfg = config.programs.dconf;
mkDconfProfile = name: path: mkDconfProfile = name: path:
{ source = path; target = "dconf/profile/${name}"; }; {
name = "dconf/profile/${name}";
value.source = path;
};
in in
{ {
@ -29,8 +32,8 @@ in
###### implementation ###### implementation
config = mkIf (cfg.profiles != {} || cfg.enable) { config = mkIf (cfg.profiles != {} || cfg.enable) {
environment.etc = optionals (cfg.profiles != {}) environment.etc = optionalAttrs (cfg.profiles != {})
(mapAttrsToList mkDconfProfile cfg.profiles); (mapAttrs' mkDconfProfile cfg.profiles);
services.dbus.packages = [ pkgs.dconf ]; services.dbus.packages = [ pkgs.dconf ];

26
nixos/modules/programs/shadow.nix
View file

@ -76,22 +76,18 @@ in
config.users.defaultUserShell; config.users.defaultUserShell;
environment.etc = environment.etc =
[ { # /etc/login.defs: global configuration for pwdutils. You { # /etc/login.defs: global configuration for pwdutils. You
# cannot login without it! # cannot login without it!
source = pkgs.writeText "login.defs" loginDefs; "login.defs".source = pkgs.writeText "login.defs" loginDefs;
target = "login.defs";
}
{ # /etc/default/useradd: configuration for useradd. # /etc/default/useradd: configuration for useradd.
source = pkgs.writeText "useradd" "default/useradd".source = pkgs.writeText "useradd"
'' ''
GROUP=100 GROUP=100
HOME=/home HOME=/home
SHELL=${utils.toShellPath config.users.defaultUserShell} SHELL=${utils.toShellPath config.users.defaultUserShell}
''; '';
target = "default/useradd"; };
}
];
security.pam.services = security.pam.services =
{ chsh = { rootOK = true; }; { chsh = { rootOK = true; };

28
nixos/modules/security/duosec.nix
View file

@ -25,19 +25,21 @@ let
accept_env_factor=${boolToStr cfg.acceptEnvFactor} accept_env_factor=${boolToStr cfg.acceptEnvFactor}
''; '';
loginCfgFile = optional cfg.ssh.enable loginCfgFile = optionalAttrs cfg.ssh.enable {
{ source = pkgs.writeText "login_duo.conf" configFileLogin; "duo/login_duo.conf" =
mode = "0600"; { source = pkgs.writeText "login_duo.conf" configFileLogin;
user = "sshd"; mode = "0600";
target = "duo/login_duo.conf"; user = "sshd";
}; };
};
pamCfgFile = optional cfg.pam.enable pamCfgFile = optional cfg.pam.enable {
{ source = pkgs.writeText "pam_duo.conf" configFilePam; "duo/pam_duo.conf" =
mode = "0600"; { source = pkgs.writeText "pam_duo.conf" configFilePam;
user = "sshd"; mode = "0600";
target = "duo/pam_duo.conf"; user = "sshd";
}; };
};
in in
{ {
options = { options = {
@ -186,7 +188,7 @@ in
environment.systemPackages = [ pkgs.duo-unix ]; environment.systemPackages = [ pkgs.duo-unix ];
security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo"; security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";
environment.etc = loginCfgFile ++ pamCfgFile; environment.etc = loginCfgFile // pamCfgFile;
/* If PAM *and* SSH are enabled, then don't do anything special. /* If PAM *and* SSH are enabled, then don't do anything special.
If PAM isn't used, set the default SSH-only options. */ If PAM isn't used, set the default SSH-only options. */

9
nixos/modules/security/pam.nix
View file

@ -475,9 +475,9 @@ let
motd = pkgs.writeText "motd" config.users.motd; motd = pkgs.writeText "motd" config.users.motd;
makePAMService = pamService: makePAMService = name: service:
{ source = pkgs.writeText "${pamService.name}.pam" pamService.text; { name = "pam.d/${name}";
target = "pam.d/${pamService.name}"; value.source = pkgs.writeText "${name}.pam" service.text;
}; };
in in
@ -760,8 +760,7 @@ in
}; };
}; };
environment.etc = environment.etc = mapAttrs' makePAMService config.security.pam.services;
mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
security.pam.services = security.pam.services =
{ other.text = { other.text =

5
nixos/modules/security/pam_mount.nix
View file

@ -36,8 +36,7 @@ in
config = mkIf (cfg.enable || anyPamMount) { config = mkIf (cfg.enable || anyPamMount) {
environment.systemPackages = [ pkgs.pam_mount ]; environment.systemPackages = [ pkgs.pam_mount ];
environment.etc = [{ environment.etc."security/pam_mount.conf.xml" = {
target = "security/pam_mount.conf.xml";
source = source =
let let
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users; extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
@ -66,7 +65,7 @@ in
${concatStringsSep "\n" cfg.extraVolumes} ${concatStringsSep "\n" cfg.extraVolumes}
</pam_mount> </pam_mount>
''; '';
}]; };
}; };
} }

5
nixos/modules/security/rtkit.nix
View file

@ -34,9 +34,8 @@ with lib;
services.dbus.packages = [ pkgs.rtkit ]; services.dbus.packages = [ pkgs.rtkit ];
users.users = singleton users.users.rtkit =
{ name = "rtkit"; { uid = config.ids.uids.rtkit;
uid = config.ids.uids.rtkit;
description = "RealtimeKit daemon"; description = "RealtimeKit daemon";
}; };

3
nixos/modules/security/sudo.nix
View file

@ -212,7 +212,7 @@ in
security.pam.services.sudo = { sshAgentAuth = true; }; security.pam.services.sudo = { sshAgentAuth = true; };
environment.etc = singleton environment.etc.sudoers =
{ source = { source =
pkgs.runCommand "sudoers" pkgs.runCommand "sudoers"
{ {
@ -222,7 +222,6 @@ in
# Make sure that the sudoers file is syntactically valid. # Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66) # (currently disabled - NIXOS-66)
"${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out"; "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";
target = "sudoers";
mode = "0440"; mode = "0440";
}; };

2
nixos/modules/services/admin/oxidized.nix
View file

@ -111,7 +111,7 @@ in
Restart = "always"; Restart = "always";
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
KillSignal = "SIGKILL"; KillSignal = "SIGKILL";
PIDFile = "${cfg.dataDir}.config/oxidized/pid"; PIDFile = "${cfg.dataDir}/.config/oxidized/pid";
}; };
}; };
}; };

24
nixos/modules/services/audio/mpd.nix
View file

@ -184,19 +184,19 @@ in {
}; };
}; };
users.users = optionalAttrs (cfg.user == name) (singleton { users.users = optionalAttrs (cfg.user == name) {
inherit uid; ${name} = {
inherit name; inherit uid;
group = cfg.group; group = cfg.group;
extraGroups = [ "audio" ]; extraGroups = [ "audio" ];
description = "Music Player Daemon user"; description = "Music Player Daemon user";
home = "${cfg.dataDir}"; home = "${cfg.dataDir}";
}); };
};
users.groups = optionalAttrs (cfg.group == name) (singleton { users.groups = optionalAttrs (cfg.group == name) {
inherit name; ${name}.gid = gid;
gid = gid; };
});
}; };
} }

7
nixos/modules/services/backup/mysql-backup.nix
View file

@ -84,13 +84,14 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == defaultUser) (singleton users.users = optionalAttrs (cfg.user == defaultUser) {
{ name = defaultUser; ${defaultUser} = {
isSystemUser = true; isSystemUser = true;
createHome = false; createHome = false;
home = cfg.location; home = cfg.location;
group = "nogroup"; group = "nogroup";
}); };
};
services.mysql.ensureUsers = [{ services.mysql.ensureUsers = [{
name = cfg.user; name = cfg.user;

3
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -266,8 +266,7 @@ in {
"d /var/lib/kubernetes 0755 kubernetes kubernetes -" "d /var/lib/kubernetes 0755 kubernetes kubernetes -"
]; ];
users.users = singleton { users.users.kubernetes = {
name = "kubernetes";
uid = config.ids.uids.kubernetes; uid = config.ids.uids.kubernetes;
description = "Kubernetes user"; description = "Kubernetes user";
extraGroups = [ "docker" ]; extraGroups = [ "docker" ];

21
nixos/modules/services/continuous-integration/buildbot/master.nix
View file

@ -223,18 +223,19 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.groups = optional (cfg.group == "buildbot") { users.groups = optional (cfg.group == "buildbot") {
name = "buildbot"; buildbot = { };
}; };
users.users = optional (cfg.user == "buildbot") { users.users = optionalAttrs (cfg.user == "buildbot") {
name = "buildbot"; buildbot = {
description = "Buildbot User."; description = "Buildbot User.";
isNormalUser = true; isNormalUser = true;
createHome = true; createHome = true;
home = cfg.home; home = cfg.home;
group = cfg.group; group = cfg.group;
extraGroups = cfg.extraGroups; extraGroups = cfg.extraGroups;
useDefaultShell = true; useDefaultShell = true;
};
}; };
systemd.services.buildbot-master = { systemd.services.buildbot-master = {

21
nixos/modules/services/continuous-integration/buildbot/worker.nix
View file

@ -137,18 +137,19 @@ in {
services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass); services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);
users.groups = optional (cfg.group == "bbworker") { users.groups = optional (cfg.group == "bbworker") {
name = "bbworker"; bbworker = { };
}; };
users.users = optional (cfg.user == "bbworker") { users.users = optionalAttrs (cfg.user == "bbworker") {
name = "bbworker"; bbworker = {
description = "Buildbot Worker User."; description = "Buildbot Worker User.";
isNormalUser = true; isNormalUser = true;
createHome = true; createHome = true;
home = cfg.home; home = cfg.home;
group = cfg.group; group = cfg.group;
extraGroups = cfg.extraGroups; extraGroups = cfg.extraGroups;
useDefaultShell = true; useDefaultShell = true;
};
}; };
systemd.services.buildbot-worker = { systemd.services.buildbot-worker = {

24
nixos/modules/services/continuous-integration/gocd-agent/default.nix
View file

@ -135,20 +135,20 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.groups = optional (cfg.group == "gocd-agent") { users.groups = optionalAttrs (cfg.group == "gocd-agent") {
name = "gocd-agent"; gocd-agent.gid = config.ids.gids.gocd-agent;
gid = config.ids.gids.gocd-agent;
}; };
users.users = optional (cfg.user == "gocd-agent") { users.users = optionalAttrs (cfg.user == "gocd-agent") {
name = "gocd-agent"; gocd-agent = {
description = "gocd-agent user"; description = "gocd-agent user";
createHome = true; createHome = true;
home = cfg.workDir; home = cfg.workDir;
group = cfg.group; group = cfg.group;
extraGroups = cfg.extraGroups; extraGroups = cfg.extraGroups;
useDefaultShell = true; useDefaultShell = true;
uid = config.ids.uids.gocd-agent; uid = config.ids.uids.gocd-agent;
};
}; };
systemd.services.gocd-agent = { systemd.services.gocd-agent = {

24
nixos/modules/services/continuous-integration/gocd-server/default.nix
View file

@ -143,20 +143,20 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.groups = optional (cfg.group == "gocd-server") { users.groups = optionalAttrs (cfg.group == "gocd-server") {
name = "gocd-server"; gocd-server.gid = config.ids.gids.gocd-server;
gid = config.ids.gids.gocd-server;
}; };
users.users = optional (cfg.user == "gocd-server") { users.users = optionalAttrs (cfg.user == "gocd-server") {
name = "gocd-server"; gocd-server = {
description = "gocd-server user"; description = "gocd-server user";
createHome = true; createHome = true;
home = cfg.workDir; home = cfg.workDir;
group = cfg.group; group = cfg.group;
extraGroups = cfg.extraGroups; extraGroups = cfg.extraGroups;
useDefaultShell = true; useDefaultShell = true;
uid = config.ids.uids.gocd-server; uid = config.ids.uids.gocd-server;
};
}; };
systemd.services.gocd-server = { systemd.services.gocd-server = {

24
nixos/modules/services/continuous-integration/jenkins/default.nix
View file

@ -150,20 +150,20 @@ in {
pkgs.dejavu_fonts pkgs.dejavu_fonts
]; ];
users.groups = optional (cfg.group == "jenkins") { users.groups = optionalAttrs (cfg.group == "jenkins") {
name = "jenkins"; jenkins.gid = config.ids.gids.jenkins;
gid = config.ids.gids.jenkins;
}; };
users.users = optional (cfg.user == "jenkins") { users.users = optionalAttrs (cfg.user == "jenkins") {
name = "jenkins"; jenkins = {
description = "jenkins user"; description = "jenkins user";
createHome = true; createHome = true;
home = cfg.home; home = cfg.home;
group = cfg.group; group = cfg.group;
extraGroups = cfg.extraGroups; extraGroups = cfg.extraGroups;
useDefaultShell = true; useDefaultShell = true;
uid = config.ids.uids.jenkins; uid = config.ids.uids.jenkins;
};
}; };
systemd.services.jenkins = { systemd.services.jenkins = {

20
nixos/modules/services/continuous-integration/jenkins/slave.nix
View file

@ -51,18 +51,18 @@ in {
config = mkIf (cfg.enable && !masterCfg.enable) { config = mkIf (cfg.enable && !masterCfg.enable) {
users.groups = optional (cfg.group == "jenkins") { users.groups = optional (cfg.group == "jenkins") {
name = "jenkins"; jenkins.gid = config.ids.gids.jenkins;
gid = config.ids.gids.jenkins;
}; };
users.users = optional (cfg.user == "jenkins") { users.users = optionalAttrs (cfg.user == "jenkins") {
name = "jenkins"; jenkins = {
description = "jenkins user"; description = "jenkins user";
createHome = true; createHome = true;
home = cfg.home; home = cfg.home;
group = cfg.group; group = cfg.group;
useDefaultShell = true; useDefaultShell = true;
uid = config.ids.uids.jenkins; uid = config.ids.uids.jenkins;
};
}; };
}; };
} }

14
nixos/modules/services/databases/cockroachdb.nix
View file

@ -171,17 +171,17 @@ in
environment.systemPackages = [ crdb ]; environment.systemPackages = [ crdb ];
users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton users.users = optionalAttrs (cfg.user == "cockroachdb") {
{ name = "cockroachdb"; cockroachdb = {
description = "CockroachDB Server User"; description = "CockroachDB Server User";
uid = config.ids.uids.cockroachdb; uid = config.ids.uids.cockroachdb;
group = cfg.group; group = cfg.group;
}); };
};
users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton users.groups = optionalAttrs (cfg.group == "cockroachdb") {
{ name = "cockroachdb"; cockroachdb.gid = config.ids.gids.cockroachdb;
gid = config.ids.gids.cockroachdb; };
});
networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts
[ cfg.http.port cfg.listen.port ]; [ cfg.http.port cfg.listen.port ];

14
nixos/modules/services/databases/foundationdb.nix
View file

@ -341,17 +341,17 @@ in
environment.systemPackages = [ pkg ]; environment.systemPackages = [ pkg ];
users.users = optionalAttrs (cfg.user == "foundationdb") (singleton users.users = optionalAttrs (cfg.user == "foundationdb") {
{ name = "foundationdb"; foundationdb = {
description = "FoundationDB User"; description = "FoundationDB User";
uid = config.ids.uids.foundationdb; uid = config.ids.uids.foundationdb;
group = cfg.group; group = cfg.group;
}); };
};
users.groups = optionalAttrs (cfg.group == "foundationdb") (singleton users.groups = optionalAttrs (cfg.group == "foundationdb") {
{ name = "foundationdb"; foundationdb.gid = config.ids.gids.foundationdb;
gid = config.ids.gids.foundationdb; };
});
networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall
[ { from = cfg.listenPortStart; [ { from = cfg.listenPortStart;

14
nixos/modules/services/databases/influxdb.nix
View file

@ -182,15 +182,15 @@ in
''; '';
}; };
users.users = optional (cfg.user == "influxdb") { users.users = optionalAttrs (cfg.user == "influxdb") {
name = "influxdb"; influxdb = {
uid = config.ids.uids.influxdb; uid = config.ids.uids.influxdb;
description = "Influxdb daemon user"; description = "Influxdb daemon user";
};
}; };
users.groups = optional (cfg.group == "influxdb") { users.groups = optionalAttrs (cfg.group == "influxdb") {
name = "influxdb"; influxdb.gid = config.ids.gids.influxdb;
gid = config.ids.gids.influxdb;
}; };
}; };

7
nixos/modules/services/databases/memcached.nix
View file

@ -64,10 +64,9 @@ in
config = mkIf config.services.memcached.enable { config = mkIf config.services.memcached.enable {
users.users = optional (cfg.user == "memcached") { users.users = optionalAttrs (cfg.user == "memcached") {
name = "memcached"; memcached.description = "Memcached server user";
description = "Memcached server user"; memcached.isSystemUser = true;
isSystemUser = true;
}; };
environment.systemPackages = [ memcached ]; environment.systemPackages = [ memcached ];

3
nixos/modules/services/databases/neo4j.nix
View file

@ -650,8 +650,7 @@ in {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
users.users = singleton { users.users.neo4j = {
name = "neo4j";
uid = config.ids.uids.neo4j; uid = config.ids.uids.neo4j;
description = "Neo4j daemon user"; description = "Neo4j daemon user";
home = cfg.directories.home; home = cfg.directories.home;

5
nixos/modules/services/databases/virtuoso.nix
View file

@ -54,9 +54,8 @@ with lib;
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = singleton users.users.${virtuosoUser} =
{ name = virtuosoUser; { uid = config.ids.uids.virtuoso;
uid = config.ids.uids.virtuoso;
description = "virtuoso user"; description = "virtuoso user";
home = stateDir; home = stateDir;
}; };

15
nixos/modules/services/editors/infinoted.nix
View file

@ -111,14 +111,15 @@ in {
}; };
config = mkIf (cfg.enable) { config = mkIf (cfg.enable) {
users.users = optional (cfg.user == "infinoted") users.users = optionalAttrs (cfg.user == "infinoted")
{ name = "infinoted"; { infinoted = {
description = "Infinoted user"; description = "Infinoted user";
group = cfg.group; group = cfg.group;
isSystemUser = true; isSystemUser = true;
};
}; };
users.groups = optional (cfg.group == "infinoted") users.groups = optionalAttrs (cfg.group == "infinoted")
{ name = "infinoted"; { infinoted = { };
}; };
systemd.services.infinoted = systemd.services.infinoted =

6
nixos/modules/services/hardware/bluetooth.nix
View file

@ -74,9 +74,9 @@ in {
environment.systemPackages = [ bluez-bluetooth ]; environment.systemPackages = [ bluez-bluetooth ];
environment.etc = singleton { environment.etc."bluetooth/main.conf"= {
source = pkgs.writeText "main.conf" (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig); source = pkgs.writeText "main.conf"
target = "bluetooth/main.conf"; (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
}; };
services.udev.packages = [ bluez-bluetooth ]; services.udev.packages = [ bluez-bluetooth ];

11
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
View file

@ -67,11 +67,11 @@ in
{ {
options = { options = {
hardware.sane.brscan4.enable = hardware.sane.brscan4.enable =
mkEnableOption "Brother's brscan4 scan backend" // { mkEnableOption "Brother's brscan4 scan backend" // {
description = '' description = ''
When enabled, will automatically register the "brscan4" sane When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location. backend and bring configuration files to their expected location.
''; '';
}; };
@ -95,14 +95,11 @@ in
pkgs.brscan4 pkgs.brscan4
]; ];
environment.etc = singleton { environment.etc."opt/brother/scanner/brscan4" =
target = "opt/brother/scanner/brscan4"; { source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; };
source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
};
assertions = [ assertions = [
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList; { assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
message = '' message = ''
When describing a network device as part of the attribute list When describing a network device as part of the attribute list
`hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename` `hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`

14
nixos/modules/services/hardware/tcsd.nix
View file

@ -137,15 +137,15 @@ in
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}"; serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
}; };
users.users = optionalAttrs (cfg.user == "tss") (singleton users.users = optionalAttrs (cfg.user == "tss") {
{ name = "tss"; tss = {
group = "tss"; group = "tss";
uid = config.ids.uids.tss; uid = config.ids.uids.tss;
}); };
};
users.groups = optionalAttrs (cfg.group == "tss") (singleton users.groups = optionalAttrs (cfg.group == "tss") {
{ name = "tss"; tss.gid = config.ids.gids.tss;
gid = config.ids.gids.tss; };
});
}; };
} }

15
nixos/modules/services/hardware/tlp.nix
View file

@ -103,13 +103,14 @@ in
services.udev.packages = [ tlp ]; services.udev.packages = [ tlp ];
environment.etc = [{ source = confFile; environment.etc =
target = "default/tlp"; {
} "default/tlp".source = confFile;
] ++ optional enableRDW { } // optionalAttrs enableRDW {
source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm"; "NetworkManager/dispatcher.d/99tlp-rdw-nm" = {
target = "NetworkManager/dispatcher.d/99tlp-rdw-nm"; source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
}; };
};
environment.systemPackages = [ tlp ]; environment.systemPackages = [ tlp ];

11
nixos/modules/services/hardware/udev.nix
View file

@ -281,13 +281,10 @@ in
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ]; boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
environment.etc = environment.etc =
[ { source = udevRules; {
target = "udev/rules.d"; "udev/rules.d".source = udevRules;
} "udev/hwdb.bin".source = hwdbBin;
{ source = hwdbBin; };
target = "udev/hwdb.bin";
}
];
system.requiredKernelConfig = with config.lib.kernelConfig; [ system.requiredKernelConfig = with config.lib.kernelConfig; [
(isEnabled "UNIX") (isEnabled "UNIX")

13
nixos/modules/services/hardware/usbmuxd.nix
View file

@ -43,15 +43,16 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = optional (cfg.user == defaultUserGroup) { users.users = optionalAttrs (cfg.user == defaultUserGroup) {
name = cfg.user; ${cfg.user} = {
description = "usbmuxd user"; description = "usbmuxd user";
group = cfg.group; group = cfg.group;
isSystemUser = true; isSystemUser = true;
};
}; };
users.groups = optional (cfg.group == defaultUserGroup) { users.groups = optional (cfg.group == defaultUserGroup) {
name = cfg.group; ${cfg.group} = { };
}; };
# Give usbmuxd permission for Apple devices # Give usbmuxd permission for Apple devices

7
nixos/modules/services/logging/logcheck.nix
View file

@ -213,13 +213,14 @@ in
mapAttrsToList writeIgnoreRule cfg.ignore mapAttrsToList writeIgnoreRule cfg.ignore
++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron; ++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;
users.users = optionalAttrs (cfg.user == "logcheck") (singleton users.users = optionalAttrs (cfg.user == "logcheck") {
{ name = "logcheck"; logcheck = {
uid = config.ids.uids.logcheck; uid = config.ids.uids.logcheck;
shell = "/bin/sh"; shell = "/bin/sh";
description = "Logcheck user account"; description = "Logcheck user account";
extraGroups = cfg.extraGroups; extraGroups = cfg.extraGroups;
}); };
};
system.activationScripts.logcheck = '' system.activationScripts.logcheck = ''
mkdir -m 700 -p /var/{lib,lock}/logcheck mkdir -m 700 -p /var/{lib,lock}/logcheck

50
nixos/modules/services/mail/dovecot.nix
View file

@ -310,36 +310,32 @@ in
++ optional cfg.enablePop3 "pop3" ++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp"; ++ optional cfg.enableLmtp "lmtp";
users.users = [ users.users = {
{ name = "dovenull"; dovenull =
uid = config.ids.uids.dovenull2; { uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins"; description = "Dovecot user for untrusted logins";
group = "dovenull"; group = "dovenull";
} };
] ++ optional (cfg.user == "dovecot2") } // optionalAttrs (cfg.user == "dovecot2") {
{ name = "dovecot2"; dovecot2 =
uid = config.ids.uids.dovecot2; { uid = config.ids.uids.dovecot2;
description = "Dovecot user"; description = "Dovecot user";
group = cfg.group; group = cfg.group;
} };
++ optional (cfg.createMailUser && cfg.mailUser != null) } // optionalAttrs (cfg.createMailUser && cfg.mailUser != null) {
({ name = cfg.mailUser; ${cfg.mailUser} =
description = "Virtual Mail User"; { description = "Virtual Mail User"; } //
} // optionalAttrs (cfg.mailGroup != null) { optionalAttrs (cfg.mailGroup != null)
group = cfg.mailGroup; { group = cfg.mailGroup; };
}); };
users.groups = optional (cfg.group == "dovecot2") users.groups = {
{ name = "dovecot2"; dovenull.gid = config.ids.gids.dovenull2;
gid = config.ids.gids.dovecot2; } // optionalAttrs (cfg.group == "dovecot2") {
} dovecot2.gid = config.ids.gids.dovecot2;
++ optional (cfg.createMailUser && cfg.mailGroup != null) } // optionalAttrs (cfg.createMailUser && cfg.mailGroup != null) {
{ name = cfg.mailGroup; ${cfg.mailGroup} = { };
} };
++ singleton
{ name = "dovenull";
gid = config.ids.gids.dovenull2;
};
environment.etc."dovecot/modules".source = modulesDir; environment.etc."dovecot/modules".source = modulesDir;
environment.etc."dovecot/dovecot.conf".source = cfg.configFile; environment.etc."dovecot/dovecot.conf".source = cfg.configFile;

14
nixos/modules/services/mail/dspam.nix
View file

@ -86,16 +86,16 @@ in {
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
users.users = optionalAttrs (cfg.user == "dspam") (singleton users.users = optionalAttrs (cfg.user == "dspam") {
{ name = "dspam"; dspam = {
group = cfg.group; group = cfg.group;
uid = config.ids.uids.dspam; uid = config.ids.uids.dspam;
}); };
};
users.groups = optionalAttrs (cfg.group == "dspam") (singleton users.groups = optionalAttrs (cfg.group == "dspam") {
{ name = "dspam"; dspam.gid = config.ids.gids.dspam;
gid = config.ids.gids.dspam; };
});
environment.systemPackages = [ dspam ]; environment.systemPackages = [ dspam ];

6
nixos/modules/services/mail/exim.nix
View file

@ -87,15 +87,13 @@ in
systemPackages = [ cfg.package ]; systemPackages = [ cfg.package ];
}; };
users.users = singleton { users.users.${cfg.user} = {
name = cfg.user;
description = "Exim mail transfer agent user"; description = "Exim mail transfer agent user";
uid = config.ids.uids.exim; uid = config.ids.uids.exim;
group = cfg.group; group = cfg.group;
}; };
users.groups = singleton { users.groups.${cfg.group} = {
name = cfg.group;
gid = config.ids.gids.exim; gid = config.ids.gids.exim;
}; };

6
nixos/modules/services/mail/mlmmj.nix
View file

@ -94,8 +94,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = singleton { users.users.${cfg.user} = {
name = cfg.user;
description = "mlmmj user"; description = "mlmmj user";
home = stateDir; home = stateDir;
createHome = true; createHome = true;
@ -104,8 +103,7 @@ in
useDefaultShell = true; useDefaultShell = true;
}; };
users.groups = singleton { users.groups.${cfg.group} = {
name = cfg.group;
gid = config.ids.gids.mlmmj; gid = config.ids.gids.mlmmj;
}; };

7
nixos/modules/services/mail/nullmailer.nix
View file

@ -201,15 +201,12 @@ with lib;
}; };
users = { users = {
users = singleton { users.${cfg.user} = {
name = cfg.user;
description = "Nullmailer relay-only mta user"; description = "Nullmailer relay-only mta user";
group = cfg.group; group = cfg.group;
}; };
groups = singleton { groups.${cfg.group} = { };
name = cfg.group;
};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

14
nixos/modules/services/mail/opendkim.nix
View file

@ -91,16 +91,16 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "opendkim") (singleton users.users = optionalAttrs (cfg.user == "opendkim") {
{ name = "opendkim"; opendkim = {
group = cfg.group; group = cfg.group;
uid = config.ids.uids.opendkim; uid = config.ids.uids.opendkim;
}); };
};
users.groups = optionalAttrs (cfg.group == "opendkim") (singleton users.groups = optionalAttrs (cfg.group == "opendkim") {
{ name = "opendkim"; opendkim.gid = config.ids.gids.opendkim;
gid = config.ids.gids.opendkim; };
});
environment.systemPackages = [ pkgs.opendkim ]; environment.systemPackages = [ pkgs.opendkim ];

21
nixos/modules/services/mail/postfix.nix
View file

@ -655,21 +655,20 @@ in
setgid = true; setgid = true;
}; };
users.users = optional (user == "postfix") users.users = optionalAttrs (user == "postfix")
{ name = "postfix"; { postfix = {
description = "Postfix mail server user"; description = "Postfix mail server user";
uid = config.ids.uids.postfix; uid = config.ids.uids.postfix;
group = group; group = group;
};
}; };
users.groups = users.groups =
optional (group == "postfix") optionalAttrs (group == "postfix")
{ name = group; { ${group}.gid = config.ids.gids.postfix;
gid = config.ids.gids.postfix;
} }
++ optional (setgidGroup == "postdrop") // optionalAttrs (setgidGroup == "postdrop")
{ name = setgidGroup; { ${setgidGroup}.gid = config.ids.gids.postdrop;
gid = config.ids.gids.postdrop;
}; };
systemd.services.postfix = systemd.services.postfix =

14
nixos/modules/services/mail/postsrsd.nix
View file

@ -90,16 +90,16 @@ in {
services.postsrsd.domain = mkDefault config.networking.hostName; services.postsrsd.domain = mkDefault config.networking.hostName;
users.users = optionalAttrs (cfg.user == "postsrsd") (singleton users.users = optionalAttrs (cfg.user == "postsrsd") {
{ name = "postsrsd"; postsrsd = {
group = cfg.group; group = cfg.group;
uid = config.ids.uids.postsrsd; uid = config.ids.uids.postsrsd;
}); };
};
users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton users.groups = optionalAttrs (cfg.group == "postsrsd") {
{ name = "postsrsd"; postsrsd.gid = config.ids.gids.postsrsd;
gid = config.ids.gids.postsrsd; };
});
systemd.services.postsrsd = { systemd.services.postsrsd = {
description = "PostSRSd SRS rewriting server"; description = "PostSRSd SRS rewriting server";

6
nixos/modules/services/mail/rspamd.nix
View file

@ -374,15 +374,13 @@ in
# Allow users to run 'rspamc' and 'rspamadm'. # Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ]; environment.systemPackages = [ pkgs.rspamd ];
users.users = singleton { users.users.${cfg.user} = {
name = cfg.user;
description = "rspamd daemon"; description = "rspamd daemon";
uid = config.ids.uids.rspamd; uid = config.ids.uids.rspamd;
group = cfg.group; group = cfg.group;
}; };
users.groups = singleton { users.groups.${cfg.group} = {
name = cfg.group;
gid = config.ids.gids.rspamd; gid = config.ids.gids.rspamd;
}; };

6
nixos/modules/services/mail/spamassassin.nix
View file

@ -128,15 +128,13 @@ in
systemPackages = [ pkgs.spamassassin ]; systemPackages = [ pkgs.spamassassin ];
}; };
users.users = singleton { users.users.spamd = {
name = "spamd";
description = "Spam Assassin Daemon"; description = "Spam Assassin Daemon";
uid = config.ids.uids.spamd; uid = config.ids.uids.spamd;
group = "spamd"; group = "spamd";
}; };
users.groups = singleton { users.groups.spamd = {
name = "spamd";
gid = config.ids.gids.spamd; gid = config.ids.gids.spamd;
}; };

3
nixos/modules/services/misc/apache-kafka.nix
View file

@ -124,8 +124,7 @@ in {
environment.systemPackages = [cfg.package]; environment.systemPackages = [cfg.package];
users.users = singleton { users.users.apache-kafka = {
name = "apache-kafka";
uid = config.ids.uids.apache-kafka; uid = config.ids.uids.apache-kafka;
description = "Apache Kafka daemon user"; description = "Apache Kafka daemon user";
home = head cfg.logDirs; home = head cfg.logDirs;

16
nixos/modules/services/misc/bepasty.nix
View file

@ -168,16 +168,12 @@ in
}) })
) cfg.servers; ) cfg.servers;
users.users = [{ users.users.${user} =
uid = config.ids.uids.bepasty; { uid = config.ids.uids.bepasty;
name = user; group = group;
group = group; home = default_home;
home = default_home; };
}];
users.groups = [{ users.groups.${group}.gid = config.ids.gids.bepasty;
name = group;
gid = config.ids.gids.bepasty;
}];
}; };
} }

7
nixos/modules/services/misc/cgminer.nix
View file

@ -110,11 +110,12 @@ in
config = mkIf config.services.cgminer.enable { config = mkIf config.services.cgminer.enable {
users.users = optionalAttrs (cfg.user == "cgminer") (singleton users.users = optionalAttrs (cfg.user == "cgminer") {
{ name = "cgminer"; cgminer = {
uid = config.ids.uids.cgminer; uid = config.ids.uids.cgminer;
description = "Cgminer user"; description = "Cgminer user";
}); };
};
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];

11
nixos/modules/services/misc/couchpotato.nix
View file

@ -29,17 +29,14 @@ in
}; };
}; };
users.users = singleton users.users.couchpotato =
{ name = "couchpotato"; { group = "couchpotato";
group = "couchpotato";
home = "/var/lib/couchpotato/"; home = "/var/lib/couchpotato/";
description = "CouchPotato daemon user"; description = "CouchPotato daemon user";
uid = config.ids.uids.couchpotato; uid = config.ids.uids.couchpotato;
}; };
users.groups = singleton users.groups.couchpotato =
{ name = "couchpotato"; { gid = config.ids.gids.couchpotato; };
gid = config.ids.gids.couchpotato;
};
}; };
} }

10
nixos/modules/services/misc/dictd.nix
View file

@ -45,18 +45,14 @@ in
# get the command line client on system path to make some use of the service # get the command line client on system path to make some use of the service
environment.systemPackages = [ pkgs.dict ]; environment.systemPackages = [ pkgs.dict ];
users.users = singleton users.users.dictd =
{ name = "dictd"; { group = "dictd";
group = "dictd";
description = "DICT.org dictd server"; description = "DICT.org dictd server";
home = "${dictdb}/share/dictd"; home = "${dictdb}/share/dictd";
uid = config.ids.uids.dictd; uid = config.ids.uids.dictd;
}; };
users.groups = singleton users.groups.dictd.gid = config.ids.gids.dictd;
{ name = "dictd";
gid = config.ids.gids.dictd;
};
systemd.services.dictd = { systemd.services.dictd = {
description = "DICT.org Dictionary Server"; description = "DICT.org Dictionary Server";

3
nixos/modules/services/misc/etcd.nix
View file

@ -186,8 +186,7 @@ in {
environment.systemPackages = [ pkgs.etcdctl ]; environment.systemPackages = [ pkgs.etcdctl ];
users.users = singleton { users.users.etcd = {
name = "etcd";
uid = config.ids.uids.etcd; uid = config.ids.uids.etcd;
description = "Etcd daemon user"; description = "Etcd daemon user";
home = cfg.dataDir; home = cfg.dataDir;

3
nixos/modules/services/misc/exhibitor.nix
View file

@ -410,8 +410,7 @@ in
sed -i 's/'"$replace_what"'/'"$replace_with"'/g' ${cfg.baseDir}/zookeeper/bin/zk*.sh sed -i 's/'"$replace_what"'/'"$replace_with"'/g' ${cfg.baseDir}/zookeeper/bin/zk*.sh
''; '';
}; };
users.users = singleton { users.users.zookeeper = {
name = "zookeeper";
uid = config.ids.uids.zookeeper; uid = config.ids.uids.zookeeper;
description = "Zookeeper daemon user"; description = "Zookeeper daemon user";
home = cfg.baseDir; home = cfg.baseDir;

10
nixos/modules/services/misc/felix.nix
View file

@ -47,14 +47,10 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.groups = singleton users.groups.osgi.gid = config.ids.gids.osgi;
{ name = "osgi";
gid = config.ids.gids.osgi;
};
users.users = singleton users.users.osgi =
{ name = "osgi"; { uid = config.ids.uids.osgi;
uid = config.ids.uids.osgi;
description = "OSGi user"; description = "OSGi user";
home = "/homeless-shelter"; home = "/homeless-shelter";
}; };

5
nixos/modules/services/misc/folding-at-home.nix
View file

@ -42,9 +42,8 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = singleton users.users.${fahUser} =
{ name = fahUser; { uid = config.ids.uids.foldingathome;
uid = config.ids.uids.foldingathome;
description = "Folding@Home user"; description = "Folding@Home user";
home = stateDir; home = stateDir;
}; };

14
nixos/modules/services/misc/gitlab.nix
View file

@ -633,20 +633,14 @@ in {
# Use postfix to send out mails. # Use postfix to send out mails.
services.postfix.enable = mkDefault true; services.postfix.enable = mkDefault true;
users.users = [ users.users.${cfg.user} =
{ name = cfg.user; { group = cfg.group;
group = cfg.group;
home = "${cfg.statePath}/home"; home = "${cfg.statePath}/home";
shell = "${pkgs.bash}/bin/bash"; shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.gitlab; uid = config.ids.uids.gitlab;
} };
];
users.groups = [ users.groups.${cfg.group}.gid = config.ids.gids.gitlab;
{ name = cfg.group;
gid = config.ids.gids.gitlab;
}
];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /run/gitlab 0755 ${cfg.user} ${cfg.group} -" "d /run/gitlab 0755 ${cfg.user} ${cfg.group} -"

10
nixos/modules/services/misc/gpsd.nix
View file

@ -86,17 +86,13 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = singleton users.users.gpsd =
{ name = "gpsd"; { inherit uid;
inherit uid;
description = "gpsd daemon user"; description = "gpsd daemon user";
home = "/var/empty"; home = "/var/empty";
}; };
users.groups = singleton users.groups.gpsd = { inherit gid; };
{ name = "gpsd";
inherit gid;
};
systemd.services.gpsd = { systemd.services.gpsd = {
description = "GPSD daemon"; description = "GPSD daemon";

24
nixos/modules/services/misc/headphones.nix
View file

@ -59,19 +59,19 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton { users.users = optionalAttrs (cfg.user == name) {
name = name; ${name} = {
uid = config.ids.uids.headphones; uid = config.ids.uids.headphones;
group = cfg.group; group = cfg.group;
description = "headphones user"; description = "headphones user";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
}); };
};
users.groups = optionalAttrs (cfg.group == name) (singleton { users.groups = optionalAttrs (cfg.group == name) {
name = name; ${name}.gid = config.ids.gids.headphones;
gid = config.ids.gids.headphones; };
});
systemd.services.headphones = { systemd.services.headphones = {
description = "Headphones Server"; description = "Headphones Server";

13
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -657,19 +657,18 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = [ users.users.matrix-synapse =
{ name = "matrix-synapse"; { name = "";
group = "matrix-synapse"; group = "matrix-synapse";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
shell = "${pkgs.bash}/bin/bash"; shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse; uid = config.ids.uids.matrix-synapse;
} ]; };
users.groups = [ users.groups.matrix-synapse = {
{ name = "matrix-synapse"; gid = config.ids.gids.matrix-synapse;
gid = config.ids.gids.matrix-synapse; };
} ];
services.postgresql = mkIf (usePostgresql && cfg.create_local_database) { services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
enable = mkDefault true; enable = mkDefault true;

24
nixos/modules/services/misc/mediatomb.nix
View file

@ -266,19 +266,19 @@ in {
serviceConfig.User = "${cfg.user}"; serviceConfig.User = "${cfg.user}";
}; };
users.groups = optionalAttrs (cfg.group == "mediatomb") (singleton { users.groups = optionalAttrs (cfg.group == "mediatomb") {
name = "mediatomb"; mediatomb.gid = gid;
gid = gid; };
});
users.users = optionalAttrs (cfg.user == "mediatomb") (singleton { users.users = optionalAttrs (cfg.user == "mediatomb") {
name = "mediatomb"; mediatomb = {
isSystemUser = true; isSystemUser = true;
group = cfg.group; group = cfg.group;
home = "${cfg.dataDir}"; home = "${cfg.dataDir}";
createHome = true; createHome = true;
description = "Mediatomb DLNA Server User"; description = "Mediatomb DLNA Server User";
}); };
};
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ 1900 cfg.port ]; allowedUDPPorts = [ 1900 cfg.port ];

10
nixos/modules/services/misc/nix-daemon.nix
View file

@ -12,8 +12,9 @@ let
isNix23 = versionAtLeast nixVersion "2.3pre"; isNix23 = versionAtLeast nixVersion "2.3pre";
makeNixBuildUser = nr: makeNixBuildUser = nr: {
{ name = "nixbld${toString nr}"; name = "nixbld${toString nr}";
value = {
description = "Nix build user ${toString nr}"; description = "Nix build user ${toString nr}";
/* For consistency with the setgid(2), setuid(2), and setgroups(2) /* For consistency with the setgid(2), setuid(2), and setgroups(2)
@ -23,8 +24,9 @@ let
group = "nixbld"; group = "nixbld";
extraGroups = [ "nixbld" ]; extraGroups = [ "nixbld" ];
}; };
};
nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers); nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers));
nixConf = nixConf =
assert versionAtLeast nixVersion "2.2"; assert versionAtLeast nixVersion "2.2";
@ -445,7 +447,7 @@ in
users.users = nixbldUsers; users.users = nixbldUsers;
services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers; services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;
system.activationScripts.nix = stringAfter [ "etc" "users" ] system.activationScripts.nix = stringAfter [ "etc" "users" ]
'' ''

14
nixos/modules/services/misc/octoprint.nix
View file

@ -86,16 +86,16 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "octoprint") (singleton users.users = optionalAttrs (cfg.user == "octoprint") {
{ name = "octoprint"; octoprint = {
group = cfg.group; group = cfg.group;
uid = config.ids.uids.octoprint; uid = config.ids.uids.octoprint;
}); };
};
users.groups = optionalAttrs (cfg.group == "octoprint") (singleton users.groups = optionalAttrs (cfg.group == "octoprint") {
{ name = "octoprint"; octoprint.gid = config.ids.gids.octoprint;
gid = config.ids.gids.octoprint; };
});
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"

14
nixos/modules/services/misc/redmine.nix
View file

@ -367,17 +367,17 @@ in
}; };
users.users = optionalAttrs (cfg.user == "redmine") (singleton users.users = optionalAttrs (cfg.user == "redmine") {
{ name = "redmine"; redmine = {
group = cfg.group; group = cfg.group;
home = cfg.stateDir; home = cfg.stateDir;
uid = config.ids.uids.redmine; uid = config.ids.uids.redmine;
}); };
};
users.groups = optionalAttrs (cfg.group == "redmine") (singleton users.groups = optionalAttrs (cfg.group == "redmine") {
{ name = "redmine"; redmine.gid = config.ids.gids.redmine;
gid = config.ids.gids.redmine; };
});
warnings = optional (cfg.database.password != "") warnings = optional (cfg.database.password != "")
''config.services.redmine.database.password will be stored as plaintext ''config.services.redmine.database.password will be stored as plaintext

5
nixos/modules/services/misc/ripple-data-api.nix
View file

@ -185,9 +185,8 @@ in {
]; ];
}; };
users.users = singleton users.users.ripple-data-api =
{ name = "ripple-data-api"; { description = "Ripple data api user";
description = "Ripple data api user";
uid = config.ids.uids.ripple-data-api; uid = config.ids.uids.ripple-data-api;
}; };
}; };

5
nixos/modules/services/misc/rippled.nix
View file

@ -406,9 +406,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = singleton users.users.rippled =
{ name = "rippled"; { description = "Ripple server user";
description = "Ripple server user";
uid = config.ids.uids.rippled; uid = config.ids.uids.rippled;
home = cfg.databasePath; home = cfg.databasePath;
createHome = true; createHome = true;

13
nixos/modules/services/misc/serviio.nix
View file

@ -63,20 +63,15 @@ in {
}; };
}; };
users.users = [ users.users.serviio =
{ { group = "serviio";
name = "serviio";
group = "serviio";
home = cfg.dataDir; home = cfg.dataDir;
description = "Serviio Media Server User"; description = "Serviio Media Server User";
createHome = true; createHome = true;
isSystemUser = true; isSystemUser = true;
} };
];
users.groups = [ users.groups.serviio = { };
{ name = "serviio";}
];
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [

24
nixos/modules/services/misc/sickbeard.nix
View file

@ -63,19 +63,19 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton { users.users = optionalAttrs (cfg.user == name) {
name = name; ${name} = {
uid = config.ids.uids.sickbeard; uid = config.ids.uids.sickbeard;
group = cfg.group; group = cfg.group;
description = "sickbeard user"; description = "sickbeard user";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
}); };
};
users.groups = optionalAttrs (cfg.group == name) (singleton { users.groups = optionalAttrs (cfg.group == name) {
name = name; ${name}.gid = config.ids.gids.sickbeard;
gid = config.ids.gids.sickbeard; };
});
systemd.services.sickbeard = { systemd.services.sickbeard = {
description = "Sickbeard Server"; description = "Sickbeard Server";

3
nixos/modules/services/misc/siproxd.nix
View file

@ -161,8 +161,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users = singleton { users.users.siproxyd = {
name = "siproxyd";
uid = config.ids.uids.siproxd; uid = config.ids.uids.siproxd;
}; };

16
nixos/modules/services/misc/taskserver/default.nix
View file

@ -368,16 +368,16 @@ in {
(mkIf cfg.enable { (mkIf cfg.enable {
environment.systemPackages = [ nixos-taskserver ]; environment.systemPackages = [ nixos-taskserver ];
users.users = optional (cfg.user == "taskd") { users.users = optionalAttrs (cfg.user == "taskd") {
name = "taskd"; taskd = {
uid = config.ids.uids.taskd; uid = config.ids.uids.taskd;
description = "Taskserver user"; description = "Taskserver user";
group = cfg.group; group = cfg.group;
};
}; };
users.groups = optional (cfg.group == "taskd") { users.groups = optionalAttrs (cfg.group == "taskd") {
name = "taskd"; taskd.gid = config.ids.gids.taskd;
gid = config.ids.gids.taskd;
}; };
services.taskserver.config = { services.taskserver.config = {

24
nixos/modules/services/misc/uhub.nix
View file

@ -41,31 +41,31 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable the uhub ADC hub."; description = "Whether to enable the uhub ADC hub.";
}; };
port = mkOption { port = mkOption {
type = types.int; type = types.int;
default = 1511; default = 1511;
description = "TCP port to bind the hub to."; description = "TCP port to bind the hub to.";
}; };
address = mkOption { address = mkOption {
type = types.str; type = types.str;
default = "any"; default = "any";
description = "Address to bind the hub to."; description = "Address to bind the hub to.";
}; };
enableTLS = mkOption { enableTLS = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable TLS support."; description = "Whether to enable TLS support.";
}; };
hubConfig = mkOption { hubConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = "Contents of uhub configuration file."; description = "Contents of uhub configuration file.";
}; };
aclConfig = mkOption { aclConfig = mkOption {
@ -77,11 +77,11 @@ in
plugins = { plugins = {
authSqlite = { authSqlite = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable the Sqlite authentication database plugin"; description = "Whether to enable the Sqlite authentication database plugin";
}; };
file = mkOption { file = mkOption {
type = types.path; type = types.path;
example = "/var/db/uhub-users"; example = "/var/db/uhub-users";
@ -161,14 +161,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users = { users = {
users = singleton { users.uhub.uid = config.ids.uids.uhub;
name = "uhub"; groups.uhub.gid = config.ids.gids.uhub;
uid = config.ids.uids.uhub;
};
groups = singleton {
name = "uhub";
gid = config.ids.gids.uhub;
};
}; };
systemd.services.uhub = { systemd.services.uhub = {

3
nixos/modules/services/misc/zookeeper.nix
View file

@ -146,8 +146,7 @@ in {
''; '';
}; };
users.users = singleton { users.users.zookeeper = {
name = "zookeeper";
uid = config.ids.uids.zookeeper; uid = config.ids.uids.zookeeper;
description = "Zookeeper daemon user"; description = "Zookeeper daemon user";
home = cfg.dataDir; home = cfg.dataDir;

7
nixos/modules/services/monitoring/collectd.nix
View file

@ -129,9 +129,10 @@ in {
}; };
}; };
users.users = optional (cfg.user == "collectd") { users.users = optionalAttrs (cfg.user == "collectd") {
name = "collectd"; collectd = {
isSystemUser = true; isSystemUser = true;
};
}; };
}; };
} }

21
nixos/modules/services/monitoring/datadog-agent.nix
View file

@ -22,9 +22,9 @@ let
# Generate Datadog configuration files for each configured checks. # Generate Datadog configuration files for each configured checks.
# This works because check configurations have predictable paths, # This works because check configurations have predictable paths,
# and because JSON is a valid subset of YAML. # and because JSON is a valid subset of YAML.
makeCheckConfigs = entries: mapAttrsToList (name: conf: { makeCheckConfigs = entries: mapAttrs' (name: conf: {
source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf); name = "datadog-agent/conf.d/${name}.d/conf.yaml";
target = "datadog-agent/conf.d/${name}.d/conf.yaml"; value.source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
}) entries; }) entries;
defaultChecks = { defaultChecks = {
@ -34,10 +34,11 @@ let
# Assemble all check configurations and the top-level agent # Assemble all check configurations and the top-level agent
# configuration. # configuration.
etcfiles = with pkgs; with builtins; [{ etcfiles = with pkgs; with builtins;
source = writeText "datadog.yaml" (toJSON ddConf); { "datadog-agent/datadog.yaml" = {
target = "datadog-agent/datadog.yaml"; source = writeText "datadog.yaml" (toJSON ddConf);
}] ++ makeCheckConfigs (cfg.checks // defaultChecks); };
} // makeCheckConfigs (cfg.checks // defaultChecks);
# Apply the configured extraIntegrations to the provided agent # Apply the configured extraIntegrations to the provided agent
# package. See the documentation of `dd-agent/integrations-core.nix` # package. See the documentation of `dd-agent/integrations-core.nix`
@ -204,7 +205,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ]; environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ];
users.extraUsers.datadog = { users.users.datadog = {
description = "Datadog Agent User"; description = "Datadog Agent User";
uid = config.ids.uids.datadog; uid = config.ids.uids.datadog;
group = "datadog"; group = "datadog";
@ -212,7 +213,7 @@ in {
createHome = true; createHome = true;
}; };
users.extraGroups.datadog.gid = config.ids.gids.datadog; users.groups.datadog.gid = config.ids.gids.datadog;
systemd.services = let systemd.services = let
makeService = attrs: recursiveUpdate { makeService = attrs: recursiveUpdate {
@ -224,7 +225,7 @@ in {
Restart = "always"; Restart = "always";
RestartSec = 2; RestartSec = 2;
}; };
restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles; restartTriggers = [ datadogPkg ] ++ attrNames etcfiles;
} attrs; } attrs;
in { in {
datadog-agent = makeService { datadog-agent = makeService {

Some files were not shown because too many files have changed in this diff Show more