ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-27 05:43:50 +03:00
Code Issues Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
Frederik Rietdijk 2020-01-07 20:06:22 +01:00
commit a823616723
324 changed files with 2717 additions and 2294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lib/tests/modules.sh
View File

@ -87,36 +87,36 @@ checkConfigOutput "false" "$@" ./define-force-enable.nix
checkConfigOutput "false" "$@" ./define-enable-force.nix
# Check mkForce with option and submodules.
checkConfigError 'attribute .*foo.* .* not found' config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix
checkConfigOutput 'false' config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix
set -- config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix
checkConfigOutput 'false' config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix
set -- config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo-enable.nix
checkConfigOutput 'true' "$@"
checkConfigOutput 'false' "$@" ./define-force-loaOfSub-foo-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-force-foo-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-force-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-enable-force.nix
checkConfigOutput 'false' "$@" ./define-force-attrsOfSub-foo-enable.nix
checkConfigOutput 'false' "$@" ./define-attrsOfSub-force-foo-enable.nix
checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-force-enable.nix
checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-enable-force.nix
# Check overriding effect of mkForce on submodule definitions.
checkConfigError 'attribute .*bar.* .* not found' config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix
checkConfigOutput 'false' config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix ./define-loaOfSub-bar.nix
set -- config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix ./define-loaOfSub-bar-enable.nix
checkConfigError 'attribute .*bar.* .* not found' config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix
checkConfigOutput 'false' config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix ./define-attrsOfSub-bar.nix
set -- config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix ./define-attrsOfSub-bar-enable.nix
checkConfigOutput 'true' "$@"
checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-force-loaOfSub-foo-enable.nix
checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-loaOfSub-force-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-loaOfSub-foo-force-enable.nix
checkConfigOutput 'true' "$@" ./define-loaOfSub-foo-enable-force.nix
checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-force-attrsOfSub-foo-enable.nix
checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-attrsOfSub-force-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-attrsOfSub-foo-force-enable.nix
checkConfigOutput 'true' "$@" ./define-attrsOfSub-foo-enable-force.nix
# Check mkIf with submodules.
checkConfigError 'attribute .*foo.* .* not found' config.loaOfSub.foo.enable ./declare-enable.nix ./declare-loaOfSub-any-enable.nix
set -- config.loaOfSub.foo.enable ./declare-enable.nix ./declare-loaOfSub-any-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-if-loaOfSub-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-loaOfSub-if-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-loaOfSub-foo-if-enable.nix
checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-enable-if.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-if-loaOfSub-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-if-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-if-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-enable-if.nix
checkConfigError 'attribute .*foo.* .* not found' config.attrsOfSub.foo.enable ./declare-enable.nix ./declare-attrsOfSub-any-enable.nix
set -- config.attrsOfSub.foo.enable ./declare-enable.nix ./declare-attrsOfSub-any-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-if-attrsOfSub-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-attrsOfSub-if-foo-enable.nix
checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-attrsOfSub-foo-if-enable.nix
checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-enable-if.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-if-attrsOfSub-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-if-foo-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-foo-if-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-foo-enable-if.nix
# Check disabledModules with config definitions and option declarations.
set -- config.enable ./define-enable.nix ./declare-enable.nix
@ -138,7 +138,7 @@ checkConfigError 'while evaluating the module argument .*custom.* in .*import-cu
checkConfigError 'infinite recursion encountered' "$@"
# Check _module.check.
set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-loaOfSub-foo.nix
set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-attrsOfSub-foo.nix
checkConfigError 'The option .* defined in .* does not exist.' "$@"
checkConfigOutput "true" "$@" ./define-module-check.nix
@ -152,12 +152,6 @@ checkConfigOutput "12" config.value ./declare-coerced-value-unsound.nix
checkConfigError 'The option value .* in .* is not.*8 bit signed integer.* or string convertible to it' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix
checkConfigError 'unrecognised JSON value' config.value ./declare-coerced-value-unsound.nix ./define-value-string-arbitrary.nix
# Check loaOf with long list.
checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-long-list.nix
# Check loaOf with many merges of lists.
checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-many-list-merges.nix
# Check mkAliasOptionModule.
checkConfigOutput "true" config.enable ./alias-with-priority.nix
checkConfigOutput "true" config.enableAlias ./alias-with-priority.nix

4
lib/tests/modules/declare-loaOfSub-any-enable.nix → lib/tests/modules/declare-attrsOfSub-any-enable.nix
View File

@ -17,10 +17,10 @@ in
{
options = {
loaOfSub = lib.mkOption {
attrsOfSub = lib.mkOption {
default = {};
example = {};
type = lib.types.loaOf (lib.types.submodule [ submod ]);
type = lib.types.attrsOf (lib.types.submodule [ submod ]);
description = ''
Some descriptive text
'';

3
lib/tests/modules/define-attrsOfSub-bar-enable.nix Normal file
View File

@ -0,0 +1,3 @@
{
attrsOfSub.bar.enable = true;
}

3
lib/tests/modules/define-attrsOfSub-bar.nix Normal file
View File

@ -0,0 +1,3 @@
{
attrsOfSub.bar = {};
}

5
lib/tests/modules/define-attrsOfSub-foo-enable-force.nix Normal file
View File

@ -0,0 +1,5 @@
{ lib, ... }:
{
attrsOfSub.foo.enable = lib.mkForce false;
}

5
lib/tests/modules/define-attrsOfSub-foo-enable-if.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, ... }:
{
attrsOfSub.foo.enable = lib.mkIf config.enable true;
}

3
lib/tests/modules/define-attrsOfSub-foo-enable.nix Normal file
View File

@ -0,0 +1,3 @@
{
attrsOfSub.foo.enable = true;
}

2
lib/tests/modules/define-loaOfSub-foo-force-enable.nix → lib/tests/modules/define-attrsOfSub-foo-force-enable.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }:
{
loaOfSub.foo = lib.mkForce {
attrsOfSub.foo = lib.mkForce {
enable = false;
};
}

2
lib/tests/modules/define-loaOfSub-foo-if-enable.nix → lib/tests/modules/define-attrsOfSub-foo-if-enable.nix
View File

@ -1,7 +1,7 @@
{ config, lib, ... }:
{
loaOfSub.foo = lib.mkIf config.enable {
attrsOfSub.foo = lib.mkIf config.enable {
enable = true;
};
}

3
lib/tests/modules/define-attrsOfSub-foo.nix Normal file
View File

@ -0,0 +1,3 @@
{
attrsOfSub.foo = {};
}

2
lib/tests/modules/define-loaOfSub-force-foo-enable.nix → lib/tests/modules/define-attrsOfSub-force-foo-enable.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }:
{
loaOfSub = lib.mkForce {
attrsOfSub = lib.mkForce {
foo.enable = false;
};
}

2
lib/tests/modules/define-loaOfSub-if-foo-enable.nix → lib/tests/modules/define-attrsOfSub-if-foo-enable.nix
View File

@ -1,7 +1,7 @@
{ config, lib, ... }:
{
loaOfSub = lib.mkIf config.enable {
attrsOfSub = lib.mkIf config.enable {
foo.enable = true;
};
}

5
lib/tests/modules/define-force-attrsOfSub-foo-enable.nix Normal file
View File

@ -0,0 +1,5 @@
{ lib, ... }:
lib.mkForce {
attrsOfSub.foo.enable = false;
}

5
lib/tests/modules/define-force-loaOfSub-foo-enable.nix
View File

@ -1,5 +0,0 @@
{ lib, ... }:
lib.mkForce {
loaOfSub.foo.enable = false;
}

2
lib/tests/modules/define-if-loaOfSub-foo-enable.nix → lib/tests/modules/define-if-attrsOfSub-foo-enable.nix
View File

@ -1,5 +1,5 @@
{ config, lib, ... }:
lib.mkIf config.enable {
loaOfSub.foo.enable = true;
attrsOfSub.foo.enable = true;
}

3
lib/tests/modules/define-loaOfSub-bar-enable.nix
View File

@ -1,3 +0,0 @@
{
loaOfSub.bar.enable = true;
}

3
lib/tests/modules/define-loaOfSub-bar.nix
View File

@ -1,3 +0,0 @@
{
loaOfSub.bar = {};
}

5
lib/tests/modules/define-loaOfSub-foo-enable-force.nix
View File

@ -1,5 +0,0 @@
{ lib, ... }:
{
loaOfSub.foo.enable = lib.mkForce false;
}

5
lib/tests/modules/define-loaOfSub-foo-enable-if.nix
View File

@ -1,5 +0,0 @@
{ config, lib, ... }:
{
loaOfSub.foo.enable = lib.mkIf config.enable true;
}

3
lib/tests/modules/define-loaOfSub-foo-enable.nix
View File

@ -1,3 +0,0 @@
{
loaOfSub.foo.enable = true;
}

3
lib/tests/modules/define-loaOfSub-foo.nix
View File

@ -1,3 +0,0 @@
{
loaOfSub.foo = {};
}

19
lib/tests/modules/loaOf-with-long-list.nix
View File

@ -1,19 +0,0 @@
{ config, lib, ... }:
{
options = {
loaOfInt = lib.mkOption {
type = lib.types.loaOf lib.types.int;
};
result = lib.mkOption {
type = lib.types.str;
};
};
config = {
loaOfInt = [ 1 2 3 4 5 6 7 8 9 10 ];
result = toString (lib.attrValues config.loaOfInt);
};
}

19
lib/tests/modules/loaOf-with-many-list-merges.nix
View File

@ -1,19 +0,0 @@
{ config, lib, ... }:
{
options = {
loaOfInt = lib.mkOption {
type = lib.types.loaOf lib.types.int;
};
result = lib.mkOption {
type = lib.types.str;
};
};
config = {
loaOfInt = lib.mkMerge (map lib.singleton [ 1 2 3 4 5 6 7 8 9 10 ]);
result = toString (lib.attrValues config.loaOfInt);
};
}

44
lib/types.nix
View File

@ -242,8 +242,7 @@ rec {
path = mkOptionType {
name = "path";
# Hacky: there is no isPath primop.
check = x: builtins.substring 0 1 (toString x) == "/";
check = x: isCoercibleToString x && builtins.substring 0 1 (toString x) == "/";
merge = mergeEqualOption;
};
@ -295,26 +294,43 @@ rec {
# List or attribute set of ...
loaOf = elemType:
let
convertAllLists = defs:
convertAllLists = loc: defs:
let
padWidth = stringLength (toString (length defs));
unnamedPrefix = i: "unnamed-" + fixedWidthNumber padWidth i + ".";
in
imap1 (i: convertIfList (unnamedPrefix i)) defs;
convertIfList = unnamedPrefix: def:
imap1 (i: convertIfList loc (unnamedPrefix i)) defs;
convertIfList = loc: unnamedPrefix: def:
if isList def.value then
let
padWidth = stringLength (toString (length def.value));
unnamed = i: unnamedPrefix + fixedWidthNumber padWidth i;
res =
{ inherit (def) file;
value = listToAttrs (
imap1 (elemIdx: elem:
{ name = elem.name or (unnamed elemIdx);
value = elem;
}) def.value);
};
option = concatStringsSep "." loc;
sample = take 3 def.value;
list = concatMapStrings (x: ''{ name = "${x.name or "unnamed"}"; ...} '') sample;
set = concatMapStrings (x: ''${x.name or "unnamed"} = {...}; '') sample;
msg = ''
In file ${def.file}
a list is being assigned to the option config.${option}.
This will soon be an error as type loaOf is deprecated.
See https://git.io/fj2zm for more information.
Do
${option} =
{ ${set}...}
instead of
${option} =
[ ${list}...]
'';
in
{ inherit (def) file;
value = listToAttrs (
imap1 (elemIdx: elem:
{ name = elem.name or (unnamed elemIdx);
value = elem;
}) def.value);
}
lib.warn msg res
else
def;
attrOnly = attrsOf elemType;
@ -322,7 +338,7 @@ rec {
name = "loaOf";
description = "list or attribute set of ${elemType.description}s";
check = x: isList x || isAttrs x;
merge = loc: defs: attrOnly.merge loc (convertAllLists defs);
merge = loc: defs: attrOnly.merge loc (convertAllLists loc defs);
getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name?>"]);
getSubModules = elemType.getSubModules;
substSubModules = m: loaOf (elemType.substSubModules m);

6
maintainers/maintainer-list.nix
View File

@ -4430,6 +4430,12 @@
githubId = 4378377;
name = "Matthias Devlamynck";
};
mdlayher = {
email = "mdlayher@gmail.com";
github = "mdlayher";
githubId = 1926905;
name = "Matt Layher";
};
meditans = {
email = "meditans@gmail.com";
github = "meditans";

13
nixos/modules/config/i18n.nix
View File

@ -80,14 +80,11 @@ with lib;
};
# /etc/locale.conf is used by systemd.
environment.etc = singleton
{ target = "locale.conf";
source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
'';
};
environment.etc."locale.conf".source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
'';
};
}

4
nixos/modules/config/ldap.nix
View File

@ -224,7 +224,9 @@ in
config = mkIf cfg.enable {
environment.etc = optional (!cfg.daemon.enable) ldapConfig;
environment.etc = optionalAttrs (!cfg.daemon.enable) {
"ldap.conf" = ldapConfig;
};
system.activationScripts = mkIf (!cfg.daemon.enable) {
ldap = stringAfter [ "etc" "groups" "users" ] ''

27
nixos/modules/config/pulseaudio.nix
View File

@ -215,9 +215,8 @@ in {
config = mkMerge [
{
environment.etc = singleton {
target = "pulse/client.conf";
source = clientConf;
environment.etc = {
"pulse/client.conf".source = clientConf;
};
hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";
@ -228,19 +227,16 @@ in {
sound.enable = true;
environment.etc = [
{ target = "asound.conf";
source = alsaConf; }
environment.etc = {
"asound.conf".source = alsaConf;
{ target = "pulse/daemon.conf";
source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); }
"pulse/daemon.conf".source = writeText "daemon.conf"
(lib.generators.toKeyValue {} cfg.daemon.config);
{ target = "openal/alsoft.conf";
source = writeText "alsoft.conf" "drivers=pulse"; }
"openal/alsoft.conf".source = writeText "alsoft.conf" "drivers=pulse";
{ target = "libao.conf";
source = writeText "libao.conf" "default_driver=pulse"; }
];
"libao.conf".source = writeText "libao.conf" "default_driver=pulse";
};
# Disable flat volumes to enable relative ones
hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";
@ -275,9 +271,8 @@ in {
})
(mkIf nonSystemWide {
environment.etc = singleton {
target = "pulse/default.pa";
source = myConfigFile;
environment.etc = {
"pulse/default.pa".source = myConfigFile;
};
systemd.user = {
services.pulseaudio = {

2
nixos/modules/i18n/input-method/ibus.nix
View File

@ -64,6 +64,8 @@ in
# Without dconf enabled it is impossible to use IBus
programs.dconf.enable = true;
programs.dconf.profiles.ibus = "${ibusPackage}/etc/dconf/profile/ibus";
services.dbus.packages = [
ibusAutostart
];

5
nixos/modules/installer/cd-dvd/system-tarball-pc.nix
View File

@ -122,11 +122,10 @@ in
/* fake entry, just to have a happy stage-1. Users
may boot without having stage-1 though */
fileSystems = [
fileSystems.fake =
{ mountPoint = "/";
device = "/dev/something";
}
];
};
nixpkgs.config = {
packageOverrides = p: {

5
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -117,11 +117,10 @@ in
/* fake entry, just to have a happy stage-1. Users
may boot without having stage-1 though */
fileSystems = [
fileSystems.fake =
{ mountPoint = "/";
device = "/dev/something";
}
];
};
services.mingetty = {
# Some more help text.

2
nixos/modules/installer/cd-dvd/system-tarball.nix
View File

@ -41,7 +41,7 @@ in
# In stage 1 of the boot, mount the CD/DVD as the root FS by label
# so that we don't need to know its device.
fileSystems = [ ];
fileSystems = { };
# boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];

9
nixos/modules/programs/dconf.nix
View File

@ -6,7 +6,10 @@ let
cfg = config.programs.dconf;
mkDconfProfile = name: path:
{ source = path; target = "dconf/profile/${name}"; };
{
name = "dconf/profile/${name}";
value.source = path;
};
in
{
@ -29,8 +32,8 @@ in
###### implementation
config = mkIf (cfg.profiles != {} || cfg.enable) {
environment.etc = optionals (cfg.profiles != {})
(mapAttrsToList mkDconfProfile cfg.profiles);
environment.etc = optionalAttrs (cfg.profiles != {})
(mapAttrs' mkDconfProfile cfg.profiles);
services.dbus.packages = [ pkgs.dconf ];

26
nixos/modules/programs/shadow.nix
View File

@ -76,22 +76,18 @@ in
config.users.defaultUserShell;
environment.etc =
[ { # /etc/login.defs: global configuration for pwdutils. You
# cannot login without it!
source = pkgs.writeText "login.defs" loginDefs;
target = "login.defs";
}
{ # /etc/login.defs: global configuration for pwdutils. You
# cannot login without it!
"login.defs".source = pkgs.writeText "login.defs" loginDefs;
{ # /etc/default/useradd: configuration for useradd.
source = pkgs.writeText "useradd"
''
GROUP=100
HOME=/home
SHELL=${utils.toShellPath config.users.defaultUserShell}
'';
target = "default/useradd";
}
];
# /etc/default/useradd: configuration for useradd.
"default/useradd".source = pkgs.writeText "useradd"
''
GROUP=100
HOME=/home
SHELL=${utils.toShellPath config.users.defaultUserShell}
'';
};
security.pam.services =
{ chsh = { rootOK = true; };

28
nixos/modules/security/duosec.nix
View File

@ -25,19 +25,21 @@ let
accept_env_factor=${boolToStr cfg.acceptEnvFactor}
'';
loginCfgFile = optional cfg.ssh.enable
{ source = pkgs.writeText "login_duo.conf" configFileLogin;
mode = "0600";
user = "sshd";
target = "duo/login_duo.conf";
};
loginCfgFile = optionalAttrs cfg.ssh.enable {
"duo/login_duo.conf" =
{ source = pkgs.writeText "login_duo.conf" configFileLogin;
mode = "0600";
user = "sshd";
};
};
pamCfgFile = optional cfg.pam.enable
{ source = pkgs.writeText "pam_duo.conf" configFilePam;
mode = "0600";
user = "sshd";
target = "duo/pam_duo.conf";
};
pamCfgFile = optional cfg.pam.enable {
"duo/pam_duo.conf" =
{ source = pkgs.writeText "pam_duo.conf" configFilePam;
mode = "0600";
user = "sshd";
};
};
in
{
options = {
@ -186,7 +188,7 @@ in
environment.systemPackages = [ pkgs.duo-unix ];
security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";
environment.etc = loginCfgFile ++ pamCfgFile;
environment.etc = loginCfgFile // pamCfgFile;
/* If PAM *and* SSH are enabled, then don't do anything special.
If PAM isn't used, set the default SSH-only options. */

9
nixos/modules/security/pam.nix
View File

@ -475,9 +475,9 @@ let
motd = pkgs.writeText "motd" config.users.motd;
makePAMService = pamService:
{ source = pkgs.writeText "${pamService.name}.pam" pamService.text;
target = "pam.d/${pamService.name}";
makePAMService = name: service:
{ name = "pam.d/${name}";
value.source = pkgs.writeText "${name}.pam" service.text;
};
in
@ -760,8 +760,7 @@ in
};
};
environment.etc =
mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
environment.etc = mapAttrs' makePAMService config.security.pam.services;
security.pam.services =
{ other.text =

5
nixos/modules/security/pam_mount.nix
View File

@ -36,8 +36,7 @@ in
config = mkIf (cfg.enable || anyPamMount) {
environment.systemPackages = [ pkgs.pam_mount ];
environment.etc = [{
target = "security/pam_mount.conf.xml";
environment.etc."security/pam_mount.conf.xml" = {
source =
let
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
@ -66,7 +65,7 @@ in
${concatStringsSep "\n" cfg.extraVolumes}
</pam_mount>
'';
}];
};
};
}

5
nixos/modules/security/rtkit.nix
View File

@ -34,9 +34,8 @@ with lib;
services.dbus.packages = [ pkgs.rtkit ];
users.users = singleton
{ name = "rtkit";
uid = config.ids.uids.rtkit;
users.users.rtkit =
{ uid = config.ids.uids.rtkit;
description = "RealtimeKit daemon";
};

3
nixos/modules/security/sudo.nix
View File

@ -212,7 +212,7 @@ in
security.pam.services.sudo = { sshAgentAuth = true; };
environment.etc = singleton
environment.etc.sudoers =
{ source =
pkgs.runCommand "sudoers"
{
@ -222,7 +222,6 @@ in
# Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66)
"${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";
target = "sudoers";
mode = "0440";
};

2
nixos/modules/services/admin/oxidized.nix
View File

@ -111,7 +111,7 @@ in
Restart = "always";
WorkingDirectory = cfg.dataDir;
KillSignal = "SIGKILL";
PIDFile = "${cfg.dataDir}.config/oxidized/pid";
PIDFile = "${cfg.dataDir}/.config/oxidized/pid";
};
};
};

24
nixos/modules/services/audio/mpd.nix
View File

@ -184,19 +184,19 @@ in {
};
};
users.users = optionalAttrs (cfg.user == name) (singleton {
inherit uid;
inherit name;
group = cfg.group;
extraGroups = [ "audio" ];
description = "Music Player Daemon user";
home = "${cfg.dataDir}";
});
users.users = optionalAttrs (cfg.user == name) {
${name} = {
inherit uid;
group = cfg.group;
extraGroups = [ "audio" ];
description = "Music Player Daemon user";
home = "${cfg.dataDir}";
};
};
users.groups = optionalAttrs (cfg.group == name) (singleton {
inherit name;
gid = gid;
});
users.groups = optionalAttrs (cfg.group == name) {
${name}.gid = gid;
};
};
}

7
nixos/modules/services/backup/mysql-backup.nix
View File

@ -84,13 +84,14 @@ in
};
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == defaultUser) (singleton
{ name = defaultUser;
users.users = optionalAttrs (cfg.user == defaultUser) {
${defaultUser} = {
isSystemUser = true;
createHome = false;
home = cfg.location;
group = "nogroup";
});
};
};
services.mysql.ensureUsers = [{
name = cfg.user;

3
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -266,8 +266,7 @@ in {
"d /var/lib/kubernetes 0755 kubernetes kubernetes -"
];
users.users = singleton {
name = "kubernetes";
users.users.kubernetes = {
uid = config.ids.uids.kubernetes;
description = "Kubernetes user";
extraGroups = [ "docker" ];

21
nixos/modules/services/continuous-integration/buildbot/master.nix
View File

@ -223,18 +223,19 @@ in {
config = mkIf cfg.enable {
users.groups = optional (cfg.group == "buildbot") {
name = "buildbot";
buildbot = { };
};
users.users = optional (cfg.user == "buildbot") {
name = "buildbot";
description = "Buildbot User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
users.users = optionalAttrs (cfg.user == "buildbot") {
buildbot = {
description = "Buildbot User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
};
};
systemd.services.buildbot-master = {

21
nixos/modules/services/continuous-integration/buildbot/worker.nix
View File

@ -137,18 +137,19 @@ in {
services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);
users.groups = optional (cfg.group == "bbworker") {
name = "bbworker";
bbworker = { };
};
users.users = optional (cfg.user == "bbworker") {
name = "bbworker";
description = "Buildbot Worker User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
users.users = optionalAttrs (cfg.user == "bbworker") {
bbworker = {
description = "Buildbot Worker User.";
isNormalUser = true;
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
};
};
systemd.services.buildbot-worker = {

24
nixos/modules/services/continuous-integration/gocd-agent/default.nix
View File

@ -135,20 +135,20 @@ in {
};
config = mkIf cfg.enable {
users.groups = optional (cfg.group == "gocd-agent") {
name = "gocd-agent";
gid = config.ids.gids.gocd-agent;
users.groups = optionalAttrs (cfg.group == "gocd-agent") {
gocd-agent.gid = config.ids.gids.gocd-agent;
};
users.users = optional (cfg.user == "gocd-agent") {
name = "gocd-agent";
description = "gocd-agent user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-agent;
users.users = optionalAttrs (cfg.user == "gocd-agent") {
gocd-agent = {
description = "gocd-agent user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-agent;
};
};
systemd.services.gocd-agent = {

24
nixos/modules/services/continuous-integration/gocd-server/default.nix
View File

@ -143,20 +143,20 @@ in {
};
config = mkIf cfg.enable {
users.groups = optional (cfg.group == "gocd-server") {
name = "gocd-server";
gid = config.ids.gids.gocd-server;
users.groups = optionalAttrs (cfg.group == "gocd-server") {
gocd-server.gid = config.ids.gids.gocd-server;
};
users.users = optional (cfg.user == "gocd-server") {
name = "gocd-server";
description = "gocd-server user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-server;
users.users = optionalAttrs (cfg.user == "gocd-server") {
gocd-server = {
description = "gocd-server user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-server;
};
};
systemd.services.gocd-server = {

24
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -150,20 +150,20 @@ in {
pkgs.dejavu_fonts
];
users.groups = optional (cfg.group == "jenkins") {
name = "jenkins";
gid = config.ids.gids.jenkins;
users.groups = optionalAttrs (cfg.group == "jenkins") {
jenkins.gid = config.ids.gids.jenkins;
};
users.users = optional (cfg.user == "jenkins") {
name = "jenkins";
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
users.users = optionalAttrs (cfg.user == "jenkins") {
jenkins = {
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
};
};
systemd.services.jenkins = {

20
nixos/modules/services/continuous-integration/jenkins/slave.nix
View File

@ -51,18 +51,18 @@ in {
config = mkIf (cfg.enable && !masterCfg.enable) {
users.groups = optional (cfg.group == "jenkins") {
name = "jenkins";
gid = config.ids.gids.jenkins;
jenkins.gid = config.ids.gids.jenkins;
};
users.users = optional (cfg.user == "jenkins") {
name = "jenkins";
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
users.users = optionalAttrs (cfg.user == "jenkins") {
jenkins = {
description = "jenkins user";
createHome = true;
home = cfg.home;
group = cfg.group;
useDefaultShell = true;
uid = config.ids.uids.jenkins;
};
};
};
}

14
nixos/modules/services/databases/cockroachdb.nix
View File

@ -171,17 +171,17 @@ in
environment.systemPackages = [ crdb ];
users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton
{ name = "cockroachdb";
users.users = optionalAttrs (cfg.user == "cockroachdb") {
cockroachdb = {
description = "CockroachDB Server User";
uid = config.ids.uids.cockroachdb;
group = cfg.group;
});
};
};
users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton
{ name = "cockroachdb";
gid = config.ids.gids.cockroachdb;
});
users.groups = optionalAttrs (cfg.group == "cockroachdb") {
cockroachdb.gid = config.ids.gids.cockroachdb;
};
networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts
[ cfg.http.port cfg.listen.port ];

14
nixos/modules/services/databases/foundationdb.nix
View File

@ -341,17 +341,17 @@ in
environment.systemPackages = [ pkg ];
users.users = optionalAttrs (cfg.user == "foundationdb") (singleton
{ name = "foundationdb";
users.users = optionalAttrs (cfg.user == "foundationdb") {
foundationdb = {
description = "FoundationDB User";
uid = config.ids.uids.foundationdb;
group = cfg.group;
});
};
};
users.groups = optionalAttrs (cfg.group == "foundationdb") (singleton
{ name = "foundationdb";
gid = config.ids.gids.foundationdb;
});
users.groups = optionalAttrs (cfg.group == "foundationdb") {
foundationdb.gid = config.ids.gids.foundationdb;
};
networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall
[ { from = cfg.listenPortStart;

14
nixos/modules/services/databases/influxdb.nix
View File

@ -182,15 +182,15 @@ in
'';
};
users.users = optional (cfg.user == "influxdb") {
name = "influxdb";
uid = config.ids.uids.influxdb;
description = "Influxdb daemon user";
users.users = optionalAttrs (cfg.user == "influxdb") {
influxdb = {
uid = config.ids.uids.influxdb;
description = "Influxdb daemon user";
};
};
users.groups = optional (cfg.group == "influxdb") {
name = "influxdb";
gid = config.ids.gids.influxdb;
users.groups = optionalAttrs (cfg.group == "influxdb") {
influxdb.gid = config.ids.gids.influxdb;
};
};

7
nixos/modules/services/databases/memcached.nix
View File

@ -64,10 +64,9 @@ in
config = mkIf config.services.memcached.enable {
users.users = optional (cfg.user == "memcached") {
name = "memcached";
description = "Memcached server user";
isSystemUser = true;
users.users = optionalAttrs (cfg.user == "memcached") {
memcached.description = "Memcached server user";
memcached.isSystemUser = true;
};
environment.systemPackages = [ memcached ];

3
nixos/modules/services/databases/neo4j.nix
View File

@ -650,8 +650,7 @@ in {
environment.systemPackages = [ cfg.package ];
users.users = singleton {
name = "neo4j";
users.users.neo4j = {
uid = config.ids.uids.neo4j;
description = "Neo4j daemon user";
home = cfg.directories.home;

5
nixos/modules/services/databases/virtuoso.nix
View File

@ -54,9 +54,8 @@ with lib;
config = mkIf cfg.enable {
users.users = singleton
{ name = virtuosoUser;
uid = config.ids.uids.virtuoso;
users.users.${virtuosoUser} =
{ uid = config.ids.uids.virtuoso;
description = "virtuoso user";
home = stateDir;
};

15
nixos/modules/services/editors/infinoted.nix
View File

@ -111,14 +111,15 @@ in {
};
config = mkIf (cfg.enable) {
users.users = optional (cfg.user == "infinoted")
{ name = "infinoted";
description = "Infinoted user";
group = cfg.group;
isSystemUser = true;
users.users = optionalAttrs (cfg.user == "infinoted")
{ infinoted = {
description = "Infinoted user";
group = cfg.group;
isSystemUser = true;
};
};
users.groups = optional (cfg.group == "infinoted")
{ name = "infinoted";
users.groups = optionalAttrs (cfg.group == "infinoted")
{ infinoted = { };
};
systemd.services.infinoted =

6
nixos/modules/services/hardware/bluetooth.nix
View File

@ -74,9 +74,9 @@ in {
environment.systemPackages = [ bluez-bluetooth ];
environment.etc = singleton {
source = pkgs.writeText "main.conf" (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
target = "bluetooth/main.conf";
environment.etc."bluetooth/main.conf"= {
source = pkgs.writeText "main.conf"
(generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
};
services.udev.packages = [ bluez-bluetooth ];

11
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
View File

@ -67,11 +67,11 @@ in
{
options = {
hardware.sane.brscan4.enable =
hardware.sane.brscan4.enable =
mkEnableOption "Brother's brscan4 scan backend" // {
description = ''
When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
backend and bring configuration files to their expected location.
'';
};
@ -95,14 +95,11 @@ in
pkgs.brscan4
];
environment.etc = singleton {
target = "opt/brother/scanner/brscan4";
source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
};
environment.etc."opt/brother/scanner/brscan4" =
{ source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; };
assertions = [
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
message = ''
When describing a network device as part of the attribute list
`hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`

14
nixos/modules/services/hardware/tcsd.nix
View File

@ -137,15 +137,15 @@ in
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
};
users.users = optionalAttrs (cfg.user == "tss") (singleton
{ name = "tss";
users.users = optionalAttrs (cfg.user == "tss") {
tss = {
group = "tss";
uid = config.ids.uids.tss;
});
};
};
users.groups = optionalAttrs (cfg.group == "tss") (singleton
{ name = "tss";
gid = config.ids.gids.tss;
});
users.groups = optionalAttrs (cfg.group == "tss") {
tss.gid = config.ids.gids.tss;
};
};
}

15
nixos/modules/services/hardware/tlp.nix
View File

@ -103,13 +103,14 @@ in
services.udev.packages = [ tlp ];
environment.etc = [{ source = confFile;
target = "default/tlp";
}
] ++ optional enableRDW {
source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
target = "NetworkManager/dispatcher.d/99tlp-rdw-nm";
};
environment.etc =
{
"default/tlp".source = confFile;
} // optionalAttrs enableRDW {
"NetworkManager/dispatcher.d/99tlp-rdw-nm" = {
source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
};
};
environment.systemPackages = [ tlp ];

11
nixos/modules/services/hardware/udev.nix
View File

@ -281,13 +281,10 @@ in
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
environment.etc =
[ { source = udevRules;
target = "udev/rules.d";
}
{ source = hwdbBin;
target = "udev/hwdb.bin";
}
];
{
"udev/rules.d".source = udevRules;
"udev/hwdb.bin".source = hwdbBin;
};
system.requiredKernelConfig = with config.lib.kernelConfig; [
(isEnabled "UNIX")

13
nixos/modules/services/hardware/usbmuxd.nix
View File

@ -43,15 +43,16 @@ in
config = mkIf cfg.enable {
users.users = optional (cfg.user == defaultUserGroup) {
name = cfg.user;
description = "usbmuxd user";
group = cfg.group;
isSystemUser = true;
users.users = optionalAttrs (cfg.user == defaultUserGroup) {
${cfg.user} = {
description = "usbmuxd user";
group = cfg.group;
isSystemUser = true;
};
};
users.groups = optional (cfg.group == defaultUserGroup) {
name = cfg.group;
${cfg.group} = { };
};
# Give usbmuxd permission for Apple devices

7
nixos/modules/services/logging/logcheck.nix
View File

@ -213,13 +213,14 @@ in
mapAttrsToList writeIgnoreRule cfg.ignore
++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;
users.users = optionalAttrs (cfg.user == "logcheck") (singleton
{ name = "logcheck";
users.users = optionalAttrs (cfg.user == "logcheck") {
logcheck = {
uid = config.ids.uids.logcheck;
shell = "/bin/sh";
description = "Logcheck user account";
extraGroups = cfg.extraGroups;
});
};
};
system.activationScripts.logcheck = ''
mkdir -m 700 -p /var/{lib,lock}/logcheck

50
nixos/modules/services/mail/dovecot.nix
View File

@ -310,36 +310,32 @@ in
++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp";
users.users = [
{ name = "dovenull";
uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins";
group = "dovenull";
}
] ++ optional (cfg.user == "dovecot2")
{ name = "dovecot2";
uid = config.ids.uids.dovecot2;
users.users = {
dovenull =
{ uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins";
group = "dovenull";
};
} // optionalAttrs (cfg.user == "dovecot2") {
dovecot2 =
{ uid = config.ids.uids.dovecot2;
description = "Dovecot user";
group = cfg.group;
}
++ optional (cfg.createMailUser && cfg.mailUser != null)
({ name = cfg.mailUser;
description = "Virtual Mail User";
} // optionalAttrs (cfg.mailGroup != null) {
group = cfg.mailGroup;
});
};
} // optionalAttrs (cfg.createMailUser && cfg.mailUser != null) {
${cfg.mailUser} =
{ description = "Virtual Mail User"; } //
optionalAttrs (cfg.mailGroup != null)
{ group = cfg.mailGroup; };
};
users.groups = optional (cfg.group == "dovecot2")
{ name = "dovecot2";
gid = config.ids.gids.dovecot2;
}
++ optional (cfg.createMailUser && cfg.mailGroup != null)
{ name = cfg.mailGroup;
}
++ singleton
{ name = "dovenull";
gid = config.ids.gids.dovenull2;
};
users.groups = {
dovenull.gid = config.ids.gids.dovenull2;
} // optionalAttrs (cfg.group == "dovecot2") {
dovecot2.gid = config.ids.gids.dovecot2;
} // optionalAttrs (cfg.createMailUser && cfg.mailGroup != null) {
${cfg.mailGroup} = { };
};
environment.etc."dovecot/modules".source = modulesDir;
environment.etc."dovecot/dovecot.conf".source = cfg.configFile;

14
nixos/modules/services/mail/dspam.nix
View File

@ -86,16 +86,16 @@ in {
config = mkIf cfg.enable (mkMerge [
{
users.users = optionalAttrs (cfg.user == "dspam") (singleton
{ name = "dspam";
users.users = optionalAttrs (cfg.user == "dspam") {
dspam = {
group = cfg.group;
uid = config.ids.uids.dspam;
});
};
};
users.groups = optionalAttrs (cfg.group == "dspam") (singleton
{ name = "dspam";
gid = config.ids.gids.dspam;
});
users.groups = optionalAttrs (cfg.group == "dspam") {
dspam.gid = config.ids.gids.dspam;
};
environment.systemPackages = [ dspam ];

6
nixos/modules/services/mail/exim.nix
View File

@ -87,15 +87,13 @@ in
systemPackages = [ cfg.package ];
};
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "Exim mail transfer agent user";
uid = config.ids.uids.exim;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.exim;
};

6
nixos/modules/services/mail/mlmmj.nix
View File

@ -94,8 +94,7 @@ in
config = mkIf cfg.enable {
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "mlmmj user";
home = stateDir;
createHome = true;
@ -104,8 +103,7 @@ in
useDefaultShell = true;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.mlmmj;
};

7
nixos/modules/services/mail/nullmailer.nix
View File

@ -201,15 +201,12 @@ with lib;
};
users = {
users = singleton {
name = cfg.user;
users.${cfg.user} = {
description = "Nullmailer relay-only mta user";
group = cfg.group;
};
groups = singleton {
name = cfg.group;
};
groups.${cfg.group} = { };
};
systemd.tmpfiles.rules = [

14
nixos/modules/services/mail/opendkim.nix
View File

@ -91,16 +91,16 @@ in {
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "opendkim") (singleton
{ name = "opendkim";
users.users = optionalAttrs (cfg.user == "opendkim") {
opendkim = {
group = cfg.group;
uid = config.ids.uids.opendkim;
});
};
};
users.groups = optionalAttrs (cfg.group == "opendkim") (singleton
{ name = "opendkim";
gid = config.ids.gids.opendkim;
});
users.groups = optionalAttrs (cfg.group == "opendkim") {
opendkim.gid = config.ids.gids.opendkim;
};
environment.systemPackages = [ pkgs.opendkim ];

21
nixos/modules/services/mail/postfix.nix
View File

@ -655,21 +655,20 @@ in
setgid = true;
};
users.users = optional (user == "postfix")
{ name = "postfix";
description = "Postfix mail server user";
uid = config.ids.uids.postfix;
group = group;
users.users = optionalAttrs (user == "postfix")
{ postfix = {
description = "Postfix mail server user";
uid = config.ids.uids.postfix;
group = group;
};
};
users.groups =
optional (group == "postfix")
{ name = group;
gid = config.ids.gids.postfix;
optionalAttrs (group == "postfix")
{ ${group}.gid = config.ids.gids.postfix;
}
++ optional (setgidGroup == "postdrop")
{ name = setgidGroup;
gid = config.ids.gids.postdrop;
// optionalAttrs (setgidGroup == "postdrop")
{ ${setgidGroup}.gid = config.ids.gids.postdrop;
};
systemd.services.postfix =

14
nixos/modules/services/mail/postsrsd.nix
View File

@ -90,16 +90,16 @@ in {
services.postsrsd.domain = mkDefault config.networking.hostName;
users.users = optionalAttrs (cfg.user == "postsrsd") (singleton
{ name = "postsrsd";
users.users = optionalAttrs (cfg.user == "postsrsd") {
postsrsd = {
group = cfg.group;
uid = config.ids.uids.postsrsd;
});
};
};
users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton
{ name = "postsrsd";
gid = config.ids.gids.postsrsd;
});
users.groups = optionalAttrs (cfg.group == "postsrsd") {
postsrsd.gid = config.ids.gids.postsrsd;
};
systemd.services.postsrsd = {
description = "PostSRSd SRS rewriting server";

6
nixos/modules/services/mail/rspamd.nix
View File

@ -374,15 +374,13 @@ in
# Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ];
users.users = singleton {
name = cfg.user;
users.users.${cfg.user} = {
description = "rspamd daemon";
uid = config.ids.uids.rspamd;
group = cfg.group;
};
users.groups = singleton {
name = cfg.group;
users.groups.${cfg.group} = {
gid = config.ids.gids.rspamd;
};

6
nixos/modules/services/mail/spamassassin.nix
View File

@ -128,15 +128,13 @@ in
systemPackages = [ pkgs.spamassassin ];
};
users.users = singleton {
name = "spamd";
users.users.spamd = {
description = "Spam Assassin Daemon";
uid = config.ids.uids.spamd;
group = "spamd";
};
users.groups = singleton {
name = "spamd";
users.groups.spamd = {
gid = config.ids.gids.spamd;
};

3
nixos/modules/services/misc/apache-kafka.nix
View File

@ -124,8 +124,7 @@ in {
environment.systemPackages = [cfg.package];
users.users = singleton {
name = "apache-kafka";
users.users.apache-kafka = {
uid = config.ids.uids.apache-kafka;
description = "Apache Kafka daemon user";
home = head cfg.logDirs;

16
nixos/modules/services/misc/bepasty.nix
View File

@ -168,16 +168,12 @@ in
})
) cfg.servers;
users.users = [{
uid = config.ids.uids.bepasty;
name = user;
group = group;
home = default_home;
}];
users.users.${user} =
{ uid = config.ids.uids.bepasty;
group = group;
home = default_home;
};
users.groups = [{
name = group;
gid = config.ids.gids.bepasty;
}];
users.groups.${group}.gid = config.ids.gids.bepasty;
};
}

7
nixos/modules/services/misc/cgminer.nix
View File

@ -110,11 +110,12 @@ in
config = mkIf config.services.cgminer.enable {
users.users = optionalAttrs (cfg.user == "cgminer") (singleton
{ name = "cgminer";
users.users = optionalAttrs (cfg.user == "cgminer") {
cgminer = {
uid = config.ids.uids.cgminer;
description = "Cgminer user";
});
};
};
environment.systemPackages = [ cfg.package ];

11
nixos/modules/services/misc/couchpotato.nix
View File

@ -29,17 +29,14 @@ in
};
};
users.users = singleton
{ name = "couchpotato";
group = "couchpotato";
users.users.couchpotato =
{ group = "couchpotato";
home = "/var/lib/couchpotato/";
description = "CouchPotato daemon user";
uid = config.ids.uids.couchpotato;
};
users.groups = singleton
{ name = "couchpotato";
gid = config.ids.gids.couchpotato;
};
users.groups.couchpotato =
{ gid = config.ids.gids.couchpotato; };
};
}

10
nixos/modules/services/misc/dictd.nix
View File

@ -45,18 +45,14 @@ in
# get the command line client on system path to make some use of the service
environment.systemPackages = [ pkgs.dict ];
users.users = singleton
{ name = "dictd";
group = "dictd";
users.users.dictd =
{ group = "dictd";
description = "DICT.org dictd server";
home = "${dictdb}/share/dictd";
uid = config.ids.uids.dictd;
};
users.groups = singleton
{ name = "dictd";
gid = config.ids.gids.dictd;
};
users.groups.dictd.gid = config.ids.gids.dictd;
systemd.services.dictd = {
description = "DICT.org Dictionary Server";

3
nixos/modules/services/misc/etcd.nix
View File

@ -186,8 +186,7 @@ in {
environment.systemPackages = [ pkgs.etcdctl ];
users.users = singleton {
name = "etcd";
users.users.etcd = {
uid = config.ids.uids.etcd;
description = "Etcd daemon user";
home = cfg.dataDir;

3
nixos/modules/services/misc/exhibitor.nix
View File

@ -410,8 +410,7 @@ in
sed -i 's/'"$replace_what"'/'"$replace_with"'/g' ${cfg.baseDir}/zookeeper/bin/zk*.sh
'';
};
users.users = singleton {
name = "zookeeper";
users.users.zookeeper = {
uid = config.ids.uids.zookeeper;
description = "Zookeeper daemon user";
home = cfg.baseDir;

10
nixos/modules/services/misc/felix.nix
View File

@ -47,14 +47,10 @@ in
###### implementation
config = mkIf cfg.enable {
users.groups = singleton
{ name = "osgi";
gid = config.ids.gids.osgi;
};
users.groups.osgi.gid = config.ids.gids.osgi;
users.users = singleton
{ name = "osgi";
uid = config.ids.uids.osgi;
users.users.osgi =
{ uid = config.ids.uids.osgi;
description = "OSGi user";
home = "/homeless-shelter";
};

5
nixos/modules/services/misc/folding-at-home.nix
View File

@ -42,9 +42,8 @@ in {
config = mkIf cfg.enable {
users.users = singleton
{ name = fahUser;
uid = config.ids.uids.foldingathome;
users.users.${fahUser} =
{ uid = config.ids.uids.foldingathome;
description = "Folding@Home user";
home = stateDir;
};

14
nixos/modules/services/misc/gitlab.nix
View File

@ -633,20 +633,14 @@ in {
# Use postfix to send out mails.
services.postfix.enable = mkDefault true;
users.users = [
{ name = cfg.user;
group = cfg.group;
users.users.${cfg.user} =
{ group = cfg.group;
home = "${cfg.statePath}/home";
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.gitlab;
}
];
};
users.groups = [
{ name = cfg.group;
gid = config.ids.gids.gitlab;
}
];
users.groups.${cfg.group}.gid = config.ids.gids.gitlab;
systemd.tmpfiles.rules = [
"d /run/gitlab 0755 ${cfg.user} ${cfg.group} -"

10
nixos/modules/services/misc/gpsd.nix
View File

@ -86,17 +86,13 @@ in
config = mkIf cfg.enable {
users.users = singleton
{ name = "gpsd";
inherit uid;
users.users.gpsd =
{ inherit uid;
description = "gpsd daemon user";
home = "/var/empty";
};
users.groups = singleton
{ name = "gpsd";
inherit gid;
};
users.groups.gpsd = { inherit gid; };
systemd.services.gpsd = {
description = "GPSD daemon";

24
nixos/modules/services/misc/headphones.nix
View File

@ -59,19 +59,19 @@ in
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton {
name = name;
uid = config.ids.uids.headphones;
group = cfg.group;
description = "headphones user";
home = cfg.dataDir;
createHome = true;
});
users.users = optionalAttrs (cfg.user == name) {
${name} = {
uid = config.ids.uids.headphones;
group = cfg.group;
description = "headphones user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = optionalAttrs (cfg.group == name) (singleton {
name = name;
gid = config.ids.gids.headphones;
});
users.groups = optionalAttrs (cfg.group == name) {
${name}.gid = config.ids.gids.headphones;
};
systemd.services.headphones = {
description = "Headphones Server";

13
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -657,19 +657,18 @@ in {
};
config = mkIf cfg.enable {
users.users = [
{ name = "matrix-synapse";
users.users.matrix-synapse =
{ name = "";
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.matrix-synapse;
} ];
};
users.groups = [
{ name = "matrix-synapse";
gid = config.ids.gids.matrix-synapse;
} ];
users.groups.matrix-synapse = {
gid = config.ids.gids.matrix-synapse;
};
services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
enable = mkDefault true;

24
nixos/modules/services/misc/mediatomb.nix
View File

@ -266,19 +266,19 @@ in {
serviceConfig.User = "${cfg.user}";
};
users.groups = optionalAttrs (cfg.group == "mediatomb") (singleton {
name = "mediatomb";
gid = gid;
});
users.groups = optionalAttrs (cfg.group == "mediatomb") {
mediatomb.gid = gid;
};
users.users = optionalAttrs (cfg.user == "mediatomb") (singleton {
name = "mediatomb";
isSystemUser = true;
group = cfg.group;
home = "${cfg.dataDir}";
createHome = true;
description = "Mediatomb DLNA Server User";
});
users.users = optionalAttrs (cfg.user == "mediatomb") {
mediatomb = {
isSystemUser = true;
group = cfg.group;
home = "${cfg.dataDir}";
createHome = true;
description = "Mediatomb DLNA Server User";
};
};
networking.firewall = {
allowedUDPPorts = [ 1900 cfg.port ];

10
nixos/modules/services/misc/nix-daemon.nix
View File

@ -12,8 +12,9 @@ let
isNix23 = versionAtLeast nixVersion "2.3pre";
makeNixBuildUser = nr:
{ name = "nixbld${toString nr}";
makeNixBuildUser = nr: {
name = "nixbld${toString nr}";
value = {
description = "Nix build user ${toString nr}";
/* For consistency with the setgid(2), setuid(2), and setgroups(2)
@ -23,8 +24,9 @@ let
group = "nixbld";
extraGroups = [ "nixbld" ];
};
};
nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers));
nixConf =
assert versionAtLeast nixVersion "2.2";
@ -445,7 +447,7 @@ in
users.users = nixbldUsers;
services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;
services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;
system.activationScripts.nix = stringAfter [ "etc" "users" ]
''

14
nixos/modules/services/misc/octoprint.nix
View File

@ -86,16 +86,16 @@ in
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "octoprint") (singleton
{ name = "octoprint";
users.users = optionalAttrs (cfg.user == "octoprint") {
octoprint = {
group = cfg.group;
uid = config.ids.uids.octoprint;
});
};
};
users.groups = optionalAttrs (cfg.group == "octoprint") (singleton
{ name = "octoprint";
gid = config.ids.gids.octoprint;
});
users.groups = optionalAttrs (cfg.group == "octoprint") {
octoprint.gid = config.ids.gids.octoprint;
};
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"

14
nixos/modules/services/misc/redmine.nix
View File

@ -367,17 +367,17 @@ in
};
users.users = optionalAttrs (cfg.user == "redmine") (singleton
{ name = "redmine";
users.users = optionalAttrs (cfg.user == "redmine") {
redmine = {
group = cfg.group;
home = cfg.stateDir;
uid = config.ids.uids.redmine;
});
};
};
users.groups = optionalAttrs (cfg.group == "redmine") (singleton
{ name = "redmine";
gid = config.ids.gids.redmine;
});
users.groups = optionalAttrs (cfg.group == "redmine") {
redmine.gid = config.ids.gids.redmine;
};
warnings = optional (cfg.database.password != "")
''config.services.redmine.database.password will be stored as plaintext

5
nixos/modules/services/misc/ripple-data-api.nix
View File

@ -185,9 +185,8 @@ in {
];
};
users.users = singleton
{ name = "ripple-data-api";
description = "Ripple data api user";
users.users.ripple-data-api =
{ description = "Ripple data api user";
uid = config.ids.uids.ripple-data-api;
};
};

5
nixos/modules/services/misc/rippled.nix
View File

@ -406,9 +406,8 @@ in
config = mkIf cfg.enable {
users.users = singleton
{ name = "rippled";
description = "Ripple server user";
users.users.rippled =
{ description = "Ripple server user";
uid = config.ids.uids.rippled;
home = cfg.databasePath;
createHome = true;

13
nixos/modules/services/misc/serviio.nix
View File

@ -63,20 +63,15 @@ in {
};
};
users.users = [
{
name = "serviio";
group = "serviio";
users.users.serviio =
{ group = "serviio";
home = cfg.dataDir;
description = "Serviio Media Server User";
createHome = true;
isSystemUser = true;
}
];
};
users.groups = [
{ name = "serviio";}
];
users.groups.serviio = { };
networking.firewall = {
allowedTCPPorts = [

24
nixos/modules/services/misc/sickbeard.nix
View File

@ -63,19 +63,19 @@ in
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton {
name = name;
uid = config.ids.uids.sickbeard;
group = cfg.group;
description = "sickbeard user";
home = cfg.dataDir;
createHome = true;
});
users.users = optionalAttrs (cfg.user == name) {
${name} = {
uid = config.ids.uids.sickbeard;
group = cfg.group;
description = "sickbeard user";
home = cfg.dataDir;
createHome = true;
};
};
users.groups = optionalAttrs (cfg.group == name) (singleton {
name = name;
gid = config.ids.gids.sickbeard;
});
users.groups = optionalAttrs (cfg.group == name) {
${name}.gid = config.ids.gids.sickbeard;
};
systemd.services.sickbeard = {
description = "Sickbeard Server";

3
nixos/modules/services/misc/siproxd.nix
View File

@ -161,8 +161,7 @@ in
config = mkIf cfg.enable {
users.users = singleton {
name = "siproxyd";
users.users.siproxyd = {
uid = config.ids.uids.siproxd;
};

16
nixos/modules/services/misc/taskserver/default.nix
View File

@ -368,16 +368,16 @@ in {
(mkIf cfg.enable {
environment.systemPackages = [ nixos-taskserver ];
users.users = optional (cfg.user == "taskd") {
name = "taskd";
uid = config.ids.uids.taskd;
description = "Taskserver user";
group = cfg.group;
users.users = optionalAttrs (cfg.user == "taskd") {
taskd = {
uid = config.ids.uids.taskd;
description = "Taskserver user";
group = cfg.group;
};
};
users.groups = optional (cfg.group == "taskd") {
name = "taskd";
gid = config.ids.gids.taskd;
users.groups = optionalAttrs (cfg.group == "taskd") {
taskd.gid = config.ids.gids.taskd;
};
services.taskserver.config = {

24
nixos/modules/services/misc/uhub.nix
View File

@ -41,31 +41,31 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the uhub ADC hub.";
description = "Whether to enable the uhub ADC hub.";
};
port = mkOption {
type = types.int;
default = 1511;
description = "TCP port to bind the hub to.";
description = "TCP port to bind the hub to.";
};
address = mkOption {
type = types.str;
default = "any";
description = "Address to bind the hub to.";
description = "Address to bind the hub to.";
};
enableTLS = mkOption {
type = types.bool;
default = false;
description = "Whether to enable TLS support.";
description = "Whether to enable TLS support.";
};
hubConfig = mkOption {
type = types.lines;
default = "";
description = "Contents of uhub configuration file.";
description = "Contents of uhub configuration file.";
};
aclConfig = mkOption {
@ -77,11 +77,11 @@ in
plugins = {
authSqlite = {
enable = mkOption {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Sqlite authentication database plugin";
};
};
file = mkOption {
type = types.path;
example = "/var/db/uhub-users";
@ -161,14 +161,8 @@ in
config = mkIf cfg.enable {
users = {
users = singleton {
name = "uhub";
uid = config.ids.uids.uhub;
};
groups = singleton {
name = "uhub";
gid = config.ids.gids.uhub;
};
users.uhub.uid = config.ids.uids.uhub;
groups.uhub.gid = config.ids.gids.uhub;
};
systemd.services.uhub = {

3
nixos/modules/services/misc/zookeeper.nix
View File

@ -146,8 +146,7 @@ in {
'';
};
users.users = singleton {
name = "zookeeper";
users.users.zookeeper = {
uid = config.ids.uids.zookeeper;
description = "Zookeeper daemon user";
home = cfg.dataDir;

7
nixos/modules/services/monitoring/collectd.nix
View File

@ -129,9 +129,10 @@ in {
};
};
users.users = optional (cfg.user == "collectd") {
name = "collectd";
isSystemUser = true;
users.users = optionalAttrs (cfg.user == "collectd") {
collectd = {
isSystemUser = true;
};
};
};
}

21
nixos/modules/services/monitoring/datadog-agent.nix
View File

@ -22,9 +22,9 @@ let
# Generate Datadog configuration files for each configured checks.
# This works because check configurations have predictable paths,
# and because JSON is a valid subset of YAML.
makeCheckConfigs = entries: mapAttrsToList (name: conf: {
source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
target = "datadog-agent/conf.d/${name}.d/conf.yaml";
makeCheckConfigs = entries: mapAttrs' (name: conf: {
name = "datadog-agent/conf.d/${name}.d/conf.yaml";
value.source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
}) entries;
defaultChecks = {
@ -34,10 +34,11 @@ let
# Assemble all check configurations and the top-level agent
# configuration.
etcfiles = with pkgs; with builtins; [{
source = writeText "datadog.yaml" (toJSON ddConf);
target = "datadog-agent/datadog.yaml";
}] ++ makeCheckConfigs (cfg.checks // defaultChecks);
etcfiles = with pkgs; with builtins;
{ "datadog-agent/datadog.yaml" = {
source = writeText "datadog.yaml" (toJSON ddConf);
};
} // makeCheckConfigs (cfg.checks // defaultChecks);
# Apply the configured extraIntegrations to the provided agent
# package. See the documentation of `dd-agent/integrations-core.nix`
@ -204,7 +205,7 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ];
users.extraUsers.datadog = {
users.users.datadog = {
description = "Datadog Agent User";
uid = config.ids.uids.datadog;
group = "datadog";
@ -212,7 +213,7 @@ in {
createHome = true;
};
users.extraGroups.datadog.gid = config.ids.gids.datadog;
users.groups.datadog.gid = config.ids.gids.datadog;
systemd.services = let
makeService = attrs: recursiveUpdate {
@ -224,7 +225,7 @@ in {
Restart = "always";
RestartSec = 2;
};
restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles;
restartTriggers = [ datadogPkg ] ++ attrNames etcfiles;
} attrs;
in {
datadog-agent = makeService {

Some files were not shown because too many files have changed in this diff Show More