colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'NixOS:master' into master

Browse Source
This commit is contained in:
Brian Napolitano 2024-04-27 16:08:40 -05:00 committed by GitHub
commit 7f5518dd35
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2075 changed files with 43291 additions and 23069 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/CODEOWNERS vendored
View File

@ -148,10 +148,6 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius @ma27
/pkgs/applications/science/math/R @jbedo
/pkgs/development/r-modules @jbedo
# Ruby
/pkgs/development/interpreters/ruby @marsam
/pkgs/development/ruby-modules @marsam
# Rust
/pkgs/development/compilers/rust @Mic92 @zowoq @winterqt @figsoda
/pkgs/build-support/rust @zowoq @winterqt @figsoda
@ -198,7 +194,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/maintainers/scripts/kde @K900 @NickCao @SuperSandro2000 @ttuegel
# PostgreSQL and related stuff
/pkgs/servers/sql/postgresql @thoughtpolice @marsam
/pkgs/servers/sql/postgresql @thoughtpolice
/nixos/modules/services/databases/postgresql.xml @thoughtpolice
/nixos/modules/services/databases/postgresql.nix @thoughtpolice
/nixos/tests/postgresql.nix @thoughtpolice

2
.github/workflows/backport.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Create backport PRs

2
.github/workflows/basic-eval.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
with:

15
.github/workflows/check-by-name.yml vendored
View File

@ -20,6 +20,13 @@ permissions:
# We need this permission to cancel the workflow run if there's a merge conflict
actions: write
# Create a check-by-name concurrency group based on the pull request number. if
# an event triggers a run on the same PR while a previous run is still in
# progress, the previous run will be canceled and the new one will start.
concurrency:
group: check-by-name-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
check:
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases
@ -39,7 +46,7 @@ jobs:
# https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
# Retry the API query this many times
retryCount=3
retryCount=5
# Start with 5 seconds, but double every retry
retryInterval=5
while true; do
@ -84,7 +91,7 @@ jobs:
exit 1
fi
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: ${{ env.mergedSha }}
@ -107,6 +114,10 @@ jobs:
# Adds a result symlink as a GC root
nix-store --realise "$toolPath" --add-root result
- name: Running nixpkgs-check-by-name
env:
# Force terminal colors to be enabled. The library that
# nixpkgs-check-by-name uses respects: https://bixense.com/clicolors/
CLICOLOR_FORCE: 1
run: |
if result/bin/nixpkgs-check-by-name --base "$base" .; then
exit 0

2
.github/workflows/check-cherry-picks.yml vendored
View File

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0
filter: blob:none

2
.github/workflows/check-maintainers-sorted.yaml vendored
View File

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/check-nix-format.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/editorconfig.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
- name: print list of changed files
run: |
cat "$HOME/changed_files"
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/manual-nixos.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/manual-nixpkgs.yml vendored
View File

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/nix-parse.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
if [[ -s "$HOME/changed_files" ]]; then
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
fi
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

2
.github/workflows/periodic-merge-24h.yml vendored
View File

@ -41,7 +41,7 @@ jobs:
into: staging-23.11
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0

2
.github/workflows/periodic-merge-6h.yml vendored
View File

@ -39,7 +39,7 @@ jobs:
into: staging
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0

4
.github/workflows/update-terraform-providers.yml vendored
View File

@ -16,7 +16,7 @@ jobs:
if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
@ -46,7 +46,7 @@ jobs:
run: |
git clean -f
- name: create PR
uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2
uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 # v6.0.4
with:
body: |
Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action.

1
CONTRIBUTING.md
View File

@ -512,6 +512,7 @@ To get a sense for what changes are considered mass rebuilds, see [previously me
- Check for unnecessary whitespace with `git diff --check` before committing.
- If you have commits `pkg-name: oh, forgot to insert whitespace`: squash commits in this case. Use `git rebase -i`.
See [Squashing Commits](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History#_squashing) for additional information.
- For consistency, there should not be a period at the end of the commit message's summary line (the first line of the commit message).

6
doc/build-helpers/special/fhs-environments.section.md
View File

@ -6,7 +6,11 @@ It uses Linux' namespaces feature to create temporary lightweight environments w
Accepted arguments are:
- `name`
The name of the environment and the wrapper executable.
The name of the environment, and the wrapper executable if `pname` is unset.
- `pname`
The pname of the environment and the wrapper executable.
- `version`
The version of the environment.
- `targetPkgs`
Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed.
- `multiPkgs`

2
doc/languages-frameworks/cuda.section.md
View File

@ -148,4 +148,4 @@ All new projects should use the CUDA redistributables available in [`cudaPackage
| Find libraries | `configurePhase` | Missing dependency on a `dev` output | Add the missing dependency | The `dev` output typically contain CMake configuration files |
| Find libraries | `buildPhase` or `patchelf` | Missing dependency on a `lib` or `static` output | Add the missing dependency | The `lib` or `static` output typically contain the libraries |
In the scenario you are unable to run the resulting binary: this is arguably the most complicated as it could be any combination of the previous reasons. This type of failure typically occurs when a library attempts to load or open a library it depends on that it does not declare in its `DT_NEEDED` section. As a first step, ensure that dependencies are patched with [`cudaPackages.autoAddDriverRunpath`](https://search.nixos.org/packages?channel=unstable&type=packages&query=cudaPackages.autoAddDriverRunpath). Failing that, try running the application with [`nixGL`](https://github.com/guibou/nixGL) or a similar wrapper tool. If that works, it likely means that the application is attempting to load a library that is not in the `RPATH` or `RUNPATH` of the binary.
In the scenario you are unable to run the resulting binary: this is arguably the most complicated as it could be any combination of the previous reasons. This type of failure typically occurs when a library attempts to load or open a library it depends on that it does not declare in its `DT_NEEDED` section. As a first step, ensure that dependencies are patched with [`autoAddDriverRunpath`](https://search.nixos.org/packages?channel=unstable&type=packages&query=autoAddDriverRunpath). Failing that, try running the application with [`nixGL`](https://github.com/guibou/nixGL) or a similar wrapper tool. If that works, it likely means that the application is attempting to load a library that is not in the `RPATH` or `RUNPATH` of the binary.

4
lib/default.nix
View File

@ -47,7 +47,7 @@ let
# misc
asserts = callLibs ./asserts.nix;
debug = callLibs ./debug.nix;
misc = callLibs ./deprecated.nix;
misc = callLibs ./deprecated/misc.nix;
# domain-specific
fetchers = callLibs ./fetchers.nix;
@ -89,7 +89,7 @@ let
recurseIntoAttrs dontRecurseIntoAttrs cartesianProduct cartesianProductOfSets
mapCartesianProduct updateManyAttrsByPath;
inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count
ifilter0 concatMap flatten remove findSingle findFirst any all count
optional optionals toList range replicate partition zipListsWith zipLists
reverseList listDfs toposort sort sortOn naturalSort compareLists take
drop sublist last init crossLists unique allUnique intersectLists

11
lib/deprecated/README.md Normal file
View File

@ -0,0 +1,11 @@
# lib/deprecated
Do not add any new functions to this directory.
This directory contains the `lib.misc` sublibrary, which - as a location - is deprecated.
Furthermore, some of the functions inside are of *dubious* utility, and should perhaps be avoided,
while some functions *may still be needed*.
This directory does not play a role in the deprecation process for library functions.
They should be deprecated in place, by putting a `lib.warn` or `lib.warnIf` call around the function.

0
lib/deprecated.nix → lib/deprecated/misc.nix
View File

50
lib/lists.nix
View File

@ -4,7 +4,7 @@
{ lib }:
let
inherit (lib.strings) toInt;
inherit (lib.trivial) compare min id warn;
inherit (lib.trivial) compare min id warn pipe;
inherit (lib.attrsets) mapAttrs;
in
rec {
@ -333,6 +333,54 @@ rec {
*/
imap1 = f: list: genList (n: f (n + 1) (elemAt list n)) (length list);
/**
Filter a list for elements that satisfy a predicate function.
The predicate function is called with both the index and value for each element.
It must return `true`/`false` to include/exclude a given element in the result.
This function is strict in the result of the predicate function for each element.
This function has O(n) complexity.
Also see [`builtins.filter`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-filter) (available as `lib.lists.filter`),
which can be used instead when the index isn't needed.
# Inputs
`ipred`
: The predicate function, it takes two arguments:
- 1. (int): the index of the element.
- 2. (a): the value of the element.
It must return `true`/`false` to include/exclude a given element from the result.
`list`
: The list to filter using the predicate.
# Type
```
ifilter0 :: (int -> a -> bool) -> [a] -> [a]
```
# Examples
:::{.example}
## `lib.lists.ifilter0` usage example
```nix
ifilter0 (i: v: i == 0 || v > 2) [ 1 2 3 ]
=> [ 1 3 ]
```
:::
*/
ifilter0 =
ipred:
input:
map (idx: elemAt input idx) (
filter (idx: ipred idx (elemAt input idx)) (
genList (x: x) (length input)
)
);
/**
Map and concatenate the result.

5
lib/systems/examples.nix
View File

@ -235,6 +235,11 @@ rec {
libc = "newlib";
};
microblaze-embedded = {
config = "microblazeel-none-elf";
libc = "newlib";
};
#
# Redox
#

27
lib/tests/misc.nix
View File

@ -63,8 +63,10 @@ let
hasAttrByPath
hasInfix
id
ifilter0
isStorePath
lazyDerivation
length
lists
listToAttrs
makeExtensible
@ -651,6 +653,31 @@ runTests {
expected = ["b" "c"];
};
testIfilter0Example = {
expr = ifilter0 (i: v: i == 0 || v > 2) [ 1 2 3 ];
expected = [ 1 3 ];
};
testIfilter0Empty = {
expr = ifilter0 (i: v: abort "shouldn't be evaluated!") [ ];
expected = [ ];
};
testIfilter0IndexOnly = {
expr = length (ifilter0 (i: v: mod i 2 == 0) [ (throw "0") (throw "1") (throw "2") (throw "3")]);
expected = 2;
};
testIfilter0All = {
expr = ifilter0 (i: v: true) [ 10 11 12 13 14 15 ];
expected = [ 10 11 12 13 14 15 ];
};
testIfilter0First = {
expr = ifilter0 (i: v: i == 0) [ 10 11 12 13 14 15 ];
expected = [ 10 ];
};
testIfilter0Last = {
expr = ifilter0 (i: v: i == 5) [ 10 11 12 13 14 15 ];
expected = [ 15 ];
};
testFold =
let
f = op: fold: fold op 0 (range 0 100);

193
maintainers/maintainer-list.nix
View File

@ -1086,12 +1086,6 @@
githubId = 153175;
name = "Andrew Marshall";
};
amaxine = {
email = "max@ine.dev";
github = "amaxine";
githubId = 35892750;
name = "Maxine Aubrey";
};
ambroisie = {
email = "bruno.nixpkgs@belanyi.fr";
github = "ambroisie";
@ -1247,12 +1241,6 @@
githubId = 962885;
name = "Andrew Chambers";
};
andrew-d = {
email = "andrew@du.nham.ca";
github = "andrew-d";
githubId = 1079173;
name = "Andrew Dunham";
};
andrewrk = {
email = "superjoe30@gmail.com";
github = "andrewrk";
@ -1448,6 +1436,12 @@
githubId = 4194320;
name = "Anton Schirg";
};
anytimetraveler = {
email = "simon@simonscode.org";
github = "AnyTimeTraveler";
githubId = 19378309;
name = "Simon Struck";
};
aorith = {
email = "aomanu+nixpkgs@gmail.com";
github = "aorith";
@ -1842,6 +1836,12 @@
githubId = 7745457;
name = "Astavie";
};
astindev = {
email = "astindev@pm.me";
github = "astindev";
githubId = 52360869;
name = "Astin";
};
astro = {
email = "astro@spaceboyz.net";
github = "astro";
@ -2022,6 +2022,12 @@
githubId = 687218;
name = "averelld";
};
avery = {
email = "nixpkgs@avery.cafe";
github = "coolavery";
githubId = 76545554;
name = "Avery";
};
avh4 = {
email = "gruen0aermel@gmail.com";
github = "avh4";
@ -4346,12 +4352,6 @@
githubId = 990767;
name = "Daniel Olsen";
};
danderson = {
email = "dave@natulte.net";
github = "danderson";
githubId = 1918;
name = "David Anderson";
};
daneads = {
email = "me@daneads.com";
github = "daneads";
@ -4442,6 +4442,12 @@
github = "DarkOnion0";
githubId = 68606322;
};
daru-san = {
name = "Daru";
email = "zadarumaka@proton.me";
github = "Daru-san";
githubId = 135046711;
};
das-g = {
email = "nixpkgs@raphael.dasgupta.ch";
github = "das-g";
@ -4762,12 +4768,6 @@
githubId = 150736012;
email = "me+git@delliott.xyz";
};
delroth = {
email = "delroth@gmail.com";
github = "delroth";
githubId = 202798;
name = "Pierre Bourdon";
};
delta = {
email = "d4delta@outlook.fr";
github = "D4Delta";
@ -6480,16 +6480,6 @@
githubId = 541748;
name = "Felipe Espinoza";
};
federicoschonborn = {
name = "Federico Damián Schonborn";
email = "federicoschonborn@disroot.org";
github = "FedericoSchonborn";
githubId = 62166915;
matrix = "@FedericoDSchonborn:matrix.org";
keys = [
{ fingerprint = "C43F 4052 D289 3B73 33F8 0259 E4F6 F544 DE9E 29E8"; }
];
};
fedx-sudo = {
email = "fedx-sudo@pm.me";
github = "FedX-sudo";
@ -6728,12 +6718,6 @@
githubId = 5918766;
name = "Franz Thoma";
};
fogti = {
name = "Alain Fogtia Zscheile";
email = "fogti+devel@ytrizja.de";
github = "fogti";
githubId = 1618343;
};
foo-dogsquared = {
email = "foodogsquared@foodogsquared.one";
github = "foo-dogsquared";
@ -7195,6 +7179,12 @@
githubId = 40209356;
name = "Gabriel Doriath Döhler";
};
gdifolco = {
email = "gautier.difolco@gmail.com";
github = "blackheaven";
githubId = 1362807;
name = "Gautier Di Folco";
};
gdinh = {
email = "nix@contact.dinh.ai";
github = "gdinh";
@ -9885,6 +9875,11 @@
github = "jpagex";
githubId = 635768;
};
jpaju = {
name = "Jaakko Paju";
github = "jpaju";
githubId = 36770267;
};
jpas = {
name = "Jarrod Pas";
email = "jarrod@jarrodpas.com";
@ -10369,15 +10364,6 @@
github = "keenanweaver";
githubId = 37268985;
};
keksbg = {
email = "keksbg@riseup.net";
name = "Stella";
github = "keksbg";
githubId = 10682187;
keys = [{
fingerprint = "AB42 1F18 5A19 A160 AD77 9885 3D6D CA5B 6F2C 2A7A";
}];
};
keldu = {
email = "mail@keldu.de";
github = "keldu";
@ -11656,6 +11642,12 @@
github = "LongerHV";
githubId = 46924944;
};
lonyelon = {
email = "sergio@lony.xyz";
name = "Sergio Miguéns Iglesias";
github = "lonyelon";
githubId = 18664655;
};
lopsided98 = {
email = "benwolsieffer@gmail.com";
github = "lopsided98";
@ -12365,11 +12357,6 @@
githubId = 1709273;
name = "Robin Hack";
};
marsam = {
github = "marsam";
githubId = 65531;
name = "Mario Rodas";
};
marsupialgutz = {
email = "mars@possums.xyz";
github = "pupbrained";
@ -13733,15 +13720,6 @@
githubId = 3856390;
email = "mschwaig+nixpkgs@eml.cc";
};
msfjarvis = {
github = "msfjarvis";
githubId = 13348378;
name = "Harsh Shandilya";
email = "nixos@msfjarvis.dev";
keys = [{
fingerprint = "8F87 050B 0F9C B841 1515 7399 B784 3F82 3355 E9B9";
}];
};
msiedlarek = {
email = "mikolaj@siedlarek.pl";
github = "msiedlarek";
@ -15357,12 +15335,6 @@
githubId = 72527881;
name = "PassiveLemon";
};
patka = {
email = "patka@patka.dev";
github = "patka-123";
githubId = 69802930;
name = "patka";
};
patricksjackson = {
email = "patrick@jackson.dev";
github = "patricksjackson";
@ -16389,6 +16361,16 @@
githubId = 4579165;
name = "Danny Bautista";
};
pyrox0 = {
name = "Pyrox";
email = "pyrox@pyrox.dev";
matrix = "@pyrox:pyrox.dev";
github = "pyrox0";
githubId = 35778371;
keys = [{
fingerprint = "4CA9 72FB ADC8 1416 0F10 3138 FE1D 8A7D 620C 611F";
}];
};
pyxels = {
email = "pyxels.dev@gmail.com";
github = "Pyxels";
@ -16509,6 +16491,13 @@
fingerprint = "7573 56D7 79BB B888 773E 415E 736C CDF9 EF51 BD97";
}];
};
qyriad = {
email = "qyriad@qyriad.me";
github = "Qyriad";
githubId = 1542224;
matrix = "@qyriad:katesiria.org";
name = "Qyriad";
};
r3dl3g = {
email = "redleg@rothfuss-web.de";
github = "r3dl3g";
@ -17058,6 +17047,12 @@
githubId = 37246692;
name = "Riley Inman";
};
rinx = {
email = "rintaro.okamura@gmail.com";
github = "rinx";
githubId = 1588935;
name = "Rintaro Okamura";
};
riotbib = {
email = "lennart@cope.cool";
github = "riotbib";
@ -18163,6 +18158,11 @@
githubId = 863807;
name = "Serge Guelton";
};
sergioribera = {
github = "SergioRibera";
githubId = 56278796;
name = "Sergio Ribera";
};
sersorrel = {
email = "ash@sorrel.sh";
github = "sersorrel";
@ -19020,12 +19020,6 @@
githubId = 16364318;
name = "Jeffrey Harmon";
};
srapenne = {
email = "solene@perso.pw";
github = "rapenne-s";
githubId = 248016;
name = "Solène Rapenne";
};
srghma = {
email = "srghma@gmail.com";
github = "srghma";
@ -19988,16 +19982,6 @@
github = "thefossguy";
githubId = 44400303;
};
thehedgeh0g = {
name = "The Hedgehog";
email = "hedgehog@mrhedgehog.xyz";
matrix = "@mrhedgehog:jupiterbroadcasting.com";
github = "pyrox0";
githubId = 35778371;
keys = [{
fingerprint = "38A0 29B0 4A7E 4C13 A4BB 86C8 7D51 0786 6B1C 6752";
}];
};
thekostins = {
name = "Konstantin";
email = "anisimovkosta19@gmail.com";
@ -20272,12 +20256,6 @@
github = "tirimia";
githubId = 11174371;
};
titanous = {
email = "jonathan@titanous.com";
github = "titanous";
githubId = 13026;
name = "Jonathan Rudenberg";
};
tjni = {
email = "43ngvg@masqt.com";
matrix = "@tni:matrix.org";
@ -20373,12 +20351,6 @@
githubId = 74688871;
name = "Tochukwu Ahanonu";
};
tokudan = {
email = "git@danielfrank.net";
github = "tokudan";
githubId = 692610;
name = "Daniel Frank";
};
tomahna = {
email = "kevin.rauscher@tomahna.fr";
github = "Tomahna";
@ -20698,12 +20670,6 @@
githubId = 131159000;
name = "Nitin Passa";
};
twitchyliquid64 = {
name = "Tom";
email = "twitchyliquid64@ciphersink.net";
github = "twitchyliquid64";
githubId = 6328589;
};
twz123 = {
name = "Tom Wieczorek";
email = "tom@bibbu.net";
@ -21893,12 +21859,6 @@
githubId = 36407913;
name = "Uli Baum";
};
xfix = {
email = "kamila@borowska.pw";
github = "KamilaBorowska";
githubId = 1297598;
name = "Kamila Borowska";
};
xfnw = {
email = "xfnw+nixos@riseup.net";
github = "xfnw";
@ -21913,7 +21873,8 @@
};
xgwq = {
name = "XGWQ";
email = "nixos@xnee.de";
email = "nixos.xgwq@xnee.net";
keys = [{ fingerprint = "6489 9EF2 A256 5C04 7426 686C 8337 A748 74EB E129"; }];
matrix = "@xgwq:nerdberg.de";
github = "peterablehmann";
githubId = 36541313;
@ -22299,6 +22260,12 @@
githubId = 179548;
name = "Yves Fischer";
};
YvesStraten = {
email = "yves.straten@gmail.com";
github = "YvesStraten";
githubId = 65394961;
name = "Yves Straten";
};
yvt = {
email = "i@yvt.jp";
github = "yvt";
@ -22574,12 +22541,6 @@
githubId = 393108;
name = "Damien Diederen";
};
zumorica = {
name = "Vera Aguilera Puerto";
email = "gradientvera+nix@outlook.com";
github = "Zumorica";
githubId = 6766154;
};
zupo = {
name = "Nejc Zupan";
email = "nejczupan+nix@gmail.com";

2
maintainers/scripts/eval-release.nix
View File

@ -5,7 +5,7 @@ let
trace = if builtins.getEnv "VERBOSE" == "1" then builtins.trace else (x: y: y);
rel = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" "xbursttools" ];
rel = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
# Add the recurseForDerivations attribute to ensure that
# nix-instantiate recurses into nested attribute sets.

4
maintainers/scripts/luarocks-packages.csv
View File

@ -5,11 +5,11 @@ argparse,,,,,,
basexx,,,,,,
binaryheap,,,,,,vcunat
busted,,,,,,
cassowary,,,,,,marsam alerque
cassowary,,,,,,alerque
cldr,,,,,,alerque
compat53,,,,,,vcunat
commons.nvim,,,,,,mrcjkb
cosmo,,,,,,marsam
cosmo,,,,,,
coxpcall,,,,1.17.0-1,,
cqueues,,,,,,vcunat
cyan,,,,,,

1 name src ref server version luaversion maintainers
5 basexx
6 binaryheap vcunat
7 busted
8 cassowary marsam alerque alerque
9 cldr alerque
10 compat53 vcunat
11 commons.nvim mrcjkb
12 cosmo marsam
13 coxpcall 1.17.0-1
14 cqueues vcunat
15 cyan

11
maintainers/team-list.nix
View File

@ -32,7 +32,6 @@ with lib.maintainers; {
acme = {
members = [
aanderse
andrew-d
arianvp
emily
flokli
@ -46,7 +45,6 @@ with lib.maintainers; {
bazel = {
members = [
mboes
marsam
uri-canva
cbley
olebedev
@ -99,7 +97,6 @@ with lib.maintainers; {
budgie = {
members = [
bobby285271
federicoschonborn
];
scope = "Maintain Budgie desktop environment";
shortName = "Budgie";
@ -265,9 +262,7 @@ with lib.maintainers; {
};
docs = {
members = [
ryantm
];
members = [ ];
scope = "Maintain nixpkgs/NixOS documentation and tools for building it.";
shortName = "Docs";
enableFeatureFreezePing = true;
@ -380,7 +375,6 @@ with lib.maintainers; {
krav
talyz
yayayayaka
yuka
];
scope = "Maintain gitlab packages.";
shortName = "gitlab";
@ -408,7 +402,6 @@ with lib.maintainers; {
hedning
jtojnar
dasj19
amaxine
];
githubTeams = [
"gnome"
@ -736,7 +729,6 @@ with lib.maintainers; {
node = {
members = [
lilyinstarlight
marsam
winter
];
scope = "Maintain Node.js runtimes and build tooling.";
@ -906,7 +898,6 @@ with lib.maintainers; {
ruby = {
members = [
marsam
];
scope = "Maintain the Ruby interpreter and related packages.";
shortName = "Ruby";

153
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -46,11 +46,9 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- The default dbus implementation has transitioned to dbus-broker from the classic dbus daemon for better performance and reliability. Users can revert to the classic dbus daemon by setting `services.dbus.implementation = "dbus";`. For detailed deviations, refer to [dbus-broker's deviations page](https://github.com/bus1/dbus-broker/wiki/Deviations).
- A new option `virtualisation.containers.cdi` was added. It contains `static` and `dynamic` attributes (corresponding to `/etc/cdi` and `/run/cdi` respectively) to configure the Container Device Interface (CDI).
- `virtualisation.docker.enableNvidia` and `virtualisation.podman.enableNvidia` options are deprecated. `hardware.nvidia-container-toolkit.enable` should be used instead. This option will expose GPUs on containers with the `--device` CLI option. This is supported by Docker 25, Podman 3.2.0 and Singularity 4. Any container runtime that supports the CDI specification will take advantage of this feature.
- `virtualisation.docker.enableNvidia` and `virtualisation.podman.enableNvidia` options are deprecated. `virtualisation.containers.cdi.dynamic.nvidia.enable` should be used instead. This option will expose GPUs on containers with the `--device` CLI option. This is supported by Docker 25, Podman 3.2.0 and Singularity 4. Any container runtime that supports the CDI specification will take advantage of this feature.
- A new option `system.etc.overlay.enable` was added. If enabled, `/etc` is
- `system.etc.overlay.enable` option was added. If enabled, `/etc` is
mounted via an overlayfs instead of being created by a custom perl script.
- NixOS AMIs are now uploaded regularly to a new AWS Account.
@ -155,6 +153,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks]($opt-services-microsocks.enable).
- [inadyn](https://github.com/troglobit/inadyn), a Dynamic DNS client with built-in support for multiple providers. Available as [services.inadyn](#opt-services.inadyn.enable).
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](#opt-services.prometheus.exporters.fritz.enable).
@ -191,13 +191,15 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable).
- [isolate](https://github.com/ioi/isolate), a sandbox for securely executing untrusted programs. Available as [security.isolate](#opt-security.isolate.enable).
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- `k3s`: was updated to version [v1.29](https://github.com/k3s-io/k3s/releases/tag/v1.29.1%2Bk3s2), all previous versions (k3s_1_26, k3s_1_27, k3s_1_28) will be removed. See [changelog and upgrade notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes) for more information.
- `himalaya` was updated to `v1.0.0-beta.4`, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.4) for details.
- `himalaya` was updated to v1.0.0-beta.4, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.4) for details.
- The `power.ups` module now generates `upsd.conf`, `upsd.users` and `upsmon.conf` automatically from a set of new configuration options. This breaks compatibility with existing `power.ups` setups where these files were created manually. Back up these files before upgrading NixOS.
@ -208,11 +210,13 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `cudaPackages.autoFixElfFiles` has been deprecated for `pkgs.autoFixElfFiles`. Functionality has not changed, but the setuphook has been renamed and moved to the top-level package scope.
- `appimageTools.wrapAppImage` now create the binary at `$out/bin/${pname}` rather than `$out/bin/${pname}-${version}`, which will break downstream workarounds.
- `pdns` was updated to version [v4.9.x](https://doc.powerdns.com/authoritative/changelog/4.9.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-9-0) for details.
- `unrar` was updated to v7. See [changelog](https://www.rarlab.com/unrar7notes.htm) for more information.
- `git-town` was updated from version `11` to `13`. See the [changelog](https://github.com/git-town/git-town/blob/main/CHANGELOG.md#1300-2024-03-22) for breaking changes.
- `git-town` was updated from version 11 to 13. See the [changelog](https://github.com/git-town/git-town/blob/main/CHANGELOG.md#1300-2024-03-22) for breaking changes.
- `k9s` was updated to v0.31. There have been various breaking changes in the config file format,
check out the changelog of [v0.29](https://github.com/derailed/k9s/releases/tag/v0.29.0),
@ -235,7 +239,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}`
- `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/)
- `neo4j` has been updated to version 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/)
- `services.neo4j.allowUpgrade` was removed and no longer has any effect. Neo4j 5 supports automatic rolling upgrades.
@ -249,37 +253,37 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.
This was done so that secrets aren't stored in the world-readable nix store.
To migrate, you will have create a file with the same exact string, and change
To migrate, you will have to create a file with the same exact string, and change
your module options to point to that file. For example, `services.aria2.rpcSecret =
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
where the file `secret_file` contains the string `mysecret`.
- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading
to another signature algorithm. It is however possible, for the time being, to restore the DSA keys support using `override` to set `dsaKeysSupport = true`.
to another signature algorithm. However, for the time being it is possible to restore DSA key support using `override` to set `dsaKeysSupport = true`.
- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
- `buildGoModule` now throws an error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
- `services.invidious.settings.db.user`, the default database username has changed from `kemal` to `invidious`. Setups involving an externally-provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
- `writeReferencesToFile` is deprecated in favour of the new trivial build helper `writeClosure`. The latter accepts a list of paths and has an unambiguous name and cleaner implementation.
- `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`.
- `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the freeform type and option named `services.paperless.settings`.
- `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the free-form type and option named `services.paperless.settings`.
- `davfs2`' `services.davfs2.extraConfig` setting has been deprecated and converted to the freeform type option named `services.davfs2.settings` according to RFC42.
- `davfs2`' `services.davfs2.extraConfig` setting has been deprecated and converted to the free-form type option named `services.davfs2.settings` according to RFC42.
- `services.homepage-dashboard` now takes it's configuration using native Nix expressions, rather than dumping templated configurations into `/var/lib/homepage-dashboard` where they were previously managed manually. There are now new options which allow the configuration of bookmarks, services, widgets and custom CSS/JS natively in Nix.
- `services.homepage-dashboard` now takes its configuration using native Nix expressions, rather than dumping templated configurations into `/var/lib/homepage-dashboard` where they were previously managed manually. There are now new options which allow the configuration of bookmarks, services, widgets and custom CSS/JS natively in Nix.
- `hare` may now be cross-compiled. For that to work, however, `haredoc` needed to stop being built together with it. Thus, the latter is now its own package with the name of `haredoc`.
- The legacy and long deprecated systemd target `network-interfaces.target` has been removed. Use `network.target` instead.
- `network-interfaces.target` system target was removed as it has been deprecated for a long time. Use `network.target` instead.
- `azure-cli` now has extension support. For example, to install the `aks-preview` extension, use
```nix
environment.systemPackages = [
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ]);
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ])
];
```
To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation.
@ -297,11 +301,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `gonic` has been updated to v0.16.4. Config now requires `playlists-path` to be set. See the rest of the [v0.16.0 release notes](https://github.com/sentriz/gonic/releases/tag/v0.16.0) for more details.
- The `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed.
- `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed.
- The `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service.
- `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service.
- The `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200).
- `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200).
- `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block.
Example:
@ -317,17 +321,17 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
}
```
- The package `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few.
- `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few.
- The `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0).
- `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0).
- The `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8).
- `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8).
- Files are now handled in binary mode; this could break programs with embedded UTF-8 characters.
- The ROM was updated to match ComputerCraft version v1.109.2.
- The bundled Lua was updated to Lua v5.2, which includes breaking changes. See the [Lua manual](https://www.lua.org/manual/5.2/manual.html#8) for more information.
- The WebSocket API [was rewritten](https://github.com/MCJack123/craftos2/issues/337), which introduced breaking changes.
- The `gtest` package has been updated past v1.13.0, which requires C++14 or higher.
- `gtest` package has been updated past v1.13.0, which requires C++14 or higher.
- The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows:
- If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
@ -337,7 +341,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- The vendored third party libraries have been mostly removed from `cudaPackages.nsight_systems`, which we now only ship for `cudaPackages_11_8` and later due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`.
- The `cudaPackages` package scope has been updated to `cudaPackages_12`.
- `cudaPackages` package scope has been updated to `cudaPackages_12`.
- The deprecated `cudaPackages.cudatoolkit` has been replaced with a
symlink-based wrapper for the splayed redistributable CUDA packages. The
@ -345,10 +349,13 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
like e.g. tensorflow. The original runfile-based `cudatoolkit` is still
available as `cudatoolkit-legacy-runfile`.
- The `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details.
- `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details.
- Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version.
- Paths provided as `restartTriggers` and `reloadTriggers` for systemd units will now be copied into the nix store to make the behavior consistent.
Previously, `restartTriggers = [ ./config.txt ]`, if defined in a flake, would trigger a restart when any part of the flake changed; and if not defined in a flake, would never trigger a restart even if the contents of `config.txt` changed.
- `spark2014` has been renamed to `gnatprove`. A version of `gnatprove` matching different GNAT versions is available from the different `gnatPackages` sets.
- `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead.
@ -362,7 +369,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `xxd` has been moved from `vim` default output to its own output to reduce closure size. The canonical way to reference it across all platforms is `unixtools.xxd`.
- The `stalwart-mail` package has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md).
- `stalwart-mail` package has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md).
- `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2.
@ -396,14 +403,18 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
upgrade NetBox by changing `services.netbox.package`. Database migrations
will be run automatically.
- The executable file names for `firefox-devedition`, `firefox-beta`, `firefox-esr` now matches their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
- `gauge` now supports installing plugins using nix. For the old imperative approach, switch to `gauge-unwrapped`.
You can load plugins from an existing gauge manifest file using `gauge.fromManifest ./path/to/manifest.json` or
specify plugins in nix using `gauge.withPlugins (p: with p; [ js html-report xml-report ])`.
- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
- switch-to-configuration does not directly call systemd-tmpfiles anymore.
Instead, the new artificial sysinit-reactivation.target is introduced which
allows to restart multiple services that are ordered before sysinit.target
and respect the ordering between the services.
- The `systemd.oomd` module behavior is changed as:
- `systemd.oomd` module behavior is changed as:
- Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).
Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6)
@ -423,7 +434,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable).
- The `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes:
- `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes:
- The main binary for the package is now named `jdtls` instead of `jdt-language-server`, equivalent to what most editors expect the binary to be named.
@ -445,21 +456,21 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- Ruby plugin support has been disabled in DFHack. Many of the Ruby plugins have been converted to Lua, and support was removed upstream due to frequent crashes.
- The `livebook` package is now built as a `mix release` instead of an `escript`.
- `livebook` package is now built as a `mix release` instead of an `escript`.
This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments.
This has the further implication that the `livebook` service configuration has changed:
- The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter.
- `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter.
Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead.
- `akkoma` now requires explicitly setting the base URL for uploaded media (`settings."Pleroma.Upload".base_url`), as well as for the media proxy if enabled (`settings."Media"`).
This is recommended to be a separate (sub)domain to the one Akkoma is hosted at.
See [here](https://meta.akkoma.dev/t/akkoma-stable-2024-03-securer-i-barely-know-her/681#explicit-upload-and-media-proxy-domains-5) for more details.
- The `crystal` package has been updated to 1.11.x, which has some breaking changes.
- `crystal` package has been updated to 1.11.x, which has some breaking changes.
Refer to crystal's changelog for more information. ([v1.10](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1100-2023-10-09), [v1.11](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1110-2024-01-08))
- The `erlang-ls` package no longer ships the `els_dap` binary as of v0.51.0.
- `erlang-ls` package no longer ships the `els_dap` binary as of v0.51.0.
## Other Notable Changes {#sec-release-24.05-notable-changes}
@ -467,14 +478,14 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `addDriverRunpath` has been added to facilitate the deprecation of the old `addOpenGLRunpath` setuphook. This change is motivated by the evolution of the setuphook to include all hardware acceleration.
- Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions.
- `cinnamon` has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions.
- MATE has been updated to 1.28.
- (TODO awaiting feedback on code-casing package names) MATE has been updated to 1.28.
- To properly support panel plugins built with Wayland (in-process) support, we are introducing `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets.
- Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions.
- To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager.
- The Budgie module installs gnome-terminal by default (instead of mate-terminal).
- `services.xserver.desktopManager.budgie` installs `gnome.gnome-terminal` by default (instead of `mate.mate-terminal`).
- New `boot.loader.systemd-boot.xbootldrMountPoint` allows setting up a separate [XBOOTLDR partition](https://uapi-group.org/specifications/specs/boot_loader_specification/) to store boot files. Useful on systems with a small EFI System partition that cannot be easily repartitioned.
@ -483,19 +494,21 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list.
For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``;
- The Matrix homeserver [Synapse](https://element-hq.github.io/synapse/) module now supports configuring UNIX domain socket [listeners](#opt-services.matrix-synapse.settings.listeners) through the `path` option.
- [`matrix-synapse`](https://element-hq.github.io/synapse/) homeserver module now supports configuring UNIX domain socket [`listeners`](#opt-services.matrix-synapse.settings.listeners) through the `path` option.
The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets.
- The initrd ssh daemon module got a new option to add authorized keys via a list of files using `boot.initrd.network.ssh.authorizedKeyFiles`.
- `boot.initrd.network.ssh.authorizedKeyFiles` is a new option in the initrd ssh daemon module, for adding authorized keys via list of files.
- `appimage`, `appimageTools.wrapAppImage` and `buildFHSEnvBubblewrap` now properly accepts `pname` and `version`.
- Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles.
The `nimPackages` and `nim2Packages` sets have been removed.
See https://nixos.org/manual/nixpkgs/unstable#nim for more information.
- Programs written in [D](https://dlang.org/) using the `dub` build system and package manager can now be built using `buildDubPackage` utilizing lockfiles provided by the new `dub-to-nix` helper program.
- [TODO: reword to place an attribute at the front] Programs written in [D](https://dlang.org/) using the `dub` build system and package manager can now be built using `buildDubPackage` utilizing lockfiles provided by the new `dub-to-nix` helper program.
See the [D section](https://nixos.org/manual/nixpkgs/unstable#dlang) in the manual for more information.
- [Portunus](https://github.com/majewsky/portunus) has been updated to major version 2.
- [`portunus`](https://github.com/majewsky/portunus) has been updated to major version 2.
This version of Portunus supports strong password hashes, but the legacy hash SHA-256 is also still supported to ensure a smooth migration of existing user accounts.
After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes.
Support for weak password hashes will be removed in NixOS 24.11.
@ -504,11 +517,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc.
- [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0.
- [`lilypond`](https://lilypond.org/index.html) and [`denemo`](https://www.denemo.org) are now compiled with Guile 3.0.
- Garage has been updated to v1.x.x. Users should read the [upstream release notes](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.0) and follow the documentation when changing over their `services.garage.package` and performing this manual upgrade.
- `garage` has been updated to v1.x.x. Users should read the [upstream release notes](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.0) and follow the documentation when changing over their `services.garage.package` and performing this manual upgrade.
- The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default.
- [TODO: reword to place an attribute at the front] The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default.
- The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`:
- `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel),
@ -520,7 +533,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and
- `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies).
- The option [`services.nextcloud.config.dbport`] of the Nextcloud module was removed to match upstream.
- `services.nextcloud.config.dbport` option of the Nextcloud module was removed to match upstream.
The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost).
- A new abstraction to create both read-only as well as writable overlay file
@ -528,7 +541,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
[fileSystems.overlay](#opt-fileSystems._name_.overlay.lowerdir). See also the
[NixOS docs](#sec-overlayfs).
- systemd units can now specify the `Upholds=` and `UpheldBy=` unit dependencies via the aptly
- `systemd` units can now specify the `Upholds=` and `UpheldBy=` unit dependencies via the aptly
named `upholds` and `upheldBy` options. These options get systemd to enforce that the
dependencies remain continuosly running for as long as the dependent unit is in a running state.
@ -541,25 +554,23 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.).
The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime.
- With a bump to `sonarr` v4, existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089).
- `sonarr` version bumped to from 3.0.10 to 4.0.3. Consequently existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089).
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing
- [TODO: reword to place an attribute at the front] The Yama LSM is now enabled by default in the kernel, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an
existing process, but will need to start that process from gdb (so it is a
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
- The netbird module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels).
- `netbird` module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels).
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
`globalRedirect` can now have redirect codes other than 301 through
`globalRedirect` can now have redirect codes other than 301 through `redirectCode`.
- `bacula` now allows to configure `TLS` for encrypted communication.
`redirectCode`.
- `libjxl` version bumped from 0.8.2 to 0.9.1 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`.
- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`.
- The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock).
- `mockgen` package source has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock).
- `security.pam.enableSSHAgentAuth` was renamed to `security.pam.sshAgentAuth.enable` and an `authorizedKeysFiles`
option was added, to control which `authorized_keys` files are trusted. It defaults to the previous behaviour,
@ -567,7 +578,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11.
- A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features).
- [TODO: reword to place an attribute at the front] A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features).
- `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module
(such as msmtp or Postfix). It no longer requires using a special ZFS build with email support.
@ -576,59 +587,59 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `nextcloud-setup.service` no longer changes the group of each file & directory inside `/var/lib/nextcloud/{config,data,store-apps}` if one of these directories has the wrong owner group. This was part of transitioning the group used for `/var/lib/nextcloud`, but isn't necessary anymore.
- `services.kavita` now uses the freeform option `services.kavita.settings` for the application settings file.
- `services.kavita` now uses the free-form option `services.kavita.settings` for the application settings file.
The options `services.kavita.ipAdresses` and `services.kavita.port` now exist at `services.kavita.settings.IpAddresses`
and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with
512+ bits instead of 128+ bits.
- `kavita` has been updated to 0.8.0, requiring a manual forced library scan on all libraries for migration. Refer to upstream's [release notes](https://github.com/Kareadita/Kavita/releases/tag/v0.8.0) for details.
- The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`.
- `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`.
- `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`.
- Gitea 1.21 upgrade has several breaking changes, including:
- `gitea` upgrade to 1.21 has several breaking changes, including:
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
- The `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed.
- `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed.
- The `services.teeworlds` module now has a wealth of configuration options, including a new `package` option.
- `services.teeworlds` module now has a wealth of configuration options, including a new `package` option.
- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
- `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
- The `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string.
- `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string.
- The module `services.github-runner` has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration.
- `services.github-runner` module has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration.
- The `services.slskd` has been refactored to include more configuation options in
the freeform `services.slskd.settings` option, and some defaults (including listen ports)
- `services.slskd` has been refactored to include more configuation options in
the free-form `services.slskd.settings` option, and some defaults (including listen ports)
have been changed to match the upstream defaults. Additionally, disk logging is now
disabled by default, and the log rotation timer has been removed.
The nginx virtualhost option is now of the `vhost-options` type.
- The `btrbk` module now automatically selects and provides required compression
- `services.btrbk` now automatically selects and provides required compression
program depending on the configured `stream_compress` option. Since this
replaces the need for the `extraPackages` option, this option will be
deprecated in future releases.
- The `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`.
- `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`.
- When merging systemd unit options (of type `unitOption`),
- `systemd`: when merging unit options (of type `unitOption`),
if at least one definition is a list, all those which aren't are now lifted into a list,
making it possible to accumulate definitions without resorting to `mkForce`,
hence to retain the definitions not anticipating that need.
- YouTrack is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details.
- `youtrack` is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details.
- QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS).
The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform.
- The `drbd` out-of-tree Linux kernel driver has been added in version `9.2.7`. With it the DRBD 9.x features can be used instead of the 8.x features provided by the `8.4.11` in-tree driver.
- `drbd` out-of-tree Linux kernel driver has been added in version 9.2.7. With it the DRBD 9.x features can be used instead of the 8.x features provided by the 8.4.11 in-tree driver.
- The oil shell's c++ version is now available as `oils-for-unix`. The python version is still available as `oil`
- [TODO: reword to place an attribute at the front] The oil shell's c++ version is now available as `oils-for-unix`. The python version is still available as `oil`
- `documentation.man.mandoc` now by default uses `MANPATH` to set the directories where mandoc will search for manual pages.
This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead.
- The `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0)
- `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0)

90
nixos/lib/systemd-lib.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs }:
{ config, lib, pkgs, utils }:
let
inherit (lib)
@ -14,10 +14,12 @@ let
elem
filter
filterAttrs
flatten
flip
head
isInt
isList
isPath
length
makeBinPath
makeSearchPathOutput
@ -28,6 +30,7 @@ let
optional
optionalAttrs
optionalString
pipe
range
replaceStrings
reverseList
@ -366,9 +369,17 @@ in rec {
// optionalAttrs (config.requisite != [])
{ Requisite = toString config.requisite; }
// optionalAttrs (config ? restartTriggers && config.restartTriggers != [])
{ X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (toString config.restartTriggers)}"; }
{ X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (pipe config.restartTriggers [
flatten
(map (x: if isPath x then "${x}" else x))
toString
])}"; }
// optionalAttrs (config ? reloadTriggers && config.reloadTriggers != [])
{ X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (toString config.reloadTriggers)}"; }
{ X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (pipe config.reloadTriggers [
flatten
(map (x: if isPath x then "${x}" else x))
toString
])}"; }
// optionalAttrs (config.description != "") {
Description = config.description; }
// optionalAttrs (config.documentation != []) {
@ -385,8 +396,41 @@ in rec {
};
};
serviceConfig = { config, ... }: {
config.environment.PATH = mkIf (config.path != []) "${makeBinPath config.path}:${makeSearchPathOutput "bin" "sbin" config.path}";
serviceConfig = { name, config, ... }: {
config = {
name = "${name}.service";
environment.PATH = mkIf (config.path != []) "${makeBinPath config.path}:${makeSearchPathOutput "bin" "sbin" config.path}";
};
};
pathConfig = { name, config, ... }: {
config = {
name = "${name}.path";
};
};
socketConfig = { name, config, ... }: {
config = {
name = "${name}.socket";
};
};
sliceConfig = { name, config, ... }: {
config = {
name = "${name}.slice";
};
};
targetConfig = { name, config, ... }: {
config = {
name = "${name}.target";
};
};
timerConfig = { name, config, ... }: {
config = {
name = "${name}.timer";
};
};
stage2ServiceConfig = {
@ -405,6 +449,7 @@ in rec {
mountConfig = { config, ... }: {
config = {
name = "${utils.escapeSystemdPath config.where}.mount";
mountConfig =
{ What = config.what;
Where = config.where;
@ -418,6 +463,7 @@ in rec {
automountConfig = { config, ... }: {
config = {
name = "${utils.escapeSystemdPath config.where}.automount";
automountConfig =
{ Where = config.where;
};
@ -433,8 +479,8 @@ in rec {
WantedBy=${concatStringsSep " " def.wantedBy}
'';
targetToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
targetToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text =
''
[Unit]
@ -442,8 +488,8 @@ in rec {
'';
};
serviceToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
serviceToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def (''
[Service]
'' + (let env = cfg.globalEnvironment // def.environment;
@ -452,7 +498,7 @@ in rec {
"Environment=${toJSON "${n}=${env.${n}}"}\n";
# systemd max line length is now 1MiB
# https://github.com/systemd/systemd/commit/e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af
in if stringLength s >= 1048576 then throw "The value of the environment variable ${n} in systemd service ${name}.service is too long." else s) (attrNames env))
in if stringLength s >= 1048576 then throw "The value of the environment variable ${n} in systemd service ${def.name}.service is too long." else s) (attrNames env))
+ (if def ? reloadIfChanged && def.reloadIfChanged then ''
X-ReloadIfChanged=true
'' else if (def ? restartIfChanged && !def.restartIfChanged) then ''
@ -463,8 +509,8 @@ in rec {
'' + attrsToSection def.serviceConfig);
};
socketToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
socketToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ''
[Socket]
${attrsToSection def.socketConfig}
@ -473,40 +519,40 @@ in rec {
'';
};
timerToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
timerToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ''
[Timer]
${attrsToSection def.timerConfig}
'';
};
pathToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
pathToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ''
[Path]
${attrsToSection def.pathConfig}
'';
};
mountToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
mountToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ''
[Mount]
${attrsToSection def.mountConfig}
'';
};
automountToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
automountToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ''
[Automount]
${attrsToSection def.automountConfig}
'';
};
sliceToUnit = name: def:
{ inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy;
sliceToUnit = def:
{ inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy;
text = commonUnitText def ''
[Slice]
${attrsToSection def.sliceConfig}

32
nixos/lib/systemd-types.nix
View File

@ -5,8 +5,13 @@ let
automountConfig
makeUnit
mountConfig
pathConfig
sliceConfig
socketConfig
stage1ServiceConfig
stage2ServiceConfig
targetConfig
timerConfig
unitConfig
;
@ -48,29 +53,32 @@ let
;
in
rec {
{
units = attrsOf (submodule ({ name, config, ... }: {
options = concreteUnitOptions;
config = { unit = mkDefault (makeUnit name config); };
config = {
name = mkDefault name;
unit = mkDefault (makeUnit name config);
};
}));
services = attrsOf (submodule [ stage2ServiceOptions unitConfig stage2ServiceConfig ]);
initrdServices = attrsOf (submodule [ stage1ServiceOptions unitConfig stage1ServiceConfig ]);
targets = attrsOf (submodule [ stage2CommonUnitOptions unitConfig ]);
initrdTargets = attrsOf (submodule [ stage1CommonUnitOptions unitConfig ]);
targets = attrsOf (submodule [ stage2CommonUnitOptions unitConfig targetConfig ]);
initrdTargets = attrsOf (submodule [ stage1CommonUnitOptions unitConfig targetConfig ]);
sockets = attrsOf (submodule [ stage2SocketOptions unitConfig ]);
initrdSockets = attrsOf (submodule [ stage1SocketOptions unitConfig ]);
sockets = attrsOf (submodule [ stage2SocketOptions unitConfig socketConfig]);
initrdSockets = attrsOf (submodule [ stage1SocketOptions unitConfig socketConfig ]);
timers = attrsOf (submodule [ stage2TimerOptions unitConfig ]);
initrdTimers = attrsOf (submodule [ stage1TimerOptions unitConfig ]);
timers = attrsOf (submodule [ stage2TimerOptions unitConfig timerConfig ]);
initrdTimers = attrsOf (submodule [ stage1TimerOptions unitConfig timerConfig ]);
paths = attrsOf (submodule [ stage2PathOptions unitConfig ]);
initrdPaths = attrsOf (submodule [ stage1PathOptions unitConfig ]);
paths = attrsOf (submodule [ stage2PathOptions unitConfig pathConfig ]);
initrdPaths = attrsOf (submodule [ stage1PathOptions unitConfig pathConfig ]);
slices = attrsOf (submodule [ stage2SliceOptions unitConfig ]);
initrdSlices = attrsOf (submodule [ stage1SliceOptions unitConfig ]);
slices = attrsOf (submodule [ stage2SliceOptions unitConfig sliceConfig ]);
initrdSlices = attrsOf (submodule [ stage1SliceOptions unitConfig sliceConfig ]);
mounts = listOf (submodule [ stage2MountOptions unitConfig mountConfig ]);
initrdMounts = listOf (submodule [ stage1MountOptions unitConfig mountConfig ]);

8
nixos/lib/systemd-unit-options.nix
View File

@ -65,6 +65,14 @@ in rec {
'';
};
name = lib.mkOption {
type = lib.types.str;
description = ''
The name of this systemd unit, including its extension.
This can be used to refer to this unit from other systemd units.
'';
};
overrideStrategy = mkOption {
default = "asDropinIfExists";
type = types.enum [ "asDropinIfExists" "asDropin" ];

8
nixos/lib/utils.nix
View File

@ -35,7 +35,8 @@ let
inherit (lib.strings) toJSON normalizePath escapeC;
in
rec {
let
utils = rec {
# Copy configuration files to avoid having the entire sources in the system closure
copyFile = filePath: pkgs.runCommand (builtins.unsafeDiscardStringContext (baseNameOf filePath)) {} ''
@ -262,11 +263,12 @@ rec {
filter (x: !(elem (getName x) namesToRemove)) packages;
systemdUtils = {
lib = import ./systemd-lib.nix { inherit lib config pkgs; };
lib = import ./systemd-lib.nix { inherit lib config pkgs utils; };
unitOptions = import ./systemd-unit-options.nix { inherit lib systemdUtils; };
types = import ./systemd-types.nix { inherit lib systemdUtils pkgs; };
network = {
units = import ./systemd-network-units.nix { inherit lib systemdUtils; };
};
};
}
};
in utils

19
nixos/modules/config/malloc.nix
View File

@ -9,8 +9,23 @@ let
graphene-hardened = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = ''
An allocator designed to mitigate memory corruption attacks, such as
those caused by use-after-free bugs.
Hardened memory allocator coming from GrapheneOS project.
The default configuration template has all normal optional security
features enabled and is quite aggressive in terms of sacrificing
performance and memory usage for security.
'';
};
graphene-hardened-light = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc-light.so";
description = ''
Hardened memory allocator coming from GrapheneOS project.
The light configuration template disables the slab quarantines,
write after free check, slot randomization and raises the guard
slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled.
The light configuration has solid performance and memory usage while still
being far more secure than mainstream allocators with much better security
properties.
'';
};

1
nixos/modules/misc/documentation.nix
View File

@ -101,6 +101,7 @@ let
libPath = filter (pkgs.path + "/lib");
pkgsLibPath = filter (pkgs.path + "/pkgs/pkgs-lib");
nixosPath = filter (pkgs.path + "/nixos");
NIX_ABORT_ON_WARN = warningsAreErrors;
modules =
"[ "
+ concatMapStringsSep " " (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy

4
nixos/modules/module-list.nix
View File

@ -325,6 +325,7 @@
./security/duosec.nix
./security/google_oslogin.nix
./security/ipa.nix
./security/isolate.nix
./security/krb5
./security/lock-kernel-modules.nix
./security/misc.nix
@ -559,7 +560,7 @@
./services/hardware/kanata.nix
./services/hardware/lcd.nix
./services/hardware/lirc.nix
./services/hardware/nvidia-container-toolkit-cdi-generator
./services/hardware/nvidia-container-toolkit
./services/hardware/monado.nix
./services/hardware/nvidia-optimus.nix
./services/hardware/openrgb.nix
@ -1012,6 +1013,7 @@
./services/networking/icecream/daemon.nix
./services/networking/icecream/scheduler.nix
./services/networking/imaginary.nix
./services/networking/inadyn.nix
./services/networking/inspircd.nix
./services/networking/iodine.nix
./services/networking/iperf3.nix

4
nixos/modules/programs/fcast-receiver.nix
View File

@ -11,11 +11,11 @@ in
};
options.programs.fcast-receiver = {
enable = mkEnableOption (lib.mdDoc "FCast Receiver");
enable = mkEnableOption "FCast Receiver";
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Open ports needed for the functionality of the program.
'';
};

5
nixos/modules/programs/fzf.nix
View File

@ -15,11 +15,12 @@ in
environment.systemPackages = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) [ pkgs.fzf ];
programs = {
bash.interactiveShellInit = lib.optionalString cfg.fuzzyCompletion ''
# load after programs.bash.enableCompletion
bash.promptPluginInit = lib.mkAfter (lib.optionalString cfg.fuzzyCompletion ''
source ${pkgs.fzf}/share/fzf/completion.bash
'' + lib.optionalString cfg.keybindings ''
source ${pkgs.fzf}/share/fzf/key-bindings.bash
'';
'');
zsh = {
interactiveShellInit = lib.optionalString (!config.programs.zsh.ohMyZsh.enable)

36
nixos/modules/programs/singularity.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -12,9 +17,7 @@ in
Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
'';
};
package = mkPackageOption pkgs "singularity" {
example = "apptainer";
};
package = mkPackageOption pkgs "singularity" { example = "apptainer"; };
packageOverriden = mkOption {
type = types.nullOr types.package;
default = null;
@ -75,17 +78,19 @@ in
};
config = mkIf cfg.enable {
programs.singularity.packageOverriden = (cfg.package.override (
optionalAttrs cfg.enableExternalLocalStateDir {
externalLocalStateDir = "/var/lib";
} // optionalAttrs cfg.enableFakeroot {
newuidmapPath = "/run/wrappers/bin/newuidmap";
newgidmapPath = "/run/wrappers/bin/newgidmap";
} // optionalAttrs cfg.enableSuid {
enableSuid = true;
starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
}
));
programs.singularity.packageOverriden = (
cfg.package.override (
optionalAttrs cfg.enableExternalLocalStateDir { externalLocalStateDir = "/var/lib"; }
// optionalAttrs cfg.enableFakeroot {
newuidmapPath = "/run/wrappers/bin/newuidmap";
newgidmapPath = "/run/wrappers/bin/newgidmap";
}
// optionalAttrs cfg.enableSuid {
enableSuid = true;
starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid";
}
)
);
environment.systemPackages = [ cfg.packageOverriden ];
security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid {
setuid = true;
@ -97,5 +102,4 @@ in
"d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -"
];
};
}

18
nixos/modules/programs/wayland/hyprland.nix
View File

@ -42,6 +42,15 @@ in
xwayland.enable = mkEnableOption ("XWayland") // { default = true; };
envVars.enable = mkEnableOption null // {
default = true;
example = false;
description = ''
Set environment variables for Hyprland to work properly.
Enabled by default.
'';
};
systemd.setPath.enable = mkEnableOption null // {
default = true;
example = false;
@ -74,6 +83,15 @@ in
configPackages = mkDefault [ cfg.finalPackage ];
};
environment.sessionVariables = mkIf cfg.envVars.enable {
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
GDK_BACKEND = "wayland,x11";
QT_QPA_PLATFORM = "wayland;xcb";
_JAVA_AWT_WM_NONREPARENTING = "1"; # Fix for Java applications on tiling window managers
};
systemd = mkIf cfg.systemd.setPath.enable {
user.extraConfig = ''
DefaultEnvironment="PATH=$PATH:/run/current-system/sw/bin:/etc/profiles/per-user/%u/bin:/run/wrappers/bin"

34
nixos/modules/programs/wshowkeys.nix
View File

@ -1,27 +1,31 @@
{ config, lib, pkgs, ... }:
with lib;
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.wshowkeys;
in {
meta.maintainers = with maintainers; [ primeos ];
in
{
options = {
programs.wshowkeys = {
enable = mkEnableOption ''
enable = lib.mkEnableOption ''
wshowkeys (displays keypresses on screen on supported Wayland
compositors). It requires root permissions to read input events, but
these permissions are dropped after startup'';
package = lib.mkPackageOption pkgs "wshowkeys" { };
};
};
config = mkIf cfg.enable {
security.wrappers.wshowkeys =
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.wshowkeys}/bin/wshowkeys";
};
config = lib.mkIf cfg.enable {
security.wrappers.wshowkeys = {
setuid = true;
owner = "root";
group = "root";
source = lib.getExe cfg.package;
};
};
meta.maintainers = with lib.maintainers; [ primeos ];
}

6
nixos/modules/security/duosec.nix
View File

@ -200,7 +200,8 @@ in
unitConfig.DefaultDependencies = false;
script = ''
if test -f "${cfg.secretKeyFile}"; then
mkdir -m 0755 -p /etc/duo
mkdir -p /etc/duo
chmod 0755 /etc/duo
umask 0077
conf="$(mktemp)"
@ -222,7 +223,8 @@ in
unitConfig.DefaultDependencies = false;
script = ''
if test -f "${cfg.secretKeyFile}"; then
mkdir -m 0755 -p /etc/duo
mkdir -p /etc/duo
chmod 0755 /etc/duo
umask 0077
conf="$(mktemp)"

133
nixos/modules/security/isolate.nix Normal file
View File

@ -0,0 +1,133 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkPackageOption mkOption types mkIf maintainers;
cfg = config.security.isolate;
configFile = pkgs.writeText "isolate-config.cf" ''
box_root=${cfg.boxRoot}
lock_root=${cfg.lockRoot}
cg_root=${cfg.cgRoot}
first_uid=${toString cfg.firstUid}
first_gid=${toString cfg.firstGid}
num_boxes=${toString cfg.numBoxes}
restricted_init=${if cfg.restrictedInit then "1" else "0"}
${cfg.extraConfig}
'';
isolate = pkgs.symlinkJoin {
name = "isolate-wrapped-${pkgs.isolate.version}";
paths = [ pkgs.isolate ];
nativeBuildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/isolate \
--set ISOLATE_CONFIG_FILE ${configFile}
wrapProgram $out/bin/isolate-cg-keeper \
--set ISOLATE_CONFIG_FILE ${configFile}
'';
};
in
{
options.security.isolate = {
enable = mkEnableOption ''
Sandbox for securely executing untrusted programs
'';
package = mkPackageOption pkgs "isolate-unwrapped" { };
boxRoot = mkOption {
type = types.path;
default = "/var/lib/isolate/boxes";
description = ''
All sandboxes are created under this directory.
To avoid symlink attacks, this directory and all its ancestors
must be writeable only by root.
'';
};
lockRoot = mkOption {
type = types.path;
default = "/run/isolate/locks";
description = ''
Directory where lock files are created.
'';
};
cgRoot = mkOption {
type = types.str;
default = "auto:/run/isolate/cgroup";
description = ''
Control group which subgroups are placed under.
Either an explicit path to a subdirectory in cgroupfs, or "auto:file" to read
the path from "file", where it is put by `isolate-cg-helper`.
'';
};
firstUid = mkOption {
type = types.numbers.between 1000 65533;
default = 60000;
description = ''
Start of block of UIDs reserved for sandboxes.
'';
};
firstGid = mkOption {
type = types.numbers.between 1000 65533;
default = 60000;
description = ''
Start of block of GIDs reserved for sandboxes.
'';
};
numBoxes = mkOption {
type = types.numbers.between 1000 65533;
default = 1000;
description = ''
Number of UIDs and GIDs to reserve, starting from
{option}`firstUid` and {option}`firstGid`.
'';
};
restrictedInit = mkOption {
type = types.bool;
default = false;
description = ''
If true, only root can create sandboxes.
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Extra configuration to append to the configuration file.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [
isolate
];
systemd.services.isolate = {
description = "Isolate control group hierarchy daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "notify";
ExecStart = "${isolate}/bin/isolate-cg-keeper";
Slice = "isolate.slice";
Delegate = true;
};
};
systemd.slices.isolate = {
description = "Isolate sandbox slice";
};
meta.maintainers = with maintainers; [ virchau13 ];
};
}

41
nixos/modules/services/editors/emacs.md
View File

@ -366,44 +366,3 @@ convenient if you regularly edit Nix files.
You can use `woman` to get completion of all available
man pages. For example, type `M-x woman <RET> nixos-rebuild <RET>.`
### Editing DocBook 5 XML Documents {#sec-emacs-docbook-xml}
Emacs includes
[nXML](https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html),
a major-mode for validating and editing XML documents. When editing DocBook
5.0 documents, such as [this one](#book-nixos-manual),
nXML needs to be configured with the relevant schema, which is not
included.
To install the DocBook 5.0 schemas, either add
{var}`pkgs.docbook5` to [](#opt-environment.systemPackages)
([NixOS](#sec-declarative-package-mgmt)), or run
`nix-env -f '<nixpkgs>' -iA docbook5`
([Nix](#sec-ad-hoc-packages)).
Then customize the variable {var}`rng-schema-locating-files` to
include {file}`~/.emacs.d/schemas.xml` and put the following
text into that file:
::: {.example #ex-emacs-docbook-xml}
### nXML Schema Configuration (`~/.emacs.d/schemas.xml`)
```xml
<?xml version="1.0"?>
<!--
To let emacs find this file, evaluate:
(add-to-list 'rng-schema-locating-files "~/.emacs.d/schemas.xml")
-->
<locatingRules xmlns="http://thaiopensource.com/ns/locating-rules/1.0">
<!--
Use this variation if pkgs.docbook5 is added to environment.systemPackages
-->
<namespace ns="http://docbook.org/ns/docbook"
uri="/run/current-system/sw/share/xml/docbook-5.0/rng/docbookxi.rnc"/>
<!--
Use this variation if installing schema with "nix-env -iA pkgs.docbook5".
<namespace ns="http://docbook.org/ns/docbook"
uri="../.nix-profile/share/xml/docbook-5.0/rng/docbookxi.rnc"/>
-->
</locatingRules>
```
:::

60
nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix
View File

@ -1,60 +0,0 @@
{
addDriverRunpath,
glibc,
jq,
lib,
nvidia-container-toolkit,
nvidia-driver,
runtimeShell,
writeScriptBin,
}:
let
mountOptions = { options = ["ro" "nosuid" "nodev" "bind"]; };
mounts = [
# FIXME: Making /usr mounts optional
{ hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-control";
containerPath = "/usr/bin/nvidia-cuda-mps-control"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-server";
containerPath = "/usr/bin/nvidia-cuda-mps-server"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-debugdump";
containerPath = "/usr/bin/nvidia-debugdump"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-powerd";
containerPath = "/usr/bin/nvidia-powerd"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-smi";
containerPath = "/usr/bin/nvidia-smi"; }
{ hostPath = lib.getExe' nvidia-container-toolkit "nvidia-ctk";
containerPath = "/usr/bin/nvidia-ctk"; }
{ hostPath = "${lib.getLib glibc}/lib";
containerPath = "${lib.getLib glibc}/lib"; }
# FIXME: use closureinfo
{
hostPath = addDriverRunpath.driverLink;
containerPath = addDriverRunpath.driverLink;
}
{ hostPath = "${lib.getLib glibc}/lib";
containerPath = "${lib.getLib glibc}/lib"; }
{ hostPath = "${lib.getLib glibc}/lib64";
containerPath = "${lib.getLib glibc}/lib64"; }
];
jqAddMountExpression = ".containerEdits.mounts[.containerEdits.mounts | length] |= . +";
mountsToJq = lib.concatMap
(mount:
["${lib.getExe jq} '${jqAddMountExpression} ${builtins.toJSON (mount // mountOptions)}'"])
mounts;
in
writeScriptBin "nvidia-cdi-generator"
''
#! ${runtimeShell}
function cdiGenerate {
${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} cdi generate \
--format json \
--ldconfig-path ${lib.getExe' glibc "ldconfig"} \
--library-search-path ${lib.getLib nvidia-driver}/lib \
--nvidia-ctk-path ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"}
}
cdiGenerate | \
${lib.concatStringsSep " | " mountsToJq} > $RUNTIME_DIRECTORY/nvidia-container-toolkit.json
''

40
nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix
View File

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
{
options = {
hardware.nvidia-container-toolkit-cdi-generator.enable = lib.mkOption {
default = false;
internal = true;
visible = false;
type = lib.types.bool;
description = ''
Enable dynamic CDI configuration for NVidia devices by running
nvidia-container-toolkit on boot.
'';
};
};
config = {
systemd.services.nvidia-container-toolkit-cdi-generator = lib.mkIf config.hardware.nvidia-container-toolkit-cdi-generator.enable {
description = "Container Device Interface (CDI) for Nvidia generator";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
serviceConfig = {
RuntimeDirectory = "cdi";
RemainAfterExit = true;
ExecStart =
let
script = pkgs.callPackage ./cdi-generate.nix { nvidia-driver = config.hardware.nvidia.package; };
in
lib.getExe script;
Type = "oneshot";
};
};
};
}

35
nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix Normal file
View File

@ -0,0 +1,35 @@
{
glibc,
jq,
lib,
mounts,
nvidia-container-toolkit,
nvidia-driver,
runtimeShell,
writeScriptBin,
}: let
mkMount = {hostPath, containerPath, mountOptions}: {
inherit hostPath containerPath;
options = mountOptions;
};
jqAddMountExpression = ".containerEdits.mounts[.containerEdits.mounts | length] |= . +";
allJqMounts = lib.concatMap
(mount:
["${lib.getExe jq} '${jqAddMountExpression} ${builtins.toJSON (mkMount mount)}'"])
mounts;
in
writeScriptBin "nvidia-cdi-generator"
''
#! ${runtimeShell}
function cdiGenerate {
${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} cdi generate \
--format json \
--ldconfig-path ${lib.getExe' glibc "ldconfig"} \
--library-search-path ${lib.getLib nvidia-driver}/lib \
--nvidia-ctk-path ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"}
}
cdiGenerate | \
${lib.concatStringsSep " | " allJqMounts} > $RUNTIME_DIRECTORY/nvidia-container-toolkit.json
''

127
nixos/modules/services/hardware/nvidia-container-toolkit/default.nix Normal file
View File

@ -0,0 +1,127 @@
{ config, lib, pkgs, ... }:
{
imports = [
(lib.mkRenamedOptionModule
[ "virtualisation" "containers" "cdi" "dynamic" "nvidia" "enable" ]
[ "hardware" "nvidia-container-toolkit" "enable" ])
];
options = let
mountType = {
options = {
hostPath = lib.mkOption {
type = lib.types.str;
description = "Host path.";
};
containerPath = lib.mkOption {
type = lib.types.str;
description = "Container path.";
};
mountOptions = lib.mkOption {
default = [ "ro" "nosuid" "nodev" "bind" ];
type = lib.types.listOf lib.types.str;
description = "Mount options.";
};
};
};
in {
hardware.nvidia-container-toolkit = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Enable dynamic CDI configuration for NVidia devices by running
nvidia-container-toolkit on boot.
'';
};
mounts = lib.mkOption {
type = lib.types.listOf (lib.types.submodule mountType);
default = [];
description = "Mounts to be added to every container under the Nvidia CDI profile.";
};
mount-nvidia-executables = lib.mkOption {
default = true;
type = lib.types.bool;
description = ''
Mount executables nvidia-smi, nvidia-cuda-mps-control, nvidia-cuda-mps-server,
nvidia-debugdump, nvidia-powerd and nvidia-ctk on containers.
'';
};
mount-nvidia-docker-1-directories = lib.mkOption {
default = true;
type = lib.types.bool;
description = ''
Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and
/usr/local/nvidia/lib64.
'';
};
};
};
config = {
virtualisation.docker.daemon.settings = lib.mkIf
(config.hardware.nvidia-container-toolkit.enable &&
(lib.versionAtLeast config.virtualisation.docker.package.version "25")) {
features.cdi = true;
};
hardware.nvidia-container-toolkit.mounts = let
nvidia-driver = config.hardware.nvidia.package;
in (lib.mkMerge [
[{ hostPath = pkgs.addDriverRunpath.driverLink;
containerPath = pkgs.addDriverRunpath.driverLink; }
{ hostPath = "${lib.getLib pkgs.glibc}/lib";
containerPath = "${lib.getLib pkgs.glibc}/lib"; }
{ hostPath = "${lib.getLib pkgs.glibc}/lib64";
containerPath = "${lib.getLib pkgs.glibc}/lib64"; }]
(lib.mkIf config.hardware.nvidia-container-toolkit.mount-nvidia-executables
[{ hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-control";
containerPath = "/usr/bin/nvidia-cuda-mps-control"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-server";
containerPath = "/usr/bin/nvidia-cuda-mps-server"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-debugdump";
containerPath = "/usr/bin/nvidia-debugdump"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-powerd";
containerPath = "/usr/bin/nvidia-powerd"; }
{ hostPath = lib.getExe' nvidia-driver "nvidia-smi";
containerPath = "/usr/bin/nvidia-smi"; }])
# nvidia-docker 1.0 uses /usr/local/nvidia/lib{,64}
# e.g.
# - https://gitlab.com/nvidia/container-images/cuda/-/blob/e3ff10eab3a1424fe394899df0e0f8ca5a410f0f/dist/12.3.1/ubi9/base/Dockerfile#L44
# - https://github.com/NVIDIA/nvidia-docker/blob/01d2c9436620d7dde4672e414698afe6da4a282f/src/nvidia/volumes.go#L104-L173
(lib.mkIf config.hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories
[{ hostPath = "${lib.getLib nvidia-driver}/lib";
containerPath = "/usr/local/nvidia/lib"; }
{ hostPath = "${lib.getLib nvidia-driver}/lib";
containerPath = "/usr/local/nvidia/lib64"; }])
]);
systemd.services.nvidia-container-toolkit-cdi-generator = lib.mkIf config.hardware.nvidia-container-toolkit.enable {
description = "Container Device Interface (CDI) for Nvidia generator";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
serviceConfig = {
RuntimeDirectory = "cdi";
RemainAfterExit = true;
ExecStart =
let
script = pkgs.callPackage ./cdi-generate.nix {
inherit (config.hardware.nvidia-container-toolkit) mounts;
nvidia-driver = config.hardware.nvidia.package;
};
in
lib.getExe script;
Type = "oneshot";
};
};
};
}

1
nixos/modules/services/home-automation/evcc.nix
View File

@ -63,6 +63,7 @@ in
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
Restart = "on-failure";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"

7
nixos/modules/services/mail/roundcube.nix
View File

@ -7,7 +7,7 @@ let
fpm = config.services.phpfpm.pools.roundcube;
localDB = cfg.database.host == "localhost";
user = cfg.database.username;
phpWithPspell = pkgs.php81.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
phpWithPspell = pkgs.php83.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled);
in
{
options.services.roundcube = {
@ -247,14 +247,15 @@ in
(mkIf (cfg.database.host == "localhost") {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
path = [ config.services.postgresql.package ];
})
{
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ config.services.postgresql.package ];
script = let
psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}";
psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}";
in
''
version="$(${psql} -t <<< "select value from system where name = 'roundcube-version';" || true)"

3
nixos/modules/services/matrix/appservice-irc.nix
View File

@ -214,8 +214,9 @@ in {
RestrictRealtime = true;
PrivateMounts = true;
SystemCallFilter = [
"@system-service @pkey @chown"
"@system-service @pkey"
"~@privileged @resources"
"@chown"
];
SystemCallArchitectures = "native";
# AF_UNIX is required to connect to a postgres socket.

2
nixos/modules/services/matrix/conduit.nix
View File

@ -102,7 +102,7 @@ in
default = {};
description = ''
Generates the conduit.toml configuration file. Refer to
<https://gitlab.com/famedly/conduit/-/blob/master/conduit-example.toml>
<https://docs.conduit.rs/configuration.html>
for details on supported values.
Note that database_path can not be edited because the service's reliance on systemd StateDir.
'';

2
nixos/modules/services/misc/gitea.nix
View File

@ -722,5 +722,5 @@ in
timerConfig.OnCalendar = cfg.dump.interval;
};
};
meta.maintainers = with lib.maintainers; [ srhb ma27 thehedgeh0g ];
meta.maintainers = with lib.maintainers; [ srhb ma27 pyrox0 ];
}

5
nixos/modules/services/misc/greenclip.nix
View File

@ -18,7 +18,10 @@ in {
description = "greenclip daemon";
wantedBy = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${cfg.package}/bin/greenclip daemon";
serviceConfig = {
ExecStart = "${cfg.package}/bin/greenclip daemon";
Restart = "always";
};
};
environment.systemPackages = [ cfg.package ];

3
nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.apcupsd;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9162;

3
nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.artifactory;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9531;

3
nixos/modules/services/monitoring/prometheus/exporters/bind.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.bind;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9119;

8
nixos/modules/services/monitoring/prometheus/exporters/bird.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.bird;
inherit (lib)
mkOption
types
concatStringsSep
singleton
;
in
{
port = 9324;

3
nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.bitcoin;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9332;

8
nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix
View File

@ -1,10 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
logPrefix = "services.prometheus.exporter.blackbox";
cfg = config.services.prometheus.exporters.blackbox;
inherit (lib)
mkOption
types
concatStringsSep
escapeShellArg
;
# This ensures that we can deal with string paths, path types and
# store-path strings with context.

9
nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.buildkite-agent;
inherit (lib)
mkOption
types
concatStringsSep
optionalString
literalExpression
;
in
{
port = 9876;

10
nixos/modules/services/monitoring/prometheus/exporters/collectd.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.collectd;
inherit (lib)
mkOption
mkEnableOption
types
optionalString
concatStringsSep
escapeShellArg
;
in
{
port = 9103;

3
nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.dmarc;
inherit (lib) mkOption types optionalString;
json = builtins.toJSON {
inherit (cfg) folders port;

8
nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.dnsmasq;
inherit (lib)
mkOption
types
concatStringsSep
escapeShellArg
;
in
{
port = 9153;

3
nixos/modules/services/monitoring/prometheus/exporters/domain.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.domain;
inherit (lib) concatStringsSep;
in
{
port = 9222;

8
nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.dovecot;
inherit (lib)
mkOption
types
escapeShellArg
concatStringsSep
;
in
{
port = 9166;

9
nixos/modules/services/monitoring/prometheus/exporters/flow.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.flow;
inherit (lib)
mkOption
types
literalExpression
concatStringsSep
optionalString
;
in {
port = 9590;
extraOpts = {

3
nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.fritzbox;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9133;

2
nixos/modules/services/monitoring/prometheus/exporters/idrac.nix
View File

@ -1,8 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.idrac;
inherit (lib) mkOption types;
configFile = if cfg.configurationPath != null
then cfg.configurationPath

11
nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix
View File

@ -1,7 +1,5 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.imap-mailstat;
valueToString = value:
@ -13,6 +11,15 @@ let
else "XXX ${toString value}"
)
);
inherit (lib)
mkOption
types
concatStrings
concatStringsSep
attrValues
mapAttrs
optionalString
;
createConfigFile = accounts:
# unfortunately on toTOML yet
# https://github.com/NixOS/nix/issues/3929

3
nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.influxdb;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9122;

9
nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix
View File

@ -1,10 +1,15 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
logPrefix = "services.prometheus.exporter.ipmi";
cfg = config.services.prometheus.exporters.ipmi;
inherit (lib)
mkOption
types
concatStringsSep
optionals
escapeShellArg
;
in {
port = 9290;

8
nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.jitsi;
inherit (lib)
mkOption
types
escapeShellArg
concatStringsSep
;
in
{
port = 9700;

9
nixos/modules/services/monitoring/prometheus/exporters/json.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.json;
inherit (lib)
mkOption
types
escapeShellArg
concatStringsSep
mkRemovedOptionModule
;
in
{
port = 7979;

9
nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.junos-czerwonk;
inherit (lib)
mkOption
types
escapeShellArg
mkIf
concatStringsSep
;
configFile = if cfg.configuration != null then configurationFile else (escapeShellArg cfg.configurationFile);

8
nixos/modules/services/monitoring/prometheus/exporters/kea.nix
View File

@ -5,10 +5,14 @@
, ...
}:
with lib;
let
cfg = config.services.prometheus.exporters.kea;
inherit (lib)
mkOption
types
mkRenamedOptionModule
literalExpression
;
in {
imports = [
(mkRenamedOptionModule [ "controlSocketPaths" ] [ "targets" ])

3
nixos/modules/services/monitoring/prometheus/exporters/keylight.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.keylight;
inherit (lib) concatStringsSep;
in
{
port = 9288;

8
nixos/modules/services/monitoring/prometheus/exporters/knot.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.knot;
inherit (lib)
mkOption
types
literalExpression
concatStringsSep
;
in {
port = 9433;
extraOpts = {

3
nixos/modules/services/monitoring/prometheus/exporters/lnd.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.lnd;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9092;

14
nixos/modules/services/monitoring/prometheus/exporters/mail.nix
View File

@ -1,9 +1,19 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.mail;
inherit (lib)
mkOption
types
mapAttrs'
nameValuePair
toLower
filterAttrs
escapeShellArg
literalExpression
mkIf
concatStringsSep
;
configFile = if cfg.configuration != null then configurationFile else (escapeShellArg cfg.configFile);

9
nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.mikrotik;
inherit (lib)
mkOption
types
literalExpression
concatStringsSep
escapeShellArg
;
in
{
port = 9436;

9
nixos/modules/services/monitoring/prometheus/exporters/minio.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.minio;
inherit (lib)
mkOption
types
optionalString
concatStringsSep
escapeShellArg
;
in
{
port = 9290;

3
nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.modemmanager;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 9539;

12
nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix
View File

@ -1,9 +1,17 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.mongodb;
inherit (lib)
mkOption
types
optionalString
getExe
length
concatStringsSep
concatMapStringsSep
escapeShellArgs
;
in
{
port = 9216;

5
nixos/modules/services/monitoring/prometheus/exporters/nats.nix
View File

@ -1,11 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.nats;
inherit (lib) mkOption types concatStringsSep;
in
{
port = 7777;

8
nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.nextcloud;
inherit (lib)
mkOption
types
escapeShellArg
concatStringsSep
;
in
{
port = 9205;

11
nixos/modules/services/monitoring/prometheus/exporters/nginx.nix
View File

@ -1,9 +1,16 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.nginx;
inherit (lib)
mkOption
types
mkMerge
mkRemovedOptionModule
mkRenamedOptionModule
mkIf
concatStringsSep
;
in
{
port = 9113;

3
nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.nginxlog;
inherit (lib) mkOption types;
in {
port = 9117;
extraOpts = {

10
nixos/modules/services/monitoring/prometheus/exporters/node.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.node;
inherit (lib)
mkOption
types
concatStringsSep
concatMapStringsSep
any
optionals
;
collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors;
collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors;
in

8
nixos/modules/services/monitoring/prometheus/exporters/nut.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.nut;
inherit (lib)
mkOption
types
optionalString
concatStringsSep
;
in
{
port = 9199;

3
nixos/modules/services/monitoring/prometheus/exporters/openldap.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.openldap;
inherit (lib) mkOption types concatStringsSep;
in {
port = 9330;
extraOpts = {

9
nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.pgbouncer;
inherit (lib)
mkOption
types
optionals
escapeShellArg
concatStringsSep
;
in
{
port = 9127;

8
nixos/modules/services/monitoring/prometheus/exporters/pihole.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.pihole;
inherit (lib)
mkOption
types
mkRemovedOptionModule
optionalString
;
in
{
imports = [

2
nixos/modules/services/monitoring/prometheus/exporters/ping.nix
View File

@ -1,9 +1,9 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.ping;
inherit (lib) mkOption types concatStringsSep;
settingsFormat = pkgs.formats.yaml {};
configFile = settingsFormat.generate "config.yml" cfg.settings;

10
nixos/modules/services/monitoring/prometheus/exporters/postfix.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.postfix;
inherit (lib)
mkOption
types
mkIf
escapeShellArg
concatStringsSep
optional
;
in
{
port = 9154;

9
nixos/modules/services/monitoring/prometheus/exporters/postgres.nix
View File

@ -1,9 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.postgres;
inherit (lib)
mkOption
types
mkIf
mkForce
concatStringsSep
;
in
{
port = 9187;

8
nixos/modules/services/monitoring/prometheus/exporters/process.nix
View File

@ -1,9 +1,13 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.process;
inherit (lib)
mkOption
types
literalExpression
concatStringsSep
;
configFile = pkgs.writeText "process-exporter.yaml" (builtins.toJSON cfg.settings);
in
{

8
nixos/modules/services/monitoring/prometheus/exporters/pve.nix
View File

@ -1,8 +1,14 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.pve;
inherit (lib)
mkOption
types
mkPackageOption
optionalString
optionalAttrs
;
# pve exporter requires a config file so create an empty one if configFile is not provided
emptyConfigFile = pkgs.writeTextFile {

3
nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.py-air-control;
inherit (lib) mkOption types;
workingDir = "/var/lib/${cfg.stateDir}";

3
nixos/modules/services/monitoring/prometheus/exporters/redis.nix
View File

@ -1,9 +1,8 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.redis;
inherit (lib) concatStringsSep;
in
{
port = 9121;

13
nixos/modules/services/monitoring/prometheus/exporters/restic.nix
View File

@ -1,9 +1,18 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.restic;
inherit (lib)
mkOption
types
concatStringsSep
mkIf
mapAttrs'
splitString
toUpper
optionalAttrs
nameValuePair
;
in
{
port = 9753;

Some files were not shown because too many files have changed in this diff Show More