diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services')
37 files changed, 745 insertions, 296 deletions
diff --git a/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix b/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix index 302b94de196..38d10923494 100644 --- a/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix +++ b/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix @@ -80,12 +80,10 @@ in { configItems = mkOption { default = {}; type = types.attrsOf types.str; - example = '' - { - "auth_backends.1.authn" = "rabbit_auth_backend_ldap"; - "auth_backends.1.authz" = "rabbit_auth_backend_internal"; - } - ''; + example = { + "auth_backends.1.authn" = "rabbit_auth_backend_ldap"; + "auth_backends.1.authz" = "rabbit_auth_backend_internal"; + }; description = '' Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested diff --git a/nixpkgs/nixos/modules/services/databases/memcached.nix b/nixpkgs/nixos/modules/services/databases/memcached.nix index 84d2c8674f4..d1dfdb41bf4 100644 --- a/nixpkgs/nixos/modules/services/databases/memcached.nix +++ b/nixpkgs/nixos/modules/services/databases/memcached.nix @@ -67,6 +67,7 @@ in users.users = optional (cfg.user == "memcached") { name = "memcached"; description = "Memcached server user"; + isSystemUser = true; }; environment.systemPackages = [ memcached ]; diff --git a/nixpkgs/nixos/modules/services/databases/postgresql.nix b/nixpkgs/nixos/modules/services/databases/postgresql.nix index 7bba4dacddc..3bedfe96a18 100644 --- a/nixpkgs/nixos/modules/services/databases/postgresql.nix +++ b/nixpkgs/nixos/modules/services/databases/postgresql.nix @@ -226,7 +226,8 @@ in # Note: when changing the default, make it conditional on # âsystem.stateVersionâ to maintain compatibility with existing # systems! - mkDefault (if versionAtLeast config.system.stateVersion "17.09" then pkgs.postgresql_9_6 + mkDefault (if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11 + else if versionAtLeast config.system.stateVersion "17.09" then pkgs.postgresql_9_6 else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5 else throw "postgresql_9_4 was removed, please upgrade your postgresql version."); diff --git a/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-initial-setup.nix b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-initial-setup.nix new file mode 100644 index 00000000000..d715d52c2d0 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-initial-setup.nix @@ -0,0 +1,86 @@ +# GNOME Initial Setup. + +{ config, pkgs, lib, ... }: + +with lib; + +let + + # GNOME initial setup's run is conditioned on whether + # the gnome-initial-setup-done file exists in XDG_CONFIG_HOME + # Because of this, every existing user will have initial setup + # running because they never ran it before. + # + # To prevent this we create the file if the users stateVersion + # is older than 20.03 (the release we added this module). + + script = pkgs.writeScript "create-gis-stamp-files" '' + #!${pkgs.runtimeShell} + setup_done=$HOME/.config/gnome-initial-setup-done + + echo "Creating g-i-s stamp file $setup_done ..." + cat - > $setup_done <<- EOF + yes + EOF + ''; + + createGisStampFilesAutostart = pkgs.writeTextFile rec { + name = "create-g-i-s-stamp-files"; + destination = "/etc/xdg/autostart/${name}.desktop"; + text = '' + [Desktop Entry] + Type=Application + Name=Create GNOME Initial Setup stamp files + Exec=${script} + StartupNotify=false + NoDisplay=true + OnlyShowIn=GNOME; + AutostartCondition=unless-exists gnome-initial-setup-done + X-GNOME-Autostart-Phase=EarlyInitialization + ''; + }; + +in + +{ + + ###### interface + + options = { + + services.gnome3.gnome-initial-setup = { + + enable = mkEnableOption "GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system"; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.gnome3.gnome-initial-setup.enable { + + environment.systemPackages = [ + pkgs.gnome3.gnome-initial-setup + ] + ++ optional (versionOlder config.system.stateVersion "20.03") createGisStampFilesAutostart + ; + + systemd.packages = [ + pkgs.gnome3.gnome-initial-setup + ]; + + systemd.user.targets."gnome-session".wants = [ + "gnome-initial-setup-copy-worker.service" + "gnome-initial-setup-first-login.service" + "gnome-welcome-tour.service" + ]; + + systemd.user.targets."gnome-session@gnome-initial-setup".wants = [ + "gnome-initial-setup.service" + ]; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix index 7f7adcf26ac..2f83fd653bd 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix @@ -12,6 +12,12 @@ in { + imports = [ + (mkRemovedOptionModule + ["services" "gnome3" "gnome-settings-daemon" "package"] + "") + ]; + ###### interface options = { @@ -20,13 +26,6 @@ in enable = mkEnableOption "GNOME Settings Daemon"; - # There are many forks of gnome-settings-daemon - package = mkOption { - type = types.package; - default = pkgs.gnome3.gnome-settings-daemon; - description = "Which gnome-settings-daemon package to use."; - }; - }; }; @@ -36,9 +35,39 @@ in config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; - - services.udev.packages = [ cfg.package ]; + environment.systemPackages = [ + pkgs.gnome3.gnome-settings-daemon + ]; + + services.udev.packages = [ + pkgs.gnome3.gnome-settings-daemon + ]; + + systemd.packages = [ + pkgs.gnome3.gnome-settings-daemon + ]; + + systemd.user.targets."gnome-session-initialized".wants = [ + "gsd-color.target" + "gsd-datetime.target" + "gsd-keyboard.target" + "gsd-media-keys.target" + "gsd-print-notifications.target" + "gsd-rfkill.target" + "gsd-screensaver-proxy.target" + "gsd-sharing.target" + "gsd-smartcard.target" + "gsd-sound.target" + "gsd-wacom.target" + "gsd-wwan.target" + "gsd-a11y-settings.target" + "gsd-housekeeping.target" + "gsd-power.target" + ]; + + systemd.user.targets."gnome-session-x11-services".wants = [ + "gsd-xsettings.target" + ]; }; diff --git a/nixpkgs/nixos/modules/services/hardware/fancontrol.nix b/nixpkgs/nixos/modules/services/hardware/fancontrol.nix new file mode 100644 index 00000000000..616e4add31e --- /dev/null +++ b/nixpkgs/nixos/modules/services/hardware/fancontrol.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.hardware.fancontrol; + configFile = pkgs.writeText "fan.conf" cfg.config; + +in { + + options.hardware.fancontrol = { + enable = mkEnableOption "fancontrol (requires fancontrol.config)"; + + config = mkOption { + type = types.lines; + default = null; + example = '' + # Configuration file generated by pwmconfig + INTERVAL=1 + DEVPATH=hwmon0=devices/platform/nct6775.656 hwmon1=devices/pci0000:00/0000:00:18.3 + DEVNAME=hwmon0=nct6779 hwmon1=k10temp + FCTEMPS=hwmon0/pwm2=hwmon1/temp1_input + FCFANS=hwmon0/pwm2=hwmon0/fan2_input + MINTEMP=hwmon0/pwm2=25 + MAXTEMP=hwmon0/pwm2=60 + MINSTART=hwmon0/pwm2=25 + MINSTOP=hwmon0/pwm2=10 + MINPWM=hwmon0/pwm2=0 + MAXPWM=hwmon0/pwm2=255 + ''; + description = "Contents for configuration file. See <citerefentry><refentrytitle>pwmconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>."; + }; + }; + + + config = mkIf cfg.enable { + systemd.services.fancontrol = { + description = "Fan speed control from lm_sensors"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.lm_sensors}/bin/fancontrol ${configFile}"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/mail/dovecot.nix b/nixpkgs/nixos/modules/services/mail/dovecot.nix index cdbb776454b..3fd06812c67 100644 --- a/nixpkgs/nixos/modules/services/mail/dovecot.nix +++ b/nixpkgs/nixos/modules/services/mail/dovecot.nix @@ -181,7 +181,7 @@ in }; configFile = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.path; default = null; description = "Config file used for the whole dovecot configuration."; apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf; diff --git a/nixpkgs/nixos/modules/services/misc/gitlab.nix b/nixpkgs/nixos/modules/services/misc/gitlab.nix index 4c1ffead00c..20b87af23a5 100644 --- a/nixpkgs/nixos/modules/services/misc/gitlab.nix +++ b/nixpkgs/nixos/modules/services/misc/gitlab.nix @@ -7,6 +7,11 @@ let ruby = cfg.packages.gitlab.ruby; + postgresqlPackage = if config.services.postgresql.enable then + config.services.postgresql.package + else + pkgs.postgresql; + gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket"; gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket"; pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url; @@ -22,6 +27,9 @@ let } // cfg.extraDatabaseConfig; }; + # We only want to create a database if we're actually going to connect to it. + databaseActuallyCreateLocally = cfg.databaseCreateLocally && cfg.databaseHost == ""; + gitalyToml = pkgs.writeText "gitaly.toml" '' socket_path = "${lib.escape ["\""] gitalySocket}" bin_dir = "${cfg.packages.gitaly}/bin" @@ -138,7 +146,7 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ - --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \ + --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --run 'cd ${cfg.packages.gitlab}/share/gitlab' ''; @@ -153,7 +161,7 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ - --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \ + --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \ --run 'cd ${cfg.packages.gitlab}/share/gitlab' ''; }; @@ -266,8 +274,8 @@ in { description = '' Whether a database should be automatically created on the local host. Set this to <literal>false</literal> if you plan - on provisioning a local database yourself or use an external - one. + on provisioning a local database yourself. This has no effect + if <option>services.gitlab.databaseHost</option> is customized. ''; }; @@ -557,8 +565,8 @@ in { assertions = [ { - assertion = cfg.databaseCreateLocally -> (cfg.user == cfg.databaseUsername); - message = "For local automatic database provisioning services.gitlab.user and services.gitlab.databaseUsername should be identical."; + assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.databaseUsername); + message = ''For local automatic database provisioning (services.gitlab.databaseCreateLocally == true) with peer authentication (services.gitlab.databaseHost == "") to work services.gitlab.user and services.gitlab.databaseUsername must be identical.''; } { assertion = (cfg.databaseHost != "") -> (cfg.databasePasswordFile != null); @@ -592,14 +600,14 @@ in { services.redis.enable = mkDefault true; # We use postgres as the main data store. - services.postgresql = optionalAttrs cfg.databaseCreateLocally { + services.postgresql = optionalAttrs databaseActuallyCreateLocally { enable = true; ensureUsers = singleton { name = cfg.databaseUsername; }; }; # The postgresql module doesn't currently support concepts like # objects owners and extensions; for now we tack on what's needed # here. - systemd.services.postgresql.postStart = mkAfter (optionalString cfg.databaseCreateLocally '' + systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally '' $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'") if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then @@ -675,7 +683,7 @@ in { wantedBy = [ "multi-user.target" ]; environment = gitlabEnv; path = with pkgs; [ - config.services.postgresql.package + postgresqlPackage gitAndTools.git ruby openssh @@ -756,81 +764,13 @@ in { wantedBy = [ "multi-user.target" ]; environment = gitlabEnv; path = with pkgs; [ - config.services.postgresql.package + postgresqlPackage gitAndTools.git openssh nodejs procps gnupg ]; - preStart = '' - cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION - rm -rf ${cfg.statePath}/db/* - cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config - cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db - - ${cfg.packages.gitlab-shell}/bin/install - - ${optionalString cfg.smtp.enable '' - install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb - ${optionalString (cfg.smtp.passwordFile != null) '' - smtp_password=$(<'${cfg.smtp.passwordFile}') - ${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb' - ''} - ''} - - ( - umask u=rwx,g=,o= - - ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret - - ${if cfg.databasePasswordFile != null then '' - export db_password="$(<'${cfg.databasePasswordFile}')" - - if [[ -z "$db_password" ]]; then - >&2 echo "Database password was an empty string!" - exit 1 - fi - - ${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - '.production.password = $ENV.db_password' \ - >'${cfg.statePath}/config/database.yml' - '' - else '' - ${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - >'${cfg.statePath}/config/database.yml' - '' - } - - ${utils.genJqSecretsReplacementSnippet - gitlabConfig - "${cfg.statePath}/config/gitlab.yml" - } - - if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then - rm '${cfg.statePath}/config/secrets.yml' - fi - - export secret="$(<'${cfg.secrets.secretFile}')" - export db="$(<'${cfg.secrets.dbFile}')" - export otp="$(<'${cfg.secrets.otpFile}')" - export jws="$(<'${cfg.secrets.jwsFile}')" - ${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret, - otp_key_base: $ENV.otp, - db_key_base: $ENV.db, - openid_connect_signing_key: $ENV.jws}}' \ - > '${cfg.statePath}/config/secrets.yml' - ) - - initial_root_password="$(<'${cfg.initialRootPasswordFile}')" - ${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \ - GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' - - # We remove potentially broken links to old gitlab-shell versions - rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks - - ${pkgs.git}/bin/git config --global core.autocrlf "input" - ''; serviceConfig = { Type = "simple"; @@ -839,6 +779,89 @@ in { TimeoutSec = "infinity"; Restart = "on-failure"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; + ExecStartPre = let + preStartFullPrivileges = '' + shopt -s dotglob nullglob + chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/* + chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/* + ''; + preStart = '' + cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION + rm -rf ${cfg.statePath}/db/* + rm -rf ${cfg.statePath}/config/initializers/* + cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config + cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db + + ${cfg.packages.gitlab-shell}/bin/install + + ${optionalString cfg.smtp.enable '' + install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb + ${optionalString (cfg.smtp.passwordFile != null) '' + smtp_password=$(<'${cfg.smtp.passwordFile}') + ${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb' + ''} + ''} + + ( + umask u=rwx,g=,o= + + ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret + + if [[ -h '${cfg.statePath}/config/database.yml' ]]; then + rm '${cfg.statePath}/config/database.yml' + fi + + ${if cfg.databasePasswordFile != null then '' + export db_password="$(<'${cfg.databasePasswordFile}')" + + if [[ -z "$db_password" ]]; then + >&2 echo "Database password was an empty string!" + exit 1 + fi + + ${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ + '.production.password = $ENV.db_password' \ + >'${cfg.statePath}/config/database.yml' + '' + else '' + ${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ + >'${cfg.statePath}/config/database.yml' + '' + } + + ${utils.genJqSecretsReplacementSnippet + gitlabConfig + "${cfg.statePath}/config/gitlab.yml" + } + + if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then + rm '${cfg.statePath}/config/secrets.yml' + fi + + export secret="$(<'${cfg.secrets.secretFile}')" + export db="$(<'${cfg.secrets.dbFile}')" + export otp="$(<'${cfg.secrets.otpFile}')" + export jws="$(<'${cfg.secrets.jwsFile}')" + ${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret, + otp_key_base: $ENV.otp, + db_key_base: $ENV.db, + openid_connect_signing_key: $ENV.jws}}' \ + > '${cfg.statePath}/config/secrets.yml' + ) + + initial_root_password="$(<'${cfg.initialRootPasswordFile}')" + ${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \ + GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' > /dev/null + + # We remove potentially broken links to old gitlab-shell versions + rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks + + ${pkgs.git}/bin/git config --global core.autocrlf "input" + ''; + in [ + "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}" + "${pkgs.writeShellScript "gitlab-pre-start" preStart}" + ]; ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/unicorn -c ${cfg.statePath}/config/unicorn.rb -E production"; }; diff --git a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix index 3826f728afd..ff4e4f5b97d 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix @@ -10,7 +10,7 @@ let nixVersion = getVersion nix; - isNix20 = versionAtLeast nixVersion "2.0pre"; + isNix23 = versionAtLeast nixVersion "2.3pre"; makeNixBuildUser = nr: { name = "nixbld${toString nr}"; @@ -27,43 +27,30 @@ let nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers); nixConf = - let - # In Nix < 2.0, If we're using sandbox for builds, then provide - # /bin/sh in the sandbox as a bind-mount to bash. This means we - # also need to include the entire closure of bash. Nix >= 2.0 - # provides a /bin/sh by default. - sh = pkgs.runtimeShell; - binshDeps = pkgs.writeReferencesToFile sh; - in - pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } ('' - ${optionalString (!isNix20) '' - extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done) - ''} + assert versionAtLeast nixVersion "2.2"; + pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } ( + '' cat > $out <<END # WARNING: this file is generated from the nix.* options in # your NixOS configuration, typically # /etc/nixos/configuration.nix. Do not edit it! build-users-group = nixbld - ${if isNix20 then "max-jobs" else "build-max-jobs"} = ${toString (cfg.maxJobs)} - ${if isNix20 then "cores" else "build-cores"} = ${toString (cfg.buildCores)} - ${if isNix20 then "sandbox" else "build-use-sandbox"} = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox} - ${if isNix20 then "extra-sandbox-paths" else "build-sandbox-paths"} = ${toString cfg.sandboxPaths} ${optionalString (!isNix20) "/bin/sh=${sh} $(echo $extraPaths)"} - ${if isNix20 then "substituters" else "binary-caches"} = ${toString cfg.binaryCaches} - ${if isNix20 then "trusted-substituters" else "trusted-binary-caches"} = ${toString cfg.trustedBinaryCaches} - ${if isNix20 then "trusted-public-keys" else "binary-cache-public-keys"} = ${toString cfg.binaryCachePublicKeys} + max-jobs = ${toString (cfg.maxJobs)} + cores = ${toString (cfg.buildCores)} + sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox} + extra-sandbox-paths = ${toString cfg.sandboxPaths} + substituters = ${toString cfg.binaryCaches} + trusted-substituters = ${toString cfg.trustedBinaryCaches} + trusted-public-keys = ${toString cfg.binaryCachePublicKeys} auto-optimise-store = ${boolToString cfg.autoOptimiseStore} - ${if isNix20 then '' - require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"} - '' else '' - signed-binary-caches = ${if cfg.requireSignedBinaryCaches then "*" else ""} - ''} + require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"} trusted-users = ${toString cfg.trustedUsers} allowed-users = ${toString cfg.allowedUsers} - ${optionalString (isNix20 && !cfg.distributedBuilds) '' + ${optionalString (!cfg.distributedBuilds) '' builders = ''} system-features = ${toString cfg.systemFeatures} - ${optionalString (versionAtLeast nixVersion "2.3pre") '' + ${optionalString isNix23 '' sandbox-fallback = false ''} $extraOptions @@ -74,7 +61,7 @@ let '' else '' echo "Checking that Nix can read nix.conf..." ln -s $out ./nix.conf - NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config >/dev/null + NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net"} >/dev/null '') ); @@ -421,8 +408,7 @@ in systemd.services.nix-daemon = { path = [ nix pkgs.utillinux config.programs.ssh.package ] - ++ optionals cfg.distributedBuilds [ pkgs.gzip ] - ++ optionals (!isNix20) [ pkgs.openssl.bin ]; + ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; } @@ -439,34 +425,13 @@ in restartTriggers = [ nixConf ]; }; - nix.envVars = - optionalAttrs (!isNix20) { - NIX_CONF_DIR = "/etc/nix"; - - # Enable the copy-from-other-stores substituter, which allows - # builds to be sped up by copying build results from remote - # Nix stores. To do this, mount the remote file system on a - # subdirectory of /run/nix/remote-stores. - NIX_OTHER_STORES = "/run/nix/remote-stores/*/nix"; - } - - // optionalAttrs (cfg.distributedBuilds && !isNix20) { - NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl"; - }; - # Set up the environment variables for running Nix. environment.sessionVariables = cfg.envVars // { NIX_PATH = cfg.nixPath; }; - environment.extraInit = optionalString (!isNix20) + environment.extraInit = '' - # Set up secure multi-user builds: non-root users build through the - # Nix daemon. - if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then - export NIX_REMOTE=daemon - fi - '' + '' if [ -e "$HOME/.nix-defexpr/channels" ]; then export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" fi @@ -478,21 +443,15 @@ in services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers; - # FIXME: use systemd-tmpfiles to create Nix directories. system.activationScripts.nix = stringAfter [ "etc" "users" ] '' - # Nix initialisation. - install -m 0755 -d \ - /nix/var/nix/gcroots \ - /nix/var/nix/temproots \ - /nix/var/nix/userpool \ - /nix/var/nix/profiles \ - /nix/var/nix/db \ - /nix/var/log/nix/drvs - install -m 1777 -d \ - /nix/var/nix/gcroots/per-user \ - /nix/var/nix/profiles/per-user \ - /nix/var/nix/gcroots/tmp + # Create directories in /nix. + ${nix}/bin/nix ping-store --no-net + + # Subscribe the root user to the NixOS channel by default. + if [ ! -e "/root/.nix-channels" ]; then + echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels" + fi ''; nix.systemFeatures = mkDefault ( diff --git a/nixpkgs/nixos/modules/services/misc/nix-optimise.nix b/nixpkgs/nixos/modules/services/misc/nix-optimise.nix index 416529f690e..e02026d5f76 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-optimise.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-optimise.nix @@ -40,8 +40,8 @@ in systemd.services.nix-optimise = { description = "Nix Store Optimiser"; - # No point running it inside a nixos-container. It should be on the host instead. - unitConfig.ConditionVirtualization = "!container"; + # No point this if the nix daemon (and thus the nix store) is outside + unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket"; serviceConfig.ExecStart = "${config.nix.package}/bin/nix-store --optimise"; startAt = optionals cfg.automatic cfg.dates; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/do-agent.nix b/nixpkgs/nixos/modules/services/monitoring/do-agent.nix new file mode 100644 index 00000000000..2d3fe2f7976 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/do-agent.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.do-agent; +in +{ + options.services.do-agent = { + enable = mkEnableOption "do-agent, the DigitalOcean droplet metrics agent"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.do-agent ]; + + systemd.services.do-agent = { + description = "DigitalOcean Droplet Metrics Agent"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + ExecStart = "${pkgs.do-agent}/bin/do-agent --syslog"; + Restart = "always"; + OOMScoreAdjust = -900; + SyslogIdentifier = "DigitalOceanAgent"; + PrivateTmp = "yes"; + ProtectSystem = "full"; + ProtectHome = "yes"; + NoNewPrivileges = "yes"; + DynamicUser = "yes"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index 84486aa98a4..35b513bac57 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -30,6 +30,7 @@ let "json" "mail" "minio" + "nextcloud" "nginx" "node" "postfix" diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix new file mode 100644 index 00000000000..5f9a52053f7 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.nextcloud; +in +{ + port = 9205; + extraOpts = { + url = mkOption { + type = types.str; + example = "https://domain.tld"; + description = '' + URL to the Nextcloud serverinfo page. + Adding the path to the serverinfo API is optional, it defaults + to <literal>/ocs/v2.php/apps/serverinfo/api/v1/info</literal>. + ''; + }; + username = mkOption { + type = types.str; + default = "nextcloud-exporter"; + description = '' + Username for connecting to Nextcloud. + Note that this account needs to have admin privileges in Nextcloud. + ''; + }; + passwordFile = mkOption { + type = types.path; + example = "/path/to/password-file"; + description = '' + File containing the password for connecting to Nextcloud. + Make sure that this file is readable by the exporter user. + ''; + }; + timeout = mkOption { + type = types.str; + default = "5s"; + description = '' + Timeout for getting server info document. + ''; + }; + }; + serviceOpts = { + serviceConfig = { + DynamicUser = false; + ExecStart = '' + ${pkgs.prometheus-nextcloud-exporter}/bin/nextcloud-exporter \ + -a ${cfg.listenAddress}:${toString cfg.port} \ + -u ${cfg.username} \ + -t ${cfg.timeout} \ + -l ${cfg.url} \ + -p @${cfg.passwordFile} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix index 554377df37b..ba852fea433 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix @@ -49,6 +49,6 @@ in (mkRemovedOptionModule [ "insecure" ] '' This option was replaced by 'prometheus.exporters.nginx.sslVerify'. '') - ({ options.warnings = options.warnings; }) + ({ options.warnings = options.warnings; options.assertions = options.assertions; }) ]; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index 8ae2c927b58..374f83a2939 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -6,6 +6,10 @@ let cfg = config.services.prometheus.exporters.wireguard; in { port = 9586; + imports = [ + (mkRenamedOptionModule [ "addr" ] [ "listenAddress" ]) + ({ options.warnings = options.warnings; options.assertions = options.assertions; }) + ]; extraOpts = { verbose = mkEnableOption "Verbose logging mode for prometheus-wireguard-exporter"; @@ -51,6 +55,7 @@ in { ExecStart = '' ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \ -p ${toString cfg.port} \ + -l ${cfg.listenAddress} \ ${optionalString cfg.verbose "-v"} \ ${optionalString cfg.singleSubnetPerField "-s"} \ ${optionalString cfg.withRemoteIp "-r"} \ diff --git a/nixpkgs/nixos/modules/services/monitoring/thanos.nix b/nixpkgs/nixos/modules/services/monitoring/thanos.nix index 215cd43fd86..52dab28cf72 100644 --- a/nixpkgs/nixos/modules/services/monitoring/thanos.nix +++ b/nixpkgs/nixos/modules/services/monitoring/thanos.nix @@ -126,6 +126,8 @@ let ''; description = '' Path to YAML file that contains tracing configuration. + + See format details: <link xlink:href="https://thanos.io/tracing.md/#configuration"/> ''; }; }; @@ -141,6 +143,8 @@ let <option>tracing.config-file</option> will default to its path. If <option>tracing.config-file</option> is set this option has no effect. + + See format details: <link xlink:href="https://thanos.io/tracing.md/#configuration"/> ''; }; }; @@ -187,6 +191,8 @@ let ''; description = '' Path to YAML file that contains object store configuration. + + See format details: <link xlink:href="https://thanos.io/storage.md/#configuration"/> ''; }; }; @@ -202,6 +208,8 @@ let <option>objstore.config-file</option> will default to its path. If <option>objstore.config-file</option> is set this option has no effect. + + See format details: <link xlink:href="https://thanos.io/storage.md/#configuration"/> ''; }; }; @@ -276,6 +284,24 @@ let block-sync-concurrency = mkParamDef types.int 20 '' Number of goroutines to use when syncing blocks from object storage. ''; + + min-time = mkParamDef types.str "0000-01-01T00:00:00Z" '' + Start of time range limit to serve. + + Thanos Store serves only metrics, which happened later than this + value. Option can be a constant time in RFC3339 format or time duration + relative to current time, such as -1d or 2h45m. Valid duration units are + ms, s, m, h, d, w, y. + ''; + + max-time = mkParamDef types.str "9999-12-31T23:59:59Z" '' + End of time range limit to serve. + + Thanos Store serves only blocks, which happened eariler than this + value. Option can be a constant time in RFC3339 format or time duration + relative to current time, such as -1d or 2h45m. Valid duration units are + ms, s, m, h, d, w, y. + ''; }; query = params.common cfg.query // { @@ -560,6 +586,14 @@ let ''; }; + downsampling.disable = mkFlagParam '' + Disables downsampling. + + This is not recommended as querying long time ranges without + non-downsampled data is not efficient and useful e.g it is not possible + to render all samples for a human eye anyway + ''; + block-sync-concurrency = mkParamDef types.int 20 '' Number of goroutines to use when syncing block metadata from object storage. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix index 4b4049ed360..e9f1590760a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix @@ -30,6 +30,7 @@ let DBUser = ${cfg.database.user} ${optionalString (cfg.database.passwordFile != null) "Include ${passwordFile}"} ${optionalString (mysqlLocal && cfg.database.socket != null) "DBSocket = ${cfg.database.socket}"} + PidFile = ${runtimeDir}/zabbix_server.pid SocketDir = ${runtimeDir} FpingLocation = /run/wrappers/bin/fping ${optionalString (cfg.modules != {}) "LoadModulePath = ${moduleEnv}/lib"} diff --git a/nixpkgs/nixos/modules/services/network-filesystems/samba.nix b/nixpkgs/nixos/modules/services/network-filesystems/samba.nix index 055508a3224..ce565dbaab8 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/samba.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/samba.nix @@ -45,6 +45,7 @@ let daemonService = appName: args: { description = "Samba Service Daemon ${appName}"; + after = [ "network.target" ]; requiredBy = [ "samba.target" ]; partOf = [ "samba.target" ]; diff --git a/nixpkgs/nixos/modules/services/networking/mxisd.nix b/nixpkgs/nixos/modules/services/networking/mxisd.nix index 02e89f441b3..a3d61922e57 100644 --- a/nixpkgs/nixos/modules/services/networking/mxisd.nix +++ b/nixpkgs/nixos/modules/services/networking/mxisd.nix @@ -3,6 +3,15 @@ with lib; let + + isMa1sd = + package: + lib.hasPrefix "ma1sd" package.name; + + isMxisd = + package: + lib.hasPrefix "mxisd" package.name; + cfg = config.services.mxisd; server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; } @@ -12,37 +21,41 @@ let matrix.domain = cfg.matrix.domain; key.path = "${cfg.dataDir}/signing.key"; storage = { - provider.sqlite.database = "${cfg.dataDir}/mxisd.db"; + provider.sqlite.database = if isMa1sd cfg.package + then "${cfg.dataDir}/ma1sd.db" + else "${cfg.dataDir}/mxisd.db"; }; } // optionalAttrs (server != {}) { inherit server; }; # merges baseConfig and extraConfig into a single file fullConfig = recursiveUpdate baseConfig cfg.extraConfig; - configFile = pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig); + configFile = if isMa1sd cfg.package + then pkgs.writeText "ma1sd-config.yaml" (builtins.toJSON fullConfig) + else pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig); in { options = { services.mxisd = { - enable = mkEnableOption "mxisd matrix federated identity server"; + enable = mkEnableOption "matrix federated identity server"; package = mkOption { type = types.package; default = pkgs.mxisd; defaultText = "pkgs.mxisd"; - description = "The mxisd package to use"; + description = "The mxisd/ma1sd package to use"; }; dataDir = mkOption { type = types.str; default = "/var/lib/mxisd"; - description = "Where data mxisd uses resides"; + description = "Where data mxisd/ma1sd uses resides"; }; extraConfig = mkOption { type = types.attrs; default = {}; - description = "Extra options merged into the mxisd configuration"; + description = "Extra options merged into the mxisd/ma1sd configuration"; }; matrix = { @@ -62,7 +75,7 @@ in { type = types.nullOr types.str; default = null; description = '' - Public hostname of mxisd, if different from the Matrix domain. + Public hostname of mxisd/ma1sd, if different from the Matrix domain. ''; }; @@ -103,11 +116,13 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig = { + serviceConfig = let + executable = if isMa1sd cfg.package then "ma1sd" else "mxisd"; + in { Type = "simple"; User = "mxisd"; Group = "mxisd"; - ExecStart = "${cfg.package}/bin/mxisd -c ${configFile}"; + ExecStart = "${cfg.package}/bin/${executable} -c ${configFile}"; WorkingDirectory = cfg.dataDir; Restart = "on-failure"; }; diff --git a/nixpkgs/nixos/modules/services/networking/networkmanager.nix b/nixpkgs/nixos/modules/services/networking/networkmanager.nix index 887c89ddf3a..176d26e07b0 100644 --- a/nixpkgs/nixos/modules/services/networking/networkmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/networkmanager.nix @@ -5,11 +5,25 @@ with lib; let cfg = config.networking.networkmanager; + basePackages = with pkgs; [ + crda + modemmanager + networkmanager + networkmanager-fortisslvpn + networkmanager-iodine + networkmanager-l2tp + networkmanager-openconnect + networkmanager-openvpn + networkmanager-vpnc + ] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant; + dynamicHostsEnabled = cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {}; delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; + enableIwd = cfg.wifi.backend == "iwd"; + # /var/lib/misc is for dnsmasq.leases. stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; @@ -38,6 +52,7 @@ let [device] wifi.scan-rand-mac-address=${if cfg.wifi.scanRandMacAddress then "yes" else "no"} + wifi.backend=${cfg.wifi.backend} ${cfg.extraConfig} ''; @@ -176,25 +191,13 @@ in { ''; }; - # Ugly hack for using the correct gnome3 packageSet - basePackages = mkOption { - type = types.attrsOf types.package; - default = { inherit (pkgs) - networkmanager modemmanager crda - networkmanager-openvpn networkmanager-vpnc - networkmanager-openconnect networkmanager-fortisslvpn - networkmanager-l2tp networkmanager-iodine; } - // optionalAttrs (!delegateWireless) { inherit (pkgs) wpa_supplicant; }; - internal = true; - }; - packages = mkOption { - type = types.listOf types.path; + type = types.listOf types.package; default = [ ]; description = '' Extra packages that provide NetworkManager plugins. ''; - apply = list: (attrValues cfg.basePackages) ++ list; + apply = list: basePackages ++ list; }; dhcp = mkOption { @@ -236,6 +239,15 @@ in { wifi = { macAddress = macAddressOpt; + backend = mkOption { + type = types.enum [ "wpa_supplicant" "iwd" ]; + default = "wpa_supplicant"; + description = '' + Specify the Wi-Fi backend used for the device. + Currently supported are <option>wpa_supplicant</option> or <option>iwd</option> (experimental). + ''; + }; + powersave = mkOption { type = types.nullOr types.bool; default = null; @@ -390,12 +402,12 @@ in { { assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq"); message = '' To use networking.networkmanager.dynamicHosts you also need to set - networking.networkmanager.dns = "dnsmasq" + `networking.networkmanager.dns = "dnsmasq"` ''; } ]; - environment.etc = with cfg.basePackages; [ + environment.etc = with pkgs; [ { source = configFile; target = "NetworkManager/NetworkManager.conf"; } @@ -469,12 +481,16 @@ in { mkdir -m 700 -p /etc/ipsec.d mkdir -m 755 -p ${stateDirs} ''; + + aliases = [ "dbus-org.freedesktop.NetworkManager.service" ]; }; systemd.services.NetworkManager-wait-online = { wantedBy = [ "network-online.target" ]; }; + systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ]; + systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled { wantedBy = [ "NetworkManager.service" ]; before = [ "NetworkManager.service" ]; @@ -496,6 +512,7 @@ in { # useful binaries for user-specified hooks path = [ pkgs.iproute pkgs.utillinux pkgs.coreutils ]; + aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ]; }; # Turn off NixOS' network management when networking is managed entirely by NetworkManager @@ -505,6 +522,8 @@ in { wireless.enable = mkDefault false; }) // (mkIf cfg.enableStrongSwan { networkmanager.packages = [ pkgs.networkmanager_strongswan ]; + }) // (mkIf enableIwd { + wireless.iwd.enable = true; }); security.polkit.extraConfig = polkitConf; diff --git a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix index 63e59e7c8fa..294c0d70ede 100644 --- a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix @@ -103,6 +103,13 @@ in { description = '' Set this to <literal>true</literal> if the SSID of the network is hidden. ''; + example = literalExample '' + { echelon = { + hidden = true; + psk = "abcdefgh"; + }; + } + ''; }; priority = mkOption { @@ -146,10 +153,13 @@ in { ''; default = {}; example = literalExample '' - { echelon = { + { echelon = { # SSID with no spaces or special characters psk = "abcdefgh"; }; - "free.wifi" = {}; + "echelon's AP" = { # SSID with spaces and/or special characters + psk = "ijklmnop"; + }; + "free.wifi" = {}; # Public wireless network } ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/zeronet.nix b/nixpkgs/nixos/modules/services/networking/zeronet.nix index f4988a90268..f354a9d42c7 100644 --- a/nixpkgs/nixos/modules/services/networking/zeronet.nix +++ b/nixpkgs/nixos/modules/services/networking/zeronet.nix @@ -1,44 +1,39 @@ { config, lib, pkgs, ... }: let + inherit (lib) generators literalExample mkEnableOption mkIf mkOption recursiveUpdate types; cfg = config.services.zeronet; - - zConfFile = pkgs.writeTextFile { - name = "zeronet.conf"; - - text = '' - [global] - data_dir = ${cfg.dataDir} - log_dir = ${cfg.logDir} - '' + lib.optionalString (cfg.port != null) '' - ui_port = ${toString cfg.port} - '' + lib.optionalString (cfg.fileserverPort != null) '' - fileserver_port = ${toString cfg.fileserverPort} - '' + lib.optionalString (cfg.torAlways) '' - tor = always - '' + cfg.extraConfig; + dataDir = "/var/lib/zeronet"; + configFile = pkgs.writeText "zeronet.conf" (generators.toINI {} (recursiveUpdate defaultSettings cfg.settings)); + + defaultSettings = { + global = { + data_dir = dataDir; + log_dir = dataDir; + ui_port = cfg.port; + fileserver_port = cfg.fileserverPort; + tor = if !cfg.tor then "disable" else if cfg.torAlways then "always" else "enable"; + }; }; in with lib; { options.services.zeronet = { enable = mkEnableOption "zeronet"; - dataDir = mkOption { - type = types.path; - default = "/var/lib/zeronet"; - example = "/home/okina/zeronet"; - description = "Path to the zeronet data directory."; - }; + settings = mkOption { + type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + default = {}; + example = literalExample "global.tor = enable;"; - logDir = mkOption { - type = types.path; - default = "/var/log/zeronet"; - example = "/home/okina/zeronet/log"; - description = "Path to the zeronet log directory."; + description = '' + <filename>zeronet.conf</filename> configuration. Refer to + <link xlink:href="https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file"/> + for details on supported values; + ''; }; port = mkOption { - type = types.nullOr types.int; - default = null; + type = types.int; + default = 43110; example = 43110; description = "Optional zeronet web UI port."; }; @@ -63,22 +58,13 @@ in with lib; { default = false; description = "Use TOR for all zeronet traffic."; }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - - description = '' - Extra configuration. Contents will be added verbatim to the - configuration file at the end. - ''; - }; }; config = mkIf cfg.enable { services.tor = mkIf cfg.tor { enable = true; controlPort = 9051; + extraConfig = '' CacheDirectoryGroupReadable 1 CookieAuthentication 1 @@ -86,37 +72,25 @@ in with lib; { ''; }; - systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}' 750 zeronet zeronet - -" - "d '${cfg.logDir}' 750 zeronet zeronet - -" - ]; - systemd.services.zeronet = { description = "zeronet"; after = [ "network.target" (optionalString cfg.tor "tor.service") ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - PrivateTmp = "yes"; User = "zeronet"; - Group = "zeronet"; - ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${zConfFile}"; - }; - }; - - users = { - groups.zeronet.gid = config.ids.gids.zeronet; - - users.zeronet = { - description = "zeronet service user"; - home = cfg.dataDir; - createHome = true; - group = "zeronet"; - extraGroups = mkIf cfg.tor [ "tor" ]; - uid = config.ids.uids.zeronet; + DynamicUser = true; + StateDirectory = "zeronet"; + SupplementaryGroups = mkIf cfg.tor [ "tor" ]; + ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${configFile}"; }; }; }; + imports = [ + (mkRemovedOptionModule [ "services" "zeronet" "dataDir" ] "Zeronet will store data by default in /var/lib/zeronet") + (mkRemovedOptionModule [ "services" "zeronet" "logDir" ] "Zeronet will log by default in /var/lib/zeronet") + ]; + meta.maintainers = with maintainers; [ chiiruno ]; } diff --git a/nixpkgs/nixos/modules/services/security/fprintd.nix b/nixpkgs/nixos/modules/services/security/fprintd.nix index 5662ebc61d2..8ece1ca1901 100644 --- a/nixpkgs/nixos/modules/services/security/fprintd.nix +++ b/nixpkgs/nixos/modules/services/security/fprintd.nix @@ -50,13 +50,6 @@ in systemd.packages = [ cfg.package ]; - - # The upstream unit does not use StateDirectory, and will - # fail if the directory it needs is not present. Should be - # fixed when https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/5 - # is merged. - systemd.services.fprintd.serviceConfig.StateDirectory = "fprint"; - }; } diff --git a/nixpkgs/nixos/modules/services/web-apps/documize.nix b/nixpkgs/nixos/modules/services/web-apps/documize.nix index 37359869cb6..1b90299aa23 100644 --- a/nixpkgs/nixos/modules/services/web-apps/documize.nix +++ b/nixpkgs/nixos/modules/services/web-apps/documize.nix @@ -14,6 +14,15 @@ in { options.services.documize = { enable = mkEnableOption "Documize Wiki"; + stateDirectoryName = mkOption { + type = types.str; + default = "documize"; + description = '' + The name of the directory below <filename>/var/lib/private</filename> + where documize runs in and stores, for example, backups. + ''; + }; + package = mkOption { type = types.package; default = pkgs.documize-community; @@ -132,6 +141,8 @@ in { ]; Restart = "always"; DynamicUser = "yes"; + StateDirectory = cfg.stateDirectoryName; + WorkingDirectory = "/var/lib/${cfg.stateDirectoryName}"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/shiori.nix b/nixpkgs/nixos/modules/services/web-apps/shiori.nix new file mode 100644 index 00000000000..1817a203935 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/shiori.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.shiori; +in { + options = { + services.shiori = { + enable = mkEnableOption "Shiori simple bookmarks manager"; + + package = mkOption { + type = types.package; + default = pkgs.shiori; + defaultText = "pkgs.shiori"; + description = "The Shiori package to use."; + }; + + address = mkOption { + type = types.str; + default = ""; + description = '' + The IP address on which Shiori will listen. + If empty, listens on all interfaces. + ''; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "The port of the Shiori web application"; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.shiori = with cfg; { + description = "Shiori simple bookmarks manager"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'"; + DynamicUser = true; + Environment = "SHIORI_DIR=/var/lib/shiori"; + StateDirectory = "shiori"; + }; + }; + }; + + meta.maintainers = with maintainers; [ minijackson ]; +} diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix index 098160ee369..b0374d949fc 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -12,7 +12,7 @@ let php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; - phpMajorVersion = head (splitString "." php.version); + phpMajorVersion = lib.versions.major (lib.getVersion php); mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { apacheHttpd = httpd; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix index e597f34700a..eb90dae94df 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix @@ -61,7 +61,10 @@ let ${optionalString (cfg.httpConfig == "" && cfg.config == "") '' http { - include ${cfg.package}/conf/mime.types; + # The mime type definitions included with nginx are very incomplete, so + # we use a list of mime types from the mailcap package, which is also + # used by most other Linux distributions by default. + include ${pkgs.mailcap}/etc/nginx/mime.types; include ${cfg.package}/conf/fastcgi.conf; include ${cfg.package}/conf/uwsgi_params; @@ -119,6 +122,14 @@ let include ${recommendedProxyConfig}; ''} + ${optionalString (cfg.mapHashBucketSize != null) '' + map_hash_bucket_size ${toString cfg.mapHashBucketSize}; + ''} + + ${optionalString (cfg.mapHashMaxSize != null) '' + map_hash_max_size ${toString cfg.mapHashMaxSize}; + ''} + # $connection_upgrade is used for websocket proxying map $http_upgrade $connection_upgrade { default upgrade; @@ -507,6 +518,23 @@ in ''; }; + mapHashBucketSize = mkOption { + type = types.nullOr (types.enum [ 32 64 128 ]); + default = null; + description = '' + Sets the bucket size for the map variables hash tables. Default + value depends on the processorâs cache line size. + ''; + }; + + mapHashMaxSize = mkOption { + type = types.nullOr types.ints.positive; + default = null; + description = '' + Sets the maximum size of the map variables hash tables. + ''; + }; + resolver = mkOption { type = types.submodule { options = { diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix index 30c5250221c..20385c884b5 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -28,6 +28,8 @@ let (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") (defaultPackages ++ cfg.extraGSettingsOverridePackages)} + cp -f ${pkgs.gnome3.gnome-shell}/share/gsettings-schemas/*/glib-2.0/schemas/*.gschema.override $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas + chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF [org.gnome.desktop.background] @@ -155,10 +157,10 @@ in environment.systemPackages = cfg.sessionPath; - environment.variables.GNOME_SESSION_DEBUG = mkIf cfg.debug "1"; + environment.sessionVariables.GNOME_SESSION_DEBUG = mkIf cfg.debug "1"; # Override GSettings schemas - environment.variables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; + environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; # If gnome3 is installed, build vim for gtk3 too. nixpkgs.config.vim.gui = "gtk3"; @@ -209,14 +211,6 @@ in networking.networkmanager.enable = mkDefault true; - # Use the correct gnome3 packageSet - networking.networkmanager.basePackages = { - inherit (pkgs) networkmanager modemmanager wpa_supplicant crda; - inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc - networkmanager-openconnect networkmanager-fortisslvpn - networkmanager-iodine networkmanager-l2tp; - }; - services.xserver.updateDbusEnvironment = true; # Needed for themes and backgrounds @@ -229,6 +223,7 @@ in services.colord.enable = mkDefault true; services.gnome3.chrome-gnome-shell.enable = mkDefault true; services.gnome3.glib-networking.enable = true; + services.gnome3.gnome-initial-setup.enable = mkDefault true; services.gnome3.gnome-remote-desktop.enable = mkDefault true; services.gnome3.gnome-settings-daemon.enable = true; services.gnome3.gnome-user-share.enable = mkDefault true; @@ -236,7 +231,8 @@ in services.gvfs.enable = true; services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); services.telepathy.enable = mkDefault true; - systemd.packages = [ pkgs.gnome3.vino ]; + + systemd.packages = with pkgs.gnome3; [ vino gnome-session ]; services.avahi.enable = mkDefault true; @@ -329,10 +325,10 @@ in # Let nautilus find extensions # TODO: Create nautilus-with-extensions package - environment.variables.NAUTILUS_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-3.0"; + environment.sessionVariables.NAUTILUS_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-3.0"; # Override default mimeapps for nautilus - environment.variables.XDG_DATA_DIRS = [ "${mimeAppsList}/share" ]; + environment.sessionVariables.XDG_DATA_DIRS = [ "${mimeAppsList}/share" ]; environment.pathsToLink = [ "/share/nautilus-python/extensions" diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix index 4563583e070..fe63f36cf96 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix @@ -85,6 +85,7 @@ in pkgs.gtk3.out pkgs.shared-mime-info pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ + pkgs.mate.mate-settings-daemon ]; programs.dconf.enable = true; @@ -98,7 +99,7 @@ in services.gnome3.at-spi2-core.enable = true; services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-settings-daemon.enable = true; - services.gnome3.gnome-settings-daemon.package = pkgs.mate.mate-settings-daemon; + services.udev.packages = [ pkgs.mate.mate-settings-daemon ]; services.gvfs.enable = true; services.upower.enable = config.powerManagement.enable; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index d80ea9a53e8..80dab135ee2 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -109,8 +109,9 @@ in services.pantheon.files.enable = mkDefault true; services.tumbler.enable = mkDefault true; services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); - services.dbus.packages = [ - pkgs.pantheon.switchboard-plug-power + services.dbus.packages = with pkgs.pantheon; [ + switchboard-plug-power + elementary-default-settings ]; services.pantheon.contractor.enable = mkDefault true; services.gnome3.at-spi2-core.enable = true; @@ -119,7 +120,7 @@ in # TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-settings-daemon.enable = true; - services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon; + services.udev.packages = [ pkgs.pantheon.elementary-settings-daemon ]; services.gvfs.enable = true; services.gnome3.rygel.enable = mkDefault true; services.gsignond.enable = mkDefault true; @@ -154,11 +155,6 @@ in qt5.style = "adwaita"; networking.networkmanager.enable = mkDefault true; - networking.networkmanager.basePackages = - { inherit (pkgs) networkmanager modemmanager wpa_supplicant crda; - inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc - networkmanager-openconnect networkmanager-fortisslvpn - networkmanager-iodine networkmanager-l2tp; }; # Override GSettings schemas environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix index b10755df4dc..b6fb7218da6 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -183,7 +183,8 @@ in ++ lib.optional config.hardware.pulseaudio.enable plasma-pa ++ lib.optional config.powerManagement.enable powerdevil ++ lib.optional config.services.colord.enable colord-kde - ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]; + ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ] + ++ lib.optional config.services.xserver.wacom.enable wacomtablet; environment.pathsToLink = [ # FIXME: modules should link subdirs of `/share` rather than relying on this diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce4-14.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce4-14.nix index 130e865a1fb..ffc99172e79 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce4-14.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce4-14.nix @@ -91,7 +91,11 @@ in ++ optional config.powerManagement.enable xfce4-power-manager ++ optionals config.hardware.pulseaudio.enable [ pavucontrol - xfce4-pulseaudio-plugin + # volume up/down keys support: + # xfce4-pulseaudio-plugin includes all the functionalities of xfce4-volumed-pulse + # but can only be used with xfce4-panel, so for no-desktop usage we still include + # xfce4-volumed-pulse + (if cfg.noDesktop then xfce4-volumed-pulse else xfce4-pulseaudio-plugin) ] ++ optionals cfg.enableXfwm [ xfwm4 xfwm4-themes @@ -108,14 +112,6 @@ in "/share/gtksourceview-4.0" ]; - # Use the correct gnome3 packageSet - networking.networkmanager.basePackages = mkIf config.networking.networkmanager.enable { - inherit (pkgs) networkmanager modemmanager wpa_supplicant crda; - inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc - networkmanager-openconnect networkmanager-fortisslvpn - networkmanager-iodine networkmanager-l2tp; - }; - services.xserver.desktopManager.session = [{ name = "xfce4-14"; bgSupport = true; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix index 0a5d52e319e..597fb57a179 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix @@ -42,10 +42,7 @@ in services.xserver.displayManager.gdm = { enable = mkEnableOption '' - GDM as the display manager. - <emphasis>GDM in NixOS is not well-tested with desktops other - than GNOME, so use with caution, as it could render the - system unusable.</emphasis> + GDM, the GNOME Display Manager ''; debug = mkEnableOption '' @@ -153,6 +150,12 @@ in mkdir -p /run/gdm/.config/pulse ln -sf ${pulseConfig} /run/gdm/.config/pulse/default.pa chown -R gdm:gdm /run/gdm/.config + '' + optionalString config.services.gnome3.gnome-initial-setup.enable '' + # Create stamp file for gnome-initial-setup to prevent run. + mkdir -p /run/gdm/.config + cat - > /run/gdm/.config/gnome-initial-setup-done <<- EOF + yes + EOF ''; }; @@ -162,6 +165,16 @@ in "rc-local.service" "systemd-machined.service" "systemd-user-sessions.service" + "getty@tty${gdm.initialVT}.service" + "plymouth-quit.service" + "plymouth-start.service" + ]; + systemd.services.display-manager.conflicts = [ + "getty@tty${gdm.initialVT}.service" + "plymouth-quit.service" + ]; + systemd.services.display-manager.onFailure = [ + "plymouth-quit.service" ]; systemd.services.display-manager.serviceConfig = { @@ -171,6 +184,9 @@ in BusName = "org.gnome.DisplayManager"; StandardOutput = "syslog"; StandardError = "inherit"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; + KeyringMode = "shared"; + EnvironmentFile = "-/etc/locale.conf"; }; systemd.services.display-manager.path = [ pkgs.gnome3.gnome-session ]; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix index f105cb496e6..cf4c05acbcc 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix @@ -220,6 +220,43 @@ in exec ${lightdm}/sbin/lightdm ''; + # Replaces getty + systemd.services.display-manager.conflicts = [ + "getty@tty7.service" + # TODO: Add "plymouth-quit.service" so LightDM can control when plymouth + # quits. Currently this breaks switching to configurations with plymouth. + ]; + + # Pull in dependencies of services we replace. + systemd.services.display-manager.after = [ + "rc-local.service" + "systemd-machined.service" + "systemd-user-sessions.service" + "getty@tty7.service" + "user.slice" + ]; + + # user.slice needs to be present + systemd.services.display-manager.requires = [ + "user.slice" + ]; + + # lightdm stops plymouth so when it fails make sure plymouth stops. + systemd.services.display-manager.onFailure = [ + "plymouth-quit.service" + ]; + + systemd.services.display-manager.serviceConfig = { + BusName = "org.freedesktop.DisplayManager"; + IgnoreSIGPIPE = "no"; + # This allows lightdm to pass the LUKS password through to PAM. + # login keyring is unlocked automatic when autologin is used. + KeyringMode = "shared"; + KillMode = "mixed"; + StandardError = "inherit"; + StandardOutput = "syslog"; + }; + environment.etc."lightdm/lightdm.conf".source = lightdmConf; environment.etc."lightdm/users.conf".source = usersConf; diff --git a/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix b/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix index 95353e92098..5ac824c5e41 100644 --- a/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix +++ b/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix @@ -47,7 +47,12 @@ in { assertions = [ { assertion = !config.services.xserver.libinput.enable; - message = "cmt and libinput are incompatible, you cannot enable both (in services.xserver)."; + message = '' + cmt and libinput are incompatible, meaning you cannot enable them both. + To use cmt you need to disable libinput with `services.xserver.libinput.enable = false` + If you haven't enabled it in configuration.nix, it's enabled by default on a + different xserver module. + ''; } ]; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix new file mode 100644 index 00000000000..03375a226bb --- /dev/null +++ b/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.xserver.windowManager.cwm; +in +{ + options = { + services.xserver.windowManager.cwm.enable = mkEnableOption "cwm"; + }; + config = mkIf cfg.enable { + services.xserver.windowManager.session = singleton + { name = "cwm"; + start = + '' + cwm & + waitPID=$! + ''; + }; + environment.systemPackages = [ pkgs.cwm ]; + }; +} diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/default.nix b/nixpkgs/nixos/modules/services/x11/window-managers/default.nix index 2a1f22fa9a4..c17f3830d0e 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/default.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/default.nix @@ -11,6 +11,7 @@ in ./2bwm.nix ./afterstep.nix ./bspwm.nix + ./cwm.nix ./dwm.nix ./evilwm.nix ./exwm.nix |