diff options
author | pennae <82953136+pennae@users.noreply.github.com> | 2022-09-01 16:10:09 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-01 16:10:09 +0200 |
commit | 3bddcf5f9002814a8bec50025418faa3fd3f6138 (patch) | |
tree | 5ae3ebf10acce3ad00d4a2468f8e64c41a2c749b /nixos/modules/services | |
parent | 1d41cff3dc4c8f37bb5841f51fcbff705e169178 (diff) | |
parent | e7312d54f184e5c3e0f1ef29028f6dae8fa34a97 (diff) |
Merge branch 'master' into option-docs-md
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/cluster/k3s/default.nix | 56 | ||||
-rw-r--r-- | nixos/modules/services/networking/kea.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/keepalived/default.nix | 26 | ||||
-rw-r--r-- | nixos/modules/services/networking/searx.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/security/vaultwarden/default.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/writefreely.nix | 485 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/lightdm.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/x11/window-managers/awesome.nix | 2 |
10 files changed, 581 insertions, 13 deletions
diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix index 0876f4ad955db..693f388de14a6 100644 --- a/nixos/modules/services/cluster/k3s/default.nix +++ b/nixos/modules/services/cluster/k3s/default.nix @@ -25,7 +25,17 @@ in role = mkOption { description = lib.mdDoc '' Whether k3s should run as a server or agent. - Note that the server, by default, also runs as an agent. + + If it's a server: + + - By default it also runs workloads as an agent. + - Starts by default as a standalone server using an embedded sqlite datastore. + - Configure `clusterInit = true` to switch over to embedded etcd datastore and enable HA mode. + - Configure `serverAddr` to join an already-initialized HA cluster. + + If it's an agent: + + - `serverAddr` is required. ''; default = "server"; type = types.enum [ "server" "agent" ]; @@ -33,15 +43,44 @@ in serverAddr = mkOption { type = types.str; - description = lib.mdDoc "The k3s server to connect to. This option only makes sense for an agent."; + description = lib.mdDoc '' + The k3s server to connect to. + + Servers and agents need to communicate each other. Read + [the networking docs](https://rancher.com/docs/k3s/latest/en/installation/installation-requirements/#networking) + to know how to configure the firewall. + ''; example = "https://10.0.0.10:6443"; default = ""; }; + clusterInit = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Initialize HA cluster using an embedded etcd datastore. + + If this option is `false` and `role` is `server` + + On a server that was using the default embedded sqlite backend, + enabling this option will migrate to an embedded etcd DB. + + If an HA cluster using the embedded etcd datastore was already initialized, + this option has no effect. + + This option only makes sense in a server that is not connecting to another server. + + If you are configuring an HA cluster with an embedded etcd, + the 1st server must have `clusterInit = true` + and other servers must connect to it using `serverAddr`. + ''; + }; + token = mkOption { type = types.str; description = lib.mdDoc '' - The k3s token to use when connecting to the server. This option only makes sense for an agent. + The k3s token to use when connecting to a server. + WARNING: This option will expose store your token unencrypted world-readable in the nix store. If this is undesired use the tokenFile option instead. ''; @@ -50,7 +89,7 @@ in tokenFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "File path containing k3s token to use when connecting to the server. This option only makes sense for an agent."; + description = lib.mdDoc "File path containing k3s token to use when connecting to the server."; default = null; }; @@ -86,6 +125,14 @@ in assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != ""; message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'"; } + { + assertion = cfg.role == "agent" -> !cfg.disableAgent; + message = "disableAgent must be false if role is 'agent'"; + } + { + assertion = cfg.role == "agent" -> !cfg.clusterInit; + message = "clusterInit must be false if role is 'agent'"; + } ]; environment.systemPackages = [ config.services.k3s.package ]; @@ -111,6 +158,7 @@ in [ "${cfg.package}/bin/k3s ${cfg.role}" ] + ++ (optional cfg.clusterInit "--cluster-init") ++ (optional cfg.disableAgent "--disable-agent") ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") ++ (optional (cfg.token != "") "--token ${cfg.token}") diff --git a/nixos/modules/services/networking/kea.nix b/nixos/modules/services/networking/kea.nix index 8a98c0ceafc69..f39b149dd609f 100644 --- a/nixos/modules/services/networking/kea.nix +++ b/nixos/modules/services/networking/kea.nix @@ -298,7 +298,7 @@ in ]; serviceConfig = { - ExecStart = "${package}/bin/kea-ctrl-agent -c /etc/kea/ctrl-agent.conf ${lib.escapeShellArgs cfg.dhcp4.extraArgs}"; + ExecStart = "${package}/bin/kea-ctrl-agent -c /etc/kea/ctrl-agent.conf ${lib.escapeShellArgs cfg.ctrl-agent.extraArgs}"; KillMode = "process"; Restart = "on-failure"; } // commonServiceConfig; diff --git a/nixos/modules/services/networking/keepalived/default.nix b/nixos/modules/services/networking/keepalived/default.nix index 768c8e4b13c73..1ab25c8799164 100644 --- a/nixos/modules/services/networking/keepalived/default.nix +++ b/nixos/modules/services/networking/keepalived/default.nix @@ -264,6 +264,19 @@ in ''; }; + secretFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/keepalived.env"; + description = '' + Environment variables from this file will be interpolated into the + final config file using envsubst with this syntax: <literal>$ENVIRONMENT</literal> + or <literal>''${VARIABLE}</literal>. + The file should contain lines formatted as <literal>SECRET_VAR=SECRET_VALUE</literal>. + This is useful to avoid putting secrets into the nix store. + ''; + }; + }; }; @@ -282,7 +295,9 @@ in }; }; - systemd.services.keepalived = { + systemd.services.keepalived = let + finalConfigFile = if cfg.secretFile == null then keepalivedConf else "/run/keepalived/keepalived.conf"; + in { description = "Keepalive Daemon (LVS and VRRP)"; after = [ "network.target" "network-online.target" "syslog.target" ]; wants = [ "network-online.target" ]; @@ -290,8 +305,15 @@ in Type = "forking"; PIDFile = pidFile; KillMode = "process"; + RuntimeDirectory = "keepalived"; + EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile; + ExecStartPre = lib.optional (cfg.secretFile != null) + (pkgs.writeShellScript "keepalived-pre-start" '' + umask 077 + ${pkgs.envsubst}/bin/envsubst -i "${keepalivedConf}" > ${finalConfigFile} + ''); ExecStart = "${pkgs.keepalived}/sbin/keepalived" - + " -f ${keepalivedConf}" + + " -f ${finalConfigFile}" + " -p ${pidFile}" + optionalString cfg.snmp.enable " --snmp"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index e594d0083d4f1..214b6c6a787a5 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -192,7 +192,10 @@ in ExecStart = "${cfg.package}/bin/searx-run"; } // optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = builtins.toPath cfg.environmentFile; }; - environment.SEARX_SETTINGS_PATH = cfg.settingsFile; + environment = { + SEARX_SETTINGS_PATH = cfg.settingsFile; + SEARXNG_SETTINGS_PATH = cfg.settingsFile; + }; }; systemd.services.uwsgi = mkIf (cfg.runInUwsgi) diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 26641618fb438..0b6b4bf9e5c7b 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -268,10 +268,10 @@ in { { versioning = { type = "staggered"; + fsPath = "/syncthing/backup"; params = { cleanInterval = "3600"; maxAge = "31536000"; - versionsPath = "/syncthing/backup"; }; }; } @@ -296,6 +296,14 @@ in { See <https://docs.syncthing.net/users/versioning.html>. ''; }; + fsPath = mkOption { + default = ""; + type = either str path; + description = mdDoc '' + Path to the versioning folder. + See <https://docs.syncthing.net/users/versioning.html>. + ''; + }; params = mkOption { type = attrsOf (either str path); description = mdDoc '' diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix index 0df0e5d211bb8..7e4863dd871ec 100644 --- a/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixos/modules/services/security/vaultwarden/default.nix @@ -196,6 +196,7 @@ in { ProtectSystem = "strict"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; StateDirectory = "bitwarden_rs"; + StateDirectoryMode = "0700"; }; wantedBy = [ "multi-user.target" ]; }; diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 301efe7e5d94f..da53d4ea76f40 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -25,6 +25,7 @@ let catAttrs collect splitString + hasPrefix ; inherit (builtins) @@ -312,8 +313,9 @@ in http-relative-path = mkOption { type = str; - default = ""; + default = "/"; example = "/auth"; + apply = x: if !(hasPrefix "/") x then "/" + x else x; description = lib.mdDoc '' The path relative to `/` for serving resources. @@ -636,7 +638,7 @@ in '' + '' export KEYCLOAK_ADMIN=admin export KEYCLOAK_ADMIN_PASSWORD=${cfg.initialAdminPassword} - kc.sh start + kc.sh start --optimized ''; }; diff --git a/nixos/modules/services/web-apps/writefreely.nix b/nixos/modules/services/web-apps/writefreely.nix new file mode 100644 index 0000000000000..c363760d5c2d4 --- /dev/null +++ b/nixos/modules/services/web-apps/writefreely.nix @@ -0,0 +1,485 @@ +{ config, lib, pkgs, ... }: + +let + inherit (builtins) toString; + inherit (lib) types mkIf mkOption mkDefault; + inherit (lib) optional optionals optionalAttrs optionalString; + + inherit (pkgs) sqlite; + + format = pkgs.formats.ini { + mkKeyValue = key: value: + let + value' = if builtins.isNull value then + "" + else if builtins.isBool value then + if value == true then "true" else "false" + else + toString value; + in "${key} = ${value'}"; + }; + + cfg = config.services.writefreely; + + isSqlite = cfg.database.type == "sqlite3"; + isMysql = cfg.database.type == "mysql"; + isMysqlLocal = isMysql && cfg.database.createLocally == true; + + hostProtocol = if cfg.acme.enable then "https" else "http"; + + settings = cfg.settings // { + app = cfg.settings.app or { } // { + host = cfg.settings.app.host or "${hostProtocol}://${cfg.host}"; + }; + + database = if cfg.database.type == "sqlite3" then { + type = "sqlite3"; + filename = cfg.settings.database.filename or "writefreely.db"; + database = cfg.database.name; + } else { + type = "mysql"; + username = cfg.database.user; + password = "#dbpass#"; + database = cfg.database.name; + host = cfg.database.host; + port = cfg.database.port; + tls = cfg.database.tls; + }; + + server = cfg.settings.server or { } // { + bind = cfg.settings.server.bind or "localhost"; + gopher_port = cfg.settings.server.gopher_port or 0; + autocert = !cfg.nginx.enable && cfg.acme.enable; + templates_parent_dir = + cfg.settings.server.templates_parent_dir or cfg.package.src; + static_parent_dir = cfg.settings.server.static_parent_dir or assets; + pages_parent_dir = + cfg.settings.server.pages_parent_dir or cfg.package.src; + keys_parent_dir = cfg.settings.server.keys_parent_dir or cfg.stateDir; + }; + }; + + configFile = format.generate "config.ini" settings; + + assets = pkgs.stdenvNoCC.mkDerivation { + pname = "writefreely-assets"; + + inherit (cfg.package) version src; + + nativeBuildInputs = with pkgs.nodePackages; [ less ]; + + buildPhase = '' + mkdir -p $out + + cp -r static $out/ + ''; + + installPhase = '' + less_dir=$src/less + css_dir=$out/static/css + + lessc $less_dir/app.less $css_dir/write.css + lessc $less_dir/fonts.less $css_dir/fonts.css + lessc $less_dir/icons.less $css_dir/icons.css + lessc $less_dir/prose.less $css_dir/prose.css + ''; + }; + + withConfigFile = text: '' + db_pass=${ + optionalString (cfg.database.passwordFile != null) + "$(head -n1 ${cfg.database.passwordFile})" + } + + cp -f ${configFile} '${cfg.stateDir}/config.ini' + sed -e "s,#dbpass#,$db_pass,g" -i '${cfg.stateDir}/config.ini' + chmod 440 '${cfg.stateDir}/config.ini' + + ${text} + ''; + + withMysql = text: + withConfigFile '' + query () { + local result=$(${config.services.mysql.package}/bin/mysql \ + --user=${cfg.database.user} \ + --password=$db_pass \ + --database=${cfg.database.name} \ + --silent \ + --raw \ + --skip-column-names \ + --execute "$1" \ + ) + + echo $result + } + + ${text} + ''; + + withSqlite = text: + withConfigFile '' + query () { + local result=$(${sqlite}/bin/sqlite3 \ + '${cfg.stateDir}/${settings.database.filename}' + "$1" \ + ) + + echo $result + } + + ${text} + ''; +in { + options.services.writefreely = { + enable = + lib.mkEnableOption "Writefreely, build a digital writing community"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.writefreely; + defaultText = lib.literalExpression "pkgs.writefreely"; + description = "Writefreely package to use."; + }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/writefreely"; + description = "The state directory where keys and data are stored."; + }; + + user = mkOption { + type = types.str; + default = "writefreely"; + description = "User under which Writefreely is ran."; + }; + + group = mkOption { + type = types.str; + default = "writefreely"; + description = "Group under which Writefreely is ran."; + }; + + host = mkOption { + type = types.str; + default = ""; + description = "The public host name to serve."; + example = "example.com"; + }; + + settings = mkOption { + default = { }; + description = '' + Writefreely configuration (<filename>config.ini</filename>). Refer to + <link xlink:href="https://writefreely.org/docs/latest/admin/config" /> + for details. + ''; + + type = types.submodule { + freeformType = format.type; + + options = { + app = { + theme = mkOption { + type = types.str; + default = "write"; + description = "The theme to apply."; + }; + }; + + server = { + port = mkOption { + type = types.port; + default = if cfg.nginx.enable then 18080 else 80; + defaultText = "80"; + description = "The port WriteFreely should listen on."; + }; + }; + }; + }; + }; + + database = { + type = mkOption { + type = types.enum [ "sqlite3" "mysql" ]; + default = "sqlite3"; + description = "The database provider to use."; + }; + + name = mkOption { + type = types.str; + default = "writefreely"; + description = "The name of the database to store data in."; + }; + + user = mkOption { + type = types.nullOr types.str; + default = if cfg.database.type == "mysql" then "writefreely" else null; + defaultText = "writefreely"; + description = "The database user to connect as."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "The file to load the database password from."; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "The database host to connect to."; + }; + + port = mkOption { + type = types.port; + default = 3306; + description = "The port used when connecting to the database host."; + }; + + tls = mkOption { + type = types.bool; + default = false; + description = + "Whether or not TLS should be used for the database connection."; + }; + + migrate = mkOption { + type = types.bool; + default = true; + description = + "Whether or not to automatically run migrations on startup."; + }; + + createLocally = mkOption { + type = types.bool; + default = false; + description = '' + When <option>services.writefreely.database.type</option> is set to + <code>"mysql"</code>, this option will enable the MySQL service locally. + ''; + }; + }; + + admin = { + name = mkOption { + type = types.nullOr types.str; + description = "The name of the first admin user."; + default = null; + }; + + initialPasswordFile = mkOption { + type = types.path; + description = '' + Path to a file containing the initial password for the admin user. + If not provided, the default password will be set to <code>nixos</code>. + ''; + default = pkgs.writeText "default-admin-pass" "nixos"; + defaultText = "/nix/store/xxx-default-admin-pass"; + }; + }; + + nginx = { + enable = mkOption { + type = types.bool; + default = false; + description = + "Whether or not to enable and configure nginx as a proxy for WriteFreely."; + }; + + forceSSL = mkOption { + type = types.bool; + default = false; + description = "Whether or not to force the use of SSL."; + }; + }; + + acme = { + enable = mkOption { + type = types.bool; + default = false; + description = + "Whether or not to automatically fetch and configure SSL certs."; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.host != ""; + message = "services.writefreely.host must be set"; + } + { + assertion = isMysqlLocal -> cfg.database.passwordFile != null; + message = + "services.writefreely.database.passwordFile must be set if services.writefreely.database.createLocally is set to true"; + } + { + assertion = isSqlite -> !cfg.database.createLocally; + message = + "services.writefreely.database.createLocally has no use when services.writefreely.database.type is set to sqlite3"; + } + ]; + + users = { + users = optionalAttrs (cfg.user == "writefreely") { + writefreely = { + group = cfg.group; + home = cfg.stateDir; + isSystemUser = true; + }; + }; + + groups = + optionalAttrs (cfg.group == "writefreely") { writefreely = { }; }; + }; + + systemd.tmpfiles.rules = + [ "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" ]; + + systemd.services.writefreely = { + after = [ "network.target" ] + ++ optional isSqlite "writefreely-sqlite-init.service" + ++ optional isMysql "writefreely-mysql-init.service" + ++ optional isMysqlLocal "mysql.service"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.stateDir; + Restart = "always"; + RestartSec = 20; + ExecStart = + "${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' serve"; + AmbientCapabilities = + optionalString (settings.server.port < 1024) "cap_net_bind_service"; + }; + + preStart = '' + if ! test -d "${cfg.stateDir}/keys"; then + mkdir -p ${cfg.stateDir}/keys + + # Key files end up with the wrong permissions by default. + # We need to correct them so that Writefreely can read them. + chmod -R 750 "${cfg.stateDir}/keys" + + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' keys generate + fi + ''; + }; + + systemd.services.writefreely-sqlite-init = mkIf isSqlite { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.stateDir; + ReadOnlyPaths = optional (cfg.admin.initialPasswordFile != null) + cfg.admin.initialPasswordFile; + }; + + script = let + migrateDatabase = optionalString cfg.database.migrate '' + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db migrate + ''; + + createAdmin = optionalString (cfg.admin.name != null) '' + if [[ $(query "SELECT COUNT(*) FROM users") == 0 ]]; then + admin_pass=$(head -n1 ${cfg.admin.initialPasswordFile}) + + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' --create-admin ${cfg.admin.name}:$admin_pass + fi + ''; + in withSqlite '' + if ! test -f '${settings.database.filename}'; then + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db init + fi + + ${migrateDatabase} + + ${createAdmin} + ''; + }; + + systemd.services.writefreely-mysql-init = mkIf isMysql { + wantedBy = [ "multi-user.target" ]; + after = optional isMysqlLocal "mysql.service"; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.stateDir; + ReadOnlyPaths = optional isMysqlLocal cfg.database.passwordFile + ++ optional (cfg.admin.initialPasswordFile != null) + cfg.admin.initialPasswordFile; + }; + + script = let + updateUser = optionalString isMysqlLocal '' + # WriteFreely currently *requires* a password for authentication, so we + # need to update the user in MySQL accordingly. By default MySQL users + # authenticate with auth_socket or unix_socket. + # See: https://github.com/writefreely/writefreely/issues/568 + ${config.services.mysql.package}/bin/mysql --skip-column-names --execute "ALTER USER '${cfg.database.user}'@'localhost' IDENTIFIED VIA unix_socket OR mysql_native_password USING PASSWORD('$db_pass'); FLUSH PRIVILEGES;" + ''; + + migrateDatabase = optionalString cfg.database.migrate '' + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db migrate + ''; + + createAdmin = optionalString (cfg.admin.name != null) '' + if [[ $(query 'SELECT COUNT(*) FROM users') == 0 ]]; then + admin_pass=$(head -n1 ${cfg.admin.initialPasswordFile}) + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' --create-admin ${cfg.admin.name}:$admin_pass + fi + ''; + in withMysql '' + ${updateUser} + + if [[ $(query "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = '${cfg.database.name}'") == 0 ]]; then + ${cfg.package}/bin/writefreely -c '${cfg.stateDir}/config.ini' db init + fi + + ${migrateDatabase} + + ${createAdmin} + ''; + }; + + services.mysql = mkIf isMysqlLocal { + enable = true; + package = mkDefault pkgs.mariadb; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [{ + name = cfg.database.user; + ensurePermissions = { + "${cfg.database.name}.*" = "ALL PRIVILEGES"; + # WriteFreely requires the use of passwords, so we need permissions + # to `ALTER` the user to add password support and also to reload + # permissions so they can be used. + "*.*" = "CREATE USER, RELOAD"; + }; + }]; + }; + + services.nginx = lib.mkIf cfg.nginx.enable { + enable = true; + recommendedProxySettings = true; + + virtualHosts."${cfg.host}" = { + enableACME = cfg.acme.enable; + forceSSL = cfg.nginx.forceSSL; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString settings.server.port}"; + }; + }; + }; + }; +} diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 1d557fb5f33da..b0508c3b4f793 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -311,7 +311,6 @@ in home = "/var/lib/lightdm"; group = "lightdm"; uid = config.ids.uids.lightdm; - shell = pkgs.bash; }; systemd.tmpfiles.rules = [ diff --git a/nixos/modules/services/x11/window-managers/awesome.nix b/nixos/modules/services/x11/window-managers/awesome.nix index 5bb74fd159103..c1231d3fbf380 100644 --- a/nixos/modules/services/x11/window-managers/awesome.nix +++ b/nixos/modules/services/x11/window-managers/awesome.nix @@ -6,7 +6,7 @@ let cfg = config.services.xserver.windowManager.awesome; awesome = cfg.package; - getLuaPath = lib : dir : "${lib}/${dir}/lua/${pkgs.luaPackages.lua.luaversion}"; + getLuaPath = lib: dir: "${lib}/${dir}/lua/${awesome.lua.luaversion}"; makeSearchPath = lib.concatMapStrings (path: " --search " + (getLuaPath path "share") + " --search " + (getLuaPath path "lib") |