diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-10-08 12:02:12 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-08 12:02:12 +0000 |
commit | cdfb8a30a44056abfab2d5b2ec7b105c5e24226d (patch) | |
tree | 4a117140b51b0a57d951dd3ee3ea28c8b3d5f64b /nixos | |
parent | 7d7030c6d5f2ed10d9ddd91199dd09b94ce5d003 (diff) | |
parent | 1b60238acd96038c0a52ee73c012194d506eb432 (diff) |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme/doc.xml | 11 | ||||
-rw-r--r-- | nixos/modules/services/hardware/fwupd.nix | 37 | ||||
-rw-r--r-- | nixos/modules/services/hardware/udev.nix | 6 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/jfs.nix | 2 |
4 files changed, 37 insertions, 19 deletions
diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index 4817f7a7fc6bf..1439594a5aca6 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -237,8 +237,8 @@ services.bind = { <programlisting> systemd.services.dns-rfc2136-conf = { - requiredBy = ["acme-example.com.service", "bind.service"]; - before = ["acme-example.com.service", "bind.service"]; + requiredBy = ["acme-example.com.service" "bind.service"]; + before = ["acme-example.com.service" "bind.service"]; unitConfig = { ConditionPathExists = "!/var/lib/secrets/dnskeys.conf"; }; @@ -249,18 +249,19 @@ systemd.services.dns-rfc2136-conf = { path = [ pkgs.bind ]; script = '' mkdir -p /var/lib/secrets + chmod 755 /var/lib/secrets tsig-keygen rfc2136key.example.com > /var/lib/secrets/dnskeys.conf chown named:root /var/lib/secrets/dnskeys.conf chmod 400 /var/lib/secrets/dnskeys.conf - # Copy the secret value from the dnskeys.conf, and put it in - # RFC2136_TSIG_SECRET below + # extract secret value from the dnskeys.conf + while read x y; do if [ "$x" = "secret" ]; then secret="''${y:1:''${#y}-3}"; fi; done < /var/lib/secrets/dnskeys.conf cat > /var/lib/secrets/certs.secret << EOF RFC2136_NAMESERVER='127.0.0.1:53' RFC2136_TSIG_ALGORITHM='hmac-sha256.' RFC2136_TSIG_KEY='rfc2136key.example.com' - RFC2136_TSIG_SECRET='your secret key' + RFC2136_TSIG_SECRET='$secret' EOF chmod 400 /var/lib/secrets/certs.secret ''; diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index 2249f866803ae..1be2d49f9708f 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -33,18 +33,26 @@ let mkEtcFile = p: nameValuePair (mkName p) { source = p; }; in listToAttrs (map mkEtcFile cfg.extraTrustedKeys); - # We cannot include the file in $out and rely on filesInstalledToEtc - # to install it because it would create a cyclic dependency between - # the outputs. We also need to enable the remote, - # which should not be done by default. - testRemote = if cfg.enableTestRemote then { - "fwupd/remotes.d/fwupd-tests.conf" = { - source = pkgs.runCommand "fwupd-tests-enabled.conf" {} '' + enableRemote = base: remote: { + "fwupd/remotes.d/${remote}.conf" = { + source = pkgs.runCommand "${remote}-enabled.conf" {} '' sed "s,^Enabled=false,Enabled=true," \ - "${cfg.package.installedTests}/etc/fwupd/remotes.d/fwupd-tests.conf" > "$out" + "${base}/etc/fwupd/remotes.d/${remote}.conf" > "$out" ''; }; - } else {}; + }; + remotes = (foldl' + (configFiles: remote: configFiles // (enableRemote cfg.package remote)) + {} + cfg.extraRemotes + ) // ( + # We cannot include the file in $out and rely on filesInstalledToEtc + # to install it because it would create a cyclic dependency between + # the outputs. We also need to enable the remote, + # which should not be done by default. + mkIf cfg.enableTestRemote (enableRemote cfg.package.installedTests "fwupd-tests") + ); + in { ###### interface @@ -86,6 +94,15 @@ in { ''; }; + extraRemotes = mkOption { + type = with types; listOf str; + default = []; + example = [ "lvfs-testing" ]; + description = lib.mdDoc '' + Enables extra remotes in fwupd. See `/etc/fwupd/remotes.d`. + ''; + }; + enableTestRemote = mkOption { type = types.bool; default = false; @@ -119,7 +136,7 @@ in { environment.systemPackages = [ cfg.package ]; # customEtc overrides some files from the package - environment.etc = originalEtc // customEtc // extraTrustedKeys // testRemote; + environment.etc = originalEtc // customEtc // extraTrustedKeys // remotes; services.dbus.packages = [ cfg.package ]; diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index fa9d06b441afb..4b962da0c037d 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -171,10 +171,10 @@ let mv etc/udev/hwdb.bin $out ''; - compressFirmware = if config.boot.kernelPackages.kernelAtLeast "5.3" then - pkgs.compressFirmwareXz + compressFirmware = firmware: if (config.boot.kernelPackages.kernelAtLeast "5.3" && (firmware.compressFirmware or true)) then + pkgs.compressFirmwareXz firmware else - id; + id firmware; # Udev has a 512-character limit for ENV{PATH}, so create a symlink # tree to work around this. diff --git a/nixos/modules/tasks/filesystems/jfs.nix b/nixos/modules/tasks/filesystems/jfs.nix index 700f05af2bec4..6d80c4c657da6 100644 --- a/nixos/modules/tasks/filesystems/jfs.nix +++ b/nixos/modules/tasks/filesystems/jfs.nix @@ -12,7 +12,7 @@ in boot.initrd.kernelModules = mkIf inInitrd [ "jfs" ]; - boot.initrd.extraUtilsCommands = mkIf (inInitrd && !boot.initrd.systemd.enable) '' + boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${pkgs.jfsutils}/sbin/fsck.jfs ''; }; |