diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-01-09 12:01:24 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-09 12:01:24 +0000 |
| commit | e4fc9a910a15ce7c5b51b4e28d304dd985eceeb3 (patch) | |
| tree | 4b3653d78b874aa712b2459acaa8956c1cb31042 /nixos | |
| parent | 99dd0da8dc6177990d4d2c149baf92f7fed49703 (diff) | |
| parent | aa3dc8b8c316e2f9d6dc6b4659ce9fb90fccca28 (diff) | |
Merge master into staging-next
Diffstat (limited to 'nixos')
| -rwxr-xr-x | nixos/doc/manual/md-to-db.sh | 4 | ||||
| -rw-r--r-- | nixos/lib/make-options-doc/default.nix | 3 | ||||
| -rw-r--r-- | nixos/lib/make-options-doc/mergeJSON.py | 10 | ||||
| -rw-r--r-- | nixos/lib/systemd-unit-options.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/backup/restic.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/kresd.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 19 | ||||
| -rw-r--r-- | nixos/modules/system/boot/systemd/user.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/system/etc/setup-etc.pl | 23 |
9 files changed, 49 insertions, 24 deletions
diff --git a/nixos/doc/manual/md-to-db.sh b/nixos/doc/manual/md-to-db.sh index 6eca9f3b2c3d8..4698e94f508b3 100755 --- a/nixos/doc/manual/md-to-db.sh +++ b/nixos/doc/manual/md-to-db.sh @@ -8,6 +8,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" pushd "$DIR" +link_manpages_filter=$(nix-build --no-out-link "$DIR/../../../doc/build-aux/pandoc-filters/link-manpages.nix") + # NOTE: Keep in sync with Nixpkgs manual (/doc/Makefile). # TODO: Remove raw-attribute when we can get rid of DocBook altogether. pandoc_commonmark_enabled_extensions=+attributes+fenced_divs+footnotes+bracketed_spans+definition_lists+pipe_tables+raw_attribute @@ -17,7 +19,7 @@ pandoc_flags=( # - media extraction (was only required for diagram generator) # - docbook-reader/citerefentry-to-rst-role.lua (only relevant for DocBook → MarkDown/rST/MyST) "--lua-filter=$DIR/../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua" - "--lua-filter=$DIR/../../../doc/build-aux/pandoc-filters/link-unix-man-references.lua" + "--lua-filter=$link_manpages_filter" "--lua-filter=$DIR/../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua" "--lua-filter=$DIR/../../../doc/build-aux/pandoc-filters/docbook-writer/html-elements.lua" "--lua-filter=$DIR/../../../doc/build-aux/pandoc-filters/docbook-writer/labelless-link-is-xref.lua" diff --git a/nixos/lib/make-options-doc/default.nix b/nixos/lib/make-options-doc/default.nix index a3436caad8f98..e2ed7bb71885b 100644 --- a/nixos/lib/make-options-doc/default.nix +++ b/nixos/lib/make-options-doc/default.nix @@ -41,6 +41,7 @@ # characteristics but (hopefully) indistinguishable output. , allowDocBook ? true # whether lib.mdDoc is required for descriptions to be read as markdown. +# !!! when this is eventually flipped to true, `lib.doRename` should also default to emitting Markdown , markdownByDefault ? false }: @@ -130,6 +131,8 @@ in rec { if baseOptionsJSON == null then builtins.toFile "base.json" "{}" else baseOptionsJSON; + + MANPAGE_URLS = pkgs.path + "/doc/manpage-urls.json"; } '' # Export list of options in different format. diff --git a/nixos/lib/make-options-doc/mergeJSON.py b/nixos/lib/make-options-doc/mergeJSON.py index 7b14af40c313b..c4f490fc2ad87 100644 --- a/nixos/lib/make-options-doc/mergeJSON.py +++ b/nixos/lib/make-options-doc/mergeJSON.py @@ -1,5 +1,6 @@ import collections import json +import os import sys from typing import Any, Dict, List @@ -46,6 +47,8 @@ def unpivot(options: Dict[Key, Option]) -> Dict[str, JSON]: result[opt.name] = opt.value return result +manpage_urls = json.load(open(os.getenv('MANPAGE_URLS'))) + admonitions = { '.warning': 'warning', '.important': 'important', @@ -119,9 +122,14 @@ class Renderer(mistune.renderers.BaseRenderer): def env(self, text): return f"<envar>{escape(text)}</envar>" def manpage(self, page, section): + man = f"{page}({section})" title = f"<refentrytitle>{escape(page)}</refentrytitle>" vol = f"<manvolnum>{escape(section)}</manvolnum>" - return f"<citerefentry>{title}{vol}</citerefentry>" + ref = f"<citerefentry>{title}{vol}</citerefentry>" + if man in manpage_urls: + return self.link(manpage_urls[man], text=ref) + else: + return ref def finalize(self, data): return "".join(data) diff --git a/nixos/lib/systemd-unit-options.nix b/nixos/lib/systemd-unit-options.nix index 9c7cb34f14b57..6c53c5e0533d7 100644 --- a/nixos/lib/systemd-unit-options.nix +++ b/nixos/lib/systemd-unit-options.nix @@ -60,7 +60,7 @@ in rec { `asDropin` creates a drop-in file named `overrides.conf`. Mainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`). - See also systemd.unit(1). + See also {manpage}`systemd.unit(5)`. ''; }; @@ -86,7 +86,7 @@ in rec { This option creates a `.wants` symlink in the given target that exists statelessly without the need for running `systemctl enable`. - The in systemd.unit(5) manpage described `[Install]` section however is + The `[Install]` section described in {manpage}`systemd.unit(5)` however is not supported because it is a stateful process that does not fit well into the NixOS design. ''; diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 869ed5d9976c3..0d21b1e8d66a8 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -132,7 +132,7 @@ in OnCalendar = "daily"; }; description = lib.mdDoc '' - When to run the backup. See man systemd.timer for details. + When to run the backup. See {manpage}`systemd.timer(5)` for details. ''; example = { OnCalendar = "00:05"; diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index 55af6abd5e010..3ad757133a606 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -79,7 +79,7 @@ in { example = [ "53" ]; description = lib.mdDoc '' What addresses and ports the server should listen on. - For detailed syntax see ListenStream in man systemd.socket. + For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; }; listenTLS = mkOption { @@ -88,7 +88,7 @@ in { example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ]; description = lib.mdDoc '' Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858). - For detailed syntax see ListenStream in man systemd.socket. + For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; }; listenDoH = mkOption { @@ -97,7 +97,7 @@ in { example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ]; description = lib.mdDoc '' Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484). - For detailed syntax see ListenStream in man systemd.socket. + For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; }; instances = mkOption { diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index 3b124a4f0e088..8d923187941ce 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -62,11 +62,10 @@ in }; packageFirewall = mkOption { - default = pkgs.iptables; - defaultText = literalExpression "pkgs.iptables"; + default = config.networking.firewall.package; + defaultText = literalExpression "config.networking.firewall.package"; type = types.package; - example = literalExpression "pkgs.nftables"; - description = lib.mdDoc "The firewall package used by fail2ban service."; + description = lib.mdDoc "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables)."; }; extraPackages = mkOption { @@ -86,24 +85,24 @@ in }; banaction = mkOption { - default = "iptables-multiport"; + default = if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport"; + defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport" ''; type = types.str; - example = "nftables-multiport"; description = lib.mdDoc '' Default banning action (e.g. iptables, iptables-new, iptables-multiport, - iptables-ipset-proto6-allports, shorewall, etc) It is used to + iptables-ipset-proto6-allports, shorewall, etc). It is used to define action_* variables. Can be overridden globally or per section within jail.local file ''; }; banaction-allports = mkOption { - default = "iptables-allport"; + default = if config.networking.nftables.enable then "nftables-allport" else "iptables-allport"; + defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-allport" else "iptables-allport" ''; type = types.str; - example = "nftables-allport"; description = lib.mdDoc '' Default banning action (e.g. iptables, iptables-new, iptables-multiport, - shorewall, etc) It is used to define action_* variables. Can be overridden + shorewall, etc) for "allports" jails. It is used to define action_* variables. Can be overridden globally or per section within jail.local file ''; }; diff --git a/nixos/modules/system/boot/systemd/user.nix b/nixos/modules/system/boot/systemd/user.nix index 46d66fe4e688c..d14d0928c53e0 100644 --- a/nixos/modules/system/boot/systemd/user.nix +++ b/nixos/modules/system/boot/systemd/user.nix @@ -46,7 +46,7 @@ in { type = types.lines; example = "DefaultCPUAccounting=yes"; description = lib.mdDoc '' - Extra config options for systemd user instances. See man systemd-user.conf for + Extra config options for systemd user instances. See {manpage}`systemd-user.conf(5)` for available options. ''; }; diff --git a/nixos/modules/system/etc/setup-etc.pl b/nixos/modules/system/etc/setup-etc.pl index a048261a3df11..ea0a383081721 100644 --- a/nixos/modules/system/etc/setup-etc.pl +++ b/nixos/modules/system/etc/setup-etc.pl @@ -13,8 +13,12 @@ sub atomicSymlink { my $tmp = "$target.tmp"; unlink $tmp; symlink $source, $tmp or return 0; - rename $tmp, $target or return 0; - return 1; + if (rename $tmp, $target) { + return 1; + } else { + unlink $tmp; + return 0; + } } @@ -87,6 +91,12 @@ my @copied; sub link { my $fn = substr $File::Find::name, length($etc) + 1 or next; + + # nixos-enter sets up /etc/resolv.conf as a bind mount, so skip it. + if ($fn eq "resolv.conf" and $ENV{'IN_NIXOS_ENTER'}) { + return; + } + my $target = "/etc/$fn"; File::Path::make_path(dirname $target); $created{$fn} = 1; @@ -103,7 +113,7 @@ sub link { if (-e "$_.mode") { my $mode = read_file("$_.mode"); chomp $mode; if ($mode eq "direct-symlink") { - atomicSymlink readlink("$static/$fn"), $target or warn; + atomicSymlink readlink("$static/$fn"), $target or warn "could not create symlink $target"; } else { my $uid = read_file("$_.uid"); chomp $uid; my $gid = read_file("$_.gid"); chomp $gid; @@ -112,12 +122,15 @@ sub link { $gid = getgrnam $gid unless $gid =~ /^\+/; chown int($uid), int($gid), "$target.tmp" or warn; chmod oct($mode), "$target.tmp" or warn; - rename "$target.tmp", $target or warn; + unless (rename "$target.tmp", $target) { + warn "could not create target $target"; + unlink "$target.tmp"; + } } push @copied, $fn; print CLEAN "$fn\n"; } elsif (-l "$_") { - atomicSymlink "$static/$fn", $target or warn; + atomicSymlink "$static/$fn", $target or warn "could not create symlink $target"; } } |