diff options
Diffstat (limited to 'nixos/modules/config')
-rw-r--r-- | nixos/modules/config/fonts/ghostscript.nix | 2 | ||||
-rw-r--r-- | nixos/modules/config/ldap.nix | 36 | ||||
-rw-r--r-- | nixos/modules/config/nix-channel.nix | 6 | ||||
-rw-r--r-- | nixos/modules/config/nix-channel/activation-check.sh | 21 | ||||
-rw-r--r-- | nixos/modules/config/nix-channel/test.nix | 19 | ||||
-rw-r--r-- | nixos/modules/config/nix.nix | 2 | ||||
-rw-r--r-- | nixos/modules/config/no-x-libs.nix | 1 | ||||
-rw-r--r-- | nixos/modules/config/pulseaudio.nix | 10 | ||||
-rw-r--r-- | nixos/modules/config/shells-environment.nix | 6 | ||||
-rw-r--r-- | nixos/modules/config/stevenblack.nix | 49 | ||||
-rw-r--r-- | nixos/modules/config/swap.nix | 45 | ||||
-rw-r--r-- | nixos/modules/config/system-path.nix | 2 | ||||
-rw-r--r-- | nixos/modules/config/update-users-groups.pl | 2 | ||||
-rw-r--r-- | nixos/modules/config/users-groups.nix | 61 | ||||
-rw-r--r-- | nixos/modules/config/xdg/portal.nix | 27 |
15 files changed, 175 insertions, 114 deletions
diff --git a/nixos/modules/config/fonts/ghostscript.nix b/nixos/modules/config/fonts/ghostscript.nix index a5508b948990c..5db7c0ac71799 100644 --- a/nixos/modules/config/fonts/ghostscript.nix +++ b/nixos/modules/config/fonts/ghostscript.nix @@ -18,6 +18,6 @@ with lib; }; config = mkIf config.fonts.enableGhostscriptFonts { - fonts.packages = [ "${pkgs.ghostscript}/share/ghostscript/fonts" ]; + fonts.packages = [ pkgs.ghostscript.fonts ]; }; } diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix index 7f79db8d0a60d..fd26750c273bc 100644 --- a/nixos/modules/config/ldap.nix +++ b/nixos/modules/config/ldap.nix @@ -1,9 +1,7 @@ { config, lib, pkgs, ... }: -with pkgs; -with lib; - let + inherit (lib) mkEnableOption mkIf mkMerge mkOption mkRenamedOptionModule types; cfg = config.users.ldap; @@ -11,40 +9,40 @@ let # this file. Directives HAVE to start in the first column! ldapConfig = { target = "ldap.conf"; - source = writeText "ldap.conf" '' + source = pkgs.writeText "ldap.conf" '' uri ${config.users.ldap.server} base ${config.users.ldap.base} timelimit ${toString config.users.ldap.timeLimit} bind_timelimit ${toString config.users.ldap.bind.timeLimit} bind_policy ${config.users.ldap.bind.policy} - ${optionalString config.users.ldap.useTLS '' + ${lib.optionalString config.users.ldap.useTLS '' ssl start_tls ''} - ${optionalString (config.users.ldap.bind.distinguishedName != "") '' + ${lib.optionalString (config.users.ldap.bind.distinguishedName != "") '' binddn ${config.users.ldap.bind.distinguishedName} ''} - ${optionalString (cfg.extraConfig != "") cfg.extraConfig } + ${lib.optionalString (cfg.extraConfig != "") cfg.extraConfig } ''; }; - nslcdConfig = writeText "nslcd.conf" '' + nslcdConfig = pkgs.writeText "nslcd.conf" '' uri ${cfg.server} base ${cfg.base} timelimit ${toString cfg.timeLimit} bind_timelimit ${toString cfg.bind.timeLimit} - ${optionalString (cfg.bind.distinguishedName != "") + ${lib.optionalString (cfg.bind.distinguishedName != "") "binddn ${cfg.bind.distinguishedName}" } - ${optionalString (cfg.daemon.rootpwmoddn != "") + ${lib.optionalString (cfg.daemon.rootpwmoddn != "") "rootpwmoddn ${cfg.daemon.rootpwmoddn}" } - ${optionalString (cfg.daemon.extraConfig != "") cfg.daemon.extraConfig } + ${lib.optionalString (cfg.daemon.extraConfig != "") cfg.daemon.extraConfig } ''; # nslcd normally reads configuration from /etc/nslcd.conf. # this file might contain secrets. We append those at runtime, # so redirect its location to something more temporary. - nslcdWrapped = runCommand "nslcd-wrapped" { nativeBuildInputs = [ makeWrapper ]; } '' + nslcdWrapped = pkgs.runCommand "nslcd-wrapped" { nativeBuildInputs = [ pkgs.makeWrapper ]; } '' mkdir -p $out/bin - makeWrapper ${nss_pam_ldapd}/sbin/nslcd $out/bin/nslcd \ + makeWrapper ${pkgs.nss_pam_ldapd}/sbin/nslcd $out/bin/nslcd \ --set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \ --set NIX_REDIRECTS "/etc/nslcd.conf=/run/nslcd/nslcd.conf" ''; @@ -222,17 +220,17 @@ in config = mkIf cfg.enable { - environment.etc = optionalAttrs (!cfg.daemon.enable) { + environment.etc = lib.optionalAttrs (!cfg.daemon.enable) { "ldap.conf" = ldapConfig; }; - system.nssModules = mkIf cfg.nsswitch (singleton ( - if cfg.daemon.enable then nss_pam_ldapd else nss_ldap + system.nssModules = mkIf cfg.nsswitch (lib.singleton ( + if cfg.daemon.enable then pkgs.nss_pam_ldapd else pkgs.nss_ldap )); - system.nssDatabases.group = optional cfg.nsswitch "ldap"; - system.nssDatabases.passwd = optional cfg.nsswitch "ldap"; - system.nssDatabases.shadow = optional cfg.nsswitch "ldap"; + system.nssDatabases.group = lib.optional cfg.nsswitch "ldap"; + system.nssDatabases.passwd = lib.optional cfg.nsswitch "ldap"; + system.nssDatabases.shadow = lib.optional cfg.nsswitch "ldap"; users = mkIf cfg.daemon.enable { groups.nslcd = { diff --git a/nixos/modules/config/nix-channel.nix b/nixos/modules/config/nix-channel.nix index 6498ce6c469ca..2703a60f858fb 100644 --- a/nixos/modules/config/nix-channel.nix +++ b/nixos/modules/config/nix-channel.nix @@ -12,6 +12,7 @@ let mkDefault mkIf mkOption + stringAfter types ; @@ -94,10 +95,11 @@ in NIX_PATH = cfg.nixPath; }; - nix.settings.nix-path = mkIf (! cfg.channel.enable) (mkDefault ""); - systemd.tmpfiles.rules = lib.mkIf cfg.channel.enable [ ''f /root/.nix-channels - - - - ${config.system.defaultChannel} nixos\n'' ]; + + system.activationScripts.no-nix-channel = mkIf (!cfg.channel.enable) + (stringAfter [ "etc" "users" ] (builtins.readFile ./nix-channel/activation-check.sh)); }; } diff --git a/nixos/modules/config/nix-channel/activation-check.sh b/nixos/modules/config/nix-channel/activation-check.sh new file mode 100644 index 0000000000000..42b1b712d702b --- /dev/null +++ b/nixos/modules/config/nix-channel/activation-check.sh @@ -0,0 +1,21 @@ +# shellcheck shell=bash + +explainChannelWarning=0 +if [[ -e "/root/.nix-defexpr/channels" ]]; then + warn '/root/.nix-defexpr/channels exists, but channels have been disabled.' + explainChannelWarning=1 +fi +if [[ -e "/nix/var/nix/profiles/per-user/root/channels" ]]; then + warn "/nix/var/nix/profiles/per-user/root/channels exists, but channels have been disabled." + explainChannelWarning=1 +fi +while IFS=: read -r _ _ _ _ _ home _ ; do + if [[ -n "$home" && -e "$home/.nix-defexpr/channels" ]]; then + warn "$home/.nix-defexpr/channels exists, but channels have been disabled." 1>&2 + explainChannelWarning=1 + fi +done < <(getent passwd) +if [[ $explainChannelWarning -eq 1 ]]; then + echo "Due to https://github.com/NixOS/nix/issues/9574, Nix may still use these channels when NIX_PATH is unset." 1>&2 + echo "Delete the above directory or directories to prevent this." 1>&2 +fi diff --git a/nixos/modules/config/nix-channel/test.nix b/nixos/modules/config/nix-channel/test.nix new file mode 100644 index 0000000000000..4b00cf9db3c47 --- /dev/null +++ b/nixos/modules/config/nix-channel/test.nix @@ -0,0 +1,19 @@ +# Run: +# nix-build -A nixosTests.nix-channel +{ lib, testers }: +let + inherit (lib) fileset; + + runShellcheck = testers.shellcheck { + src = fileset.toSource { + root = ./.; + fileset = fileset.unions [ + ./activation-check.sh + ]; + }; + }; + +in +lib.recurseIntoAttrs { + inherit runShellcheck; +} diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index b5fe0a3bd1ce2..9505c60d4f630 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -302,7 +302,6 @@ in trusted-users = mkOption { type = types.listOf types.str; - default = [ "root" ]; example = [ "root" "alice" "@wheel" ]; description = '' A list of names of users that have additional rights when @@ -376,6 +375,7 @@ in environment.etc."nix/nix.conf".source = nixConf; nix.settings = { trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + trusted-users = [ "root" ]; substituters = mkAfter [ "https://cache.nixos.org/" ]; system-features = mkDefault ( [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 930e57dbde5bb..2448d08a23997 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -33,7 +33,6 @@ with lib; fastfetch = super.fastfetch.override { vulkanSupport = false; waylandSupport = false; x11Support = false; }; ffmpeg = super.ffmpeg.override { ffmpegVariant = "headless"; }; ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; }; - ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; }; ffmpeg_6 = super.ffmpeg_6.override { ffmpegVariant = "headless"; }; ffmpeg_7 = super.ffmpeg_7.override { ffmpegVariant = "headless"; }; # dep of graphviz, libXpm is optional for Xpm support diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index 7c3a284e8780c..27c164a9a6dc8 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -6,7 +6,6 @@ with lib; let cfg = config.hardware.pulseaudio; - alsaCfg = config.sound; hasZeroconf = let z = cfg.zeroconf; in z.publish.enable || z.discovery.enable; @@ -58,7 +57,7 @@ let # Write an /etc/asound.conf that causes all ALSA applications to # be re-routed to the PulseAudio server through ALSA's Pulse # plugin. - alsaConf = writeText "asound.conf" ('' + alsaConf = '' pcm_type.pulse { libs.native = ${pkgs.alsa-plugins}/lib/alsa-lib/libasound_module_pcm_pulse.so ; ${lib.optionalString enable32BitAlsaPlugins @@ -76,8 +75,7 @@ let ctl.!default { type pulse } - ${alsaCfg.extraConfig} - ''); + ''; in { @@ -221,10 +219,8 @@ in { environment.systemPackages = [ overriddenPackage ]; - sound.enable = true; - environment.etc = { - "asound.conf".source = alsaConf; + "alsa/conf.d/99-pulseaudio.conf".text = alsaConf; "pulse/daemon.conf".source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix index 2c19fb8a029d3..50796f8bc6f1e 100644 --- a/nixos/modules/config/shells-environment.nix +++ b/nixos/modules/config/shells-environment.nix @@ -42,8 +42,10 @@ in strings. The latter is concatenated, interspersed with colon characters. ''; - type = with types; attrsOf (oneOf [ (listOf (oneOf [ float int str ])) float int str path ]); - apply = mapAttrs (n: v: if isList v then concatMapStringsSep ":" toString v else toString v); + type = with types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]); + apply = let + toStr = v: if isPath v then "${v}" else toString v; + in mapAttrs (n: v: if isList v then concatMapStringsSep ":" toStr v else toStr v); }; environment.profiles = mkOption { diff --git a/nixos/modules/config/stevenblack.nix b/nixos/modules/config/stevenblack.nix index 5b85073c6908d..95f6c9e73eb3e 100644 --- a/nixos/modules/config/stevenblack.nix +++ b/nixos/modules/config/stevenblack.nix @@ -1,34 +1,49 @@ -{ config, lib, pkgs, ... }: - +{ + config, + lib, + pkgs, + ... +}: let - inherit (lib) optionals mkOption mkEnableOption types mkIf elem concatStringsSep maintainers; - cfg = config.networking.stevenblack; + inherit (lib) + getOutput + maintainers + mkEnableOption + mkIf + mkOption + mkPackageOption + types + ; - # needs to be in a specific order - activatedHosts = with cfg; [ ] - ++ optionals (elem "fakenews" block) [ "fakenews" ] - ++ optionals (elem "gambling" block) [ "gambling" ] - ++ optionals (elem "porn" block) [ "porn" ] - ++ optionals (elem "social" block) [ "social" ]; - - hostsPath = "${pkgs.stevenblack-blocklist}/alternates/" + concatStringsSep "-" activatedHosts + "/hosts"; + cfg = config.networking.stevenblack; in { options.networking.stevenblack = { enable = mkEnableOption "the stevenblack hosts file blocklist"; + package = mkPackageOption pkgs "stevenblack-blocklist" { }; + block = mkOption { - type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]); + type = types.listOf ( + types.enum [ + "fakenews" + "gambling" + "porn" + "social" + ] + ); default = [ ]; description = "Additional blocklist extensions."; }; }; config = mkIf cfg.enable { - networking.hostFiles = [ ] - ++ optionals (activatedHosts != [ ]) [ hostsPath ] - ++ optionals (activatedHosts == [ ]) [ "${pkgs.stevenblack-blocklist}/hosts" ]; + networking.hostFiles = map (x: "${getOutput x cfg.package}/hosts") ([ "ads" ] ++ cfg.block); }; - meta.maintainers = [ maintainers.moni maintainers.artturin ]; + meta.maintainers = with maintainers; [ + moni + artturin + frontear + ]; } diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix index 53aea5d847129..e945e18b1f258 100644 --- a/nixos/modules/config/swap.nix +++ b/nixos/modules/config/swap.nix @@ -1,9 +1,7 @@ { config, lib, pkgs, utils, ... }: -with utils; -with lib; - let + inherit (lib) mkIf mkOption types; randomEncryptionCoerce = enable: { inherit enable; }; @@ -188,7 +186,7 @@ let config = { device = mkIf options.label.isDefined "/dev/disk/by-label/${config.label}"; - deviceName = lib.replaceStrings ["\\"] [""] (escapeSystemdPath config.device); + deviceName = lib.replaceStrings ["\\"] [""] (utils.escapeSystemdPath config.device); realDevice = if config.randomEncryption.enable then "/dev/mapper/${config.deviceName}" else config.device; }; @@ -224,8 +222,8 @@ in }; - config = mkIf ((length config.swapDevices) != 0) { - assertions = map (sw: { + config = mkIf ((lib.length config.swapDevices) != 0) { + assertions = lib.map (sw: { assertion = sw.randomEncryption.enable -> builtins.match "/dev/disk/by-(uuid|label)/.*" sw.device == null; message = '' You cannot use swap device "${sw.device}" with randomEncryption enabled. @@ -235,22 +233,22 @@ in }) config.swapDevices; warnings = - concatMap (sw: - if sw.size != null && hasPrefix "/dev/" sw.device + lib.concatMap (sw: + if sw.size != null && lib.hasPrefix "/dev/" sw.device then [ "Setting the swap size of block device ${sw.device} has no effect" ] else [ ]) config.swapDevices; - system.requiredKernelConfig = with config.lib.kernelConfig; [ - (isYes "SWAP") + system.requiredKernelConfig = [ + (config.lib.kernelConfig.isYes "SWAP") ]; # Create missing swapfiles. systemd.services = let createSwapDevice = sw: - let realDevice' = escapeSystemdPath sw.realDevice; - in nameValuePair "mkswap-${sw.deviceName}" + let realDevice' = utils.escapeSystemdPath sw.realDevice; + in lib.nameValuePair "mkswap-${sw.deviceName}" { description = "Initialisation of swap device ${sw.device}"; # The mkswap service fails for file-backed swap devices if the # loop module has not been loaded before the service runs. @@ -261,29 +259,30 @@ in before = [ "${realDevice'}.swap" "shutdown.target"]; conflicts = [ "shutdown.target" ]; path = [ pkgs.util-linux pkgs.e2fsprogs ] - ++ optional sw.randomEncryption.enable pkgs.cryptsetup; + ++ lib.optional sw.randomEncryption.enable pkgs.cryptsetup; environment.DEVICE = sw.device; script = '' - ${optionalString (sw.size != null) '' + ${lib.optionalString (sw.size != null) '' currentSize=$(( $(stat -c "%s" "$DEVICE" 2>/dev/null || echo 0) / 1024 / 1024 )) if [[ ! -b "$DEVICE" && "${toString sw.size}" != "$currentSize" ]]; then # Disable CoW for CoW based filesystems like BTRFS. truncate --size 0 "$DEVICE" chattr +C "$DEVICE" 2>/dev/null || true - dd if=/dev/zero of="$DEVICE" bs=1M count=${toString sw.size} - ${optionalString (!sw.randomEncryption.enable) "mkswap ${sw.realDevice}"} + echo "Creating swap file using dd and mkswap." + dd if=/dev/zero of="$DEVICE" bs=1M count=${toString sw.size} status=progress + ${lib.optionalString (!sw.randomEncryption.enable) "mkswap ${sw.realDevice}"} fi ''} - ${optionalString sw.randomEncryption.enable '' + ${lib.optionalString sw.randomEncryption.enable '' cryptsetup plainOpen -c ${sw.randomEncryption.cipher} -d ${sw.randomEncryption.source} \ - ${concatStringsSep " \\\n" (flatten [ - (optional (sw.randomEncryption.sectorSize != null) "--sector-size=${toString sw.randomEncryption.sectorSize}") - (optional (sw.randomEncryption.keySize != null) "--key-size=${toString sw.randomEncryption.keySize}") - (optional sw.randomEncryption.allowDiscards "--allow-discards") + ${lib.concatStringsSep " \\\n" (lib.flatten [ + (lib.optional (sw.randomEncryption.sectorSize != null) "--sector-size=${toString sw.randomEncryption.sectorSize}") + (lib.optional (sw.randomEncryption.keySize != null) "--key-size=${toString sw.randomEncryption.keySize}") + (lib.optional sw.randomEncryption.allowDiscards "--allow-discards") ])} ${sw.device} ${sw.deviceName} mkswap ${sw.realDevice} ''} @@ -295,12 +294,12 @@ in Type = "oneshot"; RemainAfterExit = sw.randomEncryption.enable; UMask = "0177"; - ExecStop = optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}"; + ExecStop = lib.optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}"; }; restartIfChanged = false; }; - in listToAttrs (map createSwapDevice (filter (sw: sw.size != null || sw.randomEncryption.enable) config.swapDevices)); + in lib.listToAttrs (lib.map createSwapDevice (lib.filter (sw: sw.size != null || sw.randomEncryption.enable) config.swapDevices)); }; diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 562100ad6201c..21280d023a4ce 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -153,10 +153,8 @@ in "/sbin" "/share/emacs" "/share/hunspell" - "/share/nano" "/share/org" "/share/themes" - "/share/vim-plugins" "/share/vulkan" "/share/kservices5" "/share/kservicetypes5" diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 7c6851473f42f..f0b692a759d1a 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -234,7 +234,7 @@ foreach my $u (@{$spec->{users}}) { # Ensure home directory incl. ownership and permissions. if ($u->{createHome} and !$is_dry) { - make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home}; + make_path($u->{home}, { mode => 0755 }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; chmod oct($u->{homeMode}), $u->{home}; } diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 3ef8993fa665b..69646e550f1f3 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -1,8 +1,43 @@ { config, lib, utils, pkgs, ... }: -with lib; - let + inherit (lib) + any + attrNames + attrValues + concatMap + concatStrings + elem + filter + filterAttrs + flatten + flip + foldr + getAttr + hasAttr + id + length + listToAttrs + literalExpression + mapAttrs' + mapAttrsToList + match + mkAliasOptionModuleMD + mkDefault + mkIf + mkMerge + mkOption + mkRenamedOptionModule + optional + optionals + sort + stringAfter + stringLength + trace + types + xor + ; + ids = config.ids; cfg = config.users; @@ -55,7 +90,7 @@ let name = mkOption { type = types.passwdEntry types.str; - apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x; + apply = x: assert (stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x; description = '' The name of the user account. If undefined, the name of the attribute set will be used. @@ -113,7 +148,7 @@ let group = mkOption { type = types.str; - apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x; + apply = x: assert (stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x; default = ""; description = "The user's primary group."; }; @@ -462,13 +497,13 @@ let idsAreUnique = set: idAttr: !(foldr (name: args@{ dup, acc }: let - id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set)); - exists = builtins.hasAttr id acc; - newAcc = acc // (builtins.listToAttrs [ { name = id; value = true; } ]); + id = toString (getAttr idAttr (getAttr name set)); + exists = hasAttr id acc; + newAcc = acc // (listToAttrs [ { name = id; value = true; } ]); in if dup then args else if exists - then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; } + then trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; } else { dup = false; acc = newAcc; } - ) { dup = false; acc = {}; } (builtins.attrNames set)).dup; + ) { dup = false; acc = {}; } (attrNames set)).dup; uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid"; gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid"; @@ -696,7 +731,7 @@ in { ''; } else ""; # keep around for backwards compatibility - systemd.services.linger-users = lib.mkIf ((builtins.length lingeringUsers) > 0) { + systemd.services.linger-users = lib.mkIf ((length lingeringUsers) > 0) { wantedBy = ["multi-user.target"]; after = ["systemd-logind.service"]; requires = ["systemd-logind.service"]; @@ -862,7 +897,7 @@ in { [ { assertion = (user.hashedPassword != null) - -> (builtins.match ".*:.*" user.hashedPassword == null); + -> (match ".*:.*" user.hashedPassword == null); message = '' The password hash of user "${user.name}" contains a ":" character. This is invalid and would break the login system because the fields @@ -927,7 +962,7 @@ in { given above which can lead to surprising results. To resolve this warning, set at most one of the options above to a non-`null` value. '') - ++ builtins.filter (x: x != null) ( + ++ filter (x: x != null) ( flip mapAttrsToList cfg.users (_: user: # This regex matches a subset of the Modular Crypto Format (MCF)[1] # informal standard. Since this depends largely on the OS or the @@ -950,7 +985,7 @@ in { in if (allowsLogin user.hashedPassword && user.hashedPassword != "" # login without password - && builtins.match mcf user.hashedPassword == null) + && match mcf user.hashedPassword == null) then '' The password hash of user "${user.name}" may be invalid. You must set a valid hash or the user will be locked out of their account. Please diff --git a/nixos/modules/config/xdg/portal.nix b/nixos/modules/config/xdg/portal.nix index 2368ca04a49ea..ec4e13169fa38 100644 --- a/nixos/modules/config/xdg/portal.nix +++ b/nixos/modules/config/xdg/portal.nix @@ -6,6 +6,7 @@ let mkIf mkOption mkRenamedOptionModule + mkRemovedOptionModule teams types; @@ -17,18 +18,7 @@ in { imports = [ (mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ]) - - ({ config, lib, options, ... }: - let - from = [ "xdg" "portal" "gtkUsePortal" ]; - fromOpt = lib.getAttrFromPath from options; - in - { - warnings = lib.mkIf config.xdg.portal.gtkUsePortal [ - "The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforeseen side-effects." - ]; - } - ) + (mkRemovedOptionModule [ "xdg" "portal" "gtkUsePortal" ] "This option has been removed due to being unsupported and discouraged by the GTK developers.") ]; meta = { @@ -54,18 +44,6 @@ in ''; }; - gtkUsePortal = mkOption { - type = types.bool; - visible = false; - default = false; - description = '' - Sets environment variable `GTK_USE_PORTAL` to `1`. - This will force GTK-based programs ran outside Flatpak to respect and use XDG Desktop Portals - for features like file chooser but it is an unsupported hack that can easily break things. - Defaults to `false` to respect its opt-in nature. - ''; - }; - xdgOpenUsePortal = mkOption { type = types.bool; default = false; @@ -154,7 +132,6 @@ in ]; sessionVariables = { - GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1"; NIXOS_XDG_OPEN_USE_PORTAL = mkIf cfg.xdgOpenUsePortal "1"; NIX_XDG_DESKTOP_PORTAL_DIR = "/run/current-system/sw/share/xdg-desktop-portal/portals"; }; |