diff options
Diffstat (limited to 'nixos')
45 files changed, 621 insertions, 722 deletions
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 558fec4cab923..80916e9733c5c 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -80,17 +80,17 @@ let cp -r --no-preserve=all $inputs/* . substituteInPlace ./manual.md \ - --replace '@NIXOS_VERSION@' "${version}" + --replace-fail '@NIXOS_VERSION@' "${version}" substituteInPlace ./configuration/configuration.md \ - --replace \ + --replace-fail \ '@MODULE_CHAPTERS@' \ ${escapeShellArg (concatMapStringsSep "\n" (p: "${p.value}") config.meta.doc)} substituteInPlace ./nixos-options.md \ - --replace \ + --replace-fail \ '@NIXOS_OPTIONS_JSON@' \ ${optionsDoc.optionsJSON}/${common.outputPath}/options.json substituteInPlace ./development/writing-nixos-tests.section.md \ - --replace \ + --replace-fail \ '@NIXOS_TEST_OPTIONS_JSON@' \ ${testOptionsDoc.optionsJSON}/${common.outputPath}/options.json sed -e '/@PYTHON_MACHINE_METHODS@/ {' -e 'r ${testDriverMachineDocstrings}/machine-methods.md' -e 'd' -e '}' \ diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index bc814ad305055..cd2393514be8c 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -92,6 +92,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - [PhotonVision](https://photonvision.org/), a free, fast, and easy-to-use computer vision solution for the FIRSTĀ® Robotics Competition. +- [clatd](https://github.com/toreanderson/clatd), a a CLAT / SIIT-DC Edge Relay implementation for Linux. + - [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable) - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable). @@ -378,6 +380,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details. +- The `wpaperd` package has a breaking change moving to 1.0.1, previous version 0.3.0 had 2 different configuration files, one for wpaperd and one for the wallpapers. Remove the former and move the latter (`wallpaper.toml`) to `config.toml`. + - Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version. - Paths provided as `restartTriggers` and `reloadTriggers` for systemd units will now be copied into the nix store to make the behavior consistent. @@ -501,6 +505,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `erlang-ls` package no longer ships the `els_dap` binary as of v0.51.0. +- `icu` no longer includes `install-sh` and `mkinstalldirs` in the shared folder. + ## Other Notable Changes {#sec-release-24.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 90a2170349e93..111b5c129cb3c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -946,6 +946,7 @@ ./services/networking/charybdis.nix ./services/networking/chisel-server.nix ./services/networking/cjdns.nix + ./services/networking/clatd.nix ./services/networking/cloudflare-dyndns.nix ./services/networking/cloudflared.nix ./services/networking/cntlm.nix diff --git a/nixos/modules/programs/evince.nix b/nixos/modules/programs/evince.nix index cffc5127f10a8..a27e75e6626de 100644 --- a/nixos/modules/programs/evince.nix +++ b/nixos/modules/programs/evince.nix @@ -2,28 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.programs.evince; in { - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "evince" "enable" ] - [ "programs" "evince" "enable" ]) - ]; - ###### interface options = { programs.evince = { - enable = mkEnableOption "Evince, the GNOME document viewer"; + enable = lib.mkEnableOption "Evince, the GNOME document viewer"; - package = mkPackageOption pkgs "evince" { }; + package = lib.mkPackageOption pkgs "evince" { }; }; @@ -32,7 +23,7 @@ in { ###### implementation - config = mkIf config.programs.evince.enable { + config = lib.mkIf config.programs.evince.enable { environment.systemPackages = [ cfg.package ]; diff --git a/nixos/modules/programs/file-roller.nix b/nixos/modules/programs/file-roller.nix index 4799f42d630b1..f64bd732855bf 100644 --- a/nixos/modules/programs/file-roller.nix +++ b/nixos/modules/programs/file-roller.nix @@ -2,28 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.programs.file-roller; in { - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "file-roller" "enable" ] - [ "programs" "file-roller" "enable" ]) - ]; - ###### interface options = { programs.file-roller = { - enable = mkEnableOption "File Roller, an archive manager for GNOME"; + enable = lib.mkEnableOption "File Roller, an archive manager for GNOME"; - package = mkPackageOption pkgs [ "gnome" "file-roller" ] { }; + package = lib.mkPackageOption pkgs [ "gnome" "file-roller" ] { }; }; @@ -32,7 +23,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; diff --git a/nixos/modules/programs/gnome-disks.nix b/nixos/modules/programs/gnome-disks.nix index 4b128b4712650..954f1fd9bc078 100644 --- a/nixos/modules/programs/gnome-disks.nix +++ b/nixos/modules/programs/gnome-disks.nix @@ -2,29 +2,20 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-disks" "enable" ] - [ "programs" "gnome-disks" "enable" ]) - ]; - ###### interface options = { programs.gnome-disks = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable GNOME Disks daemon, a program designed to @@ -39,7 +30,7 @@ with lib; ###### implementation - config = mkIf config.programs.gnome-disks.enable { + config = lib.mkIf config.programs.gnome-disks.enable { environment.systemPackages = [ pkgs.gnome.gnome-disk-utility ]; diff --git a/nixos/modules/programs/gnome-terminal.nix b/nixos/modules/programs/gnome-terminal.nix index 71a6b217880c5..a5dda83edd11f 100644 --- a/nixos/modules/programs/gnome-terminal.nix +++ b/nixos/modules/programs/gnome-terminal.nix @@ -2,8 +2,6 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.programs.gnome-terminal; @@ -13,21 +11,14 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2019-08-19 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-terminal-server" "enable" ] - [ "programs" "gnome-terminal" "enable" ]) - ]; - options = { - programs.gnome-terminal.enable = mkEnableOption "GNOME Terminal"; + programs.gnome-terminal.enable = lib.mkEnableOption "GNOME Terminal"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.gnome.gnome-terminal ]; services.dbus.packages = [ pkgs.gnome.gnome-terminal ]; systemd.packages = [ pkgs.gnome.gnome-terminal ]; diff --git a/nixos/modules/programs/gpaste.nix b/nixos/modules/programs/gpaste.nix index 1c34c86eb853f..32b81434bdd94 100644 --- a/nixos/modules/programs/gpaste.nix +++ b/nixos/modules/programs/gpaste.nix @@ -1,22 +1,13 @@ # GPaste. { config, lib, pkgs, ... }: -with lib; - { - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gpaste" "enable" ] - [ "programs" "gpaste" "enable" ]) - ]; - ###### interface options = { programs.gpaste = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable GPaste, a clipboard manager. @@ -26,7 +17,7 @@ with lib; }; ###### implementation - config = mkIf config.programs.gpaste.enable { + config = lib.mkIf config.programs.gpaste.enable { environment.systemPackages = [ pkgs.gnome.gpaste ]; services.dbus.packages = [ pkgs.gnome.gpaste ]; systemd.packages = [ pkgs.gnome.gpaste ]; diff --git a/nixos/modules/programs/seahorse.nix b/nixos/modules/programs/seahorse.nix index c0a356bff57c1..53fff50e0a8b9 100644 --- a/nixos/modules/programs/seahorse.nix +++ b/nixos/modules/programs/seahorse.nix @@ -2,25 +2,15 @@ { config, pkgs, lib, ... }: -with lib; - { - # Added 2019-08-27 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "seahorse" "enable" ] - [ "programs" "seahorse" "enable" ]) - ]; - - ###### interface options = { programs.seahorse = { - enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring"; + enable = lib.mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring"; }; @@ -29,9 +19,9 @@ with lib; ###### implementation - config = mkIf config.programs.seahorse.enable { + config = lib.mkIf config.programs.seahorse.enable { - programs.ssh.askPassword = mkDefault "${pkgs.gnome.seahorse}/libexec/seahorse/ssh-askpass"; + programs.ssh.askPassword = lib.mkDefault "${pkgs.gnome.seahorse}/libexec/seahorse/ssh-askpass"; environment.systemPackages = [ pkgs.gnome.seahorse diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 35d3ba0aa2094..8a9d8c210b34d 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -37,7 +37,7 @@ let # package = pkgs.postgresql_<major>; # }; # works. - base = if cfg.enableJIT then cfg.package.withJIT else cfg.package; + base = if cfg.enableJIT then cfg.package.withJIT else cfg.package.withoutJIT; in if cfg.extraPlugins == [] then base diff --git a/nixos/modules/services/desktops/gnome/at-spi2-core.nix b/nixos/modules/services/desktops/gnome/at-spi2-core.nix index 446f363fce83f..6ed5b198fe4f8 100644 --- a/nixos/modules/services/desktops/gnome/at-spi2-core.nix +++ b/nixos/modules/services/desktops/gnome/at-spi2-core.nix @@ -2,30 +2,19 @@ { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; ###### interface - - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "at-spi2-core" "enable" ] - [ "services" "gnome" "at-spi2-core" "enable" ] - ) - ]; - options = { services.gnome.at-spi2-core = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable at-spi2-core, a service for the Assistive Technologies @@ -43,14 +32,14 @@ with lib; ###### implementation - config = mkMerge [ - (mkIf config.services.gnome.at-spi2-core.enable { + config = lib.mkMerge [ + (lib.mkIf config.services.gnome.at-spi2-core.enable { environment.systemPackages = [ pkgs.at-spi2-core ]; services.dbus.packages = [ pkgs.at-spi2-core ]; systemd.packages = [ pkgs.at-spi2-core ]; }) - (mkIf (!config.services.gnome.at-spi2-core.enable) { + (lib.mkIf (!config.services.gnome.at-spi2-core.enable) { environment.sessionVariables = { NO_AT_BRIDGE = "1"; GTK_A11Y = "none"; diff --git a/nixos/modules/services/desktops/gnome/evolution-data-server.nix b/nixos/modules/services/desktops/gnome/evolution-data-server.nix index 34a91170d424f..a43e8dadb4212 100644 --- a/nixos/modules/services/desktops/gnome/evolution-data-server.nix +++ b/nixos/modules/services/desktops/gnome/evolution-data-server.nix @@ -2,44 +2,30 @@ { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "evolution-data-server" "enable" ] - [ "services" "gnome" "evolution-data-server" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "evolution-data-server" "plugins" ] - [ "services" "gnome" "evolution-data-server" "plugins" ] - ) - ]; - ###### interface options = { services.gnome.evolution-data-server = { - enable = mkEnableOption "Evolution Data Server, a collection of services for storing addressbooks and calendars"; - plugins = mkOption { - type = types.listOf types.package; + enable = lib.mkEnableOption "Evolution Data Server, a collection of services for storing addressbooks and calendars"; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; description = "Plugins for Evolution Data Server."; }; }; programs.evolution = { - enable = mkEnableOption "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality"; - plugins = mkOption { - type = types.listOf types.package; + enable = lib.mkEnableOption "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality"; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; - example = literalExpression "[ pkgs.evolution-ews ]"; + example = lib.literalExpression "[ pkgs.evolution-ews ]"; description = "Plugins for Evolution."; }; @@ -52,15 +38,15 @@ with lib; let bundle = pkgs.evolutionWithPlugins.override { inherit (config.services.gnome.evolution-data-server) plugins; }; in - mkMerge [ - (mkIf config.services.gnome.evolution-data-server.enable { + lib.mkMerge [ + (lib.mkIf config.services.gnome.evolution-data-server.enable { environment.systemPackages = [ bundle ]; services.dbus.packages = [ bundle ]; systemd.packages = [ bundle ]; }) - (mkIf config.programs.evolution.enable { + (lib.mkIf config.programs.evolution.enable { services.gnome.evolution-data-server = { enable = true; plugins = [ pkgs.evolution ] ++ config.programs.evolution.plugins; diff --git a/nixos/modules/services/desktops/gnome/glib-networking.nix b/nixos/modules/services/desktops/gnome/glib-networking.nix index 1039605391ab6..905901f470841 100644 --- a/nixos/modules/services/desktops/gnome/glib-networking.nix +++ b/nixos/modules/services/desktops/gnome/glib-networking.nix @@ -2,29 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "glib-networking" "enable" ] - [ "services" "gnome" "glib-networking" "enable" ] - ) - ]; - ###### interface options = { services.gnome.glib-networking = { - enable = mkEnableOption "network extensions for GLib"; + enable = lib.mkEnableOption "network extensions for GLib"; }; @@ -32,7 +22,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.glib-networking.enable { + config = lib.mkIf config.services.gnome.glib-networking.enable { services.dbus.packages = [ pkgs.glib-networking ]; diff --git a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix index 34fc24f7d5746..4f0c36883a3f5 100644 --- a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix +++ b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix @@ -9,19 +9,6 @@ in maintainers = teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "chrome-gnome-shell" "enable" ] - [ "services" "gnome" "gnome-browser-connector" "enable" ] - ) - # Added 2022-07-25 - (mkRenamedOptionModule - [ "services" "gnome" "chrome-gnome-shell" "enable" ] - [ "services" "gnome" "gnome-browser-connector" "enable" ] - ) - ]; - options = { services.gnome.gnome-browser-connector.enable = mkEnableOption '' native host connector for the GNOME Shell browser extension, a DBus service diff --git a/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix b/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix index ceda49337472f..8deb12ec18bf3 100644 --- a/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix +++ b/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix @@ -2,8 +2,6 @@ { config, pkgs, lib, ... }: -with lib; - let # GNOME initial setup's run is conditioned on whether @@ -45,24 +43,16 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-initial-setup" "enable" ] - [ "services" "gnome" "gnome-initial-setup" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-initial-setup = { - enable = mkEnableOption "GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system"; + enable = lib.mkEnableOption "GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system"; }; @@ -71,12 +61,12 @@ in ###### implementation - config = mkIf config.services.gnome.gnome-initial-setup.enable { + config = lib.mkIf config.services.gnome.gnome-initial-setup.enable { environment.systemPackages = [ pkgs.gnome.gnome-initial-setup ] - ++ optional (versionOlder config.system.stateVersion "20.03") createGisStampFilesAutostart + ++ lib.optional (lib.versionOlder config.system.stateVersion "20.03") createGisStampFilesAutostart ; systemd.packages = [ diff --git a/nixos/modules/services/desktops/gnome/gnome-keyring.nix b/nixos/modules/services/desktops/gnome/gnome-keyring.nix index d821da164beb1..79bce0ade2fc5 100644 --- a/nixos/modules/services/desktops/gnome/gnome-keyring.nix +++ b/nixos/modules/services/desktops/gnome/gnome-keyring.nix @@ -2,30 +2,20 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-keyring" "enable" ] - [ "services" "gnome" "gnome-keyring" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-keyring = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable GNOME Keyring daemon, a service designed to @@ -41,7 +31,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-keyring.enable { + config = lib.mkIf config.services.gnome.gnome-keyring.enable { environment.systemPackages = [ pkgs.gnome.gnome-keyring ]; diff --git a/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix b/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix index 01f7e3695cf04..de3c3789594a8 100644 --- a/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix +++ b/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix @@ -2,30 +2,20 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-online-accounts" "enable" ] - [ "services" "gnome" "gnome-online-accounts" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-online-accounts = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable GNOME Online Accounts daemon, a service that provides @@ -40,7 +30,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-online-accounts.enable { + config = lib.mkIf config.services.gnome.gnome-online-accounts.enable { environment.systemPackages = [ pkgs.gnome-online-accounts ]; diff --git a/nixos/modules/services/desktops/gnome/gnome-online-miners.nix b/nixos/modules/services/desktops/gnome/gnome-online-miners.nix index 5f9039f68c4ee..9496752ed3a24 100644 --- a/nixos/modules/services/desktops/gnome/gnome-online-miners.nix +++ b/nixos/modules/services/desktops/gnome/gnome-online-miners.nix @@ -2,30 +2,20 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-online-miners" "enable" ] - [ "services" "gnome" "gnome-online-miners" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-online-miners = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable GNOME Online Miners, a service that @@ -40,7 +30,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-online-miners.enable { + config = lib.mkIf config.services.gnome.gnome-online-miners.enable { environment.systemPackages = [ pkgs.gnome.gnome-online-miners ]; diff --git a/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix b/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix index b5573d2fc21bc..d81a9edfa1266 100644 --- a/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix +++ b/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix @@ -1,32 +1,36 @@ # Remote desktop daemon using Pipewire. { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-remote-desktop" "enable" ] - [ "services" "gnome" "gnome-remote-desktop" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-remote-desktop = { - enable = mkEnableOption "Remote Desktop support using Pipewire"; + enable = lib.mkEnableOption "Remote Desktop support using Pipewire"; }; }; ###### implementation - config = mkIf config.services.gnome.gnome-remote-desktop.enable { + config = lib.mkIf config.services.gnome.gnome-remote-desktop.enable { services.pipewire.enable = true; + services.dbus.packages = [ pkgs.gnome.gnome-remote-desktop ]; + + environment.systemPackages = [ pkgs.gnome.gnome-remote-desktop ]; systemd.packages = [ pkgs.gnome.gnome-remote-desktop ]; + systemd.tmpfiles.packages = [ pkgs.gnome.gnome-remote-desktop ]; + + # TODO: if possible, switch to using provided g-r-d sysusers.d + users = { + users.gnome-remote-desktop = { + isSystemUser = true; + group = "gnome-remote-desktop"; + home = "/var/lib/gnome-remote-desktop"; + }; + groups.gnome-remote-desktop = { }; + }; }; } diff --git a/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix b/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix index 9c68c9b76e9ee..30b35f6690921 100644 --- a/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix +++ b/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix @@ -2,8 +2,6 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.gnome.gnome-settings-daemon; @@ -13,28 +11,16 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - (mkRemovedOptionModule - ["services" "gnome3" "gnome-settings-daemon" "package"] - "") - - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-settings-daemon" "enable" ] - [ "services" "gnome" "gnome-settings-daemon" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-settings-daemon = { - enable = mkEnableOption "GNOME Settings Daemon"; + enable = lib.mkEnableOption "GNOME Settings Daemon"; }; @@ -43,7 +29,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.gnome.gnome-settings-daemon diff --git a/nixos/modules/services/desktops/gnome/gnome-user-share.nix b/nixos/modules/services/desktops/gnome/gnome-user-share.nix index 38256af309cc5..2c6d94b7bdfc6 100644 --- a/nixos/modules/services/desktops/gnome/gnome-user-share.nix +++ b/nixos/modules/services/desktops/gnome/gnome-user-share.nix @@ -2,29 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-user-share" "enable" ] - [ "services" "gnome" "gnome-user-share" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-user-share = { - enable = mkEnableOption "GNOME User Share, a user-level file sharing service for GNOME"; + enable = lib.mkEnableOption "GNOME User Share, a user-level file sharing service for GNOME"; }; @@ -33,7 +23,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-user-share.enable { + config = lib.mkIf config.services.gnome.gnome-user-share.enable { environment.systemPackages = [ pkgs.gnome.gnome-user-share diff --git a/nixos/modules/services/desktops/gnome/rygel.nix b/nixos/modules/services/desktops/gnome/rygel.nix index 8932d438cf1ec..c980b239d521e 100644 --- a/nixos/modules/services/desktops/gnome/rygel.nix +++ b/nixos/modules/services/desktops/gnome/rygel.nix @@ -1,38 +1,28 @@ # rygel service. { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "rygel" "enable" ] - [ "services" "gnome" "rygel" "enable" ] - ) - ]; - ###### interface options = { services.gnome.rygel = { - enable = mkOption { + enable = lib.mkOption { default = false; description = '' Whether to enable Rygel UPnP Mediaserver. You will need to also allow UPnP connections in firewall, see the following [comment](https://github.com/NixOS/nixpkgs/pull/45045#issuecomment-416030795). ''; - type = types.bool; + type = lib.types.bool; }; }; }; ###### implementation - config = mkIf config.services.gnome.rygel.enable { + config = lib.mkIf config.services.gnome.rygel.enable { environment.systemPackages = [ pkgs.gnome.rygel ]; services.dbus.packages = [ pkgs.gnome.rygel ]; diff --git a/nixos/modules/services/desktops/gnome/sushi.nix b/nixos/modules/services/desktops/gnome/sushi.nix index 3133a3a0d9854..946030e4bb229 100644 --- a/nixos/modules/services/desktops/gnome/sushi.nix +++ b/nixos/modules/services/desktops/gnome/sushi.nix @@ -2,30 +2,20 @@ { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "sushi" "enable" ] - [ "services" "gnome" "sushi" "enable" ] - ) - ]; - ###### interface options = { services.gnome.sushi = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable Sushi, a quick previewer for nautilus. @@ -39,7 +29,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.sushi.enable { + config = lib.mkIf config.services.gnome.sushi.enable { environment.systemPackages = [ pkgs.gnome.sushi ]; diff --git a/nixos/modules/services/desktops/gnome/tracker-miners.nix b/nixos/modules/services/desktops/gnome/tracker-miners.nix index 9351007d30b5d..d5d42cee9f8b4 100644 --- a/nixos/modules/services/desktops/gnome/tracker-miners.nix +++ b/nixos/modules/services/desktops/gnome/tracker-miners.nix @@ -2,30 +2,20 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "tracker-miners" "enable" ] - [ "services" "gnome" "tracker-miners" "enable" ] - ) - ]; - ###### interface options = { services.gnome.tracker-miners = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable Tracker miners, indexing services for Tracker @@ -39,7 +29,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.tracker-miners.enable { + config = lib.mkIf config.services.gnome.tracker-miners.enable { environment.systemPackages = [ pkgs.tracker-miners ]; diff --git a/nixos/modules/services/desktops/gnome/tracker.nix b/nixos/modules/services/desktops/gnome/tracker.nix index fef399d0112e4..45b679571c707 100644 --- a/nixos/modules/services/desktops/gnome/tracker.nix +++ b/nixos/modules/services/desktops/gnome/tracker.nix @@ -2,33 +2,23 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.services.gnome.tracker; in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "tracker" "enable" ] - [ "services" "gnome" "tracker" "enable" ] - ) - ]; - ###### interface options = { services.gnome.tracker = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable Tracker services, a search engine, @@ -36,8 +26,8 @@ in ''; }; - subcommandPackages = mkOption { - type = types.listOf types.package; + subcommandPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; internal = true; description = '' @@ -52,7 +42,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.tracker ]; diff --git a/nixos/modules/services/desktops/gvfs.nix b/nixos/modules/services/desktops/gvfs.nix index 09ac06d9f6fe0..8a02cdd4a6508 100644 --- a/nixos/modules/services/desktops/gvfs.nix +++ b/nixos/modules/services/desktops/gvfs.nix @@ -2,8 +2,6 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.gvfs; @@ -13,26 +11,19 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2019-08-19 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gvfs" "enable" ] - [ "services" "gvfs" "enable" ]) - ]; - ###### interface options = { services.gvfs = { - enable = mkEnableOption "GVfs, a userspace virtual filesystem"; + enable = lib.mkEnableOption "GVfs, a userspace virtual filesystem"; # gvfs can be built with multiple configurations - package = mkPackageOption pkgs [ "gnome" "gvfs" ] { }; + package = lib.mkPackageOption pkgs [ "gnome" "gvfs" ] { }; }; @@ -41,7 +32,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; diff --git a/nixos/modules/services/display-managers/default.nix b/nixos/modules/services/display-managers/default.nix index de3feb500f33b..005ae8f1c8a58 100644 --- a/nixos/modules/services/display-managers/default.nix +++ b/nixos/modules/services/display-managers/default.nix @@ -29,12 +29,6 @@ let fi '') cfg.sessionPackages} ''; - - dmDefault = config.services.xserver.desktopManager.default; - # fallback default for cases when only default wm is set - dmFallbackDefault = if dmDefault != null then dmDefault else "none"; - wmDefault = config.services.xserver.windowManager.default; - defaultSessionFromLegacyOptions = dmFallbackDefault + lib.optionalString (wmDefault != null && wmDefault != "none") "+${wmDefault}"; in { options = { @@ -125,14 +119,7 @@ in ${lib.concatStringsSep "\n " cfg.displayManager.sessionData.sessionNames} ''; }; - default = - if dmDefault != null || wmDefault != null then - defaultSessionFromLegacyOptions - else - null; - defaultText = lib.literalMD '' - Taken from display manager settings or window manager settings, if either is set. - ''; + default = null; example = "gnome"; description = '' Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM). @@ -192,20 +179,6 @@ in } ]; - warnings = - lib.mkIf (dmDefault != null || wmDefault != null) [ - '' - The following options are deprecated: - ${lib.concatStringsSep "\n " (map ({c, t}: t) (lib.filter ({c, t}: c != null) [ - { c = dmDefault; t = "- services.xserver.desktopManager.default"; } - { c = wmDefault; t = "- services.xserver.windowManager.default"; } - ]))} - Please use - services.displayManager.defaultSession = "${defaultSessionFromLegacyOptions}"; - instead. - '' - ]; - # Make xsessions and wayland sessions available in XDG_DATA_DIRS # as some programs have behavior that depends on them being present environment.sessionVariables.XDG_DATA_DIRS = lib.mkIf (cfg.sessionPackages != [ ]) [ diff --git a/nixos/modules/services/home-automation/ebusd.nix b/nixos/modules/services/home-automation/ebusd.nix index d388022d7b50b..ac9ec06639c13 100644 --- a/nixos/modules/services/home-automation/ebusd.nix +++ b/nixos/modules/services/home-automation/ebusd.nix @@ -4,41 +4,6 @@ with lib; let cfg = config.services.ebusd; - - package = pkgs.ebusd; - - arguments = [ - "${package}/bin/ebusd" - "--foreground" - "--updatecheck=off" - "--device=${cfg.device}" - "--port=${toString cfg.port}" - "--configpath=${cfg.configpath}" - "--scanconfig=${cfg.scanconfig}" - "--log=all:${cfg.logs.all}" - "--log=main:${cfg.logs.main}" - "--log=network:${cfg.logs.network}" - "--log=bus:${cfg.logs.bus}" - "--log=update:${cfg.logs.update}" - "--log=other:${cfg.logs.other}" - ] ++ lib.optionals cfg.readonly [ - "--readonly" - ] ++ lib.optionals cfg.mqtt.enable [ - "--mqtthost=${cfg.mqtt.host}" - "--mqttport=${toString cfg.mqtt.port}" - "--mqttuser=${cfg.mqtt.user}" - "--mqttpass=${cfg.mqtt.password}" - ] ++ lib.optionals cfg.mqtt.home-assistant [ - "--mqttint=${package}/etc/ebusd/mqtt-hassio.cfg" - "--mqttjson" - ] ++ lib.optionals cfg.mqtt.retain [ - "--mqttretain" - ] ++ cfg.extraArguments; - - usesDev = hasPrefix "/" cfg.device; - - command = concatStringsSep " " arguments; - in { meta.maintainers = with maintainers; [ nathan-gs ]; @@ -46,6 +11,8 @@ in options.services.ebusd = { enable = mkEnableOption "ebusd, a daemon for communication with eBUS heating systems"; + package = mkPackageOptionMD pkgs "ebusd" { }; + device = mkOption { type = types.str; default = ""; @@ -57,7 +24,8 @@ in ens:DEVICE for enhanced high speed serial device (only adapter v3 and newer with firmware since 20220731), DEVICE for serial device (normal speed, for all other serial adapters like adapter v2 as well as adapter v3 in non-enhanced mode), or [udp:]IP:PORT for network device. - https://github.com/john30/ebusd/wiki/2.-Run#device-options + + Source: <https://github.com/john30/ebusd/wiki/2.-Run#device-options> ''; }; @@ -81,7 +49,7 @@ in type = types.str; default = "https://cfg.ebusd.eu/"; description = '' - Read CSV config files from PATH (local folder or HTTPS URL) [https://cfg.ebusd.eu/] + Directory to read CSV config files from. This can be a local folder or a URL. ''; }; @@ -95,65 +63,21 @@ in ''; }; - logs = { - main = mkOption { - type = types.enum [ "none" "error" "notice" "info" "debug"]; - default = "info"; - description = '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. - ''; - }; - - network = mkOption { - type = types.enum [ "none" "error" "notice" "info" "debug"]; - default = "info"; - description = '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. - ''; - }; - - bus = mkOption { - type = types.enum [ "none" "error" "notice" "info" "debug"]; - default = "info"; - description = '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. - ''; - }; - - update = mkOption { - type = types.enum [ "none" "error" "notice" "info" "debug"]; - default = "info"; - description = '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. - ''; - }; - - other = mkOption { - type = types.enum [ "none" "error" "notice" "info" "debug"]; - default = "info"; - description = '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. - ''; - }; - - all = mkOption { - type = types.enum [ "none" "error" "notice" "info" "debug"]; - default = "info"; - description = '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. - ''; - }; - }; + logs = let + # "all" must come first so it can be overridden by more specific areas + areas = [ "all" "main" "network" "bus" "update" "other" ]; + levels = [ "none" "error" "notice" "info" "debug" ]; + in listToAttrs (map (area: nameValuePair area (mkOption { + type = types.enum levels; + default = "notice"; + example = "debug"; + description = '' + Only write log for matching `AREA`s (${concatStringsSep "|" areas}) below or equal to `LEVEL` (${concatStringsSep "|" levels}) + ''; + })) areas); mqtt = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - Adds support for MQTT - ''; - }; + enable = mkEnableOption "support for MQTT"; host = mkOption { type = types.str; @@ -179,13 +103,7 @@ in ''; }; - retain = mkOption { - type = types.bool; - default = false; - description = '' - Set the retain flag on all topics instead of only selected global ones - ''; - }; + retain = mkEnableOption "set the retain flag on all topics instead of only selected global ones"; user = mkOption { type = types.str; @@ -200,7 +118,6 @@ in The MQTT password. ''; }; - }; extraArguments = mkOption { @@ -210,25 +127,44 @@ in Extra arguments to the ebus daemon ''; }; - }; - config = mkIf (cfg.enable) { - + config = let + usesDev = hasPrefix "/" cfg.device; + in mkIf cfg.enable { systemd.services.ebusd = { description = "EBUSd Service"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { - ExecStart = command; + ExecStart = let + args = cli.toGNUCommandLineShell { } (foldr (a: b: a // b) { } [ + { + inherit (cfg) device port configpath scanconfig readonly; + foreground = true; + updatecheck = "off"; + log = mapAttrsToList (name: value: "${name}:${value}") cfg.logs; + mqttretain = cfg.mqtt.retain; + } + (optionalAttrs cfg.mqtt.enable { + mqtthost = cfg.mqtt.host; + mqttport = cfg.mqtt.port; + mqttuser = cfg.mqtt.user; + mqttpass = cfg.mqtt.password; + }) + (optionalAttrs cfg.mqtt.home-assistant { + mqttint = "${cfg.package}/etc/ebusd/mqtt-hassio.cfg"; + mqttjson = true; + }) + ]); + in "${cfg.package}/bin/ebusd ${args} ${escapeShellArgs cfg.extraArguments}"; + DynamicUser = true; Restart = "on-failure"; # Hardening CapabilityBoundingSet = ""; - DeviceAllow = lib.optionals usesDev [ - cfg.device - ] ; + DeviceAllow = optionals usesDev [ cfg.device ]; DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = false; @@ -254,9 +190,7 @@ in RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; - SupplementaryGroups = [ - "dialout" - ]; + SupplementaryGroups = [ "dialout" ]; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service @pkey" @@ -265,6 +199,5 @@ in UMask = "0077"; }; }; - }; } diff --git a/nixos/modules/services/logging/promtail.nix b/nixos/modules/services/logging/promtail.nix index a34bc07b6ab2f..9eccd34cef234 100644 --- a/nixos/modules/services/logging/promtail.nix +++ b/nixos/modules/services/logging/promtail.nix @@ -41,6 +41,10 @@ in { wantedBy = [ "multi-user.target" ]; stopIfChanged = false; + preStart = '' + ${lib.getExe pkgs.promtail} -config.file=${prettyJSON cfg.configuration} -check-syntax + ''; + serviceConfig = { Restart = "on-failure"; TimeoutStopSec = 10; diff --git a/nixos/modules/services/matrix/conduit.nix b/nixos/modules/services/matrix/conduit.nix index 9b8a4f45c268f..b1d9b04242956 100644 --- a/nixos/modules/services/matrix/conduit.nix +++ b/nixos/modules/services/matrix/conduit.nix @@ -9,7 +9,7 @@ let configFile = format.generate "conduit.toml" cfg.settings; in { - meta.maintainers = with maintainers; [ pstn piegames ]; + meta.maintainers = with maintainers; [ pstn ]; options.services.matrix-conduit = { enable = mkEnableOption "matrix-conduit"; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 43568f29dd376..7b96a182f0d94 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -18,6 +18,8 @@ let gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket"; pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url; + gitlabVersionAtLeast = version: lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) version; + databaseConfig = let val = { adapter = "postgresql"; @@ -27,10 +29,16 @@ let encoding = "utf8"; pool = cfg.databasePool; } // cfg.extraDatabaseConfig; - in if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then { - production.main = val; - } else { - production = val; + in { + production = ( + if (gitlabVersionAtLeast "15.0") + then { main = val; } + else val + ) // lib.optionalAttrs (gitlabVersionAtLeast "15.9") { + ci = val // { + database_tasks = false; + }; + }; }; # We only want to create a database if we're actually going to connect to it. @@ -1168,7 +1176,7 @@ in { set -eu PSQL() { - psql --port=${toString pgsql.port} "$@" + psql --port=${toString pgsql.settings.port} "$@" } PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' @@ -1348,7 +1356,7 @@ in { rm -f '${cfg.statePath}/config/database.yml' - ${if cfg.databasePasswordFile != null then '' + ${lib.optionalString (cfg.databasePasswordFile != null) '' db_password="$(<'${cfg.databasePasswordFile}')" export db_password @@ -1356,16 +1364,24 @@ in { >&2 echo "Database password was an empty string!" exit 1 fi + ''} - jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - '.${if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then "production.main" else "production"}.password = $ENV.db_password' \ - >'${cfg.statePath}/config/database.yml' - '' - else '' - jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - >'${cfg.statePath}/config/database.yml' - '' - } + # GitLab expects the `production.main` section to be the first entry in the file. + jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} '{ + production: [ + ${lib.optionalString (cfg.databasePasswordFile != null) ( + builtins.concatStringsSep "\n " ( + [ ".production${lib.optionalString (gitlabVersionAtLeast "15.0") ".main"}.password = $ENV.db_password" ] + ++ lib.optional (gitlabVersionAtLeast "15.9") "| .production.ci.password = $ENV.db_password" + ++ [ "|" ] + ) + )} .production + | to_entries[] + ] + | sort_by(.key) + | reverse + | from_entries + }' >'${cfg.statePath}/config/database.yml' ${utils.genJqSecretsReplacementSnippet gitlabConfig diff --git a/nixos/modules/services/misc/heisenbridge.nix b/nixos/modules/services/misc/heisenbridge.nix index de109e726633f..54c298f1b5602 100644 --- a/nixos/modules/services/misc/heisenbridge.nix +++ b/nixos/modules/services/misc/heisenbridge.nix @@ -210,5 +210,5 @@ in }; }; - meta.maintainers = [ lib.maintainers.piegames ]; + meta.maintainers = [ ]; } diff --git a/nixos/modules/services/networking/clatd.nix b/nixos/modules/services/networking/clatd.nix new file mode 100644 index 0000000000000..76e0c130ca466 --- /dev/null +++ b/nixos/modules/services/networking/clatd.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.clatd; + + settingsFormat = pkgs.formats.keyValue {}; + + configFile = settingsFormat.generate "clatd.conf" cfg.settings; +in +{ + options = { + services.clatd = { + enable = mkEnableOption "clatd"; + + package = mkPackageOption pkgs "clatd" { }; + + settings = mkOption { + type = types.submodule ({ name, ... }: { + freeformType = settingsFormat.type; + }); + default = { }; + example = literalExpression '' + { + plat-prefix = "64:ff9b::/96"; + } + ''; + description = '' + Configuration of clatd. See [clatd Documentation](https://github.com/toreanderson/clatd/blob/master/README.pod#configuration). + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.clatd = { + description = "464XLAT CLAT daemon"; + documentation = [ "man:clatd(8)" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + startLimitIntervalSec = 0; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/clatd -c ${configFile}"; + startLimitIntervalSec = 0; + + # Hardening + CapabilityBoundingSet = [ + "CAP_NET_ADMIN" + ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectProc = "invisible"; + ProtectSystem = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@network-io" + "@system-service" + "~@privileged" + "~@resources" + ]; + }; + }; + }; +} diff --git a/nixos/modules/services/x11/desktop-managers/cinnamon.nix b/nixos/modules/services/x11/desktop-managers/cinnamon.nix index 482527d1e8ad5..2e0eef67c0b3e 100644 --- a/nixos/modules/services/x11/desktop-managers/cinnamon.nix +++ b/nixos/modules/services/x11/desktop-managers/cinnamon.nix @@ -157,6 +157,7 @@ in # packages nemo-with-extensions + gnome-online-accounts-gtk cinnamon-control-center cinnamon-settings-daemon libgnomekbd diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix index 6fe606f92267b..42e66e86e1a35 100644 --- a/nixos/modules/services/x11/desktop-managers/default.nix +++ b/nixos/modules/services/x11/desktop-managers/default.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) mkOption types; xcfg = config.services.xserver; cfg = xcfg.desktopManager; @@ -59,7 +58,7 @@ in session = mkOption { internal = true; default = []; - example = singleton + example = lib.singleton { name = "kde"; bgSupport = true; start = "..."; @@ -73,26 +72,15 @@ in manage = "desktop"; start = d.start # literal newline to ensure d.start's last line is not appended to - + optionalString (needBGCond d) '' + + lib.optionalString (needBGCond d) '' if [ -e $HOME/.background-image ]; then - ${pkgs.feh}/bin/feh --bg-${cfg.wallpaper.mode} ${optionalString cfg.wallpaper.combineScreens "--no-xinerama"} $HOME/.background-image + ${pkgs.feh}/bin/feh --bg-${cfg.wallpaper.mode} ${lib.optionalString cfg.wallpaper.combineScreens "--no-xinerama"} $HOME/.background-image fi ''; }); }; - default = mkOption { - type = types.nullOr types.str; - default = null; - example = "none"; - description = '' - **Deprecated**, please use [](#opt-services.displayManager.defaultSession) instead. - - Default desktop manager loaded if none have been chosen. - ''; - }; - }; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index a0cf56e7a920d..fe50d930b5af0 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, utils, ... }: -with lib; - let + inherit (lib) mkOption types mkDefault mkEnableOption literalExpression; cfg = config.services.xserver.desktopManager.gnome; serviceCfg = config.services.gnome; @@ -51,8 +50,8 @@ let destination = "/share/gnome-background-properties/nixos.xml"; }; - flashbackEnabled = cfg.flashback.enableMetacity || length cfg.flashback.customSessions > 0; - flashbackWms = optional cfg.flashback.enableMetacity { + flashbackEnabled = cfg.flashback.enableMetacity || lib.length cfg.flashback.customSessions > 0; + flashbackWms = lib.optional cfg.flashback.enableMetacity { wmName = "metacity"; wmLabel = "Metacity"; wmCommand = "${pkgs.gnome.metacity}/bin/metacity"; @@ -67,73 +66,9 @@ in meta = { doc = ./gnome.md; - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "core-os-services" "enable" ] - [ "services" "gnome" "core-os-services" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "core-shell" "enable" ] - [ "services" "gnome" "core-shell" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "core-utilities" "enable" ] - [ "services" "gnome" "core-utilities" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "core-developer-tools" "enable" ] - [ "services" "gnome" "core-developer-tools" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "games" "enable" ] - [ "services" "gnome" "games" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "experimental-features" "realtime-scheduling" ] - [ "services" "gnome" "experimental-features" "realtime-scheduling" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "enable" ] - [ "services" "xserver" "desktopManager" "gnome" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "sessionPath" ] - [ "services" "xserver" "desktopManager" "gnome" "sessionPath" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "favoriteAppsOverride" ] - [ "services" "xserver" "desktopManager" "gnome" "favoriteAppsOverride" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "extraGSettingsOverrides" ] - [ "services" "xserver" "desktopManager" "gnome" "extraGSettingsOverrides" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "extraGSettingsOverridePackages" ] - [ "services" "xserver" "desktopManager" "gnome" "extraGSettingsOverridePackages" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "debug" ] - [ "services" "xserver" "desktopManager" "gnome" "debug" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "flashback" ] - [ "services" "xserver" "desktopManager" "gnome" "flashback" ] - ) - (mkRenamedOptionModule - [ "environment" "gnome3" "excludePackages" ] - [ "environment" "gnome" "excludePackages" ] - ) - (mkRemovedOptionModule - [ "services" "gnome" "experimental-features" "realtime-scheduling" ] - "Set `security.rtkit.enable = true;` to make realtime scheduling possible. (Still needs to be enabled using GSettings.)" - ) - ]; - options = { services.gnome = { @@ -248,8 +183,8 @@ in }; - config = mkMerge [ - (mkIf (cfg.enable || flashbackEnabled) { + config = lib.mkMerge [ + (lib.mkIf (cfg.enable || flashbackEnabled) { # Seed our configuration into nixos-generate-config system.nixos-generate-config.desktopConfiguration = ['' # Enable the GNOME Desktop Environment. @@ -264,7 +199,7 @@ in services.displayManager.sessionPackages = [ pkgs.gnome.gnome-session.sessions ]; environment.extraInit = '' - ${concatMapStrings (p: '' + ${lib.concatMapStrings (p: '' if [ -d "${p}/share/gsettings-schemas/${p.name}" ]; then export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${p}/share/gsettings-schemas/${p.name} fi @@ -278,19 +213,19 @@ in environment.systemPackages = cfg.sessionPath; - environment.sessionVariables.GNOME_SESSION_DEBUG = mkIf cfg.debug "1"; + environment.sessionVariables.GNOME_SESSION_DEBUG = lib.mkIf cfg.debug "1"; # Override GSettings schemas environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; }) - (mkIf flashbackEnabled { + (lib.mkIf flashbackEnabled { services.displayManager.sessionPackages = let wmNames = map (wm: wm.wmName) flashbackWms; namesAreUnique = lib.unique wmNames == wmNames; in - assert (assertMsg namesAreUnique "Flashback WM names must be unique."); + assert (lib.assertMsg namesAreUnique "Flashback WM names must be unique."); map (wm: pkgs.gnome.gnome-flashback.mkSessionForWm { @@ -318,7 +253,7 @@ in ++ (map (wm: gnome-flashback.mkGnomeSession { inherit (wm) wmName wmLabel enableGnomePanel; }) flashbackWms); }) - (mkIf serviceCfg.core-os-services.enable { + (lib.mkIf serviceCfg.core-os-services.enable { hardware.bluetooth.enable = mkDefault true; hardware.pulseaudio.enable = mkDefault true; programs.dconf.enable = true; @@ -371,7 +306,7 @@ in ]; }) - (mkIf serviceCfg.core-shell.enable { + (lib.mkIf serviceCfg.core-shell.enable { services.xserver.desktopManager.gnome.sessionPath = let mandatoryPackages = [ @@ -393,7 +328,7 @@ in services.gnome.gnome-user-share.enable = mkDefault true; services.gnome.rygel.enable = mkDefault true; services.gvfs.enable = true; - services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); + services.system-config-printer.enable = (lib.mkIf config.services.printing.enable (mkDefault true)); systemd.packages = with pkgs.gnome; [ gnome-session @@ -408,10 +343,6 @@ in services.avahi.enable = mkDefault true; - xdg.portal.extraPortals = [ - pkgs.gnome.gnome-shell - ]; - services.geoclue2.enable = mkDefault true; services.geoclue2.enableDemoAgent = false; # GNOME has its own geoclue agent @@ -463,7 +394,7 @@ in }) # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/gnome-45/elements/core/meta-gnome-core-utilities.bst - (mkIf serviceCfg.core-utilities.enable { + (lib.mkIf serviceCfg.core-utilities.enable { environment.systemPackages = with pkgs.gnome; utils.removePackagesByName @@ -524,7 +455,7 @@ in ]; }) - (mkIf serviceCfg.games.enable { + (lib.mkIf serviceCfg.games.enable { environment.systemPackages = with pkgs.gnome; utils.removePackagesByName [ aisleriot atomix @@ -550,7 +481,7 @@ in }) # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/3.38.0/elements/core/meta-gnome-core-developer-tools.bst - (mkIf serviceCfg.core-developer-tools.enable { + (lib.mkIf serviceCfg.core-developer-tools.enable { environment.systemPackages = with pkgs.gnome; utils.removePackagesByName [ dconf-editor devhelp diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 0f9b712c6df53..87331a6658d34 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -9,9 +9,8 @@ { config, lib, options, pkgs, ... }: -with lib; - let + inherit (lib) mkOption types literalExpression optionalString; cfg = config.services.xserver; xorg = pkgs.xorg; @@ -91,7 +90,7 @@ let # Import environment variables into the systemd user environment. ${optionalString (cfg.displayManager.importedVariables != []) ( "/run/current-system/systemd/bin/systemctl --user import-environment " - + toString (unique cfg.displayManager.importedVariables) + + toString (lib.unique cfg.displayManager.importedVariables) )} # Speed up application start by 50-150ms according to @@ -222,13 +221,6 @@ in }; config = { - assertions = [ - { - assertion = cfg.desktopManager.default != null || cfg.windowManager.default != null -> cfg.displayManager.defaultSession == defaultSessionFromLegacyOptions; - message = "You cannot use both services.displayManager.defaultSession option and legacy options (services.xserver.desktopManager.default and services.xserver.windowManager.default)."; - } - ]; - services.displayManager.sessionData.wrapper = xsessionWrapper; services.xserver.displayManager.xserverBin = "${xorg.xorgserver.out}/bin/X"; @@ -254,8 +246,8 @@ in # that do not have upstream session files (those defined using services.{display,desktop,window}Manager.session options). services.displayManager.sessionPackages = let - dms = filter (s: s.manage == "desktop") cfg.displayManager.session; - wms = filter (s: s.manage == "window") cfg.displayManager.session; + dms = lib.filter (s: s.manage == "desktop") cfg.displayManager.session; + wms = lib.filter (s: s.manage == "window") cfg.displayManager.session; # Script responsible for starting the window manager and the desktop manager. xsession = dm: wm: pkgs.writeScript "xsession" '' @@ -283,16 +275,16 @@ in ''; in # We will generate every possible pair of WM and DM. - concatLists ( + lib.concatLists ( lib.mapCartesianProduct ({dm, wm}: let sessionName = "${dm.name}${optionalString (wm.name != "none") ("+" + wm.name)}"; script = xsession dm wm; desktopNames = if dm ? desktopNames - then concatStringsSep ";" dm.desktopNames + then lib.concatStringsSep ";" dm.desktopNames else sessionName; in - optional (dm.name != "none" || wm.name != "none") + lib.optional (dm.name != "none" || wm.name != "none") (pkgs.writeTextFile { name = "${sessionName}-xsession"; destination = "/share/xsessions/${sessionName}.desktop"; @@ -317,11 +309,11 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ] + (lib.mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ] "The option is no longer necessary because all display managers have already delegated lid management to systemd.") - (mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "displayManager" "logToFile" ]) - (mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "displayManager" "logToJournal" ]) - (mkRenamedOptionModule [ "services" "xserver" "displayManager" "extraSessionFilesPackages" ] [ "services" "displayManager" "sessionPackages" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "displayManager" "logToFile" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "displayManager" "logToJournal" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "extraSessionFilesPackages" ] [ "services" "displayManager" "sessionPackages" ]) ]; } diff --git a/nixos/modules/services/x11/window-managers/default.nix b/nixos/modules/services/x11/window-managers/default.nix index ec54e4cc12a9e..85eb4c6614d94 100644 --- a/nixos/modules/services/x11/window-managers/default.nix +++ b/nixos/modules/services/x11/window-managers/default.nix @@ -1,8 +1,7 @@ { config, lib, ... }: -with lib; - let + inherit (lib) mkOption types; cfg = config.services.xserver.windowManager; in @@ -72,17 +71,6 @@ in }); }; - default = mkOption { - type = types.nullOr types.str; - default = null; - example = "wmii"; - description = '' - **Deprecated**, please use [](#opt-services.displayManager.defaultSession) instead. - - Default window manager loaded if none have been chosen. - ''; - }; - }; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index fe340cfaedb67..9c36651d68747 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -6,7 +6,6 @@ let concatMap concatMapStrings concatStrings - concatStringsSep escapeShellArg flip foldr @@ -491,10 +490,10 @@ in theme = mkOption { type = types.nullOr types.path; - example = literalExpression "pkgs.nixos-grub2-theme"; + example = literalExpression ''"''${pkgs.libsForQt5.breeze-grub}/grub/themes/breeze"''; default = null; description = '' - Grub theme to be used. + Path to the grub theme to be used. ''; }; diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix index 4b1b67ac9444e..deb0b4d2c5bd7 100644 --- a/nixos/modules/virtualisation/podman/default.nix +++ b/nixos/modules/virtualisation/podman/default.nix @@ -219,6 +219,11 @@ in systemd.services.podman.environment = config.networking.proxy.envVars; systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.socketConfig.SocketGroup = "podman"; + # Podman does not support multiple sockets, as of podman 5.0.2, so we use + # a symlink. Unfortunately this does not let us use an alternate group, + # such as `docker`. + systemd.sockets.podman.socketConfig.Symlinks = + lib.mkIf cfg.dockerSocket.enable [ "/run/docker.sock" ]; systemd.user.services.podman.environment = config.networking.proxy.envVars; systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; @@ -239,11 +244,6 @@ in '') ]; - systemd.tmpfiles.rules = - lib.optionals cfg.dockerSocket.enable [ - "L! /run/docker.sock - - - - /run/podman/podman.sock" - ]; - users.groups.podman = { }; assertions = [ diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 8de741a7c9c98..d4da32c44990f 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -193,6 +193,7 @@ in { cinnamon = handleTest ./cinnamon.nix {}; cinnamon-wayland = handleTest ./cinnamon-wayland.nix {}; cjdns = handleTest ./cjdns.nix {}; + clatd = handleTest ./clatd.nix {}; clickhouse = handleTest ./clickhouse.nix {}; cloud-init = handleTest ./cloud-init.nix {}; cloud-init-hostname = handleTest ./cloud-init-hostname.nix {}; diff --git a/nixos/tests/clatd.nix b/nixos/tests/clatd.nix new file mode 100644 index 0000000000000..00021d87ba5f4 --- /dev/null +++ b/nixos/tests/clatd.nix @@ -0,0 +1,189 @@ +# This test verifies that we can ping an IPv4-only server from an IPv6-only +# client via a NAT64 router using CLAT on the client. The hosts and networks +# are configured as follows: +# +# +------ +# Client | clat Address: 192.0.0.1/32 (configured via clatd) +# | Route: default +# | +# | eth1 Address: 2001:db8::2/64 +# | | Route: default via 2001:db8::1 +# +--|--- +# | VLAN 3 +# +--|--- +# | eth2 Address: 2001:db8::1/64 +# Router | +# | nat64 Address: 64:ff9b::1/128 +# | Route: 64:ff9b::/96 +# | Address: 192.0.2.0/32 +# | Route: 192.0.2.0/24 +# | +# | eth1 Address: 100.64.0.1/24 +# +--|--- +# | VLAN 2 +# +--|--- +# Server | eth1 Address: 100.64.0.2/24 +# | Route: 192.0.2.0/24 via 100.64.0.1 +# +------ + +import ./make-test-python.nix ({ pkgs, lib, ... }: + +{ + name = "clatd"; + meta = with pkgs.lib.maintainers; { + maintainers = [ hax404 ]; + }; + + nodes = { + # The server is configured with static IPv4 addresses. RFC 6052 Section 3.1 + # disallows the mapping of non-global IPv4 addresses like RFC 1918 into the + # Well-Known Prefix 64:ff9b::/96. TAYGA also does not allow the mapping of + # documentation space (RFC 5737). To circumvent this, 100.64.0.2/24 from + # RFC 6589 (Carrier Grade NAT) is used here. + # To reach the IPv4 address pool of the NAT64 gateway, there is a static + # route configured. In normal cases, where the router would also source NAT + # the pool addresses to one IPv4 addresses, this would not be needed. + server = { + virtualisation.vlans = [ + 2 # towards router + ]; + networking = { + useDHCP = false; + interfaces.eth1 = lib.mkForce {}; + }; + systemd.network = { + enable = true; + networks."vlan1" = { + matchConfig.Name = "eth1"; + address = [ + "100.64.0.2/24" + ]; + routes = [ + { routeConfig = { Destination = "192.0.2.0/24"; Gateway = "100.64.0.1"; }; } + ]; + }; + }; + }; + + # The router is configured with static IPv4 addresses towards the server + # and IPv6 addresses towards the client. For NAT64, the Well-Known prefix + # 64:ff9b::/96 is used. NAT64 is done with TAYGA which provides the + # tun-interface nat64 and does the translation over it. The IPv6 packets + # are sent to this interfaces and received as IPv4 packets and vice versa. + # As TAYGA only translates IPv6 addresses to dedicated IPv4 addresses, it + # needs a pool of IPv4 addresses which must be at least as big as the + # expected amount of clients. In this test, the packets from the pool are + # directly routed towards the client. In normal cases, there would be a + # second source NAT44 to map all clients behind one IPv4 address. + router = { + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + + virtualisation.vlans = [ + 2 # towards server + 3 # towards client + ]; + + networking = { + useDHCP = false; + useNetworkd = true; + firewall.enable = false; + interfaces.eth1 = lib.mkForce { + ipv4 = { + addresses = [ { address = "100.64.0.1"; prefixLength = 24; } ]; + }; + }; + interfaces.eth2 = lib.mkForce { + ipv6 = { + addresses = [ { address = "2001:db8::1"; prefixLength = 64; } ]; + }; + }; + }; + + services.tayga = { + enable = true; + ipv4 = { + address = "192.0.2.0"; + router = { + address = "192.0.2.1"; + }; + pool = { + address = "192.0.2.0"; + prefixLength = 24; + }; + }; + ipv6 = { + address = "2001:db8::1"; + router = { + address = "64:ff9b::1"; + }; + pool = { + address = "64:ff9b::"; + prefixLength = 96; + }; + }; + }; + }; + + # The client is configured with static IPv6 addresses. It has also a static + # default route towards the router. To reach the IPv4-only server, the + # client starts the clat daemon which starts and configures the local + # IPv4 -> IPv6 translation via Tayga. + client = { + virtualisation.vlans = [ + 3 # towards router + ]; + + networking = { + useDHCP = false; + interfaces.eth1 = lib.mkForce {}; + }; + + systemd.network = { + enable = true; + networks."vlan1" = { + matchConfig.Name = "eth1"; + address = [ + "2001:db8::2/64" + ]; + routes = [ + { routeConfig = { Destination = "::/0"; Gateway = "2001:db8::1"; }; } + ]; + }; + }; + + services.clatd = { + enable = true; + settings.plat-prefix = "64:ff9b::/96"; + }; + + environment.systemPackages = [ pkgs.mtr ]; + }; + }; + + testScript = '' + start_all() + + # wait for all machines to start up + for machine in client, router, server: + machine.wait_for_unit("network-online.target") + + with subtest("Wait for tayga and clatd"): + router.wait_for_unit("tayga.service") + client.wait_for_unit("clatd.service") + # clatd checks if this system has IPv4 connectivity for 10 seconds + client.wait_until_succeeds( + 'journalctl -u clatd -e | grep -q "Starting up TAYGA, using config file"' + ) + + with subtest("Test ICMP"): + client.wait_until_succeeds("ping -c 3 100.64.0.2 >&2") + + with subtest("Test ICMP and show a traceroute"): + client.wait_until_succeeds("mtr --show-ips --report-wide 100.64.0.2 >&2") + + client.log(client.execute("systemd-analyze security clatd.service")[1]) + ''; +}) diff --git a/nixos/tests/installed-tests/gnome-photos.nix b/nixos/tests/installed-tests/gnome-photos.nix index bcb6479ee89c6..010ad97024026 100644 --- a/nixos/tests/installed-tests/gnome-photos.nix +++ b/nixos/tests/installed-tests/gnome-photos.nix @@ -13,7 +13,7 @@ makeInstalledTest { (stdenv.mkDerivation { name = "desktop-gsettings"; dontUnpack = true; - nativeBuildInputs = [ glib wrapGAppsHook ]; + nativeBuildInputs = [ glib wrapGAppsHook3 ]; buildInputs = [ gsettings-desktop-schemas ]; installPhase = '' runHook preInstall diff --git a/nixos/tests/postgresql-jit.nix b/nixos/tests/postgresql-jit.nix index baf26b8da2b39..f4b1d07a7faf8 100644 --- a/nixos/tests/postgresql-jit.nix +++ b/nixos/tests/postgresql-jit.nix @@ -1,6 +1,7 @@ { system ? builtins.currentSystem , config ? {} , pkgs ? import ../.. { inherit system config; } +, package ? null }: with import ../lib/testing-python.nix { inherit system pkgs; }; @@ -9,14 +10,17 @@ let inherit (pkgs) lib; packages = builtins.attrNames (import ../../pkgs/servers/sql/postgresql pkgs); - mkJitTest = packageName: makeTest { - name = "${packageName}"; + mkJitTestFromName = name: + mkJitTest pkgs.${name}; + + mkJitTest = package: makeTest { + name = package.name; meta.maintainers = with lib.maintainers; [ ma27 ]; nodes.machine = { pkgs, lib, ... }: { services.postgresql = { + inherit package; enable = true; enableJIT = true; - package = pkgs.${packageName}; initialScript = pkgs.writeText "init.sql" '' create table demo (id int); insert into demo (id) select generate_series(1, 5); @@ -45,4 +49,7 @@ let ''; }; in -lib.genAttrs packages mkJitTest +if package == null then + lib.genAttrs packages mkJitTestFromName +else + mkJitTest package diff --git a/nixos/tests/postgresql-wal-receiver.nix b/nixos/tests/postgresql-wal-receiver.nix index b0bd7711dbcd9..ab2ab4ad0d4fa 100644 --- a/nixos/tests/postgresql-wal-receiver.nix +++ b/nixos/tests/postgresql-wal-receiver.nix @@ -1,6 +1,7 @@ { system ? builtins.currentSystem, config ? {}, - pkgs ? import ../.. { inherit system config; } + pkgs ? import ../.. { inherit system config; }, + package ? null }: with import ../lib/testing-python.nix { inherit system pkgs; }; @@ -9,111 +10,110 @@ let lib = pkgs.lib; # Makes a test for a PostgreSQL package, given by name and looked up from `pkgs`. - makePostgresqlWalReceiverTest = postgresqlPackage: + makeTestAttribute = name: { - name = postgresqlPackage; - value = - let - pkg = pkgs."${postgresqlPackage}"; - postgresqlDataDir = "/var/lib/postgresql/${pkg.psqlSchema}"; - replicationUser = "wal_receiver_user"; - replicationSlot = "wal_receiver_slot"; - replicationConn = "postgresql://${replicationUser}@localhost"; - baseBackupDir = "/tmp/pg_basebackup"; - walBackupDir = "/tmp/pg_wal"; - atLeast12 = lib.versionAtLeast pkg.version "12.0"; - - recoveryFile = if atLeast12 - then pkgs.writeTextDir "recovery.signal" "" - else pkgs.writeTextDir "recovery.conf" "restore_command = 'cp ${walBackupDir}/%f %p'"; - - in makeTest { - name = "postgresql-wal-receiver-${postgresqlPackage}"; - meta.maintainers = with lib.maintainers; [ pacien ]; - - nodes.machine = { ... }: { - services.postgresql = { - package = pkg; - enable = true; - settings = lib.mkMerge [ - { - wal_level = "archive"; # alias for replica on pg >= 9.6 - max_wal_senders = 10; - max_replication_slots = 10; - } - (lib.mkIf atLeast12 { - restore_command = "cp ${walBackupDir}/%f %p"; - recovery_end_command = "touch recovery.done"; - }) - ]; - authentication = '' - host replication ${replicationUser} all trust - ''; - initialScript = pkgs.writeText "init.sql" '' - create user ${replicationUser} replication; - select * from pg_create_physical_replication_slot('${replicationSlot}'); - ''; - }; + inherit name; + value = makePostgresqlWalReceiverTest pkgs."${name}"; + }; + + makePostgresqlWalReceiverTest = pkg: + let + postgresqlDataDir = "/var/lib/postgresql/${pkg.psqlSchema}"; + replicationUser = "wal_receiver_user"; + replicationSlot = "wal_receiver_slot"; + replicationConn = "postgresql://${replicationUser}@localhost"; + baseBackupDir = "/tmp/pg_basebackup"; + walBackupDir = "/tmp/pg_wal"; + + recoveryFile = pkgs.writeTextDir "recovery.signal" ""; - services.postgresqlWalReceiver.receivers.main = { - postgresqlPackage = pkg; - connection = replicationConn; - slot = replicationSlot; - directory = walBackupDir; + in makeTest { + name = "postgresql-wal-receiver-${pkg.name}"; + meta.maintainers = with lib.maintainers; [ pacien ]; + + nodes.machine = { ... }: { + services.postgresql = { + package = pkg; + enable = true; + settings = { + max_replication_slots = 10; + max_wal_senders = 10; + recovery_end_command = "touch recovery.done"; + restore_command = "cp ${walBackupDir}/%f %p"; + wal_level = "archive"; # alias for replica on pg >= 9.6 }; - # This is only to speedup test, it isn't time racing. Service is set to autorestart always, - # default 60sec is fine for real system, but is too much for a test - systemd.services.postgresql-wal-receiver-main.serviceConfig.RestartSec = lib.mkForce 5; + authentication = '' + host replication ${replicationUser} all trust + ''; + initialScript = pkgs.writeText "init.sql" '' + create user ${replicationUser} replication; + select * from pg_create_physical_replication_slot('${replicationSlot}'); + ''; }; - testScript = '' - # make an initial base backup - machine.wait_for_unit("postgresql") - machine.wait_for_unit("postgresql-wal-receiver-main") - # WAL receiver healthchecks PG every 5 seconds, so let's be sure they have connected each other - # required only for 9.4 - machine.sleep(5) - machine.succeed( - "${pkg}/bin/pg_basebackup --dbname=${replicationConn} --pgdata=${baseBackupDir}" - ) - - # create a dummy table with 100 records - machine.succeed( - "sudo -u postgres psql --command='create table dummy as select * from generate_series(1, 100) as val;'" - ) - - # stop postgres and destroy data - machine.systemctl("stop postgresql") - machine.systemctl("stop postgresql-wal-receiver-main") - machine.succeed("rm -r ${postgresqlDataDir}/{base,global,pg_*}") - - # restore the base backup - machine.succeed( - "cp -r ${baseBackupDir}/* ${postgresqlDataDir} && chown postgres:postgres -R ${postgresqlDataDir}" - ) - - # prepare WAL and recovery - machine.succeed("chmod a+rX -R ${walBackupDir}") - machine.execute( - "for part in ${walBackupDir}/*.partial; do mv $part ''${part%%.*}; done" - ) # make use of partial segments too - machine.succeed( - "cp ${recoveryFile}/* ${postgresqlDataDir}/ && chmod 666 ${postgresqlDataDir}/recovery*" - ) - - # replay WAL - machine.systemctl("start postgresql") - machine.wait_for_file("${postgresqlDataDir}/recovery.done") - machine.systemctl("restart postgresql") - machine.wait_for_unit("postgresql") - - # check that our records have been restored - machine.succeed( - "test $(sudo -u postgres psql --pset='pager=off' --tuples-only --command='select count(distinct val) from dummy;') -eq 100" - ) - ''; + services.postgresqlWalReceiver.receivers.main = { + postgresqlPackage = pkg; + connection = replicationConn; + slot = replicationSlot; + directory = walBackupDir; + }; + # This is only to speedup test, it isn't time racing. Service is set to autorestart always, + # default 60sec is fine for real system, but is too much for a test + systemd.services.postgresql-wal-receiver-main.serviceConfig.RestartSec = lib.mkForce 5; }; + + testScript = '' + # make an initial base backup + machine.wait_for_unit("postgresql") + machine.wait_for_unit("postgresql-wal-receiver-main") + # WAL receiver healthchecks PG every 5 seconds, so let's be sure they have connected each other + # required only for 9.4 + machine.sleep(5) + machine.succeed( + "${pkg}/bin/pg_basebackup --dbname=${replicationConn} --pgdata=${baseBackupDir}" + ) + + # create a dummy table with 100 records + machine.succeed( + "sudo -u postgres psql --command='create table dummy as select * from generate_series(1, 100) as val;'" + ) + + # stop postgres and destroy data + machine.systemctl("stop postgresql") + machine.systemctl("stop postgresql-wal-receiver-main") + machine.succeed("rm -r ${postgresqlDataDir}/{base,global,pg_*}") + + # restore the base backup + machine.succeed( + "cp -r ${baseBackupDir}/* ${postgresqlDataDir} && chown postgres:postgres -R ${postgresqlDataDir}" + ) + + # prepare WAL and recovery + machine.succeed("chmod a+rX -R ${walBackupDir}") + machine.execute( + "for part in ${walBackupDir}/*.partial; do mv $part ''${part%%.*}; done" + ) # make use of partial segments too + machine.succeed( + "cp ${recoveryFile}/* ${postgresqlDataDir}/ && chmod 666 ${postgresqlDataDir}/recovery*" + ) + + # replay WAL + machine.systemctl("start postgresql") + machine.wait_for_file("${postgresqlDataDir}/recovery.done") + machine.systemctl("restart postgresql") + machine.wait_for_unit("postgresql") + + # check that our records have been restored + machine.succeed( + "test $(sudo -u postgres psql --pset='pager=off' --tuples-only --command='select count(distinct val) from dummy;') -eq 100" + ) + ''; }; -# Maps the generic function over all attributes of PostgreSQL packages -in builtins.listToAttrs (map makePostgresqlWalReceiverTest (builtins.attrNames (import ../../pkgs/servers/sql/postgresql pkgs))) +in +if package == null then + # all-tests.nix: Maps the generic function over all attributes of PostgreSQL packages + builtins.listToAttrs (map makeTestAttribute (builtins.attrNames (import ../../pkgs/servers/sql/postgresql pkgs))) +else + # Called directly from <package>.tests + makePostgresqlWalReceiverTest package |