diff options
Diffstat (limited to 'nixos')
366 files changed, 2036 insertions, 1124 deletions
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index fef6b2f86c85f..be28c2c17afd8 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -209,13 +209,13 @@ let --stringparam collect.xref.targets only \ --stringparam targets.filename "$out/manual.db" \ --nonet \ - ${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl \ + ${docbook_xsl_ns}/xml/xsl/docbook/xhtml/chunktoc.xsl \ ${manual-combined}/manual-combined.xml cat > "$out/olinkdb.xml" <<EOF <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE targetset SYSTEM - "file://${docbook5_xsl}/xml/xsl/docbook/common/targetdatabase.dtd" [ + "file://${docbook_xsl_ns}/xml/xsl/docbook/common/targetdatabase.dtd" [ <!ENTITY manualtargets SYSTEM "file://$out/manual.db"> ]> <targetset> @@ -264,11 +264,11 @@ in rec { ${manualXsltprocOptions} \ --stringparam target.database.document "${olinkDB}/olinkdb.xml" \ --nonet --output $dst/ \ - ${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl \ + ${docbook_xsl_ns}/xml/xsl/docbook/xhtml/chunktoc.xsl \ ${manual-combined}/manual-combined.xml mkdir -p $dst/images/callouts - cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.svg $dst/images/callouts/ + cp ${docbook_xsl_ns}/xml/xsl/docbook/images/callouts/*.svg $dst/images/callouts/ cp ${../../../doc/style.css} $dst/style.css cp ${../../../doc/overrides.css} $dst/overrides.css @@ -292,11 +292,11 @@ in rec { ${manualXsltprocOptions} \ --stringparam target.database.document "${olinkDB}/olinkdb.xml" \ --nonet --xinclude --output $dst/epub/ \ - ${docbook5_xsl}/xml/xsl/docbook/epub/docbook.xsl \ + ${docbook_xsl_ns}/xml/xsl/docbook/epub/docbook.xsl \ ${manual-combined}/manual-combined.xml mkdir -p $dst/epub/OEBPS/images/callouts - cp -r ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.svg $dst/epub/OEBPS/images/callouts # */ + cp -r ${docbook_xsl_ns}/xml/xsl/docbook/images/callouts/*.svg $dst/epub/OEBPS/images/callouts # */ echo "application/epub+zip" > mimetype manual="$dst/nixos-manual.epub" zip -0Xq "$manual" mimetype @@ -324,7 +324,7 @@ in rec { --param man.endnotes.are.numbered 0 \ --param man.break.after.slash 1 \ --stringparam target.database.document "${olinkDB}/olinkdb.xml" \ - ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \ + ${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \ ${manual-combined}/man-pages-combined.xml ''; diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 13b244e12f8c6..7fd6483bca1a4 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -19,6 +19,27 @@ <itemizedlist> <listitem> + <para> + Support for wrapping binaries using <literal>firejail</literal> has been + added through <varname>programs.firejail.wrappedBinaries</varname>. + </para> + <para> + For example + </para> +<programlisting> +programs.firejail = { + enable = true; + wrappedBinaries = { + firefox = "${lib.getBin pkgs.firefox}/bin/firefox"; + mpv = "${lib.getBin pkgs.mpv}/bin/mpv"; + }; +}; +</programlisting> + <para> + This will place <literal>firefox</literal> and <literal>mpv</literal> binaries in the global path wrapped by firejail. + </para> + </listitem> + <listitem> <para> User channels are now in the default <literal>NIX_PATH</literal>, allowing users to use their personal <command>nix-channel</command> defined diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix index e14105f5f011b..48288cf5962c4 100644 --- a/nixos/lib/build-vms.nix +++ b/nixos/lib/build-vms.nix @@ -47,7 +47,7 @@ rec { machinesNumbered = zipLists machines (range 1 254); nodes_ = flip map machinesNumbered (m: nameValuePair m.fst - [ ( { config, pkgs, nodes, ... }: + [ ( { config, nodes, ... }: let interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255); interfaces = flip map interfacesNumbered ({ fst, snd }: diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index ebfb09db7b7e4..bf32a36895c5e 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -24,9 +24,6 @@ # most likely fails as GRUB will probably refuse to install. partitionTableType ? "legacy" - # Whether to invoke switch-to-configuration boot during image creation -, installBootLoader ? true - , # The root file system type. fsType ? "ext4" diff --git a/nixos/lib/make-ext4-fs.nix b/nixos/lib/make-ext4-fs.nix index 4095d9c6d00d4..35a8afae4a7a3 100644 --- a/nixos/lib/make-ext4-fs.nix +++ b/nixos/lib/make-ext4-fs.nix @@ -5,6 +5,7 @@ { pkgs , storePaths , volumeLabel +, uuid ? "44444444-4444-4444-8888-888888888888" }: let @@ -32,7 +33,7 @@ pkgs.stdenv.mkDerivation { echo "Creating an EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks)" truncate -s $bytes $out - faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U 44444444-4444-4444-8888-888888888888 $out + faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U ${uuid} $out # Populate the image contents by piping a bunch of commands to the `debugfs` tool from e2fsprogs. # For example, to copy /nix/store/abcd...efg-coreutils-8.23/bin/sleep: diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix index c6bafd48f9dbd..8cd19b6e1874b 100644 --- a/nixos/lib/make-iso9660-image.nix +++ b/nixos/lib/make-iso9660-image.nix @@ -1,4 +1,4 @@ -{ stdenv, perl, closureInfo, xorriso, syslinux +{ stdenv, closureInfo, xorriso, syslinux , # The file name of the resulting ISO image. isoName ? "cd.iso" diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index 57acc990a48f7..42a0c60c7e19c 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -222,7 +222,7 @@ in rec { runInMachineWithX = { require ? [], ... } @ args: let client = - { config, pkgs, ... }: + { ... }: { inherit require; virtualisation.memorySize = 1024; diff --git a/nixos/maintainers/option-usages.nix b/nixos/maintainers/option-usages.nix index 371ee7d91808d..242c2a4dd442f 100644 --- a/nixos/maintainers/option-usages.nix +++ b/nixos/maintainers/option-usages.nix @@ -149,7 +149,7 @@ let else testOptions; checkAll = checkList == []; in - flip filter graph ({option, usedBy}: + flip filter graph ({option, ...}: (checkAll || elem option checkList) && !(elem option excludedTestOptions) ); @@ -165,7 +165,7 @@ let ''; graphToText = graph: - concatMapStrings ({option, usedBy}: + concatMapStrings ({usedBy, ...}: concatMapStrings (user: '' ${user} '') usedBy diff --git a/nixos/maintainers/scripts/ec2/create-amis.sh b/nixos/maintainers/scripts/ec2/create-amis.sh index 9461144fad5a7..790cc6cbc5318 100755 --- a/nixos/maintainers/scripts/ec2/create-amis.sh +++ b/nixos/maintainers/scripts/ec2/create-amis.sh @@ -10,7 +10,7 @@ version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.version | sed s/'"' major=${version:0:5} echo "NixOS version is $version ($major)" -stateDir=/var/tmp/ec2-image-$version +stateDir=/home/deploy/amis/ec2-image-$version echo "keeping state in $stateDir" mkdir -p $stateDir @@ -161,6 +161,7 @@ for type in $types; do # Create a snapshot. if [ -z "$snapId" ]; then echo "creating snapshot..." + # FIXME: this can fail with InvalidVolume.NotFound. Eventual consistency yay. snapId=$(aws ec2 create-snapshot --volume-id "$volId" --region "$region" --description "$description" | jq -r .SnapshotId) if [ "$snapId" = null ]; then exit 1; fi echo -n "$snapId" > $stateDir/$region.$type.snap-id diff --git a/nixos/modules/config/fonts/fontconfig-ultimate.nix b/nixos/modules/config/fonts/fontconfig-ultimate.nix index c7654ca78c3a1..7549dc6c0651c 100644 --- a/nixos/modules/config/fonts/fontconfig-ultimate.nix +++ b/nixos/modules/config/fonts/fontconfig-ultimate.nix @@ -2,9 +2,7 @@ with lib; -let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>"; - - cfg = config.fonts.fontconfig.ultimate; +let cfg = config.fonts.fontconfig.ultimate; latestVersion = pkgs.fontconfig.configVersion; diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index c7a6c943bc27d..d9ecaa4818ba6 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -1,7 +1,7 @@ # This module gets rid of all dependencies on X11 client libraries # (including fontconfig). -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index c595c69329469..a74d551f50df4 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -1,6 +1,6 @@ # Configuration for the Name Service Switch (/etc/nsswitch.conf). -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix index 4c37e8a6208ca..0277f1ad11e9c 100644 --- a/nixos/modules/config/power-management.nix +++ b/nixos/modules/config/power-management.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index 3fd882789af27..e16a021ec20b8 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -144,8 +144,8 @@ in { package = mkOption { type = types.package; - default = pulseaudioLight; - defaultText = "pkgs.pulseaudioLight"; + default = pkgs.pulseaudio; + defaultText = "pkgs.pulseaudio"; example = literalExample "pkgs.pulseaudioFull"; description = '' The PulseAudio derivation to use. This can be used to enable diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index 2114fb2b9d49c..74bff602a4771 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/config/unix-odbc-drivers.nix b/nixos/modules/config/unix-odbc-drivers.nix index 9565a09b3a1e0..8dd811727389a 100644 --- a/nixos/modules/config/unix-odbc-drivers.nix +++ b/nixos/modules/config/unix-odbc-drivers.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 621ca36fb6b82..ddec21b5f6e55 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -120,8 +120,8 @@ let shell = mkOption { type = types.either types.shellPackage types.path; - default = pkgs.nologin; - defaultText = "pkgs.nologin"; + default = pkgs.shadow; + defaultText = "pkgs.shadow"; example = literalExample "pkgs.bashInteractive"; description = '' The path to the user's shell. Can use shell derivations, @@ -282,7 +282,7 @@ let }; - groupOpts = { name, config, ... }: { + groupOpts = { name, ... }: { options = { diff --git a/nixos/modules/config/vpnc.nix b/nixos/modules/config/vpnc.nix index c7ac1b3530e14..356e007c0a3e9 100644 --- a/nixos/modules/config/vpnc.nix +++ b/nixos/modules/config/vpnc.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix index b61acf1815d96..e978ec6b40ada 100644 --- a/nixos/modules/hardware/all-firmware.nix +++ b/nixos/modules/hardware/all-firmware.nix @@ -38,7 +38,8 @@ in { firmwareLinuxNonfree intel2200BGFirmware rtl8192su-firmware - ] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [ + ] ++ optional (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) raspberrypiWirelessFirmware + ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [ rtl8723bs-firmware ]; }) diff --git a/nixos/modules/hardware/network/smc-2632w/default.nix b/nixos/modules/hardware/network/smc-2632w/default.nix index 650011aca8173..b00286464f348 100644 --- a/nixos/modules/hardware/network/smc-2632w/default.nix +++ b/nixos/modules/hardware/network/smc-2632w/default.nix @@ -1,4 +1,4 @@ -{lib, config, ...}: +{lib, ...}: { hardware = { diff --git a/nixos/modules/hardware/network/zydas-zd1211.nix b/nixos/modules/hardware/network/zydas-zd1211.nix index c8428a7241b1c..5dd7f30ed82b1 100644 --- a/nixos/modules/hardware/network/zydas-zd1211.nix +++ b/nixos/modules/hardware/network/zydas-zd1211.nix @@ -1,4 +1,4 @@ -{pkgs, config, ...}: +{pkgs, ...}: { hardware.firmware = [ pkgs.zd1211fw ]; diff --git a/nixos/modules/hardware/video/ati.nix b/nixos/modules/hardware/video/ati.nix index 022fdea0a0a3e..2fa37af6ca588 100644 --- a/nixos/modules/hardware/video/ati.nix +++ b/nixos/modules/hardware/video/ati.nix @@ -1,6 +1,6 @@ # This module provides the proprietary ATI X11 / OpenGL drivers. -{ config, lib, pkgs, pkgs_i686, ... }: +{ config, lib, pkgs_i686, ... }: with lib; diff --git a/nixos/modules/hardware/video/capture/mwprocapture.nix b/nixos/modules/hardware/video/capture/mwprocapture.nix index aee15dcec6e56..61bab533edaf7 100644 --- a/nixos/modules/hardware/video/capture/mwprocapture.nix +++ b/nixos/modules/hardware/video/capture/mwprocapture.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/hardware/video/uvcvideo/uvcdynctrl-udev-rules.nix b/nixos/modules/hardware/video/uvcvideo/uvcdynctrl-udev-rules.nix index 832e619661202..2cf5f13bc159e 100644 --- a/nixos/modules/hardware/video/uvcvideo/uvcdynctrl-udev-rules.nix +++ b/nixos/modules/hardware/video/uvcvideo/uvcdynctrl-udev-rules.nix @@ -1,6 +1,4 @@ -{ lib -, stdenv -, buildEnv +{ buildEnv , libwebcam , makeWrapper , runCommand diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde-new-kernel.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde-new-kernel.nix index a4bcd7079a4f9..3336d512cfd86 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde-new-kernel.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde-new-kernel.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { imports = [ ./installation-cd-graphical-kde.nix ]; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix index 4363c8e6c93b1..3911a2b01b1e4 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { imports = [ ./installation-cd-minimal.nix ]; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix b/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix index 7ec55f159d0e6..3dc0f606bf609 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix @@ -1,7 +1,7 @@ # This module defines a small NixOS installation CD. It does not # contain any graphical stuff. -{ config, lib, pkgs, ... }: +{ ... }: { imports = diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index c091923de60f7..311a5ff696705 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -16,6 +16,8 @@ let inherit pkgs; inherit (config.sdImage) storePaths; volumeLabel = "NIXOS_SD"; + } // optionalAttrs (config.sdImage.rootPartitionUUID != null) { + uuid = config.sdImage.rootPartitionUUID; }; in { @@ -42,6 +44,24 @@ in ''; }; + bootPartitionID = mkOption { + type = types.string; + default = "0x2178694e"; + description = '' + Volume ID for the /boot partition on the SD card. This value must be a + 32-bit hexadecimal number. + ''; + }; + + rootPartitionUUID = mkOption { + type = types.nullOr types.string; + default = null; + example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7"; + description = '' + UUID for the main NixOS partition on the SD card. + ''; + }; + bootSize = mkOption { type = types.int; default = 120; @@ -95,7 +115,7 @@ in # type=b is 'W95 FAT32', type=83 is 'Linux'. sfdisk $img <<EOF label: dos - label-id: 0x2178694e + label-id: ${config.sdImage.bootPartitionID} start=8M, size=$bootSizeBlocks, type=b, bootable start=${toString (8 + config.sdImage.bootSize)}M, type=83 @@ -108,7 +128,7 @@ in # Create a FAT32 /boot partition of suitable size into bootpart.img eval $(partx $img -o START,SECTORS --nr 1 --pairs) truncate -s $((SECTORS * 512)) bootpart.img - faketime "1970-01-01 00:00:00" mkfs.vfat -i 0x2178694e -n NIXOS_BOOT bootpart.img + faketime "1970-01-01 00:00:00" mkfs.vfat -i ${config.sdImage.bootPartitionID} -n NIXOS_BOOT bootpart.img # Populate the files intended for /boot mkdir boot diff --git a/nixos/modules/installer/netboot/netboot-base.nix b/nixos/modules/installer/netboot/netboot-base.nix index 5e8f7f93d92a9..da7d760ad2fc0 100644 --- a/nixos/modules/installer/netboot/netboot-base.nix +++ b/nixos/modules/installer/netboot/netboot-base.nix @@ -1,7 +1,7 @@ # This module contains the basic configuration for building netboot # images -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/installer/netboot/netboot-minimal.nix b/nixos/modules/installer/netboot/netboot-minimal.nix index 8ad6234edc775..1563501a7e011 100644 --- a/nixos/modules/installer/netboot/netboot-minimal.nix +++ b/nixos/modules/installer/netboot/netboot-minimal.nix @@ -1,6 +1,6 @@ # This module defines a small netboot environment. -{ config, lib, ... }: +{ ... }: { imports = diff --git a/nixos/modules/installer/scan/detected.nix b/nixos/modules/installer/scan/detected.nix index 7e181acb93b19..5c5fba56f5178 100644 --- a/nixos/modules/installer/scan/detected.nix +++ b/nixos/modules/installer/scan/detected.nix @@ -1,6 +1,6 @@ # List all devices which are detected by nixos-generate-config. # Common devices are enabled by default. -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/installer/tools/nixos-option.sh b/nixos/modules/installer/tools/nixos-option.sh index 5141f3cd51cf0..3f1e591b97b01 100644 --- a/nixos/modules/installer/tools/nixos-option.sh +++ b/nixos/modules/installer/tools/nixos-option.sh @@ -16,6 +16,7 @@ verbose=false nixPath="" option="" +exit_code=0 argfun="" for arg; do @@ -74,8 +75,13 @@ fi ############################# evalNix(){ + # disable `-e` flag, it's possible that the evaluation of `nix-instantiate` fails (e.g. due to broken pkgs) + set +e result=$(nix-instantiate ${nixPath:+$nixPath} - --eval-only "$@" 2>&1) - if test $? -eq 0; then + exit_code=$? + set -e + + if test $exit_code -eq 0; then cat <<EOF $result EOF @@ -87,7 +93,7 @@ EOF ' <<EOF $result EOF - return 1; + exit_code=1 fi } @@ -317,3 +323,5 @@ else echo $result fi fi + +exit $exit_code diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 42b00b2025d83..af0a3a2fcc882 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -1,13 +1,11 @@ # This module generates nixos-install, nixos-rebuild, # nixos-generate-config, etc. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, ... }: with lib; let - cfg = config.installer; - makeProg = args: pkgs.substituteAll (args // { dir = "bin"; isExecutable = true; diff --git a/nixos/modules/installer/virtualbox-demo.nix b/nixos/modules/installer/virtualbox-demo.nix index f58c365878013..f823c0d83bb60 100644 --- a/nixos/modules/installer/virtualbox-demo.nix +++ b/nixos/modules/installer/virtualbox-demo.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/misc/assertions.nix b/nixos/modules/misc/assertions.nix index 3b50e60a0ffbd..550b3ac97f6a8 100644 --- a/nixos/modules/misc/assertions.nix +++ b/nixos/modules/misc/assertions.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/misc/extra-arguments.nix b/nixos/modules/misc/extra-arguments.nix index f4ee94ecc0d7e..8716e3d9fef22 100644 --- a/nixos/modules/misc/extra-arguments.nix +++ b/nixos/modules/misc/extra-arguments.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, ... }: +{ pkgs, ... }: { _module.args = { diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index aac86087f9ec3..782f6c8f69df5 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -9,7 +9,7 @@ # Systemd can also change ownership of service directories using the # RuntimeDirectory/StateDirectory options. -{ config, pkgs, lib, ... }: +{ lib, ... }: { options = { @@ -143,6 +143,7 @@ jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused + aerospike = 111; ngircd = 112; btsync = 113; minecraft = 114; @@ -321,6 +322,7 @@ hdfs = 295; mapred = 296; hadoop = 297; + hydron = 298; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -436,6 +438,7 @@ jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused + aerospike = 111; #ngircd = 112; # unused btsync = 113; #minecraft = 114; # unused @@ -602,6 +605,7 @@ hdfs = 295; mapred = 296; hadoop = 297; + hydron = 298; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/misc/label.nix b/nixos/modules/misc/label.nix index 8e5e57b3b83b7..02b91555b3c21 100644 --- a/nixos/modules/misc/label.nix +++ b/nixos/modules/misc/label.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/misc/lib.nix b/nixos/modules/misc/lib.nix index be8000ac029df..121f396701eae 100644 --- a/nixos/modules/misc/lib.nix +++ b/nixos/modules/misc/lib.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ lib, ... }: { options = { diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index dd6a2f67b30de..449149e4bb65f 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -1,4 +1,4 @@ -{ config, options, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/misc/meta.nix b/nixos/modules/misc/meta.nix index 7a1e751394c0a..be3f4cbbcfe4e 100644 --- a/nixos/modules/misc/meta.nix +++ b/nixos/modules/misc/meta.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/misc/passthru.nix b/nixos/modules/misc/passthru.nix index f3c9f6ba651bf..4e99631fdd85c 100644 --- a/nixos/modules/misc/passthru.nix +++ b/nixos/modules/misc/passthru.nix @@ -1,7 +1,7 @@ # This module allows you to export something from configuration # Use case: export kernel source expression for ease of configuring -{ config, lib, ... }: +{ lib, ... }: { options = { diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f6628b8e9c517..e5dce84d6ee6c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -86,6 +86,7 @@ ./programs/dconf.nix ./programs/digitalbitbox/default.nix ./programs/environment.nix + ./programs/firejail.nix ./programs/fish.nix ./programs/freetds.nix ./programs/gnupg.nix @@ -199,6 +200,7 @@ ./services/continuous-integration/jenkins/slave.nix ./services/databases/4store-endpoint.nix ./services/databases/4store.nix + ./services/databases/aerospike.nix ./services/databases/clickhouse.nix ./services/databases/couchdb.nix ./services/databases/firebird.nix @@ -220,6 +222,7 @@ ./services/databases/stanchion.nix ./services/databases/virtuoso.nix ./services/desktops/accountsservice.nix + ./services/desktops/bamf.nix ./services/desktops/dleyna-renderer.nix ./services/desktops/dleyna-server.nix ./services/desktops/flatpak.nix @@ -318,6 +321,7 @@ ./services/misc/canto-daemon.nix ./services/misc/calibre-server.nix ./services/misc/cfdyndns.nix + ./services/misc/clipmenu.nix ./services/misc/cpuminer-cryptonight.nix ./services/misc/cgminer.nix ./services/misc/confd.nix @@ -672,12 +676,12 @@ ./services/web-servers/caddy.nix ./services/web-servers/fcgiwrap.nix ./services/web-servers/hitch/default.nix + ./services/web-servers/hydron.nix ./services/web-servers/jboss/default.nix ./services/web-servers/lighttpd/cgit.nix ./services/web-servers/lighttpd/collectd.nix ./services/web-servers/lighttpd/default.nix ./services/web-servers/lighttpd/gitweb.nix - ./services/web-servers/lighttpd/inginious.nix ./services/web-servers/meguca.nix ./services/web-servers/mighttpd2.nix ./services/web-servers/minio.nix diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix index f56640f19782e..0d7124be0a5c6 100644 --- a/nixos/modules/profiles/all-hardware.nix +++ b/nixos/modules/profiles/all-hardware.nix @@ -3,7 +3,7 @@ # enabled in the initrd. Its primary use is in the NixOS installation # CDs. -{ config, pkgs, ... }: +{ ... }: { diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 406a69722de6e..5aaffa4f1f2a1 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,7 +1,7 @@ # This module defines the software packages included in the "minimal" # installation CD. It might be useful elsewhere. -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: { # Include some utilities that are useful for installing or repairing diff --git a/nixos/modules/profiles/clone-config.nix b/nixos/modules/profiles/clone-config.nix index 5b4e68beb6a69..99d4774584f1e 100644 --- a/nixos/modules/profiles/clone-config.nix +++ b/nixos/modules/profiles/clone-config.nix @@ -31,7 +31,6 @@ let let relocateNixOS = path: "<nixpkgs/nixos" + removePrefix nixosPath (toString path) + ">"; - relocateOthers = null; in { nixos = map relocateNixOS partitionedModuleFiles.nixos; others = []; # TODO: copy the modules to the install-device repository. diff --git a/nixos/modules/profiles/demo.nix b/nixos/modules/profiles/demo.nix index 7477795a94e96..18f190071bad8 100644 --- a/nixos/modules/profiles/demo.nix +++ b/nixos/modules/profiles/demo.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ ./graphical.nix ]; diff --git a/nixos/modules/profiles/graphical.nix b/nixos/modules/profiles/graphical.nix index fe9851e79a6d4..332cf58aa5382 100644 --- a/nixos/modules/profiles/graphical.nix +++ b/nixos/modules/profiles/graphical.nix @@ -1,7 +1,7 @@ # This module defines a NixOS configuration with the Plasma 5 desktop. # It's used by the graphical installation CD. -{ config, pkgs, ... }: +{ pkgs, ... }: { services.xserver = { diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 456538742f517..2af8bf1f8e30c 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -1,7 +1,7 @@ # A profile with most (vanilla) hardening options enabled by default, # potentially at the cost of features and performance. -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: with lib; diff --git a/nixos/modules/profiles/headless.nix b/nixos/modules/profiles/headless.nix index 67f8d633bab56..131ee272859a9 100644 --- a/nixos/modules/profiles/headless.nix +++ b/nixos/modules/profiles/headless.nix @@ -1,7 +1,7 @@ # Common configuration for headless machines (e.g., Amazon EC2 # instances). -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/profiles/minimal.nix b/nixos/modules/profiles/minimal.nix index 40df7063a9bf3..ed04e46c77d1d 100644 --- a/nixos/modules/profiles/minimal.nix +++ b/nixos/modules/profiles/minimal.nix @@ -1,7 +1,7 @@ # This module defines a small NixOS configuration. It does not # contain any graphical stuff. -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/profiles/qemu-guest.nix b/nixos/modules/profiles/qemu-guest.nix index a1ec1d45395e9..315d04093b134 100644 --- a/nixos/modules/profiles/qemu-guest.nix +++ b/nixos/modules/profiles/qemu-guest.nix @@ -1,7 +1,7 @@ # Common configuration for virtual machines running under QEMU (using # virtio). -{ config, pkgs, ... }: +{ ... }: { boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; diff --git a/nixos/modules/programs/atop.nix b/nixos/modules/programs/atop.nix index b91bd98047ee1..4651cdb76e0b8 100644 --- a/nixos/modules/programs/atop.nix +++ b/nixos/modules/programs/atop.nix @@ -1,6 +1,6 @@ # Global configuration for atop. -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/programs/bcc.nix b/nixos/modules/programs/bcc.nix index 3522ab22fa8ea..d76249bb5cab4 100644 --- a/nixos/modules/programs/bcc.nix +++ b/nixos/modules/programs/bcc.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: { options.programs.bcc.enable = lib.mkEnableOption "bcc"; diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 06ebb7bc729b1..3bac8d98990ab 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -2,7 +2,7 @@ # Most of the stuff here should probably be moved elsewhere sometime. -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/programs/firejail.nix b/nixos/modules/programs/firejail.nix new file mode 100644 index 0000000000000..46ee4bc0f7a01 --- /dev/null +++ b/nixos/modules/programs/firejail.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.firejail; + + wrappedBins = pkgs.stdenv.mkDerivation rec { + name = "firejail-wrapped-binaries"; + nativeBuildInputs = with pkgs; [ makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' + cat <<_EOF >$out/bin/${command} + #!${pkgs.stdenv.shell} -e + /run/wrappers/bin/firejail ${binary} "\$@" + _EOF + chmod 0755 $out/bin/${command} + '') cfg.wrappedBinaries)} + ''; + }; + +in { + options.programs.firejail = { + enable = mkEnableOption "firejail"; + + wrappedBinaries = mkOption { + type = types.attrs; + default = {}; + description = '' + Wrap the binaries in firejail and place them in the global path. + </para> + <para> + You will get file collisions if you put the actual application binary in + the global environment and applications started via .desktop files are + not wrapped if they specify the absolute path to the binary. + ''; + }; + }; + + config = mkIf cfg.enable { + security.wrappers.firejail.source = "${lib.getBin pkgs.firejail}/bin/firejail"; + + environment.systemPackages = [ wrappedBins ]; + }; + + meta.maintainers = with maintainers; [ peterhoeg ]; +} diff --git a/nixos/modules/programs/nylas-mail.nix b/nixos/modules/programs/nylas-mail.nix index 9a6cf755f2a27..08a6cd0a6049b 100644 --- a/nixos/modules/programs/nylas-mail.nix +++ b/nixos/modules/programs/nylas-mail.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.nylas-mail; - defaultUser = "nylas-mail"; in { ###### interface options = { diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix index 56fe347528bde..3b5212c9e76bc 100644 --- a/nixos/modules/programs/shell.nix +++ b/nixos/modules/programs/shell.nix @@ -1,15 +1,9 @@ # This module defines a standard configuration for NixOS shells. -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; -let - - cfg = config.environment; - -in - { config = { diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 36289080a82ac..cc398174e6ce0 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -7,7 +7,6 @@ with lib; let cfg = config.programs.ssh; - cfgd = config.services.openssh; askPassword = cfg.askPassword; @@ -62,6 +61,29 @@ in ''; }; + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + pubkeyAcceptedKeyTypes = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the key types that will be used for public key authentication. + ''; + }; + + hostKeyAlgorithms = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the host key algorithms that the client wants to use in order of preference. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -189,9 +211,8 @@ in ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - PubkeyAcceptedKeyTypes +ssh-dss - HostKeyAlgorithms +ssh-dss + ${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"} + ${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"} ${cfg.extraConfig} ''; diff --git a/nixos/modules/programs/systemtap.nix b/nixos/modules/programs/systemtap.nix index fd84732cd4125..ca81e018c9dc2 100644 --- a/nixos/modules/programs/systemtap.nix +++ b/nixos/modules/programs/systemtap.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/programs/tmux.nix b/nixos/modules/programs/tmux.nix index 4a60403a2827e..3d5a37274ae2d 100644 --- a/nixos/modules/programs/tmux.nix +++ b/nixos/modules/programs/tmux.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (lib) mkOption mkEnableOption mkIf mkMerge types; + inherit (lib) mkOption mkIf types; cfg = config.programs.tmux; diff --git a/nixos/modules/programs/xonsh.nix b/nixos/modules/programs/xonsh.nix index 49cc4906e0385..f967ca82ac8c7 100644 --- a/nixos/modules/programs/xonsh.nix +++ b/nixos/modules/programs/xonsh.nix @@ -6,8 +6,6 @@ with lib; let - cfge = config.environment; - cfg = config.programs.xonsh; in diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 7b094fc142036..5242444a60b89 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -37,7 +37,15 @@ with lib; (mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ]) (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ]) (mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ]) - (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ]) + (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ]) + (mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ]) + (mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ]) + (mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ]) + (mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ]) + (mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ]) + (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") + (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") + (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") (mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ]) (mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ]) (mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ]) @@ -242,6 +250,7 @@ with lib; (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") (mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ] "Set the option `services.xserver.displayManager.sddm.package' instead.") + (mkRemovedOptionModule [ "services" "xserver" "desktopManager" "xfce" "screenLock" ] "") (mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "") (mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "") (mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.") diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 9e5d636241e97..946da92d80e76 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -209,7 +209,6 @@ in servicesLists = mapAttrsToList certToServices cfg.certs; certToServices = cert: data: let - domain = if data.domain != null then data.domain else cert; cpath = lpath + optionalString (data.activationDelay != null) ".staging"; lpath = "${cfg.directory}/${cert}"; rights = if data.allowKeysForGroup then "750" else "700"; diff --git a/nixos/modules/security/hidepid.nix b/nixos/modules/security/hidepid.nix index 96443fda758c5..55a48ea3c9c62 100644 --- a/nixos/modules/security/hidepid.nix +++ b/nixos/modules/security/hidepid.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: with lib; { diff --git a/nixos/modules/security/oath.nix b/nixos/modules/security/oath.nix index 20f3e2dd9f838..93bdc851117ae 100644 --- a/nixos/modules/security/oath.nix +++ b/nixos/modules/security/oath.nix @@ -1,6 +1,6 @@ # This module provides configuration for the OATH PAM modules. -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/security/pam_usb.nix b/nixos/modules/security/pam_usb.nix index 9bc73bf0b85c3..c695ba075ca94 100644 --- a/nixos/modules/security/pam_usb.nix +++ b/nixos/modules/security/pam_usb.nix @@ -4,8 +4,6 @@ with lib; let - inherit (pkgs) pam_usb; - cfg = config.security.pam.usb; anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services); diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 361a7e869602c..69a2a4f8f9ae4 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -78,7 +78,7 @@ in # Allow execution of "/home/root/secret.sh" by user `backup`, `database` # and the group with GID `1006` without a password. - { users = [ "backup" ]; groups = [ 1006 ]; + { users = [ "backup" "database" ]; groups = [ 1006 ]; commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; } # Allow all users of group `bar` to run two executables as user `foo` diff --git a/nixos/modules/services/backup/bacula.nix b/nixos/modules/services/backup/bacula.nix index e2806a6953986..a0565ca26204b 100644 --- a/nixos/modules/services/backup/bacula.nix +++ b/nixos/modules/services/backup/bacula.nix @@ -97,18 +97,7 @@ let ${dir_cfg.extraConfig} ''; - # TODO: by default use this config - bconsole_conf = pkgs.writeText "bconsole.conf" - '' - Director { - Name = ${dir_cfg.name}; - Address = "localhost"; - DirPort = ${toString dir_cfg.port}; - Password = "${dir_cfg.password}"; - } - ''; - - directorOptions = {name, config, ...}: + directorOptions = {...}: { options = { password = mkOption { @@ -128,7 +117,7 @@ let }; }; - deviceOptions = {name, config, ...}: + deviceOptions = {...}: { options = { archiveDevice = mkOption { diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 0c3fc9af6f887..415a70ea5ad41 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -510,7 +510,7 @@ in { ''; default = { }; type = types.attrsOf (types.submodule ( - { name, config, ... }: { + { ... }: { options = { path = mkOption { diff --git a/nixos/modules/services/backup/crashplan-small-business.nix b/nixos/modules/services/backup/crashplan-small-business.nix index 9497d8c18bb76..790dafefe66fd 100644 --- a/nixos/modules/services/backup/crashplan-small-business.nix +++ b/nixos/modules/services/backup/crashplan-small-business.nix @@ -3,7 +3,6 @@ let cfg = config.services.crashplansb; crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; }; - varDir = "/var/lib/crashplan"; in with lib; diff --git a/nixos/modules/services/backup/crashplan.nix b/nixos/modules/services/backup/crashplan.nix index d0af2e416b63c..c540cc6e2aee6 100644 --- a/nixos/modules/services/backup/crashplan.nix +++ b/nixos/modules/services/backup/crashplan.nix @@ -3,7 +3,6 @@ let cfg = config.services.crashplan; crashplan = pkgs.crashplan; - varDir = "/var/lib/crashplan"; in with lib; diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 2d14762e86853..9b31ff3b58246 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -6,7 +6,7 @@ with lib; description = '' Periodic backups to create with Restic. ''; - type = types.attrsOf (types.submodule ({ name, config, ... }: { + type = types.attrsOf (types.submodule ({ name, ... }: { options = { passwordFile = mkOption { type = types.str; @@ -127,7 +127,6 @@ with lib; mapAttrs' (name: backup: let extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; - connectTo = elemAt (splitString ":" backup.repository) 1; resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; in nameValuePair "restic-backups-${name}" ({ environment = { diff --git a/nixos/modules/services/backup/znapzend.nix b/nixos/modules/services/backup/znapzend.nix index 3d133f82d2048..fc8a424190f7e 100644 --- a/nixos/modules/services/backup/znapzend.nix +++ b/nixos/modules/services/backup/znapzend.nix @@ -5,13 +5,6 @@ with types; let - # Converts a plan like - # { "1d" = "1h"; "1w" = "1d"; } - # into - # "1d=>1h,1w=>1d" - attrToPlan = attrs: concatStringsSep "," (builtins.attrValues ( - mapAttrs (n: v: "${n}=>${v}") attrs)); - planDescription = '' The znapzend backup plan to use for the source. </para> diff --git a/nixos/modules/services/cluster/hadoop/default.nix b/nixos/modules/services/cluster/hadoop/default.nix index 240938f0d621d..f0f5a6ecbfc54 100644 --- a/nixos/modules/services/cluster/hadoop/default.nix +++ b/nixos/modules/services/cluster/hadoop/default.nix @@ -1,8 +1,5 @@ { config, lib, pkgs, ...}: -let - cfg = config.services.hadoop; - hadoopConf = import ./conf.nix { hadoop = cfg; pkgs = pkgs; }; -in + with lib; { imports = [ ./yarn.nix ./hdfs.nix ]; diff --git a/nixos/modules/services/cluster/kubernetes/dashboard.nix b/nixos/modules/services/cluster/kubernetes/dashboard.nix index 6d9faada44018..cbd6e8f7bf733 100644 --- a/nixos/modules/services/cluster/kubernetes/dashboard.nix +++ b/nixos/modules/services/cluster/kubernetes/dashboard.nix @@ -10,8 +10,8 @@ in { rbac = mkOption { description = "Role-based access control (RBAC) options"; + default = {}; type = types.submodule { - options = { enable = mkOption { description = "Whether to enable role based access control is enabled for kubernetes dashboard"; @@ -24,7 +24,6 @@ in { type = types.bool; default = false; }; - }; }; }; diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 2707c176efd89..f56a529afdf61 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -36,9 +36,6 @@ let })} ''; - skipAttrs = attrs: map (filterAttrs (k: v: k != "enable")) - (filter (v: !(hasAttr "enable" v) || v.enable) attrs); - infraContainer = pkgs.dockerTools.buildImage { name = "pause"; tag = "latest"; @@ -1116,6 +1113,7 @@ in { wantedBy = [ "kubernetes.target" ]; after = [ "kube-apiserver.service" ]; environment.ADDON_PATH = "/etc/kubernetes/addons/"; + path = [ pkgs.gawk ]; serviceConfig = { Slice = "kubernetes.slice"; ExecStart = "${cfg.package}/bin/kube-addons"; diff --git a/nixos/modules/services/continuous-integration/jenkins/slave.nix b/nixos/modules/services/continuous-integration/jenkins/slave.nix index d8f55fb826f28..92deabc3dd3b0 100644 --- a/nixos/modules/services/continuous-integration/jenkins/slave.nix +++ b/nixos/modules/services/continuous-integration/jenkins/slave.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; let cfg = config.services.jenkinsSlave; diff --git a/nixos/modules/services/databases/aerospike.nix b/nixos/modules/services/databases/aerospike.nix new file mode 100644 index 0000000000000..5f33164998beb --- /dev/null +++ b/nixos/modules/services/databases/aerospike.nix @@ -0,0 +1,155 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.aerospike; + + aerospikeConf = pkgs.writeText "aerospike.conf" '' + # This stanza must come first. + service { + user aerospike + group aerospike + paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1. + proto-fd-max 15000 + work-directory ${cfg.workDir} + } + logging { + console { + context any info + } + } + mod-lua { + system-path ${cfg.package}/share/udf/lua + user-path ${cfg.workDir}/udf/lua + } + network { + ${cfg.networkConfig} + } + ${cfg.extraConfig} + ''; + +in + +{ + + ###### interface + + options = { + + services.aerospike = { + enable = mkEnableOption "Aerospike server"; + + package = mkOption { + default = pkgs.aerospike; + type = types.package; + description = "Which Aerospike derivation to use"; + }; + + workDir = mkOption { + type = types.str; + default = "/var/lib/aerospike"; + description = "Location where Aerospike stores its files"; + }; + + networkConfig = mkOption { + type = types.lines; + default = '' + service { + address any + port 3000 + } + + heartbeat { + address any + mode mesh + port 3002 + interval 150 + timeout 10 + } + + fabric { + address any + port 3001 + } + + info { + address any + port 3003 + } + ''; + description = "network section of configuration file"; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + namespace test { + replication-factor 2 + memory-size 4G + default-ttl 30d + storage-engine memory + } + ''; + description = "Extra configuration"; + }; + }; + + }; + + + ###### implementation + + config = mkIf config.services.aerospike.enable { + + users.users.aerospike = { + name = "aerospike"; + group = "aerospike"; + uid = config.ids.uids.aerospike; + description = "Aerospike server user"; + }; + users.groups.aerospike.gid = config.ids.gids.aerospike; + + systemd.services.aerospike = rec { + description = "Aerospike server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/asd --fgdaemon --config-file ${aerospikeConf}"; + User = "aerospike"; + Group = "aerospike"; + LimitNOFILE = 100000; + PermissionsStartOnly = true; + }; + + preStart = '' + if [ $(echo "$(${pkgs.procps}/bin/sysctl -n kernel.shmall) < 4294967296" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "kernel.shmall too low, setting to 4G pages" + ${pkgs.procps}/bin/sysctl -w kernel.shmall=4294967296 + fi + if [ $(echo "$(${pkgs.procps}/bin/sysctl -n kernel.shmmax) < 1073741824" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "kernel.shmmax too low, setting to 1GB" + ${pkgs.procps}/bin/sysctl -w kernel.shmmax=1073741824 + fi + if [ $(echo "$(cat /proc/sys/net/core/rmem_max) < 15728640" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "increasing socket buffer limit (/proc/sys/net/core/rmem_max): $(cat /proc/sys/net/core/rmem_max) -> 15728640" + echo 15728640 > /proc/sys/net/core/rmem_max + fi + if [ $(echo "$(cat /proc/sys/net/core/wmem_max) < 5242880" | ${pkgs.bc}/bin/bc) == "1" ]; then + echo "increasing socket buffer limit (/proc/sys/net/core/wmem_max): $(cat /proc/sys/net/core/wmem_max) -> 5242880" + echo 5242880 > /proc/sys/net/core/wmem_max + fi + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}" + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}/smd" + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}/udf" + install -d -m0700 -o ${serviceConfig.User} -g ${serviceConfig.Group} "${cfg.workDir}/udf/lua" + ''; + }; + + }; + +} diff --git a/nixos/modules/services/databases/neo4j.nix b/nixos/modules/services/databases/neo4j.nix index 5015618c42472..5533182c31168 100644 --- a/nixos/modules/services/databases/neo4j.nix +++ b/nixos/modules/services/databases/neo4j.nix @@ -1,32 +1,87 @@ -{ config, lib, pkgs, ... }: +{ config, options, lib, pkgs, ... }: with lib; let cfg = config.services.neo4j; + certDirOpt = options.services.neo4j.directories.certificates; + isDefaultPathOption = opt: isOption opt && opt.type == types.path && opt.highestPrio >= 1500; + + sslPolicies = mapAttrsToList ( + name: conf: '' + dbms.ssl.policy.${name}.allow_key_generation=${boolToString conf.allowKeyGeneration} + dbms.ssl.policy.${name}.base_directory=${conf.baseDirectory} + ${optionalString (conf.ciphers != null) '' + dbms.ssl.policy.${name}.ciphers=${concatStringsSep "," conf.ciphers} + ''} + dbms.ssl.policy.${name}.client_auth=${conf.clientAuth} + ${if length (splitString "/" conf.privateKey) > 1 then + ''dbms.ssl.policy.${name}.private_key=${conf.privateKey}'' + else + ''dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}'' + } + ${if length (splitString "/" conf.privateKey) > 1 then + ''dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}'' + else + ''dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}'' + } + dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir} + dbms.ssl.policy.${name}.tls_versions=${concatStringsSep "," conf.tlsVersions} + dbms.ssl.policy.${name}.trust_all=${boolToString conf.trustAll} + dbms.ssl.policy.${name}.trusted_dir=${conf.trustedDir} + '' + ) cfg.ssl.policies; serverConfig = pkgs.writeText "neo4j.conf" '' - dbms.directories.data=${cfg.dataDir}/data - dbms.directories.certificates=${cfg.certDir} - dbms.directories.logs=${cfg.dataDir}/logs - dbms.directories.plugins=${cfg.dataDir}/plugins - dbms.connector.http.type=HTTP - dbms.connector.http.enabled=true - dbms.connector.http.address=${cfg.listenAddress}:${toString cfg.port} - ${optionalString cfg.enableBolt '' - dbms.connector.bolt.type=BOLT - dbms.connector.bolt.enabled=true - dbms.connector.bolt.tls_level=OPTIONAL - dbms.connector.bolt.address=${cfg.listenAddress}:${toString cfg.boltPort} + # General + dbms.allow_upgrade=${boolToString cfg.allowUpgrade} + dbms.connectors.default_listen_address=${cfg.defaultListenAddress} + dbms.read_only=${boolToString cfg.readOnly} + ${optionalString (cfg.workerCount > 0) '' + dbms.threads.worker_count=${toString cfg.workerCount} ''} - ${optionalString cfg.enableHttps '' - dbms.connector.https.type=HTTP - dbms.connector.https.enabled=true - dbms.connector.https.encryption=TLS - dbms.connector.https.address=${cfg.listenAddress}:${toString cfg.httpsPort} + + # Directories + dbms.directories.certificates=${cfg.directories.certificates} + dbms.directories.data=${cfg.directories.data} + dbms.directories.logs=${cfg.directories.home}/logs + dbms.directories.plugins=${cfg.directories.plugins} + ${optionalString (cfg.constrainLoadCsv) '' + dbms.directories.import=${cfg.directories.imports} ''} - dbms.shell.enabled=true - ${cfg.extraServerConfig} + + # HTTP Connector + ${optionalString (cfg.http.enable) '' + dbms.connector.http.enabled=${boolToString cfg.http.enable} + dbms.connector.http.listen_address=${cfg.http.listenAddress} + ''} + ${optionalString (!cfg.http.enable) '' + # It is not possible to disable the HTTP connector. To fully prevent + # clients from connecting to HTTP, block the HTTP port (7474 by default) + # via firewall. listen_address is set to the loopback interface to + # prevent remote clients from connecting. + dbms.connector.http.listen_address=127.0.0.1 + ''} + + # HTTPS Connector + dbms.connector.https.enabled=${boolToString cfg.https.enable} + dbms.connector.https.listen_address=${cfg.https.listenAddress} + https.ssl_policy=${cfg.https.sslPolicy} + + # BOLT Connector + dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable} + dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress} + bolt.ssl_policy=${cfg.bolt.sslPolicy} + dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel} + + # neo4j-shell + dbms.shell.enabled=${boolToString cfg.shell.enable} + + # SSL Policies + ${concatStringsSep "\n" sslPolicies} + + # Default retention policy from neo4j.conf + dbms.tx_log.rotation.retention_policy=1 days # Default JVM parameters from neo4j.conf dbms.jvm.additional=-XX:+UseG1GC @@ -36,8 +91,14 @@ let dbms.jvm.additional=-XX:+TrustFinalNonStaticFields dbms.jvm.additional=-XX:+DisableExplicitGC dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 - + dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball + + # Usage Data Collector + dbms.udc.enabled=${boolToString cfg.udc.enable} + + # Extra Configuration + ${cfg.extraServerConfig} ''; in { @@ -45,105 +106,547 @@ in { ###### interface options.services.neo4j = { + enable = mkOption { - description = "Whether to enable neo4j."; + type = types.bool; default = false; + description = '' + Whether to enable Neo4j Community Edition. + ''; + }; + + allowUpgrade = mkOption { type = types.bool; + default = false; + description = '' + Allow upgrade of Neo4j database files from an older version. + ''; + }; + + constrainLoadCsv = mkOption { + type = types.bool; + default = true; + description = '' + Sets the root directory for file URLs used with the Cypher + <literal>LOAD CSV</literal> clause to be that defined by + <option>directories.imports</option>. It restricts + access to only those files within that directory and its + subdirectories. + </para> + <para> + Setting this option to <literal>false</literal> introduces + possible security problems. + ''; + }; + + defaultListenAddress = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + Default network interface to listen for incoming connections. To + listen for connections on all interfaces, use "0.0.0.0". + </para> + <para> + Specifies the default IP address and address part of connector + specific <option>listenAddress</option> options. To bind specific + connectors to a specific network interfaces, specify the entire + <option>listenAddress</option> option for that connector. + ''; + }; + + extraServerConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra configuration for Neo4j Community server. Refer to the + <link xlink:href="https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/">complete reference</link> + of Neo4j configuration settings. + ''; }; package = mkOption { - description = "Neo4j package to use."; + type = types.package; default = pkgs.neo4j; defaultText = "pkgs.neo4j"; - type = types.package; + description = '' + Neo4j package to use. + ''; }; - listenAddress = mkOption { - description = "Neo4j listen address."; - default = "127.0.0.1"; - type = types.str; + readOnly = mkOption { + type = types.bool; + default = false; + description = '' + Only allow read operations from this Neo4j instance. + ''; }; - port = mkOption { - description = "Neo4j port to listen for HTTP traffic."; - default = 7474; - type = types.int; + workerCount = mkOption { + type = types.ints.between 0 44738; + default = 0; + description = '' + Number of Neo4j worker threads, where the default of + <literal>0</literal> indicates a worker count equal to the number of + available processors. + ''; }; - enableBolt = mkOption { - description = "Enable bolt for Neo4j."; - default = true; - type = types.bool; + bolt = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Enable the BOLT connector for Neo4j. Setting this option to + <literal>false</literal> will stop Neo4j from listening for incoming + connections on the BOLT port (7687 by default). + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = ":7687"; + description = '' + Neo4j listen address for BOLT traffic. The listen address is + expressed in the format <literal><ip-address>:<port-number></literal>. + ''; + }; + + sslPolicy = mkOption { + type = types.str; + default = "legacy"; + description = '' + Neo4j SSL policy for BOLT traffic. + </para> + <para> + The legacy policy is a special policy which is not defined in + the policy configuration section, but rather derives from + <option>directories.certificates</option> and + associated files (by default: <filename>neo4j.key</filename> and + <filename>neo4j.cert</filename>). Its use will be deprecated. + </para> + <para> + Note: This connector must be configured to support/require + SSL/TLS for the legacy policy to actually be utilized. See + <option>bolt.tlsLevel</option>. + ''; + }; + + tlsLevel = mkOption { + type = types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ]; + default = "OPTIONAL"; + description = '' + SSL/TSL requirement level for BOLT traffic. + ''; + }; }; - boltPort = mkOption { - description = "Neo4j port to listen for BOLT traffic."; - default = 7687; - type = types.int; + directories = { + certificates = mkOption { + type = types.path; + default = "${cfg.directories.home}/certificates"; + description = '' + Directory for storing certificates to be used by Neo4j for + TLS connections. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read/write permissions are + given to the Neo4j daemon user <literal>neo4j</literal>. + </para> + <para> + Note that changing this directory from its default will prevent + the directory structure required for each SSL policy from being + automatically generated. A policy's directory structure as defined by + its <option>baseDirectory</option>,<option>revokedDir</option> and + <option>trustedDir</option> must then be setup manually. The + existence of these directories is mandatory, as well as the presence + of the certificate file and the private key. Ensure the correct + permissions are set on these directories and files. + ''; + }; + + data = mkOption { + type = types.path; + default = "${cfg.directories.home}/data"; + description = '' + Path of the data directory. You must not configure more than one + Neo4j installation to use the same data directory. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read/write permissions are + given to the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + home = mkOption { + type = types.path; + default = "/var/lib/neo4j"; + description = '' + Path of the Neo4j home directory. Other default directories are + subdirectories of this path. This directory will be created if + non-existent, and its ownership will be <command>chown</command> to + the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + imports = mkOption { + type = types.path; + default = "${cfg.directories.home}/import"; + description = '' + The root directory for file URLs used with the Cypher + <literal>LOAD CSV</literal> clause. Only meaningful when + <option>constrainLoadCvs</option> is set to + <literal>true</literal>. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read permission is + given to the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + plugins = mkOption { + type = types.path; + default = "${cfg.directories.home}/plugins"; + description = '' + Path of the database plugin directory. Compiled Java JAR files that + contain database procedures will be loaded if they are placed in + this directory. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read permission is + given to the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; }; - enableHttps = mkOption { - description = "Enable https for Neo4j."; - default = false; - type = types.bool; + http = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + The HTTP connector is required for Neo4j, and cannot be disabled. + Setting this option to <literal>false</literal> will force the HTTP + connector's <option>listenAddress</option> to the loopback + interface to prevent connection of remote clients. To prevent all + clients from connecting, block the HTTP port (7474 by default) by + firewall. + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = ":7474"; + description = '' + Neo4j listen address for HTTP traffic. The listen address is + expressed in the format <literal><ip-address>:<port-number></literal>. + ''; + }; }; - httpsPort = mkOption { - description = "Neo4j port to listen for HTTPS traffic."; - default = 7473; - type = types.int; + https = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Enable the HTTPS connector for Neo4j. Setting this option to + <literal>false</literal> will stop Neo4j from listening for incoming + connections on the HTTPS port (7473 by default). + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = ":7473"; + description = '' + Neo4j listen address for HTTPS traffic. The listen address is + expressed in the format <literal><ip-address>:<port-number></literal>. + ''; + }; + + sslPolicy = mkOption { + type = types.str; + default = "legacy"; + description = '' + Neo4j SSL policy for HTTPS traffic. + </para> + <para> + The legacy policy is a special policy which is not defined in the + policy configuration section, but rather derives from + <option>directories.certificates</option> and + associated files (by default: <filename>neo4j.key</filename> and + <filename>neo4j.cert</filename>). Its use will be deprecated. + ''; + }; }; - certDir = mkOption { - description = "Neo4j TLS certificates directory."; - default = "${cfg.dataDir}/certificates"; - type = types.path; + shell = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable a remote shell server which Neo4j Shell clients can log in to. + Only applicable to <command>neo4j-shell</command>. + ''; + }; }; - dataDir = mkOption { - description = "Neo4j data directory."; - default = "/var/lib/neo4j"; - type = types.path; + ssl.policies = mkOption { + type = with types; attrsOf (submodule ({ name, config, options, ... }: { + options = { + + allowKeyGeneration = mkOption { + type = types.bool; + default = false; + description = '' + Allows the generation of a private key and associated self-signed + certificate. Only performed when both objects cannot be found for + this policy. It is recommended to turn this off again after keys + have been generated. + </para> + <para> + The public certificate is required to be duplicated to the + directory holding trusted certificates as defined by the + <option>trustedDir</option> option. + </para> + <para> + Keys should in general be generated and distributed offline by a + trusted certificate authority and not by utilizing this mode. + ''; + }; + + baseDirectory = mkOption { + type = types.path; + default = "${cfg.directories.certificates}/${name}"; + description = '' + The mandatory base directory for cryptographic objects of this + policy. This path is only automatically generated when this + option as well as <option>directories.certificates</option> are + left at their default. Ensure read/write permissions are given + to the Neo4j daemon user <literal>neo4j</literal>. + </para> + <para> + It is also possible to override each individual + configuration with absolute paths. See the + <option>privateKey</option> and <option>publicCertificate</option> + policy options. + ''; + }; + + ciphers = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = '' + Restrict the allowed ciphers of this policy to those defined + here. The default ciphers are those of the JVM platform. + ''; + }; + + clientAuth = mkOption { + type = types.enum [ "NONE" "OPTIONAL" "REQUIRE" ]; + default = "REQUIRE"; + description = '' + The client authentication stance for this policy. + ''; + }; + + privateKey = mkOption { + type = types.str; + default = "private.key"; + description = '' + The name of private PKCS #8 key file for this policy to be found + in the <option>baseDirectory</option>, or the absolute path to + the key file. It is mandatory that a key can be found or generated. + ''; + }; + + publicCertificate = mkOption { + type = types.str; + default = "public.crt"; + description = '' + The name of public X.509 certificate (chain) file in PEM format + for this policy to be found in the <option>baseDirectory</option>, + or the absolute path to the certificate file. It is mandatory + that a certificate can be found or generated. + </para> + <para> + The public certificate is required to be duplicated to the + directory holding trusted certificates as defined by the + <option>trustedDir</option> option. + ''; + }; + + revokedDir = mkOption { + type = types.path; + default = "${config.baseDirectory}/revoked"; + description = '' + Path to directory of CRLs (Certificate Revocation Lists) in + PEM format. Must be an absolute path. The existence of this + directory is mandatory and will need to be created manually when: + setting this option to something other than its default; setting + either this policy's <option>baseDirectory</option> or + <option>directories.certificates</option> to something other than + their default. Ensure read/write permissions are given to the + Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + tlsVersions = mkOption { + type = types.listOf types.str; + default = [ "TLSv1.2" ]; + description = '' + Restrict the TLS protocol versions of this policy to those + defined here. + ''; + }; + + trustAll = mkOption { + type = types.bool; + default = false; + description = '' + Makes this policy trust all remote parties. Enabling this is not + recommended and the policy's trusted directory will be ignored. + Use of this mode is discouraged. It would offer encryption but + no security. + ''; + }; + + trustedDir = mkOption { + type = types.path; + default = "${config.baseDirectory}/trusted"; + description = '' + Path to directory of X.509 certificates in PEM format for + trusted parties. Must be an absolute path. The existence of this + directory is mandatory and will need to be created manually when: + setting this option to something other than its default; setting + either this policy's <option>baseDirectory</option> or + <option>directories.certificates</option> to something other than + their default. Ensure read/write permissions are given to the + Neo4j daemon user <literal>neo4j</literal>. + </para> + <para> + The public certificate as defined by + <option>publicCertificate</option> is required to be duplicated + to this directory. + ''; + }; + + directoriesToCreate = mkOption { + type = types.listOf types.path; + internal = true; + readOnly = true; + description = '' + Directories of this policy that will be created automatically + when the certificates directory is left at its default value. + This includes all options of type path that are left at their + default value. + ''; + }; + + }; + + config.directoriesToCreate = optionals + (certDirOpt.highestPrio >= 1500 && options.baseDirectory.highestPrio >= 1500) + (map (opt: opt.value) (filter isDefaultPathOption (attrValues options))); + + })); + default = {}; + description = '' + Defines the SSL policies for use with Neo4j connectors. Each attribute + of this set defines a policy, with the attribute name defining the name + of the policy and its namespace. Refer to the operations manual section + on Neo4j's + <link xlink:href="https://neo4j.com/docs/operations-manual/current/security/ssl-framework/">SSL Framework</link> + for further details. + ''; }; - extraServerConfig = mkOption { - description = "Extra configuration for neo4j server."; - default = ""; - type = types.lines; + udc = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable the Usage Data Collector which Neo4j uses to collect usage + data. Refer to the operations manual section on the + <link xlink:href="https://neo4j.com/docs/operations-manual/current/configuration/usage-data-collector/">Usage Data Collector</link> + for more information. + ''; + }; }; + }; ###### implementation - config = mkIf cfg.enable { - systemd.services.neo4j = { - description = "Neo4j Daemon"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - environment = { - NEO4J_HOME = "${cfg.package}/share/neo4j"; - NEO4J_CONF = "${cfg.dataDir}/conf"; - }; - serviceConfig = { - ExecStart = "${cfg.package}/bin/neo4j console"; - User = "neo4j"; - PermissionsStartOnly = true; - LimitNOFILE = 40000; - }; - preStart = '' - mkdir -m 0700 -p ${cfg.dataDir}/{data/graph.db,conf,logs} - ln -fs ${serverConfig} ${cfg.dataDir}/conf/neo4j.conf - if [ "$(id -u)" = 0 ]; then chown -R neo4j ${cfg.dataDir}; fi - ''; - }; + config = + let + # Assertion helpers + policyNameList = attrNames cfg.ssl.policies; + validPolicyNameList = [ "legacy" ] ++ policyNameList; + validPolicyNameString = concatStringsSep ", " validPolicyNameList; + + # Capture various directories left at their default so they can be created. + defaultDirectoriesToCreate = map (opt: opt.value) (filter isDefaultPathOption (attrValues options.services.neo4j.directories)); + policyDirectoriesToCreate = concatMap (pol: pol.directoriesToCreate) (attrValues cfg.ssl.policies); + in + + mkIf cfg.enable { + assertions = [ + { assertion = !elem "legacy" policyNameList; + message = "The policy 'legacy' is special to Neo4j, and its name is reserved."; } + { assertion = elem cfg.bolt.sslPolicy validPolicyNameList; + message = "Invalid policy assigned: `services.neo4j.bolt.sslPolicy = \"${cfg.bolt.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; } + { assertion = elem cfg.https.sslPolicy validPolicyNameList; + message = "Invalid policy assigned: `services.neo4j.https.sslPolicy = \"${cfg.https.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; } + ]; + + systemd.services.neo4j = { + description = "Neo4j Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + NEO4J_HOME = "${cfg.package}/share/neo4j"; + NEO4J_CONF = "${cfg.directories.home}/conf"; + }; + serviceConfig = { + ExecStart = "${cfg.package}/bin/neo4j console"; + User = "neo4j"; + PermissionsStartOnly = true; + LimitNOFILE = 40000; + }; + + preStart = '' + # Directories Setup + # Always ensure home exists with nested conf, logs directories. + mkdir -m 0700 -p ${cfg.directories.home}/{conf,logs} - environment.systemPackages = [ cfg.package ]; + # Create other sub-directories and policy directories that have been left at their default. + ${concatMapStringsSep "\n" ( + dir: '' + mkdir -m 0700 -p ${dir} + '') (defaultDirectoriesToCreate ++ policyDirectoriesToCreate)} - users.users = singleton { - name = "neo4j"; - uid = config.ids.uids.neo4j; - description = "Neo4j daemon user"; - home = cfg.dataDir; + # Place the configuration where Neo4j can find it. + ln -fs ${serverConfig} ${cfg.directories.home}/conf/neo4j.conf + + # Ensure neo4j user ownership + chown -R neo4j ${cfg.directories.home} + ''; + }; + + environment.systemPackages = [ cfg.package ]; + + users.users = singleton { + name = "neo4j"; + uid = config.ids.uids.neo4j; + description = "Neo4j daemon user"; + home = cfg.directories.home; + }; }; + + meta = { + maintainers = with lib.maintainers; [ patternspandemic ]; }; } diff --git a/nixos/modules/services/desktops/bamf.nix b/nixos/modules/services/desktops/bamf.nix new file mode 100644 index 0000000000000..0928ee81a6487 --- /dev/null +++ b/nixos/modules/services/desktops/bamf.nix @@ -0,0 +1,23 @@ +# Bamf + +{ config, lib, pkgs, ... }: + +with lib; + +{ + ###### interface + + options = { + services.bamf = { + enable = mkEnableOption "bamf"; + }; + }; + + ###### implementation + + config = mkIf config.services.bamf.enable { + services.dbus.packages = [ pkgs.bamf ]; + + systemd.packages = [ pkgs.bamf ]; + }; +} diff --git a/nixos/modules/services/hardware/actkbd.nix b/nixos/modules/services/hardware/actkbd.nix index b16a8f50a3d84..4168140b287a6 100644 --- a/nixos/modules/services/hardware/actkbd.nix +++ b/nixos/modules/services/hardware/actkbd.nix @@ -15,7 +15,7 @@ let ${cfg.extraConfig} ''; - bindingCfg = { config, ... }: { + bindingCfg = { ... }: { options = { keys = mkOption { diff --git a/nixos/modules/services/hardware/nvidia-optimus.nix b/nixos/modules/services/hardware/nvidia-optimus.nix index eb1713baa140e..d53175052c74a 100644 --- a/nixos/modules/services/hardware/nvidia-optimus.nix +++ b/nixos/modules/services/hardware/nvidia-optimus.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: let kernel = config.boot.kernelPackages; in diff --git a/nixos/modules/services/hardware/pcscd.nix b/nixos/modules/services/hardware/pcscd.nix index fa97e8bf746b8..f3fc4c3cc79e0 100644 --- a/nixos/modules/services/hardware/pcscd.nix +++ b/nixos/modules/services/hardware/pcscd.nix @@ -61,8 +61,8 @@ in { description = "PCSC-Lite daemon"; environment.PCSCLITE_HP_DROPDIR = pluginEnv; serviceConfig = { - ExecStart = "${pkgs.pcsclite}/sbin/pcscd -f -x -c ${cfgFile}"; - ExecReload = "${pkgs.pcsclite}/sbin/pcscd -H"; + ExecStart = "${getBin pkgs.pcsclite}/sbin/pcscd -f -x -c ${cfgFile}"; + ExecReload = "${getBin pkgs.pcsclite}/sbin/pcscd -H"; }; }; }; diff --git a/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix b/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix index 1923addeb3ac2..f6ed4e25e9cb9 100644 --- a/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix +++ b/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix @@ -9,7 +9,7 @@ let etcFiles = pkgs.callPackage ./brscan4_etc_files.nix { netDevices = netDeviceList; }; - netDeviceOpts = { name, config, ... }: { + netDeviceOpts = { name, ... }: { options = { diff --git a/nixos/modules/services/hardware/thinkfan.nix b/nixos/modules/services/hardware/thinkfan.nix index 5a898631e0903..d17121ca1c5bf 100644 --- a/nixos/modules/services/hardware/thinkfan.nix +++ b/nixos/modules/services/hardware/thinkfan.nix @@ -28,11 +28,14 @@ let # temperatures are read from the file. # # For example: - # sensor /proc/acpi/ibm/thermal (0, 0, 10) + # tp_thermal /proc/acpi/ibm/thermal (0, 0, 10) # will add a fixed value of 10 °C the 3rd value read from that file. Check out # http://www.thinkwiki.org/wiki/Thermal_Sensors to find out how much you may # want to add to certain temperatures. - + + ${cfg.fan} + ${cfg.sensors} + # Syntax: # (LEVEL, LOW, HIGH) # LEVEL is the fan level to use (0-7 with thinkpad_acpi) @@ -41,8 +44,6 @@ let # All numbers are integers. # - sensor ${cfg.sensor} (0, 10, 15, 2, 10, 5, 0, 3, 0, 3) - ${cfg.levels} ''; @@ -53,20 +54,52 @@ in { services.thinkfan = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable thinkfan, fan controller for IBM/Lenovo ThinkPads. ''; }; - sensor = mkOption { - default = "/proc/acpi/ibm/thermal"; + sensors = mkOption { + type = types.lines; + default = '' + tp_thermal /proc/acpi/ibm/thermal (0,0,10) + ''; + description ='' + thinkfan can read temperatures from three possible sources: + + /proc/acpi/ibm/thermal + Which is provided by the thinkpad_acpi kernel + module (keyword tp_thermal) + + /sys/class/hwmon/*/temp*_input + Which may be provided by any hwmon drivers (keyword + hwmon) + + S.M.A.R.T. (since 0.9 and requires the USE_ATASMART compilation flag) + Which reads the temperature directly from the hard + disk using libatasmart (keyword atasmart) + + Multiple sensors may be added, in which case they will be + numbered in their order of appearance. + ''; + }; + + fan = mkOption { + type = types.str; + default = "tp_fan /proc/acpi/ibm/fan"; description ='' - Sensor used by thinkfan + Specifies the fan we want to use. + On anything other than a Thinkpad you'll probably + use some PWM control file in /sys/class/hwmon. + A sysfs fan would be specified like this: + pwm_fan /sys/class/hwmon/hwmon2/device/pwm1 ''; }; levels = mkOption { + type = types.lines; default = '' (0, 0, 55) (1, 48, 60) @@ -76,8 +109,12 @@ in { (7, 60, 85) (127, 80, 32767) ''; - description ='' - Sensor used by thinkfan + description = '' + (LEVEL, LOW, HIGH) + LEVEL is the fan level to use (0-7 with thinkpad_acpi). + LOW is the temperature at which to step down to the previous level. + HIGH is the temperature at which to step up to the next level. + All numbers are integers. ''; }; diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 7bfc3bb648727..0266286aaacf9 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -4,8 +4,6 @@ with lib; let - inherit (pkgs) stdenv writeText procps; - udev = config.systemd.package; cfg = config.services.udev; diff --git a/nixos/modules/services/hardware/usbmuxd.nix b/nixos/modules/services/hardware/usbmuxd.nix index 6a3f7cfd210de..93ced0b9f04d4 100644 --- a/nixos/modules/services/hardware/usbmuxd.nix +++ b/nixos/modules/services/hardware/usbmuxd.nix @@ -65,7 +65,7 @@ in serviceConfig = { # Trigger the udev rule manually. This doesn't require replugging the # device when first enabling the option to get it to work - ExecStartPre = "${pkgs.libudev}/bin/udevadm trigger -s usb -a idVendor=${apple}"; + ExecStartPre = "${pkgs.udev}/bin/udevadm trigger -s usb -a idVendor=${apple}"; ExecStart = "${pkgs.usbmuxd}/bin/usbmuxd -U ${cfg.user} -f"; }; }; diff --git a/nixos/modules/services/logging/journalwatch.nix b/nixos/modules/services/logging/journalwatch.nix index 2c9bc18c8c3cd..d0824df38ae30 100644 --- a/nixos/modules/services/logging/journalwatch.nix +++ b/nixos/modules/services/logging/journalwatch.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, services, ... }: +{ config, lib, pkgs, ... }: with lib; let diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index a3eb1653df5b6..e6091182b2abc 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -9,8 +9,6 @@ let baseDir = "/run/dovecot2"; stateDir = "/var/lib/dovecot"; - canCreateMailUserGroup = cfg.mailUser != null && cfg.mailGroup != null; - dovecotConf = concatStrings [ '' base_dir = ${baseDir} @@ -112,7 +110,7 @@ let special_use = \${toString mailbox.specialUse} '' + "}"; - mailboxes = { lib, pkgs, ... }: { + mailboxes = { ... }: { options = { name = mkOption { type = types.strMatching ''[^"]+''; diff --git a/nixos/modules/services/mail/mail.nix b/nixos/modules/services/mail/mail.nix index cfe1b5496a45d..fed313e4738ef 100644 --- a/nixos/modules/services/mail/mail.nix +++ b/nixos/modules/services/mail/mail.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/clipmenu.nix b/nixos/modules/services/misc/clipmenu.nix new file mode 100644 index 0000000000000..3ba050044cace --- /dev/null +++ b/nixos/modules/services/misc/clipmenu.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.clipmenu; +in { + + options.services.clipmenu = { + enable = mkEnableOption "clipmenu, the clipboard management daemon"; + + package = mkOption { + type = types.package; + default = pkgs.clipmenu; + defaultText = "pkgs.clipmenu"; + description = "clipmenu derivation to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.user.services.clipmenu = { + enable = true; + description = "Clipboard management daemon"; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig.ExecStart = "${cfg.package}/bin/clipmenud"; + }; + + environment.systemPackages = [ cfg.package ]; + }; +} diff --git a/nixos/modules/services/misc/disnix.nix b/nixos/modules/services/misc/disnix.nix index b28995a09115e..bb3ac1ecf0750 100644 --- a/nixos/modules/services/misc/disnix.nix +++ b/nixos/modules/services/misc/disnix.nix @@ -7,16 +7,6 @@ let cfg = config.services.disnix; - dysnomia = pkgs.dysnomia.override (origArgs: { - enableApacheWebApplication = config.services.httpd.enable; - enableAxis2WebService = config.services.tomcat.axis2.enable; - enableEjabberdDump = config.services.ejabberd.enable; - enableMySQLDatabase = config.services.mysql.enable; - enablePostgreSQLDatabase = config.services.postgresql.enable; - enableSubversionRepository = config.services.svnserve.enable; - enableTomcatWebApplication = config.services.tomcat.enable; - enableMongoDatabase = config.services.mongodb.enable; - }); in { diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index 9a3966ab30aa2..08031d33c1312 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -5,43 +5,6 @@ with lib; let cfg = config.services.dockerRegistry; - blobCache = if cfg.enableRedisCache - then "redis" - else "inmemory"; - - registryConfig = { - version = "0.1"; - log.fields.service = "registry"; - storage = { - cache.blobdescriptor = blobCache; - filesystem.rootdirectory = cfg.storagePath; - delete.enabled = cfg.enableDelete; - }; - http = { - addr = ":${builtins.toString cfg.port}"; - headers.X-Content-Type-Options = ["nosniff"]; - }; - health.storagedriver = { - enabled = true; - interval = "10s"; - threshold = 3; - }; - }; - - registryConfig.redis = mkIf cfg.enableRedisCache { - addr = "${cfg.redisUrl}"; - password = "${cfg.redisPassword}"; - db = 0; - dialtimeout = "10ms"; - readtimeout = "10ms"; - writetimeout = "10ms"; - pool = { - maxidle = 16; - maxactive = 64; - idletimeout = "300s"; - }; - }; - configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (recursiveUpdate registryConfig cfg.extraConfig)); in { diff --git a/nixos/modules/services/misc/dysnomia.nix b/nixos/modules/services/misc/dysnomia.nix index 9e66e0811ab79..ba74b18b6970e 100644 --- a/nixos/modules/services/misc/dysnomia.nix +++ b/nixos/modules/services/misc/dysnomia.nix @@ -62,9 +62,6 @@ let cd $out ${concatMapStrings (containerName: - let - components = cfg.components."${containerName}"; - in linkMutableComponents { inherit containerName; } ) (builtins.attrNames cfg.components)} ''; diff --git a/nixos/modules/services/misc/emby.nix b/nixos/modules/services/misc/emby.nix index b1968784af0f9..64cc9c610ac39 100644 --- a/nixos/modules/services/misc/emby.nix +++ b/nixos/modules/services/misc/emby.nix @@ -1,10 +1,9 @@ -{ config, pkgs, lib, mono, ... }: +{ config, pkgs, lib, ... }: with lib; let cfg = config.services.emby; - emby = pkgs.emby; in { options = { diff --git a/nixos/modules/services/misc/exhibitor.nix b/nixos/modules/services/misc/exhibitor.nix index 685e652c0ba08..a90c7f402e7f3 100644 --- a/nixos/modules/services/misc/exhibitor.nix +++ b/nixos/modules/services/misc/exhibitor.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.exhibitor; - exhibitor = cfg.package; exhibitorConfig = '' zookeeper-install-directory=${cfg.baseDir}/zookeeper zookeeper-data-directory=${cfg.zkDataDir} diff --git a/nixos/modules/services/misc/home-assistant.nix b/nixos/modules/services/misc/home-assistant.nix index fdcfe6bc2b8ef..0756e81612ac0 100644 --- a/nixos/modules/services/misc/home-assistant.nix +++ b/nixos/modules/services/misc/home-assistant.nix @@ -37,7 +37,7 @@ let # List of components used in config extraComponents = filter useComponent availableComponents; - package = if cfg.autoExtraComponents + package = if (cfg.autoExtraComponents && cfg.config != null) then (cfg.package.override { inherit extraComponents; }) else cfg.package; @@ -110,7 +110,9 @@ in { ''; description = '' Home Assistant package to use. - Override <literal>extraPackages</literal> in order to add additional dependencies. + Override <literal>extraPackages</literal> or <literal>extraComponents</literal> in order to add additional dependencies. + If you specify <option>config</option> and do not set <option>autoExtraComponents</option> + to <literal>false</literal>, overriding <literal>extraComponents</literal> will have no effect. ''; }; diff --git a/nixos/modules/services/misc/jackett.nix b/nixos/modules/services/misc/jackett.nix index db72d36f2ac7f..8d1b3d225a445 100644 --- a/nixos/modules/services/misc/jackett.nix +++ b/nixos/modules/services/misc/jackett.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, mono, ... }: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/leaps.nix b/nixos/modules/services/misc/leaps.nix index b92cf27f58dc5..d4e88ecbebdba 100644 --- a/nixos/modules/services/misc/leaps.nix +++ b/nixos/modules/services/misc/leaps.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... } @ args: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index 5c1977d28deb5..e8e9c0946d7f2 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -4,7 +4,6 @@ with lib; let - uid = config.ids.uids.mediatomb; gid = config.ids.gids.mediatomb; cfg = config.services.mediatomb; diff --git a/nixos/modules/services/misc/nix-gc.nix b/nixos/modules/services/misc/nix-gc.nix index 8b493041b2c91..12bed05757ad5 100644 --- a/nixos/modules/services/misc/nix-gc.nix +++ b/nixos/modules/services/misc/nix-gc.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/nix-optimise.nix b/nixos/modules/services/misc/nix-optimise.nix index 295e7fb0ba031..6f75e4dd03ea8 100644 --- a/nixos/modules/services/misc/nix-optimise.nix +++ b/nixos/modules/services/misc/nix-optimise.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 87ed7f0a61b90..7ce3841be2f5e 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; let cfg = config.nix.sshServe; diff --git a/nixos/modules/services/misc/nzbget.nix b/nixos/modules/services/misc/nzbget.nix index f79a04a1d7489..a472b6c7157c1 100644 --- a/nixos/modules/services/misc/nzbget.nix +++ b/nixos/modules/services/misc/nzbget.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.services.nzbget; - nzbget = pkgs.nzbget; in { +in { options = { services.nzbget = { enable = mkEnableOption "NZBGet"; diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix index 85f1d4a85562d..8fe5879c27648 100644 --- a/nixos/modules/services/misc/plex.nix +++ b/nixos/modules/services/misc/plex.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.plex; - plex = pkgs.plex; in { options = { diff --git a/nixos/modules/services/misc/radarr.nix b/nixos/modules/services/misc/radarr.nix index 7738eacc6ae9d..1a9fad3883c3f 100644 --- a/nixos/modules/services/misc/radarr.nix +++ b/nixos/modules/services/misc/radarr.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, mono, ... }: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/sonarr.nix b/nixos/modules/services/misc/sonarr.nix index edba4e6c23ebf..97b67a0b5033c 100644 --- a/nixos/modules/services/misc/sonarr.nix +++ b/nixos/modules/services/misc/sonarr.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, mono, ... }: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index ba9f52f1904b1..5f97abf18715f 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -7,16 +7,6 @@ let taskd = "${pkgs.taskserver}/bin/taskd"; - mkVal = val: - if val == true then "true" - else if val == false then "false" - else if isList val then concatStringsSep ", " val - else toString val; - - mkConfLine = key: val: let - result = "${key} = ${mkVal val}"; - in optionalString (val != null && val != []) result; - mkManualPkiOption = desc: mkOption { type = types.nullOr types.path; default = null; @@ -94,7 +84,7 @@ let in flatten (mapAttrsToList mkSublist attrs); in all isNull (findPkiDefinitions [] manualPkiOptions); - orgOptions = { name, ... }: { + orgOptions = { ... }: { options.users = mkOption { type = types.uniq (types.listOf types.str); default = []; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 8d2c303a69e8a..9c58a15bcd73c 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -94,7 +94,7 @@ let }; }); - mkSubModule = { name, port, extraOpts, serviceOpts }: { + mkSubModule = { name, port, extraOpts, ... }: { ${name} = mkOption { type = types.submodule { options = (mkExporterOpts { diff --git a/nixos/modules/services/monitoring/smartd.nix b/nixos/modules/services/monitoring/smartd.nix index fecae4ca1b362..c345ec48a018e 100644 --- a/nixos/modules/services/monitoring/smartd.nix +++ b/nixos/modules/services/monitoring/smartd.nix @@ -64,7 +64,7 @@ let "DEVICESCAN ${notifyOpts}${cfg.defaults.autodetected}"} ''; - smartdDeviceOpts = { name, ... }: { + smartdDeviceOpts = { ... }: { options = { diff --git a/nixos/modules/services/monitoring/uptime.nix b/nixos/modules/services/monitoring/uptime.nix index 29616a085c8f3..b4d3a2640109a 100644 --- a/nixos/modules/services/monitoring/uptime.nix +++ b/nixos/modules/services/monitoring/uptime.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - inherit (lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional; + inherit (lib) mkOption mkEnableOption mkIf mkMerge types optional; cfg = config.services.uptime; diff --git a/nixos/modules/services/network-filesystems/beegfs.nix b/nixos/modules/services/network-filesystems/beegfs.nix index 182fabf6405f7..e06a80e443d96 100644 --- a/nixos/modules/services/network-filesystems/beegfs.nix +++ b/nixos/modules/services/network-filesystems/beegfs.nix @@ -139,7 +139,7 @@ in description = '' BeeGFS configurations. Every mount point requires a separate configuration. ''; - type = with types; attrsOf (submodule ({ config, ... } : { + type = with types; attrsOf (submodule ({ ... } : { options = { mgmtdHost = mkOption { type = types.str; diff --git a/nixos/modules/services/network-filesystems/openafs/lib.nix b/nixos/modules/services/network-filesystems/openafs/lib.nix index 255740ac65ef4..1cc9bed847ab1 100644 --- a/nixos/modules/services/network-filesystems/openafs/lib.nix +++ b/nixos/modules/services/network-filesystems/openafs/lib.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, ...}: +{ config, lib, ...}: let - inherit (lib) concatStringsSep getBin mkOption types; + inherit (lib) concatStringsSep mkOption types; in rec { diff --git a/nixos/modules/services/network-filesystems/openafs/server.nix b/nixos/modules/services/network-filesystems/openafs/server.nix index aa8640fd240e3..4c80ed0839f7c 100644 --- a/nixos/modules/services/network-filesystems/openafs/server.nix +++ b/nixos/modules/services/network-filesystems/openafs/server.nix @@ -4,7 +4,7 @@ with import ./lib.nix { inherit config lib pkgs; }; let - inherit (lib) concatStringsSep intersperse mapAttrsToList mkForce mkIf mkMerge mkOption optionalString types; + inherit (lib) concatStringsSep mkIf mkOption optionalString types; bosConfig = pkgs.writeText "BosConfig" ('' restrictmode 1 diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 81e11db104098..2ec5a10b48180 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -1,5 +1,5 @@ # Avahi daemon. -{ config, lib, utils, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/networking/chrony.nix b/nixos/modules/services/networking/chrony.nix index 6a89002b42deb..cef30661cc337 100644 --- a/nixos/modules/services/networking/chrony.nix +++ b/nixos/modules/services/networking/chrony.nix @@ -4,8 +4,6 @@ with lib; let - inherit (pkgs) chrony; - stateDir = "/var/lib/chrony"; keyFile = "/etc/chrony.keys"; diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index 39b62bdc70946..c40962f4aa827 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -9,7 +9,7 @@ let cfg = config.services.cjdns; connectToSubmodule = - { options, ... }: + { ... }: { options = { password = mkOption { type = types.str; diff --git a/nixos/modules/services/networking/gdomap.nix b/nixos/modules/services/networking/gdomap.nix index b3fd91d037fac..3d829cb691353 100644 --- a/nixos/modules/services/networking/gdomap.nix +++ b/nixos/modules/services/networking/gdomap.nix @@ -2,9 +2,6 @@ with lib; -let - cfg = config.services.gdomap; -in { # # interface diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index 8875309143fdd..3afafaf3fed58 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -103,7 +103,7 @@ let ${flip concatMapStrings (collect (proto: proto ? port && proto ? address && proto ? name) cfg.proto) - (proto: let portStr = toString proto.port; in '' + (proto: '' [${proto.name}] enabled = ${boolToString proto.enable} address = ${proto.address} @@ -122,7 +122,7 @@ let # DO NOT EDIT -- this file has been generated automatically. ${flip concatMapStrings (collect (tun: tun ? port && tun ? destination) cfg.outTunnels) - (tun: let portStr = toString tun.port; in '' + (tun: '' [${tun.name}] type = client destination = ${tun.destination} @@ -405,7 +405,7 @@ in outTunnels = mkOption { default = {}; type = with types; loaOf (submodule ( - { name, config, ... }: { + { name, ... }: { options = { destinationPort = mkOption { type = types.int; @@ -426,7 +426,7 @@ in inTunnels = mkOption { default = {}; type = with types; loaOf (submodule ( - { name, config, ... }: { + { name, ... }: { options = { inPort = mkOption { type = types.int; diff --git a/nixos/modules/services/networking/morty.nix b/nixos/modules/services/networking/morty.nix index f24562f118174..cc81e27e93996 100644 --- a/nixos/modules/services/networking/morty.nix +++ b/nixos/modules/services/networking/morty.nix @@ -6,8 +6,6 @@ let cfg = config.services.morty; - configFile = cfg.configFile; - in { diff --git a/nixos/modules/services/networking/nghttpx/nghttpx-options.nix b/nixos/modules/services/networking/nghttpx/nghttpx-options.nix index cce65be321a88..51f1d081b9710 100644 --- a/nixos/modules/services/networking/nghttpx/nghttpx-options.nix +++ b/nixos/modules/services/networking/nghttpx/nghttpx-options.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ lib, ... }: { options.services.nghttpx = { enable = lib.mkEnableOption "nghttpx"; diff --git a/nixos/modules/services/networking/nylon.nix b/nixos/modules/services/networking/nylon.nix index b7b59d95bf024..613b0e0fb51a5 100644 --- a/nixos/modules/services/networking/nylon.nix +++ b/nixos/modules/services/networking/nylon.nix @@ -22,7 +22,7 @@ let Deny-IP=${concatStringsSep " " cfg.deniedIPRanges} ''; - nylonOpts = { name, config, ... }: { + nylonOpts = { name, ... }: { options = { diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix index a418839d22b8b..b94b4026fd914 100644 --- a/nixos/modules/services/networking/openvpn.nix +++ b/nixos/modules/services/networking/openvpn.nix @@ -131,6 +131,9 @@ in Configuration of this OpenVPN instance. See <citerefentry><refentrytitle>openvpn</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details. + + To import an external config file, use the following definition: + <literal>config = "config /path/to/config.ovpn"</literal> ''; }; diff --git a/nixos/modules/services/networking/pptpd.nix b/nixos/modules/services/networking/pptpd.nix index 513e6174752c1..56a612b910526 100644 --- a/nixos/modules/services/networking/pptpd.nix +++ b/nixos/modules/services/networking/pptpd.nix @@ -1,4 +1,4 @@ -{ config, stdenv, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index 9784f1d160f37..1ea676d0f9299 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, options, ... }: +{ pkgs, lib, config, ... }: with lib; diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 8b04fac089efc..c16fbe8a52fa2 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -198,6 +198,10 @@ in [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; + example = + [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; } + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; } + ]; description = '' NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See @@ -358,7 +362,14 @@ in ${flip concatMapStrings cfg.hostKeys (k: '' if ! [ -f "${k.path}" ]; then - ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" + ssh-keygen \ + -t "${k.type}" \ + ${if k ? bits then "-b ${toString k.bits}" else ""} \ + ${if k ? rounds then "-a ${toString k.rounds}" else ""} \ + ${if k ? comment then "-C '${k.comment}'" else ""} \ + ${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \ + -f "${k.path}" \ + -N "" fi '')} ''; @@ -404,6 +415,9 @@ in unixAuth = cfg.passwordAuthentication; }; + # These values are merged with the ones defined externally, see: + # https://github.com/NixOS/nixpkgs/pull/10155 + # https://github.com/NixOS/nixpkgs/pull/41745 services.openssh.authorizedKeysFiles = [ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; @@ -465,7 +479,7 @@ in assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; message = "cannot enable X11 forwarding without setting xauth location";}] - ++ flip map cfg.listenAddresses ({ addr, port, ... }: { + ++ flip map cfg.listenAddresses ({ addr, ... }: { assertion = addr != null; message = "addr must be specified in each listenAddresses entry"; }); diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix index f5baea9222be7..b7655f4bec62f 100644 --- a/nixos/modules/services/networking/toxvpn.nix +++ b/nixos/modules/services/networking/toxvpn.nix @@ -1,4 +1,4 @@ -{ config, stdenv, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/networking/tvheadend.nix b/nixos/modules/services/networking/tvheadend.nix index f495c39967e8c..ccf879996631d 100644 --- a/nixos/modules/services/networking/tvheadend.nix +++ b/nixos/modules/services/networking/tvheadend.nix @@ -1,4 +1,4 @@ -{ config, coreutils, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index acb4778d8485f..1b87b77f9768d 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -10,7 +10,7 @@ let # interface options - interfaceOpts = { name, ... }: { + interfaceOpts = { ... }: { options = { diff --git a/nixos/modules/services/networking/xl2tpd.nix b/nixos/modules/services/networking/xl2tpd.nix index 5e006c13f0d06..46111a76af808 100644 --- a/nixos/modules/services/networking/xl2tpd.nix +++ b/nixos/modules/services/networking/xl2tpd.nix @@ -1,4 +1,4 @@ -{ config, stdenv, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: with lib; diff --git a/nixos/modules/services/networking/zerobin.nix b/nixos/modules/services/networking/zerobin.nix index 274bbca53fa33..06ccd7032e6c0 100644 --- a/nixos/modules/services/networking/zerobin.nix +++ b/nixos/modules/services/networking/zerobin.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, nodes, ... }: +{ config, pkgs, lib, ... }: with lib; let cfg = config.services.zerobin; diff --git a/nixos/modules/services/networking/znc.nix b/nixos/modules/services/networking/znc.nix index 6f477e3b14605..f817db2ad000b 100644 --- a/nixos/modules/services/networking/znc.nix +++ b/nixos/modules/services/networking/znc.nix @@ -26,7 +26,6 @@ let }; # Keep znc.conf in nix store, then symlink or copy into `dataDir`, depending on `mutable`. - notNull = a: ! isNull a; mkZncConf = confOpts: '' Version = 1.6.3 ${concatMapStrings (n: "LoadModule = ${n}\n") confOpts.modules} diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index b074d15cbec1b..dbf18ec1d1149 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -124,6 +124,16 @@ in ''; }; + startWhenNeeded = mkOption { + type = types.bool; + default = false; + description = '' + If set, CUPS is socket-activated; that is, + instead of having it permanently running as a daemon, + systemd will start it on the first incoming connection. + ''; + }; + listenAddresses = mkOption { type = types.listOf types.str; default = [ "localhost:631" ]; @@ -287,8 +297,13 @@ in systemd.packages = [ cups.out ]; + systemd.sockets.cups = mkIf cfg.startWhenNeeded { + wantedBy = [ "sockets.target" ]; + listenStreams = map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses; + }; + systemd.services.cups = - { wantedBy = [ "multi-user.target" ]; + { wantedBy = optionals (!cfg.startWhenNeeded) [ "multi-user.target" ]; wants = [ "network.target" ]; after = [ "network.target" ]; diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2_proxy_nginx.nix index 2aa2c57fd22c3..a9ad5497a657a 100644 --- a/nixos/modules/services/security/oauth2_proxy_nginx.nix +++ b/nixos/modules/services/security/oauth2_proxy_nginx.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ config, lib, ... }: with lib; let cfg = config.services.oauth2_proxy.nginx; diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index dcb41d187c2b1..def77ba69e58b 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -578,7 +578,7 @@ in ]; } ''; - type = types.loaOf (types.submodule ({name, config, ...}: { + type = types.loaOf (types.submodule ({name, ...}: { options = { name = mkOption { @@ -638,7 +638,7 @@ in authorizeClient = mkOption { default = null; description = "If configured, the hidden service is accessible for authorized clients only."; - type = types.nullOr (types.submodule ({config, ...}: { + type = types.nullOr (types.submodule ({...}: { options = { diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix index d85dee089827b..d151385d2f9be 100644 --- a/nixos/modules/services/system/kerberos.nix +++ b/nixos/modules/services/system/kerberos.nix @@ -2,7 +2,7 @@ let - inherit (lib) mkOption mkIf singleton; + inherit (lib) mkOption mkIf; inherit (pkgs) heimdalFull; diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 11a30ea81ba97..fd1570d119807 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -7,8 +7,6 @@ let nssModulesPath = config.system.nssModules.path; cfg = config.services.nscd; - inherit (lib) singleton; - in { diff --git a/nixos/modules/services/system/saslauthd.nix b/nixos/modules/services/system/saslauthd.nix index 281716cf1860c..c8ddca9a0db63 100644 --- a/nixos/modules/services/system/saslauthd.nix +++ b/nixos/modules/services/system/saslauthd.nix @@ -4,7 +4,6 @@ with lib; let - nssModulesPath = config.system.nssModules.path; cfg = config.services.saslauthd; in diff --git a/nixos/modules/services/torrent/flexget.nix b/nixos/modules/services/torrent/flexget.nix index 4b9038e3e251c..ca63f529a5dfb 100644 --- a/nixos/modules/services/torrent/flexget.nix +++ b/nixos/modules/services/torrent/flexget.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, timezone, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index bf4fb76d0c0c7..96413d2dd563f 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -13,12 +13,6 @@ let settingsDir = "${homeDir}/.config/transmission-daemon"; settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings); - # Strings must be quoted, ints and bools must not (for settings.json). - toOption = x: - if isBool x then boolToString x - else if isInt x then toString x - else toString ''"${x}"''; - # for users in group "transmission" to have access to torrents fullSettings = { umask = 2; download-dir = downloadDir; incomplete-dir = incompleteDir; } // cfg.settings; diff --git a/nixos/modules/services/ttys/kmscon.nix b/nixos/modules/services/ttys/kmscon.nix index 88e488425bced..59c45fcb44ee1 100644 --- a/nixos/modules/services/ttys/kmscon.nix +++ b/nixos/modules/services/ttys/kmscon.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - inherit (lib) mkOption types mkIf optionalString; + inherit (lib) mkOption types mkIf; cfg = config.services.kmscon; diff --git a/nixos/modules/services/web-apps/frab.nix b/nixos/modules/services/web-apps/frab.nix index d411727a1a54b..fb95e024817cf 100644 --- a/nixos/modules/services/web-apps/frab.nix +++ b/nixos/modules/services/web-apps/frab.nix @@ -6,7 +6,6 @@ let cfg = config.services.frab; package = pkgs.frab; - ruby = package.ruby; databaseConfig = builtins.toJSON { production = cfg.database; }; diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 42affb06b51fb..fbbd7715c6b3a 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, services, ... }: +{ config, lib, pkgs, ... }: with lib; let cfg = config.services.matomo; diff --git a/nixos/modules/services/web-apps/youtrack.nix b/nixos/modules/services/web-apps/youtrack.nix index e057e3025629a..8c675c6420051 100644 --- a/nixos/modules/services/web-apps/youtrack.nix +++ b/nixos/modules/services/web-apps/youtrack.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, options, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index b71ff0531cc8b..73607c6f9a3bb 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -98,11 +98,6 @@ let allSubservices = mainSubservices ++ concatMap subservicesFor mainCfg.virtualHosts; - # !!! should be in lib - writeTextInDir = name: text: - pkgs.runCommand name {inherit text;} "mkdir -p $out; echo -n \"$text\" > $out/$name"; - - enableSSL = any (vhost: vhost.enableSSL) allHosts; @@ -656,7 +651,7 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port}";}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); + warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); users.users = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; diff --git a/nixos/modules/services/web-servers/apache-httpd/limesurvey.nix b/nixos/modules/services/web-servers/apache-httpd/limesurvey.nix index 6f1f67970f6cb..77194f3474928 100644 --- a/nixos/modules/services/web-servers/apache-httpd/limesurvey.nix +++ b/nixos/modules/services/web-servers/apache-httpd/limesurvey.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, serverInfo, php, ... }: +{ config, lib, pkgs, serverInfo, ... }: with lib; diff --git a/nixos/modules/services/web-servers/apache-httpd/mercurial.nix b/nixos/modules/services/web-servers/apache-httpd/mercurial.nix index 6dd91be00a73f..4b8ee2b17ea73 100644 --- a/nixos/modules/services/web-servers/apache-httpd/mercurial.nix +++ b/nixos/modules/services/web-servers/apache-httpd/mercurial.nix @@ -1,4 +1,4 @@ -{ config, pkgs, serverInfo, lib, ... }: +{ config, pkgs, lib, ... }: let inherit (pkgs) mercurial; diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix index 82b8bf3e30db5..6345a9a569355 100644 --- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix +++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix @@ -4,17 +4,6 @@ with lib; let - httpd = serverInfo.serverConfig.package; - - version24 = !versionOlder httpd.version "2.4"; - - allGranted = if version24 then '' - Require all granted - '' else '' - Order allow,deny - Allow from all - ''; - owncloudConfig = pkgs.writeText "config.php" '' <?php diff --git a/nixos/modules/services/web-servers/apache-httpd/trac.nix b/nixos/modules/services/web-servers/apache-httpd/trac.nix index 35b9ab56087c9..28b411a64b6f9 100644 --- a/nixos/modules/services/web-servers/apache-httpd/trac.nix +++ b/nixos/modules/services/web-servers/apache-httpd/trac.nix @@ -12,8 +12,6 @@ let apacheHttpd = httpd; }; - pythonLib = p: "${p}/"; - httpd = serverInfo.serverConfig.package; versionPre24 = versionOlder httpd.version "2.4"; diff --git a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix index 1c654667dfc72..c810b914e258a 100644 --- a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix +++ b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, serverInfo, php, ... }: +{ config, lib, pkgs, serverInfo, ... }: # http://codex.wordpress.org/Hardening_WordPress with lib; diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix new file mode 100644 index 0000000000000..49a18f5e7b283 --- /dev/null +++ b/nixos/modules/services/web-servers/hydron.nix @@ -0,0 +1,105 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.services.hydron; +in with lib; { + options.services.hydron = { + enable = mkEnableOption "hydron"; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/hydron"; + example = "/home/okina/hydron"; + description = "Location where hydron runs and stores data."; + }; + + interval = mkOption { + type = types.str; + default = "hourly"; + example = "06:00"; + description = '' + How often we run hydron import and possibly fetch tags. Runs by default every hour. + + The format is described in + <citerefentry><refentrytitle>systemd.time</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>. + ''; + }; + + listenAddress = mkOption { + type = types.nullOr types.str; + default = null; + example = "127.0.0.1:8010"; + description = "Listen on a specific IP address and port."; + }; + + importPaths = mkOption { + type = types.listOf types.path; + default = []; + example = [ "/home/okina/Pictures" ]; + description = "Paths that hydron will recursively import."; + }; + + fetchTags = mkOption { + type = types.bool; + default = true; + description = "Fetch tags for imported images and webm from gelbooru."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.hydron = { + description = "hydron"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + # Ensure folder exists and permissions are correct + mkdir -p ${escapeShellArg cfg.dataDir}/images + chmod 750 ${escapeShellArg cfg.dataDir} + chown -R hydron:hydron ${escapeShellArg cfg.dataDir} + ''; + + serviceConfig = { + PermissionsStartOnly = true; + User = "hydron"; + Group = "hydron"; + ExecStart = "${pkgs.hydron}/bin/hydron serve" + + optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"; + }; + }; + + systemd.services.hydron-fetch = { + description = "Import paths into hydron and possibly fetch tags"; + + serviceConfig = { + Type = "oneshot"; + User = "hydron"; + Group = "hydron"; + ExecStart = "${pkgs.hydron}/bin/hydron import " + + optionalString cfg.fetchTags "-f " + + (escapeShellArg cfg.dataDir) + "/images " + (escapeShellArgs cfg.importPaths); + }; + }; + + systemd.timers.hydron-fetch = { + description = "Automatically import paths into hydron and possibly fetch tags"; + after = [ "network.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = cfg.interval; + }; + + users = { + groups.hydron.gid = config.ids.gids.hydron; + + users.hydron = { + description = "hydron server service user"; + home = cfg.dataDir; + createHome = true; + group = "hydron"; + uid = config.ids.uids.hydron; + }; + }; + }; + + meta.maintainers = with maintainers; [ chiiruno ]; +} diff --git a/nixos/modules/services/web-servers/lighttpd/inginious.nix b/nixos/modules/services/web-servers/lighttpd/inginious.nix deleted file mode 100644 index 5ff1796e92a1e..0000000000000 --- a/nixos/modules/services/web-servers/lighttpd/inginious.nix +++ /dev/null @@ -1,261 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.services.lighttpd.inginious; - inginious = pkgs.inginious; - execName = "inginious-${if cfg.useLTI then "lti" else "webapp"}"; - - inginiousConfigFile = if cfg.configFile != null then cfg.configFile else pkgs.writeText "inginious.yaml" '' - # Backend; can be: - # - "local" (run containers on the same machine) - # - "remote" (connect to distant docker daemon and auto start agents) (choose this if you use boot2docker) - # - "remote_manual" (connect to distant and manually installed agents) - backend: "${cfg.backendType}" - - ## TODO (maybe): Add an option for the "remote" backend in this NixOS module. - # List of remote docker daemon to which the backend will try - # to connect (backend: remote only) - #docker_daemons: - # - # Host of the docker daemon *from the webapp* - # remote_host: "some.remote.server" - # # Port of the distant docker daemon *from the webapp* - # remote_docker_port: "2375" - # # A mandatory port used by the backend and the agent that will be automatically started. - # # Needs to be available on the remote host, and to be open in the firewall. - # remote_agent_port: "63456" - # # Does the remote docker requires tls? Defaults to false. - # # Parameter can be set to true or path to the certificates - # #use_tls: false - # # Link to the docker daemon *from the host that runs the docker daemon*. Defaults to: - # #local_location: "unix:///var/run/docker.sock" - # # Path to the cgroups "mount" *from the host that runs the docker daemon*. Defaults to: - # #cgroups_location: "/sys/fs/cgroup" - # # Name that will be used to reference the agent - # #"agent_name": "inginious-agent" - - # List of remote agents to which the backend will try - # to connect (backend: remote_manual only) - # Example: - #agents: - # - host: "192.168.59.103" - # port: 5001 - agents: - ${lib.concatMapStrings (agent: - " - host: \"${agent.host}\"\n" + - " port: ${agent.port}\n" - ) cfg.remoteAgents} - - # Location of the task directory - tasks_directory: "${cfg.tasksDirectory}" - - # Super admins: list of user names that can do everything in the backend - superadmins: - ${lib.concatMapStrings (x: " - \"${x}\"\n") cfg.superadmins} - - # Aliases for containers - # Only containers listed here can be used by tasks - containers: - ${lib.concatStrings (lib.mapAttrsToList (name: fullname: - " ${name}: \"${fullname}\"\n" - ) cfg.containers)} - - # Use single minified javascript file (production) or multiple files (dev) ? - use_minified_js: true - - ## TODO (maybe): Add NixOS options for these parameters. - - # MongoDB options - #mongo_opt: - # host: localhost - # database: INGInious - - # Disable INGInious? - #maintenance: false - - #smtp: - # sendername: 'INGInious <no-reply@inginious.org>' - # host: 'smtp.gmail.com' - # port: 587 - # username: 'configme@gmail.com' - # password: 'secret' - # starttls: True - - ## NixOS extra config - - ${cfg.extraConfig} - ''; -in -{ - options.services.lighttpd.inginious = { - enable = mkEnableOption "INGInious, an automated code testing and grading system."; - - configFile = mkOption { - type = types.nullOr types.path; - default = null; - example = literalExample ''pkgs.writeText "configuration.yaml" "# custom config options ...";''; - description = ''The path to an INGInious configuration file.''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - example = '' - # Load the dummy auth plugin. - plugins: - - plugin_module: inginious.frontend.webapp.plugins.auth.demo_auth - users: - # register the user "test" with the password "someverycomplexpassword" - test: someverycomplexpassword - ''; - description = ''Extra option in YaML format, to be appended to the config file.''; - }; - - tasksDirectory = mkOption { - type = types.path; - example = "/var/lib/INGInious/tasks"; - description = '' - Path to the tasks folder. - Defaults to the provided test tasks folder (readonly). - ''; - }; - - useLTI = mkOption { - type = types.bool; - default = false; - description = ''Whether to start the LTI frontend in place of the webapp.''; - }; - - superadmins = mkOption { - type = types.uniq (types.listOf types.str); - default = [ "admin" ]; - example = [ "john" "pepe" "emilia" ]; - description = ''List of user logins allowed to administrate the whole server.''; - }; - - containers = mkOption { - type = types.attrsOf types.str; - default = { - default = "ingi/inginious-c-default"; - }; - example = { - default = "ingi/inginious-c-default"; - sekexe = "ingi/inginious-c-sekexe"; - java = "ingi/inginious-c-java"; - oz = "ingi/inginious-c-oz"; - pythia1compat = "ingi/inginious-c-pythia1compat"; - }; - description = '' - An attrset describing the required containers - These containers will be available in INGInious using their short name (key) - and will be automatically downloaded before INGInious starts. - ''; - }; - - hostPattern = mkOption { - type = types.str; - default = "^inginious."; - example = "^inginious.mydomain.xyz$"; - description = '' - The domain that serves INGInious. - INGInious uses absolute paths which makes it difficult to relocate in its own subdir. - The default configuration will serve INGInious when the server is accessed with a hostname starting with "inginious.". - If left blank, INGInious will take the precedence over all the other lighttpd sites, which is probably not what you want. - ''; - }; - - backendType = mkOption { - type = types.enum [ "local" "remote_manual" ]; # TODO: support backend "remote" - default = "local"; - description = '' - Select how INGINious accesses to grading containers. - The default "local" option ensures that Docker is started and provisioned. - Fore more information, see http://inginious.readthedocs.io/en/latest/install_doc/config_reference.html - Not all backends are supported. Use services.inginious.configFile for full flexibility. - ''; - }; - - remoteAgents = mkOption { - type = types.listOf (types.attrsOf types.str); - default = []; - example = [ { host = "192.0.2.25"; port = "1345"; } ]; - description = ''A list of remote agents, used only when services.inginious.backendType is "remote_manual".''; - }; - }; - - config = mkIf cfg.enable ( - mkMerge [ - # For a local install, we need docker. - (mkIf (cfg.backendType == "local") { - virtualisation.docker = { - enable = true; - # We need docker to listen on port 2375. - listenOptions = ["127.0.0.1:2375" "/var/run/docker.sock"]; - storageDriver = mkDefault "overlay"; - }; - - users.users."lighttpd".extraGroups = [ "docker" ]; - - # Ensure that docker has pulled the required images. - systemd.services.inginious-prefetch = { - script = let - images = lib.unique ( - [ "centos" "ingi/inginious-agent" ] - ++ lib.mapAttrsToList (_: image: image) cfg.containers - ); - in lib.concatMapStrings (image: '' - ${pkgs.docker}/bin/docker pull ${image} - '') images; - - serviceConfig.Type = "oneshot"; - wants = [ "docker.service" ]; - after = [ "docker.service" ]; - wantedBy = [ "lighttpd.service" ]; - before = [ "lighttpd.service" ]; - }; - }) - - # Common - { - services.lighttpd.inginious.tasksDirectory = mkDefault "${inginious}/lib/python2.7/site-packages/inginious/tasks"; - # To access inginous tools (like inginious-test-task) - environment.systemPackages = [ inginious ]; - - services.mongodb.enable = true; - - services.lighttpd.enable = true; - services.lighttpd.enableModules = [ "mod_access" "mod_alias" "mod_fastcgi" "mod_redirect" "mod_rewrite" ]; - services.lighttpd.extraConfig = '' - $HTTP["host"] =~ "${cfg.hostPattern}" { - fastcgi.server = ( "/${execName}" => - (( - "socket" => "/run/lighttpd/inginious-fastcgi.socket", - "bin-path" => "${inginious}/bin/${execName} --config=${inginiousConfigFile}", - "max-procs" => 1, - "bin-environment" => ( "REAL_SCRIPT_NAME" => "" ), - "check-local" => "disable" - )) - ) - url.rewrite-once = ( - "^/.well-known/.*" => "$0", - "^/static/.*" => "$0", - "^/.*$" => "/${execName}$0", - "^/favicon.ico$" => "/static/common/favicon.ico", - ) - alias.url += ( - "/static/webapp/" => "${inginious}/lib/python2.7/site-packages/inginious/frontend/webapp/static/", - "/static/common/" => "${inginious}/lib/python2.7/site-packages/inginious/frontend/common/static/" - ) - } - ''; - - systemd.services.lighttpd.preStart = '' - mkdir -p /run/lighttpd - chown lighttpd.lighttpd /run/lighttpd - ''; - - systemd.services.lighttpd.wants = [ "mongodb.service" "docker.service" ]; - systemd.services.lighttpd.after = [ "mongodb.service" "docker.service" ]; - } - ]); -} diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index e4494dff37da8..1075b00768fd6 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -3,7 +3,7 @@ # has additional options that affect the web server as a whole, like # the user/group to run under.) -{ config, lib }: +{ lib, ... }: with lib; { diff --git a/nixos/modules/services/web-servers/uwsgi.nix b/nixos/modules/services/web-servers/uwsgi.nix index 3ef78ea77cb24..3f858d90fa465 100644 --- a/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixos/modules/services/web-servers/uwsgi.nix @@ -27,10 +27,6 @@ let else if hasPython3 then uwsgi.python3 else null; - pythonPackages = pkgs.pythonPackages.override { - inherit python; - }; - pythonEnv = python.withPackages (c.pythonPackages or (self: [])); uwsgiCfg = { diff --git a/nixos/modules/services/web-servers/zope2.nix b/nixos/modules/services/web-servers/zope2.nix index 1dcc3ac9d8d4f..4cad2a2ff7775 100644 --- a/nixos/modules/services/web-servers/zope2.nix +++ b/nixos/modules/services/web-servers/zope2.nix @@ -6,7 +6,7 @@ let cfg = config.services.zope2; - zope2Opts = { name, config, ... }: { + zope2Opts = { name, ... }: { options = { name = mkOption { diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 27b62df7097ca..9fb8f44b24217 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -10,7 +10,6 @@ let let pkgName = drv: (builtins.parseDrvName drv.name).name; ysNames = map pkgName ys; - res = (filter (x: !(builtins.elem (pkgName x) ysNames)) xs); in filter (x: !(builtins.elem (pkgName x) ysNames)) xs; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 91d091d7d7e25..17733aa7e4f64 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -7,7 +7,7 @@ let xcfg = config.services.xserver; cfg = xcfg.desktopManager.plasma5; - inherit (pkgs) kdeApplications plasma5 libsForQt5 qt5 xorg; + inherit (pkgs) kdeApplications plasma5 libsForQt5 qt5; in @@ -221,6 +221,11 @@ in security.pam.services.sddm.enableKwallet = true; security.pam.services.slim.enableKwallet = true; + # Update the start menu for each user that has `isNormalUser` set. + system.activationScripts.plasmaSetup = stringAfter [ "users" "groups" ] + (concatStringsSep "\n" + (mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c kbuildsycoca5") + (filterAttrs (n: v: v.isNormalUser) config.users.users))); }) ]; diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index 7dcc600d2664f..ae155470419d5 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -43,12 +43,6 @@ in default = true; description = "Enable the XFWM (default) window manager."; }; - - screenLock = mkOption { - type = types.enum [ "xscreensaver" "xlockmore" "slock" ]; - default = "xlockmore"; - description = "Application used by XFCE to lock the screen."; - }; }; }; @@ -92,7 +86,7 @@ in thunar-volman # TODO: drop ] ++ (if config.hardware.pulseaudio.enable then [ xfce4-mixer-pulse xfce4-volumed-pulse ] - else [ xfce4-mixer xfce4-volumed ]) + else [ xfce4-mixer xfce4-volumed ]) # TODO: NetworkManager doesn't belong here ++ optionals config.networking.networkmanager.enable [ networkmanagerapplet ] ++ optionals config.powerManagement.enable [ xfce4-power-manager ] diff --git a/nixos/modules/services/x11/display-managers/auto.nix b/nixos/modules/services/x11/display-managers/auto.nix index c02ccdf12b65b..d2aae64bf2252 100644 --- a/nixos/modules/services/x11/display-managers/auto.nix +++ b/nixos/modules/services/x11/display-managers/auto.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index 2a71d23386072..cfa38f175dd38 100644 --- a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -8,7 +8,7 @@ let ldmcfg = dmcfg.lightdm; cfg = ldmcfg.greeters.gtk; - inherit (pkgs) stdenv lightdm writeScript writeText; + inherit (pkgs) writeText; theme = cfg.theme.package; icons = cfg.iconTheme.package; @@ -68,8 +68,8 @@ in package = mkOption { type = types.package; - default = pkgs.gnome3.gnome-themes-standard; - defaultText = "pkgs.gnome3.gnome-themes-standard"; + default = pkgs.gnome3.gnome-themes-extra; + defaultText = "pkgs.gnome3.gnome-themes-extra"; description = '' The package path that contains the theme given in the name option. ''; diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 206ede227efa7..54d4520a0c8bf 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -13,7 +13,7 @@ let wmDefault = xcfg.windowManager.default; hasDefaultUserSession = dmDefault != "none" || wmDefault != "none"; - inherit (pkgs) stdenv lightdm writeScript writeText; + inherit (pkgs) lightdm writeScript writeText; # lightdm runs with clearenv(), but we need a few things in the enviornment for X to startup xserverWrapper = writeScript "xserver-wrapper" diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 8db7414e811f5..426b899586f54 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -19,17 +19,6 @@ let Xsetup = pkgs.writeScript "Xsetup" '' #!/bin/sh - - # Prior to Qt 5.9.2, there is a QML cache invalidation bug which sometimes - # strikes new Plasma 5 releases. If the QML cache is not invalidated, SDDM - # will segfault without explanation. We really tore our hair out for awhile - # before finding the bug: - # https://bugreports.qt.io/browse/QTBUG-62302 - # We work around the problem by deleting the QML cache before startup. It - # will be regenerated, causing a small but perceptible delay when SDDM - # starts. - rm -fr /var/lib/sddm/.cache/sddm-greeter/qmlcache - ${cfg.setupScript} ''; @@ -285,5 +274,20 @@ in # To enable user switching, allow sddm to allocate TTYs/displays dynamically. services.xserver.tty = null; services.xserver.display = null; + + systemd.tmpfiles.rules = [ + # Prior to Qt 5.9.2, there is a QML cache invalidation bug which sometimes + # strikes new Plasma 5 releases. If the QML cache is not invalidated, SDDM + # will segfault without explanation. We really tore our hair out for awhile + # before finding the bug: + # https://bugreports.qt.io/browse/QTBUG-62302 + # We work around the problem by deleting the QML cache before startup. + # This was supposedly fixed in Qt 5.9.2 however it has been reported with + # 5.10 and 5.11 as well. The initial workaround was to delete the directory + # in the Xsetup script but that doesn't do anything. + # Instead we use tmpfiles.d to ensure it gets wiped. + # This causes a small but perceptible delay when SDDM starts. + "e ${config.users.users.sddm.home}/.cache - - - 0" + ]; }; } diff --git a/nixos/modules/services/x11/terminal-server.nix b/nixos/modules/services/x11/terminal-server.nix index 09a7f386876fe..503c14c9b6245 100644 --- a/nixos/modules/services/x11/terminal-server.nix +++ b/nixos/modules/services/x11/terminal-server.nix @@ -5,7 +5,7 @@ # not, a X server (Xvfb) is started for that user. The Xvfb instances # persist across VNC sessions. -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/x11/window-managers/default.nix b/nixos/modules/services/x11/window-managers/default.nix index e617e55a7a57a..06c59342b45a8 100644 --- a/nixos/modules/services/x11/window-managers/default.nix +++ b/nixos/modules/services/x11/window-managers/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/services/x11/window-managers/openbox.nix b/nixos/modules/services/x11/window-managers/openbox.nix index 07ef77151e956..165772d1aa097 100644 --- a/nixos/modules/services/x11/window-managers/openbox.nix +++ b/nixos/modules/services/x11/window-managers/openbox.nix @@ -2,7 +2,6 @@ with lib; let - inherit (lib) mkOption mkIf; cfg = config.services.xserver.windowManager.openbox; in diff --git a/nixos/modules/services/x11/window-managers/wmii.nix b/nixos/modules/services/x11/window-managers/wmii.nix index 30c8df7822457..9b50a99bf23f1 100644 --- a/nixos/modules/services/x11/window-managers/wmii.nix +++ b/nixos/modules/services/x11/window-managers/wmii.nix @@ -1,8 +1,7 @@ -{ config, lib, pkgs, options, modulesPath, ... }: +{ config, lib, pkgs, ... }: with lib; let - inherit (lib) mkOption mkIf singleton; cfg = config.services.xserver.windowManager.wmii; wmii = pkgs.wmii_hg; in diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 3048cd02683fd..b45e510f6b839 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, pkgs_i686, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index e2d1dd49ef0ec..da29e08b3691b 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -226,7 +226,7 @@ in default = []; example = lib.literalExample "[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]"; type = types.listOf (types.submodule ( - { options, ... }: { + { ... }: { options.original = mkOption { type = types.package; description = "The original package to override."; diff --git a/nixos/modules/system/boot/kexec.nix b/nixos/modules/system/boot/kexec.nix index 3fc1af28f628e..3e5d7b40f2c58 100644 --- a/nixos/modules/system/boot/kexec.nix +++ b/nixos/modules/system/boot/kexec.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ pkgs, lib, ... }: { config = lib.mkIf (pkgs.kexectools.meta.available) { diff --git a/nixos/modules/system/boot/loader/loader.nix b/nixos/modules/system/boot/loader/loader.nix index 28cceafea7cac..7fbda9ef0f576 100644 --- a/nixos/modules/system/boot/loader/loader.nix +++ b/nixos/modules/system/boot/loader/loader.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 9aa557ac85959..ce770d0676084 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -523,7 +523,7 @@ let }; - networkConfig = { name, config, ... }: { + networkConfig = { config, ... }: { config = { matchConfig = optionalAttrs (config.name != null) { Name = config.name; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index e1095fb988eb6..fc68904ae0809 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; let diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 6756f68cdf722..71b806a0b4e1a 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -11,7 +11,6 @@ let udev = config.systemd.package; - kernelPackages = config.boot.kernelPackages; modulesTree = config.system.modulesTree; firmware = config.hardware.firmware; @@ -164,7 +163,7 @@ let # Strip binaries further than normal. chmod -R u+w $out - stripDirs "lib bin" "-s" + stripDirs "$STRIP" "lib bin" "-s" # Run patchelf to make the programs refer to the copied libraries. find $out/bin $out/lib -type f | while read i; do diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index 78afbd8dbc12b..9fd89b6319db8 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -4,9 +4,6 @@ with lib; let - kernel = config.boot.kernelPackages.kernel; - activateConfiguration = config.system.activationScripts.script; - bootStage2 = pkgs.substituteAll { src = ./stage-2-init.sh; shellDebug = "${pkgs.bashInteractive}/bin/bash"; diff --git a/nixos/modules/system/boot/systemd-nspawn.nix b/nixos/modules/system/boot/systemd-nspawn.nix index 64b3b8b584e3d..83fef83543600 100644 --- a/nixos/modules/system/boot/systemd-nspawn.nix +++ b/nixos/modules/system/boot/systemd-nspawn.nix @@ -6,9 +6,6 @@ with import ./systemd-lib.nix { inherit config lib pkgs; }; let cfg = config.systemd.nspawn; - assertions = [ - # boot = true -> processtwo != true - ]; checkExec = checkUnitConfig "Exec" [ (assertOnlyFields [ diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 6593b1a024308..3e75941c193eb 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -70,8 +70,6 @@ let "systemd-journald.socket" "systemd-journald.service" "systemd-journal-flush.service" - "systemd-journal-gatewayd.socket" - "systemd-journal-gatewayd.service" "systemd-journal-catalog-update.service" "systemd-journald-audit.socket" "systemd-journald-dev-log.socket" @@ -160,8 +158,10 @@ let "systemd-binfmt.service" "systemd-exit.service" "systemd-update-done.service" - ] - ++ cfg.additionalUpstreamSystemUnits; + ] ++ optionals config.services.journald.enableHttpGateway [ + "systemd-journal-gatewayd.socket" + "systemd-journal-gatewayd.service" + ] ++ cfg.additionalUpstreamSystemUnits; upstreamSystemWants = [ "sysinit.target.wants" @@ -188,14 +188,12 @@ let "timers.target" ]; - boolToString = value: if value then "yes" else "no"; - makeJobScript = name: text: let mkScriptName = s: (replaceChars [ "\\" ] [ "-" ] (shellEscape s) ); x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${mkScriptName name}"; inherit text; }; in "${x}/bin/${mkScriptName name}"; - unitConfig = { name, config, ... }: { + unitConfig = { config, ... }: { config = { unitConfig = optionalAttrs (config.requires != []) @@ -277,7 +275,7 @@ let ]; }; - mountConfig = { name, config, ... }: { + mountConfig = { config, ... }: { config = { mountConfig = { What = config.what; @@ -290,7 +288,7 @@ let }; }; - automountConfig = { name, config, ... }: { + automountConfig = { config, ... }: { config = { automountConfig = { Where = config.where; @@ -515,7 +513,7 @@ in }; systemd.globalEnvironment = mkOption { - type = with types; attrsOf (nullOr (either str package)); + type = with types; attrsOf (nullOr (either str (either path package))); default = {}; example = { TZ = "CET"; }; description = '' diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 18aad58b36ccf..8d8bfe5900a98 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/tasks/bcache.nix b/nixos/modules/tasks/bcache.nix index 3bfdf89e0cf5f..8bab91c721fdc 100644 --- a/nixos/modules/tasks/bcache.nix +++ b/nixos/modules/tasks/bcache.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index da0c9408d8919..11ed5d7e4d0c7 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -7,7 +7,6 @@ let encDevs = filter (dev: dev.encrypted.enable) fileSystems; keyedEncDevs = filter (dev: dev.encrypted.keyFile != null) encDevs; keylessEncDevs = filter (dev: dev.encrypted.keyFile == null) encDevs; - isIn = needle: haystack: filter (p: p == needle) haystack != []; anyEncrypted = fold (j: v: v || j.encrypted.enable) false encDevs; diff --git a/nixos/modules/tasks/filesystems/ext.nix b/nixos/modules/tasks/filesystems/ext.nix index 3a8999c242bdc..a14a3ac38549c 100644 --- a/nixos/modules/tasks/filesystems/ext.nix +++ b/nixos/modules/tasks/filesystems/ext.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { config = { diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 39f51c363673a..7120856387ef3 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -9,7 +9,6 @@ with lib; let - cfgSpl = config.boot.spl; cfgZfs = config.boot.zfs; cfgSnapshots = config.services.zfs.autoSnapshot; cfgSnapFlags = cfgSnapshots.flags; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index c4a2bd1f75fd5..f3f6a19318a2f 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -7,7 +7,6 @@ let cfg = config.networking; interfaces = attrValues cfg.interfaces; - hasVirtuals = any (i: i.virtual) interfaces; slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds) ++ concatMap (i: i.interfaces) (attrValues cfg.bridges) diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index c640e886fca85..2318bdd1d5826 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, utils, ... }: +{ config, lib, utils, ... }: with utils; with lib; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 7053aa57f8038..20a740ce1f0ca 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1,4 +1,4 @@ -{ config, options, lib, pkgs, utils, stdenv, ... }: +{ config, options, lib, pkgs, utils, ... }: with lib; with utils; diff --git a/nixos/modules/tasks/scsi-link-power-management.nix b/nixos/modules/tasks/scsi-link-power-management.nix index 69599bda6d32d..a9d987780ee1c 100644 --- a/nixos/modules/tasks/scsi-link-power-management.nix +++ b/nixos/modules/tasks/scsi-link-power-management.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/tasks/swraid.nix b/nixos/modules/tasks/swraid.nix index 1b142fb8fd361..93e03c44c868b 100644 --- a/nixos/modules/tasks/swraid.nix +++ b/nixos/modules/tasks/swraid.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { diff --git a/nixos/modules/tasks/trackpoint.nix b/nixos/modules/tasks/trackpoint.nix index 1f8f2891e98cc..3575a291b2b42 100644 --- a/nixos/modules/tasks/trackpoint.nix +++ b/nixos/modules/tasks/trackpoint.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; diff --git a/nixos/modules/testing/service-runner.nix b/nixos/modules/testing/service-runner.nix index dfe8b430e0458..25490d671152a 100644 --- a/nixos/modules/testing/service-runner.nix +++ b/nixos/modules/testing/service-runner.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: with lib; diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 7a7fcbecd64f9..114e0ca39fa24 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -6,10 +6,6 @@ with lib; with import ../../lib/qemu-flags.nix { inherit pkgs; }; -let - kernel = config.boot.kernelPackages.kernel; -in - { # This option is a dummy that if used in conjunction with diff --git a/nixos/modules/virtualisation/amazon-options.nix b/nixos/modules/virtualisation/amazon-options.nix index 9ecdcf23e5fbf..1a45c3093b781 100644 --- a/nixos/modules/virtualisation/amazon-options.nix +++ b/nixos/modules/virtualisation/amazon-options.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: { options = { ec2 = { diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix index 5cd2304a29535..03239991b95a5 100644 --- a/nixos/modules/virtualisation/azure-common.nix +++ b/nixos/modules/virtualisation/azure-common.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: with lib; { diff --git a/nixos/modules/virtualisation/azure-config-user.nix b/nixos/modules/virtualisation/azure-config-user.nix index de1b3857923f9..267ba50ae025a 100644 --- a/nixos/modules/virtualisation/azure-config-user.nix +++ b/nixos/modules/virtualisation/azure-config-user.nix @@ -1,4 +1,4 @@ -{ config, pkgs, modulesPath, ... }: +{ modulesPath, ... }: { # To build the configuration or use nix-env, you need to run diff --git a/nixos/modules/virtualisation/azure-config.nix b/nixos/modules/virtualisation/azure-config.nix index 5c9f18ef52a5e..780bd1b78dce5 100644 --- a/nixos/modules/virtualisation/azure-config.nix +++ b/nixos/modules/virtualisation/azure-config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ "${modulesPath}/virtualisation/azure-image.nix" ]; diff --git a/nixos/modules/virtualisation/brightbox-config.nix b/nixos/modules/virtualisation/brightbox-config.nix index 528ffecc0bf25..0a018e4cd6954 100644 --- a/nixos/modules/virtualisation/brightbox-config.nix +++ b/nixos/modules/virtualisation/brightbox-config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ "${modulesPath}/virtualisation/brightbox-image.nix" ]; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index c3044ea124cfc..31f5f6fe78070 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -257,7 +257,7 @@ let system = config.nixpkgs.localSystem.system; - bindMountOpts = { name, config, ... }: { + bindMountOpts = { name, ... }: { options = { mountPoint = mkOption { @@ -284,7 +284,7 @@ let }; - allowedDeviceOpts = { name, config, ... }: { + allowedDeviceOpts = { ... }: { options = { node = mkOption { example = "/dev/net/tun"; diff --git a/nixos/modules/virtualisation/docker-image.nix b/nixos/modules/virtualisation/docker-image.nix index 9535e3e0d6778..2f304094d55bb 100644 --- a/nixos/modules/virtualisation/docker-image.nix +++ b/nixos/modules/virtualisation/docker-image.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos/modules/virtualisation/ec2-amis.nix b/nixos/modules/virtualisation/ec2-amis.nix index baffad79b0019..76facac39fc6e 100644 --- a/nixos/modules/virtualisation/ec2-amis.nix +++ b/nixos/modules/virtualisation/ec2-amis.nix @@ -240,22 +240,22 @@ let self = { "17.09".sa-east-1.hvm-ebs = "ami-4762202b"; "17.09".ap-south-1.hvm-ebs = "ami-4e376021"; - # 18.03.131792.becbe4dbe16 - "18.03".eu-west-1.hvm-ebs = "ami-cda4fab4"; - "18.03".eu-west-2.hvm-ebs = "ami-d96786be"; - "18.03".eu-west-3.hvm-ebs = "ami-6b0cba16"; - "18.03".eu-central-1.hvm-ebs = "ami-5e2b75b5"; - "18.03".us-east-1.hvm-ebs = "ami-d464cba9"; - "18.03".us-east-2.hvm-ebs = "ami-fd221298"; - "18.03".us-west-1.hvm-ebs = "ami-ff0d1d9f"; - "18.03".us-west-2.hvm-ebs = "ami-c05c3bb8"; - "18.03".ca-central-1.hvm-ebs = "ami-cc72f4a8"; - "18.03".ap-southeast-1.hvm-ebs = "ami-b61633ca"; - "18.03".ap-southeast-2.hvm-ebs = "ami-530fc131"; - "18.03".ap-northeast-1.hvm-ebs = "ami-90d6c0ec"; - "18.03".ap-northeast-2.hvm-ebs = "ami-a1248bcf"; - "18.03".sa-east-1.hvm-ebs = "ami-b090c6dc"; - "18.03".ap-south-1.hvm-ebs = "ami-32c9ec5d"; + # 18.03.132946.1caae7247b8 + "18.03".eu-west-1.hvm-ebs = "ami-065c46ec"; + "18.03".eu-west-2.hvm-ebs = "ami-64f31903"; + "18.03".eu-west-3.hvm-ebs = "ami-5a8d3d27"; + "18.03".eu-central-1.hvm-ebs = "ami-09faf9e2"; + "18.03".us-east-1.hvm-ebs = "ami-8b3538f4"; + "18.03".us-east-2.hvm-ebs = "ami-150b3170"; + "18.03".us-west-1.hvm-ebs = "ami-ce06ebad"; + "18.03".us-west-2.hvm-ebs = "ami-586c3520"; + "18.03".ca-central-1.hvm-ebs = "ami-aca72ac8"; + "18.03".ap-southeast-1.hvm-ebs = "ami-aa0b4d40"; + "18.03".ap-southeast-2.hvm-ebs = "ami-d0f254b2"; + "18.03".ap-northeast-1.hvm-ebs = "ami-456511a8"; + "18.03".ap-northeast-2.hvm-ebs = "ami-3366d15d"; + "18.03".sa-east-1.hvm-ebs = "ami-163e1f7a"; + "18.03".ap-south-1.hvm-ebs = "ami-6a390b05"; latest = self."18.03"; }; in self diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index f6bca1aa8579b..8f20100bc1b18 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 87409db4320c0..3d002bc22329b 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -104,7 +104,7 @@ in { config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ libvirt netcat-openbsd cfg.qemuPackage ]; + environment.systemPackages = with pkgs; [ libvirt libressl.nc cfg.qemuPackage ]; boot.kernelModules = [ "tun" ]; diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix index dbb7b881955af..d493648401872 100644 --- a/nixos/modules/virtualisation/lxc-container.nix +++ b/nixos/modules/virtualisation/lxc-container.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/virtualisation/nova-config.nix b/nixos/modules/virtualisation/nova-config.nix index c1d2a314daf2d..cecf2a3f144c1 100644 --- a/nixos/modules/virtualisation/nova-config.nix +++ b/nixos/modules/virtualisation/nova-config.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/virtualisation/openvswitch.nix b/nixos/modules/virtualisation/openvswitch.nix index 38b138e063263..bb8b9172f23f0 100644 --- a/nixos/modules/virtualisation/openvswitch.nix +++ b/nixos/modules/virtualisation/openvswitch.nix @@ -51,9 +51,6 @@ in { # Where the communication sockets live runDir = "/var/run/openvswitch"; - # Where the config database live (can't be in nix-store) - stateDir = "/var/db/openvswitch"; - # The path to the an initialized version of the database db = pkgs.stdenv.mkDerivation { name = "vswitch.db"; diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 64f145f77ca39..475852d1546c7 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -17,12 +17,40 @@ in { The size of the VirtualBox base image in MiB. ''; }; + memorySize = mkOption { + type = types.int; + default = 1536; + description = '' + The amount of RAM the VirtualBox appliance can use in MiB. + ''; + }; + vmDerivationName = mkOption { + type = types.str; + default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.system}"; + description = '' + The name of the derivation for the VirtualBox appliance. + ''; + }; + vmName = mkOption { + type = types.str; + default = "NixOS ${config.system.nixos.label} (${pkgs.stdenv.system})"; + description = '' + The name of the VirtualBox appliance. + ''; + }; + vmFileName = mkOption { + type = types.str; + default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.system}.ova"; + description = '' + The file name of the VirtualBox appliance. + ''; + }; }; }; config = { system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix { - name = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.system}"; + name = cfg.vmDerivationName; inherit pkgs lib config; partitionTableType = "legacy"; @@ -37,11 +65,11 @@ in { VBoxManage internalcommands createrawvmdk -filename disk.vmdk -rawdisk $diskImage echo "creating VirtualBox VM..." - vmName="NixOS ${config.system.nixos.label} (${pkgs.stdenv.system})" + vmName="${cfg.vmName}"; VBoxManage createvm --name "$vmName" --register \ --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"} VBoxManage modifyvm "$vmName" \ - --memory 1536 --acpi on --vram 32 \ + --memory ${toString cfg.memorySize} --acpi on --vram 32 \ ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \ --nictype1 virtio --nic1 nat \ --audiocontroller ac97 --audio alsa \ @@ -53,7 +81,7 @@ in { echo "exporting VirtualBox VM..." mkdir -p $out - fn="$out/nixos-${config.system.nixos.label}-${pkgs.stdenv.system}.ova" + fn="$out/${cfg.vmFileName}" VBoxManage export "$vmName" --output "$fn" rm -v $diskImage diff --git a/nixos/modules/virtualisation/xen-domU.nix b/nixos/modules/virtualisation/xen-domU.nix index b46002c10b541..c00b984c2ce04 100644 --- a/nixos/modules/virtualisation/xen-domU.nix +++ b/nixos/modules/virtualisation/xen-domU.nix @@ -1,6 +1,6 @@ # Common configuration for Xen DomU NixOS virtual machines. -{ config, pkgs, ... }: +{ ... }: { boot.loader.grub.version = 2; diff --git a/nixos/release.nix b/nixos/release.nix index f11f372335a03..dfa4ee9e1278e 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -45,7 +45,7 @@ let makeIso = - { module, type, maintainers ? ["eelco"], system }: + { module, type, system, ... }: with import nixpkgs { inherit system; }; @@ -56,7 +56,7 @@ let makeSdImage = - { module, maintainers ? ["dezgeg"], system }: + { module, system, ... }: with import nixpkgs { inherit system; }; @@ -96,7 +96,7 @@ let buildFromConfig = module: sel: forAllSystems (system: hydraJob (sel (import ./lib/eval-config.nix { inherit system; modules = [ module versionModule ] ++ singleton - ({ config, lib, ... }: + ({ ... }: { fileSystems."/".device = mkDefault "/dev/sda1"; boot.loader.grub.device = mkDefault "/dev/sda"; }); @@ -128,15 +128,15 @@ in rec { channel = import lib/make-channel.nix { inherit pkgs nixpkgs version versionSuffix; }; - manual = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manual); - manualEpub = (buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manualEpub)); - manpages = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manpages); - manualGeneratedSources = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.generatedSources); - options = (buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.optionsJSON)).x86_64-linux; + manual = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manual); + manualEpub = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualEpub)); + manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages); + manualGeneratedSources = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.generatedSources); + options = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.optionsJSON)).x86_64-linux; # Build the initial ramdisk so Hydra can keep track of its size over time. - initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk); + initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk); netboot = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: makeNetboot { inherit system; @@ -195,7 +195,7 @@ in rec { dummy = forAllSystems (system: pkgs.runCommand "dummy" { toplevel = (import lib/eval-config.nix { inherit system; - modules = singleton ({ config, pkgs, ... }: + modules = singleton ({ ... }: { fileSystems."/".device = mkDefault "/dev/sda1"; boot.loader.grub.device = mkDefault "/dev/sda"; system.nixos.stateVersion = mkDefault "18.03"; @@ -424,27 +424,27 @@ in rec { closures = { - smallContainer = makeClosure ({ pkgs, ... }: + smallContainer = makeClosure ({ ... }: { boot.isContainer = true; services.openssh.enable = true; }); - tinyContainer = makeClosure ({ pkgs, ... }: + tinyContainer = makeClosure ({ ... }: { boot.isContainer = true; imports = [ modules/profiles/minimal.nix ]; }); - ec2 = makeClosure ({ pkgs, ... }: + ec2 = makeClosure ({ ... }: { imports = [ modules/virtualisation/amazon-image.nix ]; }); - kde = makeClosure ({ pkgs, ... }: + kde = makeClosure ({ ... }: { services.xserver.enable = true; services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; }); - xfce = makeClosure ({ pkgs, ... }: + xfce = makeClosure ({ ... }: { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; }); diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 21b0fedcfefe6..6d728b387e145 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -1,5 +1,5 @@ let - commonConfig = { config, lib, pkgs, nodes, ... }: { + commonConfig = { lib, nodes, ... }: { networking.nameservers = [ nodes.letsencrypt.config.networking.primaryIPAddress ]; @@ -29,7 +29,7 @@ in import ./make-test.nix { name = "acme"; nodes = { - letsencrypt = ./common/letsencrypt.nix; + letsencrypt = ./common/letsencrypt; webserver = { config, pkgs, ... }: { imports = [ commonConfig ]; diff --git a/nixos/tests/ammonite.nix b/nixos/tests/ammonite.nix index e1dee71fddf23..fedfde233e8de 100644 --- a/nixos/tests/ammonite.nix +++ b/nixos/tests/ammonite.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { amm = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = [ pkgs.ammonite ]; }; diff --git a/nixos/tests/atd.nix b/nixos/tests/atd.nix index ef848c2a374f2..9f367d4c1d2a6 100644 --- a/nixos/tests/atd.nix +++ b/nixos/tests/atd.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, lib, ... }: +import ./make-test.nix ({ pkgs, ... }: { name = "atd"; @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, lib, ... }: }; machine = - { config, pkgs, ... }: + { ... }: { services.atd.enable = true; users.users.alice = { isNormalUser = true; }; }; diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix index 976a770e887c2..dfb60998941b1 100644 --- a/nixos/tests/avahi.nix +++ b/nixos/tests/avahi.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ... } : { }; nodes = let - cfg = { config, pkgs, ... }: { + cfg = { ... }: { services.avahi = { enable = true; nssmdns = true; diff --git a/nixos/tests/beegfs.nix b/nixos/tests/beegfs.nix index 433910feafe30..9c241fd2301a4 100644 --- a/nixos/tests/beegfs.nix +++ b/nixos/tests/beegfs.nix @@ -1,9 +1,9 @@ -import ./make-test.nix ({ pkgs, ... } : +import ./make-test.nix ({ ... } : let connAuthFile="beegfs/auth-def.key"; - client = { config, pkgs, lib, ... } : { + client = { pkgs, ... } : { networking.firewall.enable = false; services.beegfsEnable = true; services.beegfs.default = { @@ -31,7 +31,7 @@ let }; - server = service : { config, pkgs, lib, ... } : { + server = service : { pkgs, ... } : { networking.firewall.enable = false; boot.initrd.postDeviceCommands = '' ${pkgs.e2fsprogs}/bin/mkfs.ext4 -L data /dev/vdb diff --git a/nixos/tests/bittorrent.nix b/nixos/tests/bittorrent.nix index 50c98664660a9..609b1ff7a83a2 100644 --- a/nixos/tests/bittorrent.nix +++ b/nixos/tests/bittorrent.nix @@ -30,7 +30,7 @@ in nodes = { tracker = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = [ pkgs.transmission pkgs.opentracker ]; # We need Apache on the tracker to serve the torrents. @@ -42,7 +42,7 @@ in }; router = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = [ pkgs.miniupnpd ]; virtualisation.vlans = [ 1 2 ]; networking.nat.enable = true; @@ -52,7 +52,7 @@ in }; client1 = - { config, pkgs, nodes, ... }: + { pkgs, nodes, ... }: { environment.systemPackages = [ pkgs.transmission ]; virtualisation.vlans = [ 2 ]; networking.defaultGateway = @@ -61,7 +61,7 @@ in }; client2 = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = [ pkgs.transmission ]; networking.firewall.enable = false; }; diff --git a/nixos/tests/borgbackup.nix b/nixos/tests/borgbackup.nix index 36731773de27e..9b39abdfa8edf 100644 --- a/nixos/tests/borgbackup.nix +++ b/nixos/tests/borgbackup.nix @@ -41,7 +41,7 @@ in { }; nodes = { - client = { config, pkgs, ... }: { + client = { ... }: { services.borgbackup.jobs = { local = rec { @@ -84,7 +84,7 @@ in { }; }; - server = { config, pkgs, ... }: { + server = { ... }: { services.openssh = { enable = true; passwordAuthentication = false; diff --git a/nixos/tests/buildbot.nix b/nixos/tests/buildbot.nix index 828846f17c899..cf408dc7fec92 100644 --- a/nixos/tests/buildbot.nix +++ b/nixos/tests/buildbot.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ... } : { name = "buildbot"; nodes = { - bbmaster = { config, pkgs, ... }: { + bbmaster = { pkgs, ... }: { services.buildbot-master = { enable = true; package = pkgs.buildbot-full; @@ -22,7 +22,7 @@ import ./make-test.nix ({ pkgs, ... } : { environment.systemPackages = with pkgs; [ git buildbot-full ]; }; - bbworker = { config, pkgs, ... }: { + bbworker = { pkgs, ... }: { services.buildbot-worker = { enable = true; masterUrl = "bbmaster:9989"; @@ -30,7 +30,7 @@ import ./make-test.nix ({ pkgs, ... } : { environment.systemPackages = with pkgs; [ git buildbot-worker ]; }; - gitrepo = { config, pkgs, ... }: { + gitrepo = { pkgs, ... }: { services.openssh.enable = true; networking.firewall.allowedTCPPorts = [ 22 9418 ]; environment.systemPackages = with pkgs; [ git ]; diff --git a/nixos/tests/cadvisor.nix b/nixos/tests/cadvisor.nix index f0083ab18e45e..e60bae4b70033 100644 --- a/nixos/tests/cadvisor.nix +++ b/nixos/tests/cadvisor.nix @@ -5,11 +5,11 @@ import ./make-test.nix ({ pkgs, ... } : { }; nodes = { - machine = { config, pkgs, ... }: { + machine = { ... }: { services.cadvisor.enable = true; }; - influxdb = { config, pkgs, lib, ... }: with lib; { + influxdb = { lib, ... }: with lib; { services.cadvisor.enable = true; services.cadvisor.storageDriver = "influxdb"; services.influxdb.enable = true; diff --git a/nixos/tests/cassandra.nix b/nixos/tests/cassandra.nix index b729e6b158bcb..ca8f35ef3bff3 100644 --- a/nixos/tests/cassandra.nix +++ b/nixos/tests/cassandra.nix @@ -24,9 +24,9 @@ in name = "cassandra-ci"; nodes = { - cass0 = {pkgs, config, nodes, ...}: nodeCfg nodes "192.168.1.1" {}; - cass1 = {pkgs, config, nodes, ...}: nodeCfg nodes "192.168.1.2" {}; - cass2 = {pkgs, config, nodes, ...}: nodeCfg nodes "192.168.1.3" { + cass0 = { nodes, ... }: nodeCfg nodes "192.168.1.1" {}; + cass1 = { nodes, ... }: nodeCfg nodes "192.168.1.2" {}; + cass2 = { nodes, ... }: nodeCfg nodes "192.168.1.3" { extraParams = [ ''JVM_OPTS="$JVM_OPTS -Dcassandra.replace_address=192.168.1.2"'' ]; diff --git a/nixos/tests/ceph.nix b/nixos/tests/ceph.nix index b9993062c079a..dd45f0157b01a 100644 --- a/nixos/tests/ceph.nix +++ b/nixos/tests/ceph.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({pkgs, ...}: rec { }; nodes = { - aio = { config, pkgs, ... }: { + aio = { pkgs, ... }: { virtualisation = { emptyDiskImages = [ 20480 20480 ]; vlans = [ 1 ]; @@ -55,7 +55,7 @@ import ./make-test.nix ({pkgs, ...}: rec { }; }; - testScript = { nodes, ... }: '' + testScript = { ... }: '' startAll; $aio->waitForUnit("network.target"); diff --git a/nixos/tests/cjdns.nix b/nixos/tests/cjdns.nix index 4d3b58abc6e55..ab5f8e0bcf3e5 100644 --- a/nixos/tests/cjdns.nix +++ b/nixos/tests/cjdns.nix @@ -2,10 +2,9 @@ let carolKey = "2d2a338b46f8e4a8c462f0c385b481292a05f678e19a2b82755258cf0f0af7e2"; carolPubKey = "n932l3pjvmhtxxcdrqq2qpw5zc58f01vvjx01h4dtd1bb0nnu2h0.k"; carolPassword = "678287829ce4c67bc8b227e56d94422ee1b85fa11618157b2f591de6c6322b52"; - carolIp4 = "192.168.0.9"; basicConfig = - { config, pkgs, ... }: + { ... }: { services.cjdns.enable = true; # Turning off DHCP isn't very realistic but makes @@ -30,7 +29,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = rec { # Alice finds peers over over ETHInterface. alice = - { config, ... }: + { ... }: { imports = [ basicConfig ]; services.cjdns.ETHInterface.bind = "eth1"; @@ -42,11 +41,9 @@ import ./make-test.nix ({ pkgs, ...} : { # Bob explicitly connects to Carol over UDPInterface. bob = - { config, lib, nodes, ... }: + { ... }: - let carolIp4 = lib.mkForce nodes.carol.config.networking.interfaces.eth1; in - - { imports = [ basicConfig ]; + { imports = [ basicConfig ]; networking.interfaces.eth1.ipv4.addresses = [ { address = "192.168.0.2"; prefixLength = 24; } @@ -66,11 +63,8 @@ import ./make-test.nix ({ pkgs, ...} : { # Carol listens on ETHInterface and UDPInterface, # but knows neither Alice or Bob. carol = - { config, lib, nodes, ... }: - let - carolIp4 = (lib.mkForce nodes.carol.config.networking.interfaces.eth1); - in - { imports = [ basicConfig ]; + { ... }: + { imports = [ basicConfig ]; environment.etc."cjdns.keys".text = '' CJDNS_PRIVATE_KEY=${carolKey} diff --git a/nixos/tests/cloud-init.nix b/nixos/tests/cloud-init.nix index 2a258e4bff542..303e74086460f 100644 --- a/nixos/tests/cloud-init.nix +++ b/nixos/tests/cloud-init.nix @@ -31,7 +31,7 @@ in makeTest { maintainers = [ lewo ]; }; machine = - { config, pkgs, ... }: + { ... }: { virtualisation.qemu.options = [ "-cdrom" "${metadataDrive}/metadata.iso" ]; services.cloud-init.enable = true; diff --git a/nixos/tests/common/letsencrypt.nix b/nixos/tests/common/letsencrypt/default.nix index 2c86fe8d68bcc..73aac51a01261 100644 --- a/nixos/tests/common/letsencrypt.nix +++ b/nixos/tests/common/letsencrypt/default.nix @@ -17,7 +17,7 @@ # A configuration example of a full node setup using this would be this: # # { -# letsencrypt = import ./common/letsencrypt.nix; +# letsencrypt = import ./common/letsencrypt; # # example = { nodes, ... }: { # networking.nameservers = [ @@ -30,14 +30,14 @@ # } # # By default, this module runs a local resolver, generated using resolver.nix -# from the same directory to automatically discover all zones in the network. +# from the parent directory to automatically discover all zones in the network. # # If you do not want this and want to use your own resolver, you can just # override networking.nameservers like this: # # { # letsencrypt = { nodes, ... }: { -# imports = [ ./common/letsencrypt.nix ]; +# imports = [ ./common/letsencrypt ]; # networking.nameservers = [ # nodes.myresolver.config.networking.primaryIPAddress # ]; @@ -164,8 +164,8 @@ let -e 's,exec \./bin/,,' \ test/startservers.py - cat "${snakeOilCa}/ca.key" > test/test-ca.key - cat "${snakeOilCa}/ca.pem" > test/test-ca.pem + cat ${lib.escapeShellArg snakeOilCerts.ca.key} > test/test-ca.key + cat ${lib.escapeShellArg snakeOilCerts.ca.cert} > test/test-ca.pem ''; # Until vendored pkcs11 is go 1.9 compatible @@ -173,6 +173,21 @@ let rm -r go/src/github.com/letsencrypt/boulder/vendor/github.com/miekg/pkcs11 ''; + # XXX: Temporarily brought back putting the source code in the output, + # since e95f17e2720e67e2eabd59d7754c814d3e27a0b2 was removing that from + # buildGoPackage. + preInstall = '' + mkdir -p $out + pushd "$NIX_BUILD_TOP/go" + while read f; do + echo "$f" | grep -q '^./\(src\|pkg/[^/]*\)/${goPackagePath}' \ + || continue + mkdir -p "$(dirname "$out/share/go/$f")" + cp "$NIX_BUILD_TOP/go/$f" "$out/share/go/$f" + done < <(find . -type f) + popd + ''; + extraSrcs = map mkGoDep [ { goPackagePath = "github.com/miekg/pkcs11"; rev = "6dbd569b952ec150d1425722dbbe80f2c6193f83"; @@ -191,53 +206,15 @@ let 1:/var/lib/softhsm/slot1.db ''; - snakeOilCa = pkgs.runCommand "snakeoil-ca" { - buildInputs = [ pkgs.openssl ]; - allowSubstitutes = false; - } '' - mkdir "$out" - openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 \ - -subj '/CN=Snakeoil CA' -nodes \ - -out "$out/ca.pem" -keyout "$out/ca.key" - ''; - - createAndSignCert = fqdn: let - snakeoilCertConf = pkgs.writeText "snakeoil.cnf" '' - [req] - default_bits = 4096 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - [dn] - CN = ${fqdn} - [req_ext] - subjectAltName = DNS:${fqdn} - ''; - in pkgs.runCommand "snakeoil-certs-${fqdn}" { - buildInputs = [ pkgs.openssl ]; - allowSubstitutes = false; - } '' - mkdir "$out" - openssl genrsa -out "$out/snakeoil.key" 4096 - openssl req -new -key "$out/snakeoil.key" \ - -config ${lib.escapeShellArg snakeoilCertConf} \ - -out snakeoil.csr - openssl x509 -req -in snakeoil.csr -sha256 -set_serial 666 \ - -CA "${snakeOilCa}/ca.pem" -CAkey "${snakeOilCa}/ca.key" \ - -extfile ${lib.escapeShellArg snakeoilCertConf} \ - -out "$out/snakeoil.pem" -days 36500 - ''; + snakeOilCerts = import ./snakeoil-certs.nix; - wfeCerts = createAndSignCert wfeDomain; wfeDomain = "acme-v01.api.letsencrypt.org"; - wfeCertFile = "${wfeCerts}/snakeoil.pem"; - wfeKeyFile = "${wfeCerts}/snakeoil.key"; + wfeCertFile = snakeOilCerts.${wfeDomain}.cert; + wfeKeyFile = snakeOilCerts.${wfeDomain}.key; - siteCerts = createAndSignCert siteDomain; siteDomain = "letsencrypt.org"; - siteCertFile = "${siteCerts}/snakeoil.pem"; - siteKeyFile = "${siteCerts}/snakeoil.key"; + siteCertFile = snakeOilCerts.${siteDomain}.cert; + siteKeyFile = snakeOilCerts.${siteDomain}.key; # Retrieved via: # curl -s -I https://acme-v01.api.letsencrypt.org/terms \ @@ -327,7 +304,7 @@ let serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; script = let - netcat = "${pkgs.netcat-openbsd}/bin/nc"; + netcat = "${pkgs.libressl.nc}/bin/nc"; portCheck = "${netcat} -z 127.0.0.1 ${toString attrs.waitForPort}"; in "while ! ${portCheck}; do :; done"; }; @@ -350,7 +327,7 @@ let }) components; in { - imports = [ ./resolver.nix ]; + imports = [ ../resolver.nix ]; options.test-support.letsencrypt.caCert = lib.mkOption { type = lib.types.path; @@ -366,7 +343,7 @@ in { resolver.enable = let isLocalResolver = config.networking.nameservers == [ "127.0.0.1" ]; in lib.mkOverride 900 isLocalResolver; - letsencrypt.caCert = "${snakeOilCa}/ca.pem"; + letsencrypt.caCert = snakeOilCerts.ca.cert; }; # This has priority 140, because modules/testing/test-instrumentation.nix @@ -458,7 +435,7 @@ in { serviceConfig.RemainAfterExit = true; script = let ports = lib.range 8000 8005 ++ lib.singleton 80; - netcat = "${pkgs.netcat-openbsd}/bin/nc"; + netcat = "${pkgs.libressl.nc}/bin/nc"; mkPortCheck = port: "${netcat} -z 127.0.0.1 ${toString port}"; checks = "(${lib.concatMapStringsSep " && " mkPortCheck ports})"; in "while ! ${checks}; do :; done"; diff --git a/nixos/tests/common/letsencrypt/mkcerts.nix b/nixos/tests/common/letsencrypt/mkcerts.nix new file mode 100644 index 0000000000000..3b4a589e41427 --- /dev/null +++ b/nixos/tests/common/letsencrypt/mkcerts.nix @@ -0,0 +1,69 @@ +{ pkgs ? import <nixpkgs> {} +, lib ? pkgs.lib + +, domains ? [ "acme-v01.api.letsencrypt.org" "letsencrypt.org" ] +}: + +pkgs.runCommand "letsencrypt-snakeoil-ca" { + nativeBuildInputs = [ pkgs.openssl ]; +} '' + addpem() { + local file="$1"; shift + local storeFileName="$(IFS=.; echo "$*")" + + echo -n " " >> "$out" + + # Every following argument is an attribute, so let's recurse and check + # every attribute whether it must be quoted and write it into $out. + while [ -n "$1" ]; do + if expr match "$1" '^[a-zA-Z][a-zA-Z0-9]*$' > /dev/null; then + echo -n "$1" >> "$out" + else + echo -n '"' >> "$out" + echo -n "$1" | sed -e 's/["$]/\\&/g' >> "$out" + echo -n '"' >> "$out" + fi + shift + [ -z "$1" ] || echo -n . >> "$out" + done + + echo " = builtins.toFile \"$storeFileName\" '''" >> "$out" + sed -e 's/^/ /' "$file" >> "$out" + + echo " ''';" >> "$out" + } + + echo '# Generated via mkcert.sh in the same directory.' > "$out" + echo '{' >> "$out" + + openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 \ + -subj '/CN=Snakeoil CA' -nodes -out ca.pem -keyout ca.key + + addpem ca.key ca key + addpem ca.pem ca cert + + ${lib.concatMapStrings (fqdn: let + opensslConfig = pkgs.writeText "snakeoil.cnf" '' + [req] + default_bits = 4096 + prompt = no + default_md = sha256 + req_extensions = req_ext + distinguished_name = dn + [dn] + CN = ${fqdn} + [req_ext] + subjectAltName = DNS:${fqdn} + ''; + in '' + export OPENSSL_CONF=${lib.escapeShellArg opensslConfig} + openssl genrsa -out snakeoil.key 4096 + openssl req -new -key snakeoil.key -out snakeoil.csr + openssl x509 -req -in snakeoil.csr -sha256 -set_serial 666 \ + -CA ca.pem -CAkey ca.key -out snakeoil.pem -days 36500 + addpem snakeoil.key ${lib.escapeShellArg fqdn} key + addpem snakeoil.pem ${lib.escapeShellArg fqdn} cert + '') domains} + + echo '}' >> "$out" +'' diff --git a/nixos/tests/common/letsencrypt/mkcerts.sh b/nixos/tests/common/letsencrypt/mkcerts.sh new file mode 100755 index 0000000000000..cc7f8ca650dd4 --- /dev/null +++ b/nixos/tests/common/letsencrypt/mkcerts.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p nix bash -i bash +set -e +cd "$(dirname "$0")" +storepath="$(nix-build --no-out-link mkcerts.nix)" +cat "$storepath" > snakeoil-certs.nix diff --git a/nixos/tests/common/letsencrypt/snakeoil-certs.nix b/nixos/tests/common/letsencrypt/snakeoil-certs.nix new file mode 100644 index 0000000000000..c3d29ab8f1633 --- /dev/null +++ b/nixos/tests/common/letsencrypt/snakeoil-certs.nix @@ -0,0 +1,253 @@ +# Generated via mkcert.sh in the same directory. +{ + ca.key = builtins.toFile "ca.key" '' + -----BEGIN PRIVATE KEY----- + MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDfdVxC/4HwhuzD + 9or9CDDu3TBQE5lirJI5KYmfMZtfgdzEjgOzmR9AVSkn2rQeCqzM5m+YCzPO+2y7 + 0Fdk7vDORi1OdhYfUQIW6/TZ27xEjx4t82j9i705yUqTJZKjMbD830geXImJ6VGj + Nv/WisTHmwBspWKefYQPN68ZvYNCn0d5rYJg9uROZPJHSI0MYj9iERWIPN+xhZoS + xN74ILJ0rEOQfx2GHDhTr99vZYAFqbAIfh35fYulRWarUSekI+rDxa83FD8q9cMg + OP84KkLep2dRXXTbUWErGUOpHP55M9M7ws0RVNdl9PUSbDgChl7yYlHCde3261q/ + zGp5dMV/t/jXXNUgRurvXc4gUKKjS4Sffvg0XVnPs3sMlZ4JNmycK9klgISVmbTK + VcjRRJv8Bva2NQVsJ9TIryV0QEk94DucgsC3LbhQfQdmnWVcEdzwrZHNpk9az5mn + w42RuvZW9L19T7xpIrdLSHaOis4VEquZjkWIhfIz0DVMeXtYEQmwqFG23Ww0utcp + mCW4FPvpyYs5GAPmGWfrlMxsLD/7eteot3AheC+56ZBoVBnI8FFvIX2qci+gfVDu + CjvDmbyS/0NvxLGqvSC1GUPmWP3TR5Fb1H8Rp+39zJHRmH+qYWlhcv6p7FlY2/6d + 9Rkw8WKRTSCB7yeUdNNPiPopk6N4NwIDAQABAoICAQCzV0ei5dntpvwjEp3eElLj + glYiDnjOPt5kTjgLsg6XCmyau7ewzrXMNgz/1YE1ky+4i0EI8AS2nAdafQ2HDlXp + 11zJWfDLVYKtztYGe1qQU6TPEEo1I4/M7waRLliP7XO0n6cL5wzjyIQi0CNolprz + 8CzZBasutGHmrLQ1nmnYcGk2+NBo7f2yBUaFe27of3mLRVbYrrKBkU5kveiNkABp + r0/SipKxbbivQbm7d+TVpqiHSGDaOa54CEksOcfs7n6efOvw8qj326KtG9GJzDE6 + 7XP4U19UHe40XuR0t7Zso/FmRyO6QzNUutJt5LjXHezZ75razTcdMyr0QCU8MUHH + jXZxQCsbt+9AmdxUMBm1SMNVBdHYM8oiNHynlgsEj9eM6jxDEss/Uc3FeKoHl+XL + L6m28guIB8NivqjVzZcwhxvdiQCzYxjyqMC+/eX7aaK4NIlX2QRMoDL6mJ58Bz/8 + V2Qxp2UNVwKJFWAmpgXC+sq6XV/TP3HkOvd0OK82Nid2QxEvfE/EmOhU63qAjgUR + QnteLEcJ3MkGGurs05pYBDE7ejKVz6uu2tHahFMOv+yanGP2gfivnT9a323/nTqH + oR5ffMEI1u/ufpWU7sWXZfL/mH1L47x87k+9wwXHCPeSigcy+hFI7t1+rYsdCmz9 + V6QtmxZHMLanwzh5R0ipcQKCAQEA8kuZIz9JyYP6L+5qmIUxiWESihVlRCSKIqLB + fJ5sQ06aDBV2sqS4XnoWsHuJWUd39rulks8cg8WIQu8oJwVkFI9EpARt/+a1fRP0 + Ncc9qiBdP6VctQGgKfe5KyOfMzIBUl3zj2cAmU6q+CW1OgdhnEl4QhgBe5XQGquZ + Alrd2P2jhJbMO3sNFgzTy7xPEr3KqUy+L4gtRnGOegKIh8EllmsyMRO4eIrZV2z3 + XI+S2ZLyUn3WHYkaJqvUFrbfekgBBmbk5Ead6ImlsLsBla6MolKrVYV1kN6KT+Y+ + plcxNpWY8bnWfw5058OWPLPa9LPfReu9rxAeGT2ZLmAhSkjGxQKCAQEA7BkBzT3m + SIzop9RKl5VzYbVysCYDjFU9KYMW5kBIw5ghSMnRmU7kXIZUkc6C1L/v9cTNFFLw + ZSF4vCHLdYLmDysW2d4DU8fS4qdlDlco5A00g8T1FS7nD9CzdkVN/oix6ujw7RuI + 7pE1K3JELUYFBc8AZ7mIGGbddeCwnM+NdPIlhWzk5s4x4/r31cdk0gzor0kE4e+d + 5m0s1T4O/Iak6rc0MGDeTejZQg04p1eAJFYQ6OY23tJhH/kO8CMYnQ4fidfCkf8v + 85v4EC1MCorFR7J65uSj8MiaL7LTXPvLAkgFls1c3ijQ2tJ8qXvqmfo0by33T1OF + ZGyaOP9/1WQSywKCAQB47m6CfyYO5EZNAgxGD8SHsuGT9dXTSwF/BAjacB/NAEA2 + 48eYpko3LWyBrUcCPn+LsGCVg7XRtxepgMBjqXcoI9G4o1VbsgTHZtwus0D91qV0 + DM7WsPcFu1S6SU8+OCkcuTPFUT2lRvRiYj+vtNttK+ZP5rdmvYFermLyH/Q2R3ID + zVgmH+aKKODVASneSsgJ8/nAs5EVZbwc/YKzbx2Zk+s7P4KE95g+4G4dzrMW0RcN + QS1LFJDu2DhFFgU4fRO15Ek9/lj2JS2DpfLGiJY8tlI5nyDsq4YRFvQSBdbUTZpG + m+CJDegffSlRJtuT4ur/dQf5hmvfYTVBRk2XS/eZAoIBAB143a22PWnvFRfmO02C + 3X1j/iYZCLZa6aCl+ZTSj4LDGdyRPPXrUDxwlFwDMHfIYfcHEyanV9T4Aa9SdKh9 + p6RbF6YovbeWqS+b/9RzcupM77JHQuTbDwL9ZXmtGxhcDgGqBHFEz6ogPEfpIrOY + GwZnmcBY+7E4HgsZ+lII4rqng6GNP2HEeZvg91Eba+2AqQdAkTh3Bfn+xOr1rT8+ + u5WFOyGS5g1JtN0280yIcrmWeNPp8Q2Nq4wnNgMqDmeEnNFDOsmo1l6NqMC0NtrW + CdxyXj82aXSkRgMQSqw/zk7BmNkDV8VvyOqX/fHWQynnfuYmEco4Pd2UZQgadOW5 + cVMCggEBANGz1fC+QQaangUzsVNOJwg2+CsUFYlAKYA3pRKZPIyMob2CBXk3Oln/ + YqOq6j373kG2AX74EZT07JFn28F27JF3r+zpyS/TYrfZyO1lz/5ZejPtDTmqBiVd + qa2coaPKwCOz64s77A9KSPyvpvyuTfRVa8UoArHcrQsPXMHgEhnFRsbxgmdP582A + kfYfoJBSse6dQtS9ZnREJtyWJlBNIBvsuKwzicuIgtE3oCBcIUZpEa6rBSN7Om2d + ex8ejCcS7qpHeULYspXbm5ZcwE4glKlQbJDTKaJ9mjiMdvuNFUZnv1BdMQ3Tb8zf + Gvfq54FbDuB10XP8JdLrsy9Z6GEsmoE= + -----END PRIVATE KEY----- + ''; + ca.cert = builtins.toFile "ca.cert" '' + -----BEGIN CERTIFICATE----- + MIIFATCCAumgAwIBAgIJANydi4uFZr0LMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV + BAMMC1NuYWtlb2lsIENBMCAXDTE4MDcxMjAwMjIxNloYDzIxMTgwNjE4MDAyMjE2 + WjAWMRQwEgYDVQQDDAtTbmFrZW9pbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP + ADCCAgoCggIBAN91XEL/gfCG7MP2iv0IMO7dMFATmWKskjkpiZ8xm1+B3MSOA7OZ + H0BVKSfatB4KrMzmb5gLM877bLvQV2Tu8M5GLU52Fh9RAhbr9NnbvESPHi3zaP2L + vTnJSpMlkqMxsPzfSB5ciYnpUaM2/9aKxMebAGylYp59hA83rxm9g0KfR3mtgmD2 + 5E5k8kdIjQxiP2IRFYg837GFmhLE3vggsnSsQ5B/HYYcOFOv329lgAWpsAh+Hfl9 + i6VFZqtRJ6Qj6sPFrzcUPyr1wyA4/zgqQt6nZ1FddNtRYSsZQ6kc/nkz0zvCzRFU + 12X09RJsOAKGXvJiUcJ17fbrWr/Manl0xX+3+Ndc1SBG6u9dziBQoqNLhJ9++DRd + Wc+zewyVngk2bJwr2SWAhJWZtMpVyNFEm/wG9rY1BWwn1MivJXRAST3gO5yCwLct + uFB9B2adZVwR3PCtkc2mT1rPmafDjZG69lb0vX1PvGkit0tIdo6KzhUSq5mORYiF + 8jPQNUx5e1gRCbCoUbbdbDS61ymYJbgU++nJizkYA+YZZ+uUzGwsP/t616i3cCF4 + L7npkGhUGcjwUW8hfapyL6B9UO4KO8OZvJL/Q2/Esaq9ILUZQ+ZY/dNHkVvUfxGn + 7f3MkdGYf6phaWFy/qnsWVjb/p31GTDxYpFNIIHvJ5R000+I+imTo3g3AgMBAAGj + UDBOMB0GA1UdDgQWBBQ3vPWzjLmu5krbSpfhBAht9KL3czAfBgNVHSMEGDAWgBQ3 + vPWzjLmu5krbSpfhBAht9KL3czAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA + A4ICAQDF9HyC1ZFN3Ob+JA9Dj5+Rcobi7JIA5F8uW3Q92LfPoVaUGEkBrwJSiTFX + 47zvP/ySBJIpZ9rzHMbJ+1L+eJgczF1uQ91inthCKo1THTPo5TgBrpJj0YAIunsj + 9eH1tBnfWFYdVIDZoTSiwPtgIvglpyuK/eJXEe+FRzubhtdc9w1Hlzox1sd0TQuy + Pl9KFHg7BlFZfCPig1mkB8pfwjBDgVhv5DKJ9cJXh3R5zSoiyuS2b+qYSvw8YTHq + 0WNKWUthb7BVAYE3OmcbOHgUAUjtJ6EIGIB9z/SoLe90CofXLXFR5dppuVLKCMBA + kgL4luBIu7t8mcnN2yzobvcGHy8RVY6F5abCCy6gackLzjOzvH1SYOxP8yN74aKB + ANgcqdWspb8JYoU8lEbA8dhBVrsgBf7XeJlrZvMdcUENlJ2PI0JWr9WvlRAM9rYY + EY1alJqBCp6530Ggd6/f0V64cEqptejUdmN9L0zboxKjQf4LjpUNraGvg8tw/xkY + 4dT1U2HlVnhOyBVkx/tE6zIK/RU16oMqwpjCdfbK/TuWCNc/emJz5PMlp81zm83+ + dExpWwuV4rt6OQbZ/GSatNLJXOw+pkLjaEhnHgrsgI+HqAUXg3ByKol+1e76wN51 + k1ZKpB6mk4kejySGPYBHiJwED0IyXu9gUfalSczXFO4ySAvhCg== + -----END CERTIFICATE----- + ''; + "acme-v01.api.letsencrypt.org".key = builtins.toFile "acme-v01.api.letsencrypt.org.key" '' + -----BEGIN RSA PRIVATE KEY----- + MIIJKQIBAAKCAgEAvG+sL4q0VkgSClBTn4NkPiUrtXx5oLyZ+CCM1jrQx/xotUt5 + X2S4/7vMnAK/yRLsR7R2PhXO8CZPqJ7B6OfAgaDTgvipJkZYPZQSMP3KOinM3WJL + ssqKh7/HOxZIf0iyUXewrnX5eTAo/CLsUnhBjBD7E99nmQz/leLWSl82sSYDkO3n + Uk3/1qJZA8iddb4uH0IEQWcNKev3WoQQzwiVrXBiftlRQOJy5JJXm5m8229MCpMA + 1AUWmpdu6sl3/gFFdsDhUFq/a7LFrVyaUCMRIHg9szAB7ZFkixr9umQs8jKwuo98 + 3JHB11h2SirwgfIzHHmyhaWhCt22ucTwEXGhq63LtrzZvLsfP8Ql5S+AuqGTH0v8 + meuc784leAjulBZjkpuIFwDnVv9+YeUEbqJeo1hSHrILddora3nkH4E2dJWmLpqp + iPr++GRi+BNgYKW/BQLTJ7C6v+vUs+kdPgYJH5z7oP6f0YZkT0Wkubp/UEz7UV2d + fjz57d77DYx5rFWGYzJriWR/xltgL1zDpjwjwG1FDpRqwlyYbBFpjQhxI+X0aT98 + m6fCzBDQHDb/+JgvsjTHh6OZatahFAwzFIEfrceDv1BG8sBWIaZGhLzYiWQxafl8 + oXbWv1T6I1jpsTlCdCSkWzaJb4ZjxI9Ga1ynVu8F16+GR2a71wKWu7UbZQsCAwEA + AQKCAgBYvrs4FLoD3KNqahRIDqhaQEVKjtn1Yn2dBy9tAXwsg2qI34fE7nnWLwsY + +o56U0gmKQ57BOhV36Uqg8JNP0BBjI2wpA19simCrsa2fgAMznzmUpHWHV+KuT5K + TJ9OGt2oUpdKQtOASLc0r/neiTZNkf29iTyQLzf7zj4f/qGSYpXRXsnP0F5KJmGH + z6agujWckQnSB4eCk9gFsCb+akubyE8K8Kw8w6lajrVl2czBB7SnUj5UnCTeH62k + M8goP08Is6QppON8BFDm6bLfRPSe9yIPzu9JhGz2unp+mwkz872Zz1P9yUOieM4U + 9g4ZFQkPQx1ZpfynUm3pJZ/uhzadBabnIvMe/1qwDAEDifh/WzEM76/2kBpQkHtS + qcjwjAElfWnP8aBr1Pj42/cVJy3dbDqb0OawFHx/8xSO2CkY4Gq2h3OYv1XpPv3g + S9qqKhvuaT+aD0YjKhP4FYc2vvQSJwdZL8vqOyma8JGmc+r7jakIPCyOx3oPVqnS + L2P7DuJ1FcGIZyYOU3UUSzKndDU9fVC8YoLWvHDlwm4RK9UPtdsBY8mEu6BlaAwL + zEQG+fbcFnEkHPiJeAohYUCHiqCihLt0pqGwZi+QrudPQE6C47YijGZWJu4VVLjB + B2L9iDQKsN4FnBJ9egJIwWBLX3XXQfjC43UGm1A5sBvD+ScsCQKCAQEA7GxU7/SW + 4YJ+wBXrp7Z3vzlc5mTT5U4L2muWZLhIjT/jmpHpZ4c9a5DY/K9OYcu8XJ+7kx2B + N40cU3ZkT2ZbB5/BUCEmi3Wzy3R/KZshHDzvvSZHcXJqVBtv+HGJgR5ssFqAw8c6 + gJtDls+JE9Sz+nhLk0ZZ4658vbTQfG1lmtzrbC3Kz2xK8RPTdOU5Or7fayeaEKEW + ECBJPE41ME2UTdB/E85vyYoee0MBijjAs19QKqvoNbyrsZ5bihcIDYsrvjCmkdW1 + 20IUrSF3ZYJ9bb+CxHeRyNqwvRxPYSkzdMjZHx+xEAvJgw51QqmIi2QQf/qB+ych + cSbE/0Jhx4QbDQKCAQEAzAoenEOgmZvUegFUu8C6gWeibMjl3Y9SikQ4CoQO/zWr + aoCr5BpbzbtOffwnPfgk9wCGvXf6smOdrLUP1K2QAhBr/vJh7ih2MonvpYr5HPP7 + maVARR66IgtxXP2ER2I9+9p2OQdecGRP2fUn2KCDQIASHSSY/VjBb8LLJgryC/DS + r2b0+m1e2qXfNWt/BYTQZhD/8B/jl/2pl/jI2ne3rkeiwEm7lqZaDt3Q8gC+qoP5 + /IdG1Gob7UTMCbICWy1aGuzRYUmbpg0Vq4DAV1RtgBySB5oNq5PMBHYpOxedM2nM + NxHvf0u6wsxVULwQ4IfWUqUTspjxDmIgogSzmOGadwKCAQEA558if4tynjBImUtg + egirvG4oc5doeQhDWJN63eYlPizPgUleD41RQSbBTp04/1qoiV38WJ7ZT2Ex1Rry + H0+58vgyXZx8tLh1kufpBQv0HkQc44SzDZP4U7olspMZEaSK+yNPb36p9AEo8IEW + XJVQVhywffK4cfUqRHj2oFBU8KlrA6rBPQFtUk4IJkfED6ecHtDHgW8vvFDFLw23 + 0kDPAIU5WmAu6JYmUsBMq+v57kF8urF8Z9kVpIfuSpVR0GL+UfA74DgtWEefFhbp + cEutMm4jYPN7ofmOmVc49Yl13f4/qNxVjdDedUUe4FZTbax09cyotzOY8c/3w9R3 + Ew57qQKCAQAa5jqi30eM+L5KV2KUXhQ4ezEupk2np/15vQSmXkKb4rd2kwAWUmNH + /Cmc8mE6CjzVU3xv/iFO41MmMbikkT0rCH80XUAL5cmvX//4ExpEduX0m5SdiC+B + zYBkggeuYYVKbsKnQhFxP8hHM8rNBFxJZJj+vpRs0gaudT/TBB5k9JrSBQDHAyQ+ + Lx/+Ku3UDG5tBlC3l3ypzQdOwb25D49nqooKT64rbkLxMs0ZGoAIet26LRtpZZPI + 9AjyPkWRP6lhY1c3PD0I5zC0K4Uv/jFxclLOLcEfnZyH+gv1fmd7H7eMixDH93Pn + uoiE3EZdU4st2hV+tisRel5S/cuvnA6BAoIBAQDJISK8H0hwYp+J4/WUv/WLtrm4 + Mhmn8ItdEPAyCljycU6oLHJy4fgmmfRHeoO1i3jb87ks2GghegFBbJNzugfoGxIM + dLWIV+uFXWs24fMJ/J6lqN1JtAj7HjvqkXp061X+MdIJ0DsACygzFfJOjv+Ij77Q + Q1OBTSPfb0EWFNOuIJr9i2TwdN9eW/2ZMo1bPuwe4ttPEIBssfIC02dn2KD1RTqM + 1l+L97vVFk7CoSJZf5rLeysLVyUeGdDcoEcRA6fKhfB/55h+iqrZNvySX1HrR6on + PQcxDRPJD7f9rMsTzVl3DOxzvXAU3lIcZtPZps97IwXceAAh2e1kZNNv/cxj + -----END RSA PRIVATE KEY----- + ''; + "acme-v01.api.letsencrypt.org".cert = builtins.toFile "acme-v01.api.letsencrypt.org.cert" '' + -----BEGIN CERTIFICATE----- + MIIEtDCCApwCAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls + IENBMCAXDTE4MDcxMjAwMjIxN1oYDzIxMTgwNjE4MDAyMjE3WjAnMSUwIwYDVQQD + DBxhY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnMIICIjANBgkqhkiG9w0BAQEF + AAOCAg8AMIICCgKCAgEAvG+sL4q0VkgSClBTn4NkPiUrtXx5oLyZ+CCM1jrQx/xo + tUt5X2S4/7vMnAK/yRLsR7R2PhXO8CZPqJ7B6OfAgaDTgvipJkZYPZQSMP3KOinM + 3WJLssqKh7/HOxZIf0iyUXewrnX5eTAo/CLsUnhBjBD7E99nmQz/leLWSl82sSYD + kO3nUk3/1qJZA8iddb4uH0IEQWcNKev3WoQQzwiVrXBiftlRQOJy5JJXm5m8229M + CpMA1AUWmpdu6sl3/gFFdsDhUFq/a7LFrVyaUCMRIHg9szAB7ZFkixr9umQs8jKw + uo983JHB11h2SirwgfIzHHmyhaWhCt22ucTwEXGhq63LtrzZvLsfP8Ql5S+AuqGT + H0v8meuc784leAjulBZjkpuIFwDnVv9+YeUEbqJeo1hSHrILddora3nkH4E2dJWm + LpqpiPr++GRi+BNgYKW/BQLTJ7C6v+vUs+kdPgYJH5z7oP6f0YZkT0Wkubp/UEz7 + UV2dfjz57d77DYx5rFWGYzJriWR/xltgL1zDpjwjwG1FDpRqwlyYbBFpjQhxI+X0 + aT98m6fCzBDQHDb/+JgvsjTHh6OZatahFAwzFIEfrceDv1BG8sBWIaZGhLzYiWQx + afl8oXbWv1T6I1jpsTlCdCSkWzaJb4ZjxI9Ga1ynVu8F16+GR2a71wKWu7UbZQsC + AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAzeGlFMz1Bo+bbpZDQ60HLdw7qDp3SPJi + x5LYG860yzbh9ghvyc59MIm5E6vB140LRJAs+Xo6VdVSTC4jUA2kI9k1BQsbZKds + XT0RqA7HkqcLS3t3JWFkkKbCshMGZTSZ//hpbaUG1qEAfUfmZw1lAxqSa0kqavbP + awf7k8qHbqcj7WORCdH7fjKAjntEQwIpl1GEkAdCSghOJz2/o9aWmiGZt27OM/sG + MLSrcmL3QBElCjOxg14P8rnsmZ+VEp6MO93otoJ4dJL7fN7vTIh5ThbS384at/4l + 4KK/y7XctUzAtWzhnodjk/NSgrrGX2kseOGOWEM1sZc9xtinHH2tpOMqtLVOkgHD + Lul+TArqgqeoOdEM/9OL64kgOrO/JzxBq+egLUi4wgAul2wmtecKZK1dkwYZHeqW + 74i55yeBp+TTomnPr0ZBns6xKFYldJVzC34OB+2YVDxe8y9XtWtuQOxFw0LQHhNb + zy5aBverWzZFwiIIjJoVHTQq848uKBJec0YILfMinS1Wjif4xqW/IMfi+GFS0oka + sKCGNE/8ur9u/Jm6cbto3f2dtV8/vkhiITQgwzM2jalyuVJ9jyPxG7EvbTvZORgw + pRvBRTd4/eE7I1L+UDe6x8EjR/MrqfF9FWVGOZo4vPTyNbrSWYBh6s9kYy56ds1l + IRxst1BXEfI= + -----END CERTIFICATE----- + ''; + "letsencrypt.org".key = builtins.toFile "letsencrypt.org.key" '' + -----BEGIN RSA PRIVATE KEY----- + MIIJKAIBAAKCAgEAwPvhlwemgPi6919sSD7Pz6l6CRfU1G/fDc0AvsMN/nTmiGND + pqn9ef1CA+RtLtOuPc1LLyEovcfu75/V+6KSgO4k19E2CrFCFwjEOWDGF4DgclT3 + 751WGmFJgzPEfZfhbOrmQfQau86KxAtNZVp9FxcKbuLyQ/sNNxfNMB+7IHbVhwvz + VcndHpYZEP6kdnwvNLP22bouX5q3avxWStln01uZ0BfUm4XwxaUNIU7t0Dv56FK9 + C9hW9AZae0do0BJBWRF7xSwLeDJqn9uZz+sX0X/tIaaSQSBuZySj0He5ZKzdUO0t + px2xTS2Brl3Y2BOJaOE98HubWvdKoslLt4X2rVrMxGa86SmFzcyDL1RSowcP/ruy + y555l7pepL5s4cmMgRBBXj5tXhqUTVOn5WO+JClLk+rtvtAT4rogJmMqEKmMw2t7 + LNy1W9ri/378QG/i3AGaLIL/7GsPbuRO51Sdti4QMVe2zNFze72mzNmj1SXokWy7 + +ZvjUMp55oEjRRsTPUZdNOEHJWy6Os2znuqL7ZpIHCxBG8FKnkCViXRJqAA8bzcE + hR+pLamLIOHlv4kdzJ6phHkSvK68qvbRReUmOjJgSupVBI9jhK+fHay/UWR4zfJQ + ed99H8ZOoiXlrLCVs+VPDynUUKrzF1nYyolNzi/NS4e4AbnfWgyC5JKRpjUCAwEA + AQKCAgB0fNYL+zM3MGxy+2d6KGf6GnuuV3NBlBGY3ACyJT0iNmAdPYXNaVi2tPeP + L+fz1xSa+3uBhEt6Wt/QRrO8g8JZDuawWvl69MpG6yS+2bpY35MbkExkl50sqULd + bncRtIb+3r+EWht099RtR8E9B6TwNhk3G8hO3pB4i+ZwQQcMLo7vSHhmdUYCu2mA + B6UwW/+GmYbMoARz8wj6DDzuS1LPksBCis/r3KqcMue9Dk6gXkOYR7ETIFBEVj1x + ooYS6qIFaHdEajS2JgCUY9LxXR/wdn6lzE0GANSDb+tt34bJzUp+Gdxvvo2SX4Ci + xsUokIpmA2gG7CW3gAPORSFuMu/VYZtvt+owNYlODXRPuGi/eLDknFRB/S4Nx0J0 + WZZq5uTgJdQainyKYtDZALia5X4cc5I2hNetCorG9jNZIsSunbIAG+htx2FI3eqK + jwOUiHE8SCZ6YdXoDQjg2w+g8jeB23eqkPyzunpZphYiKay7VFeLwQEMC2a791ln + +MbHhhpRAc1uAoU2reB2fxKyaPlOfAWVMgUOGlgpVOuEVeMoc1CwjajaFztGG7fI + 8EHNoyAftCdXnTaLZk2KZnnIDHHzFXR62TE1GJFD1fdI1pHAloCbgA4h+Dtwm1Uu + iAEEfvVU/E5wbtAzv6pY32+OKX5kyHAbM5/e918B8ZxmHG1J9QKCAQEA6FwxsRG3 + 526NnZak540yboht5kV12BNBChjmARv/XgZ7o1VsfwjaosErMvasUBcHDEYOC/oE + ZgPAyrMVsYm0xe/5FSIFLJVeYXTr0rmCNhVtBCHx3IS94BCXreNnz0qoEWnb5E09 + Z1O42D0yGcLXklg6QaJfb7EdHh03F3dSVMHyDR3JlAQHRINeuP6LlQpbvRD3adH5 + QWr2M3k+Stuq2OJdG7eUS1dreCxRShLuDjDhiZekdl/TB3LM0prOaWrKBrryN2g6 + mjiasH6I5zRD3LQP5zg57Thb8afHqA4Fb85Frt6ltfFlPTIoxXZ5drVhmRWfXXnQ + POnj8T+w4zVjvwKCAQEA1J4ivyFkCL0JTSY3/PtwAQvBBj3GazzU6P+urWeH74Vh + WK17Ae40iOUHGyy80Db/fVY4VLQTpxvAeG91Gj5Nd/AucXJgOrisabcEz6N/xUs5 + sjJNgXuNKTAgjYBu0bqLXxgZj43zT8JhA6KW7RuYU0PtHMRragz4RbK9NWDaVvJb + xSR5QoVLS00PerUa0SfupEYKCrlSTP6FOM5YNkCuSMt7X6/m9cR0WwVINKvUQBiT + ObrN+KeBmF9awpQQnQOq/GbCl3kf6VyPQqYFhdrWSg52w33c2tBVYrtHJpeXGcin + akw4KKcj4rdU2qxMuuRiD5paagshbLdGsYMTbSzjCwKCAQEAh89DGAyUIcfDLAWd + st0bSfGh0oJsw3NVg3JUFPfpRWqiny/Rr1pcd95RwoLc6h7bdrgHg8aJBZtR9ue/ + WTp0l3CQdGKjBZD0TiAJqevViIjzZAP3Gn3XgPwRu4f75/Pp0eu+o2zl49vSYUk7 + XEU+vIGm4y/leiHaM/y9c5DBZVrKgBIV/NZx7QCfv56/tMgOIK6m/YnFlw/OgP1v + hE9qR0PfSdD98x9QaDf290WjMFYvrL0eWjXd4S+fOcVTude55z8jTXE1N2i4OUpr + +D7bH0d7OBjr+pQDYXZAQyCW2ueEYRYvYu2Jz7/ehrOdgN25AsHZmMgXB1NpcFta + pyJQfwKCAQByoPMwworRH0GVg4Zp8RFYrwKZH9MK29gZ6kc9m/Sw0OND0PvhdZCD + QZ8MKpl9VDl4VHS4TgHOdWrWQ5kJ1g8kG6yeY0C4R/pEYHTKkWaAcucfSHl61qar + TxQt1dFpZz5evXqCZ9CG7tApCo5+NQNx2MxMVyVmHqn3wb66uYXdnHqXlet+Tqji + ZyByUpOrsfC6RjyBvZo+gnZGwxDR5xtPiczxML+/PvRQYk+kfgNHrzgoxqrnZT+8 + a6ReBT/TtzeHLsu4qIfo44slLqcJnIstkBC9ouzgV7PBMCDTEKVZNFH2QDOCz2HM + iHTKFFyl4h1wNhKK24dguor1hyqBENMzAoIBAAQvQHwRWIVlfCMRI170Ls8AXB9Z + MMdZJ37bh6kmJpkV3+HB1ZkKwofHKR9h/3xLt5iYXzqT+/zA4EAsFFs1A93+tkzh + yPrN5iTSJicophZSlA4ObX1hMkgshvl7ZB1fRM5WyiszBOfm8W7eAxaK8nY2oAoP + tI7rioo6CFBNMCGbOl4gEX6YJ4OsVSm+efCRSDDw+3HW8H2YgqufBzAULk1Jcj5t + ZvraXpC5qZ92VtsH0cGA1ovNDAmoOV4AAvtZVpLQsXwaphad/Fbn/ItGrrluvvFC + HuldRzYtl/AQtoirK86LTY3aAmcwVFuiYvDQMzjzkJvVMmRCFZBcUIaz2oI= + -----END RSA PRIVATE KEY----- + ''; + "letsencrypt.org".cert = builtins.toFile "letsencrypt.org.cert" '' + -----BEGIN CERTIFICATE----- + MIIEpzCCAo8CAgKaMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC1NuYWtlb2ls + IENBMCAXDTE4MDcxMjAwMjIxOVoYDzIxMTgwNjE4MDAyMjE5WjAaMRgwFgYDVQQD + DA9sZXRzZW5jcnlwdC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC + AQDA++GXB6aA+Lr3X2xIPs/PqXoJF9TUb98NzQC+ww3+dOaIY0Omqf15/UID5G0u + 0649zUsvISi9x+7vn9X7opKA7iTX0TYKsUIXCMQ5YMYXgOByVPfvnVYaYUmDM8R9 + l+Fs6uZB9Bq7zorEC01lWn0XFwpu4vJD+w03F80wH7sgdtWHC/NVyd0elhkQ/qR2 + fC80s/bZui5fmrdq/FZK2WfTW5nQF9SbhfDFpQ0hTu3QO/noUr0L2Fb0Blp7R2jQ + EkFZEXvFLAt4Mmqf25nP6xfRf+0hppJBIG5nJKPQd7lkrN1Q7S2nHbFNLYGuXdjY + E4lo4T3we5ta90qiyUu3hfatWszEZrzpKYXNzIMvVFKjBw/+u7LLnnmXul6kvmzh + yYyBEEFePm1eGpRNU6flY74kKUuT6u2+0BPiuiAmYyoQqYzDa3ss3LVb2uL/fvxA + b+LcAZosgv/saw9u5E7nVJ22LhAxV7bM0XN7vabM2aPVJeiRbLv5m+NQynnmgSNF + GxM9Rl004QclbLo6zbOe6ovtmkgcLEEbwUqeQJWJdEmoADxvNwSFH6ktqYsg4eW/ + iR3MnqmEeRK8rryq9tFF5SY6MmBK6lUEj2OEr58drL9RZHjN8lB5330fxk6iJeWs + sJWz5U8PKdRQqvMXWdjKiU3OL81Lh7gBud9aDILkkpGmNQIDAQABMA0GCSqGSIb3 + DQEBCwUAA4ICAQAkx3jcryukAuYP7PQxMy3LElOl65ZFVqxDtTDlr7DvAkWJzVCb + g08L6Tu+K0rKh2RbG/PqS0+8/jBgc4IwSOPfDDAX+sinfj0kwXG34WMzB0G3fQzU + 2BMplJDOaBcNqHG8pLP1BG+9HAtR/RHe9p2Jw8LG2qmZs6uemPT/nCTNoyIL4oxh + UncjETV4ayCHDKD1XA7/icgddYsnfLQHWuIMuCrmQCHo0uQAd7qVHfUWZ+gcsZx0 + jTNCcaI8OTS2S65Bjaq2HaM7GMcUYNUD2vSyNQeQbha4ZeyZ9bPyFzznPMmrPXQe + MJdkbJ009RQIG9As79En4m+l+/6zrdx4DNdROqaL6YNiSebWMnuFHpMW/rCnhrT/ + HYadijHOiJJGj9tWSdC4XJs7fvZW3crMPUYxpOvl01xW2ZlgaekILi1FAjSMQVoV + NhWstdGCKJdthJqLL5MtNdfgihKcmgkJqKFXTkPv7sgAQCopu6X+S+srCgn856Lv + 21haRWZa8Ml+E0L/ticT8Fd8Luysc6K9TJ4mT8ENC5ywvgDlEkwBD3yvINXm5lg1 + xOIxv/Ye5gFk1knuM7OzpUFBrXUHdVVxflCUqNAhFPbcXwjgEQ+A+S5B0vI6Ohue + ZnR/wuiou6Y+Yzh8XfqL/3H18mGDdjyMXI1B6l4Judk000UVyr46cnI7mw== + -----END CERTIFICATE----- + ''; +} diff --git a/nixos/tests/common/resolver.nix b/nixos/tests/common/resolver.nix index a1901c5c8167c..6be8d1d18e622 100644 --- a/nixos/tests/common/resolver.nix +++ b/nixos/tests/common/resolver.nix @@ -18,7 +18,7 @@ defining this option needs to be explicitly imported. The reason this option exists is for the - <filename>nixos/tests/common/letsencrypt.nix</filename> module, which + <filename>nixos/tests/common/letsencrypt</filename> module, which needs that option to disable the resolver once the user has set its own resolver. ''; diff --git a/nixos/tests/common/user-account.nix b/nixos/tests/common/user-account.nix index dc50e14750b01..9cd531a1f96c8 100644 --- a/nixos/tests/common/user-account.nix +++ b/nixos/tests/common/user-account.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ ... }: { users.users.alice = { isNormalUser = true; diff --git a/nixos/tests/containers-bridge.nix b/nixos/tests/containers-bridge.nix index dfef46a2ada49..bd8bd5dee9c88 100644 --- a/nixos/tests/containers-bridge.nix +++ b/nixos/tests/containers-bridge.nix @@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; virtualisation.memorySize = 768; diff --git a/nixos/tests/containers-extra_veth.nix b/nixos/tests/containers-extra_veth.nix index df3f3354b2d99..8f874b3585dc4 100644 --- a/nixos/tests/containers-extra_veth.nix +++ b/nixos/tests/containers-extra_veth.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; virtualisation.memorySize = 768; diff --git a/nixos/tests/containers-hosts.nix b/nixos/tests/containers-hosts.nix index df1ef6d149364..8cf298c622583 100644 --- a/nixos/tests/containers-hosts.nix +++ b/nixos/tests/containers-hosts.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, lib, ... }: + { lib, ... }: { virtualisation.memorySize = 256; virtualisation.vlans = []; diff --git a/nixos/tests/containers-ipv4.nix b/nixos/tests/containers-ipv4.nix index 821ce1cd07d2b..c4d954592ef02 100644 --- a/nixos/tests/containers-ipv4.nix +++ b/nixos/tests/containers-ipv4.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; virtualisation.memorySize = 768; diff --git a/nixos/tests/containers-ipv6.nix b/nixos/tests/containers-ipv6.nix index f676ed122bb3a..7db389a18e726 100644 --- a/nixos/tests/containers-ipv6.nix +++ b/nixos/tests/containers-ipv6.nix @@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; virtualisation.memorySize = 768; diff --git a/nixos/tests/containers-macvlans.nix b/nixos/tests/containers-macvlans.nix index 390dc4ad2c29c..2bdb926a8e2b7 100644 --- a/nixos/tests/containers-macvlans.nix +++ b/nixos/tests/containers-macvlans.nix @@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { machine1 = - { config, pkgs, lib, ... }: + { lib, ... }: { virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; @@ -55,7 +55,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine2 = - { config, pkgs, ... }: + { ... }: { virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; diff --git a/nixos/tests/containers-physical_interfaces.nix b/nixos/tests/containers-physical_interfaces.nix index bde8e175f9532..1e312f59f437e 100644 --- a/nixos/tests/containers-physical_interfaces.nix +++ b/nixos/tests/containers-physical_interfaces.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - server = { config, pkgs, ... }: + server = { ... }: { virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; @@ -23,7 +23,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; }; - bridged = { config, pkgs, ... }: { + bridged = { ... }: { virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; @@ -41,7 +41,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; - bonded = { config, pkgs, ... }: { + bonded = { ... }: { virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; @@ -62,7 +62,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; - bridgedbond = { config, pkgs, ... }: { + bridgedbond = { ... }: { virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; diff --git a/nixos/tests/containers-portforward.nix b/nixos/tests/containers-portforward.nix index 78cc445c2dd06..be83f82445edc 100644 --- a/nixos/tests/containers-portforward.nix +++ b/nixos/tests/containers-portforward.nix @@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; virtualisation.memorySize = 768; diff --git a/nixos/tests/containers-reloadable.nix b/nixos/tests/containers-reloadable.nix index 5fb42f2272b35..9726ca0cb0e76 100644 --- a/nixos/tests/containers-reloadable.nix +++ b/nixos/tests/containers-reloadable.nix @@ -21,11 +21,11 @@ in { }; nodes = { - client = { lib, pkgs, ... }: { + client = { ... }: { imports = [ client_base ]; }; - client_c1 = { lib, pkgs, ... }: { + client_c1 = { lib, ... }: { imports = [ client_base ]; containers.test1.config = { @@ -34,7 +34,7 @@ in { services.httpd.adminAddr = "nixos@example.com"; }; }; - client_c2 = { lib, pkgs, ... }: { + client_c2 = { lib, ... }: { imports = [ client_base ]; containers.test1.config = { @@ -45,7 +45,6 @@ in { }; testScript = {nodes, ...}: let - originalSystem = nodes.client.config.system.build.toplevel; c1System = nodes.client_c1.config.system.build.toplevel; c2System = nodes.client_c2.config.system.build.toplevel; in '' diff --git a/nixos/tests/containers-restart_networking.nix b/nixos/tests/containers-restart_networking.nix index f68c9b07759b2..aeb0a6e68e216 100644 --- a/nixos/tests/containers-restart_networking.nix +++ b/nixos/tests/containers-restart_networking.nix @@ -17,7 +17,7 @@ let }; }; }; -in import ./make-test.nix ({ pkgs, lib, ...} : +in import ./make-test.nix ({ pkgs, ...} : { name = "containers-restart_networking"; meta = with pkgs.stdenv.lib.maintainers; { @@ -25,7 +25,7 @@ in import ./make-test.nix ({ pkgs, lib, ...} : }; nodes = { - client = { lib, pkgs, ... }: client_base // { + client = { lib, ... }: client_base // { virtualisation.vlans = [ 1 ]; networking.bridges.br0 = { @@ -38,7 +38,7 @@ in import ./make-test.nix ({ pkgs, lib, ...} : }; }; - client_eth1 = { lib, pkgs, ... }: client_base // { + client_eth1 = { lib, ... }: client_base // { networking.bridges.br0 = { interfaces = [ "eth1" ]; rstp = false; @@ -48,7 +48,7 @@ in import ./make-test.nix ({ pkgs, lib, ...} : br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; }; }; - client_eth1_rstp = { lib, pkgs, ... }: client_base // { + client_eth1_rstp = { lib, ... }: client_base // { networking.bridges.br0 = { interfaces = [ "eth1" ]; rstp = true; diff --git a/nixos/tests/containers-tmpfs.nix b/nixos/tests/containers-tmpfs.nix index 873dd364369fb..05c21f4907bf5 100644 --- a/nixos/tests/containers-tmpfs.nix +++ b/nixos/tests/containers-tmpfs.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/installer/cd-dvd/channel.nix ]; virtualisation.writableStore = true; virtualisation.memorySize = 768; diff --git a/nixos/tests/couchdb.nix b/nixos/tests/couchdb.nix index a3f675236bc6f..48ea48eebbb31 100644 --- a/nixos/tests/couchdb.nix +++ b/nixos/tests/couchdb.nix @@ -10,14 +10,14 @@ with lib; nodes = { couchdb1 = - { pkgs, config, ... }: + { pkgs, ... }: { environment.systemPackages = with pkgs; [ jq ]; services.couchdb.enable = true; }; couchdb2 = - { pkgs, config, ... }: + { pkgs, ... }: { environment.systemPackages = with pkgs; [ jq ]; services.couchdb.enable = true; diff --git a/nixos/tests/deluge.nix b/nixos/tests/deluge.nix index 6119fd58447c1..b4be5e465cc03 100644 --- a/nixos/tests/deluge.nix +++ b/nixos/tests/deluge.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { server = - { pkgs, config, ... }: + { ... }: { services.deluge = { enable = true; diff --git a/nixos/tests/dnscrypt-proxy.nix b/nixos/tests/dnscrypt-proxy.nix index 1fcf3903b13e9..13bc9d3d9168d 100644 --- a/nixos/tests/dnscrypt-proxy.nix +++ b/nixos/tests/dnscrypt-proxy.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ... }: { # A client running the recommended setup: DNSCrypt proxy as a forwarder # for a caching DNS client. client = - { config, pkgs, ... }: + { ... }: let localProxyPort = 43; in { security.apparmor.enable = true; diff --git a/nixos/tests/docker-edge.nix b/nixos/tests/docker-edge.nix index 38d25daff194c..b306c149be91a 100644 --- a/nixos/tests/docker-edge.nix +++ b/nixos/tests/docker-edge.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { docker = - { config, pkgs, ... }: + { pkgs, ... }: { virtualisation.docker.enable = true; virtualisation.docker.package = pkgs.docker-edge; diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix index 1fbd199c7bc4f..8936421072a99 100644 --- a/nixos/tests/docker-registry.nix +++ b/nixos/tests/docker-registry.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - registry = { config, pkgs, ... }: { + registry = { ... }: { services.dockerRegistry.enable = true; services.dockerRegistry.enableDelete = true; services.dockerRegistry.port = 8080; @@ -16,12 +16,12 @@ import ./make-test.nix ({ pkgs, ...} : { networking.firewall.allowedTCPPorts = [ 8080 ]; }; - client1 = { config, pkgs, ...}: { + client1 = { ... }: { virtualisation.docker.enable = true; virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; }; - client2 = { config, pkgs, ...}: { + client2 = { ... }: { virtualisation.docker.enable = true; virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; }; diff --git a/nixos/tests/docker-tools-overlay.nix b/nixos/tests/docker-tools-overlay.nix index 9d7fa3e7a8c52..637957bd3e8b3 100644 --- a/nixos/tests/docker-tools-overlay.nix +++ b/nixos/tests/docker-tools-overlay.nix @@ -9,7 +9,7 @@ import ./make-test.nix ({ pkgs, ... }: nodes = { docker = - { config, pkgs, ... }: + { ... }: { virtualisation.docker.enable = true; virtualisation.docker.storageDriver = "overlay"; # defaults to overlay2 diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index e2bcfbbd1f962..db4eacc37287f 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ... }: { nodes = { docker = - { config, pkgs, ... }: { + { ... }: { virtualisation = { diskSize = 2048; docker.enable = true; diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index c6c8f4cdb5fb9..d67b2f8743d80 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { docker = - { config, pkgs, ... }: + { pkgs, ... }: { virtualisation.docker.enable = true; virtualisation.docker.package = pkgs.docker; diff --git a/nixos/tests/ecryptfs.nix b/nixos/tests/ecryptfs.nix index 041be0f5a6246..3f02cecb8662d 100644 --- a/nixos/tests/ecryptfs.nix +++ b/nixos/tests/ecryptfs.nix @@ -1,8 +1,8 @@ -import ./make-test.nix ({ pkgs, ... }: +import ./make-test.nix ({ ... }: { name = "ecryptfs"; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { imports = [ ./common/user-account.nix ]; boot.kernelModules = [ "ecryptfs" ]; security.pam.enableEcryptfs = true; diff --git a/nixos/tests/elk.nix b/nixos/tests/elk.nix index ed656b3628b9e..8dba7a905fa63 100644 --- a/nixos/tests/elk.nix +++ b/nixos/tests/elk.nix @@ -11,7 +11,7 @@ let }; nodes = { one = - { config, pkgs, ... }: { + { pkgs, ... }: { # Not giving the machine at least 2060MB results in elasticsearch failing with the following error: # # OpenJDK 64-Bit Server VM warning: diff --git a/nixos/tests/emacs-daemon.nix b/nixos/tests/emacs-daemon.nix index 466e772a881f3..3594e35e343c5 100644 --- a/nixos/tests/emacs-daemon.nix +++ b/nixos/tests/emacs-daemon.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { enableOCR = true; machine = - { config, pkgs, ... }: + { ... }: { imports = [ ./common/x11.nix ]; services.emacs = { diff --git a/nixos/tests/env.nix b/nixos/tests/env.nix index c6b0424e97b93..064c498204aec 100644 --- a/nixos/tests/env.nix +++ b/nixos/tests/env.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ nequissimus ]; }; - machine = { config, lib, pkgs, ... }: + machine = { pkgs, ... }: { boot.kernelPackages = pkgs.linuxPackages; environment.etc."plainFile".text = '' diff --git a/nixos/tests/etcd-cluster.nix b/nixos/tests/etcd-cluster.nix index 3971997a9bf79..3c4de5950a79f 100644 --- a/nixos/tests/etcd-cluster.nix +++ b/nixos/tests/etcd-cluster.nix @@ -102,7 +102,7 @@ in { }; nodes = { - node1 = { config, pkgs, nodes, ... }: { + node1 = { ... }: { require = [nodeConfig]; services.etcd = { initialCluster = ["node1=https://node1:2380" "node2=https://node2:2380"]; @@ -110,7 +110,7 @@ in { }; }; - node2 = { config, pkgs, ... }: { + node2 = { ... }: { require = [nodeConfig]; services.etcd = { initialCluster = ["node1=https://node1:2380" "node2=https://node2:2380"]; @@ -118,7 +118,7 @@ in { }; }; - node3 = { config, pkgs, ... }: { + node3 = { ... }: { require = [nodeConfig]; services.etcd = { initialCluster = ["node1=https://node1:2380" "node2=https://node2:2380" "node3=https://node3:2380"]; diff --git a/nixos/tests/etcd.nix b/nixos/tests/etcd.nix index f8a6791a834f7..6c23b31779bc5 100644 --- a/nixos/tests/etcd.nix +++ b/nixos/tests/etcd.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ... } : { }; nodes = { - node = { config, pkgs, nodes, ... }: { + node = { ... }: { services.etcd.enable = true; }; }; diff --git a/nixos/tests/ferm.nix b/nixos/tests/ferm.nix index bb7daae118c08..24b74df85ad1d 100644 --- a/nixos/tests/ferm.nix +++ b/nixos/tests/ferm.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { client = - { config, pkgs, ... }: + { pkgs, ... }: with pkgs.lib; { networking = { @@ -16,7 +16,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; server = - { config, pkgs, ... }: + { pkgs, ... }: with pkgs.lib; { networking = { diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index e1b628c914456..58a80243ea9c7 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ./common/x11.nix ]; environment.systemPackages = [ pkgs.firefox pkgs.xdotool ]; diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index 1119a5312eb5b..7207a880d8e2f 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -8,7 +8,7 @@ import ./make-test.nix ( { pkgs, ... } : { nodes = { walled = - { config, pkgs, nodes, ... }: + { ... }: { networking.firewall.enable = true; networking.firewall.logRefusedPackets = true; services.httpd.enable = true; @@ -20,13 +20,13 @@ import ./make-test.nix ( { pkgs, ... } : { # original walled configuration so that there is a change in the service # file. walled2 = - { config, pkgs, nodes, ... }: + { ... }: { networking.firewall.enable = true; networking.firewall.rejectPackets = true; }; attacker = - { config, pkgs, ... }: + { ... }: { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; networking.firewall.enable = false; diff --git a/nixos/tests/flannel.nix b/nixos/tests/flannel.nix index 7f27903a3026c..fb66fe282090e 100644 --- a/nixos/tests/flannel.nix +++ b/nixos/tests/flannel.nix @@ -17,7 +17,7 @@ import ./make-test.nix ({ pkgs, ...} : rec { networking.firewall.allowedUDPPorts = [ 8472 ]; }; in { - etcd = { config, pkgs, ... }: { + etcd = { ... }: { services = { etcd = { enable = true; @@ -31,11 +31,11 @@ import ./make-test.nix ({ pkgs, ...} : rec { networking.firewall.allowedTCPPorts = [ 2379 ]; }; - node1 = { config, ... }: { + node1 = { ... }: { require = [flannelConfig]; }; - node2 = { config, ... }: { + node2 = { ... }: { require = [flannelConfig]; }; }; diff --git a/nixos/tests/flatpak.nix b/nixos/tests/flatpak.nix index d1c7cf843147e..096b37e6e2cb7 100644 --- a/nixos/tests/flatpak.nix +++ b/nixos/tests/flatpak.nix @@ -7,9 +7,10 @@ import ./make-test.nix ({ pkgs, ... }: maintainers = pkgs.flatpak.meta.maintainers; }; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { imports = [ ./common/x11.nix ]; services.xserver.desktopManager.gnome3.enable = true; # TODO: figure out minimal environment where the tests work + environment.gnome3.excludePackages = pkgs.gnome3.optionalPackages; services.flatpak.enable = true; environment.systemPackages = with pkgs; [ gnupg gnome-desktop-testing ostree python2 ]; virtualisation.memorySize = 2047; diff --git a/nixos/tests/fwupd.nix b/nixos/tests/fwupd.nix index bf4ef25130b3d..2e64149b2db3a 100644 --- a/nixos/tests/fwupd.nix +++ b/nixos/tests/fwupd.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ... }: { maintainers = pkgs.fwupd.meta.maintainers; }; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { services.fwupd.enable = true; environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; environment.variables.XDG_DATA_DIRS = [ "${pkgs.fwupd.installedTests}/share" ]; diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index 7268636b62ad0..3af2cbcd09885 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - gitlab = { config, pkgs, ... }: { + gitlab = { ... }: { virtualisation.memorySize = 768; services.nginx = { diff --git a/nixos/tests/gitolite.nix b/nixos/tests/gitolite.nix index d4028efad1d89..690e456ed7c86 100644 --- a/nixos/tests/gitolite.nix +++ b/nixos/tests/gitolite.nix @@ -58,7 +58,7 @@ in nodes = { server = - { config, pkgs, lib, ... }: + { ... }: { services.gitolite = { enable = true; @@ -68,7 +68,7 @@ in }; client = - { config, pkgs, lib, ... }: + { pkgs, ... }: { environment.systemPackages = [ pkgs.git ]; programs.ssh.extraConfig = '' diff --git a/nixos/tests/gnome3-gdm.nix b/nixos/tests/gnome3-gdm.nix index 71ae1709d5264..1f590f337fd90 100644 --- a/nixos/tests/gnome3-gdm.nix +++ b/nixos/tests/gnome3-gdm.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { ... }: { imports = [ ./common/user-account.nix ]; diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index 591ed8600685f..3f51d04163a4f 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { ... }: { imports = [ ./common/user-account.nix ]; diff --git a/nixos/tests/gocd-agent.nix b/nixos/tests/gocd-agent.nix index 5cadff0899504..50470379576b1 100644 --- a/nixos/tests/gocd-agent.nix +++ b/nixos/tests/gocd-agent.nix @@ -17,7 +17,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { gocd_agent = - { config, pkgs, ... }: + { ... }: { virtualisation.memorySize = 2046; services.gocd-agent = { diff --git a/nixos/tests/gocd-server.nix b/nixos/tests/gocd-server.nix index b473d4ad61c79..80cf04ed64049 100644 --- a/nixos/tests/gocd-server.nix +++ b/nixos/tests/gocd-server.nix @@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : nodes = { gocd_server = - { config, pkgs, ... }: + { ... }: { virtualisation.memorySize = 2046; services.gocd-server.enable = true; diff --git a/nixos/tests/grafana.nix b/nixos/tests/grafana.nix index d45776c3ee293..9dc765a879bcf 100644 --- a/nixos/tests/grafana.nix +++ b/nixos/tests/grafana.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ lib, ... }: maintainers = [ willibutz ]; }; - machine = { config, pkgs, ... }: { + machine = { ... }: { services.grafana = { enable = true; addr = "localhost"; diff --git a/nixos/tests/graphite.nix b/nixos/tests/graphite.nix index 5a1f50bd29b18..1fe4357191e3f 100644 --- a/nixos/tests/graphite.nix +++ b/nixos/tests/graphite.nix @@ -1,9 +1,9 @@ -import ./make-test.nix ({ pkgs, ...} : +import ./make-test.nix ({ ... } : { name = "graphite"; nodes = { one = - { config, pkgs, ... }: { + { ... }: { virtualisation.memorySize = 1024; time.timeZone = "UTC"; services.graphite = { diff --git a/nixos/tests/hadoop/hdfs.nix b/nixos/tests/hadoop/hdfs.nix index 4206c940c1afa..e7d72a56e1e7b 100644 --- a/nixos/tests/hadoop/hdfs.nix +++ b/nixos/tests/hadoop/hdfs.nix @@ -1,6 +1,6 @@ -import ../make-test.nix ({pkgs, ...}: { +import ../make-test.nix ({...}: { nodes = { - namenode = {pkgs, config, ...}: { + namenode = {pkgs, ...}: { services.hadoop = { package = pkgs.hadoop_3_1; hdfs.namenode.enabled = true; @@ -18,7 +18,7 @@ import ../make-test.nix ({pkgs, ...}: { 8020 # namenode.rpc-address ]; }; - datanode = {pkgs, config, ...}: { + datanode = {pkgs, ...}: { services.hadoop = { package = pkgs.hadoop_3_1; hdfs.datanode.enabled = true; diff --git a/nixos/tests/hadoop/yarn.nix b/nixos/tests/hadoop/yarn.nix index e97cc1acc902e..031592301f172 100644 --- a/nixos/tests/hadoop/yarn.nix +++ b/nixos/tests/hadoop/yarn.nix @@ -1,6 +1,6 @@ -import ../make-test.nix ({pkgs, ...}: { +import ../make-test.nix ({...}: { nodes = { - resourcemanager = {pkgs, config, ...}: { + resourcemanager = {pkgs, ...}: { services.hadoop.package = pkgs.hadoop_3_1; services.hadoop.yarn.resourcemanager.enabled = true; services.hadoop.yarnSite = { @@ -11,7 +11,7 @@ import ../make-test.nix ({pkgs, ...}: { 8031 # resourcemanager.resource-tracker.address ]; }; - nodemanager = {pkgs, config, ...}: { + nodemanager = {pkgs, ...}: { services.hadoop.package = pkgs.hadoop_3_1; services.hadoop.yarn.nodemanager.enabled = true; services.hadoop.yarnSite = { diff --git a/nixos/tests/haka.nix b/nixos/tests/haka.nix index 40548f34690f6..6277ebb4933fd 100644 --- a/nixos/tests/haka.nix +++ b/nixos/tests/haka.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { haka = - { config, pkgs, ... }: + { ... }: { services.haka.enable = true; }; diff --git a/nixos/tests/haproxy.nix b/nixos/tests/haproxy.nix index ce4094237db23..22a83e9d1eabf 100644 --- a/nixos/tests/haproxy.nix +++ b/nixos/tests/haproxy.nix @@ -1,7 +1,7 @@ import ./make-test.nix ({ pkgs, ...}: { name = "haproxy"; nodes = { - machine = { config, ...}: { + machine = { ... }: { imports = [ ../modules/profiles/minimal.nix ]; services.haproxy = { enable = true; diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index 0a0639d62796d..2700b8e5935a9 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, lib, pkgs, ... }: + { lib, pkgs, ... }: with lib; { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; users.users.sybil = { isNormalUser = true; group = "wheel"; }; diff --git a/nixos/tests/hibernate.nix b/nixos/tests/hibernate.nix index 3ae2bdffed90a..1f98bb739f210 100644 --- a/nixos/tests/hibernate.nix +++ b/nixos/tests/hibernate.nix @@ -16,7 +16,7 @@ import ./make-test.nix (pkgs: { systemd.services.listener.serviceConfig.ExecStart = "${pkgs.netcat}/bin/nc -l 4444 -k"; }; - probe = { config, lib, pkgs, ...}: { + probe = { pkgs, ...}: { environment.systemPackages = [ pkgs.netcat ]; }; }; diff --git a/nixos/tests/hitch/default.nix b/nixos/tests/hitch/default.nix index b024306cde56b..cb24c4dcffc24 100644 --- a/nixos/tests/hitch/default.nix +++ b/nixos/tests/hitch/default.nix @@ -4,7 +4,7 @@ import ../make-test.nix ({ pkgs, ... }: meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ jflanglois ]; }; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.curl ]; services.hitch = { enable = true; diff --git a/nixos/tests/hocker-fetchdocker/machine.nix b/nixos/tests/hocker-fetchdocker/machine.nix index 12c58a0122432..78343f0e02f0f 100644 --- a/nixos/tests/hocker-fetchdocker/machine.nix +++ b/nixos/tests/hocker-fetchdocker/machine.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { nixpkgs.config.packageOverrides = pkgs': { hello-world-container = pkgs'.callPackage ./hello-world-container.nix { }; }; diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index 797706a062cae..0c027eaca6190 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -12,7 +12,7 @@ in { nodes = { hass = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = with pkgs; [ mosquitto diff --git a/nixos/tests/hound.nix b/nixos/tests/hound.nix index 82fd44e8e36fb..f21c0ad58a850 100644 --- a/nixos/tests/hound.nix +++ b/nixos/tests/hound.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ... } : { meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ grahamc ]; }; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { services.hound = { enable = true; config = '' diff --git a/nixos/tests/hydra/default.nix b/nixos/tests/hydra/default.nix index 74919444c16d6..98d99811f3c01 100644 --- a/nixos/tests/hydra/default.nix +++ b/nixos/tests/hydra/default.nix @@ -31,7 +31,7 @@ in { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { virtualisation.memorySize = 1024; diff --git a/nixos/tests/i3wm.nix b/nixos/tests/i3wm.nix index 4685992d7a053..245c17eedf7e2 100644 --- a/nixos/tests/i3wm.nix +++ b/nixos/tests/i3wm.nix @@ -4,14 +4,14 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ aszlig ]; }; - machine = { lib, pkgs, ... }: { + machine = { lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; services.xserver.displayManager.auto.user = "alice"; services.xserver.windowManager.default = lib.mkForce "i3"; services.xserver.windowManager.i3.enable = true; }; - testScript = { nodes, ... }: '' + testScript = { ... }: '' $machine->waitForX; $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); diff --git a/nixos/tests/influxdb.nix b/nixos/tests/influxdb.nix index ee126091667a9..440049d951117 100644 --- a/nixos/tests/influxdb.nix +++ b/nixos/tests/influxdb.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - one = { config, pkgs, ... }: { + one = { ... }: { services.influxdb.enable = true; }; }; diff --git a/nixos/tests/initrd-network-ssh/default.nix b/nixos/tests/initrd-network-ssh/default.nix index b1f3d147e8626..b2209f297a4f8 100644 --- a/nixos/tests/initrd-network-ssh/default.nix +++ b/nixos/tests/initrd-network-ssh/default.nix @@ -1,4 +1,4 @@ -import ../make-test.nix ({ pkgs, lib, ... }: +import ../make-test.nix ({ lib, ... }: { name = "initrd-network-ssh"; @@ -8,7 +8,7 @@ import ../make-test.nix ({ pkgs, lib, ... }: nodes = with lib; rec { server = - { config, pkgs, ... }: + { config, ... }: { boot.kernelParams = [ "ip=${config.networking.primaryIPAddress}:::255.255.255.0::eth1:none" @@ -33,7 +33,7 @@ import ../make-test.nix ({ pkgs, lib, ... }: }; client = - { config, pkgs, ... }: + { config, ... }: { environment.etc.knownHosts = { text = concatStrings [ diff --git a/nixos/tests/initrd-network.nix b/nixos/tests/initrd-network.nix index db9f572d3c2f6..ed9b82e2da773 100644 --- a/nixos/tests/initrd-network.nix +++ b/nixos/tests/initrd-network.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, ...} : { meta.maintainers = [ pkgs.stdenv.lib.maintainers.eelco ]; - machine = { config, pkgs, ... }: { + machine = { ... }: { imports = [ ../modules/profiles/minimal.nix ]; boot.initrd.network.enable = true; boot.initrd.network.postCommands = diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 8ce9bc21ff775..2455b9152bd9e 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -58,9 +58,6 @@ let ''; - channelContents = [ pkgs.rlwrap ]; - - # The test script boots a NixOS VM, installs NixOS on an empty hard # disk, and then reboot from the hard disk. It's parameterized with # a test script fragment `createPartitions', which must create @@ -206,7 +203,7 @@ let # The configuration of the machine used to run "nixos-install". machine = - { config, lib, pkgs, ... }: + { pkgs, ... }: { imports = [ ../modules/profiles/installation-device.nix @@ -237,7 +234,7 @@ let libxml2.bin libxslt.bin docbook5 - docbook5_xsl + docbook_xsl_ns unionfs-fuse ntp nixos-artwork.wallpapers.gnome-dark diff --git a/nixos/tests/ipfs.nix b/nixos/tests/ipfs.nix index c6bc61545245c..3cff7e99ff887 100644 --- a/nixos/tests/ipfs.nix +++ b/nixos/tests/ipfs.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { adder = - { config, pkgs, ... }: + { ... }: { services.ipfs = { enable = true; @@ -18,7 +18,7 @@ import ./make-test.nix ({ pkgs, ...} : { networking.firewall.allowedTCPPorts = [ 4001 ]; }; getter = - { config, pkgs, ... }: + { ... }: { services.ipfs = { enable = true; diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix index 7a98fd85cfda9..97f348a9beebe 100644 --- a/nixos/tests/ipv6.nix +++ b/nixos/tests/ipv6.nix @@ -8,17 +8,17 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = - { client = { config, pkgs, ... }: { }; + { client = { ... }: { }; server = - { config, pkgs, ... }: + { ... }: { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; networking.firewall.allowedTCPPorts = [ 80 ]; }; router = - { config, pkgs, ... }: + { ... }: { services.radvd.enable = true; services.radvd.config = '' diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index 25629efbfa490..4f2d2085cd1a9 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { master = - { config, pkgs, ... }: + { ... }: { services.jenkins.enable = true; # should have no effect @@ -24,7 +24,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; slave = - { config, pkgs, ... }: + { ... }: { services.jenkinsSlave.enable = true; users.users.jenkins.extraGroups = [ "users" ]; diff --git a/nixos/tests/kafka.nix b/nixos/tests/kafka.nix index e48b25d67df39..c9fd74620efb1 100644 --- a/nixos/tests/kafka.nix +++ b/nixos/tests/kafka.nix @@ -10,7 +10,7 @@ let }; nodes = { - zookeeper1 = { config, ... }: { + zookeeper1 = { ... }: { services.zookeeper = { enable = true; }; @@ -18,7 +18,7 @@ let networking.firewall.allowedTCPPorts = [ 2181 ]; virtualisation.memorySize = 1024; }; - kafka = { config, ... }: { + kafka = { ... }: { services.apache-kafka = { enable = true; extraProperties = '' diff --git a/nixos/tests/kernel-copperhead.nix b/nixos/tests/kernel-copperhead.nix index aa133c9b0aa7a..652fbf055373e 100644 --- a/nixos/tests/kernel-copperhead.nix +++ b/nixos/tests/kernel-copperhead.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ nequissimus ]; }; - machine = { config, lib, pkgs, ... }: + machine = { pkgs, ... }: { boot.kernelPackages = pkgs.linuxPackages_copperhead_lts; }; diff --git a/nixos/tests/kernel-latest.nix b/nixos/tests/kernel-latest.nix index 1350426654d70..f30bd2e2e7605 100644 --- a/nixos/tests/kernel-latest.nix +++ b/nixos/tests/kernel-latest.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ nequissimus ]; }; - machine = { config, lib, pkgs, ... }: + machine = { pkgs, ... }: { boot.kernelPackages = pkgs.linuxPackages_latest; }; diff --git a/nixos/tests/kernel-lts.nix b/nixos/tests/kernel-lts.nix index 2aab4ce0b49e1..28717fa6a8448 100644 --- a/nixos/tests/kernel-lts.nix +++ b/nixos/tests/kernel-lts.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ nequissimus ]; }; - machine = { config, lib, pkgs, ... }: + machine = { pkgs, ... }: { boot.kernelPackages = pkgs.linuxPackages; }; diff --git a/nixos/tests/kexec.nix b/nixos/tests/kexec.nix index 0f5ddef7b1aae..db596189d46d0 100644 --- a/nixos/tests/kexec.nix +++ b/nixos/tests/kexec.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ eelco chaoflow ]; }; - machine = { config, pkgs, ... }: + machine = { ... }: { virtualisation.vlans = [ ]; }; testScript = diff --git a/nixos/tests/krb5/deprecated-config.nix b/nixos/tests/krb5/deprecated-config.nix index 980b3e762dc6c..7d7926309c95b 100644 --- a/nixos/tests/krb5/deprecated-config.nix +++ b/nixos/tests/krb5/deprecated-config.nix @@ -8,7 +8,7 @@ import ../make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: { + { ... }: { krb5 = { enable = true; defaultRealm = "ATHENA.MIT.EDU"; diff --git a/nixos/tests/krb5/example-config.nix b/nixos/tests/krb5/example-config.nix index d5328720931e8..f01cf6988eef7 100644 --- a/nixos/tests/krb5/example-config.nix +++ b/nixos/tests/krb5/example-config.nix @@ -8,7 +8,7 @@ import ../make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: { + { pkgs, ... }: { krb5 = { enable = true; kerberos = pkgs.krb5Full; diff --git a/nixos/tests/kubernetes/certs.nix b/nixos/tests/kubernetes/certs.nix index 520c728b65ee2..85e92f6330c90 100644 --- a/nixos/tests/kubernetes/certs.nix +++ b/nixos/tests/kubernetes/certs.nix @@ -1,9 +1,9 @@ { pkgs ? import <nixpkgs> {}, - internalDomain ? "cloud.yourdomain.net", externalDomain ? "myawesomecluster.cluster.yourdomain.net", serviceClusterIp ? "10.0.0.1", - kubelets + kubelets, + ... }: let runWithCFSSL = name: cmd: diff --git a/nixos/tests/kubernetes/dns.nix b/nixos/tests/kubernetes/dns.nix index 8c488d271bcd2..30e1acd255a08 100644 --- a/nixos/tests/kubernetes/dns.nix +++ b/nixos/tests/kubernetes/dns.nix @@ -60,7 +60,7 @@ let config.Entrypoint = "/bin/tail"; }; - extraConfiguration = { config, pkgs, lib, nodes, ... }: { + extraConfiguration = { config, pkgs, ... }: { environment.systemPackages = [ pkgs.bind.host ]; # virtualisation.docker.extraOptions = "--dns=${config.services.kubernetes.addons.dns.clusterIp}"; services.dnsmasq.enable = true; diff --git a/nixos/tests/ldap.nix b/nixos/tests/ldap.nix index b39f4124c958a..035a819241748 100644 --- a/nixos/tests/ldap.nix +++ b/nixos/tests/ldap.nix @@ -37,7 +37,7 @@ let memberUid: ${ldapUser} ''; mkClient = useDaemon: - { config, pkgs, lib, ... }: + { lib, ... }: { virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; @@ -61,7 +61,7 @@ in nodes = { server = - { config, pkgs, lib, ... }: + { pkgs, ... }: { virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; diff --git a/nixos/tests/lightdm.nix b/nixos/tests/lightdm.nix index d2b561fa67b4c..8a9a7408d2929 100644 --- a/nixos/tests/lightdm.nix +++ b/nixos/tests/lightdm.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ aszlig ]; }; - machine = { lib, ... }: { + machine = { ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix index a6a460fb0a7d7..3dbb494b68957 100644 --- a/nixos/tests/login.nix +++ b/nixos/tests/login.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: }; machine = - { config, pkgs, lib, ... }: + { pkgs, lib, ... }: { boot.kernelPackages = lib.mkIf latestKernel pkgs.linuxPackages_latest; }; diff --git a/nixos/tests/mathics.nix b/nixos/tests/mathics.nix index 310b751b4d844..fcbeeb18a7271 100644 --- a/nixos/tests/mathics.nix +++ b/nixos/tests/mathics.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; nodes = { - machine = { config, pkgs, ... }: { + machine = { ... }: { services.mathics.enable = true; services.mathics.port = 8888; }; diff --git a/nixos/tests/memcached.nix b/nixos/tests/memcached.nix index f9ef3647bd1a3..b120599c51dd8 100644 --- a/nixos/tests/memcached.nix +++ b/nixos/tests/memcached.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { machine = - { config, pkgs, ... }: + { ... }: { imports = [ ../modules/profiles/minimal.nix ]; services.memcached.enable = true; diff --git a/nixos/tests/mesos.nix b/nixos/tests/mesos.nix index 007d7ac216039..3ceb1d8125b20 100644 --- a/nixos/tests/mesos.nix +++ b/nixos/tests/mesos.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : rec { }; nodes = { - master = { config, pkgs, ... }: { + master = { ... }: { networking.firewall.enable = false; services.zookeeper.enable = true; services.mesos.master = { @@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : rec { }; }; - slave = { config, pkgs, ... }: { + slave = { ... }: { networking.firewall.enable = false; networking.nat.enable = true; virtualisation.docker.enable = true; diff --git a/nixos/tests/minio.nix b/nixos/tests/minio.nix index 07a292a9baa57..40a599546650a 100644 --- a/nixos/tests/minio.nix +++ b/nixos/tests/minio.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { services.minio = { enable = true; accessKey = "BKIKJAA5BMMU2RHO6IBB"; diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 179c95e764366..b0bc1d083b16d 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -9,7 +9,7 @@ import ./make-test.nix ({ pkgs, ...} : rec { foo = pkgs.writeText "foo" "Hello World"; machine = - { config, lib, pkgs, ... }: + { lib, ... }: with lib; { swapDevices = mkOverride 0 [ { device = "/root/swapfile"; size = 128; } ]; diff --git a/nixos/tests/mongodb.nix b/nixos/tests/mongodb.nix index 18535f51af9b3..2f380ff543e97 100644 --- a/nixos/tests/mongodb.nix +++ b/nixos/tests/mongodb.nix @@ -13,7 +13,7 @@ in { nodes = { one = - { config, pkgs, ... }: + { ... }: { services = { mongodb.enable = true; diff --git a/nixos/tests/morty.nix b/nixos/tests/morty.nix index 0a5324259ada9..eab123bd50f86 100644 --- a/nixos/tests/morty.nix +++ b/nixos/tests/morty.nix @@ -9,7 +9,7 @@ import ./make-test.nix ({ pkgs, ... }: nodes = { mortyProxyWithKey = - { config, pkgs, ... }: + { ... }: { services.morty = { enable = true; key = "78a9cd0cfee20c672f78427efb2a2a96036027f0"; @@ -20,7 +20,7 @@ import ./make-test.nix ({ pkgs, ... }: }; testScript = - { nodes , ... }: + { ... }: '' $mortyProxyWithKey->waitForUnit("default.target"); diff --git a/nixos/tests/mpd.nix b/nixos/tests/mpd.nix index 2950a8d809d6e..ac2b810defe36 100644 --- a/nixos/tests/mpd.nix +++ b/nixos/tests/mpd.nix @@ -47,10 +47,10 @@ import ./make-test.nix ({ pkgs, ... }: nodes = { client = - { config, pkgs, ... }: { }; + { ... }: { }; serverALSA = - { config, pkgs, ... }: (mkServer { + { ... }: (mkServer { mpd = defaultMpdCfg // { network.listenAddress = "any"; extraConfig = '' @@ -66,7 +66,7 @@ import ./make-test.nix ({ pkgs, ... }: }) // { networking.firewall.allowedTCPPorts = [ 6600 ]; }; serverPulseAudio = - { config, pkgs, ... }: (mkServer { + { ... }: (mkServer { mpd = defaultMpdCfg // { extraConfig = '' audio_output { diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index 7959b85a0cf00..8146453bfd551 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -1,7 +1,7 @@ import ./make-test.nix ({ pkgs, ...} : let - client = { config, pkgs, ... }: { + client = { pkgs, ... }: { imports = [ ./common/x11.nix ]; environment.systemPackages = [ pkgs.mumble ]; }; @@ -13,7 +13,7 @@ in }; nodes = { - server = { config, pkgs, ... }: { + server = { config, ... }: { services.murmur.enable = true; services.murmur.registerName = "NixOS tests"; networking.firewall.allowedTCPPorts = [ config.services.murmur.port ]; diff --git a/nixos/tests/munin.nix b/nixos/tests/munin.nix index 40fafc625146a..eb91d4d630bc8 100644 --- a/nixos/tests/munin.nix +++ b/nixos/tests/munin.nix @@ -9,7 +9,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { one = - { config, pkgs, ... }: + { config, ... }: { services = { munin-node.enable = true; diff --git a/nixos/tests/mutable-users.nix b/nixos/tests/mutable-users.nix index 4f11a4b836690..e590703ab2f48 100644 --- a/nixos/tests/mutable-users.nix +++ b/nixos/tests/mutable-users.nix @@ -7,10 +7,10 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - machine = { config, lib, pkgs, ... }: { + machine = { ... }: { users.mutableUsers = false; }; - mutable = { config, lib, pkgs, ... }: { + mutable = { ... }: { users.mutableUsers = true; }; }; diff --git a/nixos/tests/mysql-backup.nix b/nixos/tests/mysql-backup.nix index ff3650988836d..81482dfef7e56 100644 --- a/nixos/tests/mysql-backup.nix +++ b/nixos/tests/mysql-backup.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ... } : { }; nodes = { - master = { config, pkgs, ... }: { + master = { pkgs, ... }: { services.mysql = { enable = true; initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; diff --git a/nixos/tests/mysql-replication.nix b/nixos/tests/mysql-replication.nix index ed09ac10b75d4..84d70cf352464 100644 --- a/nixos/tests/mysql-replication.nix +++ b/nixos/tests/mysql-replication.nix @@ -13,7 +13,7 @@ in nodes = { master = - { pkgs, config, ... }: + { pkgs, ... }: { services.mysql.enable = true; @@ -27,7 +27,7 @@ in }; slave1 = - { pkgs, config, nodes, ... }: + { pkgs, nodes, ... }: { services.mysql.enable = true; @@ -40,7 +40,7 @@ in }; slave2 = - { pkgs, config, nodes, ... }: + { pkgs, nodes, ... }: { services.mysql.enable = true; diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index c18fee6c74959..7251c4a86499f 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { master = - { pkgs, config, ... }: + { pkgs, ... }: { services.mysql.enable = true; diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 7057158a829bb..9c280fe8b5b66 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -30,7 +30,7 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, nodes = { client = - { config, pkgs, nodes, ... }: + { pkgs, nodes, ... }: lib.mkMerge [ { virtualisation.vlans = [ 1 ]; networking.firewall.allowPing = true; @@ -44,19 +44,19 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ]; router = - { config, pkgs, ... }: lib.mkMerge [ + { ... }: lib.mkMerge [ routerBase { networking.nat.enable = true; } ]; routerDummyNoNat = - { config, pkgs, ... }: lib.mkMerge [ + { ... }: lib.mkMerge [ routerBase { networking.nat.enable = false; } ]; server = - { config, pkgs, ... }: + { ... }: { virtualisation.vlans = [ 2 ]; networking.firewall.enable = false; services.httpd.enable = true; diff --git a/nixos/tests/netdata.nix b/nixos/tests/netdata.nix index 58733c1b3379b..c56506ba28744 100644 --- a/nixos/tests/netdata.nix +++ b/nixos/tests/netdata.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { netdata = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = with pkgs; [ curl jq ]; services.netdata.enable = true; diff --git a/nixos/tests/networking-proxy.nix b/nixos/tests/networking-proxy.nix index 4c57257314044..ab908c96e5eea 100644 --- a/nixos/tests/networking-proxy.nix +++ b/nixos/tests/networking-proxy.nix @@ -19,13 +19,13 @@ in import ./make-test.nix ({ pkgs, ...} : { nodes = { # no proxy machine = - { config, pkgs, ... }: + { ... }: default-config; # proxy default machine2 = - { config, pkgs, ... }: + { ... }: default-config // { networking.proxy.default = "http://user:pass@host:port"; @@ -33,7 +33,7 @@ in import ./make-test.nix ({ pkgs, ...} : { # specific proxy options machine3 = - { config, pkgs, ... }: + { ... }: default-config // { @@ -51,7 +51,7 @@ in import ./make-test.nix ({ pkgs, ...} : { # mix default + proxy options machine4 = - { config, pkgs, ... }: + { ... }: default-config // { networking.proxy = { diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 5cb40af5799e4..cd5d537a3be74 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -81,7 +81,7 @@ let static = { name = "Static"; nodes.router = router; - nodes.client = { config, pkgs, ... }: with pkgs.lib; { + nodes.client = { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; @@ -98,7 +98,7 @@ let ]; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -134,7 +134,7 @@ let dhcpSimple = { name = "SimpleDHCP"; nodes.router = router; - nodes.client = { config, pkgs, ... }: with pkgs.lib; { + nodes.client = { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; @@ -150,7 +150,7 @@ let }; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -189,7 +189,7 @@ let dhcpOneIf = { name = "OneInterfaceDHCP"; nodes.router = router; - nodes.client = { config, pkgs, ... }: with pkgs.lib; { + nodes.client = { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; @@ -202,7 +202,7 @@ let interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -229,7 +229,7 @@ let ''; }; bond = let - node = address: { config, pkgs, ... }: with pkgs.lib; { + node = address: { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; @@ -249,7 +249,7 @@ let name = "Bond"; nodes.client1 = node "192.168.1.1"; nodes.client2 = node "192.168.1.2"; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -266,7 +266,7 @@ let ''; }; bridge = let - node = { address, vlan }: { config, pkgs, ... }: with pkgs.lib; { + node = { address, vlan }: { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ vlan ]; networking = { useNetworkd = networkd; @@ -280,7 +280,7 @@ let name = "Bridge"; nodes.client1 = node { address = "192.168.1.2"; vlan = 1; }; nodes.client2 = node { address = "192.168.1.3"; vlan = 2; }; - nodes.router = { config, pkgs, ... }: with pkgs.lib; { + nodes.router = { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; @@ -293,7 +293,7 @@ let [ { address = "192.168.1.1"; prefixLength = 24; } ]; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -319,7 +319,7 @@ let macvlan = { name = "MACVLAN"; nodes.router = router; - nodes.client = { config, pkgs, ... }: with pkgs.lib; { + nodes.client = { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; @@ -329,7 +329,7 @@ let interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -356,7 +356,7 @@ let ''; }; sit = let - node = { address4, remote, address6 }: { config, pkgs, ... }: with pkgs.lib; { + node = { address4, remote, address6 }: { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; @@ -377,7 +377,7 @@ let name = "Sit"; nodes.client1 = node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; }; nodes.client2 = node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -398,7 +398,7 @@ let ''; }; vlan = let - node = address: { config, pkgs, ... }: with pkgs.lib; { + node = address: { pkgs, ... }: with pkgs.lib; { #virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; @@ -418,7 +418,7 @@ let name = "vlan"; nodes.client1 = node "192.168.1.1"; nodes.client2 = node "192.168.1.2"; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; @@ -476,7 +476,7 @@ let }; privacy = { name = "Privacy"; - nodes.router = { config, pkgs, ... }: { + nodes.router = { ... }: { virtualisation.vlans = [ 1 ]; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { @@ -502,7 +502,7 @@ let ''; }; }; - nodes.client = { config, pkgs, ... }: with pkgs.lib; { + nodes.client = { pkgs, ... }: with pkgs.lib; { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; @@ -514,7 +514,7 @@ let }; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' startAll; diff --git a/nixos/tests/nexus.nix b/nixos/tests/nexus.nix index be8862018777b..bf49d2247bd86 100644 --- a/nixos/tests/nexus.nix +++ b/nixos/tests/nexus.nix @@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { server = - { config, pkgs, ... }: + { ... }: { virtualisation.memorySize = 2047; # qemu-system-i386 has a 2047M limit virtualisation.diskSize = 2048; diff --git a/nixos/tests/nfs.nix b/nixos/tests/nfs.nix index 6ed1995f262a2..1992f240e7b00 100644 --- a/nixos/tests/nfs.nix +++ b/nixos/tests/nfs.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, version ? 4, ... }: let client = - { config, pkgs, ... }: + { pkgs, ... }: { fileSystems = pkgs.lib.mkVMOverride [ { mountPoint = "/data"; device = "server:/data"; @@ -27,7 +27,7 @@ in client2 = client; server = - { config, pkgs, ... }: + { ... }: { services.nfs.server.enable = true; services.nfs.server.exports = '' diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index 7f7bc0f0b4fe1..32b113649237a 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -10,7 +10,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { webserver = - { config, pkgs, ... }: + { ... }: { services.nginx.enable = true; services.nginx.commonHttpConfig = '' log_format ceeformat '@cee: {"status":"$status",' diff --git a/nixos/tests/novacomd.nix b/nixos/tests/novacomd.nix index 21b86f6dae279..2b56aee0a2e7a 100644 --- a/nixos/tests/novacomd.nix +++ b/nixos/tests/novacomd.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ dtzWill ]; }; - machine = { config, pkgs, ... }: { + machine = { ... }: { services.novacomd.enable = true; }; diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 230b452068472..c66b90b802d53 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -11,7 +11,7 @@ in { nodes = { server = - { config, pkgs, ... }: + { ... }: { services.openssh.enable = true; @@ -23,7 +23,7 @@ in { }; server_lazy = - { config, pkgs, ... }: + { ... }: { services.openssh = { enable = true; startWhenNeeded = true; }; @@ -35,7 +35,7 @@ in { }; client = - { config, pkgs, ... }: { }; + { ... }: { }; }; diff --git a/nixos/tests/owncloud.nix b/nixos/tests/owncloud.nix index 0dcdea40b0646..c968569f2008c 100644 --- a/nixos/tests/owncloud.nix +++ b/nixos/tests/owncloud.nix @@ -1,10 +1,10 @@ -import ./make-test.nix ({ pkgs, ... }: +import ./make-test.nix ({ ... }: { name = "owncloud"; nodes = { web = - { config, pkgs, ... }: + { ... }: { services.postgresql.enable = true; services.httpd = { diff --git a/nixos/tests/pam-oath-login.nix b/nixos/tests/pam-oath-login.nix index eb5966d92139b..b9d489950e722 100644 --- a/nixos/tests/pam-oath-login.nix +++ b/nixos/tests/pam-oath-login.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: +import ./make-test.nix ({ ... }: let oathSnakeoilSecret = "cdd4083ef8ff1fa9178c6d46bfb1a3"; @@ -12,8 +12,6 @@ let # and picking a the first 4: oathSnakeOilPassword1 = "143349"; oathSnakeOilPassword2 = "801753"; - oathSnakeOilPassword3 = "019933"; - oathSnakeOilPassword4 = "403895"; alicePassword = "foobar"; # Generated via: mkpasswd -m sha-512 and passing in "foobar" @@ -24,7 +22,7 @@ in name = "pam-oath-login"; machine = - { config, pkgs, lib, ... }: + { ... }: { security.pam.oath = { enable = true; diff --git a/nixos/tests/partition.nix b/nixos/tests/partition.nix index 291d9b278d3b1..01a08995950f6 100644 --- a/nixos/tests/partition.nix +++ b/nixos/tests/partition.nix @@ -65,7 +65,7 @@ let in { name = "partitiion"; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.pythonPackages.nixpart0 pkgs.file pkgs.btrfs-progs pkgs.xfsprogs pkgs.lvm2 diff --git a/nixos/tests/peerflix.nix b/nixos/tests/peerflix.nix index eb729f22f913e..fae37fedaac78 100644 --- a/nixos/tests/peerflix.nix +++ b/nixos/tests/peerflix.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { peerflix = - { config, pkgs, ... }: + { ... }: { services.peerflix.enable = true; }; diff --git a/nixos/tests/pgjwt.nix b/nixos/tests/pgjwt.nix index d186c42a2a98e..a2d81288c8122 100644 --- a/nixos/tests/pgjwt.nix +++ b/nixos/tests/pgjwt.nix @@ -14,7 +14,7 @@ with pkgs; { }; nodes = { - master = { pkgs, config, ... }: + master = { ... }: { services.postgresql = { enable = true; diff --git a/nixos/tests/phabricator.nix b/nixos/tests/phabricator.nix index fdc39393faeaf..20b3b838aba83 100644 --- a/nixos/tests/phabricator.nix +++ b/nixos/tests/phabricator.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ... }: { nodes = { storage = - { config, pkgs, ... }: + { ... }: { services.nfs.server.enable = true; services.nfs.server.exports = '' /repos 192.168.1.0/255.255.255.0(rw,no_root_squash) @@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; webserver = - { config, pkgs, ... }: + { pkgs, ... }: { fileSystems = pkgs.lib.mkVMOverride [ { mountPoint = "/repos"; device = "storage:/repos"; @@ -52,7 +52,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; client = - { config, pkgs, ... }: + { ... }: { imports = [ ./common/x11.nix ]; services.xserver.desktopManager.plasma5.enable = true; }; diff --git a/nixos/tests/php-pcre.nix b/nixos/tests/php-pcre.nix index f618a39a22931..19bde9babad5d 100644 --- a/nixos/tests/php-pcre.nix +++ b/nixos/tests/php-pcre.nix @@ -1,9 +1,9 @@ let testString = "can-use-subgroups"; in -import ./make-test.nix ({ pkgs, ...}: { +import ./make-test.nix ({ ...}: { name = "php-httpd-pcre-jit-test"; - machine = { config, lib, pkgs, ... }: { + machine = { lib, pkgs, ... }: { time.timeZone = "UTC"; services.httpd = { enable = true; @@ -34,7 +34,7 @@ import ./make-test.nix ({ pkgs, ...}: { }; }; }; - testScript = { nodes, ... }: + testScript = { ... }: '' $machine->waitForUnit('httpd.service'); # Ensure php evaluation by matching on the var_dump syntax diff --git a/nixos/tests/plasma5.nix b/nixos/tests/plasma5.nix index e479d3f1cb8f0..eb705536827e7 100644 --- a/nixos/tests/plasma5.nix +++ b/nixos/tests/plasma5.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : maintainers = [ ttuegel ]; }; - machine = { lib, ... }: + machine = { ... }: let sddm_theme = pkgs.stdenv.mkDerivation { name = "breeze-ocr-theme"; diff --git a/nixos/tests/plotinus.nix b/nixos/tests/plotinus.nix index 9058c59c92dee..609afe7b2145f 100644 --- a/nixos/tests/plotinus.nix +++ b/nixos/tests/plotinus.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ./common/x11.nix ]; programs.plotinus.enable = true; diff --git a/nixos/tests/postgis.nix b/nixos/tests/postgis.nix index 7fe905eb4254f..f8b63c5b6a27b 100644 --- a/nixos/tests/postgis.nix +++ b/nixos/tests/postgis.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { master = - { pkgs, config, ... }: + { pkgs, ... }: { services.postgresql = let mypg = pkgs.postgresql100; in { diff --git a/nixos/tests/postgresql.nix b/nixos/tests/postgresql.nix index 2381939552e23..f1f09277f342a 100644 --- a/nixos/tests/postgresql.nix +++ b/nixos/tests/postgresql.nix @@ -22,7 +22,7 @@ let maintainers = [ zagy ]; }; - machine = {pkgs, config, ...}: + machine = {...}: { services.postgresql.package=postgresql-package; services.postgresql.enable = true; diff --git a/nixos/tests/powerdns.nix b/nixos/tests/powerdns.nix index 0d5b0f715f52b..8addcc784012d 100644 --- a/nixos/tests/powerdns.nix +++ b/nixos/tests/powerdns.nix @@ -1,7 +1,7 @@ import ./make-test.nix ({ pkgs, ... }: { name = "powerdns"; - nodes.server = { config, pkgs, ... }: { + nodes.server = { ... }: { services.powerdns.enable = true; }; diff --git a/nixos/tests/predictable-interface-names.nix b/nixos/tests/predictable-interface-names.nix index 0b431034a7a92..0d73436c1c3f5 100644 --- a/nixos/tests/predictable-interface-names.nix +++ b/nixos/tests/predictable-interface-names.nix @@ -9,7 +9,7 @@ in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: { name = "${if predictable then "" else "un"}predictableInterfaceNames${if withNetworkd then "-with-networkd" else ""}"; meta = {}; - machine = { config, lib, ... }: { + machine = { lib, ... }: { networking.usePredictableInterfaceNames = lib.mkForce predictable; networking.useNetworkd = withNetworkd; networking.dhcpcd.enable = !withNetworkd; diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 9890088306136..d85abf3c105cc 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -9,7 +9,7 @@ import ./make-test.nix ({pkgs, ... }: { nodes = { server = - { config, pkgs, ... }: + { ... }: { services.printing.enable = true; services.printing.listenAddresses = [ "*:631" ]; services.printing.defaultShared = true; @@ -24,7 +24,7 @@ import ./make-test.nix ({pkgs, ... }: { }; client = - { config, pkgs, nodes, ... }: + { ... }: { services.printing.enable = true; }; diff --git a/nixos/tests/prometheus.nix b/nixos/tests/prometheus.nix index 374fb2d634b4b..87a6510f40fd8 100644 --- a/nixos/tests/prometheus.nix +++ b/nixos/tests/prometheus.nix @@ -2,7 +2,7 @@ import ./make-test.nix { name = "prometheus"; nodes = { - one = { config, pkgs, ... }: { + one = { ... }: { services.prometheus = { enable = true; scrapeConfigs = [{ diff --git a/nixos/tests/prosody.nix b/nixos/tests/prosody.nix index fcebfaf74e126..5d33aaf8d65de 100644 --- a/nixos/tests/prosody.nix +++ b/nixos/tests/prosody.nix @@ -1,7 +1,7 @@ import ./make-test.nix { name = "prosody"; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { services.prosody = { enable = true; # TODO: use a self-signed certificate diff --git a/nixos/tests/proxy.nix b/nixos/tests/proxy.nix index 3fee1d3253849..1819531202822 100644 --- a/nixos/tests/proxy.nix +++ b/nixos/tests/proxy.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, ...} : let backend = - { config, pkgs, ... }: + { pkgs, ... }: { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; @@ -21,7 +21,7 @@ in nodes = { proxy = - { config, pkgs, nodes, ... }: + { nodes, ... }: { services.httpd.enable = true; services.httpd.adminAddr = "bar@example.org"; @@ -57,7 +57,7 @@ in backend1 = backend; backend2 = backend; - client = { config, pkgs, ... }: { }; + client = { ... }: { }; }; testScript = diff --git a/nixos/tests/quagga.nix b/nixos/tests/quagga.nix index 613180942c415..0ff14a21584a4 100644 --- a/nixos/tests/quagga.nix +++ b/nixos/tests/quagga.nix @@ -30,14 +30,14 @@ import ./make-test.nix ({ pkgs, ... }: nodes = { client = - { config, pkgs, nodes, ... }: + { nodes, ... }: { virtualisation.vlans = [ 1 ]; networking.defaultGateway = ifAddr nodes.router1 "eth1"; }; router1 = - { config, pkgs, nodes, ... }: + { ... }: { virtualisation.vlans = [ 1 2 ]; boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; @@ -49,7 +49,7 @@ import ./make-test.nix ({ pkgs, ... }: }; router2 = - { config, pkgs, nodes, ... }: + { ... }: { virtualisation.vlans = [ 3 2 ]; boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; @@ -61,7 +61,7 @@ import ./make-test.nix ({ pkgs, ... }: }; server = - { config, pkgs, nodes, ... }: + { nodes, ... }: { virtualisation.vlans = [ 3 ]; networking.defaultGateway = ifAddr nodes.router2 "eth1"; @@ -73,7 +73,7 @@ import ./make-test.nix ({ pkgs, ... }: }; testScript = - { nodes, ... }: + { ... }: '' startAll; diff --git a/nixos/tests/quake3.nix b/nixos/tests/quake3.nix index 22d71595cb488..75c82cca63f5f 100644 --- a/nixos/tests/quake3.nix +++ b/nixos/tests/quake3.nix @@ -29,7 +29,7 @@ rec { #makeCoverageReport = true; client = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ./common/x11.nix ]; hardware.opengl.driSupport = true; @@ -40,7 +40,7 @@ rec { nodes = { server = - { config, pkgs, ... }: + { pkgs, ... }: { systemd.services."quake3-server" = { wantedBy = [ "multi-user.target" ]; diff --git a/nixos/tests/rabbitmq.nix b/nixos/tests/rabbitmq.nix index 23a7e2ed538f2..34ab05787867a 100644 --- a/nixos/tests/rabbitmq.nix +++ b/nixos/tests/rabbitmq.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; nodes = { - one = { config, pkgs, ... }: { + one = { ... }: { services.rabbitmq.enable = true; }; }; diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix index e384303854159..0a9c2d394a7a5 100644 --- a/nixos/tests/radicale.nix +++ b/nixos/tests/radicale.nix @@ -28,7 +28,7 @@ let in - import ./make-test.nix ({ pkgs, lib, ... }@args: { + import ./make-test.nix ({ lib, ... }@args: { name = "radicale"; meta.maintainers = with lib.maintainers; [ aneeshusa infinisil ]; diff --git a/nixos/tests/riak.nix b/nixos/tests/riak.nix index 18d028232ac24..68a9b7315b350 100644 --- a/nixos/tests/riak.nix +++ b/nixos/tests/riak.nix @@ -3,7 +3,7 @@ import ./make-test.nix { nodes = { master = - { pkgs, config, ... }: + { pkgs, ... }: { services.riak.enable = true; diff --git a/nixos/tests/run-in-machine.nix b/nixos/tests/run-in-machine.nix index a6dfece44a92e..bd90dc3080bd9 100644 --- a/nixos/tests/run-in-machine.nix +++ b/nixos/tests/run-in-machine.nix @@ -5,7 +5,7 @@ with import ../lib/testing.nix { inherit system; }; let output = runInMachine { drv = pkgs.hello; - machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ }; + machine = { ... }: { /* services.sshd.enable = true; */ }; }; in pkgs.runCommand "verify-output" { inherit output; } '' if [ ! -e "$output/bin/hello" ]; then diff --git a/nixos/tests/rxe.nix b/nixos/tests/rxe.nix index cfe64a75a6352..d0b53db8eeb61 100644 --- a/nixos/tests/rxe.nix +++ b/nixos/tests/rxe.nix @@ -1,7 +1,7 @@ -import ./make-test.nix ({ pkgs, ... } : +import ./make-test.nix ({ ... } : let - node = { config, pkgs, lib, ... } : { + node = { pkgs, ... } : { networking = { firewall = { allowedUDPPorts = [ 4791 ]; # open RoCE port diff --git a/nixos/tests/samba.nix b/nixos/tests/samba.nix index e446284fc0efd..2802e00a5b1a2 100644 --- a/nixos/tests/samba.nix +++ b/nixos/tests/samba.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ... }: nodes = { client = - { config, pkgs, ... }: + { pkgs, ... }: { fileSystems = pkgs.lib.mkVMOverride { "/public" = { fsType = "cifs"; @@ -18,7 +18,7 @@ import ./make-test.nix ({ pkgs, ... }: }; server = - { config, pkgs, ... }: + { ... }: { services.samba.enable = true; services.samba.shares.public = { path = "/public"; diff --git a/nixos/tests/sddm.nix b/nixos/tests/sddm.nix index ac91a89f66958..7b9fdc0b34415 100644 --- a/nixos/tests/sddm.nix +++ b/nixos/tests/sddm.nix @@ -9,7 +9,7 @@ let default = { name = "sddm"; - machine = { lib, ... }: { + machine = { ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.displayManager.sddm.enable = true; @@ -39,7 +39,7 @@ let maintainers = [ ttuegel ]; }; - machine = { lib, ... }: { + machine = { ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.displayManager.sddm = { @@ -54,7 +54,7 @@ let services.xserver.desktopManager.default = "none"; }; - testScript = { nodes, ... }: '' + testScript = { ... }: '' startAll; $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); diff --git a/nixos/tests/simple.nix b/nixos/tests/simple.nix index 04d624adcfe97..84c5621d962fb 100644 --- a/nixos/tests/simple.nix +++ b/nixos/tests/simple.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ eelco ]; }; - machine = { config, pkgs, ... }: { + machine = { ... }: { imports = [ ../modules/profiles/minimal.nix ]; }; diff --git a/nixos/tests/slim.nix b/nixos/tests/slim.nix index 5c76c58cf3f32..42c87dfa039d2 100644 --- a/nixos/tests/slim.nix +++ b/nixos/tests/slim.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ aszlig ]; }; - machine = { pkgs, lib, ... }: { + machine = { pkgs, ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.windowManager.default = "icewm"; diff --git a/nixos/tests/slurm.nix b/nixos/tests/slurm.nix index ec67ea092874b..60f44c3c8459c 100644 --- a/nixos/tests/slurm.nix +++ b/nixos/tests/slurm.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ... }: +import ./make-test.nix ({ ... }: let mungekey = "mungeverryweakkeybuteasytointegratoinatest"; slurmconfig = { controlMachine = "control"; @@ -14,7 +14,7 @@ in { nodes = let computeNode = - { config, pkgs, ...}: + { ...}: { # TODO slrumd port and slurmctld port should be configurations and # automatically allowed by the firewall. @@ -26,7 +26,7 @@ in { in { control = - { config, pkgs, ...}: + { ...}: { networking.firewall.enable = false; services.slurm = { @@ -35,7 +35,7 @@ in { }; submit = - { config, pkgs, ...}: + { ...}: { networking.firewall.enable = false; services.slurm = { diff --git a/nixos/tests/smokeping.nix b/nixos/tests/smokeping.nix index 4c77e4b786130..07d2280511278 100644 --- a/nixos/tests/smokeping.nix +++ b/nixos/tests/smokeping.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { sm = - { pkgs, config, ... }: + { ... }: { services.smokeping = { enable = true; diff --git a/nixos/tests/strongswan-swanctl.nix b/nixos/tests/strongswan-swanctl.nix index 021743021b404..8bbebd4230032 100644 --- a/nixos/tests/strongswan-swanctl.nix +++ b/nixos/tests/strongswan-swanctl.nix @@ -34,7 +34,7 @@ in { meta.maintainers = with pkgs.stdenv.lib.maintainers; [ basvandijk ]; nodes = { - alice = { nodes, ... } : { + alice = { ... } : { virtualisation.vlans = [ 0 ]; networking = { dhcpcd.enable = false; @@ -42,7 +42,7 @@ in { }; }; - moon = {pkgs, config, nodes, ...} : + moon = { config, ...} : let strongswan = config.services.strongswan-swanctl.package; in { virtualisation.vlans = [ 0 1 ]; @@ -94,7 +94,7 @@ in { }; }; - carol = {pkgs, config, nodes, ...} : + carol = { config, ...} : let strongswan = config.services.strongswan-swanctl.package; in { virtualisation.vlans = [ 1 ]; diff --git a/nixos/tests/subversion.nix b/nixos/tests/subversion.nix index a8e33a6f7e59c..6175155cdfc9c 100644 --- a/nixos/tests/subversion.nix +++ b/nixos/tests/subversion.nix @@ -39,7 +39,7 @@ in nodes = { webserver = - { config, pkgs, ... }: + { ... }: { services.httpd.enable = true; @@ -55,7 +55,7 @@ in }; client = - { config, pkgs, ... }: + { pkgs, ... }: { environment.systemPackages = [ pkgs.subversion ]; diff --git a/nixos/tests/sudo.nix b/nixos/tests/sudo.nix index 5d6c8691230aa..fc16b99cc19ca 100644 --- a/nixos/tests/sudo.nix +++ b/nixos/tests/sudo.nix @@ -11,7 +11,7 @@ in }; machine = - { config, lib, pkgs, ... }: + { lib, ... }: with lib; { users.groups = { foobar = {}; barfoo = {}; baz = { gid = 1337; }; }; diff --git a/nixos/tests/switch-test.nix b/nixos/tests/switch-test.nix index 46f2563af8d99..32010838e67b4 100644 --- a/nixos/tests/switch-test.nix +++ b/nixos/tests/switch-test.nix @@ -7,10 +7,10 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - machine = { config, lib, pkgs, ... }: { + machine = { ... }: { users.mutableUsers = false; }; - other = { config, lib, pkgs, ... }: { + other = { ... }: { users.mutableUsers = true; }; }; diff --git a/nixos/tests/taskserver.nix b/nixos/tests/taskserver.nix index 75be97a507d01..ab9b589f85930 100644 --- a/nixos/tests/taskserver.nix +++ b/nixos/tests/taskserver.nix @@ -18,7 +18,7 @@ import ./make-test.nix ({ pkgs, ... }: let crlTemplate = pkgs.writeText "snakeoil-crl.template" '' expiration_days = -1 ''; - userCertTemplace = pkgs.writeText "snakoil-user-cert.template" '' + userCertTemplate = pkgs.writeText "snakeoil-user-cert.template" '' organization = snakeoil cn = server expiration_days = -1 @@ -49,7 +49,7 @@ import ./make-test.nix ({ pkgs, ... }: let certtool -p --bits 4096 | sed -n \ -e '/^----* *BEGIN/,/^----* *END/p' > "$out/alice.key" - certtool -c --template "$userCertTemplace" \ + certtool -c --template "$userCertTemplate" \ --load-privkey "$out/alice.key" \ --load-ca-privkey ca.key \ --load-ca-certificate "$cacert" \ @@ -82,8 +82,9 @@ in { # This is to avoid assigning a different network address to the new # generation. networking = lib.mapAttrs (lib.const lib.mkForce) { + interfaces.eth1.ipv4 = nodes.server.config.networking.interfaces.eth1.ipv4; inherit (nodes.server.config.networking) - hostName interfaces primaryIPAddress extraHosts; + hostName primaryIPAddress extraHosts; }; }; diff --git a/nixos/tests/tomcat.nix b/nixos/tests/tomcat.nix index 475c947e72d98..af63c7ee8e029 100644 --- a/nixos/tests/tomcat.nix +++ b/nixos/tests/tomcat.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ...} : { nodes = { server = - { pkgs, config, ... }: + { ... }: { services.tomcat.enable = true; services.httpd.enable = true; diff --git a/nixos/tests/tor.nix b/nixos/tests/tor.nix index 24d46a03897e5..0cb44ddff2485 100644 --- a/nixos/tests/tor.nix +++ b/nixos/tests/tor.nix @@ -5,14 +5,14 @@ rec { meta.maintainers = with maintainers; [ joachifm ]; common = - { config, ... }: + { ... }: { boot.kernelParams = [ "audit=0" "apparmor=0" "quiet" ]; networking.firewall.enable = false; networking.useDHCP = false; }; nodes.client = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ common ]; environment.systemPackages = with pkgs; [ netcat ]; services.tor.enable = true; diff --git a/nixos/tests/trac.nix b/nixos/tests/trac.nix index 5da5717d7f865..4599885acde69 100644 --- a/nixos/tests/trac.nix +++ b/nixos/tests/trac.nix @@ -6,7 +6,7 @@ import ./make-test.nix ({ pkgs, ... }: { nodes = { storage = - { config, pkgs, ... }: + { ... }: { services.nfs.server.enable = true; services.nfs.server.exports = '' /repos 192.168.1.0/255.255.255.0(rw,no_root_squash) @@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; postgresql = - { config, pkgs, ... }: + { pkgs, ... }: { services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql; services.postgresql.enableTCPIP = true; @@ -29,7 +29,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; webserver = - { config, pkgs, ... }: + { pkgs, ... }: { fileSystems = pkgs.lib.mkVMOverride [ { mountPoint = "/repos"; device = "storage:/repos"; @@ -43,7 +43,7 @@ import ./make-test.nix ({ pkgs, ... }: { }; client = - { config, pkgs, ... }: + { ... }: { imports = [ ./common/x11.nix ]; services.xserver.desktopManager.plasma5.enable = true; }; diff --git a/nixos/tests/transmission.nix b/nixos/tests/transmission.nix index 34c49bd7f15b8..f1c238730ebb8 100644 --- a/nixos/tests/transmission.nix +++ b/nixos/tests/transmission.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ...} : { maintainers = [ coconnor ]; }; - machine = { config, pkgs, ... }: { + machine = { ... }: { imports = [ ../modules/profiles/minimal.nix ]; networking.firewall.allowedTCPPorts = [ 9091 ]; diff --git a/nixos/tests/udisks2.nix b/nixos/tests/udisks2.nix index 70a999267a54c..8bbbe286efcf8 100644 --- a/nixos/tests/udisks2.nix +++ b/nixos/tests/udisks2.nix @@ -16,7 +16,7 @@ in }; machine = - { config, pkgs, ... }: + { ... }: { services.udisks2.enable = true; imports = [ ./common/user-account.nix ]; diff --git a/nixos/tests/vault.nix b/nixos/tests/vault.nix index 515d5c8bac251..caf0cbb2abfe0 100644 --- a/nixos/tests/vault.nix +++ b/nixos/tests/vault.nix @@ -4,7 +4,7 @@ import ./make-test.nix ({ pkgs, ... }: meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ lnl7 ]; }; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.vault ]; environment.variables.VAULT_ADDR = "http://127.0.0.1:8200"; services.vault.enable = true; diff --git a/nixos/tests/wordpress.nix b/nixos/tests/wordpress.nix index c51306a8c7a04..2c0bbbfd71613 100644 --- a/nixos/tests/wordpress.nix +++ b/nixos/tests/wordpress.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ... }: nodes = { web = - { config, pkgs, ... }: + { pkgs, ... }: { services.mysql = { enable = true; @@ -41,7 +41,7 @@ import ./make-test.nix ({ pkgs, ... }: }; testScript = - { nodes, ... }: + { ... }: '' startAll; diff --git a/nixos/tests/xdg-desktop-portal.nix b/nixos/tests/xdg-desktop-portal.nix index d954b07f73d6f..79ebb83c49a59 100644 --- a/nixos/tests/xdg-desktop-portal.nix +++ b/nixos/tests/xdg-desktop-portal.nix @@ -7,7 +7,7 @@ import ./make-test.nix ({ pkgs, ... }: maintainers = pkgs.xdg-desktop-portal.meta.maintainers; }; - machine = { config, pkgs, ... }: { + machine = { pkgs, ... }: { environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; }; diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index c8b18f1226580..47717e8cf7d91 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { config, pkgs, ... }: + { pkgs, ... }: { imports = [ ./common/user-account.nix ]; diff --git a/nixos/tests/xmonad.nix b/nixos/tests/xmonad.nix index 3ea455c393c40..61fa7c1a67d34 100644 --- a/nixos/tests/xmonad.nix +++ b/nixos/tests/xmonad.nix @@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; - testScript = { nodes, ... }: '' + testScript = { ... }: '' $machine->waitForX; $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); diff --git a/nixos/tests/xrdp.nix b/nixos/tests/xrdp.nix index c997e36cc442c..0106aefe8318d 100644 --- a/nixos/tests/xrdp.nix +++ b/nixos/tests/xrdp.nix @@ -5,14 +5,14 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - server = { lib, pkgs, ... }: { + server = { pkgs, ... }: { imports = [ ./common/user-account.nix ]; services.xrdp.enable = true; services.xrdp.defaultWindowManager = "${pkgs.xterm}/bin/xterm"; networking.firewall.allowedTCPPorts = [ 3389 ]; }; - client = { lib, pkgs, ... }: { + client = { pkgs, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; services.xserver.displayManager.auto.user = "alice"; environment.systemPackages = [ pkgs.freerdp ]; @@ -21,7 +21,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; - testScript = { nodes, ... }: '' + testScript = { ... }: '' startAll; $client->waitForX; diff --git a/nixos/tests/zfs.nix b/nixos/tests/zfs.nix index a6908024de9bb..1434038e90c19 100644 --- a/nixos/tests/zfs.nix +++ b/nixos/tests/zfs.nix @@ -17,7 +17,7 @@ let maintainers = [ adisbladis ]; }; - machine = { config, lib, pkgs, ... }: + machine = { pkgs, ... }: { virtualisation.emptyDiskImages = [ 4096 ]; networking.hostId = "deadbeef"; diff --git a/nixos/tests/zookeeper.nix b/nixos/tests/zookeeper.nix index d247654adadef..f343ebd39e442 100644 --- a/nixos/tests/zookeeper.nix +++ b/nixos/tests/zookeeper.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; nodes = { - server = { pkgs, config, ... }: { + server = { ... }: { services.zookeeper = { enable = true; }; |