diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/installer/tools/nixos-generate-config.pl | 8 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/nginx.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/webdav.nix | 107 | ||||
-rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/startx.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/sx.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/x11/xserver.nix | 24 | ||||
-rw-r--r-- | nixos/modules/tasks/auto-upgrade.nix | 1 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 2 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/libresprite.nix | 30 |
13 files changed, 170 insertions, 17 deletions
diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 7bc55e67134b6..fe8c4fb1a6b5f 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -91,6 +91,11 @@ sub hasCPUFeature { } +sub cpuManufacturer { + my $id = shift; + return $cpuinfo =~ /^vendor_id\s*:.* $id$/m; +} + # Determine CPU governor to use if (-e "/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors") { @@ -111,6 +116,9 @@ if (-e "/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors") { push @kernelModules, "kvm-intel" if hasCPUFeature "vmx"; push @kernelModules, "kvm-amd" if hasCPUFeature "svm"; +push @attrs, "hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;" if cpuManufacturer "AuthenticAMD"; +push @attrs, "hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;" if cpuManufacturer "GenuineIntel"; + # Look at the PCI devices and add necessary modules. Note that most # modules are auto-detected so we don't need to list them here. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5d075d1aa299f..9eca0b8d65f23 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -684,6 +684,7 @@ ./services/network-filesystems/tahoe.nix ./services/network-filesystems/diod.nix ./services/network-filesystems/u9fs.nix + ./services/network-filesystems/webdav.nix ./services/network-filesystems/yandex-disk.nix ./services/network-filesystems/xtreemfs.nix ./services/network-filesystems/ceph.nix diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix index 5ee8c346be1dc..3cdd7866bd4db 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix @@ -47,7 +47,7 @@ in ExecStart = '' ${pkgs.prometheus-nginx-exporter}/bin/nginx-prometheus-exporter \ --nginx.scrape-uri '${cfg.scrapeUri}' \ - --nginx.ssl-verify ${toString cfg.sslVerify} \ + --nginx.ssl-verify ${boolToString cfg.sslVerify} \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ --web.telemetry-path ${cfg.telemetryPath} \ --prometheus.const-labels ${concatStringsSep "," cfg.constLabels} \ diff --git a/nixos/modules/services/network-filesystems/webdav.nix b/nixos/modules/services/network-filesystems/webdav.nix new file mode 100644 index 0000000000000..4086a0f5d5620 --- /dev/null +++ b/nixos/modules/services/network-filesystems/webdav.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.webdav; + format = pkgs.formats.yaml { }; +in +{ + options = { + services.webdav = { + enable = mkEnableOption "WebDAV server"; + + user = mkOption { + type = types.str; + default = "webdav"; + description = "User account under which WebDAV runs."; + }; + + group = mkOption { + type = types.str; + default = "webdav"; + description = "Group under which WebDAV runs."; + }; + + settings = mkOption { + type = format.type; + default = { }; + description = '' + Attrset that is converted and passed as config file. Available options + can be found at + <link xlink:href="https://github.com/hacdias/webdav">here</link>. + + This program supports reading username and password configuration + from environment variables, so it's strongly recommended to store + username and password in a separate + <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=">EnvironmentFile</link>. + This prevents adding secrets to the world-readable Nix store. + ''; + example = literalExpression '' + { + address = "0.0.0.0"; + port = 8080; + scope = "/srv/public"; + modify = true; + auth = true; + users = [ + { + username = "{env}ENV_USERNAME"; + password = "{env}ENV_PASSWORD"; + } + ]; + } + ''; + }; + + configFile = mkOption { + type = types.path; + default = format.generate "webdav.yaml" cfg.settings; + defaultText = "Config file generated from services.webdav.settings"; + description = '' + Path to config file. If this option is set, it will override any + configuration done in options.services.webdav.settings. + ''; + example = "/etc/webdav/config.yaml"; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Environment file as defined in <citerefentry> + <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users = mkIf (cfg.user == "webdav") { + webdav = { + description = "WebDAV daemon user"; + isSystemUser = true; + group = cfg.group; + }; + }; + + users.groups = mkIf (cfg.group == "webdav") { + webdav = { }; + }; + + systemd.services.webdav = { + description = "WebDAV server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.webdav}/bin/webdav -c ${cfg.configFile}"; + Restart = "on-failure"; + User = cfg.user; + Group = cfg.group; + EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; + }; + }; + }; + + meta.maintainers = with maintainers; [ pengmeiyu ]; +} diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 74daf0ae9fafe..73e63e2ee99b5 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -527,7 +527,6 @@ in { { networkmanager.connectionConfig = { - "ipv6.ip6-privacy" = 2; "ethernet.cloned-mac-address" = cfg.ethernet.macAddress; "wifi.cloned-mac-address" = cfg.wifi.macAddress; "wifi.powersave" = diff --git a/nixos/modules/services/x11/display-managers/startx.nix b/nixos/modules/services/x11/display-managers/startx.nix index 6cd46cdf96498..a48566ae06841 100644 --- a/nixos/modules/services/x11/display-managers/startx.nix +++ b/nixos/modules/services/x11/display-managers/startx.nix @@ -35,10 +35,7 @@ in config = mkIf cfg.enable { services.xserver = { exportConfiguration = true; - displayManager.job.execCmd = ""; - displayManager.lightdm.enable = lib.mkForce false; }; - systemd.services.display-manager.enable = false; # Other displayManagers log to /dev/null because they're services and put # Xorg's stdout in the journal diff --git a/nixos/modules/services/x11/display-managers/sx.nix b/nixos/modules/services/x11/display-managers/sx.nix index 73d27390a5803..e309773643009 100644 --- a/nixos/modules/services/x11/display-managers/sx.nix +++ b/nixos/modules/services/x11/display-managers/sx.nix @@ -26,13 +26,8 @@ in { environment.systemPackages = [ pkgs.sx ]; services.xserver = { exportConfiguration = true; - displayManager = { - job.execCmd = ""; - lightdm.enable = mkForce false; - }; logFile = mkDefault null; }; - systemd.services.display-manager.enable = false; }; meta.maintainers = with maintainers; [ figsoda ]; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index cb620f10b13fc..24d9257344235 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -588,11 +588,22 @@ in config = mkIf cfg.enable { services.xserver.displayManager.lightdm.enable = - let dmconf = cfg.displayManager; - default = !(dmconf.gdm.enable - || dmconf.sddm.enable - || dmconf.xpra.enable ); - in mkIf (default) true; + let dmConf = cfg.displayManager; + default = !(dmConf.gdm.enable + || dmConf.sddm.enable + || dmConf.xpra.enable + || dmConf.sx.enable + || dmConf.startx.enable); + in mkIf (default) (mkDefault true); + + # so that the service won't be enabled when only startx is used + systemd.services.display-manager.enable = + let dmConf = cfg.displayManager; + noDmUsed = !(dmConf.gdm.enable + || dmConf.sddm.enable + || dmConf.xpra.enable + || dmConf.lightdm.enable); + in mkIf (noDmUsed) (mkDefault false); hardware.opengl.enable = mkDefault true; @@ -702,7 +713,8 @@ in rm -f /tmp/.X0-lock ''; - script = "${cfg.displayManager.job.execCmd}"; + # TODO: move declaring the systemd service to its own mkIf + script = mkIf (config.systemd.services.display-manager.enable == true) "${cfg.displayManager.job.execCmd}"; # Stop restarting if the display manager stops (crashes) 2 times # in one minute. Starting X typically takes 3-4s. diff --git a/nixos/modules/tasks/auto-upgrade.nix b/nixos/modules/tasks/auto-upgrade.nix index b19b688a1fb8a..b931b27ad8170 100644 --- a/nixos/modules/tasks/auto-upgrade.nix +++ b/nixos/modules/tasks/auto-upgrade.nix @@ -139,6 +139,7 @@ in { gzip gitMinimal config.nix.package.out + config.programs.ssh.package ]; script = let diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 4e20ec1184641..75fc5a14a8009 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1233,6 +1233,8 @@ in "net.ipv4.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces); "net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6); "net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6); + # networkmanager falls back to "/proc/sys/net/ipv6/conf/default/use_tempaddr" + "net.ipv6.conf.default.use_tempaddr" = tempaddrValues.${cfg.tempAddresses}.sysctl; } // listToAttrs (flip concatMap (filter (i: i.proxyARP) interfaces) (i: [(nameValuePair "net.ipv4.conf.${replaceChars ["."] ["/"] i.name}.proxy_arp" true)])) // listToAttrs (forEach interfaces diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 67fde55faabe7..0c2782d3e0274 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -845,7 +845,7 @@ in ''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"'' ]) (mkIf cfg.useEFIBoot [ - "-drive if=pflash,format=raw,unit=0,readonly,file=${efiFirmware}" + "-drive if=pflash,format=raw,unit=0,readonly=on,file=${efiFirmware}" "-drive if=pflash,format=raw,unit=1,file=$NIX_EFI_VARS" ]) (mkIf (cfg.bios != null) [ diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index a74792d3d2eb0..cd13183ed0a32 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -230,6 +230,7 @@ in leaps = handleTest ./leaps.nix {}; libinput = handleTest ./libinput.nix {}; libreddit = handleTest ./libreddit.nix {}; + libresprite = handleTest ./libresprite.nix {}; libreswan = handleTest ./libreswan.nix {}; lidarr = handleTest ./lidarr.nix {}; lightdm = handleTest ./lightdm.nix {}; diff --git a/nixos/tests/libresprite.nix b/nixos/tests/libresprite.nix new file mode 100644 index 0000000000000..1a6210e3671ae --- /dev/null +++ b/nixos/tests/libresprite.nix @@ -0,0 +1,30 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "libresprite"; + meta = with pkgs.lib.maintainers; { + maintainers = [ fgaz ]; + }; + + machine = { config, pkgs, ... }: { + imports = [ + ./common/x11.nix + ]; + + services.xserver.enable = true; + environment.systemPackages = [ + pkgs.imagemagick + pkgs.libresprite + ]; + }; + + enableOCR = true; + + testScript = + '' + machine.wait_for_x() + machine.succeed("convert -font DejaVu-Sans +antialias label:'IT WORKS' image.png") + machine.execute("libresprite image.png >&2 &") + machine.wait_for_window("LibreSprite v${pkgs.libresprite.version}") + machine.wait_for_text("IT WORKS") + machine.screenshot("screen") + ''; +}) |