From 457ffd9bae439ab91c2dd538ed1d671eb6efd1b0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Sun, 18 Aug 2024 17:33:32 +0200 Subject: [PATCH] treewide/nixos: remove `with lib;` part 4 --- .../installer/cd-dvd/installation-cd-base.nix | 8 +- .../cd-dvd/installation-cd-graphical-base.nix | 6 +- nixos/modules/installer/scan/detected.nix | 5 +- nixos/modules/misc/nixpkgs-flake.nix | 27 ++- nixos/modules/misc/nixpkgs.nix | 81 +++++---- nixos/modules/misc/wordlist.nix | 15 +- nixos/modules/security/misc.nix | 47 +++-- nixos/modules/security/oath.nix | 22 +-- nixos/modules/services/admin/pgadmin.nix | 85 +++++---- .../modules/services/backup/mysql-backup.nix | 41 ++--- .../services/backup/postgresql-backup.nix | 51 +++--- .../backup/postgresql-wal-receiver.nix | 77 ++++----- .../services/backup/restic-rest-server.nix | 45 +++-- nixos/modules/services/backup/restic.nix | 163 +++++++++--------- nixos/modules/services/backup/rsnapshot.nix | 23 ++- nixos/modules/services/backup/sanoid.nix | 91 +++++----- nixos/modules/services/backup/snapraid.nix | 45 +++-- nixos/modules/services/backup/syncoid.nix | 133 +++++++------- nixos/modules/services/backup/tarsnap.nix | 155 ++++++++--------- .../services/backup/zfs-replication.nix | 39 ++--- nixos/modules/services/backup/zrepl.nix | 14 +- .../services/blockchain/ethereum/erigon.nix | 42 +++-- .../services/blockchain/ethereum/geth.nix | 101 ++++++----- .../blockchain/ethereum/lighthouse.nix | 108 ++++++------ .../modules/services/cluster/k3s/default.nix | 80 +++++---- .../cluster/kubernetes/addons/dns.nix | 43 +++-- .../services/cluster/pacemaker/default.nix | 8 +- .../services/cluster/patroni/default.nix | 85 +++++---- .../modules/services/cluster/rke2/default.nix | 126 +++++++------- .../services/cluster/spark/default.nix | 45 +++-- .../services/computing/boinc/client.nix | 27 ++- .../computing/foldingathome/client.nix | 29 ++-- .../services/computing/slurm/slurm.nix | 135 +++++++-------- .../modules/services/computing/torque/mom.nix | 11 +- .../services/computing/torque/server.nix | 7 +- .../buildbot/master.nix | 150 ++++++++-------- nixos/modules/services/databases/etcd.nix | 123 +++++++------ .../services/desktops/accountsservice.nix | 20 +-- nixos/modules/services/desktops/bamf.nix | 10 +- nixos/modules/system/boot/clevis.nix | 37 ++-- nixos/modules/system/boot/emergency-mode.nix | 9 +- nixos/modules/system/boot/loader/efi.nix | 11 +- nixos/modules/system/boot/tmp.nix | 27 ++- nixos/modules/tasks/filesystems/nfs.nix | 51 +++--- .../virtualisation/docker-rootless.nix | 19 +- .../virtualisation/virtualbox-guest.nix | 30 ++-- .../virtualisation/virtualbox-host.nix | 43 +++-- .../virtualisation/virtualbox-image.nix | 71 ++++---- nixos/modules/virtualisation/vmware-guest.nix | 19 +- nixos/modules/virtualisation/xen-dom0.nix | 88 +++++----- 50 files changed, 1290 insertions(+), 1438 deletions(-) diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix index 3f92b779d60a2a9..d36c90c6254ebd2 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix @@ -1,10 +1,6 @@ # This module contains the basic configuration for building a NixOS # installation CD. - { config, lib, options, pkgs, ... }: - -with lib; - { imports = [ ./iso-image.nix @@ -32,8 +28,8 @@ with lib; # An installation media cannot tolerate a host config defined file # system layout on a fresh machine, before it has been formatted. - swapDevices = mkImageMediaOverride [ ]; - fileSystems = mkImageMediaOverride config.lib.isoFileSystems; + swapDevices = lib.mkImageMediaOverride [ ]; + fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems; boot.postBootCommands = '' for o in $( {}"; + example = lib.literalExpression "import {}"; description = '' If set, the pkgs argument to all NixOS modules is the value of this option, extended with `nixpkgs.overlays`, if @@ -145,9 +142,9 @@ in ''; }; - config = mkOption { + config = lib.mkOption { default = {}; - example = literalExpression + example = lib.literalExpression '' { allowBroken = true; allowUnfree = true; } ''; @@ -160,9 +157,9 @@ in ''; }; - overlays = mkOption { + overlays = lib.mkOption { default = []; - example = literalExpression + example = lib.literalExpression '' [ (self: super: { @@ -173,7 +170,7 @@ in }) ] ''; - type = types.listOf overlayType; + type = lib.types.listOf overlayType; description = '' List of overlays to apply to Nixpkgs. This option allows modifying the Nixpkgs package set accessed through the `pkgs` module argument. @@ -184,13 +181,13 @@ in ''; }; - hostPlatform = mkOption { - type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform + hostPlatform = lib.mkOption { + type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform example = { system = "aarch64-linux"; }; # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExpression + defaultText = lib.literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Specifies the platform where the NixOS configuration will run. @@ -201,8 +198,8 @@ in ''; }; - buildPlatform = mkOption { - type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform + buildPlatform = lib.mkOption { + type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = cfg.hostPlatform; example = { system = "x86_64-linux"; }; # Make sure that the final value has all fields for sake of other modules @@ -212,7 +209,7 @@ in in if lib.systems.equals elaborated cfg.hostPlatform then cfg.hostPlatform # make identical, so that `==` equality works; see https://github.com/NixOS/nixpkgs/issues/278001 else elaborated; - defaultText = literalExpression + defaultText = lib.literalExpression ''config.nixpkgs.hostPlatform''; description = '' Specifies the platform on which NixOS should be built. @@ -228,14 +225,14 @@ in ''; }; - localSystem = mkOption { - type = types.attrs; # TODO utilize lib.systems.parsedPlatform + localSystem = lib.mkOption { + type = lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = { inherit (cfg) system; }; example = { system = "aarch64-linux"; }; # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExpression + defaultText = lib.literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Systems with a recently generated `hardware-configuration.nix` @@ -262,8 +259,8 @@ in # TODO deprecate. "crossSystem" is a nonsense identifier, because "cross" # is a relation between at least 2 systems in the context of a # specific build step, not a single system. - crossSystem = mkOption { - type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform + crossSystem = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = null; example = { system = "aarch64-linux"; }; description = '' @@ -283,8 +280,8 @@ in ''; }; - system = mkOption { - type = types.str; + system = lib.mkOption { + type = lib.types.str; example = "i686-linux"; default = if opt.hostPlatform.isDefined @@ -372,12 +369,12 @@ in { assertion = constructedByMe -> hasPlatform -> legacyOptionsDefined == []; message = '' - Your system configures nixpkgs with the platform parameter${optionalString hasBuildPlatform "s"}: + Your system configures nixpkgs with the platform parameter${lib.optionalString hasBuildPlatform "s"}: ${hostPlatformLine }${buildPlatformLine } However, it also defines the legacy options: - ${concatMapStrings showOptionWithDefLocs legacyOptionsDefined} + ${lib.concatMapStrings lib.showOptionWithDefLocs legacyOptionsDefined} For a future proof system configuration, we recommend to remove the legacy definitions. ''; diff --git a/nixos/modules/misc/wordlist.nix b/nixos/modules/misc/wordlist.nix index 988b522d7431407..b967afa607ee5d8 100644 --- a/nixos/modules/misc/wordlist.nix +++ b/nixos/modules/misc/wordlist.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let concatAndSort = name: files: pkgs.runCommand name {} '' awk 1 ${lib.escapeShellArgs files} | sed '{ /^\s*$/d; s/^\s\+//; s/\s\+$// }' | sort | uniq > $out @@ -8,16 +7,16 @@ in { options = { environment.wordlist = { - enable = mkEnableOption "environment variables for lists of words"; + enable = lib.mkEnableOption "environment variables for lists of words"; - lists = mkOption { - type = types.attrsOf (types.nonEmptyListOf types.path); + lists = lib.mkOption { + type = lib.types.attrsOf (lib.types.nonEmptyListOf lib.types.path); default = { WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ]; }; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' { WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ]; } @@ -34,7 +33,7 @@ in task. ''; - example = literalExpression '' + example = lib.literalExpression '' { WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ]; AUGMENTED_WORDLIST = [ @@ -50,10 +49,10 @@ in }; }; - config = mkIf config.environment.wordlist.enable { + config = lib.mkIf config.environment.wordlist.enable { environment.variables = lib.mapAttrs (name: value: "${concatAndSort "wordlist-${name}" value}") - config.environment.wordlist.lists; + config.environment.wordlist.lib.lists; }; } diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index 5e13b4caddd8675..d3ffefe46fc6fc9 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -1,10 +1,7 @@ { config, lib, ... }: - -with lib; - { meta = { - maintainers = [ maintainers.joachifm ]; + maintainers = [ lib.maintainers.joachifm ]; }; imports = [ @@ -12,8 +9,8 @@ with lib; ]; options = { - security.allowUserNamespaces = mkOption { - type = types.bool; + security.allowUserNamespaces = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to allow creation of user namespaces. @@ -31,8 +28,8 @@ with lib; ''; }; - security.unprivilegedUsernsClone = mkOption { - type = types.bool; + security.unprivilegedUsernsClone = lib.mkOption { + type = lib.types.bool; default = false; description = '' When disabled, unprivileged users will not be able to create new namespaces. @@ -41,16 +38,16 @@ with lib; ''; }; - security.protectKernelImage = mkOption { - type = types.bool; + security.protectKernelImage = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to prevent replacing the running kernel image. ''; }; - security.allowSimultaneousMultithreading = mkOption { - type = types.bool; + security.allowSimultaneousMultithreading = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to allow SMT/hyperthreading. Disabling SMT means that only @@ -68,8 +65,8 @@ with lib; ''; }; - security.forcePageTableIsolation = mkOption { - type = types.bool; + security.forcePageTableIsolation = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to force-enable the Page Table Isolation (PTI) Linux kernel @@ -80,8 +77,8 @@ with lib; ''; }; - security.virtualisation.flushL1DataCache = mkOption { - type = types.nullOr (types.enum [ "never" "cond" "always" ]); + security.virtualisation.flushL1DataCache = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ "never" "cond" "always" ]); default = null; description = '' Whether the hypervisor should flush the L1 data cache before @@ -100,8 +97,8 @@ with lib; }; }; - config = mkMerge [ - (mkIf (!config.security.allowUserNamespaces) { + config = lib.mkMerge [ + (lib.mkIf (!config.security.allowUserNamespaces) { # Setting the number of allowed user namespaces to 0 effectively disables # the feature at runtime. Note that root may raise the limit again # at any time. @@ -114,26 +111,26 @@ with lib; ]; }) - (mkIf config.security.unprivilegedUsernsClone { - boot.kernel.sysctl."kernel.unprivileged_userns_clone" = mkDefault true; + (lib.mkIf config.security.unprivilegedUsernsClone { + boot.kernel.sysctl."kernel.unprivileged_userns_clone" = lib.mkDefault true; }) - (mkIf config.security.protectKernelImage { + (lib.mkIf config.security.protectKernelImage { # Disable hibernation (allows replacing the running kernel) boot.kernelParams = [ "nohibernate" ]; # Prevent replacing the running kernel image w/o reboot - boot.kernel.sysctl."kernel.kexec_load_disabled" = mkDefault true; + boot.kernel.sysctl."kernel.kexec_load_disabled" = lib.mkDefault true; }) - (mkIf (!config.security.allowSimultaneousMultithreading) { + (lib.mkIf (!config.security.allowSimultaneousMultithreading) { boot.kernelParams = [ "nosmt" ]; }) - (mkIf config.security.forcePageTableIsolation { + (lib.mkIf config.security.forcePageTableIsolation { boot.kernelParams = [ "pti=on" ]; }) - (mkIf (config.security.virtualisation.flushL1DataCache != null) { + (lib.mkIf (config.security.virtualisation.flushL1DataCache != null) { boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualisation.flushL1DataCache}" ]; }) ]; diff --git a/nixos/modules/security/oath.nix b/nixos/modules/security/oath.nix index 93bdc851117ae31..acf9440b9b92c47 100644 --- a/nixos/modules/security/oath.nix +++ b/nixos/modules/security/oath.nix @@ -1,32 +1,28 @@ # This module provides configuration for the OATH PAM modules. - { lib, ... }: - -with lib; - { options = { security.pam.oath = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable the OATH (one-time password) PAM module. ''; }; - digits = mkOption { - type = types.enum [ 6 7 8 ]; + digits = lib.mkOption { + type = lib.types.enum [ 6 7 8 ]; default = 6; description = '' - Specify the length of the one-time password in number of + Specify the lib.length of the one-time password in number of digits. ''; }; - window = mkOption { - type = types.int; + window = lib.mkOption { + type = lib.types.int; default = 5; description = '' Specify the number of one-time passwords to check in order @@ -36,8 +32,8 @@ with lib; ''; }; - usersFile = mkOption { - type = types.path; + usersFile = lib.mkOption { + type = lib.types.path; default = "/etc/users.oath"; description = '' Set the path to file where the user's credentials are diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 9c430bd05e712cb..c9da556b763df3b 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.pgadmin; - _base = with types; [ int bool str ]; - base = with types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); + _base = with lib.types; [ int bool str ]; + base = with lib.types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); formatAttrset = attr: - "{${concatStringsSep "\n" (mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; + "{${lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; formatPyValue = value: if builtins.isString value then builtins.toJSON value @@ -17,98 +14,98 @@ let else if builtins.isInt value then toString value else if builtins.isBool value then (if value then "True" else "False") else if builtins.isAttrs value then (formatAttrset value) - else if builtins.isList value then "[${concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" + else if builtins.isList value then "[${lib.concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" else throw "Unrecognized type"; formatPy = attrs: - concatStringsSep "\n" (mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); + lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); - pyType = with types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); + pyType = with lib.types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); in { options.services.pgadmin = { - enable = mkEnableOption "PostgreSQL Admin 4"; + enable = lib.mkEnableOption "PostgreSQL Admin 4"; - port = mkOption { + port = lib.mkOption { description = "Port for pgadmin4 to run on"; - type = types.port; + type = lib.types.port; default = 5050; }; - package = mkPackageOption pkgs "pgadmin4" { }; + package = lib.mkPackageOption pkgs "pgadmin4" { }; - initialEmail = mkOption { + initialEmail = lib.mkOption { description = "Initial email for the pgAdmin account"; - type = types.str; + type = lib.types.str; }; - initialPasswordFile = mkOption { + initialPasswordFile = lib.mkOption { description = '' Initial password file for the pgAdmin account. Minimum length by default is 6. Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable ''; - type = types.path; + type = lib.types.path; }; - minimumPasswordLength = mkOption { + minimumPasswordLength = lib.mkOption { description = "Minimum length of the password"; - type = types.int; + type = lib.types.int; default = 6; }; emailServer = { - enable = mkOption { + enable = lib.mkOption { description = '' Enable SMTP email server. This is necessary, if you want to use password recovery or change your own password ''; - type = types.bool; + type = lib.types.bool; default = false; }; - address = mkOption { + address = lib.mkOption { description = "SMTP server for email delivery"; - type = types.str; + type = lib.types.str; default = "localhost"; }; - port = mkOption { + port = lib.mkOption { description = "SMTP server port for email delivery"; - type = types.port; + type = lib.types.port; default = 25; }; - useSSL = mkOption { + useSSL = lib.mkOption { description = "SMTP server should use SSL"; - type = types.bool; + type = lib.types.bool; default = false; }; - useTLS = mkOption { + useTLS = lib.mkOption { description = "SMTP server should use TLS"; - type = types.bool; + type = lib.types.bool; default = false; }; - username = mkOption { + username = lib.mkOption { description = "SMTP server username for email delivery"; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - sender = mkOption { + sender = lib.mkOption { description = '' SMTP server sender email for email delivery. Some servers require this to be a valid email address from that server ''; - type = types.str; + type = lib.types.str; example = "noreply@example.com"; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { description = '' Password for SMTP email account. NOTE: Should be string not a store path, to prevent the password from being world readable ''; - type = types.path; + type = lib.types.path; }; }; - openFirewall = mkEnableOption "firewall passthrough for pgadmin4"; + openFirewall = lib.mkEnableOption "firewall passthrough for pgadmin4"; - settings = mkOption { + settings = lib.mkOption { description = '' Settings for pgadmin4. [Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html) @@ -118,17 +115,17 @@ in }; }; - config = mkIf (cfg.enable) { - networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ]; + config = lib.mkIf (cfg.enable) { + networking.firewall.allowedTCPPorts = lib.mkIf (cfg.openFirewall) [ cfg.port ]; services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength; SERVER_MODE = true; UPGRADE_CHECK_ENABLED = false; - } // (optionalAttrs cfg.openFirewall { - DEFAULT_SERVER = mkDefault "::"; - }) // (optionalAttrs cfg.emailServer.enable { + } // (lib.optionalAttrs cfg.openFirewall { + DEFAULT_SERVER = lib.mkDefault "::"; + }) // (lib.optionalAttrs cfg.emailServer.enable { MAIL_SERVER = cfg.emailServer.address; MAIL_PORT = cfg.emailServer.port; MAIL_USE_SSL = cfg.emailServer.useSSL; @@ -160,7 +157,7 @@ in fi ( # Email address: - echo ${escapeShellArg cfg.initialEmail} + echo ${lib.escapeShellArg cfg.initialEmail} # file might not contain newline. echo hack fixes that. PW=$(cat "$PW_FILE") @@ -183,7 +180,7 @@ in StateDirectory = "pgadmin"; ExecStart = "${cfg.package}/bin/pgadmin4"; LoadCredential = [ "initial_password:${cfg.initialPasswordFile}" ] - ++ optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; + ++ lib.optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; }; }; diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix index e3fa7f45844f159..8ad4f98dce8a376 100644 --- a/nixos/modules/services/backup/mysql-backup.nix +++ b/nixos/modules/services/backup/mysql-backup.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inherit (pkgs) mariadb gzip; @@ -12,7 +9,7 @@ let backupScript = '' set -o pipefail failed="" - ${concatMapStringsSep "\n" backupDatabaseScript cfg.databases} + ${lib.concatMapStringsSep "\n" backupDatabaseScript cfg.databases} if [ -n "$failed" ]; then echo "Backup of database(s) failed:$failed" exit 1 @@ -20,7 +17,7 @@ let ''; backupDatabaseScript = db: '' dest="${cfg.location}/${db}.gz" - if ${mariadb}/bin/mysqldump ${optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c ${cfg.gzipOptions} > $dest.tmp; then + if ${mariadb}/bin/mysqldump ${lib.optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c ${cfg.gzipOptions} > $dest.tmp; then mv $dest.tmp $dest echo "Backed up to $dest" else @@ -37,51 +34,51 @@ in services.mysqlBackup = { - enable = mkEnableOption "MySQL backups"; + enable = lib.mkEnableOption "MySQL backups"; - calendar = mkOption { - type = types.str; + calendar = lib.mkOption { + type = lib.types.str; default = "01:15:00"; description = '' Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second). ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; description = '' User to be used to perform backup. ''; }; - databases = mkOption { + databases = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' List of database names to dump. ''; }; - location = mkOption { - type = types.path; + location = lib.mkOption { + type = lib.types.path; default = "/var/backup/mysql"; description = '' Location to put the gzipped MySQL database dumps. ''; }; - singleTransaction = mkOption { + singleTransaction = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to create database dump in a single transaction ''; }; - gzipOptions = mkOption { + gzipOptions = lib.mkOption { default = "--no-name --rsyncable"; - type = types.str; + type = lib.types.str; description = '' Command line options to use when invoking `gzip`. ''; @@ -90,8 +87,8 @@ in }; - config = mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == defaultUser) { + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == defaultUser) { ${defaultUser} = { isSystemUser = true; createHome = false; @@ -105,9 +102,9 @@ in ensurePermissions = with lib; let privs = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES"; - grant = db: nameValuePair "${db}.*" privs; + grant = db: lib.nameValuePair "${db}.*" privs; in - listToAttrs (map grant cfg.databases); + lib.listToAttrs (map grant cfg.databases); }]; systemd = { diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 5dd9e075862da04..3302375c78899dd 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.postgresqlBackup; @@ -13,9 +10,9 @@ let "gzip" = ".gz"; "zstd" = ".zstd"; }; - compressSuffix = getAttr cfg.compression compressSuffixes; + compressSuffix = lib.getAttr cfg.compression compressSuffixes; - compressCmd = getAttr cfg.compression { + compressCmd = lib.getAttr cfg.compression { "none" = "cat"; "gzip" = "${pkgs.gzip}/bin/gzip -c -${toString cfg.compressionLevel} --rsyncable"; "zstd" = "${pkgs.zstd}/bin/zstd -c -${toString cfg.compressionLevel} --rsyncable"; @@ -24,7 +21,7 @@ let mkSqlPath = prefix: suffix: "${cfg.location}/${db}${prefix}.sql${suffix}"; curFile = mkSqlPath "" compressSuffix; prevFile = mkSqlPath ".prev" compressSuffix; - prevFiles = map (mkSqlPath ".prev") (attrValues compressSuffixes); + prevFiles = map (mkSqlPath ".prev") (lib.attrValues compressSuffixes); inProgressFile = mkSqlPath ".in-progress" compressSuffix; in { enable = true; @@ -63,7 +60,7 @@ let in { imports = [ - (mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] '' + (lib.mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] '' A systemd timer is now used instead of cron. The starting time can be configured via services.postgresqlBackup.startAt. '') @@ -71,11 +68,11 @@ in { options = { services.postgresqlBackup = { - enable = mkEnableOption "PostgreSQL dumps"; + enable = lib.mkEnableOption "PostgreSQL dumps"; - startAt = mkOption { + startAt = lib.mkOption { default = "*-*-* 01:15:00"; - type = with types; either (listOf str) str; + type = with lib.types; either (listOf str) str; description = '' This option defines (see `systemd.time` for format) when the databases should be dumped. @@ -83,9 +80,9 @@ in { ''; }; - backupAll = mkOption { + backupAll = lib.mkOption { default = cfg.databases == []; - defaultText = literalExpression "services.postgresqlBackup.databases == []"; + defaultText = lib.literalExpression "services.postgresqlBackup.databases == []"; type = lib.types.bool; description = '' Backup all databases using pg_dumpall. @@ -96,24 +93,24 @@ in { ''; }; - databases = mkOption { + databases = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' List of database names to dump. ''; }; - location = mkOption { + location = lib.mkOption { default = "/var/backup/postgresql"; - type = types.path; + type = lib.types.path; description = '' Path of directory where the PostgreSQL database dumps will be placed. ''; }; - pgdumpOptions = mkOption { - type = types.separatedString " "; + pgdumpOptions = lib.mkOption { + type = lib.types.separatedString " "; default = "-C"; description = '' Command line options for pg_dump. This options is not used @@ -123,16 +120,16 @@ in { ''; }; - compression = mkOption { - type = types.enum ["none" "gzip" "zstd"]; + compression = lib.mkOption { + type = lib.types.enum ["none" "gzip" "zstd"]; default = "gzip"; description = '' The type of compression to use on the generated database dump. ''; }; - compressionLevel = mkOption { - type = types.ints.between 1 19; + compressionLevel = lib.mkOption { + type = lib.types.ints.between 1 19; default = 6; description = '' The compression level used when compression is enabled. @@ -143,7 +140,7 @@ in { }; - config = mkMerge [ + config = lib.mkMerge [ { assertions = [ { @@ -158,17 +155,17 @@ in { } ]; } - (mkIf cfg.enable { + (lib.mkIf cfg.enable { systemd.tmpfiles.rules = [ "d '${cfg.location}' 0700 postgres - - -" ]; }) - (mkIf (cfg.enable && cfg.backupAll) { + (lib.mkIf (cfg.enable && cfg.backupAll) { systemd.services.postgresqlBackup = postgresqlBackupService "all" "pg_dumpall"; }) - (mkIf (cfg.enable && !cfg.backupAll) { - systemd.services = listToAttrs (map (db: + (lib.mkIf (cfg.enable && !cfg.backupAll) { + systemd.services = lib.listToAttrs (map (db: let cmd = "pg_dump ${cfg.pgdumpOptions} ${db}"; in { diff --git a/nixos/modules/services/backup/postgresql-wal-receiver.nix b/nixos/modules/services/backup/postgresql-wal-receiver.nix index a8f2cf514d549ce..e3a48487f396e65 100644 --- a/nixos/modules/services/backup/postgresql-wal-receiver.nix +++ b/nixos/modules/services/backup/postgresql-wal-receiver.nix @@ -1,24 +1,21 @@ { config, lib, pkgs, ... }: - -with lib; - let receiverSubmodule = { options = { - postgresqlPackage = mkPackageOption pkgs "postgresql" { + postgresqlPackage = lib.mkPackageOption pkgs "postgresql" { example = "postgresql_15"; }; - directory = mkOption { - type = types.path; - example = literalExpression "/mnt/pg_wal/main/"; + directory = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression "/mnt/pg_wal/main/"; description = '' Directory to write the output to. ''; }; - statusInterval = mkOption { - type = types.int; + statusInterval = lib.mkOption { + type = lib.types.int; default = 10; description = '' Specifies the number of seconds between status packets sent back to the server. @@ -28,8 +25,8 @@ let ''; }; - slot = mkOption { - type = types.str; + slot = lib.mkOption { + type = lib.types.str; default = ""; example = "some_slot_name"; description = '' @@ -45,8 +42,8 @@ let ''; }; - synchronous = mkOption { - type = types.bool; + synchronous = lib.mkOption { + type = lib.types.bool; default = false; description = '' Flush the WAL data to disk immediately after it has been received. @@ -57,8 +54,8 @@ let ''; }; - compress = mkOption { - type = types.ints.between 0 9; + compress = lib.mkOption { + type = lib.types.ints.between 0 9; default = 0; description = '' Enables gzip compression of write-ahead logs, and specifies the compression level @@ -69,8 +66,8 @@ let ''; }; - connection = mkOption { - type = types.str; + connection = lib.mkOption { + type = lib.types.str; example = "postgresql://user@somehost"; description = '' Specifies parameters used to connect to the server, as a connection string. @@ -81,10 +78,10 @@ let ''; }; - extraArgs = mkOption { - type = with types; listOf str; + extraArgs = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ "--no-sync" ] @@ -94,10 +91,10 @@ let ''; }; - environment = mkOption { - type = with types; attrsOf str; + environment = lib.mkOption { + type = with lib.types; attrsOf str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { PGPASSFILE = "/private/passfile"; PGSSLMODE = "require"; @@ -114,10 +111,10 @@ let in { options = { services.postgresqlWalReceiver = { - receivers = mkOption { - type = with types; attrsOf (submodule receiverSubmodule); + receivers = lib.mkOption { + type = with lib.types; attrsOf (submodule receiverSubmodule); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { main = { postgresqlPackage = pkgs.postgresql_15; @@ -138,7 +135,7 @@ in { config = let receivers = config.services.postgresqlWalReceiver.receivers; - in mkIf (receivers != { }) { + in lib.mkIf (receivers != { }) { users = { users.postgres = { uid = config.ids.uids.postgres; @@ -151,18 +148,18 @@ in { }; }; - assertions = concatLists (attrsets.mapAttrsToList (name: config: [ + assertions = lib.concatLists (lib.attrsets.mapAttrsToList (name: config: [ { - assertion = config.compress > 0 -> versionAtLeast config.postgresqlPackage.version "10"; + assertion = config.compress > 0 -> lib.versionAtLeast config.postgresqlPackage.version "10"; message = "Invalid configuration for WAL receiver \"${name}\": compress requires PostgreSQL version >= 10."; } ]) receivers); - systemd.tmpfiles.rules = mapAttrsToList (name: config: '' - d ${escapeShellArg config.directory} 0750 postgres postgres - - + systemd.tmpfiles.rules = lib.mapAttrsToList (name: config: '' + d ${lib.escapeShellArg config.directory} 0750 postgres postgres - - '') receivers; - systemd.services = with attrsets; mapAttrs' (name: config: nameValuePair "postgresql-wal-receiver-${name}" { + systemd.services = with lib.attrsets; lib.mapAttrs' (name: config: lib.nameValuePair "postgresql-wal-receiver-${name}" { description = "PostgreSQL WAL receiver (${name})"; wantedBy = [ "multi-user.target" ]; startLimitIntervalSec = 0; # retry forever, useful in case of network disruption @@ -179,22 +176,22 @@ in { script = let receiverCommand = postgresqlPackage: - if (versionAtLeast postgresqlPackage.version "10") + if (lib.versionAtLeast postgresqlPackage.version "10") then "${postgresqlPackage}/bin/pg_receivewal" else "${postgresqlPackage}/bin/pg_receivexlog"; in '' ${receiverCommand config.postgresqlPackage} \ --no-password \ - --directory=${escapeShellArg config.directory} \ + --directory=${lib.escapeShellArg config.directory} \ --status-interval=${toString config.statusInterval} \ - --dbname=${escapeShellArg config.connection} \ - ${optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ - ${optionalString (config.slot != "") "--slot=${escapeShellArg config.slot}"} \ - ${optionalString config.synchronous "--synchronous"} \ - ${concatStringsSep " " config.extraArgs} + --dbname=${lib.escapeShellArg config.connection} \ + ${lib.optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ + ${lib.optionalString (config.slot != "") "--slot=${lib.escapeShellArg config.slot}"} \ + ${lib.optionalString config.synchronous "--synchronous"} \ + ${lib.concatStringsSep " " config.extraArgs} ''; }) receivers; }; - meta.maintainers = with maintainers; [ pacien ]; + meta.maintainers = with lib.maintainers; [ pacien ]; } diff --git a/nixos/modules/services/backup/restic-rest-server.nix b/nixos/modules/services/backup/restic-rest-server.nix index eb7b57800333ed4..333609444da2afe 100644 --- a/nixos/modules/services/backup/restic-rest-server.nix +++ b/nixos/modules/services/backup/restic-rest-server.nix @@ -1,32 +1,29 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.restic.server; in { - meta.maintainers = [ maintainers.bachp ]; + meta.maintainers = [ lib.maintainers.bachp ]; options.services.restic.server = { - enable = mkEnableOption "Restic REST Server"; + enable = lib.mkEnableOption "Restic REST Server"; - listenAddress = mkOption { + listenAddress = lib.mkOption { default = "8000"; example = "127.0.0.1:8080"; - type = types.str; + type = lib.types.str; description = "Listen on a specific IP address and port or unix socket."; }; - dataDir = mkOption { + dataDir = lib.mkOption { default = "/var/lib/restic"; - type = types.path; + type = lib.types.path; description = "The directory for storing the restic repository."; }; - appendOnly = mkOption { + appendOnly = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Enable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. @@ -34,33 +31,33 @@ in ''; }; - privateRepos = mkOption { + privateRepos = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Enable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL. ''; }; - prometheus = mkOption { + prometheus = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Enable Prometheus metrics at /metrics."; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra commandline options to pass to Restic REST server. ''; }; - package = mkPackageOption pkgs "restic-rest-server" { }; + package = lib.mkPackageOption pkgs "restic-rest-server" { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = lib.substring 0 1 cfg.listenAddress != ":"; message = "The restic-rest-server now uses systemd socket activation, which expects only the Port number: services.restic.server.listenAddress = \"${lib.substring 1 6 cfg.listenAddress}\";"; @@ -75,10 +72,10 @@ in ExecStart = '' ${cfg.package}/bin/rest-server \ --path ${cfg.dataDir} \ - ${optionalString cfg.appendOnly "--append-only"} \ - ${optionalString cfg.privateRepos "--private-repos"} \ - ${optionalString cfg.prometheus "--prometheus"} \ - ${escapeShellArgs cfg.extraFlags} \ + ${lib.optionalString cfg.appendOnly "--append-only"} \ + ${lib.optionalString cfg.privateRepos "--private-repos"} \ + ${lib.optionalString cfg.prometheus "--prometheus"} \ + ${lib.escapeShellArgs cfg.extraFlags} \ ''; Type = "simple"; User = "restic"; @@ -119,7 +116,7 @@ in wantedBy = [ "sockets.target" ]; }; - systemd.tmpfiles.rules = mkIf cfg.privateRepos [ + systemd.tmpfiles.rules = lib.mkIf cfg.privateRepos [ "f ${cfg.dataDir}/.htpasswd 0700 restic restic -" ]; diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index a7c2ef2eacd5b93..0fb601cce58920e 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -1,28 +1,25 @@ { config, lib, pkgs, utils, ... }: - -with lib; - let # Type for a valid systemd unit option. Needed for correctly passing "timerConfig" to "systemd.timers" inherit (utils.systemdUtils.unitOptions) unitOption; in { - options.services.restic.backups = mkOption { + options.services.restic.backups = lib.mkOption { description = '' Periodic backups to create with Restic. ''; - type = types.attrsOf (types.submodule ({ name, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; description = '' Read the repository password from a file. ''; example = "/etc/nixos/restic-password"; }; - environmentFile = mkOption { - type = with types; nullOr str; + environmentFile = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' file containing the credentials to access the repository, in the @@ -30,8 +27,8 @@ in ''; }; - rcloneOptions = mkOption { - type = with types; nullOr (attrsOf (oneOf [ str bool ])); + rcloneOptions = lib.mkOption { + type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); default = null; description = '' Options to pass to rclone to control its behavior. @@ -47,8 +44,8 @@ in }; }; - rcloneConfig = mkOption { - type = with types; nullOr (attrsOf (oneOf [ str bool ])); + rcloneConfig = lib.mkOption { + type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); default = null; description = '' Configuration for the rclone remote being used for backup. @@ -71,8 +68,8 @@ in }; }; - rcloneConfigFile = mkOption { - type = with types; nullOr path; + rcloneConfigFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Path to the file containing rclone configuration. This file @@ -83,17 +80,17 @@ in ''; }; - inhibitsSleep = mkOption { + inhibitsSleep = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; example = true; description = '' Prevents the system from sleeping while backing up. ''; }; - repository = mkOption { - type = with types; nullOr str; + repository = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' repository to backup to. @@ -101,18 +98,18 @@ in example = "sftp:backup@192.168.1.100:/backups/${name}"; }; - repositoryFile = mkOption { - type = with types; nullOr path; + repositoryFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Path to the file containing the repository location to backup to. ''; }; - paths = mkOption { + paths = lib.mkOption { # This is nullable for legacy reasons only. We should consider making it a pure listOf # after some time has passed since this comment was added. - type = types.nullOr (types.listOf types.str); + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = [ ]; description = '' Which paths to backup, in addition to ones specified via @@ -126,8 +123,8 @@ in ]; }; - exclude = mkOption { - type = types.listOf types.str; + exclude = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Patterns to exclude when backing up. See @@ -141,8 +138,8 @@ in ]; }; - timerConfig = mkOption { - type = types.nullOr (types.attrsOf unitOption); + timerConfig = lib.mkOption { + type = lib.types.nullOr (lib.types.attrsOf unitOption); default = { OnCalendar = "daily"; Persistent = true; @@ -159,8 +156,8 @@ in }; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "root"; description = '' As which user the backup should run. @@ -168,8 +165,8 @@ in example = "postgresql"; }; - extraBackupArgs = mkOption { - type = types.listOf types.str; + extraBackupArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Extra arguments passed to restic backup. @@ -179,8 +176,8 @@ in ]; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Extra extended options to be passed to the restic --option flag. @@ -190,16 +187,16 @@ in ]; }; - initialize = mkOption { - type = types.bool; + initialize = lib.mkOption { + type = lib.types.bool; default = false; description = '' Create the repository if it doesn't exist. ''; }; - pruneOpts = mkOption { - type = types.listOf types.str; + pruneOpts = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' A list of options (--keep-\* et al.) for 'restic forget @@ -215,16 +212,16 @@ in ]; }; - runCheck = mkOption { - type = types.bool; + runCheck = lib.mkOption { + type = lib.types.bool; default = (builtins.length config.services.restic.backups.${name}.checkOpts > 0); - defaultText = literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; + defaultText = lib.literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; description = "Whether to run the `check` command with the provided `checkOpts` options."; example = true; }; - checkOpts = mkOption { - type = types.listOf types.str; + checkOpts = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' A list of options for 'restic check'. @@ -234,8 +231,8 @@ in ]; }; - dynamicFilesFrom = mkOption { - type = with types; nullOr str; + dynamicFilesFrom = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that produces a list of files to back up. The @@ -245,23 +242,23 @@ in example = "find /home/matt/git -type d -name .git"; }; - backupPrepareCommand = mkOption { - type = with types; nullOr str; + backupPrepareCommand = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that must run before starting the backup process. ''; }; - backupCleanupCommand = mkOption { - type = with types; nullOr str; + backupCleanupCommand = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that must run after finishing the backup process. ''; }; - package = mkPackageOption pkgs "restic" { }; + package = lib.mkPackageOption pkgs "restic" { }; createWrapper = lib.mkOption { type = lib.types.bool; @@ -299,54 +296,54 @@ in }; config = { - assertions = mapAttrsToList (n: v: { + assertions = lib.mapAttrsToList (n: v: { assertion = (v.repository == null) != (v.repositoryFile == null); message = "services.restic.backups.${n}: exactly one of repository or repositoryFile should be set"; }) config.services.restic.backups; systemd.services = - mapAttrs' + lib.mapAttrs' (name: backup: let - extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; - inhibitCmd = concatStringsSep " " [ + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; + inhibitCmd = lib.concatStringsSep " " [ "${pkgs.systemd}/bin/systemd-inhibit" "--mode='block'" "--who='restic'" "--what='sleep'" - "--why=${escapeShellArg "Scheduled backup ${name}"} " + "--why=${lib.escapeShellArg "Scheduled backup ${name}"} " ]; - resticCmd = "${optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; - excludeFlags = optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (concatStringsSep "\n" backup.exclude)}"; + resticCmd = "${lib.optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; + excludeFlags = lib.optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (lib.concatStringsSep "\n" backup.exclude)}"; filesFromTmpFile = "/run/restic-backups-${name}/includes"; doBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != []); - pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ - (resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts)) + pruneCmd = lib.optionals (builtins.length backup.pruneOpts > 0) [ + (resticCmd + " forget --prune " + (lib.concatStringsSep " " backup.pruneOpts)) ]; - checkCmd = optionals backup.runCheck [ - (resticCmd + " check " + (concatStringsSep " " backup.checkOpts)) + checkCmd = lib.optionals backup.runCheck [ + (resticCmd + " check " + (lib.concatStringsSep " " backup.checkOpts)) ]; # Helper functions for rclone remotes - rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1; - rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); - rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v); + rcloneRemoteName = builtins.elemAt (lib.splitString ":" backup.repository) 1; + rcloneAttrToOpt = v: "RCLONE_" + lib.toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); + rcloneAttrToConf = v: "RCLONE_CONFIG_" + lib.toUpper (rcloneRemoteName + "_" + v); toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; in - nameValuePair "restic-backups-${name}" ({ + lib.nameValuePair "restic-backups-${name}" ({ environment = { # not %C, because that wouldn't work in the wrapper script RESTIC_CACHE_DIR = "/var/cache/restic-backups-${name}"; RESTIC_PASSWORD_FILE = backup.passwordFile; RESTIC_REPOSITORY = backup.repository; RESTIC_REPOSITORY_FILE = backup.repositoryFile; - } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs' + } // lib.optionalAttrs (backup.rcloneOptions != null) (lib.mapAttrs' (name: value: - nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) + lib.nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) ) - backup.rcloneOptions) // optionalAttrs (backup.rcloneConfigFile != null) { + backup.rcloneOptions) // lib.optionalAttrs (backup.rcloneConfigFile != null) { RCLONE_CONFIG = backup.rcloneConfigFile; - } // optionalAttrs (backup.rcloneConfig != null) (mapAttrs' + } // lib.optionalAttrs (backup.rcloneConfig != null) (lib.mapAttrs' (name: value: - nameValuePair (rcloneAttrToConf name) (toRcloneVal value) + lib.nameValuePair (rcloneAttrToConf name) (toRcloneVal value) ) backup.rcloneConfig); path = [ config.programs.ssh.package ]; @@ -355,37 +352,37 @@ in after = [ "network-online.target" ]; serviceConfig = { Type = "oneshot"; - ExecStart = (optionals doBackup [ "${resticCmd} backup ${concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) + ExecStart = (lib.optionals doBackup [ "${resticCmd} backup ${lib.concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) ++ pruneCmd ++ checkCmd; User = backup.user; RuntimeDirectory = "restic-backups-${name}"; CacheDirectory = "restic-backups-${name}"; CacheDirectoryMode = "0700"; PrivateTmp = true; - } // optionalAttrs (backup.environmentFile != null) { + } // lib.optionalAttrs (backup.environmentFile != null) { EnvironmentFile = backup.environmentFile; }; - } // optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { + } // lib.optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { preStart = '' - ${optionalString (backup.backupPrepareCommand != null) '' + ${lib.optionalString (backup.backupPrepareCommand != null) '' ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand} ''} - ${optionalString (backup.initialize) '' + ${lib.optionalString (backup.initialize) '' ${resticCmd} cat config > /dev/null || ${resticCmd} init ''} - ${optionalString (backup.paths != null && backup.paths != []) '' - cat ${pkgs.writeText "staticPaths" (concatLines backup.paths)} >> ${filesFromTmpFile} + ${lib.optionalString (backup.paths != null && backup.paths != []) '' + cat ${pkgs.writeText "staticPaths" (lib.concatLines backup.paths)} >> ${filesFromTmpFile} ''} - ${optionalString (backup.dynamicFilesFrom != null) '' + ${lib.optionalString (backup.dynamicFilesFrom != null) '' ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} >> ${filesFromTmpFile} ''} ''; - } // optionalAttrs (doBackup || backup.backupCleanupCommand != null) { + } // lib.optionalAttrs (doBackup || backup.backupCleanupCommand != null) { postStop = '' - ${optionalString (backup.backupCleanupCommand != null) '' + ${lib.optionalString (backup.backupCleanupCommand != null) '' ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand} ''} - ${optionalString doBackup '' + ${lib.optionalString doBackup '' rm ${filesFromTmpFile} ''} ''; @@ -393,12 +390,12 @@ in ) config.services.restic.backups; systemd.timers = - mapAttrs' - (name: backup: nameValuePair "restic-backups-${name}" { + lib.mapAttrs' + (name: backup: lib.nameValuePair "restic-backups-${name}" { wantedBy = [ "timers.target" ]; timerConfig = backup.timerConfig; }) - (filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); + (lib.filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); # generate wrapper scripts, as described in the createWrapper option environment.systemPackages = lib.mapAttrsToList (name: backup: let diff --git a/nixos/modules/services/backup/rsnapshot.nix b/nixos/modules/services/backup/rsnapshot.nix index 6635a51ec2c656a..aedb8acd60ac138 100644 --- a/nixos/modules/services/backup/rsnapshot.nix +++ b/nixos/modules/services/backup/rsnapshot.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rsnapshot; cfgfile = pkgs.writeText "rsnapshot.conf" '' @@ -22,21 +19,21 @@ in { options = { services.rsnapshot = { - enable = mkEnableOption "rsnapshot backups"; - enableManualRsnapshot = mkOption { + enable = lib.mkEnableOption "rsnapshot backups"; + enableManualRsnapshot = lib.mkOption { description = "Whether to enable manual usage of the rsnapshot command with this module."; default = true; - type = types.bool; + type = lib.types.bool; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; example = '' retains hourly 24 retain daily 365 backup /home/ localhost/ ''; - type = types.lines; + type = lib.types.lines; description = '' rsnapshot configuration option in addition to the defaults from rsnapshot and this module. @@ -49,10 +46,10 @@ in ''; }; - cronIntervals = mkOption { + cronIntervals = lib.mkOption { default = {}; example = { hourly = "0 * * * *"; daily = "50 21 * * *"; }; - type = types.attrsOf types.str; + type = lib.types.attrsOf lib.types.str; description = '' Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration @@ -62,12 +59,12 @@ in }; }; - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { services.cron.systemCronJobs = - mapAttrsToList (interval: time: "${time} root ${pkgs.rsnapshot}/bin/rsnapshot -c ${cfgfile} ${interval}") cfg.cronIntervals; + lib.mapAttrsToList (interval: time: "${time} root ${pkgs.rsnapshot}/bin/rsnapshot -c ${cfgfile} ${interval}") cfg.cronIntervals; } - (mkIf cfg.enableManualRsnapshot { + (lib.mkIf cfg.enableManualRsnapshot { environment.systemPackages = [ pkgs.rsnapshot ]; environment.etc."rsnapshot.conf".source = cfgfile; }) diff --git a/nixos/modules/services/backup/sanoid.nix b/nixos/modules/services/backup/sanoid.nix index 1b9ace358cabe8e..1341c291d5ba86f 100644 --- a/nixos/modules/services/backup/sanoid.nix +++ b/nixos/modules/services/backup/sanoid.nix @@ -1,85 +1,82 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.sanoid; - datasetSettingsType = with types; + datasetSettingsType = with lib.types; (attrsOf (nullOr (oneOf [ str int bool (listOf str) ]))) // { description = "dataset/template options"; }; commonOptions = { - hourly = mkOption { + hourly = lib.mkOption { description = "Number of hourly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - daily = mkOption { + daily = lib.mkOption { description = "Number of daily snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - monthly = mkOption { + monthly = lib.mkOption { description = "Number of monthly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - yearly = mkOption { + yearly = lib.mkOption { description = "Number of yearly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - autoprune = mkOption { + autoprune = lib.mkOption { description = "Whether to automatically prune old snapshots."; - type = with types; nullOr bool; + type = with lib.types; nullOr bool; default = null; }; - autosnap = mkOption { + autosnap = lib.mkOption { description = "Whether to automatically take snapshots."; - type = with types; nullOr bool; + type = with lib.types; nullOr bool; default = null; }; }; datasetOptions = rec { - use_template = mkOption { + use_template = lib.mkOption { description = "Names of the templates to use for this dataset."; - type = types.listOf (types.str // { - check = (types.enum (attrNames cfg.templates)).check; + type = lib.types.listOf (lib.types.str // { + check = (lib.types.enum (lib.attrNames cfg.templates)).check; description = "configured template name"; }); default = [ ]; }; useTemplate = use_template; - recursive = mkOption { + recursive = lib.mkOption { description = '' Whether to recursively snapshot dataset children. You can also set this to `"zfs"` to handle datasets recursively in an atomic way without the possibility to override settings for child datasets. ''; - type = with types; oneOf [ bool (enum [ "zfs" ]) ]; + type = with lib.types; oneOf [ bool (enum [ "zfs" ]) ]; default = false; }; - process_children_only = mkOption { + process_children_only = lib.mkOption { description = "Whether to only snapshot child datasets if recursing."; - type = types.bool; + type = lib.types.bool; default = false; }; processChildrenOnly = process_children_only; }; # Extract unique dataset names - datasets = unique (attrNames cfg.datasets); + datasets = lib.unique (lib.attrNames cfg.datasets); # Function to build "zfs allow" and "zfs unallow" commands for the # filesystems we've delegated permissions to. @@ -88,23 +85,23 @@ let "-+/run/booted-system/sw/bin/zfs" zfsAction "sanoid" - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]; configFile = let mkValueString = v: - if builtins.isList v then concatStringsSep "," v - else generators.mkValueStringDefault { } v; + if builtins.lib.isList v then lib.concatStringsSep "," v + else lib.generators.mkValueStringDefault { } v; mkKeyValue = k: v: if v == null then "" else if k == "processChildrenOnly" then "" else if k == "useTemplate" then "" - else generators.mkKeyValueDefault { inherit mkValueString; } "=" k v; + else lib.generators.mkKeyValueDefault { inherit mkValueString; } "=" k v; in - generators.toINI { inherit mkKeyValue; } cfg.settings; + lib.generators.toINI { inherit mkKeyValue; } cfg.settings; in { @@ -112,12 +109,12 @@ in # Interface options.services.sanoid = { - enable = mkEnableOption "Sanoid ZFS snapshotting service"; + enable = lib.mkEnableOption "Sanoid ZFS snapshotting service"; package = lib.mkPackageOption pkgs "sanoid" {}; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "hourly"; example = "daily"; description = '' @@ -128,19 +125,19 @@ in ''; }; - datasets = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: { + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { freeformType = datasetSettingsType; options = commonOptions // datasetOptions; - config.use_template = modules.mkAliasAndWrapDefsWithPriority id (options.useTemplate or { }); - config.process_children_only = modules.mkAliasAndWrapDefsWithPriority id (options.processChildrenOnly or { }); + config.use_template = lib.modules.mkAliasAndWrapDefsWithPriority lib.id (options.useTemplate or { }); + config.process_children_only = lib.modules.mkAliasAndWrapDefsWithPriority lib.id (options.processChildrenOnly or { }); })); default = { }; description = "Datasets to snapshot."; }; - templates = mkOption { - type = types.attrsOf (types.submodule { + templates = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { freeformType = datasetSettingsType; options = commonOptions; }); @@ -148,8 +145,8 @@ in description = "Templates for datasets."; }; - settings = mkOption { - type = types.attrsOf datasetSettingsType; + settings = lib.mkOption { + type = lib.types.attrsOf datasetSettingsType; description = '' Free-form settings written directly to the config file. See @@ -157,8 +154,8 @@ in ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--verbose" "--readonly" "--debug" ]; description = '' @@ -171,10 +168,10 @@ in # Implementation - config = mkIf cfg.enable { - services.sanoid.settings = mkMerge [ - (mapAttrs' (d: v: nameValuePair ("template_" + d) v) cfg.templates) - (mapAttrs (d: v: v) cfg.datasets) + config = lib.mkIf cfg.enable { + services.sanoid.settings = lib.mkMerge [ + (lib.mapAttrs' (d: v: lib.nameValuePair ("template_" + d) v) cfg.templates) + (lib.mapAttrs (d: v: v) cfg.datasets) ]; systemd.services.sanoid = { @@ -201,5 +198,5 @@ in }; }; - meta.maintainers = with maintainers; [ lopsided98 ]; + meta.maintainers = with lib.maintainers; [ lopsided98 ]; } diff --git a/nixos/modules/services/backup/snapraid.nix b/nixos/modules/services/backup/snapraid.nix index a621c9f62ff79bd..02dabce1881156b 100644 --- a/nixos/modules/services/backup/snapraid.nix +++ b/nixos/modules/services/backup/snapraid.nix @@ -1,18 +1,15 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.snapraid; in { imports = [ # Should have never been on the top-level. - (mkRenamedOptionModule [ "snapraid" ] [ "services" "snapraid" ]) + (lib.mkRenamedOptionModule [ "snapraid" ] [ "services" "snapraid" ]) ]; - options.services.snapraid = with types; { - enable = mkEnableOption "SnapRAID"; - dataDisks = mkOption { + options.services.snapraid = with lib.types; { + enable = lib.mkEnableOption "SnapRAID"; + dataDisks = lib.mkOption { default = { }; example = { d1 = "/mnt/disk1/"; @@ -22,7 +19,7 @@ in description = "SnapRAID data disks."; type = attrsOf str; }; - parityFiles = mkOption { + parityFiles = lib.mkOption { default = [ ]; example = [ "/mnt/diskp/snapraid.parity" @@ -35,7 +32,7 @@ in description = "SnapRAID parity files."; type = listOf str; }; - contentFiles = mkOption { + contentFiles = lib.mkOption { default = [ ]; example = [ "/var/snapraid.content" @@ -45,40 +42,40 @@ in description = "SnapRAID content list files."; type = listOf str; }; - exclude = mkOption { + exclude = lib.mkOption { default = [ ]; example = [ "*.unrecoverable" "/tmp/" "/lost+found/" ]; description = "SnapRAID exclude directives."; type = listOf str; }; - touchBeforeSync = mkOption { + touchBeforeSync = lib.mkOption { default = true; example = false; description = "Whether {command}`snapraid touch` should be run before {command}`snapraid sync`."; type = bool; }; - sync.interval = mkOption { + sync.interval = lib.mkOption { default = "01:00"; example = "daily"; description = "How often to run {command}`snapraid sync`."; type = str; }; scrub = { - interval = mkOption { + interval = lib.mkOption { default = "Mon *-*-* 02:00:00"; example = "weekly"; description = "How often to run {command}`snapraid scrub`."; type = str; }; - plan = mkOption { + plan = lib.mkOption { default = 8; example = 5; description = "Percent of the array that should be checked by {command}`snapraid scrub`."; type = int; }; - olderThan = mkOption { + olderThan = lib.mkOption { default = 10; example = 20; description = @@ -86,7 +83,7 @@ in type = int; }; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; example = '' nohidden @@ -105,7 +102,7 @@ in nParity = builtins.length cfg.parityFiles; mkPrepend = pre: s: pre + s; in - mkIf cfg.enable { + lib.mkIf cfg.enable { assertions = [ { assertion = nParity <= 6; @@ -128,9 +125,9 @@ in prependContent = mkPrepend "content "; prependExclude = mkPrepend "exclude "; in - concatStringsSep "\n" + lib.concatStringsSep "\n" (map prependData - ((mapAttrsToList (name: value: name + " " + value)) dataDisks) + ((lib.mapAttrsToList (name: value: name + " " + value)) dataDisks) ++ zipListsWith (a: b: a + b) ([ "parity " ] ++ map (i: toString i + "-parity ") (range 2 6)) parityFiles ++ map prependContent contentFiles @@ -179,8 +176,8 @@ in let contentDirs = map dirOf contentFiles; in - unique ( - attrValues dataDisks ++ contentDirs + lib.unique ( + lib.attrValues dataDisks ++ contentDirs ); }; unitConfig.After = "snapraid-sync.service"; @@ -227,10 +224,10 @@ in # https://www.snapraid.it/manual#7.1 splitParityFiles = map (s: splitString "," s) parityFiles; in - unique ( - attrValues dataDisks ++ splitParityFiles ++ contentDirs + lib.unique ( + lib.attrValues dataDisks ++ splitParityFiles ++ contentDirs ); - } // optionalAttrs touchBeforeSync { + } // lib.optionalAttrs touchBeforeSync { ExecStartPre = "${pkgs.snapraid}/bin/snapraid touch"; }; }; diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index ec9ccaa46d4282f..7c527b09e9155f5 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.syncoid; # Extract local dasaset names (so no datasets containing "@") - localDatasetName = d: optionals (d != null) ( + localDatasetName = d: lib.optionals (d != null) ( let m = builtins.match "([^/@]+[^@]*)" d; in - optionals (m != null) m + lib.optionals (m != null) m ); # Escape as required by: https://www.freedesktop.org/software/systemd/man/systemd.unit.html @@ -35,7 +32,7 @@ let "/run/booted-system/sw/bin/zfs" "allow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]} ${lib.optionalString ((builtins.dirOf dataset) != ".") '' @@ -44,7 +41,7 @@ let "/run/booted-system/sw/bin/zfs" "allow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) ]} @@ -66,14 +63,14 @@ let "/run/booted-system/sw/bin/zfs" "unallow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]} ${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [ "/run/booted-system/sw/bin/zfs" "unallow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) ])} @@ -85,12 +82,12 @@ in # Interface options.services.syncoid = { - enable = mkEnableOption "Syncoid ZFS synchronization service"; + enable = lib.mkEnableOption "Syncoid ZFS synchronization service"; package = lib.mkPackageOption pkgs "sanoid" {}; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "hourly"; example = "*-*-* *:15:00"; description = '' @@ -101,8 +98,8 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "syncoid"; example = "backup"; description = '' @@ -111,19 +108,19 @@ in option is set to a user other than root. The user will be given the "hold" and "send" privileges on any pool that has datasets being sent and the "create", "mount", "receive", and "rollback" privileges on - any pool that has datasets being received. + lib.any pool that has datasets being received. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "syncoid"; example = "backup"; description = "The group for the service."; }; - sshKey = mkOption { - type = with types; nullOr (coercedTo path toString str); + sshKey = lib.mkOption { + type = with lib.types; nullOr (coercedTo path toString str); default = null; description = '' SSH private key file to use to login to the remote system. Can be @@ -131,8 +128,8 @@ in ''; }; - localSourceAllow = mkOption { - type = types.listOf types.str; + localSourceAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; # Permissions snapshot and destroy are in case --no-sync-snap is not used default = [ "bookmark" "hold" "send" "snapshot" "destroy" "mount" ]; description = '' @@ -143,8 +140,8 @@ in ''; }; - localTargetAllow = mkOption { - type = types.listOf types.str; + localTargetAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]; example = [ "create" "mount" "receive" "rollback" ]; description = '' @@ -158,8 +155,8 @@ in ''; }; - commonArgs = mkOption { - type = types.listOf types.str; + commonArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--no-sync-snap" ]; description = '' @@ -170,19 +167,19 @@ in ''; }; - service = mkOption { - type = types.attrs; + service = lib.mkOption { + type = lib.types.attrs; default = { }; description = '' Systemd configuration common to all syncoid services. ''; }; - commands = mkOption { - type = types.attrsOf (types.submodule ({ name, ... }: { + commands = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { - source = mkOption { - type = types.str; + source = lib.mkOption { + type = lib.types.str; example = "pool/dataset"; description = '' Source ZFS dataset. Can be either local or remote. Defaults to @@ -190,8 +187,8 @@ in ''; }; - target = mkOption { - type = types.str; + target = lib.mkOption { + type = lib.types.str; example = "user@server:pool/dataset"; description = '' Target ZFS dataset. Can be either local @@ -200,18 +197,18 @@ in ''; }; - recursive = mkEnableOption ''the transfer of child datasets''; + recursive = lib.mkEnableOption ''the transfer of child datasets''; - sshKey = mkOption { - type = with types; nullOr (coercedTo path toString str); + sshKey = lib.mkOption { + type = with lib.types; nullOr (coercedTo path toString str); description = '' SSH private key file to use to login to the remote system. Defaults to {option}`services.syncoid.sshKey` option. ''; }; - localSourceAllow = mkOption { - type = types.listOf types.str; + localSourceAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Permissions granted for the {option}`services.syncoid.user` user for local source datasets. See @@ -221,8 +218,8 @@ in ''; }; - localTargetAllow = mkOption { - type = types.listOf types.str; + localTargetAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Permissions granted for the {option}`services.syncoid.user` user for local target datasets. See @@ -234,8 +231,8 @@ in ''; }; - sendOptions = mkOption { - type = types.separatedString " "; + sendOptions = lib.mkOption { + type = lib.types.separatedString " "; default = ""; example = "Lc e"; description = '' @@ -244,8 +241,8 @@ in ''; }; - recvOptions = mkOption { - type = types.separatedString " "; + recvOptions = lib.mkOption { + type = lib.types.separatedString " "; default = ""; example = "ux recordsize o compression=lz4"; description = '' @@ -254,38 +251,38 @@ in ''; }; - useCommonArgs = mkOption { - type = types.bool; + useCommonArgs = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to add the configured common arguments to this command. ''; }; - service = mkOption { - type = types.attrs; + service = lib.mkOption { + type = lib.types.attrs; default = { }; description = '' Systemd configuration specific to this syncoid service. ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--sshport 2222" ]; description = "Extra syncoid arguments for this command."; }; }; config = { - source = mkDefault name; - sshKey = mkDefault cfg.sshKey; - localSourceAllow = mkDefault cfg.localSourceAllow; - localTargetAllow = mkDefault cfg.localTargetAllow; + source = lib.mkDefault name; + sshKey = lib.mkDefault cfg.sshKey; + localSourceAllow = lib.mkDefault cfg.localSourceAllow; + localTargetAllow = lib.mkDefault cfg.localTargetAllow; }; })); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "pool/test".target = "root@target:pool/test"; } @@ -296,9 +293,9 @@ in # Implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users = { - users = mkIf (cfg.user == "syncoid") { + users = lib.mkIf (cfg.user == "syncoid") { syncoid = { group = cfg.group; isSystemUser = true; @@ -308,14 +305,14 @@ in createHome = false; }; }; - groups = mkIf (cfg.group == "syncoid") { + groups = lib.mkIf (cfg.group == "syncoid") { syncoid = { }; }; }; - systemd.services = mapAttrs' + systemd.services = lib.mapAttrs' (name: c: - nameValuePair "syncoid-${escapeUnitName name}" (mkMerge [ + lib.nameValuePair "syncoid-${lib.escapeUnitName name}" (lib.mkMerge [ { description = "Syncoid ZFS synchronization from ${c.source} to ${c.target}"; after = [ "zfs.target" ]; @@ -330,9 +327,9 @@ in (map (buildUnallowCommand c.localSourceAllow) (localDatasetName c.source)) ++ (map (buildUnallowCommand c.localTargetAllow) (localDatasetName c.target)); ExecStart = lib.escapeShellArgs ([ "${cfg.package}/bin/syncoid" ] - ++ optionals c.useCommonArgs cfg.commonArgs - ++ optional c.recursive "-r" - ++ optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] + ++ lib.optionals c.useCommonArgs cfg.commonArgs + ++ lib.optional c.recursive "-r" + ++ lib.optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] ++ c.extraArgs ++ [ "--sendoptions" @@ -364,7 +361,7 @@ in NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; - PrivateNetwork = mkDefault false; + PrivateNetwork = lib.mkDefault false; PrivateUsers = false; # Enabling this breaks on zfs-2.2.0 ProtectClock = true; ProtectControlGroups = true; @@ -379,15 +376,15 @@ in RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; - RootDirectory = "/run/syncoid/${escapeUnitName name}"; + RootDirectory = "/run/syncoid/${lib.escapeUnitName name}"; RootDirectoryStartOnly = true; BindPaths = [ "/dev/zfs" ]; BindReadOnlyPaths = [ builtins.storeDir "/etc" "/run" "/bin/sh" ]; # Avoid useless mounting of RootDirectory= in the own RootDirectory= of ExecStart='s mount namespace. - InaccessiblePaths = [ "-+/run/syncoid/${escapeUnitName name}" ]; + InaccessiblePaths = [ "-+/run/syncoid/${lib.escapeUnitName name}" ]; MountAPIVFS = true; # Create RootDirectory= in the host's mount namespace. - RuntimeDirectory = [ "syncoid/${escapeUnitName name}" ]; + RuntimeDirectory = [ "syncoid/${lib.escapeUnitName name}" ]; RuntimeDirectoryMode = "700"; SystemCallFilter = [ "@system-service" @@ -416,5 +413,5 @@ in cfg.commands; }; - meta.maintainers = with maintainers; [ julm lopsided98 ]; + meta.maintainers = with lib.maintainers; [ julm lopsided98 ]; } diff --git a/nixos/modules/services/backup/tarsnap.nix b/nixos/modules/services/backup/tarsnap.nix index b8f848451d40b09..ef531a0707c5129 100644 --- a/nixos/modules/services/backup/tarsnap.nix +++ b/nixos/modules/services/backup/tarsnap.nix @@ -1,41 +1,38 @@ { config, lib, options, pkgs, utils, ... }: - -with lib; - let gcfg = config.services.tarsnap; opt = options.services.tarsnap; configFile = name: cfg: '' keyfile ${cfg.keyfile} - ${optionalString (cfg.cachedir != null) "cachedir ${cfg.cachedir}"} - ${optionalString cfg.nodump "nodump"} - ${optionalString cfg.printStats "print-stats"} - ${optionalString cfg.printStats "humanize-numbers"} - ${optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)} - ${optionalString cfg.aggressiveNetworking "aggressive-networking"} - ${concatStringsSep "\n" (map (v: "exclude ${v}") cfg.excludes)} - ${concatStringsSep "\n" (map (v: "include ${v}") cfg.includes)} - ${optionalString cfg.lowmem "lowmem"} - ${optionalString cfg.verylowmem "verylowmem"} - ${optionalString (cfg.maxbw != null) "maxbw ${toString cfg.maxbw}"} - ${optionalString (cfg.maxbwRateUp != null) "maxbw-rate-up ${toString cfg.maxbwRateUp}"} - ${optionalString (cfg.maxbwRateDown != null) "maxbw-rate-down ${toString cfg.maxbwRateDown}"} + ${lib.optionalString (cfg.cachedir != null) "cachedir ${cfg.cachedir}"} + ${lib.optionalString cfg.nodump "nodump"} + ${lib.optionalString cfg.printStats "print-stats"} + ${lib.optionalString cfg.printStats "humanize-numbers"} + ${lib.optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)} + ${lib.optionalString cfg.aggressiveNetworking "aggressive-networking"} + ${lib.concatStringsSep "\n" (map (v: "exclude ${v}") cfg.excludes)} + ${lib.concatStringsSep "\n" (map (v: "include ${v}") cfg.includes)} + ${lib.optionalString cfg.lowmem "lowmem"} + ${lib.optionalString cfg.verylowmem "verylowmem"} + ${lib.optionalString (cfg.maxbw != null) "maxbw ${toString cfg.maxbw}"} + ${lib.optionalString (cfg.maxbwRateUp != null) "maxbw-rate-up ${toString cfg.maxbwRateUp}"} + ${lib.optionalString (cfg.maxbwRateDown != null) "maxbw-rate-down ${toString cfg.maxbwRateDown}"} ''; in { imports = [ - (mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") + (lib.mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") ]; options = { services.tarsnap = { - enable = mkEnableOption "periodic tarsnap backups"; + enable = lib.mkEnableOption "periodic tarsnap backups"; - package = mkPackageOption pkgs "tarsnap" { }; + package = lib.mkPackageOption pkgs "tarsnap" { }; - keyfile = mkOption { - type = types.str; + keyfile = lib.mkOption { + type = lib.types.str; default = "/root/tarsnap.key"; description = '' The keyfile which associates this machine with your tarsnap @@ -61,14 +58,14 @@ in ''; }; - archives = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: + archives = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { options = { - keyfile = mkOption { - type = types.str; + keyfile = lib.mkOption { + type = lib.types.str; default = gcfg.keyfile; - defaultText = literalExpression "config.${opt.keyfile}"; + defaultText = lib.literalExpression "config.${opt.keyfile}"; description = '' Set a specific keyfile for this archive. This defaults to `"/root/tarsnap.key"` if left unspecified. @@ -88,10 +85,10 @@ in ''; }; - cachedir = mkOption { - type = types.nullOr types.path; - default = "/var/cache/tarsnap/${utils.escapeSystemdPath config.keyfile}"; - defaultText = literalExpression '' + cachedir = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = "/var/cache/tarsnap/${utils.lib.escapeSystemdPath config.keyfile}"; + defaultText = lib.literalExpression '' "/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}" ''; description = '' @@ -106,16 +103,16 @@ in ''; }; - nodump = mkOption { - type = types.bool; + nodump = lib.mkOption { + type = lib.types.bool; default = true; description = '' Exclude files with the `nodump` flag. ''; }; - printStats = mkOption { - type = types.bool; + printStats = lib.mkOption { + type = lib.types.bool; default = true; description = '' Print global archive statistics upon completion. @@ -124,8 +121,8 @@ in ''; }; - checkpointBytes = mkOption { - type = types.nullOr types.str; + checkpointBytes = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = "1GB"; description = '' Create a checkpoint every `checkpointBytes` @@ -138,8 +135,8 @@ in ''; }; - period = mkOption { - type = types.str; + period = lib.mkOption { + type = lib.types.str; default = "01:15"; example = "hourly"; description = '' @@ -150,8 +147,8 @@ in ''; }; - aggressiveNetworking = mkOption { - type = types.bool; + aggressiveNetworking = lib.mkOption { + type = lib.types.bool; default = false; description = '' Upload data over multiple TCP connections, potentially @@ -162,22 +159,22 @@ in ''; }; - directories = mkOption { - type = types.listOf types.path; + directories = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = "List of filesystem paths to archive."; }; - excludes = mkOption { - type = types.listOf types.str; + excludes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Exclude files and directories matching these patterns. ''; }; - includes = mkOption { - type = types.listOf types.str; + includes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Include only files and directories matching these @@ -187,8 +184,8 @@ in ''; }; - lowmem = mkOption { - type = types.bool; + lowmem = lib.mkOption { + type = lib.types.bool; default = false; description = '' Reduce memory consumption by not caching small files. @@ -198,8 +195,8 @@ in ''; }; - verylowmem = mkOption { - type = types.bool; + verylowmem = lib.mkOption { + type = lib.types.bool; default = false; description = '' Reduce memory consumption by a factor of 2 beyond what @@ -208,8 +205,8 @@ in ''; }; - maxbw = mkOption { - type = types.nullOr types.int; + maxbw = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' Abort archival if upstream bandwidth usage in bytes @@ -217,40 +214,40 @@ in ''; }; - maxbwRateUp = mkOption { - type = types.nullOr types.int; + maxbwRateUp = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; - example = literalExpression "25 * 1000"; + example = lib.literalExpression "25 * 1000"; description = '' Upload bandwidth rate limit in bytes. ''; }; - maxbwRateDown = mkOption { - type = types.nullOr types.int; + maxbwRateDown = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; - example = literalExpression "50 * 1000"; + example = lib.literalExpression "50 * 1000"; description = '' Download bandwidth rate limit in bytes. ''; }; - verbose = mkOption { - type = types.bool; + verbose = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to produce verbose logging output. ''; }; - explicitSymlinks = mkOption { - type = types.bool; + explicitSymlinks = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to follow symlinks specified as archives. ''; }; - followSymlinks = mkOption { - type = types.bool; + followSymlinks = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to follow all symlinks in archive trees. @@ -262,7 +259,7 @@ in default = {}; - example = literalExpression '' + example = lib.literalExpression '' { nixos = { directories = [ "/home" "/root/ssl" ]; @@ -292,19 +289,19 @@ in }; }; - config = mkIf gcfg.enable { + config = lib.mkIf gcfg.enable { assertions = - (mapAttrsToList (name: cfg: + (lib.mapAttrsToList (name: cfg: { assertion = cfg.directories != []; message = "Must specify paths for tarsnap to back up"; }) gcfg.archives) ++ - (mapAttrsToList (name: cfg: + (lib.mapAttrsToList (name: cfg: { assertion = !(cfg.lowmem && cfg.verylowmem); message = "You cannot set both lowmem and verylowmem"; }) gcfg.archives); systemd.services = - (mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" { + (lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-${name}" { description = "Tarsnap archive '${name}'"; requires = [ "network-online.target" ]; after = [ "network-online.target" ]; @@ -322,11 +319,11 @@ in script = let tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; run = ''${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \ - ${optionalString cfg.verbose "-v"} \ - ${optionalString cfg.explicitSymlinks "-H"} \ - ${optionalString cfg.followSymlinks "-L"} \ - ${concatStringsSep " " cfg.directories}''; - cachedir = escapeShellArg cfg.cachedir; + ${lib.optionalString cfg.verbose "-v"} \ + ${lib.optionalString cfg.explicitSymlinks "-H"} \ + ${lib.optionalString cfg.followSymlinks "-L"} \ + ${lib.concatStringsSep " " cfg.directories}''; + cachedir = lib.escapeShellArg cfg.cachedir; in if (cfg.cachedir != null) then '' mkdir -p ${cachedir} chmod 0700 ${cachedir} @@ -353,7 +350,7 @@ in }; }) gcfg.archives) // - (mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{ + (lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-restore-${name}"{ description = "Tarsnap restore '${name}'"; requires = [ "network-online.target" ]; @@ -362,8 +359,8 @@ in script = let tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; lastArchive = "$(${tarsnap} --list-archives | sort | tail -1)"; - run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}''; - cachedir = escapeShellArg cfg.cachedir; + run = ''${tarsnap} -x -f "${lastArchive}" ${lib.optionalString cfg.verbose "-v"}''; + cachedir = lib.escapeShellArg cfg.cachedir; in if (cfg.cachedir != null) then '' mkdir -p ${cachedir} @@ -393,14 +390,14 @@ in # Note: the timer must be Persistent=true, so that systemd will start it even # if e.g. your laptop was asleep while the latest interval occurred. - systemd.timers = mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" + systemd.timers = lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-${name}" { timerConfig.OnCalendar = cfg.period; timerConfig.Persistent = "true"; wantedBy = [ "timers.target" ]; }) gcfg.archives; environment.etc = - mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf" + lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap/${name}.conf" { text = configFile name cfg; }) gcfg.archives; diff --git a/nixos/modules/services/backup/zfs-replication.nix b/nixos/modules/services/backup/zfs-replication.nix index c89d6fb8ad60b42..5aefaa35df5091b 100644 --- a/nixos/modules/services/backup/zfs-replication.nix +++ b/nixos/modules/services/backup/zfs-replication.nix @@ -1,56 +1,53 @@ { lib, pkgs, config, ... }: - -with lib; - let cfg = config.services.zfs.autoReplication; - recursive = optionalString cfg.recursive " --recursive"; - followDelete = optionalString cfg.followDelete " --follow-delete"; + recursive = lib.optionalString cfg.recursive " --recursive"; + followDelete = lib.optionalString cfg.followDelete " --follow-delete"; in { options = { services.zfs.autoReplication = { - enable = mkEnableOption "ZFS snapshot replication"; + enable = lib.mkEnableOption "ZFS snapshot replication"; - followDelete = mkOption { + followDelete = lib.mkOption { description = "Remove remote snapshots that don't have a local correspondent."; default = true; - type = types.bool; + type = lib.types.bool; }; - host = mkOption { + host = lib.mkOption { description = "Remote host where snapshots should be sent. `lz4` is expected to be installed on this host."; example = "example.com"; - type = types.str; + type = lib.types.str; }; - identityFilePath = mkOption { + identityFilePath = lib.mkOption { description = "Path to SSH key used to login to host."; example = "/home/username/.ssh/id_rsa"; - type = types.path; + type = lib.types.path; }; - localFilesystem = mkOption { + localFilesystem = lib.mkOption { description = "Local ZFS filesystem from which snapshots should be sent. Defaults to the attribute name."; example = "pool/file/path"; - type = types.str; + type = lib.types.str; }; - remoteFilesystem = mkOption { + remoteFilesystem = lib.mkOption { description = "Remote ZFS filesystem where snapshots should be sent."; example = "pool/file/path"; - type = types.str; + type = lib.types.str; }; - recursive = mkOption { + recursive = lib.mkOption { description = "Recursively discover snapshots to send."; default = true; - type = types.bool; + type = lib.types.bool; }; - username = mkOption { + username = lib.mkOption { description = "Username used by SSH to login to remote host."; example = "username"; - type = types.str; + type = lib.types.str; }; }; }; @@ -73,7 +70,7 @@ in { "https://github.com/alunduil/zfs-replicate" ]; restartIfChanged = false; - serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${escapeShellArg cfg.username} -i ${escapeShellArg cfg.identityFilePath}${followDelete} ${escapeShellArg cfg.host} ${escapeShellArg cfg.remoteFilesystem} ${escapeShellArg cfg.localFilesystem}"; + serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${lib.escapeShellArg cfg.username} -i ${lib.escapeShellArg cfg.identityFilePath}${followDelete} ${lib.escapeShellArg cfg.host} ${lib.escapeShellArg cfg.remoteFilesystem} ${lib.escapeShellArg cfg.localFilesystem}"; wantedBy = [ "zfs-snapshot-daily.service" "zfs-snapshot-frequent.service" diff --git a/nixos/modules/services/backup/zrepl.nix b/nixos/modules/services/backup/zrepl.nix index a0e9a0da7e49382..d46823adbadbdc2 100644 --- a/nixos/modules/services/backup/zrepl.nix +++ b/nixos/modules/services/backup/zrepl.nix @@ -1,27 +1,25 @@ { config, pkgs, lib, ... }: - -with lib; let cfg = config.services.zrepl; format = pkgs.formats.yaml { }; configFile = format.generate "zrepl.yml" cfg.settings; in { - meta.maintainers = with maintainers; [ cole-h ]; + meta.maintainers = with lib.maintainers; [ cole-h ]; options = { services.zrepl = { - enable = mkEnableOption "zrepl"; + enable = lib.mkEnableOption "zrepl"; - package = mkPackageOption pkgs "zrepl" { }; + package = lib.mkPackageOption pkgs "zrepl" { }; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' Configuration for zrepl. See for more information. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; }; @@ -30,7 +28,7 @@ in ### Implementation ### - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; # zrepl looks for its config in this location by default. This diff --git a/nixos/modules/services/blockchain/ethereum/erigon.nix b/nixos/modules/services/blockchain/ethereum/erigon.nix index 24705b3433df48a..5ac952339151970 100644 --- a/nixos/modules/services/blockchain/ethereum/erigon.nix +++ b/nixos/modules/services/blockchain/ethereum/erigon.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.erigon; @@ -11,18 +9,18 @@ in { options = { services.erigon = { - enable = mkEnableOption "Ethereum implementation on the efficiency frontier"; + enable = lib.mkEnableOption "Ethereum implementation on the efficiency frontier"; - package = mkPackageOption pkgs "erigon" { }; + package = lib.mkPackageOption pkgs "erigon" { }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Additional arguments passed to Erigon"; default = [ ]; }; - secretJwtPath = mkOption { - type = types.path; + secretJwtPath = lib.mkOption { + type = lib.types.path; description = '' Path to the secret jwt used for the http api authentication. ''; @@ -30,7 +28,7 @@ in { example = "config.age.secrets.ERIGON_JWT.path"; }; - settings = mkOption { + settings = lib.mkOption { description = '' Configuration for Erigon Refer to for details on supported values. @@ -52,7 +50,7 @@ in { "log.console.verbosity" = 3; # info }; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' { datadir = "/var/lib/erigon"; chain = "mainnet"; @@ -71,20 +69,20 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Default values are the same as in the binary, they are just written here for convenience. services.erigon.settings = { - datadir = mkDefault "/var/lib/erigon"; - chain = mkDefault "mainnet"; - http = mkDefault true; - "http.port" = mkDefault 8545; - "http.api" = mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; - ws = mkDefault true; - port = mkDefault 30303; - "authrpc.port" = mkDefault 8551; - "torrent.port" = mkDefault 42069; - "private.api.addr" = mkDefault "localhost:9090"; - "log.console.verbosity" = mkDefault 3; # info + datadir = lib.mkDefault "/var/lib/erigon"; + chain = lib.mkDefault "mainnet"; + http = lib.mkDefault true; + "http.port" = lib.mkDefault 8545; + "http.api" = lib.mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; + ws = lib.mkDefault true; + port = lib.mkDefault 30303; + "authrpc.port" = lib.mkDefault 8551; + "torrent.port" = lib.mkDefault 42069; + "private.api.addr" = lib.mkDefault "localhost:9090"; + "log.console.verbosity" = lib.mkDefault 3; # info }; systemd.services.erigon = { diff --git a/nixos/modules/services/blockchain/ethereum/geth.nix b/nixos/modules/services/blockchain/ethereum/geth.nix index f2a7e080ada19c6..adf9fc1db32a84e 100644 --- a/nixos/modules/services/blockchain/ethereum/geth.nix +++ b/nixos/modules/services/blockchain/ethereum/geth.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let eachGeth = config.services.geth; @@ -11,28 +8,28 @@ let enable = lib.mkEnableOption "Go Ethereum Node"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 30303; description = "Port number Go Ethereum will be listening on, both TCP and UDP."; }; http = { enable = lib.mkEnableOption "Go Ethereum HTTP API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum HTTP API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8545; description = "Port number of Go Ethereum HTTP API."; }; - apis = mkOption { - type = types.nullOr (types.listOf types.str); + apis = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = "APIs to enable over WebSocket"; example = ["net" "eth"]; @@ -41,20 +38,20 @@ let websocket = { enable = lib.mkEnableOption "Go Ethereum WebSocket API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum WebSocket API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8546; description = "Port number of Go Ethereum WebSocket API."; }; - apis = mkOption { - type = types.nullOr (types.listOf types.str); + apis = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = "APIs to enable over WebSocket"; example = ["net" "eth"]; @@ -63,27 +60,27 @@ let authrpc = { enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum Auth RPC API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8551; description = "Port number of Go Ethereum Auth RPC API."; }; - vhosts = mkOption { - type = types.nullOr (types.listOf types.str); + vhosts = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = ["localhost"]; description = "List of virtual hostnames from which to accept requests."; example = ["localhost" "geth.example.org"]; }; - jwtsecret = mkOption { - type = types.str; + jwtsecret = lib.mkOption { + type = lib.types.str; default = ""; description = "Path to a JWT secret for authenticated RPC endpoint."; example = "/var/run/geth/jwtsecret"; @@ -92,50 +89,50 @@ let metrics = { enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum metrics service."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 6060; description = "Port number of Go Ethereum metrics service."; }; }; - network = mkOption { - type = types.nullOr (types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); + network = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); default = null; description = "The network to connect to. Mainnet (null) is the default ethereum network."; }; - syncmode = mkOption { - type = types.enum [ "snap" "fast" "full" "light" ]; + syncmode = lib.mkOption { + type = lib.types.enum [ "snap" "fast" "full" "light" ]; default = "snap"; description = "Blockchain sync mode."; }; - gcmode = mkOption { - type = types.enum [ "full" "archive" ]; + gcmode = lib.mkOption { + type = lib.types.enum [ "full" "archive" ]; default = "full"; description = "Blockchain garbage collection mode."; }; - maxpeers = mkOption { - type = types.int; + maxpeers = lib.mkOption { + type = lib.types.int; default = 50; description = "Maximum peers to connect to."; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Additional arguments passed to Go Ethereum."; default = []; }; - package = mkPackageOption pkgs [ "go-ethereum" "geth" ] { }; + package = lib.mkPackageOption pkgs [ "go-ethereum" "geth" ] { }; }; }; in @@ -145,8 +142,8 @@ in ###### interface options = { - services.geth = mkOption { - type = types.attrsOf (types.submodule gethOpts); + services.geth = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule gethOpts); default = {}; description = "Specification of one or more geth instances."; }; @@ -154,17 +151,17 @@ in ###### implementation - config = mkIf (eachGeth != {}) { + config = lib.mkIf (eachGeth != {}) { - environment.systemPackages = flatten (mapAttrsToList (gethName: cfg: [ + environment.systemPackages = lib.flatten (lib.mapAttrsToList (gethName: cfg: [ cfg.package ]) eachGeth); - systemd.services = mapAttrs' (gethName: cfg: let + systemd.services = lib.mapAttrs' (gethName: cfg: let stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; dataDir = "/var/lib/${stateDir}"; in ( - nameValuePair "geth-${gethName}" (mkIf cfg.enable { + lib.nameValuePair "geth-${gethName}" (lib.mkIf cfg.enable { description = "Go Ethereum node (${gethName})"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -186,16 +183,16 @@ in ${cfg.package}/bin/geth \ --nousb \ --ipcdisable \ - ${optionalString (cfg.network != null) ''--${cfg.network}''} \ + ${lib.optionalString (cfg.network != null) ''--${cfg.network}''} \ --syncmode ${cfg.syncmode} \ --gcmode ${cfg.gcmode} \ --port ${toString cfg.port} \ --maxpeers ${toString cfg.maxpeers} \ - ${optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \ - ${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ - ${optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \ - ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ - ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ + ${lib.optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \ + ${lib.optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ + ${lib.optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \ + ${lib.optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ + ${lib.optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ ${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \ ${lib.escapeShellArgs cfg.extraArgs} \ diff --git a/nixos/modules/services/blockchain/ethereum/lighthouse.nix b/nixos/modules/services/blockchain/ethereum/lighthouse.nix index a5ace1a9450f337..66a762763cb8c79 100644 --- a/nixos/modules/services/blockchain/ethereum/lighthouse.nix +++ b/nixos/modules/services/blockchain/ethereum/lighthouse.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.lighthouse; @@ -8,47 +6,47 @@ in { options = { services.lighthouse = { - beacon = mkOption { + beacon = lib.mkOption { description = "Beacon node"; default = {}; - type = types.submodule { + type = lib.types.submodule { options = { enable = lib.mkEnableOption "Lightouse Beacon node"; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/lighthouse-beacon"; description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "0.0.0.0"; description = '' Listen address of Beacon node. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 9000; description = '' Port number the Beacon node will be listening on. ''; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open the port in the firewall ''; }; - disableDepositContractSync = mkOption { - type = types.bool; + disableDepositContractSync = lib.mkOption { + type = lib.types.bool; default = false; description = '' Explicitly disables syncing of deposit logs from the execution node. @@ -58,24 +56,24 @@ in { }; execution = { - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address for the execution layer. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8551; description = '' Port number the Beacon node will be listening on for the execution layer. ''; }; - jwtPath = mkOption { - type = types.str; + jwtPath = lib.mkOption { + type = lib.types.str; default = ""; description = '' Path for the jwt secret required to connect to the execution layer. @@ -85,16 +83,16 @@ in { http = { enable = lib.mkEnableOption "Beacon node http api"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5052; description = '' Port number of Beacon node RPC service. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Beacon node RPC service. @@ -104,16 +102,16 @@ in { metrics = { enable = lib.mkEnableOption "Beacon node prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Beacon node metrics service. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5054; description = '' Port number of Beacon node metrics service. @@ -121,8 +119,8 @@ in { }; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to the lighthouse beacon command. ''; @@ -133,27 +131,27 @@ in { }; }; - validator = mkOption { + validator = lib.mkOption { description = "Validator node"; default = {}; - type = types.submodule { + type = lib.types.submodule { options = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable Lightouse Validator node."; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/lighthouse-validator"; description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; - beaconNodes = mkOption { - type = types.listOf types.str; + beaconNodes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = ["http://localhost:5052"]; description = '' Beacon nodes to connect to. @@ -162,16 +160,16 @@ in { metrics = { enable = lib.mkEnableOption "Validator node prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Validator node metrics service. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5056; description = '' Port number of Validator node metrics service. @@ -179,8 +177,8 @@ in { }; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to the lighthouse validator command. ''; @@ -191,16 +189,16 @@ in { }; }; - network = mkOption { - type = types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; + network = lib.mkOption { + type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. ''; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to every lighthouse command. ''; @@ -210,17 +208,17 @@ in { }; }; - config = mkIf (cfg.beacon.enable || cfg.validator.enable) { + config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ pkgs.lighthouse ] ; - networking.firewall = mkIf cfg.beacon.enable { - allowedTCPPorts = mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; - allowedUDPPorts = mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; + networking.firewall = lib.mkIf cfg.beacon.enable { + allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; + allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; - systemd.services.lighthouse-beacon = mkIf cfg.beacon.enable { + systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -268,7 +266,7 @@ in { }; }; - systemd.services.lighthouse-validator = mkIf cfg.validator.enable { + systemd.services.lighthouse-validator = lib.mkIf cfg.validator.enable { description = "Lighthouse validtor node (manages validators, using data obtained from the beacon node via a HTTP API)"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -281,7 +279,7 @@ in { --network ${cfg.network} \ --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \ --datadir ${cfg.validator.dataDir}/${cfg.network} \ - ${optionalString cfg.validator.metrics.enable ''--metrics --metrics-address ${cfg.validator.metrics.address} --metrics-port ${toString cfg.validator.metrics.port}''} \ + ${lib.optionalString cfg.validator.metrics.enable ''--metrics --metrics-address ${cfg.validator.metrics.address} --metrics-port ${toString cfg.validator.metrics.port}''} \ ${cfg.extraArgs} ${cfg.validator.extraArgs} ''; diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix index 83dfe2067147079..0bb40b5c9dbd672 100644 --- a/nixos/modules/services/cluster/k3s/default.nix +++ b/nixos/modules/services/cluster/k3s/default.nix @@ -4,8 +4,6 @@ pkgs, ... }: - -with lib; let cfg = config.services.k3s; removeOption = @@ -98,7 +96,7 @@ let } ); - enabledManifests = with builtins; filter (m: m.enable) (attrValues cfg.manifests); + enabledManifests = with builtins; lib.filter (m: m.enable) (lib.attrValues cfg.manifests); linkManifestEntry = m: "${pkgs.coreutils-full}/bin/ln -sfn ${m.source} ${manifestDir}/${m.target}"; linkImageEntry = image: "${pkgs.coreutils-full}/bin/ln -sfn ${image} ${imageDir}/${image.name}"; linkChartEntry = @@ -132,11 +130,11 @@ in # interface options.services.k3s = { - enable = mkEnableOption "k3s"; + enable = lib.mkEnableOption "k3s"; - package = mkPackageOption pkgs "k3s" { }; + package = lib.mkPackageOption pkgs "k3s" { }; - role = mkOption { + role = lib.mkOption { description = '' Whether k3s should run as a server or agent. @@ -152,14 +150,14 @@ in - `serverAddr` is required. ''; default = "server"; - type = types.enum [ + type = lib.types.enum [ "server" "agent" ]; }; - serverAddr = mkOption { - type = types.str; + serverAddr = lib.mkOption { + type = lib.types.str; description = '' The k3s server to connect to. @@ -171,8 +169,8 @@ in default = ""; }; - clusterInit = mkOption { - type = types.bool; + clusterInit = lib.mkOption { + type = lib.types.bool; default = false; description = '' Initialize HA cluster using an embedded etcd datastore. @@ -193,8 +191,8 @@ in ''; }; - token = mkOption { - type = types.str; + token = lib.mkOption { + type = lib.types.str; description = '' The k3s token to use when connecting to a server. @@ -204,15 +202,15 @@ in default = ""; }; - tokenFile = mkOption { - type = types.nullOr types.path; + tokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing k3s token to use when connecting to the server."; default = null; }; - extraFlags = mkOption { + extraFlags = lib.mkOption { description = "Extra flags to pass to the k3s command."; - type = with types; either str (listOf str); + type = with lib.types; either str (listOf str); default = [ ]; example = [ "--no-deploy traefik" @@ -220,28 +218,28 @@ in ]; }; - disableAgent = mkOption { - type = types.bool; + disableAgent = lib.mkOption { + type = lib.types.bool; default = false; description = "Only run the server. This option only makes sense for a server."; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = '' File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5). ''; default = null; }; - configPath = mkOption { - type = types.nullOr types.path; + configPath = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot)."; }; - manifests = mkOption { - type = types.attrsOf manifestModule; + manifests = lib.mkOption { + type = lib.types.attrsOf manifestModule; default = { }; example = lib.literalExpression '' deployment.source = ../manifests/deployment.yaml; @@ -328,8 +326,8 @@ in ''; }; - charts = mkOption { - type = with types; attrsOf (either path package); + charts = lib.mkOption { + type = with lib.types; attrsOf (either path package); default = { }; example = lib.literalExpression '' nginx = ../charts/my-nginx-chart.tgz; @@ -346,8 +344,8 @@ in ''; }; - containerdConfigTemplate = mkOption { - type = types.nullOr types.str; + containerdConfigTemplate = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = lib.literalExpression '' # Base K3s config @@ -366,8 +364,8 @@ in ''; }; - images = mkOption { - type = with types; listOf package; + images = lib.mkOption { + type = with lib.types; listOf package; default = [ ]; example = lib.literalExpression '' [ @@ -440,7 +438,7 @@ in # implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { warnings = (lib.optional (cfg.role != "server" && cfg.manifests != { }) "k3s: Auto deploying manifests are only installed on server nodes (role == server), they will be ignored by this node." @@ -500,7 +498,7 @@ in "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - path = optional config.boot.zfs.enabled config.boot.zfs.package; + path = lib.optional config.boot.zfs.enabled config.boot.zfs.package; serviceConfig = { # See: https://github.com/rancher/k3s/blob/dddbd16305284ae4bd14c0aade892412310d7edc/install.sh#L197 Type = if cfg.role == "agent" then "exec" else "notify"; @@ -514,15 +512,15 @@ in TasksMax = "infinity"; EnvironmentFile = cfg.environmentFile; ExecStartPre = activateK3sContent; - ExecStart = concatStringsSep " \\\n " ( + ExecStart = lib.concatStringsSep " \\\n " ( [ "${cfg.package}/bin/k3s ${cfg.role}" ] - ++ (optional cfg.clusterInit "--cluster-init") - ++ (optional cfg.disableAgent "--disable-agent") - ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") - ++ (optional (cfg.token != "") "--token ${cfg.token}") - ++ (optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}") - ++ (optional (cfg.configPath != null) "--config ${cfg.configPath}") - ++ (optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}") + ++ (lib.optional cfg.clusterInit "--cluster-init") + ++ (lib.optional cfg.disableAgent "--disable-agent") + ++ (lib.optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") + ++ (lib.optional (cfg.token != "") "--token ${cfg.token}") + ++ (lib.optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}") + ++ (lib.optional (cfg.configPath != null) "--config ${cfg.configPath}") + ++ (lib.optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}") ++ (lib.flatten cfg.extraFlags) ); }; diff --git a/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixos/modules/services/cluster/kubernetes/addons/dns.nix index f18003527064107..e5a3b00617e5036 100644 --- a/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -1,7 +1,4 @@ { config, options, pkgs, lib, ... }: - -with lib; - let version = "1.10.1"; cfg = config.services.kubernetes.addons.dns; @@ -12,37 +9,37 @@ let }; in { options.services.kubernetes.addons.dns = { - enable = mkEnableOption "kubernetes dns addon"; + enable = lib.mkEnableOption "kubernetes dns addon"; - clusterIp = mkOption { + clusterIp = lib.mkOption { description = "Dns addon clusterIP"; # this default is also what kubernetes users default = ( - concatStringsSep "." ( - take 3 (splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange + lib.concatStringsSep "." ( + lib.take 3 (lib.splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange )) ) + ".254"; - defaultText = literalMD '' + defaultText = lib.literalMD '' The `x.y.z.254` IP of `config.${options.services.kubernetes.apiserver.serviceClusterIpRange}`. ''; - type = types.str; + type = lib.types.str; }; - clusterDomain = mkOption { + clusterDomain = lib.mkOption { description = "Dns cluster domain"; default = "cluster.local"; - type = types.str; + type = lib.types.str; }; - replicas = mkOption { + replicas = lib.mkOption { description = "Number of DNS pod replicas to deploy in the cluster."; default = 2; - type = types.int; + type = lib.types.int; }; - reconcileMode = mkOption { + reconcileMode = lib.mkOption { description = '' Controls the addon manager reconciliation mode for the DNS addon. @@ -51,12 +48,12 @@ in { See: . ''; default = "Reconcile"; - type = types.enum [ "Reconcile" "EnsureExists" ]; + type = lib.types.enum [ "Reconcile" "EnsureExists" ]; }; - coredns = mkOption { + coredns = lib.mkOption { description = "Docker image to seed for the CoreDNS container."; - type = types.attrs; + type = lib.types.attrs; default = { imageName = "coredns/coredns"; imageDigest = "sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e"; @@ -65,13 +62,13 @@ in { }; }; - corefile = mkOption { + corefile = lib.mkOption { description = '' Custom coredns corefile configuration. See: . ''; - type = types.str; + type = lib.types.str; default = '' .:${toString ports.dns} { errors @@ -87,7 +84,7 @@ in { reload loadbalance }''; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' ''' .:${toString ports.dns} { errors @@ -108,9 +105,9 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.kubernetes.kubelet.seedDockerImages = - singleton (pkgs.dockerTools.pullImage cfg.coredns); + lib.singleton (pkgs.dockerTools.pullImage cfg.coredns); services.kubernetes.addonManager.bootstrapAddons = { coredns-cr = { @@ -366,7 +363,7 @@ in { }; }; - services.kubernetes.kubelet.clusterDns = mkDefault cfg.clusterIp; + services.kubernetes.kubelet.clusterDns = lib.mkDefault cfg.clusterIp; }; meta.buildDocsInSandbox = false; diff --git a/nixos/modules/services/cluster/pacemaker/default.nix b/nixos/modules/services/cluster/pacemaker/default.nix index 005a952e80254da..92cd9311eb7d550 100644 --- a/nixos/modules/services/cluster/pacemaker/default.nix +++ b/nixos/modules/services/cluster/pacemaker/default.nix @@ -1,19 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.pacemaker; in { # interface options.services.pacemaker = { - enable = mkEnableOption "pacemaker"; + enable = lib.mkEnableOption "pacemaker"; - package = mkPackageOption pkgs "pacemaker" { }; + package = lib.mkPackageOption pkgs "pacemaker" { }; }; # implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = config.services.corosync.enable; message = '' diff --git a/nixos/modules/services/cluster/patroni/default.nix b/nixos/modules/services/cluster/patroni/default.nix index 3b563bb89fffbe0..91eb9214a60e4b4 100644 --- a/nixos/modules/services/cluster/patroni/default.nix +++ b/nixos/modules/services/cluster/patroni/default.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.patroni; defaultUser = "patroni"; @@ -21,20 +20,20 @@ in options.services.patroni = { - enable = mkEnableOption "Patroni"; + enable = lib.mkEnableOption "Patroni"; - postgresqlPackage = mkOption { - type = types.package; - example = literalExpression "pkgs.postgresql_14"; + postgresqlPackage = lib.mkOption { + type = lib.types.package; + example = lib.literalExpression "pkgs.postgresql_14"; description = '' PostgreSQL package to use. Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`. ''; }; - postgresqlDataDir = mkOption { - type = types.path; - defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; + postgresqlDataDir = lib.mkOption { + type = lib.types.path; + defaultText = lib.literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; example = "/var/lib/postgresql/14"; default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}"; description = '' @@ -45,16 +44,16 @@ in ''; }; - postgresqlPort = mkOption { - type = types.port; + postgresqlPort = lib.mkOption { + type = lib.types.port; default = 5432; description = '' The port on which PostgreSQL listens. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; example = "postgres"; description = '' @@ -63,8 +62,8 @@ in ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = defaultGroup; example = "postgres"; description = '' @@ -73,64 +72,64 @@ in ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/patroni"; description = '' Folder where Patroni data will be written, this is where the pgpass password file will be written. ''; }; - scope = mkOption { - type = types.str; + scope = lib.mkOption { + type = lib.types.str; example = "cluster1"; description = '' Cluster name. ''; }; - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; example = "node1"; description = '' The name of the host. Must be unique for the cluster. ''; }; - namespace = mkOption { - type = types.str; + namespace = lib.mkOption { + type = lib.types.str; default = "/service"; description = '' Path within the configuration store where Patroni will keep information about the cluster. ''; }; - nodeIp = mkOption { - type = types.str; + nodeIp = lib.mkOption { + type = lib.types.str; example = "192.168.1.1"; description = '' IP address of this node. ''; }; - otherNodesIps = mkOption { - type = types.listOf types.str; + otherNodesIps = lib.mkOption { + type = lib.types.listOf lib.types.str; example = [ "192.168.1.2" "192.168.1.3" ]; description = '' IP addresses of the other nodes. ''; }; - restApiPort = mkOption { - type = types.port; + restApiPort = lib.mkOption { + type = lib.types.port; default = 8008; description = '' The port on Patroni's REST api listens. ''; }; - softwareWatchdog = mkOption { - type = types.bool; + softwareWatchdog = lib.mkOption { + type = lib.types.bool; default = false; description = '' This will configure Patroni to use the software watchdog built into the Linux kernel @@ -138,7 +137,7 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -148,8 +147,8 @@ in ''; }; - environmentFiles = mkOption { - type = with types; attrsOf (nullOr (oneOf [ str path package ])); + environmentFiles = lib.mkOption { + type = with lib.types; attrsOf (nullOr (oneOf [ str path package ])); default = { }; example = { PATRONI_REPLICATION_PASSWORD = "/secret/file"; @@ -159,7 +158,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.patroni.settings = { scope = cfg.scope; @@ -179,7 +178,7 @@ in pgpass = "${cfg.dataDir}/pgpass"; }; - watchdog = mkIf cfg.softwareWatchdog { + watchdog = lib.mkIf cfg.softwareWatchdog { mode = "required"; device = "/dev/watchdog"; safety_margin = 5; @@ -188,13 +187,13 @@ in users = { - users = mkIf (cfg.user == defaultUser) { + users = lib.mkIf (cfg.user == defaultUser) { patroni = { group = cfg.group; isSystemUser = true; }; }; - groups = mkIf (cfg.group == defaultGroup) { + groups = lib.mkIf (cfg.group == defaultGroup) { patroni = { }; }; }; @@ -207,11 +206,11 @@ in after = [ "network.target" ]; script = '' - ${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))} + ${lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs (name: path: ''export ${name}="$(< ${lib.escapeShellArg path})"'') cfg.environmentFiles))} exec ${pkgs.patroni}/bin/patroni ${configFile} ''; - serviceConfig = mkMerge [ + serviceConfig = lib.mkMerge [ { User = cfg.user; Group = cfg.group; @@ -221,7 +220,7 @@ in ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID"; KillMode = "process"; } - (mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") { + (lib.mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") { StateDirectory = "patroni postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}"; StateDirectoryMode = "0750"; }) @@ -229,9 +228,9 @@ in }; }; - boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ]; + boot.kernelModules = lib.mkIf cfg.softwareWatchdog [ "softdog" ]; - services.udev.extraRules = mkIf cfg.softwareWatchdog '' + services.udev.extraRules = lib.mkIf cfg.softwareWatchdog '' KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600" ''; @@ -247,5 +246,5 @@ in }; }; - meta.maintainers = [ maintainers.phfroidmont ]; + meta.maintainers = [ lib.maintainers.phfroidmont ]; } diff --git a/nixos/modules/services/cluster/rke2/default.nix b/nixos/modules/services/cluster/rke2/default.nix index 51b849ebcc802c3..52430f5cb680e25 100644 --- a/nixos/modules/services/cluster/rke2/default.nix +++ b/nixos/modules/services/cluster/rke2/default.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.rke2; in @@ -8,12 +6,12 @@ in imports = [ ]; options.services.rke2 = { - enable = mkEnableOption "rke2"; + enable = lib.mkEnableOption "rke2"; - package = mkPackageOption pkgs "rke2" { }; + package = lib.mkPackageOption pkgs "rke2" { }; - role = mkOption { - type = types.enum [ "server" "agent" ]; + role = lib.mkOption { + type = lib.types.enum [ "server" "agent" ]; description = '' Whether rke2 should run as a server or agent. @@ -31,26 +29,26 @@ in default = "server"; }; - configPath = mkOption { - type = types.path; + configPath = lib.mkOption { + type = lib.types.path; description = "Load configuration from FILE."; default = "/etc/rancher/rke2/config.yaml"; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; description = "Turn on debug logs."; default = false; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; description = "The folder to hold state in."; default = "/var/lib/rancher/rke2"; }; - token = mkOption { - type = types.str; + token = lib.mkOption { + type = lib.types.str; description = '' Shared secret used to join a server or agent to a cluster. @@ -60,44 +58,44 @@ in default = ""; }; - tokenFile = mkOption { - type = types.nullOr types.path; + tokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing rke2 token to use when connecting to the server."; default = null; }; - disable = mkOption { - type = types.listOf types.str; - description = "Do not deploy packaged components and delete any deployed components."; + disable = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "Do not deploy packaged components and delete lib.any deployed components."; default = [ ]; }; - nodeName = mkOption { - type = types.nullOr types.str; + nodeName = lib.mkOption { + type = lib.types.nullOr lib.types.str; description = "Node name."; default = null; }; - nodeLabel = mkOption { - type = types.listOf types.str; + nodeLabel = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Registering and starting kubelet with set of labels."; default = [ ]; }; - nodeTaint = mkOption { - type = types.listOf types.str; + nodeTaint = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Registering kubelet with set of taints."; default = [ ]; }; - nodeIP = mkOption { - type = types.nullOr types.str; + nodeIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; description = "IPv4/IPv6 addresses to advertise for node."; default = null; }; - agentToken = mkOption { - type = types.str; + agentToken = lib.mkOption { + type = lib.types.str; description = '' Shared secret used to join agents to the cluster, but not servers. @@ -107,27 +105,27 @@ in default = ""; }; - agentTokenFile = mkOption { - type = types.nullOr types.path; + agentTokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing rke2 agent token to use when connecting to the server."; default = null; }; - serverAddr = mkOption { - type = types.str; + serverAddr = lib.mkOption { + type = lib.types.str; description = "The rke2 server to connect to, used to join a cluster."; example = "https://10.0.0.10:6443"; default = ""; }; - selinux = mkOption { - type = types.bool; + selinux = lib.mkOption { + type = lib.types.bool; description = "Enable SELinux in containerd."; default = false; }; - cni = mkOption { - type = types.enum [ "none" "canal" "cilium" "calico" "flannel" ]; + cni = lib.mkOption { + type = lib.types.enum [ "none" "canal" "cilium" "calico" "flannel" ]; description = '' CNI Plugins to deploy, one of `none`, `calico`, `canal`, `cilium` or `flannel`. @@ -141,8 +139,8 @@ in default = "canal"; }; - cisHardening = mkOption { - type = types.bool; + cisHardening = lib.mkOption { + type = lib.types.bool; description = '' Enable CIS Hardening for RKE2. @@ -162,8 +160,8 @@ in default = false; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Extra flags to pass to the rke2 service/agent. @@ -176,8 +174,8 @@ in default = [ ]; }; - environmentVars = mkOption { - type = types.attrsOf types.str; + environmentVars = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = '' Environment variables for configuring the rke2 service/agent. @@ -199,7 +197,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.role == "agent" -> (builtins.pathExists cfg.configPath || cfg.serverAddr != ""); @@ -234,7 +232,7 @@ in ''; }; # See: https://docs.rke2.io/security/hardening_guide#set-kernel-parameters - boot.kernel.sysctl = mkIf cfg.cisHardening { + boot.kernel.sysctl = lib.mkIf cfg.cisHardening { "vm.panic_on_oom" = 0; "vm.overcommit_memory" = 1; "kernel.panic" = 10; @@ -254,7 +252,7 @@ in "-/etc/sysconfig/%N" "-/usr/local/lib/systemd/system/%N.env" ]; - Environment = mapAttrsToList (k: v: "${k}=${v}") cfg.environmentVars; + Environment = lib.mapAttrsToList (k: v: "${k}=${v}") cfg.environmentVars; KillMode = "process"; Delegate = "yes"; LimitNOFILE = 1048576; @@ -274,26 +272,26 @@ in set -x ! /run/current-system/systemd/bin/systemctl is-enabled --quiet nm-cloud-setup.service '') - "-${pkgs.kmod}/bin/modprobe br_netfilter" + "-${pkgs.kmod}/bin/modprobe br_netlib.filter" "-${pkgs.kmod}/bin/modprobe overlay" ]; - ExecStart = "${cfg.package}/bin/rke2 '${cfg.role}' ${escapeShellArgs ( - (optional (cfg.configPath != "/etc/rancher/rke2/config.yaml") "--config=${cfg.configPath}") - ++ (optional cfg.debug "--debug") - ++ (optional (cfg.dataDir != "/var/lib/rancher/rke2") "--data-dir=${cfg.dataDir}") - ++ (optional (cfg.token != "") "--token=${cfg.token}") - ++ (optional (cfg.tokenFile != null) "--token-file=${cfg.tokenFile}") - ++ (optionals (cfg.role == "server" && cfg.disable != [ ]) (map (d: "--disable=${d}") cfg.disable)) - ++ (optional (cfg.nodeName != null) "--node-name=${cfg.nodeName}") - ++ (optionals (cfg.nodeLabel != [ ]) (map (l: "--node-label=${l}") cfg.nodeLabel)) - ++ (optionals (cfg.nodeTaint != [ ]) (map (t: "--node-taint=${t}") cfg.nodeTaint)) - ++ (optional (cfg.nodeIP != null) "--node-ip=${cfg.nodeIP}") - ++ (optional (cfg.role == "server" && cfg.agentToken != "") "--agent-token=${cfg.agentToken}") - ++ (optional (cfg.role == "server" && cfg.agentTokenFile != null) "--agent-token-file=${cfg.agentTokenFile}") - ++ (optional (cfg.serverAddr != "") "--server=${cfg.serverAddr}") - ++ (optional cfg.selinux "--selinux") - ++ (optional (cfg.role == "server" && cfg.cni != "canal") "--cni=${cfg.cni}") - ++ (optional cfg.cisHardening "--profile=${if cfg.package.version >= "1.25" then "cis-1.23" else "cis-1.6"}") + ExecStart = "${cfg.package}/bin/rke2 '${cfg.role}' ${lib.escapeShellArgs ( + (lib.optional (cfg.configPath != "/etc/rancher/rke2/config.yaml") "--config=${cfg.configPath}") + ++ (lib.optional cfg.debug "--debug") + ++ (lib.optional (cfg.dataDir != "/var/lib/rancher/rke2") "--data-dir=${cfg.dataDir}") + ++ (lib.optional (cfg.token != "") "--token=${cfg.token}") + ++ (lib.optional (cfg.tokenFile != null) "--token-file=${cfg.tokenFile}") + ++ (lib.optionals (cfg.role == "server" && cfg.disable != [ ]) (map (d: "--disable=${d}") cfg.disable)) + ++ (lib.optional (cfg.nodeName != null) "--node-name=${cfg.nodeName}") + ++ (lib.optionals (cfg.nodeLabel != [ ]) (map (l: "--node-label=${l}") cfg.nodeLabel)) + ++ (lib.optionals (cfg.nodeTaint != [ ]) (map (t: "--node-taint=${t}") cfg.nodeTaint)) + ++ (lib.optional (cfg.nodeIP != null) "--node-ip=${cfg.nodeIP}") + ++ (lib.optional (cfg.role == "server" && cfg.agentToken != "") "--agent-token=${cfg.agentToken}") + ++ (lib.optional (cfg.role == "server" && cfg.agentTokenFile != null) "--agent-token-file=${cfg.agentTokenFile}") + ++ (lib.optional (cfg.serverAddr != "") "--server=${cfg.serverAddr}") + ++ (lib.optional cfg.selinux "--selinux") + ++ (lib.optional (cfg.role == "server" && cfg.cni != "canal") "--cni=${cfg.cni}") + ++ (lib.optional cfg.cisHardening "--profile=${if cfg.package.version >= "1.25" then "cis-1.23" else "cis-1.6"}") ++ cfg.extraFlags )}"; ExecStopPost = let diff --git a/nixos/modules/services/cluster/spark/default.nix b/nixos/modules/services/cluster/spark/default.nix index 7a3f768471c2186..c4ebd3424392846 100644 --- a/nixos/modules/services/cluster/spark/default.nix +++ b/nixos/modules/services/cluster/spark/default.nix @@ -2,20 +2,19 @@ let cfg = config.services.spark; in -with lib; { options = { services.spark = { master = { - enable = mkEnableOption "Spark master service"; - bind = mkOption { - type = types.str; + enable = lib.mkEnableOption "Spark master service"; + bind = lib.mkOption { + type = lib.types.str; description = "Address the spark master binds to."; default = "127.0.0.1"; example = "0.0.0.0"; }; - restartIfChanged = mkOption { - type = types.bool; + restartIfChanged = lib.mkOption { + type = lib.types.bool; description = '' Automatically restart master service on config change. This can be set to false to defer restarts on clusters running critical applications. @@ -24,8 +23,8 @@ with lib; ''; default = true; }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = "Extra environment variables to pass to spark master. See spark-standalone documentation."; default = {}; example = { @@ -35,19 +34,19 @@ with lib; }; }; worker = { - enable = mkEnableOption "Spark worker service"; - workDir = mkOption { - type = types.path; + enable = lib.mkEnableOption "Spark worker service"; + workDir = lib.mkOption { + type = lib.types.path; description = "Spark worker work dir."; default = "/var/lib/spark"; }; - master = mkOption { - type = types.str; + master = lib.mkOption { + type = lib.types.str; description = "Address of the spark master."; default = "127.0.0.1:7077"; }; - restartIfChanged = mkOption { - type = types.bool; + restartIfChanged = lib.mkOption { + type = lib.types.bool; description = '' Automatically restart worker service on config change. This can be set to false to defer restarts on clusters running critical applications. @@ -56,8 +55,8 @@ with lib; ''; default = true; }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = "Extra environment variables to pass to spark worker."; default = {}; example = { @@ -66,18 +65,18 @@ with lib; }; }; }; - confDir = mkOption { - type = types.path; + confDir = lib.mkOption { + type = lib.types.path; description = "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory."; default = "${cfg.package}/conf"; - defaultText = literalExpression ''"''${package}/conf"''; + defaultText = lib.literalExpression ''"''${package}/conf"''; }; - logDir = mkOption { - type = types.path; + logDir = lib.mkOption { + type = lib.types.path; description = "Spark log directory."; default = "/var/log/spark"; }; - package = mkPackageOption pkgs "spark" { + package = lib.mkPackageOption pkgs "spark" { example = '' spark.overrideAttrs (super: rec { pname = "spark"; diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index f5d7ab8d8cb25ca..6a2ac5e7dee7e29 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -1,10 +1,7 @@ {config, lib, pkgs, ...}: - -with lib; - let cfg = config.services.boinc; - allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; + allowRemoteGuiRpcFlag = lib.optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; fhsEnv = pkgs.buildFHSEnv { name = "boinc-fhs-env"; @@ -16,8 +13,8 @@ let in { options.services.boinc = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the BOINC distributed computing client. If this @@ -27,20 +24,20 @@ in ''; }; - package = mkPackageOption pkgs "boinc" { + package = lib.mkPackageOption pkgs "boinc" { example = "boinc-headless"; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/boinc"; description = '' The directory in which to store BOINC's configuration and data files. ''; }; - allowRemoteGuiRpc = mkOption { - type = types.bool; + allowRemoteGuiRpc = lib.mkOption { + type = lib.types.bool; default = false; description = '' If set to true, any remote host can connect to and control this BOINC @@ -52,10 +49,10 @@ in ''; }; - extraEnvPackages = mkOption { - type = types.listOf types.package; + extraEnvPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.virtualbox ]"; + example = lib.literalExpression "[ pkgs.virtualbox ]"; description = '' Additional packages to make available in the environment in which BOINC will run. Common choices are: @@ -77,7 +74,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [cfg.package]; users.users.boinc = { diff --git a/nixos/modules/services/computing/foldingathome/client.nix b/nixos/modules/services/computing/foldingathome/client.nix index 8d330fd8717beeb..71fc58669d33bd4 100644 --- a/nixos/modules/services/computing/foldingathome/client.nix +++ b/nixos/modules/services/computing/foldingathome/client.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.foldingathome; @@ -11,19 +10,19 @@ let in { imports = [ - (mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ]) - (mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ]) - (mkRemovedOptionModule [ "services" "foldingathome" "config" ] '' + (lib.mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ]) + (lib.mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ]) + (lib.mkRemovedOptionModule [ "services" "foldingathome" "config" ] '' Use services.foldingathome.extraArgs instead '') ]; options.services.foldingathome = { - enable = mkEnableOption "Folding@home client"; + enable = lib.mkEnableOption "Folding@home client"; - package = mkPackageOption pkgs "fahclient" { }; + package = lib.mkPackageOption pkgs "fahclient" { }; - user = mkOption { - type = types.nullOr types.str; + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The user associated with the reported computation results. This will @@ -31,8 +30,8 @@ in ''; }; - team = mkOption { - type = types.int; + team = lib.mkOption { + type = lib.types.int; default = 236565; description = '' The team ID associated with the reported computation results. This @@ -42,8 +41,8 @@ in ''; }; - daemonNiceLevel = mkOption { - type = types.ints.between (-20) 19; + daemonNiceLevel = lib.mkOption { + type = lib.types.ints.between (-20) 19; default = 0; description = '' Daemon process priority for FAHClient. @@ -51,8 +50,8 @@ in ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra startup options for the FAHClient. Run @@ -61,7 +60,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.foldingathome = { description = "Folding@home client"; after = [ "network.target" ]; diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index 360a72677ce06bf..f4944d3ce31863c 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.slurm; @@ -15,8 +12,8 @@ let ClusterName=${cfg.clusterName} StateSaveLocation=${cfg.stateSaveLocation} SlurmUser=${cfg.user} - ${optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} - ${optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} + ${lib.optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} + ${lib.optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} ${toString (map (x: "NodeName=${x}\n") cfg.nodeName)} ${toString (map (x: "PartitionName=${x}\n") cfg.partitionName)} PlugStackConfig=${plugStackConfig}/plugstack.conf @@ -26,7 +23,7 @@ let plugStackConfig = pkgs.writeTextDir "plugstack.conf" '' - ${optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} + ${lib.optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} ${cfg.extraPlugstackConfig} ''; @@ -56,15 +53,15 @@ in ###### interface - meta.maintainers = [ maintainers.markuskowa ]; + meta.maintainers = [ lib.maintainers.markuskowa ]; options = { services.slurm = { server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the slurm control daemon. @@ -76,29 +73,29 @@ in }; dbdserver = { - enable = mkEnableOption "SlurmDBD service"; + enable = lib.mkEnableOption "SlurmDBD service"; - dbdHost = mkOption { - type = types.str; + dbdHost = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; description = '' Hostname of the machine where `slurmdbd` is running (i.e. name returned by `hostname -s`). ''; }; - storageUser = mkOption { - type = types.str; + storageUser = lib.mkOption { + type = lib.types.str; default = cfg.user; - defaultText = literalExpression "config.${opt.user}"; + defaultText = lib.literalExpression "config.${opt.user}"; description = '' Database user name. ''; }; - storagePassFile = mkOption { - type = with types; nullOr str; + storagePassFile = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Path to file with database password. The content of this will be used to @@ -106,8 +103,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra configuration for `slurmdbd.conf` See also: @@ -117,11 +114,11 @@ in }; client = { - enable = mkEnableOption "slurm client daemon"; + enable = lib.mkEnableOption "slurm client daemon"; }; - enableStools = mkOption { - type = types.bool; + enableStools = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to provide a slurm.conf file. @@ -131,14 +128,14 @@ in ''; }; - package = mkPackageOption pkgs "slurm" { + package = lib.mkPackageOption pkgs "slurm" { example = "slurm-full"; } // { default = pkgs.slurm.override { enableX11 = ! cfg.enableSrunX11; }; }; - controlMachine = mkOption { - type = types.nullOr types.str; + controlMachine = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = null; description = '' @@ -148,10 +145,10 @@ in ''; }; - controlAddr = mkOption { - type = types.nullOr types.str; + controlAddr = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = cfg.controlMachine; - defaultText = literalExpression "config.${opt.controlMachine}"; + defaultText = lib.literalExpression "config.${opt.controlMachine}"; example = null; description = '' Name that ControlMachine should be referred to in establishing a @@ -159,8 +156,8 @@ in ''; }; - clusterName = mkOption { - type = types.str; + clusterName = lib.mkOption { + type = lib.types.str; default = "default"; example = "myCluster"; description = '' @@ -168,10 +165,10 @@ in ''; }; - nodeName = mkOption { - type = types.listOf types.str; + nodeName = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - example = literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; + example = lib.literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; description = '' Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" @@ -179,19 +176,19 @@ in ''; }; - partitionName = mkOption { - type = types.listOf types.str; + partitionName = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - example = literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; + example = lib.literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; description = '' Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name. ''; }; - enableSrunX11 = mkOption { + enableSrunX11 = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the @@ -207,8 +204,8 @@ in ''; }; - procTrackType = mkOption { - type = types.str; + procTrackType = lib.mkOption { + type = lib.types.str; default = "proctrack/linuxproc"; description = '' Plugin to be used for process tracking on a job step basis. @@ -217,16 +214,16 @@ in ''; }; - stateSaveLocation = mkOption { - type = types.str; + stateSaveLocation = lib.mkOption { + type = lib.types.str; default = "/var/spool/slurmctld"; description = '' Directory into which the Slurm controller, slurmctld, saves its state. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; description = '' Set this option when you want to run the slurmctld daemon @@ -236,34 +233,34 @@ in ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration options that will be added verbatim at the end of the slurm configuration file. ''; }; - extraPlugstackConfig = mkOption { + extraPlugstackConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration that will be added to the end of `plugstack.conf`. ''; }; - extraCgroupConfig = mkOption { + extraCgroupConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration for `cgroup.conf`. This file is used when `procTrackType=proctrack/cgroup`. ''; }; - extraConfigPaths = mkOption { - type = with types; listOf path; + extraConfigPaths = lib.mkOption { + type = with lib.types; listOf path; default = []; description = '' Slurm expects config files for plugins in the same path @@ -273,11 +270,11 @@ in ''; }; - etcSlurm = mkOption { - type = types.path; + etcSlurm = lib.mkOption { + type = lib.types.path; internal = true; default = etcSlurm; - defaultText = literalMD '' + defaultText = lib.literalMD '' Directory created from generated config files and `config.${opt.extraConfigPaths}`. ''; @@ -292,11 +289,11 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' + (lib.mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' This option has been removed so that the database password is not exposed via the nix store. Use services.slurm.dbdserver.storagePassFile to provide the database password. '') - (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' + (lib.mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' This option has been removed. Use services.slurm.dbdserver.storagePassFile and services.slurm.dbdserver.extraConfig instead. '') @@ -312,7 +309,7 @@ in builder = pkgs.writeText "builder.sh" '' source $stdenv/setup mkdir -p $out/bin - find ${getBin cfg.package}/bin -type f -executable | while read EXE + find ${lib.getBin cfg.package}/bin -type f -executable | while read EXE do exename="$(basename $EXE)" wrappername="$out/bin/$exename" @@ -329,21 +326,21 @@ in done mkdir -p $out/share - ln -s ${getBin cfg.package}/share/man $out/share/man + ln -s ${lib.getBin cfg.package}/share/man $out/share/man ''; }; - in mkIf ( cfg.enableStools || + in lib.mkIf ( cfg.enableStools || cfg.client.enable || cfg.server.enable || cfg.dbdserver.enable ) { environment.systemPackages = [ wrappedSlurm ]; - services.munge.enable = mkDefault true; + services.munge.enable = lib.mkDefault true; # use a static uid as default to ensure it is the same on all nodes - users.users.slurm = mkIf (cfg.user == defaultUser) { + users.users.slurm = lib.mkIf (cfg.user == defaultUser) { name = defaultUser; group = "slurm"; uid = config.ids.uids.slurm; @@ -351,7 +348,7 @@ in users.groups.slurm.gid = config.ids.uids.slurm; - systemd.services.slurmd = mkIf (cfg.client.enable) { + systemd.services.slurmd = lib.mkIf (cfg.client.enable) { path = with pkgs; [ wrappedSlurm coreutils ] ++ lib.optional cfg.enableSrunX11 slurm-spank-x11; @@ -375,13 +372,13 @@ in }; }; - systemd.tmpfiles.rules = mkIf cfg.client.enable [ + systemd.tmpfiles.rules = lib.mkIf cfg.client.enable [ "d /var/spool/slurmd 755 root root -" ]; - services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true); + services.openssh.settings.X11Forwarding = lib.mkIf cfg.client.enable (lib.mkDefault true); - systemd.services.slurmctld = mkIf (cfg.server.enable) { + systemd.services.slurmctld = lib.mkIf (cfg.server.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ] ++ lib.optional cfg.enableSrunX11 slurm-spank-x11; @@ -405,7 +402,7 @@ in systemd.services.slurmdbd = let # slurm strips the last component off the path configPath = "$RUNTIME_DIRECTORY/slurmdbd.conf"; - in mkIf (cfg.dbdserver.enable) { + in lib.mkIf (cfg.dbdserver.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ]; wantedBy = [ "multi-user.target" ]; @@ -414,7 +411,7 @@ in preStart = '' install -m 600 -o ${cfg.user} -T ${slurmdbdConf} ${configPath} - ${optionalString (cfg.dbdserver.storagePassFile != null) '' + ${lib.optionalString (cfg.dbdserver.storagePassFile != null) '' echo "StoragePass=$(cat ${cfg.dbdserver.storagePassFile})" \ >> ${configPath} ''} diff --git a/nixos/modules/services/computing/torque/mom.nix b/nixos/modules/services/computing/torque/mom.nix index 6747bd4b0d5aae7..8bc5fc134fcbae1 100644 --- a/nixos/modules/services/computing/torque/mom.nix +++ b/nixos/modules/services/computing/torque/mom.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.torque.mom; @@ -17,10 +14,10 @@ in options = { services.torque.mom = { - enable = mkEnableOption "torque computing node"; + enable = lib.mkEnableOption "torque computing node"; - serverNode = mkOption { - type = types.str; + serverNode = lib.mkOption { + type = lib.types.str; description = "Hostname running pbs server."; }; @@ -28,7 +25,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.torque ]; systemd.services.torque-mom-init = { diff --git a/nixos/modules/services/computing/torque/server.nix b/nixos/modules/services/computing/torque/server.nix index 8d923fc04d46d3a..27be2c65b7e0f07 100644 --- a/nixos/modules/services/computing/torque/server.nix +++ b/nixos/modules/services/computing/torque/server.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.torque.server; torque = pkgs.torque; @@ -11,13 +8,13 @@ in services.torque.server = { - enable = mkEnableOption "torque server"; + enable = lib.mkEnableOption "torque server"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.torque ]; systemd.services.torque-server-init = { diff --git a/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixos/modules/services/continuous-integration/buildbot/master.nix index a4a9eee672cf434..d744b73bf158b18 100644 --- a/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -1,9 +1,5 @@ # NixOS module for Buildbot continuous integration server. - { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.buildbot-master; opt = options.services.buildbot-master; @@ -11,27 +7,27 @@ let package = pkgs.python3.pkgs.toPythonModule cfg.package; python = package.pythonModule; - escapeStr = escape [ "'" ]; + escapeStr = lib.escape [ "'" ]; defaultMasterCfg = pkgs.writeText "master.cfg" '' from buildbot.plugins import * ${cfg.extraImports} factory = util.BuildFactory() c = BuildmasterConfig = dict( - workers = [${concatStringsSep "," cfg.workers}], + workers = [${lib.concatStringsSep "," cfg.workers}], protocols = { 'pb': {'port': ${toString cfg.pbPort} } }, - title = '${escapeStr cfg.title}', - titleURL = '${escapeStr cfg.titleUrl}', - buildbotURL = '${escapeStr cfg.buildbotUrl}', - db = dict(db_url='${escapeStr cfg.dbUrl}'), + title = '${lib.escapeStr cfg.title}', + titleURL = '${lib.escapeStr cfg.titleUrl}', + buildbotURL = '${lib.escapeStr cfg.buildbotUrl}', + db = dict(db_url='${lib.escapeStr cfg.dbUrl}'), www = dict(port=${toString cfg.port}), - change_source = [ ${concatStringsSep "," cfg.changeSource} ], - schedulers = [ ${concatStringsSep "," cfg.schedulers} ], - builders = [ ${concatStringsSep "," cfg.builders} ], - services = [ ${concatStringsSep "," cfg.reporters} ], - configurators = [ ${concatStringsSep "," cfg.configurators} ], + change_source = [ ${lib.concatStringsSep "," cfg.changeSource} ], + schedulers = [ ${lib.concatStringsSep "," cfg.schedulers} ], + builders = [ ${lib.concatStringsSep "," cfg.builders} ], + services = [ ${lib.concatStringsSep "," cfg.reporters} ], + configurators = [ ${lib.concatStringsSep "," cfg.configurators} ], ) - for step in [ ${concatStringsSep "," cfg.factorySteps} ]: + for step in [ ${lib.concatStringsSep "," cfg.factorySteps} ]: factory.addStep(step) ${cfg.extraConfig} @@ -62,8 +58,8 @@ in { options = { services.buildbot-master = { - factorySteps = mkOption { - type = types.listOf types.str; + factorySteps = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Factory Steps"; default = []; example = [ @@ -72,8 +68,8 @@ in { ]; }; - changeSource = mkOption { - type = types.listOf types.str; + changeSource = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Change Sources."; default = []; example = [ @@ -81,8 +77,8 @@ in { ]; }; - configurators = mkOption { - type = types.listOf types.str; + configurators = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html"; default = []; example = [ @@ -90,35 +86,35 @@ in { ]; }; - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the Buildbot continuous integration server."; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; description = "Extra configuration to append to master.cfg"; default = "c['buildbotNetUsageData'] = None"; }; - extraImports = mkOption { - type = types.str; + extraImports = lib.mkOption { + type = lib.types.str; description = "Extra python imports to prepend to master.cfg"; default = ""; example = "from buildbot.process.project import Project"; }; - masterCfg = mkOption { - type = types.path; + masterCfg = lib.mkOption { + type = lib.types.path; description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = defaultMasterCfg; - defaultText = literalMD ''generated configuration file''; + defaultText = lib.literalMD ''generated configuration file''; example = "/etc/nixos/buildbot/master.cfg"; }; - schedulers = mkOption { - type = types.listOf types.str; + schedulers = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Schedulers."; default = [ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" @@ -126,60 +122,60 @@ in { ]; }; - builders = mkOption { - type = types.listOf types.str; + builders = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Builders."; default = [ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]; }; - workers = mkOption { - type = types.listOf types.str; + workers = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Workers."; default = [ "worker.Worker('example-worker', 'pass')" ]; }; - reporters = mkOption { + reporters = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "List of reporter objects used to present build status to various users."; }; - user = mkOption { + user = lib.mkOption { default = "buildbot"; - type = types.str; + type = lib.types.str; description = "User the buildbot server should execute under."; }; - group = mkOption { + group = lib.mkOption { default = "buildbot"; - type = types.str; + type = lib.types.str; description = "Primary group of buildbot user."; }; - extraGroups = mkOption { - type = types.listOf types.str; + extraGroups = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = "List of extra groups that the buildbot user should be a part of."; }; - home = mkOption { + home = lib.mkOption { default = "/home/buildbot"; - type = types.path; + type = lib.types.path; description = "Buildbot home directory."; }; - buildbotDir = mkOption { + buildbotDir = lib.mkOption { default = "${cfg.home}/master"; - defaultText = literalExpression ''"''${config.${opt.home}}/master"''; - type = types.path; + defaultText = lib.literalExpression ''"''${config.${opt.home}}/master"''; + type = lib.types.path; description = "Specifies the Buildbot directory."; }; - pbPort = mkOption { + pbPort = lib.mkOption { default = 9989; - type = types.either types.str types.int; + type = lib.types.either lib.types.str lib.types.int; example = "'tcp:9990:interface=127.0.0.1'"; description = '' The buildmaster will listen on a TCP port of your choosing @@ -193,69 +189,69 @@ in { ''; }; - listenAddress = mkOption { + listenAddress = lib.mkOption { default = "0.0.0.0"; - type = types.str; + type = lib.types.str; description = "Specifies the bind address on which the buildbot HTTP interface listens."; }; - buildbotUrl = mkOption { + buildbotUrl = lib.mkOption { default = "http://localhost:8010/"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot URL."; }; - title = mkOption { + title = lib.mkOption { default = "Buildbot"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot Title."; }; - titleUrl = mkOption { + titleUrl = lib.mkOption { default = "Buildbot"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot TitleURL."; }; - dbUrl = mkOption { + dbUrl = lib.mkOption { default = "sqlite:///state.sqlite"; - type = types.str; + type = lib.types.str; description = "Specifies the database connection string."; }; - port = mkOption { + port = lib.mkOption { default = 8010; - type = types.port; + type = lib.types.port; description = "Specifies port number on which the buildbot HTTP interface listens."; }; - package = mkPackageOption pkgs "buildbot-full" { + package = lib.mkPackageOption pkgs "buildbot-full" { example = "buildbot"; }; - packages = mkOption { + packages = lib.mkOption { default = [ pkgs.git ]; - defaultText = literalExpression "[ pkgs.git ]"; - type = types.listOf types.package; + defaultText = lib.literalExpression "[ pkgs.git ]"; + type = lib.types.listOf lib.types.package; description = "Packages to add to PATH for the buildbot process."; }; - pythonPackages = mkOption { - type = types.functionTo (types.listOf types.package); + pythonPackages = lib.mkOption { + type = lib.types.functionTo (lib.types.listOf lib.types.package); default = pythonPackages: with pythonPackages; [ ]; - defaultText = literalExpression "pythonPackages: with pythonPackages; [ ]"; + defaultText = lib.literalExpression "pythonPackages: with pythonPackages; [ ]"; description = "Packages to add the to the PYTHONPATH of the buildbot process."; - example = literalExpression "pythonPackages: with pythonPackages; [ requests ]"; + example = lib.literalExpression "pythonPackages: with pythonPackages; [ requests ]"; }; }; }; - config = mkIf cfg.enable { - users.groups = optionalAttrs (cfg.group == "buildbot") { + config = lib.mkIf cfg.enable { + users.groups = lib.optionalAttrs (cfg.group == "buildbot") { buildbot = { }; }; - users.users = optionalAttrs (cfg.user == "buildbot") { + users.users = lib.optionalAttrs (cfg.user == "buildbot") { buildbot = { description = "Buildbot User."; isNormalUser = true; @@ -298,8 +294,8 @@ in { }; imports = [ - (mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ]) - (mkRemovedOptionModule [ "services" "buildbot-master" "status" ] '' + (lib.mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ]) + (lib.mkRemovedOptionModule [ "services" "buildbot-master" "status" ] '' Since Buildbot 0.9.0, status targets are deprecated and ignored. Review your configuration and migrate to reporters (available at services.buildbot-master.reporters). '') diff --git a/nixos/modules/services/databases/etcd.nix b/nixos/modules/services/databases/etcd.nix index ebc905ad08f6126..b10fdb801c501b6 100644 --- a/nixos/modules/services/databases/etcd.nix +++ b/nixos/modules/services/databases/etcd.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.etcd; opt = options.services.etcd; @@ -9,98 +6,98 @@ let in { options.services.etcd = { - enable = mkOption { + enable = lib.mkOption { description = "Whether to enable etcd."; default = false; - type = types.bool; + type = lib.types.bool; }; - package = mkPackageOption pkgs "etcd" { }; + package = lib.mkPackageOption pkgs "etcd" { }; - name = mkOption { + name = lib.mkOption { description = "Etcd unique node name."; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; - type = types.str; + defaultText = lib.literalExpression "config.networking.hostName"; + type = lib.types.str; }; - advertiseClientUrls = mkOption { + advertiseClientUrls = lib.mkOption { description = "Etcd list of this member's client URLs to advertise to the rest of the cluster."; default = cfg.listenClientUrls; - defaultText = literalExpression "config.${opt.listenClientUrls}"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.${opt.listenClientUrls}"; + type = lib.types.listOf lib.types.str; }; - listenClientUrls = mkOption { + listenClientUrls = lib.mkOption { description = "Etcd list of URLs to listen on for client traffic."; default = ["http://127.0.0.1:2379"]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; }; - listenPeerUrls = mkOption { + listenPeerUrls = lib.mkOption { description = "Etcd list of URLs to listen on for peer traffic."; default = ["http://127.0.0.1:2380"]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; }; - initialAdvertisePeerUrls = mkOption { + initialAdvertisePeerUrls = lib.mkOption { description = "Etcd list of this member's peer URLs to advertise to rest of the cluster."; default = cfg.listenPeerUrls; - defaultText = literalExpression "config.${opt.listenPeerUrls}"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.${opt.listenPeerUrls}"; + type = lib.types.listOf lib.types.str; }; - initialCluster = mkOption { + initialCluster = lib.mkOption { description = "Etcd initial cluster configuration for bootstrapping."; default = ["${cfg.name}=http://127.0.0.1:2380"]; - defaultText = literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; - type = types.listOf types.str; + defaultText = lib.literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; + type = lib.types.listOf lib.types.str; }; - initialClusterState = mkOption { + initialClusterState = lib.mkOption { description = "Etcd initial cluster configuration for bootstrapping."; default = "new"; - type = types.enum ["new" "existing"]; + type = lib.types.enum ["new" "existing"]; }; - initialClusterToken = mkOption { + initialClusterToken = lib.mkOption { description = "Etcd initial cluster token for etcd cluster during bootstrap."; default = "etcd-cluster"; - type = types.str; + type = lib.types.str; }; - discovery = mkOption { + discovery = lib.mkOption { description = "Etcd discovery url"; default = ""; - type = types.str; + type = lib.types.str; }; - clientCertAuth = mkOption { + clientCertAuth = lib.mkOption { description = "Whether to use certs for client authentication"; default = false; - type = types.bool; + type = lib.types.bool; }; - trustedCaFile = mkOption { + trustedCaFile = lib.mkOption { description = "Certificate authority file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - certFile = mkOption { + certFile = lib.mkOption { description = "Cert file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - keyFile = mkOption { + keyFile = lib.mkOption { description = "Key file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open etcd ports in the firewall. @@ -110,41 +107,41 @@ in { ''; }; - peerCertFile = mkOption { + peerCertFile = lib.mkOption { description = "Cert file to use for peer to peer communication"; default = cfg.certFile; - defaultText = literalExpression "config.${opt.certFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.certFile}"; + type = lib.types.nullOr lib.types.path; }; - peerKeyFile = mkOption { + peerKeyFile = lib.mkOption { description = "Key file to use for peer to peer communication"; default = cfg.keyFile; - defaultText = literalExpression "config.${opt.keyFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.keyFile}"; + type = lib.types.nullOr lib.types.path; }; - peerTrustedCaFile = mkOption { + peerTrustedCaFile = lib.mkOption { description = "Certificate authority file to use for peer to peer communication"; default = cfg.trustedCaFile; - defaultText = literalExpression "config.${opt.trustedCaFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.trustedCaFile}"; + type = lib.types.nullOr lib.types.path; }; - peerClientCertAuth = mkOption { + peerClientCertAuth = lib.mkOption { description = "Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA"; default = false; - type = types.bool; + type = lib.types.bool; }; - extraConf = mkOption { + extraConf = lib.mkOption { description = '' Etcd extra configuration. See ''; - type = types.attrsOf types.str; + type = lib.types.attrsOf lib.types.str; default = {}; - example = literalExpression '' + example = lib.literalExpression '' { "CORS" = "*"; "NAME" = "default-name"; @@ -155,14 +152,14 @@ in { ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/etcd"; description = "Etcd data directory."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.tmpfiles.settings."10-etcd".${cfg.dataDir}.d = { user = "etcd"; mode = "0700"; @@ -176,14 +173,14 @@ in { wants = [ "network-online.target" ] ++ lib.optional config.networking.firewall.enable "firewall.service"; - environment = (filterAttrs (n: v: v != null) { + environment = (lib.filterAttrs (n: v: v != null) { ETCD_NAME = cfg.name; ETCD_DISCOVERY = cfg.discovery; ETCD_DATA_DIR = cfg.dataDir; - ETCD_ADVERTISE_CLIENT_URLS = concatStringsSep "," cfg.advertiseClientUrls; - ETCD_LISTEN_CLIENT_URLS = concatStringsSep "," cfg.listenClientUrls; - ETCD_LISTEN_PEER_URLS = concatStringsSep "," cfg.listenPeerUrls; - ETCD_INITIAL_ADVERTISE_PEER_URLS = concatStringsSep "," cfg.initialAdvertisePeerUrls; + ETCD_ADVERTISE_CLIENT_URLS = lib.concatStringsSep "," cfg.advertiseClientUrls; + ETCD_LISTEN_CLIENT_URLS = lib.concatStringsSep "," cfg.listenClientUrls; + ETCD_LISTEN_PEER_URLS = lib.concatStringsSep "," cfg.listenPeerUrls; + ETCD_INITIAL_ADVERTISE_PEER_URLS = lib.concatStringsSep "," cfg.initialAdvertisePeerUrls; ETCD_PEER_CLIENT_CERT_AUTH = toString cfg.peerClientCertAuth; ETCD_PEER_TRUSTED_CA_FILE = cfg.peerTrustedCaFile; ETCD_PEER_CERT_FILE = cfg.peerCertFile; @@ -192,11 +189,11 @@ in { ETCD_TRUSTED_CA_FILE = cfg.trustedCaFile; ETCD_CERT_FILE = cfg.certFile; ETCD_KEY_FILE = cfg.keyFile; - }) // (optionalAttrs (cfg.discovery == ""){ - ETCD_INITIAL_CLUSTER = concatStringsSep "," cfg.initialCluster; + }) // (lib.optionalAttrs (cfg.discovery == ""){ + ETCD_INITIAL_CLUSTER = lib.concatStringsSep "," cfg.initialCluster; ETCD_INITIAL_CLUSTER_STATE = cfg.initialClusterState; ETCD_INITIAL_CLUSTER_TOKEN = cfg.initialClusterToken; - }) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf); + }) // (lib.mapAttrs' (n: v: lib.nameValuePair "ETCD_${n}" v) cfg.extraConf); unitConfig = { Documentation = "https://github.com/coreos/etcd"; diff --git a/nixos/modules/services/desktops/accountsservice.nix b/nixos/modules/services/desktops/accountsservice.nix index ae2ecb5ffeb71e2..4c407ca3828a20a 100644 --- a/nixos/modules/services/desktops/accountsservice.nix +++ b/nixos/modules/services/desktops/accountsservice.nix @@ -1,23 +1,17 @@ # AccountsService daemon. - { config, lib, pkgs, ... }: - -with lib; - { - meta = { - maintainers = teams.freedesktop.members; + maintainers = lib.teams.freedesktop.members; }; ###### interface - options = { services.accounts-daemon = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable AccountsService, a DBus service for accessing @@ -29,10 +23,8 @@ with lib; }; - ###### implementation - - config = mkIf config.services.accounts-daemon.enable { + config = lib.mkIf config.services.accounts-daemon.enable { environment.systemPackages = [ pkgs.accountsservice ]; @@ -43,14 +35,14 @@ with lib; systemd.packages = [ pkgs.accountsservice ]; - systemd.services.accounts-daemon = recursiveUpdate { + systemd.services.accounts-daemon = lib.recursiveUpdate { wantedBy = [ "graphical.target" ]; # Accounts daemon looks for dbus interfaces in $XDG_DATA_DIRS/accountsservice environment.XDG_DATA_DIRS = "${config.system.path}/share"; - } (optionalAttrs (!config.users.mutableUsers) { + } (lib.optionalAttrs (!config.users.mutableUsers) { environment.NIXOS_USERS_PURE = "true"; }); }; diff --git a/nixos/modules/services/desktops/bamf.nix b/nixos/modules/services/desktops/bamf.nix index 13de3a44328f4e2..d9c46e94d9e0413 100644 --- a/nixos/modules/services/desktops/bamf.nix +++ b/nixos/modules/services/desktops/bamf.nix @@ -1,25 +1,21 @@ # Bamf - { config, lib, pkgs, ... }: - -with lib; - { meta = with lib; { - maintainers = with maintainers; [ ] ++ teams.pantheon.members; + maintainers = with lib.maintainers; [ ] ++ lib.teams.pantheon.members; }; ###### interface options = { services.bamf = { - enable = mkEnableOption "bamf"; + enable = lib.mkEnableOption "bamf"; }; }; ###### implementation - config = mkIf config.services.bamf.enable { + config = lib.mkIf config.services.bamf.enable { services.dbus.packages = [ pkgs.bamf ]; systemd.packages = [ pkgs.bamf ]; diff --git a/nixos/modules/system/boot/clevis.nix b/nixos/modules/system/boot/clevis.nix index ac881e953576710..36328f19e7c6528 100644 --- a/nixos/modules/system/boot/clevis.nix +++ b/nixos/modules/system/boot/clevis.nix @@ -1,54 +1,51 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.boot.initrd.clevis; systemd = config.boot.initrd.systemd; supportedFs = [ "zfs" "bcachefs" ]; in { - meta.maintainers = with maintainers; [ julienmalka camillemndn ]; + meta.maintainers = with lib.maintainers; [ julienmalka camillemndn ]; meta.doc = ./clevis.md; options = { - boot.initrd.clevis.enable = mkEnableOption "Clevis in initrd"; + boot.initrd.clevis.enable = lib.mkEnableOption "Clevis in initrd"; - boot.initrd.clevis.package = mkOption { - type = types.package; + boot.initrd.clevis.package = lib.mkOption { + type = lib.types.package; default = pkgs.clevis; defaultText = "pkgs.clevis"; description = "Clevis package"; }; - boot.initrd.clevis.devices = mkOption { + boot.initrd.clevis.devices = lib.mkOption { description = "Encrypted devices that need to be unlocked at boot using Clevis"; default = { }; - type = types.attrsOf (types.submodule ({ - options.secretFile = mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ + options.secretFile = lib.mkOption { description = "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS)."; - type = types.path; + type = lib.types.path; }; })); }; - boot.initrd.clevis.useTang = mkOption { + boot.initrd.clevis.useTang = lib.mkOption { description = "Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin."; default = false; - type = types.bool; + type = lib.types.bool; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Implementation of clevis unlocking for the supported filesystems are located directly in the respective modules. - assertions = (attrValues (mapAttrs + assertions = (lib.attrValues (lib.mapAttrs (device: _: { - assertion = (any (fs: fs.device == device && (elem fs.fsType supportedFs) || (fs.fsType == "zfs" && hasPrefix "${device}/" fs.device)) config.system.build.fileSystems) || (hasAttr device config.boot.initrd.luks.devices); + assertion = (lib.any (fs: fs.device == device && (lib.elem fs.fsType supportedFs) || (fs.fsType == "zfs" && lib.hasPrefix "${device}/" fs.device)) config.system.build.fileSystems) || (lib.hasAttr device config.boot.initrd.luks.devices); message = '' No filesystem or LUKS device with the name ${device} is declared in your configuration.''; }) @@ -61,7 +58,7 @@ in else [ ]; boot.initrd = { - extraUtilsCommands = mkIf (!systemd.enable) '' + extraUtilsCommands = lib.mkIf (!systemd.enable) '' copy_bin_and_libs ${pkgs.jose}/bin/jose copy_bin_and_libs ${pkgs.curl}/bin/curl copy_bin_and_libs ${pkgs.bash}/bin/bash @@ -84,15 +81,15 @@ in sed -i $out/bin/clevis-decrypt-tpm2 -e 's,tpm2_,tpm2 ,' ''; - secrets = lib.mapAttrs' (name: value: nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices; + secrets = lib.mapAttrs' (name: value: lib.nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices; systemd = { - extraBin = mkIf systemd.enable { + extraBin = lib.mkIf systemd.enable { clevis = "${cfg.package}/bin/clevis"; curl = "${pkgs.curl}/bin/curl"; }; - storePaths = mkIf systemd.enable [ + storePaths = lib.mkIf systemd.enable [ cfg.package "${pkgs.jose}/bin/jose" "${pkgs.curl}/bin/curl" diff --git a/nixos/modules/system/boot/emergency-mode.nix b/nixos/modules/system/boot/emergency-mode.nix index 717ab08f2534d2a..11195dc13d102a5 100644 --- a/nixos/modules/system/boot/emergency-mode.nix +++ b/nixos/modules/system/boot/emergency-mode.nix @@ -1,16 +1,13 @@ { config, lib, ... }: - -with lib; - { ###### interface options = { - systemd.enableEmergencyMode = mkOption { + systemd.enableEmergencyMode = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable emergency mode, which is an {command}`sulogin` shell started on the console if @@ -27,7 +24,7 @@ with lib; config = { - systemd.additionalUpstreamSystemUnits = optionals + systemd.additionalUpstreamSystemUnits = lib.optionals config.systemd.enableEmergencyMode [ "emergency.target" "emergency.service" ]; diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix index 6043c904c4504ae..2725d3678d52360 100644 --- a/nixos/modules/system/boot/loader/efi.nix +++ b/nixos/modules/system/boot/loader/efi.nix @@ -1,19 +1,16 @@ { lib, ... }: - -with lib; - { options.boot.loader.efi = { - canTouchEfiVariables = mkOption { + canTouchEfiVariables = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether the installation process is allowed to modify EFI boot variables."; }; - efiSysMountPoint = mkOption { + efiSysMountPoint = lib.mkOption { default = "/boot"; - type = types.str; + type = lib.types.str; description = "Where the EFI System Partition is mounted."; }; }; diff --git a/nixos/modules/system/boot/tmp.nix b/nixos/modules/system/boot/tmp.nix index 150f4adaf3ee6e7..a009e74515669d4 100644 --- a/nixos/modules/system/boot/tmp.nix +++ b/nixos/modules/system/boot/tmp.nix @@ -1,29 +1,26 @@ { config, lib, ... }: - -with lib; - let cfg = config.boot.tmp; in { imports = [ - (mkRenamedOptionModule [ "boot" "cleanTmpDir" ] [ "boot" "tmp" "cleanOnBoot" ]) - (mkRenamedOptionModule [ "boot" "tmpOnTmpfs" ] [ "boot" "tmp" "useTmpfs" ]) - (mkRenamedOptionModule [ "boot" "tmpOnTmpfsSize" ] [ "boot" "tmp" "tmpfsSize" ]) + (lib.mkRenamedOptionModule [ "boot" "cleanTmpDir" ] [ "boot" "tmp" "cleanOnBoot" ]) + (lib.mkRenamedOptionModule [ "boot" "tmpOnTmpfs" ] [ "boot" "tmp" "useTmpfs" ]) + (lib.mkRenamedOptionModule [ "boot" "tmpOnTmpfsSize" ] [ "boot" "tmp" "tmpfsSize" ]) ]; options = { boot.tmp = { - cleanOnBoot = mkOption { - type = types.bool; + cleanOnBoot = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to delete all files in {file}`/tmp` during boot. ''; }; - tmpfsSize = mkOption { - type = types.oneOf [ types.str types.types.ints.positive ]; + tmpfsSize = lib.mkOption { + type = lib.types.oneOf [ lib.types.str lib.types.types.ints.positive ]; default = "50%"; description = '' Size of tmpfs in percentage. @@ -31,8 +28,8 @@ in ''; }; - useTmpfs = mkOption { - type = types.bool; + useTmpfs = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to mount a tmpfs on {file}`/tmp` during boot. @@ -48,12 +45,12 @@ in config = { # When changing remember to update /tmp mount in virtualisation/qemu-vm.nix - systemd.mounts = mkIf cfg.useTmpfs [ + systemd.mounts = lib.mkIf cfg.useTmpfs [ { what = "tmpfs"; where = "/tmp"; type = "tmpfs"; - mountConfig.Options = concatStringsSep "," [ + mountConfig.Options = lib.concatStringsSep "," [ "mode=1777" "strictatime" "rw" @@ -64,6 +61,6 @@ in } ]; - systemd.tmpfiles.rules = optional cfg.cleanOnBoot "D! /tmp 1777 root root"; + systemd.tmpfiles.rules = lib.optional cfg.cleanOnBoot "D! /tmp 1777 root root"; }; } diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix index 765f10d33bfe855..a81bec27bce2b01 100644 --- a/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixos/modules/tasks/filesystems/nfs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inInitrd = config.boot.initrd.supportedFilesystems.nfs or false; @@ -16,15 +13,15 @@ let # merge parameters from services.nfs.server nfsConfSettings = - optionalAttrs (cfg.server.nproc != null) { + lib.optionalAttrs (cfg.server.nproc != null) { nfsd.threads = cfg.server.nproc; - } // optionalAttrs (cfg.server.hostName != null) { + } // lib.optionalAttrs (cfg.server.hostName != null) { nfsd.host= cfg.hostName; - } // optionalAttrs (cfg.server.mountdPort != null) { + } // lib.optionalAttrs (cfg.server.mountdPort != null) { mountd.port = cfg.server.mountdPort; - } // optionalAttrs (cfg.server.statdPort != null) { + } // lib.optionalAttrs (cfg.server.statdPort != null) { statd.port = cfg.server.statdPort; - } // optionalAttrs (cfg.server.lockdPort != null) { + } // lib.optionalAttrs (cfg.server.lockdPort != null) { lockd.port = cfg.server.lockdPort; lockd.udp-port = cfg.server.lockdPort; }; @@ -32,17 +29,17 @@ let nfsConfDeprecated = cfg.extraConfig + '' [nfsd] threads=${toString cfg.server.nproc} - ${optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} + ${lib.optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} ${cfg.server.extraNfsdConfig} [mountd] - ${optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} + ${lib.optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} [statd] - ${optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} + ${lib.optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} [lockd] - ${optionalString (cfg.server.lockdPort != null) '' + ${lib.optionalString (cfg.server.lockdPort != null) '' port=${toString cfg.server.lockdPort} udp-port=${toString cfg.server.lockdPort} ''} @@ -50,7 +47,7 @@ let nfsConfFile = if cfg.settings != {} - then format.generate "nfs.conf" (recursiveUpdate nfsConfSettings cfg.settings) + then format.generate "nfs.conf" (lib.recursiveUpdate nfsConfSettings cfg.settings) else pkgs.writeText "nfs.conf" nfsConfDeprecated; requestKeyConfFile = pkgs.writeText "request-key.conf" '' @@ -66,7 +63,7 @@ in options = { services.nfs = { - idmapd.settings = mkOption { + idmapd.settings = lib.mkOption { type = format.type; default = {}; description = '' @@ -74,7 +71,7 @@ in for details. ''; - example = literalExpression '' + example = lib.literalExpression '' { Translation = { GSS-Methods = "static,nsswitch"; @@ -85,21 +82,21 @@ in } ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = {}; description = '' General configuration for NFS daemons and tools. See nfs.conf(5) and related man pages for details. ''; - example = literalExpression '' + example = lib.literalExpression '' { mountd.manage-gids = true; } ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra nfs-utils configuration. @@ -110,12 +107,12 @@ in ###### implementation - config = mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { + config = lib.mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { warnings = - (optional (cfg.extraConfig != "") '' + (lib.optional (cfg.extraConfig != "") '' `services.nfs.extraConfig` is deprecated. Use `services.nfs.settings` instead. - '') ++ (optional (cfg.server.extraNfsdConfig != "") '' + '') ++ (lib.optional (cfg.server.extraNfsdConfig != "") '' `services.nfs.server.extraNfsdConfig` is deprecated. Use `services.nfs.settings` instead. ''); assertions = [{ @@ -126,9 +123,9 @@ in services.rpcbind.enable = true; services.nfs.idmapd.settings = { - General = mkMerge [ + General = lib.mkMerge [ { Pipefs-Directory = rpcMountpoint; } - (mkIf (config.networking.domain != null) { Domain = config.networking.domain; }) + (lib.mkIf (config.networking.domain != null) { Domain = config.networking.domain; }) ]; Mapping = { Nobody-User = "nobody"; @@ -141,7 +138,7 @@ in system.fsPackages = [ pkgs.nfs-utils ]; - boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ]; + boot.initrd.kernelModules = lib.mkIf inInitrd [ "nfs" ]; systemd.packages = [ pkgs.nfs-utils ]; @@ -167,12 +164,12 @@ in systemd.services.nfs-mountd = { restartTriggers = [ nfsConfFile ]; - enable = mkDefault false; + enable = lib.mkDefault false; }; systemd.services.nfs-server = { restartTriggers = [ nfsConfFile ]; - enable = mkDefault false; + enable = lib.mkDefault false; }; systemd.services.auth-rpcgss-module = diff --git a/nixos/modules/virtualisation/docker-rootless.nix b/nixos/modules/virtualisation/docker-rootless.nix index bad9136afd29816..15b9f16eefefcb7 100644 --- a/nixos/modules/virtualisation/docker-rootless.nix +++ b/nixos/modules/virtualisation/docker-rootless.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.docker.rootless; @@ -15,8 +12,8 @@ in ###### interface options.virtualisation.docker.rootless = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option enables docker in a rootless mode, a daemon that manages @@ -25,8 +22,8 @@ in ''; }; - setSocketVariable = mkOption { - type = types.bool; + setSocketVariable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Point {command}`DOCKER_HOST` to rootless Docker instance for @@ -34,7 +31,7 @@ in ''; }; - daemon.settings = mkOption { + daemon.settings = lib.mkOption { type = settingsFormat.type; default = { }; example = { @@ -47,15 +44,15 @@ in ''; }; - package = mkPackageOption pkgs "docker" { }; + package = lib.mkPackageOption pkgs "docker" { }; }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - environment.extraInit = optionalString cfg.setSocketVariable '' + environment.extraInit = lib.optionalString cfg.setSocketVariable '' if [ -z "$DOCKER_HOST" -a -n "$XDG_RUNTIME_DIR" ]; then export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" fi diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index b4933cffa2c0cc0..31222d553a345c4 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -1,9 +1,5 @@ # Module for VirtualBox guests. - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.virtualbox.guest; kernel = config.boot.kernelPackages; @@ -32,38 +28,38 @@ let in { imports = [ - (mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ]) + (lib.mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ]) ]; options.virtualisation.virtualbox.guest = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether to enable the VirtualBox service and other guest additions."; }; - clipboard = mkOption { + clipboard = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable clipboard support."; }; - seamless = mkOption { + seamless = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable seamless mode. When activated windows from the guest appear next to the windows of the host."; }; - dragAndDrop = mkOption { + dragAndDrop = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable drag and drop support."; }; }; ###### implementation - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { assertions = [{ assertion = pkgs.stdenv.hostPlatform.isx86; @@ -104,17 +100,17 @@ in systemd.user.services.virtualboxClientVmsvga = mkVirtualBoxUserService "--vmsvga-session"; } ( - mkIf cfg.clipboard { + lib.mkIf cfg.clipboard { systemd.user.services.virtualboxClientClipboard = mkVirtualBoxUserService "--clipboard"; } ) ( - mkIf cfg.seamless { + lib.mkIf cfg.seamless { systemd.user.services.virtualboxClientSeamless = mkVirtualBoxUserService "--seamless"; } ) ( - mkIf cfg.dragAndDrop { + lib.mkIf cfg.dragAndDrop { systemd.user.services.virtualboxClientDragAndDrop = mkVirtualBoxUserService "--draganddrop"; } ) diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index 4808652a542ad72..8820b4ff5a83766 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.virtualbox.host; @@ -18,7 +15,7 @@ in { options.virtualisation.virtualbox.host = { - enable = mkEnableOption "VirtualBox" // { + enable = lib.mkEnableOption "VirtualBox" // { description = '' Whether to enable VirtualBox. @@ -29,7 +26,7 @@ in ''; }; - enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { + enableExtensionPack = lib.mkEnableOption "VirtualBox extension pack" // { description = '' Whether to install the Oracle Extension Pack for VirtualBox. @@ -40,18 +37,18 @@ in ''; }; - package = mkPackageOption pkgs "virtualbox" { }; + package = lib.mkPackageOption pkgs "virtualbox" { }; - addNetworkInterface = mkOption { - type = types.bool; + addNetworkInterface = lib.mkOption { + type = lib.types.bool; default = true; description = '' Automatically set up a vboxnet0 host-only network interface. ''; }; - enableHardening = mkOption { - type = types.bool; + enableHardening = lib.mkOption { + type = lib.types.bool; default = true; description = '' Enable hardened VirtualBox, which ensures that only the binaries in the @@ -65,8 +62,8 @@ in ''; }; - headless = mkOption { - type = types.bool; + headless = lib.mkOption { + type = lib.types.bool; default = false; description = '' Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers @@ -74,16 +71,16 @@ in ''; }; - enableWebService = mkOption { - type = types.bool; + enableWebService = lib.mkOption { + type = lib.types.bool; default = false; description = '' Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers. ''; }; - enableKvm = mkOption { - type = types.bool; + enableKvm = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable KVM support for VirtualBox. This increases compatibility with Linux kernel versions, because the VirtualBox kernel modules @@ -96,8 +93,8 @@ in }; }; - config = mkIf cfg.enable (mkMerge [{ - warnings = mkIf (pkgs.config.virtualbox.enableExtensionPack or false) + config = lib.mkIf cfg.enable (lib.mkMerge [{ + warnings = lib.mkIf (pkgs.config.virtualbox.enableExtensionPack or false) ["'nixpkgs.virtualbox.enableExtensionPack' has no effect, please use 'virtualisation.virtualbox.host.enableExtensionPack'"]; environment.systemPackages = [ virtualbox ]; @@ -118,7 +115,7 @@ in "VBoxSDL" "VirtualBoxVM" ]); - in mkIf cfg.enableHardening + in lib.mkIf cfg.enableHardening (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables)); users.groups.vboxusers.gid = config.ids.gids.vboxusers; @@ -130,14 +127,14 @@ in SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" ''; - } (mkIf cfg.enableKvm { + } (lib.mkIf cfg.enableKvm { assertions = [ { assertion = !cfg.addNetworkInterface; message = "VirtualBox KVM only supports standard NAT networking for VMs. Please turn off virtualisation.virtualbox.host.addNetworkInterface."; } ]; - }) (mkIf (!cfg.enableKvm) { + }) (lib.mkIf (!cfg.enableKvm) { boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ]; boot.extraModulePackages = [ kernelModules ]; @@ -149,7 +146,7 @@ in ''; # Since we lack the right setuid/setcap binaries, set up a host-only network by default. - }) (mkIf cfg.addNetworkInterface { + }) (lib.mkIf cfg.addNetworkInterface { systemd.services.vboxnet0 = { description = "VirtualBox vboxnet0 Interface"; requires = [ "dev-vboxnetctl.device" ]; @@ -177,7 +174,7 @@ in # Make sure NetworkManager won't assume this interface being up # means we have internet access. networking.networkmanager.unmanaged = ["vboxnet0"]; - }) (mkIf config.networking.useNetworkd { + }) (lib.mkIf config.networking.useNetworkd { systemd.network.networks."40-vboxnet0".extraConfig = '' [Link] RequiredForOnline=no diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 1c8b9b99c01ca4a..4ab5d17ecd4956c 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualbox; @@ -10,51 +7,51 @@ in { options = { virtualbox = { - baseImageSize = mkOption { - type = with types; either (enum [ "auto" ]) int; + baseImageSize = lib.mkOption { + type = with lib.types; either (enum [ "auto" ]) int; default = "auto"; example = 50 * 1024; description = '' The size of the VirtualBox base image in MiB. ''; }; - baseImageFreeSpace = mkOption { - type = with types; int; + baseImageFreeSpace = lib.mkOption { + type = with lib.types; int; default = 30 * 1024; description = '' Free space in the VirtualBox base image in MiB. ''; }; - memorySize = mkOption { - type = types.int; + memorySize = lib.mkOption { + type = lib.types.int; default = 1536; description = '' The amount of RAM the VirtualBox appliance can use in MiB. ''; }; - vmDerivationName = mkOption { - type = types.str; + vmDerivationName = lib.mkOption { + type = lib.types.str; default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; description = '' The name of the derivation for the VirtualBox appliance. ''; }; - vmName = mkOption { - type = types.str; + vmName = lib.mkOption { + type = lib.types.str; default = "${config.system.nixos.distroName} ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})"; description = '' The name of the VirtualBox appliance. ''; }; - vmFileName = mkOption { - type = types.str; + vmFileName = lib.mkOption { + type = lib.types.str; default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.ova"; description = '' The file name of the VirtualBox appliance. ''; }; - params = mkOption { - type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + params = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool (listOf str) ]); example = { audio = "alsa"; rtcuseutc = "on"; @@ -66,8 +63,8 @@ in { Run `VBoxManage modifyvm --help` to see more options. ''; }; - exportParams = mkOption { - type = with types; listOf (oneOf [ str int bool (listOf str) ]); + exportParams = lib.mkOption { + type = with lib.types; listOf (oneOf [ str int bool (listOf str) ]); example = [ "--vsys" "0" "--vendor" "ACME Inc." ]; @@ -78,7 +75,7 @@ in { Run `VBoxManage export --help` to see more options. ''; }; - extraDisk = mkOption { + extraDisk = lib.mkOption { description = '' Optional extra disk/hdd configuration. The disk will be an 'ext4' partition on a separate file. @@ -89,26 +86,26 @@ in { mountPoint = "/home/demo/storage"; size = 100 * 1024; }; - type = types.nullOr (types.submodule { + type = lib.types.nullOr (lib.types.submodule { options = { - size = mkOption { - type = types.int; + size = lib.mkOption { + type = lib.types.int; description = "Size in MiB"; }; - label = mkOption { - type = types.str; + label = lib.mkOption { + type = lib.types.str; default = "vm-extra-storage"; description = "Label for the disk partition"; }; - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; description = "Path where to mount this disk."; }; }; }); }; - postExportCommands = mkOption { - type = types.lines; + postExportCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = '' ${pkgs.cot}/bin/cot edit-hardware "$fn" \ @@ -124,8 +121,8 @@ in { Extra commands to run after exporting the OVA to `$fn`. ''; }; - storageController = mkOption { - type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + storageController = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool (listOf str) ]); example = { name = "SCSI"; add = "scsi"; @@ -152,8 +149,8 @@ in { config = { - virtualbox.params = mkMerge [ - (mapAttrs (name: mkDefault) { + virtualbox.params = lib.mkMerge [ + (lib.mapAttrs (name: lib.mkDefault) { acpi = "on"; vram = 32; nictype1 = "virtio"; @@ -167,7 +164,7 @@ in { usbehci = "on"; mouse = "usbtablet"; }) - (mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) + (lib.mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) ]; system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix { @@ -186,7 +183,7 @@ in { echo "converting image to VirtualBox format..." VBoxManage convertfromraw $diskImage disk.vdi - ${optionalString (cfg.extraDisk != null) '' + ${lib.optionalString (cfg.extraDisk != null) '' echo "creating extra disk: data-disk.raw" dataDiskImage=data-disk.raw truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage @@ -210,7 +207,7 @@ in { VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController} VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \ --medium disk.vdi - ${optionalString (cfg.extraDisk != null) '' + ${lib.optionalString (cfg.extraDisk != null) '' VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \ --medium data-disk.vdi ''} @@ -218,7 +215,7 @@ in { echo "exporting VirtualBox VM..." mkdir -p $out fn="$out/${cfg.vmFileName}" - VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams} + VBoxManage export "$vmName" --output "$fn" --options manifest ${lib.escapeShellArgs cfg.exportParams} ${cfg.postExportCommands} rm -v $diskImage diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix index 9bd8f41096438d5..554d68da2ebe2e5 100644 --- a/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.vmware.guest; open-vm-tools = if cfg.headless then pkgs.open-vm-tools-headless else pkgs.open-vm-tools; @@ -9,20 +6,20 @@ let in { imports = [ - (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) + (lib.mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) ]; options.virtualisation.vmware.guest = { - enable = mkEnableOption "VMWare Guest Support"; - headless = mkOption { - type = types.bool; + enable = lib.mkEnableOption "VMWare Guest Support"; + headless = lib.mkOption { + type = lib.types.bool; default = !config.services.xserver.enable; defaultText = "!config.services.xserver.enable"; description = "Whether to disable X11-related features."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64; message = "VMWare guest is not currently supported on ${pkgs.stdenv.hostPlatform.system}"; @@ -42,7 +39,7 @@ in }; # Mount the vmblock for drag-and-drop and copy-and-paste. - systemd.mounts = mkIf (!cfg.headless) [ + systemd.mounts = lib.mkIf (!cfg.headless) [ { description = "VMware vmblock fuse mount"; documentation = [ "https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/vmblock-fuse/design.txt" ]; @@ -55,7 +52,7 @@ in } ]; - security.wrappers.vmware-user-suid-wrapper = mkIf (!cfg.headless) { + security.wrappers.vmware-user-suid-wrapper = lib.mkIf (!cfg.headless) { setuid = true; owner = "root"; group = "root"; @@ -64,7 +61,7 @@ in environment.etc.vmware-tools.source = "${open-vm-tools}/etc/vmware-tools/*"; - services.xserver = mkIf (!cfg.headless) { + services.xserver = lib.mkIf (!cfg.headless) { modules = [ xf86inputvmmouse ]; config = '' diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index 2fb8c6cd456649d..ab97ecc501aef28 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -1,17 +1,13 @@ # Xen hypervisor (Dom0) support. - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.xen; in { imports = [ - (mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.") - (mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ]) + (lib.mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option lib.anymore, it will work without it.") + (lib.mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ]) ]; ###### interface @@ -19,9 +15,9 @@ in options = { virtualisation.xen.enable = - mkOption { + lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Setting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual @@ -32,20 +28,20 @@ in ''; }; - virtualisation.xen.package = mkOption { - type = types.package; - defaultText = literalExpression "pkgs.xen"; - example = literalExpression "pkgs.xen-light"; + virtualisation.xen.package = lib.mkOption { + type = lib.types.package; + defaultText = lib.literalExpression "pkgs.xen"; + example = lib.literalExpression "pkgs.xen-light"; description = '' The package used for Xen binary. ''; relatedPackages = [ "xen" "xen-light" ]; }; - virtualisation.xen.package-qemu = mkOption { - type = types.package; - defaultText = literalExpression "pkgs.xen"; - example = literalExpression "pkgs.qemu_xen-light"; + virtualisation.xen.package-qemu = lib.mkOption { + type = lib.types.package; + defaultText = lib.literalExpression "pkgs.xen"; + example = lib.literalExpression "pkgs.qemu_xen-light"; description = '' The package with qemu binaries for dom0 qemu and xendomains. ''; @@ -55,9 +51,9 @@ in }; virtualisation.xen.bootParams = - mkOption { + lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Parameters passed to the Xen hypervisor at boot time. @@ -65,10 +61,10 @@ in }; virtualisation.xen.domain0MemorySize = - mkOption { + lib.mkOption { default = 0; example = 512; - type = types.addCheck types.int (n: n >= 0); + type = lib.types.addCheck lib.types.int (n: n >= 0); description = '' Amount of memory (in MiB) allocated to Domain 0 on boot. @@ -77,24 +73,24 @@ in }; virtualisation.xen.bridge = { - name = mkOption { + name = lib.mkOption { default = "xenbr0"; - type = types.str; + type = lib.types.str; description = '' Name of bridge the Xen domUs connect to. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "172.16.0.1"; description = '' IPv4 address of the bridge. ''; }; - prefixLength = mkOption { - type = types.addCheck types.int (n: n >= 0 && n <= 32); + prefixLength = lib.mkOption { + type = lib.types.addCheck lib.types.int (n: n >= 0 && n <= 32); default = 16; description = '' Subnet mask of the bridge interface, specified as the number of @@ -104,8 +100,8 @@ in ''; }; - forwardDns = mkOption { - type = types.bool; + forwardDns = lib.mkOption { + type = lib.types.bool; default = false; description = '' If set to `true`, the DNS queries from the @@ -117,8 +113,8 @@ in }; virtualisation.xen.stored = - mkOption { - type = types.path; + lib.mkOption { + type = lib.types.path; description = '' Xen Store daemon to use. Defaults to oxenstored of the xen package. @@ -126,8 +122,8 @@ in }; virtualisation.xen.domains = { - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' @@ -138,14 +134,14 @@ in }; }; - virtualisation.xen.trace = mkEnableOption "Xen tracing"; + virtualisation.xen.trace = lib.mkEnableOption "Xen tracing"; }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.isx86_64; message = "Xen currently not supported on ${pkgs.stdenv.hostPlatform.system}"; @@ -154,9 +150,9 @@ in message = "Xen currently does not support EFI boot"; } ]; - virtualisation.xen.package = mkDefault pkgs.xen; - virtualisation.xen.package-qemu = mkDefault pkgs.xen; - virtualisation.xen.stored = mkDefault "${cfg.package}/bin/oxenstored"; + virtualisation.xen.package = lib.mkDefault pkgs.xen; + virtualisation.xen.package-qemu = lib.mkDefault pkgs.xen; + virtualisation.xen.stored = lib.mkDefault "${cfg.package}/bin/oxenstored"; environment.systemPackages = [ cfg.package ]; @@ -186,8 +182,8 @@ in ''; virtualisation.xen.bootParams = [] ++ - optionals cfg.trace [ "loglvl=all" "guest_loglvl=all" ] ++ - optional (cfg.domain0MemorySize != 0) "dom0_mem=${toString cfg.domain0MemorySize}M"; + lib.optionals cfg.trace [ "loglvl=all" "guest_loglvl=all" ] ++ + lib.optional (cfg.domain0MemorySize != 0) "dom0_mem=${toString cfg.domain0MemorySize}M"; system.extraSystemBuilderCmds = '' @@ -236,7 +232,7 @@ in ${cfg.domains.extraConfig} ''; } - // optionalAttrs (builtins.compareVersions cfg.package.version "4.10" >= 0) { + // lib.optionalAttrs (builtins.compareVersions cfg.package.version "4.10" >= 0) { # in V 4.10 oxenstored requires /etc/xen/oxenstored.conf to start "xen/oxenstored.conf".source = "${cfg.package}/etc/xen/oxenstored.conf"; }; @@ -262,7 +258,7 @@ in ''; serviceConfig = if (builtins.compareVersions cfg.package.version "4.8" < 0) then { ExecStart = '' - ${cfg.stored}${optionalString cfg.trace " -T /var/log/xen/xenstored-trace.log"} --no-fork + ${cfg.stored}${lib.optionalString cfg.trace " -T /var/log/xen/xenstored-trace.log"} --no-fork ''; } else { ExecStart = '' @@ -273,7 +269,7 @@ in NotifyAccess = "all"; }; postStart = '' - ${optionalString (builtins.compareVersions cfg.package.version "4.8" < 0) '' + ${lib.optionalString (builtins.compareVersions cfg.package.version "4.8" < 0) '' time=0 timeout=30 # Wait for xenstored to actually come up, timing out after 30 seconds @@ -312,14 +308,14 @@ in requires = [ "xen-store.service" ]; preStart = '' mkdir -p /var/run/xen - ${optionalString cfg.trace "mkdir -p /var/log/xen"} + ${lib.optionalString cfg.trace "mkdir -p /var/log/xen"} grep -q control_d /proc/xen/capabilities ''; serviceConfig = { ExecStart = '' ${cfg.package}/bin/xenconsoled\ - ${optionalString ((builtins.compareVersions cfg.package.version "4.8" >= 0)) " -i"}\ - ${optionalString cfg.trace " --log=all --log-dir=/var/log/xen"} + ${lib.optionalString ((builtins.compareVersions cfg.package.version "4.8" >= 0)) " -i"}\ + ${lib.optionalString cfg.trace " --log=all --log-dir=/var/log/xen"} ''; }; }; @@ -384,7 +380,7 @@ in strict-order no-hosts bogus-priv - ${optionalString (!cfg.bridge.forwardDns) '' + ${lib.optionalString (!cfg.bridge.forwardDns) '' no-resolv no-poll auth-server=dns.xen.local,${cfg.bridge.name}