diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix index 3f92b779d60a2a9..d36c90c6254ebd2 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix @@ -1,10 +1,6 @@ # This module contains the basic configuration for building a NixOS # installation CD. - { config, lib, options, pkgs, ... }: - -with lib; - { imports = [ ./iso-image.nix @@ -32,8 +28,8 @@ with lib; # An installation media cannot tolerate a host config defined file # system layout on a fresh machine, before it has been formatted. - swapDevices = mkImageMediaOverride [ ]; - fileSystems = mkImageMediaOverride config.lib.isoFileSystems; + swapDevices = lib.mkImageMediaOverride [ ]; + fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems; boot.postBootCommands = '' for o in $( {}"; + example = lib.literalExpression "import {}"; description = '' If set, the pkgs argument to all NixOS modules is the value of this option, extended with `nixpkgs.overlays`, if @@ -145,9 +142,9 @@ in ''; }; - config = mkOption { + config = lib.mkOption { default = {}; - example = literalExpression + example = lib.literalExpression '' { allowBroken = true; allowUnfree = true; } ''; @@ -160,9 +157,9 @@ in ''; }; - overlays = mkOption { + overlays = lib.mkOption { default = []; - example = literalExpression + example = lib.literalExpression '' [ (self: super: { @@ -173,7 +170,7 @@ in }) ] ''; - type = types.listOf overlayType; + type = lib.types.listOf overlayType; description = '' List of overlays to apply to Nixpkgs. This option allows modifying the Nixpkgs package set accessed through the `pkgs` module argument. @@ -184,13 +181,13 @@ in ''; }; - hostPlatform = mkOption { - type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform + hostPlatform = lib.mkOption { + type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform example = { system = "aarch64-linux"; }; # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExpression + defaultText = lib.literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Specifies the platform where the NixOS configuration will run. @@ -201,8 +198,8 @@ in ''; }; - buildPlatform = mkOption { - type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform + buildPlatform = lib.mkOption { + type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = cfg.hostPlatform; example = { system = "x86_64-linux"; }; # Make sure that the final value has all fields for sake of other modules @@ -212,7 +209,7 @@ in in if lib.systems.equals elaborated cfg.hostPlatform then cfg.hostPlatform # make identical, so that `==` equality works; see https://github.com/NixOS/nixpkgs/issues/278001 else elaborated; - defaultText = literalExpression + defaultText = lib.literalExpression ''config.nixpkgs.hostPlatform''; description = '' Specifies the platform on which NixOS should be built. @@ -228,14 +225,14 @@ in ''; }; - localSystem = mkOption { - type = types.attrs; # TODO utilize lib.systems.parsedPlatform + localSystem = lib.mkOption { + type = lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = { inherit (cfg) system; }; example = { system = "aarch64-linux"; }; # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExpression + defaultText = lib.literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Systems with a recently generated `hardware-configuration.nix` @@ -262,8 +259,8 @@ in # TODO deprecate. "crossSystem" is a nonsense identifier, because "cross" # is a relation between at least 2 systems in the context of a # specific build step, not a single system. - crossSystem = mkOption { - type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform + crossSystem = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = null; example = { system = "aarch64-linux"; }; description = '' @@ -283,8 +280,8 @@ in ''; }; - system = mkOption { - type = types.str; + system = lib.mkOption { + type = lib.types.str; example = "i686-linux"; default = if opt.hostPlatform.isDefined @@ -372,12 +369,12 @@ in { assertion = constructedByMe -> hasPlatform -> legacyOptionsDefined == []; message = '' - Your system configures nixpkgs with the platform parameter${optionalString hasBuildPlatform "s"}: + Your system configures nixpkgs with the platform parameter${lib.optionalString hasBuildPlatform "s"}: ${hostPlatformLine }${buildPlatformLine } However, it also defines the legacy options: - ${concatMapStrings showOptionWithDefLocs legacyOptionsDefined} + ${lib.concatMapStrings lib.showOptionWithDefLocs legacyOptionsDefined} For a future proof system configuration, we recommend to remove the legacy definitions. ''; diff --git a/nixos/modules/misc/wordlist.nix b/nixos/modules/misc/wordlist.nix index 988b522d7431407..67c83ff2baaae02 100644 --- a/nixos/modules/misc/wordlist.nix +++ b/nixos/modules/misc/wordlist.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let concatAndSort = name: files: pkgs.runCommand name {} '' awk 1 ${lib.escapeShellArgs files} | sed '{ /^\s*$/d; s/^\s\+//; s/\s\+$// }' | sort | uniq > $out @@ -8,16 +7,16 @@ in { options = { environment.wordlist = { - enable = mkEnableOption "environment variables for lists of words"; + enable = lib.mkEnableOption "environment variables for lists of words"; - lists = mkOption { - type = types.attrsOf (types.nonEmptyListOf types.path); + lists = lib.mkOption { + type = lib.types.attrsOf (lib.types.nonEmptyListOf lib.types.path); default = { WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ]; }; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' { WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ]; } @@ -34,7 +33,7 @@ in task. ''; - example = literalExpression '' + example = lib.literalExpression '' { WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ]; AUGMENTED_WORDLIST = [ @@ -50,7 +49,7 @@ in }; }; - config = mkIf config.environment.wordlist.enable { + config = lib.mkIf config.environment.wordlist.enable { environment.variables = lib.mapAttrs (name: value: "${concatAndSort "wordlist-${name}" value}") diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index 5e13b4caddd8675..d3ffefe46fc6fc9 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -1,10 +1,7 @@ { config, lib, ... }: - -with lib; - { meta = { - maintainers = [ maintainers.joachifm ]; + maintainers = [ lib.maintainers.joachifm ]; }; imports = [ @@ -12,8 +9,8 @@ with lib; ]; options = { - security.allowUserNamespaces = mkOption { - type = types.bool; + security.allowUserNamespaces = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to allow creation of user namespaces. @@ -31,8 +28,8 @@ with lib; ''; }; - security.unprivilegedUsernsClone = mkOption { - type = types.bool; + security.unprivilegedUsernsClone = lib.mkOption { + type = lib.types.bool; default = false; description = '' When disabled, unprivileged users will not be able to create new namespaces. @@ -41,16 +38,16 @@ with lib; ''; }; - security.protectKernelImage = mkOption { - type = types.bool; + security.protectKernelImage = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to prevent replacing the running kernel image. ''; }; - security.allowSimultaneousMultithreading = mkOption { - type = types.bool; + security.allowSimultaneousMultithreading = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to allow SMT/hyperthreading. Disabling SMT means that only @@ -68,8 +65,8 @@ with lib; ''; }; - security.forcePageTableIsolation = mkOption { - type = types.bool; + security.forcePageTableIsolation = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to force-enable the Page Table Isolation (PTI) Linux kernel @@ -80,8 +77,8 @@ with lib; ''; }; - security.virtualisation.flushL1DataCache = mkOption { - type = types.nullOr (types.enum [ "never" "cond" "always" ]); + security.virtualisation.flushL1DataCache = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ "never" "cond" "always" ]); default = null; description = '' Whether the hypervisor should flush the L1 data cache before @@ -100,8 +97,8 @@ with lib; }; }; - config = mkMerge [ - (mkIf (!config.security.allowUserNamespaces) { + config = lib.mkMerge [ + (lib.mkIf (!config.security.allowUserNamespaces) { # Setting the number of allowed user namespaces to 0 effectively disables # the feature at runtime. Note that root may raise the limit again # at any time. @@ -114,26 +111,26 @@ with lib; ]; }) - (mkIf config.security.unprivilegedUsernsClone { - boot.kernel.sysctl."kernel.unprivileged_userns_clone" = mkDefault true; + (lib.mkIf config.security.unprivilegedUsernsClone { + boot.kernel.sysctl."kernel.unprivileged_userns_clone" = lib.mkDefault true; }) - (mkIf config.security.protectKernelImage { + (lib.mkIf config.security.protectKernelImage { # Disable hibernation (allows replacing the running kernel) boot.kernelParams = [ "nohibernate" ]; # Prevent replacing the running kernel image w/o reboot - boot.kernel.sysctl."kernel.kexec_load_disabled" = mkDefault true; + boot.kernel.sysctl."kernel.kexec_load_disabled" = lib.mkDefault true; }) - (mkIf (!config.security.allowSimultaneousMultithreading) { + (lib.mkIf (!config.security.allowSimultaneousMultithreading) { boot.kernelParams = [ "nosmt" ]; }) - (mkIf config.security.forcePageTableIsolation { + (lib.mkIf config.security.forcePageTableIsolation { boot.kernelParams = [ "pti=on" ]; }) - (mkIf (config.security.virtualisation.flushL1DataCache != null) { + (lib.mkIf (config.security.virtualisation.flushL1DataCache != null) { boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualisation.flushL1DataCache}" ]; }) ]; diff --git a/nixos/modules/security/oath.nix b/nixos/modules/security/oath.nix index 93bdc851117ae31..acf9440b9b92c47 100644 --- a/nixos/modules/security/oath.nix +++ b/nixos/modules/security/oath.nix @@ -1,32 +1,28 @@ # This module provides configuration for the OATH PAM modules. - { lib, ... }: - -with lib; - { options = { security.pam.oath = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable the OATH (one-time password) PAM module. ''; }; - digits = mkOption { - type = types.enum [ 6 7 8 ]; + digits = lib.mkOption { + type = lib.types.enum [ 6 7 8 ]; default = 6; description = '' - Specify the length of the one-time password in number of + Specify the lib.length of the one-time password in number of digits. ''; }; - window = mkOption { - type = types.int; + window = lib.mkOption { + type = lib.types.int; default = 5; description = '' Specify the number of one-time passwords to check in order @@ -36,8 +32,8 @@ with lib; ''; }; - usersFile = mkOption { - type = types.path; + usersFile = lib.mkOption { + type = lib.types.path; default = "/etc/users.oath"; description = '' Set the path to file where the user's credentials are diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 9c430bd05e712cb..c9da556b763df3b 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.pgadmin; - _base = with types; [ int bool str ]; - base = with types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); + _base = with lib.types; [ int bool str ]; + base = with lib.types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); formatAttrset = attr: - "{${concatStringsSep "\n" (mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; + "{${lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; formatPyValue = value: if builtins.isString value then builtins.toJSON value @@ -17,98 +14,98 @@ let else if builtins.isInt value then toString value else if builtins.isBool value then (if value then "True" else "False") else if builtins.isAttrs value then (formatAttrset value) - else if builtins.isList value then "[${concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" + else if builtins.isList value then "[${lib.concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" else throw "Unrecognized type"; formatPy = attrs: - concatStringsSep "\n" (mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); + lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); - pyType = with types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); + pyType = with lib.types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); in { options.services.pgadmin = { - enable = mkEnableOption "PostgreSQL Admin 4"; + enable = lib.mkEnableOption "PostgreSQL Admin 4"; - port = mkOption { + port = lib.mkOption { description = "Port for pgadmin4 to run on"; - type = types.port; + type = lib.types.port; default = 5050; }; - package = mkPackageOption pkgs "pgadmin4" { }; + package = lib.mkPackageOption pkgs "pgadmin4" { }; - initialEmail = mkOption { + initialEmail = lib.mkOption { description = "Initial email for the pgAdmin account"; - type = types.str; + type = lib.types.str; }; - initialPasswordFile = mkOption { + initialPasswordFile = lib.mkOption { description = '' Initial password file for the pgAdmin account. Minimum length by default is 6. Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable ''; - type = types.path; + type = lib.types.path; }; - minimumPasswordLength = mkOption { + minimumPasswordLength = lib.mkOption { description = "Minimum length of the password"; - type = types.int; + type = lib.types.int; default = 6; }; emailServer = { - enable = mkOption { + enable = lib.mkOption { description = '' Enable SMTP email server. This is necessary, if you want to use password recovery or change your own password ''; - type = types.bool; + type = lib.types.bool; default = false; }; - address = mkOption { + address = lib.mkOption { description = "SMTP server for email delivery"; - type = types.str; + type = lib.types.str; default = "localhost"; }; - port = mkOption { + port = lib.mkOption { description = "SMTP server port for email delivery"; - type = types.port; + type = lib.types.port; default = 25; }; - useSSL = mkOption { + useSSL = lib.mkOption { description = "SMTP server should use SSL"; - type = types.bool; + type = lib.types.bool; default = false; }; - useTLS = mkOption { + useTLS = lib.mkOption { description = "SMTP server should use TLS"; - type = types.bool; + type = lib.types.bool; default = false; }; - username = mkOption { + username = lib.mkOption { description = "SMTP server username for email delivery"; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - sender = mkOption { + sender = lib.mkOption { description = '' SMTP server sender email for email delivery. Some servers require this to be a valid email address from that server ''; - type = types.str; + type = lib.types.str; example = "noreply@example.com"; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { description = '' Password for SMTP email account. NOTE: Should be string not a store path, to prevent the password from being world readable ''; - type = types.path; + type = lib.types.path; }; }; - openFirewall = mkEnableOption "firewall passthrough for pgadmin4"; + openFirewall = lib.mkEnableOption "firewall passthrough for pgadmin4"; - settings = mkOption { + settings = lib.mkOption { description = '' Settings for pgadmin4. [Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html) @@ -118,17 +115,17 @@ in }; }; - config = mkIf (cfg.enable) { - networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ]; + config = lib.mkIf (cfg.enable) { + networking.firewall.allowedTCPPorts = lib.mkIf (cfg.openFirewall) [ cfg.port ]; services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength; SERVER_MODE = true; UPGRADE_CHECK_ENABLED = false; - } // (optionalAttrs cfg.openFirewall { - DEFAULT_SERVER = mkDefault "::"; - }) // (optionalAttrs cfg.emailServer.enable { + } // (lib.optionalAttrs cfg.openFirewall { + DEFAULT_SERVER = lib.mkDefault "::"; + }) // (lib.optionalAttrs cfg.emailServer.enable { MAIL_SERVER = cfg.emailServer.address; MAIL_PORT = cfg.emailServer.port; MAIL_USE_SSL = cfg.emailServer.useSSL; @@ -160,7 +157,7 @@ in fi ( # Email address: - echo ${escapeShellArg cfg.initialEmail} + echo ${lib.escapeShellArg cfg.initialEmail} # file might not contain newline. echo hack fixes that. PW=$(cat "$PW_FILE") @@ -183,7 +180,7 @@ in StateDirectory = "pgadmin"; ExecStart = "${cfg.package}/bin/pgadmin4"; LoadCredential = [ "initial_password:${cfg.initialPasswordFile}" ] - ++ optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; + ++ lib.optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; }; }; diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix index e3fa7f45844f159..8ad4f98dce8a376 100644 --- a/nixos/modules/services/backup/mysql-backup.nix +++ b/nixos/modules/services/backup/mysql-backup.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inherit (pkgs) mariadb gzip; @@ -12,7 +9,7 @@ let backupScript = '' set -o pipefail failed="" - ${concatMapStringsSep "\n" backupDatabaseScript cfg.databases} + ${lib.concatMapStringsSep "\n" backupDatabaseScript cfg.databases} if [ -n "$failed" ]; then echo "Backup of database(s) failed:$failed" exit 1 @@ -20,7 +17,7 @@ let ''; backupDatabaseScript = db: '' dest="${cfg.location}/${db}.gz" - if ${mariadb}/bin/mysqldump ${optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c ${cfg.gzipOptions} > $dest.tmp; then + if ${mariadb}/bin/mysqldump ${lib.optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c ${cfg.gzipOptions} > $dest.tmp; then mv $dest.tmp $dest echo "Backed up to $dest" else @@ -37,51 +34,51 @@ in services.mysqlBackup = { - enable = mkEnableOption "MySQL backups"; + enable = lib.mkEnableOption "MySQL backups"; - calendar = mkOption { - type = types.str; + calendar = lib.mkOption { + type = lib.types.str; default = "01:15:00"; description = '' Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second). ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; description = '' User to be used to perform backup. ''; }; - databases = mkOption { + databases = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' List of database names to dump. ''; }; - location = mkOption { - type = types.path; + location = lib.mkOption { + type = lib.types.path; default = "/var/backup/mysql"; description = '' Location to put the gzipped MySQL database dumps. ''; }; - singleTransaction = mkOption { + singleTransaction = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to create database dump in a single transaction ''; }; - gzipOptions = mkOption { + gzipOptions = lib.mkOption { default = "--no-name --rsyncable"; - type = types.str; + type = lib.types.str; description = '' Command line options to use when invoking `gzip`. ''; @@ -90,8 +87,8 @@ in }; - config = mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == defaultUser) { + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == defaultUser) { ${defaultUser} = { isSystemUser = true; createHome = false; @@ -105,9 +102,9 @@ in ensurePermissions = with lib; let privs = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES"; - grant = db: nameValuePair "${db}.*" privs; + grant = db: lib.nameValuePair "${db}.*" privs; in - listToAttrs (map grant cfg.databases); + lib.listToAttrs (map grant cfg.databases); }]; systemd = { diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 5dd9e075862da04..3302375c78899dd 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.postgresqlBackup; @@ -13,9 +10,9 @@ let "gzip" = ".gz"; "zstd" = ".zstd"; }; - compressSuffix = getAttr cfg.compression compressSuffixes; + compressSuffix = lib.getAttr cfg.compression compressSuffixes; - compressCmd = getAttr cfg.compression { + compressCmd = lib.getAttr cfg.compression { "none" = "cat"; "gzip" = "${pkgs.gzip}/bin/gzip -c -${toString cfg.compressionLevel} --rsyncable"; "zstd" = "${pkgs.zstd}/bin/zstd -c -${toString cfg.compressionLevel} --rsyncable"; @@ -24,7 +21,7 @@ let mkSqlPath = prefix: suffix: "${cfg.location}/${db}${prefix}.sql${suffix}"; curFile = mkSqlPath "" compressSuffix; prevFile = mkSqlPath ".prev" compressSuffix; - prevFiles = map (mkSqlPath ".prev") (attrValues compressSuffixes); + prevFiles = map (mkSqlPath ".prev") (lib.attrValues compressSuffixes); inProgressFile = mkSqlPath ".in-progress" compressSuffix; in { enable = true; @@ -63,7 +60,7 @@ let in { imports = [ - (mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] '' + (lib.mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] '' A systemd timer is now used instead of cron. The starting time can be configured via services.postgresqlBackup.startAt. '') @@ -71,11 +68,11 @@ in { options = { services.postgresqlBackup = { - enable = mkEnableOption "PostgreSQL dumps"; + enable = lib.mkEnableOption "PostgreSQL dumps"; - startAt = mkOption { + startAt = lib.mkOption { default = "*-*-* 01:15:00"; - type = with types; either (listOf str) str; + type = with lib.types; either (listOf str) str; description = '' This option defines (see `systemd.time` for format) when the databases should be dumped. @@ -83,9 +80,9 @@ in { ''; }; - backupAll = mkOption { + backupAll = lib.mkOption { default = cfg.databases == []; - defaultText = literalExpression "services.postgresqlBackup.databases == []"; + defaultText = lib.literalExpression "services.postgresqlBackup.databases == []"; type = lib.types.bool; description = '' Backup all databases using pg_dumpall. @@ -96,24 +93,24 @@ in { ''; }; - databases = mkOption { + databases = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' List of database names to dump. ''; }; - location = mkOption { + location = lib.mkOption { default = "/var/backup/postgresql"; - type = types.path; + type = lib.types.path; description = '' Path of directory where the PostgreSQL database dumps will be placed. ''; }; - pgdumpOptions = mkOption { - type = types.separatedString " "; + pgdumpOptions = lib.mkOption { + type = lib.types.separatedString " "; default = "-C"; description = '' Command line options for pg_dump. This options is not used @@ -123,16 +120,16 @@ in { ''; }; - compression = mkOption { - type = types.enum ["none" "gzip" "zstd"]; + compression = lib.mkOption { + type = lib.types.enum ["none" "gzip" "zstd"]; default = "gzip"; description = '' The type of compression to use on the generated database dump. ''; }; - compressionLevel = mkOption { - type = types.ints.between 1 19; + compressionLevel = lib.mkOption { + type = lib.types.ints.between 1 19; default = 6; description = '' The compression level used when compression is enabled. @@ -143,7 +140,7 @@ in { }; - config = mkMerge [ + config = lib.mkMerge [ { assertions = [ { @@ -158,17 +155,17 @@ in { } ]; } - (mkIf cfg.enable { + (lib.mkIf cfg.enable { systemd.tmpfiles.rules = [ "d '${cfg.location}' 0700 postgres - - -" ]; }) - (mkIf (cfg.enable && cfg.backupAll) { + (lib.mkIf (cfg.enable && cfg.backupAll) { systemd.services.postgresqlBackup = postgresqlBackupService "all" "pg_dumpall"; }) - (mkIf (cfg.enable && !cfg.backupAll) { - systemd.services = listToAttrs (map (db: + (lib.mkIf (cfg.enable && !cfg.backupAll) { + systemd.services = lib.listToAttrs (map (db: let cmd = "pg_dump ${cfg.pgdumpOptions} ${db}"; in { diff --git a/nixos/modules/services/backup/postgresql-wal-receiver.nix b/nixos/modules/services/backup/postgresql-wal-receiver.nix index a8f2cf514d549ce..b355637ff5a0386 100644 --- a/nixos/modules/services/backup/postgresql-wal-receiver.nix +++ b/nixos/modules/services/backup/postgresql-wal-receiver.nix @@ -1,24 +1,21 @@ { config, lib, pkgs, ... }: - -with lib; - let receiverSubmodule = { options = { - postgresqlPackage = mkPackageOption pkgs "postgresql" { + postgresqlPackage = lib.mkPackageOption pkgs "postgresql" { example = "postgresql_15"; }; - directory = mkOption { - type = types.path; - example = literalExpression "/mnt/pg_wal/main/"; + directory = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression "/mnt/pg_wal/main/"; description = '' Directory to write the output to. ''; }; - statusInterval = mkOption { - type = types.int; + statusInterval = lib.mkOption { + type = lib.types.int; default = 10; description = '' Specifies the number of seconds between status packets sent back to the server. @@ -28,8 +25,8 @@ let ''; }; - slot = mkOption { - type = types.str; + slot = lib.mkOption { + type = lib.types.str; default = ""; example = "some_slot_name"; description = '' @@ -45,8 +42,8 @@ let ''; }; - synchronous = mkOption { - type = types.bool; + synchronous = lib.mkOption { + type = lib.types.bool; default = false; description = '' Flush the WAL data to disk immediately after it has been received. @@ -57,8 +54,8 @@ let ''; }; - compress = mkOption { - type = types.ints.between 0 9; + compress = lib.mkOption { + type = lib.types.ints.between 0 9; default = 0; description = '' Enables gzip compression of write-ahead logs, and specifies the compression level @@ -69,8 +66,8 @@ let ''; }; - connection = mkOption { - type = types.str; + connection = lib.mkOption { + type = lib.types.str; example = "postgresql://user@somehost"; description = '' Specifies parameters used to connect to the server, as a connection string. @@ -81,10 +78,10 @@ let ''; }; - extraArgs = mkOption { - type = with types; listOf str; + extraArgs = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ "--no-sync" ] @@ -94,10 +91,10 @@ let ''; }; - environment = mkOption { - type = with types; attrsOf str; + environment = lib.mkOption { + type = with lib.types; attrsOf str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { PGPASSFILE = "/private/passfile"; PGSSLMODE = "require"; @@ -114,10 +111,10 @@ let in { options = { services.postgresqlWalReceiver = { - receivers = mkOption { - type = with types; attrsOf (submodule receiverSubmodule); + receivers = lib.mkOption { + type = with lib.types; attrsOf (submodule receiverSubmodule); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { main = { postgresqlPackage = pkgs.postgresql_15; @@ -138,7 +135,7 @@ in { config = let receivers = config.services.postgresqlWalReceiver.receivers; - in mkIf (receivers != { }) { + in lib.mkIf (receivers != { }) { users = { users.postgres = { uid = config.ids.uids.postgres; @@ -151,18 +148,18 @@ in { }; }; - assertions = concatLists (attrsets.mapAttrsToList (name: config: [ + assertions = lib.concatLists (lib.attrsets.mapAttrsToList (name: config: [ { - assertion = config.compress > 0 -> versionAtLeast config.postgresqlPackage.version "10"; + assertion = config.compress > 0 -> lib.versionAtLeast config.postgresqlPackage.version "10"; message = "Invalid configuration for WAL receiver \"${name}\": compress requires PostgreSQL version >= 10."; } ]) receivers); - systemd.tmpfiles.rules = mapAttrsToList (name: config: '' - d ${escapeShellArg config.directory} 0750 postgres postgres - - + systemd.tmpfiles.rules = lib.mapAttrsToList (name: config: '' + d ${lib.escapeShellArg config.directory} 0750 postgres postgres - - '') receivers; - systemd.services = with attrsets; mapAttrs' (name: config: nameValuePair "postgresql-wal-receiver-${name}" { + systemd.services = lib.mapAttrs' (name: config: lib.nameValuePair "postgresql-wal-receiver-${name}" { description = "PostgreSQL WAL receiver (${name})"; wantedBy = [ "multi-user.target" ]; startLimitIntervalSec = 0; # retry forever, useful in case of network disruption @@ -179,22 +176,22 @@ in { script = let receiverCommand = postgresqlPackage: - if (versionAtLeast postgresqlPackage.version "10") + if (lib.versionAtLeast postgresqlPackage.version "10") then "${postgresqlPackage}/bin/pg_receivewal" else "${postgresqlPackage}/bin/pg_receivexlog"; in '' ${receiverCommand config.postgresqlPackage} \ --no-password \ - --directory=${escapeShellArg config.directory} \ + --directory=${lib.escapeShellArg config.directory} \ --status-interval=${toString config.statusInterval} \ - --dbname=${escapeShellArg config.connection} \ - ${optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ - ${optionalString (config.slot != "") "--slot=${escapeShellArg config.slot}"} \ - ${optionalString config.synchronous "--synchronous"} \ - ${concatStringsSep " " config.extraArgs} + --dbname=${lib.escapeShellArg config.connection} \ + ${lib.optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ + ${lib.optionalString (config.slot != "") "--slot=${lib.escapeShellArg config.slot}"} \ + ${lib.optionalString config.synchronous "--synchronous"} \ + ${lib.concatStringsSep " " config.extraArgs} ''; }) receivers; }; - meta.maintainers = with maintainers; [ pacien ]; + meta.maintainers = with lib.maintainers; [ pacien ]; } diff --git a/nixos/modules/services/backup/restic-rest-server.nix b/nixos/modules/services/backup/restic-rest-server.nix index eb7b57800333ed4..333609444da2afe 100644 --- a/nixos/modules/services/backup/restic-rest-server.nix +++ b/nixos/modules/services/backup/restic-rest-server.nix @@ -1,32 +1,29 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.restic.server; in { - meta.maintainers = [ maintainers.bachp ]; + meta.maintainers = [ lib.maintainers.bachp ]; options.services.restic.server = { - enable = mkEnableOption "Restic REST Server"; + enable = lib.mkEnableOption "Restic REST Server"; - listenAddress = mkOption { + listenAddress = lib.mkOption { default = "8000"; example = "127.0.0.1:8080"; - type = types.str; + type = lib.types.str; description = "Listen on a specific IP address and port or unix socket."; }; - dataDir = mkOption { + dataDir = lib.mkOption { default = "/var/lib/restic"; - type = types.path; + type = lib.types.path; description = "The directory for storing the restic repository."; }; - appendOnly = mkOption { + appendOnly = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Enable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. @@ -34,33 +31,33 @@ in ''; }; - privateRepos = mkOption { + privateRepos = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Enable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL. ''; }; - prometheus = mkOption { + prometheus = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Enable Prometheus metrics at /metrics."; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra commandline options to pass to Restic REST server. ''; }; - package = mkPackageOption pkgs "restic-rest-server" { }; + package = lib.mkPackageOption pkgs "restic-rest-server" { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = lib.substring 0 1 cfg.listenAddress != ":"; message = "The restic-rest-server now uses systemd socket activation, which expects only the Port number: services.restic.server.listenAddress = \"${lib.substring 1 6 cfg.listenAddress}\";"; @@ -75,10 +72,10 @@ in ExecStart = '' ${cfg.package}/bin/rest-server \ --path ${cfg.dataDir} \ - ${optionalString cfg.appendOnly "--append-only"} \ - ${optionalString cfg.privateRepos "--private-repos"} \ - ${optionalString cfg.prometheus "--prometheus"} \ - ${escapeShellArgs cfg.extraFlags} \ + ${lib.optionalString cfg.appendOnly "--append-only"} \ + ${lib.optionalString cfg.privateRepos "--private-repos"} \ + ${lib.optionalString cfg.prometheus "--prometheus"} \ + ${lib.escapeShellArgs cfg.extraFlags} \ ''; Type = "simple"; User = "restic"; @@ -119,7 +116,7 @@ in wantedBy = [ "sockets.target" ]; }; - systemd.tmpfiles.rules = mkIf cfg.privateRepos [ + systemd.tmpfiles.rules = lib.mkIf cfg.privateRepos [ "f ${cfg.dataDir}/.htpasswd 0700 restic restic -" ]; diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index a7c2ef2eacd5b93..0fb601cce58920e 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -1,28 +1,25 @@ { config, lib, pkgs, utils, ... }: - -with lib; - let # Type for a valid systemd unit option. Needed for correctly passing "timerConfig" to "systemd.timers" inherit (utils.systemdUtils.unitOptions) unitOption; in { - options.services.restic.backups = mkOption { + options.services.restic.backups = lib.mkOption { description = '' Periodic backups to create with Restic. ''; - type = types.attrsOf (types.submodule ({ name, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; description = '' Read the repository password from a file. ''; example = "/etc/nixos/restic-password"; }; - environmentFile = mkOption { - type = with types; nullOr str; + environmentFile = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' file containing the credentials to access the repository, in the @@ -30,8 +27,8 @@ in ''; }; - rcloneOptions = mkOption { - type = with types; nullOr (attrsOf (oneOf [ str bool ])); + rcloneOptions = lib.mkOption { + type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); default = null; description = '' Options to pass to rclone to control its behavior. @@ -47,8 +44,8 @@ in }; }; - rcloneConfig = mkOption { - type = with types; nullOr (attrsOf (oneOf [ str bool ])); + rcloneConfig = lib.mkOption { + type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); default = null; description = '' Configuration for the rclone remote being used for backup. @@ -71,8 +68,8 @@ in }; }; - rcloneConfigFile = mkOption { - type = with types; nullOr path; + rcloneConfigFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Path to the file containing rclone configuration. This file @@ -83,17 +80,17 @@ in ''; }; - inhibitsSleep = mkOption { + inhibitsSleep = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; example = true; description = '' Prevents the system from sleeping while backing up. ''; }; - repository = mkOption { - type = with types; nullOr str; + repository = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' repository to backup to. @@ -101,18 +98,18 @@ in example = "sftp:backup@192.168.1.100:/backups/${name}"; }; - repositoryFile = mkOption { - type = with types; nullOr path; + repositoryFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Path to the file containing the repository location to backup to. ''; }; - paths = mkOption { + paths = lib.mkOption { # This is nullable for legacy reasons only. We should consider making it a pure listOf # after some time has passed since this comment was added. - type = types.nullOr (types.listOf types.str); + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = [ ]; description = '' Which paths to backup, in addition to ones specified via @@ -126,8 +123,8 @@ in ]; }; - exclude = mkOption { - type = types.listOf types.str; + exclude = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Patterns to exclude when backing up. See @@ -141,8 +138,8 @@ in ]; }; - timerConfig = mkOption { - type = types.nullOr (types.attrsOf unitOption); + timerConfig = lib.mkOption { + type = lib.types.nullOr (lib.types.attrsOf unitOption); default = { OnCalendar = "daily"; Persistent = true; @@ -159,8 +156,8 @@ in }; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "root"; description = '' As which user the backup should run. @@ -168,8 +165,8 @@ in example = "postgresql"; }; - extraBackupArgs = mkOption { - type = types.listOf types.str; + extraBackupArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Extra arguments passed to restic backup. @@ -179,8 +176,8 @@ in ]; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Extra extended options to be passed to the restic --option flag. @@ -190,16 +187,16 @@ in ]; }; - initialize = mkOption { - type = types.bool; + initialize = lib.mkOption { + type = lib.types.bool; default = false; description = '' Create the repository if it doesn't exist. ''; }; - pruneOpts = mkOption { - type = types.listOf types.str; + pruneOpts = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' A list of options (--keep-\* et al.) for 'restic forget @@ -215,16 +212,16 @@ in ]; }; - runCheck = mkOption { - type = types.bool; + runCheck = lib.mkOption { + type = lib.types.bool; default = (builtins.length config.services.restic.backups.${name}.checkOpts > 0); - defaultText = literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; + defaultText = lib.literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; description = "Whether to run the `check` command with the provided `checkOpts` options."; example = true; }; - checkOpts = mkOption { - type = types.listOf types.str; + checkOpts = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' A list of options for 'restic check'. @@ -234,8 +231,8 @@ in ]; }; - dynamicFilesFrom = mkOption { - type = with types; nullOr str; + dynamicFilesFrom = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that produces a list of files to back up. The @@ -245,23 +242,23 @@ in example = "find /home/matt/git -type d -name .git"; }; - backupPrepareCommand = mkOption { - type = with types; nullOr str; + backupPrepareCommand = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that must run before starting the backup process. ''; }; - backupCleanupCommand = mkOption { - type = with types; nullOr str; + backupCleanupCommand = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that must run after finishing the backup process. ''; }; - package = mkPackageOption pkgs "restic" { }; + package = lib.mkPackageOption pkgs "restic" { }; createWrapper = lib.mkOption { type = lib.types.bool; @@ -299,54 +296,54 @@ in }; config = { - assertions = mapAttrsToList (n: v: { + assertions = lib.mapAttrsToList (n: v: { assertion = (v.repository == null) != (v.repositoryFile == null); message = "services.restic.backups.${n}: exactly one of repository or repositoryFile should be set"; }) config.services.restic.backups; systemd.services = - mapAttrs' + lib.mapAttrs' (name: backup: let - extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; - inhibitCmd = concatStringsSep " " [ + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; + inhibitCmd = lib.concatStringsSep " " [ "${pkgs.systemd}/bin/systemd-inhibit" "--mode='block'" "--who='restic'" "--what='sleep'" - "--why=${escapeShellArg "Scheduled backup ${name}"} " + "--why=${lib.escapeShellArg "Scheduled backup ${name}"} " ]; - resticCmd = "${optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; - excludeFlags = optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (concatStringsSep "\n" backup.exclude)}"; + resticCmd = "${lib.optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; + excludeFlags = lib.optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (lib.concatStringsSep "\n" backup.exclude)}"; filesFromTmpFile = "/run/restic-backups-${name}/includes"; doBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != []); - pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ - (resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts)) + pruneCmd = lib.optionals (builtins.length backup.pruneOpts > 0) [ + (resticCmd + " forget --prune " + (lib.concatStringsSep " " backup.pruneOpts)) ]; - checkCmd = optionals backup.runCheck [ - (resticCmd + " check " + (concatStringsSep " " backup.checkOpts)) + checkCmd = lib.optionals backup.runCheck [ + (resticCmd + " check " + (lib.concatStringsSep " " backup.checkOpts)) ]; # Helper functions for rclone remotes - rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1; - rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); - rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v); + rcloneRemoteName = builtins.elemAt (lib.splitString ":" backup.repository) 1; + rcloneAttrToOpt = v: "RCLONE_" + lib.toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); + rcloneAttrToConf = v: "RCLONE_CONFIG_" + lib.toUpper (rcloneRemoteName + "_" + v); toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; in - nameValuePair "restic-backups-${name}" ({ + lib.nameValuePair "restic-backups-${name}" ({ environment = { # not %C, because that wouldn't work in the wrapper script RESTIC_CACHE_DIR = "/var/cache/restic-backups-${name}"; RESTIC_PASSWORD_FILE = backup.passwordFile; RESTIC_REPOSITORY = backup.repository; RESTIC_REPOSITORY_FILE = backup.repositoryFile; - } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs' + } // lib.optionalAttrs (backup.rcloneOptions != null) (lib.mapAttrs' (name: value: - nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) + lib.nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) ) - backup.rcloneOptions) // optionalAttrs (backup.rcloneConfigFile != null) { + backup.rcloneOptions) // lib.optionalAttrs (backup.rcloneConfigFile != null) { RCLONE_CONFIG = backup.rcloneConfigFile; - } // optionalAttrs (backup.rcloneConfig != null) (mapAttrs' + } // lib.optionalAttrs (backup.rcloneConfig != null) (lib.mapAttrs' (name: value: - nameValuePair (rcloneAttrToConf name) (toRcloneVal value) + lib.nameValuePair (rcloneAttrToConf name) (toRcloneVal value) ) backup.rcloneConfig); path = [ config.programs.ssh.package ]; @@ -355,37 +352,37 @@ in after = [ "network-online.target" ]; serviceConfig = { Type = "oneshot"; - ExecStart = (optionals doBackup [ "${resticCmd} backup ${concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) + ExecStart = (lib.optionals doBackup [ "${resticCmd} backup ${lib.concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) ++ pruneCmd ++ checkCmd; User = backup.user; RuntimeDirectory = "restic-backups-${name}"; CacheDirectory = "restic-backups-${name}"; CacheDirectoryMode = "0700"; PrivateTmp = true; - } // optionalAttrs (backup.environmentFile != null) { + } // lib.optionalAttrs (backup.environmentFile != null) { EnvironmentFile = backup.environmentFile; }; - } // optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { + } // lib.optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { preStart = '' - ${optionalString (backup.backupPrepareCommand != null) '' + ${lib.optionalString (backup.backupPrepareCommand != null) '' ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand} ''} - ${optionalString (backup.initialize) '' + ${lib.optionalString (backup.initialize) '' ${resticCmd} cat config > /dev/null || ${resticCmd} init ''} - ${optionalString (backup.paths != null && backup.paths != []) '' - cat ${pkgs.writeText "staticPaths" (concatLines backup.paths)} >> ${filesFromTmpFile} + ${lib.optionalString (backup.paths != null && backup.paths != []) '' + cat ${pkgs.writeText "staticPaths" (lib.concatLines backup.paths)} >> ${filesFromTmpFile} ''} - ${optionalString (backup.dynamicFilesFrom != null) '' + ${lib.optionalString (backup.dynamicFilesFrom != null) '' ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} >> ${filesFromTmpFile} ''} ''; - } // optionalAttrs (doBackup || backup.backupCleanupCommand != null) { + } // lib.optionalAttrs (doBackup || backup.backupCleanupCommand != null) { postStop = '' - ${optionalString (backup.backupCleanupCommand != null) '' + ${lib.optionalString (backup.backupCleanupCommand != null) '' ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand} ''} - ${optionalString doBackup '' + ${lib.optionalString doBackup '' rm ${filesFromTmpFile} ''} ''; @@ -393,12 +390,12 @@ in ) config.services.restic.backups; systemd.timers = - mapAttrs' - (name: backup: nameValuePair "restic-backups-${name}" { + lib.mapAttrs' + (name: backup: lib.nameValuePair "restic-backups-${name}" { wantedBy = [ "timers.target" ]; timerConfig = backup.timerConfig; }) - (filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); + (lib.filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); # generate wrapper scripts, as described in the createWrapper option environment.systemPackages = lib.mapAttrsToList (name: backup: let diff --git a/nixos/modules/services/backup/rsnapshot.nix b/nixos/modules/services/backup/rsnapshot.nix index 6635a51ec2c656a..aedb8acd60ac138 100644 --- a/nixos/modules/services/backup/rsnapshot.nix +++ b/nixos/modules/services/backup/rsnapshot.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rsnapshot; cfgfile = pkgs.writeText "rsnapshot.conf" '' @@ -22,21 +19,21 @@ in { options = { services.rsnapshot = { - enable = mkEnableOption "rsnapshot backups"; - enableManualRsnapshot = mkOption { + enable = lib.mkEnableOption "rsnapshot backups"; + enableManualRsnapshot = lib.mkOption { description = "Whether to enable manual usage of the rsnapshot command with this module."; default = true; - type = types.bool; + type = lib.types.bool; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; example = '' retains hourly 24 retain daily 365 backup /home/ localhost/ ''; - type = types.lines; + type = lib.types.lines; description = '' rsnapshot configuration option in addition to the defaults from rsnapshot and this module. @@ -49,10 +46,10 @@ in ''; }; - cronIntervals = mkOption { + cronIntervals = lib.mkOption { default = {}; example = { hourly = "0 * * * *"; daily = "50 21 * * *"; }; - type = types.attrsOf types.str; + type = lib.types.attrsOf lib.types.str; description = '' Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration @@ -62,12 +59,12 @@ in }; }; - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { services.cron.systemCronJobs = - mapAttrsToList (interval: time: "${time} root ${pkgs.rsnapshot}/bin/rsnapshot -c ${cfgfile} ${interval}") cfg.cronIntervals; + lib.mapAttrsToList (interval: time: "${time} root ${pkgs.rsnapshot}/bin/rsnapshot -c ${cfgfile} ${interval}") cfg.cronIntervals; } - (mkIf cfg.enableManualRsnapshot { + (lib.mkIf cfg.enableManualRsnapshot { environment.systemPackages = [ pkgs.rsnapshot ]; environment.etc."rsnapshot.conf".source = cfgfile; }) diff --git a/nixos/modules/services/backup/sanoid.nix b/nixos/modules/services/backup/sanoid.nix index 1b9ace358cabe8e..823a2ed565e7811 100644 --- a/nixos/modules/services/backup/sanoid.nix +++ b/nixos/modules/services/backup/sanoid.nix @@ -1,85 +1,82 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.sanoid; - datasetSettingsType = with types; + datasetSettingsType = with lib.types; (attrsOf (nullOr (oneOf [ str int bool (listOf str) ]))) // { description = "dataset/template options"; }; commonOptions = { - hourly = mkOption { + hourly = lib.mkOption { description = "Number of hourly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - daily = mkOption { + daily = lib.mkOption { description = "Number of daily snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - monthly = mkOption { + monthly = lib.mkOption { description = "Number of monthly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - yearly = mkOption { + yearly = lib.mkOption { description = "Number of yearly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - autoprune = mkOption { + autoprune = lib.mkOption { description = "Whether to automatically prune old snapshots."; - type = with types; nullOr bool; + type = with lib.types; nullOr bool; default = null; }; - autosnap = mkOption { + autosnap = lib.mkOption { description = "Whether to automatically take snapshots."; - type = with types; nullOr bool; + type = with lib.types; nullOr bool; default = null; }; }; datasetOptions = rec { - use_template = mkOption { + use_template = lib.mkOption { description = "Names of the templates to use for this dataset."; - type = types.listOf (types.str // { - check = (types.enum (attrNames cfg.templates)).check; + type = lib.types.listOf (lib.types.str // { + check = (lib.types.enum (lib.attrNames cfg.templates)).check; description = "configured template name"; }); default = [ ]; }; useTemplate = use_template; - recursive = mkOption { + recursive = lib.mkOption { description = '' Whether to recursively snapshot dataset children. You can also set this to `"zfs"` to handle datasets recursively in an atomic way without the possibility to override settings for child datasets. ''; - type = with types; oneOf [ bool (enum [ "zfs" ]) ]; + type = with lib.types; oneOf [ bool (enum [ "zfs" ]) ]; default = false; }; - process_children_only = mkOption { + process_children_only = lib.mkOption { description = "Whether to only snapshot child datasets if recursing."; - type = types.bool; + type = lib.types.bool; default = false; }; processChildrenOnly = process_children_only; }; # Extract unique dataset names - datasets = unique (attrNames cfg.datasets); + datasets = lib.unique (lib.attrNames cfg.datasets); # Function to build "zfs allow" and "zfs unallow" commands for the # filesystems we've delegated permissions to. @@ -88,23 +85,23 @@ let "-+/run/booted-system/sw/bin/zfs" zfsAction "sanoid" - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]; configFile = let mkValueString = v: - if builtins.isList v then concatStringsSep "," v - else generators.mkValueStringDefault { } v; + if lib.isList v then lib.concatStringsSep "," v + else lib.generators.mkValueStringDefault { } v; mkKeyValue = k: v: if v == null then "" else if k == "processChildrenOnly" then "" else if k == "useTemplate" then "" - else generators.mkKeyValueDefault { inherit mkValueString; } "=" k v; + else lib.generators.mkKeyValueDefault { inherit mkValueString; } "=" k v; in - generators.toINI { inherit mkKeyValue; } cfg.settings; + lib.generators.toINI { inherit mkKeyValue; } cfg.settings; in { @@ -112,12 +109,12 @@ in # Interface options.services.sanoid = { - enable = mkEnableOption "Sanoid ZFS snapshotting service"; + enable = lib.mkEnableOption "Sanoid ZFS snapshotting service"; package = lib.mkPackageOption pkgs "sanoid" {}; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "hourly"; example = "daily"; description = '' @@ -128,19 +125,19 @@ in ''; }; - datasets = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: { + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { freeformType = datasetSettingsType; options = commonOptions // datasetOptions; - config.use_template = modules.mkAliasAndWrapDefsWithPriority id (options.useTemplate or { }); - config.process_children_only = modules.mkAliasAndWrapDefsWithPriority id (options.processChildrenOnly or { }); + config.use_template = lib.modules.mkAliasAndWrapDefsWithPriority lib.id (options.useTemplate or { }); + config.process_children_only = lib.modules.mkAliasAndWrapDefsWithPriority lib.id (options.processChildrenOnly or { }); })); default = { }; description = "Datasets to snapshot."; }; - templates = mkOption { - type = types.attrsOf (types.submodule { + templates = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { freeformType = datasetSettingsType; options = commonOptions; }); @@ -148,8 +145,8 @@ in description = "Templates for datasets."; }; - settings = mkOption { - type = types.attrsOf datasetSettingsType; + settings = lib.mkOption { + type = lib.types.attrsOf datasetSettingsType; description = '' Free-form settings written directly to the config file. See @@ -157,8 +154,8 @@ in ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--verbose" "--readonly" "--debug" ]; description = '' @@ -171,10 +168,10 @@ in # Implementation - config = mkIf cfg.enable { - services.sanoid.settings = mkMerge [ - (mapAttrs' (d: v: nameValuePair ("template_" + d) v) cfg.templates) - (mapAttrs (d: v: v) cfg.datasets) + config = lib.mkIf cfg.enable { + services.sanoid.settings = lib.mkMerge [ + (lib.mapAttrs' (d: v: lib.nameValuePair ("template_" + d) v) cfg.templates) + (lib.mapAttrs (d: v: v) cfg.datasets) ]; systemd.services.sanoid = { @@ -201,5 +198,5 @@ in }; }; - meta.maintainers = with maintainers; [ lopsided98 ]; + meta.maintainers = with lib.maintainers; [ lopsided98 ]; } diff --git a/nixos/modules/services/backup/snapraid.nix b/nixos/modules/services/backup/snapraid.nix index a621c9f62ff79bd..02dabce1881156b 100644 --- a/nixos/modules/services/backup/snapraid.nix +++ b/nixos/modules/services/backup/snapraid.nix @@ -1,18 +1,15 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.snapraid; in { imports = [ # Should have never been on the top-level. - (mkRenamedOptionModule [ "snapraid" ] [ "services" "snapraid" ]) + (lib.mkRenamedOptionModule [ "snapraid" ] [ "services" "snapraid" ]) ]; - options.services.snapraid = with types; { - enable = mkEnableOption "SnapRAID"; - dataDisks = mkOption { + options.services.snapraid = with lib.types; { + enable = lib.mkEnableOption "SnapRAID"; + dataDisks = lib.mkOption { default = { }; example = { d1 = "/mnt/disk1/"; @@ -22,7 +19,7 @@ in description = "SnapRAID data disks."; type = attrsOf str; }; - parityFiles = mkOption { + parityFiles = lib.mkOption { default = [ ]; example = [ "/mnt/diskp/snapraid.parity" @@ -35,7 +32,7 @@ in description = "SnapRAID parity files."; type = listOf str; }; - contentFiles = mkOption { + contentFiles = lib.mkOption { default = [ ]; example = [ "/var/snapraid.content" @@ -45,40 +42,40 @@ in description = "SnapRAID content list files."; type = listOf str; }; - exclude = mkOption { + exclude = lib.mkOption { default = [ ]; example = [ "*.unrecoverable" "/tmp/" "/lost+found/" ]; description = "SnapRAID exclude directives."; type = listOf str; }; - touchBeforeSync = mkOption { + touchBeforeSync = lib.mkOption { default = true; example = false; description = "Whether {command}`snapraid touch` should be run before {command}`snapraid sync`."; type = bool; }; - sync.interval = mkOption { + sync.interval = lib.mkOption { default = "01:00"; example = "daily"; description = "How often to run {command}`snapraid sync`."; type = str; }; scrub = { - interval = mkOption { + interval = lib.mkOption { default = "Mon *-*-* 02:00:00"; example = "weekly"; description = "How often to run {command}`snapraid scrub`."; type = str; }; - plan = mkOption { + plan = lib.mkOption { default = 8; example = 5; description = "Percent of the array that should be checked by {command}`snapraid scrub`."; type = int; }; - olderThan = mkOption { + olderThan = lib.mkOption { default = 10; example = 20; description = @@ -86,7 +83,7 @@ in type = int; }; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; example = '' nohidden @@ -105,7 +102,7 @@ in nParity = builtins.length cfg.parityFiles; mkPrepend = pre: s: pre + s; in - mkIf cfg.enable { + lib.mkIf cfg.enable { assertions = [ { assertion = nParity <= 6; @@ -128,9 +125,9 @@ in prependContent = mkPrepend "content "; prependExclude = mkPrepend "exclude "; in - concatStringsSep "\n" + lib.concatStringsSep "\n" (map prependData - ((mapAttrsToList (name: value: name + " " + value)) dataDisks) + ((lib.mapAttrsToList (name: value: name + " " + value)) dataDisks) ++ zipListsWith (a: b: a + b) ([ "parity " ] ++ map (i: toString i + "-parity ") (range 2 6)) parityFiles ++ map prependContent contentFiles @@ -179,8 +176,8 @@ in let contentDirs = map dirOf contentFiles; in - unique ( - attrValues dataDisks ++ contentDirs + lib.unique ( + lib.attrValues dataDisks ++ contentDirs ); }; unitConfig.After = "snapraid-sync.service"; @@ -227,10 +224,10 @@ in # https://www.snapraid.it/manual#7.1 splitParityFiles = map (s: splitString "," s) parityFiles; in - unique ( - attrValues dataDisks ++ splitParityFiles ++ contentDirs + lib.unique ( + lib.attrValues dataDisks ++ splitParityFiles ++ contentDirs ); - } // optionalAttrs touchBeforeSync { + } // lib.optionalAttrs touchBeforeSync { ExecStartPre = "${pkgs.snapraid}/bin/snapraid touch"; }; }; diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index ec9ccaa46d4282f..97d39544d5bb2a2 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.syncoid; # Extract local dasaset names (so no datasets containing "@") - localDatasetName = d: optionals (d != null) ( + localDatasetName = d: lib.optionals (d != null) ( let m = builtins.match "([^/@]+[^@]*)" d; in - optionals (m != null) m + lib.optionals (m != null) m ); # Escape as required by: https://www.freedesktop.org/software/systemd/man/systemd.unit.html @@ -35,7 +32,7 @@ let "/run/booted-system/sw/bin/zfs" "allow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]} ${lib.optionalString ((builtins.dirOf dataset) != ".") '' @@ -44,7 +41,7 @@ let "/run/booted-system/sw/bin/zfs" "allow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) ]} @@ -66,14 +63,14 @@ let "/run/booted-system/sw/bin/zfs" "unallow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]} ${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [ "/run/booted-system/sw/bin/zfs" "unallow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) ])} @@ -85,12 +82,12 @@ in # Interface options.services.syncoid = { - enable = mkEnableOption "Syncoid ZFS synchronization service"; + enable = lib.mkEnableOption "Syncoid ZFS synchronization service"; package = lib.mkPackageOption pkgs "sanoid" {}; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "hourly"; example = "*-*-* *:15:00"; description = '' @@ -101,8 +98,8 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "syncoid"; example = "backup"; description = '' @@ -115,15 +112,15 @@ in ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "syncoid"; example = "backup"; description = "The group for the service."; }; - sshKey = mkOption { - type = with types; nullOr (coercedTo path toString str); + sshKey = lib.mkOption { + type = with lib.types; nullOr (coercedTo path toString str); default = null; description = '' SSH private key file to use to login to the remote system. Can be @@ -131,8 +128,8 @@ in ''; }; - localSourceAllow = mkOption { - type = types.listOf types.str; + localSourceAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; # Permissions snapshot and destroy are in case --no-sync-snap is not used default = [ "bookmark" "hold" "send" "snapshot" "destroy" "mount" ]; description = '' @@ -143,8 +140,8 @@ in ''; }; - localTargetAllow = mkOption { - type = types.listOf types.str; + localTargetAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]; example = [ "create" "mount" "receive" "rollback" ]; description = '' @@ -158,8 +155,8 @@ in ''; }; - commonArgs = mkOption { - type = types.listOf types.str; + commonArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--no-sync-snap" ]; description = '' @@ -170,19 +167,19 @@ in ''; }; - service = mkOption { - type = types.attrs; + service = lib.mkOption { + type = lib.types.attrs; default = { }; description = '' Systemd configuration common to all syncoid services. ''; }; - commands = mkOption { - type = types.attrsOf (types.submodule ({ name, ... }: { + commands = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { - source = mkOption { - type = types.str; + source = lib.mkOption { + type = lib.types.str; example = "pool/dataset"; description = '' Source ZFS dataset. Can be either local or remote. Defaults to @@ -190,8 +187,8 @@ in ''; }; - target = mkOption { - type = types.str; + target = lib.mkOption { + type = lib.types.str; example = "user@server:pool/dataset"; description = '' Target ZFS dataset. Can be either local @@ -200,18 +197,18 @@ in ''; }; - recursive = mkEnableOption ''the transfer of child datasets''; + recursive = lib.mkEnableOption ''the transfer of child datasets''; - sshKey = mkOption { - type = with types; nullOr (coercedTo path toString str); + sshKey = lib.mkOption { + type = with lib.types; nullOr (coercedTo path toString str); description = '' SSH private key file to use to login to the remote system. Defaults to {option}`services.syncoid.sshKey` option. ''; }; - localSourceAllow = mkOption { - type = types.listOf types.str; + localSourceAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Permissions granted for the {option}`services.syncoid.user` user for local source datasets. See @@ -221,8 +218,8 @@ in ''; }; - localTargetAllow = mkOption { - type = types.listOf types.str; + localTargetAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Permissions granted for the {option}`services.syncoid.user` user for local target datasets. See @@ -234,8 +231,8 @@ in ''; }; - sendOptions = mkOption { - type = types.separatedString " "; + sendOptions = lib.mkOption { + type = lib.types.separatedString " "; default = ""; example = "Lc e"; description = '' @@ -244,8 +241,8 @@ in ''; }; - recvOptions = mkOption { - type = types.separatedString " "; + recvOptions = lib.mkOption { + type = lib.types.separatedString " "; default = ""; example = "ux recordsize o compression=lz4"; description = '' @@ -254,38 +251,38 @@ in ''; }; - useCommonArgs = mkOption { - type = types.bool; + useCommonArgs = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to add the configured common arguments to this command. ''; }; - service = mkOption { - type = types.attrs; + service = lib.mkOption { + type = lib.types.attrs; default = { }; description = '' Systemd configuration specific to this syncoid service. ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--sshport 2222" ]; description = "Extra syncoid arguments for this command."; }; }; config = { - source = mkDefault name; - sshKey = mkDefault cfg.sshKey; - localSourceAllow = mkDefault cfg.localSourceAllow; - localTargetAllow = mkDefault cfg.localTargetAllow; + source = lib.mkDefault name; + sshKey = lib.mkDefault cfg.sshKey; + localSourceAllow = lib.mkDefault cfg.localSourceAllow; + localTargetAllow = lib.mkDefault cfg.localTargetAllow; }; })); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "pool/test".target = "root@target:pool/test"; } @@ -296,9 +293,9 @@ in # Implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users = { - users = mkIf (cfg.user == "syncoid") { + users = lib.mkIf (cfg.user == "syncoid") { syncoid = { group = cfg.group; isSystemUser = true; @@ -308,14 +305,14 @@ in createHome = false; }; }; - groups = mkIf (cfg.group == "syncoid") { + groups = lib.mkIf (cfg.group == "syncoid") { syncoid = { }; }; }; - systemd.services = mapAttrs' + systemd.services = lib.mapAttrs' (name: c: - nameValuePair "syncoid-${escapeUnitName name}" (mkMerge [ + lib.nameValuePair "syncoid-${lib.escapeUnitName name}" (lib.mkMerge [ { description = "Syncoid ZFS synchronization from ${c.source} to ${c.target}"; after = [ "zfs.target" ]; @@ -330,9 +327,9 @@ in (map (buildUnallowCommand c.localSourceAllow) (localDatasetName c.source)) ++ (map (buildUnallowCommand c.localTargetAllow) (localDatasetName c.target)); ExecStart = lib.escapeShellArgs ([ "${cfg.package}/bin/syncoid" ] - ++ optionals c.useCommonArgs cfg.commonArgs - ++ optional c.recursive "-r" - ++ optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] + ++ lib.optionals c.useCommonArgs cfg.commonArgs + ++ lib.optional c.recursive "-r" + ++ lib.optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] ++ c.extraArgs ++ [ "--sendoptions" @@ -364,7 +361,7 @@ in NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; - PrivateNetwork = mkDefault false; + PrivateNetwork = lib.mkDefault false; PrivateUsers = false; # Enabling this breaks on zfs-2.2.0 ProtectClock = true; ProtectControlGroups = true; @@ -379,15 +376,15 @@ in RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; - RootDirectory = "/run/syncoid/${escapeUnitName name}"; + RootDirectory = "/run/syncoid/${lib.escapeUnitName name}"; RootDirectoryStartOnly = true; BindPaths = [ "/dev/zfs" ]; BindReadOnlyPaths = [ builtins.storeDir "/etc" "/run" "/bin/sh" ]; # Avoid useless mounting of RootDirectory= in the own RootDirectory= of ExecStart='s mount namespace. - InaccessiblePaths = [ "-+/run/syncoid/${escapeUnitName name}" ]; + InaccessiblePaths = [ "-+/run/syncoid/${lib.escapeUnitName name}" ]; MountAPIVFS = true; # Create RootDirectory= in the host's mount namespace. - RuntimeDirectory = [ "syncoid/${escapeUnitName name}" ]; + RuntimeDirectory = [ "syncoid/${lib.escapeUnitName name}" ]; RuntimeDirectoryMode = "700"; SystemCallFilter = [ "@system-service" @@ -416,5 +413,5 @@ in cfg.commands; }; - meta.maintainers = with maintainers; [ julm lopsided98 ]; + meta.maintainers = with lib.maintainers; [ julm lopsided98 ]; } diff --git a/nixos/modules/services/backup/tarsnap.nix b/nixos/modules/services/backup/tarsnap.nix index b8f848451d40b09..ef531a0707c5129 100644 --- a/nixos/modules/services/backup/tarsnap.nix +++ b/nixos/modules/services/backup/tarsnap.nix @@ -1,41 +1,38 @@ { config, lib, options, pkgs, utils, ... }: - -with lib; - let gcfg = config.services.tarsnap; opt = options.services.tarsnap; configFile = name: cfg: '' keyfile ${cfg.keyfile} - ${optionalString (cfg.cachedir != null) "cachedir ${cfg.cachedir}"} - ${optionalString cfg.nodump "nodump"} - ${optionalString cfg.printStats "print-stats"} - ${optionalString cfg.printStats "humanize-numbers"} - ${optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)} - ${optionalString cfg.aggressiveNetworking "aggressive-networking"} - ${concatStringsSep "\n" (map (v: "exclude ${v}") cfg.excludes)} - ${concatStringsSep "\n" (map (v: "include ${v}") cfg.includes)} - ${optionalString cfg.lowmem "lowmem"} - ${optionalString cfg.verylowmem "verylowmem"} - ${optionalString (cfg.maxbw != null) "maxbw ${toString cfg.maxbw}"} - ${optionalString (cfg.maxbwRateUp != null) "maxbw-rate-up ${toString cfg.maxbwRateUp}"} - ${optionalString (cfg.maxbwRateDown != null) "maxbw-rate-down ${toString cfg.maxbwRateDown}"} + ${lib.optionalString (cfg.cachedir != null) "cachedir ${cfg.cachedir}"} + ${lib.optionalString cfg.nodump "nodump"} + ${lib.optionalString cfg.printStats "print-stats"} + ${lib.optionalString cfg.printStats "humanize-numbers"} + ${lib.optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)} + ${lib.optionalString cfg.aggressiveNetworking "aggressive-networking"} + ${lib.concatStringsSep "\n" (map (v: "exclude ${v}") cfg.excludes)} + ${lib.concatStringsSep "\n" (map (v: "include ${v}") cfg.includes)} + ${lib.optionalString cfg.lowmem "lowmem"} + ${lib.optionalString cfg.verylowmem "verylowmem"} + ${lib.optionalString (cfg.maxbw != null) "maxbw ${toString cfg.maxbw}"} + ${lib.optionalString (cfg.maxbwRateUp != null) "maxbw-rate-up ${toString cfg.maxbwRateUp}"} + ${lib.optionalString (cfg.maxbwRateDown != null) "maxbw-rate-down ${toString cfg.maxbwRateDown}"} ''; in { imports = [ - (mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") + (lib.mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") ]; options = { services.tarsnap = { - enable = mkEnableOption "periodic tarsnap backups"; + enable = lib.mkEnableOption "periodic tarsnap backups"; - package = mkPackageOption pkgs "tarsnap" { }; + package = lib.mkPackageOption pkgs "tarsnap" { }; - keyfile = mkOption { - type = types.str; + keyfile = lib.mkOption { + type = lib.types.str; default = "/root/tarsnap.key"; description = '' The keyfile which associates this machine with your tarsnap @@ -61,14 +58,14 @@ in ''; }; - archives = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: + archives = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { options = { - keyfile = mkOption { - type = types.str; + keyfile = lib.mkOption { + type = lib.types.str; default = gcfg.keyfile; - defaultText = literalExpression "config.${opt.keyfile}"; + defaultText = lib.literalExpression "config.${opt.keyfile}"; description = '' Set a specific keyfile for this archive. This defaults to `"/root/tarsnap.key"` if left unspecified. @@ -88,10 +85,10 @@ in ''; }; - cachedir = mkOption { - type = types.nullOr types.path; - default = "/var/cache/tarsnap/${utils.escapeSystemdPath config.keyfile}"; - defaultText = literalExpression '' + cachedir = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = "/var/cache/tarsnap/${utils.lib.escapeSystemdPath config.keyfile}"; + defaultText = lib.literalExpression '' "/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}" ''; description = '' @@ -106,16 +103,16 @@ in ''; }; - nodump = mkOption { - type = types.bool; + nodump = lib.mkOption { + type = lib.types.bool; default = true; description = '' Exclude files with the `nodump` flag. ''; }; - printStats = mkOption { - type = types.bool; + printStats = lib.mkOption { + type = lib.types.bool; default = true; description = '' Print global archive statistics upon completion. @@ -124,8 +121,8 @@ in ''; }; - checkpointBytes = mkOption { - type = types.nullOr types.str; + checkpointBytes = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = "1GB"; description = '' Create a checkpoint every `checkpointBytes` @@ -138,8 +135,8 @@ in ''; }; - period = mkOption { - type = types.str; + period = lib.mkOption { + type = lib.types.str; default = "01:15"; example = "hourly"; description = '' @@ -150,8 +147,8 @@ in ''; }; - aggressiveNetworking = mkOption { - type = types.bool; + aggressiveNetworking = lib.mkOption { + type = lib.types.bool; default = false; description = '' Upload data over multiple TCP connections, potentially @@ -162,22 +159,22 @@ in ''; }; - directories = mkOption { - type = types.listOf types.path; + directories = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = "List of filesystem paths to archive."; }; - excludes = mkOption { - type = types.listOf types.str; + excludes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Exclude files and directories matching these patterns. ''; }; - includes = mkOption { - type = types.listOf types.str; + includes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Include only files and directories matching these @@ -187,8 +184,8 @@ in ''; }; - lowmem = mkOption { - type = types.bool; + lowmem = lib.mkOption { + type = lib.types.bool; default = false; description = '' Reduce memory consumption by not caching small files. @@ -198,8 +195,8 @@ in ''; }; - verylowmem = mkOption { - type = types.bool; + verylowmem = lib.mkOption { + type = lib.types.bool; default = false; description = '' Reduce memory consumption by a factor of 2 beyond what @@ -208,8 +205,8 @@ in ''; }; - maxbw = mkOption { - type = types.nullOr types.int; + maxbw = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' Abort archival if upstream bandwidth usage in bytes @@ -217,40 +214,40 @@ in ''; }; - maxbwRateUp = mkOption { - type = types.nullOr types.int; + maxbwRateUp = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; - example = literalExpression "25 * 1000"; + example = lib.literalExpression "25 * 1000"; description = '' Upload bandwidth rate limit in bytes. ''; }; - maxbwRateDown = mkOption { - type = types.nullOr types.int; + maxbwRateDown = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; - example = literalExpression "50 * 1000"; + example = lib.literalExpression "50 * 1000"; description = '' Download bandwidth rate limit in bytes. ''; }; - verbose = mkOption { - type = types.bool; + verbose = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to produce verbose logging output. ''; }; - explicitSymlinks = mkOption { - type = types.bool; + explicitSymlinks = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to follow symlinks specified as archives. ''; }; - followSymlinks = mkOption { - type = types.bool; + followSymlinks = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to follow all symlinks in archive trees. @@ -262,7 +259,7 @@ in default = {}; - example = literalExpression '' + example = lib.literalExpression '' { nixos = { directories = [ "/home" "/root/ssl" ]; @@ -292,19 +289,19 @@ in }; }; - config = mkIf gcfg.enable { + config = lib.mkIf gcfg.enable { assertions = - (mapAttrsToList (name: cfg: + (lib.mapAttrsToList (name: cfg: { assertion = cfg.directories != []; message = "Must specify paths for tarsnap to back up"; }) gcfg.archives) ++ - (mapAttrsToList (name: cfg: + (lib.mapAttrsToList (name: cfg: { assertion = !(cfg.lowmem && cfg.verylowmem); message = "You cannot set both lowmem and verylowmem"; }) gcfg.archives); systemd.services = - (mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" { + (lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-${name}" { description = "Tarsnap archive '${name}'"; requires = [ "network-online.target" ]; after = [ "network-online.target" ]; @@ -322,11 +319,11 @@ in script = let tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; run = ''${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \ - ${optionalString cfg.verbose "-v"} \ - ${optionalString cfg.explicitSymlinks "-H"} \ - ${optionalString cfg.followSymlinks "-L"} \ - ${concatStringsSep " " cfg.directories}''; - cachedir = escapeShellArg cfg.cachedir; + ${lib.optionalString cfg.verbose "-v"} \ + ${lib.optionalString cfg.explicitSymlinks "-H"} \ + ${lib.optionalString cfg.followSymlinks "-L"} \ + ${lib.concatStringsSep " " cfg.directories}''; + cachedir = lib.escapeShellArg cfg.cachedir; in if (cfg.cachedir != null) then '' mkdir -p ${cachedir} chmod 0700 ${cachedir} @@ -353,7 +350,7 @@ in }; }) gcfg.archives) // - (mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{ + (lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-restore-${name}"{ description = "Tarsnap restore '${name}'"; requires = [ "network-online.target" ]; @@ -362,8 +359,8 @@ in script = let tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; lastArchive = "$(${tarsnap} --list-archives | sort | tail -1)"; - run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}''; - cachedir = escapeShellArg cfg.cachedir; + run = ''${tarsnap} -x -f "${lastArchive}" ${lib.optionalString cfg.verbose "-v"}''; + cachedir = lib.escapeShellArg cfg.cachedir; in if (cfg.cachedir != null) then '' mkdir -p ${cachedir} @@ -393,14 +390,14 @@ in # Note: the timer must be Persistent=true, so that systemd will start it even # if e.g. your laptop was asleep while the latest interval occurred. - systemd.timers = mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" + systemd.timers = lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-${name}" { timerConfig.OnCalendar = cfg.period; timerConfig.Persistent = "true"; wantedBy = [ "timers.target" ]; }) gcfg.archives; environment.etc = - mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf" + lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap/${name}.conf" { text = configFile name cfg; }) gcfg.archives; diff --git a/nixos/modules/services/backup/zfs-replication.nix b/nixos/modules/services/backup/zfs-replication.nix index c89d6fb8ad60b42..5aefaa35df5091b 100644 --- a/nixos/modules/services/backup/zfs-replication.nix +++ b/nixos/modules/services/backup/zfs-replication.nix @@ -1,56 +1,53 @@ { lib, pkgs, config, ... }: - -with lib; - let cfg = config.services.zfs.autoReplication; - recursive = optionalString cfg.recursive " --recursive"; - followDelete = optionalString cfg.followDelete " --follow-delete"; + recursive = lib.optionalString cfg.recursive " --recursive"; + followDelete = lib.optionalString cfg.followDelete " --follow-delete"; in { options = { services.zfs.autoReplication = { - enable = mkEnableOption "ZFS snapshot replication"; + enable = lib.mkEnableOption "ZFS snapshot replication"; - followDelete = mkOption { + followDelete = lib.mkOption { description = "Remove remote snapshots that don't have a local correspondent."; default = true; - type = types.bool; + type = lib.types.bool; }; - host = mkOption { + host = lib.mkOption { description = "Remote host where snapshots should be sent. `lz4` is expected to be installed on this host."; example = "example.com"; - type = types.str; + type = lib.types.str; }; - identityFilePath = mkOption { + identityFilePath = lib.mkOption { description = "Path to SSH key used to login to host."; example = "/home/username/.ssh/id_rsa"; - type = types.path; + type = lib.types.path; }; - localFilesystem = mkOption { + localFilesystem = lib.mkOption { description = "Local ZFS filesystem from which snapshots should be sent. Defaults to the attribute name."; example = "pool/file/path"; - type = types.str; + type = lib.types.str; }; - remoteFilesystem = mkOption { + remoteFilesystem = lib.mkOption { description = "Remote ZFS filesystem where snapshots should be sent."; example = "pool/file/path"; - type = types.str; + type = lib.types.str; }; - recursive = mkOption { + recursive = lib.mkOption { description = "Recursively discover snapshots to send."; default = true; - type = types.bool; + type = lib.types.bool; }; - username = mkOption { + username = lib.mkOption { description = "Username used by SSH to login to remote host."; example = "username"; - type = types.str; + type = lib.types.str; }; }; }; @@ -73,7 +70,7 @@ in { "https://github.com/alunduil/zfs-replicate" ]; restartIfChanged = false; - serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${escapeShellArg cfg.username} -i ${escapeShellArg cfg.identityFilePath}${followDelete} ${escapeShellArg cfg.host} ${escapeShellArg cfg.remoteFilesystem} ${escapeShellArg cfg.localFilesystem}"; + serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${lib.escapeShellArg cfg.username} -i ${lib.escapeShellArg cfg.identityFilePath}${followDelete} ${lib.escapeShellArg cfg.host} ${lib.escapeShellArg cfg.remoteFilesystem} ${lib.escapeShellArg cfg.localFilesystem}"; wantedBy = [ "zfs-snapshot-daily.service" "zfs-snapshot-frequent.service" diff --git a/nixos/modules/services/backup/zrepl.nix b/nixos/modules/services/backup/zrepl.nix index a0e9a0da7e49382..d46823adbadbdc2 100644 --- a/nixos/modules/services/backup/zrepl.nix +++ b/nixos/modules/services/backup/zrepl.nix @@ -1,27 +1,25 @@ { config, pkgs, lib, ... }: - -with lib; let cfg = config.services.zrepl; format = pkgs.formats.yaml { }; configFile = format.generate "zrepl.yml" cfg.settings; in { - meta.maintainers = with maintainers; [ cole-h ]; + meta.maintainers = with lib.maintainers; [ cole-h ]; options = { services.zrepl = { - enable = mkEnableOption "zrepl"; + enable = lib.mkEnableOption "zrepl"; - package = mkPackageOption pkgs "zrepl" { }; + package = lib.mkPackageOption pkgs "zrepl" { }; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' Configuration for zrepl. See for more information. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; }; @@ -30,7 +28,7 @@ in ### Implementation ### - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; # zrepl looks for its config in this location by default. This diff --git a/nixos/modules/services/blockchain/ethereum/erigon.nix b/nixos/modules/services/blockchain/ethereum/erigon.nix index 24705b3433df48a..5ac952339151970 100644 --- a/nixos/modules/services/blockchain/ethereum/erigon.nix +++ b/nixos/modules/services/blockchain/ethereum/erigon.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.erigon; @@ -11,18 +9,18 @@ in { options = { services.erigon = { - enable = mkEnableOption "Ethereum implementation on the efficiency frontier"; + enable = lib.mkEnableOption "Ethereum implementation on the efficiency frontier"; - package = mkPackageOption pkgs "erigon" { }; + package = lib.mkPackageOption pkgs "erigon" { }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Additional arguments passed to Erigon"; default = [ ]; }; - secretJwtPath = mkOption { - type = types.path; + secretJwtPath = lib.mkOption { + type = lib.types.path; description = '' Path to the secret jwt used for the http api authentication. ''; @@ -30,7 +28,7 @@ in { example = "config.age.secrets.ERIGON_JWT.path"; }; - settings = mkOption { + settings = lib.mkOption { description = '' Configuration for Erigon Refer to for details on supported values. @@ -52,7 +50,7 @@ in { "log.console.verbosity" = 3; # info }; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' { datadir = "/var/lib/erigon"; chain = "mainnet"; @@ -71,20 +69,20 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Default values are the same as in the binary, they are just written here for convenience. services.erigon.settings = { - datadir = mkDefault "/var/lib/erigon"; - chain = mkDefault "mainnet"; - http = mkDefault true; - "http.port" = mkDefault 8545; - "http.api" = mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; - ws = mkDefault true; - port = mkDefault 30303; - "authrpc.port" = mkDefault 8551; - "torrent.port" = mkDefault 42069; - "private.api.addr" = mkDefault "localhost:9090"; - "log.console.verbosity" = mkDefault 3; # info + datadir = lib.mkDefault "/var/lib/erigon"; + chain = lib.mkDefault "mainnet"; + http = lib.mkDefault true; + "http.port" = lib.mkDefault 8545; + "http.api" = lib.mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; + ws = lib.mkDefault true; + port = lib.mkDefault 30303; + "authrpc.port" = lib.mkDefault 8551; + "torrent.port" = lib.mkDefault 42069; + "private.api.addr" = lib.mkDefault "localhost:9090"; + "log.console.verbosity" = lib.mkDefault 3; # info }; systemd.services.erigon = { diff --git a/nixos/modules/services/blockchain/ethereum/geth.nix b/nixos/modules/services/blockchain/ethereum/geth.nix index f2a7e080ada19c6..adf9fc1db32a84e 100644 --- a/nixos/modules/services/blockchain/ethereum/geth.nix +++ b/nixos/modules/services/blockchain/ethereum/geth.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let eachGeth = config.services.geth; @@ -11,28 +8,28 @@ let enable = lib.mkEnableOption "Go Ethereum Node"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 30303; description = "Port number Go Ethereum will be listening on, both TCP and UDP."; }; http = { enable = lib.mkEnableOption "Go Ethereum HTTP API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum HTTP API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8545; description = "Port number of Go Ethereum HTTP API."; }; - apis = mkOption { - type = types.nullOr (types.listOf types.str); + apis = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = "APIs to enable over WebSocket"; example = ["net" "eth"]; @@ -41,20 +38,20 @@ let websocket = { enable = lib.mkEnableOption "Go Ethereum WebSocket API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum WebSocket API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8546; description = "Port number of Go Ethereum WebSocket API."; }; - apis = mkOption { - type = types.nullOr (types.listOf types.str); + apis = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = "APIs to enable over WebSocket"; example = ["net" "eth"]; @@ -63,27 +60,27 @@ let authrpc = { enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum Auth RPC API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8551; description = "Port number of Go Ethereum Auth RPC API."; }; - vhosts = mkOption { - type = types.nullOr (types.listOf types.str); + vhosts = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = ["localhost"]; description = "List of virtual hostnames from which to accept requests."; example = ["localhost" "geth.example.org"]; }; - jwtsecret = mkOption { - type = types.str; + jwtsecret = lib.mkOption { + type = lib.types.str; default = ""; description = "Path to a JWT secret for authenticated RPC endpoint."; example = "/var/run/geth/jwtsecret"; @@ -92,50 +89,50 @@ let metrics = { enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum metrics service."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 6060; description = "Port number of Go Ethereum metrics service."; }; }; - network = mkOption { - type = types.nullOr (types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); + network = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); default = null; description = "The network to connect to. Mainnet (null) is the default ethereum network."; }; - syncmode = mkOption { - type = types.enum [ "snap" "fast" "full" "light" ]; + syncmode = lib.mkOption { + type = lib.types.enum [ "snap" "fast" "full" "light" ]; default = "snap"; description = "Blockchain sync mode."; }; - gcmode = mkOption { - type = types.enum [ "full" "archive" ]; + gcmode = lib.mkOption { + type = lib.types.enum [ "full" "archive" ]; default = "full"; description = "Blockchain garbage collection mode."; }; - maxpeers = mkOption { - type = types.int; + maxpeers = lib.mkOption { + type = lib.types.int; default = 50; description = "Maximum peers to connect to."; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Additional arguments passed to Go Ethereum."; default = []; }; - package = mkPackageOption pkgs [ "go-ethereum" "geth" ] { }; + package = lib.mkPackageOption pkgs [ "go-ethereum" "geth" ] { }; }; }; in @@ -145,8 +142,8 @@ in ###### interface options = { - services.geth = mkOption { - type = types.attrsOf (types.submodule gethOpts); + services.geth = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule gethOpts); default = {}; description = "Specification of one or more geth instances."; }; @@ -154,17 +151,17 @@ in ###### implementation - config = mkIf (eachGeth != {}) { + config = lib.mkIf (eachGeth != {}) { - environment.systemPackages = flatten (mapAttrsToList (gethName: cfg: [ + environment.systemPackages = lib.flatten (lib.mapAttrsToList (gethName: cfg: [ cfg.package ]) eachGeth); - systemd.services = mapAttrs' (gethName: cfg: let + systemd.services = lib.mapAttrs' (gethName: cfg: let stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; dataDir = "/var/lib/${stateDir}"; in ( - nameValuePair "geth-${gethName}" (mkIf cfg.enable { + lib.nameValuePair "geth-${gethName}" (lib.mkIf cfg.enable { description = "Go Ethereum node (${gethName})"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -186,16 +183,16 @@ in ${cfg.package}/bin/geth \ --nousb \ --ipcdisable \ - ${optionalString (cfg.network != null) ''--${cfg.network}''} \ + ${lib.optionalString (cfg.network != null) ''--${cfg.network}''} \ --syncmode ${cfg.syncmode} \ --gcmode ${cfg.gcmode} \ --port ${toString cfg.port} \ --maxpeers ${toString cfg.maxpeers} \ - ${optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \ - ${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ - ${optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \ - ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ - ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ + ${lib.optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \ + ${lib.optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ + ${lib.optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \ + ${lib.optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ + ${lib.optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ ${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \ ${lib.escapeShellArgs cfg.extraArgs} \ diff --git a/nixos/modules/services/blockchain/ethereum/lighthouse.nix b/nixos/modules/services/blockchain/ethereum/lighthouse.nix index a5ace1a9450f337..66a762763cb8c79 100644 --- a/nixos/modules/services/blockchain/ethereum/lighthouse.nix +++ b/nixos/modules/services/blockchain/ethereum/lighthouse.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.lighthouse; @@ -8,47 +6,47 @@ in { options = { services.lighthouse = { - beacon = mkOption { + beacon = lib.mkOption { description = "Beacon node"; default = {}; - type = types.submodule { + type = lib.types.submodule { options = { enable = lib.mkEnableOption "Lightouse Beacon node"; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/lighthouse-beacon"; description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "0.0.0.0"; description = '' Listen address of Beacon node. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 9000; description = '' Port number the Beacon node will be listening on. ''; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open the port in the firewall ''; }; - disableDepositContractSync = mkOption { - type = types.bool; + disableDepositContractSync = lib.mkOption { + type = lib.types.bool; default = false; description = '' Explicitly disables syncing of deposit logs from the execution node. @@ -58,24 +56,24 @@ in { }; execution = { - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address for the execution layer. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8551; description = '' Port number the Beacon node will be listening on for the execution layer. ''; }; - jwtPath = mkOption { - type = types.str; + jwtPath = lib.mkOption { + type = lib.types.str; default = ""; description = '' Path for the jwt secret required to connect to the execution layer. @@ -85,16 +83,16 @@ in { http = { enable = lib.mkEnableOption "Beacon node http api"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5052; description = '' Port number of Beacon node RPC service. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Beacon node RPC service. @@ -104,16 +102,16 @@ in { metrics = { enable = lib.mkEnableOption "Beacon node prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Beacon node metrics service. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5054; description = '' Port number of Beacon node metrics service. @@ -121,8 +119,8 @@ in { }; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to the lighthouse beacon command. ''; @@ -133,27 +131,27 @@ in { }; }; - validator = mkOption { + validator = lib.mkOption { description = "Validator node"; default = {}; - type = types.submodule { + type = lib.types.submodule { options = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable Lightouse Validator node."; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/lighthouse-validator"; description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; - beaconNodes = mkOption { - type = types.listOf types.str; + beaconNodes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = ["http://localhost:5052"]; description = '' Beacon nodes to connect to. @@ -162,16 +160,16 @@ in { metrics = { enable = lib.mkEnableOption "Validator node prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Validator node metrics service. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5056; description = '' Port number of Validator node metrics service. @@ -179,8 +177,8 @@ in { }; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to the lighthouse validator command. ''; @@ -191,16 +189,16 @@ in { }; }; - network = mkOption { - type = types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; + network = lib.mkOption { + type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. ''; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to every lighthouse command. ''; @@ -210,17 +208,17 @@ in { }; }; - config = mkIf (cfg.beacon.enable || cfg.validator.enable) { + config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ pkgs.lighthouse ] ; - networking.firewall = mkIf cfg.beacon.enable { - allowedTCPPorts = mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; - allowedUDPPorts = mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; + networking.firewall = lib.mkIf cfg.beacon.enable { + allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; + allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; - systemd.services.lighthouse-beacon = mkIf cfg.beacon.enable { + systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -268,7 +266,7 @@ in { }; }; - systemd.services.lighthouse-validator = mkIf cfg.validator.enable { + systemd.services.lighthouse-validator = lib.mkIf cfg.validator.enable { description = "Lighthouse validtor node (manages validators, using data obtained from the beacon node via a HTTP API)"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -281,7 +279,7 @@ in { --network ${cfg.network} \ --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \ --datadir ${cfg.validator.dataDir}/${cfg.network} \ - ${optionalString cfg.validator.metrics.enable ''--metrics --metrics-address ${cfg.validator.metrics.address} --metrics-port ${toString cfg.validator.metrics.port}''} \ + ${lib.optionalString cfg.validator.metrics.enable ''--metrics --metrics-address ${cfg.validator.metrics.address} --metrics-port ${toString cfg.validator.metrics.port}''} \ ${cfg.extraArgs} ${cfg.validator.extraArgs} ''; diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix index 83dfe2067147079..2925745c9e0945a 100644 --- a/nixos/modules/services/cluster/k3s/default.nix +++ b/nixos/modules/services/cluster/k3s/default.nix @@ -4,8 +4,6 @@ pkgs, ... }: - -with lib; let cfg = config.services.k3s; removeOption = @@ -98,7 +96,7 @@ let } ); - enabledManifests = with builtins; filter (m: m.enable) (attrValues cfg.manifests); + enabledManifests = lib.filter (m: m.enable) (lib.attrValues cfg.manifests); linkManifestEntry = m: "${pkgs.coreutils-full}/bin/ln -sfn ${m.source} ${manifestDir}/${m.target}"; linkImageEntry = image: "${pkgs.coreutils-full}/bin/ln -sfn ${image} ${imageDir}/${image.name}"; linkChartEntry = @@ -132,11 +130,11 @@ in # interface options.services.k3s = { - enable = mkEnableOption "k3s"; + enable = lib.mkEnableOption "k3s"; - package = mkPackageOption pkgs "k3s" { }; + package = lib.mkPackageOption pkgs "k3s" { }; - role = mkOption { + role = lib.mkOption { description = '' Whether k3s should run as a server or agent. @@ -152,14 +150,14 @@ in - `serverAddr` is required. ''; default = "server"; - type = types.enum [ + type = lib.types.enum [ "server" "agent" ]; }; - serverAddr = mkOption { - type = types.str; + serverAddr = lib.mkOption { + type = lib.types.str; description = '' The k3s server to connect to. @@ -171,8 +169,8 @@ in default = ""; }; - clusterInit = mkOption { - type = types.bool; + clusterInit = lib.mkOption { + type = lib.types.bool; default = false; description = '' Initialize HA cluster using an embedded etcd datastore. @@ -193,8 +191,8 @@ in ''; }; - token = mkOption { - type = types.str; + token = lib.mkOption { + type = lib.types.str; description = '' The k3s token to use when connecting to a server. @@ -204,15 +202,15 @@ in default = ""; }; - tokenFile = mkOption { - type = types.nullOr types.path; + tokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing k3s token to use when connecting to the server."; default = null; }; - extraFlags = mkOption { + extraFlags = lib.mkOption { description = "Extra flags to pass to the k3s command."; - type = with types; either str (listOf str); + type = with lib.types; either str (listOf str); default = [ ]; example = [ "--no-deploy traefik" @@ -220,28 +218,28 @@ in ]; }; - disableAgent = mkOption { - type = types.bool; + disableAgent = lib.mkOption { + type = lib.types.bool; default = false; description = "Only run the server. This option only makes sense for a server."; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = '' File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5). ''; default = null; }; - configPath = mkOption { - type = types.nullOr types.path; + configPath = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot)."; }; - manifests = mkOption { - type = types.attrsOf manifestModule; + manifests = lib.mkOption { + type = lib.types.attrsOf manifestModule; default = { }; example = lib.literalExpression '' deployment.source = ../manifests/deployment.yaml; @@ -328,8 +326,8 @@ in ''; }; - charts = mkOption { - type = with types; attrsOf (either path package); + charts = lib.mkOption { + type = with lib.types; attrsOf (either path package); default = { }; example = lib.literalExpression '' nginx = ../charts/my-nginx-chart.tgz; @@ -346,8 +344,8 @@ in ''; }; - containerdConfigTemplate = mkOption { - type = types.nullOr types.str; + containerdConfigTemplate = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = lib.literalExpression '' # Base K3s config @@ -366,8 +364,8 @@ in ''; }; - images = mkOption { - type = with types; listOf package; + images = lib.mkOption { + type = with lib.types; listOf package; default = [ ]; example = lib.literalExpression '' [ @@ -440,7 +438,7 @@ in # implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { warnings = (lib.optional (cfg.role != "server" && cfg.manifests != { }) "k3s: Auto deploying manifests are only installed on server nodes (role == server), they will be ignored by this node." @@ -500,7 +498,7 @@ in "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - path = optional config.boot.zfs.enabled config.boot.zfs.package; + path = lib.optional config.boot.zfs.enabled config.boot.zfs.package; serviceConfig = { # See: https://github.com/rancher/k3s/blob/dddbd16305284ae4bd14c0aade892412310d7edc/install.sh#L197 Type = if cfg.role == "agent" then "exec" else "notify"; @@ -514,15 +512,15 @@ in TasksMax = "infinity"; EnvironmentFile = cfg.environmentFile; ExecStartPre = activateK3sContent; - ExecStart = concatStringsSep " \\\n " ( + ExecStart = lib.concatStringsSep " \\\n " ( [ "${cfg.package}/bin/k3s ${cfg.role}" ] - ++ (optional cfg.clusterInit "--cluster-init") - ++ (optional cfg.disableAgent "--disable-agent") - ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") - ++ (optional (cfg.token != "") "--token ${cfg.token}") - ++ (optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}") - ++ (optional (cfg.configPath != null) "--config ${cfg.configPath}") - ++ (optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}") + ++ (lib.optional cfg.clusterInit "--cluster-init") + ++ (lib.optional cfg.disableAgent "--disable-agent") + ++ (lib.optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") + ++ (lib.optional (cfg.token != "") "--token ${cfg.token}") + ++ (lib.optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}") + ++ (lib.optional (cfg.configPath != null) "--config ${cfg.configPath}") + ++ (lib.optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}") ++ (lib.flatten cfg.extraFlags) ); }; diff --git a/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixos/modules/services/cluster/kubernetes/addons/dns.nix index a03aa7329a32a84..485c6f8e2b5fea9 100644 --- a/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -1,7 +1,4 @@ { config, options, pkgs, lib, ... }: - -with lib; - let version = "1.10.1"; cfg = config.services.kubernetes.addons.dns; @@ -12,37 +9,37 @@ let }; in { options.services.kubernetes.addons.dns = { - enable = mkEnableOption "kubernetes dns addon"; + enable = lib.mkEnableOption "kubernetes dns addon"; - clusterIp = mkOption { + clusterIp = lib.mkOption { description = "Dns addon clusterIP"; # this default is also what kubernetes users default = ( - concatStringsSep "." ( - take 3 (splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange + lib.concatStringsSep "." ( + lib.take 3 (lib.splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange )) ) + ".254"; - defaultText = literalMD '' + defaultText = lib.literalMD '' The `x.y.z.254` IP of `config.${options.services.kubernetes.apiserver.serviceClusterIpRange}`. ''; - type = types.str; + type = lib.types.str; }; - clusterDomain = mkOption { + clusterDomain = lib.mkOption { description = "Dns cluster domain"; default = "cluster.local"; - type = types.str; + type = lib.types.str; }; - replicas = mkOption { + replicas = lib.mkOption { description = "Number of DNS pod replicas to deploy in the cluster."; default = 2; - type = types.int; + type = lib.types.int; }; - reconcileMode = mkOption { + reconcileMode = lib.mkOption { description = '' Controls the addon manager reconciliation mode for the DNS addon. @@ -51,12 +48,12 @@ in { See: . ''; default = "Reconcile"; - type = types.enum [ "Reconcile" "EnsureExists" ]; + type = lib.types.enum [ "Reconcile" "EnsureExists" ]; }; - coredns = mkOption { + coredns = lib.mkOption { description = "Docker image to seed for the CoreDNS container."; - type = types.attrs; + type = lib.types.attrs; default = { imageName = "coredns/coredns"; imageDigest = "sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e"; @@ -65,13 +62,13 @@ in { }; }; - corefile = mkOption { + corefile = lib.mkOption { description = '' Custom coredns corefile configuration. See: . ''; - type = types.str; + type = lib.types.str; default = '' .:${toString ports.dns} { errors @@ -87,7 +84,7 @@ in { reload loadbalance }''; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' ''' .:${toString ports.dns} { errors @@ -108,9 +105,9 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.kubernetes.kubelet.seedDockerImages = - singleton (pkgs.dockerTools.pullImage cfg.coredns); + lib.singleton (pkgs.dockerTools.pullImage cfg.coredns); services.kubernetes.addonManager.bootstrapAddons = { coredns-cr = { @@ -366,7 +363,7 @@ in { }; }; - services.kubernetes.kubelet.clusterDns = mkDefault [ cfg.clusterIp ]; + services.kubernetes.kubelet.clusterDns = lib.mkDefault [ cfg.clusterIp ]; }; meta.buildDocsInSandbox = false; diff --git a/nixos/modules/services/cluster/pacemaker/default.nix b/nixos/modules/services/cluster/pacemaker/default.nix index 005a952e80254da..92cd9311eb7d550 100644 --- a/nixos/modules/services/cluster/pacemaker/default.nix +++ b/nixos/modules/services/cluster/pacemaker/default.nix @@ -1,19 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.pacemaker; in { # interface options.services.pacemaker = { - enable = mkEnableOption "pacemaker"; + enable = lib.mkEnableOption "pacemaker"; - package = mkPackageOption pkgs "pacemaker" { }; + package = lib.mkPackageOption pkgs "pacemaker" { }; }; # implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = config.services.corosync.enable; message = '' diff --git a/nixos/modules/services/cluster/patroni/default.nix b/nixos/modules/services/cluster/patroni/default.nix index 3b563bb89fffbe0..91eb9214a60e4b4 100644 --- a/nixos/modules/services/cluster/patroni/default.nix +++ b/nixos/modules/services/cluster/patroni/default.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.patroni; defaultUser = "patroni"; @@ -21,20 +20,20 @@ in options.services.patroni = { - enable = mkEnableOption "Patroni"; + enable = lib.mkEnableOption "Patroni"; - postgresqlPackage = mkOption { - type = types.package; - example = literalExpression "pkgs.postgresql_14"; + postgresqlPackage = lib.mkOption { + type = lib.types.package; + example = lib.literalExpression "pkgs.postgresql_14"; description = '' PostgreSQL package to use. Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`. ''; }; - postgresqlDataDir = mkOption { - type = types.path; - defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; + postgresqlDataDir = lib.mkOption { + type = lib.types.path; + defaultText = lib.literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; example = "/var/lib/postgresql/14"; default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}"; description = '' @@ -45,16 +44,16 @@ in ''; }; - postgresqlPort = mkOption { - type = types.port; + postgresqlPort = lib.mkOption { + type = lib.types.port; default = 5432; description = '' The port on which PostgreSQL listens. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; example = "postgres"; description = '' @@ -63,8 +62,8 @@ in ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = defaultGroup; example = "postgres"; description = '' @@ -73,64 +72,64 @@ in ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/patroni"; description = '' Folder where Patroni data will be written, this is where the pgpass password file will be written. ''; }; - scope = mkOption { - type = types.str; + scope = lib.mkOption { + type = lib.types.str; example = "cluster1"; description = '' Cluster name. ''; }; - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; example = "node1"; description = '' The name of the host. Must be unique for the cluster. ''; }; - namespace = mkOption { - type = types.str; + namespace = lib.mkOption { + type = lib.types.str; default = "/service"; description = '' Path within the configuration store where Patroni will keep information about the cluster. ''; }; - nodeIp = mkOption { - type = types.str; + nodeIp = lib.mkOption { + type = lib.types.str; example = "192.168.1.1"; description = '' IP address of this node. ''; }; - otherNodesIps = mkOption { - type = types.listOf types.str; + otherNodesIps = lib.mkOption { + type = lib.types.listOf lib.types.str; example = [ "192.168.1.2" "192.168.1.3" ]; description = '' IP addresses of the other nodes. ''; }; - restApiPort = mkOption { - type = types.port; + restApiPort = lib.mkOption { + type = lib.types.port; default = 8008; description = '' The port on Patroni's REST api listens. ''; }; - softwareWatchdog = mkOption { - type = types.bool; + softwareWatchdog = lib.mkOption { + type = lib.types.bool; default = false; description = '' This will configure Patroni to use the software watchdog built into the Linux kernel @@ -138,7 +137,7 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -148,8 +147,8 @@ in ''; }; - environmentFiles = mkOption { - type = with types; attrsOf (nullOr (oneOf [ str path package ])); + environmentFiles = lib.mkOption { + type = with lib.types; attrsOf (nullOr (oneOf [ str path package ])); default = { }; example = { PATRONI_REPLICATION_PASSWORD = "/secret/file"; @@ -159,7 +158,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.patroni.settings = { scope = cfg.scope; @@ -179,7 +178,7 @@ in pgpass = "${cfg.dataDir}/pgpass"; }; - watchdog = mkIf cfg.softwareWatchdog { + watchdog = lib.mkIf cfg.softwareWatchdog { mode = "required"; device = "/dev/watchdog"; safety_margin = 5; @@ -188,13 +187,13 @@ in users = { - users = mkIf (cfg.user == defaultUser) { + users = lib.mkIf (cfg.user == defaultUser) { patroni = { group = cfg.group; isSystemUser = true; }; }; - groups = mkIf (cfg.group == defaultGroup) { + groups = lib.mkIf (cfg.group == defaultGroup) { patroni = { }; }; }; @@ -207,11 +206,11 @@ in after = [ "network.target" ]; script = '' - ${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))} + ${lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs (name: path: ''export ${name}="$(< ${lib.escapeShellArg path})"'') cfg.environmentFiles))} exec ${pkgs.patroni}/bin/patroni ${configFile} ''; - serviceConfig = mkMerge [ + serviceConfig = lib.mkMerge [ { User = cfg.user; Group = cfg.group; @@ -221,7 +220,7 @@ in ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID"; KillMode = "process"; } - (mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") { + (lib.mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") { StateDirectory = "patroni postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}"; StateDirectoryMode = "0750"; }) @@ -229,9 +228,9 @@ in }; }; - boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ]; + boot.kernelModules = lib.mkIf cfg.softwareWatchdog [ "softdog" ]; - services.udev.extraRules = mkIf cfg.softwareWatchdog '' + services.udev.extraRules = lib.mkIf cfg.softwareWatchdog '' KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600" ''; @@ -247,5 +246,5 @@ in }; }; - meta.maintainers = [ maintainers.phfroidmont ]; + meta.maintainers = [ lib.maintainers.phfroidmont ]; } diff --git a/nixos/modules/services/cluster/rke2/default.nix b/nixos/modules/services/cluster/rke2/default.nix index 51b849ebcc802c3..2e6816f43374fe3 100644 --- a/nixos/modules/services/cluster/rke2/default.nix +++ b/nixos/modules/services/cluster/rke2/default.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.rke2; in @@ -8,12 +6,12 @@ in imports = [ ]; options.services.rke2 = { - enable = mkEnableOption "rke2"; + enable = lib.mkEnableOption "rke2"; - package = mkPackageOption pkgs "rke2" { }; + package = lib.mkPackageOption pkgs "rke2" { }; - role = mkOption { - type = types.enum [ "server" "agent" ]; + role = lib.mkOption { + type = lib.types.enum [ "server" "agent" ]; description = '' Whether rke2 should run as a server or agent. @@ -31,26 +29,26 @@ in default = "server"; }; - configPath = mkOption { - type = types.path; + configPath = lib.mkOption { + type = lib.types.path; description = "Load configuration from FILE."; default = "/etc/rancher/rke2/config.yaml"; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; description = "Turn on debug logs."; default = false; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; description = "The folder to hold state in."; default = "/var/lib/rancher/rke2"; }; - token = mkOption { - type = types.str; + token = lib.mkOption { + type = lib.types.str; description = '' Shared secret used to join a server or agent to a cluster. @@ -60,44 +58,44 @@ in default = ""; }; - tokenFile = mkOption { - type = types.nullOr types.path; + tokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing rke2 token to use when connecting to the server."; default = null; }; - disable = mkOption { - type = types.listOf types.str; + disable = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Do not deploy packaged components and delete any deployed components."; default = [ ]; }; - nodeName = mkOption { - type = types.nullOr types.str; + nodeName = lib.mkOption { + type = lib.types.nullOr lib.types.str; description = "Node name."; default = null; }; - nodeLabel = mkOption { - type = types.listOf types.str; + nodeLabel = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Registering and starting kubelet with set of labels."; default = [ ]; }; - nodeTaint = mkOption { - type = types.listOf types.str; + nodeTaint = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Registering kubelet with set of taints."; default = [ ]; }; - nodeIP = mkOption { - type = types.nullOr types.str; + nodeIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; description = "IPv4/IPv6 addresses to advertise for node."; default = null; }; - agentToken = mkOption { - type = types.str; + agentToken = lib.mkOption { + type = lib.types.str; description = '' Shared secret used to join agents to the cluster, but not servers. @@ -107,27 +105,27 @@ in default = ""; }; - agentTokenFile = mkOption { - type = types.nullOr types.path; + agentTokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing rke2 agent token to use when connecting to the server."; default = null; }; - serverAddr = mkOption { - type = types.str; + serverAddr = lib.mkOption { + type = lib.types.str; description = "The rke2 server to connect to, used to join a cluster."; example = "https://10.0.0.10:6443"; default = ""; }; - selinux = mkOption { - type = types.bool; + selinux = lib.mkOption { + type = lib.types.bool; description = "Enable SELinux in containerd."; default = false; }; - cni = mkOption { - type = types.enum [ "none" "canal" "cilium" "calico" "flannel" ]; + cni = lib.mkOption { + type = lib.types.enum [ "none" "canal" "cilium" "calico" "flannel" ]; description = '' CNI Plugins to deploy, one of `none`, `calico`, `canal`, `cilium` or `flannel`. @@ -141,8 +139,8 @@ in default = "canal"; }; - cisHardening = mkOption { - type = types.bool; + cisHardening = lib.mkOption { + type = lib.types.bool; description = '' Enable CIS Hardening for RKE2. @@ -162,8 +160,8 @@ in default = false; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Extra flags to pass to the rke2 service/agent. @@ -176,8 +174,8 @@ in default = [ ]; }; - environmentVars = mkOption { - type = types.attrsOf types.str; + environmentVars = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = '' Environment variables for configuring the rke2 service/agent. @@ -199,7 +197,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.role == "agent" -> (builtins.pathExists cfg.configPath || cfg.serverAddr != ""); @@ -234,7 +232,7 @@ in ''; }; # See: https://docs.rke2.io/security/hardening_guide#set-kernel-parameters - boot.kernel.sysctl = mkIf cfg.cisHardening { + boot.kernel.sysctl = lib.mkIf cfg.cisHardening { "vm.panic_on_oom" = 0; "vm.overcommit_memory" = 1; "kernel.panic" = 10; @@ -254,7 +252,7 @@ in "-/etc/sysconfig/%N" "-/usr/local/lib/systemd/system/%N.env" ]; - Environment = mapAttrsToList (k: v: "${k}=${v}") cfg.environmentVars; + Environment = lib.mapAttrsToList (k: v: "${k}=${v}") cfg.environmentVars; KillMode = "process"; Delegate = "yes"; LimitNOFILE = 1048576; @@ -277,23 +275,23 @@ in "-${pkgs.kmod}/bin/modprobe br_netfilter" "-${pkgs.kmod}/bin/modprobe overlay" ]; - ExecStart = "${cfg.package}/bin/rke2 '${cfg.role}' ${escapeShellArgs ( - (optional (cfg.configPath != "/etc/rancher/rke2/config.yaml") "--config=${cfg.configPath}") - ++ (optional cfg.debug "--debug") - ++ (optional (cfg.dataDir != "/var/lib/rancher/rke2") "--data-dir=${cfg.dataDir}") - ++ (optional (cfg.token != "") "--token=${cfg.token}") - ++ (optional (cfg.tokenFile != null) "--token-file=${cfg.tokenFile}") - ++ (optionals (cfg.role == "server" && cfg.disable != [ ]) (map (d: "--disable=${d}") cfg.disable)) - ++ (optional (cfg.nodeName != null) "--node-name=${cfg.nodeName}") - ++ (optionals (cfg.nodeLabel != [ ]) (map (l: "--node-label=${l}") cfg.nodeLabel)) - ++ (optionals (cfg.nodeTaint != [ ]) (map (t: "--node-taint=${t}") cfg.nodeTaint)) - ++ (optional (cfg.nodeIP != null) "--node-ip=${cfg.nodeIP}") - ++ (optional (cfg.role == "server" && cfg.agentToken != "") "--agent-token=${cfg.agentToken}") - ++ (optional (cfg.role == "server" && cfg.agentTokenFile != null) "--agent-token-file=${cfg.agentTokenFile}") - ++ (optional (cfg.serverAddr != "") "--server=${cfg.serverAddr}") - ++ (optional cfg.selinux "--selinux") - ++ (optional (cfg.role == "server" && cfg.cni != "canal") "--cni=${cfg.cni}") - ++ (optional cfg.cisHardening "--profile=${if cfg.package.version >= "1.25" then "cis-1.23" else "cis-1.6"}") + ExecStart = "${cfg.package}/bin/rke2 '${cfg.role}' ${lib.escapeShellArgs ( + (lib.optional (cfg.configPath != "/etc/rancher/rke2/config.yaml") "--config=${cfg.configPath}") + ++ (lib.optional cfg.debug "--debug") + ++ (lib.optional (cfg.dataDir != "/var/lib/rancher/rke2") "--data-dir=${cfg.dataDir}") + ++ (lib.optional (cfg.token != "") "--token=${cfg.token}") + ++ (lib.optional (cfg.tokenFile != null) "--token-file=${cfg.tokenFile}") + ++ (lib.optionals (cfg.role == "server" && cfg.disable != [ ]) (map (d: "--disable=${d}") cfg.disable)) + ++ (lib.optional (cfg.nodeName != null) "--node-name=${cfg.nodeName}") + ++ (lib.optionals (cfg.nodeLabel != [ ]) (map (l: "--node-label=${l}") cfg.nodeLabel)) + ++ (lib.optionals (cfg.nodeTaint != [ ]) (map (t: "--node-taint=${t}") cfg.nodeTaint)) + ++ (lib.optional (cfg.nodeIP != null) "--node-ip=${cfg.nodeIP}") + ++ (lib.optional (cfg.role == "server" && cfg.agentToken != "") "--agent-token=${cfg.agentToken}") + ++ (lib.optional (cfg.role == "server" && cfg.agentTokenFile != null) "--agent-token-file=${cfg.agentTokenFile}") + ++ (lib.optional (cfg.serverAddr != "") "--server=${cfg.serverAddr}") + ++ (lib.optional cfg.selinux "--selinux") + ++ (lib.optional (cfg.role == "server" && cfg.cni != "canal") "--cni=${cfg.cni}") + ++ (lib.optional cfg.cisHardening "--profile=${if cfg.package.version >= "1.25" then "cis-1.23" else "cis-1.6"}") ++ cfg.extraFlags )}"; ExecStopPost = let diff --git a/nixos/modules/services/cluster/spark/default.nix b/nixos/modules/services/cluster/spark/default.nix index 7a3f768471c2186..c4ebd3424392846 100644 --- a/nixos/modules/services/cluster/spark/default.nix +++ b/nixos/modules/services/cluster/spark/default.nix @@ -2,20 +2,19 @@ let cfg = config.services.spark; in -with lib; { options = { services.spark = { master = { - enable = mkEnableOption "Spark master service"; - bind = mkOption { - type = types.str; + enable = lib.mkEnableOption "Spark master service"; + bind = lib.mkOption { + type = lib.types.str; description = "Address the spark master binds to."; default = "127.0.0.1"; example = "0.0.0.0"; }; - restartIfChanged = mkOption { - type = types.bool; + restartIfChanged = lib.mkOption { + type = lib.types.bool; description = '' Automatically restart master service on config change. This can be set to false to defer restarts on clusters running critical applications. @@ -24,8 +23,8 @@ with lib; ''; default = true; }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = "Extra environment variables to pass to spark master. See spark-standalone documentation."; default = {}; example = { @@ -35,19 +34,19 @@ with lib; }; }; worker = { - enable = mkEnableOption "Spark worker service"; - workDir = mkOption { - type = types.path; + enable = lib.mkEnableOption "Spark worker service"; + workDir = lib.mkOption { + type = lib.types.path; description = "Spark worker work dir."; default = "/var/lib/spark"; }; - master = mkOption { - type = types.str; + master = lib.mkOption { + type = lib.types.str; description = "Address of the spark master."; default = "127.0.0.1:7077"; }; - restartIfChanged = mkOption { - type = types.bool; + restartIfChanged = lib.mkOption { + type = lib.types.bool; description = '' Automatically restart worker service on config change. This can be set to false to defer restarts on clusters running critical applications. @@ -56,8 +55,8 @@ with lib; ''; default = true; }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = "Extra environment variables to pass to spark worker."; default = {}; example = { @@ -66,18 +65,18 @@ with lib; }; }; }; - confDir = mkOption { - type = types.path; + confDir = lib.mkOption { + type = lib.types.path; description = "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory."; default = "${cfg.package}/conf"; - defaultText = literalExpression ''"''${package}/conf"''; + defaultText = lib.literalExpression ''"''${package}/conf"''; }; - logDir = mkOption { - type = types.path; + logDir = lib.mkOption { + type = lib.types.path; description = "Spark log directory."; default = "/var/log/spark"; }; - package = mkPackageOption pkgs "spark" { + package = lib.mkPackageOption pkgs "spark" { example = '' spark.overrideAttrs (super: rec { pname = "spark"; diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index f22e6360e0fd4c8..01608d33d8d1d77 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -1,10 +1,7 @@ {config, lib, pkgs, ...}: - -with lib; - let cfg = config.services.boinc; - allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; + allowRemoteGuiRpcFlag = lib.optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; fhsEnv = pkgs.buildFHSEnv { name = "boinc-fhs-env"; @@ -16,8 +13,8 @@ let in { options.services.boinc = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the BOINC distributed computing client. If this @@ -27,20 +24,20 @@ in ''; }; - package = mkPackageOption pkgs "boinc" { + package = lib.mkPackageOption pkgs "boinc" { example = "boinc-headless"; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/boinc"; description = '' The directory in which to store BOINC's configuration and data files. ''; }; - allowRemoteGuiRpc = mkOption { - type = types.bool; + allowRemoteGuiRpc = lib.mkOption { + type = lib.types.bool; default = false; description = '' If set to true, any remote host can connect to and control this BOINC @@ -52,10 +49,10 @@ in ''; }; - extraEnvPackages = mkOption { - type = types.listOf types.package; + extraEnvPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.virtualbox ]"; + example = lib.literalExpression "[ pkgs.virtualbox ]"; description = '' Additional packages to make available in the environment in which BOINC will run. Common choices are: @@ -77,7 +74,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [cfg.package]; users.users.boinc = { diff --git a/nixos/modules/services/computing/foldingathome/client.nix b/nixos/modules/services/computing/foldingathome/client.nix index 8d330fd8717beeb..71fc58669d33bd4 100644 --- a/nixos/modules/services/computing/foldingathome/client.nix +++ b/nixos/modules/services/computing/foldingathome/client.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.foldingathome; @@ -11,19 +10,19 @@ let in { imports = [ - (mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ]) - (mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ]) - (mkRemovedOptionModule [ "services" "foldingathome" "config" ] '' + (lib.mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ]) + (lib.mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ]) + (lib.mkRemovedOptionModule [ "services" "foldingathome" "config" ] '' Use services.foldingathome.extraArgs instead '') ]; options.services.foldingathome = { - enable = mkEnableOption "Folding@home client"; + enable = lib.mkEnableOption "Folding@home client"; - package = mkPackageOption pkgs "fahclient" { }; + package = lib.mkPackageOption pkgs "fahclient" { }; - user = mkOption { - type = types.nullOr types.str; + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The user associated with the reported computation results. This will @@ -31,8 +30,8 @@ in ''; }; - team = mkOption { - type = types.int; + team = lib.mkOption { + type = lib.types.int; default = 236565; description = '' The team ID associated with the reported computation results. This @@ -42,8 +41,8 @@ in ''; }; - daemonNiceLevel = mkOption { - type = types.ints.between (-20) 19; + daemonNiceLevel = lib.mkOption { + type = lib.types.ints.between (-20) 19; default = 0; description = '' Daemon process priority for FAHClient. @@ -51,8 +50,8 @@ in ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra startup options for the FAHClient. Run @@ -61,7 +60,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.foldingathome = { description = "Folding@home client"; after = [ "network.target" ]; diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index 360a72677ce06bf..f4944d3ce31863c 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.slurm; @@ -15,8 +12,8 @@ let ClusterName=${cfg.clusterName} StateSaveLocation=${cfg.stateSaveLocation} SlurmUser=${cfg.user} - ${optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} - ${optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} + ${lib.optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} + ${lib.optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} ${toString (map (x: "NodeName=${x}\n") cfg.nodeName)} ${toString (map (x: "PartitionName=${x}\n") cfg.partitionName)} PlugStackConfig=${plugStackConfig}/plugstack.conf @@ -26,7 +23,7 @@ let plugStackConfig = pkgs.writeTextDir "plugstack.conf" '' - ${optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} + ${lib.optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} ${cfg.extraPlugstackConfig} ''; @@ -56,15 +53,15 @@ in ###### interface - meta.maintainers = [ maintainers.markuskowa ]; + meta.maintainers = [ lib.maintainers.markuskowa ]; options = { services.slurm = { server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the slurm control daemon. @@ -76,29 +73,29 @@ in }; dbdserver = { - enable = mkEnableOption "SlurmDBD service"; + enable = lib.mkEnableOption "SlurmDBD service"; - dbdHost = mkOption { - type = types.str; + dbdHost = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; description = '' Hostname of the machine where `slurmdbd` is running (i.e. name returned by `hostname -s`). ''; }; - storageUser = mkOption { - type = types.str; + storageUser = lib.mkOption { + type = lib.types.str; default = cfg.user; - defaultText = literalExpression "config.${opt.user}"; + defaultText = lib.literalExpression "config.${opt.user}"; description = '' Database user name. ''; }; - storagePassFile = mkOption { - type = with types; nullOr str; + storagePassFile = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Path to file with database password. The content of this will be used to @@ -106,8 +103,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra configuration for `slurmdbd.conf` See also: @@ -117,11 +114,11 @@ in }; client = { - enable = mkEnableOption "slurm client daemon"; + enable = lib.mkEnableOption "slurm client daemon"; }; - enableStools = mkOption { - type = types.bool; + enableStools = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to provide a slurm.conf file. @@ -131,14 +128,14 @@ in ''; }; - package = mkPackageOption pkgs "slurm" { + package = lib.mkPackageOption pkgs "slurm" { example = "slurm-full"; } // { default = pkgs.slurm.override { enableX11 = ! cfg.enableSrunX11; }; }; - controlMachine = mkOption { - type = types.nullOr types.str; + controlMachine = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = null; description = '' @@ -148,10 +145,10 @@ in ''; }; - controlAddr = mkOption { - type = types.nullOr types.str; + controlAddr = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = cfg.controlMachine; - defaultText = literalExpression "config.${opt.controlMachine}"; + defaultText = lib.literalExpression "config.${opt.controlMachine}"; example = null; description = '' Name that ControlMachine should be referred to in establishing a @@ -159,8 +156,8 @@ in ''; }; - clusterName = mkOption { - type = types.str; + clusterName = lib.mkOption { + type = lib.types.str; default = "default"; example = "myCluster"; description = '' @@ -168,10 +165,10 @@ in ''; }; - nodeName = mkOption { - type = types.listOf types.str; + nodeName = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - example = literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; + example = lib.literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; description = '' Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" @@ -179,19 +176,19 @@ in ''; }; - partitionName = mkOption { - type = types.listOf types.str; + partitionName = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - example = literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; + example = lib.literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; description = '' Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name. ''; }; - enableSrunX11 = mkOption { + enableSrunX11 = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the @@ -207,8 +204,8 @@ in ''; }; - procTrackType = mkOption { - type = types.str; + procTrackType = lib.mkOption { + type = lib.types.str; default = "proctrack/linuxproc"; description = '' Plugin to be used for process tracking on a job step basis. @@ -217,16 +214,16 @@ in ''; }; - stateSaveLocation = mkOption { - type = types.str; + stateSaveLocation = lib.mkOption { + type = lib.types.str; default = "/var/spool/slurmctld"; description = '' Directory into which the Slurm controller, slurmctld, saves its state. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; description = '' Set this option when you want to run the slurmctld daemon @@ -236,34 +233,34 @@ in ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration options that will be added verbatim at the end of the slurm configuration file. ''; }; - extraPlugstackConfig = mkOption { + extraPlugstackConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration that will be added to the end of `plugstack.conf`. ''; }; - extraCgroupConfig = mkOption { + extraCgroupConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration for `cgroup.conf`. This file is used when `procTrackType=proctrack/cgroup`. ''; }; - extraConfigPaths = mkOption { - type = with types; listOf path; + extraConfigPaths = lib.mkOption { + type = with lib.types; listOf path; default = []; description = '' Slurm expects config files for plugins in the same path @@ -273,11 +270,11 @@ in ''; }; - etcSlurm = mkOption { - type = types.path; + etcSlurm = lib.mkOption { + type = lib.types.path; internal = true; default = etcSlurm; - defaultText = literalMD '' + defaultText = lib.literalMD '' Directory created from generated config files and `config.${opt.extraConfigPaths}`. ''; @@ -292,11 +289,11 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' + (lib.mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' This option has been removed so that the database password is not exposed via the nix store. Use services.slurm.dbdserver.storagePassFile to provide the database password. '') - (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' + (lib.mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' This option has been removed. Use services.slurm.dbdserver.storagePassFile and services.slurm.dbdserver.extraConfig instead. '') @@ -312,7 +309,7 @@ in builder = pkgs.writeText "builder.sh" '' source $stdenv/setup mkdir -p $out/bin - find ${getBin cfg.package}/bin -type f -executable | while read EXE + find ${lib.getBin cfg.package}/bin -type f -executable | while read EXE do exename="$(basename $EXE)" wrappername="$out/bin/$exename" @@ -329,21 +326,21 @@ in done mkdir -p $out/share - ln -s ${getBin cfg.package}/share/man $out/share/man + ln -s ${lib.getBin cfg.package}/share/man $out/share/man ''; }; - in mkIf ( cfg.enableStools || + in lib.mkIf ( cfg.enableStools || cfg.client.enable || cfg.server.enable || cfg.dbdserver.enable ) { environment.systemPackages = [ wrappedSlurm ]; - services.munge.enable = mkDefault true; + services.munge.enable = lib.mkDefault true; # use a static uid as default to ensure it is the same on all nodes - users.users.slurm = mkIf (cfg.user == defaultUser) { + users.users.slurm = lib.mkIf (cfg.user == defaultUser) { name = defaultUser; group = "slurm"; uid = config.ids.uids.slurm; @@ -351,7 +348,7 @@ in users.groups.slurm.gid = config.ids.uids.slurm; - systemd.services.slurmd = mkIf (cfg.client.enable) { + systemd.services.slurmd = lib.mkIf (cfg.client.enable) { path = with pkgs; [ wrappedSlurm coreutils ] ++ lib.optional cfg.enableSrunX11 slurm-spank-x11; @@ -375,13 +372,13 @@ in }; }; - systemd.tmpfiles.rules = mkIf cfg.client.enable [ + systemd.tmpfiles.rules = lib.mkIf cfg.client.enable [ "d /var/spool/slurmd 755 root root -" ]; - services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true); + services.openssh.settings.X11Forwarding = lib.mkIf cfg.client.enable (lib.mkDefault true); - systemd.services.slurmctld = mkIf (cfg.server.enable) { + systemd.services.slurmctld = lib.mkIf (cfg.server.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ] ++ lib.optional cfg.enableSrunX11 slurm-spank-x11; @@ -405,7 +402,7 @@ in systemd.services.slurmdbd = let # slurm strips the last component off the path configPath = "$RUNTIME_DIRECTORY/slurmdbd.conf"; - in mkIf (cfg.dbdserver.enable) { + in lib.mkIf (cfg.dbdserver.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ]; wantedBy = [ "multi-user.target" ]; @@ -414,7 +411,7 @@ in preStart = '' install -m 600 -o ${cfg.user} -T ${slurmdbdConf} ${configPath} - ${optionalString (cfg.dbdserver.storagePassFile != null) '' + ${lib.optionalString (cfg.dbdserver.storagePassFile != null) '' echo "StoragePass=$(cat ${cfg.dbdserver.storagePassFile})" \ >> ${configPath} ''} diff --git a/nixos/modules/services/computing/torque/mom.nix b/nixos/modules/services/computing/torque/mom.nix index 6747bd4b0d5aae7..8bc5fc134fcbae1 100644 --- a/nixos/modules/services/computing/torque/mom.nix +++ b/nixos/modules/services/computing/torque/mom.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.torque.mom; @@ -17,10 +14,10 @@ in options = { services.torque.mom = { - enable = mkEnableOption "torque computing node"; + enable = lib.mkEnableOption "torque computing node"; - serverNode = mkOption { - type = types.str; + serverNode = lib.mkOption { + type = lib.types.str; description = "Hostname running pbs server."; }; @@ -28,7 +25,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.torque ]; systemd.services.torque-mom-init = { diff --git a/nixos/modules/services/computing/torque/server.nix b/nixos/modules/services/computing/torque/server.nix index 8d923fc04d46d3a..27be2c65b7e0f07 100644 --- a/nixos/modules/services/computing/torque/server.nix +++ b/nixos/modules/services/computing/torque/server.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.torque.server; torque = pkgs.torque; @@ -11,13 +8,13 @@ in services.torque.server = { - enable = mkEnableOption "torque server"; + enable = lib.mkEnableOption "torque server"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.torque ]; systemd.services.torque-server-init = { diff --git a/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixos/modules/services/continuous-integration/buildbot/master.nix index a4a9eee672cf434..d744b73bf158b18 100644 --- a/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -1,9 +1,5 @@ # NixOS module for Buildbot continuous integration server. - { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.buildbot-master; opt = options.services.buildbot-master; @@ -11,27 +7,27 @@ let package = pkgs.python3.pkgs.toPythonModule cfg.package; python = package.pythonModule; - escapeStr = escape [ "'" ]; + escapeStr = lib.escape [ "'" ]; defaultMasterCfg = pkgs.writeText "master.cfg" '' from buildbot.plugins import * ${cfg.extraImports} factory = util.BuildFactory() c = BuildmasterConfig = dict( - workers = [${concatStringsSep "," cfg.workers}], + workers = [${lib.concatStringsSep "," cfg.workers}], protocols = { 'pb': {'port': ${toString cfg.pbPort} } }, - title = '${escapeStr cfg.title}', - titleURL = '${escapeStr cfg.titleUrl}', - buildbotURL = '${escapeStr cfg.buildbotUrl}', - db = dict(db_url='${escapeStr cfg.dbUrl}'), + title = '${lib.escapeStr cfg.title}', + titleURL = '${lib.escapeStr cfg.titleUrl}', + buildbotURL = '${lib.escapeStr cfg.buildbotUrl}', + db = dict(db_url='${lib.escapeStr cfg.dbUrl}'), www = dict(port=${toString cfg.port}), - change_source = [ ${concatStringsSep "," cfg.changeSource} ], - schedulers = [ ${concatStringsSep "," cfg.schedulers} ], - builders = [ ${concatStringsSep "," cfg.builders} ], - services = [ ${concatStringsSep "," cfg.reporters} ], - configurators = [ ${concatStringsSep "," cfg.configurators} ], + change_source = [ ${lib.concatStringsSep "," cfg.changeSource} ], + schedulers = [ ${lib.concatStringsSep "," cfg.schedulers} ], + builders = [ ${lib.concatStringsSep "," cfg.builders} ], + services = [ ${lib.concatStringsSep "," cfg.reporters} ], + configurators = [ ${lib.concatStringsSep "," cfg.configurators} ], ) - for step in [ ${concatStringsSep "," cfg.factorySteps} ]: + for step in [ ${lib.concatStringsSep "," cfg.factorySteps} ]: factory.addStep(step) ${cfg.extraConfig} @@ -62,8 +58,8 @@ in { options = { services.buildbot-master = { - factorySteps = mkOption { - type = types.listOf types.str; + factorySteps = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Factory Steps"; default = []; example = [ @@ -72,8 +68,8 @@ in { ]; }; - changeSource = mkOption { - type = types.listOf types.str; + changeSource = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Change Sources."; default = []; example = [ @@ -81,8 +77,8 @@ in { ]; }; - configurators = mkOption { - type = types.listOf types.str; + configurators = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html"; default = []; example = [ @@ -90,35 +86,35 @@ in { ]; }; - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the Buildbot continuous integration server."; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; description = "Extra configuration to append to master.cfg"; default = "c['buildbotNetUsageData'] = None"; }; - extraImports = mkOption { - type = types.str; + extraImports = lib.mkOption { + type = lib.types.str; description = "Extra python imports to prepend to master.cfg"; default = ""; example = "from buildbot.process.project import Project"; }; - masterCfg = mkOption { - type = types.path; + masterCfg = lib.mkOption { + type = lib.types.path; description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = defaultMasterCfg; - defaultText = literalMD ''generated configuration file''; + defaultText = lib.literalMD ''generated configuration file''; example = "/etc/nixos/buildbot/master.cfg"; }; - schedulers = mkOption { - type = types.listOf types.str; + schedulers = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Schedulers."; default = [ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" @@ -126,60 +122,60 @@ in { ]; }; - builders = mkOption { - type = types.listOf types.str; + builders = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Builders."; default = [ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]; }; - workers = mkOption { - type = types.listOf types.str; + workers = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Workers."; default = [ "worker.Worker('example-worker', 'pass')" ]; }; - reporters = mkOption { + reporters = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "List of reporter objects used to present build status to various users."; }; - user = mkOption { + user = lib.mkOption { default = "buildbot"; - type = types.str; + type = lib.types.str; description = "User the buildbot server should execute under."; }; - group = mkOption { + group = lib.mkOption { default = "buildbot"; - type = types.str; + type = lib.types.str; description = "Primary group of buildbot user."; }; - extraGroups = mkOption { - type = types.listOf types.str; + extraGroups = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = "List of extra groups that the buildbot user should be a part of."; }; - home = mkOption { + home = lib.mkOption { default = "/home/buildbot"; - type = types.path; + type = lib.types.path; description = "Buildbot home directory."; }; - buildbotDir = mkOption { + buildbotDir = lib.mkOption { default = "${cfg.home}/master"; - defaultText = literalExpression ''"''${config.${opt.home}}/master"''; - type = types.path; + defaultText = lib.literalExpression ''"''${config.${opt.home}}/master"''; + type = lib.types.path; description = "Specifies the Buildbot directory."; }; - pbPort = mkOption { + pbPort = lib.mkOption { default = 9989; - type = types.either types.str types.int; + type = lib.types.either lib.types.str lib.types.int; example = "'tcp:9990:interface=127.0.0.1'"; description = '' The buildmaster will listen on a TCP port of your choosing @@ -193,69 +189,69 @@ in { ''; }; - listenAddress = mkOption { + listenAddress = lib.mkOption { default = "0.0.0.0"; - type = types.str; + type = lib.types.str; description = "Specifies the bind address on which the buildbot HTTP interface listens."; }; - buildbotUrl = mkOption { + buildbotUrl = lib.mkOption { default = "http://localhost:8010/"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot URL."; }; - title = mkOption { + title = lib.mkOption { default = "Buildbot"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot Title."; }; - titleUrl = mkOption { + titleUrl = lib.mkOption { default = "Buildbot"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot TitleURL."; }; - dbUrl = mkOption { + dbUrl = lib.mkOption { default = "sqlite:///state.sqlite"; - type = types.str; + type = lib.types.str; description = "Specifies the database connection string."; }; - port = mkOption { + port = lib.mkOption { default = 8010; - type = types.port; + type = lib.types.port; description = "Specifies port number on which the buildbot HTTP interface listens."; }; - package = mkPackageOption pkgs "buildbot-full" { + package = lib.mkPackageOption pkgs "buildbot-full" { example = "buildbot"; }; - packages = mkOption { + packages = lib.mkOption { default = [ pkgs.git ]; - defaultText = literalExpression "[ pkgs.git ]"; - type = types.listOf types.package; + defaultText = lib.literalExpression "[ pkgs.git ]"; + type = lib.types.listOf lib.types.package; description = "Packages to add to PATH for the buildbot process."; }; - pythonPackages = mkOption { - type = types.functionTo (types.listOf types.package); + pythonPackages = lib.mkOption { + type = lib.types.functionTo (lib.types.listOf lib.types.package); default = pythonPackages: with pythonPackages; [ ]; - defaultText = literalExpression "pythonPackages: with pythonPackages; [ ]"; + defaultText = lib.literalExpression "pythonPackages: with pythonPackages; [ ]"; description = "Packages to add the to the PYTHONPATH of the buildbot process."; - example = literalExpression "pythonPackages: with pythonPackages; [ requests ]"; + example = lib.literalExpression "pythonPackages: with pythonPackages; [ requests ]"; }; }; }; - config = mkIf cfg.enable { - users.groups = optionalAttrs (cfg.group == "buildbot") { + config = lib.mkIf cfg.enable { + users.groups = lib.optionalAttrs (cfg.group == "buildbot") { buildbot = { }; }; - users.users = optionalAttrs (cfg.user == "buildbot") { + users.users = lib.optionalAttrs (cfg.user == "buildbot") { buildbot = { description = "Buildbot User."; isNormalUser = true; @@ -298,8 +294,8 @@ in { }; imports = [ - (mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ]) - (mkRemovedOptionModule [ "services" "buildbot-master" "status" ] '' + (lib.mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ]) + (lib.mkRemovedOptionModule [ "services" "buildbot-master" "status" ] '' Since Buildbot 0.9.0, status targets are deprecated and ignored. Review your configuration and migrate to reporters (available at services.buildbot-master.reporters). '') diff --git a/nixos/modules/services/databases/etcd.nix b/nixos/modules/services/databases/etcd.nix index ebc905ad08f6126..b10fdb801c501b6 100644 --- a/nixos/modules/services/databases/etcd.nix +++ b/nixos/modules/services/databases/etcd.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.etcd; opt = options.services.etcd; @@ -9,98 +6,98 @@ let in { options.services.etcd = { - enable = mkOption { + enable = lib.mkOption { description = "Whether to enable etcd."; default = false; - type = types.bool; + type = lib.types.bool; }; - package = mkPackageOption pkgs "etcd" { }; + package = lib.mkPackageOption pkgs "etcd" { }; - name = mkOption { + name = lib.mkOption { description = "Etcd unique node name."; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; - type = types.str; + defaultText = lib.literalExpression "config.networking.hostName"; + type = lib.types.str; }; - advertiseClientUrls = mkOption { + advertiseClientUrls = lib.mkOption { description = "Etcd list of this member's client URLs to advertise to the rest of the cluster."; default = cfg.listenClientUrls; - defaultText = literalExpression "config.${opt.listenClientUrls}"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.${opt.listenClientUrls}"; + type = lib.types.listOf lib.types.str; }; - listenClientUrls = mkOption { + listenClientUrls = lib.mkOption { description = "Etcd list of URLs to listen on for client traffic."; default = ["http://127.0.0.1:2379"]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; }; - listenPeerUrls = mkOption { + listenPeerUrls = lib.mkOption { description = "Etcd list of URLs to listen on for peer traffic."; default = ["http://127.0.0.1:2380"]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; }; - initialAdvertisePeerUrls = mkOption { + initialAdvertisePeerUrls = lib.mkOption { description = "Etcd list of this member's peer URLs to advertise to rest of the cluster."; default = cfg.listenPeerUrls; - defaultText = literalExpression "config.${opt.listenPeerUrls}"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.${opt.listenPeerUrls}"; + type = lib.types.listOf lib.types.str; }; - initialCluster = mkOption { + initialCluster = lib.mkOption { description = "Etcd initial cluster configuration for bootstrapping."; default = ["${cfg.name}=http://127.0.0.1:2380"]; - defaultText = literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; - type = types.listOf types.str; + defaultText = lib.literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; + type = lib.types.listOf lib.types.str; }; - initialClusterState = mkOption { + initialClusterState = lib.mkOption { description = "Etcd initial cluster configuration for bootstrapping."; default = "new"; - type = types.enum ["new" "existing"]; + type = lib.types.enum ["new" "existing"]; }; - initialClusterToken = mkOption { + initialClusterToken = lib.mkOption { description = "Etcd initial cluster token for etcd cluster during bootstrap."; default = "etcd-cluster"; - type = types.str; + type = lib.types.str; }; - discovery = mkOption { + discovery = lib.mkOption { description = "Etcd discovery url"; default = ""; - type = types.str; + type = lib.types.str; }; - clientCertAuth = mkOption { + clientCertAuth = lib.mkOption { description = "Whether to use certs for client authentication"; default = false; - type = types.bool; + type = lib.types.bool; }; - trustedCaFile = mkOption { + trustedCaFile = lib.mkOption { description = "Certificate authority file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - certFile = mkOption { + certFile = lib.mkOption { description = "Cert file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - keyFile = mkOption { + keyFile = lib.mkOption { description = "Key file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open etcd ports in the firewall. @@ -110,41 +107,41 @@ in { ''; }; - peerCertFile = mkOption { + peerCertFile = lib.mkOption { description = "Cert file to use for peer to peer communication"; default = cfg.certFile; - defaultText = literalExpression "config.${opt.certFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.certFile}"; + type = lib.types.nullOr lib.types.path; }; - peerKeyFile = mkOption { + peerKeyFile = lib.mkOption { description = "Key file to use for peer to peer communication"; default = cfg.keyFile; - defaultText = literalExpression "config.${opt.keyFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.keyFile}"; + type = lib.types.nullOr lib.types.path; }; - peerTrustedCaFile = mkOption { + peerTrustedCaFile = lib.mkOption { description = "Certificate authority file to use for peer to peer communication"; default = cfg.trustedCaFile; - defaultText = literalExpression "config.${opt.trustedCaFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.trustedCaFile}"; + type = lib.types.nullOr lib.types.path; }; - peerClientCertAuth = mkOption { + peerClientCertAuth = lib.mkOption { description = "Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA"; default = false; - type = types.bool; + type = lib.types.bool; }; - extraConf = mkOption { + extraConf = lib.mkOption { description = '' Etcd extra configuration. See ''; - type = types.attrsOf types.str; + type = lib.types.attrsOf lib.types.str; default = {}; - example = literalExpression '' + example = lib.literalExpression '' { "CORS" = "*"; "NAME" = "default-name"; @@ -155,14 +152,14 @@ in { ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/etcd"; description = "Etcd data directory."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.tmpfiles.settings."10-etcd".${cfg.dataDir}.d = { user = "etcd"; mode = "0700"; @@ -176,14 +173,14 @@ in { wants = [ "network-online.target" ] ++ lib.optional config.networking.firewall.enable "firewall.service"; - environment = (filterAttrs (n: v: v != null) { + environment = (lib.filterAttrs (n: v: v != null) { ETCD_NAME = cfg.name; ETCD_DISCOVERY = cfg.discovery; ETCD_DATA_DIR = cfg.dataDir; - ETCD_ADVERTISE_CLIENT_URLS = concatStringsSep "," cfg.advertiseClientUrls; - ETCD_LISTEN_CLIENT_URLS = concatStringsSep "," cfg.listenClientUrls; - ETCD_LISTEN_PEER_URLS = concatStringsSep "," cfg.listenPeerUrls; - ETCD_INITIAL_ADVERTISE_PEER_URLS = concatStringsSep "," cfg.initialAdvertisePeerUrls; + ETCD_ADVERTISE_CLIENT_URLS = lib.concatStringsSep "," cfg.advertiseClientUrls; + ETCD_LISTEN_CLIENT_URLS = lib.concatStringsSep "," cfg.listenClientUrls; + ETCD_LISTEN_PEER_URLS = lib.concatStringsSep "," cfg.listenPeerUrls; + ETCD_INITIAL_ADVERTISE_PEER_URLS = lib.concatStringsSep "," cfg.initialAdvertisePeerUrls; ETCD_PEER_CLIENT_CERT_AUTH = toString cfg.peerClientCertAuth; ETCD_PEER_TRUSTED_CA_FILE = cfg.peerTrustedCaFile; ETCD_PEER_CERT_FILE = cfg.peerCertFile; @@ -192,11 +189,11 @@ in { ETCD_TRUSTED_CA_FILE = cfg.trustedCaFile; ETCD_CERT_FILE = cfg.certFile; ETCD_KEY_FILE = cfg.keyFile; - }) // (optionalAttrs (cfg.discovery == ""){ - ETCD_INITIAL_CLUSTER = concatStringsSep "," cfg.initialCluster; + }) // (lib.optionalAttrs (cfg.discovery == ""){ + ETCD_INITIAL_CLUSTER = lib.concatStringsSep "," cfg.initialCluster; ETCD_INITIAL_CLUSTER_STATE = cfg.initialClusterState; ETCD_INITIAL_CLUSTER_TOKEN = cfg.initialClusterToken; - }) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf); + }) // (lib.mapAttrs' (n: v: lib.nameValuePair "ETCD_${n}" v) cfg.extraConf); unitConfig = { Documentation = "https://github.com/coreos/etcd"; diff --git a/nixos/modules/services/desktops/accountsservice.nix b/nixos/modules/services/desktops/accountsservice.nix index ae2ecb5ffeb71e2..4c407ca3828a20a 100644 --- a/nixos/modules/services/desktops/accountsservice.nix +++ b/nixos/modules/services/desktops/accountsservice.nix @@ -1,23 +1,17 @@ # AccountsService daemon. - { config, lib, pkgs, ... }: - -with lib; - { - meta = { - maintainers = teams.freedesktop.members; + maintainers = lib.teams.freedesktop.members; }; ###### interface - options = { services.accounts-daemon = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable AccountsService, a DBus service for accessing @@ -29,10 +23,8 @@ with lib; }; - ###### implementation - - config = mkIf config.services.accounts-daemon.enable { + config = lib.mkIf config.services.accounts-daemon.enable { environment.systemPackages = [ pkgs.accountsservice ]; @@ -43,14 +35,14 @@ with lib; systemd.packages = [ pkgs.accountsservice ]; - systemd.services.accounts-daemon = recursiveUpdate { + systemd.services.accounts-daemon = lib.recursiveUpdate { wantedBy = [ "graphical.target" ]; # Accounts daemon looks for dbus interfaces in $XDG_DATA_DIRS/accountsservice environment.XDG_DATA_DIRS = "${config.system.path}/share"; - } (optionalAttrs (!config.users.mutableUsers) { + } (lib.optionalAttrs (!config.users.mutableUsers) { environment.NIXOS_USERS_PURE = "true"; }); }; diff --git a/nixos/modules/services/desktops/bamf.nix b/nixos/modules/services/desktops/bamf.nix index 13de3a44328f4e2..d9c46e94d9e0413 100644 --- a/nixos/modules/services/desktops/bamf.nix +++ b/nixos/modules/services/desktops/bamf.nix @@ -1,25 +1,21 @@ # Bamf - { config, lib, pkgs, ... }: - -with lib; - { meta = with lib; { - maintainers = with maintainers; [ ] ++ teams.pantheon.members; + maintainers = with lib.maintainers; [ ] ++ lib.teams.pantheon.members; }; ###### interface options = { services.bamf = { - enable = mkEnableOption "bamf"; + enable = lib.mkEnableOption "bamf"; }; }; ###### implementation - config = mkIf config.services.bamf.enable { + config = lib.mkIf config.services.bamf.enable { services.dbus.packages = [ pkgs.bamf ]; systemd.packages = [ pkgs.bamf ]; diff --git a/nixos/modules/services/mail/rspamd-trainer.nix b/nixos/modules/services/mail/rspamd-trainer.nix index 81a0c460f0c3090..11c4363cc1d583a 100644 --- a/nixos/modules/services/mail/rspamd-trainer.nix +++ b/nixos/modules/services/mail/rspamd-trainer.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rspamd-trainer; @@ -10,18 +7,18 @@ let in { options.services.rspamd-trainer = { - enable = mkEnableOption "Spam/ham trainer for rspamd"; + enable = lib.mkEnableOption "Spam/ham trainer for rspamd"; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' IMAP authentication configuration for rspamd-trainer. For supplying the IMAP password, use the `secrets` option. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; - example = literalExpression '' + example = lib.literalExpression '' { HOST = "localhost"; USERNAME = "spam@example.com"; @@ -31,7 +28,7 @@ in { }; secrets = lib.mkOption { - type = with types; listOf path; + type = with lib.types; listOf path; description = '' A list of files containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. For the @@ -42,7 +39,7 @@ in { }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { services.rspamd-trainer = { diff --git a/nixos/modules/services/mail/rss2email.nix b/nixos/modules/services/mail/rss2email.nix index c3327f7b436cd21..12553b9d8919a8d 100644 --- a/nixos/modules/services/mail/rss2email.nix +++ b/nixos/modules/services/mail/rss2email.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rss2email; in { @@ -12,25 +9,25 @@ in { services.rss2email = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable rss2email."; }; - to = mkOption { - type = types.str; + to = lib.mkOption { + type = lib.types.str; description = "Mail address to which to send emails"; }; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "12h"; description = "How often to check the feeds, in systemd interval format"; }; - config = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); + config = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool ]); default = {}; description = '' The configuration to give rss2email. @@ -48,17 +45,17 @@ in { ''; }; - feeds = mkOption { + feeds = lib.mkOption { description = "The feeds to watch."; - type = types.attrsOf (types.submodule { + type = lib.types.attrsOf (lib.types.submodule { options = { - url = mkOption { - type = types.str; + url = lib.mkOption { + type = lib.types.str; description = "The URL at which to fetch the feed."; }; - to = mkOption { - type = with types; nullOr str; + to = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Email address to which to send feed items. @@ -78,7 +75,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.groups = { rss2email.gid = config.ids.gids.rss2email; }; @@ -104,7 +101,7 @@ in { systemd.services.rss2email = let conf = pkgs.writeText "rss2email.cfg" (lib.generators.toINI {} ({ DEFAULT = cfg.config; - } // lib.mapAttrs' (name: feed: nameValuePair "feed.${name}" ( + } // lib.mapAttrs' (name: feed: lib.nameValuePair "feed.${name}" ( { inherit (feed) url; } // lib.optionalAttrs (feed.to != null) { inherit (feed) to; } )) cfg.feeds diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix index 89f72c046755fbc..779a9ac9929db75 100644 --- a/nixos/modules/services/misc/gitolite.nix +++ b/nixos/modules/services/misc/gitolite.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.gitolite; # Use writeTextDir to not leak Nix store hash into file name @@ -11,8 +8,8 @@ in { options = { services.gitolite = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable gitolite management under the @@ -22,8 +19,8 @@ in ''; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/gitolite"; description = '' The gitolite home directory used to store all repositories. If left as the default value @@ -33,8 +30,8 @@ in ''; }; - adminPubkey = mkOption { - type = types.str; + adminPubkey = lib.mkOption { + type = lib.types.str; description = '' Initial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used @@ -43,8 +40,8 @@ in ''; }; - enableGitAnnex = mkOption { - type = types.bool; + enableGitAnnex = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable git-annex support. Uses the `extraGitoliteRc` option @@ -52,18 +49,18 @@ in ''; }; - commonHooks = mkOption { - type = types.listOf types.path; + commonHooks = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = '' A list of custom git hooks that get copied to `~/.gitolite/hooks/common`. ''; }; - extraGitoliteRc = mkOption { - type = types.lines; + extraGitoliteRc = lib.mkOption { + type = lib.types.lines; default = ""; - example = literalExpression '' + example = lib.literalExpression '' ''' $RC{UMASK} = 0027; $RC{SITE_INFO} = 'This is our private repository host'; @@ -93,24 +90,24 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "gitolite"; description = '' Gitolite user account. This is the username of the gitolite endpoint. ''; }; - description = mkOption { - type = types.str; + description = lib.mkOption { + type = lib.types.str; default = "Gitolite user"; description = '' Gitolite user account's description. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "gitolite"; description = '' Primary group of the Gitolite user account. @@ -119,7 +116,7 @@ in }; }; - config = mkIf cfg.enable ( + config = lib.mkIf cfg.enable ( let manageGitoliteRc = cfg.extraGitoliteRc != ""; rcDir = pkgs.runCommand "gitolite-rc" { preferLocalBuild = true; } rcDirScript; @@ -136,18 +133,18 @@ in END cat "$out/gitolite.rc.default" >>"$out/gitolite.rc" '' + - optionalString (cfg.extraGitoliteRc != "") '' - echo -n ${escapeShellArg '' + lib.optionalString (cfg.extraGitoliteRc != "") '' + echo -n ${lib.escapeShellArg '' # Added by NixOS: - ${removeSuffix "\n" cfg.extraGitoliteRc} + ${lib.removeSuffix "\n" cfg.extraGitoliteRc} # per perl rules, this should be the last line in such a file: 1; ''} >>"$out/gitolite.rc" ''; in { - services.gitolite.extraGitoliteRc = optionalString cfg.enableGitAnnex '' + services.gitolite.extraGitoliteRc = lib.optionalString cfg.enableGitAnnex '' # Enable git-annex support: push( @{$RC{ENABLE}}, 'git-annex-shell ua'); ''; @@ -171,8 +168,8 @@ in GITOLITE_RC_DEFAULT = "${rcDir}/gitolite.rc.default"; }; - serviceConfig = mkMerge [ - (mkIf (cfg.dataDir == "/var/lib/gitolite") { + serviceConfig = lib.mkMerge [ + (lib.mkIf (cfg.dataDir == "/var/lib/gitolite") { StateDirectory = "gitolite gitolite/.gitolite gitolite/.gitolite/logs"; StateDirectoryMode = "0750"; }) @@ -236,6 +233,6 @@ in }; environment.systemPackages = [ pkgs.gitolite pkgs.git ] - ++ optional cfg.enableGitAnnex pkgs.git-annex; + ++ lib.optional cfg.enableGitAnnex pkgs.git-annex; }); } diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix index e4e23d59723770b..a2c1ad0779e15f8 100644 --- a/nixos/modules/services/misc/gogs.nix +++ b/nixos/modules/services/misc/gogs.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.gogs; opt = options.services.gogs; @@ -29,7 +26,7 @@ let [session] COOKIE_NAME = session - COOKIE_SECURE = ${boolToString cfg.cookieSecure} + COOKIE_SECURE = ${lib.boolToString cfg.cookieSecure} [security] SECRET_KEY = #secretkey# @@ -45,70 +42,70 @@ in { options = { services.gogs = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Enable Go Git Service."; }; - useWizard = mkOption { + useWizard = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator."; }; - stateDir = mkOption { + stateDir = lib.mkOption { default = "/var/lib/gogs"; - type = types.str; + type = lib.types.str; description = "Gogs data directory."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "User account under which Gogs runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "Group account under which Gogs runs."; }; database = { - type = mkOption { - type = types.enum [ "sqlite3" "mysql" "postgres" ]; + type = lib.mkOption { + type = lib.types.enum [ "sqlite3" "mysql" "postgres" ]; example = "mysql"; default = "sqlite3"; description = "Database engine to use."; }; - host = mkOption { - type = types.str; + host = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Database host address."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 3306; description = "Database host port."; }; - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "Database name."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "Database user."; }; - password = mkOption { - type = types.str; + password = lib.mkOption { + type = lib.types.str; default = ""; description = '' The password corresponding to {option}`database.user`. @@ -117,8 +114,8 @@ in ''; }; - passwordFile = mkOption { - type = types.nullOr types.path; + passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/gogs-dbpassword"; description = '' @@ -127,53 +124,53 @@ in ''; }; - path = mkOption { - type = types.str; + path = lib.mkOption { + type = lib.types.str; default = "${cfg.stateDir}/data/gogs.db"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/gogs.db"''; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/data/gogs.db"''; description = "Path to the sqlite3 database file."; }; }; - appName = mkOption { - type = types.str; + appName = lib.mkOption { + type = lib.types.str; default = "Gogs: Go Git Service"; description = "Application name."; }; - repositoryRoot = mkOption { - type = types.str; + repositoryRoot = lib.mkOption { + type = lib.types.str; default = "${cfg.stateDir}/repositories"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"''; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/repositories"''; description = "Path to the git repositories."; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; default = "localhost"; description = "Domain name of your server."; }; - rootUrl = mkOption { - type = types.str; + rootUrl = lib.mkOption { + type = lib.types.str; default = "http://localhost:3000/"; description = "Full public URL of Gogs server."; }; - httpAddress = mkOption { - type = types.str; + httpAddress = lib.mkOption { + type = lib.types.str; default = "0.0.0.0"; description = "HTTP listen address."; }; - httpPort = mkOption { - type = types.port; + httpPort = lib.mkOption { + type = lib.types.port; default = 3000; description = "HTTP listen port."; }; - cookieSecure = mkOption { - type = types.bool; + cookieSecure = lib.mkOption { + type = lib.types.bool; default = false; description = '' Marks session cookies as "secure" as a hint for browsers to only send @@ -181,15 +178,15 @@ in ''; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Configuration lines appended to the generated Gogs configuration file."; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.gogs = { description = "Gogs (Go Git Service)"; @@ -204,7 +201,7 @@ in mkdir -p ${cfg.stateDir} # copy custom configuration and generate a random secret key if needed - ${optionalString (cfg.useWizard == false) '' + ${lib.optionalString (cfg.useWizard == false) '' mkdir -p ${cfg.stateDir}/custom/conf cp -f ${configFile} ${runConfig} @@ -248,7 +245,7 @@ in }; }; - users = mkIf (cfg.user == "gogs") { + users = lib.mkIf (cfg.user == "gogs") { users.gogs = { description = "Go Git Service"; uid = config.ids.uids.gogs; @@ -260,13 +257,13 @@ in groups.gogs.gid = config.ids.gids.gogs; }; - warnings = optional (cfg.database.password != "") + warnings = lib.optional (cfg.database.password != "") ''config.services.gogs.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead.''; # Create database passwordFile default when password is configured. services.gogs.database.passwordFile = - (mkDefault (toString (pkgs.writeTextFile { + (lib.mkDefault (toString (pkgs.writeTextFile { name = "gogs-database-password"; text = cfg.database.password; }))); diff --git a/nixos/modules/services/network-filesystems/kbfs.nix b/nixos/modules/services/network-filesystems/kbfs.nix index 903cae379986d7e..034fc95765061b6 100644 --- a/nixos/modules/services/network-filesystems/kbfs.nix +++ b/nixos/modules/services/network-filesystems/kbfs.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let inherit (config.security) wrapperDir; cfg = config.services.kbfs; @@ -12,14 +11,14 @@ in { services.kbfs = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to mount the Keybase filesystem."; }; - enableRedirector = mkOption { - type = types.bool; + enableRedirector = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the Keybase root redirector service, allowing @@ -28,15 +27,15 @@ in { ''; }; - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; default = "%h/keybase"; example = "/keybase"; description = "Mountpoint for the Keybase filesystem."; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-label kbfs" @@ -52,7 +51,7 @@ in { ###### implementation - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { # Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/kbfs.service systemd.user.services.kbfs = { @@ -61,7 +60,7 @@ in { # Note that the "Requires" directive will cause a unit to be restarted whenever its dependency is restarted. # Do not issue a hard dependency on keybase, because kbfs can reconnect to a restarted service. # Do not issue a hard dependency on keybase-redirector, because it's ok if it fails (e.g., if it is disabled). - wants = [ "keybase.service" ] ++ optional cfg.enableRedirector "keybase-redirector.service"; + wants = [ "keybase.service" ] ++ lib.optional cfg.enableRedirector "keybase-redirector.service"; path = [ "/run/wrappers" ]; unitConfig.ConditionUser = "!@system"; @@ -89,7 +88,7 @@ in { environment.systemPackages = [ pkgs.kbfs ]; } - (mkIf cfg.enableRedirector { + (lib.mkIf cfg.enableRedirector { security.wrappers."keybase-redirector".source = "${pkgs.kbfs}/bin/redirector"; systemd.tmpfiles.settings."10-kbfs"."/keybase".d = { diff --git a/nixos/modules/services/network-filesystems/kubo.nix b/nixos/modules/services/network-filesystems/kubo.nix index d4ffda7c374e9db..35efd2ba0a576a0 100644 --- a/nixos/modules/services/network-filesystems/kubo.nix +++ b/nixos/modules/services/network-filesystems/kubo.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, utils, ... }: -with lib; let cfg = config.services.kubo; @@ -35,11 +34,11 @@ let ''; kuboFlags = utils.escapeSystemdExecArgs ( - optional cfg.autoMount "--mount" ++ - optional cfg.enableGC "--enable-gc" ++ - optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false" ++ - optional (cfg.defaultMode == "offline") "--offline" ++ - optional (cfg.defaultMode == "norouting") "--routing=none" ++ + lib.optional cfg.autoMount "--mount" ++ + lib.optional cfg.enableGC "--enable-gc" ++ + lib.optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false" ++ + lib.optional (cfg.defaultMode == "offline") "--offline" ++ + lib.optional (cfg.defaultMode == "norouting") "--routing=none" ++ cfg.extraFlags ); @@ -99,78 +98,78 @@ in services.kubo = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' the Interplanetary File System (WARNING: may cause severe network degradation). NOTE: after enabling this option and rebuilding your system, you need to log out and back in for the `IPFS_PATH` environment variable to be present in your shell. Until you do that, the CLI tools won't be able to talk to the daemon by default ''; - package = mkPackageOption pkgs "kubo" { }; + package = lib.mkPackageOption pkgs "kubo" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "ipfs"; description = "User under which the Kubo daemon runs"; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "ipfs"; description = "Group under which the Kubo daemon runs"; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = - if versionAtLeast config.system.stateVersion "17.09" + if lib.versionAtLeast config.system.stateVersion "17.09" then "/var/lib/ipfs" else "/var/lib/ipfs/.ipfs"; - defaultText = literalExpression '' - if versionAtLeast config.system.stateVersion "17.09" + defaultText = lib.literalExpression '' + if lib.versionAtLeast config.system.stateVersion "17.09" then "/var/lib/ipfs" else "/var/lib/ipfs/.ipfs" ''; description = "The data dir for Kubo"; }; - defaultMode = mkOption { - type = types.enum [ "online" "offline" "norouting" ]; + defaultMode = lib.mkOption { + type = lib.types.enum [ "online" "offline" "norouting" ]; default = "online"; description = "systemd service that is enabled by default"; }; - autoMount = mkOption { - type = types.bool; + autoMount = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether Kubo should try to mount /ipfs and /ipns at startup."; }; - autoMigrate = mkOption { - type = types.bool; + autoMigrate = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether Kubo should try to run the fs-repo-migration at startup."; }; - enableGC = mkOption { - type = types.bool; + enableGC = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable automatic garbage collection"; }; - emptyRepo = mkOption { - type = types.bool; + emptyRepo = lib.mkOption { + type = lib.types.bool; default = true; description = "If set to false, the repo will be initialized with help files"; }; - settings = mkOption { + settings = lib.mkOption { type = lib.types.submodule { freeformType = settingsFormat.type; options = { - Addresses.API = mkOption { - type = types.oneOf [ types.str (types.listOf types.str) ]; + Addresses.API = lib.mkOption { + type = lib.types.oneOf [ lib.types.str (lib.types.listOf lib.types.str) ]; default = [ ]; description = '' Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on. @@ -180,14 +179,14 @@ in ''; }; - Addresses.Gateway = mkOption { - type = types.oneOf [ types.str (types.listOf types.str) ]; + Addresses.Gateway = lib.mkOption { + type = lib.types.oneOf [ lib.types.str (lib.types.listOf lib.types.str) ]; default = "/ip4/127.0.0.1/tcp/8080"; description = "Where the IPFS Gateway can be reached"; }; - Addresses.Swarm = mkOption { - type = types.listOf types.str; + Addresses.Swarm = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "/ip4/0.0.0.0/tcp/4001" "/ip6/::/tcp/4001" @@ -199,14 +198,14 @@ in description = "Where Kubo listens for incoming p2p connections"; }; - Mounts.IPFS = mkOption { - type = types.str; + Mounts.IPFS = lib.mkOption { + type = lib.types.str; default = "/ipfs"; description = "Where to mount the IPFS namespace to"; }; - Mounts.IPNS = mkOption { - type = types.str; + Mounts.IPNS = lib.mkOption { + type = lib.types.str; default = "/ipns"; description = "Where to mount the IPNS namespace to"; }; @@ -230,29 +229,29 @@ in }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Extra flags passed to the Kubo daemon"; default = [ ]; }; - localDiscovery = mkOption { - type = types.bool; + localDiscovery = lib.mkOption { + type = lib.types.bool; description = ''Whether to enable local discovery for the Kubo daemon. This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this. ''; default = false; }; - serviceFdlimit = mkOption { - type = types.nullOr types.int; + serviceFdlimit = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it"; example = 64 * 1024; }; - startWhenNeeded = mkOption { - type = types.bool; + startWhenNeeded = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to use socket activation to start Kubo when needed."; }; @@ -262,7 +261,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = !builtins.hasAttr "Identity" cfg.settings; @@ -288,14 +287,14 @@ in environment.variables.IPFS_PATH = fakeKuboRepo; # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes - boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000; - boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000; + boot.kernel.sysctl."net.core.rmem_max" = lib.mkDefault 2500000; + boot.kernel.sysctl."net.core.wmem_max" = lib.mkDefault 2500000; - programs.fuse = mkIf cfg.autoMount { + programs.fuse = lib.mkIf cfg.autoMount { userAllowOther = true; }; - users.users = mkIf (cfg.user == "ipfs") { + users.users = lib.mkIf (cfg.user == "ipfs") { ipfs = { group = cfg.group; home = cfg.dataDir; @@ -308,7 +307,7 @@ in }; }; - users.groups = mkIf (cfg.group == "ipfs") { + users.groups = lib.mkIf (cfg.group == "ipfs") { ipfs.gid = config.ids.gids.ipfs; }; @@ -316,8 +315,8 @@ in defaultConfig = { inherit (cfg) user group; }; in { ${cfg.dataDir}.d = defaultConfig; - ${cfg.settings.Mounts.IPFS}.d = mkIf (cfg.autoMount) defaultConfig; - ${cfg.settings.Mounts.IPNS}.d = mkIf (cfg.autoMount) defaultConfig; + ${cfg.settings.Mounts.IPFS}.d = lib.mkIf (cfg.autoMount) defaultConfig; + ${cfg.settings.Mounts.IPNS}.d = lib.mkIf (cfg.autoMount) defaultConfig; }; # The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself @@ -325,7 +324,7 @@ in then [ cfg.package.systemd_unit ] else [ cfg.package.systemd_unit_hardened ]; - services.kubo.settings = mkIf cfg.autoMount { + services.kubo.settings = lib.mkIf cfg.autoMount { Mounts.FuseAllowOther = lib.mkDefault true; }; @@ -339,7 +338,7 @@ in else # After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open. rm -vf "$IPFS_PATH/api" - '' + optionalString cfg.autoMigrate '' + '' + lib.optionalString cfg.autoMigrate '' ${pkgs.kubo-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y '' + '' fi @@ -356,7 +355,7 @@ in # change when the changes are applied. Whyyyyyy..... ipfs --offline config replace - ''; - postStop = mkIf cfg.autoMount '' + postStop = lib.mkIf cfg.autoMount '' # After an unclean shutdown the fuse mounts at cfg.settings.Mounts.IPFS and cfg.settings.Mounts.IPNS are locked umount --quiet '${cfg.settings.Mounts.IPFS}' '${cfg.settings.Mounts.IPNS}' || true ''; @@ -365,11 +364,11 @@ in User = cfg.user; Group = cfg.group; StateDirectory = ""; - ReadWritePaths = optionals (!cfg.autoMount) [ "" cfg.dataDir ]; + ReadWritePaths = lib.optionals (!cfg.autoMount) [ "" cfg.dataDir ]; # Make sure the socket units are started before ipfs.service Sockets = [ "ipfs-gateway.socket" "ipfs-api.socket" ]; - } // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; }; - } // optionalAttrs (!cfg.startWhenNeeded) { + } // lib.optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; }; + } // lib.optionalAttrs (!cfg.startWhenNeeded) { wantedBy = [ "default.target" ]; }; @@ -402,31 +401,31 @@ in }; imports = [ - (mkRenamedOptionModule [ "services" "ipfs" "enable" ] [ "services" "kubo" "enable" ]) - (mkRenamedOptionModule [ "services" "ipfs" "package" ] [ "services" "kubo" "package" ]) - (mkRenamedOptionModule [ "services" "ipfs" "user" ] [ "services" "kubo" "user" ]) - (mkRenamedOptionModule [ "services" "ipfs" "group" ] [ "services" "kubo" "group" ]) - (mkRenamedOptionModule [ "services" "ipfs" "dataDir" ] [ "services" "kubo" "dataDir" ]) - (mkRenamedOptionModule [ "services" "ipfs" "defaultMode" ] [ "services" "kubo" "defaultMode" ]) - (mkRenamedOptionModule [ "services" "ipfs" "autoMount" ] [ "services" "kubo" "autoMount" ]) - (mkRenamedOptionModule [ "services" "ipfs" "autoMigrate" ] [ "services" "kubo" "autoMigrate" ]) - (mkRenamedOptionModule [ "services" "ipfs" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) - (mkRenamedOptionModule [ "services" "ipfs" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) - (mkRenamedOptionModule [ "services" "ipfs" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) - (mkRenamedOptionModule [ "services" "ipfs" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) - (mkRenamedOptionModule [ "services" "ipfs" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) - (mkRenamedOptionModule [ "services" "ipfs" "enableGC" ] [ "services" "kubo" "enableGC" ]) - (mkRenamedOptionModule [ "services" "ipfs" "emptyRepo" ] [ "services" "kubo" "emptyRepo" ]) - (mkRenamedOptionModule [ "services" "ipfs" "extraConfig" ] [ "services" "kubo" "settings" ]) - (mkRenamedOptionModule [ "services" "ipfs" "extraFlags" ] [ "services" "kubo" "extraFlags" ]) - (mkRenamedOptionModule [ "services" "ipfs" "localDiscovery" ] [ "services" "kubo" "localDiscovery" ]) - (mkRenamedOptionModule [ "services" "ipfs" "serviceFdlimit" ] [ "services" "kubo" "serviceFdlimit" ]) - (mkRenamedOptionModule [ "services" "ipfs" "startWhenNeeded" ] [ "services" "kubo" "startWhenNeeded" ]) - (mkRenamedOptionModule [ "services" "kubo" "extraConfig" ] [ "services" "kubo" "settings" ]) - (mkRenamedOptionModule [ "services" "kubo" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) - (mkRenamedOptionModule [ "services" "kubo" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) - (mkRenamedOptionModule [ "services" "kubo" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) - (mkRenamedOptionModule [ "services" "kubo" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) - (mkRenamedOptionModule [ "services" "kubo" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "enable" ] [ "services" "kubo" "enable" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "package" ] [ "services" "kubo" "package" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "user" ] [ "services" "kubo" "user" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "group" ] [ "services" "kubo" "group" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "dataDir" ] [ "services" "kubo" "dataDir" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "defaultMode" ] [ "services" "kubo" "defaultMode" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "autoMount" ] [ "services" "kubo" "autoMount" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "autoMigrate" ] [ "services" "kubo" "autoMigrate" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "enableGC" ] [ "services" "kubo" "enableGC" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "emptyRepo" ] [ "services" "kubo" "emptyRepo" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "extraConfig" ] [ "services" "kubo" "settings" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "extraFlags" ] [ "services" "kubo" "extraFlags" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "localDiscovery" ] [ "services" "kubo" "localDiscovery" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "serviceFdlimit" ] [ "services" "kubo" "serviceFdlimit" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "startWhenNeeded" ] [ "services" "kubo" "startWhenNeeded" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "extraConfig" ] [ "services" "kubo" "settings" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) ]; } diff --git a/nixos/modules/services/network-filesystems/litestream/default.nix b/nixos/modules/services/network-filesystems/litestream/default.nix index 87f07b0501bebee..f4b0281ebbe2004 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixos/modules/services/network-filesystems/litestream/default.nix @@ -1,18 +1,15 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.litestream; settingsFormat = pkgs.formats.yaml {}; in { options.services.litestream = { - enable = mkEnableOption "litestream"; + enable = lib.mkEnableOption "litestream"; - package = mkPackageOption pkgs "litestream" { }; + package = lib.mkPackageOption pkgs "litestream" { }; - settings = mkOption { + settings = lib.mkOption { description = '' See the [documentation](https://litestream.io/reference/config/). ''; @@ -31,8 +28,8 @@ in }; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/litestream"; description = '' @@ -61,7 +58,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; environment.etc = { "litestream.yml" = { @@ -74,7 +71,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "networking.target" ]; serviceConfig = { - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; ExecStart = "${cfg.package}/bin/litestream replicate"; Restart = "always"; User = "litestream"; diff --git a/nixos/modules/services/network-filesystems/moosefs.nix b/nixos/modules/services/network-filesystems/moosefs.nix index 8d29148883ab814..2fef0bec378c271 100644 --- a/nixos/modules/services/network-filesystems/moosefs.nix +++ b/nixos/modules/services/network-filesystems/moosefs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.moosefs; @@ -9,14 +6,14 @@ let settingsFormat = let listSep = " "; - allowedTypes = with types; [ bool int float str ]; + allowedTypes = with lib.types; [ bool int float str ]; valueToString = val: - if isList val then concatStringsSep listSep (map (x: valueToString x) val) - else if isBool val then (if val then "1" else "0") + if lib.isList val then lib.concatStringsSep listSep (map (x: valueToString x) val) + else if lib.isBool val then (if val then "1" else "0") else toString val; in { - type = with types; let + type = with lib.types; let valueType = oneOf ([ (listOf valueType) ] ++ allowedTypes) // { @@ -72,24 +69,24 @@ in { options = { services.moosefs = { - masterHost = mkOption { - type = types.str; + masterHost = lib.mkOption { + type = lib.types.str; default = null; description = "IP or DNS name of master host."; }; - runAsUser = mkOption { - type = types.bool; + runAsUser = lib.mkOption { + type = lib.types.bool; default = true; example = true; description = "Run daemons as user moosefs instead of root."; }; - client.enable = mkEnableOption "Moosefs client"; + client.enable = lib.mkEnableOption "Moosefs client"; master = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; description = '' Enable Moosefs master daemon. @@ -99,8 +96,8 @@ in { default = false; }; - exports = mkOption { - type = with types; listOf str; + exports = lib.mkOption { + type = with lib.types; listOf str; default = null; description = "Paths to export (see mfsexports.cfg)."; example = [ @@ -109,18 +106,18 @@ in { ]; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; description = "Whether to automatically open the necessary ports in the firewall."; default = false; }; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.DATA_PATH = mkOption { - type = types.str; + options.DATA_PATH = lib.mkOption { + type = lib.types.str; default = "/var/lib/mfs"; description = "Data storage directory."; }; @@ -131,14 +128,14 @@ in { }; metalogger = { - enable = mkEnableOption "Moosefs metalogger daemon"; + enable = lib.mkEnableOption "Moosefs metalogger daemon"; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.DATA_PATH = mkOption { - type = types.str; + options.DATA_PATH = lib.mkOption { + type = lib.types.str; default = "/var/lib/mfs"; description = "Data storage directory"; }; @@ -149,27 +146,27 @@ in { }; chunkserver = { - enable = mkEnableOption "Moosefs chunkserver daemon"; + enable = lib.mkEnableOption "Moosefs chunkserver daemon"; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; description = "Whether to automatically open the necessary ports in the firewall."; default = false; }; - hdds = mkOption { - type = with types; listOf str; + hdds = lib.mkOption { + type = with lib.types; listOf str; default = null; description = "Mount points to be used by chunkserver for storage (see mfshdd.cfg)."; example = [ "/mnt/hdd1" ]; }; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.DATA_PATH = mkOption { - type = types.str; + options.DATA_PATH = lib.mkOption { + type = lib.types.str; default = "/var/lib/mfs"; description = "Directory for lock file."; }; @@ -183,33 +180,33 @@ in { ###### implementation - config = mkIf ( cfg.client.enable || cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) { + config = lib.mkIf ( cfg.client.enable || cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) { - warnings = [ ( mkIf (!cfg.runAsUser) "Running moosefs services as root is not recommended.") ]; + warnings = [ ( lib.mkIf (!cfg.runAsUser) "Running moosefs services as root is not recommended.") ]; # Service settings services.moosefs = { - master.settings = mkIf cfg.master.enable { + master.settings = lib.mkIf cfg.master.enable { WORKING_USER = mfsUser; EXPORTS_FILENAME = toString ( pkgs.writeText "mfsexports.cfg" - (concatStringsSep "\n" cfg.master.exports)); + (lib.concatStringsSep "\n" cfg.master.exports)); }; - metalogger.settings = mkIf cfg.metalogger.enable { + metalogger.settings = lib.mkIf cfg.metalogger.enable { WORKING_USER = mfsUser; MASTER_HOST = cfg.masterHost; }; - chunkserver.settings = mkIf cfg.chunkserver.enable { + chunkserver.settings = lib.mkIf cfg.chunkserver.enable { WORKING_USER = mfsUser; MASTER_HOST = cfg.masterHost; HDD_CONF_FILENAME = toString ( pkgs.writeText "mfshdd.cfg" - (concatStringsSep "\n" cfg.chunkserver.hdds)); + (lib.concatStringsSep "\n" cfg.chunkserver.hdds)); }; }; # Create system user account for daemons - users = mkIf ( cfg.runAsUser && ( cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) ) { + users = lib.mkIf ( cfg.runAsUser && ( cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) ) { users.moosefs = { isSystemUser = true; description = "moosefs daemon user"; @@ -228,22 +225,22 @@ in { # Ensure storage directories exist systemd.tmpfiles.rules = - optional cfg.master.enable "d ${cfg.master.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" - ++ optional cfg.metalogger.enable "d ${cfg.metalogger.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" - ++ optional cfg.chunkserver.enable "d ${cfg.chunkserver.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}"; + lib.optional cfg.master.enable "d ${cfg.master.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" + ++ lib.optional cfg.metalogger.enable "d ${cfg.metalogger.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" + ++ lib.optional cfg.chunkserver.enable "d ${cfg.chunkserver.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}"; # Service definitions - systemd.services.mfs-master = mkIf cfg.master.enable + systemd.services.mfs-master = lib.mkIf cfg.master.enable ( systemdService "master" { TimeoutStartSec = 1800; TimeoutStopSec = 1800; Restart = "no"; } masterCfg ); - systemd.services.mfs-metalogger = mkIf cfg.metalogger.enable + systemd.services.mfs-metalogger = lib.mkIf cfg.metalogger.enable ( systemdService "metalogger" { Restart = "on-abnormal"; } metaloggerCfg ); - systemd.services.mfs-chunkserver = mkIf cfg.chunkserver.enable + systemd.services.mfs-chunkserver = lib.mkIf cfg.chunkserver.enable ( systemdService "chunkserver" { Restart = "on-abnormal"; } chunkserverCfg ); }; } diff --git a/nixos/modules/services/network-filesystems/netatalk.nix b/nixos/modules/services/network-filesystems/netatalk.nix index d7eef33ad96cbe4..e8c97df3151b241 100644 --- a/nixos/modules/services/network-filesystems/netatalk.nix +++ b/nixos/modules/services/network-filesystems/netatalk.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.netatalk; settingsFormat = pkgs.formats.ini { }; @@ -10,15 +7,15 @@ in { options = { services.netatalk = { - enable = mkEnableOption "the Netatalk AFP fileserver"; + enable = lib.mkEnableOption "the Netatalk AFP fileserver"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 548; description = "TCP port to be used for AFP."; }; - settings = mkOption { + settings = lib.mkOption { inherit (settingsFormat) type; default = { }; example = { @@ -38,8 +35,8 @@ in { ''; }; - extmap = mkOption { - type = types.lines; + extmap = lib.mkOption { + type = lib.types.lines; default = ""; description = '' File name extension mappings. @@ -51,14 +48,14 @@ in { }; imports = (map (option: - mkRemovedOptionModule [ "services" "netatalk" option ] + lib.mkRemovedOptionModule [ "services" "netatalk" option ] "This option was removed in favor of `services.netatalk.settings`.") [ "extraConfig" "homes" "volumes" ]); - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.netatalk.settings.Global = { "afp port" = toString cfg.port; diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index c40bcf28c28f107..67597d37813fe7c 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.nfs.server; @@ -12,8 +9,8 @@ in { imports = [ - (mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ]) - (mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ]) + (lib.mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ]) + (lib.mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ]) ]; ###### interface @@ -23,24 +20,24 @@ in services.nfs = { server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the kernel's NFS server. ''; }; - extraNfsdConfig = mkOption { - type = types.str; + extraNfsdConfig = lib.mkOption { + type = lib.types.str; default = ""; description = '' Extra configuration options for the [nfsd] section of /etc/nfs.conf. ''; }; - exports = mkOption { - type = types.lines; + exports = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Contents of the /etc/exports file. See @@ -48,8 +45,8 @@ in ''; }; - hostName = mkOption { - type = types.nullOr types.str; + hostName = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Hostname or address on which NFS requests will be accepted. @@ -58,22 +55,22 @@ in ''; }; - nproc = mkOption { - type = types.int; + nproc = lib.mkOption { + type = lib.types.int; default = 8; description = '' Number of NFS server threads. Defaults to the recommended value of 8. ''; }; - createMountPoints = mkOption { - type = types.bool; + createMountPoints = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to create the mount points in the exports file at startup time."; }; - mountdPort = mkOption { - type = types.nullOr types.int; + mountdPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 4002; description = '' @@ -81,8 +78,8 @@ in ''; }; - lockdPort = mkOption { - type = types.nullOr types.int; + lockdPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 4001; description = '' @@ -92,8 +89,8 @@ in ''; }; - statdPort = mkOption { - type = types.nullOr types.int; + statdPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 4000; description = '' @@ -111,7 +108,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.rpcbind.enable = true; @@ -137,7 +134,7 @@ in '' mkdir -p /var/lib/nfs - ${optionalString cfg.createMountPoints + ${lib.optionalString cfg.createMountPoints '' # create export directories: # skip comments, take first col which may either be a quoted diff --git a/nixos/modules/services/network-filesystems/orangefs/client.nix b/nixos/modules/services/network-filesystems/orangefs/client.nix index 0632a9bc952792b..3923289e6f64161 100644 --- a/nixos/modules/services/network-filesystems/orangefs/client.nix +++ b/nixos/modules/services/network-filesystems/orangefs/client.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ...} : - -with lib; - let cfg = config.services.orangefs.client; @@ -10,15 +7,15 @@ in { options = { services.orangefs.client = { - enable = mkEnableOption "OrangeFS client daemon"; + enable = lib.mkEnableOption "OrangeFS client daemon"; - extraOptions = mkOption { - type = with types; listOf str; + extraOptions = lib.mkOption { + type = with lib.types; listOf str; default = []; description = "Extra command line options for pvfs2-client."; }; - fileSystems = mkOption { + fileSystems = lib.mkOption { description = '' The orangefs file systems to be mounted. This option is preferred over using {option}`fileSystems` directly since @@ -30,23 +27,23 @@ in { target = "tcp://server:3334/orangefs"; }]; - type = with types; listOf (submodule ({ ... } : { + type = with lib.types; listOf (submodule ({ ... } : { options = { - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; default = "/orangefs"; description = "Mount point."; }; - options = mkOption { - type = with types; listOf str; + options = lib.mkOption { + type = with lib.types; listOf str; default = []; description = "Mount options"; }; - target = mkOption { - type = types.str; + target = lib.mkOption { + type = lib.types.str; example = "tcp://server:3334/orangefs"; description = "Target URL"; }; @@ -59,7 +56,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.orangefs ]; boot.supportedFilesystems = [ "pvfs2" ]; @@ -74,7 +71,7 @@ in { ExecStart = '' ${pkgs.orangefs}/bin/pvfs2-client-core \ - --logtype=syslog ${concatStringsSep " " cfg.extraOptions} + --logtype=syslog ${lib.concatStringsSep " " cfg.extraOptions} ''; TimeoutStopSec = "120"; @@ -87,7 +84,7 @@ in { bindsTo = [ "orangefs-client.service" ]; wantedBy = [ "remote-fs.target" ]; type = "pvfs2"; - options = concatStringsSep "," fs.options; + options = lib.concatStringsSep "," fs.options; what = fs.target; where = fs.mountPoint; }) cfg.fileSystems; diff --git a/nixos/modules/services/network-filesystems/orangefs/server.nix b/nixos/modules/services/network-filesystems/orangefs/server.nix index 9fbf37f0d00a790..c198d47645592b7 100644 --- a/nixos/modules/services/network-filesystems/orangefs/server.nix +++ b/nixos/modules/services/network-filesystems/orangefs/server.nix @@ -1,19 +1,16 @@ { config, lib, pkgs, ...} : - -with lib; - let cfg = config.services.orangefs.server; - aliases = mapAttrsToList (alias: url: alias) cfg.servers; + aliases = lib.mapAttrsToList (alias: url: alias) cfg.servers; # Maximum handle number is 2^63 maxHandle = 9223372036854775806; # One range of handles for each meta/data instance - handleStep = maxHandle / (length aliases) / 2; + handleStep = maxHandle / (lib.length aliases) / 2; - fileSystems = mapAttrsToList (name: fs: '' + fileSystems = lib.mapAttrsToList (name: fs: '' Name ${name} ID ${toString fs.id} @@ -22,8 +19,8 @@ let ${fs.extraConfig} - ${concatStringsSep "\n" ( - imap0 (i: alias: + ${lib.concatStringsSep "\n" ( + lib.imap0 (i: alias: let begin = i * handleStep + 3; end = begin + handleStep - 1; @@ -32,10 +29,10 @@ let - ${concatStringsSep "\n" ( - imap0 (i: alias: + ${lib.concatStringsSep "\n" ( + lib.imap0 (i: alias: let - begin = i * handleStep + 3 + (length aliases) * handleStep; + begin = i * handleStep + 3 + (lib.length aliases) * handleStep; end = begin + handleStep - 1; in "Range ${alias} ${toString begin}-${toString end}") aliases )} @@ -56,17 +53,17 @@ let DataStorageSpace ${cfg.dataStorageSpace} MetaDataStorageSpace ${cfg.metadataStorageSpace} - BMIModules ${concatStringsSep "," cfg.BMIModules} + BMIModules ${lib.concatStringsSep "," cfg.BMIModules} ${cfg.extraDefaults} ${cfg.extraConfig} - ${concatStringsSep "\n" (mapAttrsToList (alias: url: "Alias ${alias} ${url}") cfg.servers)} + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (alias: url: "Alias ${alias} ${url}") cfg.servers)} - ${concatStringsSep "\n" fileSystems} + ${lib.concatStringsSep "\n" fileSystems} ''; in { @@ -74,49 +71,49 @@ in { options = { services.orangefs.server = { - enable = mkEnableOption "OrangeFS server"; + enable = lib.mkEnableOption "OrangeFS server"; - logType = mkOption { - type = with types; enum [ "file" "syslog" ]; + logType = lib.mkOption { + type = with lib.types; enum [ "file" "syslog" ]; default = "syslog"; description = "Destination for log messages."; }; - dataStorageSpace = mkOption { - type = types.nullOr types.str; + dataStorageSpace = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/data/storage"; description = "Directory for data storage."; }; - metadataStorageSpace = mkOption { - type = types.nullOr types.str; + metadataStorageSpace = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/data/meta"; description = "Directory for meta data storage."; }; - BMIModules = mkOption { - type = with types; listOf str; + BMIModules = lib.mkOption { + type = with lib.types; listOf str; default = [ "bmi_tcp" ]; example = [ "bmi_tcp" "bmi_ib"]; description = "List of BMI modules to load."; }; - extraDefaults = mkOption { - type = types.lines; + extraDefaults = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for `` section."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for the global section."; }; - servers = mkOption { - type = with types; attrsOf types.str; + servers = lib.mkOption { + type = with lib.types; attrsOf lib.types.str; default = {}; example = { node1 = "tcp://node1:3334"; @@ -125,12 +122,12 @@ in { description = "URLs for storage server including port. The attribute names define the server alias."; }; - fileSystems = mkOption { + fileSystems = lib.mkOption { description = '' These options will create the `` sections of config file. ''; default = { orangefs = {}; }; - example = literalExpression '' + example = lib.literalExpression '' { fs1 = { id = 101; @@ -141,40 +138,40 @@ in { }; } ''; - type = with types; attrsOf (submodule ({ ... } : { + type = with lib.types; attrsOf (submodule ({ ... } : { options = { - id = mkOption { - type = types.int; + id = lib.mkOption { + type = lib.types.int; default = 1; description = "File system ID (must be unique within configuration)."; }; - rootHandle = mkOption { - type = types.int; + rootHandle = lib.mkOption { + type = lib.types.int; default = 3; description = "File system root ID."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for `` section."; }; - troveSyncMeta = mkOption { - type = types.bool; + troveSyncMeta = lib.mkOption { + type = lib.types.bool; default = true; description = "Sync meta data."; }; - troveSyncData = mkOption { - type = types.bool; + troveSyncData = lib.mkOption { + type = lib.types.bool; default = false; description = "Sync data."; }; - extraStorageHints = mkOption { - type = types.lines; + extraStorageHints = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for `` section."; }; @@ -186,7 +183,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.orangefs ]; # orangefs daemon will run as user diff --git a/nixos/modules/services/network-filesystems/rsyncd.nix b/nixos/modules/services/network-filesystems/rsyncd.nix index 49bc7caf2ee4a90..93dc41c3c956e84 100644 --- a/nixos/modules/services/network-filesystems/rsyncd.nix +++ b/nixos/modules/services/network-filesystems/rsyncd.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.rsyncd; settingsFormat = pkgs.formats.ini { }; @@ -10,15 +7,15 @@ in { options = { services.rsyncd = { - enable = mkEnableOption "the rsync daemon"; + enable = lib.mkEnableOption "the rsync daemon"; - port = mkOption { + port = lib.mkOption { default = 873; - type = types.port; + type = lib.types.port; description = "TCP port the daemon will listen on."; }; - settings = mkOption { + settings = lib.mkOption { inherit (settingsFormat) type; default = { }; example = { @@ -45,9 +42,9 @@ in { ''; }; - socketActivated = mkOption { + socketActivated = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "If enabled Rsync will be socket-activated rather than run persistently."; }; @@ -55,7 +52,7 @@ in { }; imports = (map (option: - mkRemovedOptionModule [ "services" "rsyncd" option ] + lib.mkRemovedOptionModule [ "services" "rsyncd" option ] "This option was removed in favor of `services.rsyncd.settings`.") [ "address" "extraConfig" @@ -64,7 +61,7 @@ in { "group" ]); - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.rsyncd.settings.global.port = toString cfg.port; diff --git a/nixos/modules/services/network-filesystems/samba-wsdd.nix b/nixos/modules/services/network-filesystems/samba-wsdd.nix index f46bf802511aeb3..60ede5a1bda21bd 100644 --- a/nixos/modules/services/network-filesystems/samba-wsdd.nix +++ b/nixos/modules/services/network-filesystems/samba-wsdd.nix @@ -1,65 +1,62 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.samba-wsdd; in { options = { services.samba-wsdd = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows ''; - interface = mkOption { - type = types.nullOr types.str; + interface = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "eth0"; description = "Interface or address to use."; }; - hoplimit = mkOption { - type = types.nullOr types.int; + hoplimit = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 2; description = "Hop limit for multicast packets (default = 1)."; }; - openFirewall = mkOption { + openFirewall = lib.mkOption { description = '' Whether to open the required firewall ports in the firewall. ''; default = false; type = lib.types.bool; }; - workgroup = mkOption { - type = types.nullOr types.str; + workgroup = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "HOME"; description = "Set workgroup name (default WORKGROUP)."; }; - hostname = mkOption { - type = types.nullOr types.str; + hostname = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "FILESERVER"; description = "Override (NetBIOS) hostname to be used (default hostname)."; }; - domain = mkOption { - type = types.nullOr types.str; + domain = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = "Set domain name (disables workgroup)."; }; - discovery = mkOption { - type = types.bool; + discovery = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable discovery operation mode."; }; - listen = mkOption { - type = types.str; + listen = lib.mkOption { + type = lib.types.str; default = "/run/wsdd/wsdd.sock"; description = "Listen on path or localhost port in discovery mode."; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "--shortlog" ]; example = [ "--verbose" "--no-http" "--ipv4only" "--no-host" ]; description = "Additional wsdd options."; @@ -67,7 +64,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.wsdd ]; @@ -79,13 +76,13 @@ in { DynamicUser = true; Type = "simple"; ExecStart = '' - ${pkgs.wsdd}/bin/wsdd ${optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \ - ${optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \ - ${optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \ - ${optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \ - ${optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \ - ${optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \ - ${escapeShellArgs cfg.extraOptions} + ${pkgs.wsdd}/bin/wsdd ${lib.optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \ + ${lib.optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \ + ${lib.optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \ + ${lib.optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \ + ${lib.optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \ + ${lib.optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \ + ${lib.escapeShellArgs cfg.extraOptions} ''; # Runtime directory and mode RuntimeDirectory = "wsdd"; @@ -121,7 +118,7 @@ in { }; }; - networking.firewall = mkIf cfg.openFirewall { + networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ 5357 ]; allowedUDPPorts = [ 3702 ]; }; diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index cb68a27b20dd45f..8df25e6373cabb2 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -1,12 +1,9 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.samba; settingsFormat = pkgs.formats.ini { - listToValue = lib.concatMapStringsSep " " (generators.mkValueStringDefault { }); + listToValue = lib.concatMapStringsSep " " (lib.generators.mkValueStringDefault { }); }; # Ensure the global section is always first globalConfigFile = settingsFormat.generate "smb-global.conf" { global = cfg.settings.global; }; @@ -23,8 +20,8 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "") - (mkRemovedOptionModule [ "services" "samba" "syncPasswordsByPam" ] "This option has been removed by upstream, see https://bugzilla.samba.org/show_bug.cgi?id=10669#c10") + (lib.mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "") + (lib.mkRemovedOptionModule [ "services" "samba" "syncPasswordsByPam" ] "This option has been removed by upstream, see https://bugzilla.samba.org/show_bug.cgi?id=10669#c10") (lib.mkRemovedOptionModule [ "services" "samba" "configText" ] '' Use services.samba.settings instead. @@ -166,7 +163,7 @@ in ###### implementation - config = mkMerge + config = lib.mkMerge [ { assertions = [ { assertion = cfg.nsswins -> cfg.winbindd.enable; message = "If services.samba.nsswins is enabled, then services.samba.winbindd.enable must also be enabled"; @@ -177,8 +174,8 @@ in (lib.mkIf cfg.enable { environment.etc."samba/smb.conf".source = configFile; - system.nssModules = optional cfg.nsswins cfg.package; - system.nssDatabases.hosts = optional cfg.nsswins "wins"; + system.nssModules = lib.optional cfg.nsswins cfg.package; + system.nssDatabases.hosts = lib.optional cfg.nsswins "wins"; systemd = { slices.system-samba = { @@ -210,8 +207,8 @@ in setuid = true; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ]; - networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ]; + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 139 445 ]; + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ 137 138 ]; }) (lib.mkIf (cfg.enable && cfg.nmbd.enable) { diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix index cfda62020a1eecf..e3296e6f66d5404 100644 --- a/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -1,57 +1,55 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.tahoe; in { options.services.tahoe = { - introducers = mkOption { + introducers = lib.mkOption { default = {}; - type = with types; attrsOf (submodule { + type = with lib.types; attrsOf (submodule { options = { - nickname = mkOption { - type = types.str; + nickname = lib.mkOption { + type = lib.types.str; description = '' The nickname of this Tahoe introducer. ''; }; - tub.port = mkOption { + tub.port = lib.mkOption { default = 3458; - type = types.port; + type = lib.types.port; description = '' The port on which the introducer will listen. ''; }; - tub.location = mkOption { + tub.location = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The external location that the introducer should listen on. If specified, the port should be included. ''; }; - package = mkPackageOption pkgs "tahoelafs" { }; + package = lib.mkPackageOption pkgs "tahoelafs" { }; }; }); description = '' The Tahoe introducers. ''; }; - nodes = mkOption { + nodes = lib.mkOption { default = {}; - type = with types; attrsOf (submodule { + type = with lib.types; attrsOf (submodule { options = { - nickname = mkOption { - type = types.str; + nickname = lib.mkOption { + type = lib.types.str; description = '' The nickname of this Tahoe node. ''; }; - tub.port = mkOption { + tub.port = lib.mkOption { default = 3457; - type = types.port; + type = lib.types.port; description = '' The port on which the tub will listen. @@ -59,9 +57,9 @@ in system to listen on a different port. ''; }; - tub.location = mkOption { + tub.location = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The external location that the node should listen on. @@ -71,9 +69,9 @@ in If specified, the port should be included. ''; }; - web.port = mkOption { + web.port = lib.mkOption { default = 3456; - type = types.port; + type = lib.types.port; description = '' The port on which the Web server will listen. @@ -81,59 +79,59 @@ in listen on a different port. ''; }; - client.introducer = mkOption { + client.introducer = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The furl for a Tahoe introducer node. Like all furls, keep this safe and don't share it. ''; }; - client.helper = mkOption { + client.helper = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The furl for a Tahoe helper node. Like all furls, keep this safe and don't share it. ''; }; - client.shares.needed = mkOption { + client.shares.needed = lib.mkOption { default = 3; - type = types.int; + type = lib.types.int; description = '' The number of shares required to reconstitute a file. ''; }; - client.shares.happy = mkOption { + client.shares.happy = lib.mkOption { default = 7; - type = types.int; + type = lib.types.int; description = '' The number of distinct storage nodes required to store a file. ''; }; - client.shares.total = mkOption { + client.shares.total = lib.mkOption { default = 10; - type = types.int; + type = lib.types.int; description = '' The number of shares required to store a file. ''; }; - storage.enable = mkEnableOption "storage service"; - storage.reservedSpace = mkOption { + storage.enable = lib.mkEnableOption "storage service"; + storage.reservedSpace = lib.mkOption { default = "1G"; - type = types.str; + type = lib.types.str; description = '' The amount of filesystem space to not use for storage. ''; }; - helper.enable = mkEnableOption "helper service"; - sftpd.enable = mkEnableOption "SFTP service"; - sftpd.port = mkOption { + helper.enable = lib.mkEnableOption "helper service"; + sftpd.enable = lib.mkEnableOption "SFTP service"; + sftpd.port = lib.mkOption { default = null; - type = types.nullOr types.int; + type = lib.types.nullOr lib.types.int; description = '' The port on which the SFTP server will listen. @@ -141,35 +139,35 @@ in daemon to listen on a different port. ''; }; - sftpd.hostPublicKeyFile = mkOption { + sftpd.hostPublicKeyFile = lib.mkOption { default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; description = '' Path to the SSH host public key. ''; }; - sftpd.hostPrivateKeyFile = mkOption { + sftpd.hostPrivateKeyFile = lib.mkOption { default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; description = '' Path to the SSH host private key. ''; }; - sftpd.accounts.file = mkOption { + sftpd.accounts.file = lib.mkOption { default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; description = '' Path to the accounts file. ''; }; - sftpd.accounts.url = mkOption { + sftpd.accounts.url = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' URL of the accounts server. ''; }; - package = mkPackageOption pkgs "tahoelafs" { }; + package = lib.mkPackageOption pkgs "tahoelafs" { }; }; }); description = '' @@ -177,11 +175,11 @@ in ''; }; }; - config = mkMerge [ - (mkIf (cfg.introducers != {}) { + config = lib.mkMerge [ + (lib.mkIf (cfg.introducers != {}) { environment = { - etc = flip mapAttrs' cfg.introducers (node: settings: - nameValuePair "tahoe-lafs/introducer-${node}.cfg" { + etc = lib.flip lib.mapAttrs' cfg.introducers (node: settings: + lib.nameValuePair "tahoe-lafs/introducer-${node}.cfg" { mode = "0444"; text = '' # This configuration is generated by Nix. Edit at your own @@ -190,25 +188,25 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} - ${optionalString (settings.tub.location != null) + ${lib.optionalString (settings.tub.location != null) "tub.location = ${settings.tub.location}"} ''; }); # Actually require Tahoe, so that we will have it installed. - systemPackages = flip mapAttrsToList cfg.introducers (node: settings: + systemPackages = lib.flip lib.mapAttrsToList cfg.introducers (node: settings: settings.package ); }; # Open up the firewall. - # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers + # networking.firewall.allowedTCPPorts = lib.flip lib.mapAttrsToList cfg.introducers # (node: settings: settings.tub.port); - systemd.services = flip mapAttrs' cfg.introducers (node: settings: + systemd.services = lib.flip lib.mapAttrs' cfg.introducers (node: settings: let pidfile = "/run/tahoe.introducer-${node}.pid"; # This is a directory, but it has no trailing slash. Tahoe commands # get antsy when there's a trailing slash. nodedir = "/var/db/tahoe-lafs/introducer-${node}"; - in nameValuePair "tahoe.introducer-${node}" { + in lib.nameValuePair "tahoe.introducer-${node}" { description = "Tahoe LAFS node ${node}"; wantedBy = [ "multi-user.target" ]; path = [ settings.package ]; @@ -242,16 +240,16 @@ in cp /etc/tahoe-lafs/introducer-"${node}".cfg ${lib.escapeShellArg nodedir}/tahoe.cfg ''; }); - users.users = flip mapAttrs' cfg.introducers (node: _: - nameValuePair "tahoe.introducer-${node}" { + users.users = lib.flip lib.mapAttrs' cfg.introducers (node: _: + lib.nameValuePair "tahoe.introducer-${node}" { description = "Tahoe node user for introducer ${node}"; isSystemUser = true; }); }) - (mkIf (cfg.nodes != {}) { + (lib.mkIf (cfg.nodes != {}) { environment = { - etc = flip mapAttrs' cfg.nodes (node: settings: - nameValuePair "tahoe-lafs/${node}.cfg" { + etc = lib.flip lib.mapAttrs' cfg.nodes (node: settings: + lib.nameValuePair "tahoe-lafs/${node}.cfg" { mode = "0444"; text = '' # This configuration is generated by Nix. Edit at your own @@ -260,16 +258,16 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} - ${optionalString (settings.tub.location != null) + ${lib.optionalString (settings.tub.location != null) "tub.location = ${settings.tub.location}"} # This is a Twisted endpoint. Twisted Web doesn't work on # non-TCP. ~ C. web.port = tcp:${toString settings.web.port} [client] - ${optionalString (settings.client.introducer != null) + ${lib.optionalString (settings.client.introducer != null) "introducer.furl = ${settings.client.introducer}"} - ${optionalString (settings.client.helper != null) + ${lib.optionalString (settings.client.helper != null) "helper.furl = ${settings.client.helper}"} shares.needed = ${toString settings.client.shares.needed} @@ -277,41 +275,41 @@ in shares.total = ${toString settings.client.shares.total} [storage] - enabled = ${boolToString settings.storage.enable} + enabled = ${lib.boolToString settings.storage.enable} reserved_space = ${settings.storage.reservedSpace} [helper] - enabled = ${boolToString settings.helper.enable} + enabled = ${lib.boolToString settings.helper.enable} [sftpd] - enabled = ${boolToString settings.sftpd.enable} - ${optionalString (settings.sftpd.port != null) + enabled = ${lib.boolToString settings.sftpd.enable} + ${lib.optionalString (settings.sftpd.port != null) "port = ${toString settings.sftpd.port}"} - ${optionalString (settings.sftpd.hostPublicKeyFile != null) + ${lib.optionalString (settings.sftpd.hostPublicKeyFile != null) "host_pubkey_file = ${settings.sftpd.hostPublicKeyFile}"} - ${optionalString (settings.sftpd.hostPrivateKeyFile != null) + ${lib.optionalString (settings.sftpd.hostPrivateKeyFile != null) "host_privkey_file = ${settings.sftpd.hostPrivateKeyFile}"} - ${optionalString (settings.sftpd.accounts.file != null) + ${lib.optionalString (settings.sftpd.accounts.file != null) "accounts.file = ${settings.sftpd.accounts.file}"} - ${optionalString (settings.sftpd.accounts.url != null) + ${lib.optionalString (settings.sftpd.accounts.url != null) "accounts.url = ${settings.sftpd.accounts.url}"} ''; }); # Actually require Tahoe, so that we will have it installed. - systemPackages = flip mapAttrsToList cfg.nodes (node: settings: + systemPackages = lib.flip lib.mapAttrsToList cfg.nodes (node: settings: settings.package ); }; # Open up the firewall. - # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes + # networking.firewall.allowedTCPPorts = lib.flip lib.mapAttrsToList cfg.nodes # (node: settings: settings.tub.port); - systemd.services = flip mapAttrs' cfg.nodes (node: settings: + systemd.services = lib.flip lib.mapAttrs' cfg.nodes (node: settings: let pidfile = "/run/tahoe.${node}.pid"; # This is a directory, but it has no trailing slash. Tahoe commands # get antsy when there's a trailing slash. nodedir = "/var/db/tahoe-lafs/${node}"; - in nameValuePair "tahoe.${node}" { + in lib.nameValuePair "tahoe.${node}" { description = "Tahoe LAFS node ${node}"; wantedBy = [ "multi-user.target" ]; path = [ settings.package ]; @@ -342,8 +340,8 @@ in cp /etc/tahoe-lafs/${lib.escapeShellArg node}.cfg ${lib.escapeShellArg nodedir}/tahoe.cfg ''; }); - users.users = flip mapAttrs' cfg.nodes (node: _: - nameValuePair "tahoe.${node}" { + users.users = lib.flip lib.mapAttrs' cfg.nodes (node: _: + lib.nameValuePair "tahoe.${node}" { description = "Tahoe node user for node ${node}"; isSystemUser = true; }); diff --git a/nixos/modules/services/network-filesystems/u9fs.nix b/nixos/modules/services/network-filesystems/u9fs.nix index 2233d6f2a60d28a..346705f5e3d00d9 100644 --- a/nixos/modules/services/network-filesystems/u9fs.nix +++ b/nixos/modules/services/network-filesystems/u9fs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.u9fs; in @@ -11,14 +8,14 @@ in services.u9fs = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to run the u9fs 9P server for Unix."; }; - listenStreams = mkOption { - type = types.listOf types.str; + listenStreams = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "564" ]; example = [ "192.168.16.1:564" ]; description = '' @@ -27,14 +24,14 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "nobody"; description = "User to run u9fs under."; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; default = ""; example = "-a none"; description = '' @@ -47,7 +44,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { sockets.u9fs = { diff --git a/nixos/modules/services/network-filesystems/webdav-server-rs.nix b/nixos/modules/services/network-filesystems/webdav-server-rs.nix index 7e83d78db5b064b..31f641a82d797fc 100644 --- a/nixos/modules/services/network-filesystems/webdav-server-rs.nix +++ b/nixos/modules/services/network-filesystems/webdav-server-rs.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.webdav-server-rs; format = pkgs.formats.toml { }; - settings = recursiveUpdate + settings = lib.recursiveUpdate { server.uid = config.users.users."${cfg.user}".uid; server.gid = config.users.groups."${cfg.group}".gid; @@ -14,27 +12,27 @@ in { options = { services.webdav-server-rs = { - enable = mkEnableOption "WebDAV server"; + enable = lib.mkEnableOption "WebDAV server"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "User to run under when setuid is not enabled."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "Group to run under when setuid is not enabled."; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable debug mode."; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -42,7 +40,7 @@ in options can be found at [here](https://github.com/miquels/webdav-server-rs/blob/master/webdav-server.toml). ''; - example = literalExpression '' + example = lib.literalExpression '' { server.listen = [ "0.0.0.0:4918" "[::]:4918" ]; accounts = { @@ -75,8 +73,8 @@ in ''; }; - configFile = mkOption { - type = types.path; + configFile = lib.mkOption { + type = lib.types.path; default = format.generate "webdav-server.toml" settings; defaultText = "Config file generated from services.webdav-server-rs.settings"; description = '' @@ -88,19 +86,19 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { - assertion = hasAttr cfg.user config.users.users && config.users.users."${cfg.user}".uid != null; + assertion = lib.hasAttr cfg.user config.users.users && config.users.users."${cfg.user}".uid != null; message = "users.users.${cfg.user} and users.users.${cfg.user}.uid must be defined."; } { - assertion = hasAttr cfg.group config.users.groups && config.users.groups."${cfg.group}".gid != null; + assertion = lib.hasAttr cfg.group config.users.groups && config.users.groups."${cfg.group}".gid != null; message = "users.groups.${cfg.group} and users.groups.${cfg.group}.gid must be defined."; } ]; - users.users = optionalAttrs (cfg.user == "webdav") { + users.users = lib.optionalAttrs (cfg.user == "webdav") { webdav = { description = "WebDAV user"; group = cfg.group; @@ -108,7 +106,7 @@ in }; }; - users.groups = optionalAttrs (cfg.group == "webdav") { + users.groups = lib.optionalAttrs (cfg.group == "webdav") { webdav.gid = config.ids.gids.webdav; }; @@ -146,5 +144,5 @@ in }; }; - meta.maintainers = with maintainers; [ pmy ]; + meta.maintainers = with lib.maintainers; [ pmy ]; } diff --git a/nixos/modules/services/network-filesystems/webdav.nix b/nixos/modules/services/network-filesystems/webdav.nix index 7e435fc65253cc5..28f129fc12d290b 100644 --- a/nixos/modules/services/network-filesystems/webdav.nix +++ b/nixos/modules/services/network-filesystems/webdav.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.webdav; format = pkgs.formats.yaml { }; @@ -8,21 +6,21 @@ in { options = { services.webdav = { - enable = mkEnableOption "WebDAV server"; + enable = lib.mkEnableOption "WebDAV server"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "User account under which WebDAV runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "Group under which WebDAV runs."; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -36,7 +34,7 @@ in [EnvironmentFile](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=). This prevents adding secrets to the world-readable Nix store. ''; - example = literalExpression '' + example = lib.literalExpression '' { address = "0.0.0.0"; port = 8080; @@ -53,8 +51,8 @@ in ''; }; - configFile = mkOption { - type = types.path; + configFile = lib.mkOption { + type = lib.types.path; default = format.generate "webdav.yaml" cfg.settings; defaultText = "Config file generated from services.webdav.settings"; description = '' @@ -64,8 +62,8 @@ in example = "/etc/webdav/config.yaml"; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' Environment file as defined in {manpage}`systemd.exec(5)`. @@ -74,8 +72,8 @@ in }; }; - config = mkIf cfg.enable { - users.users = mkIf (cfg.user == "webdav") { + config = lib.mkIf cfg.enable { + users.users = lib.mkIf (cfg.user == "webdav") { webdav = { description = "WebDAV daemon user"; group = cfg.group; @@ -83,7 +81,7 @@ in }; }; - users.groups = mkIf (cfg.group == "webdav") { + users.groups = lib.mkIf (cfg.group == "webdav") { webdav.gid = config.ids.gids.webdav; }; @@ -96,10 +94,10 @@ in Restart = "on-failure"; User = cfg.user; Group = cfg.group; - EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; }; }; }; - meta.maintainers = with maintainers; [ pmy ]; + meta.maintainers = with lib.maintainers; [ pmy ]; } diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix index 78a0272c0567e3a..e2cde1903edd203 100644 --- a/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.xtreemfs; @@ -29,13 +26,13 @@ let dirConfig = pkgs.writeText "xtreemfs-dir-config.properties" '' uuid = ${cfg.dir.uuid} listen.port = ${toString cfg.dir.port} - ${optionalString (cfg.dir.address != "") "listen.address = ${cfg.dir.address}"} + ${lib.optionalString (cfg.dir.address != "") "listen.address = ${cfg.dir.address}"} http_port = ${toString cfg.dir.httpPort} babudb.baseDir = ${home}/dir/database babudb.logDir = ${home}/dir/db-log babudb.sync = ${if cfg.dir.replication.enable then "FDATASYNC" else cfg.dir.syncMode} - ${optionalString cfg.dir.replication.enable "babudb.plugin.0 = ${dirReplicationConfig}"} + ${lib.optionalString cfg.dir.replication.enable "babudb.plugin.0 = ${dirReplicationConfig}"} ${cfg.dir.extraConfig} ''; @@ -51,13 +48,13 @@ let mrcConfig = pkgs.writeText "xtreemfs-mrc-config.properties" '' uuid = ${cfg.mrc.uuid} listen.port = ${toString cfg.mrc.port} - ${optionalString (cfg.mrc.address != "") "listen.address = ${cfg.mrc.address}"} + ${lib.optionalString (cfg.mrc.address != "") "listen.address = ${cfg.mrc.address}"} http_port = ${toString cfg.mrc.httpPort} babudb.baseDir = ${home}/mrc/database babudb.logDir = ${home}/mrc/db-log babudb.sync = ${if cfg.mrc.replication.enable then "FDATASYNC" else cfg.mrc.syncMode} - ${optionalString cfg.mrc.replication.enable "babudb.plugin.0 = ${mrcReplicationConfig}"} + ${lib.optionalString cfg.mrc.replication.enable "babudb.plugin.0 = ${mrcReplicationConfig}"} ${cfg.mrc.extraConfig} ''; @@ -65,14 +62,14 @@ let osdConfig = pkgs.writeText "xtreemfs-osd-config.properties" '' uuid = ${cfg.osd.uuid} listen.port = ${toString cfg.osd.port} - ${optionalString (cfg.osd.address != "") "listen.address = ${cfg.osd.address}"} + ${lib.optionalString (cfg.osd.address != "") "listen.address = ${cfg.osd.address}"} http_port = ${toString cfg.osd.httpPort} object_dir = ${home}/osd/ ${cfg.osd.extraConfig} ''; - optionalDir = optionals cfg.dir.enable ["xtreemfs-dir.service"]; + optionalDir = lib.optionals cfg.dir.enable ["xtreemfs-dir.service"]; systemdOptionalDependencies = { after = [ "network.target" ] ++ optionalDir; @@ -89,10 +86,10 @@ in services.xtreemfs = { - enable = mkEnableOption "XtreemFS"; + enable = lib.mkEnableOption "XtreemFS"; - homeDir = mkOption { - type = types.path; + homeDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/xtreemfs"; description = '' XtreemFS home dir for the xtreemfs user. @@ -100,32 +97,32 @@ in }; dir = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable XtreemFS DIR service. ''; }; - uuid = mkOption { + uuid = lib.mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e40"; - type = types.str; + type = lib.types.str; description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. ''; }; - port = mkOption { + port = lib.mkOption { default = 32638; - type = types.port; + type = lib.types.port; description = '' The port to listen on for incoming connections (TCP). ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; example = "127.0.0.1"; default = ""; description = '' @@ -133,16 +130,16 @@ in specified, the service will listen on all interfaces (any). ''; }; - httpPort = mkOption { + httpPort = lib.mkOption { default = 30638; - type = types.port; + type = lib.types.port; description = '' Specifies the listen port for the HTTP service that returns the status page. ''; }; - syncMode = mkOption { - type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; + syncMode = lib.mkOption { + type = lib.types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; default = "FSYNC"; example = "FDATASYNC"; description = '' @@ -160,8 +157,8 @@ in (If xtreemfs.dir.replication.enable is true then FDATASYNC is forced) ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; example = '' # specify whether SSL is required @@ -180,9 +177,9 @@ in ''; }; replication = { - enable = mkEnableOption "XtreemFS DIR replication plugin"; - extraConfig = mkOption { - type = types.lines; + enable = lib.mkEnableOption "XtreemFS DIR replication plugin"; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 @@ -225,50 +222,50 @@ in }; mrc = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable XtreemFS MRC service. ''; }; - uuid = mkOption { + uuid = lib.mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e41"; - type = types.str; + type = lib.types.str; description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. ''; }; - port = mkOption { + port = lib.mkOption { default = 32636; - type = types.port; + type = lib.types.port; description = '' The port to listen on for incoming connections (TCP). ''; }; - address = mkOption { + address = lib.mkOption { example = "127.0.0.1"; - type = types.str; + type = lib.types.str; default = ""; description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; }; - httpPort = mkOption { + httpPort = lib.mkOption { default = 30636; - type = types.port; + type = lib.types.port; description = '' Specifies the listen port for the HTTP service that returns the status page. ''; }; - syncMode = mkOption { + syncMode = lib.mkOption { default = "FSYNC"; - type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; + type = lib.types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; example = "FDATASYNC"; description = '' The sync mode influences how operations are committed to the disk @@ -285,8 +282,8 @@ in (If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced) ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' osd_check_interval = 300 no_atime = true @@ -323,9 +320,9 @@ in ''; }; replication = { - enable = mkEnableOption "XtreemFS MRC replication plugin"; - extraConfig = mkOption { - type = types.lines; + enable = lib.mkEnableOption "XtreemFS MRC replication plugin"; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 @@ -368,49 +365,49 @@ in }; osd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable XtreemFS OSD service. ''; }; - uuid = mkOption { + uuid = lib.mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e42"; - type = types.str; + type = lib.types.str; description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. ''; }; - port = mkOption { + port = lib.mkOption { default = 32640; - type = types.port; + type = lib.types.port; description = '' The port to listen on for incoming connections (TCP and UDP). ''; }; - address = mkOption { + address = lib.mkOption { example = "127.0.0.1"; - type = types.str; + type = lib.types.str; default = ""; description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; }; - httpPort = mkOption { + httpPort = lib.mkOption { default = 30640; - type = types.port; + type = lib.types.port; description = '' Specifies the listen port for the HTTP service that returns the status page. ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' local_clock_renewal = 0 remote_time_sync = 30000 @@ -464,7 +461,7 @@ in { gid = config.ids.gids.xtreemfs; }; - systemd.services.xtreemfs-dir = mkIf cfg.dir.enable { + systemd.services.xtreemfs-dir = lib.mkIf cfg.dir.enable { description = "XtreemFS-DIR Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -474,7 +471,7 @@ in }; }; - systemd.services.xtreemfs-mrc = mkIf cfg.mrc.enable ({ + systemd.services.xtreemfs-mrc = lib.mkIf cfg.mrc.enable ({ description = "XtreemFS-MRC Server"; serviceConfig = { User = "xtreemfs"; @@ -482,7 +479,7 @@ in }; } // systemdOptionalDependencies); - systemd.services.xtreemfs-osd = mkIf cfg.osd.enable ({ + systemd.services.xtreemfs-osd = lib.mkIf cfg.osd.enable ({ description = "XtreemFS-OSD Server"; serviceConfig = { User = "xtreemfs"; diff --git a/nixos/modules/services/network-filesystems/yandex-disk.nix b/nixos/modules/services/network-filesystems/yandex-disk.nix index de5d42a4bcde8cc..ee9b58b081a37f0 100644 --- a/nixos/modules/services/network-filesystems/yandex-disk.nix +++ b/nixos/modules/services/network-filesystems/yandex-disk.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.yandex-disk; @@ -20,47 +17,47 @@ in services.yandex-disk = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable Yandex-disk client. See https://disk.yandex.ru/ ''; }; - username = mkOption { + username = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' Your yandex.com login name. ''; }; - password = mkOption { + password = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' Your yandex.com password. Warning: it will be world-readable in /nix/store. ''; }; - user = mkOption { + user = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The user the yandex-disk daemon should run as. ''; }; - directory = mkOption { - type = types.path; + directory = lib.mkOption { + type = lib.types.path; default = "/home/Yandex.Disk"; description = "The directory to use for Yandex.Disk storage"; }; - excludes = mkOption { + excludes = lib.mkOption { default = ""; - type = types.commas; + type = lib.types.commas; example = "data,backup"; description = '' Comma-separated list of directories which are excluded from synchronization. @@ -74,9 +71,9 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = mkIf (cfg.user == null) [ { + users.users = lib.mkIf (cfg.user == null) [ { name = u; uid = config.ids.uids.yandexdisk; group = "nogroup"; diff --git a/nixos/modules/services/networking/3proxy.nix b/nixos/modules/services/networking/3proxy.nix index 865916f7aff5fea..03c67ed2f6f8f02 100644 --- a/nixos/modules/services/networking/3proxy.nix +++ b/nixos/modules/services/networking/3proxy.nix @@ -1,21 +1,20 @@ { config, lib, pkgs, ... }: -with lib; let pkg = pkgs._3proxy; cfg = config.services._3proxy; - optionalList = list: if list == [ ] then "*" else concatMapStringsSep "," toString list; + optionalList = list: if list == [ ] then "*" else lib.concatMapStringsSep "," toString list; in { options.services._3proxy = { - enable = mkEnableOption "3proxy"; - confFile = mkOption { - type = types.path; + enable = lib.mkEnableOption "3proxy"; + confFile = lib.mkOption { + type = lib.types.path; example = "/var/lib/3proxy/3proxy.conf"; description = '' Ignore all other 3proxy options and load configuration from this file. ''; }; - usersFile = mkOption { - type = types.nullOr types.path; + usersFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/3proxy/3proxy.passwd"; description = '' @@ -40,11 +39,11 @@ in { Consult [documentation](https://github.com/z3APA3A/3proxy/wiki/How-To-%28incomplete%29#USERS) for more information. ''; }; - services = mkOption { - type = types.listOf (types.submodule { + services = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - type = mkOption { - type = types.enum [ + type = lib.mkOption { + type = lib.types.enum [ "proxy" "socks" "pop3p" @@ -68,32 +67,32 @@ in { - `"udppm"`: UDP portmapper. ''; }; - bindAddress = mkOption { - type = types.str; + bindAddress = lib.mkOption { + type = lib.types.str; default = "[::]"; example = "127.0.0.1"; description = '' Address used for service. ''; }; - bindPort = mkOption { - type = types.nullOr types.int; + bindPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 3128; description = '' Override default port used for service. ''; }; - maxConnections = mkOption { - type = types.int; + maxConnections = lib.mkOption { + type = lib.types.int; default = 100; example = 1000; description = '' Maximum number of simulationeous connections to this service. ''; }; - auth = mkOption { - type = types.listOf (types.enum [ "none" "iponly" "strong" ]); + auth = lib.mkOption { + type = lib.types.listOf (lib.types.enum [ "none" "iponly" "strong" ]); example = [ "iponly" "strong" ]; description = '' Authentication type. The following values are valid: @@ -122,11 +121,11 @@ in { In this example strong username authentication is not required to access 192.168.0.0/16. ''; }; - acl = mkOption { - type = types.listOf (types.submodule { + acl = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - rule = mkOption { - type = types.enum [ "allow" "deny" ]; + rule = lib.mkOption { + type = lib.types.enum [ "allow" "deny" ]; example = "allow"; description = '' ACL rule. The following values are valid: @@ -135,24 +134,24 @@ in { - `"deny"`: connections not allowed. ''; }; - users = mkOption { - type = types.listOf types.str; + users = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "user1" "user2" "user3" ]; description = '' List of users, use empty list for any. ''; }; - sources = mkOption { - type = types.listOf types.str; + sources = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; description = '' List of source IP range, use empty list for any. ''; }; - targets = mkOption { - type = types.listOf types.str; + targets = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; description = '' @@ -162,8 +161,8 @@ in { Hostname is only checked if hostname presents in request. ''; }; - targetPorts = mkOption { - type = types.listOf types.int; + targetPorts = lib.mkOption { + type = lib.types.listOf lib.types.int; default = [ ]; example = [ 80 443 ]; description = '' @@ -173,7 +172,7 @@ in { }; }); default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ { rule = "allow"; @@ -192,8 +191,8 @@ in { Use this option to limit user access to resources. ''; }; - extraArguments = mkOption { - type = types.nullOr types.str; + extraArguments = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "-46"; description = '' @@ -201,8 +200,8 @@ in { Consult "Options" section in [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available arguments. ''; }; - extraConfig = mkOption { - type = types.nullOr types.lines; + extraConfig = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; description = '' Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. @@ -212,7 +211,7 @@ in { }; }); default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ { type = "proxy"; @@ -238,15 +237,15 @@ in { Use this option to define 3proxy services. ''; }; - denyPrivate = mkOption { - type = types.bool; + denyPrivate = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to deny access to private IP ranges including loopback. ''; }; - privateRanges = mkOption { - type = types.listOf types.str; + privateRanges = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "0.0.0.0/8" "127.0.0.0/8" @@ -262,11 +261,11 @@ in { What IP ranges to deny access when denyPrivate is set tu true. ''; }; - resolution = mkOption { - type = types.submodule { + resolution = lib.mkOption { + type = lib.types.submodule { options = { - nserver = mkOption { - type = types.listOf types.str; + nserver = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "127.0.0.53" "192.168.1.3:5353/tcp" ]; description = '' @@ -276,20 +275,20 @@ in { default system name resolution functions are used. ''; }; - nscache = mkOption { - type = types.int; + nscache = lib.mkOption { + type = lib.types.int; default = 65535; description = "Set name cache size for IPv4."; }; - nscache6 = mkOption { - type = types.int; + nscache6 = lib.mkOption { + type = lib.types.int; default = 65535; description = "Set name cache size for IPv6."; }; - nsrecord = mkOption { - type = types.attrsOf types.str; + nsrecord = lib.mkOption { + type = lib.types.attrsOf lib.types.str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "files.local" = "192.168.1.12"; "site.local" = "192.168.1.43"; @@ -304,8 +303,8 @@ in { Use this option to configure name resolution and DNS caching. ''; }; - extraConfig = mkOption { - type = types.nullOr types.lines; + extraConfig = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; description = '' Extra configuration, appended to the 3proxy configuration file. @@ -314,33 +313,33 @@ in { }; }; - config = mkIf cfg.enable { - services._3proxy.confFile = mkDefault (pkgs.writeText "3proxy.conf" '' + config = lib.mkIf cfg.enable { + services._3proxy.confFile = lib.mkDefault (pkgs.writeText "3proxy.conf" '' # log to stdout log - ${concatMapStringsSep "\n" (x: "nserver " + x) cfg.resolution.nserver} + ${lib.concatMapStringsSep "\n" (x: "nserver " + x) cfg.resolution.nserver} nscache ${toString cfg.resolution.nscache} nscache6 ${toString cfg.resolution.nscache6} - ${concatMapStringsSep "\n" (x: "nsrecord " + x) - (mapAttrsToList (name: value: "${name} ${value}") + ${lib.concatMapStringsSep "\n" (x: "nsrecord " + x) + (lib.mapAttrsToList (name: value: "${name} ${value}") cfg.resolution.nsrecord)} - ${optionalString (cfg.usersFile != null) + ${lib.optionalString (cfg.usersFile != null) ''users $"${cfg.usersFile}"'' } - ${concatMapStringsSep "\n" (service: '' - auth ${concatStringsSep " " service.auth} + ${lib.concatMapStringsSep "\n" (service: '' + auth ${lib.concatStringsSep " " service.auth} - ${optionalString (cfg.denyPrivate) + ${lib.optionalString (cfg.denyPrivate) "deny * * ${optionalList cfg.privateRanges}"} - ${concatMapStringsSep "\n" (acl: + ${lib.concatMapStringsSep "\n" (acl: "${acl.rule} ${ - concatMapStringsSep " " optionalList [ + lib.concatMapStringsSep " " optionalList [ acl.users acl.sources acl.targets @@ -350,18 +349,18 @@ in { maxconn ${toString service.maxConnections} - ${optionalString (service.extraConfig != null) service.extraConfig} + ${lib.optionalString (service.extraConfig != null) service.extraConfig} ${service.type} -i${toString service.bindAddress} ${ - optionalString (service.bindPort != null) + lib.optionalString (service.bindPort != null) "-p${toString service.bindPort}" } ${ - optionalString (service.extraArguments != null) service.extraArguments + lib.optionalString (service.extraArguments != null) service.extraArguments } flush '') cfg.services} - ${optionalString (cfg.extraConfig != null) cfg.extraConfig} + ${lib.optionalString (cfg.extraConfig != null) cfg.extraConfig} ''); systemd.services."3proxy" = { description = "Tiny free proxy server"; @@ -377,5 +376,5 @@ in { }; }; - meta.maintainers = with maintainers; [ misuzu ]; + meta.maintainers = with lib.maintainers; [ misuzu ]; } diff --git a/nixos/modules/services/networking/adguardhome.nix b/nixos/modules/services/networking/adguardhome.nix index 5be3e0bea224a42..dab81ce18b29935 100644 --- a/nixos/modules/services/networking/adguardhome.nix +++ b/nixos/modules/services/networking/adguardhome.nix @@ -1,12 +1,9 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.adguardhome; settingsFormat = pkgs.formats.yaml { }; - args = concatStringsSep " " ([ + args = lib.concatStringsSep " " ([ "--no-check-update" "--pidfile /run/AdGuardHome/AdGuardHome.pid" "--work-dir /var/lib/AdGuardHome/" @@ -28,19 +25,19 @@ let checkPhase = "${cfg.package}/bin/adguardhome -c $out --check-config"; }); in { - options.services.adguardhome = with types; { - enable = mkEnableOption "AdGuard Home network-wide ad blocker"; + options.services.adguardhome = with lib.types; { + enable = lib.mkEnableOption "AdGuard Home network-wide ad blocker"; - package = mkOption { + package = lib.mkOption { type = package; default = pkgs.adguardhome; - defaultText = literalExpression "pkgs.adguardhome"; + defaultText = lib.literalExpression "pkgs.adguardhome"; description = '' The package that runs adguardhome. ''; }; - openFirewall = mkOption { + openFirewall = lib.mkOption { default = false; type = bool; description = '' @@ -49,9 +46,9 @@ in { ''; }; - allowDHCP = mkOption { + allowDHCP = lib.mkOption { default = settings.dhcp.enabled or false; - defaultText = literalExpression "config.services.adguardhome.settings.dhcp.enabled or false"; + defaultText = lib.literalExpression "config.services.adguardhome.settings.dhcp.enabled or false"; type = bool; description = '' Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is @@ -63,7 +60,7 @@ in { ''; }; - mutableSettings = mkOption { + mutableSettings = lib.mkOption { default = true; type = bool; description = '' @@ -72,7 +69,7 @@ in { ''; }; - host = mkOption { + host = lib.mkOption { default = "0.0.0.0"; type = str; description = '' @@ -80,7 +77,7 @@ in { ''; }; - port = mkOption { + port = lib.mkOption { default = 3000; type = port; description = '' @@ -88,14 +85,14 @@ in { ''; }; - settings = mkOption { + settings = lib.mkOption { default = null; type = nullOr (submodule { freeformType = settingsFormat.type; options = { - schema_version = mkOption { + schema_version = lib.mkOption { default = cfg.package.schema_version; - defaultText = literalExpression "cfg.package.schema_version"; + defaultText = lib.literalExpression "cfg.package.schema_version"; type = int; description = '' Schema version for the configuration. @@ -121,7 +118,7 @@ in { ''; }; - extraArgs = mkOption { + extraArgs = lib.mkOption { default = [ ]; type = listOf str; description = '' @@ -130,27 +127,27 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.settings != null - -> !(hasAttrByPath [ "bind_host" ] cfg.settings); + -> !(lib.hasAttrByPath [ "bind_host" ] cfg.settings); message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.host'"; } { assertion = cfg.settings != null - -> !(hasAttrByPath [ "bind_port" ] cfg.settings); + -> !(lib.hasAttrByPath [ "bind_port" ] cfg.settings); message = "AdGuard option `settings.bind_port' has been superseded by `services.adguardhome.port'"; } { assertion = settings != null -> cfg.mutableSettings - || hasAttrByPath [ "dns" "bootstrap_dns" ] settings; + || lib.hasAttrByPath [ "dns" "bootstrap_dns" ] settings; message = "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration"; } { assertion = settings != null -> cfg.mutableSettings - || hasAttrByPath [ "dns" "bootstrap_dns" ] settings - && isList settings.dns.bootstrap_dns; + || lib.hasAttrByPath [ "dns" "bootstrap_dns" ] settings + && lib.isList settings.dns.bootstrap_dns; message = "AdGuard setting dns.bootstrap_dns needs to be a list"; } ]; @@ -164,7 +161,7 @@ in { StartLimitBurst = 10; }; - preStart = optionalString (settings != null) '' + preStart = lib.optionalString (settings != null) '' if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \ && [ "${toString cfg.mutableSettings}" = "1" ]; then # First run a schema_version update on the existing configuration @@ -185,7 +182,7 @@ in { DynamicUser = true; ExecStart = "${lib.getExe cfg.package} ${args}"; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] - ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; + ++ lib.optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; Restart = "always"; RestartSec = 10; RuntimeDirectory = "AdGuardHome"; @@ -193,6 +190,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ]; }; } diff --git a/nixos/modules/services/networking/alice-lg.nix b/nixos/modules/services/networking/alice-lg.nix index dab2d38ca353ac0..c43f898bd7d3d8c 100644 --- a/nixos/modules/services/networking/alice-lg.nix +++ b/nixos/modules/services/networking/alice-lg.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.alice-lg; settingsFormat = pkgs.formats.ini { }; @@ -9,17 +6,17 @@ in { options = { services.alice-lg = { - enable = mkEnableOption "Alice Looking Glass"; + enable = lib.mkEnableOption "Alice Looking Glass"; - package = mkPackageOption pkgs "alice-lg" { }; + package = lib.mkPackageOption pkgs "alice-lg" { }; - settings = mkOption { + settings = lib.mkOption { type = settingsFormat.type; default = { }; description = '' alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) ''; - example = literalExpression '' + example = lib.literalExpression '' { server = { # configures the built-in webserver and provides global application settings diff --git a/nixos/modules/services/networking/amuled.nix b/nixos/modules/services/networking/amuled.nix index aa72a047526b096..b41d4d629ec5327 100644 --- a/nixos/modules/services/networking/amuled.nix +++ b/nixos/modules/services/networking/amuled.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.amule; opt = options.services.amule; @@ -16,18 +13,18 @@ in services.amule = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time. ''; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/home/${user}/"; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' "/home/''${config.${opt.user}}/" ''; description = '' @@ -35,8 +32,8 @@ in ''; }; - user = mkOption { - type = types.nullOr types.str; + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The user the AMule daemon should run as. @@ -50,16 +47,16 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = mkIf (cfg.user == null) [ + users.users = lib.mkIf (cfg.user == null) [ { name = "amule"; description = "AMule daemon"; group = "amule"; uid = config.ids.uids.amule; } ]; - users.groups = mkIf (cfg.user == null) [ + users.groups = lib.mkIf (cfg.user == null) [ { name = "amule"; gid = config.ids.gids.amule; } ]; diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index 187dd5c3ccab340..f165974f2ae725e 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.asterisk; @@ -13,7 +10,7 @@ let logdir = "/var/log/asterisk"; # Add filecontents from files of useTheseDefaultConfFiles to confFiles, do not override - defaultConfFiles = subtractLists (attrNames cfg.confFiles) cfg.useTheseDefaultConfFiles; + defaultConfFiles = lib.subtractLists (lib.attrNames cfg.confFiles) cfg.useTheseDefaultConfFiles; allConfFiles = { # Default asterisk.conf file "asterisk.conf".text = '' @@ -48,25 +45,25 @@ let syslog.local0 => notice,warning,error ''; } // - mapAttrs (name: text: { inherit text; }) cfg.confFiles // - listToAttrs (map (x: nameValuePair x { source = cfg.package + "/etc/asterisk/" + x; }) defaultConfFiles); + lib.mapAttrs (name: text: { inherit text; }) cfg.confFiles // + lib.listToAttrs (map (x: lib.nameValuePair x { source = cfg.package + "/etc/asterisk/" + x; }) defaultConfFiles); in { options = { services.asterisk = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the Asterisk PBX server. ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; example = '' [options] verbose=3 @@ -78,10 +75,10 @@ in ''; }; - confFiles = mkOption { + confFiles = lib.mkOption { default = {}; - type = types.attrsOf types.str; - example = literalExpression + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression '' { "extensions.conf" = ''' @@ -144,9 +141,9 @@ in ''; }; - useTheseDefaultConfFiles = mkOption { + useTheseDefaultConfFiles = lib.mkOption { default = [ "ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "sip.conf" "dundi.conf" ]; description = ''Sets these config files to the default content. The default value for this option contains all necesscary files to avoid errors at startup. @@ -154,24 +151,24 @@ in ''; }; - extraArguments = mkOption { + extraArguments = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "-vvvddd" "-e" "1024" ]; description = '' Additional command line arguments to pass to Asterisk. ''; }; - package = mkPackageOption pkgs "asterisk" { }; + package = lib.mkPackageOption pkgs "asterisk" { }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - environment.etc = mapAttrs' (name: value: - nameValuePair "asterisk/${name}" value + environment.etc = lib.mapAttrs' (name: value: + lib.nameValuePair "asterisk/${name}" value ) allConfFiles; users.users.asterisk = @@ -214,7 +211,7 @@ in ExecStart = let # FIXME: This doesn't account for arguments with spaces - argString = concatStringsSep " " cfg.extraArguments; + argString = lib.concatStringsSep " " cfg.extraArguments; in "${cfg.package}/bin/asterisk -U ${asteriskUser} -C /etc/asterisk/asterisk.conf ${argString} -F"; ExecReload = ''${cfg.package}/bin/asterisk -x "core reload" diff --git a/nixos/modules/services/networking/atftpd.nix b/nixos/modules/services/networking/atftpd.nix index da5e305201f8651..ab674d85715c6ea 100644 --- a/nixos/modules/services/networking/atftpd.nix +++ b/nixos/modules/services/networking/atftpd.nix @@ -1,9 +1,5 @@ # NixOS module for atftpd TFTP server - { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.atftpd; @@ -16,19 +12,19 @@ in services.atftpd = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0. ''; }; - extraOptions = mkOption { + extraOptions = lib.mkOption { default = []; - type = types.listOf types.str; - example = literalExpression '' + type = lib.types.listOf lib.types.str; + example = lib.literalExpression '' [ "--bind-address 192.168.9.1" "--verbose=7" ] @@ -38,9 +34,9 @@ in ''; }; - root = mkOption { + root = lib.mkOption { default = "/srv/tftp"; - type = types.path; + type = lib.types.path; description = '' Document root directory for the atftpd. ''; @@ -50,7 +46,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.atftpd = { description = "TFTP Server"; diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index 245f2bfc2cf3856..f8934845c28e22d 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.autossh; @@ -16,21 +13,21 @@ in services.autossh = { - sessions = mkOption { - type = types.listOf (types.submodule { + sessions = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; example = "socks-peer"; description = "Name of the local AutoSSH session"; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; example = "bill"; description = "Name of the user the AutoSSH session should run as"; }; - monitoringPort = mkOption { - type = types.int; + monitoringPort = lib.mkOption { + type = lib.types.int; default = 0; example = 20000; description = '' @@ -39,8 +36,8 @@ in style monitoring ''; }; - extraArguments = mkOption { - type = types.separatedString " "; + extraArguments = lib.mkOption { + type = lib.types.separatedString " "; example = "-N -D4343 bill@socks.example.net"; description = '' Arguments to be passed to AutoSSH and retransmitted to SSH @@ -75,7 +72,7 @@ in ###### implementation - config = mkIf (cfg.sessions != []) { + config = lib.mkIf (cfg.sessions != []) { systemd.services = diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 8bb8e71ec3fb377..72ccb910982cb4e 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.avahi; @@ -13,15 +10,15 @@ let # a host name from DHCP. In that case, let Avahi take whatever the # current host name is; setting `host-name' to the empty string in # `avahi-daemon.conf' would be invalid. - optionalString (hostName != "") "host-name=${hostName}"} - browse-domains=${concatStringsSep ", " browseDomains} + lib.optionalString (hostName != "") "host-name=${hostName}"} + browse-domains=${lib.concatStringsSep ", " browseDomains} use-ipv4=${yesNo ipv4} use-ipv6=${yesNo ipv6} - ${optionalString (allowInterfaces!=null) "allow-interfaces=${concatStringsSep "," allowInterfaces}"} - ${optionalString (denyInterfaces!=null) "deny-interfaces=${concatStringsSep "," denyInterfaces}"} - ${optionalString (domainName!=null) "domain-name=${domainName}"} + ${lib.optionalString (allowInterfaces!=null) "allow-interfaces=${lib.concatStringsSep "," allowInterfaces}"} + ${lib.optionalString (denyInterfaces!=null) "deny-interfaces=${lib.concatStringsSep "," denyInterfaces}"} + ${lib.optionalString (domainName!=null) "domain-name=${domainName}"} allow-point-to-point=${yesNo allowPointToPoint} - ${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} + ${lib.optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} [wide-area] enable-wide-area=${yesNo wideArea} @@ -46,8 +43,8 @@ in ]; options.services.avahi = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the Avahi daemon, which allows Avahi clients @@ -57,28 +54,28 @@ in ''; }; - package = mkPackageOption pkgs "avahi" { }; + package = lib.mkPackageOption pkgs "avahi" { }; - hostName = mkOption { - type = types.str; + hostName = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; description = '' Host name advertised on the LAN. If not set, avahi will use the value of {option}`config.networking.hostName`. ''; }; - domainName = mkOption { - type = types.str; + domainName = lib.mkOption { + type = lib.types.str; default = "local"; description = '' Domain name for all advertisements. ''; }; - browseDomains = mkOption { - type = types.listOf types.str; + browseDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "0pointer.de" "zeroconf.org" ]; description = '' @@ -86,20 +83,20 @@ in ''; }; - ipv4 = mkOption { - type = types.bool; + ipv4 = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to use IPv4."; }; - ipv6 = mkOption { - type = types.bool; + ipv6 = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to use IPv6."; }; - allowInterfaces = mkOption { - type = types.nullOr (types.listOf types.str); + allowInterfaces = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = '' List of network interfaces that should be used by the {command}`avahi-daemon`. @@ -108,8 +105,8 @@ in ''; }; - denyInterfaces = mkOption { - type = types.nullOr (types.listOf types.str); + denyInterfaces = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = '' List of network interfaces that should be ignored by the @@ -119,8 +116,8 @@ in ''; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to open the firewall for UDP port 5353. @@ -128,8 +125,8 @@ in ''; }; - allowPointToPoint = mkOption { - type = types.bool; + allowPointToPoint = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large @@ -138,22 +135,22 @@ in ''; }; - wideArea = mkOption { - type = types.bool; + wideArea = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to enable wide-area service discovery."; }; - reflector = mkOption { - type = types.bool; + reflector = lib.mkOption { + type = lib.types.bool; default = false; description = "Reflect incoming mDNS requests to all allowed network interfaces."; }; - extraServiceFiles = mkOption { - type = with types; attrsOf (either str path); + extraServiceFiles = lib.mkOption { + type = with lib.types; attrsOf (either str path); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; smb = ''' @@ -176,26 +173,26 @@ in }; publish = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to allow publishing in general."; }; - userServices = mkOption { - type = types.bool; + userServices = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to publish user services. Will set `addresses=true`."; }; - addresses = mkOption { - type = types.bool; + addresses = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to register mDNS address records for all local IP addresses."; }; - hinfo = mkOption { - type = types.bool; + hinfo = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to register a mDNS HINFO record which contains information about the @@ -203,23 +200,23 @@ in ''; }; - workstation = mkOption { - type = types.bool; + workstation = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to register a service of type "_workstation._tcp" on the local LAN. ''; }; - domain = mkOption { - type = types.bool; + domain = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to announce the locally used domain name for browsing by other hosts."; }; }; - nssmdns4 = mkOption { - type = types.bool; + nssmdns4 = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4. @@ -228,8 +225,8 @@ in ''; }; - nssmdns6 = mkOption { - type = types.bool; + nssmdns6 = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6. @@ -243,8 +240,8 @@ in ''; }; - cacheEntriesMax = mkOption { - type = types.nullOr types.int; + cacheEntriesMax = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' Number of resource records to be cached per interface. Use 0 to @@ -252,8 +249,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra config to append to avahi-daemon.conf. @@ -261,7 +258,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.avahi = { description = "avahi-daemon privilege separation user"; home = "/var/empty"; @@ -271,7 +268,7 @@ in users.groups.avahi = { }; - system.nssModules = optional (cfg.nssmdns4 || cfg.nssmdns6) pkgs.nssmdns; + system.nssModules = lib.optional (cfg.nssmdns4 || cfg.nssmdns6) pkgs.nssmdns; system.nssDatabases.hosts = let mdns = if (cfg.nssmdns4 && cfg.nssmdns6) then "mdns" @@ -281,17 +278,17 @@ in "mdns4" else ""; - in optionals (cfg.nssmdns4 || cfg.nssmdns6) (mkMerge [ - (mkBefore [ "${mdns}_minimal [NOTFOUND=return]" ]) # before resolve - (mkAfter [ "${mdns}" ]) # after dns + in lib.optionals (cfg.nssmdns4 || cfg.nssmdns6) (lib.mkMerge [ + (lib.mkBefore [ "${mdns}_minimal [NOTFOUND=return]" ]) # before resolve + (lib.mkAfter [ "${mdns}" ]) # after dns ]); environment.systemPackages = [ cfg.package ]; - environment.etc = (mapAttrs' - (n: v: nameValuePair + environment.etc = (lib.mapAttrs' + (n: v: lib.nameValuePair "avahi/services/${n}.service" - { ${if types.path.check v then "source" else "text"} = v; } + { ${if lib.types.path.check v then "source" else "text"} = v; } ) cfg.extraServiceFiles); @@ -326,6 +323,6 @@ in services.dbus.enable = true; services.dbus.packages = [ cfg.package ]; - networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 5353 ]; + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ 5353 ]; }; } diff --git a/nixos/modules/services/networking/babeld.nix b/nixos/modules/services/networking/babeld.nix index 5a3e92d9c813d3b..538654f90ae4c71 100644 --- a/nixos/modules/services/networking/babeld.nix +++ b/nixos/modules/services/networking/babeld.nix @@ -1,20 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.babeld; - conditionalBoolToString = value: if (isBool value) then (boolToString value) else (toString value); + conditionalBoolToString = value: if (lib.isBool value) then (lib.boolToString value) else (toString value); paramsString = params: - concatMapStringsSep " " (name: "${name} ${conditionalBoolToString (getAttr name params)}") - (attrNames params); + lib.concatMapStringsSep " " (name: "${name} ${conditionalBoolToString (lib.getAttr name params)}") + (lib.attrNames params); interfaceConfig = name: let - interface = getAttr name cfg.interfaces; + interface = lib.getAttr name cfg.interfaces; in "interface ${name} ${paramsString interface}\n"; @@ -22,17 +19,17 @@ let '' skip-kernel-setup true '' - + (optionalString (cfg.interfaceDefaults != null) '' + + (lib.optionalString (cfg.interfaceDefaults != null) '' default ${paramsString cfg.interfaceDefaults} '') - + (concatMapStrings interfaceConfig (attrNames cfg.interfaces)) + + (lib.concatMapStrings interfaceConfig (lib.attrNames cfg.interfaces)) + extraConfig); in { - meta.maintainers = with maintainers; [ hexa ]; + meta.maintainers = with lib.maintainers; [ hexa ]; ###### interface @@ -40,15 +37,15 @@ in services.babeld = { - enable = mkEnableOption "the babeld network routing daemon"; + enable = lib.mkEnableOption "the babeld network routing daemon"; - interfaceDefaults = mkOption { + interfaceDefaults = lib.mkOption { default = null; description = '' A set describing default parameters for babeld interfaces. See {manpage}`babeld(8)` for options. ''; - type = types.nullOr (types.attrsOf types.unspecified); + type = lib.types.nullOr (lib.types.attrsOf lib.types.unspecified); example = { type = "tunnel"; @@ -56,13 +53,13 @@ in }; }; - interfaces = mkOption { + interfaces = lib.mkOption { default = {}; description = '' A set describing babeld interfaces. See {manpage}`babeld(8)` for options. ''; - type = types.attrsOf (types.attrsOf types.unspecified); + type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified); example = { enp0s2 = { type = "wired"; @@ -72,9 +69,9 @@ in }; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Options that will be copied to babeld.conf. See {manpage}`babeld(8)` for details. @@ -87,7 +84,7 @@ in ###### implementation - config = mkIf config.services.babeld.enable { + config = lib.mkIf config.services.babeld.enable { boot.kernel.sysctl = { "net.ipv6.conf.all.forwarding" = 1; diff --git a/nixos/modules/services/networking/bee.nix b/nixos/modules/services/networking/bee.nix index 83ce522ba62af84..6f3f7af607fbf36 100644 --- a/nixos/modules/services/networking/bee.nix +++ b/nixos/modules/services/networking/bee.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.bee; format = pkgs.formats.yaml {}; @@ -15,13 +13,13 @@ in { options = { services.bee = { - enable = mkEnableOption "Ethereum Swarm Bee"; + enable = lib.mkEnableOption "Ethereum Swarm Bee"; - package = mkPackageOption pkgs "bee" { + package = lib.mkPackageOption pkgs "bee" { example = "bee-unstable"; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; description = '' Ethereum Swarm Bee configuration. Refer to @@ -30,8 +28,8 @@ in { ''; }; - daemonNiceLevel = mkOption { - type = types.int; + daemonNiceLevel = lib.mkOption { + type = lib.types.int; default = 0; description = '' Daemon process priority for bee. @@ -39,16 +37,16 @@ in { ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "bee"; description = '' User the bee binary should execute under. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "bee"; description = '' Group the bee binary should execute under. @@ -59,14 +57,14 @@ in { ### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ - { assertion = (hasAttr "password" cfg.settings) != true; + { assertion = (lib.hasAttr "password" cfg.settings) != true; message = '' `services.bee.settings.password` is insecure. Use `services.bee.settings.password-file` or `systemd.services.bee.serviceConfig.EnvironmentFile` instead. ''; } - { assertion = (hasAttr "swap-endpoint" cfg.settings) || (cfg.settings.swap-enable or true == false); + { assertion = (lib.hasAttr "swap-endpoint" cfg.settings) || (cfg.settings.swap-enable or true == false); message = '' In a swap-enabled network a working Ethereum blockchain node is required. You must specify one using `services.bee.settings.swap-endpoint`, or disable `services.bee.settings.swap-enable` = false. ''; @@ -119,7 +117,7 @@ After you finish configuration run 'sudo bee-get-addr'." ''; }; - users.users = optionalAttrs (cfg.user == "bee") { + users.users = lib.optionalAttrs (cfg.user == "bee") { bee = { group = cfg.group; home = cfg.settings.data-dir; @@ -128,7 +126,7 @@ After you finish configuration run 'sudo bee-get-addr'." }; }; - users.groups = optionalAttrs (cfg.group == "bee") { + users.groups = lib.optionalAttrs (cfg.group == "bee") { bee = {}; }; }; diff --git a/nixos/modules/services/networking/biboumi.nix b/nixos/modules/services/networking/biboumi.nix index d92290626c31683..33cb1d95bc51fd0 100644 --- a/nixos/modules/services/networking/biboumi.nix +++ b/nixos/modules/services/networking/biboumi.nix @@ -1,62 +1,61 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.biboumi; inherit (config.environment) etc; rootDir = "/run/biboumi/mnt-root"; stateDir = "/var/lib/biboumi"; settingsFile = pkgs.writeText "biboumi.cfg" ( - generators.toKeyValue { + lib.generators.toKeyValue { mkKeyValue = k: v: - lib.optionalString (v != null) (generators.mkKeyValueDefault {} "=" k v); + lib.optionalString (v != null) (lib.generators.mkKeyValueDefault {} "=" k v); } cfg.settings); need_CAP_NET_BIND_SERVICE = cfg.settings.identd_port != 0 && cfg.settings.identd_port < 1024; in { options = { services.biboumi = { - enable = mkEnableOption "the Biboumi XMPP gateway to IRC"; + enable = lib.mkEnableOption "the Biboumi XMPP gateway to IRC"; - settings = mkOption { + settings = lib.mkOption { description = '' See [biboumi 8.5](https://lab.louiz.org/louiz/biboumi/blob/8.5/doc/biboumi.1.rst) for documentation. ''; default = {}; - type = types.submodule { - freeformType = with types; + type = lib.types.submodule { + freeformType = with lib.types; (attrsOf (nullOr (oneOf [str int bool]))) // { description = "settings option"; }; - options.admin = mkOption { - type = with types; listOf str; + options.admin = lib.mkOption { + type = with lib.types; listOf str; default = []; example = ["admin@example.org"]; - apply = concatStringsSep ":"; + apply = lib.concatStringsSep ":"; description = '' The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID. ''; }; - options.ca_file = mkOption { - type = types.path; + options.ca_file = lib.mkOption { + type = lib.types.path; default = "/etc/ssl/certs/ca-certificates.crt"; description = '' Specifies which file should be used as the list of trusted CA when negotiating a TLS session. ''; }; - options.db_name = mkOption { - type = with types; either path str; + options.db_name = lib.mkOption { + type = with lib.types; either path str; default = "${stateDir}/biboumi.sqlite"; description = '' The name of the database to use. ''; example = "postgresql://user:secret@localhost"; }; - options.hostname = mkOption { - type = types.str; + options.hostname = lib.mkOption { + type = lib.types.str; example = "biboumi.example.org"; description = '' The hostname served by the XMPP gateway. @@ -64,24 +63,24 @@ in as an external component. ''; }; - options.identd_port = mkOption { - type = types.port; + options.identd_port = lib.mkOption { + type = lib.types.port; default = 113; example = 0; description = '' The TCP port on which to listen for identd queries. ''; }; - options.log_level = mkOption { - type = types.ints.between 0 3; + options.log_level = lib.mkOption { + type = lib.types.ints.between 0 3; default = 1; description = '' Indicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error. ''; }; - options.password = mkOption { - type = with types; nullOr str; + options.password = lib.mkOption { + type = with lib.types; nullOr str; description = '' The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, @@ -92,8 +91,8 @@ in if you do not want this password to go into the Nix store. ''; }; - options.persistent_by_default = mkOption { - type = types.bool; + options.persistent_by_default = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether all rooms will be persistent by default: @@ -103,25 +102,25 @@ in “persistent” configuration option to false in order to override this. ''; }; - options.policy_directory = mkOption { - type = types.path; + options.policy_directory = lib.mkOption { + type = lib.types.path; default = "${pkgs.biboumi}/etc/biboumi"; - defaultText = literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; + defaultText = lib.literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; description = '' A directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers. ''; }; - options.port = mkOption { - type = types.port; + options.port = lib.mkOption { + type = lib.types.port; default = 5347; description = '' The TCP port to use to connect to the local XMPP component. ''; }; - options.realname_customization = mkOption { - type = types.bool; + options.realname_customization = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether the users will be able to use @@ -129,8 +128,8 @@ in their realname and username. ''; }; - options.realname_from_jid = mkOption { - type = types.bool; + options.realname_from_jid = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether the realname and username of each biboumi @@ -139,8 +138,8 @@ in they used to connect to the IRC server. ''; }; - options.xmpp_server_ip = mkOption { - type = types.str; + options.xmpp_server_ip = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' The IP address to connect to the XMPP server on. @@ -152,8 +151,8 @@ in }; }; - credentialsFile = mkOption { - type = types.path; + credentialsFile = lib.mkOption { + type = lib.types.path; description = '' Path to a configuration file to be merged with the settings. Beware not to surround "=" with spaces when setting biboumi's options in this file. @@ -165,12 +164,12 @@ in example = "/run/keys/biboumi.cfg"; }; - openFirewall = mkEnableOption "opening of the identd port in the firewall"; + openFirewall = lib.mkEnableOption "opening of the identd port in the firewall"; }; }; - config = mkIf cfg.enable { - networking.firewall = mkIf (cfg.openFirewall && cfg.settings.identd_port != 0) + config = lib.mkIf cfg.enable { + networking.firewall = lib.mkIf (cfg.openFirewall && cfg.settings.identd_port != 0) { allowedTCPPorts = [ cfg.settings.identd_port ]; }; systemd.services.biboumi = { @@ -202,7 +201,7 @@ in RootDirectory = rootDir; RootDirectoryStartOnly = true; InaccessiblePaths = [ "-+${rootDir}" ]; - RuntimeDirectory = [ "biboumi" (removePrefix "/run/" rootDir) ]; + RuntimeDirectory = [ "biboumi" (lib.removePrefix "/run/" rootDir) ]; RuntimeDirectoryMode = "700"; StateDirectory = "biboumi"; StateDirectoryMode = "700"; @@ -221,8 +220,8 @@ in ]; # The following options are only for optimizing: # systemd-analyze security biboumi - AmbientCapabilities = [ (optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; - CapabilityBoundingSet = [ (optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; + AmbientCapabilities = [ (lib.optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; + CapabilityBoundingSet = [ (lib.optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; # ProtectClock= adds DeviceAllow=char-rtc r DeviceAllow = ""; LockPersonality = true; @@ -230,7 +229,7 @@ in NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; - PrivateNetwork = mkDefault false; + PrivateNetwork = lib.mkDefault false; PrivateTmp = true; # PrivateUsers=true breaks AmbientCapabilities=CAP_NET_BIND_SERVICE # See https://bugs.archlinux.org/task/65921 @@ -265,5 +264,5 @@ in }; }; - meta.maintainers = with maintainers; [ julm ]; + meta.maintainers = with lib.maintainers; [ julm ]; } diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 6c5c59a88dec0f5..225e330ad18419f 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.bind; @@ -14,30 +11,30 @@ let bindZoneOptions = { name, config, ... }: { options = { - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; default = name; description = "Name of the zone."; }; - master = mkOption { + master = lib.mkOption { description = "Master=false means slave server"; - type = types.bool; + type = lib.types.bool; }; - file = mkOption { - type = types.either types.str types.path; + file = lib.mkOption { + type = lib.types.either lib.types.str lib.types.path; description = "Zone file resource records contain columns of data, separated by whitespace, that define the record."; }; - masters = mkOption { - type = types.listOf types.str; + masters = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of servers for inclusion in stub and secondary zones."; }; - slaves = mkOption { - type = types.listOf types.str; + slaves = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Addresses who may request zone transfers."; default = [ ]; }; - allowQuery = mkOption { - type = types.listOf types.str; + allowQuery = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' List of address ranges allowed to query this zone. Instead of the address(es), this may instead contain the single string "any". @@ -47,8 +44,8 @@ let ''; default = [ "any" ]; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; description = "Extra zone config to be appended at the end of the zone section."; default = ""; }; @@ -62,16 +59,16 @@ let inet 127.0.0.1 allow {localhost;} keys {"rndc-key";}; }; - acl cachenetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} }; - acl badnetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} }; + acl cachenetworks { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} }; + acl badnetworks { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} }; options { - listen-on { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOn} }; - listen-on-v6 { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} }; + listen-on { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOn} }; + listen-on-v6 { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} }; allow-query { cachenetworks; }; blackhole { badnetworks; }; forward ${cfg.forward}; - forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} }; + forwarders { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.forwarders} }; directory "${cfg.directory}"; pid-file "/run/named/named.pid"; ${cfg.extraOptions} @@ -79,7 +76,7 @@ let ${cfg.extraConfig} - ${ concatMapStrings + ${ lib.concatMapStrings ({ name, file, master ? true, slaves ? [], masters ? [], allowQuery ? [], extraConfig ? "" }: '' zone "${name}" { @@ -88,21 +85,21 @@ let ${ if master then '' allow-transfer { - ${concatMapStrings (ip: "${ip};\n") slaves} + ${lib.concatMapStrings (ip: "${ip};\n") slaves} }; '' else '' masters { - ${concatMapStrings (ip: "${ip};\n") masters} + ${lib.concatMapStrings (ip: "${ip};\n") masters} }; '' } - allow-query { ${concatMapStrings (ip: "${ip}; ") allowQuery}}; + allow-query { ${lib.concatMapStrings (ip: "${ip}; ") allowQuery}}; ${extraConfig} }; '') - (attrValues cfg.zones) } + (lib.attrValues cfg.zones) } ''; in @@ -115,14 +112,14 @@ in services.bind = { - enable = mkEnableOption "BIND domain name server"; + enable = lib.mkEnableOption "BIND domain name server"; - package = mkPackageOption pkgs "bind" { }; + package = lib.mkPackageOption pkgs "bind" { }; - cacheNetworks = mkOption { + cacheNetworks = lib.mkOption { default = [ "127.0.0.0/24" "::1/128" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' What networks are allowed to use us as a resolver. Note that this is for recursive queries -- all networks are @@ -134,64 +131,64 @@ in ''; }; - blockedNetworks = mkOption { + blockedNetworks = lib.mkOption { default = [ ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' What networks are just blocked. ''; }; - ipv4Only = mkOption { + ipv4Only = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Only use ipv4, even if the host supports ipv6. ''; }; - forwarders = mkOption { + forwarders = lib.mkOption { default = config.networking.nameservers; - defaultText = literalExpression "config.networking.nameservers"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.networking.nameservers"; + type = lib.types.listOf lib.types.str; description = '' List of servers we should forward requests to. ''; }; - forward = mkOption { + forward = lib.mkOption { default = "first"; - type = types.enum ["first" "only"]; + type = lib.types.enum ["first" "only"]; description = '' Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'. ''; }; - listenOn = mkOption { + listenOn = lib.mkOption { default = [ "any" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Interfaces to listen on. ''; }; - listenOnIpv6 = mkOption { + listenOnIpv6 = lib.mkOption { default = [ "any" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Ipv6 interfaces to listen on. ''; }; - directory = mkOption { - type = types.str; + directory = lib.mkOption { + type = lib.types.str; default = "/run/named"; description = "Working directory of BIND."; }; - zones = mkOption { + zones = lib.mkOption { default = [ ]; - type = with types; coercedTo (listOf attrs) bindZoneCoerce (attrsOf (types.submodule bindZoneOptions)); + type = with lib.types; coercedTo (listOf attrs) bindZoneCoerce (attrsOf (lib.types.submodule bindZoneOptions)); description = '' List of zones we claim authority over. ''; @@ -206,16 +203,16 @@ in }; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra lines to be added verbatim to the generated named configuration file. ''; }; - extraOptions = mkOption { - type = types.lines; + extraOptions = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra lines to be added verbatim to the options section of the @@ -223,10 +220,10 @@ in ''; }; - configFile = mkOption { - type = types.path; + configFile = lib.mkOption { + type = lib.types.path; default = confFile; - defaultText = literalExpression "confFile"; + defaultText = lib.literalExpression "confFile"; description = '' Overridable config file to use for named. By default, that generated by nixos. @@ -240,9 +237,9 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - networking.resolvconf.useLocalResolver = mkDefault true; + networking.resolvconf.useLocalResolver = lib.mkDefault true; users.users.${bindUser} = { @@ -272,7 +269,7 @@ in serviceConfig = { Type = "forking"; # Set type to forking, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900788 - ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile}"; + ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${lib.optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile}"; ExecReload = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' reload"; ExecStop = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' stop"; }; diff --git a/nixos/modules/services/networking/bird-lg.nix b/nixos/modules/services/networking/bird-lg.nix index 0c69b72fec10f30..f73c0b796e6f100 100644 --- a/nixos/modules/services/networking/bird-lg.nix +++ b/nixos/modules/services/networking/bird-lg.nix @@ -1,176 +1,173 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.bird-lg; - stringOrConcat = sep: v: if builtins.isString v then v else concatStringsSep sep v; + stringOrConcat = sep: v: if builtins.isString v then v else lib.concatStringsSep sep v; frontend_args = let fe = cfg.frontend; in { - "--servers" = concatStringsSep "," fe.servers; + "--servers" = lib.concatStringsSep "," fe.servers; "--domain" = fe.domain; "--listen" = fe.listenAddress; "--proxy-port" = fe.proxyPort; "--whois" = fe.whois; "--dns-interface" = fe.dnsInterface; - "--bgpmap-info" = concatStringsSep "," cfg.frontend.bgpMapInfo; + "--bgpmap-info" = lib.concatStringsSep "," cfg.frontend.bgpMapInfo; "--title-brand" = fe.titleBrand; "--navbar-brand" = fe.navbar.brand; "--navbar-brand-url" = fe.navbar.brandURL; "--navbar-all-servers" = fe.navbar.allServers; "--navbar-all-url" = fe.navbar.allServersURL; "--net-specific-mode" = fe.netSpecificMode; - "--protocol-filter" = concatStringsSep "," cfg.frontend.protocolFilter; + "--protocol-filter" = lib.concatStringsSep "," cfg.frontend.protocolFilter; }; proxy_args = let px = cfg.proxy; in { - "--allowed" = concatStringsSep "," px.allowedIPs; + "--allowed" = lib.concatStringsSep "," px.allowedIPs; "--bird" = px.birdSocket; "--listen" = px.listenAddress; "--traceroute_bin" = px.traceroute.binary; - "--traceroute_flags" = concatStringsSep " " px.traceroute.flags; + "--traceroute_flags" = lib.concatStringsSep " " px.traceroute.flags; "--traceroute_raw" = px.traceroute.rawOutput; }; mkArgValue = value: - if isString value - then escapeShellArg value - else if isBool value - then boolToString value + if lib.isString value + then lib.escapeShellArg value + else if lib.isBool value + then lib.boolToString value else toString value; - filterNull = filterAttrs (_: v: v != "" && v != null && v != []); + filterNull = lib.filterAttrs (_: v: v != "" && v != null && v != []); - argsAttrToList = args: mapAttrsToList (name: value: "${name} " + mkArgValue value ) (filterNull args); + argsAttrToList = args: lib.mapAttrsToList (name: value: "${name} " + mkArgValue value ) (filterNull args); in { options = { services.bird-lg = { - package = mkPackageOption pkgs "bird-lg" { }; + package = lib.mkPackageOption pkgs "bird-lg" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "bird-lg"; description = "User to run the service."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "bird-lg"; description = "Group to run the service."; }; frontend = { - enable = mkEnableOption "Bird Looking Glass Frontend Webserver"; + enable = lib.mkEnableOption "Bird Looking Glass Frontend Webserver"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = "127.0.0.1:5000"; description = "Address to listen on."; }; - proxyPort = mkOption { - type = types.port; + proxyPort = lib.mkOption { + type = lib.types.port; default = 8000; description = "Port bird-lg-proxy is running on."; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; example = "dn42.lantian.pub"; description = "Server name domain suffixes."; }; - servers = mkOption { - type = types.listOf types.str; + servers = lib.mkOption { + type = lib.types.listOf lib.types.str; example = [ "gigsgigscloud" "hostdare" ]; description = "Server name prefixes."; }; - whois = mkOption { - type = types.str; + whois = lib.mkOption { + type = lib.types.str; default = "whois.verisign-grs.com"; description = "Whois server for queries."; }; - dnsInterface = mkOption { - type = types.str; + dnsInterface = lib.mkOption { + type = lib.types.str; default = "asn.cymru.com"; description = "DNS zone to query ASN information."; }; - bgpMapInfo = mkOption { - type = types.listOf types.str; + bgpMapInfo = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "asn" "as-name" "ASName" "descr" ]; description = "Information displayed in bgpmap."; }; - titleBrand = mkOption { - type = types.str; + titleBrand = lib.mkOption { + type = lib.types.str; default = "Bird-lg Go"; description = "Prefix of page titles in browser tabs."; }; - netSpecificMode = mkOption { - type = types.str; + netSpecificMode = lib.mkOption { + type = lib.types.str; default = ""; example = "dn42"; description = "Apply network-specific changes for some networks."; }; - protocolFilter = mkOption { - type = types.listOf types.str; + protocolFilter = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "ospf" ]; description = "Information displayed in bgpmap."; }; - nameFilter = mkOption { - type = types.str; + nameFilter = lib.mkOption { + type = lib.types.str; default = ""; example = "^ospf"; description = "Protocol names to hide in summary tables (RE2 syntax),"; }; - timeout = mkOption { - type = types.int; + timeout = lib.mkOption { + type = lib.types.int; default = 120; description = "Time before request timed out, in seconds."; }; navbar = { - brand = mkOption { - type = types.str; + brand = lib.mkOption { + type = lib.types.str; default = "Bird-lg Go"; description = "Brand to show in the navigation bar ."; }; - brandURL = mkOption { - type = types.str; + brandURL = lib.mkOption { + type = lib.types.str; default = "/"; description = "URL of the brand to show in the navigation bar."; }; - allServers = mkOption { - type = types.str; + allServers = lib.mkOption { + type = lib.types.str; default = "ALL Servers"; description = "Text of 'All server' button in the navigation bar."; }; - allServersURL = mkOption { - type = types.str; + allServersURL = lib.mkOption { + type = lib.types.str; default = "all"; description = "URL of 'All servers' button."; }; }; - extraArgs = mkOption { - type = with types; either lines (listOf str); + extraArgs = lib.mkOption { + type = with lib.types; either lines (listOf str); default = [ ]; description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend). @@ -183,50 +180,50 @@ in }; proxy = { - enable = mkEnableOption "Bird Looking Glass Proxy"; + enable = lib.mkEnableOption "Bird Looking Glass Proxy"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = "127.0.0.1:8000"; description = "Address to listen on."; }; - allowedIPs = mkOption { - type = types.listOf types.str; + allowedIPs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "192.168.25.52" "192.168.25.53" "192.168.0.0/24" ]; description = "List of IPs or networks to allow (default all allowed)."; }; - birdSocket = mkOption { - type = types.str; + birdSocket = lib.mkOption { + type = lib.types.str; default = "/var/run/bird/bird.ctl"; description = "Bird control socket path."; }; traceroute = { - binary = mkOption { - type = types.str; + binary = lib.mkOption { + type = lib.types.str; default = "${pkgs.traceroute}/bin/traceroute"; - defaultText = literalExpression ''"''${pkgs.traceroute}/bin/traceroute"''; + defaultText = lib.literalExpression ''"''${pkgs.traceroute}/bin/traceroute"''; description = "Traceroute's binary path."; }; - flags = mkOption { - type = with types; listOf str; + flags = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; description = "Flags for traceroute process"; }; - rawOutput = mkOption { - type = types.bool; + rawOutput = lib.mkOption { + type = lib.types.bool; default = false; description = "Display traceroute output in raw format."; }; }; - extraArgs = mkOption { - type = with types; either lines (listOf str); + extraArgs = lib.mkOption { + type = with lib.types; either lines (listOf str); default = [ ]; description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy). @@ -254,7 +251,7 @@ in ; systemd.services = { - bird-lg-frontend = mkIf cfg.frontend.enable { + bird-lg-frontend = lib.mkIf cfg.frontend.enable { enable = true; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -270,12 +267,12 @@ in }; script = '' ${cfg.package}/bin/frontend \ - ${concatStringsSep " \\\n " (argsAttrToList frontend_args)} \ + ${lib.concatStringsSep " \\\n " (argsAttrToList frontend_args)} \ ${stringOrConcat " " cfg.frontend.extraArgs} ''; }; - bird-lg-proxy = mkIf cfg.proxy.enable { + bird-lg-proxy = lib.mkIf cfg.proxy.enable { enable = true; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -291,14 +288,14 @@ in }; script = '' ${cfg.package}/bin/proxy \ - ${concatStringsSep " \\\n " (argsAttrToList proxy_args)} \ + ${lib.concatStringsSep " \\\n " (argsAttrToList proxy_args)} \ ${stringOrConcat " " cfg.proxy.extraArgs} ''; }; }; - users = mkIf (cfg.frontend.enable || cfg.proxy.enable) { - groups."bird-lg" = mkIf (cfg.group == "bird-lg") { }; - users."bird-lg" = mkIf (cfg.user == "bird-lg") { + users = lib.mkIf (cfg.frontend.enable || cfg.proxy.enable) { + groups."bird-lg" = lib.mkIf (cfg.group == "bird-lg") { }; + users."bird-lg" = lib.mkIf (cfg.user == "bird-lg") { description = "Bird Looking Glass user"; extraGroups = lib.optionals (config.services.bird2.enable) [ "bird2" ]; group = cfg.group; diff --git a/nixos/modules/services/networking/birdwatcher.nix b/nixos/modules/services/networking/birdwatcher.nix index 4baab1e60a2d71e..434f0e2095f3021 100644 --- a/nixos/modules/services/networking/birdwatcher.nix +++ b/nixos/modules/services/networking/birdwatcher.nix @@ -1,31 +1,28 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.birdwatcher; in { options = { services.birdwatcher = { - package = mkPackageOption pkgs "birdwatcher" { }; - enable = mkEnableOption "Birdwatcher"; - flags = mkOption { + package = lib.mkPackageOption pkgs "birdwatcher" { }; + enable = lib.mkEnableOption "Birdwatcher"; + flags = lib.mkOption { default = [ ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "-worker-pool-size 16" "-6" ]; description = '' Flags to append to the program call ''; }; - settings = mkOption { - type = types.lines; + settings = lib.mkOption { + type = lib.types.lines; default = { }; description = '' birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) ''; - example = literalExpression '' + example = lib.literalExpression '' [server] allow_from = [] allow_uncached = false @@ -72,7 +69,7 @@ in }; config = - let flagsStr = escapeShellArgs cfg.flags; + let flagsStr = lib.escapeShellArgs cfg.flags; in lib.mkIf cfg.enable { environment.etc."birdwatcher/birdwatcher.conf".source = pkgs.writeTextFile { name = "birdwatcher.conf"; diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix index 20488e5f33feacf..3ebbab97b68e1c9 100644 --- a/nixos/modules/services/networking/bitlbee.nix +++ b/nixos/modules/services/networking/bitlbee.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.bitlbee; @@ -46,8 +43,8 @@ in services.bitlbee = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the BitlBee IRC to other chat network gateway. @@ -56,8 +53,8 @@ in ''; }; - interface = mkOption { - type = types.str; + interface = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' The interface the BitlBee daemon will be listening to. If `127.0.0.1`, @@ -66,17 +63,17 @@ in ''; }; - portNumber = mkOption { + portNumber = lib.mkOption { default = 6667; - type = types.port; + type = lib.types.port; description = '' Number of the port BitlBee will be listening to. ''; }; - authBackend = mkOption { + authBackend = lib.mkOption { default = "storage"; - type = types.enum [ "storage" "pam" ]; + type = lib.types.enum [ "storage" "pam" ]; description = '' How users are authenticated storage -- save passwords internally @@ -84,9 +81,9 @@ in ''; }; - authMode = mkOption { + authMode = lib.mkOption { default = "Open"; - type = types.enum [ "Open" "Closed" "Registered" ]; + type = lib.types.enum [ "Open" "Closed" "Registered" ]; description = '' The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. @@ -95,9 +92,9 @@ in ''; }; - hostName = mkOption { + hostName = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify @@ -105,53 +102,53 @@ in ''; }; - plugins = mkOption { - type = types.listOf types.package; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.bitlbee-facebook ]"; + example = lib.literalExpression "[ pkgs.bitlbee-facebook ]"; description = '' The list of bitlbee plugins to install. ''; }; - libpurple_plugins = mkOption { - type = types.listOf types.package; + libpurple_plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.purple-matrix ]"; + example = lib.literalExpression "[ pkgs.purple-matrix ]"; description = '' The list of libpurple plugins to install. ''; }; - configDir = mkOption { + configDir = lib.mkOption { default = "/var/lib/bitlbee"; - type = types.path; + type = lib.types.path; description = '' Specify an alternative directory to store all the per-user configuration files. ''; }; - protocols = mkOption { + protocols = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions. ''; }; - extraSettings = mkOption { + extraSettings = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Will be inserted in the Settings section of the config file. ''; }; - extraDefaults = mkOption { + extraDefaults = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Will be inserted in the Default section of the config file. ''; @@ -163,8 +160,8 @@ in ###### implementation - config = mkMerge [ - (mkIf config.services.bitlbee.enable { + config = lib.mkMerge [ + (lib.mkIf config.services.bitlbee.enable { systemd.services.bitlbee = { environment.PURPLE_PLUGIN_PATH = purple_plugin_path; description = "BitlBee IRC to other chat networks gateway"; @@ -182,7 +179,7 @@ in environment.systemPackages = [ bitlbeePkg ]; }) - (mkIf (config.services.bitlbee.authBackend == "pam") { + (lib.mkIf (config.services.bitlbee.authBackend == "pam") { security.pam.services.bitlbee = {}; }) ]; diff --git a/nixos/modules/services/networking/blockbook-frontend.nix b/nixos/modules/services/networking/blockbook-frontend.nix index 504c98e9ab8e5e5..6200a098c34a020 100644 --- a/nixos/modules/services/networking/blockbook-frontend.nix +++ b/nixos/modules/services/networking/blockbook-frontend.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let eachBlockbook = config.services.blockbook-frontend; @@ -10,24 +7,24 @@ let options = { - enable = mkEnableOption "blockbook-frontend application"; + enable = lib.mkEnableOption "blockbook-frontend application"; - package = mkPackageOption pkgs "blockbook" { }; + package = lib.mkPackageOption pkgs "blockbook" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "blockbook-frontend-${name}"; description = "The user as which to run blockbook-frontend-${name}."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "${config.user}"; description = "The group as which to run blockbook-frontend-${name}."; }; - certFile = mkOption { - type = types.nullOr types.path; + certFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/etc/secrets/blockbook-frontend-${name}/certFile"; description = '' @@ -36,15 +33,15 @@ let ''; }; - configFile = mkOption { - type = with types; nullOr path; + configFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; example = "${config.dataDir}/config.json"; description = "Location of the blockbook configuration file."; }; - coinName = mkOption { - type = types.str; + coinName = lib.mkOption { + type = lib.types.str; default = "Bitcoin"; description = '' See @@ -52,68 +49,68 @@ let ''; }; - cssDir = mkOption { - type = types.path; + cssDir = lib.mkOption { + type = lib.types.path; default = "${config.package}/share/css/"; - defaultText = literalExpression ''"''${package}/share/css/"''; - example = literalExpression ''"''${dataDir}/static/css/"''; + defaultText = lib.literalExpression ''"''${package}/share/css/"''; + example = lib.literalExpression ''"''${dataDir}/static/css/"''; description = '' Location of the dir with {file}`main.css` CSS file. By default, the one shipped with the package is used. ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/blockbook-frontend-${name}"; description = "Location of blockbook-frontend-${name} data directory."; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = "Debug mode, return more verbose errors, reload templates on each request."; }; - internal = mkOption { - type = types.nullOr types.str; + internal = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = ":9030"; description = "Internal http server binding `[address]:port`."; }; - messageQueueBinding = mkOption { - type = types.str; + messageQueueBinding = lib.mkOption { + type = lib.types.str; default = "tcp://127.0.0.1:38330"; description = "Message Queue Binding `address:port`."; }; - public = mkOption { - type = types.nullOr types.str; + public = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = ":9130"; description = "Public http server binding `[address]:port`."; }; rpc = { - url = mkOption { - type = types.str; + url = lib.mkOption { + type = lib.types.str; default = "http://127.0.0.1"; description = "URL for JSON-RPC connections."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8030; description = "Port for JSON-RPC connections."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "rpc"; description = "Username for JSON-RPC connections."; }; - password = mkOption { - type = types.str; + password = lib.mkOption { + type = lib.types.str; default = "rpc"; description = '' RPC password for JSON-RPC connections. @@ -122,8 +119,8 @@ let ''; }; - passwordFile = mkOption { - type = types.nullOr types.path; + passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' File containing password of the RPC user. @@ -132,24 +129,24 @@ let }; }; - sync = mkOption { - type = types.bool; + sync = lib.mkOption { + type = lib.types.bool; default = true; description = "Synchronizes until tip, if together with zeromq, keeps index synchronized."; }; - templateDir = mkOption { - type = types.path; + templateDir = lib.mkOption { + type = lib.types.path; default = "${config.package}/share/templates/"; - defaultText = literalExpression ''"''${package}/share/templates/"''; - example = literalExpression ''"''${dataDir}/templates/static/"''; + defaultText = lib.literalExpression ''"''${package}/share/templates/"''; + example = lib.literalExpression ''"''${dataDir}/templates/static/"''; description = "Location of the HTML templates. By default, ones shipped with the package are used."; }; - extraConfig = mkOption { - type = types.attrs; + extraConfig = lib.mkOption { + type = lib.types.attrs; default = {}; - example = literalExpression '' { + example = lib.literalExpression '' { "alternative_estimate_fee" = "whatthefee-disabled"; "alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}"; "fiat_rates" = "coingecko"; @@ -174,8 +171,8 @@ let ''; }; - extraCmdLineOptions = mkOption { - type = types.listOf types.str; + extraCmdLineOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-workers=1" "-dbcache=0" "-logtosderr" ]; description = '' @@ -190,8 +187,8 @@ in # interface options = { - services.blockbook-frontend = mkOption { - type = types.attrsOf (types.submodule blockbookOpts); + services.blockbook-frontend = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule blockbookOpts); default = {}; description = "Specification of one or more blockbook-frontend instances."; }; @@ -199,10 +196,10 @@ in # implementation - config = mkIf (eachBlockbook != {}) { + config = lib.mkIf (eachBlockbook != {}) { - systemd.services = mapAttrs' (blockbookName: cfg: ( - nameValuePair "blockbook-frontend-${blockbookName}" ( + systemd.services = lib.mapAttrs' (blockbookName: cfg: ( + lib.nameValuePair "blockbook-frontend-${blockbookName}" ( let configFile = if cfg.configFile != null then cfg.configFile else pkgs.writeText "config.conf" (builtins.toJSON ( { @@ -220,7 +217,7 @@ in preStart = '' ln -sf ${cfg.templateDir} ${cfg.dataDir}/static/ ln -sf ${cfg.cssDir} ${cfg.dataDir}/static/ - ${optionalString (cfg.rpc.passwordFile != null && cfg.configFile == null) '' + ${lib.optionalString (cfg.rpc.passwordFile != null && cfg.configFile == null) '' CONFIGTMP=$(mktemp) ${pkgs.jq}/bin/jq ".rpc_pass = \"$(cat ${cfg.rpc.passwordFile})\"" ${configFile} > $CONFIGTMP mv $CONFIGTMP ${cfg.dataDir}/${blockbookName}-config.json @@ -237,11 +234,11 @@ in "-blockchaincfg=${configFile}" } \ -datadir=${cfg.dataDir} \ - ${optionalString (cfg.sync != false) "-sync"} \ - ${optionalString (cfg.certFile != null) "-certfile=${toString cfg.certFile}"} \ - ${optionalString (cfg.debug != false) "-debug"} \ - ${optionalString (cfg.internal != null) "-internal=${toString cfg.internal}"} \ - ${optionalString (cfg.public != null) "-public=${toString cfg.public}"} \ + ${lib.optionalString (cfg.sync != false) "-sync"} \ + ${lib.optionalString (cfg.certFile != null) "-certfile=${toString cfg.certFile}"} \ + ${lib.optionalString (cfg.debug != false) "-debug"} \ + ${lib.optionalString (cfg.internal != null) "-internal=${toString cfg.internal}"} \ + ${lib.optionalString (cfg.public != null) "-public=${toString cfg.public}"} \ ${toString cfg.extraCmdLineOptions} ''; Restart = "on-failure"; @@ -251,23 +248,23 @@ in } ) )) eachBlockbook; - systemd.tmpfiles.rules = flatten (mapAttrsToList (blockbookName: cfg: [ + systemd.tmpfiles.rules = lib.flatten (lib.mapAttrsToList (blockbookName: cfg: [ "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/static 0750 ${cfg.user} ${cfg.group} - -" ]) eachBlockbook); - users.users = mapAttrs' (blockbookName: cfg: ( - nameValuePair "blockbook-frontend-${blockbookName}" { + users.users = lib.mapAttrs' (blockbookName: cfg: ( + lib.nameValuePair "blockbook-frontend-${blockbookName}" { name = cfg.user; group = cfg.group; home = cfg.dataDir; isSystemUser = true; })) eachBlockbook; - users.groups = mapAttrs' (instanceName: cfg: ( - nameValuePair "${cfg.group}" { })) eachBlockbook; + users.groups = lib.mapAttrs' (instanceName: cfg: ( + lib.nameValuePair "${cfg.group}" { })) eachBlockbook; }; - meta.maintainers = with maintainers; [ _1000101 ]; + meta.maintainers = with lib.maintainers; [ _1000101 ]; } diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix index 4bc6ffa3f46ab07..1260d9da7ac2993 100644 --- a/nixos/modules/services/networking/blocky.nix +++ b/nixos/modules/services/networking/blocky.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.blocky; @@ -10,11 +7,11 @@ let in { options.services.blocky = { - enable = mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"; + enable = lib.mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"; - package = mkPackageOption pkgs "blocky" { }; + package = lib.mkPackageOption pkgs "blocky" { }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -25,14 +22,14 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.blocky = { description = "A DNS proxy and ad-blocker for the local network"; wantedBy = [ "multi-user.target" ]; serviceConfig = { DynamicUser = true; - ExecStart = "${getExe cfg.package} --config ${configFile}"; + ExecStart = "${lib.getExe cfg.package} --config ${configFile}"; Restart = "on-failure"; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; diff --git a/nixos/modules/services/networking/cgit.nix b/nixos/modules/services/networking/cgit.nix index 910db84a2641c86..208979364684d7d 100644 --- a/nixos/modules/services/networking/cgit.nix +++ b/nixos/modules/services/networking/cgit.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ...}: - -with lib; - let cfgs = config.services.cgit; - settingType = with types; oneOf [ bool int str ]; - repeatedSettingType = with types; oneOf [ settingType (listOf settingType) ]; + settingType = with lib.types; oneOf [ bool int str ]; + repeatedSettingType = with lib.types; oneOf [ settingType (listOf settingType) ]; - genAttrs' = names: f: listToAttrs (map f names); + genAttrs' = names: f: lib.listToAttrs (map f names); regexEscape = let @@ -20,9 +17,9 @@ let " " # \f / 0x0C ]; in - replaceStrings special (map (c: "\\${c}") special); + lib.replaceStrings special (map (c: "\\${c}") special); - stripLocation = cfg: removeSuffix "/" cfg.nginx.location; + stripLocation = cfg: lib.removeSuffix "/" cfg.nginx.location; regexLocation = cfg: regexEscape (stripLocation cfg); @@ -47,29 +44,29 @@ let # list value as multiple lines (for "readme" for example) cgitrcEntry = name: value: - if isList value then + if lib.isList value then map (cgitrcLine name) value else [ (cgitrcLine name value) ]; mkCgitrc = cfg: pkgs.writeText "cgitrc" '' # global settings - ${concatStringsSep "\n" ( - flatten (mapAttrsToList + ${lib.concatStringsSep "\n" ( + lib.flatten (lib.mapAttrsToList cgitrcEntry ({ virtual-root = cfg.nginx.location; } // cfg.settings) ) ) } - ${optionalString (cfg.scanPath != null) (cgitrcLine "scan-path" cfg.scanPath)} + ${lib.optionalString (cfg.scanPath != null) (cgitrcLine "scan-path" cfg.scanPath)} # repository settings - ${concatStrings ( - mapAttrsToList + ${lib.concatStrings ( + lib.mapAttrsToList (url: settings: '' ${cgitrcLine "repo.url" url} - ${concatStringsSep "\n" ( - mapAttrsToList (name: cgitrcLine "repo.${name}") settings + ${lib.concatStringsSep "\n" ( + lib.mapAttrsToList (name: cgitrcLine "repo.${name}") settings ) } '') @@ -90,32 +87,32 @@ let in { options = { - services.cgit = mkOption { + services.cgit = lib.mkOption { description = "Configure cgit instances."; default = {}; - type = types.attrsOf (types.submodule ({ config, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "cgit"; + enable = lib.mkEnableOption "cgit"; - package = mkPackageOption pkgs "cgit" {}; + package = lib.mkPackageOption pkgs "cgit" {}; - nginx.virtualHost = mkOption { + nginx.virtualHost = lib.mkOption { description = "VirtualHost to serve cgit on, defaults to the attribute name."; - type = types.str; + type = lib.types.str; default = config._module.args.name; example = "git.example.com"; }; - nginx.location = mkOption { + nginx.location = lib.mkOption { description = "Location to serve cgit under."; - type = types.str; + type = lib.types.str; default = "/"; example = "/git/"; }; - repos = mkOption { + repos = lib.mkOption { description = "cgit repository settings, see cgitrc(5)"; - type = with types; attrsOf (attrsOf settingType); + type = with lib.types; attrsOf (attrsOf settingType); default = {}; example = { blah = { @@ -125,18 +122,18 @@ in }; }; - scanPath = mkOption { + scanPath = lib.mkOption { description = "A path which will be scanned for repositories."; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/git"; }; - settings = mkOption { + settings = lib.mkOption { description = "cgit configuration, see cgitrc(5)"; - type = types.attrsOf repeatedSettingType; + type = lib.types.attrsOf repeatedSettingType; default = {}; - example = literalExpression '' + example = lib.literalExpression '' { enable-follow-links = true; source-filter = "''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; @@ -144,21 +141,21 @@ in ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { description = "These lines go to the end of cgitrc verbatim."; - type = types.lines; + type = lib.types.lines; default = ""; }; - user = mkOption { + user = lib.mkOption { description = "User to run the cgit service as."; - type = types.str; + type = lib.types.str; default = "cgit"; }; - group = mkOption { + group = lib.mkOption { description = "Group to run the cgit service as."; - type = types.str; + type = lib.types.str; default = "cgit"; }; }; @@ -166,13 +163,13 @@ in }; }; - config = mkIf (any (cfg: cfg.enable) (attrValues cfgs)) { - assertions = mapAttrsToList (vhost: cfg: { + config = lib.mkIf (lib.any (cfg: cfg.enable) (lib.attrValues cfgs)) { + assertions = lib.mapAttrsToList (vhost: cfg: { assertion = !cfg.enable || (cfg.scanPath == null) != (cfg.repos == {}); message = "Exactly one of services.cgit.${vhost}.scanPath or services.cgit.${vhost}.repos must be set."; }) cfgs; - users = mkMerge (flip mapAttrsToList cfgs (_: cfg: { + users = lib.mkMerge (lib.flip lib.mapAttrsToList cfgs (_: cfg: { users.${cfg.user} = { isSystemUser = true; inherit (cfg) group; @@ -180,23 +177,23 @@ in groups.${cfg.group} = { }; })); - services.fcgiwrap.instances = flip mapAttrs' cfgs (name: cfg: - nameValuePair "cgit-${name}" { + services.fcgiwrap.instances = lib.flip lib.mapAttrs' cfgs (name: cfg: + lib.nameValuePair "cgit-${name}" { process = { inherit (cfg) user group; }; socket = { inherit (config.services.nginx) user group; }; } ); - systemd.services = flip mapAttrs' cfgs (name: cfg: - nameValuePair (fcgiwrapUnitName name) - (mkIf (cfg.repos != { }) { + systemd.services = lib.flip lib.mapAttrs' cfgs (name: cfg: + lib.nameValuePair (fcgiwrapUnitName name) + (lib.mkIf (cfg.repos != { }) { serviceConfig.RuntimeDirectory = fcgiwrapUnitName name; preStart = '' - GIT_PROJECT_ROOT=${escapeShellArg (gitProjectRoot name cfg)} + GIT_PROJECT_ROOT=${lib.escapeShellArg (gitProjectRoot name cfg)} mkdir -p "$GIT_PROJECT_ROOT" cd "$GIT_PROJECT_ROOT" - ${concatLines (flip mapAttrsToList cfg.repos (name: repo: '' - ln -s ${escapeShellArg repo.path} ${escapeShellArg name} + ${lib.concatLines (lib.flip lib.mapAttrsToList cfg.repos (name: repo: '' + ln -s ${lib.escapeShellArg repo.path} ${lib.escapeShellArg name} ''))} ''; } @@ -204,12 +201,12 @@ in services.nginx.enable = true; - services.nginx.virtualHosts = mkMerge (mapAttrsToList (name: cfg: { + services.nginx.virtualHosts = lib.mkMerge (lib.mapAttrsToList (name: cfg: { ${cfg.nginx.virtualHost} = { locations = ( genAttrs' [ "cgit.css" "cgit.png" "favicon.ico" "robots.txt" ] - (fileName: nameValuePair "= ${stripLocation cfg}/${fileName}" { + (fileName: lib.nameValuePair "= ${stripLocation cfg}/${fileName}" { extraConfig = '' alias ${cfg.package}/cgit/${fileName}; ''; diff --git a/nixos/modules/services/networking/chisel-server.nix b/nixos/modules/services/networking/chisel-server.nix index 9c6391701fafc4b..2b585c22f304dd7 100644 --- a/nixos/modules/services/networking/chisel-server.nix +++ b/nixos/modules/services/networking/chisel-server.nix @@ -1,69 +1,66 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.chisel-server; in { options = { services.chisel-server = { - enable = mkEnableOption "Chisel Tunnel Server"; - host = mkOption { + enable = lib.mkEnableOption "Chisel Tunnel Server"; + host = lib.mkOption { description = "Address to listen on, falls back to 0.0.0.0"; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = null; example = "[::1]"; }; - port = mkOption { + port = lib.mkOption { description = "Port to listen on, falls back to 8080"; - type = with types; nullOr port; + type = with lib.types; nullOr port; default = null; }; - authfile = mkOption { + authfile = lib.mkOption { description = "Path to auth.json file"; - type = with types; nullOr path; + type = with lib.types; nullOr path; default = null; }; - keepalive = mkOption { + keepalive = lib.mkOption { description = "Keepalive interval, falls back to 25s"; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = null; example = "5s"; }; - backend = mkOption { + backend = lib.mkOption { description = "HTTP server to proxy normal requests to"; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = null; example = "http://127.0.0.1:8888"; }; - socks5 = mkOption { + socks5 = lib.mkOption { description = "Allow clients access to internal SOCKS5 proxy"; - type = types.bool; + type = lib.types.bool; default = false; }; - reverse = mkOption { + reverse = lib.mkOption { description = "Allow clients reverse port forwarding"; - type = types.bool; + type = lib.types.bool; default = false; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.chisel-server = { description = "Chisel Tunnel Server"; wantedBy = [ "network-online.target" ]; serviceConfig = { - ExecStart = "${pkgs.chisel}/bin/chisel server " + concatStringsSep " " ( - optional (cfg.host != null) "--host ${cfg.host}" - ++ optional (cfg.port != null) "--port ${builtins.toString cfg.port}" - ++ optional (cfg.authfile != null) "--authfile ${cfg.authfile}" - ++ optional (cfg.keepalive != null) "--keepalive ${cfg.keepalive}" - ++ optional (cfg.backend != null) "--backend ${cfg.backend}" - ++ optional cfg.socks5 "--socks5" - ++ optional cfg.reverse "--reverse" + ExecStart = "${pkgs.chisel}/bin/chisel server " + lib.concatStringsSep " " ( + lib.optional (cfg.host != null) "--host ${cfg.host}" + ++ lib.optional (cfg.port != null) "--port ${builtins.toString cfg.port}" + ++ lib.optional (cfg.authfile != null) "--authfile ${cfg.authfile}" + ++ lib.optional (cfg.keepalive != null) "--keepalive ${cfg.keepalive}" + ++ lib.optional (cfg.backend != null) "--backend ${cfg.backend}" + ++ lib.optional cfg.socks5 "--socks5" + ++ lib.optional cfg.reverse "--reverse" ); # Security Hardening @@ -95,5 +92,5 @@ in { }; }; - meta.maintainers = with maintainers; [ clerie ]; + meta.maintainers = with lib.maintainers; [ clerie ]; } diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index f50031eb2ec4ecd..a7f39b37918154a 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let pkg = pkgs.cjdns; @@ -11,28 +8,28 @@ let connectToSubmodule = { ... }: { options = - { password = mkOption { - type = types.str; + { password = lib.mkOption { + type = lib.types.str; description = "Authorized password to the opposite end of the tunnel."; }; - login = mkOption { + login = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = "(optional) name your peer has for you"; }; - peerName = mkOption { + peerName = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = "(optional) human-readable name for peer"; }; - publicKey = mkOption { - type = types.str; + publicKey = lib.mkOption { + type = lib.types.str; description = "Public key at the opposite end of the tunnel."; }; - hostname = mkOption { + hostname = lib.mkOption { default = ""; example = "foobar.hype"; - type = types.str; + type = lib.types.str; description = "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; }; }; @@ -41,16 +38,16 @@ let # Additional /etc/hosts entries for peers with an associated hostname cjdnsExtraHosts = pkgs.runCommand "cjdns-hosts" {} '' exec >$out - ${concatStringsSep "\n" (mapAttrsToList (k: v: - optionalString (v.hostname != "") + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: + lib.optionalString (v.hostname != "") "echo $(${pkgs.cjdns}/bin/publictoip6 ${v.publicKey}) ${v.hostname}") (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo))} ''; parseModules = x: - x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; + x // { connectTo = lib.mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; - cjdrouteConf = builtins.toJSON ( recursiveUpdate { + cjdrouteConf = builtins.toJSON ( lib.recursiveUpdate { admin = { bind = cfg.admin.bind; password = "@CJDNS_ADMIN_PASSWORD@"; @@ -84,8 +81,8 @@ in services.cjdns = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the cjdns network encryption @@ -95,8 +92,8 @@ in ''; }; - extraConfig = mkOption { - type = types.attrs; + extraConfig = lib.mkOption { + type = lib.types.attrs; default = {}; example = { router.interface.tunDevice = "tun10"; }; description = '' @@ -105,8 +102,8 @@ in ''; }; - confFile = mkOption { - type = types.nullOr types.path; + confFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/etc/cjdroute.conf"; description = '' @@ -114,8 +111,8 @@ in ''; }; - authorizedPasswords = mkOption { - type = types.listOf types.str; + authorizedPasswords = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "snyrfgkqsc98qh1y4s5hbu0j57xw5s0" @@ -129,8 +126,8 @@ in }; admin = { - bind = mkOption { - type = types.str; + bind = lib.mkOption { + type = lib.types.str; default = "127.0.0.1:11234"; description = '' Bind the administration port to this address and port. @@ -139,18 +136,18 @@ in }; UDPInterface = { - bind = mkOption { - type = types.str; + bind = lib.mkOption { + type = lib.types.str; default = ""; example = "192.168.1.32:43211"; description = '' Address and port to bind UDP tunnels to. ''; }; - connectTo = mkOption { - type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); + connectTo = lib.mkOption { + type = lib.types.attrsOf ( lib.types.submodule ( connectToSubmodule ) ); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "192.168.1.1:27313" = { hostname = "homer.hype"; @@ -166,8 +163,8 @@ in }; ETHInterface = { - bind = mkOption { - type = types.str; + bind = lib.mkOption { + type = lib.types.str; default = ""; example = "eth0"; description = '' @@ -176,8 +173,8 @@ in ''; }; - beacon = mkOption { - type = types.int; + beacon = lib.mkOption { + type = lib.types.int; default = 2; description = '' Auto-connect to other cjdns nodes on the same network. @@ -193,10 +190,10 @@ in ''; }; - connectTo = mkOption { - type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); + connectTo = lib.mkOption { + type = lib.types.attrsOf ( lib.types.submodule ( connectToSubmodule ) ); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "01:02:03:04:05:06" = { hostname = "homer.hype"; @@ -212,8 +209,8 @@ in }; }; - addExtraHosts = mkOption { - type = types.bool; + addExtraHosts = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to add cjdns peers with an associated hostname to @@ -226,7 +223,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { boot.kernelModules = [ "tun" ]; @@ -238,7 +235,7 @@ in after = [ "network-online.target" ]; bindsTo = [ "network-online.target" ]; - preStart = optionalString (cfg.confFile == null) '' + preStart = lib.optionalString (cfg.confFile == null) '' [ -e /etc/cjdns.keys ] && source /etc/cjdns.keys if [ -z "$CJDNS_PRIVATE_KEY" ]; then @@ -283,7 +280,7 @@ in }; }; - networking.hostFiles = mkIf cfg.addExtraHosts [ cjdnsExtraHosts ]; + networking.hostFiles = lib.mkIf cfg.addExtraHosts [ cjdnsExtraHosts ]; assertions = [ { assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile != null ); diff --git a/nixos/modules/services/networking/clatd.nix b/nixos/modules/services/networking/clatd.nix index de6cde4e979c05b..09f7fdfb6e9e9c2 100644 --- a/nixos/modules/services/networking/clatd.nix +++ b/nixos/modules/services/networking/clatd.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.clatd; @@ -11,16 +9,16 @@ in { options = { services.clatd = { - enable = mkEnableOption "clatd"; + enable = lib.mkEnableOption "clatd"; - package = mkPackageOption pkgs "clatd" { }; + package = lib.mkPackageOption pkgs "clatd" { }; - settings = mkOption { - type = types.submodule ({ name, ... }: { + settings = lib.mkOption { + type = lib.types.submodule ({ name, ... }: { freeformType = settingsFormat.type; }); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { plat-prefix = "64:ff9b::/96"; } @@ -32,7 +30,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.clatd = { description = "464XLAT CLAT daemon"; documentation = [ "man:clatd(8)" ]; diff --git a/nixos/modules/services/networking/cloudflare-dyndns.nix b/nixos/modules/services/networking/cloudflare-dyndns.nix index 9495c8dcaf81001..0f035362742ef2c 100644 --- a/nixos/modules/services/networking/cloudflare-dyndns.nix +++ b/nixos/modules/services/networking/cloudflare-dyndns.nix @@ -1,19 +1,16 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.cloudflare-dyndns; in { options = { services.cloudflare-dyndns = { - enable = mkEnableOption "Cloudflare Dynamic DNS Client"; + enable = lib.mkEnableOption "Cloudflare Dynamic DNS Client"; - package = mkPackageOption pkgs "cloudflare-dyndns" { }; + package = lib.mkPackageOption pkgs "cloudflare-dyndns" { }; - apiTokenFile = mkOption { - type = types.nullOr types.str; + apiTokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The path to a file containing the CloudFlare API token. @@ -22,16 +19,16 @@ in ''; }; - domains = mkOption { - type = types.listOf types.str; + domains = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' List of domain names to update records for. ''; }; - frequency = mkOption { - type = types.nullOr types.str; + frequency = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = "*:0/5"; description = '' Run cloudflare-dyndns with the given frequency (see @@ -40,32 +37,32 @@ in ''; }; - proxied = mkOption { - type = types.bool; + proxied = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether this is a DNS-only record, or also being proxied through CloudFlare. ''; }; - ipv4 = mkOption { - type = types.bool; + ipv4 = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable setting IPv4 A records. ''; }; - ipv6 = mkOption { - type = types.bool; + ipv6 = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable setting IPv6 AAAA records. ''; }; - deleteMissing = mkOption { - type = types.bool; + deleteMissing = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to delete the record when no IP address is found. @@ -74,7 +71,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.cloudflare-dyndns = { description = "CloudFlare Dynamic DNS Client"; after = [ "network.target" ]; @@ -94,12 +91,12 @@ in args = [ "--cache-file /var/lib/cloudflare-dyndns/ip.cache" ] ++ (if cfg.ipv4 then [ "-4" ] else [ "-no-4" ]) ++ (if cfg.ipv6 then [ "-6" ] else [ "-no-6" ]) - ++ optional cfg.deleteMissing "--delete-missing" - ++ optional cfg.proxied "--proxied"; + ++ lib.optional cfg.deleteMissing "--delete-missing" + ++ lib.optional cfg.proxied "--proxied"; in - "${getExe cfg.package} ${toString args}"; + "${lib.getExe cfg.package} ${toString args}"; }; - } // optionalAttrs (cfg.frequency != null) { + } // lib.optionalAttrs (cfg.frequency != null) { startAt = cfg.frequency; }; }; diff --git a/nixos/modules/services/networking/cloudflared.nix b/nixos/modules/services/networking/cloudflared.nix index c0d1012ffb80ddd..c328d1de43c64b1 100644 --- a/nixos/modules/services/networking/cloudflared.nix +++ b/nixos/modules/services/networking/cloudflared.nix @@ -1,13 +1,10 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.cloudflared; originRequest = { - connectTimeout = mkOption { - type = with types; nullOr str; + connectTimeout = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "30s"; description = '' @@ -15,8 +12,8 @@ let ''; }; - tlsTimeout = mkOption { - type = with types; nullOr str; + tlsTimeout = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "10s"; description = '' @@ -24,8 +21,8 @@ let ''; }; - tcpKeepAlive = mkOption { - type = with types; nullOr str; + tcpKeepAlive = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "30s"; description = '' @@ -33,8 +30,8 @@ let ''; }; - noHappyEyeballs = mkOption { - type = with types; nullOr bool; + noHappyEyeballs = lib.mkOption { + type = with lib.types; nullOr bool; default = null; example = false; description = '' @@ -42,8 +39,8 @@ let ''; }; - keepAliveConnections = mkOption { - type = with types; nullOr int; + keepAliveConnections = lib.mkOption { + type = with lib.types; nullOr int; default = null; example = 100; description = '' @@ -51,8 +48,8 @@ let ''; }; - keepAliveTimeout = mkOption { - type = with types; nullOr str; + keepAliveTimeout = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "1m30s"; description = '' @@ -60,8 +57,8 @@ let ''; }; - httpHostHeader = mkOption { - type = with types; nullOr str; + httpHostHeader = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = ""; description = '' @@ -69,8 +66,8 @@ let ''; }; - originServerName = mkOption { - type = with types; nullOr str; + originServerName = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = ""; description = '' @@ -78,8 +75,8 @@ let ''; }; - caPool = mkOption { - type = with types; nullOr (either str path); + caPool = lib.mkOption { + type = with lib.types; nullOr (either str path); default = null; example = ""; description = '' @@ -87,8 +84,8 @@ let ''; }; - noTLSVerify = mkOption { - type = with types; nullOr bool; + noTLSVerify = lib.mkOption { + type = with lib.types; nullOr bool; default = null; example = false; description = '' @@ -96,8 +93,8 @@ let ''; }; - disableChunkedEncoding = mkOption { - type = with types; nullOr bool; + disableChunkedEncoding = lib.mkOption { + type = with lib.types; nullOr bool; default = null; example = false; description = '' @@ -105,8 +102,8 @@ let ''; }; - proxyAddress = mkOption { - type = with types; nullOr str; + proxyAddress = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "127.0.0.1"; description = '' @@ -114,8 +111,8 @@ let ''; }; - proxyPort = mkOption { - type = with types; nullOr int; + proxyPort = lib.mkOption { + type = with lib.types; nullOr int; default = null; example = 0; description = '' @@ -123,8 +120,8 @@ let ''; }; - proxyType = mkOption { - type = with types; nullOr (enum [ "" "socks" ]); + proxyType = lib.mkOption { + type = with lib.types; nullOr (enum [ "" "socks" ]); default = null; example = ""; description = '' @@ -138,32 +135,32 @@ let in { options.services.cloudflared = { - enable = mkEnableOption "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"; + enable = lib.mkEnableOption "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "cloudflared"; description = "User account under which Cloudflared runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "cloudflared"; description = "Group under which cloudflared runs."; }; - package = mkPackageOption pkgs "cloudflared" { }; + package = lib.mkPackageOption pkgs "cloudflared" { }; - tunnels = mkOption { + tunnels = lib.mkOption { description = '' Cloudflare tunnels. ''; - type = types.attrsOf (types.submodule ({ name, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { inherit originRequest; - credentialsFile = mkOption { - type = types.str; + credentialsFile = lib.mkOption { + type = lib.types.str; description = '' Credential file. @@ -172,8 +169,8 @@ in }; warp-routing = { - enabled = mkOption { - type = with types; nullOr bool; + enabled = lib.mkOption { + type = with lib.types; nullOr bool; default = null; description = '' Enable warp routing. @@ -183,8 +180,8 @@ in }; }; - default = mkOption { - type = types.str; + default = lib.mkOption { + type = lib.types.str; description = '' Catch-all service if no ingress matches. @@ -193,13 +190,13 @@ in example = "http_status:404"; }; - ingress = mkOption { - type = with types; attrsOf (either str (submodule ({ hostname, ... }: { + ingress = lib.mkOption { + type = with lib.types; attrsOf (either str (submodule ({ hostname, ... }: { options = { inherit originRequest; - service = mkOption { - type = with types; nullOr str; + service = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Service to pass the traffic. @@ -209,8 +206,8 @@ in example = "http://localhost:80, tcp://localhost:8000, unix:/home/production/echo.sock, hello_world or http_status:404"; }; - path = mkOption { - type = with types; nullOr str; + path = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Path filter. @@ -251,11 +248,11 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.targets = - mapAttrs' + lib.mapAttrs' (name: tunnel: - nameValuePair "cloudflared-tunnel-${name}" { + lib.nameValuePair "cloudflared-tunnel-${name}" { description = "Cloudflare tunnel '${name}' target"; requires = [ "cloudflared-tunnel-${name}.service" ]; after = [ "cloudflared-tunnel-${name}.service" ]; @@ -265,41 +262,41 @@ in config.services.cloudflared.tunnels; systemd.services = - mapAttrs' + lib.mapAttrs' (name: tunnel: let filterConfig = lib.attrsets.filterAttrsRecursive (_: v: ! builtins.elem v [ null [ ] { } ]); - filterIngressSet = filterAttrs (_: v: builtins.typeOf v == "set"); - filterIngressStr = filterAttrs (_: v: builtins.typeOf v == "string"); + filterIngressSet = lib.filterAttrs (_: v: builtins.typeOf v == "set"); + filterIngressStr = lib.filterAttrs (_: v: builtins.typeOf v == "string"); ingressesSet = filterIngressSet tunnel.ingress; ingressesStr = filterIngressStr tunnel.ingress; - fullConfig = filterConfig { + fullConfig = lib.filterConfig { tunnel = name; "credentials-file" = tunnel.credentialsFile; - warp-routing = filterConfig tunnel.warp-routing; - originRequest = filterConfig tunnel.originRequest; + warp-routing = lib.filterConfig tunnel.warp-routing; + originRequest = lib.filterConfig tunnel.originRequest; ingress = (map (key: { hostname = key; - } // getAttr key (filterConfig (filterConfig ingressesSet))) - (attrNames ingressesSet)) + } // lib.getAttr key (filterConfig (filterConfig ingressesSet))) + (lib.attrNames ingressesSet)) ++ (map (key: { hostname = key; - service = getAttr key ingressesStr; + service = lib.getAttr key ingressesStr; }) - (attrNames ingressesStr)) + (lib.attrNames ingressesStr)) ++ [{ service = tunnel.default; }]; }; mkConfigFile = pkgs.writeText "cloudflared.yml" (builtins.toJSON fullConfig); in - nameValuePair "cloudflared-tunnel-${name}" ({ + lib.nameValuePair "cloudflared-tunnel-${name}" ({ after = [ "network.target" "network-online.target" ]; wants = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; @@ -313,17 +310,17 @@ in ) config.services.cloudflared.tunnels; - users.users = mkIf (cfg.user == "cloudflared") { + users.users = lib.mkIf (cfg.user == "cloudflared") { cloudflared = { group = cfg.group; isSystemUser = true; }; }; - users.groups = mkIf (cfg.group == "cloudflared") { + users.groups = lib.mkIf (cfg.group == "cloudflared") { cloudflared = { }; }; }; - meta.maintainers = with maintainers; [ bbigras anpin ]; + meta.maintainers = with lib.maintainers; [ bbigras anpin ]; } diff --git a/nixos/modules/services/networking/cntlm.nix b/nixos/modules/services/networking/cntlm.nix index 16e9c3bb87b5c17..4615380c41ebe02 100644 --- a/nixos/modules/services/networking/cntlm.nix +++ b/nixos/modules/services/networking/cntlm.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.cntlm; @@ -16,11 +13,11 @@ let Username ${cfg.username} Domain ${cfg.domain} Password ${cfg.password} - ${optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"} - ${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy} - ${optionalString (cfg.noproxy != []) "NoProxy ${concatStringsSep ", " cfg.noproxy}"} + ${lib.optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"} + ${lib.concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy} + ${lib.optionalString (cfg.noproxy != []) "NoProxy ${lib.concatStringsSep ", " cfg.noproxy}"} - ${concatMapStrings (port: '' + ${lib.concatMapStrings (port: '' Listen ${toString port} '') cfg.port} @@ -33,36 +30,36 @@ in options.services.cntlm = { - enable = mkEnableOption "cntlm, which starts a local proxy"; + enable = lib.mkEnableOption "cntlm, which starts a local proxy"; - username = mkOption { - type = types.str; + username = lib.mkOption { + type = lib.types.str; description = '' Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). ''; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; description = "Proxy account domain/workgroup name."; }; - password = mkOption { + password = lib.mkOption { default = "/etc/cntlm.password"; - type = types.str; + type = lib.types.str; description = "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security."; }; - netbios_hostname = mkOption { - type = types.str; + netbios_hostname = lib.mkOption { + type = lib.types.str; default = ""; description = '' The hostname of your machine. ''; }; - proxy = mkOption { - type = types.listOf types.str; + proxy = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' A list of NTLM/NTLMv2 authenticating HTTP proxies. @@ -73,29 +70,29 @@ in example = [ "proxy.example.com:81" ]; }; - noproxy = mkOption { + noproxy = lib.mkOption { description = '' A list of domains where the proxy is skipped. ''; default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "*.example.com" "example.com" ]; }; - port = mkOption { + port = lib.mkOption { default = [3128]; - type = types.listOf types.port; + type = lib.types.listOf lib.types.port; description = "Specifies on which ports the cntlm daemon listens."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Additional config appended to the end of the generated {file}`cntlm.conf`."; }; - configText = mkOption { - type = types.lines; + configText = lib.mkOption { + type = lib.types.lines; default = ""; description = "Verbatim contents of {file}`cntlm.conf`."; }; @@ -104,7 +101,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.cntlm = { description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy"; after = [ "network.target" ]; diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index 2d9b10514a7222e..855d3872aa62e1d 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, utils, ... }: - -with lib; let dataDir = "/var/lib/consul"; @@ -16,8 +14,8 @@ let configFiles = [ "/etc/consul.json" "/etc/consul-addrs.json" ] ++ cfg.extraConfigFiles; - devices = attrValues (filterAttrs (_: i: i != null) cfg.interface); - systemdDevices = forEach devices + devices = lib.attrValues (lib.filterAttrs (_: i: i != null) cfg.interface); + systemdDevices = lib.forEach devices (i: "sys-subsystem-net-devices-${utils.escapeSystemdPath i}.device"); in { @@ -25,26 +23,26 @@ in services.consul = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enables the consul daemon. ''; }; - package = mkPackageOption pkgs "consul" { }; + package = lib.mkPackageOption pkgs "consul" { }; - webUi = mkOption { - type = types.bool; + webUi = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enables the web interface on the consul http port. ''; }; - leaveOnStop = mkOption { - type = types.bool; + leaveOnStop = lib.mkOption { + type = lib.types.bool; default = false; description = '' If enabled, causes a leave action to be sent when closing consul. @@ -57,16 +55,16 @@ in interface = { - advertise = mkOption { - type = types.nullOr types.str; + advertise = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The name of the interface to pull the advertise_addr from. ''; }; - bind = mkOption { - type = types.nullOr types.str; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The name of the interface to pull the bind_addr from. @@ -74,16 +72,16 @@ in }; }; - forceAddrFamily = mkOption { - type = types.enum [ "any" "ipv4" "ipv6" ]; + forceAddrFamily = lib.mkOption { + type = lib.types.enum [ "any" "ipv4" "ipv6" ]; default = "any"; description = '' Whether to bind ipv4/ipv6 or both kind of addresses. ''; }; - forceIpv4 = mkOption { - type = types.nullOr types.bool; + forceIpv4 = lib.mkOption { + type = lib.types.nullOr lib.types.bool; default = null; description = '' Deprecated: Use consul.forceAddrFamily instead. @@ -91,26 +89,26 @@ in ''; }; - dropPrivileges = mkOption { - type = types.bool; + dropPrivileges = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether the consul agent should be run as a non-root consul user. ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = { }; - type = types.attrsOf types.anything; + type = lib.types.attrsOf lib.types.anything; description = '' Extra configuration options which are serialized to json and added to the config.json file. ''; }; - extraConfigFiles = mkOption { + extraConfigFiles = lib.mkOption { default = [ ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered. @@ -118,32 +116,32 @@ in }; alerts = { - enable = mkEnableOption "consul-alerts"; + enable = lib.mkEnableOption "consul-alerts"; - package = mkPackageOption pkgs "consul-alerts" { }; + package = lib.mkPackageOption pkgs "consul-alerts" { }; - listenAddr = mkOption { + listenAddr = lib.mkOption { description = "Api listening address."; default = "localhost:9000"; - type = types.str; + type = lib.types.str; }; - consulAddr = mkOption { + consulAddr = lib.mkOption { description = "Consul api listening address"; default = "localhost:8500"; - type = types.str; + type = lib.types.str; }; - watchChecks = mkOption { + watchChecks = lib.mkOption { description = "Whether to enable check watcher."; default = true; - type = types.bool; + type = lib.types.bool; }; - watchEvents = mkOption { + watchEvents = lib.mkOption { description = "Whether to enable event watcher."; default = true; - type = types.bool; + type = lib.types.bool; }; }; @@ -151,8 +149,8 @@ in }; - config = mkIf cfg.enable ( - mkMerge [{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [{ users.users.consul = { description = "Consul agent daemon user"; @@ -182,18 +180,18 @@ in after = [ "network.target" ] ++ systemdDevices; bindsTo = systemdDevices; restartTriggers = [ config.environment.etc."consul.json".source ] - ++ mapAttrsToList (_: d: d.source) - (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc); + ++ lib.mapAttrsToList (_: d: d.source) + (lib.filterAttrs (n: _: lib.hasPrefix "consul.d/" n) config.environment.etc); serviceConfig = { ExecStart = "@${lib.getExe cfg.package} consul agent -config-dir /etc/consul.d" - + concatMapStrings (n: " -config-file ${n}") configFiles; + + lib.concatMapStrings (n: " -config-file ${n}") configFiles; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; PermissionsStartOnly = true; User = if cfg.dropPrivileges then "consul" else null; Restart = "on-failure"; TimeoutStartSec = "infinity"; - } // (optionalAttrs (cfg.leaveOnStop) { + } // (lib.optionalAttrs (cfg.leaveOnStop) { ExecStop = "${lib.getExe cfg.package} leave"; }); @@ -231,8 +229,8 @@ in echo "{" > /etc/consul-addrs.json delim=" " '' - + concatStrings (flip mapAttrsToList cfg.interface (name: i: - optionalString (i != null) '' + + lib.concatStrings (lib.flip lib.mapAttrsToList cfg.interface (name: i: + lib.optionalString (i != null) '' echo "$delim \"${name}_addr\": \"$(getAddr "${i}")\"" >> /etc/consul-addrs.json delim="," '')) @@ -243,11 +241,11 @@ in } # deprecated - (mkIf (cfg.forceIpv4 != null && cfg.forceIpv4) { + (lib.mkIf (cfg.forceIpv4 != null && cfg.forceIpv4) { services.consul.forceAddrFamily = "ipv4"; }) - (mkIf (cfg.alerts.enable) { + (lib.mkIf (cfg.alerts.enable) { systemd.services.consul-alerts = { wantedBy = [ "multi-user.target" ]; after = [ "consul.service" ]; @@ -259,8 +257,8 @@ in ${lib.getExe cfg.alerts.package} start \ --alert-addr=${cfg.alerts.listenAddr} \ --consul-addr=${cfg.alerts.consulAddr} \ - ${optionalString cfg.alerts.watchChecks "--watch-checks"} \ - ${optionalString cfg.alerts.watchEvents "--watch-events"} + ${lib.optionalString cfg.alerts.watchChecks "--watch-checks"} \ + ${lib.optionalString cfg.alerts.watchEvents "--watch-events"} ''; User = if cfg.dropPrivileges then "consul" else null; Restart = "on-failure"; diff --git a/nixos/modules/services/networking/coredns.nix b/nixos/modules/services/networking/coredns.nix index 370b9e6e8043fca..14602e06fe820df 100644 --- a/nixos/modules/services/networking/coredns.nix +++ b/nixos/modules/services/networking/coredns.nix @@ -1,39 +1,36 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.coredns; configFile = pkgs.writeText "Corefile" cfg.config; in { options.services.coredns = { - enable = mkEnableOption "Coredns dns server"; + enable = lib.mkEnableOption "Coredns dns server"; - config = mkOption { + config = lib.mkOption { default = ""; example = '' . { whoami } ''; - type = types.lines; + type = lib.types.lines; description = '' Verbatim Corefile to use. See for details. ''; }; - package = mkPackageOption pkgs "coredns" { }; + package = lib.mkPackageOption pkgs "coredns" { }; - extraArgs = mkOption { + extraArgs = lib.mkOption { default = []; example = [ "-dns.port=53" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "Extra arguments to pass to coredns."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.coredns = { description = "Coredns dns server"; after = [ "network.target" ]; @@ -46,7 +43,7 @@ in { AmbientCapabilities = "cap_net_bind_service"; NoNewPrivileges = true; DynamicUser = true; - ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile} ${lib.escapeShellArgs cfg.extraArgs}"; + ExecStart = "${lib.getBin cfg.package}/bin/coredns -conf=${configFile} ${lib.escapeShellArgs cfg.extraArgs}"; ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID"; Restart = "on-failure"; }; diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix index 2203aa30c161301..edeee881008fc86 100644 --- a/nixos/modules/services/networking/corerad.nix +++ b/nixos/modules/services/networking/corerad.nix @@ -1,20 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.corerad; settingsFormat = pkgs.formats.toml {}; in { - meta.maintainers = with maintainers; [ mdlayher ]; + meta.maintainers = with lib.maintainers; [ mdlayher ]; options.services.corerad = { - enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; + enable = lib.mkEnableOption "CoreRAD IPv6 NDP RA daemon"; - settings = mkOption { + settings = lib.mkOption { type = settingsFormat.type; - example = literalExpression '' + example = lib.literalExpression '' { interfaces = [ # eth0 is an upstream interface monitoring for IPv6 router advertisements. @@ -42,18 +39,18 @@ in { ''; }; - configFile = mkOption { - type = types.path; - example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; + configFile = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; description = "Path to CoreRAD TOML configuration file."; }; - package = mkPackageOption pkgs "corerad" { }; + package = lib.mkPackageOption pkgs "corerad" { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Prefer the config file over settings if both are set. - services.corerad.configFile = mkDefault (settingsFormat.generate "corerad.toml" cfg.settings); + services.corerad.configFile = lib.mkDefault (settingsFormat.generate "corerad.toml" cfg.settings); systemd.services.corerad = { description = "CoreRAD IPv6 NDP RA daemon"; @@ -68,7 +65,7 @@ in { DynamicUser = true; Type = "notify"; NotifyAccess = "main"; - ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; + ExecStart = "${lib.getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; Restart = "on-failure"; RestartKillSignal = "SIGHUP"; }; diff --git a/nixos/modules/services/networking/coturn.nix b/nixos/modules/services/networking/coturn.nix index 3166c0dfb578d76..40c157d1006e39b 100644 --- a/nixos/modules/services/networking/coturn.nix +++ b/nixos/modules/services/networking/coturn.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.coturn; pidfile = "/run/turnserver/turnserver.pid"; @@ -8,8 +7,8 @@ listening-port=${toString cfg.listening-port} tls-listening-port=${toString cfg.tls-listening-port} alt-listening-port=${toString cfg.alt-listening-port} alt-tls-listening-port=${toString cfg.alt-tls-listening-port} -${concatStringsSep "\n" (map (x: "listening-ip=${x}") cfg.listening-ips)} -${concatStringsSep "\n" (map (x: "relay-ip=${x}") cfg.relay-ips)} +${lib.concatStringsSep "\n" (map (x: "listening-ip=${x}") cfg.listening-ips)} +${lib.concatStringsSep "\n" (map (x: "relay-ip=${x}") cfg.relay-ips)} min-port=${toString cfg.min-port} max-port=${toString cfg.max-port} ${lib.optionalString cfg.lt-cred-mech "lt-cred-mech"} @@ -40,9 +39,9 @@ ${cfg.extraConfig} in { options = { services.coturn = { - enable = mkEnableOption "coturn TURN server"; - listening-port = mkOption { - type = types.int; + enable = lib.mkEnableOption "coturn TURN server"; + listening-port = lib.mkOption { + type = lib.types.int; default = 3478; description = '' TURN listener port for UDP and TCP. @@ -50,8 +49,8 @@ in { "plain" TCP and UDP port(s), too - if allowed by configuration. ''; }; - tls-listening-port = mkOption { - type = types.int; + tls-listening-port = lib.mkOption { + type = lib.types.int; default = 5349; description = '' TURN listener port for TLS. @@ -65,10 +64,10 @@ in { For secure UDP connections, we support DTLS version 1. ''; }; - alt-listening-port = mkOption { - type = types.int; + alt-listening-port = lib.mkOption { + type = lib.types.int; default = cfg.listening-port + 1; - defaultText = literalExpression "listening-port + 1"; + defaultText = lib.literalExpression "listening-port + 1"; description = '' Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". @@ -80,16 +79,16 @@ in { are listening to that endpoint only for "symmetry". ''; }; - alt-tls-listening-port = mkOption { - type = types.int; + alt-tls-listening-port = lib.mkOption { + type = lib.types.int; default = cfg.tls-listening-port + 1; - defaultText = literalExpression "tls-listening-port + 1"; + defaultText = lib.literalExpression "tls-listening-port + 1"; description = '' Alternative listening port for TLS and DTLS protocols. ''; }; - listening-ips = mkOption { - type = types.listOf types.str; + listening-ips = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; description = '' @@ -98,8 +97,8 @@ in { then all IPv4 and IPv6 system IPs will be used for listening. ''; }; - relay-ips = mkOption { - type = types.listOf types.str; + relay-ips = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; description = '' @@ -115,29 +114,29 @@ in { as the family of the client socket). ''; }; - min-port = mkOption { - type = types.int; + min-port = lib.mkOption { + type = lib.types.int; default = 49152; description = '' Lower bound of UDP relay endpoints ''; }; - max-port = mkOption { - type = types.int; + max-port = lib.mkOption { + type = lib.types.int; default = 65535; description = '' Upper bound of UDP relay endpoints ''; }; - lt-cred-mech = mkOption { - type = types.bool; + lt-cred-mech = lib.mkOption { + type = lib.types.bool; default = false; description = '' Use long-term credential mechanism. ''; }; - no-auth = mkOption { - type = types.bool; + no-auth = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option is opposite to lt-cred-mech. @@ -148,8 +147,8 @@ in { lt-cred-mech is default. ''; }; - use-auth-secret = mkOption { - type = types.bool; + use-auth-secret = lib.mkOption { + type = lib.types.bool; default = false; description = '' TURN REST API flag. @@ -172,8 +171,8 @@ in { or can be found in the turn_secret table in the database. ''; }; - static-auth-secret = mkOption { - type = types.nullOr types.str; + static-auth-secret = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' 'Static' authentication secret value (a string) for TURN REST API only. @@ -183,17 +182,17 @@ in { by a separate program, so this is why that other mode is 'dynamic'. ''; }; - static-auth-secret-file = mkOption { - type = types.nullOr types.str; + static-auth-secret-file = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Path to the file containing the static authentication secret. ''; }; - realm = mkOption { - type = types.str; + realm = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; example = "example.com"; description = '' The default realm to be used for the users when no explicit @@ -203,60 +202,60 @@ in { mechanism or with TURN REST API. ''; }; - cert = mkOption { - type = types.nullOr types.str; + cert = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/var/lib/acme/example.com/fullchain.pem"; description = '' Certificate file in PEM format. ''; }; - pkey = mkOption { - type = types.nullOr types.str; + pkey = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/var/lib/acme/example.com/key.pem"; description = '' Private key file in PEM format. ''; }; - dh-file = mkOption { - type = types.nullOr types.str; + dh-file = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Use custom DH TLS key, stored in PEM format in the file. ''; }; - secure-stun = mkOption { - type = types.bool; + secure-stun = lib.mkOption { + type = lib.types.bool; default = false; description = '' Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality. ''; }; - no-cli = mkOption { - type = types.bool; + no-cli = lib.mkOption { + type = lib.types.bool; default = false; description = '' Turn OFF the CLI support. ''; }; - cli-ip = mkOption { - type = types.str; + cli-ip = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Local system IP address to be used for CLI server endpoint. ''; }; - cli-port = mkOption { - type = types.int; + cli-port = lib.mkOption { + type = lib.types.int; default = 5766; description = '' CLI server port. ''; }; - cli-password = mkOption { - type = types.nullOr types.str; + cli-password = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' CLI access password. @@ -264,45 +263,45 @@ in { for of the password (see the -P command in the turnadmin utility). ''; }; - no-udp = mkOption { - type = types.bool; + no-udp = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable UDP client listener"; }; - no-tcp = mkOption { - type = types.bool; + no-tcp = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable TCP client listener"; }; - no-tls = mkOption { - type = types.bool; + no-tls = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable TLS client listener"; }; - no-dtls = mkOption { - type = types.bool; + no-dtls = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable DTLS client listener"; }; - no-udp-relay = mkOption { - type = types.bool; + no-udp-relay = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable UDP relay endpoints"; }; - no-tcp-relay = mkOption { - type = types.bool; + no-tcp-relay = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable TCP relay endpoints"; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Additional configuration options"; }; }; }; - config = mkIf cfg.enable (mkMerge ([ + config = lib.mkIf cfg.enable (lib.mkMerge ([ { assertions = [ { assertion = cfg.static-auth-secret != null -> cfg.static-auth-secret-file == null ; message = "static-auth-secret and static-auth-secret-file cannot be set at the same time"; @@ -334,7 +333,7 @@ in { preStart = '' cat ${configFile} > ${runConfig} - ${optionalString (cfg.static-auth-secret-file != null) '' + ${lib.optionalString (cfg.static-auth-secret-file != null) '' ${pkgs.replace-secret}/bin/replace-secret \ "#static-auth-secret#" \ ${cfg.static-auth-secret-file} \ @@ -349,7 +348,7 @@ in { User = "turnserver"; Group = "turnserver"; AmbientCapabilities = - mkIf ( + lib.mkIf ( cfg.listening-port < 1024 || cfg.alt-listening-port < 1024 || cfg.tls-listening-port < 1024 || diff --git a/nixos/modules/services/networking/create_ap.nix b/nixos/modules/services/networking/create_ap.nix index 9bdbcee018edcf7..cebea3c9059cc35 100644 --- a/nixos/modules/services/networking/create_ap.nix +++ b/nixos/modules/services/networking/create_ap.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.create_ap; - configFile = pkgs.writeText "create_ap.conf" (generators.toKeyValue { } cfg.settings); + configFile = pkgs.writeText "create_ap.conf" (lib.generators.toKeyValue { } cfg.settings); in { options = { services.create_ap = { - enable = mkEnableOption "setting up wifi hotspots using create_ap"; - settings = mkOption { - type = with types; attrsOf (oneOf [ int bool str ]); + enable = lib.mkEnableOption "setting up wifi hotspots using create_ap"; + settings = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ int bool str ]); default = {}; description = '' Configuration for `create_ap`. @@ -27,7 +24,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { services.create_ap = { diff --git a/nixos/modules/services/networking/dante.nix b/nixos/modules/services/networking/dante.nix index d5e76b83986b0c7..aef518ddbfd9771 100644 --- a/nixos/modules/services/networking/dante.nix +++ b/nixos/modules/services/networking/dante.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.dante; confFile = pkgs.writeText "dante-sockd.conf" '' @@ -14,15 +12,15 @@ in { meta = { - maintainers = with maintainers; [ arobyn ]; + maintainers = with lib.maintainers; [ arobyn ]; }; options = { services.dante = { - enable = mkEnableOption "Dante SOCKS proxy"; + enable = lib.mkEnableOption "Dante SOCKS proxy"; - config = mkOption { - type = types.lines; + config = lib.mkOption { + type = lib.types.lines; description = '' Contents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service. @@ -31,7 +29,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.config != ""; message = "please provide Dante configuration file contents"; diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 272a50eb92de8fe..da76ff5153d6c8f 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -1,5 +1,4 @@ { config, pkgs, lib, ... }: - let cfg = config.services.ddclient; boolToStr = bool: if bool then "yes" else "no"; @@ -39,21 +38,17 @@ let sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf '')} ''; - in - -with lib; - { imports = [ - (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] + (lib.mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] (config: - let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; - in optional (value != "") value)) - (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") - (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") - (mkRemovedOptionModule [ "services" "ddclient" "ipv6" ] "") + let value = lib.getAttrFromPath [ "services" "ddclient" "domain" ] config; + in lib.optional (value != "") value)) + (lib.mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") + (lib.mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") + (lib.mkRemovedOptionModule [ "services" "ddclient" "ipv6" ] "") ]; ###### interface @@ -62,7 +57,7 @@ with lib; services.ddclient = with lib.types; { - enable = mkOption { + enable = lib.mkOption { default = false; type = bool; description = '' @@ -70,7 +65,7 @@ with lib; ''; }; - package = mkOption { + package = lib.mkOption { type = package; default = pkgs.ddclient; defaultText = lib.literalExpression "pkgs.ddclient"; @@ -79,7 +74,7 @@ with lib; ''; }; - domains = mkOption { + domains = lib.mkOption { default = [ "" ]; type = listOf str; description = '' @@ -87,7 +82,7 @@ with lib; ''; }; - username = mkOption { + username = lib.mkOption { # For `nsupdate` username contains the path to the nsupdate executable default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; defaultText = ""; @@ -97,7 +92,7 @@ with lib; ''; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { default = null; type = nullOr str; description = '' @@ -105,7 +100,7 @@ with lib; ''; }; - interval = mkOption { + interval = lib.mkOption { default = "10min"; type = str; description = '' @@ -114,7 +109,7 @@ with lib; ''; }; - configFile = mkOption { + configFile = lib.mkOption { default = null; type = nullOr path; description = '' @@ -124,7 +119,7 @@ with lib; example = "/root/nixos/secrets/ddclient.conf"; }; - protocol = mkOption { + protocol = lib.mkOption { default = "dyndns2"; type = str; description = '' @@ -132,7 +127,7 @@ with lib; ''; }; - server = mkOption { + server = lib.mkOption { default = ""; type = str; description = '' @@ -140,7 +135,7 @@ with lib; ''; }; - ssl = mkOption { + ssl = lib.mkOption { default = true; type = bool; description = '' @@ -148,7 +143,7 @@ with lib; ''; }; - quiet = mkOption { + quiet = lib.mkOption { default = false; type = bool; description = '' @@ -156,7 +151,7 @@ with lib; ''; }; - script = mkOption { + script = lib.mkOption { default = ""; type = str; description = '' @@ -164,21 +159,21 @@ with lib; ''; }; - use = mkOption { + use = lib.mkOption { default = ""; type = str; description = '' Method to determine the IP address to send to the dynamic DNS provider. ''; }; - usev4 = mkOption { + usev4 = lib.mkOption { default = "webv4, webv4=checkip.dyndns.com/, webv4-skip='Current IP Address: '"; type = str; description = '' Method to determine the IPv4 address to send to the dynamic DNS provider. Only used if `use` is not set. ''; }; - usev6 = mkOption { + usev6 = lib.mkOption { default = "webv6, webv6=checkipv6.dyndns.com/, webv6-skip='Current IP Address: '"; type = str; description = '' @@ -186,7 +181,7 @@ with lib; ''; }; - verbose = mkOption { + verbose = lib.mkOption { default = false; type = bool; description = '' @@ -194,7 +189,7 @@ with lib; ''; }; - zone = mkOption { + zone = lib.mkOption { default = ""; type = str; description = '' @@ -202,7 +197,7 @@ with lib; ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; type = lines; description = '' @@ -219,14 +214,14 @@ with lib; ###### implementation - config = mkIf config.services.ddclient.enable { + config = lib.mkIf config.services.ddclient.enable { warnings = lib.optional (cfg.use != "") "Setting `use` is deprecated, ddclient now supports `usev4` and `usev6` for separate IPv4/IPv6 configuration."; systemd.services.ddclient = { description = "Dynamic DNS Client"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - restartTriggers = optional (cfg.configFile != null) cfg.configFile; + restartTriggers = lib.optional (cfg.configFile != null) cfg.configFile; path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2; serviceConfig = { diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index a88ce0f1b5a5bb1..9b3269e965f5b1a 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -1,28 +1,25 @@ { config, lib, pkgs, ... }: - -with lib; - let dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; }; cfg = config.networking.dhcpcd; - interfaces = attrValues config.networking.interfaces; + interfaces = lib.attrValues config.networking.interfaces; enableDHCP = config.networking.dhcpcd.enable && - (config.networking.useDHCP || any (i: i.useDHCP == true) interfaces); + (config.networking.useDHCP || lib.any (i: i.useDHCP == true) interfaces); enableNTPService = (config.services.ntp.enable || config.services.ntpd-rs.enable || config.services.openntpd.enable || config.services.chrony.enable); # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge, bond or sit device. ignoredInterfaces = - map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ipv4.addresses != [ ]) interfaces) - ++ mapAttrsToList (i: _: i) config.networking.sits - ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) - ++ flatten (concatMap (i: attrNames (filterAttrs (_: config: config.type != "internal") i.interfaces)) (attrValues config.networking.vswitches)) - ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) + map (i: i.name) (lib.filter (i: if i.useDHCP != null then !i.useDHCP else i.ipv4.addresses != [ ]) interfaces) + ++ lib.mapAttrsToList (i: _: i) config.networking.sits + ++ lib.concatLists (lib.attrValues (lib.mapAttrs (n: v: v.interfaces) config.networking.bridges)) + ++ lib.flatten (lib.concatMap (i: lib.attrNames (lib.filterAttrs (_: config: config.type != "internal") i.interfaces)) (lib.attrValues config.networking.vswitches)) + ++ lib.concatLists (lib.attrValues (lib.mapAttrs (n: v: v.interfaces) config.networking.bonds)) ++ config.networking.dhcpcd.denyInterfaces; arrayAppendOrNull = a1: a2: if a1 == null && a2 == null then null @@ -33,11 +30,11 @@ let # we need to provide dhcp just for those interfaces. allowInterfaces = arrayAppendOrNull cfg.allowInterfaces (if !config.networking.useDHCP && enableDHCP then - map (i: i.name) (filter (i: i.useDHCP == true) interfaces) else null); + map (i: i.name) (lib.filter (i: i.useDHCP == true) interfaces) else null); - staticIPv6Addresses = map (i: i.name) (filter (i: i.ipv6.addresses != [ ]) interfaces); + staticIPv6Addresses = map (i: i.name) (lib.filter (i: i.ipv6.addresses != [ ]) interfaces); - noIPv6rs = concatStringsSep "\n" (map (name: '' + noIPv6rs = lib.concatStringsSep "\n" (map (name: '' interface ${name} noipv6rs '') staticIPv6Addresses); @@ -66,7 +63,7 @@ let denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* sit* # Use the list of allowed interfaces if specified - ${optionalString (allowInterfaces != null) "allowinterfaces ${toString allowInterfaces}"} + ${lib.optionalString (allowInterfaces != null) "allowinterfaces ${toString allowInterfaces}"} # Immediately fork to background if specified, otherwise wait for IP address to be assigned ${{ @@ -78,13 +75,13 @@ let if-carrier-up = ""; }.${cfg.wait}} - ${optionalString (config.networking.enableIPv6 == false) '' + ${lib.optionalString (config.networking.enableIPv6 == false) '' # Don't solicit or accept IPv6 Router Advertisements and DHCPv6 if disabled IPv6 noipv6 ''} - ${optionalString (config.networking.enableIPv6 && cfg.IPv6rs == null && staticIPv6Addresses != [ ]) noIPv6rs} - ${optionalString (config.networking.enableIPv6 && cfg.IPv6rs == false) '' + ${lib.optionalString (config.networking.enableIPv6 && cfg.IPv6rs == null && staticIPv6Addresses != [ ]) noIPv6rs} + ${lib.optionalString (config.networking.enableIPv6 && cfg.IPv6rs == false) '' noipv6rs ''} @@ -92,16 +89,16 @@ let ''; exitHook = pkgs.writeText "dhcpcd.exit-hook" '' - ${optionalString enableNTPService '' + ${lib.optionalString enableNTPService '' if [ "$reason" = BOUND -o "$reason" = REBOOT ]; then # Restart ntpd. We need to restart it to make sure that it will actually do something: # if ntpd cannot resolve the server hostnames in its config file, then it will never do # anything ever again ("couldn't resolve ..., giving up on it"), so we silently lose # time synchronisation. This also applies to openntpd. - ${optionalString config.services.ntp.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service || true"} - ${optionalString config.services.ntpd-rs.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd-rs.service || true"} - ${optionalString config.services.openntpd.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart openntpd.service || true"} - ${optionalString config.services.chrony.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart chronyd.service || true"} + ${lib.optionalString config.services.ntp.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service || true"} + ${lib.optionalString config.services.ntpd-rs.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd-rs.service || true"} + ${lib.optionalString config.services.openntpd.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart openntpd.service || true"} + ${lib.optionalString config.services.chrony.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart chronyd.service || true"} fi ''} @@ -116,8 +113,8 @@ in options = { - networking.dhcpcd.enable = mkOption { - type = types.bool; + networking.dhcpcd.enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable dhcpcd for device configuration. This is mainly to @@ -125,8 +122,8 @@ in ''; }; - networking.dhcpcd.persistent = mkOption { - type = types.bool; + networking.dhcpcd.persistent = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whenever to leave interfaces configured on dhcpcd daemon @@ -137,8 +134,8 @@ in ''; }; - networking.dhcpcd.denyInterfaces = mkOption { - type = types.listOf types.str; + networking.dhcpcd.denyInterfaces = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Disable the DHCP client for any interface whose name matches @@ -148,8 +145,8 @@ in ''; }; - networking.dhcpcd.allowInterfaces = mkOption { - type = types.nullOr (types.listOf types.str); + networking.dhcpcd.allowInterfaces = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = '' Enable the DHCP client for any interface whose name matches @@ -159,16 +156,16 @@ in ''; }; - networking.dhcpcd.extraConfig = mkOption { - type = types.lines; + networking.dhcpcd.extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Literal string to append to the config file generated for dhcpcd. ''; }; - networking.dhcpcd.IPv6rs = mkOption { - type = types.nullOr types.bool; + networking.dhcpcd.IPv6rs = lib.mkOption { + type = lib.types.nullOr lib.types.bool; default = null; description = '' Force enable or disable solicitation and receipt of IPv6 Router Advertisements. @@ -177,8 +174,8 @@ in ''; }; - networking.dhcpcd.runHook = mkOption { - type = types.lines; + networking.dhcpcd.runHook = lib.mkOption { + type = lib.types.lines; default = ""; example = "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"; description = '' @@ -187,8 +184,8 @@ in ''; }; - networking.dhcpcd.wait = mkOption { - type = types.enum [ "background" "any" "ipv4" "ipv6" "both" "if-carrier-up" ]; + networking.dhcpcd.wait = lib.mkOption { + type = lib.types.enum [ "background" "any" "ipv4" "ipv6" "both" "if-carrier-up" ]; default = "any"; description = '' This option specifies when the dhcpcd service will fork to background. @@ -207,14 +204,14 @@ in ###### implementation - config = mkIf enableDHCP { + config = lib.mkIf enableDHCP { assertions = [ { # dhcpcd doesn't start properly with malloc ∉ [ libc scudo ] # see https://github.com/NixOS/nixpkgs/issues/151696 assertion = dhcpcd.enablePrivSep - -> elem config.environment.memoryAllocator.provider [ "libc" "scudo" ]; + -> lib.elem config.environment.memoryAllocator.provider [ "libc" "scudo" ]; message = '' dhcpcd with privilege separation is incompatible with chosen system malloc. Currently only the `libc` and `scudo` allocators are known to work. @@ -232,11 +229,11 @@ in in { description = "DHCP Client"; - wantedBy = [ "multi-user.target" ] ++ optional (!hasDefaultGatewaySet) "network-online.target"; + wantedBy = [ "multi-user.target" ] ++ lib.optional (!hasDefaultGatewaySet) "network-online.target"; wants = [ "network.target" ]; before = [ "network-online.target" ]; - restartTriggers = optional (enableNTPService || cfg.runHook != "") [ exitHook ]; + restartTriggers = lib.optional (enableNTPService || cfg.runHook != "") [ exitHook ]; # Stopping dhcpcd during a reconfiguration is undesirable # because it brings down the network interfaces configured by @@ -251,7 +248,7 @@ in { Type = "forking"; PIDFile = "/run/dhcpcd/pid"; RuntimeDirectory = "dhcpcd"; - ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --quiet ${optionalString cfg.persistent "--persistent"} --config ${dhcpcdConf}"; + ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --quiet ${lib.optionalString cfg.persistent "--persistent"} --config ${dhcpcdConf}"; ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind"; Restart = "always"; }; @@ -265,11 +262,11 @@ in environment.systemPackages = [ dhcpcd ]; - environment.etc."dhcpcd.exit-hook" = mkIf (enableNTPService || cfg.runHook != "") { + environment.etc."dhcpcd.exit-hook" = lib.mkIf (enableNTPService || cfg.runHook != "") { source = exitHook; }; - powerManagement.resumeCommands = mkIf config.systemd.services.dhcpcd.enable + powerManagement.resumeCommands = lib.mkIf config.systemd.services.dhcpcd.enable '' # Tell dhcpcd to rebind its interfaces if it's running. /run/current-system/systemd/bin/systemctl reload dhcpcd.service diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index 160c7611c6b831e..e743d1c54323901 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -1,19 +1,16 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dnscache; dnscache-root = pkgs.runCommand "dnscache-root" { preferLocalBuild = true; } '' mkdir -p $out/{servers,ip} - ${concatMapStrings (ip: '' + ${lib.concatMapStrings (ip: '' touch "$out/ip/"${lib.escapeShellArg ip} '') cfg.clientIps} - ${concatStrings (mapAttrsToList (host: ips: '' - ${concatMapStrings (ip: '' + ${lib.concatStrings (lib.mapAttrsToList (host: ips: '' + ${lib.concatMapStrings (ip: '' echo ${lib.escapeShellArg ip} >> "$out/servers/"${lib.escapeShellArg host} '') ips} '') cfg.domainServers)} @@ -35,33 +32,33 @@ in { options = { services.dnscache = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether to run the dnscache caching dns server."; }; - ip = mkOption { + ip = lib.mkOption { default = "0.0.0.0"; - type = types.str; + type = lib.types.str; description = "IP address on which to listen for connections."; }; - clientIps = mkOption { + clientIps = lib.mkOption { default = [ "127.0.0.1" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "Client IP addresses (or prefixes) from which to accept connections."; example = ["192.168" "172.23.75.82"]; }; - domainServers = mkOption { + domainServers = lib.mkOption { default = { }; - type = types.attrsOf (types.listOf types.str); + type = lib.types.attrsOf (lib.types.listOf lib.types.str); description = '' Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used. ''; - example = literalExpression '' + example = lib.literalExpression '' { "@" = ["8.8.8.8" "8.8.4.4"]; "example.com" = ["192.168.100.100"]; @@ -69,9 +66,9 @@ in { ''; }; - forwardOnly = mkOption { + forwardOnly = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is @@ -84,7 +81,7 @@ in { ###### implementation - config = mkIf config.services.dnscache.enable { + config = lib.mkIf config.services.dnscache.enable { environment.systemPackages = [ pkgs.djbdns ]; users.users.dnscache = { isSystemUser = true; @@ -104,7 +101,7 @@ in { ''; script = '' cd /var/lib/dnscache/ - ${optionalString cfg.forwardOnly "export FORWARDONLY=1"} + ${lib.optionalString cfg.forwardOnly "export FORWARDONLY=1"} exec ./run ''; }; diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index cf17a87f649f4bd..cd87abb3d0725d5 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dnsdist; @@ -80,38 +77,38 @@ let in { options = { services.dnsdist = { - enable = mkEnableOption "dnsdist domain name server"; + enable = lib.mkEnableOption "dnsdist domain name server"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; description = "Listen IP address"; default = "0.0.0.0"; }; - listenPort = mkOption { - type = types.port; + listenPort = lib.mkOption { + type = lib.types.port; description = "Listen port"; default = 53; }; dnscrypt = { - enable = mkEnableOption "a DNSCrypt endpoint to dnsdist"; + enable = lib.mkEnableOption "a DNSCrypt endpoint to dnsdist"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; description = "Listen IP address of the endpoint"; default = "0.0.0.0"; }; - listenPort = mkOption { - type = types.port; + listenPort = lib.mkOption { + type = lib.types.port; description = "Listen port of the endpoint"; default = 443; }; - providerName = mkOption { - type = types.str; + providerName = lib.mkOption { + type = lib.types.str; default = "2.dnscrypt-cert.${config.networking.hostName}"; - defaultText = literalExpression "2.dnscrypt-cert.\${config.networking.hostName}"; + defaultText = lib.literalExpression "2.dnscrypt-cert.\${config.networking.hostName}"; example = "2.dnscrypt-cert.myresolver"; description = '' The name that will be given to this DNSCrypt resolver. @@ -122,8 +119,8 @@ in { ''; }; - providerKey = mkOption { - type = types.nullOr types.path; + providerKey = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' The filepath to the provider secret key. @@ -136,8 +133,8 @@ in { ''; }; - certLifetime = mkOption { - type = types.ints.positive; + certLifetime = lib.mkOption { + type = lib.types.ints.positive; default = 15; description = '' The lifetime (in minutes) of the resolver certificate. @@ -147,8 +144,8 @@ in { }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra lines to be added verbatim to dnsdist.conf. @@ -157,7 +154,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.dnsdist = { description = "dnsdist daemons user"; isSystemUser = true; diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix index e9052cdd3faefc3..20986f8d93ef77c 100644 --- a/nixos/modules/services/networking/dnsmasq.nix +++ b/nixos/modules/services/networking/dnsmasq.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dnsmasq; dnsmasq = cfg.package; @@ -9,14 +6,14 @@ let # True values are just put as `name` instead of `name=true`, and false values # are turned to comments (false values are expected to be overrides e.g. - # mkForce) + # lib.mkForce) formatKeyValue = name: value: if value == true then name else if value == false then "# setting `${name}` explicitly set to false" - else generators.mkKeyValueDefault { } "=" name value; + else lib.generators.mkKeyValueDefault { } "=" name value; settingsFormat = pkgs.formats.keyValue { mkKeyValue = formatKeyValue; @@ -36,7 +33,7 @@ in { imports = [ - (mkRenamedOptionModule [ "services" "dnsmasq" "servers" ] [ "services" "dnsmasq" "settings" "server" ]) + (lib.mkRenamedOptionModule [ "services" "dnsmasq" "servers" ] [ "services" "dnsmasq" "settings" "server" ]) ]; ###### interface @@ -45,18 +42,18 @@ in services.dnsmasq = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run dnsmasq. ''; }; - package = mkPackageOption pkgs "dnsmasq" {}; + package = lib.mkPackageOption pkgs "dnsmasq" {}; - resolveLocalQueries = mkOption { - type = types.bool; + resolveLocalQueries = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to @@ -64,21 +61,21 @@ in ''; }; - alwaysKeepRunning = mkOption { - type = types.bool; + alwaysKeepRunning = lib.mkOption { + type = lib.types.bool; default = false; description = '' If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error. ''; }; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.server = mkOption { - type = types.listOf types.str; + options.server = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "8.8.8.8" "8.8.4.4" ]; description = '' @@ -99,7 +96,7 @@ in resolv-file = optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf"; } ''; - example = literalExpression '' + example = lib.literalExpression '' { domain-needed = true; dhcp-range = [ "192.168.0.2,192.168.0.254" ]; @@ -107,8 +104,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra configuration directives that should be added to @@ -125,18 +122,18 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { warnings = lib.optional (cfg.extraConfig != "") "Text based config is deprecated, dnsmasq now supports `services.dnsmasq.settings` for an attribute-set based config"; services.dnsmasq.settings = { - dhcp-leasefile = mkDefault "${stateDir}/dnsmasq.leases"; - conf-file = mkDefault (optional cfg.resolveLocalQueries "/etc/dnsmasq-conf.conf"); - resolv-file = mkDefault (optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf"); + dhcp-leasefile = lib.mkDefault "${stateDir}/dnsmasq.leases"; + conf-file = lib.mkDefault (lib.optional cfg.resolveLocalQueries "/etc/dnsmasq-conf.conf"); + resolv-file = lib.mkDefault (lib.optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf"); }; networking.nameservers = - optional cfg.resolveLocalQueries "127.0.0.1"; + lib.optional cfg.resolveLocalQueries "127.0.0.1"; services.dbus.packages = [ dnsmasq ]; @@ -147,8 +144,8 @@ in }; users.groups.dnsmasq = {}; - networking.resolvconf = mkIf cfg.resolveLocalQueries { - useLocalResolver = mkDefault true; + networking.resolvconf = lib.mkIf cfg.resolveLocalQueries { + useLocalResolver = lib.mkDefault true; extraConfig = '' dnsmasq_conf=/etc/dnsmasq-conf.conf diff --git a/nixos/modules/services/networking/doh-proxy-rust.nix b/nixos/modules/services/networking/doh-proxy-rust.nix index 1f3850a77bf1cb7..32b7a3750480a77 100644 --- a/nixos/modules/services/networking/doh-proxy-rust.nix +++ b/nixos/modules/services/networking/doh-proxy-rust.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.doh-proxy-rust; @@ -10,10 +7,10 @@ in { options.services.doh-proxy-rust = { - enable = mkEnableOption "doh-proxy-rust"; + enable = lib.mkEnableOption "doh-proxy-rust"; - flags = mkOption { - type = types.listOf types.str; + flags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "--server-address=9.9.9.9:53" ]; description = '' @@ -24,13 +21,13 @@ in { }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.doh-proxy-rust = { description = "doh-proxy-rust"; after = [ "network.target" "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${pkgs.doh-proxy-rust}/bin/doh-proxy ${escapeShellArgs cfg.flags}"; + ExecStart = "${pkgs.doh-proxy-rust}/bin/doh-proxy ${lib.escapeShellArgs cfg.flags}"; Restart = "always"; RestartSec = 10; DynamicUser = true; @@ -55,6 +52,6 @@ in { }; }; - meta.maintainers = with maintainers; [ stephank ]; + meta.maintainers = with lib.maintainers; [ stephank ]; } diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix index 3e92a2d3f7eb219..d2ada99cc9219e0 100644 --- a/nixos/modules/services/networking/ejabberd.nix +++ b/nixos/modules/services/networking/ejabberd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.ejabberd; @@ -11,7 +8,7 @@ let ${cfg.ctlConfig} ''; - ectl = ''${cfg.package}/bin/ejabberdctl ${optionalString (cfg.configFile != null) "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"''; + ectl = ''${cfg.package}/bin/ejabberdctl ${lib.optionalString (cfg.configFile != null) "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"''; dumps = lib.escapeShellArgs cfg.loadDumps; @@ -23,59 +20,59 @@ in { services.ejabberd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable ejabberd server"; }; - package = mkPackageOption pkgs "ejabberd" { }; + package = lib.mkPackageOption pkgs "ejabberd" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "ejabberd"; description = "User under which ejabberd is ran"; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "ejabberd"; description = "Group under which ejabberd is ran"; }; - spoolDir = mkOption { - type = types.path; + spoolDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/ejabberd"; description = "Location of the spooldir of ejabberd"; }; - logsDir = mkOption { - type = types.path; + logsDir = lib.mkOption { + type = lib.types.path; default = "/var/log/ejabberd"; description = "Location of the logfile directory of ejabberd"; }; - configFile = mkOption { - type = types.nullOr types.path; + configFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "Configuration file for ejabberd in YAML format"; default = null; }; - ctlConfig = mkOption { - type = types.lines; + ctlConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Configuration of ejabberdctl"; }; - loadDumps = mkOption { - type = types.listOf types.path; + loadDumps = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = "Configuration dumps that should be loaded on the first startup"; - example = literalExpression "[ ./myejabberd.dump ]"; + example = lib.literalExpression "[ ./myejabberd.dump ]"; }; - imagemagick = mkOption { - type = types.bool; + imagemagick = lib.mkOption { + type = lib.types.bool; default = false; description = "Add ImageMagick to server's path; allows for image thumbnailing"; }; @@ -86,10 +83,10 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - users.users = optionalAttrs (cfg.user == "ejabberd") { + users.users = lib.optionalAttrs (cfg.user == "ejabberd") { ejabberd = { group = cfg.group; home = cfg.spoolDir; @@ -98,7 +95,7 @@ in { }; }; - users.groups = optionalAttrs (cfg.group == "ejabberd") { + users.groups = lib.optionalAttrs (cfg.group == "ejabberd") { ejabberd.gid = config.ids.gids.ejabberd; }; diff --git a/nixos/modules/services/networking/envoy.nix b/nixos/modules/services/networking/envoy.nix index b36c184fe8d53cd..876c05755936ed9 100644 --- a/nixos/modules/services/networking/envoy.nix +++ b/nixos/modules/services/networking/envoy.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.envoy; format = pkgs.formats.json { }; @@ -15,12 +12,12 @@ in { options.services.envoy = { - enable = mkEnableOption "Envoy reverse proxy"; + enable = lib.mkEnableOption "Envoy reverse proxy"; - package = mkPackageOption pkgs "envoy" { }; + package = lib.mkPackageOption pkgs "envoy" { }; - requireValidConfig = mkOption { - type = types.bool; + requireValidConfig = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether a failure during config validation at build time is fatal. @@ -29,10 +26,10 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { admin = { access_log_path = "/dev/null"; @@ -56,7 +53,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; systemd.services.envoy = { description = "Envoy reverse proxy"; diff --git a/nixos/modules/services/networking/epmd.nix b/nixos/modules/services/networking/epmd.nix index b450aa1b62c758e..90876a67f74dab0 100644 --- a/nixos/modules/services/networking/epmd.nix +++ b/nixos/modules/services/networking/epmd.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.epmd; in { ###### interface options.services.epmd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable socket activation for Erlang Port Mapper Daemon (epmd), @@ -17,10 +14,10 @@ in Erlang computations. ''; }; - package = mkPackageOption pkgs "erlang" { }; - listenStream = mkOption + package = lib.mkPackageOption pkgs "erlang" { }; + listenStream = lib.mkOption { - type = types.str; + type = lib.types.str; default = "[::]:4369"; description = '' the listenStream used by the systemd socket. @@ -32,7 +29,7 @@ in }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = cfg.listenStream == "[::]:4369" -> config.networking.enableIPv6; message = "epmd listens by default on ipv6, enable ipv6 or change config.services.epmd.listenStream"; @@ -60,5 +57,5 @@ in }; }; - meta.maintainers = teams.beam.members; + meta.maintainers = lib.teams.beam.members; } diff --git a/nixos/modules/services/networking/eternal-terminal.nix b/nixos/modules/services/networking/eternal-terminal.nix index d26e26d0c195020..584eafd2962cf32 100644 --- a/nixos/modules/services/networking/eternal-terminal.nix +++ b/nixos/modules/services/networking/eternal-terminal.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.eternal-terminal; @@ -16,11 +13,11 @@ in services.eternal-terminal = { - enable = mkEnableOption "Eternal Terminal server"; + enable = lib.mkEnableOption "Eternal Terminal server"; - port = mkOption { + port = lib.mkOption { default = 2022; - type = types.port; + type = lib.types.port; description = '' The port the server should listen on. Will use the server's default (2022) if not specified. @@ -28,25 +25,25 @@ in ''; }; - verbosity = mkOption { + verbosity = lib.mkOption { default = 0; - type = types.enum (lib.range 0 9); + type = lib.types.enum (lib.range 0 9); description = '' The verbosity level (0-9). ''; }; - silent = mkOption { + silent = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' If enabled, disables all logging. ''; }; - logSize = mkOption { + logSize = lib.mkOption { default = 20971520; - type = types.int; + type = lib.types.int; description = '' The maximum log size. ''; @@ -56,7 +53,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # We need to ensure the et package is fully installed because # the (remote) et client runs the `etterminal` binary when it diff --git a/nixos/modules/services/networking/expressvpn.nix b/nixos/modules/services/networking/expressvpn.nix index c1d287f57bc2c19..431a1da70b955ab 100644 --- a/nixos/modules/services/networking/expressvpn.nix +++ b/nixos/modules/services/networking/expressvpn.nix @@ -1,16 +1,14 @@ { config, lib, pkgs, ... }: - -with lib; { - options.services.expressvpn.enable = mkOption { - type = types.bool; + options.services.expressvpn.enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable the ExpressVPN daemon. ''; }; - config = mkIf config.services.expressvpn.enable { + config = lib.mkIf config.services.expressvpn.enable { boot.kernelModules = [ "tun" ]; systemd.services.expressvpn = { @@ -26,5 +24,5 @@ with lib; }; }; - meta.maintainers = with maintainers; [ yureien ]; + meta.maintainers = with lib.maintainers; [ yureien ]; } diff --git a/nixos/modules/services/networking/ferm.nix b/nixos/modules/services/networking/ferm.nix index 91412f53009c1b5..1fc982d8e9c8e8c 100644 --- a/nixos/modules/services/networking/ferm.nix +++ b/nixos/modules/services/networking/ferm.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.ferm; @@ -17,9 +14,9 @@ let in { options = { services.ferm = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable Ferm Firewall. *Warning*: Enabling this service WILL disable the existing NixOS @@ -27,17 +24,17 @@ in { considered at the moment. ''; }; - config = mkOption { + config = lib.mkOption { description = "Verbatim ferm.conf configuration."; default = ""; - defaultText = literalMD "empty firewall, allows any traffic"; - type = types.lines; + defaultText = lib.literalMD "empty firewall, allows any traffic"; + type = lib.types.lines; }; - package = mkPackageOption pkgs "ferm" { }; + package = lib.mkPackageOption pkgs "ferm" { }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.firewall.enable = false; systemd.services.ferm = { description = "Ferm Firewall"; diff --git a/nixos/modules/services/networking/fireqos.nix b/nixos/modules/services/networking/fireqos.nix index 0b34f0b6b8b489f..aa7d8c2c03efb66 100644 --- a/nixos/modules/services/networking/fireqos.nix +++ b/nixos/modules/services/networking/fireqos.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.fireqos; fireqosConfig = pkgs.writeText "fireqos.conf" "${cfg.config}"; in { options.services.fireqos = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' If enabled, FireQOS will be launched with the specified @@ -16,8 +13,8 @@ in { ''; }; - config = mkOption { - type = types.str; + config = lib.mkOption { + type = lib.types.str; default = ""; example = '' interface wlp3s0 world-in input rate 10mbit ethernet @@ -34,7 +31,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.fireqos = { description = "FireQOS"; after = [ "network.target" ]; diff --git a/nixos/modules/services/networking/firewall-iptables.nix b/nixos/modules/services/networking/firewall-iptables.nix index 91756f826fe813a..e4fa7676fd077f8 100644 --- a/nixos/modules/services/networking/firewall-iptables.nix +++ b/nixos/modules/services/networking/firewall-iptables.nix @@ -29,11 +29,7 @@ complete firewall (in the default configuration). */ - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.networking.firewall; @@ -89,17 +85,17 @@ let # jumps to the "nixos-fw-refuse" chain. ip46tables -N nixos-fw-log-refuse - ${optionalString cfg.logRefusedConnections '' + ${lib.optionalString cfg.logRefusedConnections '' ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " ''} - ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' + ${lib.optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ -j LOG --log-level info --log-prefix "refused broadcast: " ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ -j LOG --log-level info --log-prefix "refused multicast: " ''} ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse - ${optionalString cfg.logRefusedPackets '' + ${lib.optionalString cfg.logRefusedPackets '' ip46tables -A nixos-fw-log-refuse \ -j LOG --log-level info --log-prefix "refused packet: " ''} @@ -114,11 +110,11 @@ let ip46tables -t mangle -F nixos-fw-rpfilter 2> /dev/null || true ip46tables -t mangle -X nixos-fw-rpfilter 2> /dev/null || true - ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' + ${lib.optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' # Perform a reverse-path test to refuse spoofers # For now, we just drop, as the mangle table doesn't have a log-refuse yet ip46tables -t mangle -N nixos-fw-rpfilter 2> /dev/null || true - ip46tables -t mangle -A nixos-fw-rpfilter -m rpfilter --validmark ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN + ip46tables -t mangle -A nixos-fw-rpfilter -m rpfilter --validmark ${lib.optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN # Allows this host to act as a DHCP4 client without first having to use APIPA iptables -t mangle -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN @@ -126,7 +122,7 @@ let # Allows this host to act as a DHCPv4 server iptables -t mangle -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN - ${optionalString cfg.logReversePathDrops '' + ${lib.optionalString cfg.logReversePathDrops '' ip46tables -t mangle -A nixos-fw-rpfilter -j LOG --log-level info --log-prefix "rpfilter drop: " ''} ip46tables -t mangle -A nixos-fw-rpfilter -j DROP @@ -135,7 +131,7 @@ let ''} # Accept all traffic on the trusted interfaces. - ${flip concatMapStrings cfg.trustedInterfaces (iface: '' + ${lib.flip lib.concatMapStrings cfg.trustedInterfaces (iface: '' ip46tables -A nixos-fw -i ${iface} -j nixos-fw-accept '')} @@ -143,51 +139,51 @@ let ip46tables -A nixos-fw -m conntrack --ctstate ESTABLISHED,RELATED -j nixos-fw-accept # Accept connections to the allowed TCP ports. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (port: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (port: '' - ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedTCPPorts ) cfg.allInterfaces)} # Accept connections to the allowed TCP port ranges. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (rangeAttr: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (rangeAttr: let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in '' - ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedTCPPortRanges ) cfg.allInterfaces)} # Accept packets on the allowed UDP ports. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (port: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (port: '' - ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedUDPPorts ) cfg.allInterfaces)} # Accept packets on the allowed UDP port ranges. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (rangeAttr: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (rangeAttr: let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in '' - ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedUDPPortRanges ) cfg.allInterfaces)} # Optionally respond to ICMPv4 pings. - ${optionalString cfg.allowPing '' - iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null) + ${lib.optionalString cfg.allowPing '' + iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${lib.optionalString (cfg.pingLimit != null) "-m limit ${cfg.pingLimit} " }-j nixos-fw-accept ''} - ${optionalString config.networking.enableIPv6 '' + ${lib.optionalString config.networking.enableIPv6 '' # Accept all ICMPv6 messages except redirects and node # information queries (type 139). See RFC 4890, section # 4.4. @@ -218,7 +214,7 @@ let # Clean up after added ruleset ip46tables -D INPUT -j nixos-fw 2>/dev/null || true - ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' + ${lib.optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' ip46tables -t mangle -D PREROUTING -j nixos-fw-rpfilter 2>/dev/null || true ''} @@ -256,8 +252,8 @@ in options = { networking.firewall = { - extraCommands = mkOption { - type = types.lines; + extraCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = "iptables -A INPUT -p icmp -j ACCEPT"; description = '' @@ -270,8 +266,8 @@ in ''; }; - extraStopCommands = mkOption { - type = types.lines; + extraStopCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = "iptables -P INPUT ACCEPT"; description = '' @@ -289,7 +285,7 @@ in # FIXME: Maybe if `enable' is false, the firewall should still be # built but not started by default? - config = mkIf (cfg.enable && config.networking.nftables.enable == false) { + config = lib.mkIf (cfg.enable && config.networking.nftables.enable == false) { assertions = [ # This is approximately "checkReversePath -> kernelHasRPFilter", @@ -302,7 +298,7 @@ in ]; environment.systemPackages = [ pkgs.nixos-firewall-tool ]; - networking.firewall.checkReversePath = mkIf (!kernelHasRPFilter) (mkDefault false); + networking.firewall.checkReversePath = lib.mkIf (!kernelHasRPFilter) (lib.mkDefault false); systemd.services.firewall = { description = "Firewall"; diff --git a/nixos/modules/services/networking/firewall-nftables.nix b/nixos/modules/services/networking/firewall-nftables.nix index a5ee7efc3c324a7..f954a5284103347 100644 --- a/nixos/modules/services/networking/firewall-nftables.nix +++ b/nixos/modules/services/networking/firewall-nftables.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.networking.firewall; - ifaceSet = concatStringsSep ", " ( + ifaceSet = lib.concatStringsSep ", " ( map (x: ''"${x}"'') cfg.trustedInterfaces ); - portsToNftSet = ports: portRanges: concatStringsSep ", " ( + portsToNftSet = ports: portRanges: lib.concatStringsSep ", " ( map (x: toString x) ports ++ map (x: "${toString x.from}-${toString x.to}") portRanges ); @@ -22,8 +19,8 @@ in options = { networking.firewall = { - extraInputRules = mkOption { - type = types.lines; + extraInputRules = lib.mkOption { + type = lib.types.lines; default = ""; example = "ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"; description = '' @@ -34,8 +31,8 @@ in ''; }; - extraForwardRules = mkOption { - type = types.lines; + extraForwardRules = lib.mkOption { + type = lib.types.lines; default = ""; example = "iifname wg0 accept"; description = '' @@ -46,8 +43,8 @@ in ''; }; - extraReversePathFilterRules = mkOption { - type = types.lines; + extraReversePathFilterRules = lib.mkOption { + type = lib.types.lines; default = ""; example = "fib daddr . mark . iif type local accept"; description = '' @@ -61,7 +58,7 @@ in }; - config = mkIf (cfg.enable && config.networking.nftables.enable) { + config = lib.mkIf (cfg.enable && config.networking.nftables.enable) { assertions = [ { @@ -73,7 +70,7 @@ in message = "extraStopCommands is incompatible with the nftables based firewall: ${cfg.extraStopCommands}"; } { - assertion = cfg.pingLimit == null || !(hasPrefix "--" cfg.pingLimit); + assertion = cfg.pingLimit == null || !(lib.hasPrefix "--" cfg.pingLimit); message = "nftables syntax like \"2/second\" should be used in networking.firewall.pingLimit"; } { @@ -84,16 +81,16 @@ in networking.nftables.tables."nixos-fw".family = "inet"; networking.nftables.tables."nixos-fw".content = '' - ${optionalString (cfg.checkReversePath != false) '' + ${lib.optionalString (cfg.checkReversePath != false) '' chain rpfilter { type filter hook prerouting priority mangle + 10; policy drop; meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server" - fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept + fib saddr . mark ${lib.optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept jump rpfilter-allow - ${optionalString cfg.logReversePathDrops '' + ${lib.optionalString cfg.logReversePathDrops '' log level info prefix "rpfilter drop: " ''} @@ -107,7 +104,7 @@ in chain input { type filter hook input priority filter; policy drop; - ${optionalString (ifaceSet != "") ''iifname { ${ifaceSet} } accept comment "trusted interfaces"''} + ${lib.optionalString (ifaceSet != "") ''iifname { ${ifaceSet} } accept comment "trusted interfaces"''} # Some ICMPv6 types like NDP is untracked ct state vmap { @@ -118,18 +115,18 @@ in untracked: jump input-allow, } - ${optionalString cfg.logRefusedConnections '' + ${lib.optionalString cfg.logRefusedConnections '' tcp flags syn / fin,syn,rst,ack log level info prefix "refused connection: " ''} - ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' + ${lib.optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' pkttype broadcast log level info prefix "refused broadcast: " pkttype multicast log level info prefix "refused multicast: " ''} - ${optionalString cfg.logRefusedPackets '' + ${lib.optionalString cfg.logRefusedPackets '' pkttype host log level info prefix "refused packet: " ''} - ${optionalString cfg.rejectPackets '' + ${lib.optionalString cfg.rejectPackets '' meta l4proto tcp reject with tcp reset reject ''} @@ -138,20 +135,20 @@ in chain input-allow { - ${concatStrings (mapAttrsToList (iface: cfg: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: let - ifaceExpr = optionalString (iface != "default") "iifname ${iface}"; + ifaceExpr = lib.optionalString (iface != "default") "iifname ${iface}"; tcpSet = portsToNftSet cfg.allowedTCPPorts cfg.allowedTCPPortRanges; udpSet = portsToNftSet cfg.allowedUDPPorts cfg.allowedUDPPortRanges; in '' - ${optionalString (tcpSet != "") "${ifaceExpr} tcp dport { ${tcpSet} } accept"} - ${optionalString (udpSet != "") "${ifaceExpr} udp dport { ${udpSet} } accept"} + ${lib.optionalString (tcpSet != "") "${ifaceExpr} tcp dport { ${tcpSet} } accept"} + ${lib.optionalString (udpSet != "") "${ifaceExpr} udp dport { ${udpSet} } accept"} '' ) cfg.allInterfaces)} - ${optionalString cfg.allowPing '' - icmp type echo-request ${optionalString (cfg.pingLimit != null) "limit rate ${cfg.pingLimit}"} accept comment "allow ping" + ${lib.optionalString cfg.allowPing '' + icmp type echo-request ${lib.optionalString (cfg.pingLimit != null) "limit rate ${cfg.pingLimit}"} accept comment "allow ping" ''} icmpv6 type != { nd-redirect, 139 } accept comment "Accept all ICMPv6 messages except redirects and node information queries (type 139). See RFC 4890, section 4.4." @@ -161,7 +158,7 @@ in } - ${optionalString cfg.filterForward '' + ${lib.optionalString cfg.filterForward '' chain forward { type filter hook forward priority filter; policy drop; diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index a35cc51a38705c2..5021ef6f502a8c0 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.networking.firewall; @@ -10,8 +7,8 @@ let ports: lib.unique (builtins.sort builtins.lessThan ports); commonOptions = { - allowedTCPPorts = mkOption { - type = types.listOf types.port; + allowedTCPPorts = lib.mkOption { + type = lib.types.listOf lib.types.port; default = [ ]; apply = canonicalizePortList; example = [ 22 80 ]; @@ -21,8 +18,8 @@ let ''; }; - allowedTCPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.port); + allowedTCPPortRanges = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.port); default = [ ]; example = [{ from = 8999; to = 9003; }]; description = '' @@ -31,8 +28,8 @@ let ''; }; - allowedUDPPorts = mkOption { - type = types.listOf types.port; + allowedUDPPorts = lib.mkOption { + type = lib.types.listOf lib.types.port; default = [ ]; apply = canonicalizePortList; example = [ 53 ]; @@ -41,8 +38,8 @@ let ''; }; - allowedUDPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.port); + allowedUDPPortRanges = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.port); default = [ ]; example = [{ from = 60000; to = 61000; }]; description = '' @@ -58,8 +55,8 @@ in options = { networking.firewall = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable the firewall. This is a simple stateful @@ -68,18 +65,18 @@ in ''; }; - package = mkOption { - type = types.package; + package = lib.mkOption { + type = lib.types.package; default = if config.networking.nftables.enable then pkgs.nftables else pkgs.iptables; - defaultText = literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; - example = literalExpression "pkgs.iptables-legacy"; + defaultText = lib.literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; + example = lib.literalExpression "pkgs.iptables-legacy"; description = '' The package to use for running the firewall service. ''; }; - logRefusedConnections = mkOption { - type = types.bool; + logRefusedConnections = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to log rejected or dropped incoming connections. @@ -88,8 +85,8 @@ in ''; }; - logRefusedPackets = mkOption { - type = types.bool; + logRefusedPackets = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to log all rejected or dropped incoming packets. @@ -100,8 +97,8 @@ in ''; }; - logRefusedUnicastsOnly = mkOption { - type = types.bool; + logRefusedUnicastsOnly = lib.mkOption { + type = lib.types.bool; default = true; description = '' If {option}`networking.firewall.logRefusedPackets` @@ -111,8 +108,8 @@ in ''; }; - rejectPackets = mkOption { - type = types.bool; + rejectPackets = lib.mkOption { + type = lib.types.bool; default = false; description = '' If set, refused packets are rejected rather than dropped @@ -123,8 +120,8 @@ in ''; }; - trustedInterfaces = mkOption { - type = types.listOf types.str; + trustedInterfaces = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "enp0s2" ]; description = '' @@ -134,8 +131,8 @@ in ''; }; - allowPing = mkOption { - type = types.bool; + allowPing = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to respond to incoming ICMPv4 echo requests @@ -145,8 +142,8 @@ in ''; }; - pingLimit = mkOption { - type = types.nullOr (types.separatedString " "); + pingLimit = lib.mkOption { + type = lib.types.nullOr (lib.types.separatedString " "); default = null; example = "--limit 1/minute --limit-burst 5"; description = '' @@ -160,10 +157,10 @@ in ''; }; - checkReversePath = mkOption { - type = types.either types.bool (types.enum [ "strict" "loose" ]); + checkReversePath = lib.mkOption { + type = lib.types.either lib.types.bool (lib.types.enum [ "strict" "loose" ]); default = true; - defaultText = literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; + defaultText = lib.literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; example = "loose"; description = '' Performs a reverse path filter test on a packet. If a reply @@ -180,8 +177,8 @@ in ''; }; - logReversePathDrops = mkOption { - type = types.bool; + logReversePathDrops = lib.mkOption { + type = lib.types.bool; default = false; description = '' Logs dropped packets failing the reverse path filter test if @@ -189,8 +186,8 @@ in ''; }; - filterForward = mkOption { - type = types.bool; + lib.filterForward = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable filtering in IP forwarding. @@ -199,8 +196,8 @@ in ''; }; - connectionTrackingModules = mkOption { - type = types.listOf types.str; + connectionTrackingModules = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]; description = '' @@ -219,8 +216,8 @@ in ''; }; - autoLoadConntrackHelpers = mkOption { - type = types.bool; + autoLoadConntrackHelpers = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to auto-load connection-tracking helpers. @@ -230,29 +227,29 @@ in ''; }; - extraPackages = mkOption { - type = types.listOf types.package; + extraPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; - example = literalExpression "[ pkgs.ipset ]"; + example = lib.literalExpression "[ pkgs.ipset ]"; description = '' Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands. ''; }; - interfaces = mkOption { + interfaces = lib.mkOption { default = { }; - type = with types; attrsOf (submodule [{ options = commonOptions; }]); + type = with lib.types; attrsOf (submodule [{ options = commonOptions; }]); description = '' Interface-specific open ports. ''; }; - allInterfaces = mkOption { + allInterfaces = lib.mkOption { internal = true; visible = false; - default = { default = mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; - type = with types; attrsOf (submodule [{ options = commonOptions; }]); + default = { default = lib.mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; + type = with lib.types; attrsOf (submodule [{ options = commonOptions; }]); description = '' All open ports. ''; @@ -262,11 +259,11 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { - assertion = cfg.filterForward -> config.networking.nftables.enable; + assertion = cfg.lib.filterForward -> config.networking.nftables.enable; message = "filterForward only works with the nftables based firewall"; } { @@ -279,9 +276,9 @@ in environment.systemPackages = [ cfg.package ] ++ cfg.extraPackages; - boot.kernelModules = (optional cfg.autoLoadConntrackHelpers "nf_conntrack") + boot.kernelModules = (lib.optional cfg.autoLoadConntrackHelpers "nf_conntrack") ++ map (x: "nf_conntrack_${x}") cfg.connectionTrackingModules; - boot.extraModprobeConfig = optionalString cfg.autoLoadConntrackHelpers '' + boot.extraModprobeConfig = lib.optionalString cfg.autoLoadConntrackHelpers '' options nf_conntrack nf_conntrack_helper=1 ''; diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix index c55557b668b84f7..05987df88c18734 100644 --- a/nixos/modules/services/networking/flannel.nix +++ b/nixos/modules/services/networking/flannel.nix @@ -1,11 +1,8 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.flannel; - networkConfig = filterAttrs (n: v: v != null) { + networkConfig = lib.filterAttrs (n: v: v != null) { Network = cfg.network; SubnetLen = cfg.subnetLen; SubnetMin = cfg.subnetMin; @@ -14,128 +11,128 @@ let }; in { options.services.flannel = { - enable = mkEnableOption "flannel"; + enable = lib.mkEnableOption "flannel"; - package = mkPackageOption pkgs "flannel" { }; + package = lib.mkPackageOption pkgs "flannel" { }; - publicIp = mkOption { + publicIp = lib.mkOption { description = '' IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - iface = mkOption { + iface = lib.mkOption { description = '' Interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; etcd = { - endpoints = mkOption { + endpoints = lib.mkOption { description = "Etcd endpoints"; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; default = ["http://127.0.0.1:2379"]; }; - prefix = mkOption { + prefix = lib.mkOption { description = "Etcd key prefix"; - type = types.str; + type = lib.types.str; default = "/coreos.com/network"; }; - caFile = mkOption { + caFile = lib.mkOption { description = "Etcd certificate authority file"; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; - certFile = mkOption { + certFile = lib.mkOption { description = "Etcd cert file"; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; - keyFile = mkOption { + keyFile = lib.mkOption { description = "Etcd key file"; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; }; - kubeconfig = mkOption { + kubeconfig = lib.mkOption { description = '' Path to kubeconfig to use for storing flannel config using the Kubernetes API ''; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; - network = mkOption { + network = lib.mkOption { description = " IPv4 network in CIDR format to use for the entire flannel network."; - type = types.str; + type = lib.types.str; }; - nodeName = mkOption { + nodeName = lib.mkOption { description = '' Needed when running with Kubernetes as backend as this cannot be auto-detected"; ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = config.networking.fqdnOrHostName; - defaultText = literalExpression "config.networking.fqdnOrHostName"; + defaultText = lib.literalExpression "config.networking.fqdnOrHostName"; example = "node1.example.com"; }; - storageBackend = mkOption { + storageBackend = lib.mkOption { description = "Determines where flannel stores its configuration at runtime"; - type = types.enum ["etcd" "kubernetes"]; + type = lib.types.enum ["etcd" "kubernetes"]; default = "etcd"; }; - subnetLen = mkOption { + subnetLen = lib.mkOption { description = '' The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network. ''; - type = types.int; + type = lib.types.int; default = 24; }; - subnetMin = mkOption { + subnetMin = lib.mkOption { description = '' The beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - subnetMax = mkOption { + subnetMax = lib.mkOption { description = '' The end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - backend = mkOption { + backend = lib.mkOption { description = "Type of backend to use and specific configurations for that backend."; - type = types.attrs; + type = lib.types.attrs; default = { Type = "vxlan"; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.flannel = { description = "Flannel Service"; wantedBy = [ "multi-user.target" ]; @@ -143,23 +140,23 @@ in { environment = { FLANNELD_PUBLIC_IP = cfg.publicIp; FLANNELD_IFACE = cfg.iface; - } // optionalAttrs (cfg.storageBackend == "etcd") { - FLANNELD_ETCD_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; + } // lib.optionalAttrs (cfg.storageBackend == "etcd") { + FLANNELD_ETCD_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints; FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile; FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile; FLANNELD_ETCD_CAFILE = cfg.etcd.caFile; ETCDCTL_CERT = cfg.etcd.certFile; ETCDCTL_KEY = cfg.etcd.keyFile; ETCDCTL_CACERT = cfg.etcd.caFile; - ETCDCTL_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; + ETCDCTL_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints; ETCDCTL_API = "3"; - } // optionalAttrs (cfg.storageBackend == "kubernetes") { + } // lib.optionalAttrs (cfg.storageBackend == "kubernetes") { FLANNELD_KUBE_SUBNET_MGR = "true"; FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig; NODE_NAME = cfg.nodeName; }; path = [ pkgs.iptables ]; - preStart = optionalString (cfg.storageBackend == "etcd") '' + preStart = lib.optionalString (cfg.storageBackend == "etcd") '' echo "setting network configuration" until ${pkgs.etcd}/bin/etcdctl put /coreos.com/network/config '${builtins.toJSON networkConfig}' do @@ -175,11 +172,11 @@ in { }; }; - services.etcd.enable = mkDefault (cfg.storageBackend == "etcd" && cfg.etcd.endpoints == ["http://127.0.0.1:2379"]); + services.etcd.enable = lib.mkDefault (cfg.storageBackend == "etcd" && cfg.etcd.endpoints == ["http://127.0.0.1:2379"]); # for some reason, flannel doesn't let you configure this path # see: https://github.com/coreos/flannel/blob/master/Documentation/configuration.md#configuration - environment.etc."kube-flannel/net-conf.json" = mkIf (cfg.storageBackend == "kubernetes") { + environment.etc."kube-flannel/net-conf.json" = lib.mkIf (cfg.storageBackend == "kubernetes") { source = pkgs.writeText "net-conf.json" (builtins.toJSON networkConfig); }; }; diff --git a/nixos/modules/services/networking/freenet.nix b/nixos/modules/services/networking/freenet.nix index 3da3ab0c7df4890..4323b98d67075fc 100644 --- a/nixos/modules/services/networking/freenet.nix +++ b/nixos/modules/services/networking/freenet.nix @@ -1,9 +1,5 @@ # NixOS module for Freenet daemon - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.freenet; @@ -19,14 +15,14 @@ in services.freenet = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable the Freenet daemon"; }; - nice = mkOption { - type = types.int; + nice = lib.mkOption { + type = lib.types.int; default = 10; description = "Set the nice level for the Freenet daemon"; }; @@ -37,7 +33,7 @@ in ### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.freenet = { description = "Freenet daemon"; diff --git a/nixos/modules/services/networking/freeradius.nix b/nixos/modules/services/networking/freeradius.nix index 7fa3a8fa17fa7ba..39a137aa541c55d 100644 --- a/nixos/modules/services/networking/freeradius.nix +++ b/nixos/modules/services/networking/freeradius.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.freeradius; @@ -18,7 +15,7 @@ let serviceConfig = { ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" + - optionalString cfg.debug " -xx"; + lib.optionalString cfg.debug " -xx"; ExecReload = [ "${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout" "${pkgs.coreutils}/bin/kill -HUP $MAINPID" @@ -33,18 +30,18 @@ let }; freeradiusConfig = { - enable = mkEnableOption "the freeradius server"; + enable = lib.mkEnableOption "the freeradius server"; - configDir = mkOption { - type = types.path; + configDir = lib.mkOption { + type = lib.types.path; default = "/etc/raddb"; description = '' The path of the freeradius server configuration directory. ''; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable debug logging for freeradius (-xx @@ -68,7 +65,7 @@ in ###### implementation - config = mkIf (cfg.enable) { + config = lib.mkIf (cfg.enable) { users = { users.radius = { @@ -79,7 +76,7 @@ in }; systemd.services.freeradius = freeradiusService cfg; - warnings = optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!"; + warnings = lib.optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!"; }; diff --git a/nixos/modules/services/networking/frp.nix b/nixos/modules/services/networking/frp.nix index fc15efe5642db50..56af543b845badc 100644 --- a/nixos/modules/services/networking/frp.nix +++ b/nixos/modules/services/networking/frp.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.frp; settingsFormat = pkgs.formats.toml { }; @@ -12,12 +9,12 @@ in { options = { services.frp = { - enable = mkEnableOption "frp"; + enable = lib.mkEnableOption "frp"; - package = mkPackageOption pkgs "frp" { }; + package = lib.mkPackageOption pkgs "frp" { }; - role = mkOption { - type = types.enum [ "server" "client" ]; + role = lib.mkOption { + type = lib.types.enum [ "server" "client" ]; description = '' The frp consists of `client` and `server`. The server is usually deployed on the machine with a public IP address, and @@ -26,7 +23,7 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = settingsFormat.type; default = { }; description = '' @@ -44,13 +41,13 @@ in config = let - serviceCapability = optionals isServer [ "CAP_NET_BIND_SERVICE" ]; + serviceCapability = lib.optionals isServer [ "CAP_NET_BIND_SERVICE" ]; executableFile = if isClient then "frpc" else "frps"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { systemd.services = { frp = { - wants = optionals isClient [ "network-online.target" ]; + wants = lib.optionals isClient [ "network-online.target" ]; after = if isClient then [ "network-online.target" ] else [ "network.target" ]; wantedBy = [ "multi-user.target" ]; description = "A fast reverse proxy frp ${cfg.role}"; @@ -59,10 +56,10 @@ in Restart = "on-failure"; RestartSec = 15; ExecStart = "${cfg.package}/bin/${executableFile} --strict_config -c ${configFile}"; - StateDirectoryMode = optionalString isServer "0700"; + StateDirectoryMode = lib.optionalString isServer "0700"; DynamicUser = true; # Hardening - UMask = optionalString isServer "0007"; + UMask = lib.optionalString isServer "0007"; CapabilityBoundingSet = serviceCapability; AmbientCapabilities = serviceCapability; PrivateDevices = true; @@ -72,7 +69,7 @@ in ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ] ++ optionals isClient [ "AF_UNIX" ]; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ] ++ lib.optionals isClient [ "AF_UNIX" ]; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; @@ -85,5 +82,5 @@ in }; }; - meta.maintainers = with maintainers; [ zaldnoay ]; + meta.maintainers = with lib.maintainers; [ zaldnoay ]; } diff --git a/nixos/modules/services/networking/frr.nix b/nixos/modules/services/networking/frr.nix index df2b4035d2f073b..fd5673651f36b2a 100644 --- a/nixos/modules/services/networking/frr.nix +++ b/nixos/modules/services/networking/frr.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.frr; @@ -51,10 +48,10 @@ let serviceOptions = service: { - enable = mkEnableOption "the FRR ${toUpper service} routing protocol"; + enable = lib.mkEnableOption "the FRR ${lib.toUpper service} routing protocol"; - configFile = mkOption { - type = types.nullOr types.path; + configFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/etc/frr/${daemonName service}.conf"; description = '' @@ -63,8 +60,8 @@ let ''; }; - config = mkOption { - type = types.lines; + config = lib.mkOption { + type = lib.types.lines; default = ""; example = let @@ -91,24 +88,24 @@ let ''; }; - vtyListenAddress = mkOption { - type = types.str; + vtyListenAddress = lib.mkOption { + type = lib.types.str; default = "localhost"; description = '' Address to bind to for the VTY interface. ''; }; - vtyListenPort = mkOption { - type = types.nullOr types.int; + vtyListenPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' TCP Port to bind to for the VTY interface. ''; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra options for the daemon. @@ -125,9 +122,9 @@ in { options.services.frr = { zebra = (serviceOptions "zebra") // { - enable = mkOption { - type = types.bool; - default = any isEnabled services; + enable = lib.mkOption { + type = lib.types.bool; + default = lib.any isEnabled services; description = '' Whether to enable the Zebra routing manager. @@ -137,8 +134,8 @@ in }; }; mgmt = (serviceOptions "mgmt") // { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = isEnabled "static"; defaultText = lib.literalExpression "config.services.frr.static.enable"; description = '' @@ -152,12 +149,12 @@ in }; }; } - { options.services.frr = (genAttrs services serviceOptions); } + { options.services.frr = (lib.genAttrs services serviceOptions); } ]; ###### implementation - config = mkIf (any isEnabled allServices) { + config = lib.mkIf (lib.any isEnabled allServices) { environment.systemPackages = [ pkgs.frr # for the vtysh tool @@ -182,7 +179,7 @@ in }; in (builtins.listToAttrs - (map mkEtcLink (filter isEnabled allServices))) // { + (map mkEtcLink (lib.filter isEnabled allServices))) // { "frr/vtysh.conf".text = ""; }; @@ -197,19 +194,19 @@ in scfg = cfg.${service}; daemon = daemonName service; in - nameValuePair daemon ({ + lib.nameValuePair daemon ({ wantedBy = [ "multi-user.target" ]; after = [ "network-pre.target" "systemd-sysctl.service" ] ++ lib.optionals (service != "zebra") [ "zebra.service" ]; bindsTo = lib.optionals (service != "zebra") [ "zebra.service" ]; wants = [ "network.target" ]; description = if service == "zebra" then "FRR Zebra routing manager" - else "FRR ${toUpper service} routing daemon"; + else "FRR ${lib.toUpper service} routing daemon"; unitConfig.Documentation = if service == "zebra" then "man:zebra(8)" else "man:${daemon}(8) man:zebra(8)"; - restartTriggers = mkIf (service != "mgmt") [ + restartTriggers = lib.mkIf (service != "mgmt") [ (configFile service) ]; reloadIfChanged = (service != "mgmt"); @@ -217,15 +214,15 @@ in serviceConfig = { PIDFile = "frr/${daemon}.pid"; ExecStart = "${pkgs.frr}/libexec/frr/${daemon}" - + optionalString (scfg.vtyListenAddress != "") " -A ${scfg.vtyListenAddress}" - + optionalString (scfg.vtyListenPort != null) " -P ${toString scfg.vtyListenPort}" - + " " + (concatStringsSep " " scfg.extraOptions); - ExecReload = mkIf (service != "mgmt") "${pkgs.python3.interpreter} ${pkgs.frr}/libexec/frr/frr-reload.py --reload --daemon ${daemon} --bindir ${pkgs.frr}/bin --rundir /run/frr /etc/frr/${daemon}.conf"; + + lib.optionalString (scfg.vtyListenAddress != "") " -A ${scfg.vtyListenAddress}" + + lib.optionalString (scfg.vtyListenPort != null) " -P ${toString scfg.vtyListenPort}" + + " " + (lib.concatStringsSep " " scfg.extraOptions); + ExecReload = lib.mkIf (service != "mgmt") "${pkgs.python3.interpreter} ${pkgs.frr}/libexec/frr/frr-reload.py --reload --daemon ${daemon} --bindir ${pkgs.frr}/bin --rundir /run/frr /etc/frr/${daemon}.conf"; Restart = "on-abnormal"; }; }); in - listToAttrs (map frrService (filter isEnabled allServices)); + lib.listToAttrs (map frrService (lib.filter isEnabled allServices)); }; diff --git a/nixos/modules/services/networking/gateone.nix b/nixos/modules/services/networking/gateone.nix index e68f8a47d5c0dec..83a7ea248594386 100644 --- a/nixos/modules/services/networking/gateone.nix +++ b/nixos/modules/services/networking/gateone.nix @@ -1,25 +1,24 @@ { config, lib, pkgs, ...}: -with lib; let cfg = config.services.gateone; in { options = { services.gateone = { - enable = mkEnableOption "GateOne server"; - pidDir = mkOption { + enable = lib.mkEnableOption "GateOne server"; + pidDir = lib.mkOption { default = "/run/gateone"; - type = types.path; + type = lib.types.path; description = "Path of pid files for GateOne."; }; - settingsDir = mkOption { + settingsDir = lib.mkOption { default = "/var/lib/gateone"; - type = types.path; + type = lib.types.path; description = "Path of configuration files for GateOne."; }; }; }; -config = mkIf cfg.enable { +config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs.pythonPackages; [ gateone pkgs.openssh pkgs.procps pkgs.coreutils pkgs.cacert]; diff --git a/nixos/modules/services/networking/gdomap.nix b/nixos/modules/services/networking/gdomap.nix index 3d829cb69135335..b7d6e2a2b690fc3 100644 --- a/nixos/modules/services/networking/gdomap.nix +++ b/nixos/modules/services/networking/gdomap.nix @@ -1,21 +1,18 @@ { config, lib, pkgs, ... }: - -with lib; - { # # interface # options = { services.gdomap = { - enable = mkEnableOption "GNUstep Distributed Objects name server"; + enable = lib.mkEnableOption "GNUstep Distributed Objects name server"; }; }; # # implementation # - config = mkIf config.services.gdomap.enable { + config = lib.mkIf config.services.gdomap.enable { # NOTE: gdomap runs as root # TODO: extra user for gdomap? systemd.services.gdomap = { diff --git a/nixos/modules/services/networking/git-daemon.nix b/nixos/modules/services/networking/git-daemon.nix index 522e6b14f868f09..215d7f79a52cf33 100644 --- a/nixos/modules/services/networking/git-daemon.nix +++ b/nixos/modules/services/networking/git-daemon.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.gitDaemon; @@ -12,8 +11,8 @@ in options = { services.gitDaemon = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable Git daemon, which allows public hosting of git repositories @@ -27,10 +26,10 @@ in ''; }; - package = mkPackageOption pkgs "git" { }; + package = lib.mkPackageOption pkgs "git" { }; - basePath = mkOption { - type = types.str; + basePath = lib.mkOption { + type = lib.types.str; default = ""; example = "/srv/git/"; description = '' @@ -40,8 +39,8 @@ in ''; }; - exportAll = mkOption { - type = types.bool; + exportAll = lib.mkOption { + type = lib.types.bool; default = false; description = '' Publish all directories that look like Git repositories (have the objects @@ -55,8 +54,8 @@ in ''; }; - repositories = mkOption { - type = types.listOf types.str; + repositories = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "/srv/git" "/home/user/git/repo2" ]; description = '' @@ -68,33 +67,33 @@ in ''; }; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = ""; example = "example.com"; description = "Listen on a specific IP address or hostname."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 9418; description = "Port to listen on."; }; - options = mkOption { - type = types.str; + options = lib.mkOption { + type = lib.types.str; default = ""; description = "Extra configuration options to be passed to Git daemon."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "git"; description = "User under which Git daemon would be running."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "git"; description = "Group under which Git daemon would be running."; }; @@ -104,9 +103,9 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == "git") { + users.users = lib.optionalAttrs (cfg.user == "git") { git = { uid = config.ids.uids.git; group = "git"; @@ -114,18 +113,18 @@ in }; }; - users.groups = optionalAttrs (cfg.group == "git") { + users.groups = lib.optionalAttrs (cfg.group == "git") { git.gid = config.ids.gids.git; }; systemd.services.git-daemon = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${getExe cfg.package} daemon --reuseaddr " - + (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") - + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") + script = "${lib.getExe cfg.package} daemon --reuseaddr " + + (lib.optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") + + (lib.optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} " - + "--verbose " + (optionalString cfg.exportAll "--export-all ") + concatStringsSep " " cfg.repositories; + + "--verbose " + (lib.optionalString cfg.exportAll "--export-all ") + lib.concatStringsSep " " cfg.repositories; }; }; diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix index 4292bba78f76755..87ce8a5e142f7b9 100644 --- a/nixos/modules/services/networking/globalprotect-vpn.nix +++ b/nixos/modules/services/networking/globalprotect-vpn.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.globalprotect; @@ -14,9 +11,9 @@ in { options.services.globalprotect = { - enable = mkEnableOption "globalprotect"; + enable = lib.mkEnableOption "globalprotect"; - settings = mkOption { + settings = lib.mkOption { description = '' GlobalProtect-openconnect configuration. For more information, visit . @@ -27,21 +24,21 @@ in openconnect-args = "--script=/path/to/vpnc-script"; }; }; - type = types.attrs; + type = lib.types.attrs; }; - csdWrapper = mkOption { + csdWrapper = lib.mkOption { description = '' A script that will produce a Host Integrity Protection (HIP) report, as described at ''; default = null; - example = literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; - type = types.nullOr types.path; + example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; + type = lib.types.nullOr lib.types.path; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.dbus.packages = [ pkgs.globalprotect-openconnect ]; environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings; diff --git a/nixos/modules/services/networking/gnunet.nix b/nixos/modules/services/networking/gnunet.nix index cfe1e1709142e6f..7380f22c13f2f22 100644 --- a/nixos/modules/services/networking/gnunet.nix +++ b/nixos/modules/services/networking/gnunet.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.gnunet; @@ -44,8 +41,8 @@ in services.gnunet = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the GNUnet daemon. GNUnet is GNU's anonymous @@ -54,8 +51,8 @@ in }; fileSharing = { - quota = mkOption { - type = types.int; + quota = lib.mkOption { + type = lib.types.int; default = 1024; description = '' Maximum file system usage (in MiB) for file sharing. @@ -64,8 +61,8 @@ in }; udp = { - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 2086; # assigned by IANA description = '' The UDP port for use by GNUnet. @@ -74,8 +71,8 @@ in }; tcp = { - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 2086; # assigned by IANA description = '' The TCP port for use by GNUnet. @@ -84,8 +81,8 @@ in }; load = { - maxNetDownBandwidth = mkOption { - type = types.int; + maxNetDownBandwidth = lib.mkOption { + type = lib.types.int; default = 50000; description = '' Maximum bandwidth usage (in bits per second) for GNUnet @@ -93,8 +90,8 @@ in ''; }; - maxNetUpBandwidth = mkOption { - type = types.int; + maxNetUpBandwidth = lib.mkOption { + type = lib.types.int; default = 50000; description = '' Maximum bandwidth usage (in bits per second) for GNUnet @@ -102,8 +99,8 @@ in ''; }; - hardNetUpBandwidth = mkOption { - type = types.int; + hardNetUpBandwidth = lib.mkOption { + type = lib.types.int; default = 0; description = '' Hard bandwidth limit (in bits per second) when uploading @@ -112,12 +109,12 @@ in }; }; - package = mkPackageOption pkgs "gnunet" { + package = lib.mkPackageOption pkgs "gnunet" { example = "gnunet_git"; }; - extraOptions = mkOption { - type = types.lines; + extraOptions = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Additional options that will be copied verbatim in `gnunet.conf`. @@ -131,7 +128,7 @@ in ###### implementation - config = mkIf config.services.gnunet.enable { + config = lib.mkIf config.services.gnunet.enable { users.users.gnunet = { group = "gnunet"; diff --git a/nixos/modules/services/networking/go-autoconfig.nix b/nixos/modules/services/networking/go-autoconfig.nix index 2fc7c53218ca423..b31ef227c587f74 100644 --- a/nixos/modules/services/networking/go-autoconfig.nix +++ b/nixos/modules/services/networking/go-autoconfig.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.go-autoconfig; @@ -12,19 +9,19 @@ in { options = { services.go-autoconfig = { - enable = mkEnableOption "IMAP/SMTP autodiscover feature for mail clients"; + enable = lib.mkEnableOption "IMAP/SMTP autodiscover feature for mail clients"; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' Configuration for go-autoconfig. See for more information. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; - example = literalExpression '' + example = lib.literalExpression '' { service_addr = ":1323"; domain = "autoconfig.example.org"; @@ -43,7 +40,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { services.go-autoconfig = { diff --git a/nixos/modules/services/networking/go-neb.nix b/nixos/modules/services/networking/go-neb.nix index ae414509162b239..4a43c574ff5308d 100644 --- a/nixos/modules/services/networking/go-neb.nix +++ b/nixos/modules/services/networking/go-neb.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.go-neb; @@ -9,16 +6,16 @@ let configFile = settingsFormat.generate "config.yaml" cfg.config; in { options.services.go-neb = { - enable = mkEnableOption "an extensible matrix bot written in Go"; + enable = lib.mkEnableOption "an extensible matrix bot written in Go"; - bindAddress = mkOption { - type = types.str; + bindAddress = lib.mkOption { + type = lib.types.str; description = "Port (and optionally address) to listen on."; default = ":4050"; }; - secretFile = mkOption { - type = types.nullOr types.path; + secretFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/go-neb.env"; description = '' @@ -30,12 +27,12 @@ in { ''; }; - baseUrl = mkOption { - type = types.str; + baseUrl = lib.mkOption { + type = lib.types.str; description = "Public-facing endpoint that can receive webhooks."; }; - config = mkOption { + config = lib.mkOption { inherit (settingsFormat) type; description = '' Your {file}`config.yaml` as a Nix attribute set. @@ -45,7 +42,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.go-neb = let finalConfigFile = if cfg.secretFile == null then configFile else "/var/run/go-neb/config.yaml"; in { @@ -74,5 +71,5 @@ in { }; }; - meta.maintainers = with maintainers; [ hexa maralorn ]; + meta.maintainers = with lib.maintainers; [ hexa maralorn ]; } diff --git a/nixos/modules/services/networking/go-shadowsocks2.nix b/nixos/modules/services/networking/go-shadowsocks2.nix index afbd7ea27c65c82..438d3fb1c0a6084 100644 --- a/nixos/modules/services/networking/go-shadowsocks2.nix +++ b/nixos/modules/services/networking/go-shadowsocks2.nix @@ -1,20 +1,18 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.go-shadowsocks2.server; in { options.services.go-shadowsocks2.server = { - enable = mkEnableOption "go-shadowsocks2 server"; + enable = lib.mkEnableOption "go-shadowsocks2 server"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; description = "Server listen address or URL"; example = "ss://AEAD_CHACHA20_POLY1305:your-password@:8488"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.go-shadowsocks2-server = { description = "go-shadowsocks2 server"; diff --git a/nixos/modules/services/networking/gobgpd.nix b/nixos/modules/services/networking/gobgpd.nix index e5d8c190b9118dd..79f1adf4e314d8d 100644 --- a/nixos/modules/services/networking/gobgpd.nix +++ b/nixos/modules/services/networking/gobgpd.nix @@ -1,16 +1,13 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.gobgpd; format = pkgs.formats.toml { }; confFile = format.generate "gobgpd.conf" cfg.settings; in { options.services.gobgpd = { - enable = mkEnableOption "GoBGP Routing Daemon"; + enable = lib.mkEnableOption "GoBGP Routing Daemon"; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -18,7 +15,7 @@ in { for details on supported values. ''; - example = literalExpression '' + example = lib.literalExpression '' { global = { config = { @@ -45,7 +42,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.gobgpd ]; systemd.services.gobgpd = { wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix index 0d0e2c340ebf1d4..b1cb37158a04389 100644 --- a/nixos/modules/services/networking/hans.nix +++ b/nixos/modules/services/networking/hans.nix @@ -1,9 +1,5 @@ # NixOS module for hans, ip over icmp daemon - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.hans; @@ -17,7 +13,7 @@ in options = { services.hans = { - clients = mkOption { + clients = lib.mkOption { default = {}; description = '' Each attribute of this option defines a systemd service that @@ -27,7 +23,7 @@ in where «name» is the name of the corresponding attribute name. ''; - example = literalExpression '' + example = lib.literalExpression '' { foo = { server = "192.0.2.1"; @@ -35,25 +31,25 @@ in } } ''; - type = types.attrsOf (types.submodule ( + type = lib.types.attrsOf (lib.types.submodule ( { options = { - server = mkOption { - type = types.str; + server = lib.mkOption { + type = lib.types.str; default = ""; description = "IP address of server running hans"; example = "192.0.2.1"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-v"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "File that contains password"; }; @@ -63,34 +59,34 @@ in }; server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "enable hans server"; }; - ip = mkOption { - type = types.str; + ip = lib.mkOption { + type = lib.types.str; default = ""; description = "The assigned ip range"; example = "198.51.100.0"; }; - respondToSystemPings = mkOption { - type = types.bool; + respondToSystemPings = lib.mkOption { + type = lib.types.bool; default = false; description = "Force hans respond to ordinary pings"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-v"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "File that contains password"; }; @@ -101,8 +97,8 @@ in ### implementation - config = mkIf (cfg.server.enable || cfg.clients != {}) { - boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings { + config = lib.mkIf (cfg.server.enable || cfg.clients != {}) { + boot.kernel.sysctl = lib.optionalAttrs cfg.server.respondToSystemPings { "net.ipv4.icmp_echo_ignore_all" = 1; }; @@ -115,23 +111,23 @@ in description = "hans client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; + script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${lib.optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; }; }; in - listToAttrs ( - mapAttrsToList - (name: value: nameValuePair "hans-${name}" (createHansClientService name value)) + lib.listToAttrs ( + lib.mapAttrsToList + (name: value: lib.nameValuePair "hans-${name}" (createHansClientService name value)) cfg.clients ) // { - hans = mkIf (cfg.server.enable) { + hans = lib.mkIf (cfg.server.enable) { description = "hans, ip over icmp server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}"; + script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${lib.optionalString cfg.server.respondToSystemPings "-r"} ${lib.optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}"; }; }; diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix index 19b096bf490694d..23c06f2949808d0 100644 --- a/nixos/modules/services/networking/haproxy.nix +++ b/nixos/modules/services/networking/haproxy.nix @@ -1,40 +1,35 @@ { config, lib, pkgs, ... }: - let cfg = config.services.haproxy; - haproxyCfg = pkgs.writeText "haproxy.conf" '' global # needed for hot-reload to work without dropping packets in multi-worker mode stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level user - ${cfg.config} ''; - in -with lib; { options = { services.haproxy = { - enable = mkEnableOption "HAProxy, the reliable, high performance TCP/HTTP load balancer"; + enable = lib.mkEnableOption "HAProxy, the reliable, high performance TCP/HTTP load balancer"; - package = mkPackageOption pkgs "haproxy" { }; + package = lib.mkPackageOption pkgs "haproxy" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "haproxy"; description = "User account under which haproxy runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "haproxy"; description = "Group account under which haproxy runs."; }; - config = mkOption { - type = types.nullOr types.lines; + config = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; description = '' Contents of the HAProxy configuration file, @@ -44,7 +39,7 @@ with lib; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = cfg.config != null; @@ -93,14 +88,14 @@ with lib; }; }; - users.users = optionalAttrs (cfg.user == "haproxy") { + users.users = lib.optionalAttrs (cfg.user == "haproxy") { haproxy = { group = cfg.group; isSystemUser = true; }; }; - users.groups = optionalAttrs (cfg.group == "haproxy") { + users.groups = lib.optionalAttrs (cfg.group == "haproxy") { haproxy = {}; }; }; diff --git a/nixos/modules/services/networking/htpdate.nix b/nixos/modules/services/networking/htpdate.nix index 6954e5b060c4ce0..fa422854872c60e 100644 --- a/nixos/modules/services/networking/htpdate.nix +++ b/nixos/modules/services/networking/htpdate.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inherit (pkgs) htpdate; @@ -16,32 +13,32 @@ in services.htpdate = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable htpdate daemon. ''; }; - extraOptions = mkOption { - type = types.str; + extraOptions = lib.mkOption { + type = lib.types.str; default = ""; description = '' Additional command line arguments to pass to htpdate. ''; }; - servers = mkOption { - type = types.listOf types.str; + servers = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "www.google.com" ]; description = '' HTTP servers to use for time synchronization. ''; }; - proxy = mkOption { - type = types.str; + proxy = lib.mkOption { + type = lib.types.str; default = ""; example = "127.0.0.1:8118"; description = '' @@ -55,7 +52,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.htpdate = { description = "htpdate daemon"; @@ -63,14 +60,14 @@ in serviceConfig = { Type = "forking"; PIDFile = "/run/htpdate.pid"; - ExecStart = concatStringsSep " " [ + ExecStart = lib.concatStringsSep " " [ "${htpdate}/bin/htpdate" "-D -u nobody" "-a -s" "-l" - "${optionalString (cfg.proxy != "") "-P ${cfg.proxy}"}" + "${lib.optionalString (cfg.proxy != "") "-P ${cfg.proxy}"}" "${cfg.extraOptions}" - "${concatStringsSep " " cfg.servers}" + "${lib.concatStringsSep " " cfg.servers}" ]; }; }; diff --git a/nixos/modules/services/networking/i2p.nix b/nixos/modules/services/networking/i2p.nix index 2b38697b1f471d9..5d7b339dc01b513 100644 --- a/nixos/modules/services/networking/i2p.nix +++ b/nixos/modules/services/networking/i2p.nix @@ -1,17 +1,14 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.i2p; homeDir = "/var/lib/i2p"; in { ###### interface - options.services.i2p.enable = mkEnableOption "I2P router"; + options.services.i2p.enable = lib.mkEnableOption "I2P router"; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.i2p = { group = "i2p"; description = "i2p User"; diff --git a/nixos/modules/services/networking/inadyn.nix b/nixos/modules/services/networking/inadyn.nix index 7022673538c8a17..c98d6a2315061f5 100644 --- a/nixos/modules/services/networking/inadyn.nix +++ b/nixos/modules/services/networking/inadyn.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.inadyn; @@ -11,10 +8,10 @@ let renderOption = k: v: if builtins.elem k [ "provider" "custom" ] then lib.concatStringsSep "\n" - (mapAttrsToList + (lib.mapAttrsToList (name: config: '' ${k} ${name} { - ${lib.concatStringsSep "\n " (mapAttrsToList renderOption (filterAttrs nonEmptyValue config))} + ${lib.concatStringsSep "\n " (lib.mapAttrsToList renderOption (lib.filterAttrs nonEmptyValue config))} }'') v) else if k == "include" then @@ -22,7 +19,7 @@ let else if k == "hostname" && builtins.isList v then "${k} = { ${builtins.concatStringsSep ", " (map (s: "\"${s}\"") v)} }" else if builtins.isBool v then - "${k} = ${boolToString v}" + "${k} = ${lib.boolToString v}" else if builtins.isString v then "${k} = \"${v}\"" else @@ -33,32 +30,32 @@ let # This file was generated by nix # do not edit - ${(lib.concatStringsSep "\n" (mapAttrsToList renderOption (filterAttrs nonEmptyValue cfg.settings)))} + ${(lib.concatStringsSep "\n" (lib.mapAttrsToList renderOption (lib.filterAttrs nonEmptyValue cfg.settings)))} ''; configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; in { - options.services.inadyn = with types; + options.services.inadyn = with lib.types; let providerOptions = { - include = mkOption { + include = lib.mkOption { default = null; description = "File to include additional settings for this provider from."; type = nullOr path; }; - ssl = mkOption { + ssl = lib.mkOption { default = true; description = "Whether to use HTTPS for this DDNS provider."; type = bool; }; - username = mkOption { + username = lib.mkOption { default = null; description = "Username for this DDNS provider."; type = nullOr str; }; - password = mkOption { + password = lib.mkOption { default = null; description = '' Password for this DDNS provider. @@ -68,7 +65,7 @@ in ''; type = nullOr str; }; - hostname = mkOption { + hostname = lib.mkOption { default = "*"; example = "your.cool-domain.com"; description = "Hostname alias(es)."; @@ -77,12 +74,12 @@ in }; in { - enable = mkEnableOption ('' + enable = lib.mkEnableOption ('' synchronise your machine's IP address with a dynamic DNS provider using inadyn ''); - user = mkOption { + user = lib.mkOption { default = "inadyn"; - type = types.str; + type = lib.types.str; description = '' User account under which inadyn runs. @@ -93,9 +90,9 @@ in ::: ''; }; - group = mkOption { + group = lib.mkOption { default = "inadyn"; - type = types.str; + type = lib.types.str; description = '' Group account under which inadyn runs. @@ -106,7 +103,7 @@ in ::: ''; }; - interval = mkOption { + interval = lib.mkOption { default = "*-*-* *:*:00"; description = '' How often to check the current IP. @@ -119,24 +116,24 @@ in default = "notice"; description = "Set inadyn's log level."; }; - settings = mkOption { + settings = lib.mkOption { default = { }; description = "See `inadyn.conf (5)`"; type = submodule { freeformType = attrs; options = { - allow-ipv6 = mkOption { + allow-ipv6 = lib.mkOption { default = config.networking.enableIPv6; defaultText = "`config.networking.enableIPv6`"; description = "Whether to get IPv6 addresses from interfaces."; type = bool; }; - forced-update = mkOption { + forced-update = lib.mkOption { default = 2592000; description = "Duration (in seconds) after which an update is forced."; type = ints.positive; }; - provider = mkOption { + provider = lib.mkOption { default = { }; description = '' Settings for DDNS providers built-in to inadyn. @@ -148,7 +145,7 @@ in options = providerOptions; }); }; - custom = mkOption { + custom = lib.mkOption { default = { }; description = '' Settings for custom DNS providers. @@ -156,11 +153,11 @@ in type = attrsOf (submodule { freeformType = attrs; options = providerOptions // { - ddns-server = mkOption { + ddns-server = lib.mkOption { description = "DDNS server name."; type = str; }; - ddns-path = mkOption { + ddns-path = lib.mkOption { description = '' DDNS server path. @@ -175,7 +172,7 @@ in }; }; }; - configFile = mkOption { + configFile = lib.mkOption { default = null; description = '' Configuration file for inadyn. @@ -238,12 +235,12 @@ in timers.inadyn.timerConfig.Persistent = true; }; - users.users.inadyn = mkIf (cfg.user == "inadyn") { + users.users.inadyn = lib.mkIf (cfg.user == "inadyn") { group = cfg.group; isSystemUser = true; }; - users.groups = mkIf (cfg.group == "inadyn") { + users.groups = lib.mkIf (cfg.group == "inadyn") { inadyn = { }; }; }; diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix index c474f5f278bf86c..2bdfa6f1b844a5a 100644 --- a/nixos/modules/services/networking/iodine.nix +++ b/nixos/modules/services/networking/iodine.nix @@ -1,24 +1,20 @@ # NixOS module for iodine, ip over dns daemon - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.iodine; iodinedUser = "iodined"; /* is this path made unreadable by ProtectHome = true ? */ - isProtected = x: hasPrefix "/root" x || hasPrefix "/home" x; + isProtected = x: lib.hasPrefix "/root" x || lib.hasPrefix "/home" x; in { imports = [ - (mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ]) - (mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ]) - (mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ]) - (mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ]) - (mkRemovedOptionModule [ "services" "iodined" "client" ] "") + (lib.mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ]) + (lib.mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ]) + (lib.mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ]) + (lib.mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ]) + (lib.mkRemovedOptionModule [ "services" "iodined" "client" ] "") ]; ### configuration @@ -26,7 +22,7 @@ in options = { services.iodine = { - clients = mkOption { + clients = lib.mkOption { default = {}; description = '' Each attribute of this option defines a systemd service that @@ -36,7 +32,7 @@ in where «name» is the name of the corresponding attribute name. ''; - example = literalExpression '' + example = lib.literalExpression '' { foo = { server = "tunnel.mdomain.com"; @@ -45,33 +41,33 @@ in } } ''; - type = types.attrsOf ( - types.submodule ( + type = lib.types.attrsOf ( + lib.types.submodule ( { options = { - server = mkOption { - type = types.str; + server = lib.mkOption { + type = lib.types.str; default = ""; description = "Hostname of server running iodined"; example = "tunnel.mydomain.com"; }; - relay = mkOption { - type = types.str; + relay = lib.mkOption { + type = lib.types.str; default = ""; description = "DNS server to use as an intermediate relay to the iodined server"; example = "8.8.8.8"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "Path to a file containing the password."; }; @@ -82,35 +78,35 @@ in }; server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "enable iodined server"; }; - ip = mkOption { - type = types.str; + ip = lib.mkOption { + type = lib.types.str; default = ""; description = "The assigned ip address or ip range"; example = "172.16.10.1/24"; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; default = ""; description = "Domain or subdomain of which nameservers point to us"; example = "tunnel.mydomain.com"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "File that contains password"; }; @@ -121,7 +117,7 @@ in ### implementation - config = mkIf (cfg.server.enable || cfg.clients != {}) { + config = lib.mkIf (cfg.server.enable || cfg.clients != {}) { environment.systemPackages = [ pkgs.iodine ]; boot.kernelModules = [ "tun" ]; @@ -132,7 +128,7 @@ in description = "iodine client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; + script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${lib.optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; @@ -157,16 +153,16 @@ in }; }; in - listToAttrs ( - mapAttrsToList - (name: value: nameValuePair "iodine-${name}" (createIodineClientService name value)) + lib.listToAttrs ( + lib.mapAttrsToList + (name: value: lib.nameValuePair "iodine-${name}" (createIodineClientService name value)) cfg.clients ) // { - iodined = mkIf (cfg.server.enable) { + iodined = lib.mkIf (cfg.server.enable) { description = "iodine, ip over dns server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; + script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${lib.optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; serviceConfig = { # Filesystem access ProtectSystem = "strict"; diff --git a/nixos/modules/services/networking/ivpn.nix b/nixos/modules/services/networking/ivpn.nix index 535510f4e8134b7..6482bbadaeb2a07 100644 --- a/nixos/modules/services/networking/ivpn.nix +++ b/nixos/modules/services/networking/ivpn.nix @@ -2,11 +2,10 @@ let cfg = config.services.ivpn; in -with lib; { options.services.ivpn = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option enables iVPN daemon. @@ -15,7 +14,7 @@ with lib; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { boot.kernelModules = [ "tun" ]; environment.systemPackages = with pkgs; [ ivpn ivpn-service ]; @@ -47,5 +46,5 @@ with lib; }; }; - meta.maintainers = with maintainers; [ ataraxiasjel ]; + meta.maintainers = with lib.maintainers; [ ataraxiasjel ]; } diff --git a/nixos/modules/services/networking/jicofo.nix b/nixos/modules/services/networking/jicofo.nix index d4199c10fa2e3ea..91906e417361d3a 100644 --- a/nixos/modules/services/networking/jicofo.nix +++ b/nixos/modules/services/networking/jicofo.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jicofo; @@ -10,10 +7,10 @@ let configFile = format.generate "jicofo.conf" cfg.config; in { - options.services.jicofo = with types; { - enable = mkEnableOption "Jitsi Conference Focus - component of Jitsi Meet"; + options.services.jicofo = with lib.types; { + enable = lib.mkEnableOption "Jitsi Conference Focus - component of Jitsi Meet"; - xmppHost = mkOption { + xmppHost = lib.mkOption { type = str; example = "localhost"; description = '' @@ -21,7 +18,7 @@ in ''; }; - xmppDomain = mkOption { + xmppDomain = lib.mkOption { type = nullOr str; example = "meet.example.org"; description = '' @@ -31,7 +28,7 @@ in ''; }; - componentPasswordFile = mkOption { + componentPasswordFile = lib.mkOption { type = str; example = "/run/keys/jicofo-component"; description = '' @@ -39,7 +36,7 @@ in ''; }; - userName = mkOption { + userName = lib.mkOption { type = str; default = "focus"; description = '' @@ -47,7 +44,7 @@ in ''; }; - userDomain = mkOption { + userDomain = lib.mkOption { type = str; example = "auth.meet.example.org"; description = '' @@ -55,7 +52,7 @@ in ''; }; - userPasswordFile = mkOption { + userPasswordFile = lib.mkOption { type = str; example = "/run/keys/jicofo-user"; description = '' @@ -63,7 +60,7 @@ in ''; }; - bridgeMuc = mkOption { + bridgeMuc = lib.mkOption { type = str; example = "jvbbrewery@internal.meet.example.org"; description = '' @@ -71,10 +68,10 @@ in ''; }; - config = mkOption { + config = lib.mkOption { type = format.type; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { jicofo.bridge.max-bridge-participants = 42; } @@ -85,7 +82,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.jicofo.config = { jicofo = { bridge.brewery-jid = cfg.bridgeMuc; @@ -120,7 +117,7 @@ in restartTriggers = [ configFile ]; - environment.JAVA_SYS_PROPS = concatStringsSep " " (mapAttrsToList (k: v: "${k}=${toString v}") jicofoProps); + environment.JAVA_SYS_PROPS = lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "${k}=${toString v}") jicofoProps); script = '' export JICOFO_AUTH_PASS="$(<${cfg.userPasswordFile})" @@ -154,7 +151,7 @@ in environment.etc."jitsi/jicofo/sip-communicator.properties".text = ""; environment.etc."jitsi/jicofo/logging.properties".source = - mkDefault "${pkgs.jicofo}/etc/jitsi/jicofo/logging.properties-journal"; + lib.mkDefault "${pkgs.jicofo}/etc/jitsi/jicofo/logging.properties-journal"; }; meta.maintainers = lib.teams.jitsi.members; diff --git a/nixos/modules/services/networking/jigasi.nix b/nixos/modules/services/networking/jigasi.nix index e701689031b142e..d69d905788f4018 100644 --- a/nixos/modules/services/networking/jigasi.nix +++ b/nixos/modules/services/networking/jigasi.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jigasi; homeDirName = "jigasi-home"; @@ -10,10 +7,10 @@ let sipCommunicatorPropertiesFileUnsubstituted = "${pkgs.jigasi}/etc/jitsi/jigasi/sip-communicator.properties"; in { - options.services.jigasi = with types; { - enable = mkEnableOption "Jitsi Gateway to SIP - component of Jitsi Meet"; + options.services.jigasi = with lib.types; { + enable = lib.mkEnableOption "Jitsi Gateway to SIP - component of Jitsi Meet"; - xmppHost = mkOption { + xmppHost = lib.mkOption { type = str; example = "localhost"; description = '' @@ -21,7 +18,7 @@ in ''; }; - xmppDomain = mkOption { + xmppDomain = lib.mkOption { type = nullOr str; example = "meet.example.org"; description = '' @@ -31,7 +28,7 @@ in ''; }; - componentPasswordFile = mkOption { + componentPasswordFile = lib.mkOption { type = str; example = "/run/keys/jigasi-component"; description = '' @@ -39,7 +36,7 @@ in ''; }; - userName = mkOption { + userName = lib.mkOption { type = str; default = "callcontrol"; description = '' @@ -47,7 +44,7 @@ in ''; }; - userDomain = mkOption { + userDomain = lib.mkOption { type = str; example = "internal.meet.example.org"; description = '' @@ -55,7 +52,7 @@ in ''; }; - userPasswordFile = mkOption { + userPasswordFile = lib.mkOption { type = str; example = "/run/keys/jigasi-user"; description = '' @@ -63,7 +60,7 @@ in ''; }; - bridgeMuc = mkOption { + bridgeMuc = lib.mkOption { type = str; example = "jigasibrewery@internal.meet.example.org"; description = '' @@ -71,7 +68,7 @@ in ''; }; - defaultJvbRoomName = mkOption { + defaultJvbRoomName = lib.mkOption { type = str; default = ""; example = "siptest"; @@ -80,8 +77,8 @@ in ''; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' File containing environment variables to be passed to the jigasi service, @@ -93,10 +90,10 @@ in ''; }; - config = mkOption { + config = lib.mkOption { type = attrsOf str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "org.jitsi.jigasi.auth.URL" = "XMPP:jitsi-meet.example.com"; } @@ -107,12 +104,12 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.jicofo.config = { "org.jitsi.jicofo.jigasi.BREWERY" = "${cfg.bridgeMuc}"; }; - services.jigasi.config = mapAttrs (_: v: mkDefault v) { + services.jigasi.config = lib.mapAttrs (_: v: lib.mkDefault v) { "org.jitsi.jigasi.BRIDGE_MUC" = cfg.bridgeMuc; }; @@ -186,7 +183,7 @@ in restartTriggers = [ config.environment.etc."jitsi/jigasi/sip-communicator.properties".source ]; - environment.JAVA_SYS_PROPS = concatStringsSep " " (mapAttrsToList (k: v: "${k}=${toString v}") jigasiProps); + environment.JAVA_SYS_PROPS = lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "${k}=${toString v}") jigasiProps); script = '' ${pkgs.jigasi}/bin/jigasi \ @@ -228,9 +225,9 @@ in }; environment.etc."jitsi/jigasi/sip-communicator.properties".source = - mkDefault "${sipCommunicatorPropertiesFile}"; + lib.mkDefault "${sipCommunicatorPropertiesFile}"; environment.etc."jitsi/jigasi/logging.properties".source = - mkDefault "${stateDir}/logging.properties-journal"; + lib.mkDefault "${stateDir}/logging.properties-journal"; }; meta.maintainers = lib.teams.jitsi.members; diff --git a/nixos/modules/services/networking/jitsi-videobridge.nix b/nixos/modules/services/networking/jitsi-videobridge.nix index d73a9f256dfb9a6..8c468e121299e63 100644 --- a/nixos/modules/services/networking/jitsi-videobridge.nix +++ b/nixos/modules/services/networking/jitsi-videobridge.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jitsi-videobridge; - attrsToArgs = a: concatStringsSep " " (mapAttrsToList (k: v: "${k}=${toString v}") a); + attrsToArgs = a: lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "${k}=${toString v}") a); format = pkgs.formats.hocon { }; # We're passing passwords in environment variables that have names generated # from an attribute name, which may not be a valid bash identifier. - toVarName = s: "XMPP_PASSWORD_" + stringAsChars (c: if builtins.match "[A-Za-z0-9]" c != null then c else "_") s; + toVarName = s: "XMPP_PASSWORD_" + lib.stringAsChars (c: if builtins.match "[A-Za-z0-9]" c != null then c else "_") s; defaultJvbConfig = { videobridge = { @@ -25,7 +22,7 @@ let enabled = true; transports = [ { type = "muc"; } ]; }; - apis.xmpp-client.configs = flip mapAttrs cfg.xmppConfigs (name: xmppConfig: { + apis.xmpp-client.configs = lib.flip lib.mapAttrs cfg.xmppConfigs (name: xmppConfig: { hostname = xmppConfig.hostName; domain = xmppConfig.domain; username = xmppConfig.userName; @@ -39,21 +36,21 @@ let }; # Allow overriding leaves of the default config despite types.attrs not doing any merging. - jvbConfig = recursiveUpdate defaultJvbConfig cfg.config; + jvbConfig = lib.recursiveUpdate defaultJvbConfig cfg.config; in { imports = [ - (mkRemovedOptionModule [ "services" "jitsi-videobridge" "apis" ] + (lib.mkRemovedOptionModule [ "services" "jitsi-videobridge" "apis" ] "services.jitsi-videobridge.apis was broken and has been migrated into the boolean option services.jitsi-videobridge.colibriRestApi. It is set to false by default, setting it to true will correctly enable the private /colibri rest API." ) ]; - options.services.jitsi-videobridge = with types; { - enable = mkEnableOption "Jitsi Videobridge, a WebRTC compatible video router"; + options.services.jitsi-videobridge = with lib.types; { + enable = lib.mkEnableOption "Jitsi Videobridge, a WebRTC compatible video router"; - config = mkOption { + config = lib.mkOption { type = attrs; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { videobridge = { ice.udp.port = 5000; @@ -72,14 +69,14 @@ in ''; }; - xmppConfigs = mkOption { + xmppConfigs = lib.mkOption { description = '' XMPP servers to connect to. See for more information. ''; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "localhost" = { hostName = "localhost"; @@ -92,14 +89,14 @@ in ''; type = attrsOf (submodule ({ name, ... }: { options = { - hostName = mkOption { + hostName = lib.mkOption { type = str; example = "xmpp.example.org"; description = '' Hostname of the XMPP server to connect to. Name of the attribute set is used by default. ''; }; - domain = mkOption { + domain = lib.mkOption { type = nullOr str; default = null; example = "auth.xmpp.example.org"; @@ -107,28 +104,28 @@ in Domain part of JID of the XMPP user, if it is different from hostName. ''; }; - userName = mkOption { + userName = lib.mkOption { type = str; default = "jvb"; description = '' User part of the JID. ''; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { type = str; example = "/run/keys/jitsi-videobridge-xmpp1"; description = '' File containing the password for the user. ''; }; - mucJids = mkOption { + mucJids = lib.mkOption { type = str; example = "jvbbrewery@internal.xmpp.example.org"; description = '' JID of the MUC to join. JiCoFo needs to be configured to join the same MUC. ''; }; - mucNickname = mkOption { + mucNickname = lib.mkOption { # Upstream DEBs use UUID, let's use hostname instead. type = str; description = '' @@ -136,7 +133,7 @@ in nickname (aka resource part of the JID). By default, system hostname is used. ''; }; - disableCertificateVerification = mkOption { + disableCertificateVerification = lib.mkOption { type = bool; default = false; description = '' @@ -145,8 +142,8 @@ in }; }; config = { - hostName = mkDefault name; - mucNickname = mkDefault (builtins.replaceStrings [ "." ] [ "-" ] ( + hostName = lib.mkDefault name; + mucNickname = lib.mkDefault (builtins.replaceStrings [ "." ] [ "-" ] ( config.networking.fqdnOrHostName )); }; @@ -154,7 +151,7 @@ in }; nat = { - localAddress = mkOption { + localAddress = lib.mkOption { type = nullOr str; default = null; example = "192.168.1.42"; @@ -163,7 +160,7 @@ in ''; }; - publicAddress = mkOption { + publicAddress = lib.mkOption { type = nullOr str; default = null; example = "1.2.3.4"; @@ -173,7 +170,7 @@ in }; }; - extraProperties = mkOption { + extraProperties = lib.mkOption { type = attrsOf str; default = { }; description = '' @@ -181,7 +178,7 @@ in ''; }; - openFirewall = mkOption { + openFirewall = lib.mkOption { type = bool; default = false; description = '' @@ -189,7 +186,7 @@ in ''; }; - colibriRestApi = mkOption { + colibriRestApi = lib.mkOption { type = bool; description = '' Whether to enable the private rest API for the COLIBRI control interface. @@ -199,10 +196,10 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.groups.jitsi-meet = {}; - services.jitsi-videobridge.extraProperties = optionalAttrs (cfg.nat.localAddress != null) { + services.jitsi-videobridge.extraProperties = lib.optionalAttrs (cfg.nat.localAddress != null) { "org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS" = cfg.nat.localAddress; "org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS" = cfg.nat.publicAddress; }; @@ -215,7 +212,7 @@ in "-Dconfig.file" = format.generate "jvb.conf" jvbConfig; # Mitigate CVE-2021-44228 "-Dlog4j2.formatMsgNoLookups" = true; - } // (mapAttrs' (k: v: nameValuePair "-D${k}" v) cfg.extraProperties); + } // (lib.mapAttrs' (k: v: lib.nameValuePair "-D${k}" v) cfg.extraProperties); in { aliases = [ "jitsi-videobridge.service" ]; @@ -225,7 +222,7 @@ in environment.JAVA_SYS_PROPS = attrsToArgs jvbProps; - script = (concatStrings (mapAttrsToList (name: xmppConfig: + script = (lib.concatStrings (lib.mapAttrsToList (name: xmppConfig: "export ${toVarName name}=$(cat ${xmppConfig.passwordFile})\n" ) cfg.xmppConfigs)) + '' @@ -262,16 +259,16 @@ in }; environment.etc."jitsi/videobridge/logging.properties".source = - mkDefault "${pkgs.jitsi-videobridge}/etc/jitsi/videobridge/logging.properties-journal"; + lib.mkDefault "${pkgs.jitsi-videobridge}/etc/jitsi/videobridge/logging.properties-journal"; # (from videobridge2 .deb) # this sets the max, so that we can bump the JVB UDP single port buffer size. - boot.kernel.sysctl."net.core.rmem_max" = mkDefault 10485760; - boot.kernel.sysctl."net.core.netdev_max_backlog" = mkDefault 100000; + boot.kernel.sysctl."net.core.rmem_max" = lib.mkDefault 10485760; + boot.kernel.sysctl."net.core.netdev_max_backlog" = lib.mkDefault 100000; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ jvbConfig.videobridge.ice.tcp.port ]; - networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ jvbConfig.videobridge.ice.udp.port ]; assertions = [{ diff --git a/nixos/modules/services/networking/jotta-cli.nix b/nixos/modules/services/networking/jotta-cli.nix index e0fa1ef332fe6a6..566e7fc503a6d15 100644 --- a/nixos/modules/services/networking/jotta-cli.nix +++ b/nixos/modules/services/networking/jotta-cli.nix @@ -1,25 +1,22 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jotta-cli; in { options = { services.jotta-cli = { - enable = mkEnableOption "Jottacloud Command-line Tool"; + enable = lib.mkEnableOption "Jottacloud Command-line Tool"; - options = mkOption { + options = lib.mkOption { default = [ "stdoutlog" "datadir" "%h/.jottad/" ]; example = [ ]; - type = with types; listOf str; + type = with lib.types; listOf str; description = "Command-line options passed to jottad."; }; package = lib.mkPackageOption pkgs "jotta-cli" { }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.user.services.jottad = { description = "Jottacloud Command-line Tool daemon"; @@ -27,7 +24,7 @@ in { serviceConfig = { Type = "notify"; EnvironmentFile = "-%h/.config/jotta-cli/jotta-cli.env"; - ExecStart = "${lib.getExe' cfg.package "jottad"} ${concatStringsSep " " cfg.options}"; + ExecStart = "${lib.getExe' cfg.package "jottad"} ${lib.concatStringsSep " " cfg.options}"; Restart = "on-failure"; }; diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index 495102cb7eeee1f..9bb7ad3844a068a 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.keybase; - in { ###### interface @@ -11,8 +9,8 @@ in { services.keybase = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to start the Keybase service."; }; @@ -22,7 +20,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/keybase.service systemd.user.services.keybase = { diff --git a/nixos/modules/services/networking/lambdabot.nix b/nixos/modules/services/networking/lambdabot.nix index a141962f512ff18..8c8e5648450c417 100644 --- a/nixos/modules/services/networking/lambdabot.nix +++ b/nixos/modules/services/networking/lambdabot.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.lambdabot; @@ -18,16 +15,16 @@ in services.lambdabot = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable the Lambdabot IRC bot"; }; - package = mkPackageOption pkgs "lambdabot" { }; + package = lib.mkPackageOption pkgs "lambdabot" { }; - script = mkOption { - type = types.str; + script = lib.mkOption { + type = lib.types.str; default = ""; description = "Lambdabot script"; }; @@ -38,7 +35,7 @@ in ### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.lambdabot = { description = "Lambdabot daemon"; diff --git a/nixos/modules/services/networking/lldpd.nix b/nixos/modules/services/networking/lldpd.nix index d5de9c45d84b7f6..98a4cff265f14b0 100644 --- a/nixos/modules/services/networking/lldpd.nix +++ b/nixos/modules/services/networking/lldpd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.lldpd; @@ -9,17 +6,17 @@ in { options.services.lldpd = { - enable = mkEnableOption "Link Layer Discovery Protocol Daemon"; + enable = lib.mkEnableOption "Link Layer Discovery Protocol Daemon"; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-c" "-k" "-I eth0" ]; description = "List of command line parameters for lldpd"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users._lldpd = { description = "lldpd user"; group = "_lldpd"; @@ -33,7 +30,7 @@ in systemd.services.lldpd = { wantedBy = [ "multi-user.target" ]; - environment.LLDPD_OPTIONS = concatStringsSep " " cfg.extraArgs; + environment.LLDPD_OPTIONS = lib.concatStringsSep " " cfg.extraArgs; }; }; } diff --git a/nixos/modules/services/networking/logmein-hamachi.nix b/nixos/modules/services/networking/logmein-hamachi.nix index b7d960264d21d71..852101f09dffca1 100644 --- a/nixos/modules/services/networking/logmein-hamachi.nix +++ b/nixos/modules/services/networking/logmein-hamachi.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.logmein-hamachi; @@ -14,8 +11,8 @@ in options = { - services.logmein-hamachi.enable = mkOption { - type = types.bool; + services.logmein-hamachi.enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable LogMeIn Hamachi, a proprietary @@ -28,7 +25,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.logmein-hamachi = { description = "LogMeIn Hamachi Daemon"; diff --git a/nixos/modules/services/networking/lxd-image-server.nix b/nixos/modules/services/networking/lxd-image-server.nix index 93374a385a90c10..4712a3c1b3db9af 100644 --- a/nixos/modules/services/networking/lxd-image-server.nix +++ b/nixos/modules/services/networking/lxd-image-server.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.lxd-image-server; format = pkgs.formats.toml {}; @@ -11,16 +8,16 @@ in { options = { services.lxd-image-server = { - enable = mkEnableOption "lxd-image-server"; + enable = lib.mkEnableOption "lxd-image-server"; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; description = "Group assigned to the user and the webroot directory."; default = "nginx"; example = "www-data"; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; description = '' Configuration for lxd-image-server. @@ -31,9 +28,9 @@ in }; nginx = { - enable = mkEnableOption "nginx"; - domain = mkOption { - type = types.str; + enable = lib.mkEnableOption "nginx"; + domain = lib.mkOption { + type = lib.types.str; description = "Domain to use for nginx virtual host."; example = "images.example.org"; }; @@ -41,8 +38,8 @@ in }; }; - config = mkMerge [ - (mkIf (cfg.enable) { + config = lib.mkMerge [ + (lib.mkIf (cfg.enable) { users.users.lxd-image-server = { isSystemUser = true; group = cfg.group; @@ -88,12 +85,12 @@ in }; }) # this is separate so it can be enabled on mirrored hosts - (mkIf (cfg.nginx.enable) { + (lib.mkIf (cfg.nginx.enable) { # https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf services.nginx.virtualHosts = { "${cfg.nginx.domain}" = { forceSSL = true; - enableACME = mkDefault true; + enableACME = lib.mkDefault true; root = location; diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix index 6ba15ba950fbf03..74b388d68408504 100644 --- a/nixos/modules/services/networking/matterbridge.nix +++ b/nixos/modules/services/networking/matterbridge.nix @@ -1,7 +1,4 @@ { options, config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.matterbridge; @@ -17,12 +14,12 @@ in { options = { services.matterbridge = { - enable = mkEnableOption "Matterbridge chat platform bridge"; + enable = lib.mkEnableOption "Matterbridge chat platform bridge"; - package = mkPackageOption pkgs "matterbridge" { }; + package = lib.mkPackageOption pkgs "matterbridge" { }; - configPath = mkOption { - type = with types; nullOr str; + configPath = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "/etc/nixos/matterbridge.toml"; description = '' @@ -30,8 +27,8 @@ in ''; }; - configFile = mkOption { - type = types.str; + configFile = lib.mkOption { + type = lib.types.str; example = '' # WARNING: as this file contains credentials, do not use this option! # It is kept only for backwards compatibility, and would cause your @@ -72,16 +69,16 @@ in The matterbridge configuration file in the TOML file format. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "matterbridge"; description = '' User which runs the matterbridge service. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "matterbridge"; description = '' Group which runs the matterbridge service. @@ -90,18 +87,18 @@ in }; }; - config = mkIf cfg.enable { - warnings = optional options.services.matterbridge.configFile.isDefined + config = lib.mkIf cfg.enable { + warnings = lib.optional options.services.matterbridge.configFile.isDefined "The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath"; - users.users = optionalAttrs (cfg.user == "matterbridge") + users.users = lib.optionalAttrs (cfg.user == "matterbridge") { matterbridge = { group = "matterbridge"; isSystemUser = true; }; }; - users.groups = optionalAttrs (cfg.group == "matterbridge") + users.groups = lib.optionalAttrs (cfg.group == "matterbridge") { matterbridge = { }; }; diff --git a/nixos/modules/system/boot/clevis.nix b/nixos/modules/system/boot/clevis.nix index ac881e953576710..36328f19e7c6528 100644 --- a/nixos/modules/system/boot/clevis.nix +++ b/nixos/modules/system/boot/clevis.nix @@ -1,54 +1,51 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.boot.initrd.clevis; systemd = config.boot.initrd.systemd; supportedFs = [ "zfs" "bcachefs" ]; in { - meta.maintainers = with maintainers; [ julienmalka camillemndn ]; + meta.maintainers = with lib.maintainers; [ julienmalka camillemndn ]; meta.doc = ./clevis.md; options = { - boot.initrd.clevis.enable = mkEnableOption "Clevis in initrd"; + boot.initrd.clevis.enable = lib.mkEnableOption "Clevis in initrd"; - boot.initrd.clevis.package = mkOption { - type = types.package; + boot.initrd.clevis.package = lib.mkOption { + type = lib.types.package; default = pkgs.clevis; defaultText = "pkgs.clevis"; description = "Clevis package"; }; - boot.initrd.clevis.devices = mkOption { + boot.initrd.clevis.devices = lib.mkOption { description = "Encrypted devices that need to be unlocked at boot using Clevis"; default = { }; - type = types.attrsOf (types.submodule ({ - options.secretFile = mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ + options.secretFile = lib.mkOption { description = "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS)."; - type = types.path; + type = lib.types.path; }; })); }; - boot.initrd.clevis.useTang = mkOption { + boot.initrd.clevis.useTang = lib.mkOption { description = "Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin."; default = false; - type = types.bool; + type = lib.types.bool; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Implementation of clevis unlocking for the supported filesystems are located directly in the respective modules. - assertions = (attrValues (mapAttrs + assertions = (lib.attrValues (lib.mapAttrs (device: _: { - assertion = (any (fs: fs.device == device && (elem fs.fsType supportedFs) || (fs.fsType == "zfs" && hasPrefix "${device}/" fs.device)) config.system.build.fileSystems) || (hasAttr device config.boot.initrd.luks.devices); + assertion = (lib.any (fs: fs.device == device && (lib.elem fs.fsType supportedFs) || (fs.fsType == "zfs" && lib.hasPrefix "${device}/" fs.device)) config.system.build.fileSystems) || (lib.hasAttr device config.boot.initrd.luks.devices); message = '' No filesystem or LUKS device with the name ${device} is declared in your configuration.''; }) @@ -61,7 +58,7 @@ in else [ ]; boot.initrd = { - extraUtilsCommands = mkIf (!systemd.enable) '' + extraUtilsCommands = lib.mkIf (!systemd.enable) '' copy_bin_and_libs ${pkgs.jose}/bin/jose copy_bin_and_libs ${pkgs.curl}/bin/curl copy_bin_and_libs ${pkgs.bash}/bin/bash @@ -84,15 +81,15 @@ in sed -i $out/bin/clevis-decrypt-tpm2 -e 's,tpm2_,tpm2 ,' ''; - secrets = lib.mapAttrs' (name: value: nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices; + secrets = lib.mapAttrs' (name: value: lib.nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices; systemd = { - extraBin = mkIf systemd.enable { + extraBin = lib.mkIf systemd.enable { clevis = "${cfg.package}/bin/clevis"; curl = "${pkgs.curl}/bin/curl"; }; - storePaths = mkIf systemd.enable [ + storePaths = lib.mkIf systemd.enable [ cfg.package "${pkgs.jose}/bin/jose" "${pkgs.curl}/bin/curl" diff --git a/nixos/modules/system/boot/emergency-mode.nix b/nixos/modules/system/boot/emergency-mode.nix index 717ab08f2534d2a..11195dc13d102a5 100644 --- a/nixos/modules/system/boot/emergency-mode.nix +++ b/nixos/modules/system/boot/emergency-mode.nix @@ -1,16 +1,13 @@ { config, lib, ... }: - -with lib; - { ###### interface options = { - systemd.enableEmergencyMode = mkOption { + systemd.enableEmergencyMode = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable emergency mode, which is an {command}`sulogin` shell started on the console if @@ -27,7 +24,7 @@ with lib; config = { - systemd.additionalUpstreamSystemUnits = optionals + systemd.additionalUpstreamSystemUnits = lib.optionals config.systemd.enableEmergencyMode [ "emergency.target" "emergency.service" ]; diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix index 6043c904c4504ae..2725d3678d52360 100644 --- a/nixos/modules/system/boot/loader/efi.nix +++ b/nixos/modules/system/boot/loader/efi.nix @@ -1,19 +1,16 @@ { lib, ... }: - -with lib; - { options.boot.loader.efi = { - canTouchEfiVariables = mkOption { + canTouchEfiVariables = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether the installation process is allowed to modify EFI boot variables."; }; - efiSysMountPoint = mkOption { + efiSysMountPoint = lib.mkOption { default = "/boot"; - type = types.str; + type = lib.types.str; description = "Where the EFI System Partition is mounted."; }; }; diff --git a/nixos/modules/system/boot/tmp.nix b/nixos/modules/system/boot/tmp.nix index 150f4adaf3ee6e7..8287fa5f872f4cc 100644 --- a/nixos/modules/system/boot/tmp.nix +++ b/nixos/modules/system/boot/tmp.nix @@ -1,29 +1,26 @@ { config, lib, ... }: - -with lib; - let cfg = config.boot.tmp; in { imports = [ - (mkRenamedOptionModule [ "boot" "cleanTmpDir" ] [ "boot" "tmp" "cleanOnBoot" ]) - (mkRenamedOptionModule [ "boot" "tmpOnTmpfs" ] [ "boot" "tmp" "useTmpfs" ]) - (mkRenamedOptionModule [ "boot" "tmpOnTmpfsSize" ] [ "boot" "tmp" "tmpfsSize" ]) + (lib.mkRenamedOptionModule [ "boot" "cleanTmpDir" ] [ "boot" "tmp" "cleanOnBoot" ]) + (lib.mkRenamedOptionModule [ "boot" "tmpOnTmpfs" ] [ "boot" "tmp" "useTmpfs" ]) + (lib.mkRenamedOptionModule [ "boot" "tmpOnTmpfsSize" ] [ "boot" "tmp" "tmpfsSize" ]) ]; options = { boot.tmp = { - cleanOnBoot = mkOption { - type = types.bool; + cleanOnBoot = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to delete all files in {file}`/tmp` during boot. ''; }; - tmpfsSize = mkOption { - type = types.oneOf [ types.str types.types.ints.positive ]; + tmpfsSize = lib.mkOption { + type = lib.types.oneOf [ lib.types.str lib.types.ints.positive ]; default = "50%"; description = '' Size of tmpfs in percentage. @@ -31,8 +28,8 @@ in ''; }; - useTmpfs = mkOption { - type = types.bool; + useTmpfs = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to mount a tmpfs on {file}`/tmp` during boot. @@ -48,12 +45,12 @@ in config = { # When changing remember to update /tmp mount in virtualisation/qemu-vm.nix - systemd.mounts = mkIf cfg.useTmpfs [ + systemd.mounts = lib.mkIf cfg.useTmpfs [ { what = "tmpfs"; where = "/tmp"; type = "tmpfs"; - mountConfig.Options = concatStringsSep "," [ + mountConfig.Options = lib.concatStringsSep "," [ "mode=1777" "strictatime" "rw" @@ -64,6 +61,6 @@ in } ]; - systemd.tmpfiles.rules = optional cfg.cleanOnBoot "D! /tmp 1777 root root"; + systemd.tmpfiles.rules = lib.optional cfg.cleanOnBoot "D! /tmp 1777 root root"; }; } diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix index 765f10d33bfe855..a81bec27bce2b01 100644 --- a/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixos/modules/tasks/filesystems/nfs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inInitrd = config.boot.initrd.supportedFilesystems.nfs or false; @@ -16,15 +13,15 @@ let # merge parameters from services.nfs.server nfsConfSettings = - optionalAttrs (cfg.server.nproc != null) { + lib.optionalAttrs (cfg.server.nproc != null) { nfsd.threads = cfg.server.nproc; - } // optionalAttrs (cfg.server.hostName != null) { + } // lib.optionalAttrs (cfg.server.hostName != null) { nfsd.host= cfg.hostName; - } // optionalAttrs (cfg.server.mountdPort != null) { + } // lib.optionalAttrs (cfg.server.mountdPort != null) { mountd.port = cfg.server.mountdPort; - } // optionalAttrs (cfg.server.statdPort != null) { + } // lib.optionalAttrs (cfg.server.statdPort != null) { statd.port = cfg.server.statdPort; - } // optionalAttrs (cfg.server.lockdPort != null) { + } // lib.optionalAttrs (cfg.server.lockdPort != null) { lockd.port = cfg.server.lockdPort; lockd.udp-port = cfg.server.lockdPort; }; @@ -32,17 +29,17 @@ let nfsConfDeprecated = cfg.extraConfig + '' [nfsd] threads=${toString cfg.server.nproc} - ${optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} + ${lib.optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} ${cfg.server.extraNfsdConfig} [mountd] - ${optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} + ${lib.optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} [statd] - ${optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} + ${lib.optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} [lockd] - ${optionalString (cfg.server.lockdPort != null) '' + ${lib.optionalString (cfg.server.lockdPort != null) '' port=${toString cfg.server.lockdPort} udp-port=${toString cfg.server.lockdPort} ''} @@ -50,7 +47,7 @@ let nfsConfFile = if cfg.settings != {} - then format.generate "nfs.conf" (recursiveUpdate nfsConfSettings cfg.settings) + then format.generate "nfs.conf" (lib.recursiveUpdate nfsConfSettings cfg.settings) else pkgs.writeText "nfs.conf" nfsConfDeprecated; requestKeyConfFile = pkgs.writeText "request-key.conf" '' @@ -66,7 +63,7 @@ in options = { services.nfs = { - idmapd.settings = mkOption { + idmapd.settings = lib.mkOption { type = format.type; default = {}; description = '' @@ -74,7 +71,7 @@ in for details. ''; - example = literalExpression '' + example = lib.literalExpression '' { Translation = { GSS-Methods = "static,nsswitch"; @@ -85,21 +82,21 @@ in } ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = {}; description = '' General configuration for NFS daemons and tools. See nfs.conf(5) and related man pages for details. ''; - example = literalExpression '' + example = lib.literalExpression '' { mountd.manage-gids = true; } ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra nfs-utils configuration. @@ -110,12 +107,12 @@ in ###### implementation - config = mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { + config = lib.mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { warnings = - (optional (cfg.extraConfig != "") '' + (lib.optional (cfg.extraConfig != "") '' `services.nfs.extraConfig` is deprecated. Use `services.nfs.settings` instead. - '') ++ (optional (cfg.server.extraNfsdConfig != "") '' + '') ++ (lib.optional (cfg.server.extraNfsdConfig != "") '' `services.nfs.server.extraNfsdConfig` is deprecated. Use `services.nfs.settings` instead. ''); assertions = [{ @@ -126,9 +123,9 @@ in services.rpcbind.enable = true; services.nfs.idmapd.settings = { - General = mkMerge [ + General = lib.mkMerge [ { Pipefs-Directory = rpcMountpoint; } - (mkIf (config.networking.domain != null) { Domain = config.networking.domain; }) + (lib.mkIf (config.networking.domain != null) { Domain = config.networking.domain; }) ]; Mapping = { Nobody-User = "nobody"; @@ -141,7 +138,7 @@ in system.fsPackages = [ pkgs.nfs-utils ]; - boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ]; + boot.initrd.kernelModules = lib.mkIf inInitrd [ "nfs" ]; systemd.packages = [ pkgs.nfs-utils ]; @@ -167,12 +164,12 @@ in systemd.services.nfs-mountd = { restartTriggers = [ nfsConfFile ]; - enable = mkDefault false; + enable = lib.mkDefault false; }; systemd.services.nfs-server = { restartTriggers = [ nfsConfFile ]; - enable = mkDefault false; + enable = lib.mkDefault false; }; systemd.services.auth-rpcgss-module = diff --git a/nixos/modules/virtualisation/docker-rootless.nix b/nixos/modules/virtualisation/docker-rootless.nix index bad9136afd29816..15b9f16eefefcb7 100644 --- a/nixos/modules/virtualisation/docker-rootless.nix +++ b/nixos/modules/virtualisation/docker-rootless.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.docker.rootless; @@ -15,8 +12,8 @@ in ###### interface options.virtualisation.docker.rootless = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option enables docker in a rootless mode, a daemon that manages @@ -25,8 +22,8 @@ in ''; }; - setSocketVariable = mkOption { - type = types.bool; + setSocketVariable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Point {command}`DOCKER_HOST` to rootless Docker instance for @@ -34,7 +31,7 @@ in ''; }; - daemon.settings = mkOption { + daemon.settings = lib.mkOption { type = settingsFormat.type; default = { }; example = { @@ -47,15 +44,15 @@ in ''; }; - package = mkPackageOption pkgs "docker" { }; + package = lib.mkPackageOption pkgs "docker" { }; }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - environment.extraInit = optionalString cfg.setSocketVariable '' + environment.extraInit = lib.optionalString cfg.setSocketVariable '' if [ -z "$DOCKER_HOST" -a -n "$XDG_RUNTIME_DIR" ]; then export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" fi diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index b4933cffa2c0cc0..31222d553a345c4 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -1,9 +1,5 @@ # Module for VirtualBox guests. - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.virtualbox.guest; kernel = config.boot.kernelPackages; @@ -32,38 +28,38 @@ let in { imports = [ - (mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ]) + (lib.mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ]) ]; options.virtualisation.virtualbox.guest = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether to enable the VirtualBox service and other guest additions."; }; - clipboard = mkOption { + clipboard = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable clipboard support."; }; - seamless = mkOption { + seamless = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable seamless mode. When activated windows from the guest appear next to the windows of the host."; }; - dragAndDrop = mkOption { + dragAndDrop = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable drag and drop support."; }; }; ###### implementation - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { assertions = [{ assertion = pkgs.stdenv.hostPlatform.isx86; @@ -104,17 +100,17 @@ in systemd.user.services.virtualboxClientVmsvga = mkVirtualBoxUserService "--vmsvga-session"; } ( - mkIf cfg.clipboard { + lib.mkIf cfg.clipboard { systemd.user.services.virtualboxClientClipboard = mkVirtualBoxUserService "--clipboard"; } ) ( - mkIf cfg.seamless { + lib.mkIf cfg.seamless { systemd.user.services.virtualboxClientSeamless = mkVirtualBoxUserService "--seamless"; } ) ( - mkIf cfg.dragAndDrop { + lib.mkIf cfg.dragAndDrop { systemd.user.services.virtualboxClientDragAndDrop = mkVirtualBoxUserService "--draganddrop"; } ) diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index 4808652a542ad72..8820b4ff5a83766 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.virtualbox.host; @@ -18,7 +15,7 @@ in { options.virtualisation.virtualbox.host = { - enable = mkEnableOption "VirtualBox" // { + enable = lib.mkEnableOption "VirtualBox" // { description = '' Whether to enable VirtualBox. @@ -29,7 +26,7 @@ in ''; }; - enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { + enableExtensionPack = lib.mkEnableOption "VirtualBox extension pack" // { description = '' Whether to install the Oracle Extension Pack for VirtualBox. @@ -40,18 +37,18 @@ in ''; }; - package = mkPackageOption pkgs "virtualbox" { }; + package = lib.mkPackageOption pkgs "virtualbox" { }; - addNetworkInterface = mkOption { - type = types.bool; + addNetworkInterface = lib.mkOption { + type = lib.types.bool; default = true; description = '' Automatically set up a vboxnet0 host-only network interface. ''; }; - enableHardening = mkOption { - type = types.bool; + enableHardening = lib.mkOption { + type = lib.types.bool; default = true; description = '' Enable hardened VirtualBox, which ensures that only the binaries in the @@ -65,8 +62,8 @@ in ''; }; - headless = mkOption { - type = types.bool; + headless = lib.mkOption { + type = lib.types.bool; default = false; description = '' Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers @@ -74,16 +71,16 @@ in ''; }; - enableWebService = mkOption { - type = types.bool; + enableWebService = lib.mkOption { + type = lib.types.bool; default = false; description = '' Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers. ''; }; - enableKvm = mkOption { - type = types.bool; + enableKvm = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable KVM support for VirtualBox. This increases compatibility with Linux kernel versions, because the VirtualBox kernel modules @@ -96,8 +93,8 @@ in }; }; - config = mkIf cfg.enable (mkMerge [{ - warnings = mkIf (pkgs.config.virtualbox.enableExtensionPack or false) + config = lib.mkIf cfg.enable (lib.mkMerge [{ + warnings = lib.mkIf (pkgs.config.virtualbox.enableExtensionPack or false) ["'nixpkgs.virtualbox.enableExtensionPack' has no effect, please use 'virtualisation.virtualbox.host.enableExtensionPack'"]; environment.systemPackages = [ virtualbox ]; @@ -118,7 +115,7 @@ in "VBoxSDL" "VirtualBoxVM" ]); - in mkIf cfg.enableHardening + in lib.mkIf cfg.enableHardening (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables)); users.groups.vboxusers.gid = config.ids.gids.vboxusers; @@ -130,14 +127,14 @@ in SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" ''; - } (mkIf cfg.enableKvm { + } (lib.mkIf cfg.enableKvm { assertions = [ { assertion = !cfg.addNetworkInterface; message = "VirtualBox KVM only supports standard NAT networking for VMs. Please turn off virtualisation.virtualbox.host.addNetworkInterface."; } ]; - }) (mkIf (!cfg.enableKvm) { + }) (lib.mkIf (!cfg.enableKvm) { boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ]; boot.extraModulePackages = [ kernelModules ]; @@ -149,7 +146,7 @@ in ''; # Since we lack the right setuid/setcap binaries, set up a host-only network by default. - }) (mkIf cfg.addNetworkInterface { + }) (lib.mkIf cfg.addNetworkInterface { systemd.services.vboxnet0 = { description = "VirtualBox vboxnet0 Interface"; requires = [ "dev-vboxnetctl.device" ]; @@ -177,7 +174,7 @@ in # Make sure NetworkManager won't assume this interface being up # means we have internet access. networking.networkmanager.unmanaged = ["vboxnet0"]; - }) (mkIf config.networking.useNetworkd { + }) (lib.mkIf config.networking.useNetworkd { systemd.network.networks."40-vboxnet0".extraConfig = '' [Link] RequiredForOnline=no diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 1c8b9b99c01ca4a..4ab5d17ecd4956c 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualbox; @@ -10,51 +7,51 @@ in { options = { virtualbox = { - baseImageSize = mkOption { - type = with types; either (enum [ "auto" ]) int; + baseImageSize = lib.mkOption { + type = with lib.types; either (enum [ "auto" ]) int; default = "auto"; example = 50 * 1024; description = '' The size of the VirtualBox base image in MiB. ''; }; - baseImageFreeSpace = mkOption { - type = with types; int; + baseImageFreeSpace = lib.mkOption { + type = with lib.types; int; default = 30 * 1024; description = '' Free space in the VirtualBox base image in MiB. ''; }; - memorySize = mkOption { - type = types.int; + memorySize = lib.mkOption { + type = lib.types.int; default = 1536; description = '' The amount of RAM the VirtualBox appliance can use in MiB. ''; }; - vmDerivationName = mkOption { - type = types.str; + vmDerivationName = lib.mkOption { + type = lib.types.str; default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; description = '' The name of the derivation for the VirtualBox appliance. ''; }; - vmName = mkOption { - type = types.str; + vmName = lib.mkOption { + type = lib.types.str; default = "${config.system.nixos.distroName} ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})"; description = '' The name of the VirtualBox appliance. ''; }; - vmFileName = mkOption { - type = types.str; + vmFileName = lib.mkOption { + type = lib.types.str; default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.ova"; description = '' The file name of the VirtualBox appliance. ''; }; - params = mkOption { - type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + params = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool (listOf str) ]); example = { audio = "alsa"; rtcuseutc = "on"; @@ -66,8 +63,8 @@ in { Run `VBoxManage modifyvm --help` to see more options. ''; }; - exportParams = mkOption { - type = with types; listOf (oneOf [ str int bool (listOf str) ]); + exportParams = lib.mkOption { + type = with lib.types; listOf (oneOf [ str int bool (listOf str) ]); example = [ "--vsys" "0" "--vendor" "ACME Inc." ]; @@ -78,7 +75,7 @@ in { Run `VBoxManage export --help` to see more options. ''; }; - extraDisk = mkOption { + extraDisk = lib.mkOption { description = '' Optional extra disk/hdd configuration. The disk will be an 'ext4' partition on a separate file. @@ -89,26 +86,26 @@ in { mountPoint = "/home/demo/storage"; size = 100 * 1024; }; - type = types.nullOr (types.submodule { + type = lib.types.nullOr (lib.types.submodule { options = { - size = mkOption { - type = types.int; + size = lib.mkOption { + type = lib.types.int; description = "Size in MiB"; }; - label = mkOption { - type = types.str; + label = lib.mkOption { + type = lib.types.str; default = "vm-extra-storage"; description = "Label for the disk partition"; }; - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; description = "Path where to mount this disk."; }; }; }); }; - postExportCommands = mkOption { - type = types.lines; + postExportCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = '' ${pkgs.cot}/bin/cot edit-hardware "$fn" \ @@ -124,8 +121,8 @@ in { Extra commands to run after exporting the OVA to `$fn`. ''; }; - storageController = mkOption { - type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + storageController = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool (listOf str) ]); example = { name = "SCSI"; add = "scsi"; @@ -152,8 +149,8 @@ in { config = { - virtualbox.params = mkMerge [ - (mapAttrs (name: mkDefault) { + virtualbox.params = lib.mkMerge [ + (lib.mapAttrs (name: lib.mkDefault) { acpi = "on"; vram = 32; nictype1 = "virtio"; @@ -167,7 +164,7 @@ in { usbehci = "on"; mouse = "usbtablet"; }) - (mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) + (lib.mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) ]; system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix { @@ -186,7 +183,7 @@ in { echo "converting image to VirtualBox format..." VBoxManage convertfromraw $diskImage disk.vdi - ${optionalString (cfg.extraDisk != null) '' + ${lib.optionalString (cfg.extraDisk != null) '' echo "creating extra disk: data-disk.raw" dataDiskImage=data-disk.raw truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage @@ -210,7 +207,7 @@ in { VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController} VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \ --medium disk.vdi - ${optionalString (cfg.extraDisk != null) '' + ${lib.optionalString (cfg.extraDisk != null) '' VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \ --medium data-disk.vdi ''} @@ -218,7 +215,7 @@ in { echo "exporting VirtualBox VM..." mkdir -p $out fn="$out/${cfg.vmFileName}" - VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams} + VBoxManage export "$vmName" --output "$fn" --options manifest ${lib.escapeShellArgs cfg.exportParams} ${cfg.postExportCommands} rm -v $diskImage diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix index be706efcea3a28b..c80181f287b32ab 100644 --- a/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.vmware.guest; open-vm-tools = if cfg.headless then pkgs.open-vm-tools-headless else pkgs.open-vm-tools; @@ -9,20 +6,20 @@ let in { imports = [ - (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) + (lib.mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) ]; options.virtualisation.vmware.guest = { - enable = mkEnableOption "VMWare Guest Support"; - headless = mkOption { - type = types.bool; + enable = lib.mkEnableOption "VMWare Guest Support"; + headless = lib.mkOption { + type = lib.types.bool; default = !config.services.xserver.enable; defaultText = "!config.services.xserver.enable"; description = "Whether to disable X11-related features."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64; message = "VMWare guest is not currently supported on ${pkgs.stdenv.hostPlatform.system}"; @@ -42,7 +39,7 @@ in }; # Mount the vmblock for drag-and-drop and copy-and-paste. - systemd.mounts = mkIf (!cfg.headless) [ + systemd.mounts = lib.mkIf (!cfg.headless) [ { description = "VMware vmblock fuse mount"; documentation = [ "https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/vmblock-fuse/design.txt" ]; @@ -55,7 +52,7 @@ in } ]; - security.wrappers.vmware-user-suid-wrapper = mkIf (!cfg.headless) { + security.wrappers.vmware-user-suid-wrapper = lib.mkIf (!cfg.headless) { setuid = true; owner = "root"; group = "root"; @@ -64,7 +61,7 @@ in environment.etc.vmware-tools.source = "${open-vm-tools}/etc/vmware-tools/*"; - services.xserver = mkIf (!cfg.headless) { + services.xserver = lib.mkIf (!cfg.headless) { modules = lib.optionals pkgs.stdenv.hostPlatform.isx86 [ xf86inputvmmouse ]; config = lib.optionalString (pkgs.stdenv.hostPlatform.isx86) ''