From a15394d51a40315f749ee87728a2e5b6461456f3 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:52 +0200 Subject: [PATCH 001/148] nixos/iso-image: remove `with lib;` --- nixos/modules/installer/cd-dvd/installation-cd-base.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix index 3f92b779d60a2..d36c90c6254eb 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix @@ -1,10 +1,6 @@ # This module contains the basic configuration for building a NixOS # installation CD. - { config, lib, options, pkgs, ... }: - -with lib; - { imports = [ ./iso-image.nix @@ -32,8 +28,8 @@ with lib; # An installation media cannot tolerate a host config defined file # system layout on a fresh machine, before it has been formatted. - swapDevices = mkImageMediaOverride [ ]; - fileSystems = mkImageMediaOverride config.lib.isoFileSystems; + swapDevices = lib.mkImageMediaOverride [ ]; + fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems; boot.postBootCommands = '' for o in $( Date: Wed, 28 Aug 2024 21:18:52 +0200 Subject: [PATCH 002/148] nixos/installation-cd-graphical-base: remove `with lib;` --- .../installer/cd-dvd/installation-cd-graphical-base.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix index 7f7ab9ede47e3..f4a2884964f50 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix @@ -1,10 +1,6 @@ # This module contains the basic configuration for building a graphical NixOS # installation CD. - { lib, pkgs, ... }: - -with lib; - { imports = [ ./installation-cd-base.nix ]; @@ -26,7 +22,7 @@ with lib; # Provide networkmanager for easy wireless configuration. networking.networkmanager.enable = true; - networking.wireless.enable = mkImageMediaOverride false; + networking.wireless.enable = lib.mkImageMediaOverride false; # KDE complains if power management is disabled (to be precise, if # there is no power management backend such as upower). From de2bbebb7f126974d20cf2fe41232b520bb74e58 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:52 +0200 Subject: [PATCH 003/148] nixos/installer.scan: remove `with lib;` --- nixos/modules/installer/scan/detected.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nixos/modules/installer/scan/detected.nix b/nixos/modules/installer/scan/detected.nix index 5c5fba56f5178..d66ee8983d6b3 100644 --- a/nixos/modules/installer/scan/detected.nix +++ b/nixos/modules/installer/scan/detected.nix @@ -1,11 +1,8 @@ # List all devices which are detected by nixos-generate-config. # Common devices are enabled by default. { lib, ... }: - -with lib; - { - config = mkDefault { + config = lib.mkDefault { # Common firmware, i.e. for wifi cards hardware.enableRedistributableFirmware = true; }; From 6af918a564d3eb923850f7ef6b3ff4f67e4fb40e Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:52 +0200 Subject: [PATCH 004/148] nixos/flake: remove `with lib;` --- nixos/modules/misc/nixpkgs-flake.nix | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/nixos/modules/misc/nixpkgs-flake.nix b/nixos/modules/misc/nixpkgs-flake.nix index f58c3fbbe2e25..4c91d5e604f26 100644 --- a/nixos/modules/misc/nixpkgs-flake.nix +++ b/nixos/modules/misc/nixpkgs-flake.nix @@ -1,19 +1,16 @@ { config, options, lib, pkgs, ... }: - -with lib; - let cfg = config.nixpkgs.flake; in { options.nixpkgs.flake = { - source = mkOption { + source = lib.mkOption { # In newer Nix versions, particularly with lazy trees, outPath of # flakes becomes a Nix-language path object. We deliberately allow this # to gracefully come through the interface in discussion with @roberth. # # See: https://github.com/NixOS/nixpkgs/pull/278522#discussion_r1460292639 - type = types.nullOr (types.either types.str types.path); + type = lib.types.nullOr (lib.types.either lib.types.str lib.types.path); default = null; defaultText = "if (using nixpkgsFlake.lib.nixosSystem) then self.outPath else null"; @@ -34,8 +31,8 @@ in ''; }; - setNixPath = mkOption { - type = types.bool; + setNixPath = lib.mkOption { + type = lib.types.bool; default = cfg.source != null; defaultText = "config.nixpkgs.flake.source != null"; @@ -54,8 +51,8 @@ in ''; }; - setFlakeRegistry = mkOption { - type = types.bool; + setFlakeRegistry = lib.mkOption { + type = lib.types.bool; default = cfg.source != null; defaultText = "config.nixpkgs.flake.source != null"; @@ -75,7 +72,7 @@ in }; }; - config = mkIf (cfg.source != null) (mkMerge [ + config = lib.mkIf (cfg.source != null) (lib.mkMerge [ { assertions = [ { @@ -87,19 +84,19 @@ in } ]; } - (mkIf cfg.setFlakeRegistry { - nix.registry.nixpkgs.to = mkDefault { + (lib.mkIf cfg.setFlakeRegistry { + nix.registry.nixpkgs.to = lib.mkDefault { type = "path"; path = cfg.source; }; }) - (mkIf cfg.setNixPath { + (lib.mkIf cfg.setNixPath { # N.B. This does not include nixos-config in NIX_PATH unlike modules/config/nix-channel.nix # because we would need some kind of evil shim taking the *calling* flake's self path, # perhaps, to ever make that work (in order to know where the Nix expr for the system came # from and how to call it). - nix.nixPath = mkDefault ([ "nixpkgs=flake:nixpkgs" ] - ++ optional config.nix.channel.enable "/nix/var/nix/profiles/per-user/root/channels"); + nix.nixPath = lib.mkDefault ([ "nixpkgs=flake:nixpkgs" ] + ++ lib.optional config.nix.channel.enable "/nix/var/nix/profiles/per-user/root/channels"); }) ]); } From 609e57485d1fa111e3a689498d9d338dc03a7bc5 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:52 +0200 Subject: [PATCH 005/148] nixos/nixpkgs: remove `with lib;` --- nixos/modules/misc/nixpkgs.nix | 81 ++++++++++++++++------------------ 1 file changed, 39 insertions(+), 42 deletions(-) diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix index 60a6fb57c7a29..393c19c992174 100644 --- a/nixos/modules/misc/nixpkgs.nix +++ b/nixos/modules/misc/nixpkgs.nix @@ -1,7 +1,4 @@ { config, options, lib, pkgs, ... }: - -with lib; - let cfg = config.nixpkgs; opt = options.nixpkgs; @@ -19,19 +16,19 @@ let lhs = optCall lhs_ { inherit pkgs; }; rhs = optCall rhs_ { inherit pkgs; }; in - recursiveUpdate lhs rhs // - optionalAttrs (lhs ? packageOverrides) { + lib.recursiveUpdate lhs rhs // + lib.optionalAttrs (lhs ? packageOverrides) { packageOverrides = pkgs: optCall lhs.packageOverrides pkgs // - optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs; + optCall (lib.attrByPath [ "packageOverrides" ] { } rhs) pkgs; } // - optionalAttrs (lhs ? perlPackageOverrides) { + lib.optionalAttrs (lhs ? perlPackageOverrides) { perlPackageOverrides = pkgs: optCall lhs.perlPackageOverrides pkgs // - optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; + optCall (lib.attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; }; - configType = mkOptionType { + configType = lib.mkOptionType { name = "nixpkgs-config"; description = "nixpkgs config"; check = x: @@ -39,34 +36,34 @@ let if c x then true else lib.traceSeqN 1 x false; in traceXIfNot isConfig; - merge = args: foldr (def: mergeConfig def.value) {}; + merge = args: lib.foldr (def: mergeConfig def.value) {}; }; - overlayType = mkOptionType { + overlayType = lib.mkOptionType { name = "nixpkgs-overlay"; description = "nixpkgs overlay"; check = lib.isFunction; merge = lib.mergeOneOption; }; - pkgsType = types.pkgs // { + pkgsType = lib.types.pkgs // { # This type is only used by itself, so let's elaborate the description a bit # for the purpose of documentation. description = "An evaluation of Nixpkgs; the top level attribute set of packages"; }; - hasBuildPlatform = opt.buildPlatform.highestPrio < (mkOptionDefault {}).priority; + hasBuildPlatform = opt.buildPlatform.highestPrio < (lib.mkOptionDefault {}).priority; hasHostPlatform = opt.hostPlatform.isDefined; hasPlatform = hasHostPlatform || hasBuildPlatform; # Context for messages - hostPlatformLine = optionalString hasHostPlatform "${showOptionWithDefLocs opt.hostPlatform}"; - buildPlatformLine = optionalString hasBuildPlatform "${showOptionWithDefLocs opt.buildPlatform}"; + hostPlatformLine = lib.optionalString hasHostPlatform "${lib.showOptionWithDefLocs opt.hostPlatform}"; + buildPlatformLine = lib.optionalString hasBuildPlatform "${lib.showOptionWithDefLocs opt.buildPlatform}"; legacyOptionsDefined = - optional (opt.localSystem.highestPrio < (mkDefault {}).priority) opt.system - ++ optional (opt.localSystem.highestPrio < (mkOptionDefault {}).priority) opt.localSystem - ++ optional (opt.crossSystem.highestPrio < (mkOptionDefault {}).priority) opt.crossSystem + lib.optional (opt.localSystem.highestPrio < (lib.mkDefault {}).priority) opt.system + ++ lib.optional (opt.localSystem.highestPrio < (lib.mkOptionDefault {}).priority) opt.localSystem + ++ lib.optional (opt.crossSystem.highestPrio < (lib.mkOptionDefault {}).priority) opt.crossSystem ; defaultPkgs = @@ -99,19 +96,19 @@ in imports = [ ./assertions.nix ./meta.nix - (mkRemovedOptionModule [ "nixpkgs" "initialSystem" ] "The NixOS options `nesting.clone` and `nesting.children` have been deleted, and replaced with named specialisation. Therefore `nixpgks.initialSystem` has no effect anymore.") + (lib.mkRemovedOptionModule [ "nixpkgs" "initialSystem" ] "The NixOS options `nesting.clone` and `nesting.children` have been deleted, and replaced with named specialisation. Therefore `nixpgks.initialSystem` has no effect lib.anymore.") ]; options.nixpkgs = { - pkgs = mkOption { - defaultText = literalExpression '' + pkgs = lib.mkOption { + defaultText = lib.literalExpression '' import "''${nixos}/.." { inherit (cfg) config overlays localSystem crossSystem; } ''; type = pkgsType; - example = literalExpression "import {}"; + example = lib.literalExpression "import {}"; description = '' If set, the pkgs argument to all NixOS modules is the value of this option, extended with `nixpkgs.overlays`, if @@ -145,9 +142,9 @@ in ''; }; - config = mkOption { + config = lib.mkOption { default = {}; - example = literalExpression + example = lib.literalExpression '' { allowBroken = true; allowUnfree = true; } ''; @@ -160,9 +157,9 @@ in ''; }; - overlays = mkOption { + overlays = lib.mkOption { default = []; - example = literalExpression + example = lib.literalExpression '' [ (self: super: { @@ -173,7 +170,7 @@ in }) ] ''; - type = types.listOf overlayType; + type = lib.types.listOf overlayType; description = '' List of overlays to apply to Nixpkgs. This option allows modifying the Nixpkgs package set accessed through the `pkgs` module argument. @@ -184,13 +181,13 @@ in ''; }; - hostPlatform = mkOption { - type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform + hostPlatform = lib.mkOption { + type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform example = { system = "aarch64-linux"; }; # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExpression + defaultText = lib.literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Specifies the platform where the NixOS configuration will run. @@ -201,8 +198,8 @@ in ''; }; - buildPlatform = mkOption { - type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform + buildPlatform = lib.mkOption { + type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = cfg.hostPlatform; example = { system = "x86_64-linux"; }; # Make sure that the final value has all fields for sake of other modules @@ -212,7 +209,7 @@ in in if lib.systems.equals elaborated cfg.hostPlatform then cfg.hostPlatform # make identical, so that `==` equality works; see https://github.com/NixOS/nixpkgs/issues/278001 else elaborated; - defaultText = literalExpression + defaultText = lib.literalExpression ''config.nixpkgs.hostPlatform''; description = '' Specifies the platform on which NixOS should be built. @@ -228,14 +225,14 @@ in ''; }; - localSystem = mkOption { - type = types.attrs; # TODO utilize lib.systems.parsedPlatform + localSystem = lib.mkOption { + type = lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = { inherit (cfg) system; }; example = { system = "aarch64-linux"; }; # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - defaultText = literalExpression + defaultText = lib.literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; description = '' Systems with a recently generated `hardware-configuration.nix` @@ -262,8 +259,8 @@ in # TODO deprecate. "crossSystem" is a nonsense identifier, because "cross" # is a relation between at least 2 systems in the context of a # specific build step, not a single system. - crossSystem = mkOption { - type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform + crossSystem = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; # TODO utilize lib.systems.parsedPlatform default = null; example = { system = "aarch64-linux"; }; description = '' @@ -283,8 +280,8 @@ in ''; }; - system = mkOption { - type = types.str; + system = lib.mkOption { + type = lib.types.str; example = "i686-linux"; default = if opt.hostPlatform.isDefined @@ -372,12 +369,12 @@ in { assertion = constructedByMe -> hasPlatform -> legacyOptionsDefined == []; message = '' - Your system configures nixpkgs with the platform parameter${optionalString hasBuildPlatform "s"}: + Your system configures nixpkgs with the platform parameter${lib.optionalString hasBuildPlatform "s"}: ${hostPlatformLine }${buildPlatformLine } However, it also defines the legacy options: - ${concatMapStrings showOptionWithDefLocs legacyOptionsDefined} + ${lib.concatMapStrings lib.showOptionWithDefLocs legacyOptionsDefined} For a future proof system configuration, we recommend to remove the legacy definitions. ''; From 30c85fe74df77e80cbe72076502d91ab14f3207e Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:52 +0200 Subject: [PATCH 006/148] nixos/wordlist: remove `with lib;` --- nixos/modules/misc/wordlist.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/nixos/modules/misc/wordlist.nix b/nixos/modules/misc/wordlist.nix index 988b522d74314..67c83ff2baaae 100644 --- a/nixos/modules/misc/wordlist.nix +++ b/nixos/modules/misc/wordlist.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let concatAndSort = name: files: pkgs.runCommand name {} '' awk 1 ${lib.escapeShellArgs files} | sed '{ /^\s*$/d; s/^\s\+//; s/\s\+$// }' | sort | uniq > $out @@ -8,16 +7,16 @@ in { options = { environment.wordlist = { - enable = mkEnableOption "environment variables for lists of words"; + enable = lib.mkEnableOption "environment variables for lists of words"; - lists = mkOption { - type = types.attrsOf (types.nonEmptyListOf types.path); + lists = lib.mkOption { + type = lib.types.attrsOf (lib.types.nonEmptyListOf lib.types.path); default = { WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ]; }; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' { WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ]; } @@ -34,7 +33,7 @@ in task. ''; - example = literalExpression '' + example = lib.literalExpression '' { WORDLIST = [ "''${pkgs.scowl}/share/dict/words.txt" ]; AUGMENTED_WORDLIST = [ @@ -50,7 +49,7 @@ in }; }; - config = mkIf config.environment.wordlist.enable { + config = lib.mkIf config.environment.wordlist.enable { environment.variables = lib.mapAttrs (name: value: "${concatAndSort "wordlist-${name}" value}") From c99cbe65c4ffcab445f3c389cccf37788bbfdcee Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 007/148] nixos/security: remove `with lib;` --- nixos/modules/security/misc.nix | 47 +++++++++++++++------------------ 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index 5e13b4caddd86..d3ffefe46fc6f 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -1,10 +1,7 @@ { config, lib, ... }: - -with lib; - { meta = { - maintainers = [ maintainers.joachifm ]; + maintainers = [ lib.maintainers.joachifm ]; }; imports = [ @@ -12,8 +9,8 @@ with lib; ]; options = { - security.allowUserNamespaces = mkOption { - type = types.bool; + security.allowUserNamespaces = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to allow creation of user namespaces. @@ -31,8 +28,8 @@ with lib; ''; }; - security.unprivilegedUsernsClone = mkOption { - type = types.bool; + security.unprivilegedUsernsClone = lib.mkOption { + type = lib.types.bool; default = false; description = '' When disabled, unprivileged users will not be able to create new namespaces. @@ -41,16 +38,16 @@ with lib; ''; }; - security.protectKernelImage = mkOption { - type = types.bool; + security.protectKernelImage = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to prevent replacing the running kernel image. ''; }; - security.allowSimultaneousMultithreading = mkOption { - type = types.bool; + security.allowSimultaneousMultithreading = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to allow SMT/hyperthreading. Disabling SMT means that only @@ -68,8 +65,8 @@ with lib; ''; }; - security.forcePageTableIsolation = mkOption { - type = types.bool; + security.forcePageTableIsolation = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to force-enable the Page Table Isolation (PTI) Linux kernel @@ -80,8 +77,8 @@ with lib; ''; }; - security.virtualisation.flushL1DataCache = mkOption { - type = types.nullOr (types.enum [ "never" "cond" "always" ]); + security.virtualisation.flushL1DataCache = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ "never" "cond" "always" ]); default = null; description = '' Whether the hypervisor should flush the L1 data cache before @@ -100,8 +97,8 @@ with lib; }; }; - config = mkMerge [ - (mkIf (!config.security.allowUserNamespaces) { + config = lib.mkMerge [ + (lib.mkIf (!config.security.allowUserNamespaces) { # Setting the number of allowed user namespaces to 0 effectively disables # the feature at runtime. Note that root may raise the limit again # at any time. @@ -114,26 +111,26 @@ with lib; ]; }) - (mkIf config.security.unprivilegedUsernsClone { - boot.kernel.sysctl."kernel.unprivileged_userns_clone" = mkDefault true; + (lib.mkIf config.security.unprivilegedUsernsClone { + boot.kernel.sysctl."kernel.unprivileged_userns_clone" = lib.mkDefault true; }) - (mkIf config.security.protectKernelImage { + (lib.mkIf config.security.protectKernelImage { # Disable hibernation (allows replacing the running kernel) boot.kernelParams = [ "nohibernate" ]; # Prevent replacing the running kernel image w/o reboot - boot.kernel.sysctl."kernel.kexec_load_disabled" = mkDefault true; + boot.kernel.sysctl."kernel.kexec_load_disabled" = lib.mkDefault true; }) - (mkIf (!config.security.allowSimultaneousMultithreading) { + (lib.mkIf (!config.security.allowSimultaneousMultithreading) { boot.kernelParams = [ "nosmt" ]; }) - (mkIf config.security.forcePageTableIsolation { + (lib.mkIf config.security.forcePageTableIsolation { boot.kernelParams = [ "pti=on" ]; }) - (mkIf (config.security.virtualisation.flushL1DataCache != null) { + (lib.mkIf (config.security.virtualisation.flushL1DataCache != null) { boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualisation.flushL1DataCache}" ]; }) ]; From b0d554537c3b6dbf96f234490a88202bbdc05983 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 008/148] nixos/security.pam: remove `with lib;` --- nixos/modules/security/oath.nix | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/nixos/modules/security/oath.nix b/nixos/modules/security/oath.nix index 93bdc851117ae..acf9440b9b92c 100644 --- a/nixos/modules/security/oath.nix +++ b/nixos/modules/security/oath.nix @@ -1,32 +1,28 @@ # This module provides configuration for the OATH PAM modules. - { lib, ... }: - -with lib; - { options = { security.pam.oath = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable the OATH (one-time password) PAM module. ''; }; - digits = mkOption { - type = types.enum [ 6 7 8 ]; + digits = lib.mkOption { + type = lib.types.enum [ 6 7 8 ]; default = 6; description = '' - Specify the length of the one-time password in number of + Specify the lib.length of the one-time password in number of digits. ''; }; - window = mkOption { - type = types.int; + window = lib.mkOption { + type = lib.types.int; default = 5; description = '' Specify the number of one-time passwords to check in order @@ -36,8 +32,8 @@ with lib; ''; }; - usersFile = mkOption { - type = types.path; + usersFile = lib.mkOption { + type = lib.types.path; default = "/etc/users.oath"; description = '' Set the path to file where the user's credentials are From 5e67f3e4c84e24c17518ebaece0ac684e37fd153 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 009/148] nixos/services.pgadmin: remove `with lib;` --- nixos/modules/services/admin/pgadmin.nix | 85 ++++++++++++------------ 1 file changed, 41 insertions(+), 44 deletions(-) diff --git a/nixos/modules/services/admin/pgadmin.nix b/nixos/modules/services/admin/pgadmin.nix index 9c430bd05e712..c9da556b763df 100644 --- a/nixos/modules/services/admin/pgadmin.nix +++ b/nixos/modules/services/admin/pgadmin.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.pgadmin; - _base = with types; [ int bool str ]; - base = with types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); + _base = with lib.types; [ int bool str ]; + base = with lib.types; oneOf ([ (listOf (oneOf _base)) (attrsOf (oneOf _base)) ] ++ _base); formatAttrset = attr: - "{${concatStringsSep "\n" (mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; + "{${lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: "${builtins.toJSON key}: ${formatPyValue value},") attr)}}"; formatPyValue = value: if builtins.isString value then builtins.toJSON value @@ -17,98 +14,98 @@ let else if builtins.isInt value then toString value else if builtins.isBool value then (if value then "True" else "False") else if builtins.isAttrs value then (formatAttrset value) - else if builtins.isList value then "[${concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" + else if builtins.isList value then "[${lib.concatStringsSep "\n" (map (v: "${formatPyValue v},") value)}]" else throw "Unrecognized type"; formatPy = attrs: - concatStringsSep "\n" (mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); + lib.concatStringsSep "\n" (lib.mapAttrsToList (key: value: "${key} = ${formatPyValue value}") attrs); - pyType = with types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); + pyType = with lib.types; attrsOf (oneOf [ (attrsOf base) (listOf base) base ]); in { options.services.pgadmin = { - enable = mkEnableOption "PostgreSQL Admin 4"; + enable = lib.mkEnableOption "PostgreSQL Admin 4"; - port = mkOption { + port = lib.mkOption { description = "Port for pgadmin4 to run on"; - type = types.port; + type = lib.types.port; default = 5050; }; - package = mkPackageOption pkgs "pgadmin4" { }; + package = lib.mkPackageOption pkgs "pgadmin4" { }; - initialEmail = mkOption { + initialEmail = lib.mkOption { description = "Initial email for the pgAdmin account"; - type = types.str; + type = lib.types.str; }; - initialPasswordFile = mkOption { + initialPasswordFile = lib.mkOption { description = '' Initial password file for the pgAdmin account. Minimum length by default is 6. Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable ''; - type = types.path; + type = lib.types.path; }; - minimumPasswordLength = mkOption { + minimumPasswordLength = lib.mkOption { description = "Minimum length of the password"; - type = types.int; + type = lib.types.int; default = 6; }; emailServer = { - enable = mkOption { + enable = lib.mkOption { description = '' Enable SMTP email server. This is necessary, if you want to use password recovery or change your own password ''; - type = types.bool; + type = lib.types.bool; default = false; }; - address = mkOption { + address = lib.mkOption { description = "SMTP server for email delivery"; - type = types.str; + type = lib.types.str; default = "localhost"; }; - port = mkOption { + port = lib.mkOption { description = "SMTP server port for email delivery"; - type = types.port; + type = lib.types.port; default = 25; }; - useSSL = mkOption { + useSSL = lib.mkOption { description = "SMTP server should use SSL"; - type = types.bool; + type = lib.types.bool; default = false; }; - useTLS = mkOption { + useTLS = lib.mkOption { description = "SMTP server should use TLS"; - type = types.bool; + type = lib.types.bool; default = false; }; - username = mkOption { + username = lib.mkOption { description = "SMTP server username for email delivery"; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - sender = mkOption { + sender = lib.mkOption { description = '' SMTP server sender email for email delivery. Some servers require this to be a valid email address from that server ''; - type = types.str; + type = lib.types.str; example = "noreply@example.com"; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { description = '' Password for SMTP email account. NOTE: Should be string not a store path, to prevent the password from being world readable ''; - type = types.path; + type = lib.types.path; }; }; - openFirewall = mkEnableOption "firewall passthrough for pgadmin4"; + openFirewall = lib.mkEnableOption "firewall passthrough for pgadmin4"; - settings = mkOption { + settings = lib.mkOption { description = '' Settings for pgadmin4. [Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html) @@ -118,17 +115,17 @@ in }; }; - config = mkIf (cfg.enable) { - networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ]; + config = lib.mkIf (cfg.enable) { + networking.firewall.allowedTCPPorts = lib.mkIf (cfg.openFirewall) [ cfg.port ]; services.pgadmin.settings = { DEFAULT_SERVER_PORT = cfg.port; PASSWORD_LENGTH_MIN = cfg.minimumPasswordLength; SERVER_MODE = true; UPGRADE_CHECK_ENABLED = false; - } // (optionalAttrs cfg.openFirewall { - DEFAULT_SERVER = mkDefault "::"; - }) // (optionalAttrs cfg.emailServer.enable { + } // (lib.optionalAttrs cfg.openFirewall { + DEFAULT_SERVER = lib.mkDefault "::"; + }) // (lib.optionalAttrs cfg.emailServer.enable { MAIL_SERVER = cfg.emailServer.address; MAIL_PORT = cfg.emailServer.port; MAIL_USE_SSL = cfg.emailServer.useSSL; @@ -160,7 +157,7 @@ in fi ( # Email address: - echo ${escapeShellArg cfg.initialEmail} + echo ${lib.escapeShellArg cfg.initialEmail} # file might not contain newline. echo hack fixes that. PW=$(cat "$PW_FILE") @@ -183,7 +180,7 @@ in StateDirectory = "pgadmin"; ExecStart = "${cfg.package}/bin/pgadmin4"; LoadCredential = [ "initial_password:${cfg.initialPasswordFile}" ] - ++ optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; + ++ lib.optional cfg.emailServer.enable "email_password:${cfg.emailServer.passwordFile}"; }; }; From 02145eb69237f6a3239ef57b51a02c92f45ba160 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 010/148] nixos/services.mysqlBackup: remove `with lib;` --- .../modules/services/backup/mysql-backup.nix | 41 +++++++++---------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix index e3fa7f45844f1..8ad4f98dce8a3 100644 --- a/nixos/modules/services/backup/mysql-backup.nix +++ b/nixos/modules/services/backup/mysql-backup.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inherit (pkgs) mariadb gzip; @@ -12,7 +9,7 @@ let backupScript = '' set -o pipefail failed="" - ${concatMapStringsSep "\n" backupDatabaseScript cfg.databases} + ${lib.concatMapStringsSep "\n" backupDatabaseScript cfg.databases} if [ -n "$failed" ]; then echo "Backup of database(s) failed:$failed" exit 1 @@ -20,7 +17,7 @@ let ''; backupDatabaseScript = db: '' dest="${cfg.location}/${db}.gz" - if ${mariadb}/bin/mysqldump ${optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c ${cfg.gzipOptions} > $dest.tmp; then + if ${mariadb}/bin/mysqldump ${lib.optionalString cfg.singleTransaction "--single-transaction"} ${db} | ${gzip}/bin/gzip -c ${cfg.gzipOptions} > $dest.tmp; then mv $dest.tmp $dest echo "Backed up to $dest" else @@ -37,51 +34,51 @@ in services.mysqlBackup = { - enable = mkEnableOption "MySQL backups"; + enable = lib.mkEnableOption "MySQL backups"; - calendar = mkOption { - type = types.str; + calendar = lib.mkOption { + type = lib.types.str; default = "01:15:00"; description = '' Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second). ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; description = '' User to be used to perform backup. ''; }; - databases = mkOption { + databases = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' List of database names to dump. ''; }; - location = mkOption { - type = types.path; + location = lib.mkOption { + type = lib.types.path; default = "/var/backup/mysql"; description = '' Location to put the gzipped MySQL database dumps. ''; }; - singleTransaction = mkOption { + singleTransaction = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to create database dump in a single transaction ''; }; - gzipOptions = mkOption { + gzipOptions = lib.mkOption { default = "--no-name --rsyncable"; - type = types.str; + type = lib.types.str; description = '' Command line options to use when invoking `gzip`. ''; @@ -90,8 +87,8 @@ in }; - config = mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == defaultUser) { + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == defaultUser) { ${defaultUser} = { isSystemUser = true; createHome = false; @@ -105,9 +102,9 @@ in ensurePermissions = with lib; let privs = "SELECT, SHOW VIEW, TRIGGER, LOCK TABLES"; - grant = db: nameValuePair "${db}.*" privs; + grant = db: lib.nameValuePair "${db}.*" privs; in - listToAttrs (map grant cfg.databases); + lib.listToAttrs (map grant cfg.databases); }]; systemd = { From 5c0e7f70a5133f63d571eed31b4d59c8cf3e8927 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 011/148] nixos/services.postgresqlBackup: remove `with lib;` --- .../services/backup/postgresql-backup.nix | 51 +++++++++---------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 5dd9e075862da..3302375c78899 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.postgresqlBackup; @@ -13,9 +10,9 @@ let "gzip" = ".gz"; "zstd" = ".zstd"; }; - compressSuffix = getAttr cfg.compression compressSuffixes; + compressSuffix = lib.getAttr cfg.compression compressSuffixes; - compressCmd = getAttr cfg.compression { + compressCmd = lib.getAttr cfg.compression { "none" = "cat"; "gzip" = "${pkgs.gzip}/bin/gzip -c -${toString cfg.compressionLevel} --rsyncable"; "zstd" = "${pkgs.zstd}/bin/zstd -c -${toString cfg.compressionLevel} --rsyncable"; @@ -24,7 +21,7 @@ let mkSqlPath = prefix: suffix: "${cfg.location}/${db}${prefix}.sql${suffix}"; curFile = mkSqlPath "" compressSuffix; prevFile = mkSqlPath ".prev" compressSuffix; - prevFiles = map (mkSqlPath ".prev") (attrValues compressSuffixes); + prevFiles = map (mkSqlPath ".prev") (lib.attrValues compressSuffixes); inProgressFile = mkSqlPath ".in-progress" compressSuffix; in { enable = true; @@ -63,7 +60,7 @@ let in { imports = [ - (mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] '' + (lib.mkRemovedOptionModule [ "services" "postgresqlBackup" "period" ] '' A systemd timer is now used instead of cron. The starting time can be configured via services.postgresqlBackup.startAt. '') @@ -71,11 +68,11 @@ in { options = { services.postgresqlBackup = { - enable = mkEnableOption "PostgreSQL dumps"; + enable = lib.mkEnableOption "PostgreSQL dumps"; - startAt = mkOption { + startAt = lib.mkOption { default = "*-*-* 01:15:00"; - type = with types; either (listOf str) str; + type = with lib.types; either (listOf str) str; description = '' This option defines (see `systemd.time` for format) when the databases should be dumped. @@ -83,9 +80,9 @@ in { ''; }; - backupAll = mkOption { + backupAll = lib.mkOption { default = cfg.databases == []; - defaultText = literalExpression "services.postgresqlBackup.databases == []"; + defaultText = lib.literalExpression "services.postgresqlBackup.databases == []"; type = lib.types.bool; description = '' Backup all databases using pg_dumpall. @@ -96,24 +93,24 @@ in { ''; }; - databases = mkOption { + databases = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' List of database names to dump. ''; }; - location = mkOption { + location = lib.mkOption { default = "/var/backup/postgresql"; - type = types.path; + type = lib.types.path; description = '' Path of directory where the PostgreSQL database dumps will be placed. ''; }; - pgdumpOptions = mkOption { - type = types.separatedString " "; + pgdumpOptions = lib.mkOption { + type = lib.types.separatedString " "; default = "-C"; description = '' Command line options for pg_dump. This options is not used @@ -123,16 +120,16 @@ in { ''; }; - compression = mkOption { - type = types.enum ["none" "gzip" "zstd"]; + compression = lib.mkOption { + type = lib.types.enum ["none" "gzip" "zstd"]; default = "gzip"; description = '' The type of compression to use on the generated database dump. ''; }; - compressionLevel = mkOption { - type = types.ints.between 1 19; + compressionLevel = lib.mkOption { + type = lib.types.ints.between 1 19; default = 6; description = '' The compression level used when compression is enabled. @@ -143,7 +140,7 @@ in { }; - config = mkMerge [ + config = lib.mkMerge [ { assertions = [ { @@ -158,17 +155,17 @@ in { } ]; } - (mkIf cfg.enable { + (lib.mkIf cfg.enable { systemd.tmpfiles.rules = [ "d '${cfg.location}' 0700 postgres - - -" ]; }) - (mkIf (cfg.enable && cfg.backupAll) { + (lib.mkIf (cfg.enable && cfg.backupAll) { systemd.services.postgresqlBackup = postgresqlBackupService "all" "pg_dumpall"; }) - (mkIf (cfg.enable && !cfg.backupAll) { - systemd.services = listToAttrs (map (db: + (lib.mkIf (cfg.enable && !cfg.backupAll) { + systemd.services = lib.listToAttrs (map (db: let cmd = "pg_dump ${cfg.pgdumpOptions} ${db}"; in { From dee892a4460265e9d7ced474f6012d65c7858ebc Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 012/148] nixos/services.postgresqlWalReceiver: remove `with lib;` --- .../backup/postgresql-wal-receiver.nix | 77 +++++++++---------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/nixos/modules/services/backup/postgresql-wal-receiver.nix b/nixos/modules/services/backup/postgresql-wal-receiver.nix index a8f2cf514d549..b355637ff5a03 100644 --- a/nixos/modules/services/backup/postgresql-wal-receiver.nix +++ b/nixos/modules/services/backup/postgresql-wal-receiver.nix @@ -1,24 +1,21 @@ { config, lib, pkgs, ... }: - -with lib; - let receiverSubmodule = { options = { - postgresqlPackage = mkPackageOption pkgs "postgresql" { + postgresqlPackage = lib.mkPackageOption pkgs "postgresql" { example = "postgresql_15"; }; - directory = mkOption { - type = types.path; - example = literalExpression "/mnt/pg_wal/main/"; + directory = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression "/mnt/pg_wal/main/"; description = '' Directory to write the output to. ''; }; - statusInterval = mkOption { - type = types.int; + statusInterval = lib.mkOption { + type = lib.types.int; default = 10; description = '' Specifies the number of seconds between status packets sent back to the server. @@ -28,8 +25,8 @@ let ''; }; - slot = mkOption { - type = types.str; + slot = lib.mkOption { + type = lib.types.str; default = ""; example = "some_slot_name"; description = '' @@ -45,8 +42,8 @@ let ''; }; - synchronous = mkOption { - type = types.bool; + synchronous = lib.mkOption { + type = lib.types.bool; default = false; description = '' Flush the WAL data to disk immediately after it has been received. @@ -57,8 +54,8 @@ let ''; }; - compress = mkOption { - type = types.ints.between 0 9; + compress = lib.mkOption { + type = lib.types.ints.between 0 9; default = 0; description = '' Enables gzip compression of write-ahead logs, and specifies the compression level @@ -69,8 +66,8 @@ let ''; }; - connection = mkOption { - type = types.str; + connection = lib.mkOption { + type = lib.types.str; example = "postgresql://user@somehost"; description = '' Specifies parameters used to connect to the server, as a connection string. @@ -81,10 +78,10 @@ let ''; }; - extraArgs = mkOption { - type = with types; listOf str; + extraArgs = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ "--no-sync" ] @@ -94,10 +91,10 @@ let ''; }; - environment = mkOption { - type = with types; attrsOf str; + environment = lib.mkOption { + type = with lib.types; attrsOf str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { PGPASSFILE = "/private/passfile"; PGSSLMODE = "require"; @@ -114,10 +111,10 @@ let in { options = { services.postgresqlWalReceiver = { - receivers = mkOption { - type = with types; attrsOf (submodule receiverSubmodule); + receivers = lib.mkOption { + type = with lib.types; attrsOf (submodule receiverSubmodule); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { main = { postgresqlPackage = pkgs.postgresql_15; @@ -138,7 +135,7 @@ in { config = let receivers = config.services.postgresqlWalReceiver.receivers; - in mkIf (receivers != { }) { + in lib.mkIf (receivers != { }) { users = { users.postgres = { uid = config.ids.uids.postgres; @@ -151,18 +148,18 @@ in { }; }; - assertions = concatLists (attrsets.mapAttrsToList (name: config: [ + assertions = lib.concatLists (lib.attrsets.mapAttrsToList (name: config: [ { - assertion = config.compress > 0 -> versionAtLeast config.postgresqlPackage.version "10"; + assertion = config.compress > 0 -> lib.versionAtLeast config.postgresqlPackage.version "10"; message = "Invalid configuration for WAL receiver \"${name}\": compress requires PostgreSQL version >= 10."; } ]) receivers); - systemd.tmpfiles.rules = mapAttrsToList (name: config: '' - d ${escapeShellArg config.directory} 0750 postgres postgres - - + systemd.tmpfiles.rules = lib.mapAttrsToList (name: config: '' + d ${lib.escapeShellArg config.directory} 0750 postgres postgres - - '') receivers; - systemd.services = with attrsets; mapAttrs' (name: config: nameValuePair "postgresql-wal-receiver-${name}" { + systemd.services = lib.mapAttrs' (name: config: lib.nameValuePair "postgresql-wal-receiver-${name}" { description = "PostgreSQL WAL receiver (${name})"; wantedBy = [ "multi-user.target" ]; startLimitIntervalSec = 0; # retry forever, useful in case of network disruption @@ -179,22 +176,22 @@ in { script = let receiverCommand = postgresqlPackage: - if (versionAtLeast postgresqlPackage.version "10") + if (lib.versionAtLeast postgresqlPackage.version "10") then "${postgresqlPackage}/bin/pg_receivewal" else "${postgresqlPackage}/bin/pg_receivexlog"; in '' ${receiverCommand config.postgresqlPackage} \ --no-password \ - --directory=${escapeShellArg config.directory} \ + --directory=${lib.escapeShellArg config.directory} \ --status-interval=${toString config.statusInterval} \ - --dbname=${escapeShellArg config.connection} \ - ${optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ - ${optionalString (config.slot != "") "--slot=${escapeShellArg config.slot}"} \ - ${optionalString config.synchronous "--synchronous"} \ - ${concatStringsSep " " config.extraArgs} + --dbname=${lib.escapeShellArg config.connection} \ + ${lib.optionalString (config.compress > 0) "--compress=${toString config.compress}"} \ + ${lib.optionalString (config.slot != "") "--slot=${lib.escapeShellArg config.slot}"} \ + ${lib.optionalString config.synchronous "--synchronous"} \ + ${lib.concatStringsSep " " config.extraArgs} ''; }) receivers; }; - meta.maintainers = with maintainers; [ pacien ]; + meta.maintainers = with lib.maintainers; [ pacien ]; } From 9ad1866434650215dba774cb963dec1362634f5f Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:53 +0200 Subject: [PATCH 013/148] nixos/services.restic.server: remove `with lib;` --- .../services/backup/restic-rest-server.nix | 45 +++++++++---------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/nixos/modules/services/backup/restic-rest-server.nix b/nixos/modules/services/backup/restic-rest-server.nix index eb7b57800333e..333609444da2a 100644 --- a/nixos/modules/services/backup/restic-rest-server.nix +++ b/nixos/modules/services/backup/restic-rest-server.nix @@ -1,32 +1,29 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.restic.server; in { - meta.maintainers = [ maintainers.bachp ]; + meta.maintainers = [ lib.maintainers.bachp ]; options.services.restic.server = { - enable = mkEnableOption "Restic REST Server"; + enable = lib.mkEnableOption "Restic REST Server"; - listenAddress = mkOption { + listenAddress = lib.mkOption { default = "8000"; example = "127.0.0.1:8080"; - type = types.str; + type = lib.types.str; description = "Listen on a specific IP address and port or unix socket."; }; - dataDir = mkOption { + dataDir = lib.mkOption { default = "/var/lib/restic"; - type = types.path; + type = lib.types.path; description = "The directory for storing the restic repository."; }; - appendOnly = mkOption { + appendOnly = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Enable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. @@ -34,33 +31,33 @@ in ''; }; - privateRepos = mkOption { + privateRepos = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Enable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL. ''; }; - prometheus = mkOption { + prometheus = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Enable Prometheus metrics at /metrics."; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra commandline options to pass to Restic REST server. ''; }; - package = mkPackageOption pkgs "restic-rest-server" { }; + package = lib.mkPackageOption pkgs "restic-rest-server" { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = lib.substring 0 1 cfg.listenAddress != ":"; message = "The restic-rest-server now uses systemd socket activation, which expects only the Port number: services.restic.server.listenAddress = \"${lib.substring 1 6 cfg.listenAddress}\";"; @@ -75,10 +72,10 @@ in ExecStart = '' ${cfg.package}/bin/rest-server \ --path ${cfg.dataDir} \ - ${optionalString cfg.appendOnly "--append-only"} \ - ${optionalString cfg.privateRepos "--private-repos"} \ - ${optionalString cfg.prometheus "--prometheus"} \ - ${escapeShellArgs cfg.extraFlags} \ + ${lib.optionalString cfg.appendOnly "--append-only"} \ + ${lib.optionalString cfg.privateRepos "--private-repos"} \ + ${lib.optionalString cfg.prometheus "--prometheus"} \ + ${lib.escapeShellArgs cfg.extraFlags} \ ''; Type = "simple"; User = "restic"; @@ -119,7 +116,7 @@ in wantedBy = [ "sockets.target" ]; }; - systemd.tmpfiles.rules = mkIf cfg.privateRepos [ + systemd.tmpfiles.rules = lib.mkIf cfg.privateRepos [ "f ${cfg.dataDir}/.htpasswd 0700 restic restic -" ]; From 27f54eb43e9c1639bbcefaa30522737f1a43b3d4 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 014/148] nixos/services.restic.backups: remove `with lib;` --- nixos/modules/services/backup/restic.nix | 163 +++++++++++------------ 1 file changed, 80 insertions(+), 83 deletions(-) diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index a7c2ef2eacd5b..0fb601cce5892 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -1,28 +1,25 @@ { config, lib, pkgs, utils, ... }: - -with lib; - let # Type for a valid systemd unit option. Needed for correctly passing "timerConfig" to "systemd.timers" inherit (utils.systemdUtils.unitOptions) unitOption; in { - options.services.restic.backups = mkOption { + options.services.restic.backups = lib.mkOption { description = '' Periodic backups to create with Restic. ''; - type = types.attrsOf (types.submodule ({ name, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; description = '' Read the repository password from a file. ''; example = "/etc/nixos/restic-password"; }; - environmentFile = mkOption { - type = with types; nullOr str; + environmentFile = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' file containing the credentials to access the repository, in the @@ -30,8 +27,8 @@ in ''; }; - rcloneOptions = mkOption { - type = with types; nullOr (attrsOf (oneOf [ str bool ])); + rcloneOptions = lib.mkOption { + type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); default = null; description = '' Options to pass to rclone to control its behavior. @@ -47,8 +44,8 @@ in }; }; - rcloneConfig = mkOption { - type = with types; nullOr (attrsOf (oneOf [ str bool ])); + rcloneConfig = lib.mkOption { + type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); default = null; description = '' Configuration for the rclone remote being used for backup. @@ -71,8 +68,8 @@ in }; }; - rcloneConfigFile = mkOption { - type = with types; nullOr path; + rcloneConfigFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Path to the file containing rclone configuration. This file @@ -83,17 +80,17 @@ in ''; }; - inhibitsSleep = mkOption { + inhibitsSleep = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; example = true; description = '' Prevents the system from sleeping while backing up. ''; }; - repository = mkOption { - type = with types; nullOr str; + repository = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' repository to backup to. @@ -101,18 +98,18 @@ in example = "sftp:backup@192.168.1.100:/backups/${name}"; }; - repositoryFile = mkOption { - type = with types; nullOr path; + repositoryFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Path to the file containing the repository location to backup to. ''; }; - paths = mkOption { + paths = lib.mkOption { # This is nullable for legacy reasons only. We should consider making it a pure listOf # after some time has passed since this comment was added. - type = types.nullOr (types.listOf types.str); + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = [ ]; description = '' Which paths to backup, in addition to ones specified via @@ -126,8 +123,8 @@ in ]; }; - exclude = mkOption { - type = types.listOf types.str; + exclude = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Patterns to exclude when backing up. See @@ -141,8 +138,8 @@ in ]; }; - timerConfig = mkOption { - type = types.nullOr (types.attrsOf unitOption); + timerConfig = lib.mkOption { + type = lib.types.nullOr (lib.types.attrsOf unitOption); default = { OnCalendar = "daily"; Persistent = true; @@ -159,8 +156,8 @@ in }; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "root"; description = '' As which user the backup should run. @@ -168,8 +165,8 @@ in example = "postgresql"; }; - extraBackupArgs = mkOption { - type = types.listOf types.str; + extraBackupArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Extra arguments passed to restic backup. @@ -179,8 +176,8 @@ in ]; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' Extra extended options to be passed to the restic --option flag. @@ -190,16 +187,16 @@ in ]; }; - initialize = mkOption { - type = types.bool; + initialize = lib.mkOption { + type = lib.types.bool; default = false; description = '' Create the repository if it doesn't exist. ''; }; - pruneOpts = mkOption { - type = types.listOf types.str; + pruneOpts = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' A list of options (--keep-\* et al.) for 'restic forget @@ -215,16 +212,16 @@ in ]; }; - runCheck = mkOption { - type = types.bool; + runCheck = lib.mkOption { + type = lib.types.bool; default = (builtins.length config.services.restic.backups.${name}.checkOpts > 0); - defaultText = literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; + defaultText = lib.literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; description = "Whether to run the `check` command with the provided `checkOpts` options."; example = true; }; - checkOpts = mkOption { - type = types.listOf types.str; + checkOpts = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' A list of options for 'restic check'. @@ -234,8 +231,8 @@ in ]; }; - dynamicFilesFrom = mkOption { - type = with types; nullOr str; + dynamicFilesFrom = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that produces a list of files to back up. The @@ -245,23 +242,23 @@ in example = "find /home/matt/git -type d -name .git"; }; - backupPrepareCommand = mkOption { - type = with types; nullOr str; + backupPrepareCommand = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that must run before starting the backup process. ''; }; - backupCleanupCommand = mkOption { - type = with types; nullOr str; + backupCleanupCommand = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' A script that must run after finishing the backup process. ''; }; - package = mkPackageOption pkgs "restic" { }; + package = lib.mkPackageOption pkgs "restic" { }; createWrapper = lib.mkOption { type = lib.types.bool; @@ -299,54 +296,54 @@ in }; config = { - assertions = mapAttrsToList (n: v: { + assertions = lib.mapAttrsToList (n: v: { assertion = (v.repository == null) != (v.repositoryFile == null); message = "services.restic.backups.${n}: exactly one of repository or repositoryFile should be set"; }) config.services.restic.backups; systemd.services = - mapAttrs' + lib.mapAttrs' (name: backup: let - extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions; - inhibitCmd = concatStringsSep " " [ + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; + inhibitCmd = lib.concatStringsSep " " [ "${pkgs.systemd}/bin/systemd-inhibit" "--mode='block'" "--who='restic'" "--what='sleep'" - "--why=${escapeShellArg "Scheduled backup ${name}"} " + "--why=${lib.escapeShellArg "Scheduled backup ${name}"} " ]; - resticCmd = "${optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; - excludeFlags = optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (concatStringsSep "\n" backup.exclude)}"; + resticCmd = "${lib.optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; + excludeFlags = lib.optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (lib.concatStringsSep "\n" backup.exclude)}"; filesFromTmpFile = "/run/restic-backups-${name}/includes"; doBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != []); - pruneCmd = optionals (builtins.length backup.pruneOpts > 0) [ - (resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts)) + pruneCmd = lib.optionals (builtins.length backup.pruneOpts > 0) [ + (resticCmd + " forget --prune " + (lib.concatStringsSep " " backup.pruneOpts)) ]; - checkCmd = optionals backup.runCheck [ - (resticCmd + " check " + (concatStringsSep " " backup.checkOpts)) + checkCmd = lib.optionals backup.runCheck [ + (resticCmd + " check " + (lib.concatStringsSep " " backup.checkOpts)) ]; # Helper functions for rclone remotes - rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1; - rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); - rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v); + rcloneRemoteName = builtins.elemAt (lib.splitString ":" backup.repository) 1; + rcloneAttrToOpt = v: "RCLONE_" + lib.toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); + rcloneAttrToConf = v: "RCLONE_CONFIG_" + lib.toUpper (rcloneRemoteName + "_" + v); toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; in - nameValuePair "restic-backups-${name}" ({ + lib.nameValuePair "restic-backups-${name}" ({ environment = { # not %C, because that wouldn't work in the wrapper script RESTIC_CACHE_DIR = "/var/cache/restic-backups-${name}"; RESTIC_PASSWORD_FILE = backup.passwordFile; RESTIC_REPOSITORY = backup.repository; RESTIC_REPOSITORY_FILE = backup.repositoryFile; - } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs' + } // lib.optionalAttrs (backup.rcloneOptions != null) (lib.mapAttrs' (name: value: - nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) + lib.nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) ) - backup.rcloneOptions) // optionalAttrs (backup.rcloneConfigFile != null) { + backup.rcloneOptions) // lib.optionalAttrs (backup.rcloneConfigFile != null) { RCLONE_CONFIG = backup.rcloneConfigFile; - } // optionalAttrs (backup.rcloneConfig != null) (mapAttrs' + } // lib.optionalAttrs (backup.rcloneConfig != null) (lib.mapAttrs' (name: value: - nameValuePair (rcloneAttrToConf name) (toRcloneVal value) + lib.nameValuePair (rcloneAttrToConf name) (toRcloneVal value) ) backup.rcloneConfig); path = [ config.programs.ssh.package ]; @@ -355,37 +352,37 @@ in after = [ "network-online.target" ]; serviceConfig = { Type = "oneshot"; - ExecStart = (optionals doBackup [ "${resticCmd} backup ${concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) + ExecStart = (lib.optionals doBackup [ "${resticCmd} backup ${lib.concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) ++ pruneCmd ++ checkCmd; User = backup.user; RuntimeDirectory = "restic-backups-${name}"; CacheDirectory = "restic-backups-${name}"; CacheDirectoryMode = "0700"; PrivateTmp = true; - } // optionalAttrs (backup.environmentFile != null) { + } // lib.optionalAttrs (backup.environmentFile != null) { EnvironmentFile = backup.environmentFile; }; - } // optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { + } // lib.optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { preStart = '' - ${optionalString (backup.backupPrepareCommand != null) '' + ${lib.optionalString (backup.backupPrepareCommand != null) '' ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand} ''} - ${optionalString (backup.initialize) '' + ${lib.optionalString (backup.initialize) '' ${resticCmd} cat config > /dev/null || ${resticCmd} init ''} - ${optionalString (backup.paths != null && backup.paths != []) '' - cat ${pkgs.writeText "staticPaths" (concatLines backup.paths)} >> ${filesFromTmpFile} + ${lib.optionalString (backup.paths != null && backup.paths != []) '' + cat ${pkgs.writeText "staticPaths" (lib.concatLines backup.paths)} >> ${filesFromTmpFile} ''} - ${optionalString (backup.dynamicFilesFrom != null) '' + ${lib.optionalString (backup.dynamicFilesFrom != null) '' ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} >> ${filesFromTmpFile} ''} ''; - } // optionalAttrs (doBackup || backup.backupCleanupCommand != null) { + } // lib.optionalAttrs (doBackup || backup.backupCleanupCommand != null) { postStop = '' - ${optionalString (backup.backupCleanupCommand != null) '' + ${lib.optionalString (backup.backupCleanupCommand != null) '' ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand} ''} - ${optionalString doBackup '' + ${lib.optionalString doBackup '' rm ${filesFromTmpFile} ''} ''; @@ -393,12 +390,12 @@ in ) config.services.restic.backups; systemd.timers = - mapAttrs' - (name: backup: nameValuePair "restic-backups-${name}" { + lib.mapAttrs' + (name: backup: lib.nameValuePair "restic-backups-${name}" { wantedBy = [ "timers.target" ]; timerConfig = backup.timerConfig; }) - (filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); + (lib.filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); # generate wrapper scripts, as described in the createWrapper option environment.systemPackages = lib.mapAttrsToList (name: backup: let From dfb290a6c6a8e41acd57939b0135d3ea753aaa91 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 015/148] nixos/services.rsnapshot: remove `with lib;` --- nixos/modules/services/backup/rsnapshot.nix | 23 +++++++++------------ 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/backup/rsnapshot.nix b/nixos/modules/services/backup/rsnapshot.nix index 6635a51ec2c65..aedb8acd60ac1 100644 --- a/nixos/modules/services/backup/rsnapshot.nix +++ b/nixos/modules/services/backup/rsnapshot.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rsnapshot; cfgfile = pkgs.writeText "rsnapshot.conf" '' @@ -22,21 +19,21 @@ in { options = { services.rsnapshot = { - enable = mkEnableOption "rsnapshot backups"; - enableManualRsnapshot = mkOption { + enable = lib.mkEnableOption "rsnapshot backups"; + enableManualRsnapshot = lib.mkOption { description = "Whether to enable manual usage of the rsnapshot command with this module."; default = true; - type = types.bool; + type = lib.types.bool; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; example = '' retains hourly 24 retain daily 365 backup /home/ localhost/ ''; - type = types.lines; + type = lib.types.lines; description = '' rsnapshot configuration option in addition to the defaults from rsnapshot and this module. @@ -49,10 +46,10 @@ in ''; }; - cronIntervals = mkOption { + cronIntervals = lib.mkOption { default = {}; example = { hourly = "0 * * * *"; daily = "50 21 * * *"; }; - type = types.attrsOf types.str; + type = lib.types.attrsOf lib.types.str; description = '' Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration @@ -62,12 +59,12 @@ in }; }; - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { services.cron.systemCronJobs = - mapAttrsToList (interval: time: "${time} root ${pkgs.rsnapshot}/bin/rsnapshot -c ${cfgfile} ${interval}") cfg.cronIntervals; + lib.mapAttrsToList (interval: time: "${time} root ${pkgs.rsnapshot}/bin/rsnapshot -c ${cfgfile} ${interval}") cfg.cronIntervals; } - (mkIf cfg.enableManualRsnapshot { + (lib.mkIf cfg.enableManualRsnapshot { environment.systemPackages = [ pkgs.rsnapshot ]; environment.etc."rsnapshot.conf".source = cfgfile; }) From 4682ba9d881f3214623c070a7a6d74712f87910c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 016/148] nixos/services.sanoid: remove `with lib;` --- nixos/modules/services/backup/sanoid.nix | 91 ++++++++++++------------ 1 file changed, 44 insertions(+), 47 deletions(-) diff --git a/nixos/modules/services/backup/sanoid.nix b/nixos/modules/services/backup/sanoid.nix index 1b9ace358cabe..823a2ed565e78 100644 --- a/nixos/modules/services/backup/sanoid.nix +++ b/nixos/modules/services/backup/sanoid.nix @@ -1,85 +1,82 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.sanoid; - datasetSettingsType = with types; + datasetSettingsType = with lib.types; (attrsOf (nullOr (oneOf [ str int bool (listOf str) ]))) // { description = "dataset/template options"; }; commonOptions = { - hourly = mkOption { + hourly = lib.mkOption { description = "Number of hourly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - daily = mkOption { + daily = lib.mkOption { description = "Number of daily snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - monthly = mkOption { + monthly = lib.mkOption { description = "Number of monthly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - yearly = mkOption { + yearly = lib.mkOption { description = "Number of yearly snapshots."; - type = with types; nullOr ints.unsigned; + type = with lib.types; nullOr ints.unsigned; default = null; }; - autoprune = mkOption { + autoprune = lib.mkOption { description = "Whether to automatically prune old snapshots."; - type = with types; nullOr bool; + type = with lib.types; nullOr bool; default = null; }; - autosnap = mkOption { + autosnap = lib.mkOption { description = "Whether to automatically take snapshots."; - type = with types; nullOr bool; + type = with lib.types; nullOr bool; default = null; }; }; datasetOptions = rec { - use_template = mkOption { + use_template = lib.mkOption { description = "Names of the templates to use for this dataset."; - type = types.listOf (types.str // { - check = (types.enum (attrNames cfg.templates)).check; + type = lib.types.listOf (lib.types.str // { + check = (lib.types.enum (lib.attrNames cfg.templates)).check; description = "configured template name"; }); default = [ ]; }; useTemplate = use_template; - recursive = mkOption { + recursive = lib.mkOption { description = '' Whether to recursively snapshot dataset children. You can also set this to `"zfs"` to handle datasets recursively in an atomic way without the possibility to override settings for child datasets. ''; - type = with types; oneOf [ bool (enum [ "zfs" ]) ]; + type = with lib.types; oneOf [ bool (enum [ "zfs" ]) ]; default = false; }; - process_children_only = mkOption { + process_children_only = lib.mkOption { description = "Whether to only snapshot child datasets if recursing."; - type = types.bool; + type = lib.types.bool; default = false; }; processChildrenOnly = process_children_only; }; # Extract unique dataset names - datasets = unique (attrNames cfg.datasets); + datasets = lib.unique (lib.attrNames cfg.datasets); # Function to build "zfs allow" and "zfs unallow" commands for the # filesystems we've delegated permissions to. @@ -88,23 +85,23 @@ let "-+/run/booted-system/sw/bin/zfs" zfsAction "sanoid" - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]; configFile = let mkValueString = v: - if builtins.isList v then concatStringsSep "," v - else generators.mkValueStringDefault { } v; + if lib.isList v then lib.concatStringsSep "," v + else lib.generators.mkValueStringDefault { } v; mkKeyValue = k: v: if v == null then "" else if k == "processChildrenOnly" then "" else if k == "useTemplate" then "" - else generators.mkKeyValueDefault { inherit mkValueString; } "=" k v; + else lib.generators.mkKeyValueDefault { inherit mkValueString; } "=" k v; in - generators.toINI { inherit mkKeyValue; } cfg.settings; + lib.generators.toINI { inherit mkKeyValue; } cfg.settings; in { @@ -112,12 +109,12 @@ in # Interface options.services.sanoid = { - enable = mkEnableOption "Sanoid ZFS snapshotting service"; + enable = lib.mkEnableOption "Sanoid ZFS snapshotting service"; package = lib.mkPackageOption pkgs "sanoid" {}; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "hourly"; example = "daily"; description = '' @@ -128,19 +125,19 @@ in ''; }; - datasets = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: { + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { freeformType = datasetSettingsType; options = commonOptions // datasetOptions; - config.use_template = modules.mkAliasAndWrapDefsWithPriority id (options.useTemplate or { }); - config.process_children_only = modules.mkAliasAndWrapDefsWithPriority id (options.processChildrenOnly or { }); + config.use_template = lib.modules.mkAliasAndWrapDefsWithPriority lib.id (options.useTemplate or { }); + config.process_children_only = lib.modules.mkAliasAndWrapDefsWithPriority lib.id (options.processChildrenOnly or { }); })); default = { }; description = "Datasets to snapshot."; }; - templates = mkOption { - type = types.attrsOf (types.submodule { + templates = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { freeformType = datasetSettingsType; options = commonOptions; }); @@ -148,8 +145,8 @@ in description = "Templates for datasets."; }; - settings = mkOption { - type = types.attrsOf datasetSettingsType; + settings = lib.mkOption { + type = lib.types.attrsOf datasetSettingsType; description = '' Free-form settings written directly to the config file. See @@ -157,8 +154,8 @@ in ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--verbose" "--readonly" "--debug" ]; description = '' @@ -171,10 +168,10 @@ in # Implementation - config = mkIf cfg.enable { - services.sanoid.settings = mkMerge [ - (mapAttrs' (d: v: nameValuePair ("template_" + d) v) cfg.templates) - (mapAttrs (d: v: v) cfg.datasets) + config = lib.mkIf cfg.enable { + services.sanoid.settings = lib.mkMerge [ + (lib.mapAttrs' (d: v: lib.nameValuePair ("template_" + d) v) cfg.templates) + (lib.mapAttrs (d: v: v) cfg.datasets) ]; systemd.services.sanoid = { @@ -201,5 +198,5 @@ in }; }; - meta.maintainers = with maintainers; [ lopsided98 ]; + meta.maintainers = with lib.maintainers; [ lopsided98 ]; } From 48d46271cb4162d10ed2e19332d28c7ce24a6ef5 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 017/148] nixos/services.snapraid: remove `with lib;` --- nixos/modules/services/backup/snapraid.nix | 45 ++++++++++------------ 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/nixos/modules/services/backup/snapraid.nix b/nixos/modules/services/backup/snapraid.nix index a621c9f62ff79..02dabce188115 100644 --- a/nixos/modules/services/backup/snapraid.nix +++ b/nixos/modules/services/backup/snapraid.nix @@ -1,18 +1,15 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.snapraid; in { imports = [ # Should have never been on the top-level. - (mkRenamedOptionModule [ "snapraid" ] [ "services" "snapraid" ]) + (lib.mkRenamedOptionModule [ "snapraid" ] [ "services" "snapraid" ]) ]; - options.services.snapraid = with types; { - enable = mkEnableOption "SnapRAID"; - dataDisks = mkOption { + options.services.snapraid = with lib.types; { + enable = lib.mkEnableOption "SnapRAID"; + dataDisks = lib.mkOption { default = { }; example = { d1 = "/mnt/disk1/"; @@ -22,7 +19,7 @@ in description = "SnapRAID data disks."; type = attrsOf str; }; - parityFiles = mkOption { + parityFiles = lib.mkOption { default = [ ]; example = [ "/mnt/diskp/snapraid.parity" @@ -35,7 +32,7 @@ in description = "SnapRAID parity files."; type = listOf str; }; - contentFiles = mkOption { + contentFiles = lib.mkOption { default = [ ]; example = [ "/var/snapraid.content" @@ -45,40 +42,40 @@ in description = "SnapRAID content list files."; type = listOf str; }; - exclude = mkOption { + exclude = lib.mkOption { default = [ ]; example = [ "*.unrecoverable" "/tmp/" "/lost+found/" ]; description = "SnapRAID exclude directives."; type = listOf str; }; - touchBeforeSync = mkOption { + touchBeforeSync = lib.mkOption { default = true; example = false; description = "Whether {command}`snapraid touch` should be run before {command}`snapraid sync`."; type = bool; }; - sync.interval = mkOption { + sync.interval = lib.mkOption { default = "01:00"; example = "daily"; description = "How often to run {command}`snapraid sync`."; type = str; }; scrub = { - interval = mkOption { + interval = lib.mkOption { default = "Mon *-*-* 02:00:00"; example = "weekly"; description = "How often to run {command}`snapraid scrub`."; type = str; }; - plan = mkOption { + plan = lib.mkOption { default = 8; example = 5; description = "Percent of the array that should be checked by {command}`snapraid scrub`."; type = int; }; - olderThan = mkOption { + olderThan = lib.mkOption { default = 10; example = 20; description = @@ -86,7 +83,7 @@ in type = int; }; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; example = '' nohidden @@ -105,7 +102,7 @@ in nParity = builtins.length cfg.parityFiles; mkPrepend = pre: s: pre + s; in - mkIf cfg.enable { + lib.mkIf cfg.enable { assertions = [ { assertion = nParity <= 6; @@ -128,9 +125,9 @@ in prependContent = mkPrepend "content "; prependExclude = mkPrepend "exclude "; in - concatStringsSep "\n" + lib.concatStringsSep "\n" (map prependData - ((mapAttrsToList (name: value: name + " " + value)) dataDisks) + ((lib.mapAttrsToList (name: value: name + " " + value)) dataDisks) ++ zipListsWith (a: b: a + b) ([ "parity " ] ++ map (i: toString i + "-parity ") (range 2 6)) parityFiles ++ map prependContent contentFiles @@ -179,8 +176,8 @@ in let contentDirs = map dirOf contentFiles; in - unique ( - attrValues dataDisks ++ contentDirs + lib.unique ( + lib.attrValues dataDisks ++ contentDirs ); }; unitConfig.After = "snapraid-sync.service"; @@ -227,10 +224,10 @@ in # https://www.snapraid.it/manual#7.1 splitParityFiles = map (s: splitString "," s) parityFiles; in - unique ( - attrValues dataDisks ++ splitParityFiles ++ contentDirs + lib.unique ( + lib.attrValues dataDisks ++ splitParityFiles ++ contentDirs ); - } // optionalAttrs touchBeforeSync { + } // lib.optionalAttrs touchBeforeSync { ExecStartPre = "${pkgs.snapraid}/bin/snapraid touch"; }; }; From 8442ed34aca533fdd71904e54cf174cb92da6d33 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 018/148] nixos/services.syncoid: remove `with lib;` --- nixos/modules/services/backup/syncoid.nix | 131 +++++++++++----------- 1 file changed, 64 insertions(+), 67 deletions(-) diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index ec9ccaa46d428..97d39544d5bb2 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.syncoid; # Extract local dasaset names (so no datasets containing "@") - localDatasetName = d: optionals (d != null) ( + localDatasetName = d: lib.optionals (d != null) ( let m = builtins.match "([^/@]+[^@]*)" d; in - optionals (m != null) m + lib.optionals (m != null) m ); # Escape as required by: https://www.freedesktop.org/software/systemd/man/systemd.unit.html @@ -35,7 +32,7 @@ let "/run/booted-system/sw/bin/zfs" "allow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]} ${lib.optionalString ((builtins.dirOf dataset) != ".") '' @@ -44,7 +41,7 @@ let "/run/booted-system/sw/bin/zfs" "allow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) ]} @@ -66,14 +63,14 @@ let "/run/booted-system/sw/bin/zfs" "unallow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) dataset ]} ${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [ "/run/booted-system/sw/bin/zfs" "unallow" cfg.user - (concatStringsSep "," permissions) + (lib.concatStringsSep "," permissions) # Remove the last part of the path (builtins.dirOf dataset) ])} @@ -85,12 +82,12 @@ in # Interface options.services.syncoid = { - enable = mkEnableOption "Syncoid ZFS synchronization service"; + enable = lib.mkEnableOption "Syncoid ZFS synchronization service"; package = lib.mkPackageOption pkgs "sanoid" {}; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "hourly"; example = "*-*-* *:15:00"; description = '' @@ -101,8 +98,8 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "syncoid"; example = "backup"; description = '' @@ -115,15 +112,15 @@ in ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "syncoid"; example = "backup"; description = "The group for the service."; }; - sshKey = mkOption { - type = with types; nullOr (coercedTo path toString str); + sshKey = lib.mkOption { + type = with lib.types; nullOr (coercedTo path toString str); default = null; description = '' SSH private key file to use to login to the remote system. Can be @@ -131,8 +128,8 @@ in ''; }; - localSourceAllow = mkOption { - type = types.listOf types.str; + localSourceAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; # Permissions snapshot and destroy are in case --no-sync-snap is not used default = [ "bookmark" "hold" "send" "snapshot" "destroy" "mount" ]; description = '' @@ -143,8 +140,8 @@ in ''; }; - localTargetAllow = mkOption { - type = types.listOf types.str; + localTargetAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]; example = [ "create" "mount" "receive" "rollback" ]; description = '' @@ -158,8 +155,8 @@ in ''; }; - commonArgs = mkOption { - type = types.listOf types.str; + commonArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--no-sync-snap" ]; description = '' @@ -170,19 +167,19 @@ in ''; }; - service = mkOption { - type = types.attrs; + service = lib.mkOption { + type = lib.types.attrs; default = { }; description = '' Systemd configuration common to all syncoid services. ''; }; - commands = mkOption { - type = types.attrsOf (types.submodule ({ name, ... }: { + commands = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { - source = mkOption { - type = types.str; + source = lib.mkOption { + type = lib.types.str; example = "pool/dataset"; description = '' Source ZFS dataset. Can be either local or remote. Defaults to @@ -190,8 +187,8 @@ in ''; }; - target = mkOption { - type = types.str; + target = lib.mkOption { + type = lib.types.str; example = "user@server:pool/dataset"; description = '' Target ZFS dataset. Can be either local @@ -200,18 +197,18 @@ in ''; }; - recursive = mkEnableOption ''the transfer of child datasets''; + recursive = lib.mkEnableOption ''the transfer of child datasets''; - sshKey = mkOption { - type = with types; nullOr (coercedTo path toString str); + sshKey = lib.mkOption { + type = with lib.types; nullOr (coercedTo path toString str); description = '' SSH private key file to use to login to the remote system. Defaults to {option}`services.syncoid.sshKey` option. ''; }; - localSourceAllow = mkOption { - type = types.listOf types.str; + localSourceAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Permissions granted for the {option}`services.syncoid.user` user for local source datasets. See @@ -221,8 +218,8 @@ in ''; }; - localTargetAllow = mkOption { - type = types.listOf types.str; + localTargetAllow = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Permissions granted for the {option}`services.syncoid.user` user for local target datasets. See @@ -234,8 +231,8 @@ in ''; }; - sendOptions = mkOption { - type = types.separatedString " "; + sendOptions = lib.mkOption { + type = lib.types.separatedString " "; default = ""; example = "Lc e"; description = '' @@ -244,8 +241,8 @@ in ''; }; - recvOptions = mkOption { - type = types.separatedString " "; + recvOptions = lib.mkOption { + type = lib.types.separatedString " "; default = ""; example = "ux recordsize o compression=lz4"; description = '' @@ -254,38 +251,38 @@ in ''; }; - useCommonArgs = mkOption { - type = types.bool; + useCommonArgs = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to add the configured common arguments to this command. ''; }; - service = mkOption { - type = types.attrs; + service = lib.mkOption { + type = lib.types.attrs; default = { }; description = '' Systemd configuration specific to this syncoid service. ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "--sshport 2222" ]; description = "Extra syncoid arguments for this command."; }; }; config = { - source = mkDefault name; - sshKey = mkDefault cfg.sshKey; - localSourceAllow = mkDefault cfg.localSourceAllow; - localTargetAllow = mkDefault cfg.localTargetAllow; + source = lib.mkDefault name; + sshKey = lib.mkDefault cfg.sshKey; + localSourceAllow = lib.mkDefault cfg.localSourceAllow; + localTargetAllow = lib.mkDefault cfg.localTargetAllow; }; })); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "pool/test".target = "root@target:pool/test"; } @@ -296,9 +293,9 @@ in # Implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users = { - users = mkIf (cfg.user == "syncoid") { + users = lib.mkIf (cfg.user == "syncoid") { syncoid = { group = cfg.group; isSystemUser = true; @@ -308,14 +305,14 @@ in createHome = false; }; }; - groups = mkIf (cfg.group == "syncoid") { + groups = lib.mkIf (cfg.group == "syncoid") { syncoid = { }; }; }; - systemd.services = mapAttrs' + systemd.services = lib.mapAttrs' (name: c: - nameValuePair "syncoid-${escapeUnitName name}" (mkMerge [ + lib.nameValuePair "syncoid-${lib.escapeUnitName name}" (lib.mkMerge [ { description = "Syncoid ZFS synchronization from ${c.source} to ${c.target}"; after = [ "zfs.target" ]; @@ -330,9 +327,9 @@ in (map (buildUnallowCommand c.localSourceAllow) (localDatasetName c.source)) ++ (map (buildUnallowCommand c.localTargetAllow) (localDatasetName c.target)); ExecStart = lib.escapeShellArgs ([ "${cfg.package}/bin/syncoid" ] - ++ optionals c.useCommonArgs cfg.commonArgs - ++ optional c.recursive "-r" - ++ optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] + ++ lib.optionals c.useCommonArgs cfg.commonArgs + ++ lib.optional c.recursive "-r" + ++ lib.optionals (c.sshKey != null) [ "--sshkey" c.sshKey ] ++ c.extraArgs ++ [ "--sendoptions" @@ -364,7 +361,7 @@ in NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; - PrivateNetwork = mkDefault false; + PrivateNetwork = lib.mkDefault false; PrivateUsers = false; # Enabling this breaks on zfs-2.2.0 ProtectClock = true; ProtectControlGroups = true; @@ -379,15 +376,15 @@ in RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; - RootDirectory = "/run/syncoid/${escapeUnitName name}"; + RootDirectory = "/run/syncoid/${lib.escapeUnitName name}"; RootDirectoryStartOnly = true; BindPaths = [ "/dev/zfs" ]; BindReadOnlyPaths = [ builtins.storeDir "/etc" "/run" "/bin/sh" ]; # Avoid useless mounting of RootDirectory= in the own RootDirectory= of ExecStart='s mount namespace. - InaccessiblePaths = [ "-+/run/syncoid/${escapeUnitName name}" ]; + InaccessiblePaths = [ "-+/run/syncoid/${lib.escapeUnitName name}" ]; MountAPIVFS = true; # Create RootDirectory= in the host's mount namespace. - RuntimeDirectory = [ "syncoid/${escapeUnitName name}" ]; + RuntimeDirectory = [ "syncoid/${lib.escapeUnitName name}" ]; RuntimeDirectoryMode = "700"; SystemCallFilter = [ "@system-service" @@ -416,5 +413,5 @@ in cfg.commands; }; - meta.maintainers = with maintainers; [ julm lopsided98 ]; + meta.maintainers = with lib.maintainers; [ julm lopsided98 ]; } From e53c595a18fde18b7abf5c1973211c1f08f5c4de Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 019/148] nixos/services.tarsnap: remove `with lib;` --- nixos/modules/services/backup/tarsnap.nix | 155 +++++++++++----------- 1 file changed, 76 insertions(+), 79 deletions(-) diff --git a/nixos/modules/services/backup/tarsnap.nix b/nixos/modules/services/backup/tarsnap.nix index b8f848451d40b..ef531a0707c51 100644 --- a/nixos/modules/services/backup/tarsnap.nix +++ b/nixos/modules/services/backup/tarsnap.nix @@ -1,41 +1,38 @@ { config, lib, options, pkgs, utils, ... }: - -with lib; - let gcfg = config.services.tarsnap; opt = options.services.tarsnap; configFile = name: cfg: '' keyfile ${cfg.keyfile} - ${optionalString (cfg.cachedir != null) "cachedir ${cfg.cachedir}"} - ${optionalString cfg.nodump "nodump"} - ${optionalString cfg.printStats "print-stats"} - ${optionalString cfg.printStats "humanize-numbers"} - ${optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)} - ${optionalString cfg.aggressiveNetworking "aggressive-networking"} - ${concatStringsSep "\n" (map (v: "exclude ${v}") cfg.excludes)} - ${concatStringsSep "\n" (map (v: "include ${v}") cfg.includes)} - ${optionalString cfg.lowmem "lowmem"} - ${optionalString cfg.verylowmem "verylowmem"} - ${optionalString (cfg.maxbw != null) "maxbw ${toString cfg.maxbw}"} - ${optionalString (cfg.maxbwRateUp != null) "maxbw-rate-up ${toString cfg.maxbwRateUp}"} - ${optionalString (cfg.maxbwRateDown != null) "maxbw-rate-down ${toString cfg.maxbwRateDown}"} + ${lib.optionalString (cfg.cachedir != null) "cachedir ${cfg.cachedir}"} + ${lib.optionalString cfg.nodump "nodump"} + ${lib.optionalString cfg.printStats "print-stats"} + ${lib.optionalString cfg.printStats "humanize-numbers"} + ${lib.optionalString (cfg.checkpointBytes != null) ("checkpoint-bytes "+cfg.checkpointBytes)} + ${lib.optionalString cfg.aggressiveNetworking "aggressive-networking"} + ${lib.concatStringsSep "\n" (map (v: "exclude ${v}") cfg.excludes)} + ${lib.concatStringsSep "\n" (map (v: "include ${v}") cfg.includes)} + ${lib.optionalString cfg.lowmem "lowmem"} + ${lib.optionalString cfg.verylowmem "verylowmem"} + ${lib.optionalString (cfg.maxbw != null) "maxbw ${toString cfg.maxbw}"} + ${lib.optionalString (cfg.maxbwRateUp != null) "maxbw-rate-up ${toString cfg.maxbwRateUp}"} + ${lib.optionalString (cfg.maxbwRateDown != null) "maxbw-rate-down ${toString cfg.maxbwRateDown}"} ''; in { imports = [ - (mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") + (lib.mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") ]; options = { services.tarsnap = { - enable = mkEnableOption "periodic tarsnap backups"; + enable = lib.mkEnableOption "periodic tarsnap backups"; - package = mkPackageOption pkgs "tarsnap" { }; + package = lib.mkPackageOption pkgs "tarsnap" { }; - keyfile = mkOption { - type = types.str; + keyfile = lib.mkOption { + type = lib.types.str; default = "/root/tarsnap.key"; description = '' The keyfile which associates this machine with your tarsnap @@ -61,14 +58,14 @@ in ''; }; - archives = mkOption { - type = types.attrsOf (types.submodule ({ config, options, ... }: + archives = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, options, ... }: { options = { - keyfile = mkOption { - type = types.str; + keyfile = lib.mkOption { + type = lib.types.str; default = gcfg.keyfile; - defaultText = literalExpression "config.${opt.keyfile}"; + defaultText = lib.literalExpression "config.${opt.keyfile}"; description = '' Set a specific keyfile for this archive. This defaults to `"/root/tarsnap.key"` if left unspecified. @@ -88,10 +85,10 @@ in ''; }; - cachedir = mkOption { - type = types.nullOr types.path; - default = "/var/cache/tarsnap/${utils.escapeSystemdPath config.keyfile}"; - defaultText = literalExpression '' + cachedir = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = "/var/cache/tarsnap/${utils.lib.escapeSystemdPath config.keyfile}"; + defaultText = lib.literalExpression '' "/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}" ''; description = '' @@ -106,16 +103,16 @@ in ''; }; - nodump = mkOption { - type = types.bool; + nodump = lib.mkOption { + type = lib.types.bool; default = true; description = '' Exclude files with the `nodump` flag. ''; }; - printStats = mkOption { - type = types.bool; + printStats = lib.mkOption { + type = lib.types.bool; default = true; description = '' Print global archive statistics upon completion. @@ -124,8 +121,8 @@ in ''; }; - checkpointBytes = mkOption { - type = types.nullOr types.str; + checkpointBytes = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = "1GB"; description = '' Create a checkpoint every `checkpointBytes` @@ -138,8 +135,8 @@ in ''; }; - period = mkOption { - type = types.str; + period = lib.mkOption { + type = lib.types.str; default = "01:15"; example = "hourly"; description = '' @@ -150,8 +147,8 @@ in ''; }; - aggressiveNetworking = mkOption { - type = types.bool; + aggressiveNetworking = lib.mkOption { + type = lib.types.bool; default = false; description = '' Upload data over multiple TCP connections, potentially @@ -162,22 +159,22 @@ in ''; }; - directories = mkOption { - type = types.listOf types.path; + directories = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = "List of filesystem paths to archive."; }; - excludes = mkOption { - type = types.listOf types.str; + excludes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Exclude files and directories matching these patterns. ''; }; - includes = mkOption { - type = types.listOf types.str; + includes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Include only files and directories matching these @@ -187,8 +184,8 @@ in ''; }; - lowmem = mkOption { - type = types.bool; + lowmem = lib.mkOption { + type = lib.types.bool; default = false; description = '' Reduce memory consumption by not caching small files. @@ -198,8 +195,8 @@ in ''; }; - verylowmem = mkOption { - type = types.bool; + verylowmem = lib.mkOption { + type = lib.types.bool; default = false; description = '' Reduce memory consumption by a factor of 2 beyond what @@ -208,8 +205,8 @@ in ''; }; - maxbw = mkOption { - type = types.nullOr types.int; + maxbw = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' Abort archival if upstream bandwidth usage in bytes @@ -217,40 +214,40 @@ in ''; }; - maxbwRateUp = mkOption { - type = types.nullOr types.int; + maxbwRateUp = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; - example = literalExpression "25 * 1000"; + example = lib.literalExpression "25 * 1000"; description = '' Upload bandwidth rate limit in bytes. ''; }; - maxbwRateDown = mkOption { - type = types.nullOr types.int; + maxbwRateDown = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; - example = literalExpression "50 * 1000"; + example = lib.literalExpression "50 * 1000"; description = '' Download bandwidth rate limit in bytes. ''; }; - verbose = mkOption { - type = types.bool; + verbose = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to produce verbose logging output. ''; }; - explicitSymlinks = mkOption { - type = types.bool; + explicitSymlinks = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to follow symlinks specified as archives. ''; }; - followSymlinks = mkOption { - type = types.bool; + followSymlinks = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to follow all symlinks in archive trees. @@ -262,7 +259,7 @@ in default = {}; - example = literalExpression '' + example = lib.literalExpression '' { nixos = { directories = [ "/home" "/root/ssl" ]; @@ -292,19 +289,19 @@ in }; }; - config = mkIf gcfg.enable { + config = lib.mkIf gcfg.enable { assertions = - (mapAttrsToList (name: cfg: + (lib.mapAttrsToList (name: cfg: { assertion = cfg.directories != []; message = "Must specify paths for tarsnap to back up"; }) gcfg.archives) ++ - (mapAttrsToList (name: cfg: + (lib.mapAttrsToList (name: cfg: { assertion = !(cfg.lowmem && cfg.verylowmem); message = "You cannot set both lowmem and verylowmem"; }) gcfg.archives); systemd.services = - (mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" { + (lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-${name}" { description = "Tarsnap archive '${name}'"; requires = [ "network-online.target" ]; after = [ "network-online.target" ]; @@ -322,11 +319,11 @@ in script = let tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; run = ''${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \ - ${optionalString cfg.verbose "-v"} \ - ${optionalString cfg.explicitSymlinks "-H"} \ - ${optionalString cfg.followSymlinks "-L"} \ - ${concatStringsSep " " cfg.directories}''; - cachedir = escapeShellArg cfg.cachedir; + ${lib.optionalString cfg.verbose "-v"} \ + ${lib.optionalString cfg.explicitSymlinks "-H"} \ + ${lib.optionalString cfg.followSymlinks "-L"} \ + ${lib.concatStringsSep " " cfg.directories}''; + cachedir = lib.escapeShellArg cfg.cachedir; in if (cfg.cachedir != null) then '' mkdir -p ${cachedir} chmod 0700 ${cachedir} @@ -353,7 +350,7 @@ in }; }) gcfg.archives) // - (mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{ + (lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-restore-${name}"{ description = "Tarsnap restore '${name}'"; requires = [ "network-online.target" ]; @@ -362,8 +359,8 @@ in script = let tarsnap = ''${lib.getExe gcfg.package} --configfile "/etc/tarsnap/${name}.conf"''; lastArchive = "$(${tarsnap} --list-archives | sort | tail -1)"; - run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}''; - cachedir = escapeShellArg cfg.cachedir; + run = ''${tarsnap} -x -f "${lastArchive}" ${lib.optionalString cfg.verbose "-v"}''; + cachedir = lib.escapeShellArg cfg.cachedir; in if (cfg.cachedir != null) then '' mkdir -p ${cachedir} @@ -393,14 +390,14 @@ in # Note: the timer must be Persistent=true, so that systemd will start it even # if e.g. your laptop was asleep while the latest interval occurred. - systemd.timers = mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" + systemd.timers = lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap-${name}" { timerConfig.OnCalendar = cfg.period; timerConfig.Persistent = "true"; wantedBy = [ "timers.target" ]; }) gcfg.archives; environment.etc = - mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf" + lib.mapAttrs' (name: cfg: lib.nameValuePair "tarsnap/${name}.conf" { text = configFile name cfg; }) gcfg.archives; From 8a7d699812d1e71aed70366aa3c6d33c73817212 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:54 +0200 Subject: [PATCH 020/148] nixos/services.zfs.autoReplication: remove `with lib;` --- .../services/backup/zfs-replication.nix | 39 +++++++++---------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/nixos/modules/services/backup/zfs-replication.nix b/nixos/modules/services/backup/zfs-replication.nix index c89d6fb8ad60b..5aefaa35df509 100644 --- a/nixos/modules/services/backup/zfs-replication.nix +++ b/nixos/modules/services/backup/zfs-replication.nix @@ -1,56 +1,53 @@ { lib, pkgs, config, ... }: - -with lib; - let cfg = config.services.zfs.autoReplication; - recursive = optionalString cfg.recursive " --recursive"; - followDelete = optionalString cfg.followDelete " --follow-delete"; + recursive = lib.optionalString cfg.recursive " --recursive"; + followDelete = lib.optionalString cfg.followDelete " --follow-delete"; in { options = { services.zfs.autoReplication = { - enable = mkEnableOption "ZFS snapshot replication"; + enable = lib.mkEnableOption "ZFS snapshot replication"; - followDelete = mkOption { + followDelete = lib.mkOption { description = "Remove remote snapshots that don't have a local correspondent."; default = true; - type = types.bool; + type = lib.types.bool; }; - host = mkOption { + host = lib.mkOption { description = "Remote host where snapshots should be sent. `lz4` is expected to be installed on this host."; example = "example.com"; - type = types.str; + type = lib.types.str; }; - identityFilePath = mkOption { + identityFilePath = lib.mkOption { description = "Path to SSH key used to login to host."; example = "/home/username/.ssh/id_rsa"; - type = types.path; + type = lib.types.path; }; - localFilesystem = mkOption { + localFilesystem = lib.mkOption { description = "Local ZFS filesystem from which snapshots should be sent. Defaults to the attribute name."; example = "pool/file/path"; - type = types.str; + type = lib.types.str; }; - remoteFilesystem = mkOption { + remoteFilesystem = lib.mkOption { description = "Remote ZFS filesystem where snapshots should be sent."; example = "pool/file/path"; - type = types.str; + type = lib.types.str; }; - recursive = mkOption { + recursive = lib.mkOption { description = "Recursively discover snapshots to send."; default = true; - type = types.bool; + type = lib.types.bool; }; - username = mkOption { + username = lib.mkOption { description = "Username used by SSH to login to remote host."; example = "username"; - type = types.str; + type = lib.types.str; }; }; }; @@ -73,7 +70,7 @@ in { "https://github.com/alunduil/zfs-replicate" ]; restartIfChanged = false; - serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${escapeShellArg cfg.username} -i ${escapeShellArg cfg.identityFilePath}${followDelete} ${escapeShellArg cfg.host} ${escapeShellArg cfg.remoteFilesystem} ${escapeShellArg cfg.localFilesystem}"; + serviceConfig.ExecStart = "${pkgs.zfs-replicate}/bin/zfs-replicate${recursive} -l ${lib.escapeShellArg cfg.username} -i ${lib.escapeShellArg cfg.identityFilePath}${followDelete} ${lib.escapeShellArg cfg.host} ${lib.escapeShellArg cfg.remoteFilesystem} ${lib.escapeShellArg cfg.localFilesystem}"; wantedBy = [ "zfs-snapshot-daily.service" "zfs-snapshot-frequent.service" From 561d58c49c8ba1a466382020e435db39b0b27497 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 021/148] nixos/services.zrepl: remove `with lib;` --- nixos/modules/services/backup/zrepl.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/backup/zrepl.nix b/nixos/modules/services/backup/zrepl.nix index a0e9a0da7e493..d46823adbadbd 100644 --- a/nixos/modules/services/backup/zrepl.nix +++ b/nixos/modules/services/backup/zrepl.nix @@ -1,27 +1,25 @@ { config, pkgs, lib, ... }: - -with lib; let cfg = config.services.zrepl; format = pkgs.formats.yaml { }; configFile = format.generate "zrepl.yml" cfg.settings; in { - meta.maintainers = with maintainers; [ cole-h ]; + meta.maintainers = with lib.maintainers; [ cole-h ]; options = { services.zrepl = { - enable = mkEnableOption "zrepl"; + enable = lib.mkEnableOption "zrepl"; - package = mkPackageOption pkgs "zrepl" { }; + package = lib.mkPackageOption pkgs "zrepl" { }; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' Configuration for zrepl. See for more information. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; }; @@ -30,7 +28,7 @@ in ### Implementation ### - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; # zrepl looks for its config in this location by default. This From bf759e5dd4fd13351c9b67e746d14dc8893e69c0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 022/148] nixos/services.erigon: remove `with lib;` --- .../services/blockchain/ethereum/erigon.nix | 42 +++++++++---------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/blockchain/ethereum/erigon.nix b/nixos/modules/services/blockchain/ethereum/erigon.nix index 24705b3433df4..5ac9523391519 100644 --- a/nixos/modules/services/blockchain/ethereum/erigon.nix +++ b/nixos/modules/services/blockchain/ethereum/erigon.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.erigon; @@ -11,18 +9,18 @@ in { options = { services.erigon = { - enable = mkEnableOption "Ethereum implementation on the efficiency frontier"; + enable = lib.mkEnableOption "Ethereum implementation on the efficiency frontier"; - package = mkPackageOption pkgs "erigon" { }; + package = lib.mkPackageOption pkgs "erigon" { }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Additional arguments passed to Erigon"; default = [ ]; }; - secretJwtPath = mkOption { - type = types.path; + secretJwtPath = lib.mkOption { + type = lib.types.path; description = '' Path to the secret jwt used for the http api authentication. ''; @@ -30,7 +28,7 @@ in { example = "config.age.secrets.ERIGON_JWT.path"; }; - settings = mkOption { + settings = lib.mkOption { description = '' Configuration for Erigon Refer to for details on supported values. @@ -52,7 +50,7 @@ in { "log.console.verbosity" = 3; # info }; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' { datadir = "/var/lib/erigon"; chain = "mainnet"; @@ -71,20 +69,20 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Default values are the same as in the binary, they are just written here for convenience. services.erigon.settings = { - datadir = mkDefault "/var/lib/erigon"; - chain = mkDefault "mainnet"; - http = mkDefault true; - "http.port" = mkDefault 8545; - "http.api" = mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; - ws = mkDefault true; - port = mkDefault 30303; - "authrpc.port" = mkDefault 8551; - "torrent.port" = mkDefault 42069; - "private.api.addr" = mkDefault "localhost:9090"; - "log.console.verbosity" = mkDefault 3; # info + datadir = lib.mkDefault "/var/lib/erigon"; + chain = lib.mkDefault "mainnet"; + http = lib.mkDefault true; + "http.port" = lib.mkDefault 8545; + "http.api" = lib.mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; + ws = lib.mkDefault true; + port = lib.mkDefault 30303; + "authrpc.port" = lib.mkDefault 8551; + "torrent.port" = lib.mkDefault 42069; + "private.api.addr" = lib.mkDefault "localhost:9090"; + "log.console.verbosity" = lib.mkDefault 3; # info }; systemd.services.erigon = { From 1674361601ee77fc6b1765b38a2c79a600259f46 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 023/148] nixos/services.geth: remove `with lib;` --- .../services/blockchain/ethereum/geth.nix | 101 +++++++++--------- 1 file changed, 49 insertions(+), 52 deletions(-) diff --git a/nixos/modules/services/blockchain/ethereum/geth.nix b/nixos/modules/services/blockchain/ethereum/geth.nix index f2a7e080ada19..adf9fc1db32a8 100644 --- a/nixos/modules/services/blockchain/ethereum/geth.nix +++ b/nixos/modules/services/blockchain/ethereum/geth.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let eachGeth = config.services.geth; @@ -11,28 +8,28 @@ let enable = lib.mkEnableOption "Go Ethereum Node"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 30303; description = "Port number Go Ethereum will be listening on, both TCP and UDP."; }; http = { enable = lib.mkEnableOption "Go Ethereum HTTP API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum HTTP API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8545; description = "Port number of Go Ethereum HTTP API."; }; - apis = mkOption { - type = types.nullOr (types.listOf types.str); + apis = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = "APIs to enable over WebSocket"; example = ["net" "eth"]; @@ -41,20 +38,20 @@ let websocket = { enable = lib.mkEnableOption "Go Ethereum WebSocket API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum WebSocket API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8546; description = "Port number of Go Ethereum WebSocket API."; }; - apis = mkOption { - type = types.nullOr (types.listOf types.str); + apis = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = "APIs to enable over WebSocket"; example = ["net" "eth"]; @@ -63,27 +60,27 @@ let authrpc = { enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum Auth RPC API."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8551; description = "Port number of Go Ethereum Auth RPC API."; }; - vhosts = mkOption { - type = types.nullOr (types.listOf types.str); + vhosts = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = ["localhost"]; description = "List of virtual hostnames from which to accept requests."; example = ["localhost" "geth.example.org"]; }; - jwtsecret = mkOption { - type = types.str; + jwtsecret = lib.mkOption { + type = lib.types.str; default = ""; description = "Path to a JWT secret for authenticated RPC endpoint."; example = "/var/run/geth/jwtsecret"; @@ -92,50 +89,50 @@ let metrics = { enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Listen address of Go Ethereum metrics service."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 6060; description = "Port number of Go Ethereum metrics service."; }; }; - network = mkOption { - type = types.nullOr (types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); + network = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); default = null; description = "The network to connect to. Mainnet (null) is the default ethereum network."; }; - syncmode = mkOption { - type = types.enum [ "snap" "fast" "full" "light" ]; + syncmode = lib.mkOption { + type = lib.types.enum [ "snap" "fast" "full" "light" ]; default = "snap"; description = "Blockchain sync mode."; }; - gcmode = mkOption { - type = types.enum [ "full" "archive" ]; + gcmode = lib.mkOption { + type = lib.types.enum [ "full" "archive" ]; default = "full"; description = "Blockchain garbage collection mode."; }; - maxpeers = mkOption { - type = types.int; + maxpeers = lib.mkOption { + type = lib.types.int; default = 50; description = "Maximum peers to connect to."; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Additional arguments passed to Go Ethereum."; default = []; }; - package = mkPackageOption pkgs [ "go-ethereum" "geth" ] { }; + package = lib.mkPackageOption pkgs [ "go-ethereum" "geth" ] { }; }; }; in @@ -145,8 +142,8 @@ in ###### interface options = { - services.geth = mkOption { - type = types.attrsOf (types.submodule gethOpts); + services.geth = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule gethOpts); default = {}; description = "Specification of one or more geth instances."; }; @@ -154,17 +151,17 @@ in ###### implementation - config = mkIf (eachGeth != {}) { + config = lib.mkIf (eachGeth != {}) { - environment.systemPackages = flatten (mapAttrsToList (gethName: cfg: [ + environment.systemPackages = lib.flatten (lib.mapAttrsToList (gethName: cfg: [ cfg.package ]) eachGeth); - systemd.services = mapAttrs' (gethName: cfg: let + systemd.services = lib.mapAttrs' (gethName: cfg: let stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; dataDir = "/var/lib/${stateDir}"; in ( - nameValuePair "geth-${gethName}" (mkIf cfg.enable { + lib.nameValuePair "geth-${gethName}" (lib.mkIf cfg.enable { description = "Go Ethereum node (${gethName})"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -186,16 +183,16 @@ in ${cfg.package}/bin/geth \ --nousb \ --ipcdisable \ - ${optionalString (cfg.network != null) ''--${cfg.network}''} \ + ${lib.optionalString (cfg.network != null) ''--${cfg.network}''} \ --syncmode ${cfg.syncmode} \ --gcmode ${cfg.gcmode} \ --port ${toString cfg.port} \ --maxpeers ${toString cfg.maxpeers} \ - ${optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \ - ${optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ - ${optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \ - ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ - ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ + ${lib.optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \ + ${lib.optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''} \ + ${lib.optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \ + ${lib.optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ + ${lib.optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ ${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \ ${lib.escapeShellArgs cfg.extraArgs} \ From 1a519763fbfce0f4475c67558e7819db5e267cba Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 024/148] nixos/services.lighthouse: remove `with lib;` --- .../blockchain/ethereum/lighthouse.nix | 108 +++++++++--------- 1 file changed, 53 insertions(+), 55 deletions(-) diff --git a/nixos/modules/services/blockchain/ethereum/lighthouse.nix b/nixos/modules/services/blockchain/ethereum/lighthouse.nix index a5ace1a9450f3..66a762763cb8c 100644 --- a/nixos/modules/services/blockchain/ethereum/lighthouse.nix +++ b/nixos/modules/services/blockchain/ethereum/lighthouse.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.lighthouse; @@ -8,47 +6,47 @@ in { options = { services.lighthouse = { - beacon = mkOption { + beacon = lib.mkOption { description = "Beacon node"; default = {}; - type = types.submodule { + type = lib.types.submodule { options = { enable = lib.mkEnableOption "Lightouse Beacon node"; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/lighthouse-beacon"; description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "0.0.0.0"; description = '' Listen address of Beacon node. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 9000; description = '' Port number the Beacon node will be listening on. ''; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open the port in the firewall ''; }; - disableDepositContractSync = mkOption { - type = types.bool; + disableDepositContractSync = lib.mkOption { + type = lib.types.bool; default = false; description = '' Explicitly disables syncing of deposit logs from the execution node. @@ -58,24 +56,24 @@ in { }; execution = { - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address for the execution layer. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8551; description = '' Port number the Beacon node will be listening on for the execution layer. ''; }; - jwtPath = mkOption { - type = types.str; + jwtPath = lib.mkOption { + type = lib.types.str; default = ""; description = '' Path for the jwt secret required to connect to the execution layer. @@ -85,16 +83,16 @@ in { http = { enable = lib.mkEnableOption "Beacon node http api"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5052; description = '' Port number of Beacon node RPC service. ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Beacon node RPC service. @@ -104,16 +102,16 @@ in { metrics = { enable = lib.mkEnableOption "Beacon node prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Beacon node metrics service. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5054; description = '' Port number of Beacon node metrics service. @@ -121,8 +119,8 @@ in { }; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to the lighthouse beacon command. ''; @@ -133,27 +131,27 @@ in { }; }; - validator = mkOption { + validator = lib.mkOption { description = "Validator node"; default = {}; - type = types.submodule { + type = lib.types.submodule { options = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable Lightouse Validator node."; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/lighthouse-validator"; description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; - beaconNodes = mkOption { - type = types.listOf types.str; + beaconNodes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = ["http://localhost:5052"]; description = '' Beacon nodes to connect to. @@ -162,16 +160,16 @@ in { metrics = { enable = lib.mkEnableOption "Validator node prometheus metrics"; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Listen address of Validator node metrics service. ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 5056; description = '' Port number of Validator node metrics service. @@ -179,8 +177,8 @@ in { }; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to the lighthouse validator command. ''; @@ -191,16 +189,16 @@ in { }; }; - network = mkOption { - type = types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; + network = lib.mkOption { + type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. ''; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; description = '' Additional arguments passed to every lighthouse command. ''; @@ -210,17 +208,17 @@ in { }; }; - config = mkIf (cfg.beacon.enable || cfg.validator.enable) { + config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ pkgs.lighthouse ] ; - networking.firewall = mkIf cfg.beacon.enable { - allowedTCPPorts = mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; - allowedUDPPorts = mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; + networking.firewall = lib.mkIf cfg.beacon.enable { + allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; + allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; - systemd.services.lighthouse-beacon = mkIf cfg.beacon.enable { + systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -268,7 +266,7 @@ in { }; }; - systemd.services.lighthouse-validator = mkIf cfg.validator.enable { + systemd.services.lighthouse-validator = lib.mkIf cfg.validator.enable { description = "Lighthouse validtor node (manages validators, using data obtained from the beacon node via a HTTP API)"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -281,7 +279,7 @@ in { --network ${cfg.network} \ --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \ --datadir ${cfg.validator.dataDir}/${cfg.network} \ - ${optionalString cfg.validator.metrics.enable ''--metrics --metrics-address ${cfg.validator.metrics.address} --metrics-port ${toString cfg.validator.metrics.port}''} \ + ${lib.optionalString cfg.validator.metrics.enable ''--metrics --metrics-address ${cfg.validator.metrics.address} --metrics-port ${toString cfg.validator.metrics.port}''} \ ${cfg.extraArgs} ${cfg.validator.extraArgs} ''; From 6ebec4f097510f2b3de5d1b8569701d9b03265e3 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 025/148] nixos/services.k3s: remove `with lib;` --- .../modules/services/cluster/k3s/default.nix | 80 +++++++++---------- 1 file changed, 39 insertions(+), 41 deletions(-) diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix index 83dfe20671470..2925745c9e094 100644 --- a/nixos/modules/services/cluster/k3s/default.nix +++ b/nixos/modules/services/cluster/k3s/default.nix @@ -4,8 +4,6 @@ pkgs, ... }: - -with lib; let cfg = config.services.k3s; removeOption = @@ -98,7 +96,7 @@ let } ); - enabledManifests = with builtins; filter (m: m.enable) (attrValues cfg.manifests); + enabledManifests = lib.filter (m: m.enable) (lib.attrValues cfg.manifests); linkManifestEntry = m: "${pkgs.coreutils-full}/bin/ln -sfn ${m.source} ${manifestDir}/${m.target}"; linkImageEntry = image: "${pkgs.coreutils-full}/bin/ln -sfn ${image} ${imageDir}/${image.name}"; linkChartEntry = @@ -132,11 +130,11 @@ in # interface options.services.k3s = { - enable = mkEnableOption "k3s"; + enable = lib.mkEnableOption "k3s"; - package = mkPackageOption pkgs "k3s" { }; + package = lib.mkPackageOption pkgs "k3s" { }; - role = mkOption { + role = lib.mkOption { description = '' Whether k3s should run as a server or agent. @@ -152,14 +150,14 @@ in - `serverAddr` is required. ''; default = "server"; - type = types.enum [ + type = lib.types.enum [ "server" "agent" ]; }; - serverAddr = mkOption { - type = types.str; + serverAddr = lib.mkOption { + type = lib.types.str; description = '' The k3s server to connect to. @@ -171,8 +169,8 @@ in default = ""; }; - clusterInit = mkOption { - type = types.bool; + clusterInit = lib.mkOption { + type = lib.types.bool; default = false; description = '' Initialize HA cluster using an embedded etcd datastore. @@ -193,8 +191,8 @@ in ''; }; - token = mkOption { - type = types.str; + token = lib.mkOption { + type = lib.types.str; description = '' The k3s token to use when connecting to a server. @@ -204,15 +202,15 @@ in default = ""; }; - tokenFile = mkOption { - type = types.nullOr types.path; + tokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing k3s token to use when connecting to the server."; default = null; }; - extraFlags = mkOption { + extraFlags = lib.mkOption { description = "Extra flags to pass to the k3s command."; - type = with types; either str (listOf str); + type = with lib.types; either str (listOf str); default = [ ]; example = [ "--no-deploy traefik" @@ -220,28 +218,28 @@ in ]; }; - disableAgent = mkOption { - type = types.bool; + disableAgent = lib.mkOption { + type = lib.types.bool; default = false; description = "Only run the server. This option only makes sense for a server."; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = '' File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5). ''; default = null; }; - configPath = mkOption { - type = types.nullOr types.path; + configPath = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot)."; }; - manifests = mkOption { - type = types.attrsOf manifestModule; + manifests = lib.mkOption { + type = lib.types.attrsOf manifestModule; default = { }; example = lib.literalExpression '' deployment.source = ../manifests/deployment.yaml; @@ -328,8 +326,8 @@ in ''; }; - charts = mkOption { - type = with types; attrsOf (either path package); + charts = lib.mkOption { + type = with lib.types; attrsOf (either path package); default = { }; example = lib.literalExpression '' nginx = ../charts/my-nginx-chart.tgz; @@ -346,8 +344,8 @@ in ''; }; - containerdConfigTemplate = mkOption { - type = types.nullOr types.str; + containerdConfigTemplate = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = lib.literalExpression '' # Base K3s config @@ -366,8 +364,8 @@ in ''; }; - images = mkOption { - type = with types; listOf package; + images = lib.mkOption { + type = with lib.types; listOf package; default = [ ]; example = lib.literalExpression '' [ @@ -440,7 +438,7 @@ in # implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { warnings = (lib.optional (cfg.role != "server" && cfg.manifests != { }) "k3s: Auto deploying manifests are only installed on server nodes (role == server), they will be ignored by this node." @@ -500,7 +498,7 @@ in "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - path = optional config.boot.zfs.enabled config.boot.zfs.package; + path = lib.optional config.boot.zfs.enabled config.boot.zfs.package; serviceConfig = { # See: https://github.com/rancher/k3s/blob/dddbd16305284ae4bd14c0aade892412310d7edc/install.sh#L197 Type = if cfg.role == "agent" then "exec" else "notify"; @@ -514,15 +512,15 @@ in TasksMax = "infinity"; EnvironmentFile = cfg.environmentFile; ExecStartPre = activateK3sContent; - ExecStart = concatStringsSep " \\\n " ( + ExecStart = lib.concatStringsSep " \\\n " ( [ "${cfg.package}/bin/k3s ${cfg.role}" ] - ++ (optional cfg.clusterInit "--cluster-init") - ++ (optional cfg.disableAgent "--disable-agent") - ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") - ++ (optional (cfg.token != "") "--token ${cfg.token}") - ++ (optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}") - ++ (optional (cfg.configPath != null) "--config ${cfg.configPath}") - ++ (optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}") + ++ (lib.optional cfg.clusterInit "--cluster-init") + ++ (lib.optional cfg.disableAgent "--disable-agent") + ++ (lib.optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") + ++ (lib.optional (cfg.token != "") "--token ${cfg.token}") + ++ (lib.optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}") + ++ (lib.optional (cfg.configPath != null) "--config ${cfg.configPath}") + ++ (lib.optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}") ++ (lib.flatten cfg.extraFlags) ); }; From 980a655feba3f919be03224ee6085b5fcc30f473 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 026/148] nixos/services.kubernetes.addons.dns: remove `with lib;` --- .../cluster/kubernetes/addons/dns.nix | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixos/modules/services/cluster/kubernetes/addons/dns.nix index a03aa7329a32a..485c6f8e2b5fe 100644 --- a/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -1,7 +1,4 @@ { config, options, pkgs, lib, ... }: - -with lib; - let version = "1.10.1"; cfg = config.services.kubernetes.addons.dns; @@ -12,37 +9,37 @@ let }; in { options.services.kubernetes.addons.dns = { - enable = mkEnableOption "kubernetes dns addon"; + enable = lib.mkEnableOption "kubernetes dns addon"; - clusterIp = mkOption { + clusterIp = lib.mkOption { description = "Dns addon clusterIP"; # this default is also what kubernetes users default = ( - concatStringsSep "." ( - take 3 (splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange + lib.concatStringsSep "." ( + lib.take 3 (lib.splitString "." config.services.kubernetes.apiserver.serviceClusterIpRange )) ) + ".254"; - defaultText = literalMD '' + defaultText = lib.literalMD '' The `x.y.z.254` IP of `config.${options.services.kubernetes.apiserver.serviceClusterIpRange}`. ''; - type = types.str; + type = lib.types.str; }; - clusterDomain = mkOption { + clusterDomain = lib.mkOption { description = "Dns cluster domain"; default = "cluster.local"; - type = types.str; + type = lib.types.str; }; - replicas = mkOption { + replicas = lib.mkOption { description = "Number of DNS pod replicas to deploy in the cluster."; default = 2; - type = types.int; + type = lib.types.int; }; - reconcileMode = mkOption { + reconcileMode = lib.mkOption { description = '' Controls the addon manager reconciliation mode for the DNS addon. @@ -51,12 +48,12 @@ in { See: . ''; default = "Reconcile"; - type = types.enum [ "Reconcile" "EnsureExists" ]; + type = lib.types.enum [ "Reconcile" "EnsureExists" ]; }; - coredns = mkOption { + coredns = lib.mkOption { description = "Docker image to seed for the CoreDNS container."; - type = types.attrs; + type = lib.types.attrs; default = { imageName = "coredns/coredns"; imageDigest = "sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e"; @@ -65,13 +62,13 @@ in { }; }; - corefile = mkOption { + corefile = lib.mkOption { description = '' Custom coredns corefile configuration. See: . ''; - type = types.str; + type = lib.types.str; default = '' .:${toString ports.dns} { errors @@ -87,7 +84,7 @@ in { reload loadbalance }''; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' ''' .:${toString ports.dns} { errors @@ -108,9 +105,9 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.kubernetes.kubelet.seedDockerImages = - singleton (pkgs.dockerTools.pullImage cfg.coredns); + lib.singleton (pkgs.dockerTools.pullImage cfg.coredns); services.kubernetes.addonManager.bootstrapAddons = { coredns-cr = { @@ -366,7 +363,7 @@ in { }; }; - services.kubernetes.kubelet.clusterDns = mkDefault [ cfg.clusterIp ]; + services.kubernetes.kubelet.clusterDns = lib.mkDefault [ cfg.clusterIp ]; }; meta.buildDocsInSandbox = false; From 7b141e6b8f11be0f1a9b908d8e0a159fe3f75f69 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:55 +0200 Subject: [PATCH 027/148] nixos/services.pacemaker: remove `with lib;` --- nixos/modules/services/cluster/pacemaker/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/cluster/pacemaker/default.nix b/nixos/modules/services/cluster/pacemaker/default.nix index 005a952e80254..92cd9311eb7d5 100644 --- a/nixos/modules/services/cluster/pacemaker/default.nix +++ b/nixos/modules/services/cluster/pacemaker/default.nix @@ -1,19 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.pacemaker; in { # interface options.services.pacemaker = { - enable = mkEnableOption "pacemaker"; + enable = lib.mkEnableOption "pacemaker"; - package = mkPackageOption pkgs "pacemaker" { }; + package = lib.mkPackageOption pkgs "pacemaker" { }; }; # implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = config.services.corosync.enable; message = '' From 92566faf1c5eef9fe34e7b8fc0676a04945eb893 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 028/148] nixos/services.patroni: remove `with lib;` --- .../services/cluster/patroni/default.nix | 85 +++++++++---------- 1 file changed, 42 insertions(+), 43 deletions(-) diff --git a/nixos/modules/services/cluster/patroni/default.nix b/nixos/modules/services/cluster/patroni/default.nix index 3b563bb89fffb..91eb9214a60e4 100644 --- a/nixos/modules/services/cluster/patroni/default.nix +++ b/nixos/modules/services/cluster/patroni/default.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.patroni; defaultUser = "patroni"; @@ -21,20 +20,20 @@ in options.services.patroni = { - enable = mkEnableOption "Patroni"; + enable = lib.mkEnableOption "Patroni"; - postgresqlPackage = mkOption { - type = types.package; - example = literalExpression "pkgs.postgresql_14"; + postgresqlPackage = lib.mkOption { + type = lib.types.package; + example = lib.literalExpression "pkgs.postgresql_14"; description = '' PostgreSQL package to use. Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`. ''; }; - postgresqlDataDir = mkOption { - type = types.path; - defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; + postgresqlDataDir = lib.mkOption { + type = lib.types.path; + defaultText = lib.literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; example = "/var/lib/postgresql/14"; default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}"; description = '' @@ -45,16 +44,16 @@ in ''; }; - postgresqlPort = mkOption { - type = types.port; + postgresqlPort = lib.mkOption { + type = lib.types.port; default = 5432; description = '' The port on which PostgreSQL listens. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; example = "postgres"; description = '' @@ -63,8 +62,8 @@ in ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = defaultGroup; example = "postgres"; description = '' @@ -73,64 +72,64 @@ in ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/patroni"; description = '' Folder where Patroni data will be written, this is where the pgpass password file will be written. ''; }; - scope = mkOption { - type = types.str; + scope = lib.mkOption { + type = lib.types.str; example = "cluster1"; description = '' Cluster name. ''; }; - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; example = "node1"; description = '' The name of the host. Must be unique for the cluster. ''; }; - namespace = mkOption { - type = types.str; + namespace = lib.mkOption { + type = lib.types.str; default = "/service"; description = '' Path within the configuration store where Patroni will keep information about the cluster. ''; }; - nodeIp = mkOption { - type = types.str; + nodeIp = lib.mkOption { + type = lib.types.str; example = "192.168.1.1"; description = '' IP address of this node. ''; }; - otherNodesIps = mkOption { - type = types.listOf types.str; + otherNodesIps = lib.mkOption { + type = lib.types.listOf lib.types.str; example = [ "192.168.1.2" "192.168.1.3" ]; description = '' IP addresses of the other nodes. ''; }; - restApiPort = mkOption { - type = types.port; + restApiPort = lib.mkOption { + type = lib.types.port; default = 8008; description = '' The port on Patroni's REST api listens. ''; }; - softwareWatchdog = mkOption { - type = types.bool; + softwareWatchdog = lib.mkOption { + type = lib.types.bool; default = false; description = '' This will configure Patroni to use the software watchdog built into the Linux kernel @@ -138,7 +137,7 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -148,8 +147,8 @@ in ''; }; - environmentFiles = mkOption { - type = with types; attrsOf (nullOr (oneOf [ str path package ])); + environmentFiles = lib.mkOption { + type = with lib.types; attrsOf (nullOr (oneOf [ str path package ])); default = { }; example = { PATRONI_REPLICATION_PASSWORD = "/secret/file"; @@ -159,7 +158,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.patroni.settings = { scope = cfg.scope; @@ -179,7 +178,7 @@ in pgpass = "${cfg.dataDir}/pgpass"; }; - watchdog = mkIf cfg.softwareWatchdog { + watchdog = lib.mkIf cfg.softwareWatchdog { mode = "required"; device = "/dev/watchdog"; safety_margin = 5; @@ -188,13 +187,13 @@ in users = { - users = mkIf (cfg.user == defaultUser) { + users = lib.mkIf (cfg.user == defaultUser) { patroni = { group = cfg.group; isSystemUser = true; }; }; - groups = mkIf (cfg.group == defaultGroup) { + groups = lib.mkIf (cfg.group == defaultGroup) { patroni = { }; }; }; @@ -207,11 +206,11 @@ in after = [ "network.target" ]; script = '' - ${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))} + ${lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs (name: path: ''export ${name}="$(< ${lib.escapeShellArg path})"'') cfg.environmentFiles))} exec ${pkgs.patroni}/bin/patroni ${configFile} ''; - serviceConfig = mkMerge [ + serviceConfig = lib.mkMerge [ { User = cfg.user; Group = cfg.group; @@ -221,7 +220,7 @@ in ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID"; KillMode = "process"; } - (mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") { + (lib.mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") { StateDirectory = "patroni postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}"; StateDirectoryMode = "0750"; }) @@ -229,9 +228,9 @@ in }; }; - boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ]; + boot.kernelModules = lib.mkIf cfg.softwareWatchdog [ "softdog" ]; - services.udev.extraRules = mkIf cfg.softwareWatchdog '' + services.udev.extraRules = lib.mkIf cfg.softwareWatchdog '' KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600" ''; @@ -247,5 +246,5 @@ in }; }; - meta.maintainers = [ maintainers.phfroidmont ]; + meta.maintainers = [ lib.maintainers.phfroidmont ]; } From 7e25c525fe8aeb88605ab1212cbc9b596a6b4de6 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 029/148] nixos/services.rke2: remove `with lib;` --- .../modules/services/cluster/rke2/default.nix | 122 +++++++++--------- 1 file changed, 60 insertions(+), 62 deletions(-) diff --git a/nixos/modules/services/cluster/rke2/default.nix b/nixos/modules/services/cluster/rke2/default.nix index 51b849ebcc802..2e6816f43374f 100644 --- a/nixos/modules/services/cluster/rke2/default.nix +++ b/nixos/modules/services/cluster/rke2/default.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.rke2; in @@ -8,12 +6,12 @@ in imports = [ ]; options.services.rke2 = { - enable = mkEnableOption "rke2"; + enable = lib.mkEnableOption "rke2"; - package = mkPackageOption pkgs "rke2" { }; + package = lib.mkPackageOption pkgs "rke2" { }; - role = mkOption { - type = types.enum [ "server" "agent" ]; + role = lib.mkOption { + type = lib.types.enum [ "server" "agent" ]; description = '' Whether rke2 should run as a server or agent. @@ -31,26 +29,26 @@ in default = "server"; }; - configPath = mkOption { - type = types.path; + configPath = lib.mkOption { + type = lib.types.path; description = "Load configuration from FILE."; default = "/etc/rancher/rke2/config.yaml"; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; description = "Turn on debug logs."; default = false; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; description = "The folder to hold state in."; default = "/var/lib/rancher/rke2"; }; - token = mkOption { - type = types.str; + token = lib.mkOption { + type = lib.types.str; description = '' Shared secret used to join a server or agent to a cluster. @@ -60,44 +58,44 @@ in default = ""; }; - tokenFile = mkOption { - type = types.nullOr types.path; + tokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing rke2 token to use when connecting to the server."; default = null; }; - disable = mkOption { - type = types.listOf types.str; + disable = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Do not deploy packaged components and delete any deployed components."; default = [ ]; }; - nodeName = mkOption { - type = types.nullOr types.str; + nodeName = lib.mkOption { + type = lib.types.nullOr lib.types.str; description = "Node name."; default = null; }; - nodeLabel = mkOption { - type = types.listOf types.str; + nodeLabel = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Registering and starting kubelet with set of labels."; default = [ ]; }; - nodeTaint = mkOption { - type = types.listOf types.str; + nodeTaint = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Registering kubelet with set of taints."; default = [ ]; }; - nodeIP = mkOption { - type = types.nullOr types.str; + nodeIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; description = "IPv4/IPv6 addresses to advertise for node."; default = null; }; - agentToken = mkOption { - type = types.str; + agentToken = lib.mkOption { + type = lib.types.str; description = '' Shared secret used to join agents to the cluster, but not servers. @@ -107,27 +105,27 @@ in default = ""; }; - agentTokenFile = mkOption { - type = types.nullOr types.path; + agentTokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "File path containing rke2 agent token to use when connecting to the server."; default = null; }; - serverAddr = mkOption { - type = types.str; + serverAddr = lib.mkOption { + type = lib.types.str; description = "The rke2 server to connect to, used to join a cluster."; example = "https://10.0.0.10:6443"; default = ""; }; - selinux = mkOption { - type = types.bool; + selinux = lib.mkOption { + type = lib.types.bool; description = "Enable SELinux in containerd."; default = false; }; - cni = mkOption { - type = types.enum [ "none" "canal" "cilium" "calico" "flannel" ]; + cni = lib.mkOption { + type = lib.types.enum [ "none" "canal" "cilium" "calico" "flannel" ]; description = '' CNI Plugins to deploy, one of `none`, `calico`, `canal`, `cilium` or `flannel`. @@ -141,8 +139,8 @@ in default = "canal"; }; - cisHardening = mkOption { - type = types.bool; + cisHardening = lib.mkOption { + type = lib.types.bool; description = '' Enable CIS Hardening for RKE2. @@ -162,8 +160,8 @@ in default = false; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' Extra flags to pass to the rke2 service/agent. @@ -176,8 +174,8 @@ in default = [ ]; }; - environmentVars = mkOption { - type = types.attrsOf types.str; + environmentVars = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = '' Environment variables for configuring the rke2 service/agent. @@ -199,7 +197,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.role == "agent" -> (builtins.pathExists cfg.configPath || cfg.serverAddr != ""); @@ -234,7 +232,7 @@ in ''; }; # See: https://docs.rke2.io/security/hardening_guide#set-kernel-parameters - boot.kernel.sysctl = mkIf cfg.cisHardening { + boot.kernel.sysctl = lib.mkIf cfg.cisHardening { "vm.panic_on_oom" = 0; "vm.overcommit_memory" = 1; "kernel.panic" = 10; @@ -254,7 +252,7 @@ in "-/etc/sysconfig/%N" "-/usr/local/lib/systemd/system/%N.env" ]; - Environment = mapAttrsToList (k: v: "${k}=${v}") cfg.environmentVars; + Environment = lib.mapAttrsToList (k: v: "${k}=${v}") cfg.environmentVars; KillMode = "process"; Delegate = "yes"; LimitNOFILE = 1048576; @@ -277,23 +275,23 @@ in "-${pkgs.kmod}/bin/modprobe br_netfilter" "-${pkgs.kmod}/bin/modprobe overlay" ]; - ExecStart = "${cfg.package}/bin/rke2 '${cfg.role}' ${escapeShellArgs ( - (optional (cfg.configPath != "/etc/rancher/rke2/config.yaml") "--config=${cfg.configPath}") - ++ (optional cfg.debug "--debug") - ++ (optional (cfg.dataDir != "/var/lib/rancher/rke2") "--data-dir=${cfg.dataDir}") - ++ (optional (cfg.token != "") "--token=${cfg.token}") - ++ (optional (cfg.tokenFile != null) "--token-file=${cfg.tokenFile}") - ++ (optionals (cfg.role == "server" && cfg.disable != [ ]) (map (d: "--disable=${d}") cfg.disable)) - ++ (optional (cfg.nodeName != null) "--node-name=${cfg.nodeName}") - ++ (optionals (cfg.nodeLabel != [ ]) (map (l: "--node-label=${l}") cfg.nodeLabel)) - ++ (optionals (cfg.nodeTaint != [ ]) (map (t: "--node-taint=${t}") cfg.nodeTaint)) - ++ (optional (cfg.nodeIP != null) "--node-ip=${cfg.nodeIP}") - ++ (optional (cfg.role == "server" && cfg.agentToken != "") "--agent-token=${cfg.agentToken}") - ++ (optional (cfg.role == "server" && cfg.agentTokenFile != null) "--agent-token-file=${cfg.agentTokenFile}") - ++ (optional (cfg.serverAddr != "") "--server=${cfg.serverAddr}") - ++ (optional cfg.selinux "--selinux") - ++ (optional (cfg.role == "server" && cfg.cni != "canal") "--cni=${cfg.cni}") - ++ (optional cfg.cisHardening "--profile=${if cfg.package.version >= "1.25" then "cis-1.23" else "cis-1.6"}") + ExecStart = "${cfg.package}/bin/rke2 '${cfg.role}' ${lib.escapeShellArgs ( + (lib.optional (cfg.configPath != "/etc/rancher/rke2/config.yaml") "--config=${cfg.configPath}") + ++ (lib.optional cfg.debug "--debug") + ++ (lib.optional (cfg.dataDir != "/var/lib/rancher/rke2") "--data-dir=${cfg.dataDir}") + ++ (lib.optional (cfg.token != "") "--token=${cfg.token}") + ++ (lib.optional (cfg.tokenFile != null) "--token-file=${cfg.tokenFile}") + ++ (lib.optionals (cfg.role == "server" && cfg.disable != [ ]) (map (d: "--disable=${d}") cfg.disable)) + ++ (lib.optional (cfg.nodeName != null) "--node-name=${cfg.nodeName}") + ++ (lib.optionals (cfg.nodeLabel != [ ]) (map (l: "--node-label=${l}") cfg.nodeLabel)) + ++ (lib.optionals (cfg.nodeTaint != [ ]) (map (t: "--node-taint=${t}") cfg.nodeTaint)) + ++ (lib.optional (cfg.nodeIP != null) "--node-ip=${cfg.nodeIP}") + ++ (lib.optional (cfg.role == "server" && cfg.agentToken != "") "--agent-token=${cfg.agentToken}") + ++ (lib.optional (cfg.role == "server" && cfg.agentTokenFile != null) "--agent-token-file=${cfg.agentTokenFile}") + ++ (lib.optional (cfg.serverAddr != "") "--server=${cfg.serverAddr}") + ++ (lib.optional cfg.selinux "--selinux") + ++ (lib.optional (cfg.role == "server" && cfg.cni != "canal") "--cni=${cfg.cni}") + ++ (lib.optional cfg.cisHardening "--profile=${if cfg.package.version >= "1.25" then "cis-1.23" else "cis-1.6"}") ++ cfg.extraFlags )}"; ExecStopPost = let From 400d31aeb54e8f5115f7934c43177faa48765d35 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 030/148] nixos/services.spark: remove `with lib;` --- .../services/cluster/spark/default.nix | 45 +++++++++---------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/nixos/modules/services/cluster/spark/default.nix b/nixos/modules/services/cluster/spark/default.nix index 7a3f768471c21..c4ebd34243928 100644 --- a/nixos/modules/services/cluster/spark/default.nix +++ b/nixos/modules/services/cluster/spark/default.nix @@ -2,20 +2,19 @@ let cfg = config.services.spark; in -with lib; { options = { services.spark = { master = { - enable = mkEnableOption "Spark master service"; - bind = mkOption { - type = types.str; + enable = lib.mkEnableOption "Spark master service"; + bind = lib.mkOption { + type = lib.types.str; description = "Address the spark master binds to."; default = "127.0.0.1"; example = "0.0.0.0"; }; - restartIfChanged = mkOption { - type = types.bool; + restartIfChanged = lib.mkOption { + type = lib.types.bool; description = '' Automatically restart master service on config change. This can be set to false to defer restarts on clusters running critical applications. @@ -24,8 +23,8 @@ with lib; ''; default = true; }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = "Extra environment variables to pass to spark master. See spark-standalone documentation."; default = {}; example = { @@ -35,19 +34,19 @@ with lib; }; }; worker = { - enable = mkEnableOption "Spark worker service"; - workDir = mkOption { - type = types.path; + enable = lib.mkEnableOption "Spark worker service"; + workDir = lib.mkOption { + type = lib.types.path; description = "Spark worker work dir."; default = "/var/lib/spark"; }; - master = mkOption { - type = types.str; + master = lib.mkOption { + type = lib.types.str; description = "Address of the spark master."; default = "127.0.0.1:7077"; }; - restartIfChanged = mkOption { - type = types.bool; + restartIfChanged = lib.mkOption { + type = lib.types.bool; description = '' Automatically restart worker service on config change. This can be set to false to defer restarts on clusters running critical applications. @@ -56,8 +55,8 @@ with lib; ''; default = true; }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; description = "Extra environment variables to pass to spark worker."; default = {}; example = { @@ -66,18 +65,18 @@ with lib; }; }; }; - confDir = mkOption { - type = types.path; + confDir = lib.mkOption { + type = lib.types.path; description = "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory."; default = "${cfg.package}/conf"; - defaultText = literalExpression ''"''${package}/conf"''; + defaultText = lib.literalExpression ''"''${package}/conf"''; }; - logDir = mkOption { - type = types.path; + logDir = lib.mkOption { + type = lib.types.path; description = "Spark log directory."; default = "/var/log/spark"; }; - package = mkPackageOption pkgs "spark" { + package = lib.mkPackageOption pkgs "spark" { example = '' spark.overrideAttrs (super: rec { pname = "spark"; From c37db9c3ee26f675df86c4bdd2e58754ee40b6a6 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 031/148] nixos/services.boinc: remove `with lib;` --- .../services/computing/boinc/client.nix | 27 +++++++++---------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index f22e6360e0fd4..01608d33d8d1d 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -1,10 +1,7 @@ {config, lib, pkgs, ...}: - -with lib; - let cfg = config.services.boinc; - allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; + allowRemoteGuiRpcFlag = lib.optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; fhsEnv = pkgs.buildFHSEnv { name = "boinc-fhs-env"; @@ -16,8 +13,8 @@ let in { options.services.boinc = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the BOINC distributed computing client. If this @@ -27,20 +24,20 @@ in ''; }; - package = mkPackageOption pkgs "boinc" { + package = lib.mkPackageOption pkgs "boinc" { example = "boinc-headless"; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/boinc"; description = '' The directory in which to store BOINC's configuration and data files. ''; }; - allowRemoteGuiRpc = mkOption { - type = types.bool; + allowRemoteGuiRpc = lib.mkOption { + type = lib.types.bool; default = false; description = '' If set to true, any remote host can connect to and control this BOINC @@ -52,10 +49,10 @@ in ''; }; - extraEnvPackages = mkOption { - type = types.listOf types.package; + extraEnvPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.virtualbox ]"; + example = lib.literalExpression "[ pkgs.virtualbox ]"; description = '' Additional packages to make available in the environment in which BOINC will run. Common choices are: @@ -77,7 +74,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [cfg.package]; users.users.boinc = { From af42ae43527a8ea4b1983a38ce4c86cf51b7e2f7 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 032/148] nixos/services.foldingathome: remove `with lib;` --- .../computing/foldingathome/client.nix | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/nixos/modules/services/computing/foldingathome/client.nix b/nixos/modules/services/computing/foldingathome/client.nix index 8d330fd8717be..71fc58669d33b 100644 --- a/nixos/modules/services/computing/foldingathome/client.nix +++ b/nixos/modules/services/computing/foldingathome/client.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.foldingathome; @@ -11,19 +10,19 @@ let in { imports = [ - (mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ]) - (mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ]) - (mkRemovedOptionModule [ "services" "foldingathome" "config" ] '' + (lib.mkRenamedOptionModule [ "services" "foldingAtHome" ] [ "services" "foldingathome" ]) + (lib.mkRenamedOptionModule [ "services" "foldingathome" "nickname" ] [ "services" "foldingathome" "user" ]) + (lib.mkRemovedOptionModule [ "services" "foldingathome" "config" ] '' Use services.foldingathome.extraArgs instead '') ]; options.services.foldingathome = { - enable = mkEnableOption "Folding@home client"; + enable = lib.mkEnableOption "Folding@home client"; - package = mkPackageOption pkgs "fahclient" { }; + package = lib.mkPackageOption pkgs "fahclient" { }; - user = mkOption { - type = types.nullOr types.str; + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The user associated with the reported computation results. This will @@ -31,8 +30,8 @@ in ''; }; - team = mkOption { - type = types.int; + team = lib.mkOption { + type = lib.types.int; default = 236565; description = '' The team ID associated with the reported computation results. This @@ -42,8 +41,8 @@ in ''; }; - daemonNiceLevel = mkOption { - type = types.ints.between (-20) 19; + daemonNiceLevel = lib.mkOption { + type = lib.types.ints.between (-20) 19; default = 0; description = '' Daemon process priority for FAHClient. @@ -51,8 +50,8 @@ in ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra startup options for the FAHClient. Run @@ -61,7 +60,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.foldingathome = { description = "Folding@home client"; after = [ "network.target" ]; From 7108ded8fe32bd284e156667ef879348f8050bd3 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 033/148] nixos/services.slurm: remove `with lib;` --- .../services/computing/slurm/slurm.nix | 135 +++++++++--------- 1 file changed, 66 insertions(+), 69 deletions(-) diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index 360a72677ce06..f4944d3ce3186 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.slurm; @@ -15,8 +12,8 @@ let ClusterName=${cfg.clusterName} StateSaveLocation=${cfg.stateSaveLocation} SlurmUser=${cfg.user} - ${optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} - ${optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} + ${lib.optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} + ${lib.optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} ${toString (map (x: "NodeName=${x}\n") cfg.nodeName)} ${toString (map (x: "PartitionName=${x}\n") cfg.partitionName)} PlugStackConfig=${plugStackConfig}/plugstack.conf @@ -26,7 +23,7 @@ let plugStackConfig = pkgs.writeTextDir "plugstack.conf" '' - ${optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} + ${lib.optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} ${cfg.extraPlugstackConfig} ''; @@ -56,15 +53,15 @@ in ###### interface - meta.maintainers = [ maintainers.markuskowa ]; + meta.maintainers = [ lib.maintainers.markuskowa ]; options = { services.slurm = { server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the slurm control daemon. @@ -76,29 +73,29 @@ in }; dbdserver = { - enable = mkEnableOption "SlurmDBD service"; + enable = lib.mkEnableOption "SlurmDBD service"; - dbdHost = mkOption { - type = types.str; + dbdHost = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; description = '' Hostname of the machine where `slurmdbd` is running (i.e. name returned by `hostname -s`). ''; }; - storageUser = mkOption { - type = types.str; + storageUser = lib.mkOption { + type = lib.types.str; default = cfg.user; - defaultText = literalExpression "config.${opt.user}"; + defaultText = lib.literalExpression "config.${opt.user}"; description = '' Database user name. ''; }; - storagePassFile = mkOption { - type = with types; nullOr str; + storagePassFile = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Path to file with database password. The content of this will be used to @@ -106,8 +103,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra configuration for `slurmdbd.conf` See also: @@ -117,11 +114,11 @@ in }; client = { - enable = mkEnableOption "slurm client daemon"; + enable = lib.mkEnableOption "slurm client daemon"; }; - enableStools = mkOption { - type = types.bool; + enableStools = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to provide a slurm.conf file. @@ -131,14 +128,14 @@ in ''; }; - package = mkPackageOption pkgs "slurm" { + package = lib.mkPackageOption pkgs "slurm" { example = "slurm-full"; } // { default = pkgs.slurm.override { enableX11 = ! cfg.enableSrunX11; }; }; - controlMachine = mkOption { - type = types.nullOr types.str; + controlMachine = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = null; description = '' @@ -148,10 +145,10 @@ in ''; }; - controlAddr = mkOption { - type = types.nullOr types.str; + controlAddr = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = cfg.controlMachine; - defaultText = literalExpression "config.${opt.controlMachine}"; + defaultText = lib.literalExpression "config.${opt.controlMachine}"; example = null; description = '' Name that ControlMachine should be referred to in establishing a @@ -159,8 +156,8 @@ in ''; }; - clusterName = mkOption { - type = types.str; + clusterName = lib.mkOption { + type = lib.types.str; default = "default"; example = "myCluster"; description = '' @@ -168,10 +165,10 @@ in ''; }; - nodeName = mkOption { - type = types.listOf types.str; + nodeName = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - example = literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; + example = lib.literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; description = '' Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" @@ -179,19 +176,19 @@ in ''; }; - partitionName = mkOption { - type = types.listOf types.str; + partitionName = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - example = literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; + example = lib.literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; description = '' Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name. ''; }; - enableSrunX11 = mkOption { + enableSrunX11 = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the @@ -207,8 +204,8 @@ in ''; }; - procTrackType = mkOption { - type = types.str; + procTrackType = lib.mkOption { + type = lib.types.str; default = "proctrack/linuxproc"; description = '' Plugin to be used for process tracking on a job step basis. @@ -217,16 +214,16 @@ in ''; }; - stateSaveLocation = mkOption { - type = types.str; + stateSaveLocation = lib.mkOption { + type = lib.types.str; default = "/var/spool/slurmctld"; description = '' Directory into which the Slurm controller, slurmctld, saves its state. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = defaultUser; description = '' Set this option when you want to run the slurmctld daemon @@ -236,34 +233,34 @@ in ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration options that will be added verbatim at the end of the slurm configuration file. ''; }; - extraPlugstackConfig = mkOption { + extraPlugstackConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration that will be added to the end of `plugstack.conf`. ''; }; - extraCgroupConfig = mkOption { + extraCgroupConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Extra configuration for `cgroup.conf`. This file is used when `procTrackType=proctrack/cgroup`. ''; }; - extraConfigPaths = mkOption { - type = with types; listOf path; + extraConfigPaths = lib.mkOption { + type = with lib.types; listOf path; default = []; description = '' Slurm expects config files for plugins in the same path @@ -273,11 +270,11 @@ in ''; }; - etcSlurm = mkOption { - type = types.path; + etcSlurm = lib.mkOption { + type = lib.types.path; internal = true; default = etcSlurm; - defaultText = literalMD '' + defaultText = lib.literalMD '' Directory created from generated config files and `config.${opt.extraConfigPaths}`. ''; @@ -292,11 +289,11 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' + (lib.mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' This option has been removed so that the database password is not exposed via the nix store. Use services.slurm.dbdserver.storagePassFile to provide the database password. '') - (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' + (lib.mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' This option has been removed. Use services.slurm.dbdserver.storagePassFile and services.slurm.dbdserver.extraConfig instead. '') @@ -312,7 +309,7 @@ in builder = pkgs.writeText "builder.sh" '' source $stdenv/setup mkdir -p $out/bin - find ${getBin cfg.package}/bin -type f -executable | while read EXE + find ${lib.getBin cfg.package}/bin -type f -executable | while read EXE do exename="$(basename $EXE)" wrappername="$out/bin/$exename" @@ -329,21 +326,21 @@ in done mkdir -p $out/share - ln -s ${getBin cfg.package}/share/man $out/share/man + ln -s ${lib.getBin cfg.package}/share/man $out/share/man ''; }; - in mkIf ( cfg.enableStools || + in lib.mkIf ( cfg.enableStools || cfg.client.enable || cfg.server.enable || cfg.dbdserver.enable ) { environment.systemPackages = [ wrappedSlurm ]; - services.munge.enable = mkDefault true; + services.munge.enable = lib.mkDefault true; # use a static uid as default to ensure it is the same on all nodes - users.users.slurm = mkIf (cfg.user == defaultUser) { + users.users.slurm = lib.mkIf (cfg.user == defaultUser) { name = defaultUser; group = "slurm"; uid = config.ids.uids.slurm; @@ -351,7 +348,7 @@ in users.groups.slurm.gid = config.ids.uids.slurm; - systemd.services.slurmd = mkIf (cfg.client.enable) { + systemd.services.slurmd = lib.mkIf (cfg.client.enable) { path = with pkgs; [ wrappedSlurm coreutils ] ++ lib.optional cfg.enableSrunX11 slurm-spank-x11; @@ -375,13 +372,13 @@ in }; }; - systemd.tmpfiles.rules = mkIf cfg.client.enable [ + systemd.tmpfiles.rules = lib.mkIf cfg.client.enable [ "d /var/spool/slurmd 755 root root -" ]; - services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true); + services.openssh.settings.X11Forwarding = lib.mkIf cfg.client.enable (lib.mkDefault true); - systemd.services.slurmctld = mkIf (cfg.server.enable) { + systemd.services.slurmctld = lib.mkIf (cfg.server.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ] ++ lib.optional cfg.enableSrunX11 slurm-spank-x11; @@ -405,7 +402,7 @@ in systemd.services.slurmdbd = let # slurm strips the last component off the path configPath = "$RUNTIME_DIRECTORY/slurmdbd.conf"; - in mkIf (cfg.dbdserver.enable) { + in lib.mkIf (cfg.dbdserver.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ]; wantedBy = [ "multi-user.target" ]; @@ -414,7 +411,7 @@ in preStart = '' install -m 600 -o ${cfg.user} -T ${slurmdbdConf} ${configPath} - ${optionalString (cfg.dbdserver.storagePassFile != null) '' + ${lib.optionalString (cfg.dbdserver.storagePassFile != null) '' echo "StoragePass=$(cat ${cfg.dbdserver.storagePassFile})" \ >> ${configPath} ''} From 5b4982c0e0cff26276443c334024a9601422c8c8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:56 +0200 Subject: [PATCH 034/148] nixos/services.torque.mom: remove `with lib;` --- nixos/modules/services/computing/torque/mom.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/computing/torque/mom.nix b/nixos/modules/services/computing/torque/mom.nix index 6747bd4b0d5aa..8bc5fc134fcba 100644 --- a/nixos/modules/services/computing/torque/mom.nix +++ b/nixos/modules/services/computing/torque/mom.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.torque.mom; @@ -17,10 +14,10 @@ in options = { services.torque.mom = { - enable = mkEnableOption "torque computing node"; + enable = lib.mkEnableOption "torque computing node"; - serverNode = mkOption { - type = types.str; + serverNode = lib.mkOption { + type = lib.types.str; description = "Hostname running pbs server."; }; @@ -28,7 +25,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.torque ]; systemd.services.torque-mom-init = { From 2dc19bf4e0d33c08cb92561ed1ee94602f5d901a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 035/148] nixos/services.torque.server: remove `with lib;` --- nixos/modules/services/computing/torque/server.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/computing/torque/server.nix b/nixos/modules/services/computing/torque/server.nix index 8d923fc04d46d..27be2c65b7e0f 100644 --- a/nixos/modules/services/computing/torque/server.nix +++ b/nixos/modules/services/computing/torque/server.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.torque.server; torque = pkgs.torque; @@ -11,13 +8,13 @@ in services.torque.server = { - enable = mkEnableOption "torque server"; + enable = lib.mkEnableOption "torque server"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.torque ]; systemd.services.torque-server-init = { From d43e1678e71e6627d1e62e1203b2e02314ab8ef1 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 036/148] nixos/services.buildbot-master: remove `with lib;` --- .../buildbot/master.nix | 150 +++++++++--------- 1 file changed, 73 insertions(+), 77 deletions(-) diff --git a/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixos/modules/services/continuous-integration/buildbot/master.nix index a4a9eee672cf4..d744b73bf158b 100644 --- a/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -1,9 +1,5 @@ # NixOS module for Buildbot continuous integration server. - { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.buildbot-master; opt = options.services.buildbot-master; @@ -11,27 +7,27 @@ let package = pkgs.python3.pkgs.toPythonModule cfg.package; python = package.pythonModule; - escapeStr = escape [ "'" ]; + escapeStr = lib.escape [ "'" ]; defaultMasterCfg = pkgs.writeText "master.cfg" '' from buildbot.plugins import * ${cfg.extraImports} factory = util.BuildFactory() c = BuildmasterConfig = dict( - workers = [${concatStringsSep "," cfg.workers}], + workers = [${lib.concatStringsSep "," cfg.workers}], protocols = { 'pb': {'port': ${toString cfg.pbPort} } }, - title = '${escapeStr cfg.title}', - titleURL = '${escapeStr cfg.titleUrl}', - buildbotURL = '${escapeStr cfg.buildbotUrl}', - db = dict(db_url='${escapeStr cfg.dbUrl}'), + title = '${lib.escapeStr cfg.title}', + titleURL = '${lib.escapeStr cfg.titleUrl}', + buildbotURL = '${lib.escapeStr cfg.buildbotUrl}', + db = dict(db_url='${lib.escapeStr cfg.dbUrl}'), www = dict(port=${toString cfg.port}), - change_source = [ ${concatStringsSep "," cfg.changeSource} ], - schedulers = [ ${concatStringsSep "," cfg.schedulers} ], - builders = [ ${concatStringsSep "," cfg.builders} ], - services = [ ${concatStringsSep "," cfg.reporters} ], - configurators = [ ${concatStringsSep "," cfg.configurators} ], + change_source = [ ${lib.concatStringsSep "," cfg.changeSource} ], + schedulers = [ ${lib.concatStringsSep "," cfg.schedulers} ], + builders = [ ${lib.concatStringsSep "," cfg.builders} ], + services = [ ${lib.concatStringsSep "," cfg.reporters} ], + configurators = [ ${lib.concatStringsSep "," cfg.configurators} ], ) - for step in [ ${concatStringsSep "," cfg.factorySteps} ]: + for step in [ ${lib.concatStringsSep "," cfg.factorySteps} ]: factory.addStep(step) ${cfg.extraConfig} @@ -62,8 +58,8 @@ in { options = { services.buildbot-master = { - factorySteps = mkOption { - type = types.listOf types.str; + factorySteps = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Factory Steps"; default = []; example = [ @@ -72,8 +68,8 @@ in { ]; }; - changeSource = mkOption { - type = types.listOf types.str; + changeSource = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Change Sources."; default = []; example = [ @@ -81,8 +77,8 @@ in { ]; }; - configurators = mkOption { - type = types.listOf types.str; + configurators = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html"; default = []; example = [ @@ -90,35 +86,35 @@ in { ]; }; - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the Buildbot continuous integration server."; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; description = "Extra configuration to append to master.cfg"; default = "c['buildbotNetUsageData'] = None"; }; - extraImports = mkOption { - type = types.str; + extraImports = lib.mkOption { + type = lib.types.str; description = "Extra python imports to prepend to master.cfg"; default = ""; example = "from buildbot.process.project import Project"; }; - masterCfg = mkOption { - type = types.path; + masterCfg = lib.mkOption { + type = lib.types.path; description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = defaultMasterCfg; - defaultText = literalMD ''generated configuration file''; + defaultText = lib.literalMD ''generated configuration file''; example = "/etc/nixos/buildbot/master.cfg"; }; - schedulers = mkOption { - type = types.listOf types.str; + schedulers = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Schedulers."; default = [ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" @@ -126,60 +122,60 @@ in { ]; }; - builders = mkOption { - type = types.listOf types.str; + builders = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Builders."; default = [ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]; }; - workers = mkOption { - type = types.listOf types.str; + workers = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of Workers."; default = [ "worker.Worker('example-worker', 'pass')" ]; }; - reporters = mkOption { + reporters = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "List of reporter objects used to present build status to various users."; }; - user = mkOption { + user = lib.mkOption { default = "buildbot"; - type = types.str; + type = lib.types.str; description = "User the buildbot server should execute under."; }; - group = mkOption { + group = lib.mkOption { default = "buildbot"; - type = types.str; + type = lib.types.str; description = "Primary group of buildbot user."; }; - extraGroups = mkOption { - type = types.listOf types.str; + extraGroups = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = "List of extra groups that the buildbot user should be a part of."; }; - home = mkOption { + home = lib.mkOption { default = "/home/buildbot"; - type = types.path; + type = lib.types.path; description = "Buildbot home directory."; }; - buildbotDir = mkOption { + buildbotDir = lib.mkOption { default = "${cfg.home}/master"; - defaultText = literalExpression ''"''${config.${opt.home}}/master"''; - type = types.path; + defaultText = lib.literalExpression ''"''${config.${opt.home}}/master"''; + type = lib.types.path; description = "Specifies the Buildbot directory."; }; - pbPort = mkOption { + pbPort = lib.mkOption { default = 9989; - type = types.either types.str types.int; + type = lib.types.either lib.types.str lib.types.int; example = "'tcp:9990:interface=127.0.0.1'"; description = '' The buildmaster will listen on a TCP port of your choosing @@ -193,69 +189,69 @@ in { ''; }; - listenAddress = mkOption { + listenAddress = lib.mkOption { default = "0.0.0.0"; - type = types.str; + type = lib.types.str; description = "Specifies the bind address on which the buildbot HTTP interface listens."; }; - buildbotUrl = mkOption { + buildbotUrl = lib.mkOption { default = "http://localhost:8010/"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot URL."; }; - title = mkOption { + title = lib.mkOption { default = "Buildbot"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot Title."; }; - titleUrl = mkOption { + titleUrl = lib.mkOption { default = "Buildbot"; - type = types.str; + type = lib.types.str; description = "Specifies the Buildbot TitleURL."; }; - dbUrl = mkOption { + dbUrl = lib.mkOption { default = "sqlite:///state.sqlite"; - type = types.str; + type = lib.types.str; description = "Specifies the database connection string."; }; - port = mkOption { + port = lib.mkOption { default = 8010; - type = types.port; + type = lib.types.port; description = "Specifies port number on which the buildbot HTTP interface listens."; }; - package = mkPackageOption pkgs "buildbot-full" { + package = lib.mkPackageOption pkgs "buildbot-full" { example = "buildbot"; }; - packages = mkOption { + packages = lib.mkOption { default = [ pkgs.git ]; - defaultText = literalExpression "[ pkgs.git ]"; - type = types.listOf types.package; + defaultText = lib.literalExpression "[ pkgs.git ]"; + type = lib.types.listOf lib.types.package; description = "Packages to add to PATH for the buildbot process."; }; - pythonPackages = mkOption { - type = types.functionTo (types.listOf types.package); + pythonPackages = lib.mkOption { + type = lib.types.functionTo (lib.types.listOf lib.types.package); default = pythonPackages: with pythonPackages; [ ]; - defaultText = literalExpression "pythonPackages: with pythonPackages; [ ]"; + defaultText = lib.literalExpression "pythonPackages: with pythonPackages; [ ]"; description = "Packages to add the to the PYTHONPATH of the buildbot process."; - example = literalExpression "pythonPackages: with pythonPackages; [ requests ]"; + example = lib.literalExpression "pythonPackages: with pythonPackages; [ requests ]"; }; }; }; - config = mkIf cfg.enable { - users.groups = optionalAttrs (cfg.group == "buildbot") { + config = lib.mkIf cfg.enable { + users.groups = lib.optionalAttrs (cfg.group == "buildbot") { buildbot = { }; }; - users.users = optionalAttrs (cfg.user == "buildbot") { + users.users = lib.optionalAttrs (cfg.user == "buildbot") { buildbot = { description = "Buildbot User."; isNormalUser = true; @@ -298,8 +294,8 @@ in { }; imports = [ - (mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ]) - (mkRemovedOptionModule [ "services" "buildbot-master" "status" ] '' + (lib.mkRenamedOptionModule [ "services" "buildbot-master" "bpPort" ] [ "services" "buildbot-master" "pbPort" ]) + (lib.mkRemovedOptionModule [ "services" "buildbot-master" "status" ] '' Since Buildbot 0.9.0, status targets are deprecated and ignored. Review your configuration and migrate to reporters (available at services.buildbot-master.reporters). '') From 7d32787294f6122045e90927b804bc6cd6d3693e Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 037/148] nixos/services.etcd: remove `with lib;` --- nixos/modules/services/databases/etcd.nix | 123 +++++++++++----------- 1 file changed, 60 insertions(+), 63 deletions(-) diff --git a/nixos/modules/services/databases/etcd.nix b/nixos/modules/services/databases/etcd.nix index ebc905ad08f61..b10fdb801c501 100644 --- a/nixos/modules/services/databases/etcd.nix +++ b/nixos/modules/services/databases/etcd.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.etcd; opt = options.services.etcd; @@ -9,98 +6,98 @@ let in { options.services.etcd = { - enable = mkOption { + enable = lib.mkOption { description = "Whether to enable etcd."; default = false; - type = types.bool; + type = lib.types.bool; }; - package = mkPackageOption pkgs "etcd" { }; + package = lib.mkPackageOption pkgs "etcd" { }; - name = mkOption { + name = lib.mkOption { description = "Etcd unique node name."; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; - type = types.str; + defaultText = lib.literalExpression "config.networking.hostName"; + type = lib.types.str; }; - advertiseClientUrls = mkOption { + advertiseClientUrls = lib.mkOption { description = "Etcd list of this member's client URLs to advertise to the rest of the cluster."; default = cfg.listenClientUrls; - defaultText = literalExpression "config.${opt.listenClientUrls}"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.${opt.listenClientUrls}"; + type = lib.types.listOf lib.types.str; }; - listenClientUrls = mkOption { + listenClientUrls = lib.mkOption { description = "Etcd list of URLs to listen on for client traffic."; default = ["http://127.0.0.1:2379"]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; }; - listenPeerUrls = mkOption { + listenPeerUrls = lib.mkOption { description = "Etcd list of URLs to listen on for peer traffic."; default = ["http://127.0.0.1:2380"]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; }; - initialAdvertisePeerUrls = mkOption { + initialAdvertisePeerUrls = lib.mkOption { description = "Etcd list of this member's peer URLs to advertise to rest of the cluster."; default = cfg.listenPeerUrls; - defaultText = literalExpression "config.${opt.listenPeerUrls}"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.${opt.listenPeerUrls}"; + type = lib.types.listOf lib.types.str; }; - initialCluster = mkOption { + initialCluster = lib.mkOption { description = "Etcd initial cluster configuration for bootstrapping."; default = ["${cfg.name}=http://127.0.0.1:2380"]; - defaultText = literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; - type = types.listOf types.str; + defaultText = lib.literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; + type = lib.types.listOf lib.types.str; }; - initialClusterState = mkOption { + initialClusterState = lib.mkOption { description = "Etcd initial cluster configuration for bootstrapping."; default = "new"; - type = types.enum ["new" "existing"]; + type = lib.types.enum ["new" "existing"]; }; - initialClusterToken = mkOption { + initialClusterToken = lib.mkOption { description = "Etcd initial cluster token for etcd cluster during bootstrap."; default = "etcd-cluster"; - type = types.str; + type = lib.types.str; }; - discovery = mkOption { + discovery = lib.mkOption { description = "Etcd discovery url"; default = ""; - type = types.str; + type = lib.types.str; }; - clientCertAuth = mkOption { + clientCertAuth = lib.mkOption { description = "Whether to use certs for client authentication"; default = false; - type = types.bool; + type = lib.types.bool; }; - trustedCaFile = mkOption { + trustedCaFile = lib.mkOption { description = "Certificate authority file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - certFile = mkOption { + certFile = lib.mkOption { description = "Cert file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - keyFile = mkOption { + keyFile = lib.mkOption { description = "Key file to use for clients"; default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open etcd ports in the firewall. @@ -110,41 +107,41 @@ in { ''; }; - peerCertFile = mkOption { + peerCertFile = lib.mkOption { description = "Cert file to use for peer to peer communication"; default = cfg.certFile; - defaultText = literalExpression "config.${opt.certFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.certFile}"; + type = lib.types.nullOr lib.types.path; }; - peerKeyFile = mkOption { + peerKeyFile = lib.mkOption { description = "Key file to use for peer to peer communication"; default = cfg.keyFile; - defaultText = literalExpression "config.${opt.keyFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.keyFile}"; + type = lib.types.nullOr lib.types.path; }; - peerTrustedCaFile = mkOption { + peerTrustedCaFile = lib.mkOption { description = "Certificate authority file to use for peer to peer communication"; default = cfg.trustedCaFile; - defaultText = literalExpression "config.${opt.trustedCaFile}"; - type = types.nullOr types.path; + defaultText = lib.literalExpression "config.${opt.trustedCaFile}"; + type = lib.types.nullOr lib.types.path; }; - peerClientCertAuth = mkOption { + peerClientCertAuth = lib.mkOption { description = "Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA"; default = false; - type = types.bool; + type = lib.types.bool; }; - extraConf = mkOption { + extraConf = lib.mkOption { description = '' Etcd extra configuration. See ''; - type = types.attrsOf types.str; + type = lib.types.attrsOf lib.types.str; default = {}; - example = literalExpression '' + example = lib.literalExpression '' { "CORS" = "*"; "NAME" = "default-name"; @@ -155,14 +152,14 @@ in { ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/etcd"; description = "Etcd data directory."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.tmpfiles.settings."10-etcd".${cfg.dataDir}.d = { user = "etcd"; mode = "0700"; @@ -176,14 +173,14 @@ in { wants = [ "network-online.target" ] ++ lib.optional config.networking.firewall.enable "firewall.service"; - environment = (filterAttrs (n: v: v != null) { + environment = (lib.filterAttrs (n: v: v != null) { ETCD_NAME = cfg.name; ETCD_DISCOVERY = cfg.discovery; ETCD_DATA_DIR = cfg.dataDir; - ETCD_ADVERTISE_CLIENT_URLS = concatStringsSep "," cfg.advertiseClientUrls; - ETCD_LISTEN_CLIENT_URLS = concatStringsSep "," cfg.listenClientUrls; - ETCD_LISTEN_PEER_URLS = concatStringsSep "," cfg.listenPeerUrls; - ETCD_INITIAL_ADVERTISE_PEER_URLS = concatStringsSep "," cfg.initialAdvertisePeerUrls; + ETCD_ADVERTISE_CLIENT_URLS = lib.concatStringsSep "," cfg.advertiseClientUrls; + ETCD_LISTEN_CLIENT_URLS = lib.concatStringsSep "," cfg.listenClientUrls; + ETCD_LISTEN_PEER_URLS = lib.concatStringsSep "," cfg.listenPeerUrls; + ETCD_INITIAL_ADVERTISE_PEER_URLS = lib.concatStringsSep "," cfg.initialAdvertisePeerUrls; ETCD_PEER_CLIENT_CERT_AUTH = toString cfg.peerClientCertAuth; ETCD_PEER_TRUSTED_CA_FILE = cfg.peerTrustedCaFile; ETCD_PEER_CERT_FILE = cfg.peerCertFile; @@ -192,11 +189,11 @@ in { ETCD_TRUSTED_CA_FILE = cfg.trustedCaFile; ETCD_CERT_FILE = cfg.certFile; ETCD_KEY_FILE = cfg.keyFile; - }) // (optionalAttrs (cfg.discovery == ""){ - ETCD_INITIAL_CLUSTER = concatStringsSep "," cfg.initialCluster; + }) // (lib.optionalAttrs (cfg.discovery == ""){ + ETCD_INITIAL_CLUSTER = lib.concatStringsSep "," cfg.initialCluster; ETCD_INITIAL_CLUSTER_STATE = cfg.initialClusterState; ETCD_INITIAL_CLUSTER_TOKEN = cfg.initialClusterToken; - }) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf); + }) // (lib.mapAttrs' (n: v: lib.nameValuePair "ETCD_${n}" v) cfg.extraConf); unitConfig = { Documentation = "https://github.com/coreos/etcd"; From 13c9b59247bf5eafb634f8243c991268a9f7ee13 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 038/148] nixos/services.accounts-daemon: remove `with lib;` --- .../services/desktops/accountsservice.nix | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/nixos/modules/services/desktops/accountsservice.nix b/nixos/modules/services/desktops/accountsservice.nix index ae2ecb5ffeb71..4c407ca3828a2 100644 --- a/nixos/modules/services/desktops/accountsservice.nix +++ b/nixos/modules/services/desktops/accountsservice.nix @@ -1,23 +1,17 @@ # AccountsService daemon. - { config, lib, pkgs, ... }: - -with lib; - { - meta = { - maintainers = teams.freedesktop.members; + maintainers = lib.teams.freedesktop.members; }; ###### interface - options = { services.accounts-daemon = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable AccountsService, a DBus service for accessing @@ -29,10 +23,8 @@ with lib; }; - ###### implementation - - config = mkIf config.services.accounts-daemon.enable { + config = lib.mkIf config.services.accounts-daemon.enable { environment.systemPackages = [ pkgs.accountsservice ]; @@ -43,14 +35,14 @@ with lib; systemd.packages = [ pkgs.accountsservice ]; - systemd.services.accounts-daemon = recursiveUpdate { + systemd.services.accounts-daemon = lib.recursiveUpdate { wantedBy = [ "graphical.target" ]; # Accounts daemon looks for dbus interfaces in $XDG_DATA_DIRS/accountsservice environment.XDG_DATA_DIRS = "${config.system.path}/share"; - } (optionalAttrs (!config.users.mutableUsers) { + } (lib.optionalAttrs (!config.users.mutableUsers) { environment.NIXOS_USERS_PURE = "true"; }); }; From 9faf71229844adea6b24613b27489d5ee1e1b68a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 039/148] nixos/services.bamf: remove `with lib;` --- nixos/modules/services/desktops/bamf.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/desktops/bamf.nix b/nixos/modules/services/desktops/bamf.nix index 13de3a44328f4..d9c46e94d9e04 100644 --- a/nixos/modules/services/desktops/bamf.nix +++ b/nixos/modules/services/desktops/bamf.nix @@ -1,25 +1,21 @@ # Bamf - { config, lib, pkgs, ... }: - -with lib; - { meta = with lib; { - maintainers = with maintainers; [ ] ++ teams.pantheon.members; + maintainers = with lib.maintainers; [ ] ++ lib.teams.pantheon.members; }; ###### interface options = { services.bamf = { - enable = mkEnableOption "bamf"; + enable = lib.mkEnableOption "bamf"; }; }; ###### implementation - config = mkIf config.services.bamf.enable { + config = lib.mkIf config.services.bamf.enable { services.dbus.packages = [ pkgs.bamf ]; systemd.packages = [ pkgs.bamf ]; From 4b4b2cca1b2fff884949e66dd7ec76032b0e89d3 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 040/148] nixos/services.rspamd-trainer: remove `with lib;` --- nixos/modules/services/mail/rspamd-trainer.nix | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/mail/rspamd-trainer.nix b/nixos/modules/services/mail/rspamd-trainer.nix index 81a0c460f0c30..11c4363cc1d58 100644 --- a/nixos/modules/services/mail/rspamd-trainer.nix +++ b/nixos/modules/services/mail/rspamd-trainer.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rspamd-trainer; @@ -10,18 +7,18 @@ let in { options.services.rspamd-trainer = { - enable = mkEnableOption "Spam/ham trainer for rspamd"; + enable = lib.mkEnableOption "Spam/ham trainer for rspamd"; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' IMAP authentication configuration for rspamd-trainer. For supplying the IMAP password, use the `secrets` option. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; - example = literalExpression '' + example = lib.literalExpression '' { HOST = "localhost"; USERNAME = "spam@example.com"; @@ -31,7 +28,7 @@ in { }; secrets = lib.mkOption { - type = with types; listOf path; + type = with lib.types; listOf path; description = '' A list of files containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. For the @@ -42,7 +39,7 @@ in { }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { services.rspamd-trainer = { From a19107dd8a14bc20a905329c2eaf3c7f6f5d3505 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:57 +0200 Subject: [PATCH 041/148] nixos/services.rss2email: remove `with lib;` --- nixos/modules/services/mail/rss2email.nix | 35 +++++++++++------------ 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/nixos/modules/services/mail/rss2email.nix b/nixos/modules/services/mail/rss2email.nix index c3327f7b436cd..12553b9d8919a 100644 --- a/nixos/modules/services/mail/rss2email.nix +++ b/nixos/modules/services/mail/rss2email.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.rss2email; in { @@ -12,25 +9,25 @@ in { services.rss2email = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable rss2email."; }; - to = mkOption { - type = types.str; + to = lib.mkOption { + type = lib.types.str; description = "Mail address to which to send emails"; }; - interval = mkOption { - type = types.str; + interval = lib.mkOption { + type = lib.types.str; default = "12h"; description = "How often to check the feeds, in systemd interval format"; }; - config = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); + config = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool ]); default = {}; description = '' The configuration to give rss2email. @@ -48,17 +45,17 @@ in { ''; }; - feeds = mkOption { + feeds = lib.mkOption { description = "The feeds to watch."; - type = types.attrsOf (types.submodule { + type = lib.types.attrsOf (lib.types.submodule { options = { - url = mkOption { - type = types.str; + url = lib.mkOption { + type = lib.types.str; description = "The URL at which to fetch the feed."; }; - to = mkOption { - type = with types; nullOr str; + to = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Email address to which to send feed items. @@ -78,7 +75,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.groups = { rss2email.gid = config.ids.gids.rss2email; }; @@ -104,7 +101,7 @@ in { systemd.services.rss2email = let conf = pkgs.writeText "rss2email.cfg" (lib.generators.toINI {} ({ DEFAULT = cfg.config; - } // lib.mapAttrs' (name: feed: nameValuePair "feed.${name}" ( + } // lib.mapAttrs' (name: feed: lib.nameValuePair "feed.${name}" ( { inherit (feed) url; } // lib.optionalAttrs (feed.to != null) { inherit (feed) to; } )) cfg.feeds From 691cc4462a6783c553956eb15730f7fb97967246 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 042/148] nixos/services.gitolite: remove `with lib;` --- nixos/modules/services/misc/gitolite.nix | 57 +++++++++++------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix index 89f72c046755f..779a9ac9929db 100644 --- a/nixos/modules/services/misc/gitolite.nix +++ b/nixos/modules/services/misc/gitolite.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.gitolite; # Use writeTextDir to not leak Nix store hash into file name @@ -11,8 +8,8 @@ in { options = { services.gitolite = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable gitolite management under the @@ -22,8 +19,8 @@ in ''; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/var/lib/gitolite"; description = '' The gitolite home directory used to store all repositories. If left as the default value @@ -33,8 +30,8 @@ in ''; }; - adminPubkey = mkOption { - type = types.str; + adminPubkey = lib.mkOption { + type = lib.types.str; description = '' Initial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used @@ -43,8 +40,8 @@ in ''; }; - enableGitAnnex = mkOption { - type = types.bool; + enableGitAnnex = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable git-annex support. Uses the `extraGitoliteRc` option @@ -52,18 +49,18 @@ in ''; }; - commonHooks = mkOption { - type = types.listOf types.path; + commonHooks = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = '' A list of custom git hooks that get copied to `~/.gitolite/hooks/common`. ''; }; - extraGitoliteRc = mkOption { - type = types.lines; + extraGitoliteRc = lib.mkOption { + type = lib.types.lines; default = ""; - example = literalExpression '' + example = lib.literalExpression '' ''' $RC{UMASK} = 0027; $RC{SITE_INFO} = 'This is our private repository host'; @@ -93,24 +90,24 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "gitolite"; description = '' Gitolite user account. This is the username of the gitolite endpoint. ''; }; - description = mkOption { - type = types.str; + description = lib.mkOption { + type = lib.types.str; default = "Gitolite user"; description = '' Gitolite user account's description. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "gitolite"; description = '' Primary group of the Gitolite user account. @@ -119,7 +116,7 @@ in }; }; - config = mkIf cfg.enable ( + config = lib.mkIf cfg.enable ( let manageGitoliteRc = cfg.extraGitoliteRc != ""; rcDir = pkgs.runCommand "gitolite-rc" { preferLocalBuild = true; } rcDirScript; @@ -136,18 +133,18 @@ in END cat "$out/gitolite.rc.default" >>"$out/gitolite.rc" '' + - optionalString (cfg.extraGitoliteRc != "") '' - echo -n ${escapeShellArg '' + lib.optionalString (cfg.extraGitoliteRc != "") '' + echo -n ${lib.escapeShellArg '' # Added by NixOS: - ${removeSuffix "\n" cfg.extraGitoliteRc} + ${lib.removeSuffix "\n" cfg.extraGitoliteRc} # per perl rules, this should be the last line in such a file: 1; ''} >>"$out/gitolite.rc" ''; in { - services.gitolite.extraGitoliteRc = optionalString cfg.enableGitAnnex '' + services.gitolite.extraGitoliteRc = lib.optionalString cfg.enableGitAnnex '' # Enable git-annex support: push( @{$RC{ENABLE}}, 'git-annex-shell ua'); ''; @@ -171,8 +168,8 @@ in GITOLITE_RC_DEFAULT = "${rcDir}/gitolite.rc.default"; }; - serviceConfig = mkMerge [ - (mkIf (cfg.dataDir == "/var/lib/gitolite") { + serviceConfig = lib.mkMerge [ + (lib.mkIf (cfg.dataDir == "/var/lib/gitolite") { StateDirectory = "gitolite gitolite/.gitolite gitolite/.gitolite/logs"; StateDirectoryMode = "0750"; }) @@ -236,6 +233,6 @@ in }; environment.systemPackages = [ pkgs.gitolite pkgs.git ] - ++ optional cfg.enableGitAnnex pkgs.git-annex; + ++ lib.optional cfg.enableGitAnnex pkgs.git-annex; }); } From d70aff48047ecf5743cbb5bbc2eab06cfafe7834 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 043/148] nixos/services.gogs: remove `with lib;` --- nixos/modules/services/misc/gogs.nix | 103 +++++++++++++-------------- 1 file changed, 50 insertions(+), 53 deletions(-) diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix index e4e23d5972377..a2c1ad0779e15 100644 --- a/nixos/modules/services/misc/gogs.nix +++ b/nixos/modules/services/misc/gogs.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.gogs; opt = options.services.gogs; @@ -29,7 +26,7 @@ let [session] COOKIE_NAME = session - COOKIE_SECURE = ${boolToString cfg.cookieSecure} + COOKIE_SECURE = ${lib.boolToString cfg.cookieSecure} [security] SECRET_KEY = #secretkey# @@ -45,70 +42,70 @@ in { options = { services.gogs = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Enable Go Git Service."; }; - useWizard = mkOption { + useWizard = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator."; }; - stateDir = mkOption { + stateDir = lib.mkOption { default = "/var/lib/gogs"; - type = types.str; + type = lib.types.str; description = "Gogs data directory."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "User account under which Gogs runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "Group account under which Gogs runs."; }; database = { - type = mkOption { - type = types.enum [ "sqlite3" "mysql" "postgres" ]; + type = lib.mkOption { + type = lib.types.enum [ "sqlite3" "mysql" "postgres" ]; example = "mysql"; default = "sqlite3"; description = "Database engine to use."; }; - host = mkOption { - type = types.str; + host = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = "Database host address."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 3306; description = "Database host port."; }; - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "Database name."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "gogs"; description = "Database user."; }; - password = mkOption { - type = types.str; + password = lib.mkOption { + type = lib.types.str; default = ""; description = '' The password corresponding to {option}`database.user`. @@ -117,8 +114,8 @@ in ''; }; - passwordFile = mkOption { - type = types.nullOr types.path; + passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/gogs-dbpassword"; description = '' @@ -127,53 +124,53 @@ in ''; }; - path = mkOption { - type = types.str; + path = lib.mkOption { + type = lib.types.str; default = "${cfg.stateDir}/data/gogs.db"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/gogs.db"''; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/data/gogs.db"''; description = "Path to the sqlite3 database file."; }; }; - appName = mkOption { - type = types.str; + appName = lib.mkOption { + type = lib.types.str; default = "Gogs: Go Git Service"; description = "Application name."; }; - repositoryRoot = mkOption { - type = types.str; + repositoryRoot = lib.mkOption { + type = lib.types.str; default = "${cfg.stateDir}/repositories"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"''; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/repositories"''; description = "Path to the git repositories."; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; default = "localhost"; description = "Domain name of your server."; }; - rootUrl = mkOption { - type = types.str; + rootUrl = lib.mkOption { + type = lib.types.str; default = "http://localhost:3000/"; description = "Full public URL of Gogs server."; }; - httpAddress = mkOption { - type = types.str; + httpAddress = lib.mkOption { + type = lib.types.str; default = "0.0.0.0"; description = "HTTP listen address."; }; - httpPort = mkOption { - type = types.port; + httpPort = lib.mkOption { + type = lib.types.port; default = 3000; description = "HTTP listen port."; }; - cookieSecure = mkOption { - type = types.bool; + cookieSecure = lib.mkOption { + type = lib.types.bool; default = false; description = '' Marks session cookies as "secure" as a hint for browsers to only send @@ -181,15 +178,15 @@ in ''; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Configuration lines appended to the generated Gogs configuration file."; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.gogs = { description = "Gogs (Go Git Service)"; @@ -204,7 +201,7 @@ in mkdir -p ${cfg.stateDir} # copy custom configuration and generate a random secret key if needed - ${optionalString (cfg.useWizard == false) '' + ${lib.optionalString (cfg.useWizard == false) '' mkdir -p ${cfg.stateDir}/custom/conf cp -f ${configFile} ${runConfig} @@ -248,7 +245,7 @@ in }; }; - users = mkIf (cfg.user == "gogs") { + users = lib.mkIf (cfg.user == "gogs") { users.gogs = { description = "Go Git Service"; uid = config.ids.uids.gogs; @@ -260,13 +257,13 @@ in groups.gogs.gid = config.ids.gids.gogs; }; - warnings = optional (cfg.database.password != "") + warnings = lib.optional (cfg.database.password != "") ''config.services.gogs.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead.''; # Create database passwordFile default when password is configured. services.gogs.database.passwordFile = - (mkDefault (toString (pkgs.writeTextFile { + (lib.mkDefault (toString (pkgs.writeTextFile { name = "gogs-database-password"; text = cfg.database.password; }))); From c51036c276c734cff20902a78f18e5db0a4de935 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 044/148] nixos/services.kbfs: remove `with lib;` --- .../services/network-filesystems/kbfs.nix | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/network-filesystems/kbfs.nix b/nixos/modules/services/network-filesystems/kbfs.nix index 903cae379986d..034fc95765061 100644 --- a/nixos/modules/services/network-filesystems/kbfs.nix +++ b/nixos/modules/services/network-filesystems/kbfs.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let inherit (config.security) wrapperDir; cfg = config.services.kbfs; @@ -12,14 +11,14 @@ in { services.kbfs = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to mount the Keybase filesystem."; }; - enableRedirector = mkOption { - type = types.bool; + enableRedirector = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the Keybase root redirector service, allowing @@ -28,15 +27,15 @@ in { ''; }; - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; default = "%h/keybase"; example = "/keybase"; description = "Mountpoint for the Keybase filesystem."; }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-label kbfs" @@ -52,7 +51,7 @@ in { ###### implementation - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { # Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/kbfs.service systemd.user.services.kbfs = { @@ -61,7 +60,7 @@ in { # Note that the "Requires" directive will cause a unit to be restarted whenever its dependency is restarted. # Do not issue a hard dependency on keybase, because kbfs can reconnect to a restarted service. # Do not issue a hard dependency on keybase-redirector, because it's ok if it fails (e.g., if it is disabled). - wants = [ "keybase.service" ] ++ optional cfg.enableRedirector "keybase-redirector.service"; + wants = [ "keybase.service" ] ++ lib.optional cfg.enableRedirector "keybase-redirector.service"; path = [ "/run/wrappers" ]; unitConfig.ConditionUser = "!@system"; @@ -89,7 +88,7 @@ in { environment.systemPackages = [ pkgs.kbfs ]; } - (mkIf cfg.enableRedirector { + (lib.mkIf cfg.enableRedirector { security.wrappers."keybase-redirector".source = "${pkgs.kbfs}/bin/redirector"; systemd.tmpfiles.settings."10-kbfs"."/keybase".d = { From 8f72002794e3949f58dc1a667fba027dac2fe821 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 045/148] nixos/services.kubo: remove `with lib;` --- .../services/network-filesystems/kubo.nix | 171 +++++++++--------- 1 file changed, 85 insertions(+), 86 deletions(-) diff --git a/nixos/modules/services/network-filesystems/kubo.nix b/nixos/modules/services/network-filesystems/kubo.nix index d4ffda7c374e9..35efd2ba0a576 100644 --- a/nixos/modules/services/network-filesystems/kubo.nix +++ b/nixos/modules/services/network-filesystems/kubo.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, utils, ... }: -with lib; let cfg = config.services.kubo; @@ -35,11 +34,11 @@ let ''; kuboFlags = utils.escapeSystemdExecArgs ( - optional cfg.autoMount "--mount" ++ - optional cfg.enableGC "--enable-gc" ++ - optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false" ++ - optional (cfg.defaultMode == "offline") "--offline" ++ - optional (cfg.defaultMode == "norouting") "--routing=none" ++ + lib.optional cfg.autoMount "--mount" ++ + lib.optional cfg.enableGC "--enable-gc" ++ + lib.optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false" ++ + lib.optional (cfg.defaultMode == "offline") "--offline" ++ + lib.optional (cfg.defaultMode == "norouting") "--routing=none" ++ cfg.extraFlags ); @@ -99,78 +98,78 @@ in services.kubo = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' the Interplanetary File System (WARNING: may cause severe network degradation). NOTE: after enabling this option and rebuilding your system, you need to log out and back in for the `IPFS_PATH` environment variable to be present in your shell. Until you do that, the CLI tools won't be able to talk to the daemon by default ''; - package = mkPackageOption pkgs "kubo" { }; + package = lib.mkPackageOption pkgs "kubo" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "ipfs"; description = "User under which the Kubo daemon runs"; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "ipfs"; description = "Group under which the Kubo daemon runs"; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = - if versionAtLeast config.system.stateVersion "17.09" + if lib.versionAtLeast config.system.stateVersion "17.09" then "/var/lib/ipfs" else "/var/lib/ipfs/.ipfs"; - defaultText = literalExpression '' - if versionAtLeast config.system.stateVersion "17.09" + defaultText = lib.literalExpression '' + if lib.versionAtLeast config.system.stateVersion "17.09" then "/var/lib/ipfs" else "/var/lib/ipfs/.ipfs" ''; description = "The data dir for Kubo"; }; - defaultMode = mkOption { - type = types.enum [ "online" "offline" "norouting" ]; + defaultMode = lib.mkOption { + type = lib.types.enum [ "online" "offline" "norouting" ]; default = "online"; description = "systemd service that is enabled by default"; }; - autoMount = mkOption { - type = types.bool; + autoMount = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether Kubo should try to mount /ipfs and /ipns at startup."; }; - autoMigrate = mkOption { - type = types.bool; + autoMigrate = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether Kubo should try to run the fs-repo-migration at startup."; }; - enableGC = mkOption { - type = types.bool; + enableGC = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable automatic garbage collection"; }; - emptyRepo = mkOption { - type = types.bool; + emptyRepo = lib.mkOption { + type = lib.types.bool; default = true; description = "If set to false, the repo will be initialized with help files"; }; - settings = mkOption { + settings = lib.mkOption { type = lib.types.submodule { freeformType = settingsFormat.type; options = { - Addresses.API = mkOption { - type = types.oneOf [ types.str (types.listOf types.str) ]; + Addresses.API = lib.mkOption { + type = lib.types.oneOf [ lib.types.str (lib.types.listOf lib.types.str) ]; default = [ ]; description = '' Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on. @@ -180,14 +179,14 @@ in ''; }; - Addresses.Gateway = mkOption { - type = types.oneOf [ types.str (types.listOf types.str) ]; + Addresses.Gateway = lib.mkOption { + type = lib.types.oneOf [ lib.types.str (lib.types.listOf lib.types.str) ]; default = "/ip4/127.0.0.1/tcp/8080"; description = "Where the IPFS Gateway can be reached"; }; - Addresses.Swarm = mkOption { - type = types.listOf types.str; + Addresses.Swarm = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "/ip4/0.0.0.0/tcp/4001" "/ip6/::/tcp/4001" @@ -199,14 +198,14 @@ in description = "Where Kubo listens for incoming p2p connections"; }; - Mounts.IPFS = mkOption { - type = types.str; + Mounts.IPFS = lib.mkOption { + type = lib.types.str; default = "/ipfs"; description = "Where to mount the IPFS namespace to"; }; - Mounts.IPNS = mkOption { - type = types.str; + Mounts.IPNS = lib.mkOption { + type = lib.types.str; default = "/ipns"; description = "Where to mount the IPNS namespace to"; }; @@ -230,29 +229,29 @@ in }; - extraFlags = mkOption { - type = types.listOf types.str; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Extra flags passed to the Kubo daemon"; default = [ ]; }; - localDiscovery = mkOption { - type = types.bool; + localDiscovery = lib.mkOption { + type = lib.types.bool; description = ''Whether to enable local discovery for the Kubo daemon. This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this. ''; default = false; }; - serviceFdlimit = mkOption { - type = types.nullOr types.int; + serviceFdlimit = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it"; example = 64 * 1024; }; - startWhenNeeded = mkOption { - type = types.bool; + startWhenNeeded = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to use socket activation to start Kubo when needed."; }; @@ -262,7 +261,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = !builtins.hasAttr "Identity" cfg.settings; @@ -288,14 +287,14 @@ in environment.variables.IPFS_PATH = fakeKuboRepo; # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes - boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000; - boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000; + boot.kernel.sysctl."net.core.rmem_max" = lib.mkDefault 2500000; + boot.kernel.sysctl."net.core.wmem_max" = lib.mkDefault 2500000; - programs.fuse = mkIf cfg.autoMount { + programs.fuse = lib.mkIf cfg.autoMount { userAllowOther = true; }; - users.users = mkIf (cfg.user == "ipfs") { + users.users = lib.mkIf (cfg.user == "ipfs") { ipfs = { group = cfg.group; home = cfg.dataDir; @@ -308,7 +307,7 @@ in }; }; - users.groups = mkIf (cfg.group == "ipfs") { + users.groups = lib.mkIf (cfg.group == "ipfs") { ipfs.gid = config.ids.gids.ipfs; }; @@ -316,8 +315,8 @@ in defaultConfig = { inherit (cfg) user group; }; in { ${cfg.dataDir}.d = defaultConfig; - ${cfg.settings.Mounts.IPFS}.d = mkIf (cfg.autoMount) defaultConfig; - ${cfg.settings.Mounts.IPNS}.d = mkIf (cfg.autoMount) defaultConfig; + ${cfg.settings.Mounts.IPFS}.d = lib.mkIf (cfg.autoMount) defaultConfig; + ${cfg.settings.Mounts.IPNS}.d = lib.mkIf (cfg.autoMount) defaultConfig; }; # The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself @@ -325,7 +324,7 @@ in then [ cfg.package.systemd_unit ] else [ cfg.package.systemd_unit_hardened ]; - services.kubo.settings = mkIf cfg.autoMount { + services.kubo.settings = lib.mkIf cfg.autoMount { Mounts.FuseAllowOther = lib.mkDefault true; }; @@ -339,7 +338,7 @@ in else # After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open. rm -vf "$IPFS_PATH/api" - '' + optionalString cfg.autoMigrate '' + '' + lib.optionalString cfg.autoMigrate '' ${pkgs.kubo-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y '' + '' fi @@ -356,7 +355,7 @@ in # change when the changes are applied. Whyyyyyy..... ipfs --offline config replace - ''; - postStop = mkIf cfg.autoMount '' + postStop = lib.mkIf cfg.autoMount '' # After an unclean shutdown the fuse mounts at cfg.settings.Mounts.IPFS and cfg.settings.Mounts.IPNS are locked umount --quiet '${cfg.settings.Mounts.IPFS}' '${cfg.settings.Mounts.IPNS}' || true ''; @@ -365,11 +364,11 @@ in User = cfg.user; Group = cfg.group; StateDirectory = ""; - ReadWritePaths = optionals (!cfg.autoMount) [ "" cfg.dataDir ]; + ReadWritePaths = lib.optionals (!cfg.autoMount) [ "" cfg.dataDir ]; # Make sure the socket units are started before ipfs.service Sockets = [ "ipfs-gateway.socket" "ipfs-api.socket" ]; - } // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; }; - } // optionalAttrs (!cfg.startWhenNeeded) { + } // lib.optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; }; + } // lib.optionalAttrs (!cfg.startWhenNeeded) { wantedBy = [ "default.target" ]; }; @@ -402,31 +401,31 @@ in }; imports = [ - (mkRenamedOptionModule [ "services" "ipfs" "enable" ] [ "services" "kubo" "enable" ]) - (mkRenamedOptionModule [ "services" "ipfs" "package" ] [ "services" "kubo" "package" ]) - (mkRenamedOptionModule [ "services" "ipfs" "user" ] [ "services" "kubo" "user" ]) - (mkRenamedOptionModule [ "services" "ipfs" "group" ] [ "services" "kubo" "group" ]) - (mkRenamedOptionModule [ "services" "ipfs" "dataDir" ] [ "services" "kubo" "dataDir" ]) - (mkRenamedOptionModule [ "services" "ipfs" "defaultMode" ] [ "services" "kubo" "defaultMode" ]) - (mkRenamedOptionModule [ "services" "ipfs" "autoMount" ] [ "services" "kubo" "autoMount" ]) - (mkRenamedOptionModule [ "services" "ipfs" "autoMigrate" ] [ "services" "kubo" "autoMigrate" ]) - (mkRenamedOptionModule [ "services" "ipfs" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) - (mkRenamedOptionModule [ "services" "ipfs" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) - (mkRenamedOptionModule [ "services" "ipfs" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) - (mkRenamedOptionModule [ "services" "ipfs" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) - (mkRenamedOptionModule [ "services" "ipfs" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) - (mkRenamedOptionModule [ "services" "ipfs" "enableGC" ] [ "services" "kubo" "enableGC" ]) - (mkRenamedOptionModule [ "services" "ipfs" "emptyRepo" ] [ "services" "kubo" "emptyRepo" ]) - (mkRenamedOptionModule [ "services" "ipfs" "extraConfig" ] [ "services" "kubo" "settings" ]) - (mkRenamedOptionModule [ "services" "ipfs" "extraFlags" ] [ "services" "kubo" "extraFlags" ]) - (mkRenamedOptionModule [ "services" "ipfs" "localDiscovery" ] [ "services" "kubo" "localDiscovery" ]) - (mkRenamedOptionModule [ "services" "ipfs" "serviceFdlimit" ] [ "services" "kubo" "serviceFdlimit" ]) - (mkRenamedOptionModule [ "services" "ipfs" "startWhenNeeded" ] [ "services" "kubo" "startWhenNeeded" ]) - (mkRenamedOptionModule [ "services" "kubo" "extraConfig" ] [ "services" "kubo" "settings" ]) - (mkRenamedOptionModule [ "services" "kubo" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) - (mkRenamedOptionModule [ "services" "kubo" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) - (mkRenamedOptionModule [ "services" "kubo" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) - (mkRenamedOptionModule [ "services" "kubo" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) - (mkRenamedOptionModule [ "services" "kubo" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "enable" ] [ "services" "kubo" "enable" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "package" ] [ "services" "kubo" "package" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "user" ] [ "services" "kubo" "user" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "group" ] [ "services" "kubo" "group" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "dataDir" ] [ "services" "kubo" "dataDir" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "defaultMode" ] [ "services" "kubo" "defaultMode" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "autoMount" ] [ "services" "kubo" "autoMount" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "autoMigrate" ] [ "services" "kubo" "autoMigrate" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "enableGC" ] [ "services" "kubo" "enableGC" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "emptyRepo" ] [ "services" "kubo" "emptyRepo" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "extraConfig" ] [ "services" "kubo" "settings" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "extraFlags" ] [ "services" "kubo" "extraFlags" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "localDiscovery" ] [ "services" "kubo" "localDiscovery" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "serviceFdlimit" ] [ "services" "kubo" "serviceFdlimit" ]) + (lib.mkRenamedOptionModule [ "services" "ipfs" "startWhenNeeded" ] [ "services" "kubo" "startWhenNeeded" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "extraConfig" ] [ "services" "kubo" "settings" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "gatewayAddress" ] [ "services" "kubo" "settings" "Addresses" "Gateway" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "apiAddress" ] [ "services" "kubo" "settings" "Addresses" "API" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "swarmAddress" ] [ "services" "kubo" "settings" "Addresses" "Swarm" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "ipfsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPFS" ]) + (lib.mkRenamedOptionModule [ "services" "kubo" "ipnsMountDir" ] [ "services" "kubo" "settings" "Mounts" "IPNS" ]) ]; } From 6bf4d5160646077aaa9180c3c7e8a039c066c746 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 046/148] nixos/services.litestream: remove `with lib;` --- .../network-filesystems/litestream/default.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/network-filesystems/litestream/default.nix b/nixos/modules/services/network-filesystems/litestream/default.nix index 87f07b0501beb..f4b0281ebbe20 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixos/modules/services/network-filesystems/litestream/default.nix @@ -1,18 +1,15 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.litestream; settingsFormat = pkgs.formats.yaml {}; in { options.services.litestream = { - enable = mkEnableOption "litestream"; + enable = lib.mkEnableOption "litestream"; - package = mkPackageOption pkgs "litestream" { }; + package = lib.mkPackageOption pkgs "litestream" { }; - settings = mkOption { + settings = lib.mkOption { description = '' See the [documentation](https://litestream.io/reference/config/). ''; @@ -31,8 +28,8 @@ in }; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/litestream"; description = '' @@ -61,7 +58,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; environment.etc = { "litestream.yml" = { @@ -74,7 +71,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "networking.target" ]; serviceConfig = { - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; ExecStart = "${cfg.package}/bin/litestream replicate"; Restart = "always"; User = "litestream"; From fb9b81cec50006242fcea1676344fe8db53b79f8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 047/148] nixos/services.moosefs: remove `with lib;` --- .../services/network-filesystems/moosefs.nix | 97 +++++++++---------- 1 file changed, 47 insertions(+), 50 deletions(-) diff --git a/nixos/modules/services/network-filesystems/moosefs.nix b/nixos/modules/services/network-filesystems/moosefs.nix index 8d29148883ab8..2fef0bec378c2 100644 --- a/nixos/modules/services/network-filesystems/moosefs.nix +++ b/nixos/modules/services/network-filesystems/moosefs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.moosefs; @@ -9,14 +6,14 @@ let settingsFormat = let listSep = " "; - allowedTypes = with types; [ bool int float str ]; + allowedTypes = with lib.types; [ bool int float str ]; valueToString = val: - if isList val then concatStringsSep listSep (map (x: valueToString x) val) - else if isBool val then (if val then "1" else "0") + if lib.isList val then lib.concatStringsSep listSep (map (x: valueToString x) val) + else if lib.isBool val then (if val then "1" else "0") else toString val; in { - type = with types; let + type = with lib.types; let valueType = oneOf ([ (listOf valueType) ] ++ allowedTypes) // { @@ -72,24 +69,24 @@ in { options = { services.moosefs = { - masterHost = mkOption { - type = types.str; + masterHost = lib.mkOption { + type = lib.types.str; default = null; description = "IP or DNS name of master host."; }; - runAsUser = mkOption { - type = types.bool; + runAsUser = lib.mkOption { + type = lib.types.bool; default = true; example = true; description = "Run daemons as user moosefs instead of root."; }; - client.enable = mkEnableOption "Moosefs client"; + client.enable = lib.mkEnableOption "Moosefs client"; master = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; description = '' Enable Moosefs master daemon. @@ -99,8 +96,8 @@ in { default = false; }; - exports = mkOption { - type = with types; listOf str; + exports = lib.mkOption { + type = with lib.types; listOf str; default = null; description = "Paths to export (see mfsexports.cfg)."; example = [ @@ -109,18 +106,18 @@ in { ]; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; description = "Whether to automatically open the necessary ports in the firewall."; default = false; }; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.DATA_PATH = mkOption { - type = types.str; + options.DATA_PATH = lib.mkOption { + type = lib.types.str; default = "/var/lib/mfs"; description = "Data storage directory."; }; @@ -131,14 +128,14 @@ in { }; metalogger = { - enable = mkEnableOption "Moosefs metalogger daemon"; + enable = lib.mkEnableOption "Moosefs metalogger daemon"; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.DATA_PATH = mkOption { - type = types.str; + options.DATA_PATH = lib.mkOption { + type = lib.types.str; default = "/var/lib/mfs"; description = "Data storage directory"; }; @@ -149,27 +146,27 @@ in { }; chunkserver = { - enable = mkEnableOption "Moosefs chunkserver daemon"; + enable = lib.mkEnableOption "Moosefs chunkserver daemon"; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; description = "Whether to automatically open the necessary ports in the firewall."; default = false; }; - hdds = mkOption { - type = with types; listOf str; + hdds = lib.mkOption { + type = with lib.types; listOf str; default = null; description = "Mount points to be used by chunkserver for storage (see mfshdd.cfg)."; example = [ "/mnt/hdd1" ]; }; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.DATA_PATH = mkOption { - type = types.str; + options.DATA_PATH = lib.mkOption { + type = lib.types.str; default = "/var/lib/mfs"; description = "Directory for lock file."; }; @@ -183,33 +180,33 @@ in { ###### implementation - config = mkIf ( cfg.client.enable || cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) { + config = lib.mkIf ( cfg.client.enable || cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) { - warnings = [ ( mkIf (!cfg.runAsUser) "Running moosefs services as root is not recommended.") ]; + warnings = [ ( lib.mkIf (!cfg.runAsUser) "Running moosefs services as root is not recommended.") ]; # Service settings services.moosefs = { - master.settings = mkIf cfg.master.enable { + master.settings = lib.mkIf cfg.master.enable { WORKING_USER = mfsUser; EXPORTS_FILENAME = toString ( pkgs.writeText "mfsexports.cfg" - (concatStringsSep "\n" cfg.master.exports)); + (lib.concatStringsSep "\n" cfg.master.exports)); }; - metalogger.settings = mkIf cfg.metalogger.enable { + metalogger.settings = lib.mkIf cfg.metalogger.enable { WORKING_USER = mfsUser; MASTER_HOST = cfg.masterHost; }; - chunkserver.settings = mkIf cfg.chunkserver.enable { + chunkserver.settings = lib.mkIf cfg.chunkserver.enable { WORKING_USER = mfsUser; MASTER_HOST = cfg.masterHost; HDD_CONF_FILENAME = toString ( pkgs.writeText "mfshdd.cfg" - (concatStringsSep "\n" cfg.chunkserver.hdds)); + (lib.concatStringsSep "\n" cfg.chunkserver.hdds)); }; }; # Create system user account for daemons - users = mkIf ( cfg.runAsUser && ( cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) ) { + users = lib.mkIf ( cfg.runAsUser && ( cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable ) ) { users.moosefs = { isSystemUser = true; description = "moosefs daemon user"; @@ -228,22 +225,22 @@ in { # Ensure storage directories exist systemd.tmpfiles.rules = - optional cfg.master.enable "d ${cfg.master.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" - ++ optional cfg.metalogger.enable "d ${cfg.metalogger.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" - ++ optional cfg.chunkserver.enable "d ${cfg.chunkserver.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}"; + lib.optional cfg.master.enable "d ${cfg.master.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" + ++ lib.optional cfg.metalogger.enable "d ${cfg.metalogger.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}" + ++ lib.optional cfg.chunkserver.enable "d ${cfg.chunkserver.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser}"; # Service definitions - systemd.services.mfs-master = mkIf cfg.master.enable + systemd.services.mfs-master = lib.mkIf cfg.master.enable ( systemdService "master" { TimeoutStartSec = 1800; TimeoutStopSec = 1800; Restart = "no"; } masterCfg ); - systemd.services.mfs-metalogger = mkIf cfg.metalogger.enable + systemd.services.mfs-metalogger = lib.mkIf cfg.metalogger.enable ( systemdService "metalogger" { Restart = "on-abnormal"; } metaloggerCfg ); - systemd.services.mfs-chunkserver = mkIf cfg.chunkserver.enable + systemd.services.mfs-chunkserver = lib.mkIf cfg.chunkserver.enable ( systemdService "chunkserver" { Restart = "on-abnormal"; } chunkserverCfg ); }; } From 808c6a991be9a9742b936b631bc0cb38a8079ef6 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:58 +0200 Subject: [PATCH 048/148] nixos/services.netatalk: remove `with lib;` --- .../services/network-filesystems/netatalk.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/network-filesystems/netatalk.nix b/nixos/modules/services/network-filesystems/netatalk.nix index d7eef33ad96cb..e8c97df3151b2 100644 --- a/nixos/modules/services/network-filesystems/netatalk.nix +++ b/nixos/modules/services/network-filesystems/netatalk.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.netatalk; settingsFormat = pkgs.formats.ini { }; @@ -10,15 +7,15 @@ in { options = { services.netatalk = { - enable = mkEnableOption "the Netatalk AFP fileserver"; + enable = lib.mkEnableOption "the Netatalk AFP fileserver"; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 548; description = "TCP port to be used for AFP."; }; - settings = mkOption { + settings = lib.mkOption { inherit (settingsFormat) type; default = { }; example = { @@ -38,8 +35,8 @@ in { ''; }; - extmap = mkOption { - type = types.lines; + extmap = lib.mkOption { + type = lib.types.lines; default = ""; description = '' File name extension mappings. @@ -51,14 +48,14 @@ in { }; imports = (map (option: - mkRemovedOptionModule [ "services" "netatalk" option ] + lib.mkRemovedOptionModule [ "services" "netatalk" option ] "This option was removed in favor of `services.netatalk.settings`.") [ "extraConfig" "homes" "volumes" ]); - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.netatalk.settings.Global = { "afp port" = toString cfg.port; From e14a371aaca5ee8713dbaaedd6f6e9f041d8ce8c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 049/148] nixos/services.nfs.server: remove `with lib;` --- .../services/network-filesystems/nfsd.nix | 47 +++++++++---------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index c40bcf28c28f1..67597d37813fe 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.nfs.server; @@ -12,8 +9,8 @@ in { imports = [ - (mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ]) - (mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ]) + (lib.mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ]) + (lib.mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ]) ]; ###### interface @@ -23,24 +20,24 @@ in services.nfs = { server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the kernel's NFS server. ''; }; - extraNfsdConfig = mkOption { - type = types.str; + extraNfsdConfig = lib.mkOption { + type = lib.types.str; default = ""; description = '' Extra configuration options for the [nfsd] section of /etc/nfs.conf. ''; }; - exports = mkOption { - type = types.lines; + exports = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Contents of the /etc/exports file. See @@ -48,8 +45,8 @@ in ''; }; - hostName = mkOption { - type = types.nullOr types.str; + hostName = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Hostname or address on which NFS requests will be accepted. @@ -58,22 +55,22 @@ in ''; }; - nproc = mkOption { - type = types.int; + nproc = lib.mkOption { + type = lib.types.int; default = 8; description = '' Number of NFS server threads. Defaults to the recommended value of 8. ''; }; - createMountPoints = mkOption { - type = types.bool; + createMountPoints = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to create the mount points in the exports file at startup time."; }; - mountdPort = mkOption { - type = types.nullOr types.int; + mountdPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 4002; description = '' @@ -81,8 +78,8 @@ in ''; }; - lockdPort = mkOption { - type = types.nullOr types.int; + lockdPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 4001; description = '' @@ -92,8 +89,8 @@ in ''; }; - statdPort = mkOption { - type = types.nullOr types.int; + statdPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 4000; description = '' @@ -111,7 +108,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.rpcbind.enable = true; @@ -137,7 +134,7 @@ in '' mkdir -p /var/lib/nfs - ${optionalString cfg.createMountPoints + ${lib.optionalString cfg.createMountPoints '' # create export directories: # skip comments, take first col which may either be a quoted From 6f4eeb772232b1f45277cb1e8c847e98ed27eb4d Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 050/148] nixos/services.orangefs.client: remove `with lib;` --- .../network-filesystems/orangefs/client.nix | 31 +++++++++---------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/network-filesystems/orangefs/client.nix b/nixos/modules/services/network-filesystems/orangefs/client.nix index 0632a9bc95279..3923289e6f641 100644 --- a/nixos/modules/services/network-filesystems/orangefs/client.nix +++ b/nixos/modules/services/network-filesystems/orangefs/client.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ...} : - -with lib; - let cfg = config.services.orangefs.client; @@ -10,15 +7,15 @@ in { options = { services.orangefs.client = { - enable = mkEnableOption "OrangeFS client daemon"; + enable = lib.mkEnableOption "OrangeFS client daemon"; - extraOptions = mkOption { - type = with types; listOf str; + extraOptions = lib.mkOption { + type = with lib.types; listOf str; default = []; description = "Extra command line options for pvfs2-client."; }; - fileSystems = mkOption { + fileSystems = lib.mkOption { description = '' The orangefs file systems to be mounted. This option is preferred over using {option}`fileSystems` directly since @@ -30,23 +27,23 @@ in { target = "tcp://server:3334/orangefs"; }]; - type = with types; listOf (submodule ({ ... } : { + type = with lib.types; listOf (submodule ({ ... } : { options = { - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; default = "/orangefs"; description = "Mount point."; }; - options = mkOption { - type = with types; listOf str; + options = lib.mkOption { + type = with lib.types; listOf str; default = []; description = "Mount options"; }; - target = mkOption { - type = types.str; + target = lib.mkOption { + type = lib.types.str; example = "tcp://server:3334/orangefs"; description = "Target URL"; }; @@ -59,7 +56,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.orangefs ]; boot.supportedFilesystems = [ "pvfs2" ]; @@ -74,7 +71,7 @@ in { ExecStart = '' ${pkgs.orangefs}/bin/pvfs2-client-core \ - --logtype=syslog ${concatStringsSep " " cfg.extraOptions} + --logtype=syslog ${lib.concatStringsSep " " cfg.extraOptions} ''; TimeoutStopSec = "120"; @@ -87,7 +84,7 @@ in { bindsTo = [ "orangefs-client.service" ]; wantedBy = [ "remote-fs.target" ]; type = "pvfs2"; - options = concatStringsSep "," fs.options; + options = lib.concatStringsSep "," fs.options; what = fs.target; where = fs.mountPoint; }) cfg.fileSystems; From 23fed458df22063e157b8a23ec203dab3065a0af Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 051/148] nixos/services.orangefs.server: remove `with lib;` --- .../network-filesystems/orangefs/server.nix | 87 +++++++++---------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/nixos/modules/services/network-filesystems/orangefs/server.nix b/nixos/modules/services/network-filesystems/orangefs/server.nix index 9fbf37f0d00a7..c198d47645592 100644 --- a/nixos/modules/services/network-filesystems/orangefs/server.nix +++ b/nixos/modules/services/network-filesystems/orangefs/server.nix @@ -1,19 +1,16 @@ { config, lib, pkgs, ...} : - -with lib; - let cfg = config.services.orangefs.server; - aliases = mapAttrsToList (alias: url: alias) cfg.servers; + aliases = lib.mapAttrsToList (alias: url: alias) cfg.servers; # Maximum handle number is 2^63 maxHandle = 9223372036854775806; # One range of handles for each meta/data instance - handleStep = maxHandle / (length aliases) / 2; + handleStep = maxHandle / (lib.length aliases) / 2; - fileSystems = mapAttrsToList (name: fs: '' + fileSystems = lib.mapAttrsToList (name: fs: '' Name ${name} ID ${toString fs.id} @@ -22,8 +19,8 @@ let ${fs.extraConfig} - ${concatStringsSep "\n" ( - imap0 (i: alias: + ${lib.concatStringsSep "\n" ( + lib.imap0 (i: alias: let begin = i * handleStep + 3; end = begin + handleStep - 1; @@ -32,10 +29,10 @@ let - ${concatStringsSep "\n" ( - imap0 (i: alias: + ${lib.concatStringsSep "\n" ( + lib.imap0 (i: alias: let - begin = i * handleStep + 3 + (length aliases) * handleStep; + begin = i * handleStep + 3 + (lib.length aliases) * handleStep; end = begin + handleStep - 1; in "Range ${alias} ${toString begin}-${toString end}") aliases )} @@ -56,17 +53,17 @@ let DataStorageSpace ${cfg.dataStorageSpace} MetaDataStorageSpace ${cfg.metadataStorageSpace} - BMIModules ${concatStringsSep "," cfg.BMIModules} + BMIModules ${lib.concatStringsSep "," cfg.BMIModules} ${cfg.extraDefaults} ${cfg.extraConfig} - ${concatStringsSep "\n" (mapAttrsToList (alias: url: "Alias ${alias} ${url}") cfg.servers)} + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (alias: url: "Alias ${alias} ${url}") cfg.servers)} - ${concatStringsSep "\n" fileSystems} + ${lib.concatStringsSep "\n" fileSystems} ''; in { @@ -74,49 +71,49 @@ in { options = { services.orangefs.server = { - enable = mkEnableOption "OrangeFS server"; + enable = lib.mkEnableOption "OrangeFS server"; - logType = mkOption { - type = with types; enum [ "file" "syslog" ]; + logType = lib.mkOption { + type = with lib.types; enum [ "file" "syslog" ]; default = "syslog"; description = "Destination for log messages."; }; - dataStorageSpace = mkOption { - type = types.nullOr types.str; + dataStorageSpace = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/data/storage"; description = "Directory for data storage."; }; - metadataStorageSpace = mkOption { - type = types.nullOr types.str; + metadataStorageSpace = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/data/meta"; description = "Directory for meta data storage."; }; - BMIModules = mkOption { - type = with types; listOf str; + BMIModules = lib.mkOption { + type = with lib.types; listOf str; default = [ "bmi_tcp" ]; example = [ "bmi_tcp" "bmi_ib"]; description = "List of BMI modules to load."; }; - extraDefaults = mkOption { - type = types.lines; + extraDefaults = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for `` section."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for the global section."; }; - servers = mkOption { - type = with types; attrsOf types.str; + servers = lib.mkOption { + type = with lib.types; attrsOf lib.types.str; default = {}; example = { node1 = "tcp://node1:3334"; @@ -125,12 +122,12 @@ in { description = "URLs for storage server including port. The attribute names define the server alias."; }; - fileSystems = mkOption { + fileSystems = lib.mkOption { description = '' These options will create the `` sections of config file. ''; default = { orangefs = {}; }; - example = literalExpression '' + example = lib.literalExpression '' { fs1 = { id = 101; @@ -141,40 +138,40 @@ in { }; } ''; - type = with types; attrsOf (submodule ({ ... } : { + type = with lib.types; attrsOf (submodule ({ ... } : { options = { - id = mkOption { - type = types.int; + id = lib.mkOption { + type = lib.types.int; default = 1; description = "File system ID (must be unique within configuration)."; }; - rootHandle = mkOption { - type = types.int; + rootHandle = lib.mkOption { + type = lib.types.int; default = 3; description = "File system root ID."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for `` section."; }; - troveSyncMeta = mkOption { - type = types.bool; + troveSyncMeta = lib.mkOption { + type = lib.types.bool; default = true; description = "Sync meta data."; }; - troveSyncData = mkOption { - type = types.bool; + troveSyncData = lib.mkOption { + type = lib.types.bool; default = false; description = "Sync data."; }; - extraStorageHints = mkOption { - type = types.lines; + extraStorageHints = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra config for `` section."; }; @@ -186,7 +183,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.orangefs ]; # orangefs daemon will run as user From 442fa2e366b5661cb5689692ff35d8a149eafd0e Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 052/148] nixos/services.rsyncd: remove `with lib;` --- .../services/network-filesystems/rsyncd.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/network-filesystems/rsyncd.nix b/nixos/modules/services/network-filesystems/rsyncd.nix index 49bc7caf2ee4a..93dc41c3c956e 100644 --- a/nixos/modules/services/network-filesystems/rsyncd.nix +++ b/nixos/modules/services/network-filesystems/rsyncd.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.rsyncd; settingsFormat = pkgs.formats.ini { }; @@ -10,15 +7,15 @@ in { options = { services.rsyncd = { - enable = mkEnableOption "the rsync daemon"; + enable = lib.mkEnableOption "the rsync daemon"; - port = mkOption { + port = lib.mkOption { default = 873; - type = types.port; + type = lib.types.port; description = "TCP port the daemon will listen on."; }; - settings = mkOption { + settings = lib.mkOption { inherit (settingsFormat) type; default = { }; example = { @@ -45,9 +42,9 @@ in { ''; }; - socketActivated = mkOption { + socketActivated = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "If enabled Rsync will be socket-activated rather than run persistently."; }; @@ -55,7 +52,7 @@ in { }; imports = (map (option: - mkRemovedOptionModule [ "services" "rsyncd" option ] + lib.mkRemovedOptionModule [ "services" "rsyncd" option ] "This option was removed in favor of `services.rsyncd.settings`.") [ "address" "extraConfig" @@ -64,7 +61,7 @@ in { "group" ]); - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.rsyncd.settings.global.port = toString cfg.port; From 4174027fe9e7521b4d6c38d4a45deb418d3fa85a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 053/148] nixos/services.samba-wsdd: remove `with lib;` --- .../network-filesystems/samba-wsdd.nix | 57 +++++++++---------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/nixos/modules/services/network-filesystems/samba-wsdd.nix b/nixos/modules/services/network-filesystems/samba-wsdd.nix index f46bf802511ae..60ede5a1bda21 100644 --- a/nixos/modules/services/network-filesystems/samba-wsdd.nix +++ b/nixos/modules/services/network-filesystems/samba-wsdd.nix @@ -1,65 +1,62 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.samba-wsdd; in { options = { services.samba-wsdd = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows ''; - interface = mkOption { - type = types.nullOr types.str; + interface = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "eth0"; description = "Interface or address to use."; }; - hoplimit = mkOption { - type = types.nullOr types.int; + hoplimit = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 2; description = "Hop limit for multicast packets (default = 1)."; }; - openFirewall = mkOption { + openFirewall = lib.mkOption { description = '' Whether to open the required firewall ports in the firewall. ''; default = false; type = lib.types.bool; }; - workgroup = mkOption { - type = types.nullOr types.str; + workgroup = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "HOME"; description = "Set workgroup name (default WORKGROUP)."; }; - hostname = mkOption { - type = types.nullOr types.str; + hostname = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "FILESERVER"; description = "Override (NetBIOS) hostname to be used (default hostname)."; }; - domain = mkOption { - type = types.nullOr types.str; + domain = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = "Set domain name (disables workgroup)."; }; - discovery = mkOption { - type = types.bool; + discovery = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable discovery operation mode."; }; - listen = mkOption { - type = types.str; + listen = lib.mkOption { + type = lib.types.str; default = "/run/wsdd/wsdd.sock"; description = "Listen on path or localhost port in discovery mode."; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "--shortlog" ]; example = [ "--verbose" "--no-http" "--ipv4only" "--no-host" ]; description = "Additional wsdd options."; @@ -67,7 +64,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.wsdd ]; @@ -79,13 +76,13 @@ in { DynamicUser = true; Type = "simple"; ExecStart = '' - ${pkgs.wsdd}/bin/wsdd ${optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \ - ${optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \ - ${optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \ - ${optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \ - ${optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \ - ${optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \ - ${escapeShellArgs cfg.extraOptions} + ${pkgs.wsdd}/bin/wsdd ${lib.optionalString (cfg.interface != null) "--interface '${cfg.interface}'"} \ + ${lib.optionalString (cfg.hoplimit != null) "--hoplimit '${toString cfg.hoplimit}'"} \ + ${lib.optionalString (cfg.workgroup != null) "--workgroup '${cfg.workgroup}'"} \ + ${lib.optionalString (cfg.hostname != null) "--hostname '${cfg.hostname}'"} \ + ${lib.optionalString (cfg.domain != null) "--domain '${cfg.domain}'"} \ + ${lib.optionalString cfg.discovery "--discovery --listen '${cfg.listen}'"} \ + ${lib.escapeShellArgs cfg.extraOptions} ''; # Runtime directory and mode RuntimeDirectory = "wsdd"; @@ -121,7 +118,7 @@ in { }; }; - networking.firewall = mkIf cfg.openFirewall { + networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ 5357 ]; allowedUDPPorts = [ 3702 ]; }; From f0f841be8084c6bce5fadc824551ca23471dd365 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 054/148] nixos/services.samba: remove `with lib;` --- .../services/network-filesystems/samba.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index cb68a27b20dd4..457a68d32973b 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.samba; @@ -23,8 +20,8 @@ in }; imports = [ - (mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "") - (mkRemovedOptionModule [ "services" "samba" "syncPasswordsByPam" ] "This option has been removed by upstream, see https://bugzilla.samba.org/show_bug.cgi?id=10669#c10") + (lib.mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "") + (lib.mkRemovedOptionModule [ "services" "samba" "syncPasswordsByPam" ] "This option has been removed by upstream, see https://bugzilla.samba.org/show_bug.cgi?id=10669#c10") (lib.mkRemovedOptionModule [ "services" "samba" "configText" ] '' Use services.samba.settings instead. @@ -166,7 +163,7 @@ in ###### implementation - config = mkMerge + config = lib.mkMerge [ { assertions = [ { assertion = cfg.nsswins -> cfg.winbindd.enable; message = "If services.samba.nsswins is enabled, then services.samba.winbindd.enable must also be enabled"; @@ -177,8 +174,8 @@ in (lib.mkIf cfg.enable { environment.etc."samba/smb.conf".source = configFile; - system.nssModules = optional cfg.nsswins cfg.package; - system.nssDatabases.hosts = optional cfg.nsswins "wins"; + system.nssModules = lib.optional cfg.nsswins cfg.package; + system.nssDatabases.hosts = lib.optional cfg.nsswins "wins"; systemd = { slices.system-samba = { @@ -210,8 +207,8 @@ in setuid = true; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ]; - networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ]; + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 139 445 ]; + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ 137 138 ]; }) (lib.mkIf (cfg.enable && cfg.nmbd.enable) { From 443dc608d259bf0ccfe94bd6534b6bb508b6b770 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:18:59 +0200 Subject: [PATCH 055/148] nixos/services.tahoe: remove `with lib;` --- .../services/network-filesystems/tahoe.nix | 154 +++++++++--------- 1 file changed, 76 insertions(+), 78 deletions(-) diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix index cfda62020a1ee..e3296e6f66d54 100644 --- a/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -1,57 +1,55 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.tahoe; in { options.services.tahoe = { - introducers = mkOption { + introducers = lib.mkOption { default = {}; - type = with types; attrsOf (submodule { + type = with lib.types; attrsOf (submodule { options = { - nickname = mkOption { - type = types.str; + nickname = lib.mkOption { + type = lib.types.str; description = '' The nickname of this Tahoe introducer. ''; }; - tub.port = mkOption { + tub.port = lib.mkOption { default = 3458; - type = types.port; + type = lib.types.port; description = '' The port on which the introducer will listen. ''; }; - tub.location = mkOption { + tub.location = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The external location that the introducer should listen on. If specified, the port should be included. ''; }; - package = mkPackageOption pkgs "tahoelafs" { }; + package = lib.mkPackageOption pkgs "tahoelafs" { }; }; }); description = '' The Tahoe introducers. ''; }; - nodes = mkOption { + nodes = lib.mkOption { default = {}; - type = with types; attrsOf (submodule { + type = with lib.types; attrsOf (submodule { options = { - nickname = mkOption { - type = types.str; + nickname = lib.mkOption { + type = lib.types.str; description = '' The nickname of this Tahoe node. ''; }; - tub.port = mkOption { + tub.port = lib.mkOption { default = 3457; - type = types.port; + type = lib.types.port; description = '' The port on which the tub will listen. @@ -59,9 +57,9 @@ in system to listen on a different port. ''; }; - tub.location = mkOption { + tub.location = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The external location that the node should listen on. @@ -71,9 +69,9 @@ in If specified, the port should be included. ''; }; - web.port = mkOption { + web.port = lib.mkOption { default = 3456; - type = types.port; + type = lib.types.port; description = '' The port on which the Web server will listen. @@ -81,59 +79,59 @@ in listen on a different port. ''; }; - client.introducer = mkOption { + client.introducer = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The furl for a Tahoe introducer node. Like all furls, keep this safe and don't share it. ''; }; - client.helper = mkOption { + client.helper = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The furl for a Tahoe helper node. Like all furls, keep this safe and don't share it. ''; }; - client.shares.needed = mkOption { + client.shares.needed = lib.mkOption { default = 3; - type = types.int; + type = lib.types.int; description = '' The number of shares required to reconstitute a file. ''; }; - client.shares.happy = mkOption { + client.shares.happy = lib.mkOption { default = 7; - type = types.int; + type = lib.types.int; description = '' The number of distinct storage nodes required to store a file. ''; }; - client.shares.total = mkOption { + client.shares.total = lib.mkOption { default = 10; - type = types.int; + type = lib.types.int; description = '' The number of shares required to store a file. ''; }; - storage.enable = mkEnableOption "storage service"; - storage.reservedSpace = mkOption { + storage.enable = lib.mkEnableOption "storage service"; + storage.reservedSpace = lib.mkOption { default = "1G"; - type = types.str; + type = lib.types.str; description = '' The amount of filesystem space to not use for storage. ''; }; - helper.enable = mkEnableOption "helper service"; - sftpd.enable = mkEnableOption "SFTP service"; - sftpd.port = mkOption { + helper.enable = lib.mkEnableOption "helper service"; + sftpd.enable = lib.mkEnableOption "SFTP service"; + sftpd.port = lib.mkOption { default = null; - type = types.nullOr types.int; + type = lib.types.nullOr lib.types.int; description = '' The port on which the SFTP server will listen. @@ -141,35 +139,35 @@ in daemon to listen on a different port. ''; }; - sftpd.hostPublicKeyFile = mkOption { + sftpd.hostPublicKeyFile = lib.mkOption { default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; description = '' Path to the SSH host public key. ''; }; - sftpd.hostPrivateKeyFile = mkOption { + sftpd.hostPrivateKeyFile = lib.mkOption { default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; description = '' Path to the SSH host private key. ''; }; - sftpd.accounts.file = mkOption { + sftpd.accounts.file = lib.mkOption { default = null; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; description = '' Path to the accounts file. ''; }; - sftpd.accounts.url = mkOption { + sftpd.accounts.url = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' URL of the accounts server. ''; }; - package = mkPackageOption pkgs "tahoelafs" { }; + package = lib.mkPackageOption pkgs "tahoelafs" { }; }; }); description = '' @@ -177,11 +175,11 @@ in ''; }; }; - config = mkMerge [ - (mkIf (cfg.introducers != {}) { + config = lib.mkMerge [ + (lib.mkIf (cfg.introducers != {}) { environment = { - etc = flip mapAttrs' cfg.introducers (node: settings: - nameValuePair "tahoe-lafs/introducer-${node}.cfg" { + etc = lib.flip lib.mapAttrs' cfg.introducers (node: settings: + lib.nameValuePair "tahoe-lafs/introducer-${node}.cfg" { mode = "0444"; text = '' # This configuration is generated by Nix. Edit at your own @@ -190,25 +188,25 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} - ${optionalString (settings.tub.location != null) + ${lib.optionalString (settings.tub.location != null) "tub.location = ${settings.tub.location}"} ''; }); # Actually require Tahoe, so that we will have it installed. - systemPackages = flip mapAttrsToList cfg.introducers (node: settings: + systemPackages = lib.flip lib.mapAttrsToList cfg.introducers (node: settings: settings.package ); }; # Open up the firewall. - # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers + # networking.firewall.allowedTCPPorts = lib.flip lib.mapAttrsToList cfg.introducers # (node: settings: settings.tub.port); - systemd.services = flip mapAttrs' cfg.introducers (node: settings: + systemd.services = lib.flip lib.mapAttrs' cfg.introducers (node: settings: let pidfile = "/run/tahoe.introducer-${node}.pid"; # This is a directory, but it has no trailing slash. Tahoe commands # get antsy when there's a trailing slash. nodedir = "/var/db/tahoe-lafs/introducer-${node}"; - in nameValuePair "tahoe.introducer-${node}" { + in lib.nameValuePair "tahoe.introducer-${node}" { description = "Tahoe LAFS node ${node}"; wantedBy = [ "multi-user.target" ]; path = [ settings.package ]; @@ -242,16 +240,16 @@ in cp /etc/tahoe-lafs/introducer-"${node}".cfg ${lib.escapeShellArg nodedir}/tahoe.cfg ''; }); - users.users = flip mapAttrs' cfg.introducers (node: _: - nameValuePair "tahoe.introducer-${node}" { + users.users = lib.flip lib.mapAttrs' cfg.introducers (node: _: + lib.nameValuePair "tahoe.introducer-${node}" { description = "Tahoe node user for introducer ${node}"; isSystemUser = true; }); }) - (mkIf (cfg.nodes != {}) { + (lib.mkIf (cfg.nodes != {}) { environment = { - etc = flip mapAttrs' cfg.nodes (node: settings: - nameValuePair "tahoe-lafs/${node}.cfg" { + etc = lib.flip lib.mapAttrs' cfg.nodes (node: settings: + lib.nameValuePair "tahoe-lafs/${node}.cfg" { mode = "0444"; text = '' # This configuration is generated by Nix. Edit at your own @@ -260,16 +258,16 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} - ${optionalString (settings.tub.location != null) + ${lib.optionalString (settings.tub.location != null) "tub.location = ${settings.tub.location}"} # This is a Twisted endpoint. Twisted Web doesn't work on # non-TCP. ~ C. web.port = tcp:${toString settings.web.port} [client] - ${optionalString (settings.client.introducer != null) + ${lib.optionalString (settings.client.introducer != null) "introducer.furl = ${settings.client.introducer}"} - ${optionalString (settings.client.helper != null) + ${lib.optionalString (settings.client.helper != null) "helper.furl = ${settings.client.helper}"} shares.needed = ${toString settings.client.shares.needed} @@ -277,41 +275,41 @@ in shares.total = ${toString settings.client.shares.total} [storage] - enabled = ${boolToString settings.storage.enable} + enabled = ${lib.boolToString settings.storage.enable} reserved_space = ${settings.storage.reservedSpace} [helper] - enabled = ${boolToString settings.helper.enable} + enabled = ${lib.boolToString settings.helper.enable} [sftpd] - enabled = ${boolToString settings.sftpd.enable} - ${optionalString (settings.sftpd.port != null) + enabled = ${lib.boolToString settings.sftpd.enable} + ${lib.optionalString (settings.sftpd.port != null) "port = ${toString settings.sftpd.port}"} - ${optionalString (settings.sftpd.hostPublicKeyFile != null) + ${lib.optionalString (settings.sftpd.hostPublicKeyFile != null) "host_pubkey_file = ${settings.sftpd.hostPublicKeyFile}"} - ${optionalString (settings.sftpd.hostPrivateKeyFile != null) + ${lib.optionalString (settings.sftpd.hostPrivateKeyFile != null) "host_privkey_file = ${settings.sftpd.hostPrivateKeyFile}"} - ${optionalString (settings.sftpd.accounts.file != null) + ${lib.optionalString (settings.sftpd.accounts.file != null) "accounts.file = ${settings.sftpd.accounts.file}"} - ${optionalString (settings.sftpd.accounts.url != null) + ${lib.optionalString (settings.sftpd.accounts.url != null) "accounts.url = ${settings.sftpd.accounts.url}"} ''; }); # Actually require Tahoe, so that we will have it installed. - systemPackages = flip mapAttrsToList cfg.nodes (node: settings: + systemPackages = lib.flip lib.mapAttrsToList cfg.nodes (node: settings: settings.package ); }; # Open up the firewall. - # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes + # networking.firewall.allowedTCPPorts = lib.flip lib.mapAttrsToList cfg.nodes # (node: settings: settings.tub.port); - systemd.services = flip mapAttrs' cfg.nodes (node: settings: + systemd.services = lib.flip lib.mapAttrs' cfg.nodes (node: settings: let pidfile = "/run/tahoe.${node}.pid"; # This is a directory, but it has no trailing slash. Tahoe commands # get antsy when there's a trailing slash. nodedir = "/var/db/tahoe-lafs/${node}"; - in nameValuePair "tahoe.${node}" { + in lib.nameValuePair "tahoe.${node}" { description = "Tahoe LAFS node ${node}"; wantedBy = [ "multi-user.target" ]; path = [ settings.package ]; @@ -342,8 +340,8 @@ in cp /etc/tahoe-lafs/${lib.escapeShellArg node}.cfg ${lib.escapeShellArg nodedir}/tahoe.cfg ''; }); - users.users = flip mapAttrs' cfg.nodes (node: _: - nameValuePair "tahoe.${node}" { + users.users = lib.flip lib.mapAttrs' cfg.nodes (node: _: + lib.nameValuePair "tahoe.${node}" { description = "Tahoe node user for node ${node}"; isSystemUser = true; }); From 43235a1a61df6a0948db4f3b05bf4745d1cb86c5 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 056/148] nixos/services.u9fs: remove `with lib;` --- .../services/network-filesystems/u9fs.nix | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/network-filesystems/u9fs.nix b/nixos/modules/services/network-filesystems/u9fs.nix index 2233d6f2a60d2..346705f5e3d00 100644 --- a/nixos/modules/services/network-filesystems/u9fs.nix +++ b/nixos/modules/services/network-filesystems/u9fs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.u9fs; in @@ -11,14 +8,14 @@ in services.u9fs = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to run the u9fs 9P server for Unix."; }; - listenStreams = mkOption { - type = types.listOf types.str; + listenStreams = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "564" ]; example = [ "192.168.16.1:564" ]; description = '' @@ -27,14 +24,14 @@ in ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "nobody"; description = "User to run u9fs under."; }; - extraArgs = mkOption { - type = types.str; + extraArgs = lib.mkOption { + type = lib.types.str; default = ""; example = "-a none"; description = '' @@ -47,7 +44,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { sockets.u9fs = { From e71c09b8f8f576d97e7b6cc1019f215429fcdb2f Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 057/148] nixos/services.webdav-server-rs: remove `with lib;` --- .../network-filesystems/webdav-server-rs.nix | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/nixos/modules/services/network-filesystems/webdav-server-rs.nix b/nixos/modules/services/network-filesystems/webdav-server-rs.nix index 7e83d78db5b06..31f641a82d797 100644 --- a/nixos/modules/services/network-filesystems/webdav-server-rs.nix +++ b/nixos/modules/services/network-filesystems/webdav-server-rs.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.webdav-server-rs; format = pkgs.formats.toml { }; - settings = recursiveUpdate + settings = lib.recursiveUpdate { server.uid = config.users.users."${cfg.user}".uid; server.gid = config.users.groups."${cfg.group}".gid; @@ -14,27 +12,27 @@ in { options = { services.webdav-server-rs = { - enable = mkEnableOption "WebDAV server"; + enable = lib.mkEnableOption "WebDAV server"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "User to run under when setuid is not enabled."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "Group to run under when setuid is not enabled."; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable debug mode."; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -42,7 +40,7 @@ in options can be found at [here](https://github.com/miquels/webdav-server-rs/blob/master/webdav-server.toml). ''; - example = literalExpression '' + example = lib.literalExpression '' { server.listen = [ "0.0.0.0:4918" "[::]:4918" ]; accounts = { @@ -75,8 +73,8 @@ in ''; }; - configFile = mkOption { - type = types.path; + configFile = lib.mkOption { + type = lib.types.path; default = format.generate "webdav-server.toml" settings; defaultText = "Config file generated from services.webdav-server-rs.settings"; description = '' @@ -88,19 +86,19 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { - assertion = hasAttr cfg.user config.users.users && config.users.users."${cfg.user}".uid != null; + assertion = lib.hasAttr cfg.user config.users.users && config.users.users."${cfg.user}".uid != null; message = "users.users.${cfg.user} and users.users.${cfg.user}.uid must be defined."; } { - assertion = hasAttr cfg.group config.users.groups && config.users.groups."${cfg.group}".gid != null; + assertion = lib.hasAttr cfg.group config.users.groups && config.users.groups."${cfg.group}".gid != null; message = "users.groups.${cfg.group} and users.groups.${cfg.group}.gid must be defined."; } ]; - users.users = optionalAttrs (cfg.user == "webdav") { + users.users = lib.optionalAttrs (cfg.user == "webdav") { webdav = { description = "WebDAV user"; group = cfg.group; @@ -108,7 +106,7 @@ in }; }; - users.groups = optionalAttrs (cfg.group == "webdav") { + users.groups = lib.optionalAttrs (cfg.group == "webdav") { webdav.gid = config.ids.gids.webdav; }; @@ -146,5 +144,5 @@ in }; }; - meta.maintainers = with maintainers; [ pmy ]; + meta.maintainers = with lib.maintainers; [ pmy ]; } From 9ffa253b8746a59b2634020d0012f776fec0a05c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 058/148] nixos/services.webdav: remove `with lib;` --- .../services/network-filesystems/webdav.nix | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/network-filesystems/webdav.nix b/nixos/modules/services/network-filesystems/webdav.nix index 7e435fc65253c..28f129fc12d29 100644 --- a/nixos/modules/services/network-filesystems/webdav.nix +++ b/nixos/modules/services/network-filesystems/webdav.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.webdav; format = pkgs.formats.yaml { }; @@ -8,21 +6,21 @@ in { options = { services.webdav = { - enable = mkEnableOption "WebDAV server"; + enable = lib.mkEnableOption "WebDAV server"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "User account under which WebDAV runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "webdav"; description = "Group under which WebDAV runs."; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -36,7 +34,7 @@ in [EnvironmentFile](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=). This prevents adding secrets to the world-readable Nix store. ''; - example = literalExpression '' + example = lib.literalExpression '' { address = "0.0.0.0"; port = 8080; @@ -53,8 +51,8 @@ in ''; }; - configFile = mkOption { - type = types.path; + configFile = lib.mkOption { + type = lib.types.path; default = format.generate "webdav.yaml" cfg.settings; defaultText = "Config file generated from services.webdav.settings"; description = '' @@ -64,8 +62,8 @@ in example = "/etc/webdav/config.yaml"; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' Environment file as defined in {manpage}`systemd.exec(5)`. @@ -74,8 +72,8 @@ in }; }; - config = mkIf cfg.enable { - users.users = mkIf (cfg.user == "webdav") { + config = lib.mkIf cfg.enable { + users.users = lib.mkIf (cfg.user == "webdav") { webdav = { description = "WebDAV daemon user"; group = cfg.group; @@ -83,7 +81,7 @@ in }; }; - users.groups = mkIf (cfg.group == "webdav") { + users.groups = lib.mkIf (cfg.group == "webdav") { webdav.gid = config.ids.gids.webdav; }; @@ -96,10 +94,10 @@ in Restart = "on-failure"; User = cfg.user; Group = cfg.group; - EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; }; }; }; - meta.maintainers = with maintainers; [ pmy ]; + meta.maintainers = with lib.maintainers; [ pmy ]; } From bc58f678122a5eb0e31458221a312711d440a4f6 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 059/148] nixos/services.xtreemfs: remove `with lib;` --- .../services/network-filesystems/xtreemfs.nix | 119 +++++++++--------- 1 file changed, 58 insertions(+), 61 deletions(-) diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix index 78a0272c0567e..e2cde1903edd2 100644 --- a/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.xtreemfs; @@ -29,13 +26,13 @@ let dirConfig = pkgs.writeText "xtreemfs-dir-config.properties" '' uuid = ${cfg.dir.uuid} listen.port = ${toString cfg.dir.port} - ${optionalString (cfg.dir.address != "") "listen.address = ${cfg.dir.address}"} + ${lib.optionalString (cfg.dir.address != "") "listen.address = ${cfg.dir.address}"} http_port = ${toString cfg.dir.httpPort} babudb.baseDir = ${home}/dir/database babudb.logDir = ${home}/dir/db-log babudb.sync = ${if cfg.dir.replication.enable then "FDATASYNC" else cfg.dir.syncMode} - ${optionalString cfg.dir.replication.enable "babudb.plugin.0 = ${dirReplicationConfig}"} + ${lib.optionalString cfg.dir.replication.enable "babudb.plugin.0 = ${dirReplicationConfig}"} ${cfg.dir.extraConfig} ''; @@ -51,13 +48,13 @@ let mrcConfig = pkgs.writeText "xtreemfs-mrc-config.properties" '' uuid = ${cfg.mrc.uuid} listen.port = ${toString cfg.mrc.port} - ${optionalString (cfg.mrc.address != "") "listen.address = ${cfg.mrc.address}"} + ${lib.optionalString (cfg.mrc.address != "") "listen.address = ${cfg.mrc.address}"} http_port = ${toString cfg.mrc.httpPort} babudb.baseDir = ${home}/mrc/database babudb.logDir = ${home}/mrc/db-log babudb.sync = ${if cfg.mrc.replication.enable then "FDATASYNC" else cfg.mrc.syncMode} - ${optionalString cfg.mrc.replication.enable "babudb.plugin.0 = ${mrcReplicationConfig}"} + ${lib.optionalString cfg.mrc.replication.enable "babudb.plugin.0 = ${mrcReplicationConfig}"} ${cfg.mrc.extraConfig} ''; @@ -65,14 +62,14 @@ let osdConfig = pkgs.writeText "xtreemfs-osd-config.properties" '' uuid = ${cfg.osd.uuid} listen.port = ${toString cfg.osd.port} - ${optionalString (cfg.osd.address != "") "listen.address = ${cfg.osd.address}"} + ${lib.optionalString (cfg.osd.address != "") "listen.address = ${cfg.osd.address}"} http_port = ${toString cfg.osd.httpPort} object_dir = ${home}/osd/ ${cfg.osd.extraConfig} ''; - optionalDir = optionals cfg.dir.enable ["xtreemfs-dir.service"]; + optionalDir = lib.optionals cfg.dir.enable ["xtreemfs-dir.service"]; systemdOptionalDependencies = { after = [ "network.target" ] ++ optionalDir; @@ -89,10 +86,10 @@ in services.xtreemfs = { - enable = mkEnableOption "XtreemFS"; + enable = lib.mkEnableOption "XtreemFS"; - homeDir = mkOption { - type = types.path; + homeDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/xtreemfs"; description = '' XtreemFS home dir for the xtreemfs user. @@ -100,32 +97,32 @@ in }; dir = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable XtreemFS DIR service. ''; }; - uuid = mkOption { + uuid = lib.mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e40"; - type = types.str; + type = lib.types.str; description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. ''; }; - port = mkOption { + port = lib.mkOption { default = 32638; - type = types.port; + type = lib.types.port; description = '' The port to listen on for incoming connections (TCP). ''; }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; example = "127.0.0.1"; default = ""; description = '' @@ -133,16 +130,16 @@ in specified, the service will listen on all interfaces (any). ''; }; - httpPort = mkOption { + httpPort = lib.mkOption { default = 30638; - type = types.port; + type = lib.types.port; description = '' Specifies the listen port for the HTTP service that returns the status page. ''; }; - syncMode = mkOption { - type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; + syncMode = lib.mkOption { + type = lib.types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; default = "FSYNC"; example = "FDATASYNC"; description = '' @@ -160,8 +157,8 @@ in (If xtreemfs.dir.replication.enable is true then FDATASYNC is forced) ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; example = '' # specify whether SSL is required @@ -180,9 +177,9 @@ in ''; }; replication = { - enable = mkEnableOption "XtreemFS DIR replication plugin"; - extraConfig = mkOption { - type = types.lines; + enable = lib.mkEnableOption "XtreemFS DIR replication plugin"; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 @@ -225,50 +222,50 @@ in }; mrc = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable XtreemFS MRC service. ''; }; - uuid = mkOption { + uuid = lib.mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e41"; - type = types.str; + type = lib.types.str; description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. ''; }; - port = mkOption { + port = lib.mkOption { default = 32636; - type = types.port; + type = lib.types.port; description = '' The port to listen on for incoming connections (TCP). ''; }; - address = mkOption { + address = lib.mkOption { example = "127.0.0.1"; - type = types.str; + type = lib.types.str; default = ""; description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; }; - httpPort = mkOption { + httpPort = lib.mkOption { default = 30636; - type = types.port; + type = lib.types.port; description = '' Specifies the listen port for the HTTP service that returns the status page. ''; }; - syncMode = mkOption { + syncMode = lib.mkOption { default = "FSYNC"; - type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; + type = lib.types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; example = "FDATASYNC"; description = '' The sync mode influences how operations are committed to the disk @@ -285,8 +282,8 @@ in (If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced) ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' osd_check_interval = 300 no_atime = true @@ -323,9 +320,9 @@ in ''; }; replication = { - enable = mkEnableOption "XtreemFS MRC replication plugin"; - extraConfig = mkOption { - type = types.lines; + enable = lib.mkEnableOption "XtreemFS MRC replication plugin"; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 @@ -368,49 +365,49 @@ in }; osd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable XtreemFS OSD service. ''; }; - uuid = mkOption { + uuid = lib.mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e42"; - type = types.str; + type = lib.types.str; description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. ''; }; - port = mkOption { + port = lib.mkOption { default = 32640; - type = types.port; + type = lib.types.port; description = '' The port to listen on for incoming connections (TCP and UDP). ''; }; - address = mkOption { + address = lib.mkOption { example = "127.0.0.1"; - type = types.str; + type = lib.types.str; default = ""; description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; }; - httpPort = mkOption { + httpPort = lib.mkOption { default = 30640; - type = types.port; + type = lib.types.port; description = '' Specifies the listen port for the HTTP service that returns the status page. ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; example = '' local_clock_renewal = 0 remote_time_sync = 30000 @@ -464,7 +461,7 @@ in { gid = config.ids.gids.xtreemfs; }; - systemd.services.xtreemfs-dir = mkIf cfg.dir.enable { + systemd.services.xtreemfs-dir = lib.mkIf cfg.dir.enable { description = "XtreemFS-DIR Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -474,7 +471,7 @@ in }; }; - systemd.services.xtreemfs-mrc = mkIf cfg.mrc.enable ({ + systemd.services.xtreemfs-mrc = lib.mkIf cfg.mrc.enable ({ description = "XtreemFS-MRC Server"; serviceConfig = { User = "xtreemfs"; @@ -482,7 +479,7 @@ in }; } // systemdOptionalDependencies); - systemd.services.xtreemfs-osd = mkIf cfg.osd.enable ({ + systemd.services.xtreemfs-osd = lib.mkIf cfg.osd.enable ({ description = "XtreemFS-OSD Server"; serviceConfig = { User = "xtreemfs"; From 76831f7a1b220f17d83c56e727ac70013add0aae Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 060/148] nixos/services.yandex-disk: remove `with lib;` --- .../network-filesystems/yandex-disk.nix | 31 +++++++++---------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/network-filesystems/yandex-disk.nix b/nixos/modules/services/network-filesystems/yandex-disk.nix index de5d42a4bcde8..ee9b58b081a37 100644 --- a/nixos/modules/services/network-filesystems/yandex-disk.nix +++ b/nixos/modules/services/network-filesystems/yandex-disk.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.yandex-disk; @@ -20,47 +17,47 @@ in services.yandex-disk = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable Yandex-disk client. See https://disk.yandex.ru/ ''; }; - username = mkOption { + username = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' Your yandex.com login name. ''; }; - password = mkOption { + password = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' Your yandex.com password. Warning: it will be world-readable in /nix/store. ''; }; - user = mkOption { + user = lib.mkOption { default = null; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; description = '' The user the yandex-disk daemon should run as. ''; }; - directory = mkOption { - type = types.path; + directory = lib.mkOption { + type = lib.types.path; default = "/home/Yandex.Disk"; description = "The directory to use for Yandex.Disk storage"; }; - excludes = mkOption { + excludes = lib.mkOption { default = ""; - type = types.commas; + type = lib.types.commas; example = "data,backup"; description = '' Comma-separated list of directories which are excluded from synchronization. @@ -74,9 +71,9 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = mkIf (cfg.user == null) [ { + users.users = lib.mkIf (cfg.user == null) [ { name = u; uid = config.ids.uids.yandexdisk; group = "nogroup"; From 02bb53fbc36d8f3bb9417b38f8e7bc39deba3ccc Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 061/148] nixos/services._3proxy: remove `with lib;` --- nixos/modules/services/networking/3proxy.nix | 139 +++++++++---------- 1 file changed, 69 insertions(+), 70 deletions(-) diff --git a/nixos/modules/services/networking/3proxy.nix b/nixos/modules/services/networking/3proxy.nix index 865916f7aff5f..03c67ed2f6f8f 100644 --- a/nixos/modules/services/networking/3proxy.nix +++ b/nixos/modules/services/networking/3proxy.nix @@ -1,21 +1,20 @@ { config, lib, pkgs, ... }: -with lib; let pkg = pkgs._3proxy; cfg = config.services._3proxy; - optionalList = list: if list == [ ] then "*" else concatMapStringsSep "," toString list; + optionalList = list: if list == [ ] then "*" else lib.concatMapStringsSep "," toString list; in { options.services._3proxy = { - enable = mkEnableOption "3proxy"; - confFile = mkOption { - type = types.path; + enable = lib.mkEnableOption "3proxy"; + confFile = lib.mkOption { + type = lib.types.path; example = "/var/lib/3proxy/3proxy.conf"; description = '' Ignore all other 3proxy options and load configuration from this file. ''; }; - usersFile = mkOption { - type = types.nullOr types.path; + usersFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/3proxy/3proxy.passwd"; description = '' @@ -40,11 +39,11 @@ in { Consult [documentation](https://github.com/z3APA3A/3proxy/wiki/How-To-%28incomplete%29#USERS) for more information. ''; }; - services = mkOption { - type = types.listOf (types.submodule { + services = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - type = mkOption { - type = types.enum [ + type = lib.mkOption { + type = lib.types.enum [ "proxy" "socks" "pop3p" @@ -68,32 +67,32 @@ in { - `"udppm"`: UDP portmapper. ''; }; - bindAddress = mkOption { - type = types.str; + bindAddress = lib.mkOption { + type = lib.types.str; default = "[::]"; example = "127.0.0.1"; description = '' Address used for service. ''; }; - bindPort = mkOption { - type = types.nullOr types.int; + bindPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; example = 3128; description = '' Override default port used for service. ''; }; - maxConnections = mkOption { - type = types.int; + maxConnections = lib.mkOption { + type = lib.types.int; default = 100; example = 1000; description = '' Maximum number of simulationeous connections to this service. ''; }; - auth = mkOption { - type = types.listOf (types.enum [ "none" "iponly" "strong" ]); + auth = lib.mkOption { + type = lib.types.listOf (lib.types.enum [ "none" "iponly" "strong" ]); example = [ "iponly" "strong" ]; description = '' Authentication type. The following values are valid: @@ -122,11 +121,11 @@ in { In this example strong username authentication is not required to access 192.168.0.0/16. ''; }; - acl = mkOption { - type = types.listOf (types.submodule { + acl = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - rule = mkOption { - type = types.enum [ "allow" "deny" ]; + rule = lib.mkOption { + type = lib.types.enum [ "allow" "deny" ]; example = "allow"; description = '' ACL rule. The following values are valid: @@ -135,24 +134,24 @@ in { - `"deny"`: connections not allowed. ''; }; - users = mkOption { - type = types.listOf types.str; + users = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "user1" "user2" "user3" ]; description = '' List of users, use empty list for any. ''; }; - sources = mkOption { - type = types.listOf types.str; + sources = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; description = '' List of source IP range, use empty list for any. ''; }; - targets = mkOption { - type = types.listOf types.str; + targets = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; description = '' @@ -162,8 +161,8 @@ in { Hostname is only checked if hostname presents in request. ''; }; - targetPorts = mkOption { - type = types.listOf types.int; + targetPorts = lib.mkOption { + type = lib.types.listOf lib.types.int; default = [ ]; example = [ 80 443 ]; description = '' @@ -173,7 +172,7 @@ in { }; }); default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ { rule = "allow"; @@ -192,8 +191,8 @@ in { Use this option to limit user access to resources. ''; }; - extraArguments = mkOption { - type = types.nullOr types.str; + extraArguments = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "-46"; description = '' @@ -201,8 +200,8 @@ in { Consult "Options" section in [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available arguments. ''; }; - extraConfig = mkOption { - type = types.nullOr types.lines; + extraConfig = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; description = '' Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. @@ -212,7 +211,7 @@ in { }; }); default = [ ]; - example = literalExpression '' + example = lib.literalExpression '' [ { type = "proxy"; @@ -238,15 +237,15 @@ in { Use this option to define 3proxy services. ''; }; - denyPrivate = mkOption { - type = types.bool; + denyPrivate = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to deny access to private IP ranges including loopback. ''; }; - privateRanges = mkOption { - type = types.listOf types.str; + privateRanges = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "0.0.0.0/8" "127.0.0.0/8" @@ -262,11 +261,11 @@ in { What IP ranges to deny access when denyPrivate is set tu true. ''; }; - resolution = mkOption { - type = types.submodule { + resolution = lib.mkOption { + type = lib.types.submodule { options = { - nserver = mkOption { - type = types.listOf types.str; + nserver = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "127.0.0.53" "192.168.1.3:5353/tcp" ]; description = '' @@ -276,20 +275,20 @@ in { default system name resolution functions are used. ''; }; - nscache = mkOption { - type = types.int; + nscache = lib.mkOption { + type = lib.types.int; default = 65535; description = "Set name cache size for IPv4."; }; - nscache6 = mkOption { - type = types.int; + nscache6 = lib.mkOption { + type = lib.types.int; default = 65535; description = "Set name cache size for IPv6."; }; - nsrecord = mkOption { - type = types.attrsOf types.str; + nsrecord = lib.mkOption { + type = lib.types.attrsOf lib.types.str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "files.local" = "192.168.1.12"; "site.local" = "192.168.1.43"; @@ -304,8 +303,8 @@ in { Use this option to configure name resolution and DNS caching. ''; }; - extraConfig = mkOption { - type = types.nullOr types.lines; + extraConfig = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; description = '' Extra configuration, appended to the 3proxy configuration file. @@ -314,33 +313,33 @@ in { }; }; - config = mkIf cfg.enable { - services._3proxy.confFile = mkDefault (pkgs.writeText "3proxy.conf" '' + config = lib.mkIf cfg.enable { + services._3proxy.confFile = lib.mkDefault (pkgs.writeText "3proxy.conf" '' # log to stdout log - ${concatMapStringsSep "\n" (x: "nserver " + x) cfg.resolution.nserver} + ${lib.concatMapStringsSep "\n" (x: "nserver " + x) cfg.resolution.nserver} nscache ${toString cfg.resolution.nscache} nscache6 ${toString cfg.resolution.nscache6} - ${concatMapStringsSep "\n" (x: "nsrecord " + x) - (mapAttrsToList (name: value: "${name} ${value}") + ${lib.concatMapStringsSep "\n" (x: "nsrecord " + x) + (lib.mapAttrsToList (name: value: "${name} ${value}") cfg.resolution.nsrecord)} - ${optionalString (cfg.usersFile != null) + ${lib.optionalString (cfg.usersFile != null) ''users $"${cfg.usersFile}"'' } - ${concatMapStringsSep "\n" (service: '' - auth ${concatStringsSep " " service.auth} + ${lib.concatMapStringsSep "\n" (service: '' + auth ${lib.concatStringsSep " " service.auth} - ${optionalString (cfg.denyPrivate) + ${lib.optionalString (cfg.denyPrivate) "deny * * ${optionalList cfg.privateRanges}"} - ${concatMapStringsSep "\n" (acl: + ${lib.concatMapStringsSep "\n" (acl: "${acl.rule} ${ - concatMapStringsSep " " optionalList [ + lib.concatMapStringsSep " " optionalList [ acl.users acl.sources acl.targets @@ -350,18 +349,18 @@ in { maxconn ${toString service.maxConnections} - ${optionalString (service.extraConfig != null) service.extraConfig} + ${lib.optionalString (service.extraConfig != null) service.extraConfig} ${service.type} -i${toString service.bindAddress} ${ - optionalString (service.bindPort != null) + lib.optionalString (service.bindPort != null) "-p${toString service.bindPort}" } ${ - optionalString (service.extraArguments != null) service.extraArguments + lib.optionalString (service.extraArguments != null) service.extraArguments } flush '') cfg.services} - ${optionalString (cfg.extraConfig != null) cfg.extraConfig} + ${lib.optionalString (cfg.extraConfig != null) cfg.extraConfig} ''); systemd.services."3proxy" = { description = "Tiny free proxy server"; @@ -377,5 +376,5 @@ in { }; }; - meta.maintainers = with maintainers; [ misuzu ]; + meta.maintainers = with lib.maintainers; [ misuzu ]; } From b1bbe81c8d630ba8a8a7198e7fba8f49bd0e8a64 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:00 +0200 Subject: [PATCH 062/148] nixos/services.adguardhome: remove `with lib;` --- .../services/networking/adguardhome.nix | 51 +++++++++---------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/adguardhome.nix b/nixos/modules/services/networking/adguardhome.nix index 5be3e0bea224a..dab81ce18b299 100644 --- a/nixos/modules/services/networking/adguardhome.nix +++ b/nixos/modules/services/networking/adguardhome.nix @@ -1,12 +1,9 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.adguardhome; settingsFormat = pkgs.formats.yaml { }; - args = concatStringsSep " " ([ + args = lib.concatStringsSep " " ([ "--no-check-update" "--pidfile /run/AdGuardHome/AdGuardHome.pid" "--work-dir /var/lib/AdGuardHome/" @@ -28,19 +25,19 @@ let checkPhase = "${cfg.package}/bin/adguardhome -c $out --check-config"; }); in { - options.services.adguardhome = with types; { - enable = mkEnableOption "AdGuard Home network-wide ad blocker"; + options.services.adguardhome = with lib.types; { + enable = lib.mkEnableOption "AdGuard Home network-wide ad blocker"; - package = mkOption { + package = lib.mkOption { type = package; default = pkgs.adguardhome; - defaultText = literalExpression "pkgs.adguardhome"; + defaultText = lib.literalExpression "pkgs.adguardhome"; description = '' The package that runs adguardhome. ''; }; - openFirewall = mkOption { + openFirewall = lib.mkOption { default = false; type = bool; description = '' @@ -49,9 +46,9 @@ in { ''; }; - allowDHCP = mkOption { + allowDHCP = lib.mkOption { default = settings.dhcp.enabled or false; - defaultText = literalExpression "config.services.adguardhome.settings.dhcp.enabled or false"; + defaultText = lib.literalExpression "config.services.adguardhome.settings.dhcp.enabled or false"; type = bool; description = '' Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is @@ -63,7 +60,7 @@ in { ''; }; - mutableSettings = mkOption { + mutableSettings = lib.mkOption { default = true; type = bool; description = '' @@ -72,7 +69,7 @@ in { ''; }; - host = mkOption { + host = lib.mkOption { default = "0.0.0.0"; type = str; description = '' @@ -80,7 +77,7 @@ in { ''; }; - port = mkOption { + port = lib.mkOption { default = 3000; type = port; description = '' @@ -88,14 +85,14 @@ in { ''; }; - settings = mkOption { + settings = lib.mkOption { default = null; type = nullOr (submodule { freeformType = settingsFormat.type; options = { - schema_version = mkOption { + schema_version = lib.mkOption { default = cfg.package.schema_version; - defaultText = literalExpression "cfg.package.schema_version"; + defaultText = lib.literalExpression "cfg.package.schema_version"; type = int; description = '' Schema version for the configuration. @@ -121,7 +118,7 @@ in { ''; }; - extraArgs = mkOption { + extraArgs = lib.mkOption { default = [ ]; type = listOf str; description = '' @@ -130,27 +127,27 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.settings != null - -> !(hasAttrByPath [ "bind_host" ] cfg.settings); + -> !(lib.hasAttrByPath [ "bind_host" ] cfg.settings); message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.host'"; } { assertion = cfg.settings != null - -> !(hasAttrByPath [ "bind_port" ] cfg.settings); + -> !(lib.hasAttrByPath [ "bind_port" ] cfg.settings); message = "AdGuard option `settings.bind_port' has been superseded by `services.adguardhome.port'"; } { assertion = settings != null -> cfg.mutableSettings - || hasAttrByPath [ "dns" "bootstrap_dns" ] settings; + || lib.hasAttrByPath [ "dns" "bootstrap_dns" ] settings; message = "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration"; } { assertion = settings != null -> cfg.mutableSettings - || hasAttrByPath [ "dns" "bootstrap_dns" ] settings - && isList settings.dns.bootstrap_dns; + || lib.hasAttrByPath [ "dns" "bootstrap_dns" ] settings + && lib.isList settings.dns.bootstrap_dns; message = "AdGuard setting dns.bootstrap_dns needs to be a list"; } ]; @@ -164,7 +161,7 @@ in { StartLimitBurst = 10; }; - preStart = optionalString (settings != null) '' + preStart = lib.optionalString (settings != null) '' if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \ && [ "${toString cfg.mutableSettings}" = "1" ]; then # First run a schema_version update on the existing configuration @@ -185,7 +182,7 @@ in { DynamicUser = true; ExecStart = "${lib.getExe cfg.package} ${args}"; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] - ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; + ++ lib.optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; Restart = "always"; RestartSec = 10; RuntimeDirectory = "AdGuardHome"; @@ -193,6 +190,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ]; }; } From 46dc82d477974182407123a5d9deeb47909df849 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 063/148] nixos/services.alice-lg: remove `with lib;` --- nixos/modules/services/networking/alice-lg.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/alice-lg.nix b/nixos/modules/services/networking/alice-lg.nix index dab2d38ca353a..c43f898bd7d3d 100644 --- a/nixos/modules/services/networking/alice-lg.nix +++ b/nixos/modules/services/networking/alice-lg.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.alice-lg; settingsFormat = pkgs.formats.ini { }; @@ -9,17 +6,17 @@ in { options = { services.alice-lg = { - enable = mkEnableOption "Alice Looking Glass"; + enable = lib.mkEnableOption "Alice Looking Glass"; - package = mkPackageOption pkgs "alice-lg" { }; + package = lib.mkPackageOption pkgs "alice-lg" { }; - settings = mkOption { + settings = lib.mkOption { type = settingsFormat.type; default = { }; description = '' alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) ''; - example = literalExpression '' + example = lib.literalExpression '' { server = { # configures the built-in webserver and provides global application settings From d63146859b2a33af24ac81eb39ef52ad87f6e330 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 064/148] nixos/services.amule: remove `with lib;` --- nixos/modules/services/networking/amuled.nix | 23 +++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/networking/amuled.nix b/nixos/modules/services/networking/amuled.nix index aa72a047526b0..b41d4d629ec53 100644 --- a/nixos/modules/services/networking/amuled.nix +++ b/nixos/modules/services/networking/amuled.nix @@ -1,7 +1,4 @@ { config, lib, options, pkgs, ... }: - -with lib; - let cfg = config.services.amule; opt = options.services.amule; @@ -16,18 +13,18 @@ in services.amule = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time. ''; }; - dataDir = mkOption { - type = types.str; + dataDir = lib.mkOption { + type = lib.types.str; default = "/home/${user}/"; - defaultText = literalExpression '' + defaultText = lib.literalExpression '' "/home/''${config.${opt.user}}/" ''; description = '' @@ -35,8 +32,8 @@ in ''; }; - user = mkOption { - type = types.nullOr types.str; + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The user the AMule daemon should run as. @@ -50,16 +47,16 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = mkIf (cfg.user == null) [ + users.users = lib.mkIf (cfg.user == null) [ { name = "amule"; description = "AMule daemon"; group = "amule"; uid = config.ids.uids.amule; } ]; - users.groups = mkIf (cfg.user == null) [ + users.groups = lib.mkIf (cfg.user == null) [ { name = "amule"; gid = config.ids.gids.amule; } ]; From 681161adb63df62c37163e6b65096e96514c9ee8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 065/148] nixos/services.asterisk: remove `with lib;` --- .../modules/services/networking/asterisk.nix | 41 +++++++++---------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index 187dd5c3ccab3..f165974f2ae72 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.asterisk; @@ -13,7 +10,7 @@ let logdir = "/var/log/asterisk"; # Add filecontents from files of useTheseDefaultConfFiles to confFiles, do not override - defaultConfFiles = subtractLists (attrNames cfg.confFiles) cfg.useTheseDefaultConfFiles; + defaultConfFiles = lib.subtractLists (lib.attrNames cfg.confFiles) cfg.useTheseDefaultConfFiles; allConfFiles = { # Default asterisk.conf file "asterisk.conf".text = '' @@ -48,25 +45,25 @@ let syslog.local0 => notice,warning,error ''; } // - mapAttrs (name: text: { inherit text; }) cfg.confFiles // - listToAttrs (map (x: nameValuePair x { source = cfg.package + "/etc/asterisk/" + x; }) defaultConfFiles); + lib.mapAttrs (name: text: { inherit text; }) cfg.confFiles // + lib.listToAttrs (map (x: lib.nameValuePair x { source = cfg.package + "/etc/asterisk/" + x; }) defaultConfFiles); in { options = { services.asterisk = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the Asterisk PBX server. ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; example = '' [options] verbose=3 @@ -78,10 +75,10 @@ in ''; }; - confFiles = mkOption { + confFiles = lib.mkOption { default = {}; - type = types.attrsOf types.str; - example = literalExpression + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression '' { "extensions.conf" = ''' @@ -144,9 +141,9 @@ in ''; }; - useTheseDefaultConfFiles = mkOption { + useTheseDefaultConfFiles = lib.mkOption { default = [ "ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "sip.conf" "dundi.conf" ]; description = ''Sets these config files to the default content. The default value for this option contains all necesscary files to avoid errors at startup. @@ -154,24 +151,24 @@ in ''; }; - extraArguments = mkOption { + extraArguments = lib.mkOption { default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "-vvvddd" "-e" "1024" ]; description = '' Additional command line arguments to pass to Asterisk. ''; }; - package = mkPackageOption pkgs "asterisk" { }; + package = lib.mkPackageOption pkgs "asterisk" { }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - environment.etc = mapAttrs' (name: value: - nameValuePair "asterisk/${name}" value + environment.etc = lib.mapAttrs' (name: value: + lib.nameValuePair "asterisk/${name}" value ) allConfFiles; users.users.asterisk = @@ -214,7 +211,7 @@ in ExecStart = let # FIXME: This doesn't account for arguments with spaces - argString = concatStringsSep " " cfg.extraArguments; + argString = lib.concatStringsSep " " cfg.extraArguments; in "${cfg.package}/bin/asterisk -U ${asteriskUser} -C /etc/asterisk/asterisk.conf ${argString} -F"; ExecReload = ''${cfg.package}/bin/asterisk -x "core reload" From 06032d69560158665982eede48a3977e4ce6da54 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 066/148] nixos/services.atftpd: remove `with lib;` --- nixos/modules/services/networking/atftpd.nix | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/networking/atftpd.nix b/nixos/modules/services/networking/atftpd.nix index da5e305201f86..ab674d85715c6 100644 --- a/nixos/modules/services/networking/atftpd.nix +++ b/nixos/modules/services/networking/atftpd.nix @@ -1,9 +1,5 @@ # NixOS module for atftpd TFTP server - { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.atftpd; @@ -16,19 +12,19 @@ in services.atftpd = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0. ''; }; - extraOptions = mkOption { + extraOptions = lib.mkOption { default = []; - type = types.listOf types.str; - example = literalExpression '' + type = lib.types.listOf lib.types.str; + example = lib.literalExpression '' [ "--bind-address 192.168.9.1" "--verbose=7" ] @@ -38,9 +34,9 @@ in ''; }; - root = mkOption { + root = lib.mkOption { default = "/srv/tftp"; - type = types.path; + type = lib.types.path; description = '' Document root directory for the atftpd. ''; @@ -50,7 +46,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.atftpd = { description = "TFTP Server"; From d861803952869d31fa9938a203b25c94f74ec6de Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 067/148] nixos/services.autossh: remove `with lib;` --- nixos/modules/services/networking/autossh.nix | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index 245f2bfc2cf38..f8934845c28e2 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.autossh; @@ -16,21 +13,21 @@ in services.autossh = { - sessions = mkOption { - type = types.listOf (types.submodule { + sessions = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; example = "socks-peer"; description = "Name of the local AutoSSH session"; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; example = "bill"; description = "Name of the user the AutoSSH session should run as"; }; - monitoringPort = mkOption { - type = types.int; + monitoringPort = lib.mkOption { + type = lib.types.int; default = 0; example = 20000; description = '' @@ -39,8 +36,8 @@ in style monitoring ''; }; - extraArguments = mkOption { - type = types.separatedString " "; + extraArguments = lib.mkOption { + type = lib.types.separatedString " "; example = "-N -D4343 bill@socks.example.net"; description = '' Arguments to be passed to AutoSSH and retransmitted to SSH @@ -75,7 +72,7 @@ in ###### implementation - config = mkIf (cfg.sessions != []) { + config = lib.mkIf (cfg.sessions != []) { systemd.services = From eb8d4ed2645f173dd204d3a09a0dba11f154eca8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 068/148] nixos/services.avahi: remove `with lib;` --- .../services/networking/avahi-daemon.nix | 131 +++++++++--------- 1 file changed, 64 insertions(+), 67 deletions(-) diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 8bb8e71ec3fb3..72ccb910982cb 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.avahi; @@ -13,15 +10,15 @@ let # a host name from DHCP. In that case, let Avahi take whatever the # current host name is; setting `host-name' to the empty string in # `avahi-daemon.conf' would be invalid. - optionalString (hostName != "") "host-name=${hostName}"} - browse-domains=${concatStringsSep ", " browseDomains} + lib.optionalString (hostName != "") "host-name=${hostName}"} + browse-domains=${lib.concatStringsSep ", " browseDomains} use-ipv4=${yesNo ipv4} use-ipv6=${yesNo ipv6} - ${optionalString (allowInterfaces!=null) "allow-interfaces=${concatStringsSep "," allowInterfaces}"} - ${optionalString (denyInterfaces!=null) "deny-interfaces=${concatStringsSep "," denyInterfaces}"} - ${optionalString (domainName!=null) "domain-name=${domainName}"} + ${lib.optionalString (allowInterfaces!=null) "allow-interfaces=${lib.concatStringsSep "," allowInterfaces}"} + ${lib.optionalString (denyInterfaces!=null) "deny-interfaces=${lib.concatStringsSep "," denyInterfaces}"} + ${lib.optionalString (domainName!=null) "domain-name=${domainName}"} allow-point-to-point=${yesNo allowPointToPoint} - ${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} + ${lib.optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} [wide-area] enable-wide-area=${yesNo wideArea} @@ -46,8 +43,8 @@ in ]; options.services.avahi = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the Avahi daemon, which allows Avahi clients @@ -57,28 +54,28 @@ in ''; }; - package = mkPackageOption pkgs "avahi" { }; + package = lib.mkPackageOption pkgs "avahi" { }; - hostName = mkOption { - type = types.str; + hostName = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; description = '' Host name advertised on the LAN. If not set, avahi will use the value of {option}`config.networking.hostName`. ''; }; - domainName = mkOption { - type = types.str; + domainName = lib.mkOption { + type = lib.types.str; default = "local"; description = '' Domain name for all advertisements. ''; }; - browseDomains = mkOption { - type = types.listOf types.str; + browseDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "0pointer.de" "zeroconf.org" ]; description = '' @@ -86,20 +83,20 @@ in ''; }; - ipv4 = mkOption { - type = types.bool; + ipv4 = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to use IPv4."; }; - ipv6 = mkOption { - type = types.bool; + ipv6 = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to use IPv6."; }; - allowInterfaces = mkOption { - type = types.nullOr (types.listOf types.str); + allowInterfaces = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = '' List of network interfaces that should be used by the {command}`avahi-daemon`. @@ -108,8 +105,8 @@ in ''; }; - denyInterfaces = mkOption { - type = types.nullOr (types.listOf types.str); + denyInterfaces = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = '' List of network interfaces that should be ignored by the @@ -119,8 +116,8 @@ in ''; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to open the firewall for UDP port 5353. @@ -128,8 +125,8 @@ in ''; }; - allowPointToPoint = mkOption { - type = types.bool; + allowPointToPoint = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large @@ -138,22 +135,22 @@ in ''; }; - wideArea = mkOption { - type = types.bool; + wideArea = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to enable wide-area service discovery."; }; - reflector = mkOption { - type = types.bool; + reflector = lib.mkOption { + type = lib.types.bool; default = false; description = "Reflect incoming mDNS requests to all allowed network interfaces."; }; - extraServiceFiles = mkOption { - type = with types; attrsOf (either str path); + extraServiceFiles = lib.mkOption { + type = with lib.types; attrsOf (either str path); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; smb = ''' @@ -176,26 +173,26 @@ in }; publish = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to allow publishing in general."; }; - userServices = mkOption { - type = types.bool; + userServices = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to publish user services. Will set `addresses=true`."; }; - addresses = mkOption { - type = types.bool; + addresses = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to register mDNS address records for all local IP addresses."; }; - hinfo = mkOption { - type = types.bool; + hinfo = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to register a mDNS HINFO record which contains information about the @@ -203,23 +200,23 @@ in ''; }; - workstation = mkOption { - type = types.bool; + workstation = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to register a service of type "_workstation._tcp" on the local LAN. ''; }; - domain = mkOption { - type = types.bool; + domain = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to announce the locally used domain name for browsing by other hosts."; }; }; - nssmdns4 = mkOption { - type = types.bool; + nssmdns4 = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4. @@ -228,8 +225,8 @@ in ''; }; - nssmdns6 = mkOption { - type = types.bool; + nssmdns6 = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6. @@ -243,8 +240,8 @@ in ''; }; - cacheEntriesMax = mkOption { - type = types.nullOr types.int; + cacheEntriesMax = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' Number of resource records to be cached per interface. Use 0 to @@ -252,8 +249,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra config to append to avahi-daemon.conf. @@ -261,7 +258,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.avahi = { description = "avahi-daemon privilege separation user"; home = "/var/empty"; @@ -271,7 +268,7 @@ in users.groups.avahi = { }; - system.nssModules = optional (cfg.nssmdns4 || cfg.nssmdns6) pkgs.nssmdns; + system.nssModules = lib.optional (cfg.nssmdns4 || cfg.nssmdns6) pkgs.nssmdns; system.nssDatabases.hosts = let mdns = if (cfg.nssmdns4 && cfg.nssmdns6) then "mdns" @@ -281,17 +278,17 @@ in "mdns4" else ""; - in optionals (cfg.nssmdns4 || cfg.nssmdns6) (mkMerge [ - (mkBefore [ "${mdns}_minimal [NOTFOUND=return]" ]) # before resolve - (mkAfter [ "${mdns}" ]) # after dns + in lib.optionals (cfg.nssmdns4 || cfg.nssmdns6) (lib.mkMerge [ + (lib.mkBefore [ "${mdns}_minimal [NOTFOUND=return]" ]) # before resolve + (lib.mkAfter [ "${mdns}" ]) # after dns ]); environment.systemPackages = [ cfg.package ]; - environment.etc = (mapAttrs' - (n: v: nameValuePair + environment.etc = (lib.mapAttrs' + (n: v: lib.nameValuePair "avahi/services/${n}.service" - { ${if types.path.check v then "source" else "text"} = v; } + { ${if lib.types.path.check v then "source" else "text"} = v; } ) cfg.extraServiceFiles); @@ -326,6 +323,6 @@ in services.dbus.enable = true; services.dbus.packages = [ cfg.package ]; - networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 5353 ]; + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ 5353 ]; }; } From 7da36d70ff30788e9cda4e8200290367c0a99129 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:01 +0200 Subject: [PATCH 069/148] nixos/services.babeld: remove `with lib;` --- nixos/modules/services/networking/babeld.nix | 33 +++++++++----------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/networking/babeld.nix b/nixos/modules/services/networking/babeld.nix index 5a3e92d9c813d..538654f90ae4c 100644 --- a/nixos/modules/services/networking/babeld.nix +++ b/nixos/modules/services/networking/babeld.nix @@ -1,20 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.babeld; - conditionalBoolToString = value: if (isBool value) then (boolToString value) else (toString value); + conditionalBoolToString = value: if (lib.isBool value) then (lib.boolToString value) else (toString value); paramsString = params: - concatMapStringsSep " " (name: "${name} ${conditionalBoolToString (getAttr name params)}") - (attrNames params); + lib.concatMapStringsSep " " (name: "${name} ${conditionalBoolToString (lib.getAttr name params)}") + (lib.attrNames params); interfaceConfig = name: let - interface = getAttr name cfg.interfaces; + interface = lib.getAttr name cfg.interfaces; in "interface ${name} ${paramsString interface}\n"; @@ -22,17 +19,17 @@ let '' skip-kernel-setup true '' - + (optionalString (cfg.interfaceDefaults != null) '' + + (lib.optionalString (cfg.interfaceDefaults != null) '' default ${paramsString cfg.interfaceDefaults} '') - + (concatMapStrings interfaceConfig (attrNames cfg.interfaces)) + + (lib.concatMapStrings interfaceConfig (lib.attrNames cfg.interfaces)) + extraConfig); in { - meta.maintainers = with maintainers; [ hexa ]; + meta.maintainers = with lib.maintainers; [ hexa ]; ###### interface @@ -40,15 +37,15 @@ in services.babeld = { - enable = mkEnableOption "the babeld network routing daemon"; + enable = lib.mkEnableOption "the babeld network routing daemon"; - interfaceDefaults = mkOption { + interfaceDefaults = lib.mkOption { default = null; description = '' A set describing default parameters for babeld interfaces. See {manpage}`babeld(8)` for options. ''; - type = types.nullOr (types.attrsOf types.unspecified); + type = lib.types.nullOr (lib.types.attrsOf lib.types.unspecified); example = { type = "tunnel"; @@ -56,13 +53,13 @@ in }; }; - interfaces = mkOption { + interfaces = lib.mkOption { default = {}; description = '' A set describing babeld interfaces. See {manpage}`babeld(8)` for options. ''; - type = types.attrsOf (types.attrsOf types.unspecified); + type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified); example = { enp0s2 = { type = "wired"; @@ -72,9 +69,9 @@ in }; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Options that will be copied to babeld.conf. See {manpage}`babeld(8)` for details. @@ -87,7 +84,7 @@ in ###### implementation - config = mkIf config.services.babeld.enable { + config = lib.mkIf config.services.babeld.enable { boot.kernel.sysctl = { "net.ipv6.conf.all.forwarding" = 1; From 6bf37cd2010d68f2b09e396a78438ca31261de97 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 070/148] nixos/services.bee: remove `with lib;` --- nixos/modules/services/networking/bee.nix | 30 +++++++++++------------ 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/nixos/modules/services/networking/bee.nix b/nixos/modules/services/networking/bee.nix index 83ce522ba62af..6f3f7af607fbf 100644 --- a/nixos/modules/services/networking/bee.nix +++ b/nixos/modules/services/networking/bee.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.bee; format = pkgs.formats.yaml {}; @@ -15,13 +13,13 @@ in { options = { services.bee = { - enable = mkEnableOption "Ethereum Swarm Bee"; + enable = lib.mkEnableOption "Ethereum Swarm Bee"; - package = mkPackageOption pkgs "bee" { + package = lib.mkPackageOption pkgs "bee" { example = "bee-unstable"; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; description = '' Ethereum Swarm Bee configuration. Refer to @@ -30,8 +28,8 @@ in { ''; }; - daemonNiceLevel = mkOption { - type = types.int; + daemonNiceLevel = lib.mkOption { + type = lib.types.int; default = 0; description = '' Daemon process priority for bee. @@ -39,16 +37,16 @@ in { ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "bee"; description = '' User the bee binary should execute under. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "bee"; description = '' Group the bee binary should execute under. @@ -59,14 +57,14 @@ in { ### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ - { assertion = (hasAttr "password" cfg.settings) != true; + { assertion = (lib.hasAttr "password" cfg.settings) != true; message = '' `services.bee.settings.password` is insecure. Use `services.bee.settings.password-file` or `systemd.services.bee.serviceConfig.EnvironmentFile` instead. ''; } - { assertion = (hasAttr "swap-endpoint" cfg.settings) || (cfg.settings.swap-enable or true == false); + { assertion = (lib.hasAttr "swap-endpoint" cfg.settings) || (cfg.settings.swap-enable or true == false); message = '' In a swap-enabled network a working Ethereum blockchain node is required. You must specify one using `services.bee.settings.swap-endpoint`, or disable `services.bee.settings.swap-enable` = false. ''; @@ -119,7 +117,7 @@ After you finish configuration run 'sudo bee-get-addr'." ''; }; - users.users = optionalAttrs (cfg.user == "bee") { + users.users = lib.optionalAttrs (cfg.user == "bee") { bee = { group = cfg.group; home = cfg.settings.data-dir; @@ -128,7 +126,7 @@ After you finish configuration run 'sudo bee-get-addr'." }; }; - users.groups = optionalAttrs (cfg.group == "bee") { + users.groups = lib.optionalAttrs (cfg.group == "bee") { bee = {}; }; }; From 42facf73b7c7a7ee9dc9fd9597f046c0b5840d92 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 071/148] nixos/services.biboumi: remove `with lib;` --- nixos/modules/services/networking/biboumi.nix | 89 +++++++++---------- 1 file changed, 44 insertions(+), 45 deletions(-) diff --git a/nixos/modules/services/networking/biboumi.nix b/nixos/modules/services/networking/biboumi.nix index d92290626c316..33cb1d95bc51f 100644 --- a/nixos/modules/services/networking/biboumi.nix +++ b/nixos/modules/services/networking/biboumi.nix @@ -1,62 +1,61 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.biboumi; inherit (config.environment) etc; rootDir = "/run/biboumi/mnt-root"; stateDir = "/var/lib/biboumi"; settingsFile = pkgs.writeText "biboumi.cfg" ( - generators.toKeyValue { + lib.generators.toKeyValue { mkKeyValue = k: v: - lib.optionalString (v != null) (generators.mkKeyValueDefault {} "=" k v); + lib.optionalString (v != null) (lib.generators.mkKeyValueDefault {} "=" k v); } cfg.settings); need_CAP_NET_BIND_SERVICE = cfg.settings.identd_port != 0 && cfg.settings.identd_port < 1024; in { options = { services.biboumi = { - enable = mkEnableOption "the Biboumi XMPP gateway to IRC"; + enable = lib.mkEnableOption "the Biboumi XMPP gateway to IRC"; - settings = mkOption { + settings = lib.mkOption { description = '' See [biboumi 8.5](https://lab.louiz.org/louiz/biboumi/blob/8.5/doc/biboumi.1.rst) for documentation. ''; default = {}; - type = types.submodule { - freeformType = with types; + type = lib.types.submodule { + freeformType = with lib.types; (attrsOf (nullOr (oneOf [str int bool]))) // { description = "settings option"; }; - options.admin = mkOption { - type = with types; listOf str; + options.admin = lib.mkOption { + type = with lib.types; listOf str; default = []; example = ["admin@example.org"]; - apply = concatStringsSep ":"; + apply = lib.concatStringsSep ":"; description = '' The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID. ''; }; - options.ca_file = mkOption { - type = types.path; + options.ca_file = lib.mkOption { + type = lib.types.path; default = "/etc/ssl/certs/ca-certificates.crt"; description = '' Specifies which file should be used as the list of trusted CA when negotiating a TLS session. ''; }; - options.db_name = mkOption { - type = with types; either path str; + options.db_name = lib.mkOption { + type = with lib.types; either path str; default = "${stateDir}/biboumi.sqlite"; description = '' The name of the database to use. ''; example = "postgresql://user:secret@localhost"; }; - options.hostname = mkOption { - type = types.str; + options.hostname = lib.mkOption { + type = lib.types.str; example = "biboumi.example.org"; description = '' The hostname served by the XMPP gateway. @@ -64,24 +63,24 @@ in as an external component. ''; }; - options.identd_port = mkOption { - type = types.port; + options.identd_port = lib.mkOption { + type = lib.types.port; default = 113; example = 0; description = '' The TCP port on which to listen for identd queries. ''; }; - options.log_level = mkOption { - type = types.ints.between 0 3; + options.log_level = lib.mkOption { + type = lib.types.ints.between 0 3; default = 1; description = '' Indicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error. ''; }; - options.password = mkOption { - type = with types; nullOr str; + options.password = lib.mkOption { + type = with lib.types; nullOr str; description = '' The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, @@ -92,8 +91,8 @@ in if you do not want this password to go into the Nix store. ''; }; - options.persistent_by_default = mkOption { - type = types.bool; + options.persistent_by_default = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether all rooms will be persistent by default: @@ -103,25 +102,25 @@ in “persistent” configuration option to false in order to override this. ''; }; - options.policy_directory = mkOption { - type = types.path; + options.policy_directory = lib.mkOption { + type = lib.types.path; default = "${pkgs.biboumi}/etc/biboumi"; - defaultText = literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; + defaultText = lib.literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; description = '' A directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers. ''; }; - options.port = mkOption { - type = types.port; + options.port = lib.mkOption { + type = lib.types.port; default = 5347; description = '' The TCP port to use to connect to the local XMPP component. ''; }; - options.realname_customization = mkOption { - type = types.bool; + options.realname_customization = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether the users will be able to use @@ -129,8 +128,8 @@ in their realname and username. ''; }; - options.realname_from_jid = mkOption { - type = types.bool; + options.realname_from_jid = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether the realname and username of each biboumi @@ -139,8 +138,8 @@ in they used to connect to the IRC server. ''; }; - options.xmpp_server_ip = mkOption { - type = types.str; + options.xmpp_server_ip = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' The IP address to connect to the XMPP server on. @@ -152,8 +151,8 @@ in }; }; - credentialsFile = mkOption { - type = types.path; + credentialsFile = lib.mkOption { + type = lib.types.path; description = '' Path to a configuration file to be merged with the settings. Beware not to surround "=" with spaces when setting biboumi's options in this file. @@ -165,12 +164,12 @@ in example = "/run/keys/biboumi.cfg"; }; - openFirewall = mkEnableOption "opening of the identd port in the firewall"; + openFirewall = lib.mkEnableOption "opening of the identd port in the firewall"; }; }; - config = mkIf cfg.enable { - networking.firewall = mkIf (cfg.openFirewall && cfg.settings.identd_port != 0) + config = lib.mkIf cfg.enable { + networking.firewall = lib.mkIf (cfg.openFirewall && cfg.settings.identd_port != 0) { allowedTCPPorts = [ cfg.settings.identd_port ]; }; systemd.services.biboumi = { @@ -202,7 +201,7 @@ in RootDirectory = rootDir; RootDirectoryStartOnly = true; InaccessiblePaths = [ "-+${rootDir}" ]; - RuntimeDirectory = [ "biboumi" (removePrefix "/run/" rootDir) ]; + RuntimeDirectory = [ "biboumi" (lib.removePrefix "/run/" rootDir) ]; RuntimeDirectoryMode = "700"; StateDirectory = "biboumi"; StateDirectoryMode = "700"; @@ -221,8 +220,8 @@ in ]; # The following options are only for optimizing: # systemd-analyze security biboumi - AmbientCapabilities = [ (optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; - CapabilityBoundingSet = [ (optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; + AmbientCapabilities = [ (lib.optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; + CapabilityBoundingSet = [ (lib.optionalString need_CAP_NET_BIND_SERVICE "CAP_NET_BIND_SERVICE") ]; # ProtectClock= adds DeviceAllow=char-rtc r DeviceAllow = ""; LockPersonality = true; @@ -230,7 +229,7 @@ in NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; - PrivateNetwork = mkDefault false; + PrivateNetwork = lib.mkDefault false; PrivateTmp = true; # PrivateUsers=true breaks AmbientCapabilities=CAP_NET_BIND_SERVICE # See https://bugs.archlinux.org/task/65921 @@ -265,5 +264,5 @@ in }; }; - meta.maintainers = with maintainers; [ julm ]; + meta.maintainers = with lib.maintainers; [ julm ]; } From 9ce866bc9b479d0a56e27f95b382f1cb1115edc0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 072/148] nixos/services.bind: remove `with lib;` --- nixos/modules/services/networking/bind.nix | 113 ++++++++++----------- 1 file changed, 55 insertions(+), 58 deletions(-) diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 6c5c59a88dec0..225e330ad1841 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.bind; @@ -14,30 +11,30 @@ let bindZoneOptions = { name, config, ... }: { options = { - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; default = name; description = "Name of the zone."; }; - master = mkOption { + master = lib.mkOption { description = "Master=false means slave server"; - type = types.bool; + type = lib.types.bool; }; - file = mkOption { - type = types.either types.str types.path; + file = lib.mkOption { + type = lib.types.either lib.types.str lib.types.path; description = "Zone file resource records contain columns of data, separated by whitespace, that define the record."; }; - masters = mkOption { - type = types.listOf types.str; + masters = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "List of servers for inclusion in stub and secondary zones."; }; - slaves = mkOption { - type = types.listOf types.str; + slaves = lib.mkOption { + type = lib.types.listOf lib.types.str; description = "Addresses who may request zone transfers."; default = [ ]; }; - allowQuery = mkOption { - type = types.listOf types.str; + allowQuery = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' List of address ranges allowed to query this zone. Instead of the address(es), this may instead contain the single string "any". @@ -47,8 +44,8 @@ let ''; default = [ "any" ]; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; description = "Extra zone config to be appended at the end of the zone section."; default = ""; }; @@ -62,16 +59,16 @@ let inet 127.0.0.1 allow {localhost;} keys {"rndc-key";}; }; - acl cachenetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} }; - acl badnetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} }; + acl cachenetworks { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} }; + acl badnetworks { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} }; options { - listen-on { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOn} }; - listen-on-v6 { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} }; + listen-on { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOn} }; + listen-on-v6 { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} }; allow-query { cachenetworks; }; blackhole { badnetworks; }; forward ${cfg.forward}; - forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} }; + forwarders { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.forwarders} }; directory "${cfg.directory}"; pid-file "/run/named/named.pid"; ${cfg.extraOptions} @@ -79,7 +76,7 @@ let ${cfg.extraConfig} - ${ concatMapStrings + ${ lib.concatMapStrings ({ name, file, master ? true, slaves ? [], masters ? [], allowQuery ? [], extraConfig ? "" }: '' zone "${name}" { @@ -88,21 +85,21 @@ let ${ if master then '' allow-transfer { - ${concatMapStrings (ip: "${ip};\n") slaves} + ${lib.concatMapStrings (ip: "${ip};\n") slaves} }; '' else '' masters { - ${concatMapStrings (ip: "${ip};\n") masters} + ${lib.concatMapStrings (ip: "${ip};\n") masters} }; '' } - allow-query { ${concatMapStrings (ip: "${ip}; ") allowQuery}}; + allow-query { ${lib.concatMapStrings (ip: "${ip}; ") allowQuery}}; ${extraConfig} }; '') - (attrValues cfg.zones) } + (lib.attrValues cfg.zones) } ''; in @@ -115,14 +112,14 @@ in services.bind = { - enable = mkEnableOption "BIND domain name server"; + enable = lib.mkEnableOption "BIND domain name server"; - package = mkPackageOption pkgs "bind" { }; + package = lib.mkPackageOption pkgs "bind" { }; - cacheNetworks = mkOption { + cacheNetworks = lib.mkOption { default = [ "127.0.0.0/24" "::1/128" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' What networks are allowed to use us as a resolver. Note that this is for recursive queries -- all networks are @@ -134,64 +131,64 @@ in ''; }; - blockedNetworks = mkOption { + blockedNetworks = lib.mkOption { default = [ ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' What networks are just blocked. ''; }; - ipv4Only = mkOption { + ipv4Only = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Only use ipv4, even if the host supports ipv6. ''; }; - forwarders = mkOption { + forwarders = lib.mkOption { default = config.networking.nameservers; - defaultText = literalExpression "config.networking.nameservers"; - type = types.listOf types.str; + defaultText = lib.literalExpression "config.networking.nameservers"; + type = lib.types.listOf lib.types.str; description = '' List of servers we should forward requests to. ''; }; - forward = mkOption { + forward = lib.mkOption { default = "first"; - type = types.enum ["first" "only"]; + type = lib.types.enum ["first" "only"]; description = '' Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'. ''; }; - listenOn = mkOption { + listenOn = lib.mkOption { default = [ "any" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Interfaces to listen on. ''; }; - listenOnIpv6 = mkOption { + listenOnIpv6 = lib.mkOption { default = [ "any" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Ipv6 interfaces to listen on. ''; }; - directory = mkOption { - type = types.str; + directory = lib.mkOption { + type = lib.types.str; default = "/run/named"; description = "Working directory of BIND."; }; - zones = mkOption { + zones = lib.mkOption { default = [ ]; - type = with types; coercedTo (listOf attrs) bindZoneCoerce (attrsOf (types.submodule bindZoneOptions)); + type = with lib.types; coercedTo (listOf attrs) bindZoneCoerce (attrsOf (lib.types.submodule bindZoneOptions)); description = '' List of zones we claim authority over. ''; @@ -206,16 +203,16 @@ in }; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra lines to be added verbatim to the generated named configuration file. ''; }; - extraOptions = mkOption { - type = types.lines; + extraOptions = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra lines to be added verbatim to the options section of the @@ -223,10 +220,10 @@ in ''; }; - configFile = mkOption { - type = types.path; + configFile = lib.mkOption { + type = lib.types.path; default = confFile; - defaultText = literalExpression "confFile"; + defaultText = lib.literalExpression "confFile"; description = '' Overridable config file to use for named. By default, that generated by nixos. @@ -240,9 +237,9 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - networking.resolvconf.useLocalResolver = mkDefault true; + networking.resolvconf.useLocalResolver = lib.mkDefault true; users.users.${bindUser} = { @@ -272,7 +269,7 @@ in serviceConfig = { Type = "forking"; # Set type to forking, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900788 - ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile}"; + ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${lib.optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile}"; ExecReload = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' reload"; ExecStop = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' stop"; }; From c666e7b2dd9f69b118a503663e8b7a20f1d7072f Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 073/148] nixos/services.bird-lg: remove `with lib;` --- nixos/modules/services/networking/bird-lg.nix | 153 +++++++++--------- 1 file changed, 75 insertions(+), 78 deletions(-) diff --git a/nixos/modules/services/networking/bird-lg.nix b/nixos/modules/services/networking/bird-lg.nix index 0c69b72fec10f..f73c0b796e6f1 100644 --- a/nixos/modules/services/networking/bird-lg.nix +++ b/nixos/modules/services/networking/bird-lg.nix @@ -1,176 +1,173 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.bird-lg; - stringOrConcat = sep: v: if builtins.isString v then v else concatStringsSep sep v; + stringOrConcat = sep: v: if builtins.isString v then v else lib.concatStringsSep sep v; frontend_args = let fe = cfg.frontend; in { - "--servers" = concatStringsSep "," fe.servers; + "--servers" = lib.concatStringsSep "," fe.servers; "--domain" = fe.domain; "--listen" = fe.listenAddress; "--proxy-port" = fe.proxyPort; "--whois" = fe.whois; "--dns-interface" = fe.dnsInterface; - "--bgpmap-info" = concatStringsSep "," cfg.frontend.bgpMapInfo; + "--bgpmap-info" = lib.concatStringsSep "," cfg.frontend.bgpMapInfo; "--title-brand" = fe.titleBrand; "--navbar-brand" = fe.navbar.brand; "--navbar-brand-url" = fe.navbar.brandURL; "--navbar-all-servers" = fe.navbar.allServers; "--navbar-all-url" = fe.navbar.allServersURL; "--net-specific-mode" = fe.netSpecificMode; - "--protocol-filter" = concatStringsSep "," cfg.frontend.protocolFilter; + "--protocol-filter" = lib.concatStringsSep "," cfg.frontend.protocolFilter; }; proxy_args = let px = cfg.proxy; in { - "--allowed" = concatStringsSep "," px.allowedIPs; + "--allowed" = lib.concatStringsSep "," px.allowedIPs; "--bird" = px.birdSocket; "--listen" = px.listenAddress; "--traceroute_bin" = px.traceroute.binary; - "--traceroute_flags" = concatStringsSep " " px.traceroute.flags; + "--traceroute_flags" = lib.concatStringsSep " " px.traceroute.flags; "--traceroute_raw" = px.traceroute.rawOutput; }; mkArgValue = value: - if isString value - then escapeShellArg value - else if isBool value - then boolToString value + if lib.isString value + then lib.escapeShellArg value + else if lib.isBool value + then lib.boolToString value else toString value; - filterNull = filterAttrs (_: v: v != "" && v != null && v != []); + filterNull = lib.filterAttrs (_: v: v != "" && v != null && v != []); - argsAttrToList = args: mapAttrsToList (name: value: "${name} " + mkArgValue value ) (filterNull args); + argsAttrToList = args: lib.mapAttrsToList (name: value: "${name} " + mkArgValue value ) (filterNull args); in { options = { services.bird-lg = { - package = mkPackageOption pkgs "bird-lg" { }; + package = lib.mkPackageOption pkgs "bird-lg" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "bird-lg"; description = "User to run the service."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "bird-lg"; description = "Group to run the service."; }; frontend = { - enable = mkEnableOption "Bird Looking Glass Frontend Webserver"; + enable = lib.mkEnableOption "Bird Looking Glass Frontend Webserver"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = "127.0.0.1:5000"; description = "Address to listen on."; }; - proxyPort = mkOption { - type = types.port; + proxyPort = lib.mkOption { + type = lib.types.port; default = 8000; description = "Port bird-lg-proxy is running on."; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; example = "dn42.lantian.pub"; description = "Server name domain suffixes."; }; - servers = mkOption { - type = types.listOf types.str; + servers = lib.mkOption { + type = lib.types.listOf lib.types.str; example = [ "gigsgigscloud" "hostdare" ]; description = "Server name prefixes."; }; - whois = mkOption { - type = types.str; + whois = lib.mkOption { + type = lib.types.str; default = "whois.verisign-grs.com"; description = "Whois server for queries."; }; - dnsInterface = mkOption { - type = types.str; + dnsInterface = lib.mkOption { + type = lib.types.str; default = "asn.cymru.com"; description = "DNS zone to query ASN information."; }; - bgpMapInfo = mkOption { - type = types.listOf types.str; + bgpMapInfo = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "asn" "as-name" "ASName" "descr" ]; description = "Information displayed in bgpmap."; }; - titleBrand = mkOption { - type = types.str; + titleBrand = lib.mkOption { + type = lib.types.str; default = "Bird-lg Go"; description = "Prefix of page titles in browser tabs."; }; - netSpecificMode = mkOption { - type = types.str; + netSpecificMode = lib.mkOption { + type = lib.types.str; default = ""; example = "dn42"; description = "Apply network-specific changes for some networks."; }; - protocolFilter = mkOption { - type = types.listOf types.str; + protocolFilter = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "ospf" ]; description = "Information displayed in bgpmap."; }; - nameFilter = mkOption { - type = types.str; + nameFilter = lib.mkOption { + type = lib.types.str; default = ""; example = "^ospf"; description = "Protocol names to hide in summary tables (RE2 syntax),"; }; - timeout = mkOption { - type = types.int; + timeout = lib.mkOption { + type = lib.types.int; default = 120; description = "Time before request timed out, in seconds."; }; navbar = { - brand = mkOption { - type = types.str; + brand = lib.mkOption { + type = lib.types.str; default = "Bird-lg Go"; description = "Brand to show in the navigation bar ."; }; - brandURL = mkOption { - type = types.str; + brandURL = lib.mkOption { + type = lib.types.str; default = "/"; description = "URL of the brand to show in the navigation bar."; }; - allServers = mkOption { - type = types.str; + allServers = lib.mkOption { + type = lib.types.str; default = "ALL Servers"; description = "Text of 'All server' button in the navigation bar."; }; - allServersURL = mkOption { - type = types.str; + allServersURL = lib.mkOption { + type = lib.types.str; default = "all"; description = "URL of 'All servers' button."; }; }; - extraArgs = mkOption { - type = with types; either lines (listOf str); + extraArgs = lib.mkOption { + type = with lib.types; either lines (listOf str); default = [ ]; description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend). @@ -183,50 +180,50 @@ in }; proxy = { - enable = mkEnableOption "Bird Looking Glass Proxy"; + enable = lib.mkEnableOption "Bird Looking Glass Proxy"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = "127.0.0.1:8000"; description = "Address to listen on."; }; - allowedIPs = mkOption { - type = types.listOf types.str; + allowedIPs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "192.168.25.52" "192.168.25.53" "192.168.0.0/24" ]; description = "List of IPs or networks to allow (default all allowed)."; }; - birdSocket = mkOption { - type = types.str; + birdSocket = lib.mkOption { + type = lib.types.str; default = "/var/run/bird/bird.ctl"; description = "Bird control socket path."; }; traceroute = { - binary = mkOption { - type = types.str; + binary = lib.mkOption { + type = lib.types.str; default = "${pkgs.traceroute}/bin/traceroute"; - defaultText = literalExpression ''"''${pkgs.traceroute}/bin/traceroute"''; + defaultText = lib.literalExpression ''"''${pkgs.traceroute}/bin/traceroute"''; description = "Traceroute's binary path."; }; - flags = mkOption { - type = with types; listOf str; + flags = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; description = "Flags for traceroute process"; }; - rawOutput = mkOption { - type = types.bool; + rawOutput = lib.mkOption { + type = lib.types.bool; default = false; description = "Display traceroute output in raw format."; }; }; - extraArgs = mkOption { - type = with types; either lines (listOf str); + extraArgs = lib.mkOption { + type = with lib.types; either lines (listOf str); default = [ ]; description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy). @@ -254,7 +251,7 @@ in ; systemd.services = { - bird-lg-frontend = mkIf cfg.frontend.enable { + bird-lg-frontend = lib.mkIf cfg.frontend.enable { enable = true; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -270,12 +267,12 @@ in }; script = '' ${cfg.package}/bin/frontend \ - ${concatStringsSep " \\\n " (argsAttrToList frontend_args)} \ + ${lib.concatStringsSep " \\\n " (argsAttrToList frontend_args)} \ ${stringOrConcat " " cfg.frontend.extraArgs} ''; }; - bird-lg-proxy = mkIf cfg.proxy.enable { + bird-lg-proxy = lib.mkIf cfg.proxy.enable { enable = true; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -291,14 +288,14 @@ in }; script = '' ${cfg.package}/bin/proxy \ - ${concatStringsSep " \\\n " (argsAttrToList proxy_args)} \ + ${lib.concatStringsSep " \\\n " (argsAttrToList proxy_args)} \ ${stringOrConcat " " cfg.proxy.extraArgs} ''; }; }; - users = mkIf (cfg.frontend.enable || cfg.proxy.enable) { - groups."bird-lg" = mkIf (cfg.group == "bird-lg") { }; - users."bird-lg" = mkIf (cfg.user == "bird-lg") { + users = lib.mkIf (cfg.frontend.enable || cfg.proxy.enable) { + groups."bird-lg" = lib.mkIf (cfg.group == "bird-lg") { }; + users."bird-lg" = lib.mkIf (cfg.user == "bird-lg") { description = "Bird Looking Glass user"; extraGroups = lib.optionals (config.services.bird2.enable) [ "bird2" ]; group = cfg.group; From 416649cbe631f1f37897f3aeffc6cbfa69fef60b Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 074/148] nixos/services.birdwatcher: remove `with lib;` --- .../services/networking/birdwatcher.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/networking/birdwatcher.nix b/nixos/modules/services/networking/birdwatcher.nix index 4baab1e60a2d7..434f0e2095f30 100644 --- a/nixos/modules/services/networking/birdwatcher.nix +++ b/nixos/modules/services/networking/birdwatcher.nix @@ -1,31 +1,28 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.birdwatcher; in { options = { services.birdwatcher = { - package = mkPackageOption pkgs "birdwatcher" { }; - enable = mkEnableOption "Birdwatcher"; - flags = mkOption { + package = lib.mkPackageOption pkgs "birdwatcher" { }; + enable = lib.mkEnableOption "Birdwatcher"; + flags = lib.mkOption { default = [ ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "-worker-pool-size 16" "-6" ]; description = '' Flags to append to the program call ''; }; - settings = mkOption { - type = types.lines; + settings = lib.mkOption { + type = lib.types.lines; default = { }; description = '' birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) ''; - example = literalExpression '' + example = lib.literalExpression '' [server] allow_from = [] allow_uncached = false @@ -72,7 +69,7 @@ in }; config = - let flagsStr = escapeShellArgs cfg.flags; + let flagsStr = lib.escapeShellArgs cfg.flags; in lib.mkIf cfg.enable { environment.etc."birdwatcher/birdwatcher.conf".source = pkgs.writeTextFile { name = "birdwatcher.conf"; From d9c47dac162152ea3c782797da441a0deae49906 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 075/148] nixos/services.bitlbee: remove `with lib;` --- nixos/modules/services/networking/bitlbee.nix | 61 +++++++++---------- 1 file changed, 29 insertions(+), 32 deletions(-) diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix index 20488e5f33fea..3ebbab97b68e1 100644 --- a/nixos/modules/services/networking/bitlbee.nix +++ b/nixos/modules/services/networking/bitlbee.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.bitlbee; @@ -46,8 +43,8 @@ in services.bitlbee = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the BitlBee IRC to other chat network gateway. @@ -56,8 +53,8 @@ in ''; }; - interface = mkOption { - type = types.str; + interface = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' The interface the BitlBee daemon will be listening to. If `127.0.0.1`, @@ -66,17 +63,17 @@ in ''; }; - portNumber = mkOption { + portNumber = lib.mkOption { default = 6667; - type = types.port; + type = lib.types.port; description = '' Number of the port BitlBee will be listening to. ''; }; - authBackend = mkOption { + authBackend = lib.mkOption { default = "storage"; - type = types.enum [ "storage" "pam" ]; + type = lib.types.enum [ "storage" "pam" ]; description = '' How users are authenticated storage -- save passwords internally @@ -84,9 +81,9 @@ in ''; }; - authMode = mkOption { + authMode = lib.mkOption { default = "Open"; - type = types.enum [ "Open" "Closed" "Registered" ]; + type = lib.types.enum [ "Open" "Closed" "Registered" ]; description = '' The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. @@ -95,9 +92,9 @@ in ''; }; - hostName = mkOption { + hostName = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify @@ -105,53 +102,53 @@ in ''; }; - plugins = mkOption { - type = types.listOf types.package; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.bitlbee-facebook ]"; + example = lib.literalExpression "[ pkgs.bitlbee-facebook ]"; description = '' The list of bitlbee plugins to install. ''; }; - libpurple_plugins = mkOption { - type = types.listOf types.package; + libpurple_plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "[ pkgs.purple-matrix ]"; + example = lib.literalExpression "[ pkgs.purple-matrix ]"; description = '' The list of libpurple plugins to install. ''; }; - configDir = mkOption { + configDir = lib.mkOption { default = "/var/lib/bitlbee"; - type = types.path; + type = lib.types.path; description = '' Specify an alternative directory to store all the per-user configuration files. ''; }; - protocols = mkOption { + protocols = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = '' This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions. ''; }; - extraSettings = mkOption { + extraSettings = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Will be inserted in the Settings section of the config file. ''; }; - extraDefaults = mkOption { + extraDefaults = lib.mkOption { default = ""; - type = types.lines; + type = lib.types.lines; description = '' Will be inserted in the Default section of the config file. ''; @@ -163,8 +160,8 @@ in ###### implementation - config = mkMerge [ - (mkIf config.services.bitlbee.enable { + config = lib.mkMerge [ + (lib.mkIf config.services.bitlbee.enable { systemd.services.bitlbee = { environment.PURPLE_PLUGIN_PATH = purple_plugin_path; description = "BitlBee IRC to other chat networks gateway"; @@ -182,7 +179,7 @@ in environment.systemPackages = [ bitlbeePkg ]; }) - (mkIf (config.services.bitlbee.authBackend == "pam") { + (lib.mkIf (config.services.bitlbee.authBackend == "pam") { security.pam.services.bitlbee = {}; }) ]; From 939ba8a2c3452cba4d507eba710ad4beda43ff76 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:02 +0200 Subject: [PATCH 076/148] nixos/services.blockbook-frontend: remove `with lib;` --- .../networking/blockbook-frontend.nix | 131 +++++++++--------- 1 file changed, 64 insertions(+), 67 deletions(-) diff --git a/nixos/modules/services/networking/blockbook-frontend.nix b/nixos/modules/services/networking/blockbook-frontend.nix index 504c98e9ab8e5..6200a098c34a0 100644 --- a/nixos/modules/services/networking/blockbook-frontend.nix +++ b/nixos/modules/services/networking/blockbook-frontend.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let eachBlockbook = config.services.blockbook-frontend; @@ -10,24 +7,24 @@ let options = { - enable = mkEnableOption "blockbook-frontend application"; + enable = lib.mkEnableOption "blockbook-frontend application"; - package = mkPackageOption pkgs "blockbook" { }; + package = lib.mkPackageOption pkgs "blockbook" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "blockbook-frontend-${name}"; description = "The user as which to run blockbook-frontend-${name}."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "${config.user}"; description = "The group as which to run blockbook-frontend-${name}."; }; - certFile = mkOption { - type = types.nullOr types.path; + certFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/etc/secrets/blockbook-frontend-${name}/certFile"; description = '' @@ -36,15 +33,15 @@ let ''; }; - configFile = mkOption { - type = with types; nullOr path; + configFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; example = "${config.dataDir}/config.json"; description = "Location of the blockbook configuration file."; }; - coinName = mkOption { - type = types.str; + coinName = lib.mkOption { + type = lib.types.str; default = "Bitcoin"; description = '' See @@ -52,68 +49,68 @@ let ''; }; - cssDir = mkOption { - type = types.path; + cssDir = lib.mkOption { + type = lib.types.path; default = "${config.package}/share/css/"; - defaultText = literalExpression ''"''${package}/share/css/"''; - example = literalExpression ''"''${dataDir}/static/css/"''; + defaultText = lib.literalExpression ''"''${package}/share/css/"''; + example = lib.literalExpression ''"''${dataDir}/static/css/"''; description = '' Location of the dir with {file}`main.css` CSS file. By default, the one shipped with the package is used. ''; }; - dataDir = mkOption { - type = types.path; + dataDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/blockbook-frontend-${name}"; description = "Location of blockbook-frontend-${name} data directory."; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = "Debug mode, return more verbose errors, reload templates on each request."; }; - internal = mkOption { - type = types.nullOr types.str; + internal = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = ":9030"; description = "Internal http server binding `[address]:port`."; }; - messageQueueBinding = mkOption { - type = types.str; + messageQueueBinding = lib.mkOption { + type = lib.types.str; default = "tcp://127.0.0.1:38330"; description = "Message Queue Binding `address:port`."; }; - public = mkOption { - type = types.nullOr types.str; + public = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = ":9130"; description = "Public http server binding `[address]:port`."; }; rpc = { - url = mkOption { - type = types.str; + url = lib.mkOption { + type = lib.types.str; default = "http://127.0.0.1"; description = "URL for JSON-RPC connections."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8030; description = "Port for JSON-RPC connections."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "rpc"; description = "Username for JSON-RPC connections."; }; - password = mkOption { - type = types.str; + password = lib.mkOption { + type = lib.types.str; default = "rpc"; description = '' RPC password for JSON-RPC connections. @@ -122,8 +119,8 @@ let ''; }; - passwordFile = mkOption { - type = types.nullOr types.path; + passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' File containing password of the RPC user. @@ -132,24 +129,24 @@ let }; }; - sync = mkOption { - type = types.bool; + sync = lib.mkOption { + type = lib.types.bool; default = true; description = "Synchronizes until tip, if together with zeromq, keeps index synchronized."; }; - templateDir = mkOption { - type = types.path; + templateDir = lib.mkOption { + type = lib.types.path; default = "${config.package}/share/templates/"; - defaultText = literalExpression ''"''${package}/share/templates/"''; - example = literalExpression ''"''${dataDir}/templates/static/"''; + defaultText = lib.literalExpression ''"''${package}/share/templates/"''; + example = lib.literalExpression ''"''${dataDir}/templates/static/"''; description = "Location of the HTML templates. By default, ones shipped with the package are used."; }; - extraConfig = mkOption { - type = types.attrs; + extraConfig = lib.mkOption { + type = lib.types.attrs; default = {}; - example = literalExpression '' { + example = lib.literalExpression '' { "alternative_estimate_fee" = "whatthefee-disabled"; "alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}"; "fiat_rates" = "coingecko"; @@ -174,8 +171,8 @@ let ''; }; - extraCmdLineOptions = mkOption { - type = types.listOf types.str; + extraCmdLineOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-workers=1" "-dbcache=0" "-logtosderr" ]; description = '' @@ -190,8 +187,8 @@ in # interface options = { - services.blockbook-frontend = mkOption { - type = types.attrsOf (types.submodule blockbookOpts); + services.blockbook-frontend = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule blockbookOpts); default = {}; description = "Specification of one or more blockbook-frontend instances."; }; @@ -199,10 +196,10 @@ in # implementation - config = mkIf (eachBlockbook != {}) { + config = lib.mkIf (eachBlockbook != {}) { - systemd.services = mapAttrs' (blockbookName: cfg: ( - nameValuePair "blockbook-frontend-${blockbookName}" ( + systemd.services = lib.mapAttrs' (blockbookName: cfg: ( + lib.nameValuePair "blockbook-frontend-${blockbookName}" ( let configFile = if cfg.configFile != null then cfg.configFile else pkgs.writeText "config.conf" (builtins.toJSON ( { @@ -220,7 +217,7 @@ in preStart = '' ln -sf ${cfg.templateDir} ${cfg.dataDir}/static/ ln -sf ${cfg.cssDir} ${cfg.dataDir}/static/ - ${optionalString (cfg.rpc.passwordFile != null && cfg.configFile == null) '' + ${lib.optionalString (cfg.rpc.passwordFile != null && cfg.configFile == null) '' CONFIGTMP=$(mktemp) ${pkgs.jq}/bin/jq ".rpc_pass = \"$(cat ${cfg.rpc.passwordFile})\"" ${configFile} > $CONFIGTMP mv $CONFIGTMP ${cfg.dataDir}/${blockbookName}-config.json @@ -237,11 +234,11 @@ in "-blockchaincfg=${configFile}" } \ -datadir=${cfg.dataDir} \ - ${optionalString (cfg.sync != false) "-sync"} \ - ${optionalString (cfg.certFile != null) "-certfile=${toString cfg.certFile}"} \ - ${optionalString (cfg.debug != false) "-debug"} \ - ${optionalString (cfg.internal != null) "-internal=${toString cfg.internal}"} \ - ${optionalString (cfg.public != null) "-public=${toString cfg.public}"} \ + ${lib.optionalString (cfg.sync != false) "-sync"} \ + ${lib.optionalString (cfg.certFile != null) "-certfile=${toString cfg.certFile}"} \ + ${lib.optionalString (cfg.debug != false) "-debug"} \ + ${lib.optionalString (cfg.internal != null) "-internal=${toString cfg.internal}"} \ + ${lib.optionalString (cfg.public != null) "-public=${toString cfg.public}"} \ ${toString cfg.extraCmdLineOptions} ''; Restart = "on-failure"; @@ -251,23 +248,23 @@ in } ) )) eachBlockbook; - systemd.tmpfiles.rules = flatten (mapAttrsToList (blockbookName: cfg: [ + systemd.tmpfiles.rules = lib.flatten (lib.mapAttrsToList (blockbookName: cfg: [ "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/static 0750 ${cfg.user} ${cfg.group} - -" ]) eachBlockbook); - users.users = mapAttrs' (blockbookName: cfg: ( - nameValuePair "blockbook-frontend-${blockbookName}" { + users.users = lib.mapAttrs' (blockbookName: cfg: ( + lib.nameValuePair "blockbook-frontend-${blockbookName}" { name = cfg.user; group = cfg.group; home = cfg.dataDir; isSystemUser = true; })) eachBlockbook; - users.groups = mapAttrs' (instanceName: cfg: ( - nameValuePair "${cfg.group}" { })) eachBlockbook; + users.groups = lib.mapAttrs' (instanceName: cfg: ( + lib.nameValuePair "${cfg.group}" { })) eachBlockbook; }; - meta.maintainers = with maintainers; [ _1000101 ]; + meta.maintainers = with lib.maintainers; [ _1000101 ]; } From 8e6795a0296ae7c22cf38622246b32ba0dbca6de Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 077/148] nixos/services.blocky: remove `with lib;` --- nixos/modules/services/networking/blocky.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix index 4bc6ffa3f46ab..1260d9da7ac29 100644 --- a/nixos/modules/services/networking/blocky.nix +++ b/nixos/modules/services/networking/blocky.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.blocky; @@ -10,11 +7,11 @@ let in { options.services.blocky = { - enable = mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"; + enable = lib.mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"; - package = mkPackageOption pkgs "blocky" { }; + package = lib.mkPackageOption pkgs "blocky" { }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -25,14 +22,14 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.blocky = { description = "A DNS proxy and ad-blocker for the local network"; wantedBy = [ "multi-user.target" ]; serviceConfig = { DynamicUser = true; - ExecStart = "${getExe cfg.package} --config ${configFile}"; + ExecStart = "${lib.getExe cfg.package} --config ${configFile}"; Restart = "on-failure"; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; From 87c989da08bee3449907a3fbee38be78c944dfe9 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 078/148] nixos/services.cgit: remove `with lib;` --- nixos/modules/services/networking/cgit.nix | 97 +++++++++++----------- 1 file changed, 47 insertions(+), 50 deletions(-) diff --git a/nixos/modules/services/networking/cgit.nix b/nixos/modules/services/networking/cgit.nix index 910db84a2641c..208979364684d 100644 --- a/nixos/modules/services/networking/cgit.nix +++ b/nixos/modules/services/networking/cgit.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ...}: - -with lib; - let cfgs = config.services.cgit; - settingType = with types; oneOf [ bool int str ]; - repeatedSettingType = with types; oneOf [ settingType (listOf settingType) ]; + settingType = with lib.types; oneOf [ bool int str ]; + repeatedSettingType = with lib.types; oneOf [ settingType (listOf settingType) ]; - genAttrs' = names: f: listToAttrs (map f names); + genAttrs' = names: f: lib.listToAttrs (map f names); regexEscape = let @@ -20,9 +17,9 @@ let " " # \f / 0x0C ]; in - replaceStrings special (map (c: "\\${c}") special); + lib.replaceStrings special (map (c: "\\${c}") special); - stripLocation = cfg: removeSuffix "/" cfg.nginx.location; + stripLocation = cfg: lib.removeSuffix "/" cfg.nginx.location; regexLocation = cfg: regexEscape (stripLocation cfg); @@ -47,29 +44,29 @@ let # list value as multiple lines (for "readme" for example) cgitrcEntry = name: value: - if isList value then + if lib.isList value then map (cgitrcLine name) value else [ (cgitrcLine name value) ]; mkCgitrc = cfg: pkgs.writeText "cgitrc" '' # global settings - ${concatStringsSep "\n" ( - flatten (mapAttrsToList + ${lib.concatStringsSep "\n" ( + lib.flatten (lib.mapAttrsToList cgitrcEntry ({ virtual-root = cfg.nginx.location; } // cfg.settings) ) ) } - ${optionalString (cfg.scanPath != null) (cgitrcLine "scan-path" cfg.scanPath)} + ${lib.optionalString (cfg.scanPath != null) (cgitrcLine "scan-path" cfg.scanPath)} # repository settings - ${concatStrings ( - mapAttrsToList + ${lib.concatStrings ( + lib.mapAttrsToList (url: settings: '' ${cgitrcLine "repo.url" url} - ${concatStringsSep "\n" ( - mapAttrsToList (name: cgitrcLine "repo.${name}") settings + ${lib.concatStringsSep "\n" ( + lib.mapAttrsToList (name: cgitrcLine "repo.${name}") settings ) } '') @@ -90,32 +87,32 @@ let in { options = { - services.cgit = mkOption { + services.cgit = lib.mkOption { description = "Configure cgit instances."; default = {}; - type = types.attrsOf (types.submodule ({ config, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "cgit"; + enable = lib.mkEnableOption "cgit"; - package = mkPackageOption pkgs "cgit" {}; + package = lib.mkPackageOption pkgs "cgit" {}; - nginx.virtualHost = mkOption { + nginx.virtualHost = lib.mkOption { description = "VirtualHost to serve cgit on, defaults to the attribute name."; - type = types.str; + type = lib.types.str; default = config._module.args.name; example = "git.example.com"; }; - nginx.location = mkOption { + nginx.location = lib.mkOption { description = "Location to serve cgit under."; - type = types.str; + type = lib.types.str; default = "/"; example = "/git/"; }; - repos = mkOption { + repos = lib.mkOption { description = "cgit repository settings, see cgitrc(5)"; - type = with types; attrsOf (attrsOf settingType); + type = with lib.types; attrsOf (attrsOf settingType); default = {}; example = { blah = { @@ -125,18 +122,18 @@ in }; }; - scanPath = mkOption { + scanPath = lib.mkOption { description = "A path which will be scanned for repositories."; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/git"; }; - settings = mkOption { + settings = lib.mkOption { description = "cgit configuration, see cgitrc(5)"; - type = types.attrsOf repeatedSettingType; + type = lib.types.attrsOf repeatedSettingType; default = {}; - example = literalExpression '' + example = lib.literalExpression '' { enable-follow-links = true; source-filter = "''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; @@ -144,21 +141,21 @@ in ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { description = "These lines go to the end of cgitrc verbatim."; - type = types.lines; + type = lib.types.lines; default = ""; }; - user = mkOption { + user = lib.mkOption { description = "User to run the cgit service as."; - type = types.str; + type = lib.types.str; default = "cgit"; }; - group = mkOption { + group = lib.mkOption { description = "Group to run the cgit service as."; - type = types.str; + type = lib.types.str; default = "cgit"; }; }; @@ -166,13 +163,13 @@ in }; }; - config = mkIf (any (cfg: cfg.enable) (attrValues cfgs)) { - assertions = mapAttrsToList (vhost: cfg: { + config = lib.mkIf (lib.any (cfg: cfg.enable) (lib.attrValues cfgs)) { + assertions = lib.mapAttrsToList (vhost: cfg: { assertion = !cfg.enable || (cfg.scanPath == null) != (cfg.repos == {}); message = "Exactly one of services.cgit.${vhost}.scanPath or services.cgit.${vhost}.repos must be set."; }) cfgs; - users = mkMerge (flip mapAttrsToList cfgs (_: cfg: { + users = lib.mkMerge (lib.flip lib.mapAttrsToList cfgs (_: cfg: { users.${cfg.user} = { isSystemUser = true; inherit (cfg) group; @@ -180,23 +177,23 @@ in groups.${cfg.group} = { }; })); - services.fcgiwrap.instances = flip mapAttrs' cfgs (name: cfg: - nameValuePair "cgit-${name}" { + services.fcgiwrap.instances = lib.flip lib.mapAttrs' cfgs (name: cfg: + lib.nameValuePair "cgit-${name}" { process = { inherit (cfg) user group; }; socket = { inherit (config.services.nginx) user group; }; } ); - systemd.services = flip mapAttrs' cfgs (name: cfg: - nameValuePair (fcgiwrapUnitName name) - (mkIf (cfg.repos != { }) { + systemd.services = lib.flip lib.mapAttrs' cfgs (name: cfg: + lib.nameValuePair (fcgiwrapUnitName name) + (lib.mkIf (cfg.repos != { }) { serviceConfig.RuntimeDirectory = fcgiwrapUnitName name; preStart = '' - GIT_PROJECT_ROOT=${escapeShellArg (gitProjectRoot name cfg)} + GIT_PROJECT_ROOT=${lib.escapeShellArg (gitProjectRoot name cfg)} mkdir -p "$GIT_PROJECT_ROOT" cd "$GIT_PROJECT_ROOT" - ${concatLines (flip mapAttrsToList cfg.repos (name: repo: '' - ln -s ${escapeShellArg repo.path} ${escapeShellArg name} + ${lib.concatLines (lib.flip lib.mapAttrsToList cfg.repos (name: repo: '' + ln -s ${lib.escapeShellArg repo.path} ${lib.escapeShellArg name} ''))} ''; } @@ -204,12 +201,12 @@ in services.nginx.enable = true; - services.nginx.virtualHosts = mkMerge (mapAttrsToList (name: cfg: { + services.nginx.virtualHosts = lib.mkMerge (lib.mapAttrsToList (name: cfg: { ${cfg.nginx.virtualHost} = { locations = ( genAttrs' [ "cgit.css" "cgit.png" "favicon.ico" "robots.txt" ] - (fileName: nameValuePair "= ${stripLocation cfg}/${fileName}" { + (fileName: lib.nameValuePair "= ${stripLocation cfg}/${fileName}" { extraConfig = '' alias ${cfg.package}/cgit/${fileName}; ''; From f6077c6bcd5db83261bcfae4553e86115efd7002 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 079/148] nixos/services.chisel-server: remove `with lib;` --- .../services/networking/chisel-server.nix | 53 +++++++++---------- 1 file changed, 25 insertions(+), 28 deletions(-) diff --git a/nixos/modules/services/networking/chisel-server.nix b/nixos/modules/services/networking/chisel-server.nix index 9c6391701fafc..2b585c22f304d 100644 --- a/nixos/modules/services/networking/chisel-server.nix +++ b/nixos/modules/services/networking/chisel-server.nix @@ -1,69 +1,66 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.chisel-server; in { options = { services.chisel-server = { - enable = mkEnableOption "Chisel Tunnel Server"; - host = mkOption { + enable = lib.mkEnableOption "Chisel Tunnel Server"; + host = lib.mkOption { description = "Address to listen on, falls back to 0.0.0.0"; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = null; example = "[::1]"; }; - port = mkOption { + port = lib.mkOption { description = "Port to listen on, falls back to 8080"; - type = with types; nullOr port; + type = with lib.types; nullOr port; default = null; }; - authfile = mkOption { + authfile = lib.mkOption { description = "Path to auth.json file"; - type = with types; nullOr path; + type = with lib.types; nullOr path; default = null; }; - keepalive = mkOption { + keepalive = lib.mkOption { description = "Keepalive interval, falls back to 25s"; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = null; example = "5s"; }; - backend = mkOption { + backend = lib.mkOption { description = "HTTP server to proxy normal requests to"; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = null; example = "http://127.0.0.1:8888"; }; - socks5 = mkOption { + socks5 = lib.mkOption { description = "Allow clients access to internal SOCKS5 proxy"; - type = types.bool; + type = lib.types.bool; default = false; }; - reverse = mkOption { + reverse = lib.mkOption { description = "Allow clients reverse port forwarding"; - type = types.bool; + type = lib.types.bool; default = false; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.chisel-server = { description = "Chisel Tunnel Server"; wantedBy = [ "network-online.target" ]; serviceConfig = { - ExecStart = "${pkgs.chisel}/bin/chisel server " + concatStringsSep " " ( - optional (cfg.host != null) "--host ${cfg.host}" - ++ optional (cfg.port != null) "--port ${builtins.toString cfg.port}" - ++ optional (cfg.authfile != null) "--authfile ${cfg.authfile}" - ++ optional (cfg.keepalive != null) "--keepalive ${cfg.keepalive}" - ++ optional (cfg.backend != null) "--backend ${cfg.backend}" - ++ optional cfg.socks5 "--socks5" - ++ optional cfg.reverse "--reverse" + ExecStart = "${pkgs.chisel}/bin/chisel server " + lib.concatStringsSep " " ( + lib.optional (cfg.host != null) "--host ${cfg.host}" + ++ lib.optional (cfg.port != null) "--port ${builtins.toString cfg.port}" + ++ lib.optional (cfg.authfile != null) "--authfile ${cfg.authfile}" + ++ lib.optional (cfg.keepalive != null) "--keepalive ${cfg.keepalive}" + ++ lib.optional (cfg.backend != null) "--backend ${cfg.backend}" + ++ lib.optional cfg.socks5 "--socks5" + ++ lib.optional cfg.reverse "--reverse" ); # Security Hardening @@ -95,5 +92,5 @@ in { }; }; - meta.maintainers = with maintainers; [ clerie ]; + meta.maintainers = with lib.maintainers; [ clerie ]; } From 742185f18cbafd4dee839eaf25ab8a70437ae000 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 080/148] nixos/services.cjdns: remove `with lib;` --- nixos/modules/services/networking/cjdns.nix | 85 ++++++++++----------- 1 file changed, 41 insertions(+), 44 deletions(-) diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index f50031eb2ec4e..a7f39b3791815 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let pkg = pkgs.cjdns; @@ -11,28 +8,28 @@ let connectToSubmodule = { ... }: { options = - { password = mkOption { - type = types.str; + { password = lib.mkOption { + type = lib.types.str; description = "Authorized password to the opposite end of the tunnel."; }; - login = mkOption { + login = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = "(optional) name your peer has for you"; }; - peerName = mkOption { + peerName = lib.mkOption { default = ""; - type = types.str; + type = lib.types.str; description = "(optional) human-readable name for peer"; }; - publicKey = mkOption { - type = types.str; + publicKey = lib.mkOption { + type = lib.types.str; description = "Public key at the opposite end of the tunnel."; }; - hostname = mkOption { + hostname = lib.mkOption { default = ""; example = "foobar.hype"; - type = types.str; + type = lib.types.str; description = "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; }; }; @@ -41,16 +38,16 @@ let # Additional /etc/hosts entries for peers with an associated hostname cjdnsExtraHosts = pkgs.runCommand "cjdns-hosts" {} '' exec >$out - ${concatStringsSep "\n" (mapAttrsToList (k: v: - optionalString (v.hostname != "") + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: + lib.optionalString (v.hostname != "") "echo $(${pkgs.cjdns}/bin/publictoip6 ${v.publicKey}) ${v.hostname}") (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo))} ''; parseModules = x: - x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; + x // { connectTo = lib.mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; - cjdrouteConf = builtins.toJSON ( recursiveUpdate { + cjdrouteConf = builtins.toJSON ( lib.recursiveUpdate { admin = { bind = cfg.admin.bind; password = "@CJDNS_ADMIN_PASSWORD@"; @@ -84,8 +81,8 @@ in services.cjdns = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable the cjdns network encryption @@ -95,8 +92,8 @@ in ''; }; - extraConfig = mkOption { - type = types.attrs; + extraConfig = lib.mkOption { + type = lib.types.attrs; default = {}; example = { router.interface.tunDevice = "tun10"; }; description = '' @@ -105,8 +102,8 @@ in ''; }; - confFile = mkOption { - type = types.nullOr types.path; + confFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/etc/cjdroute.conf"; description = '' @@ -114,8 +111,8 @@ in ''; }; - authorizedPasswords = mkOption { - type = types.listOf types.str; + authorizedPasswords = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "snyrfgkqsc98qh1y4s5hbu0j57xw5s0" @@ -129,8 +126,8 @@ in }; admin = { - bind = mkOption { - type = types.str; + bind = lib.mkOption { + type = lib.types.str; default = "127.0.0.1:11234"; description = '' Bind the administration port to this address and port. @@ -139,18 +136,18 @@ in }; UDPInterface = { - bind = mkOption { - type = types.str; + bind = lib.mkOption { + type = lib.types.str; default = ""; example = "192.168.1.32:43211"; description = '' Address and port to bind UDP tunnels to. ''; }; - connectTo = mkOption { - type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); + connectTo = lib.mkOption { + type = lib.types.attrsOf ( lib.types.submodule ( connectToSubmodule ) ); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "192.168.1.1:27313" = { hostname = "homer.hype"; @@ -166,8 +163,8 @@ in }; ETHInterface = { - bind = mkOption { - type = types.str; + bind = lib.mkOption { + type = lib.types.str; default = ""; example = "eth0"; description = '' @@ -176,8 +173,8 @@ in ''; }; - beacon = mkOption { - type = types.int; + beacon = lib.mkOption { + type = lib.types.int; default = 2; description = '' Auto-connect to other cjdns nodes on the same network. @@ -193,10 +190,10 @@ in ''; }; - connectTo = mkOption { - type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); + connectTo = lib.mkOption { + type = lib.types.attrsOf ( lib.types.submodule ( connectToSubmodule ) ); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "01:02:03:04:05:06" = { hostname = "homer.hype"; @@ -212,8 +209,8 @@ in }; }; - addExtraHosts = mkOption { - type = types.bool; + addExtraHosts = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to add cjdns peers with an associated hostname to @@ -226,7 +223,7 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { boot.kernelModules = [ "tun" ]; @@ -238,7 +235,7 @@ in after = [ "network-online.target" ]; bindsTo = [ "network-online.target" ]; - preStart = optionalString (cfg.confFile == null) '' + preStart = lib.optionalString (cfg.confFile == null) '' [ -e /etc/cjdns.keys ] && source /etc/cjdns.keys if [ -z "$CJDNS_PRIVATE_KEY" ]; then @@ -283,7 +280,7 @@ in }; }; - networking.hostFiles = mkIf cfg.addExtraHosts [ cjdnsExtraHosts ]; + networking.hostFiles = lib.mkIf cfg.addExtraHosts [ cjdnsExtraHosts ]; assertions = [ { assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile != null ); From a3c69c111e63c4694d5ada25b8ce93517265a8d5 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 081/148] nixos/services.clatd: remove `with lib;` --- nixos/modules/services/networking/clatd.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/clatd.nix b/nixos/modules/services/networking/clatd.nix index de6cde4e979c0..09f7fdfb6e9e9 100644 --- a/nixos/modules/services/networking/clatd.nix +++ b/nixos/modules/services/networking/clatd.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.clatd; @@ -11,16 +9,16 @@ in { options = { services.clatd = { - enable = mkEnableOption "clatd"; + enable = lib.mkEnableOption "clatd"; - package = mkPackageOption pkgs "clatd" { }; + package = lib.mkPackageOption pkgs "clatd" { }; - settings = mkOption { - type = types.submodule ({ name, ... }: { + settings = lib.mkOption { + type = lib.types.submodule ({ name, ... }: { freeformType = settingsFormat.type; }); default = { }; - example = literalExpression '' + example = lib.literalExpression '' { plat-prefix = "64:ff9b::/96"; } @@ -32,7 +30,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.clatd = { description = "464XLAT CLAT daemon"; documentation = [ "man:clatd(8)" ]; From 14f2d0a94bbd0743ba135cddcb4dd9c64f61526a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 082/148] nixos/services.cloudflare-dyndns: remove `with lib;` --- .../services/networking/cloudflare-dyndns.nix | 45 +++++++++---------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/nixos/modules/services/networking/cloudflare-dyndns.nix b/nixos/modules/services/networking/cloudflare-dyndns.nix index 9495c8dcaf810..0f035362742ef 100644 --- a/nixos/modules/services/networking/cloudflare-dyndns.nix +++ b/nixos/modules/services/networking/cloudflare-dyndns.nix @@ -1,19 +1,16 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.cloudflare-dyndns; in { options = { services.cloudflare-dyndns = { - enable = mkEnableOption "Cloudflare Dynamic DNS Client"; + enable = lib.mkEnableOption "Cloudflare Dynamic DNS Client"; - package = mkPackageOption pkgs "cloudflare-dyndns" { }; + package = lib.mkPackageOption pkgs "cloudflare-dyndns" { }; - apiTokenFile = mkOption { - type = types.nullOr types.str; + apiTokenFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The path to a file containing the CloudFlare API token. @@ -22,16 +19,16 @@ in ''; }; - domains = mkOption { - type = types.listOf types.str; + domains = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; description = '' List of domain names to update records for. ''; }; - frequency = mkOption { - type = types.nullOr types.str; + frequency = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = "*:0/5"; description = '' Run cloudflare-dyndns with the given frequency (see @@ -40,32 +37,32 @@ in ''; }; - proxied = mkOption { - type = types.bool; + proxied = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether this is a DNS-only record, or also being proxied through CloudFlare. ''; }; - ipv4 = mkOption { - type = types.bool; + ipv4 = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable setting IPv4 A records. ''; }; - ipv6 = mkOption { - type = types.bool; + ipv6 = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable setting IPv6 AAAA records. ''; }; - deleteMissing = mkOption { - type = types.bool; + deleteMissing = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to delete the record when no IP address is found. @@ -74,7 +71,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.cloudflare-dyndns = { description = "CloudFlare Dynamic DNS Client"; after = [ "network.target" ]; @@ -94,12 +91,12 @@ in args = [ "--cache-file /var/lib/cloudflare-dyndns/ip.cache" ] ++ (if cfg.ipv4 then [ "-4" ] else [ "-no-4" ]) ++ (if cfg.ipv6 then [ "-6" ] else [ "-no-6" ]) - ++ optional cfg.deleteMissing "--delete-missing" - ++ optional cfg.proxied "--proxied"; + ++ lib.optional cfg.deleteMissing "--delete-missing" + ++ lib.optional cfg.proxied "--proxied"; in - "${getExe cfg.package} ${toString args}"; + "${lib.getExe cfg.package} ${toString args}"; }; - } // optionalAttrs (cfg.frequency != null) { + } // lib.optionalAttrs (cfg.frequency != null) { startAt = cfg.frequency; }; }; From 5506afac27c5cf8c7e5084bdfbcb3ea5def613ed Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:03 +0200 Subject: [PATCH 083/148] nixos/services.cloudflared: remove `with lib;` --- .../services/networking/cloudflared.nix | 133 +++++++++--------- 1 file changed, 65 insertions(+), 68 deletions(-) diff --git a/nixos/modules/services/networking/cloudflared.nix b/nixos/modules/services/networking/cloudflared.nix index c0d1012ffb80d..c328d1de43c64 100644 --- a/nixos/modules/services/networking/cloudflared.nix +++ b/nixos/modules/services/networking/cloudflared.nix @@ -1,13 +1,10 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.cloudflared; originRequest = { - connectTimeout = mkOption { - type = with types; nullOr str; + connectTimeout = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "30s"; description = '' @@ -15,8 +12,8 @@ let ''; }; - tlsTimeout = mkOption { - type = with types; nullOr str; + tlsTimeout = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "10s"; description = '' @@ -24,8 +21,8 @@ let ''; }; - tcpKeepAlive = mkOption { - type = with types; nullOr str; + tcpKeepAlive = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "30s"; description = '' @@ -33,8 +30,8 @@ let ''; }; - noHappyEyeballs = mkOption { - type = with types; nullOr bool; + noHappyEyeballs = lib.mkOption { + type = with lib.types; nullOr bool; default = null; example = false; description = '' @@ -42,8 +39,8 @@ let ''; }; - keepAliveConnections = mkOption { - type = with types; nullOr int; + keepAliveConnections = lib.mkOption { + type = with lib.types; nullOr int; default = null; example = 100; description = '' @@ -51,8 +48,8 @@ let ''; }; - keepAliveTimeout = mkOption { - type = with types; nullOr str; + keepAliveTimeout = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "1m30s"; description = '' @@ -60,8 +57,8 @@ let ''; }; - httpHostHeader = mkOption { - type = with types; nullOr str; + httpHostHeader = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = ""; description = '' @@ -69,8 +66,8 @@ let ''; }; - originServerName = mkOption { - type = with types; nullOr str; + originServerName = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = ""; description = '' @@ -78,8 +75,8 @@ let ''; }; - caPool = mkOption { - type = with types; nullOr (either str path); + caPool = lib.mkOption { + type = with lib.types; nullOr (either str path); default = null; example = ""; description = '' @@ -87,8 +84,8 @@ let ''; }; - noTLSVerify = mkOption { - type = with types; nullOr bool; + noTLSVerify = lib.mkOption { + type = with lib.types; nullOr bool; default = null; example = false; description = '' @@ -96,8 +93,8 @@ let ''; }; - disableChunkedEncoding = mkOption { - type = with types; nullOr bool; + disableChunkedEncoding = lib.mkOption { + type = with lib.types; nullOr bool; default = null; example = false; description = '' @@ -105,8 +102,8 @@ let ''; }; - proxyAddress = mkOption { - type = with types; nullOr str; + proxyAddress = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "127.0.0.1"; description = '' @@ -114,8 +111,8 @@ let ''; }; - proxyPort = mkOption { - type = with types; nullOr int; + proxyPort = lib.mkOption { + type = with lib.types; nullOr int; default = null; example = 0; description = '' @@ -123,8 +120,8 @@ let ''; }; - proxyType = mkOption { - type = with types; nullOr (enum [ "" "socks" ]); + proxyType = lib.mkOption { + type = with lib.types; nullOr (enum [ "" "socks" ]); default = null; example = ""; description = '' @@ -138,32 +135,32 @@ let in { options.services.cloudflared = { - enable = mkEnableOption "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"; + enable = lib.mkEnableOption "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "cloudflared"; description = "User account under which Cloudflared runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "cloudflared"; description = "Group under which cloudflared runs."; }; - package = mkPackageOption pkgs "cloudflared" { }; + package = lib.mkPackageOption pkgs "cloudflared" { }; - tunnels = mkOption { + tunnels = lib.mkOption { description = '' Cloudflare tunnels. ''; - type = types.attrsOf (types.submodule ({ name, ... }: { + type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { inherit originRequest; - credentialsFile = mkOption { - type = types.str; + credentialsFile = lib.mkOption { + type = lib.types.str; description = '' Credential file. @@ -172,8 +169,8 @@ in }; warp-routing = { - enabled = mkOption { - type = with types; nullOr bool; + enabled = lib.mkOption { + type = with lib.types; nullOr bool; default = null; description = '' Enable warp routing. @@ -183,8 +180,8 @@ in }; }; - default = mkOption { - type = types.str; + default = lib.mkOption { + type = lib.types.str; description = '' Catch-all service if no ingress matches. @@ -193,13 +190,13 @@ in example = "http_status:404"; }; - ingress = mkOption { - type = with types; attrsOf (either str (submodule ({ hostname, ... }: { + ingress = lib.mkOption { + type = with lib.types; attrsOf (either str (submodule ({ hostname, ... }: { options = { inherit originRequest; - service = mkOption { - type = with types; nullOr str; + service = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Service to pass the traffic. @@ -209,8 +206,8 @@ in example = "http://localhost:80, tcp://localhost:8000, unix:/home/production/echo.sock, hello_world or http_status:404"; }; - path = mkOption { - type = with types; nullOr str; + path = lib.mkOption { + type = with lib.types; nullOr str; default = null; description = '' Path filter. @@ -251,11 +248,11 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.targets = - mapAttrs' + lib.mapAttrs' (name: tunnel: - nameValuePair "cloudflared-tunnel-${name}" { + lib.nameValuePair "cloudflared-tunnel-${name}" { description = "Cloudflare tunnel '${name}' target"; requires = [ "cloudflared-tunnel-${name}.service" ]; after = [ "cloudflared-tunnel-${name}.service" ]; @@ -265,41 +262,41 @@ in config.services.cloudflared.tunnels; systemd.services = - mapAttrs' + lib.mapAttrs' (name: tunnel: let filterConfig = lib.attrsets.filterAttrsRecursive (_: v: ! builtins.elem v [ null [ ] { } ]); - filterIngressSet = filterAttrs (_: v: builtins.typeOf v == "set"); - filterIngressStr = filterAttrs (_: v: builtins.typeOf v == "string"); + filterIngressSet = lib.filterAttrs (_: v: builtins.typeOf v == "set"); + filterIngressStr = lib.filterAttrs (_: v: builtins.typeOf v == "string"); ingressesSet = filterIngressSet tunnel.ingress; ingressesStr = filterIngressStr tunnel.ingress; - fullConfig = filterConfig { + fullConfig = lib.filterConfig { tunnel = name; "credentials-file" = tunnel.credentialsFile; - warp-routing = filterConfig tunnel.warp-routing; - originRequest = filterConfig tunnel.originRequest; + warp-routing = lib.filterConfig tunnel.warp-routing; + originRequest = lib.filterConfig tunnel.originRequest; ingress = (map (key: { hostname = key; - } // getAttr key (filterConfig (filterConfig ingressesSet))) - (attrNames ingressesSet)) + } // lib.getAttr key (filterConfig (filterConfig ingressesSet))) + (lib.attrNames ingressesSet)) ++ (map (key: { hostname = key; - service = getAttr key ingressesStr; + service = lib.getAttr key ingressesStr; }) - (attrNames ingressesStr)) + (lib.attrNames ingressesStr)) ++ [{ service = tunnel.default; }]; }; mkConfigFile = pkgs.writeText "cloudflared.yml" (builtins.toJSON fullConfig); in - nameValuePair "cloudflared-tunnel-${name}" ({ + lib.nameValuePair "cloudflared-tunnel-${name}" ({ after = [ "network.target" "network-online.target" ]; wants = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; @@ -313,17 +310,17 @@ in ) config.services.cloudflared.tunnels; - users.users = mkIf (cfg.user == "cloudflared") { + users.users = lib.mkIf (cfg.user == "cloudflared") { cloudflared = { group = cfg.group; isSystemUser = true; }; }; - users.groups = mkIf (cfg.group == "cloudflared") { + users.groups = lib.mkIf (cfg.group == "cloudflared") { cloudflared = { }; }; }; - meta.maintainers = with maintainers; [ bbigras anpin ]; + meta.maintainers = with lib.maintainers; [ bbigras anpin ]; } From 543833269065e1971fe5214c090caebdc405b779 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 084/148] nixos/services.cntlm: remove `with lib;` --- nixos/modules/services/networking/cntlm.nix | 51 ++++++++++----------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/cntlm.nix b/nixos/modules/services/networking/cntlm.nix index 16e9c3bb87b5c..4615380c41ebe 100644 --- a/nixos/modules/services/networking/cntlm.nix +++ b/nixos/modules/services/networking/cntlm.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.cntlm; @@ -16,11 +13,11 @@ let Username ${cfg.username} Domain ${cfg.domain} Password ${cfg.password} - ${optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"} - ${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy} - ${optionalString (cfg.noproxy != []) "NoProxy ${concatStringsSep ", " cfg.noproxy}"} + ${lib.optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"} + ${lib.concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy} + ${lib.optionalString (cfg.noproxy != []) "NoProxy ${lib.concatStringsSep ", " cfg.noproxy}"} - ${concatMapStrings (port: '' + ${lib.concatMapStrings (port: '' Listen ${toString port} '') cfg.port} @@ -33,36 +30,36 @@ in options.services.cntlm = { - enable = mkEnableOption "cntlm, which starts a local proxy"; + enable = lib.mkEnableOption "cntlm, which starts a local proxy"; - username = mkOption { - type = types.str; + username = lib.mkOption { + type = lib.types.str; description = '' Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). ''; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; description = "Proxy account domain/workgroup name."; }; - password = mkOption { + password = lib.mkOption { default = "/etc/cntlm.password"; - type = types.str; + type = lib.types.str; description = "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security."; }; - netbios_hostname = mkOption { - type = types.str; + netbios_hostname = lib.mkOption { + type = lib.types.str; default = ""; description = '' The hostname of your machine. ''; }; - proxy = mkOption { - type = types.listOf types.str; + proxy = lib.mkOption { + type = lib.types.listOf lib.types.str; description = '' A list of NTLM/NTLMv2 authenticating HTTP proxies. @@ -73,29 +70,29 @@ in example = [ "proxy.example.com:81" ]; }; - noproxy = mkOption { + noproxy = lib.mkOption { description = '' A list of domains where the proxy is skipped. ''; default = []; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; example = [ "*.example.com" "example.com" ]; }; - port = mkOption { + port = lib.mkOption { default = [3128]; - type = types.listOf types.port; + type = lib.types.listOf lib.types.port; description = "Specifies on which ports the cntlm daemon listens."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Additional config appended to the end of the generated {file}`cntlm.conf`."; }; - configText = mkOption { - type = types.lines; + configText = lib.mkOption { + type = lib.types.lines; default = ""; description = "Verbatim contents of {file}`cntlm.conf`."; }; @@ -104,7 +101,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.cntlm = { description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy"; after = [ "network.target" ]; From 6c6b5e7f8067725b2fab0326990b110d12a0dc1d Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 085/148] nixos/services.consul: remove `with lib;` --- nixos/modules/services/networking/consul.nix | 92 ++++++++++---------- 1 file changed, 45 insertions(+), 47 deletions(-) diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index 2d9b10514a722..855d3872aa62e 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, utils, ... }: - -with lib; let dataDir = "/var/lib/consul"; @@ -16,8 +14,8 @@ let configFiles = [ "/etc/consul.json" "/etc/consul-addrs.json" ] ++ cfg.extraConfigFiles; - devices = attrValues (filterAttrs (_: i: i != null) cfg.interface); - systemdDevices = forEach devices + devices = lib.attrValues (lib.filterAttrs (_: i: i != null) cfg.interface); + systemdDevices = lib.forEach devices (i: "sys-subsystem-net-devices-${utils.escapeSystemdPath i}.device"); in { @@ -25,26 +23,26 @@ in services.consul = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enables the consul daemon. ''; }; - package = mkPackageOption pkgs "consul" { }; + package = lib.mkPackageOption pkgs "consul" { }; - webUi = mkOption { - type = types.bool; + webUi = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enables the web interface on the consul http port. ''; }; - leaveOnStop = mkOption { - type = types.bool; + leaveOnStop = lib.mkOption { + type = lib.types.bool; default = false; description = '' If enabled, causes a leave action to be sent when closing consul. @@ -57,16 +55,16 @@ in interface = { - advertise = mkOption { - type = types.nullOr types.str; + advertise = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The name of the interface to pull the advertise_addr from. ''; }; - bind = mkOption { - type = types.nullOr types.str; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The name of the interface to pull the bind_addr from. @@ -74,16 +72,16 @@ in }; }; - forceAddrFamily = mkOption { - type = types.enum [ "any" "ipv4" "ipv6" ]; + forceAddrFamily = lib.mkOption { + type = lib.types.enum [ "any" "ipv4" "ipv6" ]; default = "any"; description = '' Whether to bind ipv4/ipv6 or both kind of addresses. ''; }; - forceIpv4 = mkOption { - type = types.nullOr types.bool; + forceIpv4 = lib.mkOption { + type = lib.types.nullOr lib.types.bool; default = null; description = '' Deprecated: Use consul.forceAddrFamily instead. @@ -91,26 +89,26 @@ in ''; }; - dropPrivileges = mkOption { - type = types.bool; + dropPrivileges = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether the consul agent should be run as a non-root consul user. ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = { }; - type = types.attrsOf types.anything; + type = lib.types.attrsOf lib.types.anything; description = '' Extra configuration options which are serialized to json and added to the config.json file. ''; }; - extraConfigFiles = mkOption { + extraConfigFiles = lib.mkOption { default = [ ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = '' Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered. @@ -118,32 +116,32 @@ in }; alerts = { - enable = mkEnableOption "consul-alerts"; + enable = lib.mkEnableOption "consul-alerts"; - package = mkPackageOption pkgs "consul-alerts" { }; + package = lib.mkPackageOption pkgs "consul-alerts" { }; - listenAddr = mkOption { + listenAddr = lib.mkOption { description = "Api listening address."; default = "localhost:9000"; - type = types.str; + type = lib.types.str; }; - consulAddr = mkOption { + consulAddr = lib.mkOption { description = "Consul api listening address"; default = "localhost:8500"; - type = types.str; + type = lib.types.str; }; - watchChecks = mkOption { + watchChecks = lib.mkOption { description = "Whether to enable check watcher."; default = true; - type = types.bool; + type = lib.types.bool; }; - watchEvents = mkOption { + watchEvents = lib.mkOption { description = "Whether to enable event watcher."; default = true; - type = types.bool; + type = lib.types.bool; }; }; @@ -151,8 +149,8 @@ in }; - config = mkIf cfg.enable ( - mkMerge [{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [{ users.users.consul = { description = "Consul agent daemon user"; @@ -182,18 +180,18 @@ in after = [ "network.target" ] ++ systemdDevices; bindsTo = systemdDevices; restartTriggers = [ config.environment.etc."consul.json".source ] - ++ mapAttrsToList (_: d: d.source) - (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc); + ++ lib.mapAttrsToList (_: d: d.source) + (lib.filterAttrs (n: _: lib.hasPrefix "consul.d/" n) config.environment.etc); serviceConfig = { ExecStart = "@${lib.getExe cfg.package} consul agent -config-dir /etc/consul.d" - + concatMapStrings (n: " -config-file ${n}") configFiles; + + lib.concatMapStrings (n: " -config-file ${n}") configFiles; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; PermissionsStartOnly = true; User = if cfg.dropPrivileges then "consul" else null; Restart = "on-failure"; TimeoutStartSec = "infinity"; - } // (optionalAttrs (cfg.leaveOnStop) { + } // (lib.optionalAttrs (cfg.leaveOnStop) { ExecStop = "${lib.getExe cfg.package} leave"; }); @@ -231,8 +229,8 @@ in echo "{" > /etc/consul-addrs.json delim=" " '' - + concatStrings (flip mapAttrsToList cfg.interface (name: i: - optionalString (i != null) '' + + lib.concatStrings (lib.flip lib.mapAttrsToList cfg.interface (name: i: + lib.optionalString (i != null) '' echo "$delim \"${name}_addr\": \"$(getAddr "${i}")\"" >> /etc/consul-addrs.json delim="," '')) @@ -243,11 +241,11 @@ in } # deprecated - (mkIf (cfg.forceIpv4 != null && cfg.forceIpv4) { + (lib.mkIf (cfg.forceIpv4 != null && cfg.forceIpv4) { services.consul.forceAddrFamily = "ipv4"; }) - (mkIf (cfg.alerts.enable) { + (lib.mkIf (cfg.alerts.enable) { systemd.services.consul-alerts = { wantedBy = [ "multi-user.target" ]; after = [ "consul.service" ]; @@ -259,8 +257,8 @@ in ${lib.getExe cfg.alerts.package} start \ --alert-addr=${cfg.alerts.listenAddr} \ --consul-addr=${cfg.alerts.consulAddr} \ - ${optionalString cfg.alerts.watchChecks "--watch-checks"} \ - ${optionalString cfg.alerts.watchEvents "--watch-events"} + ${lib.optionalString cfg.alerts.watchChecks "--watch-checks"} \ + ${lib.optionalString cfg.alerts.watchEvents "--watch-events"} ''; User = if cfg.dropPrivileges then "consul" else null; Restart = "on-failure"; From c4bbbbbb10438bb650cab7ca2ac1b262091d9369 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 086/148] nixos/services.coredns: remove `with lib;` --- nixos/modules/services/networking/coredns.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/networking/coredns.nix b/nixos/modules/services/networking/coredns.nix index 370b9e6e8043f..14602e06fe820 100644 --- a/nixos/modules/services/networking/coredns.nix +++ b/nixos/modules/services/networking/coredns.nix @@ -1,39 +1,36 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.coredns; configFile = pkgs.writeText "Corefile" cfg.config; in { options.services.coredns = { - enable = mkEnableOption "Coredns dns server"; + enable = lib.mkEnableOption "Coredns dns server"; - config = mkOption { + config = lib.mkOption { default = ""; example = '' . { whoami } ''; - type = types.lines; + type = lib.types.lines; description = '' Verbatim Corefile to use. See for details. ''; }; - package = mkPackageOption pkgs "coredns" { }; + package = lib.mkPackageOption pkgs "coredns" { }; - extraArgs = mkOption { + extraArgs = lib.mkOption { default = []; example = [ "-dns.port=53" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "Extra arguments to pass to coredns."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.coredns = { description = "Coredns dns server"; after = [ "network.target" ]; @@ -46,7 +43,7 @@ in { AmbientCapabilities = "cap_net_bind_service"; NoNewPrivileges = true; DynamicUser = true; - ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile} ${lib.escapeShellArgs cfg.extraArgs}"; + ExecStart = "${lib.getBin cfg.package}/bin/coredns -conf=${configFile} ${lib.escapeShellArgs cfg.extraArgs}"; ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID"; Restart = "on-failure"; }; From bd2d5c89ce54bc7e385222028b00faf21c6523f8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 087/148] nixos/services.corerad: remove `with lib;` --- nixos/modules/services/networking/corerad.nix | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix index 2203aa30c1613..edeee881008fc 100644 --- a/nixos/modules/services/networking/corerad.nix +++ b/nixos/modules/services/networking/corerad.nix @@ -1,20 +1,17 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.corerad; settingsFormat = pkgs.formats.toml {}; in { - meta.maintainers = with maintainers; [ mdlayher ]; + meta.maintainers = with lib.maintainers; [ mdlayher ]; options.services.corerad = { - enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; + enable = lib.mkEnableOption "CoreRAD IPv6 NDP RA daemon"; - settings = mkOption { + settings = lib.mkOption { type = settingsFormat.type; - example = literalExpression '' + example = lib.literalExpression '' { interfaces = [ # eth0 is an upstream interface monitoring for IPv6 router advertisements. @@ -42,18 +39,18 @@ in { ''; }; - configFile = mkOption { - type = types.path; - example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; + configFile = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; description = "Path to CoreRAD TOML configuration file."; }; - package = mkPackageOption pkgs "corerad" { }; + package = lib.mkPackageOption pkgs "corerad" { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Prefer the config file over settings if both are set. - services.corerad.configFile = mkDefault (settingsFormat.generate "corerad.toml" cfg.settings); + services.corerad.configFile = lib.mkDefault (settingsFormat.generate "corerad.toml" cfg.settings); systemd.services.corerad = { description = "CoreRAD IPv6 NDP RA daemon"; @@ -68,7 +65,7 @@ in { DynamicUser = true; Type = "notify"; NotifyAccess = "main"; - ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; + ExecStart = "${lib.getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; Restart = "on-failure"; RestartKillSignal = "SIGHUP"; }; From 7fcd972c941c6200afdd1b364d02eb0961f8fe9e Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 088/148] nixos/services.coturn: remove `with lib;` --- nixos/modules/services/networking/coturn.nix | 135 +++++++++---------- 1 file changed, 67 insertions(+), 68 deletions(-) diff --git a/nixos/modules/services/networking/coturn.nix b/nixos/modules/services/networking/coturn.nix index 3166c0dfb578d..40c157d1006e3 100644 --- a/nixos/modules/services/networking/coturn.nix +++ b/nixos/modules/services/networking/coturn.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.coturn; pidfile = "/run/turnserver/turnserver.pid"; @@ -8,8 +7,8 @@ listening-port=${toString cfg.listening-port} tls-listening-port=${toString cfg.tls-listening-port} alt-listening-port=${toString cfg.alt-listening-port} alt-tls-listening-port=${toString cfg.alt-tls-listening-port} -${concatStringsSep "\n" (map (x: "listening-ip=${x}") cfg.listening-ips)} -${concatStringsSep "\n" (map (x: "relay-ip=${x}") cfg.relay-ips)} +${lib.concatStringsSep "\n" (map (x: "listening-ip=${x}") cfg.listening-ips)} +${lib.concatStringsSep "\n" (map (x: "relay-ip=${x}") cfg.relay-ips)} min-port=${toString cfg.min-port} max-port=${toString cfg.max-port} ${lib.optionalString cfg.lt-cred-mech "lt-cred-mech"} @@ -40,9 +39,9 @@ ${cfg.extraConfig} in { options = { services.coturn = { - enable = mkEnableOption "coturn TURN server"; - listening-port = mkOption { - type = types.int; + enable = lib.mkEnableOption "coturn TURN server"; + listening-port = lib.mkOption { + type = lib.types.int; default = 3478; description = '' TURN listener port for UDP and TCP. @@ -50,8 +49,8 @@ in { "plain" TCP and UDP port(s), too - if allowed by configuration. ''; }; - tls-listening-port = mkOption { - type = types.int; + tls-listening-port = lib.mkOption { + type = lib.types.int; default = 5349; description = '' TURN listener port for TLS. @@ -65,10 +64,10 @@ in { For secure UDP connections, we support DTLS version 1. ''; }; - alt-listening-port = mkOption { - type = types.int; + alt-listening-port = lib.mkOption { + type = lib.types.int; default = cfg.listening-port + 1; - defaultText = literalExpression "listening-port + 1"; + defaultText = lib.literalExpression "listening-port + 1"; description = '' Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". @@ -80,16 +79,16 @@ in { are listening to that endpoint only for "symmetry". ''; }; - alt-tls-listening-port = mkOption { - type = types.int; + alt-tls-listening-port = lib.mkOption { + type = lib.types.int; default = cfg.tls-listening-port + 1; - defaultText = literalExpression "tls-listening-port + 1"; + defaultText = lib.literalExpression "tls-listening-port + 1"; description = '' Alternative listening port for TLS and DTLS protocols. ''; }; - listening-ips = mkOption { - type = types.listOf types.str; + listening-ips = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; description = '' @@ -98,8 +97,8 @@ in { then all IPv4 and IPv6 system IPs will be used for listening. ''; }; - relay-ips = mkOption { - type = types.listOf types.str; + relay-ips = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; description = '' @@ -115,29 +114,29 @@ in { as the family of the client socket). ''; }; - min-port = mkOption { - type = types.int; + min-port = lib.mkOption { + type = lib.types.int; default = 49152; description = '' Lower bound of UDP relay endpoints ''; }; - max-port = mkOption { - type = types.int; + max-port = lib.mkOption { + type = lib.types.int; default = 65535; description = '' Upper bound of UDP relay endpoints ''; }; - lt-cred-mech = mkOption { - type = types.bool; + lt-cred-mech = lib.mkOption { + type = lib.types.bool; default = false; description = '' Use long-term credential mechanism. ''; }; - no-auth = mkOption { - type = types.bool; + no-auth = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option is opposite to lt-cred-mech. @@ -148,8 +147,8 @@ in { lt-cred-mech is default. ''; }; - use-auth-secret = mkOption { - type = types.bool; + use-auth-secret = lib.mkOption { + type = lib.types.bool; default = false; description = '' TURN REST API flag. @@ -172,8 +171,8 @@ in { or can be found in the turn_secret table in the database. ''; }; - static-auth-secret = mkOption { - type = types.nullOr types.str; + static-auth-secret = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' 'Static' authentication secret value (a string) for TURN REST API only. @@ -183,17 +182,17 @@ in { by a separate program, so this is why that other mode is 'dynamic'. ''; }; - static-auth-secret-file = mkOption { - type = types.nullOr types.str; + static-auth-secret-file = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Path to the file containing the static authentication secret. ''; }; - realm = mkOption { - type = types.str; + realm = lib.mkOption { + type = lib.types.str; default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; + defaultText = lib.literalExpression "config.networking.hostName"; example = "example.com"; description = '' The default realm to be used for the users when no explicit @@ -203,60 +202,60 @@ in { mechanism or with TURN REST API. ''; }; - cert = mkOption { - type = types.nullOr types.str; + cert = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/var/lib/acme/example.com/fullchain.pem"; description = '' Certificate file in PEM format. ''; }; - pkey = mkOption { - type = types.nullOr types.str; + pkey = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; example = "/var/lib/acme/example.com/key.pem"; description = '' Private key file in PEM format. ''; }; - dh-file = mkOption { - type = types.nullOr types.str; + dh-file = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Use custom DH TLS key, stored in PEM format in the file. ''; }; - secure-stun = mkOption { - type = types.bool; + secure-stun = lib.mkOption { + type = lib.types.bool; default = false; description = '' Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality. ''; }; - no-cli = mkOption { - type = types.bool; + no-cli = lib.mkOption { + type = lib.types.bool; default = false; description = '' Turn OFF the CLI support. ''; }; - cli-ip = mkOption { - type = types.str; + cli-ip = lib.mkOption { + type = lib.types.str; default = "127.0.0.1"; description = '' Local system IP address to be used for CLI server endpoint. ''; }; - cli-port = mkOption { - type = types.int; + cli-port = lib.mkOption { + type = lib.types.int; default = 5766; description = '' CLI server port. ''; }; - cli-password = mkOption { - type = types.nullOr types.str; + cli-password = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' CLI access password. @@ -264,45 +263,45 @@ in { for of the password (see the -P command in the turnadmin utility). ''; }; - no-udp = mkOption { - type = types.bool; + no-udp = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable UDP client listener"; }; - no-tcp = mkOption { - type = types.bool; + no-tcp = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable TCP client listener"; }; - no-tls = mkOption { - type = types.bool; + no-tls = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable TLS client listener"; }; - no-dtls = mkOption { - type = types.bool; + no-dtls = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable DTLS client listener"; }; - no-udp-relay = mkOption { - type = types.bool; + no-udp-relay = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable UDP relay endpoints"; }; - no-tcp-relay = mkOption { - type = types.bool; + no-tcp-relay = lib.mkOption { + type = lib.types.bool; default = false; description = "Disable TCP relay endpoints"; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Additional configuration options"; }; }; }; - config = mkIf cfg.enable (mkMerge ([ + config = lib.mkIf cfg.enable (lib.mkMerge ([ { assertions = [ { assertion = cfg.static-auth-secret != null -> cfg.static-auth-secret-file == null ; message = "static-auth-secret and static-auth-secret-file cannot be set at the same time"; @@ -334,7 +333,7 @@ in { preStart = '' cat ${configFile} > ${runConfig} - ${optionalString (cfg.static-auth-secret-file != null) '' + ${lib.optionalString (cfg.static-auth-secret-file != null) '' ${pkgs.replace-secret}/bin/replace-secret \ "#static-auth-secret#" \ ${cfg.static-auth-secret-file} \ @@ -349,7 +348,7 @@ in { User = "turnserver"; Group = "turnserver"; AmbientCapabilities = - mkIf ( + lib.mkIf ( cfg.listening-port < 1024 || cfg.alt-listening-port < 1024 || cfg.tls-listening-port < 1024 || From 458914929978a8deb6d87a1457c7d446e1c1a2b0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 089/148] nixos/services.create_ap: remove `with lib;` --- nixos/modules/services/networking/create_ap.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/create_ap.nix b/nixos/modules/services/networking/create_ap.nix index 9bdbcee018edc..cebea3c9059cc 100644 --- a/nixos/modules/services/networking/create_ap.nix +++ b/nixos/modules/services/networking/create_ap.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.create_ap; - configFile = pkgs.writeText "create_ap.conf" (generators.toKeyValue { } cfg.settings); + configFile = pkgs.writeText "create_ap.conf" (lib.generators.toKeyValue { } cfg.settings); in { options = { services.create_ap = { - enable = mkEnableOption "setting up wifi hotspots using create_ap"; - settings = mkOption { - type = with types; attrsOf (oneOf [ int bool str ]); + enable = lib.mkEnableOption "setting up wifi hotspots using create_ap"; + settings = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ int bool str ]); default = {}; description = '' Configuration for `create_ap`. @@ -27,7 +24,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { services.create_ap = { From 657cd334e634a1bcd3b5a984dde35f7f5a059766 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:04 +0200 Subject: [PATCH 090/148] nixos/services.dante: remove `with lib;` --- nixos/modules/services/networking/dante.nix | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/dante.nix b/nixos/modules/services/networking/dante.nix index d5e76b83986b0..aef518ddbfd97 100644 --- a/nixos/modules/services/networking/dante.nix +++ b/nixos/modules/services/networking/dante.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.dante; confFile = pkgs.writeText "dante-sockd.conf" '' @@ -14,15 +12,15 @@ in { meta = { - maintainers = with maintainers; [ arobyn ]; + maintainers = with lib.maintainers; [ arobyn ]; }; options = { services.dante = { - enable = mkEnableOption "Dante SOCKS proxy"; + enable = lib.mkEnableOption "Dante SOCKS proxy"; - config = mkOption { - type = types.lines; + config = lib.mkOption { + type = lib.types.lines; description = '' Contents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service. @@ -31,7 +29,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.config != ""; message = "please provide Dante configuration file contents"; From 8681b42c62186f8aff19a8b36ed56537decbc8c0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:05 +0200 Subject: [PATCH 091/148] nixos/services.ddclient: remove `with lib;` --- .../modules/services/networking/ddclient.nix | 57 +++++++++---------- 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 272a50eb92de8..da76ff5153d6c 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -1,5 +1,4 @@ { config, pkgs, lib, ... }: - let cfg = config.services.ddclient; boolToStr = bool: if bool then "yes" else "no"; @@ -39,21 +38,17 @@ let sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf '')} ''; - in - -with lib; - { imports = [ - (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] + (lib.mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] (config: - let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; - in optional (value != "") value)) - (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") - (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") - (mkRemovedOptionModule [ "services" "ddclient" "ipv6" ] "") + let value = lib.getAttrFromPath [ "services" "ddclient" "domain" ] config; + in lib.optional (value != "") value)) + (lib.mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") + (lib.mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") + (lib.mkRemovedOptionModule [ "services" "ddclient" "ipv6" ] "") ]; ###### interface @@ -62,7 +57,7 @@ with lib; services.ddclient = with lib.types; { - enable = mkOption { + enable = lib.mkOption { default = false; type = bool; description = '' @@ -70,7 +65,7 @@ with lib; ''; }; - package = mkOption { + package = lib.mkOption { type = package; default = pkgs.ddclient; defaultText = lib.literalExpression "pkgs.ddclient"; @@ -79,7 +74,7 @@ with lib; ''; }; - domains = mkOption { + domains = lib.mkOption { default = [ "" ]; type = listOf str; description = '' @@ -87,7 +82,7 @@ with lib; ''; }; - username = mkOption { + username = lib.mkOption { # For `nsupdate` username contains the path to the nsupdate executable default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; defaultText = ""; @@ -97,7 +92,7 @@ with lib; ''; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { default = null; type = nullOr str; description = '' @@ -105,7 +100,7 @@ with lib; ''; }; - interval = mkOption { + interval = lib.mkOption { default = "10min"; type = str; description = '' @@ -114,7 +109,7 @@ with lib; ''; }; - configFile = mkOption { + configFile = lib.mkOption { default = null; type = nullOr path; description = '' @@ -124,7 +119,7 @@ with lib; example = "/root/nixos/secrets/ddclient.conf"; }; - protocol = mkOption { + protocol = lib.mkOption { default = "dyndns2"; type = str; description = '' @@ -132,7 +127,7 @@ with lib; ''; }; - server = mkOption { + server = lib.mkOption { default = ""; type = str; description = '' @@ -140,7 +135,7 @@ with lib; ''; }; - ssl = mkOption { + ssl = lib.mkOption { default = true; type = bool; description = '' @@ -148,7 +143,7 @@ with lib; ''; }; - quiet = mkOption { + quiet = lib.mkOption { default = false; type = bool; description = '' @@ -156,7 +151,7 @@ with lib; ''; }; - script = mkOption { + script = lib.mkOption { default = ""; type = str; description = '' @@ -164,21 +159,21 @@ with lib; ''; }; - use = mkOption { + use = lib.mkOption { default = ""; type = str; description = '' Method to determine the IP address to send to the dynamic DNS provider. ''; }; - usev4 = mkOption { + usev4 = lib.mkOption { default = "webv4, webv4=checkip.dyndns.com/, webv4-skip='Current IP Address: '"; type = str; description = '' Method to determine the IPv4 address to send to the dynamic DNS provider. Only used if `use` is not set. ''; }; - usev6 = mkOption { + usev6 = lib.mkOption { default = "webv6, webv6=checkipv6.dyndns.com/, webv6-skip='Current IP Address: '"; type = str; description = '' @@ -186,7 +181,7 @@ with lib; ''; }; - verbose = mkOption { + verbose = lib.mkOption { default = false; type = bool; description = '' @@ -194,7 +189,7 @@ with lib; ''; }; - zone = mkOption { + zone = lib.mkOption { default = ""; type = str; description = '' @@ -202,7 +197,7 @@ with lib; ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = ""; type = lines; description = '' @@ -219,14 +214,14 @@ with lib; ###### implementation - config = mkIf config.services.ddclient.enable { + config = lib.mkIf config.services.ddclient.enable { warnings = lib.optional (cfg.use != "") "Setting `use` is deprecated, ddclient now supports `usev4` and `usev6` for separate IPv4/IPv6 configuration."; systemd.services.ddclient = { description = "Dynamic DNS Client"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - restartTriggers = optional (cfg.configFile != null) cfg.configFile; + restartTriggers = lib.optional (cfg.configFile != null) cfg.configFile; path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2; serviceConfig = { From 630754ae201efe4ea340b546bb6b108b35ab27c9 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:05 +0200 Subject: [PATCH 092/148] nixos/networking.dhcpcd: remove `with lib;` --- nixos/modules/services/networking/dhcpcd.nix | 87 ++++++++++---------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index a88ce0f1b5a5b..9b3269e965f5b 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -1,28 +1,25 @@ { config, lib, pkgs, ... }: - -with lib; - let dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; }; cfg = config.networking.dhcpcd; - interfaces = attrValues config.networking.interfaces; + interfaces = lib.attrValues config.networking.interfaces; enableDHCP = config.networking.dhcpcd.enable && - (config.networking.useDHCP || any (i: i.useDHCP == true) interfaces); + (config.networking.useDHCP || lib.any (i: i.useDHCP == true) interfaces); enableNTPService = (config.services.ntp.enable || config.services.ntpd-rs.enable || config.services.openntpd.enable || config.services.chrony.enable); # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge, bond or sit device. ignoredInterfaces = - map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ipv4.addresses != [ ]) interfaces) - ++ mapAttrsToList (i: _: i) config.networking.sits - ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) - ++ flatten (concatMap (i: attrNames (filterAttrs (_: config: config.type != "internal") i.interfaces)) (attrValues config.networking.vswitches)) - ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) + map (i: i.name) (lib.filter (i: if i.useDHCP != null then !i.useDHCP else i.ipv4.addresses != [ ]) interfaces) + ++ lib.mapAttrsToList (i: _: i) config.networking.sits + ++ lib.concatLists (lib.attrValues (lib.mapAttrs (n: v: v.interfaces) config.networking.bridges)) + ++ lib.flatten (lib.concatMap (i: lib.attrNames (lib.filterAttrs (_: config: config.type != "internal") i.interfaces)) (lib.attrValues config.networking.vswitches)) + ++ lib.concatLists (lib.attrValues (lib.mapAttrs (n: v: v.interfaces) config.networking.bonds)) ++ config.networking.dhcpcd.denyInterfaces; arrayAppendOrNull = a1: a2: if a1 == null && a2 == null then null @@ -33,11 +30,11 @@ let # we need to provide dhcp just for those interfaces. allowInterfaces = arrayAppendOrNull cfg.allowInterfaces (if !config.networking.useDHCP && enableDHCP then - map (i: i.name) (filter (i: i.useDHCP == true) interfaces) else null); + map (i: i.name) (lib.filter (i: i.useDHCP == true) interfaces) else null); - staticIPv6Addresses = map (i: i.name) (filter (i: i.ipv6.addresses != [ ]) interfaces); + staticIPv6Addresses = map (i: i.name) (lib.filter (i: i.ipv6.addresses != [ ]) interfaces); - noIPv6rs = concatStringsSep "\n" (map (name: '' + noIPv6rs = lib.concatStringsSep "\n" (map (name: '' interface ${name} noipv6rs '') staticIPv6Addresses); @@ -66,7 +63,7 @@ let denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* sit* # Use the list of allowed interfaces if specified - ${optionalString (allowInterfaces != null) "allowinterfaces ${toString allowInterfaces}"} + ${lib.optionalString (allowInterfaces != null) "allowinterfaces ${toString allowInterfaces}"} # Immediately fork to background if specified, otherwise wait for IP address to be assigned ${{ @@ -78,13 +75,13 @@ let if-carrier-up = ""; }.${cfg.wait}} - ${optionalString (config.networking.enableIPv6 == false) '' + ${lib.optionalString (config.networking.enableIPv6 == false) '' # Don't solicit or accept IPv6 Router Advertisements and DHCPv6 if disabled IPv6 noipv6 ''} - ${optionalString (config.networking.enableIPv6 && cfg.IPv6rs == null && staticIPv6Addresses != [ ]) noIPv6rs} - ${optionalString (config.networking.enableIPv6 && cfg.IPv6rs == false) '' + ${lib.optionalString (config.networking.enableIPv6 && cfg.IPv6rs == null && staticIPv6Addresses != [ ]) noIPv6rs} + ${lib.optionalString (config.networking.enableIPv6 && cfg.IPv6rs == false) '' noipv6rs ''} @@ -92,16 +89,16 @@ let ''; exitHook = pkgs.writeText "dhcpcd.exit-hook" '' - ${optionalString enableNTPService '' + ${lib.optionalString enableNTPService '' if [ "$reason" = BOUND -o "$reason" = REBOOT ]; then # Restart ntpd. We need to restart it to make sure that it will actually do something: # if ntpd cannot resolve the server hostnames in its config file, then it will never do # anything ever again ("couldn't resolve ..., giving up on it"), so we silently lose # time synchronisation. This also applies to openntpd. - ${optionalString config.services.ntp.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service || true"} - ${optionalString config.services.ntpd-rs.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd-rs.service || true"} - ${optionalString config.services.openntpd.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart openntpd.service || true"} - ${optionalString config.services.chrony.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart chronyd.service || true"} + ${lib.optionalString config.services.ntp.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service || true"} + ${lib.optionalString config.services.ntpd-rs.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd-rs.service || true"} + ${lib.optionalString config.services.openntpd.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart openntpd.service || true"} + ${lib.optionalString config.services.chrony.enable "/run/current-system/systemd/bin/systemctl try-reload-or-restart chronyd.service || true"} fi ''} @@ -116,8 +113,8 @@ in options = { - networking.dhcpcd.enable = mkOption { - type = types.bool; + networking.dhcpcd.enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable dhcpcd for device configuration. This is mainly to @@ -125,8 +122,8 @@ in ''; }; - networking.dhcpcd.persistent = mkOption { - type = types.bool; + networking.dhcpcd.persistent = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whenever to leave interfaces configured on dhcpcd daemon @@ -137,8 +134,8 @@ in ''; }; - networking.dhcpcd.denyInterfaces = mkOption { - type = types.listOf types.str; + networking.dhcpcd.denyInterfaces = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Disable the DHCP client for any interface whose name matches @@ -148,8 +145,8 @@ in ''; }; - networking.dhcpcd.allowInterfaces = mkOption { - type = types.nullOr (types.listOf types.str); + networking.dhcpcd.allowInterfaces = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; description = '' Enable the DHCP client for any interface whose name matches @@ -159,16 +156,16 @@ in ''; }; - networking.dhcpcd.extraConfig = mkOption { - type = types.lines; + networking.dhcpcd.extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Literal string to append to the config file generated for dhcpcd. ''; }; - networking.dhcpcd.IPv6rs = mkOption { - type = types.nullOr types.bool; + networking.dhcpcd.IPv6rs = lib.mkOption { + type = lib.types.nullOr lib.types.bool; default = null; description = '' Force enable or disable solicitation and receipt of IPv6 Router Advertisements. @@ -177,8 +174,8 @@ in ''; }; - networking.dhcpcd.runHook = mkOption { - type = types.lines; + networking.dhcpcd.runHook = lib.mkOption { + type = lib.types.lines; default = ""; example = "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"; description = '' @@ -187,8 +184,8 @@ in ''; }; - networking.dhcpcd.wait = mkOption { - type = types.enum [ "background" "any" "ipv4" "ipv6" "both" "if-carrier-up" ]; + networking.dhcpcd.wait = lib.mkOption { + type = lib.types.enum [ "background" "any" "ipv4" "ipv6" "both" "if-carrier-up" ]; default = "any"; description = '' This option specifies when the dhcpcd service will fork to background. @@ -207,14 +204,14 @@ in ###### implementation - config = mkIf enableDHCP { + config = lib.mkIf enableDHCP { assertions = [ { # dhcpcd doesn't start properly with malloc ∉ [ libc scudo ] # see https://github.com/NixOS/nixpkgs/issues/151696 assertion = dhcpcd.enablePrivSep - -> elem config.environment.memoryAllocator.provider [ "libc" "scudo" ]; + -> lib.elem config.environment.memoryAllocator.provider [ "libc" "scudo" ]; message = '' dhcpcd with privilege separation is incompatible with chosen system malloc. Currently only the `libc` and `scudo` allocators are known to work. @@ -232,11 +229,11 @@ in in { description = "DHCP Client"; - wantedBy = [ "multi-user.target" ] ++ optional (!hasDefaultGatewaySet) "network-online.target"; + wantedBy = [ "multi-user.target" ] ++ lib.optional (!hasDefaultGatewaySet) "network-online.target"; wants = [ "network.target" ]; before = [ "network-online.target" ]; - restartTriggers = optional (enableNTPService || cfg.runHook != "") [ exitHook ]; + restartTriggers = lib.optional (enableNTPService || cfg.runHook != "") [ exitHook ]; # Stopping dhcpcd during a reconfiguration is undesirable # because it brings down the network interfaces configured by @@ -251,7 +248,7 @@ in { Type = "forking"; PIDFile = "/run/dhcpcd/pid"; RuntimeDirectory = "dhcpcd"; - ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --quiet ${optionalString cfg.persistent "--persistent"} --config ${dhcpcdConf}"; + ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --quiet ${lib.optionalString cfg.persistent "--persistent"} --config ${dhcpcdConf}"; ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind"; Restart = "always"; }; @@ -265,11 +262,11 @@ in environment.systemPackages = [ dhcpcd ]; - environment.etc."dhcpcd.exit-hook" = mkIf (enableNTPService || cfg.runHook != "") { + environment.etc."dhcpcd.exit-hook" = lib.mkIf (enableNTPService || cfg.runHook != "") { source = exitHook; }; - powerManagement.resumeCommands = mkIf config.systemd.services.dhcpcd.enable + powerManagement.resumeCommands = lib.mkIf config.systemd.services.dhcpcd.enable '' # Tell dhcpcd to rebind its interfaces if it's running. /run/current-system/systemd/bin/systemctl reload dhcpcd.service From 56576f90e3ec6d5d831d2b721bd832960252b162 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:05 +0200 Subject: [PATCH 093/148] nixos/services.dnscache: remove `with lib;` --- .../modules/services/networking/dnscache.nix | 35 +++++++++---------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index 160c7611c6b83..e743d1c543239 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -1,19 +1,16 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dnscache; dnscache-root = pkgs.runCommand "dnscache-root" { preferLocalBuild = true; } '' mkdir -p $out/{servers,ip} - ${concatMapStrings (ip: '' + ${lib.concatMapStrings (ip: '' touch "$out/ip/"${lib.escapeShellArg ip} '') cfg.clientIps} - ${concatStrings (mapAttrsToList (host: ips: '' - ${concatMapStrings (ip: '' + ${lib.concatStrings (lib.mapAttrsToList (host: ips: '' + ${lib.concatMapStrings (ip: '' echo ${lib.escapeShellArg ip} >> "$out/servers/"${lib.escapeShellArg host} '') ips} '') cfg.domainServers)} @@ -35,33 +32,33 @@ in { options = { services.dnscache = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether to run the dnscache caching dns server."; }; - ip = mkOption { + ip = lib.mkOption { default = "0.0.0.0"; - type = types.str; + type = lib.types.str; description = "IP address on which to listen for connections."; }; - clientIps = mkOption { + clientIps = lib.mkOption { default = [ "127.0.0.1" ]; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; description = "Client IP addresses (or prefixes) from which to accept connections."; example = ["192.168" "172.23.75.82"]; }; - domainServers = mkOption { + domainServers = lib.mkOption { default = { }; - type = types.attrsOf (types.listOf types.str); + type = lib.types.attrsOf (lib.types.listOf lib.types.str); description = '' Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used. ''; - example = literalExpression '' + example = lib.literalExpression '' { "@" = ["8.8.8.8" "8.8.4.4"]; "example.com" = ["192.168.100.100"]; @@ -69,9 +66,9 @@ in { ''; }; - forwardOnly = mkOption { + forwardOnly = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is @@ -84,7 +81,7 @@ in { ###### implementation - config = mkIf config.services.dnscache.enable { + config = lib.mkIf config.services.dnscache.enable { environment.systemPackages = [ pkgs.djbdns ]; users.users.dnscache = { isSystemUser = true; @@ -104,7 +101,7 @@ in { ''; script = '' cd /var/lib/dnscache/ - ${optionalString cfg.forwardOnly "export FORWARDONLY=1"} + ${lib.optionalString cfg.forwardOnly "export FORWARDONLY=1"} exec ./run ''; }; From 3a05a07ef70cdc807d7a4acbf8c116628f48883f Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:05 +0200 Subject: [PATCH 094/148] nixos/services.dnsdist: remove `with lib;` --- nixos/modules/services/networking/dnsdist.nix | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index cf17a87f649f4..cd87abb3d0725 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dnsdist; @@ -80,38 +77,38 @@ let in { options = { services.dnsdist = { - enable = mkEnableOption "dnsdist domain name server"; + enable = lib.mkEnableOption "dnsdist domain name server"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; description = "Listen IP address"; default = "0.0.0.0"; }; - listenPort = mkOption { - type = types.port; + listenPort = lib.mkOption { + type = lib.types.port; description = "Listen port"; default = 53; }; dnscrypt = { - enable = mkEnableOption "a DNSCrypt endpoint to dnsdist"; + enable = lib.mkEnableOption "a DNSCrypt endpoint to dnsdist"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; description = "Listen IP address of the endpoint"; default = "0.0.0.0"; }; - listenPort = mkOption { - type = types.port; + listenPort = lib.mkOption { + type = lib.types.port; description = "Listen port of the endpoint"; default = 443; }; - providerName = mkOption { - type = types.str; + providerName = lib.mkOption { + type = lib.types.str; default = "2.dnscrypt-cert.${config.networking.hostName}"; - defaultText = literalExpression "2.dnscrypt-cert.\${config.networking.hostName}"; + defaultText = lib.literalExpression "2.dnscrypt-cert.\${config.networking.hostName}"; example = "2.dnscrypt-cert.myresolver"; description = '' The name that will be given to this DNSCrypt resolver. @@ -122,8 +119,8 @@ in { ''; }; - providerKey = mkOption { - type = types.nullOr types.path; + providerKey = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' The filepath to the provider secret key. @@ -136,8 +133,8 @@ in { ''; }; - certLifetime = mkOption { - type = types.ints.positive; + certLifetime = lib.mkOption { + type = lib.types.ints.positive; default = 15; description = '' The lifetime (in minutes) of the resolver certificate. @@ -147,8 +144,8 @@ in { }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra lines to be added verbatim to dnsdist.conf. @@ -157,7 +154,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.dnsdist = { description = "dnsdist daemons user"; isSystemUser = true; From 504abe12d16457d70a863a2050a07a84ffee6c51 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:05 +0200 Subject: [PATCH 095/148] nixos/services.dnsmasq: remove `with lib;` --- nixos/modules/services/networking/dnsmasq.nix | 51 +++++++++---------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix index e9052cdd3faef..20986f8d93ef7 100644 --- a/nixos/modules/services/networking/dnsmasq.nix +++ b/nixos/modules/services/networking/dnsmasq.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dnsmasq; dnsmasq = cfg.package; @@ -9,14 +6,14 @@ let # True values are just put as `name` instead of `name=true`, and false values # are turned to comments (false values are expected to be overrides e.g. - # mkForce) + # lib.mkForce) formatKeyValue = name: value: if value == true then name else if value == false then "# setting `${name}` explicitly set to false" - else generators.mkKeyValueDefault { } "=" name value; + else lib.generators.mkKeyValueDefault { } "=" name value; settingsFormat = pkgs.formats.keyValue { mkKeyValue = formatKeyValue; @@ -36,7 +33,7 @@ in { imports = [ - (mkRenamedOptionModule [ "services" "dnsmasq" "servers" ] [ "services" "dnsmasq" "settings" "server" ]) + (lib.mkRenamedOptionModule [ "services" "dnsmasq" "servers" ] [ "services" "dnsmasq" "settings" "server" ]) ]; ###### interface @@ -45,18 +42,18 @@ in services.dnsmasq = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run dnsmasq. ''; }; - package = mkPackageOption pkgs "dnsmasq" {}; + package = lib.mkPackageOption pkgs "dnsmasq" {}; - resolveLocalQueries = mkOption { - type = types.bool; + resolveLocalQueries = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to @@ -64,21 +61,21 @@ in ''; }; - alwaysKeepRunning = mkOption { - type = types.bool; + alwaysKeepRunning = lib.mkOption { + type = lib.types.bool; default = false; description = '' If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error. ''; }; - settings = mkOption { - type = types.submodule { + settings = lib.mkOption { + type = lib.types.submodule { freeformType = settingsFormat.type; - options.server = mkOption { - type = types.listOf types.str; + options.server = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "8.8.8.8" "8.8.4.4" ]; description = '' @@ -99,7 +96,7 @@ in resolv-file = optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf"; } ''; - example = literalExpression '' + example = lib.literalExpression '' { domain-needed = true; dhcp-range = [ "192.168.0.2,192.168.0.254" ]; @@ -107,8 +104,8 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra configuration directives that should be added to @@ -125,18 +122,18 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { warnings = lib.optional (cfg.extraConfig != "") "Text based config is deprecated, dnsmasq now supports `services.dnsmasq.settings` for an attribute-set based config"; services.dnsmasq.settings = { - dhcp-leasefile = mkDefault "${stateDir}/dnsmasq.leases"; - conf-file = mkDefault (optional cfg.resolveLocalQueries "/etc/dnsmasq-conf.conf"); - resolv-file = mkDefault (optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf"); + dhcp-leasefile = lib.mkDefault "${stateDir}/dnsmasq.leases"; + conf-file = lib.mkDefault (lib.optional cfg.resolveLocalQueries "/etc/dnsmasq-conf.conf"); + resolv-file = lib.mkDefault (lib.optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf"); }; networking.nameservers = - optional cfg.resolveLocalQueries "127.0.0.1"; + lib.optional cfg.resolveLocalQueries "127.0.0.1"; services.dbus.packages = [ dnsmasq ]; @@ -147,8 +144,8 @@ in }; users.groups.dnsmasq = {}; - networking.resolvconf = mkIf cfg.resolveLocalQueries { - useLocalResolver = mkDefault true; + networking.resolvconf = lib.mkIf cfg.resolveLocalQueries { + useLocalResolver = lib.mkDefault true; extraConfig = '' dnsmasq_conf=/etc/dnsmasq-conf.conf From e59cdc8e997447a346f751ad157eab9ed105ba95 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 096/148] nixos/services.doh-proxy-rust: remove `with lib;` --- .../services/networking/doh-proxy-rust.nix | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/networking/doh-proxy-rust.nix b/nixos/modules/services/networking/doh-proxy-rust.nix index 1f3850a77bf1c..32b7a3750480a 100644 --- a/nixos/modules/services/networking/doh-proxy-rust.nix +++ b/nixos/modules/services/networking/doh-proxy-rust.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.doh-proxy-rust; @@ -10,10 +7,10 @@ in { options.services.doh-proxy-rust = { - enable = mkEnableOption "doh-proxy-rust"; + enable = lib.mkEnableOption "doh-proxy-rust"; - flags = mkOption { - type = types.listOf types.str; + flags = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "--server-address=9.9.9.9:53" ]; description = '' @@ -24,13 +21,13 @@ in { }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.doh-proxy-rust = { description = "doh-proxy-rust"; after = [ "network.target" "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${pkgs.doh-proxy-rust}/bin/doh-proxy ${escapeShellArgs cfg.flags}"; + ExecStart = "${pkgs.doh-proxy-rust}/bin/doh-proxy ${lib.escapeShellArgs cfg.flags}"; Restart = "always"; RestartSec = 10; DynamicUser = true; @@ -55,6 +52,6 @@ in { }; }; - meta.maintainers = with maintainers; [ stephank ]; + meta.maintainers = with lib.maintainers; [ stephank ]; } From aa2c039ab0d832e395a38ef0dd202255d878b856 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 097/148] nixos/services.ejabberd: remove `with lib;` --- .../modules/services/networking/ejabberd.nix | 51 +++++++++---------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix index 3e92a2d3f7eb2..d2ada99cc9219 100644 --- a/nixos/modules/services/networking/ejabberd.nix +++ b/nixos/modules/services/networking/ejabberd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.ejabberd; @@ -11,7 +8,7 @@ let ${cfg.ctlConfig} ''; - ectl = ''${cfg.package}/bin/ejabberdctl ${optionalString (cfg.configFile != null) "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"''; + ectl = ''${cfg.package}/bin/ejabberdctl ${lib.optionalString (cfg.configFile != null) "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"''; dumps = lib.escapeShellArgs cfg.loadDumps; @@ -23,59 +20,59 @@ in { services.ejabberd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable ejabberd server"; }; - package = mkPackageOption pkgs "ejabberd" { }; + package = lib.mkPackageOption pkgs "ejabberd" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "ejabberd"; description = "User under which ejabberd is ran"; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "ejabberd"; description = "Group under which ejabberd is ran"; }; - spoolDir = mkOption { - type = types.path; + spoolDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/ejabberd"; description = "Location of the spooldir of ejabberd"; }; - logsDir = mkOption { - type = types.path; + logsDir = lib.mkOption { + type = lib.types.path; default = "/var/log/ejabberd"; description = "Location of the logfile directory of ejabberd"; }; - configFile = mkOption { - type = types.nullOr types.path; + configFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; description = "Configuration file for ejabberd in YAML format"; default = null; }; - ctlConfig = mkOption { - type = types.lines; + ctlConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Configuration of ejabberdctl"; }; - loadDumps = mkOption { - type = types.listOf types.path; + loadDumps = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; description = "Configuration dumps that should be loaded on the first startup"; - example = literalExpression "[ ./myejabberd.dump ]"; + example = lib.literalExpression "[ ./myejabberd.dump ]"; }; - imagemagick = mkOption { - type = types.bool; + imagemagick = lib.mkOption { + type = lib.types.bool; default = false; description = "Add ImageMagick to server's path; allows for image thumbnailing"; }; @@ -86,10 +83,10 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - users.users = optionalAttrs (cfg.user == "ejabberd") { + users.users = lib.optionalAttrs (cfg.user == "ejabberd") { ejabberd = { group = cfg.group; home = cfg.spoolDir; @@ -98,7 +95,7 @@ in { }; }; - users.groups = optionalAttrs (cfg.group == "ejabberd") { + users.groups = lib.optionalAttrs (cfg.group == "ejabberd") { ejabberd.gid = config.ids.gids.ejabberd; }; From a09250d8abedfa0e6af942802c0acaa4dcfbf9d5 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 098/148] nixos/services.envoy: remove `with lib;` --- nixos/modules/services/networking/envoy.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/networking/envoy.nix b/nixos/modules/services/networking/envoy.nix index b36c184fe8d53..876c05755936e 100644 --- a/nixos/modules/services/networking/envoy.nix +++ b/nixos/modules/services/networking/envoy.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.envoy; format = pkgs.formats.json { }; @@ -15,12 +12,12 @@ in { options.services.envoy = { - enable = mkEnableOption "Envoy reverse proxy"; + enable = lib.mkEnableOption "Envoy reverse proxy"; - package = mkPackageOption pkgs "envoy" { }; + package = lib.mkPackageOption pkgs "envoy" { }; - requireValidConfig = mkOption { - type = types.bool; + requireValidConfig = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether a failure during config validation at build time is fatal. @@ -29,10 +26,10 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { admin = { access_log_path = "/dev/null"; @@ -56,7 +53,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; systemd.services.envoy = { description = "Envoy reverse proxy"; From 6233a59db3c17278ca11f7e02e37b6d0bdd4d24e Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 099/148] nixos/services.epmd: remove `with lib;` --- nixos/modules/services/networking/epmd.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/networking/epmd.nix b/nixos/modules/services/networking/epmd.nix index b450aa1b62c75..90876a67f74da 100644 --- a/nixos/modules/services/networking/epmd.nix +++ b/nixos/modules/services/networking/epmd.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.epmd; in { ###### interface options.services.epmd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable socket activation for Erlang Port Mapper Daemon (epmd), @@ -17,10 +14,10 @@ in Erlang computations. ''; }; - package = mkPackageOption pkgs "erlang" { }; - listenStream = mkOption + package = lib.mkPackageOption pkgs "erlang" { }; + listenStream = lib.mkOption { - type = types.str; + type = lib.types.str; default = "[::]:4369"; description = '' the listenStream used by the systemd socket. @@ -32,7 +29,7 @@ in }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = cfg.listenStream == "[::]:4369" -> config.networking.enableIPv6; message = "epmd listens by default on ipv6, enable ipv6 or change config.services.epmd.listenStream"; @@ -60,5 +57,5 @@ in }; }; - meta.maintainers = teams.beam.members; + meta.maintainers = lib.teams.beam.members; } From 19e88959ef5464e7495ae7cd8977f1e7585908d2 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 100/148] nixos/services.eternal-terminal: remove `with lib;` --- .../services/networking/eternal-terminal.nix | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/networking/eternal-terminal.nix b/nixos/modules/services/networking/eternal-terminal.nix index d26e26d0c1950..584eafd2962cf 100644 --- a/nixos/modules/services/networking/eternal-terminal.nix +++ b/nixos/modules/services/networking/eternal-terminal.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.eternal-terminal; @@ -16,11 +13,11 @@ in services.eternal-terminal = { - enable = mkEnableOption "Eternal Terminal server"; + enable = lib.mkEnableOption "Eternal Terminal server"; - port = mkOption { + port = lib.mkOption { default = 2022; - type = types.port; + type = lib.types.port; description = '' The port the server should listen on. Will use the server's default (2022) if not specified. @@ -28,25 +25,25 @@ in ''; }; - verbosity = mkOption { + verbosity = lib.mkOption { default = 0; - type = types.enum (lib.range 0 9); + type = lib.types.enum (lib.range 0 9); description = '' The verbosity level (0-9). ''; }; - silent = mkOption { + silent = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' If enabled, disables all logging. ''; }; - logSize = mkOption { + logSize = lib.mkOption { default = 20971520; - type = types.int; + type = lib.types.int; description = '' The maximum log size. ''; @@ -56,7 +53,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # We need to ensure the et package is fully installed because # the (remote) et client runs the `etterminal` binary when it From abc0a6e035dc844c2afb663a543d30082967397a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 101/148] nixos/services.expressvpn: remove `with lib;` --- nixos/modules/services/networking/expressvpn.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/networking/expressvpn.nix b/nixos/modules/services/networking/expressvpn.nix index c1d287f57bc2c..431a1da70b955 100644 --- a/nixos/modules/services/networking/expressvpn.nix +++ b/nixos/modules/services/networking/expressvpn.nix @@ -1,16 +1,14 @@ { config, lib, pkgs, ... }: - -with lib; { - options.services.expressvpn.enable = mkOption { - type = types.bool; + options.services.expressvpn.enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable the ExpressVPN daemon. ''; }; - config = mkIf config.services.expressvpn.enable { + config = lib.mkIf config.services.expressvpn.enable { boot.kernelModules = [ "tun" ]; systemd.services.expressvpn = { @@ -26,5 +24,5 @@ with lib; }; }; - meta.maintainers = with maintainers; [ yureien ]; + meta.maintainers = with lib.maintainers; [ yureien ]; } From 17f8650ace89fb48f3c15a6406ebbd893b6c6f74 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:06 +0200 Subject: [PATCH 102/148] nixos/services.ferm: remove `with lib;` --- nixos/modules/services/networking/ferm.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/networking/ferm.nix b/nixos/modules/services/networking/ferm.nix index 91412f53009c1..1fc982d8e9c8e 100644 --- a/nixos/modules/services/networking/ferm.nix +++ b/nixos/modules/services/networking/ferm.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.ferm; @@ -17,9 +14,9 @@ let in { options = { services.ferm = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable Ferm Firewall. *Warning*: Enabling this service WILL disable the existing NixOS @@ -27,17 +24,17 @@ in { considered at the moment. ''; }; - config = mkOption { + config = lib.mkOption { description = "Verbatim ferm.conf configuration."; default = ""; - defaultText = literalMD "empty firewall, allows any traffic"; - type = types.lines; + defaultText = lib.literalMD "empty firewall, allows any traffic"; + type = lib.types.lines; }; - package = mkPackageOption pkgs "ferm" { }; + package = lib.mkPackageOption pkgs "ferm" { }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.firewall.enable = false; systemd.services.ferm = { description = "Ferm Firewall"; From f12d3df878ef31bfd71829e550ce7bfb3de79103 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 103/148] nixos/services.fireqos: remove `with lib;` --- nixos/modules/services/networking/fireqos.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/fireqos.nix b/nixos/modules/services/networking/fireqos.nix index 0b34f0b6b8b48..aa7d8c2c03efb 100644 --- a/nixos/modules/services/networking/fireqos.nix +++ b/nixos/modules/services/networking/fireqos.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.fireqos; fireqosConfig = pkgs.writeText "fireqos.conf" "${cfg.config}"; in { options.services.fireqos = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' If enabled, FireQOS will be launched with the specified @@ -16,8 +13,8 @@ in { ''; }; - config = mkOption { - type = types.str; + config = lib.mkOption { + type = lib.types.str; default = ""; example = '' interface wlp3s0 world-in input rate 10mbit ethernet @@ -34,7 +31,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.fireqos = { description = "FireQOS"; after = [ "network.target" ]; From 15edaa6e16be90a34bd0f549ae0dc6564e56cce0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 104/148] nixos/networking.firewall.iptables: remove `with lib;` --- .../services/networking/firewall-iptables.nix | 62 +++++++++---------- 1 file changed, 29 insertions(+), 33 deletions(-) diff --git a/nixos/modules/services/networking/firewall-iptables.nix b/nixos/modules/services/networking/firewall-iptables.nix index 91756f826fe81..e4fa7676fd077 100644 --- a/nixos/modules/services/networking/firewall-iptables.nix +++ b/nixos/modules/services/networking/firewall-iptables.nix @@ -29,11 +29,7 @@ complete firewall (in the default configuration). */ - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.networking.firewall; @@ -89,17 +85,17 @@ let # jumps to the "nixos-fw-refuse" chain. ip46tables -N nixos-fw-log-refuse - ${optionalString cfg.logRefusedConnections '' + ${lib.optionalString cfg.logRefusedConnections '' ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " ''} - ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' + ${lib.optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ -j LOG --log-level info --log-prefix "refused broadcast: " ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ -j LOG --log-level info --log-prefix "refused multicast: " ''} ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse - ${optionalString cfg.logRefusedPackets '' + ${lib.optionalString cfg.logRefusedPackets '' ip46tables -A nixos-fw-log-refuse \ -j LOG --log-level info --log-prefix "refused packet: " ''} @@ -114,11 +110,11 @@ let ip46tables -t mangle -F nixos-fw-rpfilter 2> /dev/null || true ip46tables -t mangle -X nixos-fw-rpfilter 2> /dev/null || true - ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' + ${lib.optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' # Perform a reverse-path test to refuse spoofers # For now, we just drop, as the mangle table doesn't have a log-refuse yet ip46tables -t mangle -N nixos-fw-rpfilter 2> /dev/null || true - ip46tables -t mangle -A nixos-fw-rpfilter -m rpfilter --validmark ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN + ip46tables -t mangle -A nixos-fw-rpfilter -m rpfilter --validmark ${lib.optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN # Allows this host to act as a DHCP4 client without first having to use APIPA iptables -t mangle -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN @@ -126,7 +122,7 @@ let # Allows this host to act as a DHCPv4 server iptables -t mangle -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN - ${optionalString cfg.logReversePathDrops '' + ${lib.optionalString cfg.logReversePathDrops '' ip46tables -t mangle -A nixos-fw-rpfilter -j LOG --log-level info --log-prefix "rpfilter drop: " ''} ip46tables -t mangle -A nixos-fw-rpfilter -j DROP @@ -135,7 +131,7 @@ let ''} # Accept all traffic on the trusted interfaces. - ${flip concatMapStrings cfg.trustedInterfaces (iface: '' + ${lib.flip lib.concatMapStrings cfg.trustedInterfaces (iface: '' ip46tables -A nixos-fw -i ${iface} -j nixos-fw-accept '')} @@ -143,51 +139,51 @@ let ip46tables -A nixos-fw -m conntrack --ctstate ESTABLISHED,RELATED -j nixos-fw-accept # Accept connections to the allowed TCP ports. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (port: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (port: '' - ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedTCPPorts ) cfg.allInterfaces)} # Accept connections to the allowed TCP port ranges. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (rangeAttr: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (rangeAttr: let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in '' - ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedTCPPortRanges ) cfg.allInterfaces)} # Accept packets on the allowed UDP ports. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (port: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (port: '' - ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedUDPPorts ) cfg.allInterfaces)} # Accept packets on the allowed UDP port ranges. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (rangeAttr: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: + lib.concatMapStrings (rangeAttr: let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in '' - ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${lib.optionalString (iface != "default") "-i ${iface}"} '' ) cfg.allowedUDPPortRanges ) cfg.allInterfaces)} # Optionally respond to ICMPv4 pings. - ${optionalString cfg.allowPing '' - iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null) + ${lib.optionalString cfg.allowPing '' + iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${lib.optionalString (cfg.pingLimit != null) "-m limit ${cfg.pingLimit} " }-j nixos-fw-accept ''} - ${optionalString config.networking.enableIPv6 '' + ${lib.optionalString config.networking.enableIPv6 '' # Accept all ICMPv6 messages except redirects and node # information queries (type 139). See RFC 4890, section # 4.4. @@ -218,7 +214,7 @@ let # Clean up after added ruleset ip46tables -D INPUT -j nixos-fw 2>/dev/null || true - ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' + ${lib.optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' ip46tables -t mangle -D PREROUTING -j nixos-fw-rpfilter 2>/dev/null || true ''} @@ -256,8 +252,8 @@ in options = { networking.firewall = { - extraCommands = mkOption { - type = types.lines; + extraCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = "iptables -A INPUT -p icmp -j ACCEPT"; description = '' @@ -270,8 +266,8 @@ in ''; }; - extraStopCommands = mkOption { - type = types.lines; + extraStopCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = "iptables -P INPUT ACCEPT"; description = '' @@ -289,7 +285,7 @@ in # FIXME: Maybe if `enable' is false, the firewall should still be # built but not started by default? - config = mkIf (cfg.enable && config.networking.nftables.enable == false) { + config = lib.mkIf (cfg.enable && config.networking.nftables.enable == false) { assertions = [ # This is approximately "checkReversePath -> kernelHasRPFilter", @@ -302,7 +298,7 @@ in ]; environment.systemPackages = [ pkgs.nixos-firewall-tool ]; - networking.firewall.checkReversePath = mkIf (!kernelHasRPFilter) (mkDefault false); + networking.firewall.checkReversePath = lib.mkIf (!kernelHasRPFilter) (lib.mkDefault false); systemd.services.firewall = { description = "Firewall"; From e915ced8040d48eafd8f0365a787f935f2ca990c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 105/148] nixos/networking.firewall.nftables: remove `with lib;` --- .../services/networking/firewall-nftables.nix | 53 +++++++++---------- 1 file changed, 25 insertions(+), 28 deletions(-) diff --git a/nixos/modules/services/networking/firewall-nftables.nix b/nixos/modules/services/networking/firewall-nftables.nix index a5ee7efc3c324..f954a52841033 100644 --- a/nixos/modules/services/networking/firewall-nftables.nix +++ b/nixos/modules/services/networking/firewall-nftables.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.networking.firewall; - ifaceSet = concatStringsSep ", " ( + ifaceSet = lib.concatStringsSep ", " ( map (x: ''"${x}"'') cfg.trustedInterfaces ); - portsToNftSet = ports: portRanges: concatStringsSep ", " ( + portsToNftSet = ports: portRanges: lib.concatStringsSep ", " ( map (x: toString x) ports ++ map (x: "${toString x.from}-${toString x.to}") portRanges ); @@ -22,8 +19,8 @@ in options = { networking.firewall = { - extraInputRules = mkOption { - type = types.lines; + extraInputRules = lib.mkOption { + type = lib.types.lines; default = ""; example = "ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"; description = '' @@ -34,8 +31,8 @@ in ''; }; - extraForwardRules = mkOption { - type = types.lines; + extraForwardRules = lib.mkOption { + type = lib.types.lines; default = ""; example = "iifname wg0 accept"; description = '' @@ -46,8 +43,8 @@ in ''; }; - extraReversePathFilterRules = mkOption { - type = types.lines; + extraReversePathFilterRules = lib.mkOption { + type = lib.types.lines; default = ""; example = "fib daddr . mark . iif type local accept"; description = '' @@ -61,7 +58,7 @@ in }; - config = mkIf (cfg.enable && config.networking.nftables.enable) { + config = lib.mkIf (cfg.enable && config.networking.nftables.enable) { assertions = [ { @@ -73,7 +70,7 @@ in message = "extraStopCommands is incompatible with the nftables based firewall: ${cfg.extraStopCommands}"; } { - assertion = cfg.pingLimit == null || !(hasPrefix "--" cfg.pingLimit); + assertion = cfg.pingLimit == null || !(lib.hasPrefix "--" cfg.pingLimit); message = "nftables syntax like \"2/second\" should be used in networking.firewall.pingLimit"; } { @@ -84,16 +81,16 @@ in networking.nftables.tables."nixos-fw".family = "inet"; networking.nftables.tables."nixos-fw".content = '' - ${optionalString (cfg.checkReversePath != false) '' + ${lib.optionalString (cfg.checkReversePath != false) '' chain rpfilter { type filter hook prerouting priority mangle + 10; policy drop; meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server" - fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept + fib saddr . mark ${lib.optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept jump rpfilter-allow - ${optionalString cfg.logReversePathDrops '' + ${lib.optionalString cfg.logReversePathDrops '' log level info prefix "rpfilter drop: " ''} @@ -107,7 +104,7 @@ in chain input { type filter hook input priority filter; policy drop; - ${optionalString (ifaceSet != "") ''iifname { ${ifaceSet} } accept comment "trusted interfaces"''} + ${lib.optionalString (ifaceSet != "") ''iifname { ${ifaceSet} } accept comment "trusted interfaces"''} # Some ICMPv6 types like NDP is untracked ct state vmap { @@ -118,18 +115,18 @@ in untracked: jump input-allow, } - ${optionalString cfg.logRefusedConnections '' + ${lib.optionalString cfg.logRefusedConnections '' tcp flags syn / fin,syn,rst,ack log level info prefix "refused connection: " ''} - ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' + ${lib.optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' pkttype broadcast log level info prefix "refused broadcast: " pkttype multicast log level info prefix "refused multicast: " ''} - ${optionalString cfg.logRefusedPackets '' + ${lib.optionalString cfg.logRefusedPackets '' pkttype host log level info prefix "refused packet: " ''} - ${optionalString cfg.rejectPackets '' + ${lib.optionalString cfg.rejectPackets '' meta l4proto tcp reject with tcp reset reject ''} @@ -138,20 +135,20 @@ in chain input-allow { - ${concatStrings (mapAttrsToList (iface: cfg: + ${lib.concatStrings (lib.mapAttrsToList (iface: cfg: let - ifaceExpr = optionalString (iface != "default") "iifname ${iface}"; + ifaceExpr = lib.optionalString (iface != "default") "iifname ${iface}"; tcpSet = portsToNftSet cfg.allowedTCPPorts cfg.allowedTCPPortRanges; udpSet = portsToNftSet cfg.allowedUDPPorts cfg.allowedUDPPortRanges; in '' - ${optionalString (tcpSet != "") "${ifaceExpr} tcp dport { ${tcpSet} } accept"} - ${optionalString (udpSet != "") "${ifaceExpr} udp dport { ${udpSet} } accept"} + ${lib.optionalString (tcpSet != "") "${ifaceExpr} tcp dport { ${tcpSet} } accept"} + ${lib.optionalString (udpSet != "") "${ifaceExpr} udp dport { ${udpSet} } accept"} '' ) cfg.allInterfaces)} - ${optionalString cfg.allowPing '' - icmp type echo-request ${optionalString (cfg.pingLimit != null) "limit rate ${cfg.pingLimit}"} accept comment "allow ping" + ${lib.optionalString cfg.allowPing '' + icmp type echo-request ${lib.optionalString (cfg.pingLimit != null) "limit rate ${cfg.pingLimit}"} accept comment "allow ping" ''} icmpv6 type != { nd-redirect, 139 } accept comment "Accept all ICMPv6 messages except redirects and node information queries (type 139). See RFC 4890, section 4.4." @@ -161,7 +158,7 @@ in } - ${optionalString cfg.filterForward '' + ${lib.optionalString cfg.filterForward '' chain forward { type filter hook forward priority filter; policy drop; From 00d0e3ba987cd82fa823843ad53f2e80a32a8555 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 106/148] nixos/networking.firewall: remove `with lib;` --- .../modules/services/networking/firewall.nix | 105 +++++++++--------- 1 file changed, 51 insertions(+), 54 deletions(-) diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index a35cc51a38705..5021ef6f502a8 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.networking.firewall; @@ -10,8 +7,8 @@ let ports: lib.unique (builtins.sort builtins.lessThan ports); commonOptions = { - allowedTCPPorts = mkOption { - type = types.listOf types.port; + allowedTCPPorts = lib.mkOption { + type = lib.types.listOf lib.types.port; default = [ ]; apply = canonicalizePortList; example = [ 22 80 ]; @@ -21,8 +18,8 @@ let ''; }; - allowedTCPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.port); + allowedTCPPortRanges = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.port); default = [ ]; example = [{ from = 8999; to = 9003; }]; description = '' @@ -31,8 +28,8 @@ let ''; }; - allowedUDPPorts = mkOption { - type = types.listOf types.port; + allowedUDPPorts = lib.mkOption { + type = lib.types.listOf lib.types.port; default = [ ]; apply = canonicalizePortList; example = [ 53 ]; @@ -41,8 +38,8 @@ let ''; }; - allowedUDPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.port); + allowedUDPPortRanges = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.port); default = [ ]; example = [{ from = 60000; to = 61000; }]; description = '' @@ -58,8 +55,8 @@ in options = { networking.firewall = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to enable the firewall. This is a simple stateful @@ -68,18 +65,18 @@ in ''; }; - package = mkOption { - type = types.package; + package = lib.mkOption { + type = lib.types.package; default = if config.networking.nftables.enable then pkgs.nftables else pkgs.iptables; - defaultText = literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; - example = literalExpression "pkgs.iptables-legacy"; + defaultText = lib.literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; + example = lib.literalExpression "pkgs.iptables-legacy"; description = '' The package to use for running the firewall service. ''; }; - logRefusedConnections = mkOption { - type = types.bool; + logRefusedConnections = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to log rejected or dropped incoming connections. @@ -88,8 +85,8 @@ in ''; }; - logRefusedPackets = mkOption { - type = types.bool; + logRefusedPackets = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to log all rejected or dropped incoming packets. @@ -100,8 +97,8 @@ in ''; }; - logRefusedUnicastsOnly = mkOption { - type = types.bool; + logRefusedUnicastsOnly = lib.mkOption { + type = lib.types.bool; default = true; description = '' If {option}`networking.firewall.logRefusedPackets` @@ -111,8 +108,8 @@ in ''; }; - rejectPackets = mkOption { - type = types.bool; + rejectPackets = lib.mkOption { + type = lib.types.bool; default = false; description = '' If set, refused packets are rejected rather than dropped @@ -123,8 +120,8 @@ in ''; }; - trustedInterfaces = mkOption { - type = types.listOf types.str; + trustedInterfaces = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "enp0s2" ]; description = '' @@ -134,8 +131,8 @@ in ''; }; - allowPing = mkOption { - type = types.bool; + allowPing = lib.mkOption { + type = lib.types.bool; default = true; description = '' Whether to respond to incoming ICMPv4 echo requests @@ -145,8 +142,8 @@ in ''; }; - pingLimit = mkOption { - type = types.nullOr (types.separatedString " "); + pingLimit = lib.mkOption { + type = lib.types.nullOr (lib.types.separatedString " "); default = null; example = "--limit 1/minute --limit-burst 5"; description = '' @@ -160,10 +157,10 @@ in ''; }; - checkReversePath = mkOption { - type = types.either types.bool (types.enum [ "strict" "loose" ]); + checkReversePath = lib.mkOption { + type = lib.types.either lib.types.bool (lib.types.enum [ "strict" "loose" ]); default = true; - defaultText = literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; + defaultText = lib.literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; example = "loose"; description = '' Performs a reverse path filter test on a packet. If a reply @@ -180,8 +177,8 @@ in ''; }; - logReversePathDrops = mkOption { - type = types.bool; + logReversePathDrops = lib.mkOption { + type = lib.types.bool; default = false; description = '' Logs dropped packets failing the reverse path filter test if @@ -189,8 +186,8 @@ in ''; }; - filterForward = mkOption { - type = types.bool; + lib.filterForward = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable filtering in IP forwarding. @@ -199,8 +196,8 @@ in ''; }; - connectionTrackingModules = mkOption { - type = types.listOf types.str; + connectionTrackingModules = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ ]; example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]; description = '' @@ -219,8 +216,8 @@ in ''; }; - autoLoadConntrackHelpers = mkOption { - type = types.bool; + autoLoadConntrackHelpers = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to auto-load connection-tracking helpers. @@ -230,29 +227,29 @@ in ''; }; - extraPackages = mkOption { - type = types.listOf types.package; + extraPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; - example = literalExpression "[ pkgs.ipset ]"; + example = lib.literalExpression "[ pkgs.ipset ]"; description = '' Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands. ''; }; - interfaces = mkOption { + interfaces = lib.mkOption { default = { }; - type = with types; attrsOf (submodule [{ options = commonOptions; }]); + type = with lib.types; attrsOf (submodule [{ options = commonOptions; }]); description = '' Interface-specific open ports. ''; }; - allInterfaces = mkOption { + allInterfaces = lib.mkOption { internal = true; visible = false; - default = { default = mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; - type = with types; attrsOf (submodule [{ options = commonOptions; }]); + default = { default = lib.mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; + type = with lib.types; attrsOf (submodule [{ options = commonOptions; }]); description = '' All open ports. ''; @@ -262,11 +259,11 @@ in }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { - assertion = cfg.filterForward -> config.networking.nftables.enable; + assertion = cfg.lib.filterForward -> config.networking.nftables.enable; message = "filterForward only works with the nftables based firewall"; } { @@ -279,9 +276,9 @@ in environment.systemPackages = [ cfg.package ] ++ cfg.extraPackages; - boot.kernelModules = (optional cfg.autoLoadConntrackHelpers "nf_conntrack") + boot.kernelModules = (lib.optional cfg.autoLoadConntrackHelpers "nf_conntrack") ++ map (x: "nf_conntrack_${x}") cfg.connectionTrackingModules; - boot.extraModprobeConfig = optionalString cfg.autoLoadConntrackHelpers '' + boot.extraModprobeConfig = lib.optionalString cfg.autoLoadConntrackHelpers '' options nf_conntrack nf_conntrack_helper=1 ''; From 688b08939c5460b73eae1a9f73bc53ca31e157ea Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 107/148] nixos/services.flannel: remove `with lib;` --- nixos/modules/services/networking/flannel.nix | 87 +++++++++---------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix index c55557b668b84..05987df88c187 100644 --- a/nixos/modules/services/networking/flannel.nix +++ b/nixos/modules/services/networking/flannel.nix @@ -1,11 +1,8 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.flannel; - networkConfig = filterAttrs (n: v: v != null) { + networkConfig = lib.filterAttrs (n: v: v != null) { Network = cfg.network; SubnetLen = cfg.subnetLen; SubnetMin = cfg.subnetMin; @@ -14,128 +11,128 @@ let }; in { options.services.flannel = { - enable = mkEnableOption "flannel"; + enable = lib.mkEnableOption "flannel"; - package = mkPackageOption pkgs "flannel" { }; + package = lib.mkPackageOption pkgs "flannel" { }; - publicIp = mkOption { + publicIp = lib.mkOption { description = '' IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - iface = mkOption { + iface = lib.mkOption { description = '' Interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; etcd = { - endpoints = mkOption { + endpoints = lib.mkOption { description = "Etcd endpoints"; - type = types.listOf types.str; + type = lib.types.listOf lib.types.str; default = ["http://127.0.0.1:2379"]; }; - prefix = mkOption { + prefix = lib.mkOption { description = "Etcd key prefix"; - type = types.str; + type = lib.types.str; default = "/coreos.com/network"; }; - caFile = mkOption { + caFile = lib.mkOption { description = "Etcd certificate authority file"; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; - certFile = mkOption { + certFile = lib.mkOption { description = "Etcd cert file"; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; - keyFile = mkOption { + keyFile = lib.mkOption { description = "Etcd key file"; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; }; - kubeconfig = mkOption { + kubeconfig = lib.mkOption { description = '' Path to kubeconfig to use for storing flannel config using the Kubernetes API ''; - type = types.nullOr types.path; + type = lib.types.nullOr lib.types.path; default = null; }; - network = mkOption { + network = lib.mkOption { description = " IPv4 network in CIDR format to use for the entire flannel network."; - type = types.str; + type = lib.types.str; }; - nodeName = mkOption { + nodeName = lib.mkOption { description = '' Needed when running with Kubernetes as backend as this cannot be auto-detected"; ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = config.networking.fqdnOrHostName; - defaultText = literalExpression "config.networking.fqdnOrHostName"; + defaultText = lib.literalExpression "config.networking.fqdnOrHostName"; example = "node1.example.com"; }; - storageBackend = mkOption { + storageBackend = lib.mkOption { description = "Determines where flannel stores its configuration at runtime"; - type = types.enum ["etcd" "kubernetes"]; + type = lib.types.enum ["etcd" "kubernetes"]; default = "etcd"; }; - subnetLen = mkOption { + subnetLen = lib.mkOption { description = '' The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network. ''; - type = types.int; + type = lib.types.int; default = 24; }; - subnetMin = mkOption { + subnetMin = lib.mkOption { description = '' The beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - subnetMax = mkOption { + subnetMax = lib.mkOption { description = '' The end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network. ''; - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; }; - backend = mkOption { + backend = lib.mkOption { description = "Type of backend to use and specific configurations for that backend."; - type = types.attrs; + type = lib.types.attrs; default = { Type = "vxlan"; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.flannel = { description = "Flannel Service"; wantedBy = [ "multi-user.target" ]; @@ -143,23 +140,23 @@ in { environment = { FLANNELD_PUBLIC_IP = cfg.publicIp; FLANNELD_IFACE = cfg.iface; - } // optionalAttrs (cfg.storageBackend == "etcd") { - FLANNELD_ETCD_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; + } // lib.optionalAttrs (cfg.storageBackend == "etcd") { + FLANNELD_ETCD_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints; FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile; FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile; FLANNELD_ETCD_CAFILE = cfg.etcd.caFile; ETCDCTL_CERT = cfg.etcd.certFile; ETCDCTL_KEY = cfg.etcd.keyFile; ETCDCTL_CACERT = cfg.etcd.caFile; - ETCDCTL_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; + ETCDCTL_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints; ETCDCTL_API = "3"; - } // optionalAttrs (cfg.storageBackend == "kubernetes") { + } // lib.optionalAttrs (cfg.storageBackend == "kubernetes") { FLANNELD_KUBE_SUBNET_MGR = "true"; FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig; NODE_NAME = cfg.nodeName; }; path = [ pkgs.iptables ]; - preStart = optionalString (cfg.storageBackend == "etcd") '' + preStart = lib.optionalString (cfg.storageBackend == "etcd") '' echo "setting network configuration" until ${pkgs.etcd}/bin/etcdctl put /coreos.com/network/config '${builtins.toJSON networkConfig}' do @@ -175,11 +172,11 @@ in { }; }; - services.etcd.enable = mkDefault (cfg.storageBackend == "etcd" && cfg.etcd.endpoints == ["http://127.0.0.1:2379"]); + services.etcd.enable = lib.mkDefault (cfg.storageBackend == "etcd" && cfg.etcd.endpoints == ["http://127.0.0.1:2379"]); # for some reason, flannel doesn't let you configure this path # see: https://github.com/coreos/flannel/blob/master/Documentation/configuration.md#configuration - environment.etc."kube-flannel/net-conf.json" = mkIf (cfg.storageBackend == "kubernetes") { + environment.etc."kube-flannel/net-conf.json" = lib.mkIf (cfg.storageBackend == "kubernetes") { source = pkgs.writeText "net-conf.json" (builtins.toJSON networkConfig); }; }; From a49fa6ee3bf1b16f5a796098eb8a4e6fe4312431 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 108/148] nixos/services.freenet: remove `with lib;` --- nixos/modules/services/networking/freenet.nix | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/networking/freenet.nix b/nixos/modules/services/networking/freenet.nix index 3da3ab0c7df48..4323b98d67075 100644 --- a/nixos/modules/services/networking/freenet.nix +++ b/nixos/modules/services/networking/freenet.nix @@ -1,9 +1,5 @@ # NixOS module for Freenet daemon - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.freenet; @@ -19,14 +15,14 @@ in services.freenet = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable the Freenet daemon"; }; - nice = mkOption { - type = types.int; + nice = lib.mkOption { + type = lib.types.int; default = 10; description = "Set the nice level for the Freenet daemon"; }; @@ -37,7 +33,7 @@ in ### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.freenet = { description = "Freenet daemon"; From 7cc95389d125c405e4215bf798618e56a30b8d3c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:07 +0200 Subject: [PATCH 109/148] nixos/services.freeradius: remove `with lib;` --- .../services/networking/freeradius.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/networking/freeradius.nix b/nixos/modules/services/networking/freeradius.nix index 7fa3a8fa17fa7..39a137aa541c5 100644 --- a/nixos/modules/services/networking/freeradius.nix +++ b/nixos/modules/services/networking/freeradius.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.freeradius; @@ -18,7 +15,7 @@ let serviceConfig = { ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" + - optionalString cfg.debug " -xx"; + lib.optionalString cfg.debug " -xx"; ExecReload = [ "${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout" "${pkgs.coreutils}/bin/kill -HUP $MAINPID" @@ -33,18 +30,18 @@ let }; freeradiusConfig = { - enable = mkEnableOption "the freeradius server"; + enable = lib.mkEnableOption "the freeradius server"; - configDir = mkOption { - type = types.path; + configDir = lib.mkOption { + type = lib.types.path; default = "/etc/raddb"; description = '' The path of the freeradius server configuration directory. ''; }; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable debug logging for freeradius (-xx @@ -68,7 +65,7 @@ in ###### implementation - config = mkIf (cfg.enable) { + config = lib.mkIf (cfg.enable) { users = { users.radius = { @@ -79,7 +76,7 @@ in }; systemd.services.freeradius = freeradiusService cfg; - warnings = optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!"; + warnings = lib.optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!"; }; From fdcec053e6394a406be84daa65ae5cabc1201b87 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 110/148] nixos/services.frp: remove `with lib;` --- nixos/modules/services/networking/frp.nix | 27 ++++++++++------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/nixos/modules/services/networking/frp.nix b/nixos/modules/services/networking/frp.nix index fc15efe5642db..56af543b845ba 100644 --- a/nixos/modules/services/networking/frp.nix +++ b/nixos/modules/services/networking/frp.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.frp; settingsFormat = pkgs.formats.toml { }; @@ -12,12 +9,12 @@ in { options = { services.frp = { - enable = mkEnableOption "frp"; + enable = lib.mkEnableOption "frp"; - package = mkPackageOption pkgs "frp" { }; + package = lib.mkPackageOption pkgs "frp" { }; - role = mkOption { - type = types.enum [ "server" "client" ]; + role = lib.mkOption { + type = lib.types.enum [ "server" "client" ]; description = '' The frp consists of `client` and `server`. The server is usually deployed on the machine with a public IP address, and @@ -26,7 +23,7 @@ in ''; }; - settings = mkOption { + settings = lib.mkOption { type = settingsFormat.type; default = { }; description = '' @@ -44,13 +41,13 @@ in config = let - serviceCapability = optionals isServer [ "CAP_NET_BIND_SERVICE" ]; + serviceCapability = lib.optionals isServer [ "CAP_NET_BIND_SERVICE" ]; executableFile = if isClient then "frpc" else "frps"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { systemd.services = { frp = { - wants = optionals isClient [ "network-online.target" ]; + wants = lib.optionals isClient [ "network-online.target" ]; after = if isClient then [ "network-online.target" ] else [ "network.target" ]; wantedBy = [ "multi-user.target" ]; description = "A fast reverse proxy frp ${cfg.role}"; @@ -59,10 +56,10 @@ in Restart = "on-failure"; RestartSec = 15; ExecStart = "${cfg.package}/bin/${executableFile} --strict_config -c ${configFile}"; - StateDirectoryMode = optionalString isServer "0700"; + StateDirectoryMode = lib.optionalString isServer "0700"; DynamicUser = true; # Hardening - UMask = optionalString isServer "0007"; + UMask = lib.optionalString isServer "0007"; CapabilityBoundingSet = serviceCapability; AmbientCapabilities = serviceCapability; PrivateDevices = true; @@ -72,7 +69,7 @@ in ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ] ++ optionals isClient [ "AF_UNIX" ]; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ] ++ lib.optionals isClient [ "AF_UNIX" ]; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; @@ -85,5 +82,5 @@ in }; }; - meta.maintainers = with maintainers; [ zaldnoay ]; + meta.maintainers = with lib.maintainers; [ zaldnoay ]; } From 191b68cd26542cfebd561d678ca06b7958c977db Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 111/148] nixos/services.frr: remove `with lib;` --- nixos/modules/services/networking/frr.nix | 57 +++++++++++------------ 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/nixos/modules/services/networking/frr.nix b/nixos/modules/services/networking/frr.nix index df2b4035d2f07..fd5673651f36b 100644 --- a/nixos/modules/services/networking/frr.nix +++ b/nixos/modules/services/networking/frr.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.frr; @@ -51,10 +48,10 @@ let serviceOptions = service: { - enable = mkEnableOption "the FRR ${toUpper service} routing protocol"; + enable = lib.mkEnableOption "the FRR ${lib.toUpper service} routing protocol"; - configFile = mkOption { - type = types.nullOr types.path; + configFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/etc/frr/${daemonName service}.conf"; description = '' @@ -63,8 +60,8 @@ let ''; }; - config = mkOption { - type = types.lines; + config = lib.mkOption { + type = lib.types.lines; default = ""; example = let @@ -91,24 +88,24 @@ let ''; }; - vtyListenAddress = mkOption { - type = types.str; + vtyListenAddress = lib.mkOption { + type = lib.types.str; default = "localhost"; description = '' Address to bind to for the VTY interface. ''; }; - vtyListenPort = mkOption { - type = types.nullOr types.int; + vtyListenPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; description = '' TCP Port to bind to for the VTY interface. ''; }; - extraOptions = mkOption { - type = types.listOf types.str; + extraOptions = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' Extra options for the daemon. @@ -125,9 +122,9 @@ in { options.services.frr = { zebra = (serviceOptions "zebra") // { - enable = mkOption { - type = types.bool; - default = any isEnabled services; + enable = lib.mkOption { + type = lib.types.bool; + default = lib.any isEnabled services; description = '' Whether to enable the Zebra routing manager. @@ -137,8 +134,8 @@ in }; }; mgmt = (serviceOptions "mgmt") // { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = isEnabled "static"; defaultText = lib.literalExpression "config.services.frr.static.enable"; description = '' @@ -152,12 +149,12 @@ in }; }; } - { options.services.frr = (genAttrs services serviceOptions); } + { options.services.frr = (lib.genAttrs services serviceOptions); } ]; ###### implementation - config = mkIf (any isEnabled allServices) { + config = lib.mkIf (lib.any isEnabled allServices) { environment.systemPackages = [ pkgs.frr # for the vtysh tool @@ -182,7 +179,7 @@ in }; in (builtins.listToAttrs - (map mkEtcLink (filter isEnabled allServices))) // { + (map mkEtcLink (lib.filter isEnabled allServices))) // { "frr/vtysh.conf".text = ""; }; @@ -197,19 +194,19 @@ in scfg = cfg.${service}; daemon = daemonName service; in - nameValuePair daemon ({ + lib.nameValuePair daemon ({ wantedBy = [ "multi-user.target" ]; after = [ "network-pre.target" "systemd-sysctl.service" ] ++ lib.optionals (service != "zebra") [ "zebra.service" ]; bindsTo = lib.optionals (service != "zebra") [ "zebra.service" ]; wants = [ "network.target" ]; description = if service == "zebra" then "FRR Zebra routing manager" - else "FRR ${toUpper service} routing daemon"; + else "FRR ${lib.toUpper service} routing daemon"; unitConfig.Documentation = if service == "zebra" then "man:zebra(8)" else "man:${daemon}(8) man:zebra(8)"; - restartTriggers = mkIf (service != "mgmt") [ + restartTriggers = lib.mkIf (service != "mgmt") [ (configFile service) ]; reloadIfChanged = (service != "mgmt"); @@ -217,15 +214,15 @@ in serviceConfig = { PIDFile = "frr/${daemon}.pid"; ExecStart = "${pkgs.frr}/libexec/frr/${daemon}" - + optionalString (scfg.vtyListenAddress != "") " -A ${scfg.vtyListenAddress}" - + optionalString (scfg.vtyListenPort != null) " -P ${toString scfg.vtyListenPort}" - + " " + (concatStringsSep " " scfg.extraOptions); - ExecReload = mkIf (service != "mgmt") "${pkgs.python3.interpreter} ${pkgs.frr}/libexec/frr/frr-reload.py --reload --daemon ${daemon} --bindir ${pkgs.frr}/bin --rundir /run/frr /etc/frr/${daemon}.conf"; + + lib.optionalString (scfg.vtyListenAddress != "") " -A ${scfg.vtyListenAddress}" + + lib.optionalString (scfg.vtyListenPort != null) " -P ${toString scfg.vtyListenPort}" + + " " + (lib.concatStringsSep " " scfg.extraOptions); + ExecReload = lib.mkIf (service != "mgmt") "${pkgs.python3.interpreter} ${pkgs.frr}/libexec/frr/frr-reload.py --reload --daemon ${daemon} --bindir ${pkgs.frr}/bin --rundir /run/frr /etc/frr/${daemon}.conf"; Restart = "on-abnormal"; }; }); in - listToAttrs (map frrService (filter isEnabled allServices)); + lib.listToAttrs (map frrService (lib.filter isEnabled allServices)); }; From d0901224e12bd83d959a51b2cd3cec19c7100885 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 112/148] nixos/services.gateone: remove `with lib;` --- nixos/modules/services/networking/gateone.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/gateone.nix b/nixos/modules/services/networking/gateone.nix index e68f8a47d5c0d..83a7ea2485943 100644 --- a/nixos/modules/services/networking/gateone.nix +++ b/nixos/modules/services/networking/gateone.nix @@ -1,25 +1,24 @@ { config, lib, pkgs, ...}: -with lib; let cfg = config.services.gateone; in { options = { services.gateone = { - enable = mkEnableOption "GateOne server"; - pidDir = mkOption { + enable = lib.mkEnableOption "GateOne server"; + pidDir = lib.mkOption { default = "/run/gateone"; - type = types.path; + type = lib.types.path; description = "Path of pid files for GateOne."; }; - settingsDir = mkOption { + settingsDir = lib.mkOption { default = "/var/lib/gateone"; - type = types.path; + type = lib.types.path; description = "Path of configuration files for GateOne."; }; }; }; -config = mkIf cfg.enable { +config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs.pythonPackages; [ gateone pkgs.openssh pkgs.procps pkgs.coreutils pkgs.cacert]; From 0b865525e8484167f8471bb4531e0f14c67281e2 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 113/148] nixos/services.gdomap: remove `with lib;` --- nixos/modules/services/networking/gdomap.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/gdomap.nix b/nixos/modules/services/networking/gdomap.nix index 3d829cb691353..b7d6e2a2b690f 100644 --- a/nixos/modules/services/networking/gdomap.nix +++ b/nixos/modules/services/networking/gdomap.nix @@ -1,21 +1,18 @@ { config, lib, pkgs, ... }: - -with lib; - { # # interface # options = { services.gdomap = { - enable = mkEnableOption "GNUstep Distributed Objects name server"; + enable = lib.mkEnableOption "GNUstep Distributed Objects name server"; }; }; # # implementation # - config = mkIf config.services.gdomap.enable { + config = lib.mkIf config.services.gdomap.enable { # NOTE: gdomap runs as root # TODO: extra user for gdomap? systemd.services.gdomap = { From 878c5dc6eb318111e856e7b1b70d5984cfd42816 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 114/148] nixos/services.gitDaemon: remove `with lib;` --- .../services/networking/git-daemon.nix | 53 +++++++++---------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/git-daemon.nix b/nixos/modules/services/networking/git-daemon.nix index 522e6b14f868f..215d7f79a52cf 100644 --- a/nixos/modules/services/networking/git-daemon.nix +++ b/nixos/modules/services/networking/git-daemon.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.gitDaemon; @@ -12,8 +11,8 @@ in options = { services.gitDaemon = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable Git daemon, which allows public hosting of git repositories @@ -27,10 +26,10 @@ in ''; }; - package = mkPackageOption pkgs "git" { }; + package = lib.mkPackageOption pkgs "git" { }; - basePath = mkOption { - type = types.str; + basePath = lib.mkOption { + type = lib.types.str; default = ""; example = "/srv/git/"; description = '' @@ -40,8 +39,8 @@ in ''; }; - exportAll = mkOption { - type = types.bool; + exportAll = lib.mkOption { + type = lib.types.bool; default = false; description = '' Publish all directories that look like Git repositories (have the objects @@ -55,8 +54,8 @@ in ''; }; - repositories = mkOption { - type = types.listOf types.str; + repositories = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "/srv/git" "/home/user/git/repo2" ]; description = '' @@ -68,33 +67,33 @@ in ''; }; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; default = ""; example = "example.com"; description = "Listen on a specific IP address or hostname."; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 9418; description = "Port to listen on."; }; - options = mkOption { - type = types.str; + options = lib.mkOption { + type = lib.types.str; default = ""; description = "Extra configuration options to be passed to Git daemon."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "git"; description = "User under which Git daemon would be running."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "git"; description = "Group under which Git daemon would be running."; }; @@ -104,9 +103,9 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == "git") { + users.users = lib.optionalAttrs (cfg.user == "git") { git = { uid = config.ids.uids.git; group = "git"; @@ -114,18 +113,18 @@ in }; }; - users.groups = optionalAttrs (cfg.group == "git") { + users.groups = lib.optionalAttrs (cfg.group == "git") { git.gid = config.ids.gids.git; }; systemd.services.git-daemon = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${getExe cfg.package} daemon --reuseaddr " - + (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") - + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") + script = "${lib.getExe cfg.package} daemon --reuseaddr " + + (lib.optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") + + (lib.optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} " - + "--verbose " + (optionalString cfg.exportAll "--export-all ") + concatStringsSep " " cfg.repositories; + + "--verbose " + (lib.optionalString cfg.exportAll "--export-all ") + lib.concatStringsSep " " cfg.repositories; }; }; From 7a65f586985d06875aaa075a98944dcd51a3c91f Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 115/148] nixos/services.globalprotect: remove `with lib;` --- .../services/networking/globalprotect-vpn.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix index 4292bba78f767..87ce8a5e142f7 100644 --- a/nixos/modules/services/networking/globalprotect-vpn.nix +++ b/nixos/modules/services/networking/globalprotect-vpn.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.globalprotect; @@ -14,9 +11,9 @@ in { options.services.globalprotect = { - enable = mkEnableOption "globalprotect"; + enable = lib.mkEnableOption "globalprotect"; - settings = mkOption { + settings = lib.mkOption { description = '' GlobalProtect-openconnect configuration. For more information, visit . @@ -27,21 +24,21 @@ in openconnect-args = "--script=/path/to/vpnc-script"; }; }; - type = types.attrs; + type = lib.types.attrs; }; - csdWrapper = mkOption { + csdWrapper = lib.mkOption { description = '' A script that will produce a Host Integrity Protection (HIP) report, as described at ''; default = null; - example = literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; - type = types.nullOr types.path; + example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; + type = lib.types.nullOr lib.types.path; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.dbus.packages = [ pkgs.globalprotect-openconnect ]; environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings; From 3e72e14a6dd84429fdde7e24899bca10942d07c0 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:08 +0200 Subject: [PATCH 116/148] nixos/services.gnunet: remove `with lib;` --- nixos/modules/services/networking/gnunet.nix | 39 +++++++++----------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/nixos/modules/services/networking/gnunet.nix b/nixos/modules/services/networking/gnunet.nix index cfe1e1709142e..7380f22c13f2f 100644 --- a/nixos/modules/services/networking/gnunet.nix +++ b/nixos/modules/services/networking/gnunet.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.gnunet; @@ -44,8 +41,8 @@ in services.gnunet = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to run the GNUnet daemon. GNUnet is GNU's anonymous @@ -54,8 +51,8 @@ in }; fileSharing = { - quota = mkOption { - type = types.int; + quota = lib.mkOption { + type = lib.types.int; default = 1024; description = '' Maximum file system usage (in MiB) for file sharing. @@ -64,8 +61,8 @@ in }; udp = { - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 2086; # assigned by IANA description = '' The UDP port for use by GNUnet. @@ -74,8 +71,8 @@ in }; tcp = { - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 2086; # assigned by IANA description = '' The TCP port for use by GNUnet. @@ -84,8 +81,8 @@ in }; load = { - maxNetDownBandwidth = mkOption { - type = types.int; + maxNetDownBandwidth = lib.mkOption { + type = lib.types.int; default = 50000; description = '' Maximum bandwidth usage (in bits per second) for GNUnet @@ -93,8 +90,8 @@ in ''; }; - maxNetUpBandwidth = mkOption { - type = types.int; + maxNetUpBandwidth = lib.mkOption { + type = lib.types.int; default = 50000; description = '' Maximum bandwidth usage (in bits per second) for GNUnet @@ -102,8 +99,8 @@ in ''; }; - hardNetUpBandwidth = mkOption { - type = types.int; + hardNetUpBandwidth = lib.mkOption { + type = lib.types.int; default = 0; description = '' Hard bandwidth limit (in bits per second) when uploading @@ -112,12 +109,12 @@ in }; }; - package = mkPackageOption pkgs "gnunet" { + package = lib.mkPackageOption pkgs "gnunet" { example = "gnunet_git"; }; - extraOptions = mkOption { - type = types.lines; + extraOptions = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Additional options that will be copied verbatim in `gnunet.conf`. @@ -131,7 +128,7 @@ in ###### implementation - config = mkIf config.services.gnunet.enable { + config = lib.mkIf config.services.gnunet.enable { users.users.gnunet = { group = "gnunet"; From 9ca9ac0b5165d4c37addbb390f61997068c0442b Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 117/148] nixos/services.go-autoconfig: remove `with lib;` --- nixos/modules/services/networking/go-autoconfig.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/go-autoconfig.nix b/nixos/modules/services/networking/go-autoconfig.nix index 2fc7c53218ca4..b31ef227c587f 100644 --- a/nixos/modules/services/networking/go-autoconfig.nix +++ b/nixos/modules/services/networking/go-autoconfig.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.go-autoconfig; @@ -12,19 +9,19 @@ in { options = { services.go-autoconfig = { - enable = mkEnableOption "IMAP/SMTP autodiscover feature for mail clients"; + enable = lib.mkEnableOption "IMAP/SMTP autodiscover feature for mail clients"; - settings = mkOption { + settings = lib.mkOption { default = { }; description = '' Configuration for go-autoconfig. See for more information. ''; - type = types.submodule { + type = lib.types.submodule { freeformType = format.type; }; - example = literalExpression '' + example = lib.literalExpression '' { service_addr = ":1323"; domain = "autoconfig.example.org"; @@ -43,7 +40,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd = { services.go-autoconfig = { From 2ec70782ab5b6883167a3e5334e1fdc1d7140077 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 118/148] nixos/services.go-neb: remove `with lib;` --- nixos/modules/services/networking/go-neb.nix | 23 +++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/networking/go-neb.nix b/nixos/modules/services/networking/go-neb.nix index ae414509162b2..4a43c574ff530 100644 --- a/nixos/modules/services/networking/go-neb.nix +++ b/nixos/modules/services/networking/go-neb.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.go-neb; @@ -9,16 +6,16 @@ let configFile = settingsFormat.generate "config.yaml" cfg.config; in { options.services.go-neb = { - enable = mkEnableOption "an extensible matrix bot written in Go"; + enable = lib.mkEnableOption "an extensible matrix bot written in Go"; - bindAddress = mkOption { - type = types.str; + bindAddress = lib.mkOption { + type = lib.types.str; description = "Port (and optionally address) to listen on."; default = ":4050"; }; - secretFile = mkOption { - type = types.nullOr types.path; + secretFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/go-neb.env"; description = '' @@ -30,12 +27,12 @@ in { ''; }; - baseUrl = mkOption { - type = types.str; + baseUrl = lib.mkOption { + type = lib.types.str; description = "Public-facing endpoint that can receive webhooks."; }; - config = mkOption { + config = lib.mkOption { inherit (settingsFormat) type; description = '' Your {file}`config.yaml` as a Nix attribute set. @@ -45,7 +42,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.go-neb = let finalConfigFile = if cfg.secretFile == null then configFile else "/var/run/go-neb/config.yaml"; in { @@ -74,5 +71,5 @@ in { }; }; - meta.maintainers = with maintainers; [ hexa maralorn ]; + meta.maintainers = with lib.maintainers; [ hexa maralorn ]; } From 90a98fc1035dd7dc9b49d088a84528bc05a18456 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 119/148] nixos/services.go-shadowsocks2: remove `with lib;` --- nixos/modules/services/networking/go-shadowsocks2.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/networking/go-shadowsocks2.nix b/nixos/modules/services/networking/go-shadowsocks2.nix index afbd7ea27c65c..438d3fb1c0a60 100644 --- a/nixos/modules/services/networking/go-shadowsocks2.nix +++ b/nixos/modules/services/networking/go-shadowsocks2.nix @@ -1,20 +1,18 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.go-shadowsocks2.server; in { options.services.go-shadowsocks2.server = { - enable = mkEnableOption "go-shadowsocks2 server"; + enable = lib.mkEnableOption "go-shadowsocks2 server"; - listenAddress = mkOption { - type = types.str; + listenAddress = lib.mkOption { + type = lib.types.str; description = "Server listen address or URL"; example = "ss://AEAD_CHACHA20_POLY1305:your-password@:8488"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.go-shadowsocks2-server = { description = "go-shadowsocks2 server"; From a811ef8255b5b585309eac8e883cd6bdfef38a2b Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 120/148] nixos/services.gobgpd: remove `with lib;` --- nixos/modules/services/networking/gobgpd.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/gobgpd.nix b/nixos/modules/services/networking/gobgpd.nix index e5d8c190b9118..79f1adf4e314d 100644 --- a/nixos/modules/services/networking/gobgpd.nix +++ b/nixos/modules/services/networking/gobgpd.nix @@ -1,16 +1,13 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.gobgpd; format = pkgs.formats.toml { }; confFile = format.generate "gobgpd.conf" cfg.settings; in { options.services.gobgpd = { - enable = mkEnableOption "GoBGP Routing Daemon"; + enable = lib.mkEnableOption "GoBGP Routing Daemon"; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = { }; description = '' @@ -18,7 +15,7 @@ in { for details on supported values. ''; - example = literalExpression '' + example = lib.literalExpression '' { global = { config = { @@ -45,7 +42,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.gobgpd ]; systemd.services.gobgpd = { wantedBy = [ "multi-user.target" ]; From f30e72ffbb3f906943a6c696ae429754abf758a8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 121/148] nixos/services.hans: remove `with lib;` --- nixos/modules/services/networking/hans.nix | 58 ++++++++++------------ 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix index 0d0e2c340ebf1..b1cb37158a043 100644 --- a/nixos/modules/services/networking/hans.nix +++ b/nixos/modules/services/networking/hans.nix @@ -1,9 +1,5 @@ # NixOS module for hans, ip over icmp daemon - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.hans; @@ -17,7 +13,7 @@ in options = { services.hans = { - clients = mkOption { + clients = lib.mkOption { default = {}; description = '' Each attribute of this option defines a systemd service that @@ -27,7 +23,7 @@ in where «name» is the name of the corresponding attribute name. ''; - example = literalExpression '' + example = lib.literalExpression '' { foo = { server = "192.0.2.1"; @@ -35,25 +31,25 @@ in } } ''; - type = types.attrsOf (types.submodule ( + type = lib.types.attrsOf (lib.types.submodule ( { options = { - server = mkOption { - type = types.str; + server = lib.mkOption { + type = lib.types.str; default = ""; description = "IP address of server running hans"; example = "192.0.2.1"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-v"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "File that contains password"; }; @@ -63,34 +59,34 @@ in }; server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "enable hans server"; }; - ip = mkOption { - type = types.str; + ip = lib.mkOption { + type = lib.types.str; default = ""; description = "The assigned ip range"; example = "198.51.100.0"; }; - respondToSystemPings = mkOption { - type = types.bool; + respondToSystemPings = lib.mkOption { + type = lib.types.bool; default = false; description = "Force hans respond to ordinary pings"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-v"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "File that contains password"; }; @@ -101,8 +97,8 @@ in ### implementation - config = mkIf (cfg.server.enable || cfg.clients != {}) { - boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings { + config = lib.mkIf (cfg.server.enable || cfg.clients != {}) { + boot.kernel.sysctl = lib.optionalAttrs cfg.server.respondToSystemPings { "net.ipv4.icmp_echo_ignore_all" = 1; }; @@ -115,23 +111,23 @@ in description = "hans client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; + script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${lib.optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; }; }; in - listToAttrs ( - mapAttrsToList - (name: value: nameValuePair "hans-${name}" (createHansClientService name value)) + lib.listToAttrs ( + lib.mapAttrsToList + (name: value: lib.nameValuePair "hans-${name}" (createHansClientService name value)) cfg.clients ) // { - hans = mkIf (cfg.server.enable) { + hans = lib.mkIf (cfg.server.enable) { description = "hans, ip over icmp server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}"; + script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${lib.optionalString cfg.server.respondToSystemPings "-r"} ${lib.optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}"; }; }; From 9ceab680a6c0d721d503c8339582be8cb1d36442 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 122/148] nixos/services.haproxy: remove `with lib;` --- nixos/modules/services/networking/haproxy.nix | 27 ++++++++----------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix index 19b096bf49069..23c06f2949808 100644 --- a/nixos/modules/services/networking/haproxy.nix +++ b/nixos/modules/services/networking/haproxy.nix @@ -1,40 +1,35 @@ { config, lib, pkgs, ... }: - let cfg = config.services.haproxy; - haproxyCfg = pkgs.writeText "haproxy.conf" '' global # needed for hot-reload to work without dropping packets in multi-worker mode stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level user - ${cfg.config} ''; - in -with lib; { options = { services.haproxy = { - enable = mkEnableOption "HAProxy, the reliable, high performance TCP/HTTP load balancer"; + enable = lib.mkEnableOption "HAProxy, the reliable, high performance TCP/HTTP load balancer"; - package = mkPackageOption pkgs "haproxy" { }; + package = lib.mkPackageOption pkgs "haproxy" { }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "haproxy"; description = "User account under which haproxy runs."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "haproxy"; description = "Group account under which haproxy runs."; }; - config = mkOption { - type = types.nullOr types.lines; + config = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; description = '' Contents of the HAProxy configuration file, @@ -44,7 +39,7 @@ with lib; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [{ assertion = cfg.config != null; @@ -93,14 +88,14 @@ with lib; }; }; - users.users = optionalAttrs (cfg.user == "haproxy") { + users.users = lib.optionalAttrs (cfg.user == "haproxy") { haproxy = { group = cfg.group; isSystemUser = true; }; }; - users.groups = optionalAttrs (cfg.group == "haproxy") { + users.groups = lib.optionalAttrs (cfg.group == "haproxy") { haproxy = {}; }; }; From 49224ecc3b41c31b8a566752b87e362a4825c0ce Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:09 +0200 Subject: [PATCH 123/148] nixos/services.htpdate: remove `with lib;` --- nixos/modules/services/networking/htpdate.nix | 27 +++++++++---------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/nixos/modules/services/networking/htpdate.nix b/nixos/modules/services/networking/htpdate.nix index 6954e5b060c4c..fa422854872c6 100644 --- a/nixos/modules/services/networking/htpdate.nix +++ b/nixos/modules/services/networking/htpdate.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inherit (pkgs) htpdate; @@ -16,32 +13,32 @@ in services.htpdate = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable htpdate daemon. ''; }; - extraOptions = mkOption { - type = types.str; + extraOptions = lib.mkOption { + type = lib.types.str; default = ""; description = '' Additional command line arguments to pass to htpdate. ''; }; - servers = mkOption { - type = types.listOf types.str; + servers = lib.mkOption { + type = lib.types.listOf lib.types.str; default = [ "www.google.com" ]; description = '' HTTP servers to use for time synchronization. ''; }; - proxy = mkOption { - type = types.str; + proxy = lib.mkOption { + type = lib.types.str; default = ""; example = "127.0.0.1:8118"; description = '' @@ -55,7 +52,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.htpdate = { description = "htpdate daemon"; @@ -63,14 +60,14 @@ in serviceConfig = { Type = "forking"; PIDFile = "/run/htpdate.pid"; - ExecStart = concatStringsSep " " [ + ExecStart = lib.concatStringsSep " " [ "${htpdate}/bin/htpdate" "-D -u nobody" "-a -s" "-l" - "${optionalString (cfg.proxy != "") "-P ${cfg.proxy}"}" + "${lib.optionalString (cfg.proxy != "") "-P ${cfg.proxy}"}" "${cfg.extraOptions}" - "${concatStringsSep " " cfg.servers}" + "${lib.concatStringsSep " " cfg.servers}" ]; }; }; From f69dd2df9af8cabf7e54fb2b2b2e9a495712c13b Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 124/148] nixos/services.i2p: remove `with lib;` --- nixos/modules/services/networking/i2p.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/i2p.nix b/nixos/modules/services/networking/i2p.nix index 2b38697b1f471..5d7b339dc01b5 100644 --- a/nixos/modules/services/networking/i2p.nix +++ b/nixos/modules/services/networking/i2p.nix @@ -1,17 +1,14 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.i2p; homeDir = "/var/lib/i2p"; in { ###### interface - options.services.i2p.enable = mkEnableOption "I2P router"; + options.services.i2p.enable = lib.mkEnableOption "I2P router"; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.i2p = { group = "i2p"; description = "i2p User"; From b610b3cac2c390ceaff6106272b107320940d66a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 125/148] nixos/services.inadyn: remove `with lib;` --- nixos/modules/services/networking/inadyn.nix | 55 +++++++++----------- 1 file changed, 26 insertions(+), 29 deletions(-) diff --git a/nixos/modules/services/networking/inadyn.nix b/nixos/modules/services/networking/inadyn.nix index 7022673538c8a..c98d6a2315061 100644 --- a/nixos/modules/services/networking/inadyn.nix +++ b/nixos/modules/services/networking/inadyn.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.inadyn; @@ -11,10 +8,10 @@ let renderOption = k: v: if builtins.elem k [ "provider" "custom" ] then lib.concatStringsSep "\n" - (mapAttrsToList + (lib.mapAttrsToList (name: config: '' ${k} ${name} { - ${lib.concatStringsSep "\n " (mapAttrsToList renderOption (filterAttrs nonEmptyValue config))} + ${lib.concatStringsSep "\n " (lib.mapAttrsToList renderOption (lib.filterAttrs nonEmptyValue config))} }'') v) else if k == "include" then @@ -22,7 +19,7 @@ let else if k == "hostname" && builtins.isList v then "${k} = { ${builtins.concatStringsSep ", " (map (s: "\"${s}\"") v)} }" else if builtins.isBool v then - "${k} = ${boolToString v}" + "${k} = ${lib.boolToString v}" else if builtins.isString v then "${k} = \"${v}\"" else @@ -33,32 +30,32 @@ let # This file was generated by nix # do not edit - ${(lib.concatStringsSep "\n" (mapAttrsToList renderOption (filterAttrs nonEmptyValue cfg.settings)))} + ${(lib.concatStringsSep "\n" (lib.mapAttrsToList renderOption (lib.filterAttrs nonEmptyValue cfg.settings)))} ''; configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; in { - options.services.inadyn = with types; + options.services.inadyn = with lib.types; let providerOptions = { - include = mkOption { + include = lib.mkOption { default = null; description = "File to include additional settings for this provider from."; type = nullOr path; }; - ssl = mkOption { + ssl = lib.mkOption { default = true; description = "Whether to use HTTPS for this DDNS provider."; type = bool; }; - username = mkOption { + username = lib.mkOption { default = null; description = "Username for this DDNS provider."; type = nullOr str; }; - password = mkOption { + password = lib.mkOption { default = null; description = '' Password for this DDNS provider. @@ -68,7 +65,7 @@ in ''; type = nullOr str; }; - hostname = mkOption { + hostname = lib.mkOption { default = "*"; example = "your.cool-domain.com"; description = "Hostname alias(es)."; @@ -77,12 +74,12 @@ in }; in { - enable = mkEnableOption ('' + enable = lib.mkEnableOption ('' synchronise your machine's IP address with a dynamic DNS provider using inadyn ''); - user = mkOption { + user = lib.mkOption { default = "inadyn"; - type = types.str; + type = lib.types.str; description = '' User account under which inadyn runs. @@ -93,9 +90,9 @@ in ::: ''; }; - group = mkOption { + group = lib.mkOption { default = "inadyn"; - type = types.str; + type = lib.types.str; description = '' Group account under which inadyn runs. @@ -106,7 +103,7 @@ in ::: ''; }; - interval = mkOption { + interval = lib.mkOption { default = "*-*-* *:*:00"; description = '' How often to check the current IP. @@ -119,24 +116,24 @@ in default = "notice"; description = "Set inadyn's log level."; }; - settings = mkOption { + settings = lib.mkOption { default = { }; description = "See `inadyn.conf (5)`"; type = submodule { freeformType = attrs; options = { - allow-ipv6 = mkOption { + allow-ipv6 = lib.mkOption { default = config.networking.enableIPv6; defaultText = "`config.networking.enableIPv6`"; description = "Whether to get IPv6 addresses from interfaces."; type = bool; }; - forced-update = mkOption { + forced-update = lib.mkOption { default = 2592000; description = "Duration (in seconds) after which an update is forced."; type = ints.positive; }; - provider = mkOption { + provider = lib.mkOption { default = { }; description = '' Settings for DDNS providers built-in to inadyn. @@ -148,7 +145,7 @@ in options = providerOptions; }); }; - custom = mkOption { + custom = lib.mkOption { default = { }; description = '' Settings for custom DNS providers. @@ -156,11 +153,11 @@ in type = attrsOf (submodule { freeformType = attrs; options = providerOptions // { - ddns-server = mkOption { + ddns-server = lib.mkOption { description = "DDNS server name."; type = str; }; - ddns-path = mkOption { + ddns-path = lib.mkOption { description = '' DDNS server path. @@ -175,7 +172,7 @@ in }; }; }; - configFile = mkOption { + configFile = lib.mkOption { default = null; description = '' Configuration file for inadyn. @@ -238,12 +235,12 @@ in timers.inadyn.timerConfig.Persistent = true; }; - users.users.inadyn = mkIf (cfg.user == "inadyn") { + users.users.inadyn = lib.mkIf (cfg.user == "inadyn") { group = cfg.group; isSystemUser = true; }; - users.groups = mkIf (cfg.group == "inadyn") { + users.groups = lib.mkIf (cfg.group == "inadyn") { inadyn = { }; }; }; From aa27551b009d69ef08ec973aa0ba164cfba1ef07 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 126/148] nixos/services.iodine: remove `with lib;` --- nixos/modules/services/networking/iodine.nix | 74 +++++++++----------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix index c474f5f278bf8..2bdfa6f1b844a 100644 --- a/nixos/modules/services/networking/iodine.nix +++ b/nixos/modules/services/networking/iodine.nix @@ -1,24 +1,20 @@ # NixOS module for iodine, ip over dns daemon - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.iodine; iodinedUser = "iodined"; /* is this path made unreadable by ProtectHome = true ? */ - isProtected = x: hasPrefix "/root" x || hasPrefix "/home" x; + isProtected = x: lib.hasPrefix "/root" x || lib.hasPrefix "/home" x; in { imports = [ - (mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ]) - (mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ]) - (mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ]) - (mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ]) - (mkRemovedOptionModule [ "services" "iodined" "client" ] "") + (lib.mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ]) + (lib.mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ]) + (lib.mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ]) + (lib.mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ]) + (lib.mkRemovedOptionModule [ "services" "iodined" "client" ] "") ]; ### configuration @@ -26,7 +22,7 @@ in options = { services.iodine = { - clients = mkOption { + clients = lib.mkOption { default = {}; description = '' Each attribute of this option defines a systemd service that @@ -36,7 +32,7 @@ in where «name» is the name of the corresponding attribute name. ''; - example = literalExpression '' + example = lib.literalExpression '' { foo = { server = "tunnel.mdomain.com"; @@ -45,33 +41,33 @@ in } } ''; - type = types.attrsOf ( - types.submodule ( + type = lib.types.attrsOf ( + lib.types.submodule ( { options = { - server = mkOption { - type = types.str; + server = lib.mkOption { + type = lib.types.str; default = ""; description = "Hostname of server running iodined"; example = "tunnel.mydomain.com"; }; - relay = mkOption { - type = types.str; + relay = lib.mkOption { + type = lib.types.str; default = ""; description = "DNS server to use as an intermediate relay to the iodined server"; example = "8.8.8.8"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "Path to a file containing the password."; }; @@ -82,35 +78,35 @@ in }; server = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "enable iodined server"; }; - ip = mkOption { - type = types.str; + ip = lib.mkOption { + type = lib.types.str; default = ""; description = "The assigned ip address or ip range"; example = "172.16.10.1/24"; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; default = ""; description = "Domain or subdomain of which nameservers point to us"; example = "tunnel.mydomain.com"; }; - extraConfig = mkOption { - type = types.str; + extraConfig = lib.mkOption { + type = lib.types.str; default = ""; description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; default = ""; description = "File that contains password"; }; @@ -121,7 +117,7 @@ in ### implementation - config = mkIf (cfg.server.enable || cfg.clients != {}) { + config = lib.mkIf (cfg.server.enable || cfg.clients != {}) { environment.systemPackages = [ pkgs.iodine ]; boot.kernelModules = [ "tun" ]; @@ -132,7 +128,7 @@ in description = "iodine client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; + script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${lib.optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; @@ -157,16 +153,16 @@ in }; }; in - listToAttrs ( - mapAttrsToList - (name: value: nameValuePair "iodine-${name}" (createIodineClientService name value)) + lib.listToAttrs ( + lib.mapAttrsToList + (name: value: lib.nameValuePair "iodine-${name}" (createIodineClientService name value)) cfg.clients ) // { - iodined = mkIf (cfg.server.enable) { + iodined = lib.mkIf (cfg.server.enable) { description = "iodine, ip over dns server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; + script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${lib.optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; serviceConfig = { # Filesystem access ProtectSystem = "strict"; From 050c81941d1f982d7c800efb28f8e73ca66fa7ba Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 127/148] nixos/services.ivpn: remove `with lib;` --- nixos/modules/services/networking/ivpn.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/ivpn.nix b/nixos/modules/services/networking/ivpn.nix index 535510f4e8134..6482bbadaeb2a 100644 --- a/nixos/modules/services/networking/ivpn.nix +++ b/nixos/modules/services/networking/ivpn.nix @@ -2,11 +2,10 @@ let cfg = config.services.ivpn; in -with lib; { options.services.ivpn = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option enables iVPN daemon. @@ -15,7 +14,7 @@ with lib; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { boot.kernelModules = [ "tun" ]; environment.systemPackages = with pkgs; [ ivpn ivpn-service ]; @@ -47,5 +46,5 @@ with lib; }; }; - meta.maintainers = with maintainers; [ ataraxiasjel ]; + meta.maintainers = with lib.maintainers; [ ataraxiasjel ]; } From 0cca8e97562e44d6ca0923fda53058465b43cf54 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 128/148] nixos/services.jicofo: remove `with lib;` --- nixos/modules/services/networking/jicofo.nix | 31 +++++++++----------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/networking/jicofo.nix b/nixos/modules/services/networking/jicofo.nix index d4199c10fa2e3..91906e417361d 100644 --- a/nixos/modules/services/networking/jicofo.nix +++ b/nixos/modules/services/networking/jicofo.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jicofo; @@ -10,10 +7,10 @@ let configFile = format.generate "jicofo.conf" cfg.config; in { - options.services.jicofo = with types; { - enable = mkEnableOption "Jitsi Conference Focus - component of Jitsi Meet"; + options.services.jicofo = with lib.types; { + enable = lib.mkEnableOption "Jitsi Conference Focus - component of Jitsi Meet"; - xmppHost = mkOption { + xmppHost = lib.mkOption { type = str; example = "localhost"; description = '' @@ -21,7 +18,7 @@ in ''; }; - xmppDomain = mkOption { + xmppDomain = lib.mkOption { type = nullOr str; example = "meet.example.org"; description = '' @@ -31,7 +28,7 @@ in ''; }; - componentPasswordFile = mkOption { + componentPasswordFile = lib.mkOption { type = str; example = "/run/keys/jicofo-component"; description = '' @@ -39,7 +36,7 @@ in ''; }; - userName = mkOption { + userName = lib.mkOption { type = str; default = "focus"; description = '' @@ -47,7 +44,7 @@ in ''; }; - userDomain = mkOption { + userDomain = lib.mkOption { type = str; example = "auth.meet.example.org"; description = '' @@ -55,7 +52,7 @@ in ''; }; - userPasswordFile = mkOption { + userPasswordFile = lib.mkOption { type = str; example = "/run/keys/jicofo-user"; description = '' @@ -63,7 +60,7 @@ in ''; }; - bridgeMuc = mkOption { + bridgeMuc = lib.mkOption { type = str; example = "jvbbrewery@internal.meet.example.org"; description = '' @@ -71,10 +68,10 @@ in ''; }; - config = mkOption { + config = lib.mkOption { type = format.type; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { jicofo.bridge.max-bridge-participants = 42; } @@ -85,7 +82,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.jicofo.config = { jicofo = { bridge.brewery-jid = cfg.bridgeMuc; @@ -120,7 +117,7 @@ in restartTriggers = [ configFile ]; - environment.JAVA_SYS_PROPS = concatStringsSep " " (mapAttrsToList (k: v: "${k}=${toString v}") jicofoProps); + environment.JAVA_SYS_PROPS = lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "${k}=${toString v}") jicofoProps); script = '' export JICOFO_AUTH_PASS="$(<${cfg.userPasswordFile})" @@ -154,7 +151,7 @@ in environment.etc."jitsi/jicofo/sip-communicator.properties".text = ""; environment.etc."jitsi/jicofo/logging.properties".source = - mkDefault "${pkgs.jicofo}/etc/jitsi/jicofo/logging.properties-journal"; + lib.mkDefault "${pkgs.jicofo}/etc/jitsi/jicofo/logging.properties-journal"; }; meta.maintainers = lib.teams.jitsi.members; From fee0a07c2865e6e9b2bd66e65dbda268f9da50cd Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 129/148] nixos/services.jigasi: remove `with lib;` --- nixos/modules/services/networking/jigasi.nix | 41 +++++++++----------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/networking/jigasi.nix b/nixos/modules/services/networking/jigasi.nix index e701689031b14..d69d905788f40 100644 --- a/nixos/modules/services/networking/jigasi.nix +++ b/nixos/modules/services/networking/jigasi.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jigasi; homeDirName = "jigasi-home"; @@ -10,10 +7,10 @@ let sipCommunicatorPropertiesFileUnsubstituted = "${pkgs.jigasi}/etc/jitsi/jigasi/sip-communicator.properties"; in { - options.services.jigasi = with types; { - enable = mkEnableOption "Jitsi Gateway to SIP - component of Jitsi Meet"; + options.services.jigasi = with lib.types; { + enable = lib.mkEnableOption "Jitsi Gateway to SIP - component of Jitsi Meet"; - xmppHost = mkOption { + xmppHost = lib.mkOption { type = str; example = "localhost"; description = '' @@ -21,7 +18,7 @@ in ''; }; - xmppDomain = mkOption { + xmppDomain = lib.mkOption { type = nullOr str; example = "meet.example.org"; description = '' @@ -31,7 +28,7 @@ in ''; }; - componentPasswordFile = mkOption { + componentPasswordFile = lib.mkOption { type = str; example = "/run/keys/jigasi-component"; description = '' @@ -39,7 +36,7 @@ in ''; }; - userName = mkOption { + userName = lib.mkOption { type = str; default = "callcontrol"; description = '' @@ -47,7 +44,7 @@ in ''; }; - userDomain = mkOption { + userDomain = lib.mkOption { type = str; example = "internal.meet.example.org"; description = '' @@ -55,7 +52,7 @@ in ''; }; - userPasswordFile = mkOption { + userPasswordFile = lib.mkOption { type = str; example = "/run/keys/jigasi-user"; description = '' @@ -63,7 +60,7 @@ in ''; }; - bridgeMuc = mkOption { + bridgeMuc = lib.mkOption { type = str; example = "jigasibrewery@internal.meet.example.org"; description = '' @@ -71,7 +68,7 @@ in ''; }; - defaultJvbRoomName = mkOption { + defaultJvbRoomName = lib.mkOption { type = str; default = ""; example = "siptest"; @@ -80,8 +77,8 @@ in ''; }; - environmentFile = mkOption { - type = types.nullOr types.path; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = '' File containing environment variables to be passed to the jigasi service, @@ -93,10 +90,10 @@ in ''; }; - config = mkOption { + config = lib.mkOption { type = attrsOf str; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "org.jitsi.jigasi.auth.URL" = "XMPP:jitsi-meet.example.com"; } @@ -107,12 +104,12 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.jicofo.config = { "org.jitsi.jicofo.jigasi.BREWERY" = "${cfg.bridgeMuc}"; }; - services.jigasi.config = mapAttrs (_: v: mkDefault v) { + services.jigasi.config = lib.mapAttrs (_: v: lib.mkDefault v) { "org.jitsi.jigasi.BRIDGE_MUC" = cfg.bridgeMuc; }; @@ -186,7 +183,7 @@ in restartTriggers = [ config.environment.etc."jitsi/jigasi/sip-communicator.properties".source ]; - environment.JAVA_SYS_PROPS = concatStringsSep " " (mapAttrsToList (k: v: "${k}=${toString v}") jigasiProps); + environment.JAVA_SYS_PROPS = lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "${k}=${toString v}") jigasiProps); script = '' ${pkgs.jigasi}/bin/jigasi \ @@ -228,9 +225,9 @@ in }; environment.etc."jitsi/jigasi/sip-communicator.properties".source = - mkDefault "${sipCommunicatorPropertiesFile}"; + lib.mkDefault "${sipCommunicatorPropertiesFile}"; environment.etc."jitsi/jigasi/logging.properties".source = - mkDefault "${stateDir}/logging.properties-journal"; + lib.mkDefault "${stateDir}/logging.properties-journal"; }; meta.maintainers = lib.teams.jitsi.members; From 6c50168c7c5ba31a73e27c7b3528b117923ae25a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:10 +0200 Subject: [PATCH 130/148] nixos/services.jitsi-videobridge: remove `with lib;` --- .../services/networking/jitsi-videobridge.nix | 71 +++++++++---------- 1 file changed, 34 insertions(+), 37 deletions(-) diff --git a/nixos/modules/services/networking/jitsi-videobridge.nix b/nixos/modules/services/networking/jitsi-videobridge.nix index d73a9f256dfb9..8c468e121299e 100644 --- a/nixos/modules/services/networking/jitsi-videobridge.nix +++ b/nixos/modules/services/networking/jitsi-videobridge.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jitsi-videobridge; - attrsToArgs = a: concatStringsSep " " (mapAttrsToList (k: v: "${k}=${toString v}") a); + attrsToArgs = a: lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "${k}=${toString v}") a); format = pkgs.formats.hocon { }; # We're passing passwords in environment variables that have names generated # from an attribute name, which may not be a valid bash identifier. - toVarName = s: "XMPP_PASSWORD_" + stringAsChars (c: if builtins.match "[A-Za-z0-9]" c != null then c else "_") s; + toVarName = s: "XMPP_PASSWORD_" + lib.stringAsChars (c: if builtins.match "[A-Za-z0-9]" c != null then c else "_") s; defaultJvbConfig = { videobridge = { @@ -25,7 +22,7 @@ let enabled = true; transports = [ { type = "muc"; } ]; }; - apis.xmpp-client.configs = flip mapAttrs cfg.xmppConfigs (name: xmppConfig: { + apis.xmpp-client.configs = lib.flip lib.mapAttrs cfg.xmppConfigs (name: xmppConfig: { hostname = xmppConfig.hostName; domain = xmppConfig.domain; username = xmppConfig.userName; @@ -39,21 +36,21 @@ let }; # Allow overriding leaves of the default config despite types.attrs not doing any merging. - jvbConfig = recursiveUpdate defaultJvbConfig cfg.config; + jvbConfig = lib.recursiveUpdate defaultJvbConfig cfg.config; in { imports = [ - (mkRemovedOptionModule [ "services" "jitsi-videobridge" "apis" ] + (lib.mkRemovedOptionModule [ "services" "jitsi-videobridge" "apis" ] "services.jitsi-videobridge.apis was broken and has been migrated into the boolean option services.jitsi-videobridge.colibriRestApi. It is set to false by default, setting it to true will correctly enable the private /colibri rest API." ) ]; - options.services.jitsi-videobridge = with types; { - enable = mkEnableOption "Jitsi Videobridge, a WebRTC compatible video router"; + options.services.jitsi-videobridge = with lib.types; { + enable = lib.mkEnableOption "Jitsi Videobridge, a WebRTC compatible video router"; - config = mkOption { + config = lib.mkOption { type = attrs; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { videobridge = { ice.udp.port = 5000; @@ -72,14 +69,14 @@ in ''; }; - xmppConfigs = mkOption { + xmppConfigs = lib.mkOption { description = '' XMPP servers to connect to. See for more information. ''; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { "localhost" = { hostName = "localhost"; @@ -92,14 +89,14 @@ in ''; type = attrsOf (submodule ({ name, ... }: { options = { - hostName = mkOption { + hostName = lib.mkOption { type = str; example = "xmpp.example.org"; description = '' Hostname of the XMPP server to connect to. Name of the attribute set is used by default. ''; }; - domain = mkOption { + domain = lib.mkOption { type = nullOr str; default = null; example = "auth.xmpp.example.org"; @@ -107,28 +104,28 @@ in Domain part of JID of the XMPP user, if it is different from hostName. ''; }; - userName = mkOption { + userName = lib.mkOption { type = str; default = "jvb"; description = '' User part of the JID. ''; }; - passwordFile = mkOption { + passwordFile = lib.mkOption { type = str; example = "/run/keys/jitsi-videobridge-xmpp1"; description = '' File containing the password for the user. ''; }; - mucJids = mkOption { + mucJids = lib.mkOption { type = str; example = "jvbbrewery@internal.xmpp.example.org"; description = '' JID of the MUC to join. JiCoFo needs to be configured to join the same MUC. ''; }; - mucNickname = mkOption { + mucNickname = lib.mkOption { # Upstream DEBs use UUID, let's use hostname instead. type = str; description = '' @@ -136,7 +133,7 @@ in nickname (aka resource part of the JID). By default, system hostname is used. ''; }; - disableCertificateVerification = mkOption { + disableCertificateVerification = lib.mkOption { type = bool; default = false; description = '' @@ -145,8 +142,8 @@ in }; }; config = { - hostName = mkDefault name; - mucNickname = mkDefault (builtins.replaceStrings [ "." ] [ "-" ] ( + hostName = lib.mkDefault name; + mucNickname = lib.mkDefault (builtins.replaceStrings [ "." ] [ "-" ] ( config.networking.fqdnOrHostName )); }; @@ -154,7 +151,7 @@ in }; nat = { - localAddress = mkOption { + localAddress = lib.mkOption { type = nullOr str; default = null; example = "192.168.1.42"; @@ -163,7 +160,7 @@ in ''; }; - publicAddress = mkOption { + publicAddress = lib.mkOption { type = nullOr str; default = null; example = "1.2.3.4"; @@ -173,7 +170,7 @@ in }; }; - extraProperties = mkOption { + extraProperties = lib.mkOption { type = attrsOf str; default = { }; description = '' @@ -181,7 +178,7 @@ in ''; }; - openFirewall = mkOption { + openFirewall = lib.mkOption { type = bool; default = false; description = '' @@ -189,7 +186,7 @@ in ''; }; - colibriRestApi = mkOption { + colibriRestApi = lib.mkOption { type = bool; description = '' Whether to enable the private rest API for the COLIBRI control interface. @@ -199,10 +196,10 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.groups.jitsi-meet = {}; - services.jitsi-videobridge.extraProperties = optionalAttrs (cfg.nat.localAddress != null) { + services.jitsi-videobridge.extraProperties = lib.optionalAttrs (cfg.nat.localAddress != null) { "org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS" = cfg.nat.localAddress; "org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS" = cfg.nat.publicAddress; }; @@ -215,7 +212,7 @@ in "-Dconfig.file" = format.generate "jvb.conf" jvbConfig; # Mitigate CVE-2021-44228 "-Dlog4j2.formatMsgNoLookups" = true; - } // (mapAttrs' (k: v: nameValuePair "-D${k}" v) cfg.extraProperties); + } // (lib.mapAttrs' (k: v: lib.nameValuePair "-D${k}" v) cfg.extraProperties); in { aliases = [ "jitsi-videobridge.service" ]; @@ -225,7 +222,7 @@ in environment.JAVA_SYS_PROPS = attrsToArgs jvbProps; - script = (concatStrings (mapAttrsToList (name: xmppConfig: + script = (lib.concatStrings (lib.mapAttrsToList (name: xmppConfig: "export ${toVarName name}=$(cat ${xmppConfig.passwordFile})\n" ) cfg.xmppConfigs)) + '' @@ -262,16 +259,16 @@ in }; environment.etc."jitsi/videobridge/logging.properties".source = - mkDefault "${pkgs.jitsi-videobridge}/etc/jitsi/videobridge/logging.properties-journal"; + lib.mkDefault "${pkgs.jitsi-videobridge}/etc/jitsi/videobridge/logging.properties-journal"; # (from videobridge2 .deb) # this sets the max, so that we can bump the JVB UDP single port buffer size. - boot.kernel.sysctl."net.core.rmem_max" = mkDefault 10485760; - boot.kernel.sysctl."net.core.netdev_max_backlog" = mkDefault 100000; + boot.kernel.sysctl."net.core.rmem_max" = lib.mkDefault 10485760; + boot.kernel.sysctl."net.core.netdev_max_backlog" = lib.mkDefault 100000; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ jvbConfig.videobridge.ice.tcp.port ]; - networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ jvbConfig.videobridge.ice.udp.port ]; assertions = [{ From f3bb24eb64b3ee68f3c3ada08aed084264537133 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 131/148] nixos/services.jotta-cli: remove `with lib;` --- nixos/modules/services/networking/jotta-cli.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/jotta-cli.nix b/nixos/modules/services/networking/jotta-cli.nix index e0fa1ef332fe6..566e7fc503a6d 100644 --- a/nixos/modules/services/networking/jotta-cli.nix +++ b/nixos/modules/services/networking/jotta-cli.nix @@ -1,25 +1,22 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.jotta-cli; in { options = { services.jotta-cli = { - enable = mkEnableOption "Jottacloud Command-line Tool"; + enable = lib.mkEnableOption "Jottacloud Command-line Tool"; - options = mkOption { + options = lib.mkOption { default = [ "stdoutlog" "datadir" "%h/.jottad/" ]; example = [ ]; - type = with types; listOf str; + type = with lib.types; listOf str; description = "Command-line options passed to jottad."; }; package = lib.mkPackageOption pkgs "jotta-cli" { }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.user.services.jottad = { description = "Jottacloud Command-line Tool daemon"; @@ -27,7 +24,7 @@ in { serviceConfig = { Type = "notify"; EnvironmentFile = "-%h/.config/jotta-cli/jotta-cli.env"; - ExecStart = "${lib.getExe' cfg.package "jottad"} ${concatStringsSep " " cfg.options}"; + ExecStart = "${lib.getExe' cfg.package "jottad"} ${lib.concatStringsSep " " cfg.options}"; Restart = "on-failure"; }; From 081c71df4bb5cd5c3cafc811fb20a7ed5f17c8e7 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 132/148] nixos/services.keybase: remove `with lib;` --- nixos/modules/services/networking/keybase.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index 495102cb7eeee..9bb7ad3844a06 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.keybase; - in { ###### interface @@ -11,8 +9,8 @@ in { services.keybase = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to start the Keybase service."; }; @@ -22,7 +20,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/keybase.service systemd.user.services.keybase = { From 0d57426bae16ff62a96338f80a00f869139b5cbc Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 133/148] nixos/services.lambdabot: remove `with lib;` --- nixos/modules/services/networking/lambdabot.nix | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/networking/lambdabot.nix b/nixos/modules/services/networking/lambdabot.nix index a141962f512ff..8c8e5648450c4 100644 --- a/nixos/modules/services/networking/lambdabot.nix +++ b/nixos/modules/services/networking/lambdabot.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.lambdabot; @@ -18,16 +15,16 @@ in services.lambdabot = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable the Lambdabot IRC bot"; }; - package = mkPackageOption pkgs "lambdabot" { }; + package = lib.mkPackageOption pkgs "lambdabot" { }; - script = mkOption { - type = types.str; + script = lib.mkOption { + type = lib.types.str; default = ""; description = "Lambdabot script"; }; @@ -38,7 +35,7 @@ in ### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.lambdabot = { description = "Lambdabot daemon"; From 196a14a174ac6966e8996e03fa89a02bbcd1dd1c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 134/148] nixos/services.lldpd: remove `with lib;` --- nixos/modules/services/networking/lldpd.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/lldpd.nix b/nixos/modules/services/networking/lldpd.nix index d5de9c45d84b7..98a4cff265f14 100644 --- a/nixos/modules/services/networking/lldpd.nix +++ b/nixos/modules/services/networking/lldpd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.lldpd; @@ -9,17 +6,17 @@ in { options.services.lldpd = { - enable = mkEnableOption "Link Layer Discovery Protocol Daemon"; + enable = lib.mkEnableOption "Link Layer Discovery Protocol Daemon"; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-c" "-k" "-I eth0" ]; description = "List of command line parameters for lldpd"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users._lldpd = { description = "lldpd user"; group = "_lldpd"; @@ -33,7 +30,7 @@ in systemd.services.lldpd = { wantedBy = [ "multi-user.target" ]; - environment.LLDPD_OPTIONS = concatStringsSep " " cfg.extraArgs; + environment.LLDPD_OPTIONS = lib.concatStringsSep " " cfg.extraArgs; }; }; } From 2e30f07cc0594f52b4622f773dc8cee264636ecc Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 135/148] nixos/services.logmein-hamachi: remove `with lib;` --- nixos/modules/services/networking/logmein-hamachi.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/networking/logmein-hamachi.nix b/nixos/modules/services/networking/logmein-hamachi.nix index b7d960264d21d..852101f09dffc 100644 --- a/nixos/modules/services/networking/logmein-hamachi.nix +++ b/nixos/modules/services/networking/logmein-hamachi.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.logmein-hamachi; @@ -14,8 +11,8 @@ in options = { - services.logmein-hamachi.enable = mkOption { - type = types.bool; + services.logmein-hamachi.enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable LogMeIn Hamachi, a proprietary @@ -28,7 +25,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.logmein-hamachi = { description = "LogMeIn Hamachi Daemon"; From 252e9bb1e753186d427d94d85aaa1caa3b93551a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 136/148] nixos/services.lxd-image-server: remove `with lib;` --- .../services/networking/lxd-image-server.nix | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/nixos/modules/services/networking/lxd-image-server.nix b/nixos/modules/services/networking/lxd-image-server.nix index 93374a385a90c..4712a3c1b3db9 100644 --- a/nixos/modules/services/networking/lxd-image-server.nix +++ b/nixos/modules/services/networking/lxd-image-server.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.lxd-image-server; format = pkgs.formats.toml {}; @@ -11,16 +8,16 @@ in { options = { services.lxd-image-server = { - enable = mkEnableOption "lxd-image-server"; + enable = lib.mkEnableOption "lxd-image-server"; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; description = "Group assigned to the user and the webroot directory."; default = "nginx"; example = "www-data"; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; description = '' Configuration for lxd-image-server. @@ -31,9 +28,9 @@ in }; nginx = { - enable = mkEnableOption "nginx"; - domain = mkOption { - type = types.str; + enable = lib.mkEnableOption "nginx"; + domain = lib.mkOption { + type = lib.types.str; description = "Domain to use for nginx virtual host."; example = "images.example.org"; }; @@ -41,8 +38,8 @@ in }; }; - config = mkMerge [ - (mkIf (cfg.enable) { + config = lib.mkMerge [ + (lib.mkIf (cfg.enable) { users.users.lxd-image-server = { isSystemUser = true; group = cfg.group; @@ -88,12 +85,12 @@ in }; }) # this is separate so it can be enabled on mirrored hosts - (mkIf (cfg.nginx.enable) { + (lib.mkIf (cfg.nginx.enable) { # https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf services.nginx.virtualHosts = { "${cfg.nginx.domain}" = { forceSSL = true; - enableACME = mkDefault true; + enableACME = lib.mkDefault true; root = location; From 1cd7970bb8d97ba2f2b81ab11f724024174713ef Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:11 +0200 Subject: [PATCH 137/148] nixos/services.matterbridge: remove `with lib;` --- .../services/networking/matterbridge.nix | 31 +++++++++---------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix index 6ba15ba950fbf..74b388d684085 100644 --- a/nixos/modules/services/networking/matterbridge.nix +++ b/nixos/modules/services/networking/matterbridge.nix @@ -1,7 +1,4 @@ { options, config, pkgs, lib, ... }: - -with lib; - let cfg = config.services.matterbridge; @@ -17,12 +14,12 @@ in { options = { services.matterbridge = { - enable = mkEnableOption "Matterbridge chat platform bridge"; + enable = lib.mkEnableOption "Matterbridge chat platform bridge"; - package = mkPackageOption pkgs "matterbridge" { }; + package = lib.mkPackageOption pkgs "matterbridge" { }; - configPath = mkOption { - type = with types; nullOr str; + configPath = lib.mkOption { + type = with lib.types; nullOr str; default = null; example = "/etc/nixos/matterbridge.toml"; description = '' @@ -30,8 +27,8 @@ in ''; }; - configFile = mkOption { - type = types.str; + configFile = lib.mkOption { + type = lib.types.str; example = '' # WARNING: as this file contains credentials, do not use this option! # It is kept only for backwards compatibility, and would cause your @@ -72,16 +69,16 @@ in The matterbridge configuration file in the TOML file format. ''; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "matterbridge"; description = '' User which runs the matterbridge service. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "matterbridge"; description = '' Group which runs the matterbridge service. @@ -90,18 +87,18 @@ in }; }; - config = mkIf cfg.enable { - warnings = optional options.services.matterbridge.configFile.isDefined + config = lib.mkIf cfg.enable { + warnings = lib.optional options.services.matterbridge.configFile.isDefined "The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath"; - users.users = optionalAttrs (cfg.user == "matterbridge") + users.users = lib.optionalAttrs (cfg.user == "matterbridge") { matterbridge = { group = "matterbridge"; isSystemUser = true; }; }; - users.groups = optionalAttrs (cfg.group == "matterbridge") + users.groups = lib.optionalAttrs (cfg.group == "matterbridge") { matterbridge = { }; }; From 91cb7594d018e787b06d504e7ef60eee0cbed138 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 138/148] nixos/boot.initrd.clevis: remove `with lib;` --- nixos/modules/system/boot/clevis.nix | 37 +++++++++++++--------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/nixos/modules/system/boot/clevis.nix b/nixos/modules/system/boot/clevis.nix index ac881e9535767..36328f19e7c65 100644 --- a/nixos/modules/system/boot/clevis.nix +++ b/nixos/modules/system/boot/clevis.nix @@ -1,54 +1,51 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.boot.initrd.clevis; systemd = config.boot.initrd.systemd; supportedFs = [ "zfs" "bcachefs" ]; in { - meta.maintainers = with maintainers; [ julienmalka camillemndn ]; + meta.maintainers = with lib.maintainers; [ julienmalka camillemndn ]; meta.doc = ./clevis.md; options = { - boot.initrd.clevis.enable = mkEnableOption "Clevis in initrd"; + boot.initrd.clevis.enable = lib.mkEnableOption "Clevis in initrd"; - boot.initrd.clevis.package = mkOption { - type = types.package; + boot.initrd.clevis.package = lib.mkOption { + type = lib.types.package; default = pkgs.clevis; defaultText = "pkgs.clevis"; description = "Clevis package"; }; - boot.initrd.clevis.devices = mkOption { + boot.initrd.clevis.devices = lib.mkOption { description = "Encrypted devices that need to be unlocked at boot using Clevis"; default = { }; - type = types.attrsOf (types.submodule ({ - options.secretFile = mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ + options.secretFile = lib.mkOption { description = "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS)."; - type = types.path; + type = lib.types.path; }; })); }; - boot.initrd.clevis.useTang = mkOption { + boot.initrd.clevis.useTang = lib.mkOption { description = "Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin."; default = false; - type = types.bool; + type = lib.types.bool; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Implementation of clevis unlocking for the supported filesystems are located directly in the respective modules. - assertions = (attrValues (mapAttrs + assertions = (lib.attrValues (lib.mapAttrs (device: _: { - assertion = (any (fs: fs.device == device && (elem fs.fsType supportedFs) || (fs.fsType == "zfs" && hasPrefix "${device}/" fs.device)) config.system.build.fileSystems) || (hasAttr device config.boot.initrd.luks.devices); + assertion = (lib.any (fs: fs.device == device && (lib.elem fs.fsType supportedFs) || (fs.fsType == "zfs" && lib.hasPrefix "${device}/" fs.device)) config.system.build.fileSystems) || (lib.hasAttr device config.boot.initrd.luks.devices); message = '' No filesystem or LUKS device with the name ${device} is declared in your configuration.''; }) @@ -61,7 +58,7 @@ in else [ ]; boot.initrd = { - extraUtilsCommands = mkIf (!systemd.enable) '' + extraUtilsCommands = lib.mkIf (!systemd.enable) '' copy_bin_and_libs ${pkgs.jose}/bin/jose copy_bin_and_libs ${pkgs.curl}/bin/curl copy_bin_and_libs ${pkgs.bash}/bin/bash @@ -84,15 +81,15 @@ in sed -i $out/bin/clevis-decrypt-tpm2 -e 's,tpm2_,tpm2 ,' ''; - secrets = lib.mapAttrs' (name: value: nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices; + secrets = lib.mapAttrs' (name: value: lib.nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices; systemd = { - extraBin = mkIf systemd.enable { + extraBin = lib.mkIf systemd.enable { clevis = "${cfg.package}/bin/clevis"; curl = "${pkgs.curl}/bin/curl"; }; - storePaths = mkIf systemd.enable [ + storePaths = lib.mkIf systemd.enable [ cfg.package "${pkgs.jose}/bin/jose" "${pkgs.curl}/bin/curl" From 0a51fdb520065d897bf72d0ec798a7b80f8e287b Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 139/148] nixos/systemd.enableEmergencyMode: remove `with lib;` --- nixos/modules/system/boot/emergency-mode.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/nixos/modules/system/boot/emergency-mode.nix b/nixos/modules/system/boot/emergency-mode.nix index 717ab08f2534d..11195dc13d102 100644 --- a/nixos/modules/system/boot/emergency-mode.nix +++ b/nixos/modules/system/boot/emergency-mode.nix @@ -1,16 +1,13 @@ { config, lib, ... }: - -with lib; - { ###### interface options = { - systemd.enableEmergencyMode = mkOption { + systemd.enableEmergencyMode = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable emergency mode, which is an {command}`sulogin` shell started on the console if @@ -27,7 +24,7 @@ with lib; config = { - systemd.additionalUpstreamSystemUnits = optionals + systemd.additionalUpstreamSystemUnits = lib.optionals config.systemd.enableEmergencyMode [ "emergency.target" "emergency.service" ]; From 2f7c0a170f741ef3fe320fd83124ed5530e549d9 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 140/148] nixos/boot.loader.efi: remove `with lib;` --- nixos/modules/system/boot/loader/efi.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix index 6043c904c4504..2725d3678d523 100644 --- a/nixos/modules/system/boot/loader/efi.nix +++ b/nixos/modules/system/boot/loader/efi.nix @@ -1,19 +1,16 @@ { lib, ... }: - -with lib; - { options.boot.loader.efi = { - canTouchEfiVariables = mkOption { + canTouchEfiVariables = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether the installation process is allowed to modify EFI boot variables."; }; - efiSysMountPoint = mkOption { + efiSysMountPoint = lib.mkOption { default = "/boot"; - type = types.str; + type = lib.types.str; description = "Where the EFI System Partition is mounted."; }; }; From a83ffb43de504535df0f97b9d504b2c120529396 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 141/148] nixos/boot.tmp: remove `with lib;` --- nixos/modules/system/boot/tmp.nix | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/nixos/modules/system/boot/tmp.nix b/nixos/modules/system/boot/tmp.nix index 150f4adaf3ee6..8287fa5f872f4 100644 --- a/nixos/modules/system/boot/tmp.nix +++ b/nixos/modules/system/boot/tmp.nix @@ -1,29 +1,26 @@ { config, lib, ... }: - -with lib; - let cfg = config.boot.tmp; in { imports = [ - (mkRenamedOptionModule [ "boot" "cleanTmpDir" ] [ "boot" "tmp" "cleanOnBoot" ]) - (mkRenamedOptionModule [ "boot" "tmpOnTmpfs" ] [ "boot" "tmp" "useTmpfs" ]) - (mkRenamedOptionModule [ "boot" "tmpOnTmpfsSize" ] [ "boot" "tmp" "tmpfsSize" ]) + (lib.mkRenamedOptionModule [ "boot" "cleanTmpDir" ] [ "boot" "tmp" "cleanOnBoot" ]) + (lib.mkRenamedOptionModule [ "boot" "tmpOnTmpfs" ] [ "boot" "tmp" "useTmpfs" ]) + (lib.mkRenamedOptionModule [ "boot" "tmpOnTmpfsSize" ] [ "boot" "tmp" "tmpfsSize" ]) ]; options = { boot.tmp = { - cleanOnBoot = mkOption { - type = types.bool; + cleanOnBoot = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to delete all files in {file}`/tmp` during boot. ''; }; - tmpfsSize = mkOption { - type = types.oneOf [ types.str types.types.ints.positive ]; + tmpfsSize = lib.mkOption { + type = lib.types.oneOf [ lib.types.str lib.types.ints.positive ]; default = "50%"; description = '' Size of tmpfs in percentage. @@ -31,8 +28,8 @@ in ''; }; - useTmpfs = mkOption { - type = types.bool; + useTmpfs = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to mount a tmpfs on {file}`/tmp` during boot. @@ -48,12 +45,12 @@ in config = { # When changing remember to update /tmp mount in virtualisation/qemu-vm.nix - systemd.mounts = mkIf cfg.useTmpfs [ + systemd.mounts = lib.mkIf cfg.useTmpfs [ { what = "tmpfs"; where = "/tmp"; type = "tmpfs"; - mountConfig.Options = concatStringsSep "," [ + mountConfig.Options = lib.concatStringsSep "," [ "mode=1777" "strictatime" "rw" @@ -64,6 +61,6 @@ in } ]; - systemd.tmpfiles.rules = optional cfg.cleanOnBoot "D! /tmp 1777 root root"; + systemd.tmpfiles.rules = lib.optional cfg.cleanOnBoot "D! /tmp 1777 root root"; }; } From dd7ab59690f5f7f6a13eb49d1cb61fbf63a2b413 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 142/148] nixos/services.nfs: remove `with lib;` --- nixos/modules/tasks/filesystems/nfs.nix | 51 ++++++++++++------------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix index 765f10d33bfe8..a81bec27bce2b 100644 --- a/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixos/modules/tasks/filesystems/nfs.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let inInitrd = config.boot.initrd.supportedFilesystems.nfs or false; @@ -16,15 +13,15 @@ let # merge parameters from services.nfs.server nfsConfSettings = - optionalAttrs (cfg.server.nproc != null) { + lib.optionalAttrs (cfg.server.nproc != null) { nfsd.threads = cfg.server.nproc; - } // optionalAttrs (cfg.server.hostName != null) { + } // lib.optionalAttrs (cfg.server.hostName != null) { nfsd.host= cfg.hostName; - } // optionalAttrs (cfg.server.mountdPort != null) { + } // lib.optionalAttrs (cfg.server.mountdPort != null) { mountd.port = cfg.server.mountdPort; - } // optionalAttrs (cfg.server.statdPort != null) { + } // lib.optionalAttrs (cfg.server.statdPort != null) { statd.port = cfg.server.statdPort; - } // optionalAttrs (cfg.server.lockdPort != null) { + } // lib.optionalAttrs (cfg.server.lockdPort != null) { lockd.port = cfg.server.lockdPort; lockd.udp-port = cfg.server.lockdPort; }; @@ -32,17 +29,17 @@ let nfsConfDeprecated = cfg.extraConfig + '' [nfsd] threads=${toString cfg.server.nproc} - ${optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} + ${lib.optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} ${cfg.server.extraNfsdConfig} [mountd] - ${optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} + ${lib.optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} [statd] - ${optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} + ${lib.optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} [lockd] - ${optionalString (cfg.server.lockdPort != null) '' + ${lib.optionalString (cfg.server.lockdPort != null) '' port=${toString cfg.server.lockdPort} udp-port=${toString cfg.server.lockdPort} ''} @@ -50,7 +47,7 @@ let nfsConfFile = if cfg.settings != {} - then format.generate "nfs.conf" (recursiveUpdate nfsConfSettings cfg.settings) + then format.generate "nfs.conf" (lib.recursiveUpdate nfsConfSettings cfg.settings) else pkgs.writeText "nfs.conf" nfsConfDeprecated; requestKeyConfFile = pkgs.writeText "request-key.conf" '' @@ -66,7 +63,7 @@ in options = { services.nfs = { - idmapd.settings = mkOption { + idmapd.settings = lib.mkOption { type = format.type; default = {}; description = '' @@ -74,7 +71,7 @@ in for details. ''; - example = literalExpression '' + example = lib.literalExpression '' { Translation = { GSS-Methods = "static,nsswitch"; @@ -85,21 +82,21 @@ in } ''; }; - settings = mkOption { + settings = lib.mkOption { type = format.type; default = {}; description = '' General configuration for NFS daemons and tools. See nfs.conf(5) and related man pages for details. ''; - example = literalExpression '' + example = lib.literalExpression '' { mountd.manage-gids = true; } ''; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = '' Extra nfs-utils configuration. @@ -110,12 +107,12 @@ in ###### implementation - config = mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { + config = lib.mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { warnings = - (optional (cfg.extraConfig != "") '' + (lib.optional (cfg.extraConfig != "") '' `services.nfs.extraConfig` is deprecated. Use `services.nfs.settings` instead. - '') ++ (optional (cfg.server.extraNfsdConfig != "") '' + '') ++ (lib.optional (cfg.server.extraNfsdConfig != "") '' `services.nfs.server.extraNfsdConfig` is deprecated. Use `services.nfs.settings` instead. ''); assertions = [{ @@ -126,9 +123,9 @@ in services.rpcbind.enable = true; services.nfs.idmapd.settings = { - General = mkMerge [ + General = lib.mkMerge [ { Pipefs-Directory = rpcMountpoint; } - (mkIf (config.networking.domain != null) { Domain = config.networking.domain; }) + (lib.mkIf (config.networking.domain != null) { Domain = config.networking.domain; }) ]; Mapping = { Nobody-User = "nobody"; @@ -141,7 +138,7 @@ in system.fsPackages = [ pkgs.nfs-utils ]; - boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ]; + boot.initrd.kernelModules = lib.mkIf inInitrd [ "nfs" ]; systemd.packages = [ pkgs.nfs-utils ]; @@ -167,12 +164,12 @@ in systemd.services.nfs-mountd = { restartTriggers = [ nfsConfFile ]; - enable = mkDefault false; + enable = lib.mkDefault false; }; systemd.services.nfs-server = { restartTriggers = [ nfsConfFile ]; - enable = mkDefault false; + enable = lib.mkDefault false; }; systemd.services.auth-rpcgss-module = From 3cd35f78308fc2276873aad28f1c1f63f7a2ed9a Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 143/148] nixos/virtualisation.docker.rootless: remove `with lib;` --- .../virtualisation/docker-rootless.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/virtualisation/docker-rootless.nix b/nixos/modules/virtualisation/docker-rootless.nix index bad9136afd298..15b9f16eefefc 100644 --- a/nixos/modules/virtualisation/docker-rootless.nix +++ b/nixos/modules/virtualisation/docker-rootless.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.docker.rootless; @@ -15,8 +12,8 @@ in ###### interface options.virtualisation.docker.rootless = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' This option enables docker in a rootless mode, a daemon that manages @@ -25,8 +22,8 @@ in ''; }; - setSocketVariable = mkOption { - type = types.bool; + setSocketVariable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Point {command}`DOCKER_HOST` to rootless Docker instance for @@ -34,7 +31,7 @@ in ''; }; - daemon.settings = mkOption { + daemon.settings = lib.mkOption { type = settingsFormat.type; default = { }; example = { @@ -47,15 +44,15 @@ in ''; }; - package = mkPackageOption pkgs "docker" { }; + package = lib.mkPackageOption pkgs "docker" { }; }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; - environment.extraInit = optionalString cfg.setSocketVariable '' + environment.extraInit = lib.optionalString cfg.setSocketVariable '' if [ -z "$DOCKER_HOST" -a -n "$XDG_RUNTIME_DIR" ]; then export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" fi From 49fe5ca12cf77e40959a898772a4a9275e47263c Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:12 +0200 Subject: [PATCH 144/148] nixos/virtualisation.virtualbox.guest: remove `with lib;` --- .../virtualisation/virtualbox-guest.nix | 30 ++++++++----------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index b4933cffa2c0c..31222d553a345 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -1,9 +1,5 @@ # Module for VirtualBox guests. - { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.virtualbox.guest; kernel = config.boot.kernelPackages; @@ -32,38 +28,38 @@ let in { imports = [ - (mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ]) + (lib.mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ]) ]; options.virtualisation.virtualbox.guest = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether to enable the VirtualBox service and other guest additions."; }; - clipboard = mkOption { + clipboard = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable clipboard support."; }; - seamless = mkOption { + seamless = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable seamless mode. When activated windows from the guest appear next to the windows of the host."; }; - dragAndDrop = mkOption { + dragAndDrop = lib.mkOption { default = true; - type = types.bool; + type = lib.types.bool; description = "Whether to enable drag and drop support."; }; }; ###### implementation - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { assertions = [{ assertion = pkgs.stdenv.hostPlatform.isx86; @@ -104,17 +100,17 @@ in systemd.user.services.virtualboxClientVmsvga = mkVirtualBoxUserService "--vmsvga-session"; } ( - mkIf cfg.clipboard { + lib.mkIf cfg.clipboard { systemd.user.services.virtualboxClientClipboard = mkVirtualBoxUserService "--clipboard"; } ) ( - mkIf cfg.seamless { + lib.mkIf cfg.seamless { systemd.user.services.virtualboxClientSeamless = mkVirtualBoxUserService "--seamless"; } ) ( - mkIf cfg.dragAndDrop { + lib.mkIf cfg.dragAndDrop { systemd.user.services.virtualboxClientDragAndDrop = mkVirtualBoxUserService "--draganddrop"; } ) From 217557441c37a026d23bbf4466bdd30d52d1b5d1 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:13 +0200 Subject: [PATCH 145/148] nixos/virtualisation.virtualbox.host: remove `with lib;` --- .../virtualisation/virtualbox-host.nix | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index 4808652a542ad..8820b4ff5a837 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.virtualbox.host; @@ -18,7 +15,7 @@ in { options.virtualisation.virtualbox.host = { - enable = mkEnableOption "VirtualBox" // { + enable = lib.mkEnableOption "VirtualBox" // { description = '' Whether to enable VirtualBox. @@ -29,7 +26,7 @@ in ''; }; - enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { + enableExtensionPack = lib.mkEnableOption "VirtualBox extension pack" // { description = '' Whether to install the Oracle Extension Pack for VirtualBox. @@ -40,18 +37,18 @@ in ''; }; - package = mkPackageOption pkgs "virtualbox" { }; + package = lib.mkPackageOption pkgs "virtualbox" { }; - addNetworkInterface = mkOption { - type = types.bool; + addNetworkInterface = lib.mkOption { + type = lib.types.bool; default = true; description = '' Automatically set up a vboxnet0 host-only network interface. ''; }; - enableHardening = mkOption { - type = types.bool; + enableHardening = lib.mkOption { + type = lib.types.bool; default = true; description = '' Enable hardened VirtualBox, which ensures that only the binaries in the @@ -65,8 +62,8 @@ in ''; }; - headless = mkOption { - type = types.bool; + headless = lib.mkOption { + type = lib.types.bool; default = false; description = '' Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers @@ -74,16 +71,16 @@ in ''; }; - enableWebService = mkOption { - type = types.bool; + enableWebService = lib.mkOption { + type = lib.types.bool; default = false; description = '' Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers. ''; }; - enableKvm = mkOption { - type = types.bool; + enableKvm = lib.mkOption { + type = lib.types.bool; default = false; description = '' Enable KVM support for VirtualBox. This increases compatibility with Linux kernel versions, because the VirtualBox kernel modules @@ -96,8 +93,8 @@ in }; }; - config = mkIf cfg.enable (mkMerge [{ - warnings = mkIf (pkgs.config.virtualbox.enableExtensionPack or false) + config = lib.mkIf cfg.enable (lib.mkMerge [{ + warnings = lib.mkIf (pkgs.config.virtualbox.enableExtensionPack or false) ["'nixpkgs.virtualbox.enableExtensionPack' has no effect, please use 'virtualisation.virtualbox.host.enableExtensionPack'"]; environment.systemPackages = [ virtualbox ]; @@ -118,7 +115,7 @@ in "VBoxSDL" "VirtualBoxVM" ]); - in mkIf cfg.enableHardening + in lib.mkIf cfg.enableHardening (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables)); users.groups.vboxusers.gid = config.ids.gids.vboxusers; @@ -130,14 +127,14 @@ in SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" ''; - } (mkIf cfg.enableKvm { + } (lib.mkIf cfg.enableKvm { assertions = [ { assertion = !cfg.addNetworkInterface; message = "VirtualBox KVM only supports standard NAT networking for VMs. Please turn off virtualisation.virtualbox.host.addNetworkInterface."; } ]; - }) (mkIf (!cfg.enableKvm) { + }) (lib.mkIf (!cfg.enableKvm) { boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ]; boot.extraModulePackages = [ kernelModules ]; @@ -149,7 +146,7 @@ in ''; # Since we lack the right setuid/setcap binaries, set up a host-only network by default. - }) (mkIf cfg.addNetworkInterface { + }) (lib.mkIf cfg.addNetworkInterface { systemd.services.vboxnet0 = { description = "VirtualBox vboxnet0 Interface"; requires = [ "dev-vboxnetctl.device" ]; @@ -177,7 +174,7 @@ in # Make sure NetworkManager won't assume this interface being up # means we have internet access. networking.networkmanager.unmanaged = ["vboxnet0"]; - }) (mkIf config.networking.useNetworkd { + }) (lib.mkIf config.networking.useNetworkd { systemd.network.networks."40-vboxnet0".extraConfig = '' [Link] RequiredForOnline=no From 7d7e294262b585b33737d6565aa4a08bf4c093a8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:13 +0200 Subject: [PATCH 146/148] nixos/virtualbox-image: remove `with lib;` --- .../virtualisation/virtualbox-image.nix | 71 +++++++++---------- 1 file changed, 34 insertions(+), 37 deletions(-) diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 1c8b9b99c01ca..4ab5d17ecd495 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualbox; @@ -10,51 +7,51 @@ in { options = { virtualbox = { - baseImageSize = mkOption { - type = with types; either (enum [ "auto" ]) int; + baseImageSize = lib.mkOption { + type = with lib.types; either (enum [ "auto" ]) int; default = "auto"; example = 50 * 1024; description = '' The size of the VirtualBox base image in MiB. ''; }; - baseImageFreeSpace = mkOption { - type = with types; int; + baseImageFreeSpace = lib.mkOption { + type = with lib.types; int; default = 30 * 1024; description = '' Free space in the VirtualBox base image in MiB. ''; }; - memorySize = mkOption { - type = types.int; + memorySize = lib.mkOption { + type = lib.types.int; default = 1536; description = '' The amount of RAM the VirtualBox appliance can use in MiB. ''; }; - vmDerivationName = mkOption { - type = types.str; + vmDerivationName = lib.mkOption { + type = lib.types.str; default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; description = '' The name of the derivation for the VirtualBox appliance. ''; }; - vmName = mkOption { - type = types.str; + vmName = lib.mkOption { + type = lib.types.str; default = "${config.system.nixos.distroName} ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})"; description = '' The name of the VirtualBox appliance. ''; }; - vmFileName = mkOption { - type = types.str; + vmFileName = lib.mkOption { + type = lib.types.str; default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.ova"; description = '' The file name of the VirtualBox appliance. ''; }; - params = mkOption { - type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + params = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool (listOf str) ]); example = { audio = "alsa"; rtcuseutc = "on"; @@ -66,8 +63,8 @@ in { Run `VBoxManage modifyvm --help` to see more options. ''; }; - exportParams = mkOption { - type = with types; listOf (oneOf [ str int bool (listOf str) ]); + exportParams = lib.mkOption { + type = with lib.types; listOf (oneOf [ str int bool (listOf str) ]); example = [ "--vsys" "0" "--vendor" "ACME Inc." ]; @@ -78,7 +75,7 @@ in { Run `VBoxManage export --help` to see more options. ''; }; - extraDisk = mkOption { + extraDisk = lib.mkOption { description = '' Optional extra disk/hdd configuration. The disk will be an 'ext4' partition on a separate file. @@ -89,26 +86,26 @@ in { mountPoint = "/home/demo/storage"; size = 100 * 1024; }; - type = types.nullOr (types.submodule { + type = lib.types.nullOr (lib.types.submodule { options = { - size = mkOption { - type = types.int; + size = lib.mkOption { + type = lib.types.int; description = "Size in MiB"; }; - label = mkOption { - type = types.str; + label = lib.mkOption { + type = lib.types.str; default = "vm-extra-storage"; description = "Label for the disk partition"; }; - mountPoint = mkOption { - type = types.str; + mountPoint = lib.mkOption { + type = lib.types.str; description = "Path where to mount this disk."; }; }; }); }; - postExportCommands = mkOption { - type = types.lines; + postExportCommands = lib.mkOption { + type = lib.types.lines; default = ""; example = '' ${pkgs.cot}/bin/cot edit-hardware "$fn" \ @@ -124,8 +121,8 @@ in { Extra commands to run after exporting the OVA to `$fn`. ''; }; - storageController = mkOption { - type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + storageController = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ str int bool (listOf str) ]); example = { name = "SCSI"; add = "scsi"; @@ -152,8 +149,8 @@ in { config = { - virtualbox.params = mkMerge [ - (mapAttrs (name: mkDefault) { + virtualbox.params = lib.mkMerge [ + (lib.mapAttrs (name: lib.mkDefault) { acpi = "on"; vram = 32; nictype1 = "virtio"; @@ -167,7 +164,7 @@ in { usbehci = "on"; mouse = "usbtablet"; }) - (mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) + (lib.mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) ]; system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix { @@ -186,7 +183,7 @@ in { echo "converting image to VirtualBox format..." VBoxManage convertfromraw $diskImage disk.vdi - ${optionalString (cfg.extraDisk != null) '' + ${lib.optionalString (cfg.extraDisk != null) '' echo "creating extra disk: data-disk.raw" dataDiskImage=data-disk.raw truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage @@ -210,7 +207,7 @@ in { VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController} VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \ --medium disk.vdi - ${optionalString (cfg.extraDisk != null) '' + ${lib.optionalString (cfg.extraDisk != null) '' VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \ --medium data-disk.vdi ''} @@ -218,7 +215,7 @@ in { echo "exporting VirtualBox VM..." mkdir -p $out fn="$out/${cfg.vmFileName}" - VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams} + VBoxManage export "$vmName" --output "$fn" --options manifest ${lib.escapeShellArgs cfg.exportParams} ${cfg.postExportCommands} rm -v $diskImage From f1dfc8d3636dfbde5b54a4c729eb41f221171cc7 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Wed, 28 Aug 2024 21:19:13 +0200 Subject: [PATCH 147/148] nixos/virtualisation.vmware.guest: remove `with lib;` --- nixos/modules/virtualisation/vmware-guest.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix index be706efcea3a2..c80181f287b32 100644 --- a/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.virtualisation.vmware.guest; open-vm-tools = if cfg.headless then pkgs.open-vm-tools-headless else pkgs.open-vm-tools; @@ -9,20 +6,20 @@ let in { imports = [ - (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) + (lib.mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) ]; options.virtualisation.vmware.guest = { - enable = mkEnableOption "VMWare Guest Support"; - headless = mkOption { - type = types.bool; + enable = lib.mkEnableOption "VMWare Guest Support"; + headless = lib.mkOption { + type = lib.types.bool; default = !config.services.xserver.enable; defaultText = "!config.services.xserver.enable"; description = "Whether to disable X11-related features."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64; message = "VMWare guest is not currently supported on ${pkgs.stdenv.hostPlatform.system}"; @@ -42,7 +39,7 @@ in }; # Mount the vmblock for drag-and-drop and copy-and-paste. - systemd.mounts = mkIf (!cfg.headless) [ + systemd.mounts = lib.mkIf (!cfg.headless) [ { description = "VMware vmblock fuse mount"; documentation = [ "https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/vmblock-fuse/design.txt" ]; @@ -55,7 +52,7 @@ in } ]; - security.wrappers.vmware-user-suid-wrapper = mkIf (!cfg.headless) { + security.wrappers.vmware-user-suid-wrapper = lib.mkIf (!cfg.headless) { setuid = true; owner = "root"; group = "root"; @@ -64,7 +61,7 @@ in environment.etc.vmware-tools.source = "${open-vm-tools}/etc/vmware-tools/*"; - services.xserver = mkIf (!cfg.headless) { + services.xserver = lib.mkIf (!cfg.headless) { modules = lib.optionals pkgs.stdenv.hostPlatform.isx86 [ xf86inputvmmouse ]; config = lib.optionalString (pkgs.stdenv.hostPlatform.isx86) '' From b4b8ef5bb6f1d8b31aedf33b0962fd31fc2e09a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 15 Sep 2024 11:02:11 +0200 Subject: [PATCH 148/148] nixos/network-filesystems/samba: fix eval --- nixos/modules/services/network-filesystems/samba.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 457a68d32973b..8df25e6373cab 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -3,7 +3,7 @@ let cfg = config.services.samba; settingsFormat = pkgs.formats.ini { - listToValue = lib.concatMapStringsSep " " (generators.mkValueStringDefault { }); + listToValue = lib.concatMapStringsSep " " (lib.generators.mkValueStringDefault { }); }; # Ensure the global section is always first globalConfigFile = settingsFormat.generate "smb-global.conf" { global = cfg.settings.global; };