summaryrefslogtreecommitdiff
path: root/modules/programs
diff options
context:
space:
mode:
authorQuentin Smith <quentin@mit.edu>2023-07-19 17:04:42 -0400
committerQuentin Smith <quentin@mit.edu>2023-07-19 17:04:42 -0400
commitf1a206c96072eed14ca26ae45c1a858099b492a8 (patch)
treece49a3f5cd788e78c98e54c91e9b0099632b5a0c /modules/programs
parentbc776e4940106a2578998dd3117a76d62ec0a8cc (diff)
parent61662a63bfe1726588c1da6b412df86d8ca94d63 (diff)
Merge remote-tracking branch 'origin/master' into fonts
Diffstat (limited to 'modules/programs')
-rw-r--r--modules/programs/bash/default.nix13
-rw-r--r--modules/programs/fish.nix28
-rw-r--r--modules/programs/gnupg.nix4
-rw-r--r--modules/programs/info/default.nix2
-rw-r--r--modules/programs/man.nix6
-rw-r--r--modules/programs/nix-index/default.nix4
-rw-r--r--modules/programs/ssh/default.nix77
-rw-r--r--modules/programs/tmux.nix16
-rw-r--r--modules/programs/vim.nix10
-rw-r--r--modules/programs/zsh/default.nix35
10 files changed, 113 insertions, 82 deletions
diff --git a/modules/programs/bash/default.nix b/modules/programs/bash/default.nix
index 6ebd923..d5d8004 100644
--- a/modules/programs/bash/default.nix
+++ b/modules/programs/bash/default.nix
@@ -12,19 +12,19 @@ in
programs.bash.enable = mkOption {
type = types.bool;
default = true;
- description = "Whether to configure bash as an interactive shell.";
+ description = lib.mdDoc "Whether to configure bash as an interactive shell.";
};
programs.bash.interactiveShellInit = mkOption {
default = "";
- description = "Shell script code called during interactive bash shell initialisation.";
+ description = lib.mdDoc "Shell script code called during interactive bash shell initialisation.";
type = types.lines;
};
programs.bash.enableCompletion = mkOption {
type = types.bool;
default = false;
- description = ''
+ description = lib.mdDoc ''
Enable bash completion for all interactive bash shells.
NOTE. This doesn't work with bash 3.2, which is the default on macOS.
@@ -96,9 +96,10 @@ in
'';
environment.etc."bashrc".knownSha256Hashes = [
- "444c716ac2ccd9e1e3347858cb08a00d2ea38e8c12fdc5798380dc261e32e9ef"
- "617b39e36fa69270ddbee19ddc072497dbe7ead840cbd442d9f7c22924f116f4" # nix installer
- "6be16cf7c24a3c6f7ae535c913347a3be39508b3426f5ecd413e636e21031e66" # nix installer
+ "444c716ac2ccd9e1e3347858cb08a00d2ea38e8c12fdc5798380dc261e32e9ef" # macOS
+ "617b39e36fa69270ddbee19ddc072497dbe7ead840cbd442d9f7c22924f116f4" # official Nix installer
+ "6be16cf7c24a3c6f7ae535c913347a3be39508b3426f5ecd413e636e21031e66" # official Nix installer
+ "08ffbf991a9e25839d38b80a0d3bce3b5a6c84b9be53a4b68949df4e7e487bb7" # DeterminateSystems installer
];
};
diff --git a/modules/programs/fish.nix b/modules/programs/fish.nix
index 7a1ba10..434449f 100644
--- a/modules/programs/fish.nix
+++ b/modules/programs/fish.nix
@@ -51,7 +51,7 @@ in
enable = mkOption {
default = false;
- description = ''
+ description = lib.mdDoc ''
Whether to configure fish as an interactive shell.
'';
type = types.bool;
@@ -60,15 +60,15 @@ in
useBabelfish = mkOption {
type = types.bool;
default = false;
- description = ''
- If enabled, the configured environment will be translated to native fish using <link xlink:href="https://github.com/bouk/babelfish">babelfish</link>.
- Otherwise, <link xlink:href="https://github.com/oh-my-fish/plugin-foreign-env">foreign-env</link> will be used.
+ description = lib.mdDoc ''
+ If enabled, the configured environment will be translated to native fish using [babelfish](https://github.com/bouk/babelfish).
+ Otherwise, [foreign-env](https://github.com/oh-my-fish/plugin-foreign-env) will be used.
'';
};
babelfishPackage = mkOption {
type = types.package;
- description = ''
+ description = lib.mdDoc ''
The babelfish package to use when useBabelfish is
set to true.
'';
@@ -77,7 +77,7 @@ in
vendor.config.enable = mkOption {
type = types.bool;
default = true;
- description = ''
+ description = lib.mdDoc ''
Whether fish should source configuration snippets provided by other packages.
'';
};
@@ -85,7 +85,7 @@ in
vendor.completions.enable = mkOption {
type = types.bool;
default = true;
- description = ''
+ description = lib.mdDoc ''
Whether fish should use completion files provided by other packages.
'';
};
@@ -93,15 +93,15 @@ in
vendor.functions.enable = mkOption {
type = types.bool;
default = true;
- description = ''
+ description = lib.mdDoc ''
Whether fish should autoload fish functions provided by other packages.
'';
};
shellAliases = mkOption {
default = config.environment.shellAliases;
- description = ''
- Set of aliases for fish shell. See <option>environment.shellAliases</option>
+ description = lib.mdDoc ''
+ Set of aliases for fish shell. See {option}`environment.shellAliases`
for an option format description.
'';
type = types.attrs;
@@ -109,7 +109,7 @@ in
shellInit = mkOption {
default = "";
- description = ''
+ description = lib.mdDoc ''
Shell script code called during fish shell initialisation.
'';
type = types.lines;
@@ -117,7 +117,7 @@ in
loginShellInit = mkOption {
default = "";
- description = ''
+ description = lib.mdDoc ''
Shell script code called during fish login shell initialisation.
'';
type = types.lines;
@@ -125,7 +125,7 @@ in
interactiveShellInit = mkOption {
default = "";
- description = ''
+ description = lib.mdDoc ''
Shell script code called during interactive fish shell initialisation.
'';
type = types.lines;
@@ -133,7 +133,7 @@ in
promptInit = mkOption {
default = "";
- description = ''
+ description = lib.mdDoc ''
Shell script code used to initialise fish prompt.
'';
type = types.lines;
diff --git a/modules/programs/gnupg.nix b/modules/programs/gnupg.nix
index 4c451ec..bd2f96c 100644
--- a/modules/programs/gnupg.nix
+++ b/modules/programs/gnupg.nix
@@ -13,7 +13,7 @@ in
agent.enable = mkOption {
type = types.bool;
default = false;
- description = ''
+ description = lib.mdDoc ''
Enables GnuPG agent for every user session.
'';
};
@@ -21,7 +21,7 @@ in
agent.enableSSHSupport = mkOption {
type = types.bool;
default = false;
- description = ''
+ description = lib.mdDoc ''
Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK
environment variable correctly.
'';
diff --git a/modules/programs/info/default.nix b/modules/programs/info/default.nix
index de4baa4..93aaf7c 100644
--- a/modules/programs/info/default.nix
+++ b/modules/programs/info/default.nix
@@ -11,7 +11,7 @@ in
programs.info.enable = mkOption {
type = types.bool;
default = true;
- description = "Whether to enable info pages and the <command>info</command> command.";
+ description = lib.mdDoc "Whether to enable info pages and the {command}`info` command.";
};
};
diff --git a/modules/programs/man.nix b/modules/programs/man.nix
index 949e393..fd0e018 100644
--- a/modules/programs/man.nix
+++ b/modules/programs/man.nix
@@ -8,9 +8,9 @@ with lib;
programs.man.enable = mkOption {
type = types.bool;
default = true;
- description = ''
- Whether to enable manual pages and the <command>man</command> command.
- This also includes "man" outputs of all <literal>systemPackages</literal>.
+ description = lib.mdDoc ''
+ Whether to enable manual pages and the {command}`man` command.
+ This also includes "man" outputs of all `systemPackages`.
'';
};
diff --git a/modules/programs/nix-index/default.nix b/modules/programs/nix-index/default.nix
index b6f86f5..0685346 100644
--- a/modules/programs/nix-index/default.nix
+++ b/modules/programs/nix-index/default.nix
@@ -11,14 +11,14 @@ in
programs.nix-index.enable = mkOption {
type = types.bool;
default = false;
- description = "Whether to enable nix-index and its command-not-found helper.";
+ description = lib.mdDoc "Whether to enable nix-index and its command-not-found helper.";
};
programs.nix-index.package = mkOption {
type = types.package;
default = pkgs.nix-index;
defaultText = "pkgs.nix-index";
- description = "This option specifies the nix-index package to use.";
+ description = lib.mdDoc "This option specifies the nix-index package to use.";
};
};
diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix
index f1dde9a..87978e6 100644
--- a/modules/programs/ssh/default.nix
+++ b/modules/programs/ssh/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
with lib;
@@ -14,7 +14,7 @@ let
hostNames = mkOption {
type = types.listOf types.str;
default = [];
- description = ''
+ description = lib.mdDoc ''
A list of host names and/or IP numbers used for accessing
the host's ssh service.
'';
@@ -23,9 +23,9 @@ let
default = null;
type = types.nullOr types.str;
example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
- description = ''
+ description = lib.mdDoc ''
The public key data for the host. You can fetch a public key
- from a running SSH server with the <command>ssh-keyscan</command>
+ from a running SSH server with the {command}`ssh-keyscan`
command. The public key should not include any host names, only
the key type and the key itself.
'';
@@ -33,13 +33,13 @@ let
publicKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
- description = ''
+ description = lib.mdDoc ''
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
- with the <command>ssh-keyscan</command> command. The content
+ with the {command}`ssh-keyscan` command. The content
of the file should follow the same format as described for
- the <literal>publicKey</literal> option.
+ the `publicKey` option.
'';
};
};
@@ -54,13 +54,13 @@ let
keys = mkOption {
type = types.listOf types.str;
default = [];
- description = ''
+ description = lib.mdDoc ''
A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys. The keys are added to a file that the SSH
daemon reads in addition to the the user's authorized_keys file.
- You can combine the <literal>keys</literal> and
- <literal>keyFiles</literal> options.
- Warning: If you are using <literal>NixOps</literal> then don't use this
+ You can combine the `keys` and
+ `keyFiles` options.
+ Warning: If you are using `NixOps` then don't use this
option since it will replace the key required for deployment via ssh.
'';
};
@@ -68,17 +68,18 @@ let
keyFiles = mkOption {
type = types.listOf types.path;
default = [];
- description = ''
+ description = lib.mdDoc ''
A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys. The contents of the files are
read at build time and added to a file that the SSH daemon reads in
addition to the the user's authorized_keys file. You can combine the
- <literal>keyFiles</literal> and <literal>keys</literal> options.
+ `keyFiles` and `keys` options.
'';
};
};
};
+
authKeysFiles = let
mkAuthKeyFile = u: nameValuePair "ssh/authorized_keys.d/${u.name}" {
copy = true;
@@ -91,26 +92,37 @@ let
length u.openssh.authorizedKeys.keys != 0 || length u.openssh.authorizedKeys.keyFiles != 0
));
in listToAttrs (map mkAuthKeyFile usersWithKeys);
- authKeysConfiguration =
- {
- "ssh/sshd_config.d/101-authorized-keys.conf" = {
- copy = true;
- text = "AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u\n";
- };
- };
+
+ oldAuthorizedKeysHash = "5a5dc1e20e8abc162ad1cc0259bfd1dbb77981013d87625f97d9bd215175fc0a";
in
{
options = {
-
+
users.users = mkOption {
type = with types; attrsOf (submodule userOptions);
};
+ services.openssh.authorizedKeysFiles = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = lib.mdDoc ''
+ Specify the rules for which files to read on the host.
+
+ This is an advanced option. If you're looking to configure user
+ keys, you can generally use [](#opt-users.users._name_.openssh.authorizedKeys.keys)
+ or [](#opt-users.users._name_.openssh.authorizedKeys.keyFiles).
+
+ These are paths relative to the host root file system or home
+ directories and they are subject to certain token expansion rules.
+ See AuthorizedKeysFile in man sshd_config for details.
+ '';
+ };
+
programs.ssh.knownHosts = mkOption {
default = {};
type = types.attrsOf (types.submodule host);
- description = ''
+ description = lib.mdDoc ''
The set of system-wide known SSH hosts.
'';
example = literalExpression ''
@@ -135,13 +147,30 @@ in
(data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
-
- environment.etc = authKeysFiles // authKeysConfiguration //
+
+ services.openssh.authorizedKeysFiles = [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
+
+ environment.etc = authKeysFiles //
{ "ssh/ssh_known_hosts".text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
+
+ "ssh/sshd_config.d/101-authorized-keys.conf" = {
+ text = "AuthorizedKeysFile ${toString config.services.openssh.authorizedKeysFiles}\n";
+ # Allows us to automatically migrate from using a file to a symlink
+ knownSha256Hashes = [ oldAuthorizedKeysHash ];
+ };
};
+
+ # Clean up .before-nix-darwin file left over from using knownSha256Hashes
+ system.activationScripts.etc.text = ''
+ auth_keys_orig=/etc/ssh/sshd_config.d/101-authorized-keys.conf.before-nix-darwin
+
+ if [ -e "$auth_keys_orig" ] && [ "$(shasum -a 256 $auth_keys_orig | cut -d ' ' -f 1)" = "${oldAuthorizedKeysHash}" ]; then
+ rm "$auth_keys_orig"
+ fi
+ '';
};
}
diff --git a/modules/programs/tmux.nix b/modules/programs/tmux.nix
index 04dce29..7278479 100644
--- a/modules/programs/tmux.nix
+++ b/modules/programs/tmux.nix
@@ -46,47 +46,47 @@ in
programs.tmux.enable = mkOption {
type = types.bool;
default = false;
- description = "Whether to configure tmux.";
+ description = lib.mdDoc "Whether to configure tmux.";
};
programs.tmux.enableSensible = mkOption {
type = types.bool;
default = false;
example = true;
- description = "Enable sensible configuration options for tmux.";
+ description = lib.mdDoc "Enable sensible configuration options for tmux.";
};
programs.tmux.enableMouse = mkOption {
type = types.bool;
default = false;
example = true;
- description = "Enable mouse support for tmux.";
+ description = lib.mdDoc "Enable mouse support for tmux.";
};
programs.tmux.enableFzf = mkOption {
type = types.bool;
default = false;
example = true;
- description = "Enable fzf keybindings for selecting tmux sessions and panes.";
+ description = lib.mdDoc "Enable fzf keybindings for selecting tmux sessions and panes.";
};
programs.tmux.enableVim = mkOption {
type = types.bool;
default = false;
example = true;
- description = "Enable vim style keybindings for copy mode, and navigation of tmux panes.";
+ description = lib.mdDoc "Enable vim style keybindings for copy mode, and navigation of tmux panes.";
};
programs.tmux.iTerm2 = mkOption {
type = types.bool;
default = false;
example = true;
- description = "Cater to iTerm2 and its tmux integration, as appropriate.";
+ description = lib.mdDoc "Cater to iTerm2 and its tmux integration, as appropriate.";
};
programs.tmux.defaultCommand = mkOption {
type = types.either types.str types.package;
- description = "The default command to use for tmux panes.";
+ description = lib.mdDoc "The default command to use for tmux panes.";
};
programs.tmux.tmuxOptions = mkOption {
@@ -98,7 +98,7 @@ in
programs.tmux.extraConfig = mkOption {
type = types.lines;
default = "";
- description = "Extra configuration to add to <filename>tmux.conf</filename>.";
+ description = lib.mdDoc "Extra configuration to add to {file}`tmux.conf`.";
};
};
diff --git a/modules/programs/vim.nix b/modules/programs/vim.nix
index 345532e..d51d0ac 100644
--- a/modules/programs/vim.nix
+++ b/modules/programs/vim.nix
@@ -18,14 +18,14 @@ in
programs.vim.enable = mkOption {
type = types.bool;
default = false;
- description = "Whether to configure vim.";
+ description = lib.mdDoc "Whether to configure vim.";
};
programs.vim.enableSensible = mkOption {
type = types.bool;
default = false;
example = true;
- description = "Enable sensible configuration options for vim.";
+ description = lib.mdDoc "Enable sensible configuration options for vim.";
};
programs.vim.extraKnownPlugins = mkOption {
@@ -46,14 +46,14 @@ in
};
}
'';
- description = "Custom plugin declarations to add to VAM's knownPlugins.";
+ description = lib.mdDoc "Custom plugin declarations to add to VAM's knownPlugins.";
};
programs.vim.plugins = mkOption {
type = types.listOf types.attrs;
default = [];
example = [ { names = [ "surround" "vim-nix" ]; } ];
- description = "VAM plugin dictionaries to use for vim_configurable.";
+ description = lib.mdDoc "VAM plugin dictionaries to use for vim_configurable.";
};
programs.vim.package = mkOption {
@@ -70,7 +70,7 @@ in
programs.vim.vimConfig = mkOption {
type = types.lines;
default = "";
- description = "Extra vimrcConfig to use for vim_configurable.";
+ description = lib.mdDoc "Extra vimrcConfig to use for vim_configurable.";
};
};
diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix
index 14100d8..4e983e5 100644
--- a/modules/programs/zsh/default.nix
+++ b/modules/programs/zsh/default.nix
@@ -18,13 +18,13 @@ in
programs.zsh.enable = mkOption {
type = types.bool;
default = false;
- description = "Whether to configure zsh as an interactive shell.";
+ description = lib.mdDoc "Whether to configure zsh as an interactive shell.";
};
programs.zsh.variables = mkOption {
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
- description = ''
+ description = lib.mdDoc ''
A set of environment variables used in the global environment.
These variables will be set on shell initialisation.
The value of each variable can be either a string or a list of
@@ -37,61 +37,61 @@ in
programs.zsh.shellInit = mkOption {
type = types.lines;
default = "";
- description = "Shell script code called during zsh shell initialisation.";
+ description = lib.mdDoc "Shell script code called during zsh shell initialisation.";
};
programs.zsh.loginShellInit = mkOption {
type = types.lines;
default = "";
- description = "Shell script code called during zsh login shell initialisation.";
+ description = lib.mdDoc "Shell script code called during zsh login shell initialisation.";
};
programs.zsh.interactiveShellInit = mkOption {
type = types.lines;
default = "";
- description = "Shell script code called during interactive zsh shell initialisation.";
+ description = lib.mdDoc "Shell script code called during interactive zsh shell initialisation.";
};
programs.zsh.promptInit = mkOption {
type = types.lines;
- default = "autoload -U promptinit && promptinit && prompt walters";
- description = "Shell script code used to initialise the zsh prompt.";
+ default = "autoload -U promptinit && promptinit && prompt walters && setopt prompt_sp";
+ description = lib.mdDoc "Shell script code used to initialise the zsh prompt.";
};
programs.zsh.enableCompletion = mkOption {
type = types.bool;
default = true;
- description = "Enable zsh completion for all interactive zsh shells.";
+ description = lib.mdDoc "Enable zsh completion for all interactive zsh shells.";
};
programs.zsh.enableBashCompletion = mkOption {
type = types.bool;
default = true;
- description = "Enable bash completion for all interactive zsh shells.";
+ description = lib.mdDoc "Enable bash completion for all interactive zsh shells.";
};
programs.zsh.enableFzfCompletion = mkOption {
type = types.bool;
default = false;
- description = "Enable fzf completion.";
+ description = lib.mdDoc "Enable fzf completion.";
};
programs.zsh.enableFzfGit = mkOption {
type = types.bool;
default = false;
- description = "Enable fzf keybindings for C-g git browsing.";
+ description = lib.mdDoc "Enable fzf keybindings for C-g git browsing.";
};
programs.zsh.enableFzfHistory = mkOption {
type = types.bool;
default = false;
- description = "Enable fzf keybinding for Ctrl-r history search.";
+ description = lib.mdDoc "Enable fzf keybinding for Ctrl-r history search.";
};
programs.zsh.enableSyntaxHighlighting = mkOption {
type = types.bool;
default = false;
- description = "Enable zsh-syntax-highlighting.";
+ description = lib.mdDoc "Enable zsh-syntax-highlighting.";
};
};
@@ -194,14 +194,15 @@ in
environment.etc."zprofile".knownSha256Hashes = [
"db8422f92d8cff684e418f2dcffbb98c10fe544b5e8cd588b2009c7fa89559c5"
- "0235d3c1b6cf21e7043fbc98e239ee4bc648048aafaf6be1a94a576300584ef2"
+ "0235d3c1b6cf21e7043fbc98e239ee4bc648048aafaf6be1a94a576300584ef2" # macOS
];
environment.etc."zshrc".knownSha256Hashes = [
"19a2d673ffd47b8bed71c5218ff6617dfc5e8533b240b9ba79142a45f8823c23"
- "fb5827cb4712b7e7932d438067ec4852c8955a9ff0f55e282473684623ebdfa1"
- "c5a00c072c920f46216454978c44df044b2ec6d03409dc492c7bdcd92c94a110" # nix install
- "40b0d8751adae5b0100a4f863be5b75613a49f62706427e92604f7e04d2e2261" # nix install
+ "fb5827cb4712b7e7932d438067ec4852c8955a9ff0f55e282473684623ebdfa1" # macOS
+ "c5a00c072c920f46216454978c44df044b2ec6d03409dc492c7bdcd92c94a110" # official Nix installer
+ "40b0d8751adae5b0100a4f863be5b75613a49f62706427e92604f7e04d2e2261" # official Nix installer
+ "2af1b563e389d11b76a651b446e858116d7a20370d9120a7e9f78991f3e5f336" # DeterminateSystems installer
];
};
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 20:19:29 +0000