diff options
| author | Mike Vink <59492084+ivi-vink@users.noreply.github.com> | 2025-01-16 22:22:34 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-16 22:22:34 +0100 |
| commit | 8e7bd91f353caacc0bc4105f573eb3e17f09e03a (patch) | |
| tree | c5059edcbebd9644290cad7c653c49a36d593021 /modules/services | |
| parent | 6bd39d420578aacf7c0bab7de3e7027b952115ae (diff) | |
| parent | bd921223ba7cdac346477d7ea5204d6f4736fcc6 (diff) | |
Diffstat (limited to 'modules/services')
46 files changed, 1007 insertions, 367 deletions
diff --git a/modules/services/activate-system/default.nix b/modules/services/activate-system/default.nix index 19034a1..6a982fe 100644 --- a/modules/services/activate-system/default.nix +++ b/modules/services/activate-system/default.nix @@ -1,22 +1,11 @@ { config, lib, pkgs, ... }: -with lib; - -let - cfg = config.services.activate-system; -in - { - options = { - services.activate-system.enable = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Whether to activate system at boot time."; - }; - }; - - config = mkIf cfg.enable { + imports = [ + (lib.mkRemovedOptionModule [ "services" "activate-system" "enable" ] "The `activate-system` service is now always enabled as it is necessary for a working `nix-darwin` setup.") + ]; + config = { launchd.daemons.activate-system = { script = '' set -e @@ -41,6 +30,5 @@ in serviceConfig.RunAtLoad = true; serviceConfig.KeepAlive.SuccessfulExit = false; }; - }; } diff --git a/modules/services/aerospace/default.nix b/modules/services/aerospace/default.nix new file mode 100644 index 0000000..3080579 --- /dev/null +++ b/modules/services/aerospace/default.nix @@ -0,0 +1,259 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.aerospace; + + format = pkgs.formats.toml { }; + filterAttrsRecursive = pred: set: + lib.listToAttrs ( + lib.concatMap ( + name: let + v = set.${name}; + in + if pred v + then [ + (lib.nameValuePair name ( + if lib.isAttrs v + then filterAttrsRecursive pred v + else if lib.isList v + then + (map (i: + if lib.isAttrs i + then filterAttrsRecursive pred i + else i) (lib.filter pred v)) + else v + )) + ] + else [] + ) (lib.attrNames set) + ); + filterNulls = filterAttrsRecursive (v: v != null); + configFile = format.generate "aerospace.toml" (filterNulls cfg.settings); +in + +{ + options = { + services.aerospace = with lib.types; { + enable = lib.mkEnableOption "AeroSpace window manager"; + + package = lib.mkPackageOption pkgs "aerospace" { }; + + settings = lib.mkOption { + type = submodule { + freeformType = format.type; + options = { + start-at-login = lib.mkOption { + type = bool; + default = false; + description = "Do not start AeroSpace at login. (Managed by launchd instead)"; + }; + after-login-command = lib.mkOption { + type = listOf str; + default = [ ]; + description = "Do not use AeroSpace to run commands after login. (Managed by launchd instead)"; + }; + after-startup-command = lib.mkOption { + type = listOf str; + default = [ ]; + description = "Add commands that run after AeroSpace startup"; + example = [ "layout tiles" ]; + }; + enable-normalization-flatten-containers = lib.mkOption { + type = bool; + default = true; + description = "Containers that have only one child are \"flattened\"."; + }; + enable-normalization-opposite-orientation-for-nested-containers = lib.mkOption { + type = bool; + default = true; + description = "Containers that nest into each other must have opposite orientations."; + }; + accordion-padding = lib.mkOption { + type = int; + default = 30; + description = "Padding between windows in an accordion container."; + }; + default-root-container-layout = lib.mkOption { + type = enum [ + "tiles" + "accordion" + ]; + default = "tiles"; + description = "Default layout for the root container."; + }; + default-root-container-orientation = lib.mkOption { + type = enum [ + "horizontal" + "vertical" + "auto" + ]; + default = "auto"; + description = "Default orientation for the root container."; + }; + on-window-detected = lib.mkOption { + type = listOf (submodule { + options = { + "if" = lib.mkOption { + type = submodule { + options = { + app-id = lib.mkOption { + type = nullOr str; + default = null; + description = "The application ID to match (optional)."; + }; + workspace = lib.mkOption { + type = nullOr str; + default = null; + description = "The workspace name to match (optional)."; + }; + window-title-regex-substring = lib.mkOption { + type = nullOr str; + default = null; + description = "Substring to match in the window title (optional)."; + }; + app-name-regex-substring = lib.mkOption { + type = nullOr str; + default = null; + description = "Regex substring to match the app name (optional)."; + }; + during-aerospace-startup = lib.mkOption { + type = nullOr bool; + default = null; + description = "Whether to match during aerospace startup (optional)."; + }; + }; + }; + default = { }; + description = "Conditions for detecting a window."; + }; + check-further-callbacks = lib.mkOption { + type = nullOr bool; + default = null; + description = "Whether to check further callbacks after this rule (optional)."; + }; + run = lib.mkOption { + type = oneOf [str (listOf str)]; + example = ["move-node-to-workspace m" "resize-node"]; + description = "Commands to execute when the conditions match (required)."; + }; + }; + }); + default = [ ]; + example = [ + { + "if" = { + app-id = "Another.Cool.App"; + workspace = "cool-workspace"; + window-title-regex-substring = "Title"; + app-name-regex-substring = "CoolApp"; + during-aerospace-startup = false; + }; + check-further-callbacks = false; + run = ["move-node-to-workspace m" "resize-node"]; + } + ]; + description = "Commands to run every time a new window is detected with optional conditions."; + }; + workspace-to-monitor-force-assignment = lib.mkOption { + type = attrsOf (oneOf [int str (listOf str)]); + default = { }; + description = '' + Map workspaces to specific monitors. + Left-hand side is the workspace name, and right-hand side is the monitor pattern. + ''; + example = { + "1" = 1; # First monitor from left to right. + "2" = "main"; # Main monitor. + "3" = "secondary"; # Secondary monitor (non-main). + "4" = "built-in"; # Built-in display. + "5" = "^built-in retina display$"; # Regex for the built-in retina display. + "6" = ["secondary" "dell"]; # Match first pattern in the list. + }; + }; + on-focus-changed = lib.mkOption { + type = listOf str; + default = [ ]; + description = "Commands to run every time focused window or workspace changes."; + }; + on-focused-monitor-changed = lib.mkOption { + type = listOf str; + default = [ "move-mouse monitor-lazy-center" ]; + description = "Commands to run every time focused monitor changes."; + }; + exec-on-workspace-change = lib.mkOption { + type = listOf str; + default = [ ]; + example = [ + "/bin/bash" + "-c" + "sketchybar --trigger aerospace_workspace_change FOCUSED=$AEROSPACE_FOCUSED_WORKSPACE" + ]; + description = "Commands to run every time workspace changes."; + }; + key-mapping.preset = lib.mkOption { + type = enum [ + "qwerty" + "dvorak" + ]; + default = "qwerty"; + description = "Keymapping preset."; + }; + }; + }; + default = { }; + example = lib.literalExpression '' + { + gaps = { + outer.left = 8; + outer.bottom = 8; + outer.top = 8; + outer.right = 8; + }; + mode.main.binding = { + alt-h = "focus left"; + alt-j = "focus down"; + alt-k = "focus up"; + alt-l = "focus right"; + }; + } + ''; + description = '' + AeroSpace configuration, see + <link xlink:href="https://nikitabobko.github.io/AeroSpace/guide#configuring-aerospace"/> + for supported values. + ''; + }; + }; + }; + + config = ( + lib.mkIf (cfg.enable) { + assertions = [ + { + assertion = !cfg.settings.start-at-login; + message = "AeroSpace started at login is managed by home-manager and launchd instead of itself via this option."; + } + { + assertion = cfg.settings.after-login-command == [ ]; + message = "AeroSpace will not run these commands as it does not start itself."; + } + ]; + environment.systemPackages = [ cfg.package ]; + + launchd.user.agents.aerospace = { + command = + "${cfg.package}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace" + + (lib.optionalString (cfg.settings != { }) " --config-path ${configFile}"); + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + }; + }; + } + ); +} diff --git a/modules/services/autossh.nix b/modules/services/autossh.nix index 9905d69..2df74ec 100644 --- a/modules/services/autossh.nix +++ b/modules/services/autossh.nix @@ -22,18 +22,18 @@ in name = mkOption { type = types.str; example = "socks-peer"; - description = lib.mdDoc "Name of the local AutoSSH session"; + description = "Name of the local AutoSSH session"; }; user = mkOption { type = types.str; example = "bill"; - description = lib.mdDoc "Name of the user the AutoSSH session should run as"; + description = "Name of the user the AutoSSH session should run as"; }; monitoringPort = mkOption { type = types.int; default = 0; example = 20000; - description = lib.mdDoc '' + description = '' Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring @@ -42,7 +42,7 @@ in extraArguments = mkOption { type = types.str; example = "-N -D4343 bill@socks.example.net"; - description = lib.mdDoc '' + description = '' Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward @@ -54,7 +54,7 @@ in }); default = []; - description = lib.mdDoc '' + description = '' List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'. ''; diff --git a/modules/services/buildkite-agents.nix b/modules/services/buildkite-agents.nix index 094f2c9..69bc1f6 100644 --- a/modules/services/buildkite-agents.nix +++ b/modules/services/buildkite-agents.nix @@ -4,14 +4,13 @@ with lib; let cfg = config.services.buildkite-agents; - mdDoc = lib.mdDoc or (x: "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); literalMD = lib.literalMD or (x: lib.literalDocBook "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); mkHookOption = { name, description, example ? null }: { inherit name; value = mkOption { default = null; - description = mdDoc description; + description = description; type = types.nullOr types.lines; } // (if example == null then {} else { inherit example; }); }; @@ -36,32 +35,32 @@ let enable = mkOption { default = true; type = types.bool; - description = mdDoc "Whether to enable this buildkite agent"; + description = "Whether to enable this buildkite agent"; }; package = mkOption { default = pkgs.buildkite-agent; defaultText = literalExpression "pkgs.buildkite-agent"; - description = mdDoc "Which buildkite-agent derivation to use"; + description = "Which buildkite-agent derivation to use"; type = types.package; }; dataDir = mkOption { default = "/var/lib/buildkite-agent-${name}"; - description = mdDoc "The workdir for the agent"; + description = "The workdir for the agent"; type = types.str; }; runtimePackages = mkOption { default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]; defaultText = literalExpression "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"; - description = mdDoc "Add programs to the buildkite-agent environment"; + description = "Add programs to the buildkite-agent environment"; type = types.listOf (types.either types.package types.path); }; tokenPath = mkOption { type = types.path; - description = mdDoc '' + description = '' The token from your Buildkite "Agents" page. A run-time path to the token file, which is supposed to be provisioned @@ -72,7 +71,7 @@ let name = mkOption { type = types.str; default = "%hostname-${name}-%n"; - description = mdDoc '' + description = '' The name of the agent as seen in the buildkite dashboard. ''; }; @@ -81,7 +80,7 @@ let type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { queue = "default"; docker = "true"; ruby2 ="true"; }; - description = mdDoc '' + description = '' Tags for the agent. ''; }; @@ -90,7 +89,7 @@ let type = types.lines; default = ""; example = "debug=true"; - description = mdDoc '' + description = '' Extra lines to be added verbatim to the configuration file. ''; }; @@ -98,7 +97,7 @@ let preCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra commands to run before starting buildkite. ''; }; @@ -110,7 +109,7 @@ let ## don't end up in the Nix store. apply = final: if final == null then null else toString final; - description = mdDoc '' + description = '' OpenSSH private key A run-time path to the key file, which is supposed to be provisioned @@ -179,7 +178,7 @@ let type = types.path; default = hooksDir config; defaultText = literalMD "generated from {option}`services.buildkite-agents.<name>.hooks`"; - description = mdDoc '' + description = '' Path to the directory storing the hooks. Consider using {option}`services.buildkite-agents.<name>.hooks.<name>` instead. @@ -190,7 +189,7 @@ let type = types.str; default = "${pkgs.bash}/bin/bash -e -c"; defaultText = literalExpression ''"''${pkgs.bash}/bin/bash -e -c"''; - description = mdDoc '' + description = '' Command that buildkite-agent 3 will execute when it spawns a shell. ''; }; @@ -203,7 +202,7 @@ in options.services.buildkite-agents = mkOption { type = types.attrsOf (types.submodule buildkiteOptions); default = {}; - description = mdDoc '' + description = '' Attribute set of buildkite agents. The attribute key is combined with the hostname and a unique integer to create the final agent name. This can be overridden by setting the `name` @@ -238,7 +237,7 @@ in tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags); in optionalString (cfg.privateSshKeyPath != null) '' - mkdir -m 0700 -p "${sshDir}" + mkdir -m 0700 "${sshDir}" install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa" '' + '' cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF diff --git a/modules/services/cachix-agent.nix b/modules/services/cachix-agent.nix index 68bc61c..d9e4a90 100644 --- a/modules/services/cachix-agent.nix +++ b/modules/services/cachix-agent.nix @@ -9,7 +9,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable to run Cachix Agent as a system service. Read [Cachix Deploy](https://docs.cachix.org/deploy/) documentation for more information. @@ -19,13 +19,13 @@ in { name = mkOption { type = types.str; default = config.networking.hostName; - description = lib.mdDoc '' + description = '' Agent name, usually the same as the hostname. ''; }; package = mkOption { - description = lib.mdDoc '' + description = '' Package containing cachix executable. ''; type = types.package; @@ -36,7 +36,7 @@ in { credentialsFile = mkOption { type = types.path; default = "/etc/cachix-agent.token"; - description = lib.mdDoc '' + description = '' Required file that needs to contain: export CACHIX_AGENT_TOKEN=... @@ -46,7 +46,7 @@ in { logFile = mkOption { type = types.nullOr types.path; default = "/var/log/cachix-agent.log"; - description = lib.mdDoc "Absolute path to log all stderr and stdout"; + description = "Absolute path to log all stderr and stdout"; }; }; @@ -58,7 +58,7 @@ in { exec ${cfg.package}/bin/cachix deploy agent ${cfg.name} ''; - path = [ config.nix.package pkgs.coreutils ]; + path = [ config.nix.package pkgs.coreutils config.environment.systemPath ]; environment = { NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; diff --git a/modules/services/chunkwm.nix b/modules/services/chunkwm.nix index a5955cc..354288a 100644 --- a/modules/services/chunkwm.nix +++ b/modules/services/chunkwm.nix @@ -12,51 +12,51 @@ in services.chunkwm.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the chunkwm window manager."; + description = "Whether to enable the chunkwm window manager."; }; services.chunkwm.package = mkOption { type = types.package; example = literalExpression "pkgs.chunkwm"; - description = lib.mdDoc "This option specifies the chunkwm package to use."; + description = "This option specifies the chunkwm package to use."; }; services.chunkwm.hotload = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable hotload."; + description = "Whether to enable hotload."; }; services.chunkwm.extraConfig = mkOption { type = types.lines; default = ""; example = ''chunkc tiling::rule --owner Emacs --state tile''; - description = lib.mdDoc "Additional commands for {file}`chunkwmrc`."; + description = "Additional commands for {file}`chunkwmrc`."; }; services.chunkwm.plugins.dir = mkOption { type = types.path; default = "/run/current-system/sw/lib/chunkwm/plugins"; - description = lib.mdDoc "Chunkwm Plugins directory."; + description = "Chunkwm Plugins directory."; }; services.chunkwm.plugins.list = mkOption { type = types.listOf (types.enum plugins); default = plugins; example = ["tiling"]; - description = lib.mdDoc "Chunkwm Plugins to enable."; + description = "Chunkwm Plugins to enable."; }; services.chunkwm.plugins."border".config = mkOption { type = types.lines; default = ''chunkc set focused_border_color 0xffc0b18b''; - description = lib.mdDoc "Optional border plugin configuration."; + description = "Optional border plugin configuration."; }; services.chunkwm.plugins."tiling".config = mkOption { type = types.lines; example = ''chunkc set global_desktop_mode bsp''; - description = lib.mdDoc "Optional tiling plugin configuration."; + description = "Optional tiling plugin configuration."; }; }; diff --git a/modules/services/dnsmasq.nix b/modules/services/dnsmasq.nix index 03071db..7ea674f 100644 --- a/modules/services/dnsmasq.nix +++ b/modules/services/dnsmasq.nix @@ -12,32 +12,32 @@ in services.dnsmasq.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable DNSmasq."; + description = "Whether to enable DNSmasq."; }; services.dnsmasq.package = mkOption { type = types.path; default = pkgs.dnsmasq; defaultText = "pkgs.dnsmasq"; - description = lib.mdDoc "This option specifies the dnsmasq package to use."; + description = "This option specifies the dnsmasq package to use."; }; services.dnsmasq.bind = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "This option specifies the interface on which DNSmasq will listen."; + description = "This option specifies the interface on which DNSmasq will listen."; }; services.dnsmasq.port = mkOption { type = types.int; default = 53; - description = lib.mdDoc "This option specifies port on which DNSmasq will listen."; + description = "This option specifies port on which DNSmasq will listen."; }; services.dnsmasq.addresses = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "List of domains that will be redirected by the DNSmasq."; + description = "List of domains that will be redirected by the DNSmasq."; example = literalExpression '' { localhost = "127.0.0.1"; } ''; diff --git a/modules/services/emacs.nix b/modules/services/emacs.nix index 88b5c8a..ec98950 100644 --- a/modules/services/emacs.nix +++ b/modules/services/emacs.nix @@ -12,20 +12,20 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Emacs Daemon."; + description = "Whether to enable the Emacs Daemon."; }; package = mkOption { type = types.path; default = pkgs.emacs; - description = lib.mdDoc "This option specifies the emacs package to use."; + description = "This option specifies the emacs package to use."; }; additionalPath = mkOption { type = types.listOf types.str; default = [ ]; example = [ "/Users/my_user_name" ]; - description = lib.mdDoc '' + description = '' This option specifies additional PATH that the emacs daemon would have. Typically if you have binaries in your home directory that is what you would add your home path here. One caveat is that there won't be shell variable expansion, so you can't use $HOME for example @@ -35,7 +35,7 @@ in { exec = mkOption { type = types.str; default = "emacs"; - description = lib.mdDoc "Emacs command/binary to execute."; + description = "Emacs command/binary to execute."; }; }; }; @@ -44,9 +44,11 @@ in { launchd.user.agents.emacs = { path = cfg.additionalPath ++ [ config.environment.systemPath ]; - serviceConfig.ProgramArguments = - [ "${cfg.package}/bin/${cfg.exec}" "--fg-daemon" ]; - serviceConfig.RunAtLoad = true; + serviceConfig = { + ProgramArguments = [ "${cfg.package}/bin/${cfg.exec}" "--fg-daemon" ]; + RunAtLoad = true; + KeepAlive = true; + }; }; }; diff --git a/modules/services/eternal-terminal.nix b/modules/services/eternal-terminal.nix index 3533080..d243a61 100644 --- a/modules/services/eternal-terminal.nix +++ b/modules/services/eternal-terminal.nix @@ -7,20 +7,20 @@ in { options = { services.eternal-terminal = { - enable = mkEnableOption (lib.mdDoc "Eternal Terminal server"); + enable = mkEnableOption "Eternal Terminal server"; package = mkOption { type = types.path; default = pkgs.eternal-terminal; defaultText = "pkgs.eternal-terminal"; - description = lib.mdDoc + description = "This option specifies the eternal-terminal package to use."; }; port = mkOption { default = 2022; type = types.port; - description = lib.mdDoc '' + description = '' The port the server should listen on. Will use the server's default (2022) if not specified. Make sure to open this port in the firewall if necessary. @@ -30,7 +30,7 @@ in { verbosity = mkOption { default = 0; type = types.enum (lib.range 0 9); - description = lib.mdDoc '' + description = '' The verbosity level (0-9). ''; }; @@ -38,7 +38,7 @@ in { silent = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, disables all logging. ''; }; @@ -46,7 +46,7 @@ in { logSize = mkOption { default = 20971520; type = types.int; - description = lib.mdDoc '' + description = '' The maximum log size. ''; }; diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 300ca32..5152cc4 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -3,10 +3,12 @@ , ... }: -with lib; +let + inherit (lib) literalExpression mkOption mkPackageOption types; +in { options.services.github-runners = mkOption { - description = mdDoc '' + description = '' Multiple GitHub Runners. If `user` and `group` are set to `null`, the module will configure nix-darwin to @@ -22,12 +24,12 @@ with lib; * `/var/lib/github-runners/<name>`: State directory to store the runner registration credentials + * `/var/lib/github-runners/_work/<name>`: + Working directory for workflow files. The runner only uses this + directory if `workDir` is `null` (see the `workDir` option for details). * `/var/log/github-runners/<name>`: The launchd service writes the stdout and stderr streams to this directory. - * `/var/run/github-runners/<name>`: - Working directory for workflow files. The runner only uses this - directory if `workDir` is `null` (see the `workDir` option for details). ''; example = { runner1 = { @@ -50,7 +52,7 @@ with lib; enable = mkOption { default = false; example = true; - description = mdDoc '' + description = '' Whether to enable GitHub Actions runner. Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: @@ -61,7 +63,7 @@ with lib; url = mkOption { type = types.str; - description = mdDoc '' + description = '' Repository to add the runner to. Changing this option triggers a new runner registration. @@ -79,7 +81,7 @@ with lib; tokenFile = mkOption { type = types.path; - description = mdDoc '' + description = '' The full path to a file which contains either * a fine-grained personal access token (PAT), @@ -88,6 +90,9 @@ with lib; Changing this option or the `tokenFile`’s content triggers a new runner registration. + You can also manually trigger a new runner registration by deleting + {file}`/var/lib/github-runners/<name>/.runner` and restarting the service. + We suggest using the fine-grained PATs. A runner registration token is valid only for 1 hour after creation, so the next time the runner configuration changes this will give you hard-to-debug HTTP 404 errors in the configure step. @@ -122,7 +127,7 @@ with lib; name = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Name of the runner to configure. If null, defaults to the hostname. Changing this option triggers a new runner registration. @@ -133,7 +138,7 @@ with lib; runnerGroup = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Name of the runner group to add this runner to (defaults to the default runner group). Changing this option triggers a new runner registration. @@ -143,7 +148,7 @@ with lib; extraLabels = mkOption { type = types.listOf types.str; - description = mdDoc '' + description = '' Extra labels in addition to the default (unless disabled through the `noDefaultLabels` option). Changing this option triggers a new runner registration. @@ -154,7 +159,7 @@ with lib; noDefaultLabels = mkOption { type = types.bool; - description = mdDoc '' + description = '' Disables adding the default labels. Also see the `extraLabels` option. Changing this option triggers a new runner registration. @@ -164,7 +169,7 @@ with lib; replace = mkOption { type = types.bool; - description = mdDoc '' + description = '' Replace any existing runner with the same name. Without this flag, registering a new runner with the same name fails. @@ -174,7 +179,7 @@ with lib; extraPackages = mkOption { type = types.listOf types.package; - description = mdDoc '' + description = '' Extra packages to add to `PATH` of the service to make them available to workflows. ''; default = [ ]; @@ -182,7 +187,7 @@ with lib; extraEnvironment = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Extra environment variables to set for the runner, as an attrset. ''; example = { @@ -193,17 +198,17 @@ with lib; serviceOverrides = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Modify the service. Can be used to, e.g., adjust the sandboxing options. ''; default = { }; }; - package = mkPackageOptionMD pkgs "github-runner" { }; + package = mkPackageOption pkgs "github-runner" { }; ephemeral = mkOption { type = types.bool; - description = mdDoc '' + description = '' If enabled, causes the following behavior: - Passes the `--ephemeral` flag to the runner configuration script @@ -222,7 +227,7 @@ with lib; user = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' User under which to run the service. If this option and the `group` option is set to `null`, nix-darwin creates @@ -234,7 +239,7 @@ with lib; group = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Group under which to run the service. If this option and the `user` option is set to `null`, nix-darwin creates @@ -246,7 +251,7 @@ with lib; workDir = mkOption { type = with types; nullOr str; - description = mdDoc '' + description = '' Working directory, available as `$GITHUB_WORKSPACE` during workflow runs and used as a default for [repository checkouts](https://github.com/actions/checkout). The service cleans this directory on every service start. @@ -259,7 +264,7 @@ with lib; nodeRuntimes = mkOption { type = with types; nonEmptyListOf (enum [ "node20" ]); default = [ "node20" ]; - description = mdDoc '' + description = '' List of Node.js runtimes the runner should support. ''; }; diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 53f2cdd..029f863 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -1,10 +1,14 @@ { config, lib, pkgs, ... }: -with lib; + let + inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg + flatten flip getExe getExe' hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore + mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings; + mkSvcName = name: "github-runner-${name}"; mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}"; mkLogDir = cfg: "/var/log/github-runners/${cfg.name}"; - mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/run/github-runners/${cfg.name}"; + mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/lib/github-runners/_work/${cfg.name}"; in { config.assertions = flatten ( @@ -17,6 +21,10 @@ in assertion = !cfg.noDefaultLabels || (cfg.extraLabels != [ ]); message = "`services.github-runners.${name}`: The `extraLabels` option is mandatory if `noDefaultLabels` is set"; } + { + assertion = cfg.workDir == null || !(hasPrefix "/run/" cfg.workDir || hasPrefix "/var/run/" cfg.workDir || hasPrefix "/private/var/run/"); + message = "`services.github-runners.${name}`: `workDir` being inside /run is not supported"; + } ]) ); @@ -44,14 +52,22 @@ in text = mkBefore ('' echo >&2 "setting up GitHub Runner '${cfg.name}'..." - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + ( + umask -S u=rwx,g=rx,o= > /dev/null + + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)} + # launchd will fail to start the service if the outer direction doesn't have sufficient permissions + ${getExe' pkgs.coreutils "chmod"} o+rx ${escapeShellArg (mkLogDir { name = ""; })} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} - '' + optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ${optionalString (cfg.workDir == null) '' + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ''} + ) ''); }; })); @@ -84,9 +100,13 @@ in script = let + # https://github.com/NixOS/nixpkgs/pull/333744 introduced an inconsistency with different + # versions of nixpkgs. Use the old version of escapeShellArg to make sure that labels + # are always escaped to avoid https://www.shellcheck.net/wiki/SC2054 + escapeShellArgAlways = string: "'${replaceStrings ["'"] ["'\\''"] (toString string)}'"; configure = pkgs.writeShellApplication { name = "configure-github-runner-${name}"; - text = '' + text = /*bash*/'' export RUNNER_ROOT args=( @@ -94,7 +114,7 @@ in --disableupdate --work ${escapeShellArg workDir} --url ${escapeShellArg cfg.url} - --labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)} + --labels ${escapeShellArgAlways (concatStringsSep "," cfg.extraLabels)} ${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"} ${optionalString cfg.replace "--replace"} ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"} @@ -109,7 +129,7 @@ in else args+=(--token "$token") fi - ${package}/bin/config.sh "''${args[@]}" + ${getExe' package "config.sh"} "''${args[@]}" ''; }; in @@ -117,12 +137,12 @@ in echo "Configuring GitHub Actions Runner" # Always clean the working directory - ${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete + ${getExe pkgs.findutils} ${escapeShellArg workDir} -mindepth 1 -delete # Clean the $RUNNER_ROOT if we are in ephemeral mode if ${boolToString cfg.ephemeral}; then echo "Cleaning $RUNNER_ROOT" - ${pkgs.findutils}/bin/find "$RUNNER_ROOT" -mindepth 1 -delete + ${getExe pkgs.findutils} "$RUNNER_ROOT" -mindepth 1 -delete fi # If the `.runner` file does not exist, we assume the runner is not configured @@ -131,7 +151,7 @@ in fi # Start the service - ${package}/bin/Runner.Listener run --startuptype service + ${getExe' package "Runner.Listener"} run --startuptype service ''; serviceConfig = mkMerge [ diff --git a/modules/services/gitlab-runner.nix b/modules/services/gitlab-runner.nix index 7651ba5..94c291e 100644 --- a/modules/services/gitlab-runner.nix +++ b/modules/services/gitlab-runner.nix @@ -117,11 +117,11 @@ let in { options.services.gitlab-runner = { - enable = mkEnableOption (lib.mdDoc "Gitlab Runner"); + enable = mkEnableOption "Gitlab Runner"; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Configuration file for gitlab-runner. {option}`configFile` takes precedence over {option}`services`. @@ -137,7 +137,7 @@ in type = types.int; default = 0; example = literalExpression "with lib; (length (attrNames config.services.gitlab-runner.services)) * 3"; - description = lib.mdDoc '' + description = '' Defines the interval length, in seconds, between new jobs check. The default value is 3; if set to 0 or lower, the default value will be used. @@ -148,7 +148,7 @@ in type = types.int; default = 1; example = literalExpression "config.nix.maxJobs"; - description = lib.mdDoc '' + description = '' Limits how many jobs globally can be run concurrently. The most upper limit of jobs using all defined runners. 0 does not mean unlimited. @@ -158,7 +158,7 @@ in type = types.nullOr types.str; default = null; example = "https://public:private@host:port/1"; - description = lib.mdDoc '' + description = '' Data Source Name for tracking of all system level errors to Sentry. ''; }; @@ -166,7 +166,7 @@ in type = types.nullOr types.str; default = null; example = "localhost:8080"; - description = lib.mdDoc '' + description = '' Address (<host>:<port>) on which the Prometheus metrics HTTP server should be listening. ''; @@ -178,7 +178,7 @@ in type = types.nullOr types.str; default = null; example = "0.0.0.0:8093"; - description = lib.mdDoc '' + description = '' An internal URL to be used for the session server. ''; }; @@ -186,7 +186,7 @@ in type = types.nullOr types.str; default = null; example = "runner-host-name.tld:8093"; - description = lib.mdDoc '' + description = '' The URL that the Runner will expose to GitLab to be used to access the session server. Fallbacks to {option}`listenAddress` if not defined. @@ -195,7 +195,7 @@ in sessionTimeout = mkOption { type = types.int; default = 1800; - description = lib.mdDoc '' + description = '' How long in seconds the session can stay active after the job completes (which will block the job from finishing). ''; @@ -208,7 +208,7 @@ in listenAddress = "0.0.0.0:8093"; } ''; - description = lib.mdDoc '' + description = '' The session server allows the user to interact with jobs that the Runner is responsible for. A good example of this is the [interactive web terminal](https://docs.gitlab.com/ee/ci/interactive_web_terminal/index.html). @@ -217,7 +217,7 @@ in gracefulTermination = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Finish all remaining jobs before stopping. If not set gitlab-runner will stop immediatly without waiting for jobs to finish, which will lead to failed builds. @@ -227,7 +227,7 @@ in type = types.str; default = "infinity"; example = "5min 20s"; - description = lib.mdDoc '' + description = '' Time to wait until a graceful shutdown is turned into a forceful one. ''; }; @@ -236,17 +236,17 @@ in default = pkgs.gitlab-runner; defaultText = "pkgs.gitlab-runner"; example = literalExpression "pkgs.gitlab-runner_1_11"; - description = lib.mdDoc "Gitlab Runner package to use."; + description = "Gitlab Runner package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to add to PATH for the gitlab-runner process. ''; }; services = mkOption { - description = lib.mdDoc "GitLab Runner services."; + description = "GitLab Runner services."; default = { }; example = literalExpression '' { @@ -328,7 +328,7 @@ in options = { registrationConfigFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Absolute path to a file with environment variables used for gitlab-runner registration. A list of all supported environment variables can be found in @@ -345,7 +345,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--docker-helper-image my/gitlab-runner-helper" ]; - description = lib.mdDoc '' + description = '' Extra command-line flags passed to `gitlab-runner register`. Execute `gitlab-runner register --help` @@ -356,7 +356,7 @@ in type = types.attrsOf types.str; default = { }; example = { NAME = "value"; }; - description = lib.mdDoc '' + description = '' Custom environment variables injected to build environment. For secrets you can use {option}`registrationConfigFile` with `RUNNER_ENV` variable set. @@ -365,7 +365,7 @@ in executor = mkOption { type = types.str; default = "docker"; - description = lib.mdDoc '' + description = '' Select executor, eg. shell, docker, etc. See [runner documentation](https://docs.gitlab.com/runner/executors/README.html) for more information. ''; @@ -374,7 +374,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/gitlab-runner/builds"; - description = lib.mdDoc '' + description = '' Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH). ''; @@ -383,14 +383,14 @@ in type = types.nullOr types.str; default = null; example = "http://gitlab.example.local"; - description = lib.mdDoc '' + description = '' Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself. ''; }; dockerImage = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Docker image to be used. ''; }; @@ -398,7 +398,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - description = lib.mdDoc '' + description = '' Bind-mount a volume and create it if it doesn't exist prior to mounting. ''; @@ -406,14 +406,14 @@ in dockerDisableCache = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable all container caching. ''; }; dockerPrivileged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Give extended privileges to container. ''; }; @@ -421,7 +421,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "other-host:127.0.0.1" ]; - description = lib.mdDoc '' + description = '' Add a custom host-to-IP mapping. ''; }; @@ -429,7 +429,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ]; - description = lib.mdDoc '' + description = '' Whitelist allowed images. ''; }; @@ -437,21 +437,21 @@ in type = types.listOf types.str; default = [ ]; example = [ "postgres:9" "redis:*" "mysql:*" ]; - description = lib.mdDoc '' + description = '' Whitelist allowed services. ''; }; preCloneScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed before code is pulled. ''; }; preBuildScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed after code is pulled, just before build executes. ''; @@ -459,7 +459,7 @@ in postBuildScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed after code is pulled and just after build executes. ''; @@ -467,14 +467,14 @@ in tagList = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Tag list. ''; }; runUntagged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Register to run untagged builds; defaults to `true` when {option}`tagList` is empty. ''; @@ -482,7 +482,7 @@ in limit = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Limit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit. ''; @@ -490,14 +490,14 @@ in requestConcurrency = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Limit number of concurrent requests for new jobs from GitLab. ''; }; maximumTimeout = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit. ''; @@ -505,7 +505,7 @@ in protected = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to true Runner will only run on pipelines triggered on protected branches. ''; @@ -513,7 +513,7 @@ in debugTraceDisabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to true Runner will disable the possibility of using the `CI_DEBUG_TRACE` feature. ''; diff --git a/modules/services/hercules-ci-agent/common.nix b/modules/services/hercules-ci-agent/common.nix index 6401f6f..5a4b739 100644 --- a/modules/services/hercules-ci-agent/common.nix +++ b/modules/services/hercules-ci-agent/common.nix @@ -18,7 +18,6 @@ let types ; literalMD = lib.literalMD or (x: lib.literalDocBook "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); - mdDoc = lib.mdDoc or (x: "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); cfg = config.services.hercules-ci-agent; @@ -37,7 +36,7 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable to run Hercules CI Agent as a system service. [Hercules CI](https://hercules-ci.com) is a @@ -47,7 +46,7 @@ in ''; }; package = mkOption { - description = mdDoc '' + description = '' Package containing the bin/hercules-ci-agent executable. ''; type = types.package; @@ -55,7 +54,7 @@ in defaultText = literalExpression "pkgs.hercules-ci-agent"; }; settings = mkOption { - description = mdDoc '' + description = '' These settings are written to the `agent.toml` file. Not all settings are listed as options, can be set nonetheless. @@ -75,7 +74,7 @@ in type = types.path; internal = true; defaultText = literalMD "generated `hercules-ci-agent.toml`"; - description = mdDoc '' + description = '' The fully assembled config file. ''; }; diff --git a/modules/services/hercules-ci-agent/default.nix b/modules/services/hercules-ci-agent/default.nix index 538e104..fc3d952 100644 --- a/modules/services/hercules-ci-agent/default.nix +++ b/modules/services/hercules-ci-agent/default.nix @@ -17,7 +17,7 @@ in logFile = mkOption { type = types.path; default = "/var/log/hercules-ci-agent.log"; - description = lib.mdDoc "Stdout and sterr of hercules-ci-agent process."; + description = "Stdout and sterr of hercules-ci-agent process."; }; }; @@ -25,7 +25,7 @@ in launchd.daemons.hercules-ci-agent = { script = "exec ${cfg.package}/bin/hercules-ci-agent --config ${cfg.tomlFile}"; - path = [ config.nix.package ]; + path = [ config.nix.package config.environment.systemPath ]; environment = { NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; }; diff --git a/modules/services/hercules-ci-agent/settings.nix b/modules/services/hercules-ci-agent/settings.nix index 157861a..6389461 100644 --- a/modules/services/hercules-ci-agent/settings.nix +++ b/modules/services/hercules-ci-agent/settings.nix @@ -7,7 +7,6 @@ let mkOption ; literalMD = lib.literalMD or (x: lib.literalDocBook "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); - mdDoc = lib.mdDoc or (x: "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); format = pkgs.formats.toml { }; @@ -15,7 +14,7 @@ let freeformType = format.type; options = { apiBaseUrl = mkOption { - description = mdDoc '' + description = '' API base URL that the agent will connect to. When using Hercules CI Enterprise, set this to the URL where your @@ -27,12 +26,12 @@ let baseDirectory = mkOption { type = types.path; default = "/var/lib/hercules-ci-agent"; - description = mdDoc '' + description = '' State directory (secrets, work directory, etc) for agent ''; }; concurrentTasks = mkOption { - description = mdDoc '' + description = '' Number of tasks to perform simultaneously. A task is a single derivation build, an evaluation or an effect run. @@ -56,7 +55,7 @@ let ''; }; labels = mkOption { - description = mdDoc '' + description = '' A key-value map of user data. This data will be available to organization members in the dashboard and API. @@ -75,7 +74,7 @@ let ''; }; workDirectory = mkOption { - description = mdDoc '' + description = '' The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation. ''; type = types.path; @@ -83,7 +82,7 @@ let defaultText = literalExpression ''baseDirectory + "/work"''; }; staticSecretsDirectory = mkOption { - description = mdDoc '' + description = '' This is the default directory to look for statically configured secrets like `cluster-join-token.key`. See also `clusterJoinTokenPath` and `binaryCachesPath` for fine-grained configuration. @@ -93,7 +92,7 @@ let defaultText = literalExpression ''baseDirectory + "/secrets"''; }; clusterJoinTokenPath = mkOption { - description = mdDoc '' + description = '' Location of the cluster-join-token.key file. You can retrieve the contents of the file when creating a new agent via @@ -110,7 +109,7 @@ let defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"''; }; binaryCachesPath = mkOption { - description = mdDoc '' + description = '' Path to a JSON file containing binary cache secret keys. As these values are confidential, they should not be in the store, but @@ -124,7 +123,7 @@ let defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"''; }; secretsJsonPath = mkOption { - description = mdDoc '' + description = '' Path to a JSON file containing secrets for effects. As these values are confidential, they should not be in the store, but diff --git a/modules/services/ipfs.nix b/modules/services/ipfs.nix index 6cfcc49..e7cdb74 100644 --- a/modules/services/ipfs.nix +++ b/modules/services/ipfs.nix @@ -14,14 +14,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the ipfs daemon."; + description = "Whether to enable the ipfs daemon."; }; package = mkOption { type = types.package; default = pkgs.kubo; # defaultText = "pkgs.kubo"; - description = lib.mdDoc '' + description = '' The ipfs package to use. ''; }; @@ -30,7 +30,7 @@ in type = types.nullOr types.path; default = null; example = "/var/tmp/ipfs.log"; - description = lib.mdDoc '' + description = '' The logfile to use for the ipfs service. Alternatively {command}`sudo launchctl debug system/org.nixos.ipfs --stderr` can be used to stream the logs to a shell after restarting the service with @@ -41,13 +41,13 @@ in ipfsPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Set the IPFS_PATH environment variable."; + description = "Set the IPFS_PATH environment variable."; }; enableGarbageCollection = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Passes --enable-gc flag to ipfs daemon."; + description = "Passes --enable-gc flag to ipfs daemon."; }; }; diff --git a/modules/services/jankyborders/default.nix b/modules/services/jankyborders/default.nix new file mode 100644 index 0000000..cb7ab1e --- /dev/null +++ b/modules/services/jankyborders/default.nix @@ -0,0 +1,167 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) maintainers mkEnableOption mkIf mkPackageOption mkOption types; + + cfg = config.services.jankyborders; + joinStrings = strings: builtins.concatStringsSep "," strings; + + optionalArg = arg: value: + if value != null && value != "" + then + if lib.isList value + then lib.map (val: "${arg}=${val}") value + else ["${arg}=${value}"] + else []; +in { + meta.maintainers = [ + maintainers.amsynist or "amsynist" + ]; + + options.services.jankyborders = { + enable = mkEnableOption "Enable the jankyborders service."; + + package = mkPackageOption pkgs "jankyborders" {}; + + width = mkOption { + type = types.float; + default = 5.0; + description = '' + Determines the width of the border. For example, width=5.0 creates a border 5.0 points wide. + ''; + }; + + hidpi = mkOption { + type = types.bool; + default = false; + description = '' + If set to on, the border will be drawn with retina resolution. + ''; + }; + + active_color = mkOption { + type = types.str; + default = "0xFFFFFFFF"; + example = "0xFFFFFFFF"; + description = '' + Sets the border color for the focused window (format: 0xAARRGGBB). For instance, active_color="0xff00ff00" creates a green border. + For Gradient Border : active_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)" + ''; + }; + + inactive_color = mkOption { + type = types.str; + default = "0xFFFFFFFF"; + example = "0xFFFFFFFF"; + description = '' + Sets the border color for all windows not in focus (format: 0xAARRGGBB). + For Gradient Border : inactive_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)" + ''; + }; + + background_color = mkOption { + type = types.str; + default = ""; + example = "0xFFFFFFFF"; + description = '' + Sets the background fill color for all windows (only 0xAARRGGBB arguments supported). + ''; + }; + + style = mkOption { + type = types.str; + default = "round"; + example = "square/round"; + description = '' + Specifies the style of the border (either round or square). + ''; + }; + + order = mkOption { + type = types.enum [ "above" "below" ]; + default = "below"; + example = "above"; + description = '' + Specifies whether borders should be drawn above or below windows. + ''; + }; + + blur_radius = mkOption { + type = types.float; + default = 0.0; + example = 5.0; + description = '' + Sets the blur radius applied to the borders or backgrounds with transparency. + ''; + }; + + ax_focus = mkOption { + type = types.bool; + default = false; + description = '' + If set to true, the (slower) accessibility API is used to resolve the focused window. + ''; + }; + + blacklist = mkOption { + type = types.listOf types.str; + default = []; + example = ["Safari" "kitty"]; + description = '' + The applications specified here are excluded from being bordered. + For example, blacklist = [ "Safari" "kitty" ] excludes Safari and kitty from being bordered. + ''; + }; + + whitelist = mkOption { + type = types.listOf types.str; + default = []; + example = ["Arc" "USB Overdrive"]; + description = '' + Once this list is populated, only applications listed here are considered for receiving a border. + If the whitelist is empty (default) it is inactive. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !(cfg.blacklist != [] && cfg.whitelist != []); + message = "Cannot define both a blacklist and a whitelist for jankyborders."; + } + ]; + environment.systemPackages = [cfg.package]; + + launchd.user.agents.jankyborders = { + serviceConfig.ProgramArguments = + [ + "${cfg.package}/bin/borders" + ] + ++ (optionalArg "width" (toString cfg.width)) + ++ (optionalArg "hidpi" ( + if cfg.hidpi + then "on" + else "off" + )) + ++ (optionalArg "active_color" cfg.active_color) + ++ (optionalArg "inactive_color" cfg.inactive_color) + ++ (optionalArg "background_color" cfg.background_color) + ++ (optionalArg "style" cfg.style) + ++ (optionalArg "blur_radius" (toString cfg.blur_radius)) + ++ (optionalArg "ax_focus" ( + if cfg.ax_focus + then "on" + else "off" + )) + ++ (optionalArg "blacklist" (joinStrings cfg.blacklist)) + ++ (optionalArg "whitelist" (joinStrings cfg.whitelist)) + ++ (optionalArg "order" cfg.order); + serviceConfig.KeepAlive = true; + serviceConfig.RunAtLoad = true; + }; + }; +} diff --git a/modules/services/karabiner-elements/default.nix b/modules/services/karabiner-elements/default.nix index 7c0636c..8be2ddf 100644 --- a/modules/services/karabiner-elements/default.nix +++ b/modules/services/karabiner-elements/default.nix @@ -9,18 +9,19 @@ let in { - options = { - services.karabiner-elements.enable = mkEnableOption (lib.mdDoc "Karabiner-Elements"); + options.services.karabiner-elements = { + enable = mkEnableOption "Karabiner-Elements"; + package = mkPackageOption pkgs "karabiner-elements" { }; }; config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.karabiner-elements ]; + environment.systemPackages = [ cfg.package ]; system.activationScripts.preActivation.text = '' rm -rf ${parentAppDir} mkdir -p ${parentAppDir} # Kernel extensions must reside inside of /Applications, they cannot be symlinks - cp -r ${pkgs.karabiner-elements.driver}/Applications/.Karabiner-VirtualHIDDevice-Manager.app ${parentAppDir} + cp -r ${cfg.package.driver}/Applications/.Karabiner-VirtualHIDDevice-Manager.app ${parentAppDir} ''; system.activationScripts.postActivation.text = '' @@ -38,21 +39,18 @@ in # the system extension is activated, so we can call activate from the manager # which will block until the system extension is activated. launchd.daemons.start_karabiner_daemons = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path /nix/store && ${pkgs.writeScript "start_karabiner_daemons" '' + script = '' ${parentAppDir}/.Karabiner-VirtualHIDDevice-Manager.app/Contents/MacOS/Karabiner-VirtualHIDDevice-Manager activate launchctl kickstart system/org.pqrs.karabiner.karabiner_grabber launchctl kickstart system/org.pqrs.karabiner.karabiner_observer - ''}" - ]; + ''; serviceConfig.Label = "org.nixos.start_karabiner_daemons"; serviceConfig.RunAtLoad = true; }; launchd.daemons.karabiner_grabber = { serviceConfig.ProgramArguments = [ - "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_grabber" + "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_grabber" ]; serviceConfig.ProcessType = "Interactive"; serviceConfig.Label = "org.pqrs.karabiner.karabiner_grabber"; @@ -63,7 +61,7 @@ in launchd.daemons.karabiner_observer = { serviceConfig.ProgramArguments = [ - "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_observer" + "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_observer" ]; serviceConfig.Label = "org.pqrs.karabiner.karabiner_observer"; @@ -73,11 +71,7 @@ in }; launchd.daemons.Karabiner-DriverKit-VirtualHIDDeviceClient = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - # For unknown reasons this daemon will fail if VirtualHIDDeviceClient is not exec'd. - "/bin/wait4path /nix/store && exec \"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\"" - ]; + command = "\"${cfg.package.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\""; serviceConfig.ProcessType = "Interactive"; serviceConfig.Label = "org.pqrs.Karabiner-DriverKit-VirtualHIDDeviceClient"; serviceConfig.KeepAlive = true; @@ -95,14 +89,11 @@ in # We need this to run every reboot as /run gets nuked so we can't put this # inside the preActivation script as it only gets run on darwin-rebuild switch. launchd.daemons.setsuid_karabiner_session_monitor = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path /nix/store && ${pkgs.writeScript "setsuid_karabiner_session_monitor" '' + script = '' rm -rf /run/wrappers mkdir -p /run/wrappers/bin - install -m4555 "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin - ''}" - ]; + install -m4555 "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin + ''; serviceConfig.RunAtLoad = true; serviceConfig.KeepAlive.SuccessfulExit = false; }; @@ -116,8 +107,8 @@ in serviceConfig.KeepAlive = true; }; - environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_grabber.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_grabber.plist"; - environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_observer.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_observer.plist"; - environment.userLaunchAgents."org.pqrs.karabiner.karabiner_console_user_server.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.karabiner_console_user_server.plist"; + environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_grabber.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_grabber.plist"; + environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_observer.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_observer.plist"; + environment.userLaunchAgents."org.pqrs.karabiner.karabiner_console_user_server.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.karabiner_console_user_server.plist"; }; } diff --git a/modules/services/khd/default.nix b/modules/services/khd/default.nix index ef16a2b..7594baf 100644 --- a/modules/services/khd/default.nix +++ b/modules/services/khd/default.nix @@ -13,27 +13,27 @@ in services.khd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the khd hotkey daemon."; + description = "Whether to enable the khd hotkey daemon."; }; services.khd.package = mkOption { type = types.package; default = pkgs.khd; defaultText = "pkgs.khd"; - description = lib.mdDoc "This option specifies the khd package to use."; + description = "This option specifies the khd package to use."; }; services.khd.khdConfig = mkOption { type = types.lines; default = ""; example = "alt + shift - r : kwmc quit"; - description = lib.mdDoc "Config to use for {file}`khdrc`."; + description = "Config to use for {file}`khdrc`."; }; services.khd.i3Keybindings = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Wether to configure i3 style keybindings for kwm."; + description = "Wether to configure i3 style keybindings for kwm."; }; }; diff --git a/modules/services/kwm/default.nix b/modules/services/kwm/default.nix index c6603b9..5fb6c56 100644 --- a/modules/services/kwm/default.nix +++ b/modules/services/kwm/default.nix @@ -11,21 +11,21 @@ in services.kwm.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the khd window manager."; + description = "Whether to enable the khd window manager."; }; services.kwm.package = mkOption { type = types.path; default = pkgs.kwm; defaultText = "pkgs.kwm"; - description = lib.mdDoc "This option specifies the kwm package to use."; + description = "This option specifies the kwm package to use."; }; services.kwm.kwmConfig = mkOption { type = types.lines; default = ""; example = ''kwmc rule owner="iTerm2" properties={role="AXDialog"}''; - description = lib.mdDoc "Config to use for {file}`kwmrc`."; + description = "Config to use for {file}`kwmrc`."; }; }; diff --git a/modules/services/lorri.nix b/modules/services/lorri.nix index 246bcfa..0c12300 100644 --- a/modules/services/lorri.nix +++ b/modules/services/lorri.nix @@ -11,14 +11,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the lorri service."; + description = "Whether to enable the lorri service."; }; logFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/tmp/lorri.log"; - description = lib.mdDoc '' + description = '' The logfile to use for the lorri service. Alternatively {command}`sudo launchctl debug system/org.nixos.lorri --stderr` can be used to stream the logs to a shell after restarting the service with diff --git a/modules/services/mail/offlineimap.nix b/modules/services/mail/offlineimap.nix index b7913cb..81c8bdb 100644 --- a/modules/services/mail/offlineimap.nix +++ b/modules/services/mail/offlineimap.nix @@ -7,32 +7,32 @@ let in { options.services.offlineimap = { - enable = mkEnableOption (lib.mdDoc "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s)"); + enable = mkEnableOption "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s)"; package = mkOption { type = types.package; default = pkgs.offlineimap; defaultText = "pkgs.offlineimap"; - description = lib.mdDoc "Offlineimap derivation to use."; + description = "Offlineimap derivation to use."; }; path = mkOption { type = types.listOf types.path; default = []; example = literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; - description = lib.mdDoc "List of derivations to put in Offlineimap's path."; + description = "List of derivations to put in Offlineimap's path."; }; startInterval = mkOption { type = types.nullOr types.int; default = 300; - description = lib.mdDoc "Optional key to start offlineimap services each N seconds"; + description = "Optional key to start offlineimap services each N seconds"; }; runQuick = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Run only quick synchronizations. Ignore any flag updates on IMAP servers. If a flag on the remote IMAP changes, and we have the message locally, it will be left untouched in a quick run. ''; @@ -41,7 +41,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional text to be appended to {file}`offlineimaprc`."; + description = "Additional text to be appended to {file}`offlineimaprc`."; }; }; diff --git a/modules/services/monitoring/netdata.nix b/modules/services/monitoring/netdata.nix new file mode 100644 index 0000000..da0809c --- /dev/null +++ b/modules/services/monitoring/netdata.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.netdata; + +in { + meta.maintainers = [ lib.maintainers.rsrohitsingh682 or "rsrohitsingh682" ]; + + options = { + services.netdata = { + enable = mkEnableOption "Netdata daemon"; + + package = lib.mkPackageOption pkgs "netdata" {}; + + config = mkOption { + type = types.lines; + default = ""; + description = "Custom configuration for Netdata"; + }; + + workDir = mkOption { + type = types.path; + default = "/var/lib/netdata"; + description = "Working directory for Netdata"; + }; + + logDir = mkOption { + type = types.path; + default = "/var/log/netdata"; + description = "Log directory for Netdata"; + }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + launchd.daemons.netdata = { + serviceConfig = { + Label = "netdata"; + KeepAlive = true; + WorkingDirectory = cfg.workDir; + StandardErrorPath = "${cfg.logDir}/netdata.log"; + StandardOutPath = "${cfg.logDir}/netdata.log"; + }; + command = lib.getExe cfg.package; + }; + + environment.etc."netdata/netdata.conf".text = cfg.config; + + system.activationScripts.preActivation.text = '' + mkdir -p ${cfg.workDir} + ''; + }; +} diff --git a/modules/services/monitoring/prometheus-node-exporter.nix b/modules/services/monitoring/prometheus-node-exporter.nix new file mode 100644 index 0000000..7f58055 --- /dev/null +++ b/modules/services/monitoring/prometheus-node-exporter.nix @@ -0,0 +1,121 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + concatStringsSep + escapeShellArgs + getExe + mkEnableOption + mkIf + mkOption + mkPackageOption + mkRemovedOptionModule + types + ; + + cfg = config.services.prometheus.exporters.node; +in { + imports = [ + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "openFirewall" ] "No nix-darwin equivalent to this NixOS option.") + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallFilter" ] "No nix-darwin equivalent to this NixOS option.") + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallRules" ] "No nix-darwin equivalent to this NixOS option.") + ]; + + options = { + services.prometheus.exporters.node = { + enable = mkEnableOption "Prometheus Node exporter"; + + package = mkPackageOption pkgs "prometheus-node-exporter" { }; + + listenAddress = mkOption { + type = types.str; + default = ""; + example = "0.0.0.0"; + description = '' + Address where Node exporter exposes its HTTP interface. Leave empty to bind to all addresses. + ''; + }; + + port = mkOption { + type = types.port; + default = 9100; + description = '' + Port where the Node exporter exposes its HTTP interface. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--log.level=debug" ]; + description = '' + Extra commandline options to pass to the Node exporter executable. + ''; + }; + + enabledCollectors = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Collectors to enable in addition to the ones that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default). + ''; + }; + + disabledCollectors = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "boottime" ]; + description = '' + Collectors to disable from the list of collectors that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default). + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users._prometheus-node-exporter = { + uid = config.ids.uids._prometheus-node-exporter; + gid = config.ids.gids._prometheus-node-exporter; + home = "/var/lib/prometheus-node-exporter"; + createHome = true; + shell = "/usr/bin/false"; + description = "System user for the Prometheus Node exporter"; + }; + + users.groups._prometheus-node-exporter = { + gid = config.ids.gids._prometheus-node-exporter; + description = "System group for the Prometheus Node exporter"; + }; + + users.knownGroups = [ "_prometheus-node-exporter" ]; + users.knownUsers = [ "_prometheus-node-exporter" ]; + + launchd.daemons.prometheus-node-exporter = { + script = concatStringsSep " " + ([ + (getExe cfg.package) + "--web.listen-address" + "${cfg.listenAddress}:${toString cfg.port}" + ] + ++ (map (collector: "--collector.${collector}") cfg.enabledCollectors) + ++ (map (collector: "--no-collector.${collector}") cfg.disabledCollectors) + ) + escapeShellArgs cfg.extraFlags; + serviceConfig = let + logPath = config.users.users._prometheus-node-exporter.home + + "/prometheus-node-exporter.log"; + in { + KeepAlive = true; + RunAtLoad = true; + StandardErrorPath = logPath; + StandardOutPath = logPath; + GroupName = "_prometheus-node-exporter"; + UserName = "_prometheus-node-exporter"; + }; + }; + }; +} diff --git a/modules/services/monitoring/telegraf.nix b/modules/services/monitoring/telegraf.nix index e3d3250..f40e013 100644 --- a/modules/services/monitoring/telegraf.nix +++ b/modules/services/monitoring/telegraf.nix @@ -10,12 +10,12 @@ let in { options = { services.telegraf = { - enable = mkEnableOption (lib.mdDoc "telegraf agent"); + enable = mkEnableOption "telegraf agent"; package = mkOption { default = pkgs.telegraf; defaultText = lib.literalExpression "pkgs.telegraf"; - description = lib.mdDoc "Which telegraf derivation to use"; + description = "Which telegraf derivation to use"; type = types.package; }; @@ -23,7 +23,7 @@ in { type = types.listOf types.path; default = [ ]; example = [ "/run/keys/telegraf.env" ]; - description = lib.mdDoc '' + description = '' File to load as environment file. This is useful to avoid putting secrets into the nix store. ''; @@ -31,7 +31,7 @@ in { extraConfig = mkOption { default = { }; - description = lib.mdDoc "Extra configuration options for telegraf"; + description = "Extra configuration options for telegraf"; type = settingsFormat.type; example = { outputs.influxdb = { @@ -47,7 +47,7 @@ in { configUrl = mkOption { default = null; - description = lib.mdDoc "Url to fetch config from"; + description = "Url to fetch config from"; type = types.nullOr types.str; }; }; diff --git a/modules/services/mopidy.nix b/modules/services/mopidy.nix index 2fb9a15..be3c05e 100644 --- a/modules/services/mopidy.nix +++ b/modules/services/mopidy.nix @@ -11,27 +11,27 @@ in services.mopidy.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Mopidy Daemon."; + description = "Whether to enable the Mopidy Daemon."; }; services.mopidy.package = mkOption { type = types.path; default = pkgs.mopidy; defaultText = "pkgs.mopidy"; - description = lib.mdDoc "This option specifies the mopidy package to use."; + description = "This option specifies the mopidy package to use."; }; services.mopidy.mediakeys.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Mopidy OSX Media Keys support daemon."; + description = "Whether to enable the Mopidy OSX Media Keys support daemon."; }; services.mopidy.mediakeys.package = mkOption { type = types.path; default = pkgs.pythonPackages.osxmpdkeys; defaultText = "pkgs.pythonPackages.osxmpdkeys"; - description = lib.mdDoc "This option specifies the mediakeys package to use."; + description = "This option specifies the mediakeys package to use."; }; }; diff --git a/modules/services/netbird.nix b/modules/services/netbird.nix index ad0bf3e..5bc8ebd 100644 --- a/modules/services/netbird.nix +++ b/modules/services/netbird.nix @@ -5,12 +5,12 @@ let in { options.services.netbird = { - enable = mkEnableOption (lib.mdDoc "Netbird daemon"); + enable = mkEnableOption "Netbird daemon"; package = mkOption { type = types.package; default = pkgs.netbird; defaultText = literalExpression "pkgs.netbird"; - description = lib.mdDoc "The package to use for netbird"; + description = "The package to use for netbird"; }; }; config = mkIf cfg.enable { diff --git a/modules/services/nextdns/default.nix b/modules/services/nextdns/default.nix index 5ea5e75..adc9823 100644 --- a/modules/services/nextdns/default.nix +++ b/modules/services/nextdns/default.nix @@ -13,13 +13,13 @@ in { type = types.bool; default = false; description = - lib.mdDoc "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; + "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; }; arguments = mkOption { type = types.listOf types.str; default = [ ]; example = [ "-config" "10.0.3.0/24=abcdef" ]; - description = lib.mdDoc "Additional arguments to be passed to nextdns run."; + description = "Additional arguments to be passed to nextdns run."; }; }; }; @@ -31,7 +31,7 @@ in { launchd.daemons.nextdns = { path = [ nextdns ]; serviceConfig.ProgramArguments = - [ "${pkgs.nextdns}/bin/nextdns" "run" (escapeShellArgs cfg.arguments) ]; + [ "${pkgs.nextdns}/bin/nextdns" "run" ] ++ cfg.arguments; serviceConfig.KeepAlive = true; serviceConfig.RunAtLoad = true; }; diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 584c226..ffc7e65 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -1,30 +1,30 @@ -{ config, lib, pkgs, ... }: - -with lib; +{ config, lib, ... }: let cfg = config.services.nix-daemon; + + inherit (lib) mkDefault mkIf mkMerge mkOption types; in { options = { services.nix-daemon.enable = mkOption { type = types.bool; - default = false; - description = lib.mdDoc "Whether to enable the nix-daemon service."; + default = true; + description = "Whether to enable the nix-daemon service."; }; services.nix-daemon.enableSocketListener = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to make the nix-daemon service socket activated."; + description = "Whether to make the nix-daemon service socket activated."; }; services.nix-daemon.logFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/log/nix-daemon.log"; - description = lib.mdDoc '' + description = '' The logfile to use for the nix-daemon service. Alternatively {command}`sudo launchctl debug system/org.nixos.nix-daemon --stderr` can be used to stream the logs to a shell after restarting the service with @@ -35,7 +35,7 @@ in services.nix-daemon.tempDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "The TMPDIR to use for nix-daemon."; + description = "The TMPDIR to use for nix-daemon."; }; }; @@ -44,14 +44,11 @@ in nix.useDaemon = true; launchd.daemons.nix-daemon = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path ${config.nix.package}/bin/nix-daemon && exec ${config.nix.package}/bin/nix-daemon" - ]; + command = lib.getExe' config.nix.package "nix-daemon"; serviceConfig.ProcessType = config.nix.daemonProcessType; serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority; serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix - serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 4096; + serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 1048576; serviceConfig.StandardErrorPath = cfg.logFile; serviceConfig.KeepAlive = mkIf (!cfg.enableSocketListener) true; diff --git a/modules/services/nix-gc/default.nix b/modules/services/nix-gc/default.nix index f13e250..9fe8e86 100644 --- a/modules/services/nix-gc/default.nix +++ b/modules/services/nix-gc/default.nix @@ -6,6 +6,7 @@ with lib; let cfg = config.nix.gc; + launchdTypes = import ../../launchd/types.nix { inherit config lib; }; in { @@ -24,27 +25,31 @@ in automatic = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Automatically run the garbage collector at a specific time."; + description = "Automatically run the garbage collector at a specific time."; }; # Not in NixOS module user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "User that runs the garbage collector."; + description = "User that runs the garbage collector."; }; interval = mkOption { - type = types.attrs; - default = { Hour = 3; Minute = 15; }; - description = lib.mdDoc "The time interval at which the garbage collector will run."; + type = launchdTypes.StartCalendarInterval; + default = [{ Weekday = 7; Hour = 3; Minute = 15; }]; + description = '' + The calendar interval at which the garbage collector will run. + See the {option}`serviceConfig.StartCalendarInterval` option of + the {option}`launchd` module for more info. + ''; }; options = mkOption { default = ""; example = "--max-freed $((64 * 1024**3))"; type = types.str; - description = lib.mdDoc '' + description = '' Options given to {file}`nix-collect-garbage` when the garbage collector is run automatically. ''; @@ -63,7 +68,7 @@ in command = "${config.nix.package}/bin/nix-collect-garbage ${cfg.options}"; environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon"; serviceConfig.RunAtLoad = false; - serviceConfig.StartCalendarInterval = [ cfg.interval ]; + serviceConfig.StartCalendarInterval = cfg.interval; serviceConfig.UserName = cfg.user; }; diff --git a/modules/services/nix-optimise/default.nix b/modules/services/nix-optimise/default.nix index 5462bae..c0ee0a3 100644 --- a/modules/services/nix-optimise/default.nix +++ b/modules/services/nix-optimise/default.nix @@ -6,7 +6,6 @@ let inherit (lib) - mdDoc mkIf mkOption mkRemovedOptionModule @@ -15,6 +14,7 @@ let ; cfg = config.nix.optimise; + launchdTypes = import ../../launchd/types.nix { inherit config lib; }; in { @@ -31,20 +31,24 @@ in automatic = mkOption { type = types.bool; default = false; - description = mdDoc "Automatically run the nix store optimiser at a specific time."; + description = "Automatically run the nix store optimiser at a specific time."; }; # Not in NixOS module user = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "User that runs the store optimisation."; + description = "User that runs the store optimisation."; }; interval = mkOption { - type = types.attrs; - default = { Hour = 3; Minute = 15; }; - description = mdDoc "The time interval at which the optimiser will run."; + type = launchdTypes.StartCalendarInterval; + default = [{ Weekday = 7; Hour = 4; Minute = 15; }]; + description = '' + The calendar interval at which the optimiser will run. + See the {option}`serviceConfig.StartCalendarInterval` option of + the {option}`launchd` module for more info. + ''; }; }; @@ -58,13 +62,10 @@ in launchd.daemons.nix-optimise = { environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon"; + command = "${lib.getExe' config.nix.package "nix-store"} --optimise"; serviceConfig = { - ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path ${config.nix.package} && exec ${config.nix.package}/bin/nix-store --optimise" - ]; RunAtLoad = false; - StartCalendarInterval = [ cfg.interval ]; + StartCalendarInterval = cfg.interval; UserName = cfg.user; }; }; diff --git a/modules/services/ofborg/default.nix b/modules/services/ofborg/default.nix index 9151039..8959cc8 100644 --- a/modules/services/ofborg/default.nix +++ b/modules/services/ofborg/default.nix @@ -12,13 +12,13 @@ in services.ofborg.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the ofborg builder service."; + description = "Whether to enable the ofborg builder service."; }; services.ofborg.package = mkOption { type = types.package; example = literalExpression "pkgs.ofborg"; - description = lib.mdDoc '' + description = '' This option specifies the ofborg package to use. eg. (import <ofborg> {}).ofborg.rs @@ -30,7 +30,7 @@ in services.ofborg.configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Configuration file to use for ofborg. WARNING Don't use a path literal or derivation for this, @@ -41,17 +41,11 @@ in services.ofborg.logFile = mkOption { type = types.path; default = "/var/log/ofborg.log"; - description = lib.mdDoc "The logfile to use for the ofborg service."; + description = "The logfile to use for the ofborg service."; }; }; config = mkIf cfg.enable { - - assertions = [ - { assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; } - { assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; } - ]; - warnings = mkIf (isDerivation cfg.configFile) [ "services.ofborg.configFile is a derivation, credentials will be world readable" ]; @@ -87,9 +81,13 @@ in users.users.ofborg.shell = "/bin/bash"; users.users.ofborg.description = "OfBorg service user"; + users.knownUsers = [ "ofborg" ]; + users.groups.ofborg.gid = mkDefault 531; users.groups.ofborg.description = "Nix group for OfBorg service"; + users.knownGroups = [ "ofborg" ]; + # FIXME: create logfiles automatically if defined. system.activationScripts.preActivation.text = '' mkdir -p '${user.home}' diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix new file mode 100644 index 0000000..859f79d --- /dev/null +++ b/modules/services/openssh.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: + +let + cfg = config.services.openssh; +in +{ + options = { + services.openssh.enable = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = '' + Whether to enable Apple's built-in OpenSSH server. + + The default is null which means let macOS manage the OpenSSH server. + ''; + }; + }; + + config = { + # We don't use `systemsetup -setremotelogin` as it requires Full Disk Access + system.activationScripts.launchd.text = lib.mkIf (cfg.enable != null) (if cfg.enable then '' + if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "Off" ]]; then + launchctl enable system/com.openssh.sshd + launchctl bootstrap system /System/Library/LaunchDaemons/ssh.plist + fi + '' else '' + if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "On" ]]; then + launchctl bootout system/com.openssh.sshd + launchctl disable system/com.openssh.sshd + fi + ''); + }; +} diff --git a/modules/services/postgresql/default.nix b/modules/services/postgresql/default.nix index 018b46e..64dfad4 100644 --- a/modules/services/postgresql/default.nix +++ b/modules/services/postgresql/default.nix @@ -40,12 +40,12 @@ in services.postgresql = { - enable = mkEnableOption (lib.mdDoc "PostgreSQL Server"); + enable = mkEnableOption "PostgreSQL Server"; package = mkOption { type = types.package; example = literalExpression "pkgs.postgresql_11"; - description = lib.mdDoc '' + description = '' PostgreSQL package to use. ''; }; @@ -53,7 +53,7 @@ in port = mkOption { type = types.int; default = 5432; - description = lib.mdDoc '' + description = '' The port on which PostgreSQL listens. ''; }; @@ -61,14 +61,14 @@ in checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Check the syntax of the configuration file at compile time"; + description = "Check the syntax of the configuration file at compile time"; }; dataDir = mkOption { type = types.path; defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.postgresql.package.psqlSchema}"''; example = "/var/lib/postgresql/11"; - description = lib.mdDoc '' + description = '' The data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership @@ -79,7 +79,7 @@ in authentication = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Defines how users authenticate themselves to the server. See the [ PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) @@ -96,7 +96,7 @@ in identMap = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Defines the mapping from system users to database users. The general form is: @@ -109,7 +109,7 @@ in type = with types; listOf str; default = []; example = [ "--data-checksums" "--allow-group-access" ]; - description = lib.mdDoc '' + description = '' Additional arguments passed to `initdb` during data dir initialisation. ''; @@ -118,7 +118,7 @@ in initialScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' A file containing SQL statements to execute on first startup. ''; }; @@ -126,7 +126,7 @@ in ensureDatabases = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or @@ -143,14 +143,14 @@ in options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the user to ensure. ''; }; ensurePermissions = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc '' + description = '' Permissions to ensure for the user, specified as an attribute set. The attribute names specify the database and tables to grant the permissions for. The attribute values specify the permissions to grant. You may specify one or @@ -171,7 +171,7 @@ in }; }); default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified users exist and have at least the ensured permissions. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the same name only, and that without the need for a password. @@ -200,7 +200,7 @@ in enableTCPIP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost. @@ -211,7 +211,7 @@ in type = types.str; default = "[%p] "; example = "%m [%p] "; - description = lib.mdDoc '' + description = '' A printf-style string that is output at the beginning of each log line. Upstream default is `'%m [%p] '`, i.e. it includes the timestamp. We do not include the timestamp, because journal has it anyway. @@ -222,7 +222,7 @@ in type = types.listOf types.path; default = []; example = literalExpression "with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]"; - description = lib.mdDoc '' + description = '' List of PostgreSQL plugins. PostgreSQL version for each plugin should match version for `services.postgresql.package` value. ''; @@ -231,16 +231,16 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ bool float int str ]); default = {}; - description = lib.mdDoc '' + description = '' PostgreSQL configuration. Refer to <https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE> for an overview of `postgresql.conf`. ::: {.note} - + String values will automatically be enclosed in single quotes. Single quotes will be escaped with two single quotes as described by the upstream documentation linked above. - + ::: ''; example = literalExpression '' @@ -257,7 +257,7 @@ in recoveryConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of the {file}`recovery.conf` file. ''; }; @@ -267,7 +267,7 @@ in default = "postgres"; internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' PostgreSQL superuser account to use for various operations. Internal since changing this value would lead to breakage while setting up databases. ''; @@ -355,11 +355,14 @@ in "${cfg.dataDir}/recovery.conf" ''} - exec ${postgresql}/bin/postgres -D ${cfg.dataDir} + exec ${postgresql}/bin/postgres ''; serviceConfig.KeepAlive = true; serviceConfig.RunAtLoad = true; + serviceConfig.EnvironmentVariables = { + PGDATA = cfg.dataDir; + }; }; }; diff --git a/modules/services/privoxy/default.nix b/modules/services/privoxy/default.nix index 5f7780c..b314723 100644 --- a/modules/services/privoxy/default.nix +++ b/modules/services/privoxy/default.nix @@ -10,40 +10,40 @@ in services.privoxy.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the privoxy proxy service."; + description = "Whether to enable the privoxy proxy service."; }; services.privoxy.listenAddress = mkOption { type = types.str; default = "127.0.0.1:8118"; - description = lib.mdDoc "The address and TCP port on which privoxy will listen."; + description = "The address and TCP port on which privoxy will listen."; }; services.privoxy.package = mkOption { type = types.package; default = pkgs.privoxy; example = literalExpression "pkgs.privoxy"; - description = lib.mdDoc "This option specifies the privoxy package to use."; + description = "This option specifies the privoxy package to use."; }; services.privoxy.config = mkOption { type = types.lines; default = ""; example = "forward / upstream.proxy:8080"; - description = lib.mdDoc "Config to use for privoxy"; + description = "Config to use for privoxy"; }; services.privoxy.templdir = mkOption { type = types.path; default = "${pkgs.privoxy}/etc/templates"; defaultText = "\${pkgs.privoxy}/etc/templates"; - description = lib.mdDoc "Directory for privoxy template files."; + description = "Directory for privoxy template files."; }; services.privoxy.confdir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Directory for privoxy files such as .action and .filter."; + description = "Directory for privoxy files such as .action and .filter."; }; }; diff --git a/modules/services/redis/default.nix b/modules/services/redis/default.nix index 0fa0af7..ccacd3b 100644 --- a/modules/services/redis/default.nix +++ b/modules/services/redis/default.nix @@ -11,52 +11,52 @@ in services.redis.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the redis database service."; + description = "Whether to enable the redis database service."; }; services.redis.package = mkOption { type = types.path; default = pkgs.redis; defaultText = "pkgs.redis"; - description = lib.mdDoc "This option specifies the redis package to use"; + description = "This option specifies the redis package to use"; }; services.redis.dataDir = mkOption { type = types.nullOr types.path; default = "/var/lib/redis"; - description = lib.mdDoc "Data directory for the redis database."; + description = "Data directory for the redis database."; }; services.redis.port = mkOption { type = types.int; default = 6379; - description = lib.mdDoc "The port for Redis to listen to."; + description = "The port for Redis to listen to."; }; services.redis.bind = mkOption { type = types.nullOr types.str; default = null; # All interfaces - description = lib.mdDoc "The IP interface to bind to."; + description = "The IP interface to bind to."; example = "127.0.0.1"; }; services.redis.unixSocket = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "The path to the socket to bind to."; + description = "The path to the socket to bind to."; example = "/var/run/redis.sock"; }; services.redis.appendOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; + description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; }; services.redis.extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional text to be appended to {file}`redis.conf`."; + description = "Additional text to be appended to {file}`redis.conf`."; }; }; diff --git a/modules/services/sketchybar/default.nix b/modules/services/sketchybar/default.nix index 0cc4f6f..c29eec2 100644 --- a/modules/services/sketchybar/default.nix +++ b/modules/services/sketchybar/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) literalExpression maintainers mdDoc mkEnableOption mkIf mkPackageOptionMD mkOption optionals types; + inherit (lib) literalExpression maintainers mkEnableOption mkIf mkPackageOption mkOption optionals types; cfg = config.services.sketchybar; @@ -15,15 +15,15 @@ in ]; options.services.sketchybar = { - enable = mkEnableOption (mdDoc "sketchybar"); + enable = mkEnableOption "sketchybar"; - package = mkPackageOptionMD pkgs "sketchybar" { }; + package = mkPackageOption pkgs "sketchybar" { }; extraPackages = mkOption { type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.jq ]"; - description = mdDoc '' + description = '' Extra packages to add to PATH. ''; }; @@ -36,7 +36,7 @@ in sketchybar --update echo "sketchybar configuration loaded.." ''; - description = mdDoc '' + description = '' Contents of sketchybar's configuration file. If empty (the default), the configuration file won't be managed. See [documentation](https://felixkratz.github.io/SketchyBar/) diff --git a/modules/services/skhd/default.nix b/modules/services/skhd/default.nix index 4ec1e2b..1f5d0cf 100644 --- a/modules/services/skhd/default.nix +++ b/modules/services/skhd/default.nix @@ -11,24 +11,25 @@ in services.skhd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the skhd hotkey daemon."; + description = "Whether to enable the skhd hotkey daemon."; }; services.skhd.package = mkOption { type = types.package; default = pkgs.skhd; - description = lib.mdDoc "This option specifies the skhd package to use."; + description = "This option specifies the skhd package to use."; }; services.skhd.skhdConfig = mkOption { type = types.lines; default = ""; example = "alt + shift - r : chunkc quit"; - description = lib.mdDoc "Config to use for {file}`skhdrc`."; + description = "Config to use for {file}`skhdrc`."; }; }; config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; environment.etc."skhdrc".text = cfg.skhdConfig; diff --git a/modules/services/spacebar/default.nix b/modules/services/spacebar/default.nix index eb06cad..a56dac5 100644 --- a/modules/services/spacebar/default.nix +++ b/modules/services/spacebar/default.nix @@ -22,12 +22,12 @@ in services.spacebar.enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Whether to enable the spacebar spacebar."; + description = "Whether to enable the spacebar spacebar."; }; services.spacebar.package = mkOption { type = path; - description = lib.mdDoc "The spacebar package to use."; + description = "The spacebar package to use."; }; services.spacebar.config = mkOption { @@ -40,7 +40,7 @@ in foreground_color = "0xffa8a8a8"; } ''; - description = lib.mdDoc '' + description = '' Key/Value pairs to pass to spacebar's 'config' domain, via the configuration file. ''; }; @@ -51,7 +51,7 @@ in example = literalExpression '' echo "spacebar config loaded..." ''; - description = lib.mdDoc '' + description = '' Extra arbitrary configuration to append to the configuration file. ''; }; diff --git a/modules/services/spotifyd.nix b/modules/services/spotifyd.nix index 2469a24..612bae1 100644 --- a/modules/services/spotifyd.nix +++ b/modules/services/spotifyd.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the spotifyd service. ''; }; @@ -28,7 +28,7 @@ in type = types.path; default = pkgs.spotifyd; defaultText = "pkgs.spotifyd"; - description = lib.mdDoc '' + description = '' The spotifyd package to use. ''; }; @@ -40,7 +40,7 @@ in bitrate = 160; volume_normalisation = true; }; - description = lib.mdDoc '' + description = '' Configuration for spotifyd, see <https://spotifyd.github.io/spotifyd/config/File.html> for supported values. ''; diff --git a/modules/services/synapse-bt.nix b/modules/services/synapse-bt.nix index 3970cac..d85a2cd 100644 --- a/modules/services/synapse-bt.nix +++ b/modules/services/synapse-bt.nix @@ -26,32 +26,32 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run Synapse BitTorrent Daemon."; + description = "Whether to run Synapse BitTorrent Daemon."; }; package = mkOption { type = types.package; default = pkgs.synapse-bt; defaultText = "pkgs.synapse-bt"; - description = lib.mdDoc "Synapse BitTorrent package to use."; + description = "Synapse BitTorrent package to use."; }; port = mkOption { type = types.int; default = 16384; - description = lib.mdDoc "The port on which Synapse BitTorrent listens."; + description = "The port on which Synapse BitTorrent listens."; }; downloadDir = mkOption { type = types.path; default = "/var/lib/synapse-bt"; example = "/var/lib/synapse-bt/downloads"; - description = lib.mdDoc "Download directory for Synapse BitTorrent."; + description = "Download directory for Synapse BitTorrent."; }; extraConfig = mkOption { default = {}; - description = lib.mdDoc "Extra configuration options for Synapse BitTorrent."; + description = "Extra configuration options for Synapse BitTorrent."; type = types.attrs; }; }; diff --git a/modules/services/synergy/default.nix b/modules/services/synergy/default.nix index 9933fe6..2a9e088 100644 --- a/modules/services/synergy/default.nix +++ b/modules/services/synergy/default.nix @@ -16,28 +16,28 @@ in default = pkgs.synergy; defaultText = "pkgs.synergy"; type = types.package; - description = lib.mdDoc "The package used for the synergy client and server."; + description = "The package used for the synergy client and server."; }; client = { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server). ''; }; screenName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Use the given name instead of the hostname to identify ourselves to the server. ''; }; serverAddress = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800. @@ -46,20 +46,20 @@ in autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the Synergy client should be started automatically."; + description = "Whether the Synergy client should be started automatically."; }; tls = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Whether TLS encryption should be used. Using this requires a TLS certificate that can be generated by starting the Synergy GUI once and entering - a valid product key''); + a valid product key''; cert = mkOption { type = types.nullOr types.str; default = null; example = "~/.synergy/SSL/Synergy.pem"; - description = lib.mdDoc "The TLS certificate to use for encryption."; + description = "The TLS certificate to use for encryption."; }; }; }; @@ -68,19 +68,19 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the Synergy server (send keyboard and mouse events). ''; }; configFile = mkOption { default = "/etc/synergy-server.conf"; type = types.str; - description = lib.mdDoc "The Synergy server configuration file."; + description = "The Synergy server configuration file."; }; screenName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Use the given name instead of the hostname to identify this screen in the configuration. ''; @@ -88,25 +88,25 @@ in address = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Address on which to listen for clients."; + description = "Address on which to listen for clients."; }; autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the Synergy server should be started automatically."; + description = "Whether the Synergy server should be started automatically."; }; tls = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Whether TLS encryption should be used. Using this requires a TLS certificate that can be generated by starting the Synergy GUI once and entering - a valid product key''); + a valid product key''; cert = mkOption { type = types.nullOr types.str; default = null; example = "~/.synergy/SSL/Synergy.pem"; - description = lib.mdDoc "The TLS certificate to use for encryption."; + description = "The TLS certificate to use for encryption."; }; }; }; diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix index 4135ade..e7d6b0d 100644 --- a/modules/services/tailscale.nix +++ b/modules/services/tailscale.nix @@ -13,20 +13,20 @@ in ]; options.services.tailscale = { - enable = mkEnableOption (lib.mdDoc "Tailscale client daemon"); + enable = mkEnableOption "Tailscale client daemon"; package = mkOption { type = types.package; default = pkgs.tailscale; defaultText = literalExpression "pkgs.tailscale"; - description = lib.mdDoc "The package to use for tailscale"; + description = "The package to use for tailscale"; }; overrideLocalDns = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' This option implements `Override local DNS` as it is not yet implemented in Tailscaled-on-macOS. To use this option, in the Tailscale control panel: @@ -54,12 +54,9 @@ in launchd.daemons.tailscaled = { # derived from # https://github.com/tailscale/tailscale/blob/main/cmd/tailscaled/install_darwin.go#L30 + command = lib.getExe' cfg.package "tailscaled"; serviceConfig = { Label = "com.tailscale.tailscaled"; - ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path ${cfg.package} && ${cfg.package}/bin/tailscaled" - ]; RunAtLoad = true; }; }; diff --git a/modules/services/trezord.nix b/modules/services/trezord.nix index 97db519..8da05f3 100644 --- a/modules/services/trezord.nix +++ b/modules/services/trezord.nix @@ -11,7 +11,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trezor bridge daemon, for use with Trezor hardware wallets. ''; }; @@ -19,7 +19,7 @@ in { emulator.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trezor emulator support. ''; }; @@ -27,7 +27,7 @@ in { emulator.port = mkOption { type = types.port; default = 21324; - description = lib.mdDoc '' + description = '' Listening port for the Trezor emulator. ''; }; diff --git a/modules/services/wg-quick.nix b/modules/services/wg-quick.nix index 1e0b865..fab7a84 100644 --- a/modules/services/wg-quick.nix +++ b/modules/services/wg-quick.nix @@ -10,32 +10,32 @@ let allowedIPs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "List of IP addresses associated with this peer."; + description = "List of IP addresses associated with this peer."; }; endpoint = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "IP and port to connect to this peer at."; + description = "IP and port to connect to this peer at."; }; persistentKeepalive = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Interval in seconds to send keepalive packets"; + description = "Interval in seconds to send keepalive packets"; }; presharedKeyFile = mkOption { type = types.nullOr types.str; default = null; description = - lib.mdDoc "Optional, path to file containing the pre-shared key for this peer."; + "Optional, path to file containing the pre-shared key for this peer."; }; publicKey = mkOption { default = null; type = types.str; - description = lib.mdDoc "The public key for this peer."; + description = "The public key for this peer."; }; }; }; @@ -45,75 +45,75 @@ let address = mkOption { type = types.nullOr (types.listOf types.str); default = [ ]; - description = lib.mdDoc "List of IP addresses for this interface."; + description = "List of IP addresses for this interface."; }; autostart = mkOption { type = types.bool; default = true; description = - lib.mdDoc "Whether to bring up this interface automatically during boot."; + "Whether to bring up this interface automatically during boot."; }; dns = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "List of DNS servers for this interface."; + description = "List of DNS servers for this interface."; }; listenPort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Port to listen on, randomly selected if not specified."; + description = "Port to listen on, randomly selected if not specified."; }; mtu = mkOption { type = types.nullOr types.int; default = null; description = - lib.mdDoc "MTU to set for this interface, automatically set if not specified"; + "MTU to set for this interface, automatically set if not specified"; }; peers = mkOption { type = types.listOf (types.submodule peerOpts); default = [ ]; - description = lib.mdDoc "List of peers associated with this interface."; + description = "List of peers associated with this interface."; }; preDown = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commadns to run before interface shutdown."; + description = "List of commadns to run before interface shutdown."; }; preUp = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commands to run before interface setup."; + description = "List of commands to run before interface setup."; }; postDown = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commands to run after interface shutdown"; + description = "List of commands to run after interface shutdown"; }; postUp = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commands to run after interface setup."; + description = "List of commands to run after interface setup."; }; privateKeyFile = mkOption { type = types.str; default = null; - description = lib.mdDoc "Path to file containing this interface's private key."; + description = "Path to file containing this interface's private key."; }; table = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Controls the routing table to which routes are added. There are two special values: `off` disables the creation of routes altogether, and `auto` (the default) adds routes to the default table and @@ -208,13 +208,13 @@ in { interfaces = mkOption { type = types.attrsOf (types.submodule interfaceOpts); default = { }; - description = lib.mdDoc "Set of wg-quick interfaces."; + description = "Set of wg-quick interfaces."; }; logDir = mkOption { type = types.str; default = "/var/log"; - description = lib.mdDoc "Directory to save wg-quick logs to."; + description = "Directory to save wg-quick logs to."; }; }; }; diff --git a/modules/services/yabai/default.nix b/modules/services/yabai/default.nix index a26c7ca..fe9d3f9 100644 --- a/modules/services/yabai/default.nix +++ b/modules/services/yabai/default.nix @@ -23,19 +23,19 @@ in services.yabai.enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Whether to enable the yabai window manager."; + description = "Whether to enable the yabai window manager."; }; services.yabai.package = mkOption { type = path; default = pkgs.yabai; - description = lib.mdDoc "The yabai package to use."; + description = "The yabai package to use."; }; services.yabai.enableScriptingAddition = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable yabai's scripting-addition. SIP must be disabled for this to work. ''; @@ -57,7 +57,7 @@ in window_gap = 10; } ''; - description = lib.mdDoc '' + description = '' Key/Value pairs to pass to yabai's 'config' domain, via the configuration file. ''; }; @@ -68,7 +68,7 @@ in example = literalExpression '' yabai -m rule --add app='System Preferences' manage=off ''; - description = lib.mdDoc "Extra arbitrary configuration to append to the configuration file"; + description = "Extra arbitrary configuration to append to the configuration file"; }; }; |